Author Topic: [Resolved K] Cannot active Windows Defender and Firewall (Read 1619 times)

tictic · « **on:** June 18, 2012, 10:20:39 PM »

Hi,

I cannot active Windows Defender and the Firewall. I have a message who said "error 0x80070424".

I don't know if you can help me, but I already want to say thank you !

.
DDS (Ver_2011-08-26.01) - NTFSAMD64
Internet Explorer: 9.0.8112.16421 BrowserJavaVersion: 1.6.0_30
Run by Julien at 23:39:10 on 2012-06-18
.
============== Running Processes ===============
.
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.google.com/
uDefault_Page_URL = hxxp://asus.msn.com
uSearch Bar = about:blank
uInternet Settings,ProxyServer = 200.251.201.1:8080
mWinlogon: Userinit=userinit.exe,
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO: RealPlayer Download and Record Plugin for Internet Explorer: {3049c3e9-b461-4bc5-8870-4c09146192ca} - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll
BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - C:\PROGRA~2\SPYBOT~1\SDHelper.dll
BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - C:\PROGRA~2\MICROS~1\Office14\GROOVEEX.DLL
BHO: SSVHelper Class: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll
BHO: Programme d'aide de l'Assistant de connexion Windows Live ID: {9030d464-4c02-4abf-8ecc-5164760863c6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO: Adobe PDF Conversion Toolbar Helper: {ae7cd045-e861-484f-8273-0445ee161910} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
BHO: Skype Browser Helper: {ae805869-2e5c-4ed4-8f7b-f1f7851a4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
BHO: Office Document Cache Handler: {b4f3a835-0e21-4959-ba22-42b3008e02ff} - C:\PROGRA~2\MICROS~1\Office14\URLREDIR.DLL
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
BHO: SmartSelect Class: {f4971ee7-daa0-4053-9964-665d8ee6a077} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
TB: Adobe PDF: {47833539-d0c5-4125-9fa8-0819e2eaac93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
TB: {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No File
TB: {F2E259E8-0FC8-438C-A6E0-342DD80FA53E} - No File
TB: {724D43A0-0D85-11D4-9908-00400523E39A} - No File
uRun: [Desktop Software] "C:\Program Files (x86)\Common Files\SupportSoft\bin\bcont.exe" /ini "C:\Program Files (x86)\ComcastUI\Desktop Software\uinstaller.ini" /fromrun /starthidden
uRun: [MobileDocuments] C:\Program Files (x86)\Common Files\Apple\Internet Services\ubd.exe
uRun: [Sidebar] C:\Program Files (x86)\Windows Sidebar\sidebar.exe /autoRun
uRun: [AdobeBridge]
uRunOnce: [RegistryDefrag Success Message] "C:\Program Files (x86)\TuneUp Utilities 2012\TUMessages.exe" /RegDefrag_Success
mRun: [UpdateLBPShortCut] "C:\Program Files (x86)\CyberLink\LabelPrint\MUITransfer\MUIStartMenu.exe" "C:\Program Files (x86)\CyberLink\LabelPrint" UpdateWithCreateOnce "Software\CyberLink\LabelPrint\2.5"
mRun: [UpdateP2GoShortCut] "C:\Program Files (x86)\CyberLink\Power2Go\MUITransfer\MUIStartMenu.exe" "C:\Program Files (x86)\CyberLink\Power2Go" UpdateWithCreateOnce "SOFTWARE\CyberLink\Power2Go\6.0"
mRun: [Gaming Mouse Hid] "C:\Program Files (x86)\Gaming Mouse\hid.exe"
mRun: [Copperhead] C:\Program Files (x86)\Razer\Copperhead\razerhid.exe
mRun: [VolPanel] "C:\Program Files (x86)\Creative\SB Audigy\Volume Panel\VolPanlu.exe" /r
mRun: [ATKMEDIA] C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe
mRun: [HControlUser] C:\Program Files (x86)\ASUS\ATK Hotkey\HControlUser.exe
mRun: [KeePass 2 PreLoad] "C:\Program Files (x86)\KeePass Password Safe 2\KeePass.exe" --preload
mRun: [LogMeIn Hamachi Ui] "C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe" --auto-start
mRun: [SwitchBoard] C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
mRun: [AdobeCS6ServiceManager] "C:\Program Files (x86)\Common Files\Adobe\CS6ServiceManager\CS6ServiceManager.exe" -launchedbylogin
mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun: [<NO NAME>]
mRun: [Adobe Acrobat Speed Launcher] "C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Acrobat_sl.exe"
mRun: [Acrobat Assistant 8.0] "C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Acrotray.exe"
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\FANCYS~1.LNK - C:\Windows\Installer\{60D6618B-153F-4353-8185-908E676E5888}\_DCE9A4DB2A5F2786140FA3.exe
mPolicies-explorer: NoActiveDesktop = 1 (0x1)
mPolicies-explorer: NoActiveDesktopChanges = 1 (0x1)
mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5)
mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
mPolicies-system: SoftwareSASGeneration = 0 (0x0)
IE: &Envoyer à OneNote - C:\PROGRA~1\MICROS~2\Office14\ONBttnIE.dll/105
IE: Add to Google Photos Screensa&ver - C:\Windows\system32\GPhotos.scr/200
IE: Ajouter la cible du lien à un fichier PDF existant - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Ajouter à un fichier PDF existant - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convertir au format Adobe PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECapture.html
IE: Convertir la cible du lien au format Adobe PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Download All by ASUS Download - C:\Program Files (x86)\ASUS\RT-N13U Wireless Router Utilities\ASDownloadAll.htm
IE: Download using ASUS Download - C:\Program Files (x86)\ASUS\RT-N13U Wireless Router Utilities\ASDownload.htm
IE: E&xporter vers Microsoft Excel - C:\PROGRA~1\MICROS~2\Office14\EXCEL.EXE/3000
IE: Envoyer au périphérique &Bluetooth... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
IE: Envoyer l'&image au périphérique Bluetooth... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
IE: {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll
IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~2\SPYBOT~1\SDHelper.dll
LSP: mswsock.dll
DPF: {0D41B8C5-2599-4893-8183-00195EC8D5F9} - hxxp://support.asus.com/select/asusTek_sys_ctrl3.cab
DPF: {17492023-C23A-453E-A040-C7C580BBF700} - hxxp://download.microsoft.com/download/E/5/6/E5611B10-0D6D-4117-8430-A67417AA88CD/LegitCheckControl.cab
DPF: {4871A87A-BFDD-4106-8153-FFDE2BAC2967} - hxxp://dlcdnet.asus.com/pub/ASUS/misc/dlm-activex-2.2.5.0.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0030-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
TCP: Interfaces\{0BECF8D5-3E83-4388-93BF-CB793C58B194} : DhcpNameServer = 192.168.1.1
Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\microsoft shared\OFFICE14\MSOXMLMF.DLL
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL
SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - C:\PROGRA~2\MICROS~1\Office14\GROOVEEX.DLL
mASetup: {2D46B6DC-2207-486B-B523-A557E6D54B47} - C:\Windows\system32\cmd.exe /D /C start C:\Windows\system32\ie4uinit.exe -ClearIconCache
IFEO: alu.exe - "C:\Program Files (x86)\TuneUp Utilities 2012\TUAutoReactivator64.exe"
IFEO: bcont.exe - "C:\Program Files (x86)\TuneUp Utilities 2012\TUAutoReactivator64.exe"
IFEO: fastboot.exe - "C:\Program Files (x86)\TuneUp Utilities 2012\TUAutoReactivator64.exe"
IFEO: gameparkconsole.exe - "C:\Program Files (x86)\TuneUp Utilities 2012\TUAutoReactivator64.exe"
IFEO: googleearth.exe - "C:\Program Files (x86)\TuneUp Utilities 2012\TUAutoReactivator64.exe"
{18DF081C-E8AD-4283-A596-FA578C2EBDC3}
{3049C3E9-B461-4BC5-8870-4C09146192CA}
{53707962-6F74-2D53-2644-206D7942484F}
{72853161-30C5-4D22-B7F9-0BBC1D38A37E}
{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}
{9030D464-4C02-4ABF-8ECC-5164760863C6}
{AE7CD045-E861-484f-8273-0445EE161910}
{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}
{B4F3A835-0E21-4959-BA22-42B3008E02FF}
{DBC80044-A445-435b-BC74-9C25C1C588A9}
{F4971EE7-DAA0-4053-9964-665D8EE6A077}
{47833539-D0C5-4125-9FA8-0819E2EAAC93}
TB-X64: {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No File
TB-X64: {F2E259E8-0FC8-438C-A6E0-342DD80FA53E} - No File
TB-X64: {724D43A0-0D85-11D4-9908-00400523E39A} - No File
mRun-x64: [UpdateLBPShortCut REG_SZ "C:\Program Files (x86)\CyberLink\LabelPrint\MUITransfer\MUIStartMenu.exe" "C:\Program Files (x86)\CyberLink\LabelPrint" UpdateWithCreateOnce "Software\CyberLink\LabelPrint\2.5" ]
mRun-x64: [UpdateP2GoShortCut REG_SZ "C:\Program Files (x86)\CyberLink\Power2Go\MUITransfer\MUIStartMenu.exe" "C:\Program Files (x86)\CyberLink\Power2Go" UpdateWithCreateOnce "SOFTWARE\CyberLink\Power2Go\6.0" ]
mRun-x64: [Gaming Mouse Hid] "C:\Program Files (x86)\Gaming Mouse\hid.exe"
mRun-x64: [Copperhead] C:\Program Files (x86)\Razer\Copperhead\razerhid.exe
mRun-x64: [VolPanel] "C:\Program Files (x86)\Creative\SB Audigy\Volume Panel\VolPanlu.exe" /r
mRun-x64: [ATKMEDIA] C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe
mRun-x64: [HControlUser] C:\Program Files (x86)\ASUS\ATK Hotkey\HControlUser.exe
mRun-x64: [KeePass 2 PreLoad REG_SZ "C:\Program Files (x86)\KeePass Password Safe 2\KeePass.exe" --preload ]
mRun-x64: [LogMeIn Hamachi Ui REG_SZ "C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe" --auto-start ]
mRun-x64: [SwitchBoard] C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
mRun-x64: [AdobeCS6ServiceManager] "C:\Program Files (x86)\Common Files\Adobe\CS6ServiceManager\CS6ServiceManager.exe" -launchedbylogin
mRun-x64: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun-x64: [(par d‚faut)]
mRun-x64: [Adobe Acrobat Speed Launcher] "C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Acrobat_sl.exe"
mRun-x64: [Acrobat Assistant 8.0] "C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Acrotray.exe"
IE-X64: {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
SEH-X64: {B5A7F190-DDA6-4420-B3BA-52453494E6CD}: Groove GFS Stub Execution Hook
IFEO-X64: alu.exe - "C:\Program Files (x86)\TuneUp Utilities 2012\TUAutoReactivator64.exe"
IFEO-X64: bcont.exe - "C:\Program Files (x86)\TuneUp Utilities 2012\TUAutoReactivator64.exe"
IFEO-X64: fastboot.exe - "C:\Program Files (x86)\TuneUp Utilities 2012\TUAutoReactivator64.exe"
IFEO-X64: gameparkconsole.exe - "C:\Program Files (x86)\TuneUp Utilities 2012\TUAutoReactivator64.exe"
IFEO-X64: googleearth.exe - "C:\Program Files (x86)\TuneUp Utilities 2012\TUAutoReactivator64.exe"
.
Note: multiple IFEO entries found. Please refer to Attach.txt
Hosts: 127.0.0.1   www.spywareinfo.com
.
================= FIREFOX ===================
.
FF - ProfilePath - C:\Users\Julien\AppData\Roaming\Mozilla\Firefox\Profiles\4pyvy34p.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/
FF - prefs.js: keyword.URL - hxxp://search.yahoo.com/search?fr=greentree_ff1&ei=utf-8&type=827316&p=
FF - prefs.js: network.proxy.type - 0
FF - component: C:\Program Files (x86)\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}\components\SkypeFfComponent.dll
FF - component: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext\components\nprpffbrowserrecordext.dll
FF - component: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext\components\nprpffbrowserrecordlegacyext.dll
FF - component: C:\Users\Julien\AppData\Roaming\Mozilla\Firefox\Profiles\4pyvy34p.default\extensions\piclens@cooliris.com\components\cooliris.dll
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - C:\Program Files (x86)\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: Skype Click to Call: {82AF8DCA-6DE9-405D-BD5E-43525BDAD38A} - C:\Program Files (x86)\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0030-ABCDEFFEDCBA} - C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0030-ABCDEFFEDCBA}
FF - Ext: FoxyProxy Standard: foxyproxy@eric.h.jung - %profile%\extensions\foxyproxy@eric.h.jung
FF - Ext: FoxyProxy Basic: foxyproxy@eric.h.jung - %profile%\extensions\foxyproxy@eric.h.jung
FF - Ext: Cooliris: piclens@cooliris.com - %profile%\extensions\piclens@cooliris.com
FF - Ext: Adblock Plus: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d} - %profile%\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}
FF - Ext: Selenium IDE: Ruby Formatters: rubyformatters@seleniumhq.org - %profile%\extensions\rubyformatters@seleniumhq.org
FF - Ext: Selenium IDE: Java Formatters: javaformatters@seleniumhq.org - %profile%\extensions\javaformatters@seleniumhq.org
FF - Ext: Selenium IDE: Groovy Formatters: groovyformatters@seleniumhq.org - %profile%\extensions\groovyformatters@seleniumhq.org
FF - Ext: Selenium IDE: Perl Formatter: perlformatters@seleniumhq.org - %profile%\extensions\perlformatters@seleniumhq.org
FF - Ext: Selenium IDE: PHP Formatters: phpformatters@seleniumhq.org - %profile%\extensions\phpformatters@seleniumhq.org
FF - Ext: Selenium IDE: {a6fd85ed-e919-4a43-a5af-8da18bda539f} - %profile%\extensions\{a6fd85ed-e919-4a43-a5af-8da18bda539f}
FF - Ext: Selenium IDE: Python Formatters: pythonformatters@seleniumhq.org - %profile%\extensions\pythonformatters@seleniumhq.org
FF - Ext: Selenium IDE: C# Formatters: csharpformatters@seleniumhq.org - %profile%\extensions\csharpformatters@seleniumhq.org
FF - Ext: Web Developer: {c45c406e-ab73-11d8-be73-000a95be3b12} - %profile%\extensions\{c45c406e-ab73-11d8-be73-000a95be3b12}
FF - Ext: RealPlayer Browser Record Plugin: {ABDE892B-13A8-4d1b-88E6-365A6E755758} - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext
.
---- FIREFOX POLICIES ----
FF - user.js: nglayout.initialpaint.delay - 600
FF - user.js: content.notify.interval - 600000
FF - user.js: content.max.tokenizing.time - 1800000
FF - user.js: content.switch.threshold - 600000
FF - user.js: network.http.max-persistent-connections-per-server - 4
.
============= SERVICES / DRIVERS ===============
.
.
=============== Created Last 30 ================
.
2012-06-19 03:26:57   9013136   ----a-w-   C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{487F8DE5-3526-41CA-BFEB-D601D08611C4}\mpengine.dll
2012-06-18 03:44:49   --------   d-----w-   C:\TDSSKiller_Quarantine
2012-06-18 03:10:19   --------   d-----w-   C:\Program Files (x86)\AVAST Software
2012-06-18 01:16:36   8955792   ------w-   C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2012-06-17 18:43:22   --------   d-----w-   C:\ProgramData\ALM
2012-06-17 18:36:39   --------   d-----w-   C:\Users\Julien\Adobe Flash Builder 4.6
2012-06-17 02:21:26   --------   d-----w-   C:\Users\Julien\AppData\Roaming\NVIDIA
2012-06-17 02:20:11   --------   d-----w-   C:\ProgramData\regid.1986-12.com.adobe
2012-06-17 01:56:53   56208   ------w-   C:\Windows\System32\drivers\PxHlpa64.sys
2012-06-17 01:56:53   10224   ------w-   C:\Windows\System32\drivers\cdralw2k.sys
2012-06-17 01:56:53   10224   ------w-   C:\Windows\System32\drivers\cdr4_xp.sys
2012-06-17 01:56:52   --------   d-----w-   C:\Program Files (x86)\Common Files\PX Storage Engine
2012-06-17 01:56:51   --------   d-----w-   C:\Program Files (x86)\Common Files\Sonic Shared
2012-06-17 01:56:47   --------   d-----w-   C:\Program Files (x86)\My Company Name
2012-06-16 23:40:41   --------   d-----w-   C:\Program Files\Core Temp
2012-06-16 23:11:49   --------   d-----w-   C:\AdobeTemp
2012-06-16 02:17:22   927800   ------w-   C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{3B0B3585-7EE0-4EBB-9A75-A4851D668231}\gapaengine.dll
2012-06-16 02:15:00   --------   d-----w-   C:\Program Files (x86)\Microsoft Security Client
2012-06-16 02:14:52   --------   d-----w-   C:\Program Files\Microsoft Security Client
2012-06-16 01:53:21   --------   d-----w-   C:\Program Files\ESET
2012-06-13 23:31:11   9216   ----a-w-   C:\Windows\System32\rdrmemptylst.exe
2012-06-13 23:31:11   77312   ----a-w-   C:\Windows\System32\rdpwsx.dll
2012-06-13 23:31:11   149504   ----a-w-   C:\Windows\System32\rdpcorekmts.dll
2012-06-13 23:31:06   3146752   ----a-w-   C:\Windows\System32\win32k.sys
2012-06-13 23:31:04   5559664   ----a-w-   C:\Windows\System32\ntoskrnl.exe
2012-06-13 23:31:01   3968368   ----a-w-   C:\Windows\SysWow64\ntkrnlpa.exe
2012-06-13 23:31:01   3913072   ----a-w-   C:\Windows\SysWow64\ntoskrnl.exe
2012-06-13 23:31:00   209920   ----a-w-   C:\Windows\System32\profsvc.dll
2012-06-13 23:30:59   210944   ----a-w-   C:\Windows\System32\drivers\rdpwd.sys
2012-06-13 23:30:58   3216384   ----a-w-   C:\Windows\System32\msi.dll
2012-06-13 23:30:57   2342400   ----a-w-   C:\Windows\SysWow64\msi.dll
2012-06-13 23:30:44   1462272   ----a-w-   C:\Windows\System32\crypt32.dll
2012-06-13 23:30:42   1158656   ----a-w-   C:\Windows\SysWow64\crypt32.dll
2012-06-13 23:30:38   184320   ----a-w-   C:\Windows\System32\cryptsvc.dll
2012-06-13 23:30:38   140288   ----a-w-   C:\Windows\SysWow64\cryptsvc.dll
2012-06-13 23:30:38   140288   ----a-w-   C:\Windows\System32\cryptnet.dll
2012-06-13 23:30:38   103936   ----a-w-   C:\Windows\SysWow64\cryptnet.dll
2012-06-12 21:16:00   --------   d-----w-   C:\ProgramData\AVAST Software
2012-05-30 17:59:30   4966600   ----a-w-   C:\Program Files (x86)\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}\components\SkypeFfComponent.dll
.
==================== Find3M ====================
.
2012-06-12 18:37:04   70344   ----a-w-   C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
2012-06-12 18:37:04   426184   ----a-w-   C:\Windows\SysWow64\FlashPlayerApp.exe
2012-05-23 03:11:00   16432   ----a-w-   C:\Windows\System32\lsdelete.exe
2012-05-18 02:06:48   2311680   ----a-w-   C:\Windows\System32\jscript9.dll
2012-05-18 01:59:14   1392128   ----a-w-   C:\Windows\System32\wininet.dll
2012-05-18 01:58:39   1494528   ----a-w-   C:\Windows\System32\inetcpl.cpl
2012-05-18 01:55:22   173056   ----a-w-   C:\Windows\System32\ieUnatt.exe
2012-05-18 01:51:30   2382848   ----a-w-   C:\Windows\System32\mshtml.tlb
2012-05-17 22:45:37   1800192   ----a-w-   C:\Windows\SysWow64\jscript9.dll
2012-05-17 22:35:47   1129472   ----a-w-   C:\Windows\SysWow64\wininet.dll
2012-05-17 22:35:39   1427968   ----a-w-   C:\Windows\SysWow64\inetcpl.cpl
2012-05-17 22:29:45   142848   ----a-w-   C:\Windows\SysWow64\ieUnatt.exe
2012-05-17 22:24:45   2382848   ----a-w-   C:\Windows\SysWow64\mshtml.tlb
2012-05-02 00:46:28   4472832   ----a-w-   C:\Windows\SysWow64\GPhotos.scr
2012-05-01 14:01:15   45056   ----a-w-   C:\Windows\System32\acovcnt.exe
2012-04-04 19:56:40   24904   ----a-w-   C:\Windows\System32\drivers\mbam.sys
2012-03-30 11:35:47   1918320   ----a-w-   C:\Windows\System32\drivers\tcpip.sys
.
============= FINISH: 23:40:19,78 ===============

ATTACH.txt

.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2011-08-26.01)
.
.
==== Disk Partitions =========================
.
.
==== Disabled Device Manager Items =============
.
==== System Restore Points ===================
.
No restore point in system.
.
==== Image File Execution Options =============
.
IFEO: alu.exe - "C:\Program Files (x86)\TuneUp Utilities 2012\TUAutoReactivator64.exe"
IFEO: bcont.exe - "C:\Program Files (x86)\TuneUp Utilities 2012\TUAutoReactivator64.exe"
IFEO: fastboot.exe - "C:\Program Files (x86)\TuneUp Utilities 2012\TUAutoReactivator64.exe"
IFEO: gameparkconsole.exe - "C:\Program Files (x86)\TuneUp Utilities 2012\TUAutoReactivator64.exe"
IFEO: googleearth.exe - "C:\Program Files (x86)\TuneUp Utilities 2012\TUAutoReactivator64.exe"
IFEO: hamachi-2-ui.exe - "C:\Program Files (x86)\TuneUp Utilities 2012\TUAutoReactivator64.exe"
IFEO: itunes.exe - "C:\Program Files (x86)\TuneUp Utilities 2012\TUAutoReactivator64.exe"
IFEO: keepass.exe - "C:\Program Files (x86)\TuneUp Utilities 2012\TUAutoReactivator64.exe"
IFEO: labelprint.exe - "C:\Program Files (x86)\TuneUp Utilities 2012\TUAutoReactivator64.exe"
IFEO: olrsubmission.exe - "C:\Program Files (x86)\TuneUp Utilities 2012\TUAutoReactivator64.exe"
IFEO: power2go.exe - "C:\Program Files (x86)\TuneUp Utilities 2012\TUAutoReactivator64.exe"
IFEO: power2goexpress.exe - "C:\Program Files (x86)\TuneUp Utilities 2012\TUAutoReactivator64.exe"
IFEO: skype.exe - "C:\Program Files (x86)\TuneUp Utilities 2012\TUAutoReactivator64.exe"
IFEO-X64: alu.exe - "C:\Program Files (x86)\TuneUp Utilities 2012\TUAutoReactivator64.exe"
IFEO-X64: bcont.exe - "C:\Program Files (x86)\TuneUp Utilities 2012\TUAutoReactivator64.exe"
IFEO-X64: fastboot.exe - "C:\Program Files (x86)\TuneUp Utilities 2012\TUAutoReactivator64.exe"
IFEO-X64: gameparkconsole.exe - "C:\Program Files (x86)\TuneUp Utilities 2012\TUAutoReactivator64.exe"
IFEO-X64: googleearth.exe - "C:\Program Files (x86)\TuneUp Utilities 2012\TUAutoReactivator64.exe"
IFEO-X64: hamachi-2-ui.exe - "C:\Program Files (x86)\TuneUp Utilities 2012\TUAutoReactivator64.exe"
IFEO-X64: itunes.exe - "C:\Program Files (x86)\TuneUp Utilities 2012\TUAutoReactivator64.exe"
IFEO-X64: keepass.exe - "C:\Program Files (x86)\TuneUp Utilities 2012\TUAutoReactivator64.exe"
IFEO-X64: labelprint.exe - "C:\Program Files (x86)\TuneUp Utilities 2012\TUAutoReactivator64.exe"
IFEO-X64: olrsubmission.exe - "C:\Program Files (x86)\TuneUp Utilities 2012\TUAutoReactivator64.exe"
IFEO-X64: power2go.exe - "C:\Program Files (x86)\TuneUp Utilities 2012\TUAutoReactivator64.exe"
IFEO-X64: power2goexpress.exe - "C:\Program Files (x86)\TuneUp Utilities 2012\TUAutoReactivator64.exe"
IFEO-X64: skype.exe - "C:\Program Files (x86)\TuneUp Utilities 2012\TUAutoReactivator64.exe"
.
==== Installed Programs ======================
.
ACDSee Pro 4
Acrobat.com
Ad-Aware
Adobe Acrobat X Pro - English, Français, Deutsch
Adobe AIR
Adobe Creative Suite 6 Master Collection
Adobe Flash Player 10 Plugin
Adobe Flash Player 11 ActiveX
Adobe Help Manager
Adobe Widget Browser
Alice Greenfingers
Apple Application Support
Apple Software Update
ASUS AI Recovery
ASUS Data Security Manager
ASUS FancyStart
ASUS LifeFrame3
ASUS Live Update
ASUS RT-N13U Wireless Router Utilities
ASUS SmartLogon
ASUS Splendid Video Enhancement Technology
ASUS Virtual Camera
ASUS_ScreenSaver_GSeries
Atheros Communications Inc.(R) AR81Family Gigabit/Fast Ethernet Driver
ATK Generic Function Service
ATK Hotkey
ATK Package
AviSynth 2.5
AVS Image Converter 2.1.2.169
AVS Update Manager 1.0
AVS Video Converter 6
AVS4YOU Software Navigator 1.3
Bigasoft MKV Converter 3.3.14.4128
BitTorrent
bl
calibre
Chicken Invaders 2
Comcast Desktop Software (v1.2.1)
ControlDeck
Converio
Creative MediaSource 5
CyberLink LabelPrint
CyberLink Power2Go
D3DX10
DAEMON Tools Lite
Diablo III
Dream Day Wedding Married in Manhattan
DVD Flick 1.3.0.7
e-Carte Bleue La Banque Postale
Express Gate
FileZilla Client 3.3.5.1
Game Park Console
Gaming Mouse
Google Chrome
Google Update Helper
Google Earth
GPL MPEG-1/2 DirectShow Decoder Filter
GrabIt 1.7.2 Beta 4 (build 997)
HD Tune 2.55
Island Wars 2
Java Auto Updater
Java(TM) 6 Update 30
KeePass Password Safe 2.16
Kindle Auto eBook Converter 0.4.50
LogMeIn Hamachi
Lord of the Rings - War in the North
Malwarebytes Anti-Malware version 1.61.0.1400
Microsoft .NET Framework 4 Multi-Targeting Pack
Microsoft Application Error Reporting
Microsoft Office Live Add-in 1.3
Microsoft Silverlight
Microsoft SQL Server 2008 R2
Microsoft SQL Server 2008 R2 RsFx Driver
Microsoft SQL Server 2008 R2 Setup (English)
Microsoft SQL Server 2008 Setup Support Files
Microsoft SQL Server Browser
Microsoft SQL Server Compact 3.5 SP2 FRA
Microsoft SQL Server System CLR Types
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4974
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
Microsoft Visual C++ 2010 x86 Runtime - 10.0.40219
Microsoft Visual Studio 2010 Service Pack 1
Microsoft_VC80_CRT_x86
Microsoft_VC90_CRT_x86
Microsoft_VC90_MFC_x86
Microsoft_VC90_MFCLOC_x86
Mozilla Firefox (3.6.20)
MSVCRT
NewsLeecher v5.0 Beta 3
NVIDIA PhysX
NVIDIA Stereoscopic 3D Driver
Objets de gestion Microsoft SQL Server 2008 R2
Outils Microsoft Visual Studio 2010 ADO.NET Entity Framework
PanoramaStudio 2.0 Pro (uninstall)
PDF Settings CS6
PDFCreator
pdfforge Toolbar v4.3
ph
Picasa 3
Piggly
QuickPar 0.9
Razer Copperhead
RealNetworks - Microsoft Visual C++ 2008 Runtime
RealPlayer
Realtek High Definition Audio Driver
RealUpgrade 1.1
RICOH R5U230 Media Driver ver.2.05.02.02
Security Update for Microsoft .NET Framework 4 Client Profile (KB2160841)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2446708)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2478663)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2604121)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2633870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368v2)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656405)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2686827)
Security Update for Microsoft .NET Framework 4 Extended (KB2416472)
Security Update for Microsoft .NET Framework 4 Extended (KB2487367)
Security Update for Microsoft .NET Framework 4 Extended (KB2656351)
Security Update for Module linguistique Microsoft .NET Framework 4 Client Profile FRA (KB2478663)
Security Update for Module linguistique Microsoft .NET Framework 4 Client Profile FRA (KB2518870)
Skype Click to Call
Skype™ 5.8
Smileyville
Sound Blaster Audigy HD
Spybot - Search & Destroy
SQL Server 2008 R2 Common Files
SQL Server 2008 R2 Database Engine Services
SQL Server 2008 R2 Database Engine Shared
Sql Server Customer Experience Improvement Program
TeamSpeak 2 RC2
TuneUp Utilities 2012
TuneUp Utilities Language Pack (fr-FR)
Update for Microsoft .NET Framework 4 Client Profile (KB2468871)
Update for Microsoft .NET Framework 4 Client Profile (KB2473228)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523)
Update for Microsoft .NET Framework 4 Client Profile (KB2600217)
Update for Microsoft .NET Framework 4 Extended (KB2468871)
Update for Microsoft .NET Framework 4 Extended (KB2533523)
Update for Microsoft .NET Framework 4 Extended (KB2600217)
Visionneuse de flux pour Windows SideShow
Visual C++ 2008 x86 Runtime - (v9.0.30729)
Visual C++ 2008 x86 Runtime - v9.0.30729.01
Visual Studio 2010 Tools for SQL Server Compact 3.5 SP2 FRA
VLC media player 2.0.1
WinAVI Video Converter 8.0
Windows Live
Windows Live Communications Platform
Windows Live Installer
Windows Live PIMT Platform
Windows Live SOXE
Windows Live SOXE Definitions
Windows Live Sync
Windows Live UX Platform
Windows Live UX Platform Language Pack
Windows Media Player Firefox Plugin
WinFlash
Wireless Console 3
XnView 1.98.8
.
==== End Of File ===========================

kevinf80 · « **Reply #1 on:** June 19, 2012, 01:14:47 AM »

Hello tictic and welcome to SpywareHammer,

I'm kevinf80 and I will be helping with any malware issues you may have with your system.

Please be aware that some of the logs I may ask for can be very complex and can take a long time to decipher. I am a volunteer here with a job and family so I ask that you be patient when waiting for replies.
Please DO NOT run any scans/tools/fixes on your own as this will conflict with the tools we are going to use.
Either print or Save to Notepad all instructions and please follow them carefully, if there's something you don't understand or that will not work please let me know and we will go through it together.
Malware is often buggy and can be very unstable, with that in mind it is advisable to backup any important data before we begin. Go Here and follow the instructions specific for your operating system.
If you do not reply within 72 hours the thread will be closed, if you need more time let me know. Likewise if I do not respond within 48 hours feel free to PM me.
If you have any P2P applications installed such as BitTorrent, uTorrent, Limewire etc etc, please uninstall them before we begin.
If you are using Cracked or Illegal software your thread will be locked and all help will cease.

There is a proxy server running on your system uInternet Settings,ProxyServer = 200.251.201.1:8080 did you set this up or know about it?

If this is Vista or Windows 7, continue. If XP stop and let me know....

Next, can you d/l the following tool on a clean PC, then use on infected one as follows...

Download Farbar Recovery Scan Toolx64 and save it to a flash drive.

Plug the flashdrive into the infected PC.

Enter System Recovery Options I give two methods, use whichever is convenient for you.

To enter System Recovery Options from the Advanced Boot Options:

Restart the computer.
As soon as the BIOS is loaded begin tapping the F8 key until Advanced Boot Options appears.
Use the arrow keys to select the Repair your computer menu item.
Select US as the keyboard language settings, and then click Next.
Select the operating system you want to repair, and then click Next.
Select your user account an click Next.

To enter System Recovery Options by using Windows installation disc:

Insert the installation disc.
Restart your computer.
If prompted, press any key to start Windows from the installation disc. If your computer is not configured to start from a CD or DVD, check your BIOS settings.
Click Repair your computer.
Select Your Country as the keyboard language settings, and then click Next.
Select the operating system you want to repair, and then click Next.
Select your user account and click Next.

On the System Recovery Options menu you will get the following options:
Startup Repair
System Restore
Windows Complete PC Restore
Windows Memory Diagnostic Tool
Command Prompt

Select Command Prompt
In the command window type in notepad and press Enter.
The notepad opens. Under File menu select Open.
Select "Computer" and find your flash drive letter and close the notepad.
In the command window type e:\frst64) and press Enter
Note: Replace letter e with the drive letter of your flash drive.
The tool will start to run.
When the tool opens click Yes to disclaimer.
Press Scan button.
It will make a log (FRST.txt) on the flash drive. Please copy and paste it to your reply.

Kevin

tictic · « **Reply #2 on:** June 19, 2012, 08:52:47 AM »

Hello kevinf80,

Thank you very much to take care of my problem.

I ran Farbar and I get :

Scan result of Farbar Recovery Scan Tool Version: 17-06-2012 04
Ran by SYSTEM at 19-06-2012 10:42:26
Running from K:\
Windows 7 Home Premium (X64) OS Language: English(US)
The current controlset is ControlSet001

========================== Registry (Whitelisted) =============

HKLM\...\Run: [SynTPEnh] %ProgramFiles%\Synaptics\SynTP\SynTPEnh.exe [1813288 2009-08-16] (Synaptics Incorporated)
HKLM\...\Run: [RunDLLEntry] C:\Windows\system32\RunDLL32.exe C:\Windows\system32\AmbRunE.dll,RunDLLEntry [17920 2009-02-26] (Creative Technology Ltd.)
HKLM\...\Run: [MSC] "C:\Program Files\Microsoft Security Client\msseces.exe" -hide -runkey [1271168 2012-03-26] (Microsoft Corporation)
HKLM\...\Run: [AdobeAAMUpdater-1.0] "C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe" [446392 2012-04-04] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [UpdateLBPShortCut] "C:\Program Files (x86)\CyberLink\LabelPrint\MUITransfer\MUIStartMenu.exe" "C:\Program Files (x86)\CyberLink\LabelPrint" UpdateWithCreateOnce "Software\CyberLink\LabelPrint\2.5"

HKLM-x32\...\Run: [UpdateP2GoShortCut] "C:\Program Files (x86)\CyberLink\Power2Go\MUITransfer\MUIStartMenu.exe" "C:\Program Files (x86)\CyberLink\Power2Go" UpdateWithCreateOnce "SOFTWARE\CyberLink\Power2Go\6.0"

HKLM-x32\...\Run: [Gaming Mouse Hid] "C:\Program Files (x86)\Gaming Mouse\hid.exe" [428544 2010-01-19] ()
HKLM-x32\...\Run: [Copperhead] C:\Program Files (x86)\Razer\Copperhead\razerhid.exe [135168 2009-11-19] ()
HKLM-x32\...\Run: [VolPanel] "C:\Program Files (x86)\Creative\SB Audigy\Volume Panel\VolPanlu.exe" /r [237693 2008-12-29] (Creative Technology Ltd)
HKLM-x32\...\Run: [ATKMEDIA] C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe [170624 2010-10-07] (ASUS)
HKLM-x32\...\Run: [HControlUser] C:\Program Files (x86)\ASUS\ATK Hotkey\HControlUser.exe [105016 2009-06-19] (ASUS)
HKLM-x32\...\Run: [KeePass 2 PreLoad] "C:\Program Files (x86)\KeePass Password Safe 2\KeePass.exe" --preload [1764352 2011-07-12] (Dominik Reichl)
HKLM-x32\...\Run: [LogMeIn Hamachi Ui] "C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe" --auto-start [1987976 2012-02-28] (LogMeIn Inc.)
HKLM-x32\...\Run: [SwitchBoard] C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [517096 2010-02-19] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [AdobeCS6ServiceManager] "C:\Program Files (x86)\Common Files\Adobe\CS6ServiceManager\CS6ServiceManager.exe" -launchedbylogin [1073312 2012-03-09] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [937920 2011-09-05] (Adobe Systems Incorporated)
HKLM-x32\...\Run: []

HKLM-x32\...\Run: [Adobe Acrobat Speed Launcher] "C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Acrobat_sl.exe" [36760 2011-09-05] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [Acrobat Assistant 8.0] "C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Acrotray.exe" [2904984 2011-09-05] (Adobe Systems Inc.)
HKU\Julien\...\Run: [Desktop Software] "C:\Program Files (x86)\Common Files\SupportSoft\bin\bcont.exe" /ini "C:\Program Files (x86)\ComcastUI\Desktop Software\uinstaller.ini" /fromrun /starthidden [1025320 2009-04-23] (SupportSoft, Inc.)
HKU\Julien\...\Run: [MobileDocuments] C:\Program Files (x86)\Common Files\Apple\Internet Services\ubd.exe [59240 2012-02-23] (Apple Inc.)
HKU\Julien\...\Run: [AdobeBridge]

IMEO\alu.exe: [Debugger] "C:\Program Files (x86)\TuneUp Utilities 2012\TUAutoReactivator64.exe"
IMEO\bcont.exe: [Debugger] "C:\Program Files (x86)\TuneUp Utilities 2012\TUAutoReactivator64.exe"
IMEO\fastboot.exe: [Debugger] "C:\Program Files (x86)\TuneUp Utilities 2012\TUAutoReactivator64.exe"
IMEO\gameparkconsole.exe: [Debugger] "C:\Program Files (x86)\TuneUp Utilities 2012\TUAutoReactivator64.exe"
IMEO\googleearth.exe: [Debugger] "C:\Program Files (x86)\TuneUp Utilities 2012\TUAutoReactivator64.exe"
IMEO\hamachi-2-ui.exe: [Debugger] "C:\Program Files (x86)\TuneUp Utilities 2012\TUAutoReactivator64.exe"
IMEO\itunes.exe: [Debugger] "C:\Program Files (x86)\TuneUp Utilities 2012\TUAutoReactivator64.exe"
IMEO\keepass.exe: [Debugger] "C:\Program Files (x86)\TuneUp Utilities 2012\TUAutoReactivator64.exe"
IMEO\labelprint.exe: [Debugger] "C:\Program Files (x86)\TuneUp Utilities 2012\TUAutoReactivator64.exe"
IMEO\olrsubmission.exe: [Debugger] "C:\Program Files (x86)\TuneUp Utilities 2012\TUAutoReactivator64.exe"
IMEO\power2go.exe: [Debugger] "C:\Program Files (x86)\TuneUp Utilities 2012\TUAutoReactivator64.exe"
IMEO\power2goexpress.exe: [Debugger] "C:\Program Files (x86)\TuneUp Utilities 2012\TUAutoReactivator64.exe"
IMEO\skype.exe: [Debugger] "C:\Program Files (x86)\TuneUp Utilities 2012\TUAutoReactivator64.exe"
HKLM\...\InprocServer32: [Default-wbemess] \\.\globalroot\systemroot\Installer\{2c2637e1-c916-7212-5bb8-0718a26b5c95}\n. ATTENTION! ====> ZeroAccess
Startup: C:\Users\All Users\Start Menu\Programs\Startup\FancyStart daemon.lnk
ShortcutTarget: FancyStart daemon.lnk -> C:\Windows\Installer\{60D6618B-153F-4353-8185-908E676E5888}\_DCE9A4DB2A5F2786140FA3.exe ()

==================== Services (Whitelisted) ======

2 ASLDRService; C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\ASLDRSrv.exe [84536 2009-06-15] (ASUS)
2 ATKGFNEXSrv; C:\Program Files\ATKGFNEX\GFNEXSrv.exe [94208 2007-08-08] ()
4 Hamachi2Svc; "C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2.exe" -s [2343816 2012-02-28] (LogMeIn Inc.)
2 Lavasoft Ad-Aware Service; "C:\Program Files (x86)\Lavasoft\Ad-Aware\AAWService.exe" [2152720 2012-05-22] (Lavasoft Limited)
2 MBAMService; "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe" [654408 2012-04-04] (Malwarebytes Corporation)
3 Microsoft SharePoint Workspace Audit Service; "C:\Program Files\Microsoft Office\Office14\GROOVE.EXE" /auditservice [51740536 2011-06-12] (Microsoft Corporation)
2 MsMpSvc; "C:\Program Files\Microsoft Security Client\MsMpEng.exe" [12600 2012-03-26] (Microsoft Corporation)
2 MSSQL$BPASERVER8; "C:\Program Files (x86)\Microsoft SQL Server\MSSQL10_50.BPASERVER8\MSSQL\Binn\sqlservr.exe" -sBPASERVER8 [42884448 2010-04-03] (Microsoft Corporation)
4 MSSQLServerADHelper100; "C:\Program Files (x86)\Microsoft SQL Server\100\Shared\SQLADHLP.EXE" [44896 2010-04-03] (Microsoft Corporation)
4 OberonGameConsoleService; "C:\Program Files (x86)\Asus\Game Park\GameConsole\OberonGameConsoleService.exe" [44312 2009-09-14] ()
3 ose64; "C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE" [174440 2010-01-09] (Microsoft Corporation)
2 SBSDWSCService; C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe [1153368 2009-01-26] (Safer Networking Ltd.)
4 Skype C2C Service; "C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe" [3048136 2012-05-30] (Skype Technologies S.A.)
4 SQLAgent$BPASERVER8; "C:\Program Files (x86)\Microsoft SQL Server\MSSQL10_50.BPASERVER8\MSSQL\Binn\SQLAGENT.EXE" -i BPASERVER8 [367456 2010-04-03] (Microsoft Corporation)
2 SQLWriter; "C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe" [146272 2010-04-03] (Microsoft Corporation)
2 TuneUp.UtilitiesSvc; "C:\Program Files (x86)\TuneUp Utilities 2012\TuneUpUtilitiesService64.exe" [2123584 2011-12-14] (TuneUp Software)
2 .EsetTrialReset; C:\Windows\reset.exe /s

========================== Drivers (Whitelisted) =============

3 copperhd; C:\Windows\System32\Drivers\copperhd.sys [14336 2009-11-10] (Razer (Asia-Pacific) Pte Ltd)
1 dtsoftbus01; C:\Windows\System32\Drivers\dtsoftbus01.sys [254528 2011-07-11] (DT Soft Ltd)
3 hamachi; C:\Windows\System32\Drivers\hamachi.sys [33856 2009-09-23] (LogMeIn, Inc.)
3 kbfiltr; C:\Windows\System32\Drivers\kbfiltr.sys [15416 2009-07-20] ( )
3 Lavasoft Kernexplorer; \??\C:\Program Files (x86)\Lavasoft\Ad-Aware\KernExplorer64.sys [17152 2012-05-05] ()
0 Lbd; C:\Windows\System32\Drivers\Lbd.sys [69376 2012-03-20] (Lavasoft AB)
3 MBAMProtector; \??\C:\Windows\system32\drivers\mbam.sys [24904 2012-04-04] (Malwarebytes Corporation)
3 NETw1v64; C:\Windows\System32\Drivers\NETw1v64.sys [7058432 2009-08-09] (Intel Corporation)
3 SNP2UVC; C:\Windows\System32\Drivers\SNP2UVC.sys [1806400 2009-06-05] ()
0 sptd; C:\Windows\System32\Drivers\sptd.sys [834544 2011-01-05] (Duplex Secure Ltd.)
3 TuneUpUtilitiesDrv; \??\C:\Program Files (x86)\TuneUp Utilities 2012\TuneUpUtilitiesDriver64.sys [11856 2011-10-19] (TuneUp Software)
3 uisp; C:\Windows\System32\Drivers\usbicp.sys [19200 2005-10-21] (Motorola)
3 ALSysIO; \??\C:\Users\Julien\AppData\Local\Temp\ALSysIO64.sys

3 tmlwf;

3 tmwfp;

========================== NetSvcs (Whitelisted) ===========

============ One Month Created Files and Folders ==============

2012-06-18 19:41 - 2012-06-18 19:41 - 00021223 ____A C:\Users\Julien\Desktop\DDS.txt
2012-06-18 19:41 - 2012-06-18 19:41 - 00008931 ____A C:\Users\Julien\Desktop\Attach.txt
2012-06-18 19:38 - 2012-06-18 19:39 - 00607260 ____R (Swearware) C:\Users\Julien\Desktop\dds.com
2012-06-18 18:47 - 2012-06-18 18:47 - 00041703 ____A C:\ComboFix.txt
2012-06-18 18:18 - 2012-06-18 23:02 - 00000000 ____D C:\Windows\erdnt
2012-06-18 18:18 - 2012-06-18 18:47 - 00000000 ____D C:\Qoobox
2012-06-18 18:16 - 2012-06-18 18:17 - 00139848 ____A C:\TDSSKiller.2.7.40.0_18.06.2012_22.16.33_log.txt
2012-06-18 18:15 - 2012-06-18 18:15 - 00004061 ____A C:\Users\Julien\Desktop\RKreport[3].txt
2012-06-17 19:45 - 2012-06-17 19:46 - 00141420 ____A C:\TDSSKiller.2.7.40.0_17.06.2012_23.45.40_log.txt
2012-06-17 19:44 - 2012-06-17 19:46 - 00000000 ____D C:\TDSSKiller_Quarantine
2012-06-17 19:42 - 2012-06-17 19:44 - 00140906 ____A C:\TDSSKiller.2.7.40.0_17.06.2012_23.42.49_log.txt
2012-06-17 19:41 - 2012-06-17 19:41 - 00004043 ____A C:\Users\Julien\Desktop\RKreport[2].txt
2012-06-17 19:40 - 2012-06-18 18:15 - 00000000 ____D C:\Users\Julien\Desktop\RK_Quarantine
2012-06-17 19:40 - 2012-06-17 19:40 - 00004025 ____A C:\Users\Julien\Desktop\RKreport[1].txt
2012-06-17 19:10 - 2012-06-17 19:11 - 00000000 ____D C:\Program Files (x86)\AVAST Software
2012-06-17 17:17 - 2012-06-17 17:17 - 00000189 ____A C:\Users\Julien\Desktop\register.bat
2012-06-17 16:22 - 2010-10-25 11:13 - 00595896 ____A (Adobe Systems, Incorporated) C:\Users\Julien\Desktop\adobe_oobelib.dll
2012-06-17 10:43 - 2012-06-17 10:43 - 00000000 ____D C:\Users\All Users\ALM
2012-06-17 10:36 - 2012-06-17 10:36 - 00000000 ____D C:\Users\Julien\Adobe Flash Builder 4.6
2012-06-17 10:31 - 2012-06-17 10:31 - 00002028 ____A C:\Users\Public\Desktop\Adobe Acrobat X Pro.lnk
2012-06-17 10:24 - 2012-06-17 10:24 - 00000000 ____D C:\Users\Default\AppData\Roaming\Macromedia
2012-06-17 10:24 - 2012-06-17 10:24 - 00000000 ____D C:\Users\Default User\AppData\Roaming\Macromedia
2012-06-17 10:22 - 2012-06-17 10:49 - 00000000 ____D C:\Program Files (x86)\Adobe
2012-06-17 10:20 - 2012-06-17 10:49 - 00000000 ____D C:\Program Files\Adobe
2012-06-16 18:21 - 2012-06-16 18:21 - 00000000 ____D C:\Users\Julien\AppData\Roaming\NVIDIA
2012-06-16 18:20 - 2012-06-17 16:25 - 00000000 ____D C:\Users\All Users\regid.1986-12.com.adobe
2012-06-16 17:56 - 2012-06-16 17:56 - 00000000 ____D C:\Program Files (x86)\My Company Name
2012-06-16 17:56 - 2011-11-02 23:01 - 00056208 ____N (Rovi Corporation) C:\Windows\System32\Drivers\PxHlpa64.sys
2012-06-16 17:56 - 2011-10-16 23:00 - 00010224 ____N (Sonic Solutions) C:\Windows\System32\Drivers\cdralw2k.sys
2012-06-16 17:56 - 2011-10-16 23:00 - 00010224 ____N (Sonic Solutions) C:\Windows\System32\Drivers\cdr4_xp.sys
2012-06-16 15:50 - 2012-06-16 15:44 - 00372748 ____A C:\Users\Julien\Desktop\sushi_driveinfo.gadget
2012-06-16 15:40 - 2012-06-16 15:40 - 00000000 ____D C:\Program Files\Core Temp
2012-06-16 15:11 - 2012-06-17 10:25 - 00000000 ____D C:\AdobeTemp
2012-06-16 10:56 - 2012-06-16 10:56 - 00010523 ____A C:\Users\Julien\Desktop\USA_Map_With_States_Names.png
2012-06-15 18:15 - 2012-06-15 18:15 - 00000000 ____D C:\Program Files (x86)\Microsoft Security Client
2012-06-15 18:14 - 2012-06-15 18:15 - 00000000 ____D C:\Program Files\Microsoft Security Client
2012-06-15 18:10 - 2012-06-15 18:15 - 00001912 ____A C:\Windows\epplauncher.mif
2012-06-15 17:53 - 2012-06-15 17:53 - 00000000 ____D C:\Users\All Users\ESET
2012-06-15 17:53 - 2012-06-15 17:53 - 00000000 ____D C:\Program Files\ESET
2012-06-15 17:05 - 2012-06-17 10:12 - 00004142 ____A C:\Windows\PFRO.log
2012-06-14 10:29 - 2012-05-17 18:47 - 17807360 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.dll
2012-06-14 10:29 - 2012-05-17 18:16 - 10924032 ____A (Microsoft Corporation) C:\Windows\System32\ieframe.dll
2012-06-14 10:29 - 2012-05-17 18:06 - 02311680 ____A (Microsoft Corporation) C:\Windows\System32\jscript9.dll
2012-06-14 10:29 - 2012-05-17 17:59 - 01392128 ____A (Microsoft Corporation) C:\Windows\System32\wininet.dll
2012-06-14 10:29 - 2012-05-17 17:59 - 01346048 ____A (Microsoft Corporation) C:\Windows\System32\urlmon.dll
2012-06-14 10:29 - 2012-05-17 17:58 - 01494528 ____A (Microsoft Corporation) C:\Windows\System32\inetcpl.cpl
2012-06-14 10:29 - 2012-05-17 17:58 - 00237056 ____A (Microsoft Corporation) C:\Windows\System32\url.dll
2012-06-14 10:29 - 2012-05-17 17:56 - 00085504 ____A (Microsoft Corporation) C:\Windows\System32\jsproxy.dll
2012-06-14 10:29 - 2012-05-17 17:55 - 00818688 ____A (Microsoft Corporation) C:\Windows\System32\jscript.dll
2012-06-14 10:29 - 2012-05-17 17:55 - 00173056 ____A (Microsoft Corporation) C:\Windows\System32\ieUnatt.exe
2012-06-14 10:29 - 2012-05-17 17:54 - 02144768 ____A (Microsoft Corporation) C:\Windows\System32\iertutil.dll
2012-06-14 10:29 - 2012-05-17 17:51 - 02382848 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.tlb
2012-06-14 10:29 - 2012-05-17 17:51 - 00096768 ____A (Microsoft Corporation) C:\Windows\System32\mshtmled.dll
2012-06-14 10:29 - 2012-05-17 17:47 - 00248320 ____A (Microsoft Corporation) C:\Windows\System32\ieui.dll
2012-06-14 10:29 - 2012-05-17 15:11 - 12314624 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2012-06-14 10:29 - 2012-05-17 14:48 - 09737728 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2012-06-14 10:29 - 2012-05-17 14:45 - 01800192 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2012-06-14 10:29 - 2012-05-17 14:36 - 01103872 ____A (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2012-06-14 10:29 - 2012-05-17 14:35 - 01427968 ____A (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2012-06-14 10:29 - 2012-05-17 14:35 - 01129472 ____A (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2012-06-14 10:29 - 2012-05-17 14:33 - 00231936 ____A (Microsoft Corporation) C:\Windows\SysWOW64\url.dll
2012-06-14 10:29 - 2012-05-17 14:31 - 00065024 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2012-06-14 10:29 - 2012-05-17 14:29 - 00716800 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2012-06-14 10:29 - 2012-05-17 14:29 - 00142848 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2012-06-14 10:29 - 2012-05-17 14:27 - 01793024 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2012-06-14 10:29 - 2012-05-17 14:25 - 00073216 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2012-06-14 10:29 - 2012-05-17 14:24 - 02382848 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2012-06-14 10:29 - 2012-05-17 14:20 - 00176640 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2012-06-13 15:31 - 2012-05-14 17:32 - 03146752 ____A (Microsoft Corporation) C:\Windows\System32\win32k.sys
2012-06-13 15:31 - 2012-05-04 03:06 - 05559664 ____A (Microsoft Corporation) C:\Windows\System32\ntoskrnl.exe
2012-06-13 15:31 - 2012-05-04 02:03 - 03968368 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe
2012-06-13 15:31 - 2012-05-04 02:03 - 03913072 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe
2012-06-13 15:31 - 2012-04-30 21:40 - 00209920 ____A (Microsoft Corporation) C:\Windows\System32\profsvc.dll
2012-06-13 15:31 - 2012-04-25 21:41 - 00149504 ____A (Microsoft Corporation) C:\Windows\System32\rdpcorekmts.dll
2012-06-13 15:31 - 2012-04-25 21:41 - 00077312 ____A (Microsoft Corporation) C:\Windows\System32\rdpwsx.dll
2012-06-13 15:31 - 2012-04-25 21:34 - 00009216 ____A (Microsoft Corporation) C:\Windows\System32\rdrmemptylst.exe
2012-06-13 15:30 - 2012-04-27 19:55 - 00210944 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\rdpwd.sys
2012-06-13 15:30 - 2012-04-23 21:37 - 01462272 ____A (Microsoft Corporation) C:\Windows\System32\crypt32.dll
2012-06-13 15:30 - 2012-04-23 21:37 - 00184320 ____A (Microsoft Corporation) C:\Windows\System32\cryptsvc.dll
2012-06-13 15:30 - 2012-04-23 21:37 - 00140288 ____A (Microsoft Corporation) C:\Windows\System32\cryptnet.dll
2012-06-13 15:30 - 2012-04-23 20:36 - 01158656 ____A (Microsoft Corporation) C:\Windows\SysWOW64\crypt32.dll
2012-06-13 15:30 - 2012-04-23 20:36 - 00140288 ____A (Microsoft Corporation) C:\Windows\SysWOW64\cryptsvc.dll
2012-06-13 15:30 - 2012-04-23 20:36 - 00103936 ____A (Microsoft Corporation) C:\Windows\SysWOW64\cryptnet.dll
2012-06-13 15:30 - 2012-04-07 04:31 - 03216384 ____A (Microsoft Corporation) C:\Windows\System32\msi.dll
2012-06-13 15:30 - 2012-04-07 03:26 - 02342400 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msi.dll
2012-06-12 13:33 - 2012-06-19 06:08 - 00002240 ____A C:\Windows\setupact.log
2012-06-12 13:33 - 2012-06-12 13:33 - 00000000 ____A C:\Windows\setuperr.log
2012-06-12 13:17 - 2012-06-12 13:17 - 00000000 ____A C:\Windows\SysWOW64\config.nt
2012-06-12 13:17 - 2012-03-06 15:15 - 00258520 ____A (AVAST Software) C:\Windows\System32\aswBoot.exe
2012-06-12 13:16 - 2012-06-15 17:05 - 00000000 ____D C:\Users\All Users\AVAST Software
2012-06-12 13:06 - 2012-06-12 13:06 - 00024528 ____A C:\Users\Julien\Documents\cc_20120612_170625.reg
2012-06-12 12:38 - 2012-06-12 12:38 - 00001667 ____A C:\Windows\wininit.ini
2012-06-08 15:13 - 2012-06-08 15:13 - 00000000 ____D C:\Users\Julien\Desktop\A Ranger

============ 3 Months Modified Files and Folders =============

2012-06-19 10:42 - 2012-06-19 10:42 - 00000000 ____D C:\FRST
2012-06-19 06:39 - 2009-12-17 05:27 - 01104196 ____A C:\Windows\WindowsUpdate.log
2012-06-19 06:36 - 2011-01-06 11:50 - 00001068 ____A C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2012-06-19 06:16 - 2011-01-04 12:33 - 00000000 __SHD C:\System Volume Information
2012-06-19 06:16 - 2009-07-13 20:45 - 00010240 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2012-06-19 06:16 - 2009-07-13 20:45 - 00010240 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2012-06-19 06:12 - 2011-01-04 15:45 - 00000000 ____D C:\Users\Julien\Documents\Fichiers Outlook
2012-06-19 06:08 - 2012-06-12 13:33 - 00002240 ____A C:\Windows\setupact.log
2012-06-19 06:08 - 2011-01-27 06:18 - 00190662 ____A C:\aaw7boot.log
2012-06-19 06:08 - 2011-01-06 11:50 - 00001064 ____A C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2012-06-19 06:08 - 2011-01-04 12:35 - 4283600896 __ASH C:\pagefile.sys
2012-06-19 06:08 - 2009-12-17 06:38 - 00000000 ____D C:\Users\All Users\NVIDIA
2012-06-19 06:08 - 2009-07-13 21:08 - 00000006 ___AH C:\Windows\Tasks\SA.DAT
2012-06-19 05:32 - 2011-02-10 18:14 - 00000000 ____D C:\Users\Julien\AppData\Roaming\BitTorrent
2012-06-19 05:32 - 2009-07-13 19:20 - 00000000 ___RD C:\Program Files (x86)
2012-06-19 05:29 - 2011-01-06 10:00 - 00000000 ____D C:\Users\Julien\AppData\Local\Adobe
2012-06-18 23:02 - 2012-06-18 18:18 - 00000000 ____D C:\Windows\erdnt
2012-06-18 19:41 - 2012-06-18 19:41 - 00021223 ____A C:\Users\Julien\Desktop\DDS.txt
2012-06-18 19:41 - 2012-06-18 19:41 - 00008931 ____A C:\Users\Julien\Desktop\Attach.txt
2012-06-18 19:39 - 2012-06-18 19:38 - 00607260 ____R (Swearware) C:\Users\Julien\Desktop\dds.com
2012-06-18 19:17 - 2012-05-17 17:28 - 00000000 ____D C:\users\UpdatusUser
2012-06-18 19:15 - 2009-07-13 19:20 - 00000000 ____D C:\Windows\System32\config\TxR
2012-06-18 19:14 - 2011-01-04 09:39 - 00000000 ____D C:\users\Julien
2012-06-18 19:14 - 2009-07-13 19:20 - 00000000 ____D C:\Windows
2012-06-18 19:13 - 2011-03-13 15:00 - 00000000 ____D C:\Users\All Users\Real
2012-06-18 19:13 - 2011-02-17 12:49 - 00000000 ____D C:\users\Administrateur
2012-06-18 19:13 - 2011-01-06 15:13 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2012-06-18 19:13 - 2011-01-05 12:55 - 00000000 ____D C:\Users\Julien\AppData\Roaming\Gaming Mouse
2012-06-18 19:13 - 2011-01-05 06:41 - 00000000 ____D C:\Users\Julien\AppData\Roaming\vlc
2012-06-18 19:13 - 2009-12-17 06:22 - 00000000 ____D C:\Users\All Users\P4G
2012-06-18 19:13 - 2009-07-13 19:20 - 00000000 __RHD C:\users\Default
2012-06-18 19:13 - 2009-07-13 19:20 - 00000000 ___RD C:\Users
2012-06-18 19:13 - 2009-07-13 19:20 - 00000000 ___RD C:\Program Files
2012-06-18 19:13 - 2009-07-13 19:20 - 00000000 ___HD C:\ProgramData
2012-06-18 19:13 - 2009-07-13 19:20 - 00000000 ____D C:\Windows\registration
2012-06-18 19:13 - 2009-07-13 19:18 - 00000000 __SHD C:\$Recycle.Bin
2012-06-18 18:47 - 2012-06-18 18:47 - 00041703 ____A C:\ComboFix.txt
2012-06-18 18:47 - 2012-06-18 18:18 - 00000000 ____D C:\Qoobox
2012-06-18 18:17 - 2012-06-18 18:16 - 00139848 ____A C:\TDSSKiller.2.7.40.0_18.06.2012_22.16.33_log.txt
2012-06-18 18:15 - 2012-06-18 18:15 - 00004061 ____A C:\Users\Julien\Desktop\RKreport[3].txt
2012-06-18 18:15 - 2012-06-17 19:40 - 00000000 ____D C:\Users\Julien\Desktop\RK_Quarantine
2012-06-18 07:27 - 2011-01-05 06:20 - 00000000 ____D C:\Users\Julien\AppData\Local\QuickPar
2012-06-17 19:46 - 2012-06-17 19:45 - 00141420 ____A C:\TDSSKiller.2.7.40.0_17.06.2012_23.45.40_log.txt
2012-06-17 19:46 - 2012-06-17 19:44 - 00000000 ____D C:\TDSSKiller_Quarantine
2012-06-17 19:44 - 2012-06-17 19:42 - 00140906 ____A C:\TDSSKiller.2.7.40.0_17.06.2012_23.42.49_log.txt
2012-06-17 19:41 - 2012-06-17 19:41 - 00004043 ____A C:\Users\Julien\Desktop\RKreport[2].txt
2012-06-17 19:40 - 2012-06-17 19:40 - 00004025 ____A C:\Users\Julien\Desktop\RKreport[1].txt
2012-06-17 19:11 - 2012-06-17 19:10 - 00000000 ____D C:\Program Files (x86)\AVAST Software
2012-06-17 17:17 - 2012-06-17 17:17 - 00000189 ____A C:\Users\Julien\Desktop\register.bat
2012-06-17 16:34 - 2009-07-13 20:45 - 05075360 ____A C:\Windows\System32\FNTCACHE.DAT
2012-06-17 16:27 - 2011-01-04 10:33 - 00000000 ____D C:\Users\Julien\AppData\Roaming\Adobe
2012-06-17 16:25 - 2012-06-16 18:20 - 00000000 ____D C:\Users\All Users\regid.1986-12.com.adobe
2012-06-17 16:25 - 2011-01-04 09:40 - 00122736 ____A C:\Users\Julien\AppData\Local\GDIPFONTCACHEV1.DAT
2012-06-17 10:51 - 2009-12-17 05:59 - 00000000 ____D C:\Users\All Users\Adobe
2012-06-17 10:50 - 2011-01-12 18:40 - 00000000 ____D C:\Program Files\Common Files\Adobe
2012-06-17 10:49 - 2012-06-17 10:22 - 00000000 ____D C:\Program Files (x86)\Adobe
2012-06-17 10:49 - 2012-06-17 10:20 - 00000000 ____D C:\Program Files\Adobe
2012-06-17 10:43 - 2012-06-17 10:43 - 00000000 ____D C:\Users\All Users\ALM
2012-06-17 10:36 - 2012-06-17 10:36 - 00000000 ____D C:\Users\Julien\Adobe Flash Builder 4.6
2012-06-17 10:31 - 2012-06-17 10:31 - 00002028 ____A C:\Users\Public\Desktop\Adobe Acrobat X Pro.lnk
2012-06-17 10:25 - 2012-06-16 15:11 - 00000000 ____D C:\AdobeTemp
2012-06-17 10:24 - 2012-06-17 10:24 - 00000000 ____D C:\Users\Default\AppData\Roaming\Macromedia
2012-06-17 10:24 - 2012-06-17 10:24 - 00000000 ____D C:\Users\Default User\AppData\Roaming\Macromedia
2012-06-17 10:12 - 2012-06-15 17:05 - 00004142 ____A C:\Windows\PFRO.log
2012-06-17 09:21 - 2012-01-14 15:11 - 00000000 ____D C:\Users\Julien\AppData\Roaming\KeePass
2012-06-17 09:08 - 2011-01-11 19:45 - 00001082 ____A C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1314771130-884112544-1733508605-1001UA.job
2012-06-17 09:08 - 2011-01-11 19:45 - 00001030 ____A C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1314771130-884112544-1733508605-1001Core.job
2012-06-17 08:53 - 2011-03-05 16:34 - 00000000 ____D C:\Program Files (x86)\Microsoft Visual Studio 10.0
2012-06-17 08:48 - 2011-03-05 16:36 - 00000000 ____D C:\Users\Julien\Documents\Visual Studio 2010
2012-06-17 08:46 - 2009-12-17 05:55 - 00000000 ____D C:\Program Files (x86)\ASUS
2012-06-17 08:42 - 2011-01-04 13:22 - 00000000 ____D C:\Users\Julien\AppData\Roaming\Skype
2012-06-17 07:45 - 2011-08-10 14:13 - 00000000 ____D C:\Users\Julien\AppData\Local\LogMeIn Hamachi
2012-06-16 18:27 - 2009-12-17 05:55 - 00002636 ____A C:\Windows\System32\AutoRunFilter.ini
2012-06-16 18:27 - 2009-12-17 05:55 - 00002373 ____A C:\Windows\System32\ServiceFilter.ini
2012-06-16 18:21 - 2012-06-16 18:21 - 00000000 ____D C:\Users\Julien\AppData\Roaming\NVIDIA
2012-06-16 17:56 - 2012-06-16 17:56 - 00000000 ____D C:\Program Files (x86)\My Company Name
2012-06-16 15:44 - 2012-06-16 15:50 - 00372748 ____A C:\Users\Julien\Desktop\sushi_driveinfo.gadget
2012-06-16 15:40 - 2012-06-16 15:40 - 00000000 ____D C:\Program Files\Core Temp
2012-06-16 13:26 - 2012-01-18 17:04 - 00000000 ____D C:\Users\Julien\Desktop\Corbeille 2 ;-)
2012-06-16 10:56 - 2012-06-16 10:56 - 00010523 ____A C:\Users\Julien\Desktop\USA_Map_With_States_Names.png
2012-06-16 05:27 - 2011-05-07 13:54 - 00000064 ____A C:\Windows\SysWOW64\rp_stats.dat
2012-06-16 05:27 - 2011-05-07 13:54 - 00000044 ____A C:\Windows\SysWOW64\rp_rules.dat
2012-06-15 18:15 - 2012-06-15 18:15 - 00000000 ____D C:\Program Files (x86)\Microsoft Security Client
2012-06-15 18:15 - 2012-06-15 18:14 - 00000000 ____D C:\Program Files\Microsoft Security Client
2012-06-15 18:15 - 2012-06-15 18:10 - 00001912 ____A C:\Windows\epplauncher.mif
2012-06-15 18:15 - 2011-02-17 21:22 - 01874874 ____A C:\Windows\SysWOW64\PerfStringBackup.INI
2012-06-15 18:15 - 2009-08-04 02:03 - 00812958 ____A C:\Windows\System32\perfh00C.dat
2012-06-15 18:15 - 2009-08-04 02:03 - 00174434 ____A C:\Windows\System32\perfc00C.dat
2012-06-15 17:53 - 2012-06-15 17:53 - 00000000 ____D C:\Users\All Users\ESET
2012-06-15 17:53 - 2012-06-15 17:53 - 00000000 ____D C:\Program Files\ESET
2012-06-15 17:05 - 2012-06-12 13:16 - 00000000 ____D C:\Users\All Users\AVAST Software
2012-06-15 11:34 - 2011-01-07 11:18 - 00000000 ____D C:\Users\Julien\AppData\Roaming\teamspeak2
2012-06-14 19:03 - 2009-07-13 19:20 - 00000000 ____D C:\Windows\rescache
2012-06-14 10:41 - 2009-07-13 21:13 - 01868314 ____A C:\Windows\System32\PerfStringBackup.INI
2012-06-14 10:36 - 2011-01-05 08:55 - 58957832 ____A (Microsoft Corporation) C:\Windows\System32\MRT.exe
2012-06-14 10:31 - 2009-12-17 05:37 - 00000000 ____D C:\Users\All Users\Microsoft Help
2012-06-13 00:34 - 2011-01-26 13:00 - 00000000 ____D C:\Users\All Users\Spybot - Search & Destroy
2012-06-12 13:35 - 2012-01-11 08:45 - 00000000 __SHD C:\Users\Julien\AppData\Local\{2c2637e1-c916-7212-5bb8-0718a26b5c95}
2012-06-12 13:33 - 2012-06-12 13:33 - 00000000 ____A C:\Windows\setuperr.log
2012-06-12 13:17 - 2012-06-12 13:17 - 00000000 ____A C:\Windows\SysWOW64\config.nt
2012-06-12 13:06 - 2012-06-12 13:06 - 00024528 ____A C:\Users\Julien\Documents\cc_20120612_170625.reg
2012-06-12 13:04 - 2011-01-05 08:04 - 00000000 ____D C:\Users\Julien\AppData\Roaming\DAEMON Tools Lite
2012-06-12 12:38 - 2012-06-12 12:38 - 00001667 ____A C:\Windows\wininit.ini
2012-06-12 10:37 - 2012-03-29 06:06 - 00426184 ____A (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2012-06-12 10:37 - 2011-05-17 06:28 - 00070344 ____A (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2012-06-08 15:13 - 2012-06-08 15:13 - 00000000 ____D C:\Users\Julien\Desktop\A Ranger
2012-06-08 05:27 - 2011-01-05 14:37 - 00000000 ____D C:\Users\Julien\AppData\Roaming\dvdcss
2012-06-07 10:01 - 2011-01-04 13:22 - 00000000 ____D C:\Users\All Users\Skype
2012-06-03 15:42 - 2011-10-02 12:36 - 00009216 ____A C:\Users\Julien\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2012-06-03 08:30 - 2011-02-16 21:02 - 00000000 ____D C:\Users\Julien\AppData\Roaming\PanoramaStudio2Pro
2012-05-24 19:07 - 2012-05-06 16:03 - 00000000 ____D C:\Users\All Users\boost_interprocess
2012-05-22 19:11 - 2012-05-05 20:58 - 00016432 ____A C:\Windows\System32\lsdelete.exe
2012-05-22 09:18 - 2012-05-15 15:41 - 00000000 ____D C:\Users\Julien\Desktop\Corbeille 3
2012-05-17 18:47 - 2012-06-14 10:29 - 17807360 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.dll
2012-05-17 18:46 - 2012-05-17 18:46 - 00000000 ____D C:\Users\Julien\AppData\Local\WB Games
2012-05-17 18:37 - 2012-05-17 18:37 - 00000000 ____D C:\Users\All Users\RELOADED
2012-05-17 18:36 - 2012-05-17 18:27 - 00000000 ____D C:\Windows\SysWOW64\directx
2012-05-17 18:16 - 2012-06-14 10:29 - 10924032 ____A (Microsoft Corporation) C:\Windows\System32\ieframe.dll
2012-05-17 18:06 - 2012-06-14 10:29 - 02311680 ____A (Microsoft Corporation) C:\Windows\System32\jscript9.dll
2012-05-17 17:59 - 2012-06-14 10:29 - 01392128 ____A (Microsoft Corporation) C:\Windows\System32\wininet.dll
2012-05-17 17:59 - 2012-06-14 10:29 - 01346048 ____A (Microsoft Corporation) C:\Windows\System32\urlmon.dll
2012-05-17 17:58 - 2012-06-14 10:29 - 01494528 ____A (Microsoft Corporation) C:\Windows\System32\inetcpl.cpl
2012-05-17 17:58 - 2012-06-14 10:29 - 00237056 ____A (Microsoft Corporation) C:\Windows\System32\url.dll
2012-05-17 17:56 - 2012-06-14 10:29 - 00085504 ____A (Microsoft Corporation) C:\Windows\System32\jsproxy.dll
2012-05-17 17:55 - 2012-06-14 10:29 - 00818688 ____A (Microsoft Corporation) C:\Windows\System32\jscript.dll
2012-05-17 17:55 - 2012-06-14 10:29 - 00173056 ____A (Microsoft Corporation) C:\Windows\System32\ieUnatt.exe
2012-05-17 17:54 - 2012-06-14 10:29 - 02144768 ____A (Microsoft Corporation) C:\Windows\System32\iertutil.dll
2012-05-17 17:51 - 2012-06-14 10:29 - 02382848 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.tlb
2012-05-17 17:51 - 2012-06-14 10:29 - 00096768 ____A (Microsoft Corporation) C:\Windows\System32\mshtmled.dll
2012-05-17 17:47 - 2012-06-14 10:29 - 00248320 ____A (Microsoft Corporation) C:\Windows\System32\ieui.dll
2012-05-17 17:29 - 2011-01-05 13:06 - 00000000 ____D C:\Program Files (x86)\NVIDIA Corporation
2012-05-17 17:28 - 2012-05-17 17:28 - 00000020 ___SH C:\Users\UpdatusUser\ntuser.ini
2012-05-17 17:28 - 2012-05-17 17:28 - 00000000 __SHD C:\Users\UpdatusUser\Voisinage réseau
2012-05-17 17:28 - 2012-05-17 17:28 - 00000000 __SHD C:\Users\UpdatusUser\Voisinage d'impression
2012-05-17 17:28 - 2012-05-17 17:28 - 00000000 __SHD C:\Users\UpdatusUser\Modèles
2012-05-17 17:28 - 2012-05-17 17:28 - 00000000 __SHD C:\Users\UpdatusUser\Mes documents
2012-05-17 17:28 - 2012-05-17 17:28 - 00000000 __SHD C:\Users\UpdatusUser\Menu Démarrer
2012-05-17 17:28 - 2012-05-17 17:28 - 00000000 __SHD C:\Users\UpdatusUser\Documents\Mes vidéos
2012-05-17 17:28 - 2012-05-17 17:28 - 00000000 __SHD C:\Users\UpdatusUser\Documents\Mes images
2012-05-17 17:28 - 2012-05-17 17:28 - 00000000 __SHD C:\Users\UpdatusUser\Documents\Ma musique
2012-05-17 17:28 - 2012-05-17 17:28 - 00000000 __SHD C:\Users\UpdatusUser\AppData\Local\Historique
2012-05-17 17:28 - 2012-05-17 17:28 - 00000000 ____D C:\NVIDIA
2012-05-17 17:28 - 2011-01-05 13:00 - 00000000 ____D C:\Program Files\NVIDIA Corporation
2012-05-17 17:25 - 2012-05-17 17:25 - 00000000 ____D C:\Program Files\NVIDIA
2012-05-17 15:11 - 2012-06-14 10:29 - 12314624 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2012-05-17 14:48 - 2012-06-14 10:29 - 09737728 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2012-05-17 14:45 - 2012-06-14 10:29 - 01800192 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2012-05-17 14:36 - 2012-06-14 10:29 - 01103872 ____A (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2012-05-17 14:35 - 2012-06-14 10:29 - 01427968 ____A (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2012-05-17 14:35 - 2012-06-14 10:29 - 01129472 ____A (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2012-05-17 14:33 - 2012-06-14 10:29 - 00231936 ____A (Microsoft Corporation) C:\Windows\SysWOW64\url.dll
2012-05-17 14:31 - 2012-06-14 10:29 - 00065024 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2012-05-17 14:29 - 2012-06-14 10:29 - 00716800 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2012-05-17 14:29 - 2012-06-14 10:29 - 00142848 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2012-05-17 14:27 - 2012-06-14 10:29 - 01793024 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2012-05-17 14:25 - 2012-06-14 10:29 - 00073216 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2012-05-17 14:24 - 2012-06-14 10:29 - 02382848 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2012-05-17 14:20 - 2012-06-14 10:29 - 00176640 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2012-05-16 19:29 - 2012-05-16 19:29 - 00000000 ____D C:\Users\Julien\AppData\Roaming\runic games
2012-05-16 18:09 - 2012-05-16 18:09 - 00000000 ____D C:\Users\Julien\Documents\Diablo III
2012-05-16 17:49 - 2012-05-16 17:37 - 00000000 ____D C:\Users\All Users\Blizzard Entertainment
2012-05-16 17:33 - 2012-05-16 17:33 - 00000000 ____D C:\Users\All Users\Battle.net
2012-05-14 17:32 - 2012-06-13 15:31 - 03146752 ____A (Microsoft Corporation) C:\Windows\System32\win32k.sys
2012-05-12 14:57 - 2012-05-12 14:55 - 00000000 ____D C:\Program Files (x86)\e-Carte Bleue La Banque Postale
2012-05-12 14:55 - 2009-12-17 05:56 - 00000000 ___HD C:\Program Files (x86)\InstallShield Installation Information
2012-05-09 20:27 - 2011-01-04 09:48 - 00000000 ____D C:\Program Files (x86)\Microsoft Silverlight
2012-05-09 19:37 - 2009-07-13 23:45 - 00000000 ____D C:\Program Files\Windows Journal
2012-05-09 06:38 - 2009-07-13 21:08 - 00032496 ____A C:\Windows\Tasks\SCHEDLGU.TXT
2012-05-07 07:54 - 2009-12-17 06:28 - 00000000 ____D C:\Users\All Users\Creative
2012-05-06 16:26 - 2012-05-06 16:26 - 00000000 ____D C:\Users\Julien\AppData\Roaming\XnView
2012-05-06 16:26 - 2012-05-06 16:26 - 00000000 ____D C:\Program Files (x86)\XnView
2012-05-06 15:57 - 2012-03-06 19:15 - 00000000 ____D C:\Users\Julien\AppData\Roaming\AVS4YOU
2012-05-06 15:57 - 2012-03-06 19:13 - 00000000 ____D C:\Program Files (x86)\AVS4YOU
2012-05-06 15:56 - 2012-05-06 15:56 - 00000000 ____D C:\Users\Julien\Documents\My Downloads
2012-05-05 20:58 - 2012-03-06 19:09 - 00000000 ____D C:\Program Files (x86)\WinAVI Video Converter
2012-05-05 19:09 - 2012-05-05 19:09 - 00000000 ____D C:\Program Files (x86)\Lavasoft
2012-05-05 19:09 - 2011-01-26 14:47 - 00000000 ____D C:\Users\All Users\Lavasoft
2012-05-05 18:58 - 2012-05-05 18:56 - 00000000 ____D C:\Users\Julien\AppData\Roaming\Ad-Aware Antivirus
2012-05-05 18:57 - 2012-05-05 18:57 - 00000000 ____D C:\Program Files (x86)\Toolbar Cleaner
2012-05-05 18:39 - 2012-05-05 18:39 - 00000000 ____D C:\Program Files (x86)\Malwarebytes' Anti-Malware
2012-05-05 07:47 - 2009-07-13 19:20 - 00000000 ____D C:\Windows\System32\NDF
2012-05-04 03:06 - 2012-06-13 15:31 - 05559664 ____A (Microsoft Corporation) C:\Windows\System32\ntoskrnl.exe
2012-05-04 02:03 - 2012-06-13 15:31 - 03968368 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe
2012-05-04 02:03 - 2012-06-13 15:31 - 03913072 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe
2012-05-03 14:37 - 2012-05-03 14:37 - 00045886 ____A C:\Users\Julien\Documents\cc_20120503_183747.reg
2012-05-03 14:25 - 2009-07-28 22:03 - 00000000 ____D C:\Windows\Panther
2012-05-03 12:41 - 2011-01-24 08:05 - 00000000 ____D C:\Program Files\CCleaner
2012-05-01 16:46 - 2012-05-01 16:46 - 04472832 ____A (Google Inc.) C:\Windows\SysWOW64\GPhotos.scr
2012-05-01 06:01 - 2012-03-10 10:55 - 00045056 ____A C:\Windows\System32\acovcnt.exe
2012-04-30 21:40 - 2012-06-13 15:31 - 00209920 ____A (Microsoft Corporation) C:\Windows\System32\profsvc.dll
2012-04-29 15:13 - 2012-04-29 15:13 - 00000000 ____D C:\Users\Julien\AppData\Roaming\Malwarebytes
2012-04-29 15:13 - 2012-04-29 15:13 - 00000000 ____D C:\Users\All Users\Malwarebytes
2012-04-29 09:42 - 2011-01-04 13:22 - 00000000 ___RD C:\Program Files (x86)\Skype
2012-04-28 05:53 - 2011-01-04 09:40 - 00000000 ___HD C:\asus.dat
2012-04-27 19:55 - 2012-06-13 15:30 - 00210944 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\rdpwd.sys
2012-04-25 21:41 - 2012-06-13 15:31 - 00149504 ____A (Microsoft Corporation) C:\Windows\System32\rdpcorekmts.dll
2012-04-25 21:41 - 2012-06-13 15:31 - 00077312 ____A (Microsoft Corporation) C:\Windows\System32\rdpwsx.dll
2012-04-25 21:34 - 2012-06-13 15:31 - 00009216 ____A (Microsoft Corporation) C:\Windows\System32\rdrmemptylst.exe
2012-04-23 21:37 - 2012-06-13 15:30 - 01462272 ____A (Microsoft Corporation) C:\Windows\System32\crypt32.dll
2012-04-23 21:37 - 2012-06-13 15:30 - 00184320 ____A (Microsoft Corporation) C:\Windows\System32\cryptsvc.dll
2012-04-23 21:37 - 2012-06-13 15:30 - 00140288 ____A (Microsoft Corporation) C:\Windows\System32\cryptnet.dll
2012-04-23 20:36 - 2012-06-13 15:30 - 01158656 ____A (Microsoft Corporation) C:\Windows\SysWOW64\crypt32.dll
2012-04-23 20:36 - 2012-06-13 15:30 - 00140288 ____A (Microsoft Corporation) C:\Windows\SysWOW64\cryptsvc.dll
2012-04-23 20:36 - 2012-06-13 15:30 - 00103936 ____A (Microsoft Corporation) C:\Windows\SysWOW64\cryptnet.dll
2012-04-12 06:08 - 2009-07-13 18:34 - 00000478 ____A C:\Windows\win.ini
2012-04-07 04:31 - 2012-06-13 15:30 - 03216384 ____A (Microsoft Corporation) C:\Windows\System32\msi.dll
2012-04-07 03:26 - 2012-06-13 15:30 - 02342400 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msi.dll
2012-04-06 07:46 - 2012-04-06 07:45 - 00000000 ____D C:\Program Files\iTunes
2012-04-06 07:46 - 2012-04-06 07:45 - 00000000 ____D C:\Program Files (x86)\iTunes
2012-04-06 07:45 - 2012-04-06 07:45 - 00000000 ____D C:\Program Files\iPod
2012-04-04 11:56 - 2012-05-05 18:39 - 00024904 ____A (Malwarebytes Corporation) C:\Windows\System32\Drivers\mbam.sys
2012-03-30 03:35 - 2012-05-09 19:35 - 01918320 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\tcpip.sys

ZeroAccess:
C:\Windows\Installer\{2c2637e1-c916-7212-5bb8-0718a26b5c95}
C:\Windows\Installer\{2c2637e1-c916-7212-5bb8-0718a26b5c95}\@
C:\Windows\Installer\{2c2637e1-c916-7212-5bb8-0718a26b5c95}\L
C:\Windows\Installer\{2c2637e1-c916-7212-5bb8-0718a26b5c95}\U
C:\Windows\Installer\{2c2637e1-c916-7212-5bb8-0718a26b5c95}\L\00000004.@
C:\Windows\Installer\{2c2637e1-c916-7212-5bb8-0718a26b5c95}\L\1afb2d56
C:\Windows\Installer\{2c2637e1-c916-7212-5bb8-0718a26b5c95}\L\201d3dde
C:\Windows\Installer\{2c2637e1-c916-7212-5bb8-0718a26b5c95}\U\00000004.@
C:\Windows\Installer\{2c2637e1-c916-7212-5bb8-0718a26b5c95}\U\000000cb.@

ZeroAccess:
C:\Users\Julien\AppData\Local\{2c2637e1-c916-7212-5bb8-0718a26b5c95}
C:\Users\Julien\AppData\Local\{2c2637e1-c916-7212-5bb8-0718a26b5c95}\@
C:\Users\Julien\AppData\Local\{2c2637e1-c916-7212-5bb8-0718a26b5c95}\L
C:\Users\Julien\AppData\Local\{2c2637e1-c916-7212-5bb8-0718a26b5c95}\U

========================= Known DLLs (Whitelisted) ============

========================= Bamital & volsnap Check ============

C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit

==================== EXE ASSOCIATION =====================

HKLM\...\.exe: exefile => OK
HKLM\...\exefile\DefaultIcon: %1 => OK
HKLM\...\exefile\open\command: "%1" %* => OK

========================= Memory info ======================

Percentage of memory in use: 15%
Total physical RAM: 4085.16 MB
Available physical RAM: 3446.07 MB
Total Pagefile: 4083.31 MB
Available Pagefile: 3431.5 MB
Total Virtual: 8192 MB
Available Virtual: 8191.88 MB

======================= Partitions =========================

1 Drive c: (OS) (Fixed) (Total:116.44 GB) (Free:48.3 GB) NTFS ==>[Drive with boot components (obtained from BCD)]
2 Drive d: (Jeux) (Fixed) (Total:292.97 GB) (Free:172.82 GB) NTFS
3 Drive e: (Images) (Fixed) (Total:329.79 GB) (Free:87.76 GB) NTFS
4 Drive f: (Internet) (Fixed) (Total:75.13 GB) (Free:25.32 GB) NTFS
5 Drive g: (Personnel) (Fixed) (Total:97.66 GB) (Free:96.79 GB) NTFS
7 Drive i: (Personnel) (Fixed) (Total:341.8 GB) (Free:172.38 GB) NTFS
8 Drive j: (Bordel) (Fixed) (Total:123.96 GB) (Free:91.85 GB) NTFS
9 Drive k: (CLE_USB) (Removable) (Total:15.06 GB) (Free:3.55 GB) NTFS
10 Drive x: (Boot) (Fixed) (Total:0.03 GB) (Free:0.03 GB) NTFS

Disk ### Status Size Free Dyn Gpt
-------- ------------- ------- ------- --- ---
Disk 0 Online 465 GB 1024 KB
Disk 1 Online 465 GB 1024 KB
Disk 2 Online 465 GB 1024 KB
Disk 3 Online 15 GB 0 B

Partitions of Disk 0:
===============

Partition ### Type Size Offset
------------- ---------------- ------- -------
Partition 1 Primary 19 GB 1024 KB
Partition 2 Primary 116 GB 19 GB
Partition 0 Extended 329 GB 135 GB
Partition 3 Logical 329 GB 135 GB

======================================================================================================

Disk: 0
Partition 1
Type : 1C
Hidden: Yes
Active: No

There is no volume associated with this partition.

======================================================================================================

Disk: 0
Partition 2
Type : 07
Hidden: No
Active: Yes

Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 1 C OS NTFS Partition 116 GB Healthy

======================================================================================================

Disk: 0
Partition 3
Type : 07
Hidden: No
Active: No

Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 2 E Images NTFS Partition 329 GB Healthy

======================================================================================================

Partitions of Disk 1:
===============

Partition ### Type Size Offset
------------- ---------------- ------- -------
Partition 1 Primary 292 GB 1024 KB
Partition 2 Primary 75 GB 292 GB
Partition 3 Primary 97 GB 368 GB

======================================================================================================

Disk: 1
Partition 1
Type : 07
Hidden: No
Active: No

Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 3 D Jeux NTFS Partition 292 GB Healthy

======================================================================================================

Disk: 1
Partition 2
Type : 07
Hidden: No
Active: No

Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 4 F Internet NTFS Partition 75 GB Healthy

======================================================================================================

Disk: 1
Partition 3
Type : 07
Hidden: No
Active: No

Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 5 G Personnel NTFS Partition 97 GB Healthy

======================================================================================================

Partitions of Disk 2:
===============

Partition ### Type Size Offset
------------- ---------------- ------- -------
Partition 1 Primary 341 GB 1024 KB
Partition 2 Primary 123 GB 341 GB

======================================================================================================

Disk: 2
Partition 1
Type : 07
Hidden: No
Active: No

Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 6 I Personnel NTFS Partition 341 GB Healthy

======================================================================================================

Disk: 2
Partition 2
Type : 07
Hidden: No
Active: No

Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 7 J Bordel NTFS Partition 123 GB Healthy

======================================================================================================

Partitions of Disk 3:
===============

Partition ### Type Size Offset
------------- ---------------- ------- -------
Partition 1 Primary 15 GB 31 KB

======================================================================================================

Disk: 3
Partition 1
Type : 07
Hidden: No
Active: Yes

Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 8 K CLE_USB NTFS Removable 15 GB Healthy

======================================================================================================

==========================================================

Last Boot: 2012-06-17 20:57

======================= End Of Log ==========================

kevinf80 · « **Reply #3 on:** June 19, 2012, 01:01:44 PM »

Thanks for the log, do the following:

Open notepad. Please copy the contents of the code box below. To do this highlight the contents of the box and right click on it. Paste this into the open notepad. Save it on the flashdrive as fixlist.txt

Code: [Select]

3 tmlwf;
3 tmwfp;
CMD: type "C:\ComboFix.txt"
C:\Windows\Installer\{2c2637e1-c916-7212-5bb8-0718a26b5c95}
C:\Windows\Installer\{2c2637e1-c916-7212-5bb8-0718a26b5c95}\@
C:\Windows\Installer\{2c2637e1-c916-7212-5bb8-0718a26b5c95}\L
C:\Windows\Installer\{2c2637e1-c916-7212-5bb8-0718a26b5c95}\U
C:\Windows\Installer\{2c2637e1-c916-7212-5bb8-0718a26b5c95}\L\00000004.@
C:\Windows\Installer\{2c2637e1-c916-7212-5bb8-0718a26b5c95}\L\1afb2d56
C:\Windows\Installer\{2c2637e1-c916-7212-5bb8-0718a26b5c95}\L\201d3dde
C:\Windows\Installer\{2c2637e1-c916-7212-5bb8-0718a26b5c95}\U\00000004.@
C:\Windows\Installer\{2c2637e1-c916-7212-5bb8-0718a26b5c95}\U\000000cb.@
C:\Users\Julien\AppData\Local\{2c2637e1-c916-7212-5bb8-0718a26b5c95}
C:\Users\Julien\AppData\Local\{2c2637e1-c916-7212-5bb8-0718a26b5c95}\@
C:\Users\Julien\AppData\Local\{2c2637e1-c916-7212-5bb8-0718a26b5c95}\L
C:\Users\Julien\AppData\Local\{2c2637e1-c916-7212-5bb8-0718a26b5c95}\U

Now please enter System Recovery Options as you did to get the log.

Run FRST64 and press the Fix button just once and wait.
The tool will make a log on the flashdrive (Fixlog.txt) please post it to your reply.

Kevin...

tictic · « **Reply #4 on:** June 19, 2012, 07:55:43 PM »

Hi,

Here's the scan:

Fix result of Farbar Recovery Tool (FRST written by Farbar) Version: 17-06-2012 04
Ran by SYSTEM at 2012-06-19 21:48:54 Run:1
Running from K:\

==============================================

3 tmlwf; service not found.
3 tmwfp; service not found.

========= type "C:\ComboFix.txt" =========

ComboFix 12-06-16.02 - Julien 18/06/2012 22:22:25.1.8 - x64
Lancé depuis: c:\users\Julien\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\V08Y38OC\ComboFix.exe
* Un nouveau point de restauration a été créé
.
.
(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\programdata\FullRemove.exe
c:\users\Julien\AppData\Roaming\.#
c:\users\Julien\AppData\Roaming\Windows
c:\windows\Installer\{2c2637e1-c916-7212-5bb8-0718a26b5c95}\@
c:\windows\Installer\{2c2637e1-c916-7212-5bb8-0718a26b5c95}\L\00000004.@
c:\windows\Installer\{2c2637e1-c916-7212-5bb8-0718a26b5c95}\L\1afb2d56
c:\windows\Installer\{2c2637e1-c916-7212-5bb8-0718a26b5c95}\L\201d3dde
c:\windows\Installer\{2c2637e1-c916-7212-5bb8-0718a26b5c95}\U\00000004.@
c:\windows\Installer\{2c2637e1-c916-7212-5bb8-0718a26b5c95}\U\000000cb.@
c:\windows\SysWow64\avisynth.dll
c:\windows\SysWow64\devil.dll
.
.
((((((((((((((((((((((((((((( Fichiers créés du 2012-05-19 au 2012-06-19 ))))))))))))))))))))))))))))))))))))
.
.
2012-06-19 02:39 . 2012-06-19 02:39   --------   d-----w-   c:\users\UpdatusUser\AppData\Local\temp
2012-06-19 02:16 . 2012-06-19 02:16   116016   ----a-w-   c:\windows\system32\drivers\37270344.sys
2012-06-18 03:44 . 2012-06-18 03:46   --------   d-----w-   C:\TDSSKiller_Quarantine
2012-06-18 03:10 . 2012-06-18 03:11   --------   d-----w-   c:\program files (x86)\AVAST Software
2012-06-18 01:29 . 2012-05-04 11:00   366592   ----a-w-   c:\windows\system32\qdvd.dll
2012-06-18 01:29 . 2012-05-04 09:59   514560   ----a-w-   c:\windows\SysWow64\qdvd.dll
2012-06-18 01:16 . 2012-05-08 14:02   8955792   ----a-w-   c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{4D95079D-91B4-4D8A-8137-5E547270E232}\mpengine.dll
2012-06-17 18:43 . 2012-06-17 18:43   --------   d-----w-   c:\programdata\ALM
2012-06-17 18:36 . 2012-06-17 18:36   --------   d-----w-   c:\users\Julien\Adobe Flash Builder 4.6
2012-06-17 18:24 . 2012-06-17 18:24   --------   d-----w-   c:\program files (x86)\Common Files\Adobe AIR
2012-06-17 02:21 . 2012-06-17 02:21   --------   d-----w-   c:\users\Julien\AppData\Roaming\NVIDIA
2012-06-17 02:20 . 2012-06-18 00:25   --------   d-----w-   c:\programdata\regid.1986-12.com.adobe
2012-06-17 01:56 . 2011-11-03 07:01   56208   ------w-   c:\windows\system32\drivers\PxHlpa64.sys
2012-06-17 01:56 . 2011-10-17 07:00   10224   ------w-   c:\windows\system32\drivers\cdralw2k.sys
2012-06-17 01:56 . 2011-10-17 07:00   10224   ------w-   c:\windows\system32\drivers\cdr4_xp.sys
2012-06-17 01:56 . 2012-06-17 18:27   --------   d-----w-   c:\program files (x86)\Common Files\PX Storage Engine
2012-06-17 01:56 . 2012-06-17 01:56   --------   d-----w-   c:\program files (x86)\Common Files\Sonic Shared
2012-06-17 01:56 . 2012-06-17 01:56   --------   d-----w-   c:\program files (x86)\My Company Name
2012-06-16 23:40 . 2012-06-16 23:40   --------   d-----w-   c:\program files\Core Temp
2012-06-16 23:11 . 2012-06-17 18:25   --------   d-----w-   C:\AdobeTemp
2012-06-16 02:17 . 2012-06-16 02:17   927800   ------w-   c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{3B0B3585-7EE0-4EBB-9A75-A4851D668231}\gapaengine.dll
2012-06-16 02:17 . 2012-05-08 14:02   8955792   ----a-w-   c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2012-06-16 02:15 . 2012-06-16 02:15   --------   d-----w-   c:\program files (x86)\Microsoft Security Client
2012-06-16 02:14 . 2012-06-16 02:15   --------   d-----w-   c:\program files\Microsoft Security Client
2012-06-16 01:53 . 2012-06-16 01:53   --------   d-----w-   c:\program files\ESET
2012-06-13 23:31 . 2012-04-26 05:41   77312   ----a-w-   c:\windows\system32\rdpwsx.dll
2012-06-13 23:31 . 2012-04-26 05:41   149504   ----a-w-   c:\windows\system32\rdpcorekmts.dll
2012-06-13 23:31 . 2012-04-26 05:34   9216   ----a-w-   c:\windows\system32\rdrmemptylst.exe
2012-06-13 23:31 . 2012-05-15 01:32   3146752   ----a-w-   c:\windows\system32\win32k.sys
2012-06-13 23:31 . 2012-05-04 11:06   5559664   ----a-w-   c:\windows\system32\ntoskrnl.exe
2012-06-13 23:31 . 2012-05-04 10:03   3968368   ----a-w-   c:\windows\SysWow64\ntkrnlpa.exe
2012-06-13 23:31 . 2012-05-04 10:03   3913072   ----a-w-   c:\windows\SysWow64\ntoskrnl.exe
2012-06-13 23:31 . 2012-05-01 05:40   209920   ----a-w-   c:\windows\system32\profsvc.dll
2012-06-13 23:30 . 2012-04-28 03:55   210944   ----a-w-   c:\windows\system32\drivers\rdpwd.sys
2012-06-13 23:30 . 2012-04-07 12:31   3216384   ----a-w-   c:\windows\system32\msi.dll
2012-06-13 23:30 . 2012-04-07 11:26   2342400   ----a-w-   c:\windows\SysWow64\msi.dll
2012-06-13 23:30 . 2012-04-24 05:37   1462272   ----a-w-   c:\windows\system32\crypt32.dll
2012-06-13 23:30 . 2012-04-24 04:36   1158656   ----a-w-   c:\windows\SysWow64\crypt32.dll
2012-06-13 23:30 . 2012-04-24 05:37   184320   ----a-w-   c:\windows\system32\cryptsvc.dll
2012-06-13 23:30 . 2012-04-24 05:37   140288   ----a-w-   c:\windows\system32\cryptnet.dll
2012-06-13 23:30 . 2012-04-24 04:36   140288   ----a-w-   c:\windows\SysWow64\cryptsvc.dll
2012-06-13 23:30 . 2012-04-24 04:36   103936   ----a-w-   c:\windows\SysWow64\cryptnet.dll
2012-06-12 21:16 . 2012-06-16 01:05   --------   d-----w-   c:\programdata\AVAST Software
2012-05-30 17:59 . 2012-05-30 17:59   4966600   ----a-w-   c:\program files (x86)\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}\components\SkypeFfComponent.dll
.
.
.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-06-12 18:37 . 2012-03-29 14:06   426184   ----a-w-   c:\windows\SysWow64\FlashPlayerApp.exe
2012-06-12 18:37 . 2011-05-17 14:28   70344   ----a-w-   c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2012-05-23 03:11 . 2012-05-06 04:58   16432   ----a-w-   c:\windows\system32\lsdelete.exe
2012-05-02 00:46 . 2012-05-02 00:46   4472832   ----a-w-   c:\windows\SysWow64\GPhotos.scr
2012-05-01 14:01 . 2012-03-10 18:55   45056   ----a-w-   c:\windows\system32\acovcnt.exe
2012-04-04 19:56 . 2012-05-06 02:39   24904   ----a-w-   c:\windows\system32\drivers\mbam.sys
2012-03-30 11:35 . 2012-05-10 03:35   1918320   ----a-w-   c:\windows\system32\drivers\tcpip.sys
.
.
((((((((((((((((((((((((((((((((( Points de chargement Reg ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ADSMOverlayIcon1]
@="{A8D448F4-0431-45AC-9F5E-E1B434AB2249}"
[HKEY_CLASSES_ROOT\CLSID\{A8D448F4-0431-45AC-9F5E-E1B434AB2249}]
2007-06-02 01:08   143360   ----a-w-   c:\program files (x86)\ASUS\ASUS Data Security Manager\ShlExt\x86\OverlayIconShlExt1.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Desktop Software"="c:\program files (x86)\Common Files\SupportSoft\bin\bcont.exe" [2009-04-24 1025320]
"MobileDocuments"="c:\program files (x86)\Common Files\Apple\Internet Services\ubd.exe" [2012-02-23 59240]
"Sidebar"="c:\program files (x86)\Windows Sidebar\sidebar.exe" [2010-11-20 1174016]
"OfficeSyncProcess"="c:\program files\Microsoft Office\Office14\MSOSYNC.EXE" [2011-07-22 910208]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"UpdateLBPShortCut"="c:\program files (x86)\CyberLink\LabelPrint\MUITransfer\MUIStartMenu.exe" [2009-05-20 222504]
"UpdateP2GoShortCut"="c:\program files (x86)\CyberLink\Power2Go\MUITransfer\MUIStartMenu.exe" [2008-12-04 218408]
"Gaming Mouse Hid"="c:\program files (x86)\Gaming Mouse\hid.exe" [2010-01-19 428544]
"Copperhead"="c:\program files (x86)\Razer\Copperhead\razerhid.exe" [2009-11-19 135168]
"VolPanel"="c:\program files (x86)\Creative\SB Audigy\Volume Panel\VolPanlu.exe" [2008-12-29 237693]
"ATKMEDIA"="c:\program files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe" [2010-10-07 170624]
"HControlUser"="c:\program files (x86)\ASUS\ATK Hotkey\HControlUser.exe" [2009-06-19 105016]
"KeePass 2 PreLoad"="c:\program files (x86)\KeePass Password Safe 2\KeePass.exe" [2011-07-12 1764352]
"LogMeIn Hamachi Ui"="c:\program files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe" [2012-02-28 1987976]
"SwitchBoard"="c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe" [2010-02-19 517096]
"AdobeCS6ServiceManager"="c:\program files (x86)\Common Files\Adobe\CS6ServiceManager\CS6ServiceManager.exe" [2012-03-09 1073312]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-01-03 843712]
"Adobe Acrobat Speed Launcher"="c:\program files (x86)\Adobe\Acrobat 10.0\Acrobat\Acrobat_sl.exe" [2012-04-04 36760]
"Acrobat Assistant 8.0"="c:\program files (x86)\Adobe\Acrobat 10.0\Acrobat\Acrotray.exe" [2012-04-04 815512]
"iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2012-03-27 421736]
"UpdReg"="c:\windows\UpdReg.EXE" [2000-05-11 90112]
"APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-02-21 59240]
"Malwarebytes' Anti-Malware"="c:\program files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" [2012-04-04 462408]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2011-06-09 254696]
"TkBellExe"="c:\program files (x86)\real\realplayer\Update\realsched.exe" [2011-11-07 273528]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
FancyStart daemon.lnk - c:\windows\Installer\{60D6618B-153F-4353-8185-908E676E5888}\_DCE9A4DB2A5F2786140FA3.exe [2009-12-17 12862]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
"SoftwareSASGeneration"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security Packages   REG_MULTI_SZ     kerberos msv1_0 schannel wdigest tspkg pku2u livessp
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lavasoft Ad-Aware Service]
@="Service"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\run-]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
"Adobe Acrobat Speed Launcher"="c:\program files (x86)\Adobe\Acrobat 10.0\Acrobat\Acrobat_sl.exe"
"Acrobat Assistant 8.0"="c:\program files (x86)\Adobe\Acrobat 10.0\Acrobat\Acrotray.exe"
"SwitchBoard"=c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
.
R2 .EsetTrialReset;Eset Trial Reset;c:\windows\reset.exe

R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 gupdate;Service Google Update (gupdate);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-01-06 136176]
R3 ALSysIO;ALSysIO;c:\users\Julien\AppData\Local\Temp\ALSysIO64.sys

R3 btwl2cap;Bluetooth L2CAP Service;c:\windows\system32\DRIVERS\btwl2cap.sys

R3 Creative ALchemy AL6 Licensing Service;Creative ALchemy AL6 Licensing Service;c:\program files (x86)\Common Files\Creative Labs Shared\Service\AL6Licensing.exe [2011-01-21 79360]
R3 Creative Audio Engine Licensing Service;Creative Audio Engine Licensing Service;c:\program files (x86)\Common Files\Creative Labs Shared\Service\CTAELicensing.exe [2009-12-17 79360]
R3 gupdatem;Service Google Update (gupdatem);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-01-06 136176]
R3 Microsoft SharePoint Workspace Audit Service;Microsoft SharePoint Workspace Audit Service;c:\program files\Microsoft Office\Office14\GROOVE.EXE [2011-06-12 51740536]
R3 NETw1v64;Intel(R) Wireless WiFi Link 1000 Series Adapter Driver for Windows Vista 64 Bit;c:\windows\system32\DRIVERS\NETw1v64.sys

R3 NisDrv;Microsoft Network Inspection System;c:\windows\system32\DRIVERS\NisDrvWFP.sys

R3 NisSrv;Inspection du réseau Microsoft;c:\program files\Microsoft Security Client\NisSrv.exe [2012-03-26 291696]
R3 ose64;Office 64 Source Engine;c:\program files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2010-01-10 174440]
R3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-10 4925184]
R3 SiSGbeLH;SiS191/SiS190 Ethernet Device NDIS 6.0 Driver;c:\windows\system32\DRIVERS\SiSG664.sys

R3 SwitchBoard;SwitchBoard;c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2010-02-19 517096]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys

R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys

R3 WatAdminSvc;Service Windows Activation Technologies;c:\windows\system32\Wat\WatAdminSvc.exe

R4 AFBAgent;AFBAgent;c:\windows\system32\FBAgent.exe

R4 Hamachi2Svc;LogMeIn Hamachi Tunneling Engine;c:\program files (x86)\LogMeIn Hamachi\hamachi-2.exe [2012-02-28 2343816]
R4 MSSQLServerADHelper100;SQL Active Directory Helper Service;c:\program files (x86)\Microsoft SQL Server\100\Shared\SQLADHLP.EXE [2010-04-03 44896]
R4 OberonGameConsoleService;Oberon Media Game Console service;c:\program files (x86)\Asus\Game Park\GameConsole\OberonGameConsoleService.exe [2009-09-15 44312]
R4 Skype C2C Service;Skype C2C Service;c:\programdata\Skype\Toolbars\Skype C2C Service\c2c_service.exe [2012-05-30 3048136]
R4 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe [2012-02-29 158856]
R4 SQLAgent$BPASERVER8;SQL Server Agent (BPASERVER8);c:\program files (x86)\Microsoft SQL Server\MSSQL10_50.BPASERVER8\MSSQL\Binn\SQLAGENT.EXE [2010-04-03 367456]
S0 Lbd;Lbd;c:\windows\system32\DRIVERS\Lbd.sys

S0 PxHlpa64;PxHlpa64;c:\windows\System32\Drivers\PxHlpa64.sys

S1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;c:\windows\system32\DRIVERS\dtsoftbus01.sys

S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys

S2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files (x86)\Lavasoft\Ad-Aware\AAWService.exe [2012-05-23 2152720]
S2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2012-04-04 654408]
S2 MSSQL$BPASERVER8;SQL Server (BPASERVER8);c:\program files (x86)\Microsoft SQL Server\MSSQL10_50.BPASERVER8\MSSQL\Binn\sqlservr.exe [2010-04-03 42884448]
S2 nvUpdatusService;NVIDIA Update Service Daemon;c:\program files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe [2012-03-01 2348352]
S2 rimspci;rimspci;c:\windows\system32\DRIVERS\rimspe64.sys

S2 rixdpcie;rixdpcie;c:\windows\system32\DRIVERS\rixdpe64.sys

S2 SBSDWSCService;SBSD Security Center Service;c:\program files (x86)\Spybot - Search & Destroy\SDWinSec.exe [2009-01-26 1153368]
S2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2012-02-29 382272]
S2 TuneUp.UtilitiesSvc;TuneUp Utilities Service;c:\program files (x86)\TuneUp Utilities 2012\TuneUpUtilitiesService64.exe [2011-12-14 2123584]
S3 copperhd;Razer Copperhead Driver;c:\windows\system32\drivers\copperhd.sys

S3 L1C;NDIS Miniport Driver for Atheros AR8131/AR8132 PCI-E Ethernet Controller (NDIS 6.20);c:\windows\system32\DRIVERS\L1C62x64.sys

S3 Lavasoft Kernexplorer;Lavasoft helper driver;c:\program files (x86)\Lavasoft\Ad-Aware\KernExplorer64.sys [2012-05-06 17152]
S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys

S3 NETw5s64;Pilote de carte Intel(R) Wireless WiFi Link pour Windows 7 64 bits ;c:\windows\system32\DRIVERS\NETw5s64.sys

S3 TuneUpUtilitiesDrv;TuneUpUtilitiesDrv;c:\program files (x86)\TuneUp Utilities 2012\TuneUpUtilitiesDriver64.sys [2011-10-19 11856]
.
.
--- Autres Services/Pilotes en mémoire ---
.
*NewlyCreated* - WS2IFSL
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{2D46B6DC-2207-486B-B523-A557E6D54B47}]
2010-11-20 12:17 302592 ----a-w- c:\windows\System32\cmd.exe
.
Contenu du dossier 'Tâches planifiées'
.
2012-06-19 c:\windows\Tasks\Ad-Aware Update (Weekly).job
- c:\program files (x86)\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe [2012-03-20 03:10]
.
2012-06-19 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-01-06 19:50]
.
2012-06-19 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-01-06 19:50]
.
2012-06-18 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1314771130-884112544-1733508605-1001Core.job
- c:\users\Julien\AppData\Local\Google\Update\GoogleUpdate.exe [2011-01-12 19:50]
.
2012-06-19 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1314771130-884112544-1733508605-1001UA.job
- c:\users\Julien\AppData\Local\Google\Update\GoogleUpdate.exe [2011-01-12 19:50]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ADSMOverlayIcon1]
@="{A8D448F4-0431-45AC-9F5E-E1B434AB2249}"
[HKEY_CLASSES_ROOT\CLSID\{A8D448F4-0431-45AC-9F5E-E1B434AB2249}]
2007-06-02 00:52 159744 ----a-w- c:\program files (x86)\ASUS\ASUS Data Security Manager\ShlExt\x64\OverlayIconShlExt1_64.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RunDLLEntry"="c:\windows\system32\RunDLL32.exe" [2009-07-14 45568]
"MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2012-03-26 1271168]
"AdobeAAMUpdater-1.0"="c:\program files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe" [2012-04-04 446392]
"BCSSync"="c:\program files\Microsoft Office\Office14\BCSSync.exe" [2010-03-13 112512]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"LoadAppInit_DLLs"=0x0
.
------- Examen supplémentaire -------
.
uStart Page = hxxp://www.google.com/
uLocal Page = c:\windows\system32\blank.htm
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyServer = 200.251.201.1:8080
IE: &Envoyer à OneNote - c:\progra~1\MICROS~2\Office14\ONBttnIE.dll/105
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: Ajouter la cible du lien à un fichier PDF existant - c:\program files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Ajouter à un fichier PDF existant - c:\program files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convertir au format Adobe PDF - c:\program files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECapture.html
IE: Convertir la cible du lien au format Adobe PDF - c:\program files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Download All by ASUS Download - c:\program files (x86)\ASUS\RT-N13U Wireless Router Utilities\ASDownloadAll.htm
IE: Download using ASUS Download - c:\program files (x86)\ASUS\RT-N13U Wireless Router Utilities\ASDownload.htm
IE: E&xporter vers Microsoft Excel - c:\progra~1\MICROS~2\Office14\EXCEL.EXE/3000
IE: Envoyer au périphérique &Bluetooth... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
IE: Envoyer l'&image au périphérique Bluetooth... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
TCP: DhcpNameServer = 192.168.1.1
FF - ProfilePath - c:\users\Julien\AppData\Roaming\Mozilla\Firefox\Profiles\4pyvy34p.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/
FF - prefs.js: keyword.URL - hxxp://search.yahoo.com/search?fr=greentree_ff1&ei=utf-8&type=827316&p=
FF - prefs.js: network.proxy.type - 0
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files (x86)\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: Skype Click to Call: {82AF8DCA-6DE9-405D-BD5E-43525BDAD38A} - c:\program files (x86)\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0030-ABCDEFFEDCBA} - c:\program files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0030-ABCDEFFEDCBA}
FF - Ext: FoxyProxy Standard: foxyproxy@eric.h.jung - %profile%\extensions\foxyproxy@eric.h.jung
FF - Ext: FoxyProxy Basic: foxyproxy@eric.h.jung - %profile%\extensions\foxyproxy@eric.h.jung
FF - Ext: Cooliris: piclens@cooliris.com - %profile%\extensions\piclens@cooliris.com
FF - Ext: Adblock Plus: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d} - %profile%\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}
FF - Ext: Selenium IDE: Ruby Formatters: rubyformatters@seleniumhq.org - %profile%\extensions\rubyformatters@seleniumhq.org
FF - Ext: Selenium IDE: Java Formatters: javaformatters@seleniumhq.org - %profile%\extensions\javaformatters@seleniumhq.org
FF - Ext: Selenium IDE: Groovy Formatters: groovyformatters@seleniumhq.org - %profile%\extensions\groovyformatters@seleniumhq.org
FF - Ext: Selenium IDE: Perl Formatter: perlformatters@seleniumhq.org - %profile%\extensions\perlformatters@seleniumhq.org
FF - Ext: Selenium IDE: PHP Formatters: phpformatters@seleniumhq.org - %profile%\extensions\phpformatters@seleniumhq.org
FF - Ext: Selenium IDE: {a6fd85ed-e919-4a43-a5af-8da18bda539f} - %profile%\extensions\{a6fd85ed-e919-4a43-a5af-8da18bda539f}
FF - Ext: Selenium IDE: Python Formatters: pythonformatters@seleniumhq.org - %profile%\extensions\pythonformatters@seleniumhq.org
FF - Ext: Selenium IDE: C# Formatters: csharpformatters@seleniumhq.org - %profile%\extensions\csharpformatters@seleniumhq.org
FF - Ext: Web Developer: {c45c406e-ab73-11d8-be73-000a95be3b12} - %profile%\extensions\{c45c406e-ab73-11d8-be73-000a95be3b12}
FF - Ext: RealPlayer Browser Record Plugin: {ABDE892B-13A8-4d1b-88E6-365A6E755758} - c:\programdata\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext
FF - user.js: nglayout.initialpaint.delay - 600
FF - user.js: content.notify.interval - 600000
FF - user.js: content.max.tokenizing.time - 1800000
FF - user.js: content.switch.threshold - 600000
FF - user.js: network.http.max-persistent-connections-per-server - 4
.
- - - - ORPHELINS SUPPRIMES - - - -
.
Toolbar-Locked - (no file)
Wow6432Node-HKCU-Run-AdobeBridge - (no file)
SafeBoot-45548493.sys
Toolbar-Locked - (no file)
HKLM-Run-SynTPEnh - c:\program files (x86)\Synaptics\SynTP\SynTPEnh.exe
AddRemove-ASUS_ScreenSaver_GSeries - c:\windows\system32\ASUS_ScreenSaver_GSeries.scr
.
.
.
--------------------- CLES DE REGISTRE BLOQUEES ---------------------
.
[HKEY_USERS\S-1-5-21-1314771130-884112544-1733508605-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.032\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 4.032"
.
[HKEY_USERS\S-1-5-21-1314771130-884112544-1733508605-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.apd\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 4.apd"
.
[HKEY_USERS\S-1-5-21-1314771130-884112544-1733508605-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.arw\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 4.arw"
.
[HKEY_USERS\S-1-5-21-1314771130-884112544-1733508605-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.bay\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 4.bay"
.
[HKEY_USERS\S-1-5-21-1314771130-884112544-1733508605-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.bw\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 4.bw"
.
[HKEY_USERS\S-1-5-21-1314771130-884112544-1733508605-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.bwf\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 4.bwf"
.
[HKEY_USERS\S-1-5-21-1314771130-884112544-1733508605-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.cel\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 4.cel"
.
[HKEY_USERS\S-1-5-21-1314771130-884112544-1733508605-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.cs1\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 4.cs1"
.
[HKEY_USERS\S-1-5-21-1314771130-884112544-1733508605-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.dcx\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 4.dcx"
.
[HKEY_USERS\S-1-5-21-1314771130-884112544-1733508605-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.djv\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 4.djv"
.
[HKEY_USERS\S-1-5-21-1314771130-884112544-1733508605-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.djvu\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 4.djvu"
.
[HKEY_USERS\S-1-5-21-1314771130-884112544-1733508605-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.fff\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 4.fff"
.
[HKEY_USERS\S-1-5-21-1314771130-884112544-1733508605-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.flc\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 4.flc"
.
[HKEY_USERS\S-1-5-21-1314771130-884112544-1733508605-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.fli\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 4.fli"
.
[HKEY_USERS\S-1-5-21-1314771130-884112544-1733508605-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.fpx\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 4.fpx"
.
[HKEY_USERS\S-1-5-21-1314771130-884112544-1733508605-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.icn\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 4.icn"
.
[HKEY_USERS\S-1-5-21-1314771130-884112544-1733508605-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.iff\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 4.iff"
.
[HKEY_USERS\S-1-5-21-1314771130-884112544-1733508605-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.ilbm\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 4.ilbm"
.
[HKEY_USERS\S-1-5-21-1314771130-884112544-1733508605-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.int\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 4.int"
.
[HKEY_USERS\S-1-5-21-1314771130-884112544-1733508605-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.inta\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 4.inta"
.
[HKEY_USERS\S-1-5-21-1314771130-884112544-1733508605-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.iw4\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 4.iw4"
.
[HKEY_USERS\S-1-5-21-1314771130-884112544-1733508605-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.j2c\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 4.j2c"
.
[HKEY_USERS\S-1-5-21-1314771130-884112544-1733508605-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.j2k\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 4.j2k"
.
[HKEY_USERS\S-1-5-21-1314771130-884112544-1733508605-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.jbr\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 4.jbr"
.
[HKEY_USERS\S-1-5-21-1314771130-884112544-1733508605-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.jif\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 4.jif"
.
[HKEY_USERS\S-1-5-21-1314771130-884112544-1733508605-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.jp2\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 4.jp2"
.
[HKEY_USERS\S-1-5-21-1314771130-884112544-1733508605-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.jpc\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 4.jpc"
.
[HKEY_USERS\S-1-5-21-1314771130-884112544-1733508605-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.jpk\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 4.jpk"
.
[HKEY_USERS\S-1-5-21-1314771130-884112544-1733508605-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.jpx\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 4.jpx"
.
[HKEY_USERS\S-1-5-21-1314771130-884112544-1733508605-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.kar\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 4.kar"
.
[HKEY_USERS\S-1-5-21-1314771130-884112544-1733508605-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.kdc\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 4.kdc"
.
[HKEY_USERS\S-1-5-21-1314771130-884112544-1733508605-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.lbm\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 4.lbm"
.
[HKEY_USERS\S-1-5-21-1314771130-884112544-1733508605-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.m15\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 4.m15"
.
[HKEY_USERS\S-1-5-21-1314771130-884112544-1733508605-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.m1a\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 4.m1a"
.
[HKEY_USERS\S-1-5-21-1314771130-884112544-1733508605-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.m2a\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 4.m2a"
.
[HKEY_USERS\S-1-5-21-1314771130-884112544-1733508605-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.m75\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 4.m75"
.
[HKEY_USERS\S-1-5-21-1314771130-884112544-1733508605-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mef\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 4.mef"
.
[HKEY_USERS\S-1-5-21-1314771130-884112544-1733508605-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mpv\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 4.mpv"
.
[HKEY_USERS\S-1-5-21-1314771130-884112544-1733508605-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.nrw\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 4.nrw"
.
[HKEY_USERS\S-1-5-21-1314771130-884112544-1733508605-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.pbr\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 4.pbr"
.
[HKEY_USERS\S-1-5-21-1314771130-884112544-1733508605-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.pgm\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 4.pgm"
.
[HKEY_USERS\S-1-5-21-1314771130-884112544-1733508605-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.pics\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 4.pics"
.
[HKEY_USERS\S-1-5-21-1314771130-884112544-1733508605-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.pix\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 4.pix"
.
[HKEY_USERS\S-1-5-21-1314771130-884112544-1733508605-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.ppm\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 4.ppm"
.
[HKEY_USERS\S-1-5-21-1314771130-884112544-1733508605-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.pspbrush\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 4.pspbrush"
.
[HKEY_USERS\S-1-5-21-1314771130-884112544-1733508605-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.pspimage\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 4.pspimage"
.
[HKEY_USERS\S-1-5-21-1314771130-884112544-1733508605-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.qtpf\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 4.qtpf"
.
[HKEY_USERS\S-1-5-21-1314771130-884112544-1733508605-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.ras\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 4.ras"
.
[HKEY_USERS\S-1-5-21-1314771130-884112544-1733508605-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.rgb\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 4.rgb"
.
[HKEY_USERS\S-1-5-21-1314771130-884112544-1733508605-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.rgba\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 4.rgba"
.
[HKEY_USERS\S-1-5-21-1314771130-884112544-1733508605-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.rsb\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 4.rsb"
.
[HKEY_USERS\S-1-5-21-1314771130-884112544-1733508605-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.rw2\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 4.rw2"
.
[HKEY_USERS\S-1-5-21-1314771130-884112544-1733508605-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.rwl\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 4.rwl"
.
[HKEY_USERS\S-1-5-21-1314771130-884112544-1733508605-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.sdv\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 4.sdv"
.
[HKEY_USERS\S-1-5-21-1314771130-884112544-1733508605-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.sfil\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 4.sfil"
.
[HKEY_USERS\S-1-5-21-1314771130-884112544-1733508605-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.sgi\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 4.sgi"
.
[HKEY_USERS\S-1-5-21-1314771130-884112544-1733508605-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.smf\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 4.smf"
.
[HKEY_USERS\S-1-5-21-1314771130-884112544-1733508605-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.sml\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 4.sml"
.
[HKEY_USERS\S-1-5-21-1314771130-884112544-1733508605-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.sr2\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 4.sr2"
.
[HKEY_USERS\S-1-5-21-1314771130-884112544-1733508605-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.srw\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 4.srw"
.
[HKEY_USERS\S-1-5-21-1314771130-884112544-1733508605-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.swa\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 4.swa"
.
[HKEY_USERS\S-1-5-21-1314771130-884112544-1733508605-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.thm\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 4.thm"
.
[HKEY_USERS\S-1-5-21-1314771130-884112544-1733508605-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.ulw\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 4.ulw"
.
[HKEY_USERS\S-1-5-21-1314771130-884112544-1733508605-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.v40po\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 4.v40po"
.
[HKEY_USERS\S-1-5-21-1314771130-884112544-1733508605-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.v40pp\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 4.v40pp"
.
[HKEY_USERS\S-1-5-21-1314771130-884112544-1733508605-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.v40ppf\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 4.v40ppf"
.
[HKEY_USERS\S-1-5-21-1314771130-884112544-1733508605-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.vfw\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 4.vfw"
.
[HKEY_USERS\S-1-5-21-1314771130-884112544-1733508605-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.wbm\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 4.wbm"
.
[HKEY_USERS\S-1-5-21-1314771130-884112544-1733508605-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.wbmp\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 4.wbmp"
.
[HKEY_USERS\S-1-5-21-1314771130-884112544-1733508605-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.xbm\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 4.xbm"
.
[HKEY_USERS\S-1-5-21-1314771130-884112544-1733508605-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.xif\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 4.xif"
.
[HKEY_USERS\S-1-5-21-1314771130-884112544-1733508605-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.xmp\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 4.xmp"
.
[HKEY_USERS\S-1-5-21-1314771130-884112544-1733508605-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.xpm\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 4.xpm"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_3_300_257_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_3_300_257_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_257.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.11"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_257.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_257.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_257.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Autres processus actifs ------------------------
.
c:\program files (x86)\ASUS\ATK Package\ATK Hotkey\ASLDRSrv.exe
c:\program files (x86)\ASUS\SmartLogon\smartlogon.exe
c:\program files (x86)\ASUS\SmartLogon\sensorsrv.exe
c:\program files (x86)\ASUS\ControlDeck\ControlDeckStartUp.exe
c:\program files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe
c:\program files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\program files (x86)\ASUS\ATK Hotkey\HControl.exe
c:\program files (x86)\ASUS\ATK Hotkey\ATKOSD.exe
c:\program files (x86)\ASUS\ATK Hotkey\KBFiltr.exe
c:\program files (x86)\ASUS\ATK Hotkey\WDC.exe
c:\program files (x86)\Microsoft SQL Server\90\Shared\sqlbrowser.exe
c:\program files (x86)\Lavasoft\Ad-Aware\AAWTray.exe
.
**************************************************************************
.
Heure de fin: 2012-06-18 22:47:09 - La machine a redémarré
ComboFix-quarantined-files.txt 2012-06-19 02:47
.
Avant-CF: 49 238 224 896 octets libres
Après-CF: 49 244 540 928 octets libres
.
- - End Of File - - FC42FE0F6B1E03745EC357BDB43858C2

========= End of CMD: =========

C:\Windows\Installer\{2c2637e1-c916-7212-5bb8-0718a26b5c95} moved successfully.
C:\Windows\Installer\{2c2637e1-c916-7212-5bb8-0718a26b5c95}\@ not found.
C:\Windows\Installer\{2c2637e1-c916-7212-5bb8-0718a26b5c95}\L not found.
C:\Windows\Installer\{2c2637e1-c916-7212-5bb8-0718a26b5c95}\U not found.
C:\Windows\Installer\{2c2637e1-c916-7212-5bb8-0718a26b5c95}\L\00000004.@ not found.
C:\Windows\Installer\{2c2637e1-c916-7212-5bb8-0718a26b5c95}\L\1afb2d56 not found.
C:\Windows\Installer\{2c2637e1-c916-7212-5bb8-0718a26b5c95}\L\201d3dde not found.
C:\Windows\Installer\{2c2637e1-c916-7212-5bb8-0718a26b5c95}\U\00000004.@ not found.
C:\Windows\Installer\{2c2637e1-c916-7212-5bb8-0718a26b5c95}\U\000000cb.@ not found.
C:\Users\Julien\AppData\Local\{2c2637e1-c916-7212-5bb8-0718a26b5c95} moved successfully.
C:\Users\Julien\AppData\Local\{2c2637e1-c916-7212-5bb8-0718a26b5c95}\@ not found.
C:\Users\Julien\AppData\Local\{2c2637e1-c916-7212-5bb8-0718a26b5c95}\L not found.
C:\Users\Julien\AppData\Local\{2c2637e1-c916-7212-5bb8-0718a26b5c95}\U not found.

==== End of Fixlog ====

kevinf80 · « **Reply #5 on:** June 19, 2012, 11:42:56 PM »

Can you tell me if you know of or set up this proxy server?

uInternet Settings,ProxyServer = 200.251.201.1:8080

Delete any versions of Combofix that you may have on your Desktop, download a fresh copy from either of the following links :-

Link 1
Link 2

Ensure that Combofix is saved directly to the Desktop <--- Very important
Disable all security programs as they will have a negative effect on Combofix, instructions available Here if required. Be aware the list may not have all programs listed, if you need more help please ask.
Close any open browsers and any other programs you might have running
Double click the icon to run the tool (Vista or Windows 7 users right click and select "Run as Administrator)
Instructions for running Combofix available Here if required.
If you are using windows XP It might display a pop up saying that "Recovery console is not installed, do you want to install?" Please select yes & let it download the files it needs to do this. Once the recovery console is installed Combofix will then offer to scan for malware. Select continue or yes.
When finished, it will produce a report for you. Please post the "C:\ComboFix.txt" for further review

****Note: Do not mouseclick combofix's window while it's running. That may cause it to stall or freeze ****

Note: ComboFix may reset a number of Internet Explorer's settings, including making it the default browser.
Note: Combofix prevents autorun of ALL CDs, floppies and USB devices to assist with malware removal & increase security. If this is an issue or makes it difficult for you -- please tell us when you reply. Read Here why disabling autoruns is recommended.

*EXTRA NOTES*

If Combofix detects any Rootkit/Bootkit activity on your system it will give a warning and prompt for a reboot, you must allow it to do so.
If Combofix reboot's due to a rootkit, the screen may stay black for several minutes on reboot, this is normal
If after running Combofix you receive any type of warning message about registry key's being listed for deletion when trying to open certain items, reboot the system and this will fix the issue (Those items will not be deleted)

Post the log in next reply please...

Kevin

tictic · « **Reply #6 on:** June 20, 2012, 04:25:47 AM »

Hi kevinf64,

I really do not know from where comes this proxy to answer your first question!

I will run Combofix this afternoon.

Thank you so much.

Hoov · « **Reply #7 on:** June 20, 2012, 08:26:58 AM »

There seems to be a problem with some of the software that you have installed. Could you open your copy of ESET and go to Help and then to about and get a screenshot of that window and attach it to a response. There is also a copy of Bittorrent installed on your computer. If you read this, The Following Software Must Be Removed Before Posting Here you will see that Bittorrent needs to be uninstalled. kevinf80 had also made this clear in his original greeting statement.

Until these anomalies can be resolved, this thread will not go any further.

tictic · « **Reply #8 on:** June 20, 2012, 01:18:11 PM »

Hi Hoov,

I cannot open eset, because my license expired 1 week ago, time when I began to have trouble with my computer ! I waited one day before getting microsoft security essential.

For Bittorrent, I followed everything kevinf80 told me, because I deleted it just when he asked me. I don't have any copy of it, but if you tell me I have something, I will check right now what's happening.

Thank you hoov.

kevinf80 · « **Reply #9 on:** June 20, 2012, 01:30:45 PM »

Hello tictic,

This is the main problem - R2 .EsetTrialReset;Eset Trial Reset;c:\windows\reset.exe That is crack to defeat the trial value of ESET, thus turning a trial version into a full version.

Kevin

tictic · « **Reply #10 on:** June 20, 2012, 01:48:18 PM »

Hi kevinf80,

I'm glad to read you, but I don't find this file on c:\windows. I will check this right now on my computer if it is somewhere else but I just found 2 reset.exe here: C:\Windows\winsxs\amd64_microsoft-windows-t..es-commandlinetools_31bf3856ad364e35_6.1.7600.16385_none_40a54b0d12b542e8

Do you think it's these one ?

Thank you,

Tictic

tictic · « **Reply #11 on:** June 20, 2012, 01:53:07 PM »

I just checked the report, and I don't understand how it can show something I don't have on my computer. I also checked hidden files but I don't see it. Could you explain me, please ?

kevinf80 · « **Reply #12 on:** June 20, 2012, 02:00:33 PM »

The entry I quote is showing in the log from Combofix, you ran that before posting here. I salvaged that log with FRST command. It is evident that you were running a crack to avoid upgrading to the full version of ESET at some point.

Whether or not it is off your system is not my concern. I cannot progress your log until one of the moderators give the go ahead.

Thanks,

Kevin

Hoov · « **Reply #13 on:** June 20, 2012, 02:05:03 PM »

There is one way to resolve this. Please follow the instructions below EXACTLY. DO NOT POST the log here. I am sending you a PM on what to do with the log.

Please download and run Belarc Advisor. When it is done running its scan, it will open a browser window. When that window is open you can close it. Then go to C:\Program Files\Belarc\Advisor\System\tmp , there will be two files there. One is license.html the other is (the name of your computer).html . I am sending you a private message on what to do with that file. DO NOT ATTACH OR POST IT HERE.

Hoov · « **Reply #14 on:** June 20, 2012, 02:52:14 PM »

tictic, I have gotten the log and all is clear. Sorry for the confusion but we are a little paranoid about cracked software here. It is a very easy way to have an infection keep coming back. P2P software is also a source of malware. I have let Kevin know all is clear, and if he is to busy to continue, I will do it.

News:

Author Topic: [Resolved K] Cannot active Windows Defender and Firewall (Read 1619 times)

tictic

[Resolved K] Cannot active Windows Defender and Firewall

kevinf80

Re: [Resolved K] Cannot active Windows Defender and Firewall

tictic

Re: [Resolved K] Cannot active Windows Defender and Firewall

kevinf80

Re: [Resolved K] Cannot active Windows Defender and Firewall

tictic

Re: [Resolved K] Cannot active Windows Defender and Firewall

kevinf80

Re: [Resolved K] Cannot active Windows Defender and Firewall

tictic

Re: [Resolved K] Cannot active Windows Defender and Firewall

Hoov

Re: [Resolved K] Cannot active Windows Defender and Firewall

tictic

Re: [Resolved K] Cannot active Windows Defender and Firewall

kevinf80

Re: [Resolved K] Cannot active Windows Defender and Firewall

tictic

Re: [Resolved K] Cannot active Windows Defender and Firewall

tictic

Re: [Resolved K] Cannot active Windows Defender and Firewall

kevinf80

Re: [Resolved K] Cannot active Windows Defender and Firewall

Hoov

Re: [Resolved K] Cannot active Windows Defender and Firewall

Hoov

Re: [Resolved K] Cannot active Windows Defender and Firewall