Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Am I still infected by Ukash Virus ??


  • This topic is locked This topic is locked
43 replies to this topic

#1 ramaflore

ramaflore

  • Members
  • 87 posts
  • OFFLINE
  •  
  • Local time:11:31 PM

Posted 13 July 2012 - 08:43 AM

Hi,

Yesterday, I was infected by Metropolitan Police Ukash Virus.

I ran 3 Antivirus (Emsisoft Anti-Malware, Hitman Pro, and Webroot Secure Anywhere) from my admin account to erradicate it but unfortunately,with no success. After that, I finally cleaned this infection with Roguekiller on Safe Mode that I ran a few times.

I decide to check with rkill according to the removal steps from here: My link

Rkill detected the following on today :

Log file:

This log file is located at C:\rkill.log.
Please post this only if requested to by the person helping you.
Otherwise you can close this log when you wish.

Rkill was run on 13/07/2012 at 13:56:43.
Operating System: Windows Vista ™ Business


Processes terminated by Rkill or while it was running:

C:\Windows\system32\conime.exe
C:\Windows\system32\conime.exe
C:\Windows\system32\conime.exe
C:\Windows\system32\conime.exe


Rkill completed on 13/07/2012 at 13:56:47.


Please let me know if I'm still infected or not. Is the conime.exe really infected or not ??

Thanks in advance for your support !

BC AdBot (Login to Remove)

 


#2 Guest_White Warrior_*

Guest_White Warrior_*

  • Guests
  • OFFLINE
  •  

Posted 18 July 2012 - 12:27 AM

Hi ramaflore

I will be handling your log to help you get cleaned up. Please give me some time to look it over and I will get back to you as soon as possible.

White Warrior

#3 Guest_White Warrior_*

Guest_White Warrior_*

  • Guests
  • OFFLINE
  •  

Posted 18 July 2012 - 08:40 AM

Hi ramaflore

RKill is not a cleaning tool.

We need to see some information about what is happening in your machine. Please perform the following scans.

  • Download DDS by sUBs from one of the following links. Save it to your desktop.
  • Double click on the DDS icon, allow it to run.
  • A small box will open, with an explanation about the tool. No input is needed, the scan is running.
  • Notepad will open with the results.
  • Follow the instructions that pop up for posting the results.
  • Close the program window, and delete the program from your desktop.
Please note: You may have to disable any script protection running if the scan fails to run. After downloading the tool, disconnect from the internet and disable all antivirus protection. Run the scan, enable your A/V and reconnect to the internet.

Information on A/V control
here

Please download Rootkit Unhooker from one of the following links and save it to your desktop.
Link 1 (.exe file)
Link 2 (zipped file)
Link 3 (.rar file)In order to use this tool if you downloaded from either of the second two links, you will need to extract the RKUnhookerLE.exe file using a program capable of extracing ZIP and RAR compressed files. If you don't have an extraction program, you can downlaod, install and use the free 7-zip utility.

  • Double-click on RKUnhookerLE.exe to start the program.
    Vista/Windows 7 users right-click and select Run As Administrator.
  • Click the Report tab, then click Scan.
  • Check Drivers, Stealth, and uncheck the rest.
  • Click OK.
  • Wait until it's finished and then go to File > Save Report.
  • Save the report to your Desktop.
  • Copy and paste the contents of the report into your next reply.
-- [Note: You may get this warning...just ignore it, click OK and continue: "Rootkit Unhooker has detected a parasite inside itself! It is recommended to remove parasite, okay?".

Download Security Check by screen317 from here.
  • Save it to your desktop.
  • Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
  • A Notepad document should open automatically called [b]checkup.txt; please post the contents of that document.
I need to see:
DDS log
Rootkit log
Security Check log.

White Warrior

#4 ramaflore

ramaflore
  • Topic Starter

  • Members
  • 87 posts
  • OFFLINE
  •  

Posted 19 July 2012 - 08:35 AM

Hi White Warrior,

Thanks for your support !

Here you are your request :

DDS Log:

.
DDS (Ver_2011-08-26.01) - NTFSx86
Internet Explorer: 9.0.8112.16421 BrowserJavaVersion: 1.6.0_31
Run by Flore at 15:20:43 on 2012-07-19
Microsoft® Windows Vista™ Professionnel 6.0.6002.2.1252.33.1036.18.1013.584 [GMT 2:00]
.
AV: Emsisoft Anti-Malware *Enabled/Updated* {8504DEEF-CC04-1F76-2137-F1A5F4A659DA}
AV: Webroot SecureAnywhere *Enabled/Updated* {9C0666FC-6C7D-3E97-3C40-0C6B33FC7401}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: Webroot SecureAnywhere *Enabled/Updated* {27678718-4A47-3119-06F0-3719487B3EBC}
SP: Emsisoft Anti-Malware *Enabled/Updated* {3E653F0B-EA3E-10F8-1B87-CAD78F211367}
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Program Files\Emsisoft Anti-Malware\a2service.exe
C:\Windows\system32\svchost.exe -k rpcss
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k GPSvcGroup
C:\Windows\system32\SLsvc.exe
C:\Windows\system32\svchost.exe -k LocalService
C:\Program Files\HitmanPro\hmpsched.exe
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\svchost.exe -k bthsvcs
C:\Program Files\INCAInternet\nProtect MBR Guard\nPMBRSvc.exe
C:\Program Files\Nitro PDF\Express\NitroPDFExpressDriverService.exe
C:\Windows\system32\NLSSRV32.EXE
C:\Windows\system32\svchost.exe -k imgsvc
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\taskeng.exe
C:\Program Files\Shadow Defender\DefenderDaemon.exe
C:\Windows\System32\hkcmd.exe
C:\Windows\System32\igfxpers.exe
C:\Windows\system32\wuauclt.exe
C:\Windows\system32\conime.exe
C:\Windows\system32\wbem\wmiprvse.exe
.
============== Pseudo HJT Report ===============
.
BHO: Java™ Plug-In SSV Helper: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\java\jre6\bin\ssv.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
mRun: [emsisoft anti-malware] "c:\program files\emsisoft anti-malware\a2guard.exe" /d=60
mRun: [WRSVC] "c:\program files\webroot\WRSA.exe" -ul
mRun: [Shadow Defender Daemon] "c:\program files\shadow defender\DefenderDaemon.exe" /Auto
mRun: [IgfxTray] c:\windows\system32\igfxtray.exe
mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe
mRun: [Persistence] c:\windows\system32\igfxpers.exe
mRun: [NpMBRGuard] c:\program files\incainternet\nprotect mbr guard\nPMBRGuard.exe
uPolicies-explorer: NoViewOnDrive = 0 (0x0)
uPolicies-explorer: DisableLocalMachineRun = 0 (0x0)
uPolicies-explorer: DisableLocalMachineRunOnce = 0 (0x0)
uPolicies-explorer: DisableCurrentUserRun = 0 (0x0)
uPolicies-explorer: DisableCurrentUserRunOnce = 0 (0x0)
uPolicies-explorer: NoFile = 0 (0x0)
uPolicies-explorer: HideClock = 0 (0x0)
uPolicies-explorer: NoDevMgrUpdate = 0 (0x0)
uPolicies-explorer: NoDFSTab = 0 (0x0)
uPolicies-explorer: NoWindowsUpdate = 0 (0x0)
uPolicies-explorer: NoEncryptOnMove = 0 (0x0)
uPolicies-explorer: NoResolveTrack = 0 (0x0)
uPolicies-explorer: NoStartMenuSubFolders = 0 (0x0)
uPolicies-system: NoDispAppearancePage = 0 (0x0)
uPolicies-system: NoDispSettingsPage = 0 (0x0)
mPolicies-explorer: BindDirectlyToPropertySetStorage = 0 (0x0)
mPolicies-explorer: NoViewOnDrive = 0 (0x0)
mPolicies-explorer: DisableLocalMachineRun = 0 (0x0)
mPolicies-explorer: DisableLocalMachineRunOnce = 0 (0x0)
mPolicies-explorer: DisableCurrentUserRun = 0 (0x0)
mPolicies-explorer: DisableCurrentUserRunOnce = 0 (0x0)
mPolicies-explorer: NoFile = 0 (0x0)
mPolicies-explorer: HideClock = 0 (0x0)
mPolicies-explorer: NoDevMgrUpdate = 0 (0x0)
mPolicies-explorer: NoDFSTab = 0 (0x0)
mPolicies-explorer: NoWindowsUpdate = 0 (0x0)
mPolicies-explorer: NoEncryptOnMove = 0 (0x0)
mPolicies-explorer: NoResolveTrack = 0 (0x0)
mPolicies-explorer: NoStartMenuSubFolders = 0 (0x0)
mPolicies-system: EnableLUA = 0 (0x0)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
mPolicies-system: NoDispAppearancePage = 0 (0x0)
mPolicies-system: NoDispSettingsPage = 0 (0x0)
dPolicies-explorer: NoViewOnDrive = 0 (0x0)
dPolicies-explorer: DisableLocalMachineRun = 0 (0x0)
dPolicies-explorer: DisableLocalMachineRunOnce = 0 (0x0)
dPolicies-explorer: DisableCurrentUserRun = 0 (0x0)
dPolicies-explorer: DisableCurrentUserRunOnce = 0 (0x0)
dPolicies-explorer: NoFile = 0 (0x0)
dPolicies-explorer: HideClock = 0 (0x0)
dPolicies-explorer: NoDevMgrUpdate = 0 (0x0)
dPolicies-explorer: NoDFSTab = 0 (0x0)
dPolicies-explorer: NoWindowsUpdate = 0 (0x0)
dPolicies-explorer: NoEncryptOnMove = 0 (0x0)
dPolicies-explorer: NoResolveTrack = 0 (0x0)
dPolicies-explorer: NoStartMenuSubFolders = 0 (0x0)
dPolicies-system: NoDispAppearancePage = 0 (0x0)
dPolicies-system: NoDispSettingsPage = 0 (0x0)
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab
TCP: DhcpNameServer = 192.168.1.1
TCP: Interfaces\{FB6D00A2-B1C0-4845-B099-36B37CE7E9BD} : DhcpNameServer = 192.168.1.1
Notify: igfxcui - igfxdev.dll
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\users\flore\appdata\roaming\mozilla\firefox\profiles\3mx75wwm.default\
FF - prefs.js: browser.search.selectedEngine - Ask.com
FF - prefs.js: browser.startup.homepage - hxxp://fr.yahoo.com/
FF - plugin: c:\program files\java\jre6\bin\plugin2\npdeployJava1.dll
FF - plugin: c:\program files\java\jre6\bin\plugin2\npjp2.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npdeployJava1.dll
FF - plugin: c:\program files\sumatrapdf\npPdfViewer.dll
FF - plugin: c:\program files\veetle\player\npvlc.dll
FF - plugin: c:\program files\veetle\plugins\npVeetle.dll
FF - plugin: c:\windows\system32\macromed\flash\NPSWF32_11_2_202_235.dll
.
============= SERVICES / DRIVERS ===============
.
R0 diskpt;diskpt;c:\windows\system32\drivers\diskpt.sys [2012-4-30 204384]
R0 WRkrn;WRkrn;c:\windows\system32\drivers\WRkrn.sys [2011-12-15 111632]
R1 A2DDA;A2 Direct Disk Access Support Driver;c:\program files\emsisoft anti-malware\a2ddax86.sys [2011-12-9 17904]
R1 a2injectiondriver;a2injectiondriver;c:\program files\emsisoft anti-malware\a2dix86.sys [2011-12-9 37856]
R1 a2util;a-squared Malware-IDS utility driver;c:\program files\emsisoft anti-malware\a2util32.sys [2011-12-9 11776]
R1 TKDac;TKDac;c:\windows\system32\tkdacxp.sys [2011-12-29 100160]
R2 a2AntiMalware;Emsisoft Anti-Malware 6.0 - Service;c:\program files\emsisoft anti-malware\a2service.exe [2011-12-9 3069752]
R2 FontCache;Service de cache de police Windows;c:\windows\system32\svchost.exe -k LocalServiceAndNoImpersonation [2011-12-4 21504]
R2 HitmanProScheduler;HitmanPro Scheduler;c:\program files\hitmanpro\hmpsched.exe [2012-4-7 90952]
R2 MBRGuardSvc;MBRGuardSvc;c:\program files\incainternet\nprotect mbr guard\nPMBRSvc.exe [2011-12-29 213312]
R2 NitroExpressDriverReadSpool;NitroPDFExpressDriverCreatorReadSpool;c:\program files\nitro pdf\express\NitroPDFExpressDriverService.exe [2009-12-15 196912]
R2 nlsX86cc;NLS Service;c:\windows\system32\NLSSRV32.EXE [2009-12-15 65840]
R3 a2acc;a2acc;c:\program files\emsisoft anti-malware\a2accx86.sys [2011-12-9 54072]
S2 WRSVC;WRSVC;c:\program files\webroot\WRSA.exe [2011-12-15 688360]
.
=============== File Associations ===============
.
JSEFile="%SystemRoot%\System32\WScript.exe" "%1" %*
.
=============== Created Last 30 ================
.
2012-07-18 00:15:33 -------- d-----w- c:\program files\INCAInternet
2012-07-17 22:05:34 178176 ----a-w- c:\windows\system32\unrar.dll
2012-07-17 22:05:32 -------- d-----w- c:\program files\MPC-HC
2012-07-16 02:27:56 419488 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2012-07-16 02:27:55 70304 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2012-07-16 02:23:12 167936 ----a-w- c:\windows\system32\igfxres.dll
2012-07-16 01:48:22 -------- d-----w- c:\users\flore\appdata\local\Daum
2012-07-16 01:48:21 -------- d-----w- c:\users\flore\appdata\roaming\PotPlayerMini
2012-07-16 01:43:59 70992 ----a-w- c:\windows\system32\XAPOFX1_2.dll
2012-07-16 01:35:41 -------- d-----w- c:\program files\Daum
2012-07-16 00:53:14 385024 ----a-w- c:\windows\system32\igxpun.exe
2012-07-15 21:12:16 -------- d-----w- C:\Intel
2012-07-15 09:31:26 -------- d-----w- c:\users\flore\Vba32arkit
2012-07-13 07:27:56 -------- d-----w- c:\users\flore\appdata\roaming\Malwarebytes
2012-07-13 07:27:47 -------- d-----w- c:\programdata\Malwarebytes
2012-06-30 19:49:19 12872 ----a-w- c:\windows\system32\bootdelete.exe
2012-06-29 09:50:59 -------- d-----w- c:\users\flore\appdata\local\Apps
2012-06-29 00:42:48 -------- d-----w- c:\users\flore\appdata\roaming\IrfanView
2012-06-28 01:09:05 -------- d-----w- c:\users\flore\appdata\local\Macromedia
2012-06-28 00:26:43 -------- d-----w- c:\program files\FuturixImager
2012-06-28 00:10:29 -------- d-----w- c:\program files\MycView
2012-06-27 23:16:05 -------- d-----w- c:\program files\JPEGView_1_0_26
2012-06-21 09:16:41 2422272 ----a-w- c:\windows\system32\wucltux.dll
2012-06-21 09:16:31 88576 ----a-w- c:\windows\system32\wudriver.dll
2012-06-21 09:16:27 33792 ----a-w- c:\windows\system32\wuapp.exe
2012-06-21 09:16:27 171904 ----a-w- c:\windows\system32\wuwebv.dll
.
==================== Find3M ====================
.
2012-07-01 22:12:24 148664 ----a-w- c:\windows\system32\WRusr.dll
2012-07-01 09:09:00 111632 ----a-w- c:\windows\system32\drivers\WRkrn.sys
2012-05-27 01:13:40 7680 ----a-w- c:\windows\60139727.exe
2012-05-26 00:53:38 7680 ----a-w- c:\windows\11290197.exe
2012-05-25 14:30:01 7680 ----a-w- c:\windows\16305630.exe
2012-05-25 00:27:02 7680 ----a-w- c:\windows\52562384.exe
2012-04-26 10:56:46 134984 ----a-w- c:\windows\system32\LnkProtect.dll
2012-04-24 10:15:40 472808 ----a-w- c:\windows\system32\deployJava1.dll
.
============= FINISH: 15:21:44,67 ===============

#5 ramaflore

ramaflore
  • Topic Starter

  • Members
  • 87 posts
  • OFFLINE
  •  

Posted 19 July 2012 - 08:38 AM

Rootkit log :

RkU Version: 3.8.389.593, Type LE (SR2)
==============================================
OS Name: Windows Vista
Version 6.0.6002 (Service Pack 2)
Number of processors #2
==============================================
>Drivers
==============================================
0x8A404000 C:\Windows\system32\DRIVERS\igdkmd32.sys 7004160 bytes (Intel Corporation, Intel Graphics Kernel Mode Driver)
0x8201A000 C:\Windows\system32\ntoskrnl.exe 3846144 bytes (Microsoft Corporation, NT Kernel & System)
0x8201A000 PnpManager 3846144 bytes
0x8201A000 RAW 3846144 bytes
0x8201A000 WMIxWDM 3846144 bytes
0x8AC02000 C:\Windows\system32\DRIVERS\NETw4v32.sys 2289664 bytes (Intel Corporation, Intel® Wireless WiFi Link Driver)
0x94040000 Win32k 2113536 bytes
0x94040000 C:\Windows\System32\win32k.sys 2113536 bytes (Microsoft Corporation, Pilote Win32 multi-utilisateurs)
0x8C008000 C:\Windows\system32\drivers\RTKVHDA.sys 1642496 bytes (Realtek Semiconductor Corp., Realtek® High Definition Audio Function Driver)
0x8680F000 C:\Windows\System32\Drivers\Ntfs.sys 1114112 bytes (Microsoft Corporation, Pilote du système de fichiers NT)
0x864D2000 C:\Windows\System32\drivers\NDIS.SYS 1093632 bytes (Microsoft Corporation, NDIS 6.0 wrapper driver)
0x8C1EB000 C:\Windows\system32\DRIVERS\smserial.sys 1011712 bytes (Motorola Inc., Motorola SM56 Modem WDM Driver)
0x86659000 C:\Windows\System32\drivers\tcpip.sys 958464 bytes (Microsoft Corporation, TCP/IP Driver)
0x828D1000 C:\Windows\system32\CI.dll 917504 bytes (Microsoft Corporation, Module d’intégrité du code)
0x8D2DC000 C:\Windows\system32\drivers\peauth.sys 909312 bytes (Microsoft Corporation, Protected Environment Authentication and Authorization Export Driver)
0x8D132000 C:\Windows\system32\drivers\spsys.sys 720896 bytes (Microsoft Corporation, security processor)
0x8AAB2000 C:\Windows\System32\drivers\dxgkrnl.sys 655360 bytes (Microsoft Corporation, DirectX Graphics Kernel)
0x8AB5E000 C:\Windows\system32\DRIVERS\HDAudBus.sys 577536 bytes (Microsoft Corporation, High Definition Audio Bus Driver)
0x86A4A000 C:\Windows\system32\DRIVERS\rdpdr.sys 561152 bytes (Microsoft Corporation, Microsoft RDP Device redirector)
0x8D005000 C:\Windows\System32\Drivers\bthport.sys 524288 bytes (Microsoft Corporation, Pilote de bus Bluetooth)
0x829B1000 C:\Windows\system32\drivers\Wdf01000.sys 507904 bytes (Microsoft Corporation, WDF dynamique)
0x865E8000 C:\Windows\System32\Drivers\ksecdd.sys 462848 bytes (Microsoft Corporation, Kernel Security Support Provider Interface)
0x82807000 C:\Windows\system32\mcupdate_GenuineIntel.dll 458752 bytes (Microsoft Corporation, Intel Microcode Update Library)
0x8D239000 C:\Windows\system32\drivers\HTTP.sys 446464 bytes (Microsoft Corporation, HTTP Pile du protocole)
0x8675E000 C:\Windows\system32\drivers\csc.sys 372736 bytes (Microsoft Corporation, Windows Client Side Caching Driver)
0xAB004000 C:\Windows\System32\DRIVERS\srv.sys 323584 bytes (Microsoft Corporation, Server driver)
0x82AE3000 C:\Windows\System32\drivers\volmgrx.sys 303104 bytes (Microsoft Corporation, Volume Manager Extension Driver)
0x8C3AD000 C:\Windows\system32\drivers\afd.sys 294912 bytes (Microsoft Corporation, Ancillary Function Driver for WinSock)
0x82A3A000 C:\Windows\system32\drivers\acpi.sys 286720 bytes (Microsoft Corporation, Pilote ACPI pour NT)
0x82890000 C:\Windows\system32\CLFS.SYS 266240 bytes (Microsoft Corporation, Common Log File System Driver)
0x8AF32000 C:\Windows\system32\DRIVERS\storport.sys 266240 bytes (Microsoft Corporation, Microsoft Storage Port Driver)
0x8AE3C000 C:\Windows\system32\DRIVERS\USBPORT.SYS 253952 bytes (Microsoft Corporation, USB 1.1 & 2.0 Port Driver)
0x86BB9000 C:\Windows\system32\DRIVERS\rdbss.sys 245760 bytes (Microsoft Corporation, Redirected Drive Buffering SubSystem Driver)
0x86497000 C:\Windows\System32\drivers\NETIO.SYS 241664 bytes (Microsoft Corporation, Network I/O Subsystem)
0x8691F000 C:\Windows\system32\drivers\volsnap.sys 233472 bytes (Microsoft Corporation, Pilote de cliché instantané du volume)
0x86B0A000 C:\Windows\system32\DRIVERS\usbhub.sys 217088 bytes (Microsoft Corporation, Default Hub Driver for USB)
0x86A16000 C:\Windows\system32\DRIVERS\yk60x86.sys 212992 bytes (Marvell, NDIS6.0 Miniport Driver for Marvell Yukon Ethernet Controller)
0x823C5000 ACPI_HAL 208896 bytes
0x823C5000 C:\Windows\system32\hal.dll 208896 bytes (Microsoft Corporation, Hardware Abstraction Layer DLL)
0x8640C000 C:\Windows\system32\drivers\fltmgr.sys 204800 bytes (Microsoft Corporation, Gestionnaire de filtres de système de fichiers Microsoft)
0x86B50000 C:\Windows\System32\DRIVERS\netbt.sys 204800 bytes (Microsoft Corporation, MBT Transport driver)
0x82B76000 C:\Windows\SYSTEM32\drivers\diskpt.sys 200704 bytes (SHADOWDEFENDER.COM, Shadow Defender Filter Driver)
0x8AF03000 C:\Windows\system32\DRIVERS\msiscsi.sys 192512 bytes (Microsoft Corporation, Microsoft iSCSI Initiator Driver)
0x82B42000 C:\Windows\system32\DRIVERS\pcmcia.sys 184320 bytes (Microsoft Corporation, Pilote de bus PCMCIA)
0x8C199000 C:\Windows\system32\drivers\portcls.sys 184320 bytes (Microsoft Corporation, Port Class (Class Driver for Port/Miniport Devices))
0x8646C000 C:\Windows\System32\drivers\msrpc.sys 176128 bytes (Microsoft Corporation, Kernel Remote Procedure Call Provider)
0x86AD3000 C:\Windows\system32\DRIVERS\ks.sys 172032 bytes (Microsoft Corporation, Kernel CSA Library)
0x8D1F2000 C:\Windows\system32\DRIVERS\nwifi.sys 172032 bytes (Microsoft Corporation, NativeWiFi Miniport Driver)
0x8D0A9000 C:\Windows\system32\DRIVERS\rfcomm.sys 167936 bytes (Microsoft Corporation, Bluetooth RFCOMM Driver)
0x867D0000 C:\Windows\System32\DRIVERS\srv2.sys 163840 bytes (Microsoft Corporation, Smb 2.0 Server driver)
0x8696F000 C:\Windows\System32\drivers\ecache.sys 159744 bytes (Microsoft Corporation, Special Memory Device Cache)
0x82A91000 C:\Windows\system32\drivers\pci.sys 159744 bytes (Microsoft Corporation, Énumérateur Plug-and-Play PCI pour NT)
0x8C1C6000 C:\Windows\system32\drivers\drmk.sys 151552 bytes (Microsoft Corporation, Microsoft Kernel DRM Descrambler Filter)
0x8AF95000 C:\Windows\system32\DRIVERS\ndiswan.sys 143360 bytes (Microsoft Corporation, MS PPP Framing Driver (Strong Encryption))
0x869A7000 C:\Windows\system32\drivers\CLASSPNP.SYS 135168 bytes (Microsoft Corporation, SCSI Class System Dll)
0x8D2BB000 C:\Windows\system32\drivers\mrxdav.sys 135168 bytes (Microsoft Corporation, Windows NT WebDav Minirdr)
0x8C330000 C:\Windows\System32\drivers\VIDEOPRT.SYS 135168 bytes (Microsoft Corporation, Video Port Driver)
0x82BBF000 C:\Windows\system32\drivers\ataport.SYS 122880 bytes (Microsoft Corporation, ATAPI Driver Extension)
0x8644E000 C:\Windows\System32\drivers\WRkrn.sys 122880 bytes (Webroot, Webroot SecureAnywhere)
0x8D3C4000 C:\Windows\System32\DRIVERS\srvnet.sys 118784 bytes (Microsoft Corporation, Server Network driver)
0x86743000 C:\Windows\System32\drivers\fwpkclnt.sys 110592 bytes (Microsoft Corporation, FWP/IPsec Kernel-Mode API)
0x8D10F000 C:\Windows\system32\drivers\luafv.sys 110592 bytes (Microsoft Corporation, Pilote de filtre de virtualisation de fichier LUA)
0x8D0DC000 C:\Windows\system32\DRIVERS\bthpan.sys 106496 bytes (Microsoft Corporation, Bluetooth Personal Area Networking)
0x8AE99000 C:\Windows\system32\DRIVERS\sdbus.sys 106496 bytes (Microsoft Corporation, SecureDigital Bus Driver)
0x8AEEB000 C:\Windows\system32\DRIVERS\cdrom.sys 98304 bytes (Microsoft Corporation, SCSI CD-ROM Driver)
0x867B9000 C:\Windows\System32\Drivers\dfsc.sys 94208 bytes (Microsoft Corporation, DFS Namespace Client Driver)
0x8AF73000 C:\Windows\system32\DRIVERS\rasl2tp.sys 94208 bytes (Microsoft Corporation, RAS L2TP mini-port/call-manager driver)
0x8C2F6000 C:\Windows\system32\tkdacxp.sys 94208 bytes (INCA Internet Co., Ltd., Tachyon MBR Protection Driver 1.0)
0xAB05E000 C:\Windows\system32\DRIVERS\cdfs.sys 90112 bytes (Microsoft Corporation, CD-ROM File System Driver)
0x86B82000 C:\Windows\system32\DRIVERS\pacer.sys 90112 bytes (Microsoft Corporation, Planificateur de paquets QoS)
0x8C383000 C:\Windows\system32\DRIVERS\tdx.sys 90112 bytes (Microsoft Corporation, TDI Translation Driver)
0x8D2A6000 C:\Windows\System32\drivers\mpsdrv.sys 86016 bytes (Microsoft Corporation, Microsoft Protection Service Driver)
0x8AFDB000 C:\Windows\system32\DRIVERS\rassstp.sys 86016 bytes (Microsoft Corporation, RAS SSTP Miniport Call Manager)
0x8AFC7000 C:\Windows\system32\DRIVERS\raspptp.sys 81920 bytes (Microsoft Corporation, Peer-to-Peer Tunneling Protocol)
0x8C399000 C:\Windows\system32\DRIVERS\smb.sys 81920 bytes (Microsoft Corporation, SMB Transport driver)
0x8AEC2000 C:\Windows\system32\DRIVERS\i8042prt.sys 77824 bytes (Microsoft Corporation, Pilote de port i8042)
0x8D226000 C:\Windows\system32\DRIVERS\rspndr.sys 77824 bytes (Microsoft Corporation, Link-Layer Topology Responder Driver for NDIS 6)
0x86BA6000 C:\Windows\system32\DRIVERS\wanarp.sys 77824 bytes (Microsoft Corporation, MS Remote Access and Routing ARP Driver)
0x86996000 C:\Windows\system32\drivers\disk.sys 69632 bytes (Microsoft Corporation, PnP Disk Driver)
0x86B3F000 C:\Windows\System32\Drivers\NDProxy.SYS 69632 bytes (Microsoft Corporation, NDIS Proxy)
0x82877000 C:\Windows\system32\PSHED.dll 69632 bytes (Microsoft Corporation, Pilote d’erreurs matérielles spécifiques à une plateforme)
0x8AE89000 C:\Windows\system32\DRIVERS\EMS7SK.sys 65536 bytes (ENE Technology Inc., ENE PCI Memory Stick Card Reader Driver)
0x8643E000 C:\Windows\system32\drivers\fileinfo.sys 65536 bytes (Microsoft Corporation, FileInfo Filter Driver)
0x8D1E2000 C:\Windows\system32\DRIVERS\lltdio.sys 65536 bytes (Microsoft Corporation, Link-Layer Topology Mapper I/O Driver)
0x82BA7000 C:\Windows\System32\drivers\mountmgr.sys 65536 bytes (Microsoft Corporation, Mount Point Manager)
0x8AFF0000 C:\Windows\system32\DRIVERS\termdd.sys 65536 bytes (Microsoft Corporation, Terminal Server Driver)
0x86A07000 C:\Windows\system32\DRIVERS\intelppm.sys 61440 bytes (Microsoft Corporation, Processor Device Driver)
0x8D100000 C:\Windows\system32\DRIVERS\monitor.sys 61440 bytes (Microsoft Corporation, Monitor Driver)
0x86960000 C:\Windows\System32\Drivers\mup.sys 61440 bytes (Microsoft Corporation, Multiple UNC Provider driver)
0x82AB8000 C:\Windows\System32\drivers\partmgr.sys 61440 bytes (Microsoft Corporation, Partition Management Driver)
0x8AFB8000 C:\Windows\system32\DRIVERS\raspppoe.sys 61440 bytes (Microsoft Corporation, RAS PPPoE mini-port/call-manager driver)
0x8AE7A000 C:\Windows\system32\DRIVERS\usbehci.sys 61440 bytes (Microsoft Corporation, EHCI eUSB Miniport Driver)
0x82AD4000 C:\Windows\system32\drivers\volmgr.sys 61440 bytes (Microsoft Corporation, Volume Manager Driver)
0x942A0000 C:\Windows\System32\cdd.dll 57344 bytes (Microsoft Corporation, Canonical Display Driver)
0x86B98000 C:\Windows\system32\DRIVERS\netbios.sys 57344 bytes (Microsoft Corporation, NetBIOS interface driver)
0x8C36C000 C:\Windows\System32\Drivers\Npfs.SYS 57344 bytes (Microsoft Corporation, NPFS Driver)
0x82B34000 C:\Windows\system32\drivers\PCIIDEX.SYS 57344 bytes (Microsoft Corporation, PCI IDE Bus Driver Extension)
0x86800000 C:\Windows\System32\Drivers\BTHUSB.sys 53248 bytes (Microsoft Corporation, Bluetooth Miniport Driver)
0x8D087000 C:\Windows\System32\Drivers\crashdmp.sys 53248 bytes (Microsoft Corporation, Crash Dump Driver)
0x8C2E2000 C:\Windows\system32\drivers\modem.sys 53248 bytes (Microsoft Corporation, Pilote de périphérique modem)
0x86AFD000 C:\Windows\system32\DRIVERS\umbus.sys 53248 bytes (Microsoft Corporation, User-Mode Bus Enumerator)
0x82A2D000 C:\Windows\system32\drivers\WDFLDR.SYS 53248 bytes (Microsoft Corporation, WDFLDR)
0x8D3E1000 C:\Windows\System32\drivers\tcpipreg.sys 49152 bytes (Microsoft Corporation, TCP/IP Registry Compatibility Driver)
0x8C324000 C:\Windows\System32\drivers\vga.sys 49152 bytes (Microsoft Corporation, VGA/Super VGA Video Driver)
0x8AB52000 C:\Windows\System32\drivers\watchdog.sys 49152 bytes (Microsoft Corporation, Watchdog Driver)
0xAB053000 C:\PROGRAM FILES\EMSISOFT ANTI-MALWARE\a2accx86.sys 45056 bytes (Emsisoft GmbH, Emsisoft Anti-Malware File Guard)
0x8D094000 C:\Windows\System32\Drivers\dump_dumpata.sys 45056 bytes
0x8AEB3000 C:\Windows\system32\DRIVERS\ESD7SK.sys 45056 bytes (ENE Technology Inc., ENE PCI Secure Digital / MMC Card Reader Driver)
0x8AED5000 C:\Windows\system32\DRIVERS\kbdclass.sys 45056 bytes (Microsoft Corporation, Pilote de la classe Clavier)
0x8AEE0000 C:\Windows\system32\DRIVERS\mouclass.sys 45056 bytes (Microsoft Corporation, Pilote de la classe Souris)
0x8C361000 C:\Windows\System32\Drivers\Msfs.SYS 45056 bytes (Microsoft Corporation, Mailslot driver)
0x8AF8A000 C:\Windows\system32\DRIVERS\ndistapi.sys 45056 bytes (Microsoft Corporation, NDIS 3.0 connection wrapper driver)
0x865DD000 C:\Windows\System32\drivers\TDI.SYS 45056 bytes (Microsoft Corporation, TDI Wrapper)
0x869F3000 C:\Windows\system32\DRIVERS\tunnel.sys 45056 bytes (Microsoft Corporation, Microsoft Tunnel Interface Driver)
0x8AE31000 C:\Windows\system32\DRIVERS\usbuhci.sys 45056 bytes (Microsoft Corporation, UHCI USB Miniport Driver)
0x82ACA000 C:\Windows\system32\DRIVERS\BATTC.SYS 40960 bytes (Microsoft Corporation, Battery Class Driver)
0x8D0D2000 C:\Windows\system32\DRIVERS\BthEnum.sys 40960 bytes (Microsoft Corporation, Bluetooth Bus Extender)
0x8D09F000 C:\Windows\System32\Drivers\dump_msahci.sys 40960 bytes
0x8D0F6000 C:\Windows\System32\drivers\Dxapi.sys 40960 bytes (Microsoft Corporation, DirectX API Driver)
0x82BDD000 C:\Windows\system32\drivers\msahci.sys 40960 bytes (Microsoft Corporation, MS AHCI 1.0 Standard Driver)
0x8ABEB000 C:\Windows\system32\DRIVERS\mssmbios.sys 40960 bytes (Microsoft Corporation, System Management BIOS Driver)
0x8D21C000 C:\Windows\system32\DRIVERS\ndisuio.sys 40960 bytes (Microsoft Corporation, NDIS User mode I/O driver)
0x8C3F5000 C:\Windows\system32\drivers\nsiproxy.sys 40960 bytes (Microsoft Corporation, NSI Proxy)
0x8D3BA000 C:\Windows\System32\Drivers\secdrv.SYS 40960 bytes (Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K., Macrovision SECURITY Driver)
0xAB07B000 C:\Windows\System32\Drivers\BlackBox.SYS 36864 bytes (RKU Driver)
0x869C8000 C:\Windows\system32\drivers\crcdisk.sys 36864 bytes (Microsoft Corporation, Disk Block Verification Filter Driver)
0x8C30D000 C:\Windows\System32\Drivers\Fs_Rec.SYS 36864 bytes (Microsoft Corporation, File System Recognizer Driver)
0x8C37A000 C:\Windows\System32\DRIVERS\rasacd.sys 36864 bytes (Microsoft Corporation, RAS Automatic Connection Driver)
0x94260000 C:\Windows\System32\TSDDD.dll 36864 bytes (Microsoft Corporation, Framebuffer Display Driver)
0x869FE000 C:\Windows\system32\DRIVERS\tunmp.sys 36864 bytes (Microsoft Corporation, Microsoft Tunnel Interface Driver)
0x82A80000 C:\Windows\system32\drivers\WMILIB.SYS 36864 bytes (Microsoft Corporation, WMILIB WMI support library Dll)
0x82BB7000 C:\Windows\system32\drivers\atapi.sys 32768 bytes (Microsoft Corporation, ATAPI IDE Miniport Driver)
0x82888000 C:\Windows\system32\BOOTVID.dll 32768 bytes (Microsoft Corporation, VGA Boot Driver)
0x82A89000 C:\Windows\system32\drivers\msisadrv.sys 32768 bytes (Microsoft Corporation, ISA Driver)
0x8C351000 C:\Windows\System32\DRIVERS\RDPCDD.sys 32768 bytes (Microsoft Corporation, RDP Miniport)
0x8C359000 C:\Windows\system32\drivers\rdpencdd.sys 32768 bytes (Microsoft Corporation, RDP Miniport)
0x86958000 C:\Windows\System32\Drivers\spldr.sys 32768 bytes (Microsoft Corporation, loader for security processor)
0x8C2EF000 C:\Program Files\Emsisoft Anti-Malware\a2dix86.sys 28672 bytes (Emsisoft GmbH, Emsisoft Anti-Malware Behavior Blocker)
0x8C31D000 C:\Windows\System32\Drivers\Beep.SYS 28672 bytes (Microsoft Corporation, BEEP Driver)
0x82B2D000 C:\Windows\system32\drivers\intelide.sys 28672 bytes (Microsoft Corporation, Intel PCI IDE Driver)
0x82800000 C:\Windows\system32\kdcom.dll 28672 bytes (Microsoft Corporation, Kernel Debugger HW Extension DLL)
0xAB074000 C:\Users\Flore\AppData\Local\Temp\mbr.sys 28672 bytes
0x8C316000 C:\Windows\System32\Drivers\Null.SYS 28672 bytes (Microsoft Corporation, NULL Driver)
0x82B6F000 C:\Windows\system32\DRIVERS\pciide.sys 28672 bytes (Microsoft Corporation, Generic PCI IDE Bus Driver)
0x8AEBE000 C:\Windows\system32\DRIVERS\CmBatt.sys 16384 bytes (Microsoft Corporation, Control Method Battery Driver)
0x8C002000 C:\Program Files\Emsisoft Anti-Malware\a2ddax86.sys 12288 bytes (Emsi Software GmbH, Emsisoft Direct Disk Access Support Driver)
0x82AC7000 C:\Windows\system32\DRIVERS\compbatt.sys 12288 bytes (Microsoft Corporation, Composite Battery Driver)
0x8C000000 C:\Program Files\Emsisoft Anti-Malware\a2util32.sys 8192 bytes (Emsi Software GmbH, a-squared Malware-IDS utility driver)
0x8AC00000 C:\Windows\system32\DRIVERS\swenum.sys 8192 bytes (Microsoft Corporation, Plug and Play Software Device Enumerator)
0x8D085000 C:\Windows\System32\Drivers\USBD.SYS 8192 bytes (Microsoft Corporation, Universal Serial Bus Driver)
==============================================
>Stealth
==============================================

#6 ramaflore

ramaflore
  • Topic Starter

  • Members
  • 87 posts
  • OFFLINE
  •  
  • Local time:11:31 PM

Posted 19 July 2012 - 08:40 AM

Security Check log :

pp Results of screen317's Security Check version 0.99.43
Windows Vista Service Pack 2 x86 (UAC is disabled!)
Internet Explorer 9
``````````````Antivirus/Firewall Check:``````````````
Windows Security Center service is not running! This report may not be accurate!
Emsisoft Anti-Malware
Webroot SecureAnywhere
Antivirus up to date!
`````````Anti-malware/Other Utilities Check:`````````
Java™ 6 Update 31
Java version out of Date!
Adobe Flash Player 11.2.202.235
Mozilla Firefox 11.0 Firefox out of Date!
````````Process Check: objlist.exe by Laurent````````
Emsisoft Anti-Malware a2service.exe
Shadow Defender DefenderDaemon.exe
`````````````````System Health check`````````````````
Total Fragmentation on Drive C: %
````````````````````End of Log``````````````````````

#7 ramaflore

ramaflore
  • Topic Starter

  • Members
  • 87 posts
  • OFFLINE
  •  
  • Local time:11:31 PM

Posted 19 July 2012 - 10:49 AM

I enabled UAC control and update Java to the last version, 7 and Firefox 14. :thumbup2:

Edited by ramaflore, 19 July 2012 - 04:21 PM.


#8 ramaflore

ramaflore
  • Topic Starter

  • Members
  • 87 posts
  • OFFLINE
  •  
  • Local time:11:31 PM

Posted 19 July 2012 - 02:31 PM

Since I ran RKUnhooker as you request, it's launching at startup and I couldn't kill this process. How can I do ?

Emsisoft AntiMalware detected this afternoon when browsing an exe file,1D8B60D2.exe located on the System32 folder. I make a search on the system32 folder and I didn't see such file.

Please check both attachments.

Attached Files



#9 ramaflore

ramaflore
  • Topic Starter

  • Members
  • 87 posts
  • OFFLINE
  •  
  • Local time:11:31 PM

Posted 20 July 2012 - 05:29 AM

Update thread:

I could kill RKUnhooker process.

Here you are traces in the registry of 1D8B60D2.exe:

Windows Registry Editor Version 5.00

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Enum\Root\LEGACY_1D8B60D2]
"NextInstance"=dword:00000001

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Enum\Root\LEGACY_1D8B60D2\0000]
"Service"="1D8B60D2"
"Legacy"=dword:00000001
"ConfigFlags"=dword:00000000
"Class"="LegacyDriver"
"ClassGUID"="{8ECC055D-047F-11D1-A537-0000F8753ED1}"
"DeviceDesc"="1D8B60D2"

Windows Registry Editor Version 5.00

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\1D8B60D2]
"Type"=dword:00000010
"Start"=dword:00000003
"ErrorControl"=dword:00000001
"ImagePath"=hex(2):43,00,3a,00,5c,00,57,00,69,00,6e,00,64,00,6f,00,77,00,73,00,\
5c,00,73,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,5c,00,31,00,44,00,38,\
00,42,00,36,00,30,00,44,00,32,00,2e,00,65,00,78,00,65,00,00,00
"ObjectName"="LocalSystem"

#10 Guest_White Warrior_*

Guest_White Warrior_*

  • Guests
  • OFFLINE
  •  

Posted 21 July 2012 - 01:46 AM

Hi ramaflore

Please run ComboFix.exe. Please visit this webpage for download links, and instructions for running the tool:

http://www.bleepingcomputer.com/combofix/how-to-use-combofix

Ensure you have disabled all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

Please include the C:\ComboFix.txt in your next reply for further review.

How is the computer performing now?

White Warrior

#11 ramaflore

ramaflore
  • Topic Starter

  • Members
  • 87 posts
  • OFFLINE
  •  
  • Local time:11:31 PM

Posted 21 July 2012 - 09:35 AM

ComboFix 12-07-21.01 - Flore 21/07/2012 16:04:05.1.2 - x86
Microsoft® Windows Vista™ Professionnel 6.0.6002.2.1252.33.1036.18.1013.443 [GMT 2:00]
Lancé depuis: c:\users\Flore\Desktop\ComboFix.exe
AV: Emsisoft Anti-Malware *Enabled/Updated* {8504DEEF-CC04-1F76-2137-F1A5F4A659DA}
AV: Webroot SecureAnywhere *Enabled/Updated* {9C0666FC-6C7D-3E97-3C40-0C6B33FC7401}
SP: Emsisoft Anti-Malware *Enabled/Updated* {3E653F0B-EA3E-10F8-1B87-CAD78F211367}
SP: Webroot SecureAnywhere *Enabled/Updated* {27678718-4A47-3119-06F0-3719487B3EBC}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\windows\11290197.exe
c:\windows\12812112.exe
c:\windows\16305630.exe
c:\windows\52562384.exe
c:\windows\60139727.exe
.
.
((((((((((((((((((((((((((((( Fichiers créés du 2012-06-21 au 2012-07-21 ))))))))))))))))))))))))))))))))))))
.
.
2012-07-21 14:16 . 2012-07-21 14:17 -------- d-----w- c:\users\Flore\AppData\Local\temp
2012-07-21 14:16 . 2012-07-21 14:16 -------- d-----w- c:\users\Transparence\AppData\Local\temp
2012-07-21 14:16 . 2012-07-21 14:16 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-07-21 13:43 . 2012-07-21 13:43 -------- d-----w- c:\users\Public\PBKGVidlGdixhat
2012-07-19 13:46 . 2012-07-19 13:46 -------- d-----w- c:\program files\Common Files\Java
2012-07-19 13:45 . 2012-07-19 13:45 -------- d-----w- c:\program files\Oracle
2012-07-19 13:45 . 2012-07-05 20:06 772544 ----a-w- c:\windows\system32\npDeployJava1.dll
2012-07-18 00:15 . 2012-07-18 00:15 -------- d-----w- c:\program files\INCAInternet
2012-07-17 22:28 . 2012-07-20 23:49 -------- d-----w- c:\users\Transparence\AppData\Roaming\Media Player Classic
2012-07-17 22:06 . 2012-07-17 22:06 -------- d-----w- c:\users\Flore\AppData\Roaming\Media Player Classic
2012-07-17 22:05 . 2012-05-26 10:36 178176 ----a-w- c:\windows\system32\unrar.dll
2012-07-17 22:05 . 2012-07-17 22:05 -------- d-----w- c:\program files\MPC-HC
2012-07-16 12:58 . 2012-07-21 12:44 -------- d-----w- c:\users\Transparence\AppData\Roaming\vlc
2012-07-16 02:27 . 2012-07-16 02:27 419488 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2012-07-16 02:27 . 2012-07-16 02:27 70304 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2012-07-16 01:48 . 2012-07-16 01:48 -------- d-----w- c:\users\Flore\AppData\Local\Daum
2012-07-16 01:48 . 2012-07-16 01:48 -------- d-----w- c:\users\Flore\AppData\Roaming\PotPlayerMini
2012-07-16 01:43 . 2008-10-27 08:04 514384 ----a-w- c:\windows\system32\XAudio2_3.dll
2012-07-16 01:35 . 2012-07-16 01:35 -------- d-----w- c:\program files\Daum
2012-07-16 00:53 . 2008-02-11 18:13 920088 ----a-w- c:\windows\system32\igxpun.exe
2012-07-16 00:06 . 2012-07-16 00:13 -------- d-----w- c:\users\Flore\AppData\Roaming\vlc
2012-07-15 21:12 . 2012-07-15 22:15 -------- d-----w- C:\Intel
2012-07-15 09:31 . 2012-07-18 23:38 -------- d-----w- c:\users\Flore\Vba32arkit
2012-07-13 11:48 . 2012-07-13 11:48 -------- d-----w- c:\users\Transparence\AppData\Roaming\Malwarebytes
2012-07-13 07:27 . 2012-07-13 07:27 -------- d-----w- c:\users\Flore\AppData\Roaming\Malwarebytes
2012-07-13 07:27 . 2012-07-13 07:27 -------- d-----w- c:\programdata\Malwarebytes
2012-07-12 10:24 . 2012-07-12 10:25 -------- d-----w- c:\users\Transparence\AppData\Roaming\hellomoto
2012-07-03 20:47 . 2012-07-03 20:47 -------- d-----w- c:\users\Public\fF8ePJBEfoJahat
2012-07-03 09:38 . 2012-07-03 09:38 -------- d-----w- c:\users\Public\xA9kLFmQACgOhat
2012-07-03 01:02 . 2012-07-03 01:02 -------- d-----w- c:\users\Public\tCkWwmR13EUBhat
2012-07-01 18:29 . 2012-07-01 18:29 -------- d-----w- c:\users\Public\PWTqaF5gicNthat
2012-06-30 19:49 . 2012-06-30 19:49 12872 ----a-w- c:\windows\system32\bootdelete.exe
2012-06-30 14:14 . 2012-06-30 14:14 -------- d-----w- c:\users\Public\tVIS5akThLTAhat
2012-06-30 13:54 . 2012-06-30 13:54 -------- d-----w- c:\users\Public\BvOpiD8qHg8nhat
2012-06-30 13:53 . 2012-06-30 13:53 -------- d-----w- c:\users\Public\kfIXT2RZNciDhat
2012-06-29 15:38 . 2012-06-29 15:38 -------- d-----w- c:\users\Public\vAKwXTHOWa6lhat
2012-06-29 15:08 . 2012-06-29 15:08 -------- d-----w- c:\users\Public\a85QRQllCEiqhat
2012-06-29 12:20 . 2012-06-29 12:20 -------- d-----w- c:\users\Public\2bcvpMHbriFBhat
2012-06-29 10:46 . 2012-06-29 10:46 -------- d-----w- c:\users\Public\hDqQGZCwvm3ahat
2012-06-29 09:50 . 2012-06-29 09:50 -------- d-----w- c:\users\Flore\AppData\Local\Apps
2012-06-29 00:42 . 2012-06-29 09:23 -------- d-----w- c:\users\Flore\AppData\Roaming\IrfanView
2012-06-28 01:09 . 2012-06-28 01:09 -------- d-----w- c:\users\Flore\AppData\Local\Macromedia
2012-06-28 00:54 . 2012-06-28 00:54 -------- d-----w- c:\users\Transparence\AppData\Local\Xequte
2012-06-28 00:26 . 2012-06-28 00:26 -------- d-----w- c:\program files\FuturixImager
2012-06-28 00:10 . 2012-06-28 00:10 -------- d-----w- c:\program files\MycView
2012-06-27 23:16 . 2012-06-27 23:16 -------- d-----w- c:\program files\JPEGView_1_0_26
2012-06-27 10:33 . 2012-06-27 10:33 -------- d-----w- c:\users\Public\6Z6G7FJkkCMThat
2012-06-26 18:32 . 2012-06-26 18:32 -------- d-----w- c:\users\Public\BxdrB6aRtmvnhat
2012-06-26 18:27 . 2012-06-26 18:27 -------- d-----w- c:\users\Public\fIM56MhElozBhat
2012-06-24 22:24 . 2012-06-24 22:24 -------- d-----w- c:\users\Public\LNLNJG2OLHBwhat
2012-06-24 19:40 . 2012-06-24 19:40 -------- d-----w- c:\users\Public\vhv4HhliUOTZhat
2012-06-23 23:51 . 2012-06-23 23:51 -------- d-----w- c:\users\Public\SJzyc8reKRgThat
2012-06-23 15:29 . 2012-06-23 15:29 -------- d-----w- c:\users\Public\PHWTnMDgEofwhat
2012-06-23 10:03 . 2012-06-23 10:03 -------- d-----w- c:\users\Public\vpXy1NPE5UTRhat
2012-06-23 08:28 . 2012-06-23 08:28 -------- d-----w- c:\users\Public\do37mOn1dbV7hat
2012-06-22 22:50 . 2012-06-22 22:50 -------- d-----w- c:\users\Public\8qSiK7p3dohBhat
2012-06-22 14:38 . 2012-06-22 14:38 -------- d-----w- c:\users\Public\pvcTWlXxIJrHhat
2012-06-22 13:04 . 2012-06-22 13:04 -------- d-----w- c:\users\Public\QoOcHoiVhTtxhat
2012-06-22 09:20 . 2012-06-22 09:20 -------- d-----w- c:\users\Public\a5S6o58J0CHshat
2012-06-21 15:32 . 2012-06-21 15:32 -------- d-----w- c:\users\Public\UTQF5I7CvRS7hat
.
.
.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-07-05 20:06 . 2012-04-24 10:15 687544 ----a-w- c:\windows\system32\deployJava1.dll
2012-07-01 22:12 . 2011-12-14 23:15 148664 ----a-w- c:\windows\system32\WRusr.dll
2012-07-01 09:09 . 2011-12-14 23:15 111632 ----a-w- c:\windows\system32\drivers\WRkrn.sys
2012-06-02 22:19 . 2012-06-21 09:16 53784 ----a-w- c:\windows\system32\wuauclt.exe
2012-06-02 22:19 . 2012-06-21 09:16 45080 ----a-w- c:\windows\system32\wups2.dll
2012-06-02 22:19 . 2012-06-21 09:16 35864 ----a-w- c:\windows\system32\wups.dll
2012-06-02 22:19 . 2012-06-21 09:16 577048 ----a-w- c:\windows\system32\wuapi.dll
2012-06-02 22:19 . 2012-06-21 09:16 1933848 ----a-w- c:\windows\system32\wuaueng.dll
2012-06-02 22:12 . 2012-06-21 09:16 2422272 ----a-w- c:\windows\system32\wucltux.dll
2012-06-02 22:12 . 2012-06-21 09:16 88576 ----a-w- c:\windows\system32\wudriver.dll
2012-06-02 13:19 . 2012-06-21 09:16 171904 ----a-w- c:\windows\system32\wuwebv.dll
2012-06-02 13:12 . 2012-06-21 09:16 33792 ----a-w- c:\windows\system32\wuapp.exe
2012-04-26 10:56 . 2012-04-26 10:56 134984 ----a-w- c:\windows\system32\LnkProtect.dll
2012-07-14 00:15 . 2012-07-19 20:19 136672 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
.
.
((((((((((((((((((((((((((((((((( Points de chargement Reg ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés
REGEDIT4
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"emsisoft anti-malware"="c:\program files\emsisoft anti-malware\a2guard.exe" [2012-06-19 3367328]
"WRSVC"="c:\program files\Webroot\WRSA.exe" [2012-07-01 688360]
"Shadow Defender Daemon"="c:\program files\Shadow Defender\DefenderDaemon.exe" [2011-02-21 253483]
"NpMBRGuard"="c:\program files\INCAInternet\nProtect MBR Guard\nPMBRGuard.exe" [2012-07-10 586080]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2012-01-17 252296]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2008-02-11 141848]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2008-02-11 166424]
"Persistence"="c:\windows\system32\igfxpers.exe" [2008-02-11 133656]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"NoDevMgrUpdate"= 0 (0x0)
"NoDFSTab"= 0 (0x0)
"NoEncryptOnMove"= 0 (0x0)
"NoResolveTrack"= 0 (0x0)
"NoStartMenuSubFolders"= 0 (0x0)
.
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"NoDevMgrUpdate"= 0 (0x0)
"NoDFSTab"= 0 (0x0)
"NoEncryptOnMove"= 0 (0x0)
"NoResolveTrack"= 0 (0x0)
"NoStartMenuSubFolders"= 0 (0x0)
.
[HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer]
"DisableLocalMachineRun"= 0 (0x0)
"DisableLocalMachineRunOnce"= 0 (0x0)
"DisableCurrentUserRun"= 0 (0x0)
"DisableCurrentUserRunOnce"= 0 (0x0)
"NoFile"= 0 (0x0)
"HideClock"= 0 (0x0)
"NoDevMgrUpdate"= 0 (0x0)
"NoDFSTab"= 0 (0x0)
"NoEncryptOnMove"= 0 (0x0)
"NoResolveTrack"= 0 (0x0)
"NoStartMenuSubFolders"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HotKeysCmds]
2008-02-11 18:13 166424 ----a-w- c:\windows\System32\hkcmd.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IgfxTray]
2008-02-11 18:13 141848 ----a-w- c:\windows\System32\igfxtray.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Persistence]
2008-02-11 18:13 133656 ----a-w- c:\windows\System32\igfxpers.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
2012-01-17 09:07 252296 ----a-w- c:\program files\Common Files\Java\Java Update\jusched.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Windows Defender]
2008-01-18 22:38 1008184 ----a-w- c:\program files\Windows Defender\MSASCui.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc]
"FirewallOverride"=dword:00000001
.
R2 a2AntiMalware;Emsisoft Anti-Malware 6.0 - Service;c:\program files\Emsisoft Anti-Malware\a2service.exe [x]
R3 a2acc;a2acc;c:\program files\EMSISOFT ANTI-MALWARE\a2accx86.sys [x]
S1 A2DDA;A2 Direct Disk Access Support Driver;c:\program files\Emsisoft Anti-Malware\a2ddax86.sys [x]
S1 a2injectiondriver;a2injectiondriver;c:\program files\Emsisoft Anti-Malware\a2dix86.sys [x]
S1 a2util;a-squared Malware-IDS utility driver;c:\program files\Emsisoft Anti-Malware\a2util32.sys [x]
.
.
--- Autres Services/Pilotes en mémoire ---
.
*NewlyCreated* - A2ANTIMALWARE
*NewlyCreated* - WRSVC
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LocalServiceNoNetwork REG_MULTI_SZ PLA DPS BFE mpssvc
bthsvcs REG_MULTI_SZ BthServ
LocalServiceAndNoImpersonation REG_MULTI_SZ FontCache
.
.
------- Examen supplémentaire -------
.
TCP: DhcpNameServer = 192.168.1.1
FF - ProfilePath - c:\users\Flore\AppData\Roaming\Mozilla\Firefox\Profiles\3mx75wwm.default\
FF - prefs.js: browser.search.selectedEngine - Ask.com
FF - prefs.js: browser.startup.homepage - hxxp://fr.yahoo.com/
.
.
------- Associations de fichier -------
.
JSEFile="%SystemRoot%\System32\WScript.exe" "%1" %*
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2012-07-21 16:17
Windows 6.0.6002 Service Pack 2 NTFS
.
detected NTDLL code modification:
ZwOpenFile
.
Recherche de processus cachés ...
.
Recherche d'éléments en démarrage automatique cachés ...
.
Recherche de fichiers cachés ...
.
.
c:\users\Flore\AppData\Local\Temp\catchme.dll 53248 bytes executable
.
Scan terminé avec succès
Fichiers cachés: 1
.
**************************************************************************
.
--------------------- CLES DE REGISTRE BLOQUEES ---------------------
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet004\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
"MSCurrentCountry"=dword:000000b5
.
Heure de fin: 2012-07-21 16:22:18
ComboFix-quarantined-files.txt 2012-07-21 14:22
.
Avant-CF: 38 489 817 088 octets libres
Après-CF: 38 862 835 712 octets libres
.
- - End Of File - - 3D9CF96CD1D78806045CB6ADA6BB9EED

#12 ramaflore

ramaflore
  • Topic Starter

  • Members
  • 87 posts
  • OFFLINE
  •  
  • Local time:11:31 PM

Posted 21 July 2012 - 09:43 AM

My laptop is slowler now. Before running combofix, I make a defragmentation.

Surfing on the net is also slower now.

Remarks: I disabled my AV and Anti-malware program from the system tray. When running Combofix, it detected both AV and AM programs, that I disabled and removed from system tray. So that, I disabled services related to those programs. I told you that because I noticed that in the combofix log, it's said that those security programs were enabled.

What about my previous post ? http://www.bleepingcomputer.com/forums/topic460509.html/page__view__findpost__p__2772169

Did you analyze the previous reports, you don't tell me anything about it.

#13 Guest_White Warrior_*

Guest_White Warrior_*

  • Guests
  • OFFLINE
  •  

Posted 24 July 2012 - 02:02 AM

Hi ramaflore

Did you analyze the previous reports, you don't tell me anything about it.

Yes I saw that. Those registry entries are nothing to worry about. They are in an old controlset which is not active and they will disappear after a few reboots.

You have more than one antivirus program and more than one anti-spyware program running on your computer.

I do not recommend that you have more than one anti virus product installed and running on your computer at a time. The reason for this is that if both products have their automatic (Real-Time) protection switched on, then those products which do not encrypt the virus strings within them can cause other anti virus products to cause "false alarms". It can also lead to a clash as both products fight for access to files which are opened again this is the resident/automatic protection. In general terms, the two programs may conflict and cause:
1) False Alarms: When the anti virus software tells you that your PC has a virus when it actually doesn't.
2) System Performance Problems: Your system may lock up due to both products attempting to access the same file at the same time.
Therefore please go to add/remove in the control panel and remove either Emsisoft Anti-Malware or Webroot SecureAnywhere.

Please leave Windows Defender disabled.

We need to create an OTL Report
  • Please download OTL from the following mirror:
  • Save it to your desktop.
  • Double click on the Posted Image icon on your desktop.
  • Click the "Scan All Users" checkbox.
  • Push the Posted Image button.
  • Two reports will open, copy and paste them in a reply here:
    • OTL.txt <-- Will be opened
    • Extra.txt <-- Will be minimized
White Warrior

#14 ramaflore

ramaflore
  • Topic Starter

  • Members
  • 87 posts
  • OFFLINE
  •  

Posted 24 July 2012 - 11:22 AM

OTL logfile created on: 24/07/2012 18:00:41 - Run 2
OTL by OldTimer - Version 3.2.54.1 Folder = C:\Users\Transparence\Desktop
Windows Vista Business Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 0000040c | Country: France | Language: FRA | Date Format: dd/MM/yyyy

1013,44 Mb Total Physical Memory | 243,00 Mb Available Physical Memory | 23,98% Memory free
2,24 Gb Paging File | 1,17 Gb Available in Paging File | 52,12% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 67,84 Gb Total Space | 36,04 Gb Free Space | 53,12% Space Free | Partition Type: NTFS
Drive D: | 43,94 Gb Total Space | 31,41 Gb Free Space | 71,48% Space Free | Partition Type: NTFS

Computer Name: PC-DE-FLORE | User Name: Flore | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2012/07/24 17:55:17 | 000,596,480 | ---- | M] (OldTimer Tools) -- C:\Users\Transparence\Desktop\OTL.exe
PRC - [2012/07/14 02:13:42 | 000,913,888 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe
PRC - [2012/07/10 06:50:22 | 000,586,080 | ---- | M] (INCA Internet Co., Ltd.) -- C:\Program Files\INCAInternet\nProtect MBR Guard\nPMBRGuard.exe
PRC - [2012/06/27 09:25:04 | 000,681,056 | ---- | M] (Secunia) -- C:\Program Files\Secunia\PSI\sua.exe
PRC - [2012/06/19 13:01:42 | 003,069,752 | ---- | M] (Emsisoft GmbH) -- C:\Program Files\Emsisoft Anti-Malware\a2service.exe
PRC - [2012/06/19 13:01:41 | 003,367,328 | ---- | M] (Emsisoft GmbH) -- C:\Program Files\Emsisoft Anti-Malware\a2guard.exe
PRC - [2012/04/07 00:40:10 | 000,090,952 | ---- | M] (SurfRight B.V.) -- C:\Program Files\HitmanPro\hmpsched.exe
PRC - [2011/12/29 10:56:18 | 000,213,312 | ---- | M] (INCA Internet Co., Ltd.) -- C:\Program Files\INCAInternet\nProtect MBR Guard\nPMBRSvc.exe
PRC - [2011/02/21 07:22:27 | 000,253,483 | ---- | M] (SHADOWDEFENDER.COM) -- C:\Program Files\Shadow Defender\DefenderDaemon.exe
PRC - [2009/12/15 17:26:06 | 000,065,840 | ---- | M] (Nalpeiron Ltd.) -- C:\Windows\System32\NLSSRV32.EXE
PRC - [2009/12/15 17:22:32 | 000,196,912 | ---- | M] (Nitro PDF Software) -- C:\Program Files\Nitro PDF\Express\NitroPDFExpressDriverService.exe
PRC - [2009/04/11 00:27:38 | 002,926,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe


========== Modules (No Company Name) ==========

MOD - [2012/07/14 02:14:07 | 002,003,424 | ---- | M] () -- C:\Program Files\Mozilla Firefox\mozjs.dll


========== Win32 Services (SafeList) ==========

SRV - [2012/07/23 22:06:59 | 000,250,056 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\System32\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2012/07/14 02:13:54 | 000,113,120 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2012/07/01 11:08:55 | 000,688,360 | ---- | M] (Webroot) [Auto | Stopped] -- C:\Program Files\Webroot\WRSA.exe -- (WRSVC)
SRV - [2012/06/27 09:25:06 | 001,326,176 | ---- | M] (Secunia) [On_Demand | Stopped] -- C:\Program Files\Secunia\PSI\PSIA.exe -- (Secunia PSI Agent)
SRV - [2012/06/27 09:25:04 | 000,681,056 | ---- | M] (Secunia) [Auto | Running] -- C:\Program Files\Secunia\PSI\sua.exe -- (Secunia Update Agent)
SRV - [2012/06/19 13:01:42 | 003,069,752 | ---- | M] (Emsisoft GmbH) [Auto | Running] -- C:\Program Files\Emsisoft Anti-Malware\a2service.exe -- (a2AntiMalware)
SRV - [2012/04/07 00:40:10 | 000,090,952 | ---- | M] (SurfRight B.V.) [Auto | Running] -- C:\Program Files\HitmanPro\hmpsched.exe -- (HitmanProScheduler)
SRV - [2011/12/29 10:56:18 | 000,213,312 | ---- | M] (INCA Internet Co., Ltd.) [Auto | Running] -- C:\Program Files\INCAInternet\nProtect MBR Guard\nPMBRSvc.exe -- (MBRGuardSvc)
SRV - [2009/12/15 17:26:06 | 000,065,840 | ---- | M] (Nalpeiron Ltd.) [Auto | Running] -- C:\Windows\System32\NLSSRV32.EXE -- (nlsX86cc)
SRV - [2009/12/15 17:22:32 | 000,196,912 | ---- | M] (Nitro PDF Software) [Auto | Running] -- C:\Program Files\Nitro PDF\Express\NitroPDFExpressDriverService.exe -- (NitroExpressDriverReadSpool)
SRV - [2008/01/19 00:38:26 | 000,272,952 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\mpsvc.dll -- (WinDefend)


========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\nwlnkfwd.sys -- (NwlnkFwd)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\nwlnkflt.sys -- (NwlnkFlt)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\ipinip.sys -- (IpInIp)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Users\Flore\AppData\Local\Temp\catchme.sys -- (catchme)
DRV - File not found [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\blbdrive.sys -- (blbdrive)
DRV - [2012/07/01 11:09:00 | 000,111,632 | ---- | M] (Webroot) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\WRkrn.sys -- (WRkrn)
DRV - [2012/06/19 13:01:35 | 000,054,072 | ---- | M] (Emsisoft GmbH) [File_System | On_Demand | Running] -- C:\PROGRAM FILES\EMSISOFT ANTI-MALWARE\a2accx86.sys -- (a2acc)
DRV - [2012/06/19 13:01:35 | 000,037,856 | ---- | M] (Emsisoft GmbH) [File_System | System | Running] -- C:\Program Files\Emsisoft Anti-Malware\a2dix86.sys -- (a2injectiondriver)
DRV - [2011/12/29 10:56:18 | 000,100,160 | ---- | M] (INCA Internet Co., Ltd.) [File_System | System | Running] -- C:\Windows\System32\tkdacxp.sys -- (TKDac)
DRV - [2011/12/16 16:19:54 | 000,015,544 | ---- | M] (Secunia) [File_System | On_Demand | Stopped] -- C:\Windows\System32\drivers\psi_mf.sys -- (PSI)
DRV - [2011/05/19 14:10:34 | 000,017,904 | ---- | M] (Emsi Software GmbH) [Kernel | System | Running] -- C:\Program Files\Emsisoft Anti-Malware\a2ddax86.sys -- (A2DDA)
DRV - [2011/03/31 13:36:10 | 000,204,384 | ---- | M] (SHADOWDEFENDER.COM) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\diskpt.sys -- (diskpt)
DRV - [2010/05/05 09:40:32 | 000,011,776 | ---- | M] (Emsi Software GmbH) [Kernel | System | Running] -- C:\Program Files\Emsisoft Anti-Malware\a2util32.sys -- (a2util)
DRV - [2007/10/19 01:29:40 | 002,251,776 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\NETw4v32.sys -- (NETw4v32)
DRV - [2006/11/02 09:41:49 | 001,010,560 | ---- | M] (Motorola Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\smserial.sys -- (smserial)
DRV - [2006/11/02 09:30:54 | 001,781,760 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\NETw3v32.sys -- (NETw3v32)
DRV - [2006/10/25 15:36:48 | 000,042,240 | ---- | M] (ENE Technology Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\ESD7SK.sys -- (ESDCR)
DRV - [2006/10/25 15:36:36 | 000,062,208 | ---- | M] (ENE Technology Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\EMS7SK.sys -- (EMSCR)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.msn.com/
IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC


IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



IE - HKU\S-1-5-21-3960516785-660546420-3033704126-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.msn.com/
IE - HKU\S-1-5-21-3960516785-660546420-3033704126-1000\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKU\S-1-5-21-3960516785-660546420-3033704126-1000\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKU\S-1-5-21-3960516785-660546420-3033704126-1000\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC
IE - HKU\S-1-5-21-3960516785-660546420-3033704126-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-21-3960516785-660546420-3033704126-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://fr.msn.com/?ocid=iehp
IE - HKU\S-1-5-21-3960516785-660546420-3033704126-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = fr
IE - HKU\S-1-5-21-3960516785-660546420-3033704126-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = B9 C4 89 67 11 69 CD 01 [binary data]
IE - HKU\S-1-5-21-3960516785-660546420-3033704126-1001\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKU\S-1-5-21-3960516785-660546420-3033704126-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..browser.search.defaultengine: "Google"
FF - prefs.js..browser.search.defaultenginename: "Google"
FF - prefs.js..browser.search.order.1: "Ask.com"
FF - prefs.js..browser.search.selectedEngine: "Ask.com"
FF - prefs.js..browser.startup.homepage: "http://fr.yahoo.com/"
FF - user.js - File not found

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32_11_3_300_265.dll ()
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.5.1: C:\Windows\system32\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.5.1: C:\Program Files\Oracle\JavaFX 2.1 Runtime\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@mozilla.zeniko.ch/SumatraPDF_Browser_Plugin: C:\Program Files\SumatraPDF\npPdfViewer.dll (Simon Bünzli)
FF - HKLM\Software\MozillaPlugins\@veetle.com/veetleCorePlugin,version=0.9.19: C:\Program Files\Veetle\plugins\npVeetle.dll (Veetle Inc)
FF - HKLM\Software\MozillaPlugins\@veetle.com/veetlePlayerPlugin,version=0.9.18: C:\Program Files\Veetle\Player\npvlc.dll (Veetle Inc)
FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=1.1.11: C:\Program Files\VideoLAN\VLC\npvlc.dll (the VideoLAN Team)
FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.0.2: C:\Program Files\VideoLAN\VLC\npvlc.dll (the VideoLAN Team)
FF - HKCU\Software\MozillaPlugins\@mozilla.zeniko.ch/SumatraPDF_Browser_Plugin: C:\Program Files\SumatraPDF\npPdfViewer.dll (Simon Bünzli)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 14.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012/07/19 22:19:54 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 14.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2012/07/19 15:45:44 | 000,000,000 | ---D | M]

[2011/12/04 21:59:28 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Flore\AppData\Roaming\mozilla\Extensions
[2012/07/13 11:56:47 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Flore\AppData\Roaming\mozilla\Firefox\Profiles\3mx75wwm.default\extensions
[2012/04/01 20:05:29 | 000,000,000 | ---D | M] (DownloadHelper) -- C:\Users\Flore\AppData\Roaming\mozilla\Firefox\Profiles\3mx75wwm.default\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}
[2011/12/09 02:49:49 | 000,000,000 | ---D | M] (Memory Fox) -- C:\Users\Flore\AppData\Roaming\mozilla\Firefox\Profiles\3mx75wwm.default\extensions\{E173B749-DB5B-4fd2-BA0E-94ECEA0CA55B}
[2012/07/13 02:32:20 | 000,000,000 | ---D | M] (Fasterfox Lite) -- C:\Users\Flore\AppData\Roaming\mozilla\Firefox\Profiles\3mx75wwm.default\extensions\FasterFox_Lite@BigRedBrent
[2012/07/13 11:56:46 | 000,000,000 | ---D | M] (Ghostery) -- C:\Users\Flore\AppData\Roaming\mozilla\Firefox\Profiles\3mx75wwm.default\extensions\firefox@ghostery.com
[2012/01/03 17:27:44 | 000,002,333 | ---- | M] () -- C:\Users\Flore\AppData\Roaming\Mozilla\Firefox\Profiles\3mx75wwm.default\searchplugins\askcom.xml
[2012/02/18 22:08:44 | 000,002,140 | ---- | M] () -- C:\Users\Flore\AppData\Roaming\Mozilla\Firefox\Profiles\3mx75wwm.default\searchplugins\s-amazon-fr.xml
[2012/07/19 22:19:53 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\mozilla firefox\extensions
[2012/07/14 02:15:45 | 000,136,672 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2012/07/14 02:39:12 | 000,001,516 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazon-france.xml
[2012/07/14 02:39:12 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml
[2012/07/14 02:39:12 | 000,001,822 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\cnrtl-tlfi-fr.xml
[2012/07/14 02:39:12 | 000,001,154 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay-france.xml
[2012/07/14 02:39:12 | 000,001,426 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia-fr.xml
[2012/07/14 02:39:12 | 000,000,956 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo-france.xml

O1 HOSTS File: ([2012/07/21 16:16:58 | 000,000,027 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (Java™ Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Oracle\JavaFX 2.1 Runtime\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Oracle\JavaFX 2.1 Runtime\bin\jp2ssv.dll (Oracle Corporation)
O4 - HKLM..\Run: [emsisoft anti-malware] c:\program files\emsisoft anti-malware\a2guard.exe (Emsisoft GmbH)
O4 - HKLM..\Run: [NpMBRGuard] C:\Program Files\INCAInternet\nProtect MBR Guard\nPMBRGuard.exe (INCA Internet Co., Ltd.)
O4 - HKLM..\Run: [Shadow Defender Daemon] C:\Program Files\Shadow Defender\DefenderDaemon.exe (SHADOWDEFENDER.COM)
O4 - HKLM..\Run: [WRSVC] C:\Program Files\Webroot\WRSA.exe (Webroot)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDevMgrUpdate = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSetTaskbar = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDeletePrinter = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDFSTab = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoChangeStartMenu = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoLogoff = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoEncryptOnMove = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoRunasInstallPrompt = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoResolveSearch = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoResolveTrack = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoHardwareTab = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoStartMenuSubFolders = 0
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: DisableLocalMachineRun = 0
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: DisableLocalMachineRunOnce = 0
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: DisableCurrentUserRun = 0
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: DisableCurrentUserRunOnce = 0
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 0
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoShellSearchButton = 0
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoFile = 0
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HideClock = 0
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoTrayItemsDisplay = 0
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSetFolders = 0
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDevMgrUpdate = 0
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoClose = 0
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSetTaskbar = 0
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDeletePrinter = 0
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDFSTab = 0
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoChangeStartMenu = 0
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoLogoff = 0
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: StartMenuLogoff = 0
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoEncryptOnMove = 0
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoRunasInstallPrompt = 0
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoResolveSearch = 0
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoResolveTrack = 0
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSaveSettings = 0
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoHardwareTab = 0
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoStartMenuSubFolders = 0
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: DisableLocalMachineRun = 0
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: DisableLocalMachineRunOnce = 0
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: DisableCurrentUserRun = 0
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: DisableCurrentUserRunOnce = 0
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 0
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoShellSearchButton = 0
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoFile = 0
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HideClock = 0
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoTrayItemsDisplay = 0
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSetFolders = 0
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDevMgrUpdate = 0
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoClose = 0
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSetTaskbar = 0
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDeletePrinter = 0
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDFSTab = 0
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoChangeStartMenu = 0
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoLogoff = 0
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: StartMenuLogoff = 0
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoEncryptOnMove = 0
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoRunasInstallPrompt = 0
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoResolveSearch = 0
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoResolveTrack = 0
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSaveSettings = 0
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoHardwareTab = 0
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoStartMenuSubFolders = 0
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoViewOnDrive = 0
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoControlPanel = 0
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: DisableLocalMachineRun = 0
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: DisableLocalMachineRunOnce = 0
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: DisableCurrentUserRun = 0
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: DisableCurrentUserRunOnce = 0
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 0
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoViewContextMenu = 0
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoShellSearchButton = 0
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoFind = 0
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoFile = 0
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HideClock = 0
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoTrayContextMenu = 0
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoTrayItemsDisplay = 0
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSetFolders = 0
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDevMgrUpdate = 0
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoClose = 0
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSetTaskbar = 0
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDeletePrinter = 0
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDFSTab = 0
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoChangeStartMenu = 0
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoLogoff = 0
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: StartMenuLogoff = 0
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoWindowsUpdate = 0
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoEncryptOnMove = 0
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoRunasInstallPrompt = 0
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoResolveSearch = 0
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoResolveTrack = 0
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSaveSettings = 0
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoHardwareTab = 0
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoStartMenuSubFolders = 0
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDesktop = 0
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: NoDispAppearancePage = 0
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: NoDispBackgroundPage = 0
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: NoDispSettingsPage = 0
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoViewOnDrive = 0
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoControlPanel = 0
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: DisableLocalMachineRun = 0
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: DisableLocalMachineRunOnce = 0
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: DisableCurrentUserRun = 0
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: DisableCurrentUserRunOnce = 0
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 0
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoViewContextMenu = 0
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoShellSearchButton = 0
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoFind = 0
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoFile = 0
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HideClock = 0
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoTrayContextMenu = 0
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoTrayItemsDisplay = 0
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSetFolders = 0
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDevMgrUpdate = 0
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoClose = 0
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSetTaskbar = 0
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDeletePrinter = 0
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDFSTab = 0
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoChangeStartMenu = 0
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoLogoff = 0
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: StartMenuLogoff = 0
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoWindowsUpdate = 0
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoEncryptOnMove = 0
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoRunasInstallPrompt = 0
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoResolveSearch = 0
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoResolveTrack = 0
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSaveSettings = 0
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoHardwareTab = 0
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoStartMenuSubFolders = 0
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDesktop = 0
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: NoDispAppearancePage = 0
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: NoDispBackgroundPage = 0
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: NoDispSettingsPage = 0
O7 - HKU\S-1-5-21-3960516785-660546420-3033704126-1000\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-3960516785-660546420-3033704126-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKU\S-1-5-21-3960516785-660546420-3033704126-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 124
O7 - HKU\S-1-5-21-3960516785-660546420-3033704126-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDevMgrUpdate = 0
O7 - HKU\S-1-5-21-3960516785-660546420-3033704126-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSetTaskbar = 0
O7 - HKU\S-1-5-21-3960516785-660546420-3033704126-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDeletePrinter = 0
O7 - HKU\S-1-5-21-3960516785-660546420-3033704126-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDFSTab = 0
O7 - HKU\S-1-5-21-3960516785-660546420-3033704126-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoChangeStartMenu = 0
O7 - HKU\S-1-5-21-3960516785-660546420-3033704126-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoLogoff = 0
O7 - HKU\S-1-5-21-3960516785-660546420-3033704126-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoEncryptOnMove = 0
O7 - HKU\S-1-5-21-3960516785-660546420-3033704126-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoRunasInstallPrompt = 0
O7 - HKU\S-1-5-21-3960516785-660546420-3033704126-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoResolveSearch = 0
O7 - HKU\S-1-5-21-3960516785-660546420-3033704126-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoResolveTrack = 0
O7 - HKU\S-1-5-21-3960516785-660546420-3033704126-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoHardwareTab = 0
O7 - HKU\S-1-5-21-3960516785-660546420-3033704126-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoStartMenuSubFolders = 0
O7 - HKU\S-1-5-21-3960516785-660546420-3033704126-1001\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-3960516785-660546420-3033704126-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoViewOnDrive = 0
O7 - HKU\S-1-5-21-3960516785-660546420-3033704126-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKU\S-1-5-21-3960516785-660546420-3033704126-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoControlPanel = 0
O7 - HKU\S-1-5-21-3960516785-660546420-3033704126-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: DisableLocalMachineRun = 0
O7 - HKU\S-1-5-21-3960516785-660546420-3033704126-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: DisableLocalMachineRunOnce = 0
O7 - HKU\S-1-5-21-3960516785-660546420-3033704126-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: DisableCurrentUserRun = 0
O7 - HKU\S-1-5-21-3960516785-660546420-3033704126-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: DisableCurrentUserRunOnce = 0
O7 - HKU\S-1-5-21-3960516785-660546420-3033704126-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 0
O7 - HKU\S-1-5-21-3960516785-660546420-3033704126-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoViewContextMenu = 0
O7 - HKU\S-1-5-21-3960516785-660546420-3033704126-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoShellSearchButton = 0
O7 - HKU\S-1-5-21-3960516785-660546420-3033704126-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoFind = 0
O7 - HKU\S-1-5-21-3960516785-660546420-3033704126-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoFile = 0
O7 - HKU\S-1-5-21-3960516785-660546420-3033704126-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HideClock = 0
O7 - HKU\S-1-5-21-3960516785-660546420-3033704126-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoTrayContextMenu = 0
O7 - HKU\S-1-5-21-3960516785-660546420-3033704126-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoTrayItemsDisplay = 0
O7 - HKU\S-1-5-21-3960516785-660546420-3033704126-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSetFolders = 0
O7 - HKU\S-1-5-21-3960516785-660546420-3033704126-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDevMgrUpdate = 0
O7 - HKU\S-1-5-21-3960516785-660546420-3033704126-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoClose = 0
O7 - HKU\S-1-5-21-3960516785-660546420-3033704126-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSetTaskbar = 0
O7 - HKU\S-1-5-21-3960516785-660546420-3033704126-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDeletePrinter = 0
O7 - HKU\S-1-5-21-3960516785-660546420-3033704126-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDFSTab = 0
O7 - HKU\S-1-5-21-3960516785-660546420-3033704126-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoChangeStartMenu = 0
O7 - HKU\S-1-5-21-3960516785-660546420-3033704126-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoLogoff = 0
O7 - HKU\S-1-5-21-3960516785-660546420-3033704126-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: StartMenuLogoff = 0
O7 - HKU\S-1-5-21-3960516785-660546420-3033704126-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoWindowsUpdate = 0
O7 - HKU\S-1-5-21-3960516785-660546420-3033704126-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoEncryptOnMove = 0
O7 - HKU\S-1-5-21-3960516785-660546420-3033704126-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoRunasInstallPrompt = 0
O7 - HKU\S-1-5-21-3960516785-660546420-3033704126-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoResolveSearch = 0
O7 - HKU\S-1-5-21-3960516785-660546420-3033704126-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoResolveTrack = 0
O7 - HKU\S-1-5-21-3960516785-660546420-3033704126-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSaveSettings = 0
O7 - HKU\S-1-5-21-3960516785-660546420-3033704126-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoHardwareTab = 0
O7 - HKU\S-1-5-21-3960516785-660546420-3033704126-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoStartMenuSubFolders = 0
O7 - HKU\S-1-5-21-3960516785-660546420-3033704126-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDesktop = 0
O7 - HKU\S-1-5-21-3960516785-660546420-3033704126-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: NoDispAppearancePage = 0
O7 - HKU\S-1-5-21-3960516785-660546420-3033704126-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: NoDispBackgroundPage = 0
O7 - HKU\S-1-5-21-3960516785-660546420-3033704126-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: NoDispSettingsPage = 0
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{FB6D00A2-B1C0-4845-B099-36B37CE7E9BD}: DhcpNameServer = 192.168.1.1
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Windows\Web\Wallpaper\img11.jpg
O24 - Desktop BackupWallPaper: C:\Windows\Web\Wallpaper\img11.jpg
O29 - HKLM SecurityProviders - (msapsspc.dll) - File not found
O29 - HKLM SecurityProviders - (digest.dll) - File not found
O29 - HKLM SecurityProviders - (msnsspc.dll) - File not found
O30 - LSA: Security Packages - (pku2u) - File not found
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006/09/18 23:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O35 - HKU\S-1-5-21-3960516785-660546420-3033704126-1001..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKU\.DEFAULT\...exe [@ = exefile] -- "%1" %*
O37 - HKU\S-1-5-18\...exe [@ = exefile] -- "%1" %*
O37 - HKU\S-1-5-21-3960516785-660546420-3033704126-1001\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)

========== Files/Folders - Created Within 30 Days ==========

[2012/07/24 00:52:12 | 000,000,000 | ---D | C] -- C:\Users\Flore\AppData\Local\Secunia PSI
[2012/07/24 00:51:56 | 000,000,000 | ---D | C] -- C:\Program Files\Secunia
[2012/07/22 23:53:37 | 000,000,000 | ---D | C] -- C:\ProgramData\boost_interprocess
[2012/07/21 16:27:14 | 000,000,000 | ---D | C] -- C:\Windows\temp
[2012/07/21 16:22:45 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN
[2012/07/21 16:22:23 | 000,000,000 | ---D | C] -- C:\Users\Flore\AppData\Local\temp
[2012/07/21 16:01:08 | 000,518,144 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe
[2012/07/21 16:01:08 | 000,406,528 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe
[2012/07/21 16:01:08 | 000,060,416 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe
[2012/07/21 16:01:00 | 000,000,000 | ---D | C] -- C:\ComboFix
[2012/07/21 15:54:56 | 000,000,000 | ---D | C] -- C:\Qoobox
[2012/07/21 15:54:36 | 000,000,000 | ---D | C] -- C:\Windows\erdnt
[2012/07/21 15:44:34 | 004,582,474 | R--- | C] (Swearware) -- C:\Users\Flore\Desktop\ComboFix.exe
[2012/07/19 22:19:56 | 000,000,000 | ---D | C] -- C:\Program Files\Mozilla Maintenance Service
[2012/07/19 15:46:03 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Java
[2012/07/19 15:45:49 | 000,000,000 | ---D | C] -- C:\Program Files\Oracle
[2012/07/19 15:45:44 | 000,772,544 | ---- | C] (Oracle Corporation) -- C:\Windows\System32\npDeployJava1.dll
[2012/07/19 15:45:44 | 000,227,760 | ---- | C] (Oracle Corporation) -- C:\Windows\System32\javaws.exe
[2012/07/19 15:45:34 | 000,174,064 | ---- | C] (Oracle Corporation) -- C:\Windows\System32\javaw.exe
[2012/07/19 15:45:34 | 000,174,064 | ---- | C] (Oracle Corporation) -- C:\Windows\System32\java.exe
[2012/07/19 15:20:38 | 000,607,260 | R--- | C] (Swearware) -- C:\Users\Flore\Desktop\dds.scr
[2012/07/18 02:15:39 | 000,000,000 | ---D | C] -- C:\Users\Flore\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\nProtect MBR Guard
[2012/07/18 02:15:33 | 000,000,000 | ---D | C] -- C:\Program Files\INCAInternet
[2012/07/18 00:06:48 | 000,000,000 | ---D | C] -- C:\Users\Flore\AppData\Roaming\Media Player Classic
[2012/07/18 00:05:34 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\MPC-HC
[2012/07/18 00:05:32 | 000,000,000 | ---D | C] -- C:\Program Files\MPC-HC
[2012/07/16 04:27:56 | 000,426,184 | ---- | C] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerApp.exe
[2012/07/16 04:27:55 | 000,404,640 | ---- | C] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerCPLApp.cpl
[2012/07/16 03:48:22 | 000,000,000 | ---D | C] -- C:\Users\Flore\AppData\Local\Daum
[2012/07/16 03:48:21 | 000,000,000 | ---D | C] -- C:\Users\Flore\AppData\Roaming\PotPlayerMini
[2012/07/16 03:44:03 | 000,074,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\XAPOFX1_5.dll
[2012/07/16 03:44:02 | 002,106,216 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\D3DCompiler_43.dll
[2012/07/16 03:44:02 | 001,998,168 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\D3DX9_43.dll
[2012/07/16 03:44:02 | 001,868,128 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3dcsx_43.dll
[2012/07/16 03:44:02 | 000,528,216 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\XAudio2_6.dll
[2012/07/16 03:44:02 | 000,527,192 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\XAudio2_7.dll
[2012/07/16 03:44:02 | 000,470,880 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3dx10_43.dll
[2012/07/16 03:44:02 | 000,248,672 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3dx11_43.dll
[2012/07/16 03:44:02 | 000,239,960 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\xactengine3_7.dll
[2012/07/16 03:44:02 | 000,074,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\XAPOFX1_4.dll
[2012/07/16 03:44:01 | 005,501,792 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3dcsx_42.dll
[2012/07/16 03:44:01 | 001,974,616 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\D3DCompiler_42.dll
[2012/07/16 03:44:01 | 000,515,416 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\XAudio2_5.dll
[2012/07/16 03:44:01 | 000,238,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\xactengine3_6.dll
[2012/07/16 03:44:01 | 000,238,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\xactengine3_5.dll
[2012/07/16 03:44:01 | 000,235,344 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3dx11_42.dll
[2012/07/16 03:44:01 | 000,022,360 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\X3DAudio1_7.dll
[2012/07/16 03:44:00 | 004,178,264 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\D3DX9_41.dll
[2012/07/16 03:44:00 | 002,036,576 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\D3DCompiler_40.dll
[2012/07/16 03:44:00 | 001,892,184 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\D3DX9_42.dll
[2012/07/16 03:44:00 | 001,846,632 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\D3DCompiler_41.dll
[2012/07/16 03:44:00 | 000,517,448 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\XAudio2_4.dll
[2012/07/16 03:44:00 | 000,453,456 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3dx10_42.dll
[2012/07/16 03:44:00 | 000,453,456 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3dx10_41.dll
[2012/07/16 03:44:00 | 000,452,440 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3dx10_40.dll
[2012/07/16 03:44:00 | 000,235,352 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\xactengine3_4.dll
[2012/07/16 03:44:00 | 000,069,464 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\XAPOFX1_3.dll
[2012/07/16 03:44:00 | 000,022,360 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\X3DAudio1_6.dll
[2012/07/16 03:43:59 | 004,379,984 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\D3DX9_40.dll
[2012/07/16 03:43:59 | 003,851,784 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\D3DX9_39.dll
[2012/07/16 03:43:59 | 001,493,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\D3DCompiler_39.dll
[2012/07/16 03:43:59 | 000,514,384 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\XAudio2_3.dll
[2012/07/16 03:43:59 | 000,509,448 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\XAudio2_2.dll
[2012/07/16 03:43:59 | 000,467,984 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3dx10_39.dll
[2012/07/16 03:43:59 | 000,238,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\xactengine3_2.dll
[2012/07/16 03:43:59 | 000,235,856 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\xactengine3_3.dll
[2012/07/16 03:43:59 | 000,070,992 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\XAPOFX1_2.dll
[2012/07/16 03:43:59 | 000,068,616 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\XAPOFX1_1.dll
[2012/07/16 03:43:59 | 000,023,376 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\X3DAudio1_5.dll
[2012/07/16 03:43:58 | 003,850,760 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\D3DX9_38.dll
[2012/07/16 03:43:58 | 001,491,992 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\D3DCompiler_38.dll
[2012/07/16 03:43:58 | 000,507,400 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\XAudio2_1.dll
[2012/07/16 03:43:58 | 000,467,984 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3dx10_38.dll
[2012/07/16 03:43:58 | 000,238,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\xactengine3_1.dll
[2012/07/16 03:43:58 | 000,065,032 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\XAPOFX1_0.dll
[2012/07/16 03:43:58 | 000,025,608 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\X3DAudio1_4.dll
[2012/07/16 03:43:57 | 003,786,760 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\D3DX9_37.dll
[2012/07/16 03:43:57 | 003,734,536 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3dx9_36.dll
[2012/07/16 03:43:57 | 001,420,824 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\D3DCompiler_37.dll
[2012/07/16 03:43:57 | 001,374,232 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\D3DCompiler_36.dll
[2012/07/16 03:43:57 | 000,479,752 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\XAudio2_0.dll
[2012/07/16 03:43:57 | 000,462,864 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3dx10_37.dll
[2012/07/16 03:43:57 | 000,444,776 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3dx10_36.dll
[2012/07/16 03:43:57 | 000,267,272 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\xactengine2_10.dll
[2012/07/16 03:43:57 | 000,238,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\xactengine3_0.dll
[2012/07/16 03:43:57 | 000,025,608 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\X3DAudio1_3.dll
[2012/07/16 03:43:56 | 003,727,720 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3dx9_35.dll
[2012/07/16 03:43:56 | 001,358,192 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\D3DCompiler_35.dll
[2012/07/16 03:43:56 | 001,124,720 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\D3DCompiler_34.dll
[2012/07/16 03:43:56 | 000,444,776 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3dx10_35.dll
[2012/07/16 03:43:56 | 000,443,752 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3dx10_34.dll
[2012/07/16 03:43:56 | 000,267,112 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\xactengine2_9.dll
[2012/07/16 03:43:56 | 000,266,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\xactengine2_8.dll
[2012/07/16 03:43:56 | 000,017,928 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\X3DAudio1_2.dll
[2012/07/16 03:43:55 | 003,497,832 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3dx9_34.dll
[2012/07/16 03:43:55 | 003,495,784 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3dx9_33.dll
[2012/07/16 03:43:55 | 003,426,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3dx9_32.dll
[2012/07/16 03:43:55 | 001,123,696 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\D3DCompiler_33.dll
[2012/07/16 03:43:55 | 000,443,752 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3dx10_33.dll
[2012/07/16 03:43:55 | 000,440,080 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3dx10.dll
[2012/07/16 03:43:55 | 000,261,480 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\xactengine2_7.dll
[2012/07/16 03:43:55 | 000,255,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\xactengine2_6.dll
[2012/07/16 03:43:55 | 000,251,672 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\xactengine2_5.dll
[2012/07/16 03:43:55 | 000,081,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\xinput1_3.dll
[2012/07/16 03:43:54 | 002,414,360 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3dx9_31.dll
[2012/07/16 03:43:54 | 000,237,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\xactengine2_4.dll
[2012/07/16 03:43:54 | 000,236,824 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\xactengine2_3.dll
[2012/07/16 03:43:54 | 000,230,168 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\xactengine2_2.dll
[2012/07/16 03:43:54 | 000,229,584 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\xactengine2_1.dll
[2012/07/16 03:43:54 | 000,062,744 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\xinput1_2.dll
[2012/07/16 03:43:54 | 000,062,672 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\xinput1_1.dll
[2012/07/16 03:43:54 | 000,015,128 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\x3daudio1_1.dll
[2012/07/16 03:43:51 | 002,388,176 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3dx9_30.dll
[2012/07/16 03:43:51 | 002,332,368 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3dx9_29.dll
[2012/07/16 03:43:51 | 002,323,664 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3dx9_28.dll
[2012/07/16 03:43:51 | 002,319,568 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3dx9_27.dll
[2012/07/16 03:43:51 | 002,297,552 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3dx9_26.dll
[2012/07/16 03:43:51 | 000,230,096 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\xactengine2_0.dll
[2012/07/16 03:43:51 | 000,014,032 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\x3daudio1_0.dll
[2012/07/16 03:43:50 | 002,337,488 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3dx9_25.dll
[2012/07/16 03:43:50 | 002,222,800 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3dx9_24.dll
[2012/07/16 03:35:49 | 000,000,000 | ---D | C] -- C:\Users\Flore\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Daum
[2012/07/16 03:35:49 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Daum
[2012/07/16 03:35:41 | 000,000,000 | ---D | C] -- C:\Program Files\Daum
[2012/07/16 02:53:14 | 000,920,088 | ---- | C] (Intel® Corporation) -- C:\Windows\System32\igxpun.exe
[2012/07/16 02:06:47 | 000,000,000 | ---D | C] -- C:\Users\Flore\AppData\Roaming\vlc
[2012/07/16 02:06:40 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VideoLAN
[2012/07/15 23:12:16 | 000,000,000 | ---D | C] -- C:\Intel
[2012/07/15 11:31:26 | 000,000,000 | ---D | C] -- C:\Users\Flore\Vba32arkit
[2012/07/13 09:27:56 | 000,000,000 | ---D | C] -- C:\Users\Flore\AppData\Roaming\Malwarebytes
[2012/07/13 09:27:47 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2012/07/13 01:46:23 | 000,000,000 | ---D | C] -- C:\Users\Flore\Desktop\RK_Quarantine
[2012/06/30 21:49:19 | 000,012,872 | ---- | C] (SurfRight B.V.) -- C:\Windows\System32\bootdelete.exe
[2012/06/29 11:50:59 | 000,000,000 | ---D | C] -- C:\Users\Flore\AppData\Local\Apps
[2012/06/29 02:42:48 | 000,000,000 | ---D | C] -- C:\Users\Flore\AppData\Roaming\IrfanView
[2012/06/28 03:09:05 | 000,000,000 | ---D | C] -- C:\Users\Flore\AppData\Local\Macromedia
[2012/06/28 02:26:43 | 000,000,000 | ---D | C] -- C:\Program Files\FuturixImager
[2012/06/28 02:10:29 | 000,000,000 | ---D | C] -- C:\Program Files\MycView
[2012/06/28 01:16:05 | 000,000,000 | ---D | C] -- C:\Program Files\JPEGView_1_0_26

========== Files - Modified Within 30 Days ==========

[2012/07/24 17:49:55 | 000,003,648 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2012/07/24 17:49:55 | 000,003,648 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2012/07/24 17:47:43 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012/07/24 15:18:12 | 000,000,012 | ---- | M] () -- C:\Windows\bthservsdp.dat
[2012/07/24 14:45:00 | 000,001,002 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2012/07/24 01:05:01 | 000,404,640 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerCPLApp.cpl
[2012/07/23 22:06:59 | 000,426,184 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerApp.exe
[2012/07/21 16:54:18 | 000,031,744 | ---- | M] () -- C:\Users\Flore\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2012/07/21 16:16:58 | 000,000,027 | ---- | M] () -- C:\Windows\System32\drivers\etc\hosts
[2012/07/21 15:45:36 | 004,582,474 | R--- | M] (Swearware) -- C:\Users\Flore\Desktop\ComboFix.exe
[2012/07/19 23:52:44 | 000,000,876 | ---- | M] () -- C:\Users\Flore\Documents\1D8B60D2bis.reg
[2012/07/19 23:51:39 | 000,000,798 | ---- | M] () -- C:\Users\Flore\Documents\1D8B60D2.reg
[2012/07/19 22:19:59 | 000,000,870 | ---- | M] () -- C:\Users\Flore\Application Data\Microsoft\Internet Explorer\Quick Launch\Mozilla Firefox.lnk
[2012/07/19 22:19:59 | 000,000,846 | ---- | M] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk
[2012/07/19 22:14:19 | 000,000,512 | ---- | M] () -- C:\Users\Flore\Documents\MBR.dat
[2012/07/19 15:45:24 | 000,174,064 | ---- | M] (Oracle Corporation) -- C:\Windows\System32\javaw.exe
[2012/07/19 15:45:24 | 000,174,064 | ---- | M] (Oracle Corporation) -- C:\Windows\System32\java.exe
[2012/07/19 15:04:04 | 000,881,494 | ---- | M] () -- C:\Users\Flore\Desktop\SecurityCheck.exe
[2012/07/19 15:03:31 | 000,607,260 | R--- | M] (Swearware) -- C:\Users\Flore\Desktop\dds.scr
[2012/07/19 15:03:23 | 000,139,264 | ---- | M] () -- C:\Users\Flore\Desktop\RKUnhookerLE.EXE
[2012/07/18 02:15:40 | 000,001,117 | ---- | M] () -- C:\Users\Flore\Desktop\nProtect MBR Guard.lnk
[2012/07/18 00:05:34 | 000,001,670 | ---- | M] () -- C:\Users\Flore\Desktop\MPC-HC.lnk
[2012/07/16 03:36:13 | 000,000,967 | ---- | M] () -- C:\Users\Flore\Desktop\PotPlayer.lnk
[2012/07/16 02:50:10 | 000,000,680 | ---- | M] () -- C:\Users\Flore\AppData\Local\d3d9caps.dat
[2012/07/16 02:16:43 | 000,000,938 | ---- | M] () -- C:\Users\Flore\Application Data\Microsoft\Internet Explorer\Quick Launch\Windows Media Player.lnk
[2012/07/16 02:06:40 | 000,000,859 | ---- | M] () -- C:\Users\Public\Desktop\VLC media player.lnk
[2012/07/15 01:03:17 | 001,472,131 | ---- | M] () -- C:\Program Files\vba32arkit.zip
[2012/07/13 02:27:11 | 074,317,203 | ---- | M] () -- C:\Windows\MEMORY.DMP
[2012/07/05 22:06:48 | 000,227,760 | ---- | M] (Oracle Corporation) -- C:\Windows\System32\javaws.exe
[2012/07/05 22:06:30 | 000,772,544 | ---- | M] (Oracle Corporation) -- C:\Windows\System32\npDeployJava1.dll
[2012/07/05 22:06:20 | 000,687,544 | ---- | M] (Oracle Corporation) -- C:\Windows\System32\deployJava1.dll
[2012/07/02 00:12:24 | 000,148,664 | ---- | M] (Webroot) -- C:\Windows\System32\WRusr.dll
[2012/07/01 11:09:00 | 000,111,632 | ---- | M] (Webroot) -- C:\Windows\System32\drivers\WRkrn.sys
[2012/06/30 21:49:19 | 000,012,872 | ---- | M] (SurfRight B.V.) -- C:\Windows\System32\bootdelete.exe
[2012/06/28 01:07:12 | 000,826,230 | ---- | M] () -- C:\Program Files\JPEGView_1_0_26.zip

========== Files Created - No Company Name ==========

[2012/07/24 00:52:01 | 000,000,862 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Secunia PSI.lnk
[2012/07/23 22:04:38 | 000,001,002 | ---- | C] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2012/07/21 16:01:08 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe
[2012/07/21 16:01:08 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe
[2012/07/21 16:01:08 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
[2012/07/21 16:01:08 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
[2012/07/21 16:01:08 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
[2012/07/19 23:52:44 | 000,000,876 | ---- | C] () -- C:\Users\Flore\Documents\1D8B60D2bis.reg
[2012/07/19 23:51:39 | 000,000,798 | ---- | C] () -- C:\Users\Flore\Documents\1D8B60D2.reg
[2012/07/19 22:19:59 | 000,000,870 | ---- | C] () -- C:\Users\Flore\Application Data\Microsoft\Internet Explorer\Quick Launch\Mozilla Firefox.lnk
[2012/07/19 22:19:59 | 000,000,846 | ---- | C] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk
[2012/07/19 22:19:58 | 000,000,858 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
[2012/07/19 22:14:19 | 000,000,512 | ---- | C] () -- C:\Users\Flore\Documents\MBR.dat
[2012/07/19 15:20:38 | 000,139,264 | ---- | C] () -- C:\Users\Flore\Desktop\RKUnhookerLE.EXE
[2012/07/19 15:20:37 | 000,881,494 | ---- | C] () -- C:\Users\Flore\Desktop\SecurityCheck.exe
[2012/07/18 02:15:40 | 000,001,117 | ---- | C] () -- C:\Users\Flore\Desktop\nProtect MBR Guard.lnk
[2012/07/18 00:05:34 | 000,178,176 | ---- | C] () -- C:\Windows\System32\unrar.dll
[2012/07/18 00:05:34 | 000,001,670 | ---- | C] () -- C:\Users\Flore\Desktop\MPC-HC.lnk
[2012/07/16 03:36:13 | 000,000,967 | ---- | C] () -- C:\Users\Flore\Desktop\PotPlayer.lnk
[2012/07/16 02:16:43 | 000,000,938 | ---- | C] () -- C:\Users\Flore\Application Data\Microsoft\Internet Explorer\Quick Launch\Windows Media Player.lnk
[2012/07/16 02:06:40 | 000,000,859 | ---- | C] () -- C:\Users\Public\Desktop\VLC media player.lnk
[2012/07/16 00:09:53 | 000,121,232 | ---- | C] () -- C:\Windows\System32\IScrNBR.bmp
[2012/07/16 00:09:53 | 000,121,232 | ---- | C] () -- C:\Windows\System32\IScrNB.bmp
[2012/07/15 01:34:13 | 001,472,131 | ---- | C] () -- C:\Program Files\vba32arkit.zip
[2012/07/13 02:19:59 | 074,317,203 | ---- | C] () -- C:\Windows\MEMORY.DMP
[2012/06/28 02:26:45 | 000,000,869 | ---- | C] () -- C:\Users\Flore\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\FuturixImager.lnk
[2012/06/28 01:14:43 | 000,826,230 | ---- | C] () -- C:\Program Files\JPEGView_1_0_26.zip
[2012/05/27 03:13:40 | 000,000,004 | ---- | C] () -- C:\Windows\60139727.dat
[2012/05/26 02:53:38 | 000,000,004 | ---- | C] () -- C:\Windows\11290197.dat
[2012/05/25 16:30:01 | 000,000,004 | ---- | C] () -- C:\Windows\16305630.dat
[2012/05/25 02:27:02 | 000,000,004 | ---- | C] () -- C:\Windows\52562384.dat
[2012/05/24 02:29:58 | 000,000,130 | ---- | C] () -- C:\Windows\9218894.dat
[2012/05/21 13:50:06 | 000,000,418 | ---- | C] () -- C:\Users\Flore\.swfinfo
[2012/05/13 20:52:16 | 000,005,583 | ---- | C] () -- C:\Users\Flore\AppData\Local\Temp5.html
[2012/05/11 00:07:55 | 000,001,004 | ---- | C] () -- C:\Windows\diskpt0.dat
[2012/05/08 14:48:55 | 000,006,930 | ---- | C] () -- C:\Users\Flore\AppData\Local\Temp7.html
[2012/05/08 14:47:53 | 000,001,858 | ---- | C] () -- C:\Users\Flore\AppData\Local\Temp1.html
[2012/05/01 15:19:52 | 000,088,656 | ---- | C] () -- C:\Windows\System32\cpwmon2k.dll
[2012/04/30 20:22:52 | 000,000,000 | ---- | C] () -- C:\Windows\diskpt.dat
[2011/12/22 13:52:02 | 000,000,680 | ---- | C] () -- C:\Users\Flore\AppData\Local\d3d9caps.dat
[2011/12/14 03:41:02 | 000,000,324 | ---- | C] () -- C:\Windows\12812112.dat
[2011/12/11 21:50:11 | 000,062,976 | ---- | C] () -- C:\Windows\System32\PrintBrmUi.exe
[2011/12/11 21:50:00 | 000,117,248 | ---- | C] () -- C:\Windows\System32\EhStorAuthn.dll
[2011/12/11 21:49:11 | 000,107,612 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchema.bin
[2011/12/11 21:49:11 | 000,018,904 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchemaTrivial.bin
[2011/12/04 23:39:49 | 000,031,744 | ---- | C] () -- C:\Users\Flore\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011/12/04 22:54:49 | 000,023,624 | ---- | C] () -- C:\Windows\System32\drivers\hitmanpro35.sys
[2011/12/04 21:30:11 | 000,356,352 | ---- | C] () -- C:\Windows\EMCRI.dll
[2011/12/04 21:26:00 | 000,049,152 | ---- | C] () -- C:\Windows\System32\ChCfg.exe
[2011/12/04 06:55:16 | 000,694,856 | ---- | C] () -- C:\Windows\System32\perfh00C.dat
[2011/12/04 06:55:16 | 000,340,236 | ---- | C] () -- C:\Windows\System32\perfi00C.dat
[2011/12/04 06:55:16 | 000,126,540 | ---- | C] () -- C:\Windows\System32\perfc00C.dat
[2011/12/04 06:55:16 | 000,037,390 | ---- | C] () -- C:\Windows\System32\perfd00C.dat
[2011/12/04 00:51:53 | 000,000,438 | RHS- | C] () -- C:\ProgramData\ntuser.pol
[2011/12/03 22:16:29 | 001,048,576 | -HS- | C] () -- C:\Users\Flore\NTUSER.bak
[2011/12/03 22:07:27 | 000,000,012 | ---- | C] () -- C:\Windows\bthservsdp.dat

========== Alternate Data Streams ==========

@Alternate Data Stream - 140 bytes -> C:\ProgramData\TEMP:AF4CCAAD

< End of report >

#15 ramaflore

ramaflore
  • Topic Starter

  • Members
  • 87 posts
  • OFFLINE
  •  
  • Local time:11:31 PM

Posted 24 July 2012 - 11:28 AM

I don't have the extra file. Where it's located ?

What do you mean by 'those products which do not encrypt the virus strings within them' ?

EAM and WSA aren't in conflict together. I don't know which one to uninstall. Maybe I will go along until my license expired.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users