Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

Bad connection and freeze


  • Please log in to reply

#1
crllz

crllz

    New Member

  • Member
  • Pip
  • 7 posts
Hello, first of all sorry for my bad english.
Since a few days i've got a slow connection: loading pages, downloading a 10mb song takes longer and a strange thing, sometimes my computer freeze during 3-5sec.
I don't know if the freeze and the low connection are the same problem but i think that i m infected.
I play at battlefield 3 and i was used to have a ping like 18 and know it's around 50 and peak to 120
I run Avast and nothing was find.
Thanks in advance to pay attention at my problem

OTL logfile created on: 18/01/2013 01:58:16 - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = D:\Documents\Cyrille\Downloads
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 0000080c | Country: Belgique | Language: FRB | Date Format: d/MM/yyyy

7,98 Gb Total Physical Memory | 5,84 Gb Available Physical Memory | 73,17% Memory free
15,95 Gb Paging File | 13,58 Gb Available in Paging File | 85,14% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 111,69 Gb Total Space | 57,26 Gb Free Space | 51,27% Space Free | Partition Type: NTFS
Drive D: | 931,51 Gb Total Space | 874,49 Gb Free Space | 93,88% Space Free | Partition Type: NTFS
Drive K: | 100,00 Mb Total Space | 70,35 Mb Free Space | 70,35% Space Free | Partition Type: NTFS
Drive M: | 1396,91 Gb Total Space | 865,56 Gb Free Space | 61,96% Space Free | Partition Type: FAT32

Computer Name: TOWER | User Name: Cyrille | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2013/01/18 01:14:29 | 000,602,112 | ---- | M] (OldTimer Tools) -- D:\Documents\Cyrille\Downloads\OTL.exe
PRC - [2013/01/09 00:59:38 | 001,808,392 | ---- | M] (Adobe Systems, Inc.) -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_146.exe
PRC - [2013/01/05 04:43:57 | 000,917,552 | ---- | M] (Mozilla Corporation) -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe
PRC - [2012/11/17 16:04:44 | 000,076,888 | ---- | M] () -- C:\Windows\SysWOW64\PnkBstrA.exe
PRC - [2012/11/13 14:07:24 | 000,168,384 | ---- | M] (Safer-Networking Ltd.) -- C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe
PRC - [2012/11/13 14:07:20 | 001,369,624 | ---- | M] (Safer-Networking Ltd.) -- C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe
PRC - [2012/11/13 14:07:16 | 001,103,392 | ---- | M] (Safer-Networking Ltd.) -- C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe
PRC - [2012/10/30 23:50:59 | 004,297,136 | ---- | M] (AVAST Software) -- C:\Program Files\AVAST Software\Avast\AvastUI.exe
PRC - [2012/10/30 23:50:59 | 000,044,808 | ---- | M] (AVAST Software) -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe
PRC - [2012/10/02 13:15:38 | 000,382,824 | ---- | M] (NVIDIA Corporation) -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
PRC - [2012/07/13 15:27:00 | 000,769,432 | ---- | M] (Nero AG) -- C:\Program Files (x86)\Nero\Update\NASvc.exe
PRC - [2012/01/18 07:44:52 | 000,450,848 | ---- | M] (Logitech Inc.) -- C:\Program Files (x86)\Common Files\logishrd\LVMVFM\UMVPFSrv.exe
PRC - [2011/10/24 19:30:37 | 002,529,920 | ---- | M] (ASUSTeK Computer Inc.) -- C:\Program Files (x86)\ASUS\AI Suite II\ASUS Mobilink\Simulator\EC Simulator.exe
PRC - [2011/10/24 19:30:37 | 000,252,544 | ---- | M] (ASUSTeK Computer Inc.) -- C:\Program Files (x86)\ASUS\AI Suite II\ASUS Mobilink\Simulator\AsShellProcess.exe
PRC - [2011/10/24 19:30:30 | 000,915,584 | ---- | M] () -- C:\Program Files (x86)\ASUS\AAHM\1.00.13\aaHMSvc.exe
PRC - [2011/10/24 19:30:25 | 000,586,880 | ---- | M] () -- C:\Program Files (x86)\ASUS\AsSysCtrlService\1.00.11\AsSysCtrlService.exe
PRC - [2011/10/24 17:36:38 | 000,918,144 | ---- | M] () -- C:\Program Files (x86)\ASUS\AXSP\1.00.13\atkexComSvc.exe
PRC - [2011/10/17 15:12:52 | 000,013,592 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe
PRC - [2011/10/17 15:12:48 | 000,284,440 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe
PRC - [2010/12/07 15:32:24 | 001,097,344 | ---- | M] (ASUSTeK Computer Inc.) -- C:\Program Files (x86)\ASUS\AI Suite II\TurboV EVO\TurboVHelp.exe
PRC - [2010/11/26 20:50:04 | 002,931,328 | ---- | M] (ASUSTeK Computer Inc.) -- C:\Program Files (x86)\ASUS\AI Suite II\AsRoutineController.exe
PRC - [2010/11/17 09:51:12 | 000,053,544 | ---- | M] (Guillemot Corporation) -- C:\Windows\SysWOW64\HerculesWiFiService.exe
PRC - [2010/11/16 09:38:22 | 000,654,464 | ---- | M] (ASUSTeK Computer Inc.) -- C:\Program Files (x86)\ASUS\AI Suite II\ASUS Mobilink\iPhone Simulator\pnSvc.exe
PRC - [2010/11/10 10:23:44 | 001,204,656 | ---- | M] (ASUSTeK Computer Inc.) -- C:\Program Files (x86)\ASUS\AI Suite II\EPU\EPUHelp.exe
PRC - [2010/10/12 15:39:50 | 001,115,776 | ---- | M] (ASUSTeK Computer Inc.) -- C:\Program Files (x86)\ASUS\AI Suite II\DIGI+ VRM\VRMHelp.exe
PRC - [2009/10/26 12:16:00 | 000,223,464 | ---- | M] (DeviceVM, Inc.) -- C:\Program Files (x86)\DeviceVM\Browser Configuration Utility\BCUService.exe
PRC - [2009/10/26 12:15:56 | 000,375,000 | ---- | M] (DeviceVM, Inc.) -- C:\Program Files (x86)\DeviceVM\Browser Configuration Utility\BCU.exe


========== Modules (No Company Name) ==========

MOD - [2013/01/10 17:40:38 | 000,491,520 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\IAStorUtil\c4fa75aed82f50d4a7831755a0c4f7b2\IAStorUtil.ni.dll
MOD - [2013/01/10 17:40:38 | 000,014,336 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\IAStorCommon\521a6a2a0bdc82ad5f0ec5aecb6b8c82\IAStorCommon.ni.dll
MOD - [2013/01/09 22:55:33 | 000,771,584 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\90b89f6e8032310e9ac72a309fd49e83\System.Runtime.Remoting.ni.dll
MOD - [2013/01/09 22:55:17 | 012,436,480 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\865d2bf19a7af7fab8660a42d92550fe\System.Windows.Forms.ni.dll
MOD - [2013/01/09 22:55:12 | 001,592,832 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\eead6629e384a5b69f9ae35284b7eeed\System.Drawing.ni.dll
MOD - [2013/01/09 22:55:03 | 003,347,968 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\WindowsBase\cf827fe7bc99d9bcf0ba3621054ef527\WindowsBase.ni.dll
MOD - [2013/01/09 22:55:00 | 005,453,312 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\f687c43e9fdec031988b33ae722c4613\System.Xml.ni.dll
MOD - [2013/01/09 22:54:58 | 007,989,760 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System\369f8bdca364e2b4936d18dea582912c\System.ni.dll
MOD - [2013/01/09 22:54:58 | 000,971,264 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\195a77fcc6206f8bb35d419ff2cf0d72\System.Configuration.ni.dll
MOD - [2013/01/09 22:54:55 | 011,493,376 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\7150b9136fad5b79e88f6c7f9d3d2c39\mscorlib.ni.dll
MOD - [2013/01/09 00:59:38 | 014,586,888 | ---- | M] () -- C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_5_502_146.dll
MOD - [2013/01/05 04:44:13 | 003,021,872 | ---- | M] () -- C:\Program Files (x86)\Mozilla Firefox\mozjs.dll
MOD - [2012/02/20 20:29:04 | 000,087,912 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll
MOD - [2012/02/20 20:28:42 | 001,242,472 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll
MOD - [2011/10/24 19:30:37 | 000,703,488 | ---- | M] () -- C:\Program Files (x86)\ASUS\AI Suite II\ASUS Mobilink\Simulator\CpuFreq.dll
MOD - [2011/10/24 19:30:37 | 000,661,504 | ---- | M] () -- C:\Program Files (x86)\ASUS\AI Suite II\ASUS Mobilink\Simulator\aaHMLib.dll
MOD - [2011/10/24 19:30:37 | 000,114,688 | ---- | M] () -- C:\Program Files (x86)\ASUS\AI Suite II\ASUS Mobilink\Simulator\AssistFunc.dll
MOD - [2011/10/24 19:30:37 | 000,061,440 | ---- | M] () -- C:\Program Files (x86)\ASUS\AI Suite II\ASUS Mobilink\Simulator\AsMultiLang.dll
MOD - [2011/10/24 19:30:30 | 000,662,016 | ---- | M] () -- C:\Program Files (x86)\ASUS\AAHM\1.00.13\aaHMLib.dll
MOD - [2011/10/24 19:30:21 | 000,094,208 | ---- | M] () -- C:\Windows\SysWOW64\IccLibDll.dll
MOD - [2011/10/24 19:30:21 | 000,053,248 | ---- | M] () -- C:\Program Files (x86)\ASUS\AI Suite II\TurboV EVO\HookKey32.dll
MOD - [2010/11/16 09:37:20 | 000,086,016 | ---- | M] () -- C:\Program Files (x86)\ASUS\AI Suite II\ASUS Mobilink\iPhone Simulator\AsNetlib.dll
MOD - [2010/11/13 01:54:34 | 000,311,296 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_fr_b77a5c561934e089\mscorlib.resources.dll
MOD - [2010/07/30 10:28:32 | 000,670,208 | ---- | M] () -- C:\Program Files (x86)\ASUS\AI Suite II\ASUS Mobilink\iPhone Simulator\asacpiex.dll
MOD - [2010/07/15 19:04:40 | 000,661,504 | ---- | M] () -- C:\Program Files (x86)\ASUS\AI Suite II\ASUS Mobilink\iPhone Simulator\aaHMLib.dll
MOD - [2010/07/15 19:04:40 | 000,253,952 | ---- | M] () -- C:\Program Files (x86)\ASUS\AI Suite II\ASUS Mobilink\iPhone Simulator\pngio.dll
MOD - [2010/07/15 19:04:40 | 000,208,896 | ---- | M] () -- C:\Program Files (x86)\ASUS\AI Suite II\ASUS Mobilink\iPhone Simulator\ImageHelper.dll
MOD - [2009/07/14 16:23:30 | 000,032,768 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\System.Runtime.Remoting.resources\2.0.0.0_fr_b77a5c561934e089\System.Runtime.Remoting.resources.dll
MOD - [2009/06/27 09:11:12 | 000,503,202 | ---- | M] () -- C:\Program Files (x86)\DeviceVM\Browser Configuration Utility\sqlite3.dll
MOD - [2009/05/21 09:14:14 | 000,253,952 | ---- | M] () -- C:\Program Files (x86)\ASUS\AI Suite II\TurboV EVO\pngio.dll


========== Services (SafeList) ==========

SRV:64bit: - [2012/10/30 23:50:59 | 000,044,808 | ---- | M] (AVAST Software) [Auto | Running] -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe -- (avast! Antivirus)
SRV:64bit: - [2011/10/26 23:16:30 | 001,431,888 | ---- | M] (Flexera Software, Inc.) [On_Demand | Stopped] -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService64.exe -- (FLEXnet Licensing Service 64)
SRV:64bit: - [2011/05/31 09:42:06 | 000,210,024 | ---- | M] (DTS) [Auto | Running] -- C:\Program Files\Realtek\Audio\HDA\DTSAudioService64.exe -- (DTSAudioService)
SRV:64bit: - [2009/07/14 02:41:27 | 001,011,712 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\mpsvc.dll -- (WinDefend)
SRV - [2013/01/13 13:51:08 | 000,251,400 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2013/01/11 23:11:33 | 000,115,760 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2012/12/14 16:49:28 | 000,682,344 | ---- | M] (Malwarebytes Corporation) [Auto | Stopped] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)
SRV - [2012/12/14 16:49:28 | 000,398,184 | ---- | M] (Malwarebytes Corporation) [Auto | Stopped] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe -- (MBAMScheduler)
SRV - [2012/11/17 16:04:44 | 000,076,888 | ---- | M] () [Auto | Running] -- C:\Windows\SysWOW64\PnkBstrA.exe -- (PnkBstrA)
SRV - [2012/10/02 13:15:38 | 000,382,824 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe -- (Stereo Service)
SRV - [2012/07/13 15:27:00 | 000,769,432 | ---- | M] (Nero AG) [Auto | Running] -- C:\Program Files (x86)\Nero\Update\NASvc.exe -- (NAUpdate)
SRV - [2012/06/07 18:12:14 | 000,160,944 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files (x86)\Skype\Updater\Updater.exe -- (SkypeUpdate)
SRV - [2012/01/18 07:44:52 | 000,450,848 | ---- | M] (Logitech Inc.) [Auto | Running] -- C:\Program Files (x86)\Common Files\logishrd\LVMVFM\UMVPFSrv.exe -- (UMVPFSrv)
SRV - [2011/10/24 19:30:30 | 000,915,584 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\ASUS\AAHM\1.00.13\aaHMSvc.exe -- (asHmComSvc)
SRV - [2011/10/24 19:30:25 | 000,586,880 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\ASUS\AsSysCtrlService\1.00.11\AsSysCtrlService.exe -- (AsSysCtrlService)
SRV - [2011/10/24 17:36:38 | 000,918,144 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\ASUS\AXSP\1.00.13\atkexComSvc.exe -- (asComSvc)
SRV - [2011/10/17 15:12:52 | 000,013,592 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe -- (IAStorDataMgrSvc)
SRV - [2010/11/17 09:51:12 | 000,053,544 | ---- | M] () [Auto | Running] -- C:\Windows\SysWOW64\\HerculesWiFiService.exe -- (HerculesWiFi)
SRV - [2010/10/27 15:18:52 | 000,052,896 | ---- | M] (Atheros Commnucations) [Auto | Running] -- C:\Program Files (x86)\Bluetooth Suite\AdminService.exe -- (AtherosSvc)
SRV - [2010/03/18 12:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2010/02/19 12:37:14 | 000,517,096 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe -- (SwitchBoard)
SRV - [2009/10/26 12:16:00 | 000,223,464 | ---- | M] (DeviceVM, Inc.) [Auto | Running] -- C:\Program Files (x86)\DeviceVM\Browser Configuration Utility\BCUService.exe -- (BCUService)
SRV - [2009/10/20 19:19:48 | 000,117,264 | ---- | M] (CACE Technologies, Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\WinPcap\rpcapd.exe -- (rpcapd)
SRV - [2009/06/10 22:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)


========== Driver Services (SafeList) ==========

DRV:64bit: - [2013/01/17 23:56:02 | 000,014,456 | ---- | M] (GFI Software) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\gfibto.sys -- (gfibto)
DRV:64bit: - [2012/12/14 16:49:28 | 000,024,176 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\mbam.sys -- (MBAMProtector)
DRV:64bit: - [2012/10/30 23:51:56 | 000,059,728 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\aswTdi.sys -- (aswTdi)
DRV:64bit: - [2012/10/30 23:51:55 | 000,984,144 | ---- | M] (AVAST Software) [File_System | System | Running] -- C:\Windows\SysNative\drivers\aswSnx.sys -- (aswSnx)
DRV:64bit: - [2012/10/30 23:51:55 | 000,370,288 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\aswSP.sys -- (aswSP)
DRV:64bit: - [2012/10/30 23:51:55 | 000,071,600 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\aswMonFlt.sys -- (aswMonFlt)
DRV:64bit: - [2012/10/30 23:51:53 | 000,025,232 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\aswFsBlk.sys -- (aswFsBlk)
DRV:64bit: - [2012/10/15 17:59:28 | 000,054,072 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\aswRdr2.sys -- (aswRdr)
DRV:64bit: - [2012/08/21 12:01:20 | 000,033,240 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys -- (GEARAspiWDM)
DRV:64bit: - [2012/07/31 11:42:48 | 000,203,104 | ---- | M] (DEVGURU Co., LTD.(www.devguru.co.kr)) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ssudobex.sys -- (ssudobex)
DRV:64bit: - [2012/07/31 11:42:48 | 000,203,104 | ---- | M] (DEVGURU Co., LTD.(www.devguru.co.kr)) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ssudmdm.sys -- (ssudmdm)
DRV:64bit: - [2012/07/31 11:42:48 | 000,102,240 | ---- | M] (DEVGURU Co., LTD.(www.devguru.co.kr)) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ssudbus.sys -- (dg_ssudbus)
DRV:64bit: - [2012/07/09 12:42:54 | 000,052,736 | ---- | M] (Apple, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usbaapl64.sys -- (USBAAPL64)
DRV:64bit: - [2012/07/03 16:25:16 | 000,189,288 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\nvhda64v.sys -- (NVHDA)
DRV:64bit: - [2012/03/01 07:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:64bit: - [2012/01/18 07:44:36 | 004,865,568 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\lvuvc64.sys -- (LVUVC64)
DRV:64bit: - [2012/01/18 07:44:28 | 000,351,136 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\lvrs64.sys -- (LVRS64)
DRV:64bit: - [2012/01/04 15:28:36 | 000,016,640 | ---- | M] (Windows ® Win 7 DDK provider) [File_System | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\gtkdrv.sys -- (TrojanKillerDriver)
DRV:64bit: - [2011/10/24 19:30:21 | 000,026,136 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\ICCWDT.sys -- (ICCWDT)
DRV:64bit: - [2011/10/24 16:49:43 | 000,539,240 | ---- | M] (Realtek ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Rt64win7.sys -- (RTL8167)
DRV:64bit: - [2011/10/17 14:55:32 | 000,559,384 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\iaStor.sys -- (iaStor)
DRV:64bit: - [2011/09/14 16:05:34 | 000,394,216 | ---- | M] (ASMedia Technology Inc) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\asmtxhci.sys -- (asmtxhci)
DRV:64bit: - [2011/09/14 16:05:34 | 000,129,000 | ---- | M] (ASMedia Technology Inc) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\asmthub3.sys -- (asmthub3)
DRV:64bit: - [2011/08/01 15:59:06 | 000,045,416 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\point64.sys -- (Point64)
DRV:64bit: - [2011/06/16 11:11:38 | 000,313,136 | ---- | M] (Marvell Semiconductor, Inc.) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\mvs91xx.sys -- (mvs91xx)
DRV:64bit: - [2011/03/11 07:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2011/03/11 07:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2010/11/25 06:59:16 | 000,694,888 | ---- | M] (Realtek Semiconductor Corporation ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\RTL8192su.sys -- (RTL8192su)
DRV:64bit: - [2010/11/22 08:09:06 | 000,303,408 | ---- | M] (Marvell Semiconductor, Inc.) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\mv91xx.sys -- (mv91xx)
DRV:64bit: - [2010/11/20 14:33:35 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2010/11/20 12:07:05 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2010/10/27 14:50:28 | 000,301,680 | ---- | M] (Atheros) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\btath_a2dp.sys -- (BTATH_A2DP)
DRV:64bit: - [2010/10/27 14:50:28 | 000,279,152 | ---- | M] (Atheros) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\btfilter.sys -- (BtFilter)
DRV:64bit: - [2010/10/27 14:50:28 | 000,203,624 | ---- | M] (Atheros) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\btath_hcrp.sys -- (BTATH_HCRP)
DRV:64bit: - [2010/10/27 14:50:28 | 000,156,520 | ---- | M] (Atheros) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\btath_rcp.sys -- (BTATH_RCP)
DRV:64bit: - [2010/10/27 14:50:28 | 000,058,992 | ---- | M] (Atheros) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\btath_lwflt.sys -- (BTATH_LWFLT)
DRV:64bit: - [2010/10/27 14:50:28 | 000,055,336 | ---- | M] (Windows ® Win 7 DDK provider) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\AthDfu.sys -- (ATHDFU)
DRV:64bit: - [2010/10/27 14:50:28 | 000,038,248 | ---- | M] (Atheros) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\btath_flt.sys -- (AthBTPort)
DRV:64bit: - [2010/10/27 14:50:28 | 000,031,080 | ---- | M] (Atheros) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\btath_bus.sys -- (BTATH_BUS)
DRV:64bit: - [2010/10/19 15:34:26 | 000,056,344 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\HECIx64.sys -- (MEIx64)
DRV:64bit: - [2009/10/20 19:19:54 | 000,047,632 | ---- | M] (CACE Technologies, Inc.) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\npf.sys -- (NPF)
DRV:64bit: - [2009/07/14 02:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009/07/14 02:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009/07/14 02:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009/07/14 01:35:32 | 000,012,288 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\serscan.sys -- (StillCam)
DRV:64bit: - [2009/06/10 21:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009/06/10 21:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009/06/10 21:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009/06/10 21:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV:64bit: - [2008/11/04 12:12:08 | 000,023,096 | ---- | M] (Samsung Electronics, Inc. ) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\MTiCtwl.sys -- (MagicTune)
DRV - [2009/07/14 02:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE:64bit: - HKLM\..\SearchScopes,DefaultScope =
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...ms}&FORM=IE8SRC
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\..\SearchScopes,DefaultScope =
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...ms}&FORM=IE8SRC

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = fr-BE
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 07 08 0A 4B 8C F3 CD 01 [binary data]
IE - HKCU\..\URLSearchHook: {BC86E1AB-EDA5-4059-938F-CE307B0C6F0A} - C:\Program Files (x86)\DeviceVM\Browser Configuration Utility\AddressBarSearch.dll (DeviceVM, Inc.)
IE - HKCU\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...Box&FORM=IE8SRC
IE - HKCU\..\SearchScopes\{1A6E45D4-94B5-489f-AFD6-DBDDF99D191D}: "URL" = http://www.google.co...2788:4067623346
IE - HKCU\..\SearchScopes\{51737468-C825-4e8a-9391-1165E0CEA204}: "URL" = http://search.yahoo....cevm&type=STDVM
IE - HKCU\..\SearchScopes\{CCBD6432-F35A-4f3e-B9BA-F76861770952}: "URL" = http://www.bing.com/...=SPLBR2&pc=SPLH
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local;<local>

========== FireFox ==========

FF - prefs.js..browser.startup.homepage: "http://www.google.be....facebook.com/"
FF - prefs.js..extensions.enabledAddons: %7B75CEEE46-9B64-46f8-94BF-54012DE155F0%7D:0.4.10
FF - prefs.js..extensions.enabledAddons: %7B21D01944-2878-4eb3-A72A-83E8D1E6D4A6%7D:1.0.8
FF - prefs.js..extensions.enabledAddons: %7B1018e4d6-728f-4b20-ad56-37578a4de76b%7D:4.2.5
FF - prefs.js..extensions.enabledAddons: %7B0b457cAA-602d-484a-8fe7-c1d894a011ba%7D:0.98.28
FF - prefs.js..extensions.enabledAddons: %7B04426594-bce6-4705-b811-bcdba2fd9c7b%7D:1.7
FF - prefs.js..extensions.enabledAddons: tinyurl.addon%40fast-chat.co.uk:2.6.1
FF - prefs.js..extensions.enabledAddons: tiletabs%40DW-dev:8.6
FF - prefs.js..extensions.enabledAddons: inspector%40mozilla.org:2.0.13
FF - prefs.js..extensions.enabledAddons: cache%40status.org:0.7.10
FF - prefs.js..extensions.enabledAddons: %7B6AC85730-7D0F-4de0-B3FA-21142DD85326%7D:2.8
FF - prefs.js..extensions.enabledAddons: %7BD9CFDC5F-081E-420c-A108-A628AC2E556B%7D:2.0
FF - prefs.js..extensions.enabledAddons: %7B8965bb4b-c2ca-2b84-6b49-7afb2760518c%7D:0.3.3.2
FF - prefs.js..extensions.enabledAddons: fontfinder%40bendodson.com:1.0
FF - prefs.js..extensions.enabledAddons: ImagePicker%40topolog.org:1.2
FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:18.0


FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_5_502_146.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_5_502_146.dll ()
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@esn.me/esnsonar,version=0.70.4: C:\Program Files (x86)\Battlelog Web Plugins\Sonar\0.70.4\npesnsonar.dll (ESN Social Software AB)
FF - HKLM\Software\MozillaPlugins\@esn/esnlaunch,version=1.104.0: C:\Program Files (x86)\Battlelog Web Plugins\1.104.0\npesnlaunch.dll File not found
FF - HKLM\Software\MozillaPlugins\@esn/esnlaunch,version=1.116.0: C:\Program Files (x86)\Battlelog Web Plugins\1.116.0\npesnlaunch.dll File not found
FF - HKLM\Software\MozillaPlugins\@esn/esnlaunch,version=1.122.0: C:\Program Files (x86)\Battlelog Web Plugins\1.122.0\npesnlaunch.dll File not found
FF - HKLM\Software\MozillaPlugins\@esn/esnlaunch,version=1.138.0: C:\Program Files (x86)\Battlelog Web Plugins\1.138.0\npesnlaunch.dll File not found
FF - HKLM\Software\MozillaPlugins\@esn/esnlaunch,version=2.1.2: C:\Program Files (x86)\Battlelog Web Plugins\2.1.2\npesnlaunch.dll (ESN Social Software AB)
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=1.6.0_37: C:\Windows\SysWOW64\npdeployJava1.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre6\bin\plugin2\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files (x86)\Microsoft Silverlight\4.1.10329.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@Nero.com/KM: C:\PROGRA~2\COMMON~1\Nero\BROWSE~1\NPBROW~1.DLL (Nero AG)
FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVision: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVisionStreaming: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
FF - HKCU\Software\MozillaPlugins\@Skype Limited.com/Facebook Video Calling Plugin: C:\Users\Cyrille\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll File not found

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files\AVAST Software\Avast\WebRep\FF [2012/11/02 16:15:41 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 18.0\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2013/01/17 18:20:14 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 18.0\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins

[2011/10/26 06:48:37 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Cyrille\AppData\Roaming\mozilla\Extensions
[2013/01/18 00:18:40 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Cyrille\AppData\Roaming\mozilla\Firefox\Profiles\y9kpu53x.default-1358081375598\extensions
[2013/01/16 03:50:30 | 000,000,000 | ---D | M] (FireShot) -- C:\Users\Cyrille\AppData\Roaming\mozilla\Firefox\Profiles\y9kpu53x.default-1358081375598\extensions\{0b457cAA-602d-484a-8fe7-c1d894a011ba}
[2013/01/16 03:50:30 | 000,000,000 | ---D | M] (Flagfox) -- C:\Users\Cyrille\AppData\Roaming\mozilla\Firefox\Profiles\y9kpu53x.default-1358081375598\extensions\{1018e4d6-728f-4b20-ad56-37578a4de76b}
[2013/01/16 03:50:32 | 000,000,000 | ---D | M] (Html Validator) -- C:\Users\Cyrille\AppData\Roaming\mozilla\Firefox\Profiles\y9kpu53x.default-1358081375598\extensions\{3b56bcc7-54e5-44a2-9b44-66c3ef58c13e}
[2013/01/16 03:50:27 | 000,000,000 | ---D | M] (Dust-Me Selectors) -- C:\Users\Cyrille\AppData\Roaming\mozilla\Firefox\Profiles\y9kpu53x.default-1358081375598\extensions\{3c6e1eed-a07e-4c80-9cf3-66ea0bf40b37}
[2013/01/16 03:50:26 | 000,000,000 | ---D | M] (ColorZilla) -- C:\Users\Cyrille\AppData\Roaming\mozilla\Firefox\Profiles\y9kpu53x.default-1358081375598\extensions\{6AC85730-7D0F-4de0-B3FA-21142DD85326}
[2013/01/16 03:50:26 | 000,000,000 | ---D | M] (DownloadHelper) -- C:\Users\Cyrille\AppData\Roaming\mozilla\Firefox\Profiles\y9kpu53x.default-1358081375598\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}
[2013/01/16 03:50:31 | 000,000,000 | ---D | M] (FoxyProxy Standard) -- C:\Users\Cyrille\AppData\Roaming\mozilla\Firefox\Profiles\y9kpu53x.default-1358081375598\extensions\[email protected]
[2013/01/16 04:21:59 | 000,000,000 | ---D | M] (Image Picker) -- C:\Users\Cyrille\AppData\Roaming\mozilla\Firefox\Profiles\y9kpu53x.default-1358081375598\extensions\[email protected]
[2013/01/16 03:50:31 | 000,000,000 | ---D | M] (DOM Inspector) -- C:\Users\Cyrille\AppData\Roaming\mozilla\Firefox\Profiles\y9kpu53x.default-1358081375598\extensions\[email protected]
[2013/01/17 18:20:07 | 000,000,000 | ---D | M] (Lavasoft Search Plugin) -- C:\Users\Cyrille\AppData\Roaming\mozilla\Firefox\Profiles\y9kpu53x.default-1358081375598\extensions\[email protected]
[2013/01/16 03:50:32 | 000,021,992 | ---- | M] () (No name found) -- C:\Users\Cyrille\AppData\Roaming\mozilla\firefox\profiles\y9kpu53x.default-1358081375598\extensions\[email protected]
[2013/01/16 03:50:32 | 000,003,835 | ---- | M] () (No name found) -- C:\Users\Cyrille\AppData\Roaming\mozilla\firefox\profiles\y9kpu53x.default-1358081375598\extensions\[email protected]
[2013/01/16 03:14:59 | 002,151,598 | ---- | M] () (No name found) -- C:\Users\Cyrille\AppData\Roaming\mozilla\firefox\profiles\y9kpu53x.default-1358081375598\extensions\[email protected]
[2013/01/16 04:21:58 | 000,040,125 | ---- | M] () (No name found) -- C:\Users\Cyrille\AppData\Roaming\mozilla\firefox\profiles\y9kpu53x.default-1358081375598\extensions\[email protected]
[2013/01/16 03:50:30 | 000,024,752 | ---- | M] () (No name found) -- C:\Users\Cyrille\AppData\Roaming\mozilla\firefox\profiles\y9kpu53x.default-1358081375598\extensions\[email protected]
[2013/01/16 03:50:30 | 000,102,559 | ---- | M] () (No name found) -- C:\Users\Cyrille\AppData\Roaming\mozilla\firefox\profiles\y9kpu53x.default-1358081375598\extensions\[email protected]
[2013/01/16 03:50:30 | 000,090,868 | ---- | M] () (No name found) -- C:\Users\Cyrille\AppData\Roaming\mozilla\firefox\profiles\y9kpu53x.default-1358081375598\extensions\[email protected]
[2013/01/16 03:50:30 | 000,200,692 | ---- | M] () (No name found) -- C:\Users\Cyrille\AppData\Roaming\mozilla\firefox\profiles\y9kpu53x.default-1358081375598\extensions\[email protected]
[2013/01/16 03:50:30 | 000,018,202 | ---- | M] () (No name found) -- C:\Users\Cyrille\AppData\Roaming\mozilla\firefox\profiles\y9kpu53x.default-1358081375598\extensions\{04426594-bce6-4705-b811-bcdba2fd9c7b}.xpi
[2013/01/16 03:50:30 | 000,073,128 | ---- | M] () (No name found) -- C:\Users\Cyrille\AppData\Roaming\mozilla\firefox\profiles\y9kpu53x.default-1358081375598\extensions\{21D01944-2878-4eb3-A72A-83E8D1E6D4A6}.xpi
[2013/01/16 03:50:26 | 000,028,993 | ---- | M] () (No name found) -- C:\Users\Cyrille\AppData\Roaming\mozilla\firefox\profiles\y9kpu53x.default-1358081375598\extensions\{75CEEE46-9B64-46f8-94BF-54012DE155F0}.xpi
[2013/01/16 04:21:58 | 000,033,693 | ---- | M] () (No name found) -- C:\Users\Cyrille\AppData\Roaming\mozilla\firefox\profiles\y9kpu53x.default-1358081375598\extensions\{8965bb4b-c2ca-2b84-6b49-7afb2760518c}.xpi
[2013/01/16 03:50:26 | 000,341,143 | ---- | M] () (No name found) -- C:\Users\Cyrille\AppData\Roaming\mozilla\firefox\profiles\y9kpu53x.default-1358081375598\extensions\{a7c6cf7f-112c-4500-a7ea-39801a327e5f}.xpi
[2013/01/16 03:50:26 | 001,268,546 | ---- | M] () (No name found) -- C:\Users\Cyrille\AppData\Roaming\mozilla\firefox\profiles\y9kpu53x.default-1358081375598\extensions\{c45c406e-ab73-11d8-be73-000a95be3b12}.xpi
[2013/01/16 03:50:26 | 000,111,512 | ---- | M] () (No name found) -- C:\Users\Cyrille\AppData\Roaming\mozilla\firefox\profiles\y9kpu53x.default-1358081375598\extensions\{cf15270e-cf08-4def-b4ea-6a5ac23f3bca}.xpi
[2013/01/16 04:21:58 | 000,045,140 | ---- | M] () (No name found) -- C:\Users\Cyrille\AppData\Roaming\mozilla\firefox\profiles\y9kpu53x.default-1358081375598\extensions\{D9CFDC5F-081E-420c-A108-A628AC2E556B}.xpi
[2013/01/13 13:42:08 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions
[2013/01/11 23:11:31 | 000,000,000 | ---D | M] (Skype Click to Call) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}
[2013/01/11 23:11:31 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0035-ABCDEFFEDCBA}
[2013/01/11 23:11:31 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0037-ABCDEFFEDCBA}
[2013/01/05 04:44:54 | 000,262,704 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll
[2013/01/05 15:48:07 | 000,001,609 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\amazon-france.xml
[2013/01/05 15:48:08 | 000,002,465 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml
[2013/01/05 15:48:08 | 000,002,035 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\cnrtl-tlfi-fr.xml
[2013/01/05 15:48:08 | 000,001,476 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\eBay-france.xml
[2013/01/05 15:48:08 | 000,001,399 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\wikipedia-fr.xml
[2013/01/05 15:48:08 | 000,001,169 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\yahoo-france.xml

O1 HOSTS File: ([2013/01/16 02:36:50 | 000,000,027 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2:64bit: - BHO: (avast! WebRep) - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software)
O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files (x86)\Spybot - Search & Destroy 2\SDHelper.dll (Safer-Networking Ltd.)
O2 - BHO: (Java™ Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (CIESpeechBHO Class) - {8D10F6C4-0E01-4BD4-8601-11AC1FDF8126} - C:\Program Files (x86)\Bluetooth Suite\IEPlugIn.dll (Atheros Commnucations)
O2 - BHO: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
O2 - BHO: (Skype Browser Helper) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O3:64bit: - HKLM\..\Toolbar: (avast! WebRep) - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software)
O3 - HKLM\..\Toolbar: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - No CLSID value found.
O4:64bit: - HKLM..\Run: [AthBtTray] C:\Program Files (x86)\Bluetooth Suite\AthBtTray.exe (Atheros Commnucations)
O4:64bit: - HKLM..\Run: [AtherosBtStack] C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe (Atheros Communications)
O4:64bit: - HKLM..\Run: [IntelliPoint] C:\Program Files\Microsoft IntelliPoint\ipoint.exe (Microsoft Corporation)
O4:64bit: - HKLM..\Run: [RtHDVBg_DTS] C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe (Realtek Semiconductor)
O4:64bit: - HKLM..\Run: [RTHDVCPL] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [APSDaemon] C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [ASUS ShellProcess Execute] C:\Program Files (x86)\ASUS\AI Suite II\ASUS Mobilink\Simulator\AsShellProcess.exe (ASUSTeK Computer Inc.)
O4 - HKLM..\Run: [avast] C:\Program Files\AVAST Software\Avast\avastUI.exe (AVAST Software)
O4 - HKLM..\Run: [BCU] C:\Program Files (x86)\DeviceVM\Browser Configuration Utility\BCU.exe (DeviceVM, Inc.)
O4 - HKLM..\Run: [ControlCenter3] C:\Program Files (x86)\Brother\ControlCenter3\brctrcen.exe (Brother Industries, Ltd.)
O4 - HKLM..\Run: [IAStorIcon] C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe (Intel Corporation)
O4 - HKLM..\Run: [SDTray] C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe (Safer-Networking Ltd.)
O4 - HKLM..\Run: [SwitchBoard] C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe (Adobe Systems Incorporated)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O8:64bit: - Extra context menu item: Free YouTube Download - C:\Users\Cyrille\AppData\Roaming\DVDVideoSoftIEHelpers\freeytvdownloader.htm ()
O8:64bit: - Extra context menu item: Free YouTube to MP3 Converter - C:\Users\Cyrille\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm ()
O8 - Extra context menu item: Free YouTube Download - C:\Users\Cyrille\AppData\Roaming\DVDVideoSoftIEHelpers\freeytvdownloader.htm ()
O8 - Extra context menu item: Free YouTube to MP3 Converter - C:\Users\Cyrille\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm ()
O9:64bit: - Extra 'Tools' menuitem : Send by Bluetooth to - {7815BE26-237D-41A8-A98F-F7BD75F71086} - Reg Error: Value error. File not found
O9 - Extra 'Tools' menuitem : Send by Bluetooth to - {7815BE26-237D-41A8-A98F-F7BD75F71086} - C:\Program Files (x86)\Bluetooth Suite\IEPlugIn.dll (Atheros Commnucations)
O9 - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files (x86)\Spybot - Search & Destroy 2\SDHelper.dll (Safer-Networking Ltd.)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000008 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000008 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_37)
O16 - DPF: {CAFEEFAC-0016-0000-0037-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_37)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_37)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.m...ash/swflash.cab (Shockwave Flash Object)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{BF1411EE-AA07-4D3C-8CF9-2E5E83498453}: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{F386D49E-63CB-40D9-B735-36F704D2CD38}: DhcpNameServer = 192.168.1.1
O18:64bit: - Protocol\Handler\livecall - No CLSID value found
O18:64bit: - Protocol\Handler\ms-help - No CLSID value found
O18:64bit: - Protocol\Handler\msnim - No CLSID value found
O18:64bit: - Protocol\Handler\skype4com - No CLSID value found
O18:64bit: - Protocol\Handler\skype-ie-addon-data - No CLSID value found
O18 - Protocol\Handler\gopher - No CLSID value found
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O18:64bit: - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysWOW64\userinit.exe (Microsoft Corporation)
O20 - Winlogon\Notify\SDWinLogon: DllName - (SDWinLogon.dll) - File not found
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2010/10/21 01:49:02 | 000,000,000 | R--D | M] - M:\autorun.inf -- [ FAT32 ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = ComFile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)

========== Files/Folders - Created Within 30 Days ==========

[2013/01/18 01:50:22 | 000,000,000 | R--D | C] -- C:\Users\Cyrille\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\BT Devices
[2013/01/18 01:50:17 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN
[2013/01/18 01:40:15 | 000,000,000 | ---D | C] -- C:\Windows\temp
[2013/01/18 01:13:17 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2013/01/18 01:12:31 | 000,024,176 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
[2013/01/18 01:12:31 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware
[2013/01/18 00:31:35 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\GridinSoft Trojan Killer
[2013/01/18 00:27:04 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\GridinSoft
[2013/01/18 00:26:51 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\GridinSoft Trojan Killer
[2013/01/18 00:13:45 | 000,000,000 | ---D | C] -- C:\Users\Cyrille\AppData\Roaming\OpenCandy
[2013/01/18 00:08:52 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HijackThis
[2013/01/18 00:03:10 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spybot - Search & Destroy 2
[2013/01/18 00:03:00 | 000,017,272 | ---- | C] (Safer Networking Limited) -- C:\Windows\SysNative\sdnclean64.exe
[2013/01/18 00:02:57 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Spybot - Search & Destroy 2
[2013/01/17 18:40:52 | 000,000,000 | ---D | C] -- C:\ProgramData\Spybot - Search & Destroy
[2013/01/17 18:34:20 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\ewido anti-malware
[2013/01/17 18:32:34 | 000,000,000 | ---D | C] -- C:\Users\Cyrille\AppData\Roaming\LavasoftStatistics
[2013/01/17 18:31:44 | 000,000,000 | ---D | C] -- C:\ProgramData\Ad-Aware Antivirus
[2013/01/17 18:23:21 | 000,000,000 | ---D | C] -- C:\ProgramData\Lavasoft
[2013/01/17 18:23:21 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Ad-Aware Antivirus
[2013/01/17 18:22:49 | 000,014,456 | ---- | C] (GFI Software) -- C:\Windows\SysNative\drivers\gfibto.sys
[2013/01/17 18:20:13 | 000,000,000 | ---D | C] -- C:\ProgramData\blekko toolbars
[2013/01/17 18:20:09 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\adawaretb
[2013/01/17 18:20:07 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Toolbar Cleaner
[2013/01/17 18:18:50 | 000,000,000 | ---D | C] -- C:\Users\Cyrille\AppData\Roaming\Ad-Aware Antivirus
[2013/01/16 02:29:56 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Trend Micro
[2013/01/16 02:25:02 | 000,000,000 | ---D | C] -- C:\Users\Cyrille\AppData\Roaming\ParetoLogic
[2013/01/16 02:25:02 | 000,000,000 | ---D | C] -- C:\Users\Cyrille\AppData\Roaming\DriverCure
[2013/01/16 02:24:53 | 000,000,000 | ---D | C] -- C:\ProgramData\ParetoLogic
[2013/01/16 02:24:38 | 000,000,000 | ---D | C] -- C:\ProgramData\TEMP
[2013/01/13 13:49:37 | 000,000,000 | ---D | C] -- D:\Documents\Cyrille\Desktop\Anciennes données de Firefox
[2013/01/12 00:02:46 | 000,000,000 | ---D | C] -- C:\Users\Cyrille\AppData\Local\Programs
[2013/01/11 23:11:31 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Firefox
[2012/12/29 19:45:35 | 000,000,000 | ---D | C] -- C:\ProgramData\Atheros

========== Files - Modified Within 30 Days ==========

[2013/01/18 01:59:00 | 000,001,002 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2013/01/18 01:57:18 | 000,015,152 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2013/01/18 01:57:18 | 000,015,152 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2013/01/18 01:55:47 | 001,557,810 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2013/01/18 01:55:47 | 000,707,258 | ---- | M] () -- C:\Windows\SysNative\perfh00C.dat
[2013/01/18 01:55:47 | 000,618,974 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2013/01/18 01:55:47 | 000,131,686 | ---- | M] () -- C:\Windows\SysNative\perfc00C.dat
[2013/01/18 01:55:47 | 000,107,294 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2013/01/18 01:50:17 | 000,000,035 | ---- | M] () -- C:\Users\Public\Documents\AtherosServiceConfig.ini
[2013/01/18 01:49:52 | 000,000,000 | ---- | M] () -- C:\Windows\SysNative\drivers\lvuvc.hs
[2013/01/18 01:49:50 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2013/01/18 01:49:49 | 2129,149,951 | -HS- | M] () -- C:\hiberfil.sys
[2013/01/18 01:44:38 | 000,281,520 | ---- | M] () -- C:\Windows\SysWow64\PnkBstrB.xtr
[2013/01/18 01:44:38 | 000,281,520 | ---- | M] () -- C:\Windows\SysWow64\PnkBstrB.exe
[2013/01/17 23:56:02 | 000,014,456 | ---- | M] (GFI Software) -- C:\Windows\SysNative\drivers\gfibto.sys
[2013/01/17 23:44:08 | 000,281,520 | ---- | M] () -- C:\Windows\SysWow64\PnkBstrB.ex0
[2013/01/17 23:35:16 | 004,977,880 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2013/01/17 18:45:18 | 000,019,234 | ---- | M] () -- D:\Documents\Cyrille\Documents\cc_20130117_184445.reg
[2013/01/17 18:30:03 | 000,226,242 | ---- | M] () -- D:\Documents\Cyrille\Documents\cc_20130117_182946.reg
[2013/01/16 02:36:50 | 000,000,027 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\hosts
[2013/01/13 13:42:09 | 000,001,151 | ---- | M] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk

========== Files Created - No Company Name ==========

[2013/01/18 00:03:10 | 000,002,189 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spybot-S&D Start Center.lnk
[2013/01/17 23:35:08 | 004,977,880 | ---- | C] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2013/01/17 18:44:49 | 000,019,234 | ---- | C] () -- D:\Documents\Cyrille\Documents\cc_20130117_184445.reg
[2013/01/17 18:29:53 | 000,226,242 | ---- | C] () -- D:\Documents\Cyrille\Documents\cc_20130117_182946.reg
[2012/11/18 15:06:55 | 000,693,760 | ---- | C] () -- C:\Windows\SysWow64\ficthumbhdlr_x86.dll
[2012/11/18 15:06:55 | 000,680,448 | ---- | C] () -- C:\Windows\SysWow64\ficdecds_x86.dll
[2012/11/17 16:01:16 | 002,580,552 | ---- | C] () -- C:\Windows\SysWow64\pbsvc.exe
[2012/10/08 21:03:14 | 000,086,339 | ---- | C] () -- C:\ProgramData\axklmtpynnxhvpm
[2012/09/10 11:17:02 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe
[2012/09/10 11:17:02 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe
[2012/09/10 11:17:02 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
[2012/09/10 11:17:02 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
[2012/09/10 11:17:02 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
[2012/09/05 22:05:38 | 001,578,038 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2012/08/20 22:47:03 | 000,010,240 | ---- | C] () -- C:\Users\Cyrille\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2012/07/12 15:25:22 | 000,639,488 | ---- | C] () -- C:\Windows\SysWow64\ficvdec_x86.dll
[2012/06/26 15:02:40 | 000,030,568 | ---- | C] () -- C:\Windows\MusiccityDownload.exe
[2012/06/26 15:02:38 | 000,974,848 | ---- | C] () -- C:\Windows\SysWow64\cis-2.4.dll
[2012/06/26 15:02:38 | 000,081,920 | ---- | C] () -- C:\Windows\SysWow64\issacapi_bs-2.3.dll
[2012/06/26 15:02:38 | 000,065,536 | ---- | C] () -- C:\Windows\SysWow64\issacapi_pe-2.3.dll
[2012/06/26 15:02:38 | 000,057,344 | ---- | C] () -- C:\Windows\SysWow64\issacapi_se-2.3.dll
[2012/06/23 11:13:34 | 001,001,920 | ---- | C] () -- C:\Windows\PE_Rom.dll
[2012/05/16 08:52:39 | 000,000,132 | ---- | C] () -- C:\Users\Cyrille\AppData\Roaming\Adobe PNG Format CS5 Prefs
[2012/01/20 00:26:20 | 000,000,132 | ---- | C] () -- C:\Users\Cyrille\AppData\Roaming\Adobe GIF Format CS5 Prefs
[2012/01/18 07:44:00 | 010,920,984 | ---- | C] () -- C:\Windows\SysWow64\LogiDPP.dll
[2012/01/18 07:44:00 | 000,336,408 | ---- | C] () -- C:\Windows\SysWow64\DevManagerCore.dll
[2012/01/18 07:44:00 | 000,104,472 | ---- | C] () -- C:\Windows\SysWow64\LogiDPPApp.exe
[2011/11/30 19:02:45 | 000,175,616 | ---- | C] () -- C:\Windows\SysWow64\unrar.dll
[2011/11/30 19:02:44 | 000,650,752 | ---- | C] () -- C:\Windows\SysWow64\xvidcore.dll
[2011/11/30 19:02:44 | 000,243,200 | ---- | C] () -- C:\Windows\SysWow64\xvidvfw.dll
[2011/11/30 19:02:44 | 000,074,752 | ---- | C] () -- C:\Windows\SysWow64\ff_vfw.dll
[2011/11/17 17:54:13 | 000,281,520 | ---- | C] () -- C:\Windows\SysWow64\PnkBstrB.exe
[2011/11/17 17:54:11 | 000,076,888 | ---- | C] () -- C:\Windows\SysWow64\PnkBstrA.exe
[2011/10/29 18:49:52 | 000,000,565 | ---- | C] () -- C:\Users\Cyrille\AppData\Roaming\myMPQ.ini
[2011/10/24 22:37:39 | 000,000,254 | ---- | C] () -- C:\Windows\Brpfx04a.ini
[2011/10/24 22:37:39 | 000,000,093 | ---- | C] () -- C:\Windows\brpcfx.ini
[2011/10/24 22:37:29 | 000,000,434 | ---- | C] () -- C:\Windows\BRWMARK.INI
[2011/10/24 22:37:29 | 000,000,027 | ---- | C] () -- C:\Windows\BRPP2KA.INI
[2011/10/24 22:37:12 | 000,106,496 | ---- | C] () -- C:\Windows\SysWow64\BrMuSNMP.dll
[2011/10/24 22:37:12 | 000,000,066 | ---- | C] () -- C:\Windows\Brfaxrx.ini
[2011/10/24 22:37:12 | 000,000,000 | ---- | C] () -- C:\Windows\brdfxspd.dat
[2011/10/24 19:33:13 | 000,094,208 | ---- | C] () -- C:\Windows\SysWow64\IccLibDll.dll
[2011/10/24 19:32:09 | 000,014,464 | ---- | C] () -- C:\Windows\SysWow64\drivers\AsUpIO.sys
[2011/10/24 19:30:43 | 000,011,832 | ---- | C] () -- C:\Windows\SysWow64\drivers\AsInsHelp64.sys
[2011/10/24 19:30:43 | 000,010,216 | ---- | C] () -- C:\Windows\SysWow64\drivers\AsInsHelp32.sys
[2011/10/24 17:36:43 | 000,013,440 | ---- | C] () -- C:\Windows\SysWow64\drivers\AsIO.sys
[2011/10/24 15:07:50 | 000,038,709 | ---- | C] () -- C:\Windows\Ascd_log.ini
[2011/10/24 15:07:08 | 000,001,769 | ---- | C] () -- C:\Windows\Language_trs.ini
[2011/10/24 15:07:05 | 000,026,424 | ---- | C] () -- C:\Windows\Ascd_tmp.ini

========== ZeroAccess Check ==========

[2009/07/14 05:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini

[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"" = C:\Windows\SysNative\shell32.dll -- [2012/06/09 06:43:10 | 014,172,672 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2012/06/09 05:41:00 | 012,873,728 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009/07/14 02:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2010/11/20 13:19:02 | 000,606,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009/07/14 02:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]

========== LOP Check ==========

[2013/01/17 18:42:05 | 000,000,000 | ---D | M] -- C:\Users\Cyrille\AppData\Roaming\Ad-Aware Antivirus
[2011/10/26 23:01:37 | 000,000,000 | ---D | M] -- C:\Users\Cyrille\AppData\Roaming\Autodesk
[2012/08/02 01:52:02 | 000,000,000 | ---D | M] -- C:\Users\Cyrille\AppData\Roaming\Command & Conquer 3 Les guerres du Tiberium
[2012/09/19 10:42:56 | 000,000,000 | ---D | M] -- C:\Users\Cyrille\AppData\Roaming\DAEMON Tools Lite
[2013/01/16 02:25:02 | 000,000,000 | ---D | M] -- C:\Users\Cyrille\AppData\Roaming\DriverCure
[2012/10/13 13:58:13 | 000,000,000 | ---D | M] -- C:\Users\Cyrille\AppData\Roaming\DVDVideoSoft
[2012/09/16 22:36:19 | 000,000,000 | ---D | M] -- C:\Users\Cyrille\AppData\Roaming\DVDVideoSoftIEHelpers
[2013/01/04 00:00:00 | 000,000,000 | ---D | M] -- C:\Users\Cyrille\AppData\Roaming\GoodSync
[2011/10/26 23:49:31 | 000,000,000 | ---D | M] -- C:\Users\Cyrille\AppData\Roaming\Leadertech
[2012/11/18 14:57:09 | 000,000,000 | ---D | M] -- C:\Users\Cyrille\AppData\Roaming\Mirillis
[2013/01/17 18:21:49 | 000,000,000 | ---D | M] -- C:\Users\Cyrille\AppData\Roaming\Notepad++
[2013/01/18 00:13:45 | 000,000,000 | ---D | M] -- C:\Users\Cyrille\AppData\Roaming\OpenCandy
[2012/09/13 15:08:38 | 000,000,000 | ---D | M] -- C:\Users\Cyrille\AppData\Roaming\Opera
[2012/11/29 22:23:41 | 000,000,000 | ---D | M] -- C:\Users\Cyrille\AppData\Roaming\Origin
[2013/01/16 02:25:02 | 000,000,000 | ---D | M] -- C:\Users\Cyrille\AppData\Roaming\ParetoLogic
[2012/01/26 00:59:50 | 000,000,000 | ---D | M] -- C:\Users\Cyrille\AppData\Roaming\PhotoFiltre
[2012/09/10 21:09:08 | 000,000,000 | ---D | M] -- C:\Users\Cyrille\AppData\Roaming\Samsung
[2012/07/17 00:38:15 | 000,000,000 | ---D | M] -- C:\Users\Cyrille\AppData\Roaming\SplitMediaLabs
[2012/05/12 17:25:46 | 000,000,000 | ---D | M] -- C:\Users\Cyrille\AppData\Roaming\TeamViewer
[2013/01/17 00:48:20 | 000,000,000 | ---D | M] -- C:\Users\Cyrille\AppData\Roaming\TS3Client
[2012/11/10 12:58:14 | 000,000,000 | ---D | M] -- C:\Users\Cyrille\AppData\Roaming\TuneUp Software
[2012/07/24 00:12:35 | 000,000,000 | ---D | M] -- C:\Users\Cyrille\AppData\Roaming\Wondershare

========== Purity Check ==========



< End of report >

OTL Extras logfile created on: 18/01/2013 01:58:16 - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = D:\Documents\Cyrille\Downloads
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 0000080c | Country: Belgique | Language: FRB | Date Format: d/MM/yyyy

7,98 Gb Total Physical Memory | 5,84 Gb Available Physical Memory | 73,17% Memory free
15,95 Gb Paging File | 13,58 Gb Available in Paging File | 85,14% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 111,69 Gb Total Space | 57,26 Gb Free Space | 51,27% Space Free | Partition Type: NTFS
Drive D: | 931,51 Gb Total Space | 874,49 Gb Free Space | 93,88% Space Free | Partition Type: NTFS
Drive K: | 100,00 Mb Total Space | 70,35 Mb Free Space | 70,35% Space Free | Partition Type: NTFS
Drive M: | 1396,91 Gb Total Space | 865,56 Gb Free Space | 61,96% Space Free | Partition Type: FAT32

Computer Name: TOWER | User Name: Cyrille | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.html[@ = FirefoxHTML] -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)
.html [@ = FirefoxHTML] -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)

[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)

========== Shell Spawning ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [print] -- rundll32.exe %SystemRoot%\system32\mshtml.dll,PrintHTML "%1" (Microsoft Corporation)
http [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
https [open] -- "C:\Program Files (x86)\Mozilla Firefox\firefox.exe" -osint -url "%1" (Mozilla Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [Bridge] -- C:\Program Files (x86)\Adobe Bridge CS5\Bridge.exe "%L" (Adobe Systems, Inc.)
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
http [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
https [open] -- "C:\Program Files (x86)\Mozilla Firefox\firefox.exe" -osint -url "%1" (Mozilla Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [Bridge] -- C:\Program Files (x86)\Adobe Bridge CS5\Bridge.exe "%L" (Adobe Systems, Inc.)
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
"FirewallDisableNotify" = 0
"AntiVirusDisableNotify" = 0
"UpdatesDisableNotify" = 0

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirewallDisableNotify" = 0
"AntiVirusDisableNotify" = 0
"UpdatesDisableNotify" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]

========== System Restore Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0

========== Firewall Settings ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe" = C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe:*:Enabled:Spybot-S&D 2 Tray Icon -- (Safer-Networking Ltd.)
"C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe" = C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe:*:Enabled:Spybot-S&D 2 Scanner Service -- (Safer-Networking Ltd.)
"C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdate.exe" = C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdate.exe:*:Enabled:Spybot-S&D 2 Updater -- (Safer-Networking Ltd.)
"C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe" = C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe:*:Enabled:Spybot-S&D 2 Background update service -- (Safer-Networking Ltd.)
"C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe" = C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe:*:Enabled:Spybot-S&D 2 Tray Icon -- (Safer-Networking Ltd.)
"C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe" = C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe:*:Enabled:Spybot-S&D 2 Scanner Service -- (Safer-Networking Ltd.)
"C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdate.exe" = C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdate.exe:*:Enabled:Spybot-S&D 2 Updater -- (Safer-Networking Ltd.)
"C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe" = C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe:*:Enabled:Spybot-S&D 2 Background update service -- (Safer-Networking Ltd.)


========== Vista Active Open Ports Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{015CDAEA-0F96-442A-8F6B-E1C00FE0A861}" = lport=2869 | protocol=6 | dir=in | name=windows live communications platform (upnp) |
"{1391C794-C56B-457D-8A79-6BF6EFF87E17}" = rport=137 | protocol=17 | dir=out | app=system |
"{232A836B-A0E0-4968-A828-B7C6F8C5841C}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{274642C9-9546-424E-A95E-A6C29643C47B}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{35CBD10E-F29F-40FB-BA22-57A89A1F3874}" = lport=137 | protocol=17 | dir=in | app=system |
"{36CF69CA-C5CD-4A21-BF35-2FD92FE0035D}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | [email protected],-28539 |
"{3862C044-EF03-43CD-AD49-34C27A883EF0}" = lport=138 | protocol=17 | dir=in | app=system |
"{40973B03-5F8F-4B90-B0CE-27674391BF0F}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
"{46472D0E-FC9D-49E0-9F69-786FA948A71F}" = rport=10243 | protocol=6 | dir=out | app=system |
"{543275DD-60B9-43B9-9A0B-FEBD223090E0}" = lport=54925 | protocol=17 | dir=in | name=brothernetwork scanner |
"{5F92437A-5ACC-47BE-8CD1-8716F28ED118}" = lport=48113 | protocol=6 | dir=in | name=maconfig_tcp |
"{619FBF56-16B8-4729-A9BF-D66F09CC21E6}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{67303189-F04B-4066-8EF5-431A8DB3A648}" = lport=10243 | protocol=6 | dir=in | app=system |
"{67D7026B-66C5-4DFD-A697-EED4F9966F33}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{6BD9BDF3-F120-4D2D-B98A-A22692CBC55F}" = rport=445 | protocol=6 | dir=out | app=system |
"{906396FA-2DE3-416A-93C2-29B2897557B9}" = lport=2869 | protocol=6 | dir=in | app=system |
"{90D51C4E-7987-42D4-ADDF-D0EA263338B8}" = rport=138 | protocol=17 | dir=out | app=system |
"{93B8E489-1B93-48F1-A869-73D1FF8B2AE2}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{968007E8-17F3-49FC-A64F-ABE7133434CF}" = rport=139 | protocol=6 | dir=out | app=system |
"{9D03D0EB-BF5A-4EB9-AA02-4611B18F75AD}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{A1298861-C935-4874-B424-77AE1EE3FA3B}" = lport=445 | protocol=6 | dir=in | app=system |
"{A223D276-FA53-4B16-BFE7-696672385F23}" = lport=1900 | protocol=17 | dir=in | name=windows live communications platform (ssdp) |
"{A449A7AF-7AF8-4ECD-8DBB-702BB0F47121}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{A4ABE4D0-62AE-4115-AF3F-3E525B29C59D}" = lport=48113 | protocol=17 | dir=in | name=maconfig_udp |
"{BF5278F4-E050-4FCA-8161-C0510C806978}" = lport=139 | protocol=6 | dir=in | app=system |
"{D5E7A7A8-413F-4974-B979-8437B061B96D}" = lport=6004 | protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office12\outlook.exe |
"{FBD43BA2-C940-4CE5-9F81-AD56BD881F1A}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |

========== Vista Active Application Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{12E0C21E-DAFF-4CB8-AB20-83D7D77455B9}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{18EF377E-F2B0-4FA6-AD45-67D1260D784C}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{1A4955E1-0BDB-4A1E-A8A0-0F2AB03CDB59}" = protocol=6 | dir=in | app=c:\windows\syswow64\pnkbstrb.exe |
"{1CE36F43-6ADD-40EE-931A-0B4BCE7F06B1}" = protocol=17 | dir=in | app=c:\program files (x86)\brother\brmfl07a\faxrx.exe |
"{21819575-63C4-42DD-B887-E449527C83F4}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{26E5ADD0-F465-4BA7-848B-6F615B38BAD5}" = protocol=6 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe |
"{3DC07E08-166F-47ED-9E45-1F1E9D099654}" = protocol=6 | dir=in | app=d:\program files (x86)\origin\origin.exe |
"{4FD97EBF-BD55-4F36-9264-271E0A6DFD09}" = dir=in | app=c:\program files (x86)\windows live\messenger\msnmsgr.exe |
"{54E21045-7F98-4F4F-988F-C3D72C8417B8}" = protocol=6 | dir=in | app=d:\program files (x86)\origin games\battlefield 3\bf3.exe |
"{5503E325-274C-47DC-879B-1C19C8638E90}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{5509B6E3-91E5-4F30-A8C3-1F9DCB49F932}" = protocol=17 | dir=in | app=c:\windows\syswow64\pnkbstra.exe |
"{62C82870-1247-45C1-91BF-6A61977A0F3F}" = protocol=17 | dir=in | app=c:\program files (x86)\opera\opera.exe |
"{671E1F4C-8431-44CB-98B5-D18D3A4D24A1}" = protocol=17 | dir=in | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{6FBCA242-3AC7-4500-9D8E-780681D37DCF}" = dir=in | app=c:\program files (x86)\itunes\itunes.exe |
"{740C998C-7522-4A3E-8A1F-9D5A296FB776}" = protocol=17 | dir=in | app=c:\program files (x86)\nero\km\kwikmedia.exe |
"{7787EC15-2B79-403F-880E-ED11F9AB065B}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{7899D202-746B-4B5E-A91F-27660BFBA500}" = protocol=17 | dir=in | app=c:\program files (x86)\battlelog web plugins\sonar\0.70.4\sonarhost.exe |
"{7B7B2DD4-BE3B-4CCF-9E22-5BA3AFF60233}" = protocol=1 | dir=out | [email protected],-28544 |
"{82432E93-5683-4E7E-A218-D9FE5203EF33}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{8262FFE7-E315-45FE-9094-D10F825EF686}" = protocol=6 | dir=in | app=c:\windows\syswow64\pnkbstra.exe |
"{8C16F562-1F46-4DF2-B9B1-15CF931A3729}" = protocol=17 | dir=in | app=d:\program files (x86)\origin\origin.exe |
"{8C1F2284-B885-4254-80FB-13FA3D9AC613}" = protocol=6 | dir=in | app=c:\program files (x86)\nero\km\kwikmedia.exe |
"{8E07CB3B-E095-47C7-A0A2-4C12C1A1712C}" = dir=in | app=c:\users\cyrille\appdata\local\facebook\video\skype\facebookvideocalling.exe |
"{922B15DD-907E-4B97-869A-55AA64B2D303}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{922F1766-051C-4D84-AFFB-60B4B2BD8DB2}" = dir=in | app=c:\program files (x86)\common files\apple\apple application support\webkit2webprocess.exe |
"{92789DDC-55F2-4373-AB0D-BF603C709E80}" = protocol=6 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{928490B6-2A2D-42BA-89D3-9CD28EAE88A4}" = protocol=1 | dir=in | [email protected],-28543 |
"{9EB00382-6920-4034-BD66-17B143AD4B99}" = protocol=58 | dir=in | [email protected],-28545 |
"{A087BF2F-726D-49FB-B4B4-C311748D2B48}" = protocol=6 | dir=in | app=c:\program files (x86)\battlelog web plugins\sonar\0.70.4\sonarhost.exe |
"{A57975BE-B333-411F-9E5A-72E6F4A215D4}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{B47A15F7-E634-4511-BDE5-DF83FA72D5E7}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{BBFAD5DC-B823-4D77-8D6F-468169CCE949}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{BFF69C49-F5A2-4A73-916D-561A26CD5C43}" = protocol=17 | dir=in | app=d:\program files (x86)\origin games\battlefield 3\bf3.exe |
"{C40C2BDC-516F-498B-9A75-AE84F1603714}" = protocol=6 | dir=out | app=system |
"{C7C659E1-1E1D-4BC7-A935-C0AFF153FC6A}" = protocol=17 | dir=in | app=c:\windows\syswow64\pnkbstrb.exe |
"{C7F8396E-ECD4-4AFC-BF9F-E4F40F668BB7}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{D61B91C8-2F8D-4F3D-927B-B7F7B5B75AAB}" = protocol=58 | dir=out | [email protected],-28546 |
"{D9007AA6-ED84-4DD9-B189-E47EC7DA5166}" = protocol=6 | dir=in | app=c:\program files (x86)\asus\ai suite ii\asus mobilink\iphone simulator\pnsvc.exe |
"{E2608DE4-6AD1-4E58-8361-8550750F2A21}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{E4CE0618-294D-4ABF-BB4E-B3C1BD852FA0}" = protocol=6 | dir=in | app=c:\program files (x86)\brother\brmfl07a\faxrx.exe |
"{E58B1970-43B5-4F96-8444-ACC69699FCF5}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{EA6FA0E7-1AF8-49AD-9F7D-897E8B833D3E}" = dir=in | app=c:\program files (x86)\windows live\contacts\wlcomm.exe |
"{EBDA0BA9-367A-4CD0-A978-7F91C20E2C76}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{F0C747BF-E921-43F8-8434-95B9C4B7A756}" = protocol=6 | dir=in | app=c:\program files (x86)\opera\opera.exe |
"{F83C48B6-F2D8-4171-A2DB-112AAF922174}" = protocol=17 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe |
"{FBEE5951-4791-4FEF-BDF4-5042C5B17A9B}" = protocol=17 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"TCP Query User{3EDB3F31-DD2E-44D9-A5EA-3BC10EF95D0C}D:\program files (x86)\origin games\battlefield 3\bf3.exe" = protocol=6 | dir=in | app=d:\program files (x86)\origin games\battlefield 3\bf3.exe |
"TCP Query User{638CA3C6-749B-411E-80ED-3B8772A06842}D:\program files (x86)\wondershare\mobilego for android\mobilegoservice.exe" = protocol=6 | dir=in | app=d:\program files (x86)\wondershare\mobilego for android\mobilegoservice.exe |
"TCP Query User{72D9D1DA-B57B-4AD7-A072-F33A76FB5748}C:\program files\magictune premium\magictune.exe" = protocol=6 | dir=in | app=c:\program files\magictune premium\magictune.exe |
"TCP Query User{8BC23F66-3E80-4D93-A842-29B273CB2165}D:\program files (x86)\wondershare\mobilego for android\mobilegoservice.exe" = protocol=6 | dir=in | app=d:\program files (x86)\wondershare\mobilego for android\mobilegoservice.exe |
"TCP Query User{9A19CA2D-FEA6-421D-A165-DD73C525773F}C:\windows\syswow64\rundll32.exe" = protocol=6 | dir=in | app=c:\windows\syswow64\rundll32.exe |
"UDP Query User{2EFA3F84-5505-45B7-8D33-D5FD50E77AB7}D:\program files (x86)\wondershare\mobilego for android\mobilegoservice.exe" = protocol=17 | dir=in | app=d:\program files (x86)\wondershare\mobilego for android\mobilegoservice.exe |
"UDP Query User{39EE788E-865B-48AC-B0AC-F63D6D656572}D:\program files (x86)\wondershare\mobilego for android\mobilegoservice.exe" = protocol=17 | dir=in | app=d:\program files (x86)\wondershare\mobilego for android\mobilegoservice.exe |
"UDP Query User{580972E1-6098-4A39-9F41-8BD57C231C97}C:\program files\magictune premium\magictune.exe" = protocol=17 | dir=in | app=c:\program files\magictune premium\magictune.exe |
"UDP Query User{B6AB8854-35C5-4B3F-82F3-2AE5B2F4E092}C:\windows\syswow64\rundll32.exe" = protocol=17 | dir=in | app=c:\windows\syswow64\rundll32.exe |
"UDP Query User{F2D3E851-05BC-4597-B721-981546E9EA5F}D:\program files (x86)\origin games\battlefield 3\bf3.exe" = protocol=17 | dir=in | app=d:\program files (x86)\origin games\battlefield 3\bf3.exe |

========== HKEY_LOCAL_MACHINE Uninstall List ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{027E5FAB-1476-4C59-AAB4-32EF28520399}" = Windows Live Language Selector
"{138A4072-9E64-46BD-B5F9-DB2BB395391F}" = LWS VideoEffects
"{1493B2AE-0261-47D2-B1AA-F4DAD0F6C48B}" = iTunes
"{1ACC8FFB-9D84-4C05-A4DE-D28A9BC91698}" = Windows Live ID Sign-in Assistant
"{1D8E6291-B0D5-35EC-8441-6616F567A0F7}" = Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219
"{1E9FC118-651D-4934-97BE-E53CAE5C7D45}" = Microsoft_VC80_MFCLOC_x86_x64
"{230D1595-57DA-4933-8C4E-375797EBB7E1}" = Bluetooth Win7 Suite (64)
"{23170F69-40C1-2702-0920-000001000000}" = 7-Zip 9.20 (x64 edition)
"{350AA351-21FA-3270-8B7A-835434E766AD}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.21022
"{4529F749-C362-4119-AFA0-0A3F1CA924AB}" = Autodesk MatchMover 2012 64-bit
"{4569AD91-47F4-4D9E-8FC9-717EC32D7AE1}" = Microsoft_VC80_CRT_x86_x64
"{4B5F58F7-C7D1-3CE3-9B37-B657F0852643}" = Microsoft .NET Framework 4 Client Profile FRA Language Pack
"{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148
"{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
"{624C7F0A-89B2-4C49-9CAB-9D69613EC95A}" = Microsoft IntelliPoint 8.2
"{6ce5bae9-d3ca-4b99-891a-1dc6c118a5fc}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}" = Bonjour
"{7446FE8D-C1F9-4D42-AAAE-5DBCE58605A6}" = Apple Mobile Device Support
"{8220EEFE-38CD-377E-8595-13398D740ACE}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17
"{8557397C-A42D-486F-97B3-A2CBC2372593}" = Microsoft_VC90_ATL_x86_x64
"{90120000-002A-0000-1000-0000000FF1CE}" = Microsoft Office Office 64-bit Components 2007
"{90120000-002A-040C-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (French) 2007
"{925D058B-564A-443A-B4B2-7E90C6432E55}" = Microsoft_VC80_ATL_x86_x64
"{92A3CA0D-55CD-4C5D-BA95-5C2600C20F26}" = Microsoft_VC90_CRT_x86_x64
"{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting
"{9E6BB4E4-0B20-4922-AA37-260FA5ACFBA5}" = Autodesk Maya 2012 64-bit
"{A472B9E4-0AFF-4F7B-B25D-F64F8E928AAB}" = Microsoft_VC90_MFC_x86_x64
"{AC3E3746-8F18-4F8A-9521-1493022C6E0A}" = Autodesk DirectConnect 2012 64-bit
"{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{B26B00DA-2E5D-4CF2-83C5-911198C0F009}" = GoodSync
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision" = NVIDIA Pilote 3D Vision 306.97
"{B2FE1952-0186-46c3-BAEC-A80AA35AC5B8}_Display.ControlPanel" = Panneau de configuration NVIDIA 306.97
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver" = NVIDIA Pilote graphique 306.97
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NVIRUSB" = NVIDIA Pilote du contrôleur 3D Vision 306.97
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX" = NVIDIA Logiciel système PhysX 9.12.0604
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver" = NVIDIA Pilote audio HD : 1.3.18.0
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_installer" = NVIDIA Install Application
"{C8C1BAD5-54E6-4146-AD07-3A8AD36569C3}" = Microsoft_VC80_MFC_x86_x64
"{D0795B21-0CDA-4a92-AB9E-6E92D8111E44}" = SAMSUNG USB Driver for Mobile Phones
"{EA234BC3-39FE-4734-B72F-076086889F6D}" = Composite 2012 64-bit
"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
"{FC4AD39F-9DCE-4BD0-B7D0-7C81CEB9F04B}" = NVIDIA PhysX Plug-in for Autodesk Maya 2012 64 bit
"Autodesk DirectConnect 2012 64-bit" = Autodesk DirectConnect 2012 64-bit
"Autodesk Maya 2012 64-bit" = Autodesk Maya 2012 64-bit
"Autodesk Maya 2012 64-bit SP4" = Autodesk Maya 2012 64-bit Hotfix 4
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile FRA Language Pack" = Module linguistique Microsoft .NET Framework 4 Client Profile FRA
"Microsoft IntelliPoint 8.2" = Microsoft IntelliPoint 8.2

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{033E378E-6AD3-4AD5-BDEB-CBD69B31046C}" = Microsoft_VC90_ATL_x86
"{052A1E34-A54B-458C-A4E3-24C3E054754A}" = Nero Kwik Media
"{05E379CC-F626-4E7D-8354-463865B303BF}" = Windows Live UX Platform Language Pack
"{08610298-29AE-445B-B37D-EFBE05802967}" = LWS Pictures And Video
"{08D2E121-7F6A-43EB-97FD-629B44903403}" = Microsoft_VC90_CRT_x86
"{0B0F231F-CE6A-483D-AA23-77B364F75917}" = Windows Live Installer
"{0D2DBE8A-43D0-7830-7AE7-CA6C99A832E7}" = Adobe Community Help
"{0F3647F8-E51D-4FCC-8862-9A8D0C5ACF25}" = Microsoft_VC80_ATL_x86
"{15634701-BACE-4449-8B25-1567DA8C9FD3}" = CameraHelperMsi
"{15FEDA5F-141C-4127-8D7E-B962D1742728}" = Adobe Photoshop CS5
"{16393B5A-43A8-434B-B22A-0724581F7873}" = GameShadow
"{1651216E-E7AD-4250-92A1-FB8ED61391C9}" = LWS Help_main
"{174A3B31-4C43-43DD-866F-73C9DB887B48}" = LWS Twitter
"{1B6F5E51-575E-4693-BCA2-7543570D076D}" = Nero Kwik Themes Basic
"{1E04C795-7359-4E05-8A0E-5644F777AA08}_is1" = Wondershare MobileGo for Android ( Version 2.0.0 )
"{1F16820E-D0E7-4636-939E-45CBFEFB06E1}" = Nero Kwik Media Help (CHM)
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{200FEC62-3C34-4D60-9CE8-EC372E01C08F}" = Windows Live SOXE Definitions
"{21DF0294-6B9D-4741-AB6F-B2ABFBD2387E}" = LWS YouTube Plugin
"{2432E589-6256-4513-B0BF-EFA8E325D5F0}" = Nero SharedVideoCodecs
"{26A24AE4-039D-4CA4-87B4-2F83216035FF}" = Java™ 6 Update 37
"{2FDD750F-49B7-40C1-9D5E-D2955BC0E2D8}" = NVIDIA PhysX
"{34319F1F-7CF2-4CC9-B357-1AE7D2FF3AC5}" = Windows Live
"{34D3688E-A737-44C5-9E2A-FF73618728E1}" = AI Suite II
"{3AAB08A3-F129-4BD5-B409-AE674F93759D}" = Prerequisite installer
"{3D347E6D-5A03-4342-B5BA-6A771885F379}" = Autodesk Backburner 2012.0.0
"{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}" = Intel® Rapid Storage Technology
"{3EE9BCAE-E9A9-45E5-9B1C-83A4D357E05C}" = erLT
"{3FD0C489-0F02-481a-A3E1-9754CD396761}" = Intel® Watchdog Timer Driver (Intel® WDT)
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{54A9A9E1-8C4C-44FE-AA6B-182EA1E779FD}" = WiFi Station N
"{5B79E730-D897-4B8F-A1AD-7BB2D1F22B96}" = Nero Blu-ray Player Help (CHM)
"{635FED5B-2C6D-49BE-87E6-7A6FCD22BC5A}" = Microsoft_VC90_MFC_x86
"{63EC2120-1742-4625-AA47-C6A8AEC9C64C}" = Apple Application Support
"{65153EA5-8B6E-43B6-857B-C6E4FC25798A}" = Intel® Management Engine Components
"{65BB0407-4CC8-4DC7-952E-3EEFDF05602A}" = Nero Update
"{682B3E4F-696A-42DE-A41C-4C07EA1678B4}" = Windows Live SOXE
"{6F76EC3C-34B1-436E-97FB-48C58D7BEDCD}" = LWS Gallery
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{71E66D3F-A009-44AB-8784-75E2819BA4BA}" = LWS Motion Detection
"{758C8301-2696-4855-AF45-534B1200980A}" = Samsung Kies
"{76285C16-411A-488A-BCE3-C83CB933D8CF}" = Battlefield 3™
"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
"{79E9C7C5-4FCC-4DFF-B79E-17319E9522F3}" = MagicTunePremium
"{83C292B7-38A5-440B-A731-07070E81A64F}" = Windows Live PIMT Platform
"{83C8FA3C-F4EA-46C4-8392-D3CE353738D6}" = LWS Launcher
"{8686D4FE-62EF-46FB-B9FD-00679EB381FF}_is1" = Trojan Killer 2.1
"{8833FFB6-5B0C-4764-81AA-06DFEED9A476}" = Realtek Ethernet Controller Driver
"{8937D274-C281-42E4-8CDB-A0B2DF979189}" = LWS Webcam Software
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT
"{8EA79DBF-D637-448A-89D6-410A087A4493}" = Samsung_MonSetup
"{90120000-0011-0000-0000-0000000FF1CE}" = Microsoft Office Professional Plus 2007
"{90120000-0011-0000-0000-0000000FF1CE}_PROPLUS_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0015-040C-0000-0000000FF1CE}" = Microsoft Office Access MUI (French) 2007
"{90120000-0015-040C-0000-0000000FF1CE}_PROPLUS_{CF3C20A6-47B7-48DA-95C1-6FBB5A439AF8}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0016-040C-0000-0000000FF1CE}" = Microsoft Office Excel MUI (French) 2007
"{90120000-0016-040C-0000-0000000FF1CE}_PROPLUS_{CF3C20A6-47B7-48DA-95C1-6FBB5A439AF8}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0018-040C-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (French) 2007
"{90120000-0018-040C-0000-0000000FF1CE}_PROPLUS_{CF3C20A6-47B7-48DA-95C1-6FBB5A439AF8}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0019-040C-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (French) 2007
"{90120000-0019-040C-0000-0000000FF1CE}_PROPLUS_{CF3C20A6-47B7-48DA-95C1-6FBB5A439AF8}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001A-040C-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (French) 2007
"{90120000-001A-040C-0000-0000000FF1CE}_PROPLUS_{CF3C20A6-47B7-48DA-95C1-6FBB5A439AF8}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001B-040C-0000-0000000FF1CE}" = Microsoft Office Word MUI (French) 2007
"{90120000-001B-040C-0000-0000000FF1CE}_PROPLUS_{CF3C20A6-47B7-48DA-95C1-6FBB5A439AF8}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001F-0401-0000-0000000FF1CE}" = Microsoft Office Proof (Arabic) 2007
"{90120000-001F-0401-0000-0000000FF1CE}_PROPLUS_{3E8EA473-ECCE-405F-A9CA-59446AEADD3A}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2007
"{90120000-001F-0407-0000-0000000FF1CE}_PROPLUS_{928D7B99-2BEA-49F9-83B8-20FA57860643}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_PROPLUS_{1FF96026-A04A-4C3E-B50A-BB7022654D0F}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_PROPLUS_{71F055E8-E2C6-4214-BB3D-BFE03561B89E}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0413-0000-0000000FF1CE}" = Microsoft Office Proof (Dutch) 2007
"{90120000-001F-0413-0000-0000000FF1CE}_PROPLUS_{2C95E7EE-FEA7-4B3A-A6E5-DF90A88B816A}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007
"{90120000-001F-0C0A-0000-0000000FF1CE}_PROPLUS_{2314F9A1-126F-45CC-8A5E-DFAF866F3FBC}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-002A-0000-1000-0000000FF1CE}_PROPLUS_{664655D8-B9BB-455D-8A58-7EAF7B0B2862}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-002A-040C-1000-0000000FF1CE}_PROPLUS_{8283FD64-6A3B-4104-9E12-7CA25EF29A1A}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-002C-040C-0000-0000000FF1CE}" = Microsoft Office Proofing (French) 2007
"{90120000-0044-040C-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (French) 2007
"{90120000-0044-040C-0000-0000000FF1CE}_PROPLUS_{CF3C20A6-47B7-48DA-95C1-6FBB5A439AF8}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-006E-040C-0000-0000000FF1CE}" = Microsoft Office Shared MUI (French) 2007
"{90120000-006E-040C-0000-0000000FF1CE}_PROPLUS_{8283FD64-6A3B-4104-9E12-7CA25EF29A1A}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90140000-2005-0000-0000-0000000FF1CE}" = Microsoft Office File Validation Add-In
"{92D58719-BBC1-4CC3-A08B-56C9E884CC2C}" = Microsoft_VC80_CRT_x86
"{953AE564-A636-4FC7-A629-6ED35E6DDC6E}_is1" = MSI PLC Utility
"{957F91DB-A999-4207-A780-828C857370F4}" = Nero Kwik Media
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9B97EC91-B3FD-4BFF-88FC-5345A26AC2E7}" = Adobe Illustrator CS5
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9DAEA76B-E50F-4272-A595-0124E826553D}" = LWS WLM Plugin
"{A2BCA9F1-566C-4805-97D1-7FDC93386723}" = Adobe AIR
"{A2FE691E-3F8E-4E30-AA7D-FF17AC77EA87}" = Nero Blu-ray Player
"{A3FEC306-FBFF-4B0D-95B9-F9C67C65079E}" = Brother MFL-Pro Suite MFC-465CN
"{A78FE97A-C0C8-49CE-89D0-EDD524A17392}" = PDF Settings CS5
"{A7A0BF2E-31CC-49E3-9913-52C503EB969D}" = Nero Audio Pack 1
"{A9BDCA6B-3653-467B-AC83-94367DA3BFE3}" = Windows Live Photo Common
"{AB61A2E9-37D3-485D-9085-19FBDF8CEF4A}" = Windows Live Messenger
"{AC76BA86-7AD7-1033-7B44-A80000000002}" = Adobe Reader 8
"{B3DAF54F-DB25-4586-9EF1-96D24BB14088}" = Windows Movie Maker 2.6
"{B4092C6D-E886-4CB2-BA68-FE5A99D31DE7}_is1" = Spybot - Search & Destroy
"{B6CF2967-C81E-40C0-9815-C05774FEF120}" = Skype Click to Call
"{B92C5909-1D37-4C51-8397-A28BB28E5DC3}" = Facebook Video Calling 1.2.0.287
"{BEBEE34D-84A2-4EDD-8BEA-96CC54371263}" = Nero Core Components
"{C79312BD-3E76-4474-A10C-1435D1856A4B}" = Adobe Dreamweaver CS5
"{C893D8C0-1BA0-4517-B11C-E89B65E72F70}" = Windows Live Photo Common
"{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2}" = Windows Live UX Platform
"{D1A19B02-817E-4296-A45B-07853FD74D57}" = Microsoft_VC80_MFC_x86
"{D40EB009-0499-459c-A8AF-C9C110766215}" = Logitech Webcam Software
"{D45240D3-B6B3-4FF9-B243-54ECE3E10066}" = Windows Live Communications Platform
"{D793423B-FF18-4A54-B9C9-75B3396BAAC4}" = Browser Configuration Utility
"{D92BBB52-82FF-42ED-8A3C-4E062F944AB7}" = Microsoft_VC80_MFCLOC_x86
"{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10
"{E36E864B-BFB6-440A-9A23-2B0BEDE59A92}" = MultiScreen
"{E4FB0B39-C991-4EE7-95DD-1A1A7857D33D}" = Asmedia ASM104x USB 3.0 Host Controller Driver
"{E5B21F11-6933-4E0B-A25C-7963E3C07D11}" = Windows Live Messenger
"{EE7257A2-39A2-4D2F-9DAC-F9F25B8AE1D8}" = Skype™ 5.10
"{EED027B7-0DB6-404B-8F45-6DFEE34A0441}" = LWS Video Mask Maker
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{FF167195-9EE4-46C0-8CD7-FBA3457E88AB}" = LWS Facebook
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"Afterburner" = MSI Afterburner 2.1.0
"avast" = avast! Free Antivirus
"Battlelog Web Plugins" = Battlelog Web Plugins
"chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Adobe Community Help
"ESN Sonar-0.70.4" = ESN Sonar
"Free Studio_is1" = Free Studio version 5.7.3.916
"Free YouTube to MP3 Converter_is1" = Free YouTube to MP3 Converter version 3.11.33.1005
"GridinSoft Trojan Killer" = Trojan Killer
"HijackThis" = HijackThis 2.0.2
"InstallShield_{758C8301-2696-4855-AF45-534B1200980A}" = Samsung Kies
"KLiteCodecPack_is1" = K-Lite Mega Codec Pack 8.0.0
"MagniDriver" = marvell 91xx driver
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware version 1.70.0.1100
"Mirillis Action!" = Action!
"Mozilla Firefox 18.0 (x86 fr)" = Mozilla Firefox 18.0 (x86 fr)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"Notepad++" = Notepad++
"NVIDIA StereoUSB Driver" = NVIDIA 3D Vision Controller Driver
"NVIDIAStereo" = NVIDIA Stereoscopic 3D Driver
"OpenAL" = OpenAL
"Opera 12.02.1578" = Opera 12.02
"Origin" = Origin
"Philips Network Attached Storage_is1" = Philips network storage wizard
"Pochette Express 2" = Pochette Express 2
"PROPLUS" = Microsoft Office Professional Plus 2007
"PunkBusterSvc" = PunkBuster Services
"SpeedFan" = SpeedFan (remove only)
"WinLiveSuite" = Windows Live
"WinPcapInst" = WinPcap 4.1.1

========== HKEY_CURRENT_USER Uninstall List ==========

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"TeamSpeak 3 Client" = TeamSpeak 3 Client

========== Last 20 Event Log Errors ==========

[ Application Events ]
Error - 17/01/2013 13:43:54 | Computer Name = Tower | Source = Windows Search Service | ID = 3029
Description =

Error - 17/01/2013 13:43:54 | Computer Name = Tower | Source = Windows Search Service | ID = 3028
Description =

Error - 17/01/2013 13:43:54 | Computer Name = Tower | Source = Windows Search Service | ID = 3058
Description =

Error - 17/01/2013 13:43:54 | Computer Name = Tower | Source = Windows Search Service | ID = 7010
Description =

Error - 17/01/2013 16:10:05 | Computer Name = Tower | Source = Google Update | ID = 20
Description =

Error - 17/01/2013 19:22:02 | Computer Name = Tower | Source = SideBySide | ID = 16842832
Description = La création du contexte d’activation a échoué pour « D:\Documents\Cyrille\Downloads\SoftonicDownloader_pour_trojan-killer.exe ».
Erreur dans le fichier de manifeste ou de stratégie «  » à la ligne . Une version
de composant nécessaire à l’application est en conflit avec une autre version de
composant déjà active. Les composants en conflit sont : Composant 1 : C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.
Composant
2 : C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.

Error - 17/01/2013 19:22:27 | Computer Name = Tower | Source = SideBySide | ID = 16842832
Description = La création du contexte d’activation a échoué pour « D:\Documents\Cyrille\Downloads\SoftonicDownloader_pour_trojan-killer.exe ».
Erreur dans le fichier de manifeste ou de stratégie «  » à la ligne . Une version
de composant nécessaire à l’application est en conflit avec une autre version de
composant déjà active. Les composants en conflit sont : Composant 1 : C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.
Composant
2 : C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.

Error - 17/01/2013 19:22:32 | Computer Name = Tower | Source = SideBySide | ID = 16842832
Description = La création du contexte d’activation a échoué pour « D:\Documents\Cyrille\Downloads\SoftonicDownloader_pour_trojan-killer.exe ».
Erreur dans le fichier de manifeste ou de stratégie «  » à la ligne . Une version
de composant nécessaire à l’application est en conflit avec une autre version de
composant déjà active. Les composants en conflit sont : Composant 1 : C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.
Composant
2 : C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.

Error - 17/01/2013 19:22:37 | Computer Name = Tower | Source = SideBySide | ID = 16842832
Description = La création du contexte d’activation a échoué pour « D:\Documents\Cyrille\Downloads\SoftonicDownloader_pour_trojan-killer.exe ».
Erreur dans le fichier de manifeste ou de stratégie «  » à la ligne . Une version
de composant nécessaire à l’application est en conflit avec une autre version de
composant déjà active. Les composants en conflit sont : Composant 1 : C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.
Composant
2 : C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.

Error - 17/01/2013 20:52:22 | Computer Name = Tower | Source = SideBySide | ID = 16842832
Description = La création du contexte d’activation a échoué pour « D:\Documents\Cyrille\Downloads\SoftonicDownloader_pour_trojan-killer.exe ».
Erreur dans le fichier de manifeste ou de stratégie «  » à la ligne . Une version
de composant nécessaire à l’application est en conflit avec une autre version de
composant déjà active. Les composants en conflit sont : Composant 1 : C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.
Composant
2 : C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.

[ System Events ]
Error - 17/01/2013 13:43:54 | Computer Name = Tower | Source = Service Control Manager | ID = 7024
Description = Le service Windows Search s’est arrêté avec l’erreur service particulière
%%-1073473535.

Error - 17/01/2013 13:43:54 | Computer Name = Tower | Source = Service Control Manager | ID = 7031
Description = Le service Windows Search s’est terminé de manière inattendue. Ceci
s’est produit 1 fois. L’action corrective suivante va être effectuée dans 30000
millisecondes : Redémarrer le service.

Error - 17/01/2013 14:48:16 | Computer Name = Tower | Source = volsnap | ID = 393251
Description = Les clichés instantanés du volume C: ont été annulés car le cliché
instantané du volume n’a pas pu s’agrandir.

Error - 17/01/2013 19:13:43 | Computer Name = Tower | Source = Service Control Manager | ID = 7030
Description = Le service ewido security suite guard est marqué comme étant interactif.
Cependant, le système est configuré pour ne pas autoriser les services interactifs.
Ce service peut ne pas fonctionner correctement.

Error - 17/01/2013 19:13:43 | Computer Name = Tower | Source = Service Control Manager | ID = 7030
Description = Le service ewido security suite control est marqué comme étant interactif.
Cependant, le système est configuré pour ne pas autoriser les services interactifs.
Ce service peut ne pas fonctionner correctement.

Error - 17/01/2013 19:13:45 | Computer Name = Tower | Source = Application Popup | ID = 1060
Description = Le chargement de \??\C:\Program Files (x86)\ewido anti-malware\guard.sys
a été bloqué en raison d’une incompatibilité avec ce système. Contactez l’éditeur
de votre logiciel pour obtenir une version compatible du pilote.

Error - 17/01/2013 19:16:00 | Computer Name = Tower | Source = Service Control Manager | ID = 7011
Description = Le dépassement de délai (30000 millisecondes) a été atteint lors de
l’attente de la réponse transactionnelle du service ewido security suite guard.

Error - 17/01/2013 20:36:20 | Computer Name = Tower | Source = Service Control Manager | ID = 7030
Description = Le service PEVSystemStart est marqué comme étant interactif. Cependant,
le système est configuré pour ne pas autoriser les services interactifs. Ce service
peut ne pas fonctionner correctement.

Error - 17/01/2013 20:38:46 | Computer Name = Tower | Source = Service Control Manager | ID = 7030
Description = Le service PEVSystemStart est marqué comme étant interactif. Cependant,
le système est configuré pour ne pas autoriser les services interactifs. Ce service
peut ne pas fonctionner correctement.

Error - 17/01/2013 20:49:51 | Computer Name = Tower | Source = EventLog | ID = 6008
Description = L’arrêt système précédant à 01:48:38 le ?18/?01/?2013 n’était pas
prévu.


< End of report >
  • 0

Advertisements


#2
WhiteHat

WhiteHat

    Trusted Helper

  • Retired Staff
  • 1,925 posts
Hello and welcome to GeeksToGo :)

My nickname is WhiteHat and I'm going to help you fix your problem.

  • Please do not attach any log files to your replies unless I specifically ask you. Instead please copy and paste so as to include the log in your reply. You can do this in separate posts if it's easier for you.
  • Please do not try to fix anything without being asked
  • I suggest you print or save any instructions I give you for easy reference. We may be using Safe mode and you will not always be able to access this thread.
  • Do not put your logs inside <Quote> and/or <Code> *important*
  • Please do not use the Attachment feature for any log file. Do a Copy/Paste of the entire contents of the log file and submit it inside your post unless directed otherwise.
  • The fixes are specific to your problem and should only be used for this issue on this machine!
  • Lastly, Please be aware that removing Malware is a hazardous undertaking. I will take care not to knowingly suggest courses of action that might damage your computer. However it is impossible for me to foresee all interactions that may happen between the software on your computer and those we'll use to clear you of infection, and I cannot guarantee the safety of your system. Some infections are so severe that we might encounter situations where the only recourse is to re-format and re-install your operating system. Don't worry, this only happens in severe cases, but, sadly, it does happen.
    In light of this be prepared to back up your data. Have means of backing up your data available.

In order to be notified when your topic has been replied to:

Click My Settings at the top of the page. An Option page will open. In the left hand column click Notification Options. On the new page that opens under the Notification Preferences section click Watch every topic I reply to and set the notification type to Immediate Notification.
  • 0

#3
WhiteHat

WhiteHat

    Trusted Helper

  • Retired Staff
  • 1,925 posts
Hi,

Your OTL log seems fine.

Please, Reopen MalwareBytes' Anti-Malware.

  • Go to the tab Updates and click in Download Update. If there's an update, allow MBAM to update its database.
  • Now, click on the tab Verify and select "Perform Full scan", then click Scan.
  • The scan may take some time to finish, so please be patient.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Make sure that everything is checked, and click Remove Selected.
  • When disinfection is completed, a log will open in Notepad and you may be
    prompted to Restart.(See Extra Note)
  • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
  • Copy&Paste the entire report in your next reply.

NEXT:

Download aswMBR.exe ( 4.8mb ) to your desktop.

Double click the aswMBR.exe to run it Click the "Scan" button to start scan

Posted Image

On completion of the scan click save log, save it to your desktop and post in your next reply

Posted Image

NEXT:

Security Check
Download Security Check by screen317 from here or here.

Save it to your Desktop.
Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
A Notepad document should open automatically called checkup.txt; please post the contents of that document.
  • 0

#4
crllz

crllz

    New Member

  • Topic Starter
  • Member
  • Pip
  • 7 posts
MBAM is working, i will post every log tomorrow

See u WhiteHat
  • 0

#5
crllz

crllz

    New Member

  • Topic Starter
  • Member
  • Pip
  • 7 posts
Malwarebytes Anti-Malware 1.70.0.1100
www.malwarebytes.org

Version de la base de données: v2013.01.18.01

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 9.0.8112.16421
Cyrille :: TOWER [administrateur]

18/01/2013 02:39:40
mbam-log-2013-01-18 (02-39-40).txt

Type d'examen: Examen complet (C:\|D:\|E:\|F:\|G:\|H:\|I:\|K:\|M:\|)
Options d'examen activées: Mémoire | Démarrage | Registre | Système de fichiers | Heuristique/Extra | Heuristique/Shuriken | PUP | PUM
Options d'examen désactivées: P2P
Elément(s) analysé(s): 584206
Temps écoulé: 55 minute(s), 38 seconde(s)

Processus mémoire détecté(s): 0
(Aucun élément nuisible détecté)

Module(s) mémoire détecté(s): 0
(Aucun élément nuisible détecté)

Clé(s) du Registre détectée(s): 0
(Aucun élément nuisible détecté)

Valeur(s) du Registre détectée(s): 0
(Aucun élément nuisible détecté)

Elément(s) de données du Registre détecté(s): 0
(Aucun élément nuisible détecté)

Dossier(s) détecté(s): 0
(Aucun élément nuisible détecté)

Fichier(s) détecté(s): 0
(Aucun élément nuisible détecté)

(fin)

aswMBR version 0.9.9.1707 Copyright© 2011 AVAST Software
Run date: 2013-01-18 03:37:07
-----------------------------
03:37:07.731 OS Version: Windows x64 6.1.7601 Service Pack 1
03:37:07.731 Number of processors: 8 586 0x2A07
03:37:07.731 ComputerName: TOWER UserName:
03:37:07.934 Initialize success
03:37:08.168 AVAST engine defs: 13011701
03:37:54.110 Disk 0 \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1
03:37:54.110 Disk 0 Vendor: Intel___ 1.0. Size: 953867MB BusType: 8
03:37:54.110 Disk 1 (boot) \Device\Harddisk1\DR1 -> \Device\00000070
03:37:54.126 Disk 1 Vendor: OCZ-AGIL 2.15 Size: 114473MB BusType: 11
03:37:54.126 Disk 1 MBR read successfully
03:37:54.126 Disk 1 MBR scan
03:37:54.126 Disk 1 Windows 7 default MBR code
03:37:54.126 Disk 1 Partition 1 80 (A) 07 HPFS/NTFS NTFS 100 MB offset 2048
03:37:54.141 Disk 1 Partition 2 00 07 HPFS/NTFS NTFS 114371 MB offset 206848
03:37:54.141 Disk 1 scanning C:\Windows\system32\drivers
03:37:55.545 Service scanning
03:37:58.821 Modules scanning
03:37:58.821 Disk 1 trace - called modules:
03:37:58.837 ntoskrnl.exe CLASSPNP.SYS disk.sys storport.sys hal.dll mvs91xx.sys
03:37:58.837 1 nt!IofCallDriver -> \Device\Harddisk1\DR1[0xfffffa800abd1790]
03:37:58.837 3 CLASSPNP.SYS[fffff88001e0143f] -> nt!IofCallDriver -> \Device\00000070[0xfffffa800a9d38b0]
03:37:58.930 AVAST engine scan C:\Windows
03:37:59.196 AVAST engine scan C:\Windows\system32
03:38:21.722 AVAST engine scan C:\Windows\system32\drivers
03:38:23.188 AVAST engine scan C:\Users\Cyrille
03:38:41.503 AVAST engine scan C:\ProgramData
03:38:57.025 Scan finished successfully
03:39:12.141 Disk 1 MBR has been saved successfully to "D:\Documents\Cyrille\Desktop\MBR.dat"
03:39:12.141 The log file has been saved successfully to "D:\Documents\Cyrille\Desktop\aswMBR.txt"


Results of screen317's Security Check version 0.99.57
Windows 7 Service Pack 1 x64 (UAC is enabled)
Internet Explorer 9
``````````````Antivirus/Firewall Check:``````````````
avast! Antivirus
Antivirus up to date!
`````````Anti-malware/Other Utilities Check:`````````
Out of date HijackThis installed!
Spybot - Search & Destroy
Malwarebytes Anti-Malware version 1.70.0.1100
HijackThis 2.0.2
Java™ 6 Update 37
Java version out of Date!
Adobe Flash Player 11.5.502.146
Adobe Reader 8 Adobe Reader out of Date!
Mozilla Firefox (18.0)
````````Process Check: objlist.exe by Laurent````````
Spybot Teatimer.exe is disabled!
AVAST Software Avast AvastSvc.exe
AVAST Software Avast AvastUI.exe
`````````````````System Health check`````````````````
Total Fragmentation on Drive C: =
````````````````````End of Log``````````````````````
  • 0

#6
WhiteHat

WhiteHat

    Trusted Helper

  • Retired Staff
  • 1,925 posts
Apparently your computer is not infected.

Run ESET Online Scan

Note: You can use either Internet Explorer or Mozilla FireFox for this scan.

Vista / 7 users: You will need to to right-click on the either the IE or FF icon in the Start Menu or Quick Launch Bar on the Taskbar and select Run as Administrator from the context menu.

Please go here then click on: Posted Image

If using Mozilla Firefox you will need to download esetsmartinstaller_enu.exe when prompted then double click on it to install.
All of the following instructions work with either Internet Explorer or Mozilla FireFox.
  • Select the option YES, I accept the Terms of Use then click on: Posted Image
  • When prompted allow Add-On/Active X to install.
  • Make sure that the option Scan archives is checked.
  • Now click on Advanced Settings and select the following:
    • Scan for potentially unwanted applications
    • Scan for potentially unsafe applications
    • Enable Anti-Stealth Technology
  • Now click on: Posted Image
  • The virus signature database will begin to download. Be patient this make take some time depending on the speed of your Internet Connection.
  • When completed the Online Scan will begin automatically. The scan may take several hours.
  • Do not touch either the Mouse or keyboard during the scan otherwise it may stall.
  • When completed select Uninstall application on close, make sure you copy the logfile first!
  • Now click on: Posted Image
  • Use notepad to open the logfile located at C:\Program Files\ESET\EsetOnlineScanner\log.txt.
  • Copy and paste that log as a reply to this topic.

  • 0

#7
crllz

crllz

    New Member

  • Topic Starter
  • Member
  • Pip
  • 7 posts
[email protected] as downloader log:
all ok
# version=8
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.6889
# api_version=3.0.2
# EOSSerial=ae0f13ac768c01448de1e3bf28b86272
# end=stopped
# remove_checked=false
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=true
# antistealth_checked=true
# utc_time=2013-01-20 12:51:00
# local_time=2013-01-20 01:51:00 (+0100, Paris, Madrid)
# country="Belgium"
# lang=1033
# osver=6.1.7601 NT Service Pack 1
# compatibility_mode=774 16777213 100 94 6773452 135349332 0 0
# compatibility_mode=5893 16776573 100 94 73609 110272910 0 0
# scanned=39
# found=0
# cleaned=0
# scan_time=63
[email protected] as downloader log:
all ok
# version=8
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.6889
# api_version=3.0.2
# EOSSerial=ae0f13ac768c01448de1e3bf28b86272
# end=finished
# remove_checked=true
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=true
# antistealth_checked=true
# utc_time=2013-01-20 04:50:07
# local_time=2013-01-20 05:50:07 (+0100, Paris, Madrid)
# country="Belgium"
# lang=1033
# osver=6.1.7601 NT Service Pack 1
# compatibility_mode=774 16777213 100 94 6791399 135363679 0 0
# compatibility_mode=5893 16776573 100 94 91556 110287257 0 0
# scanned=342457
# found=17
# cleaned=17
# scan_time=14293
D:\Documents\Cyrille\Downloads\Adaware_Installer.exe Win32/OpenCandy application (deleted - quarantined) 7B2B30230CBE4507A8D906782845816C92B4DEE7 C
D:\Documents\Cyrille\Downloads\gtk2145-setup.exe probably a variant of Win32/1AntiVirus application (cleaned by deleting - quarantined) 8B958581BFA5AA337F56E1D4DD7C2A4F5AADD42E C
D:\Documents\Cyrille\Downloads\SoftonicDownloader_pour_trojan-killer.exe a variant of Win32/SoftonicDownloader.E application (cleaned by deleting - quarantined) 8EAF7678ED8DD9D68AA6AE834D464079E4BDF9FE C
D:\Utility\DTLite4454-0316.exe Win32/OpenCandy application (cleaned by deleting - quarantined) 35F7C763AFB38E98D73272A7B6805FC6DE3AF2C1 C
M:\Cyrille\MAC\Programmes\FL9\fl-egydown.rar Win32/OpenCandy application (deleted - quarantined) 5AF33BDAA125CE83A2E8C2BD4DE948D770B8AE2F C
M:\Cyrille\MAC\Plug-ins\Plug\ISO\EZ DRUMMER COMPLETE COLLECTION by FTF96\Toontrack EZ Drummer Complete Disk 2.iso multiple threats (deleted - quarantined) 4FF9F658BCBDA1676BEE06EDFEC06A0F93A9DE41 C
M:\Cyrille\MAC\Plug-ins\Plug\Mac\Korg.Legacy.Collection.Analog.Edition.VST.AU.RTAS.v1.23.MAC.OSX.UB-ArCADE\a-a123xa.zip a variant of Win32/Keygen.AD application (deleted - quarantined) 24BBCA508351E9703D55D86EFE489A9052D8622A C
M:\Cyrille\MAC\Plug-ins\Plug\Mac\Gmedia_The_Oddity_Vsti_Rtas_v1.15_Incl_Keygen-Air.rar a variant of Win32/Keygen.AD application (deleted - quarantined) 54D438068C3DC7248322BB2FE2B0D1C02EF26508 C
M:\Cyrille\MAC\Plug-ins\Plug\PC\PSP Audioware full PC VST RTAS x86, x64 01,04,2010 TonyS1.rar a variant of Win32/Keygen.AD application (deleted - quarantined) 1303575FC2D2BB6C6FC652056FA8F8A981AEFCDF C
M:\Cyrille\PC\Utilitaires\DF_BHD\dfbhd-RemoteManager-v3.0.0.zip probably a variant of Win32/VB.KDKZTPU trojan (deleted - quarantined) 3FEAF7FADF56769B937BB5ED5AC04457974186A2 C
M:\Cyrille\PC\Utilitaires\Adobe Dreamweaver CS5 [Win]-[CyberPiraten]\Activation Blocker.cmd BAT/HostsChanger.A application (cleaned by deleting - quarantined) 41556F970EF090C21D11C07009053ED790D71695 C
M:\Cyrille\PC\Utilitaires\milw0rm.tar.bz2 multiple threats (deleted - quarantined) 99D90B62F3120CEEC2285DCF480BEE58D19F53BB C
M:\Cyrille\PC\Utilitaires\DTLite4454-0316.exe Win32/OpenCandy application (cleaned by deleting - quarantined) 35F7C763AFB38E98D73272A7B6805FC6DE3AF2C1 C
M:\Cyrille\PC\Utilitaires\FreeStudio.exe Win32/OpenCandy application (cleaned by deleting - quarantined) F4B79A4C1E0E962B830381CC1D2D631B425B7E15 C
M:\Cyrille\PC\Jeux\CNC3\Trainer V1.09 +11\C & C 3 Trainer 1.09.exe a variant of Win32/GameHack.F application (cleaned by deleting - quarantined) B953B04743C013DFA336B4BB388CC1521B610AEA C
M:\Cyrille\_gsdata_\_saved_\MAC\Plug-ins\Plug\PC\Adobe Dreamweaver CS5 [Win]-[CyberPiraten]\Activation Blocker.cmd BAT/HostsChanger.A application (cleaned by deleting - quarantined) 41556F970EF090C21D11C07009053ED790D71695 C
M:\Cyrille\Cours\Inpres Cours\WebProg\ltp_1infogr\Doc\Outils (Conception Web)\SoftonicDownloader_pour_ietester.exe a variant of Win32/SoftonicDownloader.E application (cleaned by deleting - quarantined) D3397762B8E3F61D2A2C9979FB0759737D895267 C
  • 0

#8
crllz

crllz

    New Member

  • Topic Starter
  • Member
  • Pip
  • 7 posts
Here is some scan that i made before ask for help, maybe it can help you

Trojan Killer v.2.1.4.5
Report file date: 18/01/2013 00:33:39

Scanning for 412570 virus strains and unwanted programs.

Licensed: UNREGISTERED
Windows version: Windows 7 Home Premium (version 6.1)
Username: Cyrille
Computer name: TOWER

Starting the file scan:

Standard Scan started
Startup objects collected
BHO plugins collected
Services collected
ActiveX objects collected
Files collected
Scanning process...
----- HKCR\secfile ---- Registry
Trojan.Fakealert


----- HKCR\secfile ---- Registry
Trojan.Fakealert


Scan completed

Scan result: 2 detected items
Scan completed in: Scan completed in 13 minute(s) 15 sec.
Files were scanned: 28450

# AdwCleaner v2.105 - Rapport créé le 15/01/2013 à 21:46:05
# Mis à jour le 08/01/2013 par Xplode
# Système d'exploitation : Windows 7 Home Premium Service Pack 1 (64 bits)
# Nom d'utilisateur : Cyrille - TOWER
# Mode de démarrage : Normal
# Exécuté depuis : D:\Documents\Cyrille\Downloads\adwcleaner.exe
# Option [Recherche]


***** [Services] *****


***** [Fichiers / Dossiers] *****

Dossier Présent : C:\ProgramData\Babylon
Dossier Présent : C:\ProgramData\boost_interprocess
Dossier Présent : C:\Users\Cyrille\AppData\Roaming\Babylon
Fichier Présent : C:\Program Files (x86)\Mozilla Firefox\searchplugins\babylon.xml
Fichier Présent : C:\user.js
Fichier Présent : C:\Users\Cyrille\AppData\Local\Temp\Uninstall.exe

***** [Registre] *****

Clé Présente : HKCU\Software\DataMngr
Clé Présente : HKCU\Software\DataMngr_Toolbar
Clé Présente : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{98889811-442D-49DD-99D7-DC866BE87DBC}
Clé Présente : HKCU\Software\a6dfdcb13eed14
Clé Présente : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{0ECDF796-C2DC-4D79-A620-CCE0C0A66CC9}
Clé Présente : HKLM\Software\Babylon
Clé Présente : HKLM\SOFTWARE\Classes\AppID\{BDB69379-802F-4EAF-B541-F8DE92DD98DB}
Clé Présente : HKLM\SOFTWARE\Classes\Prod.cap
Clé Présente : HKLM\SOFTWARE\Classes\TypeLib\{9C049BA6-EA47-4AC3-AED6-A66D8DC9E1D8}
Clé Présente : HKLM\Software\DataMngr
Clé Présente : HKLM\SOFTWARE\Microsoft\Tracing\MyBabylontb_RASAPI32
Clé Présente : HKLM\SOFTWARE\Microsoft\Tracing\MyBabylontb_RASMANCS
Clé Présente : HKLM\SOFTWARE\Wow6432Node\a6dfdcb13eed14
Clé Présente : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{E46C8196-B634-44A1-AF6E-957C64278AB1}
Clé Présente : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39}
Clé Présente : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{03E2A1F3-4402-4121-8B35-733216D61217}
Clé Présente : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{66EEF543-A9AC-4A9D-AA3C-1ED148AC8EEE}
Clé Présente : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{9E3B11F6-4179-4603-A71B-A55F4BCB0BEC}
Clé Présente : HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\pgafcinpmmpklohkojmllohdhomoefph
Clé Présente : HKLM\SOFTWARE\Classes\Interface\{03E2A1F3-4402-4121-8B35-733216D61217}
Clé Présente : HKLM\SOFTWARE\Classes\Interface\{66EEF543-A9AC-4A9D-AA3C-1ED148AC8EEE}
Clé Présente : HKLM\SOFTWARE\Classes\Interface\{9E3B11F6-4179-4603-A71B-A55F4BCB0BEC}
Clé Présente : HKU\S-1-5-21-2382239939-1531256322-2135280194-1006\Software\Microsoft\Internet Explorer\SearchScopes\{0ECDF796-C2DC-4D79-A620-CCE0C0A66CC9}

***** [Navigateurs] *****

-\\ Internet Explorer v9.0.8112.16457

[OK] Le registre ne contient aucune entrée illégitime.

-\\ Mozilla Firefox v18.0 (fr)

Fichier : C:\Users\Cyrille\AppData\Roaming\Mozilla\Firefox\Profiles\y9kpu53x.default-1358081375598\prefs.js

[OK] Le fichier ne contient aucune entrée illégitime.

-\\ Opera v12.2.1578.0

Fichier : C:\Users\Cyrille\AppData\Roaming\Opera\Opera\operaprefs.ini

[OK] Le fichier ne contient aucune entrée illégitime.

*************************

AdwCleaner[R1].txt - [3142 octets] - [15/01/2013 21:46:05]

########## EOF - C:\AdwCleaner[R1].txt - [3202 octets] ##########

# AdwCleaner v2.106 - Rapport créé le 18/01/2013 à 17:14:14
# Mis à jour le 17/01/2013 par Xplode
# Système d'exploitation : Windows 7 Home Premium Service Pack 1 (64 bits)
# Nom d'utilisateur : Cyrille - TOWER
# Mode de démarrage : Normal
# Exécuté depuis : D:\Documents\Cyrille\Downloads\adwcleaner.exe
# Option [Recherche]


***** [Services] *****


***** [Fichiers / Dossiers] *****

Dossier Présent : C:\Program Files (x86)\adawaretb
Dossier Présent : C:\ProgramData\blekko toolbars
Dossier Présent : C:\Users\Cyrille\AppData\LocalLow\adawaretb
Dossier Présent : C:\Users\Cyrille\AppData\Roaming\Mozilla\Firefox\Profiles\y9kpu53x.default-1358081375598\adawaretb
Dossier Présent : C:\Users\Cyrille\AppData\Roaming\OpenCandy

***** [Registre] *****

Clé Présente : HKCU\Software\AppDataLow\Software\PriceGong
Clé Présente : HKCU\Software\AppDataLow\Software\SmartBar
Clé Présente : HKCU\Software\Conduit
Clé Présente : HKCU\Software\Softonic
Clé Présente : HKLM\Software\Conduit

***** [Navigateurs] *****

-\\ Internet Explorer v9.0.8112.16457

[OK] Le registre ne contient aucune entrée illégitime.

-\\ Mozilla Firefox v18.0 (fr)

Fichier : C:\Users\Cyrille\AppData\Roaming\Mozilla\Firefox\Profiles\y9kpu53x.default-1358081375598\prefs.js

[OK] Le fichier ne contient aucune entrée illégitime.

-\\ Opera v12.2.1578.0

Fichier : C:\Users\Cyrille\AppData\Roaming\Opera\Opera\operaprefs.ini

[OK] Le fichier ne contient aucune entrée illégitime.

*************************

AdwCleaner[R1].txt - [3261 octets] - [15/01/2013 21:46:05]
AdwCleaner[R2].txt - [1196 octets] - [16/01/2013 02:05:27]
AdwCleaner[R3].txt - [1646 octets] - [18/01/2013 17:14:14]
AdwCleaner[S1].txt - [3195 octets] - [15/01/2013 21:46:31]
AdwCleaner[S2].txt - [1258 octets] - [16/01/2013 02:05:41]

########## EOF - C:\AdwCleaner[R3].txt - [1826 octets] ##########


COMBO FIX QUARANTIiNED FILES (2full log if needed)
2013-01-18 00:39:08 . 2013-01-18 00:39:08 195 ----a-w- C:\Qoobox\Quarantine\Registry_backups\Wow6432Node-HKCU-Run-Facebook Update.reg.dat
2013-01-16 01:37:35 . 2013-01-16 01:37:35 210 ----a-w- C:\Qoobox\Quarantine\Registry_backups\Wow6432Node-HKLM-Run-ROC_roc_ssl_v12.reg.dat
2012-12-11 21:58:58 . 2012-12-11 22:02:18 95,023,320 ----atw- C:\Qoobox\Quarantine\C\ProgramData\0tbpw.pad.vir
2012-09-10 20:15:07 . 2012-09-10 20:15:07 115,137 ----a-w- C:\Qoobox\Quarantine\C\Users\Cyrille\AppData\Local\Temp\fbe2808e-2380-4f14-a1fa-3fa9c3a364e8\CliSecureRT.dll.vir
2012-09-10 20:11:33 . 2012-08-28 01:04:34 172,032 ----a-w- C:\Qoobox\Quarantine\C\Windows\SysWOW64\muzapp.exe.vir
2012-09-10 10:23:32 . 2012-09-10 10:23:32 2,326 ----a-w- C:\Qoobox\Quarantine\Registry_backups\AddRemove-{8EA79DBF-D637-448A-89D6-410A087A4493}.reg.dat
2012-09-10 10:20:48 . 2013-01-18 00:37:03 6,772 ----a-w- C:\Qoobox\Quarantine\Registry_backups\tcpip.reg
2012-09-10 10:17:01 . 2013-01-18 00:33:39 153 ----a-w- C:\Qoobox\Quarantine\catchme.log
2011-10-25 11:17:45 . 2008-01-08 20:00:49 799,424 ----a-w- C:\Qoobox\Quarantine\C\Windows\SysWOW64\tmp7D2B.tmp.vir
2011-10-24 14:40:40 . 2011-10-24 14:40:40 1,495 ----a-w- C:\Qoobox\Quarantine\C\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\GammaTray.exe.lnk.vir
2009-10-20 18:19:54 . 2009-10-20 18:19:54 281,104 ----a-w- C:\Qoobox\Quarantine\C\Windows\SysWOW64\wpcap.dll.vir
2008-01-08 20:00:49 . 2008-01-08 20:00:49 799,424 ----a-w- C:\Qoobox\Quarantine\C\Windows\SysWOW64\tmp7D1B.tmp.vir
  • 0

#9
WhiteHat

WhiteHat

    Trusted Helper

  • Retired Staff
  • 1,925 posts
Hi,

Sorry for delay, I was without internet connection.

Download and Install Combofix

Download ComboFix from one of the following locations:

Link 1
Link 2

VERY IMPORTANT !!! Save ComboFix.exe to your Desktop * IMPORTANT - Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools. If you have difficulty properly disabling your protective programs, refer to this link here

Double click on ComboFix.exe & follow the prompts.
Accept the disclaimer and allow to update if it asks

Posted Image

Posted Image

When finished, it produces a log for you.
Please include the C:\ComboFix.txt in your next reply.

Notes:
1. Do not mouse-click Combofix's window while it is running. That may cause it to stall.
2. Do not "re-run" Combofix. If you have a problem, reply back for further instructions
3. If after the reboot you get errors about programmes being marked for deletion then reboot, that will cure it.


Please make sure you include the combo fix log in your next reply as well as describe how your computer is running now

After the run you may have internet problems or access to somethng problems. Simply reboot the computer.
  • 0

#10
crllz

crllz

    New Member

  • Topic Starter
  • Member
  • Pip
  • 7 posts
Hi WhiteHat, no problem for delay. Here is the log. Thanks for your attention

ComboFix 13-01-22.01 - Cyrille 23/01/2013 0:19.4.8 - x64
Microsoft Windows 7 Édition Familiale Premium 6.1.7601.1.1252.32.1036.18.8169.5959 [GMT 1:00]
Lancé depuis: d:\documents\Cyrille\Downloads\ComboFix.exe
AV: Microsoft Security Essentials *Disabled/Updated* {B140BF4E-23BB-4198-90AB-A51A4C60A69C}
SP: Microsoft Security Essentials *Disabled/Updated* {0A215EAA-0581-4E16-AA1B-9E6837E7EC21}
SP: Spybot - Search and Destroy *Disabled/Updated* {9BC38DF1-3CCA-732D-A930-C1CA5F20A4B0}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((( Fichiers créés du 2012-12-22 au 2013-01-22 ))))))))))))))))))))))))))))))))))))
.
.
2013-01-22 23:22 . 2013-01-22 23:22 -------- d-----w- c:\users\testfb\AppData\Local\temp
2013-01-22 23:22 . 2013-01-22 23:22 -------- d-----w- c:\users\Test\AppData\Local\temp
2013-01-22 23:22 . 2013-01-22 23:22 -------- d-----w- c:\users\Public\AppData\Local\temp
2013-01-22 23:22 . 2013-01-22 23:22 -------- d-----w- c:\users\Default\AppData\Local\temp
2013-01-22 23:22 . 2013-01-22 23:22 -------- d-----w- c:\users\Admin\AppData\Local\temp
2013-01-22 23:19 . 2013-01-15 01:45 9161176 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{6068950B-3A31-4603-8C86-5ACFCB4AEEA7}\mpengine.dll
2013-01-21 23:35 . 2013-01-21 23:37 -------- d-----w- c:\users\Admin\AppData\Local\Microsoft Games
2013-01-21 23:28 . 2013-01-21 23:28 -------- d-----w- c:\users\Admin\AppData\Local\Macromedia
2013-01-21 23:27 . 2013-01-21 23:27 -------- d-----w- c:\users\Admin\AppData\Local\Mozilla
2013-01-21 23:25 . 2013-01-21 23:25 -------- d-----w- c:\users\Admin\AppData\Roaming\Malwarebytes
2013-01-21 23:25 . 2013-01-21 23:25 -------- d-----w- c:\users\Admin\AppData\Roaming\Apple Computer
2013-01-21 23:21 . 2012-10-25 16:20 769168 ----a-w- c:\windows\system32\drivers\Rt64win7.sys
2013-01-21 23:21 . 2012-10-25 16:20 74344 ----a-w- c:\windows\system32\RtNicProp64.dll
2013-01-21 23:20 . 2013-01-21 23:20 -------- d-----w- c:\program files (x86)\Cisco
2013-01-21 23:20 . 2011-11-28 18:30 584704 ----a-w- c:\windows\system32\Rtlihvs.dll
2013-01-21 23:20 . 2010-12-01 08:31 451072 ----a-w- c:\windows\SysWow64\ISSRemoveSP.exe
2013-01-21 23:20 . 2009-03-31 13:31 380928 ----a-w- c:\windows\RtlUI2.exe
2013-01-21 23:20 . 2008-07-01 11:31 614400 ----a-w- c:\windows\SysWow64\Rtlihvs.dll
2013-01-21 23:18 . 2013-01-21 23:18 53248 ----a-r- c:\users\Cyrille\AppData\Roaming\Microsoft\Installer\{3EE9BCAE-E9A9-45E5-9B1C-83A4D357E05C}\ARPPRODUCTICON.exe
2013-01-21 23:16 . 2013-01-21 23:16 -------- d-----w- c:\program files\Microsoft Mouse and Keyboard Center
2013-01-21 23:15 . 2013-01-21 23:15 -------- d-----w- c:\programdata\Intel
2013-01-21 23:15 . 2013-01-21 23:15 -------- d-----w- c:\program files\Intel
2013-01-21 23:14 . 2012-11-19 11:10 652344 ----a-w- c:\windows\system32\drivers\iaStorA.sys
2013-01-21 23:14 . 2012-11-19 11:10 28216 ----a-w- c:\windows\system32\drivers\iaStorF.sys
2013-01-21 23:13 . 2013-01-21 23:13 -------- d-----w- c:\program files (x86)\AGEIA Technologies
2013-01-21 23:13 . 2013-01-21 23:13 -------- d-----w- c:\users\UpdatusUser
2013-01-21 22:41 . 2013-01-21 22:41 -------- d-----w- c:\program files\ma-config.com
2013-01-21 22:41 . 2013-01-21 22:41 -------- d-----w- c:\programdata\ma-config.com
2013-01-21 01:26 . 2013-01-15 01:45 9161176 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2013-01-21 01:22 . 2012-10-23 05:04 972264 ------w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{082D0099-9B16-40F1-B6FC-C269F4AB2393}\gapaengine.dll
2013-01-21 01:03 . 2009-01-25 11:14 17272 ----a-w- c:\windows\system32\sdnclean64.exe
2013-01-21 01:01 . 2013-01-21 01:34 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware
2013-01-21 01:01 . 2013-01-21 01:01 -------- d-----w- c:\programdata\Malwarebytes
2013-01-21 01:01 . 2012-12-14 15:49 24176 ----a-w- c:\windows\system32\drivers\mbam.sys
2013-01-21 00:59 . 2013-01-21 00:59 -------- d-----w- c:\program files (x86)\Microsoft Security Client
2013-01-21 00:58 . 2013-01-21 00:59 -------- d-----w- c:\program files\Microsoft Security Client
2013-01-19 04:09 . 2013-01-08 05:32 9161176 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{AFFB44B7-2F94-435A-9E2C-A1227E2F33C3}\mpengine.dll
2013-01-18 15:10 . 2013-01-18 15:10 512 ----a-w- C:\PhysicalDisk0_MBR.bin
2013-01-18 15:06 . 2013-01-20 00:42 -------- d-----w- c:\program files (x86)\ZHPDiag
2013-01-17 23:26 . 2013-01-20 00:42 -------- d-----w- c:\program files (x86)\GridinSoft Trojan Killer
2013-01-17 23:02 . 2013-01-21 01:04 -------- d-----w- c:\program files (x86)\Spybot - Search & Destroy 2
2013-01-17 17:40 . 2013-01-21 01:36 -------- d-----w- c:\programdata\Spybot - Search & Destroy
2013-01-17 17:34 . 2013-01-17 23:16 -------- d-----w- c:\program files (x86)\ewido anti-malware
2013-01-17 17:32 . 2013-01-17 17:32 -------- d-----w- c:\users\Cyrille\AppData\Roaming\LavasoftStatistics
2013-01-17 17:23 . 2013-01-18 00:43 -------- d-----w- c:\program files (x86)\Ad-Aware Antivirus
2013-01-17 17:23 . 2013-01-17 17:23 -------- d-----w- c:\programdata\Lavasoft
2013-01-17 17:22 . 2013-01-17 22:56 14456 ----a-w- c:\windows\system32\drivers\gfibto.sys
2013-01-17 17:20 . 2013-01-17 17:20 -------- d-----w- c:\program files (x86)\Toolbar Cleaner
2013-01-17 17:18 . 2013-01-17 17:42 -------- d-----w- c:\users\Cyrille\AppData\Roaming\Ad-Aware Antivirus
2013-01-16 01:29 . 2013-01-16 01:29 -------- d-----w- c:\program files (x86)\Trend Micro
2013-01-16 01:25 . 2013-01-16 01:25 -------- d-----w- c:\users\Cyrille\AppData\Roaming\ParetoLogic
2013-01-16 01:25 . 2013-01-16 01:25 -------- d-----w- c:\users\Cyrille\AppData\Roaming\DriverCure
2013-01-16 01:24 . 2013-01-16 01:29 -------- d-----w- c:\programdata\ParetoLogic
2013-01-11 23:02 . 2013-01-11 23:02 -------- d-----w- c:\users\Cyrille\AppData\Local\Programs
2013-01-09 10:23 . 2012-11-30 05:41 424448 ----a-w- c:\windows\system32\KernelBase.dll
2012-12-29 18:45 . 2012-12-29 18:45 -------- d-----w- c:\programdata\Atheros
2012-12-29 01:54 . 2012-12-29 01:54 550328 ----a-w- c:\windows\SysWow64\nvStreaming.exe
.
.
.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2013-01-22 00:21 . 2011-11-18 13:50 281520 ----a-w- c:\windows\SysWow64\PnkBstrB.xtr
2013-01-22 00:21 . 2011-11-17 16:54 281520 ----a-w- c:\windows\SysWow64\PnkBstrB.exe
2013-01-21 23:40 . 2011-11-17 16:54 281520 ----a-w- c:\windows\SysWow64\PnkBstrB.ex0
2013-01-21 23:19 . 2010-11-25 05:59 694376 ----a-w- c:\windows\system32\drivers\rtl8192su.sys
2013-01-13 12:51 . 2012-04-01 18:11 697864 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2013-01-13 12:51 . 2011-10-24 15:30 74248 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2013-01-09 10:55 . 2011-10-24 19:15 67599240 ----a-w- c:\windows\system32\MRT.exe
2012-12-29 10:34 . 2012-11-10 02:15 15052368 ----a-w- c:\windows\system32\nvwgf2umx.dll
2012-12-29 10:34 . 2012-11-10 02:15 1504696 ----a-w- c:\windows\system32\nvdispgenco64.dll
2012-12-29 10:34 . 2012-02-25 20:03 1107592 ----a-w- c:\windows\system32\nvumdshimx.dll
2012-12-29 10:34 . 2011-10-24 15:42 1813432 ----a-w- c:\windows\system32\nvdispco64.dll
2012-12-29 10:34 . 2011-10-24 14:23 2824656 ----a-w- c:\windows\system32\nvapi64.dll
2012-12-29 08:40 . 2010-12-27 09:55 6382008 ----a-w- c:\windows\system32\nvcpl.dll
2012-12-29 08:40 . 2010-12-27 09:54 3455416 ----a-w- c:\windows\system32\nvsvc64.dll
2012-12-29 08:40 . 2012-02-25 20:04 2923201 ----a-w- c:\windows\system32\nvcoproc.bin
2012-12-29 08:40 . 2010-12-27 09:54 118712 ----a-w- c:\windows\system32\nvmctray.dll
2012-12-29 08:40 . 2010-12-27 09:54 884152 ----a-w- c:\windows\system32\nvvsvc.exe
2012-12-29 08:40 . 2010-12-27 09:54 63928 ----a-w- c:\windows\system32\nvshext.dll
2012-12-29 08:40 . 2010-12-27 09:54 2558392 ----a-w- c:\windows\system32\nvsvcr.dll
2012-12-17 10:39 . 2012-11-22 22:38 160784 ----a-w- c:\windows\system32\drivers\ESLWireACD.sys
2012-12-16 17:11 . 2012-12-22 13:40 46080 ----a-w- c:\windows\system32\atmlib.dll
2012-12-16 14:45 . 2012-12-22 13:40 367616 ----a-w- c:\windows\system32\atmfd.dll
2012-12-16 14:13 . 2012-12-22 13:40 295424 ----a-w- c:\windows\SysWow64\atmfd.dll
2012-12-16 14:13 . 2012-12-22 13:40 34304 ----a-w- c:\windows\SysWow64\atmlib.dll
2012-11-30 04:45 . 2013-01-09 10:23 44032 ----a-w- c:\windows\apppatch\acwow64.dll
2012-11-18 14:06 . 2012-11-18 14:06 700416 ----a-w- c:\windows\system32\ficthumbhdlr_x64.dll
2012-11-18 14:06 . 2012-11-18 14:06 694784 ----a-w- c:\windows\system32\ficdecds_x64.dll
2012-11-18 14:06 . 2012-11-18 14:06 693760 ----a-w- c:\windows\SysWow64\ficthumbhdlr_x86.dll
2012-11-18 14:06 . 2012-11-18 14:06 680448 ----a-w- c:\windows\SysWow64\ficdecds_x86.dll
2012-11-17 15:04 . 2011-11-17 16:54 76888 ----a-w- c:\windows\SysWow64\PnkBstrA.exe
2012-11-14 07:06 . 2012-12-12 23:37 17811968 ----a-w- c:\windows\system32\mshtml.dll
2012-11-14 06:32 . 2012-12-12 23:37 10925568 ----a-w- c:\windows\system32\ieframe.dll
2012-11-14 06:11 . 2012-12-12 23:37 2312704 ----a-w- c:\windows\system32\jscript9.dll
2012-11-14 06:04 . 2012-12-12 23:37 1346048 ----a-w- c:\windows\system32\urlmon.dll
2012-11-14 06:04 . 2012-12-12 23:37 1392128 ----a-w- c:\windows\system32\wininet.dll
2012-11-14 06:02 . 2012-12-12 23:37 1494528 ----a-w- c:\windows\system32\inetcpl.cpl
2012-11-14 06:02 . 2012-12-12 23:37 237056 ----a-w- c:\windows\system32\url.dll
2012-11-14 05:59 . 2012-12-12 23:37 85504 ----a-w- c:\windows\system32\jsproxy.dll
2012-11-14 05:58 . 2012-12-12 23:37 816640 ----a-w- c:\windows\system32\jscript.dll
2012-11-14 05:57 . 2012-12-12 23:37 599040 ----a-w- c:\windows\system32\vbscript.dll
2012-11-14 05:57 . 2012-12-12 23:37 173056 ----a-w- c:\windows\system32\ieUnatt.exe
2012-11-14 05:55 . 2012-12-12 23:37 2144768 ----a-w- c:\windows\system32\iertutil.dll
2012-11-14 05:55 . 2012-12-12 23:37 729088 ----a-w- c:\windows\system32\msfeeds.dll
2012-11-14 05:53 . 2012-12-12 23:37 96768 ----a-w- c:\windows\system32\mshtmled.dll
2012-11-14 05:52 . 2012-12-12 23:37 2382848 ----a-w- c:\windows\system32\mshtml.tlb
2012-11-14 05:46 . 2012-12-12 23:37 248320 ----a-w- c:\windows\system32\ieui.dll
2012-11-14 02:09 . 2012-12-12 23:37 1800704 ----a-w- c:\windows\SysWow64\jscript9.dll
2012-11-14 01:58 . 2012-12-12 23:37 1427968 ----a-w- c:\windows\SysWow64\inetcpl.cpl
2012-11-14 01:57 . 2012-12-12 23:37 1129472 ----a-w- c:\windows\SysWow64\wininet.dll
2012-11-14 01:49 . 2012-12-12 23:37 142848 ----a-w- c:\windows\SysWow64\ieUnatt.exe
2012-11-14 01:48 . 2012-12-12 23:37 420864 ----a-w- c:\windows\SysWow64\vbscript.dll
2012-11-14 01:44 . 2012-12-12 23:37 2382848 ----a-w- c:\windows\SysWow64\mshtml.tlb
2012-11-09 05:45 . 2012-12-12 19:38 2048 ----a-w- c:\windows\system32\tzres.dll
2012-11-09 04:42 . 2012-12-12 19:38 2048 ----a-w- c:\windows\SysWow64\tzres.dll
2012-11-02 05:59 . 2012-12-12 19:37 478208 ----a-w- c:\windows\system32\dpnet.dll
2012-11-02 05:11 . 2012-12-12 19:37 376832 ----a-w- c:\windows\SysWow64\dpnet.dll
2012-10-30 22:50 . 2011-12-25 19:50 285328 ----a-w- c:\windows\system32\aswBoot.exe
2012-10-25 16:20 . 2011-10-24 14:10 107552 ----a-w- c:\windows\system32\RTNUninst64.dll
.
.
((((((((((((((((((((((((((((((((( Points de chargement Reg ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2010-11-20 1475584]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"BCU"="c:\program files (x86)\DeviceVM\Browser Configuration Utility\BCU.exe" [2009-10-26 375000]
"IAStorIcon"="c:\program files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIconLaunch.exe" [2012-11-30 56128]
"ASUS ShellProcess Execute"="c:\program files (x86)\ASUS\AI Suite II\ASUS Mobilink\Simulator\AsShellProcess.exe" [2011-10-24 252544]
"BrMfcWnd"="c:\program files (x86)\Brother\Brmfcmon\BrMfcWnd.exe" [2009-05-26 1159168]
"ControlCenter3"="c:\program files (x86)\Brother\ControlCenter3\brctrcen.exe" [2008-12-24 114688]
"SwitchBoard"="c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe" [2010-02-19 517096]
"APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-08-27 59280]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2012-09-17 254896]
"SDTray"="c:\program files (x86)\Spybot - Search & Destroy 2\SDTray.exe" [2012-11-13 3825176]
"LWS"="d:\program files (x86)\Logitech\LWS\Webcam Software\LWS.exe" [2012-09-12 204136]
.
c:\users\Cyrille\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Logitech . Enregistrement du produit.lnk - d:\program files (x86)\Logitech\Ereg\eReg.exe [2009-11-16 517384]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
WiFi Station N.lnk - c:\program files (x86)\Hercules\WiFiStationN\WiFiN.exe [2011-11-18 128296]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]
"LoadAppInit_DLLs"=1 (0x1)
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk *\0\0sdnclean64.exe
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\run-]
"iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe"
.
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 SDScannerService;Spybot-S&D 2 Scanner Service;c:\program files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe [2012-11-13 1103392]
R2 SDUpdateService;Spybot-S&D 2 Updating Service;c:\program files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe [2012-11-13 1369624]
R2 SDWSCService;Spybot-S&D 2 Security Center Service;c:\program files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe [2012-11-13 168384]
R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe [2012-06-07 160944]
R3 ATHDFU;Atheros Valkyrie USB BootROM;c:\windows\system32\Drivers\AthDfu.sys [2010-10-27 55336]
R3 dg_ssudbus;SAMSUNG Mobile USB Composite Device Driver (DEVGURU Ver.);c:\windows\system32\DRIVERS\ssudbus.sys [2012-07-31 102240]
R3 driverhardwarev2x64;driverhardwarev2x64;c:\program files\ma-config.com\Drivers\driverhardwarev2x64.sys [2011-07-21 16640]
R3 FLEXnet Licensing Service 64;FLEXnet Licensing Service 64;c:\program files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService64.exe [2011-10-26 1431888]
R3 maconfservice;Ma-Config Service;c:\program files\ma-config.com\x64\maconfservice.exe [2012-10-28 427976]
R3 NisDrv;Microsoft Network Inspection System;c:\windows\system32\DRIVERS\NisDrvWFP.sys [2012-08-30 128456]
R3 NisSrv;Inspection du réseau Microsoft;c:\program files\Microsoft Security Client\NisSrv.exe [2012-09-12 368896]
R3 ssudmdm;SAMSUNG Mobile USB Modem Drivers (DEVGURU Ver.);c:\windows\system32\DRIVERS\ssudmdm.sys [2012-07-31 203104]
R3 ssudobex;SAMSUNG Mobile USB OBEX Serial Port(DEVGURU Ver.);c:\windows\system32\DRIVERS\ssudobex.sys [2012-07-31 203104]
R3 SwitchBoard;SwitchBoard;c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2010-02-19 517096]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-20 59392]
R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys [2012-07-09 52736]
R3 WatAdminSvc;Service Windows Activation Technologies;c:\windows\system32\Wat\WatAdminSvc.exe [2011-10-24 1255736]
S0 gfibto;gfibto;c:\windows\system32\drivers\gfibto.sys [2013-01-17 14456]
S0 iaStorA;iaStorA;c:\windows\system32\DRIVERS\iaStorA.sys [2012-11-19 652344]
S0 iaStorF;iaStorF;c:\windows\system32\DRIVERS\iaStorF.sys [2012-11-19 28216]
S0 mv91xx;mv91xx;c:\windows\system32\DRIVERS\mv91xx.sys [2010-11-22 303408]
S1 AsUpIO;AsUpIO;SysWow64\drivers\AsUpIO.sys [x]
S2 asComSvc;ASUS Com Service;c:\program files (x86)\ASUS\AXSP\1.00.13\atkexComSvc.exe [2011-10-24 918144]
S2 asHmComSvc;ASUS HM Com Service;c:\program files (x86)\ASUS\AAHM\1.00.13\aaHMSvc.exe [2011-10-24 915584]
S2 AsSysCtrlService;ASUS System Control Service;c:\program files (x86)\ASUS\AsSysCtrlService\1.00.11\AsSysCtrlService.exe [2011-10-24 586880]
S2 AtherosSvc;AtherosSvc;c:\program files (x86)\Bluetooth Suite\adminservice.exe [2010-10-27 52896]
S2 BCUService;Browser Configuration Utility Service;c:\program files (x86)\DeviceVM\Browser Configuration Utility\BCUService.exe [2009-10-26 223464]
S2 DTSAudioService;DTSAudioService;c:\program files\Realtek\Audio\HDA\DTSAudioService64.exe [2011-05-31 210024]
S2 HerculesWiFi;HerculesWiFi;c:\windows\SysWOW64\\HerculesWiFiService.exe [2010-11-17 53544]
S2 IAStorDataMgrSvc;Technologie de stockage Intel® Rapid;c:\program files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe [2012-11-19 14904]
S2 Intel® Capability Licensing Service Interface;Intel® Capability Licensing Service Interface;c:\program files\Intel\iCLS Client\HeciServer.exe [2012-06-19 634632]
S2 NAUpdate;Nero Update;c:\program files (x86)\Nero\Update\NASvc.exe [2012-07-13 769432]
S2 NPF;NetGroup Packet Filter Driver;c:\windows\system32\drivers\npf.sys [2009-10-20 47632]
S2 Realtek11nSU;Realtek11nSU;c:\program files (x86)\Realtek\11n USB Wireless LAN Utility\RtlService.exe [2010-04-16 36864]
S2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2012-12-29 383416]
S3 asmthub3;ASMedia USB3 Hub Service;c:\windows\system32\DRIVERS\asmthub3.sys [2011-09-14 129000]
S3 asmtxhci;ASMEDIA XHCI Service;c:\windows\system32\DRIVERS\asmtxhci.sys [2011-09-14 394216]
S3 AthBTPort;Atheros Virtual Bluetooth Class;c:\windows\system32\DRIVERS\btath_flt.sys [2010-10-27 38248]
S3 BTATH_A2DP;Bluetooth A2DP Audio Driver;c:\windows\system32\drivers\btath_a2dp.sys [2010-10-27 301680]
S3 BTATH_BUS;Atheros Bluetooth Bus;c:\windows\system32\DRIVERS\btath_bus.sys [2010-10-27 31080]
S3 BTATH_HCRP;Bluetooth HCRP Server driver;c:\windows\system32\DRIVERS\btath_hcrp.sys [2010-10-27 203624]
S3 BTATH_LWFLT;Bluetooth LWFLT Device;c:\windows\system32\DRIVERS\btath_lwflt.sys [2010-10-27 58992]
S3 BTATH_RCP;Bluetooth AVRCP Device;c:\windows\system32\DRIVERS\btath_rcp.sys [2010-10-27 156520]
S3 BtFilter;BtFilter;c:\windows\system32\DRIVERS\btfilter.sys [2010-10-27 279152]
S3 ICCWDT;Intel® Watchdog Timer Driver (Intel® WDT);c:\windows\system32\DRIVERS\ICCWDT.sys [2011-10-24 26136]
S3 LVRS64;Logitech RightSound Filter Driver;c:\windows\system32\DRIVERS\lvrs64.sys [2012-09-21 351520]
S3 LVUVC64;Logitech Webcam 905(UVC);c:\windows\system32\DRIVERS\lvuvc64.sys [2012-09-21 4763680]
S3 Point64;Microsoft Mouse and Keyboard Center Filter Driver;c:\windows\system32\DRIVERS\point64.sys [2012-10-12 50856]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [2012-10-25 769168]
S3 RTL8192su;Realtek RTL8192SU Wireless LAN 802.11n USB 2.0 Network Adapter;c:\windows\system32\DRIVERS\RTL8192su.sys [2013-01-21 694376]
.
.
Contenu du dossier 'Tâches planifiées'
.
2013-01-21 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-01 12:51]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"AtherosBtStack"="c:\program files (x86)\Bluetooth Suite\BtvStack.exe" [2010-10-27 613536]
"AthBtTray"="c:\program files (x86)\Bluetooth Suite\AthBtTray.exe" [2010-10-27 379040]
"RTHDVCPL"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2011-10-17 13307496]
"RtHDVBg_DTS"="c:\program files\Realtek\Audio\HDA\RAVBg64.exe" [2011-10-14 2278504]
"MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2012-09-12 1289704]
"IntelliType Pro"="c:\program files\Microsoft Mouse and Keyboard Center\itype.exe" [2012-10-12 1464984]
"IntelliPoint"="c:\program files\Microsoft Mouse and Keyboard Center\ipoint.exe" [2012-10-12 2075288]
.
------- Examen supplémentaire -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://www.google.be/
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = *.local;<local>
IE: E&xporter vers Microsoft Excel - c:\progra~2\MICROS~1\Office12\EXCEL.EXE/3000
IE: Free YouTube Download - c:\users\Cyrille\AppData\Roaming\DVDVideoSoftIEHelpers\freeytvdownloader.htm
IE: Free YouTube to MP3 Converter - c:\users\Cyrille\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm
TCP: DhcpNameServer = 192.168.1.1
FF - ProfilePath - c:\users\Cyrille\AppData\Roaming\Mozilla\Firefox\Profiles\y9kpu53x.default-1358081375598\
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - hxxp://www.google.be/|https://www.facebook.com/
FF - ExtSQL: 2013-01-11 23:11; {82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}; c:\program files (x86)\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}
FF - ExtSQL: 2013-01-11 23:11; {CAFEEFAC-0016-0000-0035-ABCDEFFEDCBA}; c:\program files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0035-ABCDEFFEDCBA}
FF - ExtSQL: 2013-01-11 23:11; {CAFEEFAC-0016-0000-0037-ABCDEFFEDCBA}; c:\program files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0037-ABCDEFFEDCBA}
FF - ExtSQL: 2013-01-16 03:14; [email protected]; c:\users\Cyrille\AppData\Roaming\Mozilla\Firefox\Profiles\y9kpu53x.default-1358081375598\extensions\[email protected]
FF - ExtSQL: 2013-01-16 03:50; {cf15270e-cf08-4def-b4ea-6a5ac23f3bca}; c:\users\Cyrille\AppData\Roaming\Mozilla\Firefox\Profiles\y9kpu53x.default-1358081375598\extensions\{cf15270e-cf08-4def-b4ea-6a5ac23f3bca}.xpi
FF - ExtSQL: 2013-01-16 03:50; {c45c406e-ab73-11d8-be73-000a95be3b12}; c:\users\Cyrille\AppData\Roaming\Mozilla\Firefox\Profiles\y9kpu53x.default-1358081375598\extensions\{c45c406e-ab73-11d8-be73-000a95be3b12}.xpi
FF - ExtSQL: 2013-01-16 03:50; {b9db16a4-6edc-47ec-a1f4-b86292ed211d}; c:\users\Cyrille\AppData\Roaming\Mozilla\Firefox\Profiles\y9kpu53x.default-1358081375598\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}
FF - ExtSQL: 2013-01-16 03:50; {a7c6cf7f-112c-4500-a7ea-39801a327e5f}; c:\users\Cyrille\AppData\Roaming\Mozilla\Firefox\Profiles\y9kpu53x.default-1358081375598\extensions\{a7c6cf7f-112c-4500-a7ea-39801a327e5f}.xpi
FF - ExtSQL: 2013-01-16 03:50; {75CEEE46-9B64-46f8-94BF-54012DE155F0}; c:\users\Cyrille\AppData\Roaming\Mozilla\Firefox\Profiles\y9kpu53x.default-1358081375598\extensions\{75CEEE46-9B64-46f8-94BF-54012DE155F0}.xpi
FF - ExtSQL: 2013-01-16 03:50; {6AC85730-7D0F-4de0-B3FA-21142DD85326}; c:\users\Cyrille\AppData\Roaming\Mozilla\Firefox\Profiles\y9kpu53x.default-1358081375598\extensions\{6AC85730-7D0F-4de0-B3FA-21142DD85326}
FF - ExtSQL: 2013-01-16 03:50; {3c6e1eed-a07e-4c80-9cf3-66ea0bf40b37}; c:\users\Cyrille\AppData\Roaming\Mozilla\Firefox\Profiles\y9kpu53x.default-1358081375598\extensions\{3c6e1eed-a07e-4c80-9cf3-66ea0bf40b37}
FF - ExtSQL: 2013-01-16 03:50; {3b56bcc7-54e5-44a2-9b44-66c3ef58c13e}; c:\users\Cyrille\AppData\Roaming\Mozilla\Firefox\Profiles\y9kpu53x.default-1358081375598\extensions\{3b56bcc7-54e5-44a2-9b44-66c3ef58c13e}
FF - ExtSQL: 2013-01-16 03:50; {21D01944-2878-4eb3-A72A-83E8D1E6D4A6}; c:\users\Cyrille\AppData\Roaming\Mozilla\Firefox\Profiles\y9kpu53x.default-1358081375598\extensions\{21D01944-2878-4eb3-A72A-83E8D1E6D4A6}.xpi
FF - ExtSQL: 2013-01-16 03:50; {1018e4d6-728f-4b20-ad56-37578a4de76b}; c:\users\Cyrille\AppData\Roaming\Mozilla\Firefox\Profiles\y9kpu53x.default-1358081375598\extensions\{1018e4d6-728f-4b20-ad56-37578a4de76b}
FF - ExtSQL: 2013-01-16 03:50; {0b457cAA-602d-484a-8fe7-c1d894a011ba}; c:\users\Cyrille\AppData\Roaming\Mozilla\Firefox\Profiles\y9kpu53x.default-1358081375598\extensions\{0b457cAA-602d-484a-8fe7-c1d894a011ba}
FF - ExtSQL: 2013-01-16 03:50; {04426594-bce6-4705-b811-bcdba2fd9c7b}; c:\users\Cyrille\AppData\Roaming\Mozilla\Firefox\Profiles\y9kpu53x.default-1358081375598\extensions\{04426594-bce6-4705-b811-bcdba2fd9c7b}.xpi
FF - ExtSQL: 2013-01-16 03:50; [email protected]; c:\users\Cyrille\AppData\Roaming\Mozilla\Firefox\Profiles\y9kpu53x.default-1358081375598\extensions\[email protected]
FF - ExtSQL: 2013-01-16 03:50; [email protected]; c:\users\Cyrille\AppData\Roaming\Mozilla\Firefox\Profiles\y9kpu53x.default-1358081375598\extensions\[email protected]
FF - ExtSQL: 2013-01-16 03:50; [email protected]; c:\users\Cyrille\AppData\Roaming\Mozilla\Firefox\Profiles\y9kpu53x.default-1358081375598\extensions\[email protected]
FF - ExtSQL: 2013-01-16 03:50; [email protected]; c:\users\Cyrille\AppData\Roaming\Mozilla\Firefox\Profiles\y9kpu53x.default-1358081375598\extensions\[email protected]
FF - ExtSQL: 2013-01-16 03:50; [email protected]; c:\users\Cyrille\AppData\Roaming\Mozilla\Firefox\Profiles\y9kpu53x.default-1358081375598\extensions\[email protected]
FF - ExtSQL: 2013-01-16 03:50; [email protected]; c:\users\Cyrille\AppData\Roaming\Mozilla\Firefox\Profiles\y9kpu53x.default-1358081375598\extensions\[email protected]
FF - ExtSQL: 2013-01-16 03:50; [email protected]; c:\users\Cyrille\AppData\Roaming\Mozilla\Firefox\Profiles\y9kpu53x.default-1358081375598\extensions\[email protected]
FF - ExtSQL: 2013-01-16 03:50; [email protected]; c:\users\Cyrille\AppData\Roaming\Mozilla\Firefox\Profiles\y9kpu53x.default-1358081375598\extensions\[email protected]
FF - ExtSQL: 2013-01-16 04:21; {D9CFDC5F-081E-420c-A108-A628AC2E556B}; c:\users\Cyrille\AppData\Roaming\Mozilla\Firefox\Profiles\y9kpu53x.default-1358081375598\extensions\{D9CFDC5F-081E-420c-A108-A628AC2E556B}.xpi
FF - ExtSQL: 2013-01-16 04:21; {8965bb4b-c2ca-2b84-6b49-7afb2760518c}; c:\users\Cyrille\AppData\Roaming\Mozilla\Firefox\Profiles\y9kpu53x.default-1358081375598\extensions\{8965bb4b-c2ca-2b84-6b49-7afb2760518c}.xpi
FF - ExtSQL: 2013-01-16 04:21; [email protected]; c:\users\Cyrille\AppData\Roaming\Mozilla\Firefox\Profiles\y9kpu53x.default-1358081375598\extensions\[email protected]
FF - ExtSQL: 2013-01-16 04:21; [email protected]; c:\users\Cyrille\AppData\Roaming\Mozilla\Firefox\Profiles\y9kpu53x.default-1358081375598\extensions\[email protected]
FF - ExtSQL: 2013-01-21 01:38; [email protected]; c:\users\Cyrille\AppData\Roaming\Mozilla\Firefox\Profiles\y9kpu53x.default-1358081375598\extensions\[email protected]
.
- - - - ORPHELINS SUPPRIMES - - - -
.
Notify-SDWinLogon - SDWinLogon.dll
AddRemove-PunkBusterSvc - c:\windows\system32\pbsvc.exe
.
.
.
--------------------- CLES DE REGISTRE BLOQUEES ---------------------
.
[HKEY_USERS\S-1-5-21-2382239939-1531256322-2135280194-1006\Software\SecuROM\!CAUTION! NEVER A OR CHANGE ANY KEY*]
@Allowed: (Read) (RestrictedCode)
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_5_502_146_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_5_502_146_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_5_502_146_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_5_502_146_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_5_502_146.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.11"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_5_502_146.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_5_502_146.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_5_502_146.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Heure de fin: 2013-01-23 00:24:02
ComboFix-quarantined-files.txt 2013-01-22 23:24
ComboFix2.txt 2013-01-18 00:40
ComboFix3.txt 2013-01-16 01:38
ComboFix4.txt 2012-09-10 10:24
.
Avant-CF: 56.728.915.968 octets libres
Après-CF: 56.762.224.640 octets libres
.
- - End Of File - - 9A1C8277A72BC31C009748B082EDF1E2
  • 0

#11
WhiteHat

WhiteHat

    Trusted Helper

  • Retired Staff
  • 1,925 posts
Hi,

Nothing wrong with the ComboFix log. How is your computer?
  • 0

#12
crllz

crllz

    New Member

  • Topic Starter
  • Member
  • Pip
  • 7 posts
Hi, sorry for delay
I don't know why but until i ran the combofix my connection works normaly :)

Thanks WhiteHat
  • 0

#13
WhiteHat

WhiteHat

    Trusted Helper

  • Retired Staff
  • 1,925 posts
I will remove my tools now and give some recommendations, but, I would like you to run for 24 hours or so and come back if you have any problems

Now the best part of the day ----- Your log now appears clean

The following will implement some cleanup procedures as well as reset System Restore points:

Remove ComboFix

  • Hold down the Windows key + R on your keyboard. This will display the Run dialogue box
  • In the Run box, type in ComboFix /Uninstall (Notice the space between the "x" and "/") then click OK

    Posted Image
  • Follow the prompts on the screen
  • A message should appear confirming that ComboFix was uninstalled

Remove OTL

Run OTL and hit the Posted Image cleanup button. It will remove all the programmes we have used plus itself.

Posted Image Your Java is out of date. Older versions have vulnerabilities that malware can use to infect your system.
Please follow these steps to remove older version of Java components and upgrade the application.

Upgrading Java:
  • Go to this site and click Do I have Java
  • It will check your current version and then offer to update to the latest version

SPRING CLEAN

To manually create a new Restore Point
  • (If you use Windows 7/Vista)
  • Go to Control Panel and select System
  • Select System
  • On the left select System Protection and accept the warning if you get one
  • Select System Protection Tab
  • Select Create at the bottom
  • Type in a name i.e. Clean
  • Select Create

  • (If you use Windows XP)
  • Go to Start > All Programs > Acessories > System Tools > System Restore.
  • Select the option Create a restore point and click in Next.
  • Type in a name i.e. Clean
  • Select Create

Now that you are clean, to help protect your computer in the future I recommend that you get the following free programmes:
Posted Image Malwarebytes. Update and run weekly to keep your system clean

Download and install FileHippo update checker and run it monthly it will show you which programmes on your system need updating and give a download link

It is critical to have both a firewall and anti virus to protect your system and to keep them updated. To keep your operating system up to date visit

To learn more about how to protect yourself while on the internet read our little guide How did I get infected in the first place??

Keep safe.
  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP