Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

multiple virus infection


  • This topic is locked This topic is locked
32 replies to this topic

#1 ERIC78450

ERIC78450

  • Members
  • 20 posts
  • OFFLINE
  •  
  • Local time:01:54 AM

Posted 10 April 2013 - 09:53 AM

Hello everyone,

My PC is infected with several viruses and I can not delete them!
I encountered several blue screens situations that I fixed the first time in reinstalling the synaptics touchpad software and the second time by reinstalling the USB drivers.
I have had blue screens when connecting a USB HUB but no problem has occured when connecting directly an USB device to the PC.
I also notice that most of the virus are detected on my drive D: (Windows Backup) in the same zip file related to XP mode ... and more rarely on my drive C:, except today (virus detection history attached).

 

The viruses are not always detected, I can scan my C: drive several times without finding any virus.

Same to the drive D: (backup) ... I'm sure of something, one of more viruses appear on the D: drive after a Windows Backup operation.

 

I also tried to remove the viruses with Sophos and McAfee total protection without success ...

 

Thank you in advance for your help, I'm trapped !

Attached Files


Edited by ERIC78450, 11 April 2013 - 01:24 AM.


BC AdBot (Login to Remove)

 


#2 nasdaq

nasdaq

  • Malware Response Team
  • 39,179 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:07:54 PM

Posted 13 April 2013 - 08:11 AM

Hello, Welcome to BleepingComputer.
I'm nasdaq and will be helping you.

If you can please print this topic it will make it easier for you to follow the instructions and complete all of the necessary steps.
===
Please download ComboFix from any of the links below, and save it to your desktop. For information regarding this download, please visit this web page: http://www.bleepingcomputer.com/combofix/how-to-use-combofix
Link 1
Link 2

IMPORTANT !!! Save ComboFix.exe to your Desktop

1. Close any open browsers.
2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
3. Do not install any other programs until this if fixed.


How to : Disable Anti-virus and Firewall...
http://www.bleepingcomputer.com/forums/topic114351.html

Double click on ComboFix.exe and follow the prompts.
  • When finished, it will produce a report for you.
  • Please post the C:\ComboFix.txt
Note: Do not mouse click ComboFix's window while it's running. That may cause it to stall

Note: If you have difficulty properly disabling your protective programs, refer to this link --> http://www.bleepingcomputer.com/forums/topic114351.html

Note: If after running ComboFix you get this error message "Illegal operation attempted on a registry key that has been marked for deletion." when attempting to run a program all you need to do is restart the computer to reset the registry.
===

Third party programs if not up to date can be the cause of infiltration an infection.

Please run this security check for my review.

Download Security Check by screen317 from here.
  • Save it to your Desktop.
  • Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
  • A Notepad document should open automatically called checkup.txt; please post the contents of that document.
===

Search and delete the AdWare, PUP (Potentially Unwanted Program) installed on your computer.

Please download AdwCleaner by Xplode onto your Desktop.
  • Close all open programs and internet browsers.
  • Double click on AdwCleaner.exe to run the tool.
  • Click on Delete tab follow the prompts.
  • A log file will automatically open after the scan has finished.
  • Please post the content of that log file with your next answer.
  • You can find the log file at C:\AdwCleaner[Rn].txt (n is a number).
Please paste the logs in your next reply DO NOT ATTACH THEM.
Let me know what problem persists.

#3 ERIC78450

ERIC78450
  • Topic Starter

  • Members
  • 20 posts
  • OFFLINE
  •  
  • Local time:01:54 AM

Posted 13 April 2013 - 11:06 AM

Hi Nasdaq,

Thank you very much for your reply and for your interest in my case !

 

Reports below:

 

ComboFix 13-04-12.02 - Eric CARIOU 13/04/2013  17:44:23.2.8 - x64
Microsoft Windows 7 Édition Intégrale   6.1.7601.1.1252.33.1036.18.8089.3460 [GMT 2:00]
Lancé depuis: c:\users\Eric CARIOU\Desktop\ComboFix.exe
AV: Microsoft Security Essentials *Disabled/Updated* {3F839487-C7A2-C958-E30C-E2825BA31FB5}
SP: Microsoft Security Essentials *Disabled/Updated* {84E27563-E198-C6D6-D9BC-D9F020245508}
SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((   Autres suppressions   ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\programdata\1365835741.bdinstall.bin
c:\programdata\1365836486.bdinstall.bin
.
.
(((((((((((((((((((((((((((((   Fichiers créés du 2013-03-13 au 2013-04-13  ))))))))))))))))))))))))))))))))))))
.
.
2013-04-13 15:50 . 2013-04-13 15:50    --------    d-----w-    c:\users\Invité\AppData\Local\temp
2013-04-13 15:50 . 2013-04-13 15:50    --------    d-----w-    c:\users\Default\AppData\Local\temp
2013-04-13 09:28 . 2013-04-13 09:28    76232    ----a-w-    c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{7E8B2FDE-B6A5-4F15-9FBE-A99037A8AE82}\offreg.dll
2013-04-13 08:03 . 2013-03-14 21:28    9311288    ----a-w-    c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{7E8B2FDE-B6A5-4F15-9FBE-A99037A8AE82}\mpengine.dll
2013-04-13 08:01 . 2013-03-01 03:36    3153408    ----a-w-    c:\windows\system32\win32k.sys
2013-04-13 08:01 . 2013-01-24 06:01    223752    ----a-w-    c:\windows\system32\drivers\fvevol.sys
2013-04-13 08:01 . 2013-03-19 06:04    5550424    ----a-w-    c:\windows\system32\ntoskrnl.exe
2013-04-13 08:01 . 2013-03-19 05:46    43520    ----a-w-    c:\windows\system32\csrsrv.dll
2013-04-13 08:01 . 2013-03-19 05:04    3968856    ----a-w-    c:\windows\SysWow64\ntkrnlpa.exe
2013-04-13 08:01 . 2013-03-19 05:04    3913560    ----a-w-    c:\windows\SysWow64\ntoskrnl.exe
2013-04-13 08:01 . 2013-03-19 04:47    6656    ----a-w-    c:\windows\SysWow64\apisetschema.dll
2013-04-13 08:01 . 2013-03-19 03:06    112640    ----a-w-    c:\windows\system32\smss.exe
2013-04-13 07:56 . 2013-03-14 21:28    9311288    ----a-w-    c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2013-04-13 06:49 . 2013-04-13 08:39    --------    d-----w-    c:\program files\Bitdefender
2013-04-12 10:37 . 2013-04-12 19:14    --------    d-----w-    c:\program files\TAP-Windows
2013-04-12 10:37 . 2013-04-12 19:14    --------    d-----w-    c:\program files\OpenVPN
2013-04-11 19:53 . 2013-04-11 19:53    --------    d-----w-    c:\program files (x86)\Panda Security
2013-04-07 08:36 . 2013-04-07 08:36    --------    d-----w-    c:\programdata\Sophos
2013-04-07 08:36 . 2013-04-07 08:36    73728    ----a-r-    c:\users\Eric CARIOU\AppData\Roaming\Microsoft\Installer\{B829E117-D072-41EA-9606-9826A38D34C1}\SVRTgui.exe1_810EDD9E2F0A4E2BACF86673C38D9F48.exe
2013-04-07 08:36 . 2013-04-07 08:36    73728    ----a-r-    c:\users\Eric CARIOU\AppData\Roaming\Microsoft\Installer\{B829E117-D072-41EA-9606-9826A38D34C1}\SVRTgui.exe_810EDD9E2F0A4E2BACF86673C38D9F48.exe
2013-04-07 08:36 . 2013-04-07 08:36    73728    ----a-r-    c:\users\Eric CARIOU\AppData\Roaming\Microsoft\Installer\{B829E117-D072-41EA-9606-9826A38D34C1}\ARPPRODUCTICON.exe
2013-04-07 08:36 . 2013-04-07 08:36    --------    d-----w-    c:\program files (x86)\Sophos
2013-04-05 17:50 . 2013-04-05 17:50    310688    ----a-w-    c:\windows\system32\javaws.exe
2013-04-05 17:50 . 2013-04-05 17:50    1085344    ----a-w-    c:\windows\system32\npDeployJava1.dll
2013-04-05 17:50 . 2013-04-05 17:50    108448    ----a-w-    c:\windows\system32\WindowsAccessBridge-64.dll
2013-04-05 17:50 . 2013-04-05 17:50    188832    ----a-w-    c:\windows\system32\javaw.exe
2013-04-05 17:50 . 2013-04-05 17:50    188320    ----a-w-    c:\windows\system32\java.exe
2013-04-05 17:50 . 2013-04-05 17:50    --------    d-----w-    c:\program files (x86)\Common Files\Java
2013-04-05 17:50 . 2013-04-05 17:50    861088    ----a-w-    c:\windows\SysWow64\npDeployJava1.dll
2013-04-05 17:50 . 2013-04-05 17:50    95648    ----a-w-    c:\windows\SysWow64\WindowsAccessBridge-32.dll
2013-04-02 19:52 . 2013-04-02 19:52    972264    ------w-    c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{51A27425-2728-429B-8811-37C4B2829193}\gapaengine.dll
2013-04-02 19:52 . 2013-04-13 07:54    --------    d-----w-    c:\program files (x86)\Microsoft Security Client
2013-04-02 19:52 . 2013-04-13 07:54    --------    d-----w-    c:\program files\Microsoft Security Client
2013-04-02 11:27 . 2013-04-02 11:27    --------    d-----w-    c:\program files (x86)\Citrix
2013-04-02 11:04 . 2013-04-02 11:04    --------    d-----w-    c:\users\Eric CARIOU\AppData\Local\Citrix
2013-04-02 06:33 . 2013-04-02 14:54    --------    d-----w-    c:\program files\Common Files\McAfee
2013-04-01 17:33 . 2013-04-13 07:54    --------    d-----w-    c:\program files (x86)\Trend Micro
2013-04-01 16:53 . 2013-04-01 16:53    --------    d-----w-    c:\program files\Enigma Software Group
2013-04-01 16:52 . 2013-04-13 07:55    --------    d-----w-    c:\windows\6B6C4C461B7E4A419E70ACFBB22B1D81.TMP
2013-04-01 16:52 . 2013-04-13 07:54    --------    d-----w-    c:\program files (x86)\Common Files\Wise Installation Wizard
2013-03-31 17:39 . 2013-03-31 17:39    --------    d-----w-    c:\program files\LaCie
2013-03-30 11:34 . 2002-12-08 19:43    118850    ----a-w-    c:\windows\ctpu.exe
2013-03-30 11:34 . 2002-11-14 07:31    57344    ----a-w-    c:\windows\ResENU.dll
2013-03-28 16:12 . 2013-03-28 16:12    --------    d-----w-    c:\program files (x86)\Catamount Software
2013-03-23 19:43 . 2013-03-23 19:43    --------    d-----w-    c:\users\Eric CARIOU\AppData\Local\Licenses
2013-03-23 19:38 . 2013-03-23 19:38    --------    d-----w-    c:\programdata\TriDef 3D
2013-03-23 19:37 . 2013-03-23 21:08    --------    d-----w-    c:\programdata\DDD
2013-03-23 15:52 . 2013-03-23 15:52    --------    d-----w-    c:\users\Invité\Searches
2013-03-23 15:52 . 2013-03-23 15:52    --------    d-----w-    c:\users\Invité\Contacts
2013-03-23 14:38 . 2013-03-23 14:38    53248    ----a-r-    c:\users\Eric CARIOU\AppData\Roaming\Microsoft\Installer\{3EE9BCAE-E9A9-45E5-9B1C-83A4D357E05C}\ARPPRODUCTICON.exe
2013-03-23 14:26 . 2013-03-23 14:26    --------    d-----w-    c:\programdata\Synaptics
2013-03-23 14:23 . 2013-03-23 14:23    --------    d-----w-    c:\program files\Synaptics
2013-03-23 10:06 . 2013-03-23 10:06    --------    d-----w-    c:\users\Eric CARIOU\AppData\Roaming\Synaptics
2013-03-23 09:48 . 2013-03-23 09:48    849408    ----a-w-    c:\windows\system32\drivers\btmhsf.sys
2013-03-23 09:48 . 2013-03-23 09:48    60928    ----a-w-    c:\windows\system32\drivers\iBtFltCoex.sys
2013-03-23 09:48 . 2013-03-23 09:48    53632    ----a-w-    c:\windows\system32\opphelper.dll
2013-03-21 16:25 . 2013-03-21 16:25    --------    d-----w-    c:\windows\system32\EM680Manufacturers
2013-03-20 21:00 . 2013-03-20 21:00    333424    ----a-r-    c:\users\Eric CARIOU\AppData\Roaming\Microsoft\Installer\{F33D873A-5A8E-4E59-B9EF-2252FE160E93}\BOINCManagerShortc_A93DE976FB764046A81032A4C7BB0936.exe
2013-03-20 21:00 . 2013-03-20 21:00    333424    ----a-r-    c:\users\Eric CARIOU\AppData\Roaming\Microsoft\Installer\{F33D873A-5A8E-4E59-B9EF-2252FE160E93}\ARPPRODUCTICON.exe
2013-03-19 12:08 . 2013-03-19 16:04    --------    d-----w-    c:\programdata\PC1Data
2013-03-19 12:08 . 2013-03-19 12:05    5256944    ----a-w-    c:\windows\uninst.exe
2013-03-19 12:00 . 2013-03-19 12:00    --------    d-----w-    c:\users\Eric CARIOU\AppData\Roaming\SpeedyPC Software
2013-03-19 12:00 . 2013-03-19 12:00    --------    d-----w-    c:\users\Eric CARIOU\AppData\Roaming\DriverCure
2013-03-19 12:00 . 2013-03-19 16:06    --------    d-----w-    c:\programdata\SpeedyPC Software
2013-03-18 21:13 . 2013-03-18 21:13    --------    d-----w-    c:\users\Eric CARIOU\AppData\Local\Logishrd
2013-03-18 21:12 . 2013-03-23 16:07    --------    d-----w-    c:\programdata\Logitech
2013-03-18 21:12 . 2013-03-23 16:03    --------    d-----w-    c:\programdata\Logishrd
2013-03-16 16:48 . 2013-01-18 10:45    358456    ----a-w-    c:\windows\system32\drivers\iusb3hub.sys
.
.
.
((((((((((((((((((((((((((((((((((   Compte-rendu de Find3M   ))))))))))))))))))))))))))))))))))))))))))))))))
.
2013-04-13 08:05 . 2012-09-26 16:57    72702784    ----a-w-    c:\windows\system32\MRT.exe
2013-04-05 17:50 . 2012-09-17 03:42    963488    ----a-w-    c:\windows\system32\deployJava1.dll
2013-04-05 17:50 . 2012-09-17 03:42    782240    ----a-w-    c:\windows\SysWow64\deployJava1.dll
2013-03-23 15:33 . 2013-02-06 07:49    18960    ----a-w-    c:\windows\system32\drivers\LNonPnP.sys
2013-03-13 18:10 . 2012-09-17 03:49    73432    ----a-w-    c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2013-03-13 18:10 . 2012-09-17 03:49    693976    ----a-w-    c:\windows\SysWow64\FlashPlayerApp.exe
2013-03-13 10:06 . 2013-03-13 10:06    1054720    ----a-w-    c:\windows\system32\MsSpellCheckingFacility.exe
2013-03-13 10:06 . 2013-03-13 10:06    73728    ----a-w-    c:\windows\SysWow64\SetIEInstalledDate.exe
2013-03-13 10:06 . 2013-03-13 10:06    719360    ----a-w-    c:\windows\SysWow64\mshtmlmedia.dll
2013-03-13 10:06 . 2013-03-13 10:06    523264    ----a-w-    c:\windows\SysWow64\vbscript.dll
2013-03-13 10:06 . 2013-03-13 10:06    48640    ----a-w-    c:\windows\SysWow64\mshtmler.dll
2013-03-13 10:06 . 2013-03-13 10:06    38400    ----a-w-    c:\windows\SysWow64\imgutil.dll
2013-03-13 10:06 . 2013-03-13 10:06    226304    ----a-w-    c:\windows\system32\elshyph.dll
2013-03-13 10:06 . 2013-03-13 10:06    185344    ----a-w-    c:\windows\SysWow64\elshyph.dll
2013-03-13 10:06 . 2013-03-13 10:06    158720    ----a-w-    c:\windows\SysWow64\msls31.dll
2013-03-13 10:06 . 2013-03-13 10:06    150528    ----a-w-    c:\windows\SysWow64\iexpress.exe
2013-03-13 10:06 . 2013-03-13 10:06    138752    ----a-w-    c:\windows\SysWow64\wextract.exe
2013-03-13 10:06 . 2013-03-13 10:06    137216    ----a-w-    c:\windows\SysWow64\ieUnatt.exe
2013-03-13 10:06 . 2013-03-13 10:06    12800    ----a-w-    c:\windows\SysWow64\mshta.exe
2013-03-13 10:06 . 2013-03-13 10:06    110592    ----a-w-    c:\windows\SysWow64\IEAdvpack.dll
2013-03-13 10:06 . 2013-03-13 10:06    97280    ----a-w-    c:\windows\system32\mshtmled.dll
2013-03-13 10:06 . 2013-03-13 10:06    905728    ----a-w-    c:\windows\system32\mshtmlmedia.dll
2013-03-13 10:06 . 2013-03-13 10:06    81408    ----a-w-    c:\windows\system32\icardie.dll
2013-03-13 10:06 . 2013-03-13 10:06    762368    ----a-w-    c:\windows\system32\ieapfltr.dll
2013-03-13 10:06 . 2013-03-13 10:06    61952    ----a-w-    c:\windows\SysWow64\tdc.ocx
2013-03-13 10:06 . 2013-03-13 10:06    599552    ----a-w-    c:\windows\system32\vbscript.dll
2013-03-13 10:06 . 2013-03-13 10:06    452096    ----a-w-    c:\windows\system32\dxtmsft.dll
2013-03-13 10:06 . 2013-03-13 10:06    441856    ----a-w-    c:\windows\system32\html.iec
2013-03-13 10:06 . 2013-03-13 10:06    361984    ----a-w-    c:\windows\SysWow64\html.iec
2013-03-13 10:06 . 2013-03-13 10:06    281600    ----a-w-    c:\windows\system32\dxtrans.dll
2013-03-13 10:06 . 2013-03-13 10:06    27648    ----a-w-    c:\windows\system32\licmgr10.dll
2013-03-13 10:06 . 2013-03-13 10:06    270848    ----a-w-    c:\windows\system32\iedkcs32.dll
2013-03-13 10:06 . 2013-03-13 10:06    247296    ----a-w-    c:\windows\system32\webcheck.dll
2013-03-13 10:06 . 2013-03-13 10:06    235008    ----a-w-    c:\windows\system32\url.dll
2013-03-13 10:06 . 2013-03-13 10:06    23040    ----a-w-    c:\windows\SysWow64\licmgr10.dll
2013-03-13 10:06 . 2013-03-13 10:06    216064    ----a-w-    c:\windows\system32\msls31.dll
2013-03-13 10:06 . 2013-03-13 10:06    197120    ----a-w-    c:\windows\system32\msrating.dll
2013-03-13 10:06 . 2013-03-13 10:06    167424    ----a-w-    c:\windows\system32\iexpress.exe
2013-03-13 10:06 . 2013-03-13 10:06    1509376    ----a-w-    c:\windows\system32\inetcpl.cpl
2013-03-13 10:06 . 2013-03-13 10:06    144896    ----a-w-    c:\windows\system32\wextract.exe
2013-03-13 10:06 . 2013-03-13 10:06    1441280    ----a-w-    c:\windows\SysWow64\inetcpl.cpl
2013-03-13 10:06 . 2013-03-13 10:06    1400416    ----a-w-    c:\windows\system32\ieapfltr.dat
2013-03-13 10:06 . 2013-03-13 10:06    102912    ----a-w-    c:\windows\system32\inseng.dll
2013-03-13 10:06 . 2013-03-13 10:06    92160    ----a-w-    c:\windows\system32\SetIEInstalledDate.exe
2013-03-13 10:06 . 2013-03-13 10:06    77312    ----a-w-    c:\windows\system32\tdc.ocx
2013-03-13 10:06 . 2013-03-13 10:06    62976    ----a-w-    c:\windows\system32\pngfilt.dll
2013-03-13 10:06 . 2013-03-13 10:06    52224    ----a-w-    c:\windows\system32\msfeedsbs.dll
2013-03-13 10:06 . 2013-03-13 10:06    51200    ----a-w-    c:\windows\system32\imgutil.dll
2013-03-13 10:06 . 2013-03-13 10:06    48640    ----a-w-    c:\windows\system32\mshtmler.dll
2013-03-13 10:06 . 2013-03-13 10:06    173568    ----a-w-    c:\windows\system32\ieUnatt.exe
2013-03-13 10:06 . 2013-03-13 10:06    149504    ----a-w-    c:\windows\system32\occache.dll
2013-03-13 10:06 . 2013-03-13 10:06    13824    ----a-w-    c:\windows\system32\mshta.exe
2013-03-13 10:06 . 2013-03-13 10:06    136192    ----a-w-    c:\windows\system32\iepeers.dll
2013-03-13 10:06 . 2013-03-13 10:06    135680    ----a-w-    c:\windows\system32\IEAdvpack.dll
2013-03-13 10:06 . 2013-03-13 10:06    12800    ----a-w-    c:\windows\system32\msfeedssync.exe
2013-03-12 17:32 . 2013-03-12 17:32    1073808    ----a-w-    c:\windows\boinc.scr
2013-03-11 23:10 . 2010-11-21 03:27    282744    ------w-    c:\windows\system32\MpSigStub.exe
2013-02-20 20:03 . 2013-02-20 20:03    769168    ----a-w-    c:\windows\system32\drivers\Rt64win7.sys
2013-02-20 20:03 . 2013-02-20 20:03    74344    ----a-w-    c:\windows\system32\RtNicProp64.dll
2013-02-20 20:03 . 2012-09-17 03:37    107552    ----a-w-    c:\windows\system32\RTNUninst64.dll
2013-02-12 05:45 . 2013-03-13 08:58    135168    ----a-w-    c:\windows\apppatch\AppPatch64\AcXtrnal.dll
2013-02-12 05:45 . 2013-03-13 08:58    350208    ----a-w-    c:\windows\apppatch\AppPatch64\AcLayers.dll
2013-02-12 05:45 . 2013-03-13 08:58    308736    ----a-w-    c:\windows\apppatch\AppPatch64\AcGenral.dll
2013-02-12 05:45 . 2013-03-13 08:58    111104    ----a-w-    c:\windows\apppatch\AppPatch64\acspecfc.dll
2013-02-12 04:48 . 2013-03-13 08:58    474112    ----a-w-    c:\windows\apppatch\AcSpecfc.dll
2013-02-12 04:48 . 2013-03-13 08:58    2176512    ----a-w-    c:\windows\apppatch\AcGenral.dll
2013-02-12 04:12 . 2013-03-13 09:39    19968    ----a-w-    c:\windows\system32\drivers\usb8023.sys
2013-02-11 11:01 . 2013-02-11 11:01    791608    ----a-w-    c:\windows\system32\drivers\iusb3xhc.sys
2013-02-06 07:49 . 2013-02-06 07:49    30736    ----a-w-    c:\windows\system32\drivers\L8042Kbd.sys
2013-01-31 05:08 . 2013-01-31 05:08    467184    ----a-w-    c:\windows\system32\drivers\SynTP.sys
2013-01-31 05:08 . 2013-01-31 05:08    114416    ----a-w-    c:\windows\SysWow64\SynTPCOM.dll
2013-01-31 05:08 . 2013-01-31 05:08    229616    ----a-w-    c:\windows\system32\SynTPAPI.dll
2013-01-31 05:08 . 2013-01-31 05:08    180464    ----a-w-    c:\windows\system32\SynTPCo16.dll
2013-01-31 05:08 . 2013-01-31 05:08    532208    ----a-w-    c:\windows\SysWow64\SynCOM.dll
2013-01-31 05:08 . 2012-04-10 19:45    1035504    ----a-w-    c:\windows\system32\SynCOM.dll
2013-01-25 09:34 . 2013-02-01 16:00    92184    ----a-w-    c:\programdata\Microsoft\BingDesktop\Updater\BingDesktopRestarter.exe
2013-01-20 13:59 . 2013-01-20 13:59    230320    ----a-w-    c:\windows\system32\drivers\MpFilter.sys
2013-01-20 13:59 . 2013-01-20 13:59    130008    ----a-w-    c:\windows\system32\drivers\NisDrvWFP.sys
2013-01-19 09:29 . 2012-09-17 03:50    29480    ----a-w-    c:\windows\SysWow64\msxml3a.dll
2013-01-18 11:41 . 2013-01-18 11:41    829264    ----a-w-    c:\windows\system32\msvcr100.dll
2013-01-18 11:41 . 2013-01-18 11:41    773968    ----a-w-    c:\windows\SysWow64\msvcr100.dll
2013-01-18 11:41 . 2013-01-18 11:41    608080    ----a-w-    c:\windows\system32\msvcp100.dll
2013-01-18 11:41 . 2013-01-18 11:41    421200    ----a-w-    c:\windows\SysWow64\msvcp100.dll
2013-01-13 21:17 . 2013-02-27 09:56    9728    ---ha-w-    c:\windows\SysWow64\api-ms-win-downlevel-shlwapi-l1-1-0.dll
2013-01-13 21:17 . 2013-02-27 09:56    2560    ---ha-w-    c:\windows\SysWow64\api-ms-win-downlevel-normaliz-l1-1-0.dll
2013-01-13 21:16 . 2013-02-27 09:56    10752    ---ha-w-    c:\windows\SysWow64\api-ms-win-downlevel-advapi32-l1-1-0.dll
2013-01-13 21:12 . 2013-02-27 09:56    3584    ---ha-w-    c:\windows\SysWow64\api-ms-win-downlevel-advapi32-l2-1-0.dll
2013-01-13 21:11 . 2013-02-27 09:56    4096    ---ha-w-    c:\windows\SysWow64\api-ms-win-downlevel-user32-l1-1-0.dll
2013-01-13 21:11 . 2013-02-27 09:56    5632    ---ha-w-    c:\windows\SysWow64\api-ms-win-downlevel-ole32-l1-1-0.dll
2013-01-13 21:11 . 2013-02-27 09:56    5632    ---ha-w-    c:\windows\SysWow64\api-ms-win-downlevel-shlwapi-l2-1-0.dll
2013-01-13 21:11 . 2013-02-27 09:56    3072    ---ha-w-    c:\windows\SysWow64\api-ms-win-downlevel-version-l1-1-0.dll
2013-01-13 21:11 . 2013-02-27 09:56    3072    ---ha-w-    c:\windows\SysWow64\api-ms-win-downlevel-shell32-l1-1-0.dll
2013-01-13 20:35 . 2013-02-27 09:56    9728    ---ha-w-    c:\windows\system32\api-ms-win-downlevel-shlwapi-l1-1-0.dll
2013-01-13 20:35 . 2013-02-27 09:56    2560    ---ha-w-    c:\windows\system32\api-ms-win-downlevel-normaliz-l1-1-0.dll
2013-01-13 20:35 . 2013-02-27 09:56    10752    ---ha-w-    c:\windows\system32\api-ms-win-downlevel-advapi32-l1-1-0.dll
2013-01-13 20:32 . 2013-02-27 09:56    3584    ---ha-w-    c:\windows\system32\api-ms-win-downlevel-advapi32-l2-1-0.dll
2013-01-13 20:31 . 2013-02-27 09:56    4096    ---ha-w-    c:\windows\system32\api-ms-win-downlevel-user32-l1-1-0.dll
2013-01-13 20:31 . 2013-02-27 09:56    5632    ---ha-w-    c:\windows\system32\api-ms-win-downlevel-ole32-l1-1-0.dll
2013-01-13 20:31 . 2013-02-27 09:56    5632    ---ha-w-    c:\windows\system32\api-ms-win-downlevel-shlwapi-l2-1-0.dll
2013-01-13 20:31 . 2013-02-27 09:56    3072    ---ha-w-    c:\windows\system32\api-ms-win-downlevel-version-l1-1-0.dll
.
.
(((((((((((((((((((((((((((((((((   Points de chargement Reg   ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés
REGEDIT4
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar]
"{2a93ced7-6418-4594-bd8a-007c7fe99612}"= "mscoree.dll" [2010-11-21 297808]
.
[HKEY_CLASSES_ROOT\clsid\{2a93ced7-6418-4594-bd8a-007c7fe99612}]
[HKEY_CLASSES_ROOT\Systran7.IEPlugin]
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"iCloudServices"="c:\program files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe" [2013-04-05 59720]
"ApplePhotoStreams"="c:\program files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe" [2013-04-05 59720]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2010-11-21 1475584]
"Skype"="c:\program files (x86)\Skype\Phone\Skype.exe" [2013-01-08 18705664]
"boincmgr"="c:\program files\BOINC\boincmgr.exe" [2013-03-12 5868688]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"Norton Ghost 15.0"="c:\program files (x86)\Norton Ghost\Agent\VProTray.exe" [2010-03-03 2598760]
"EgisTecPMMUpdate"="c:\program files (x86)\EgisTec IPS\PmmUpdate.exe" [2010-09-17 407920]
"EgisUpdate"="c:\program files (x86)\EgisTec IPS\EgisUpdate.exe" [2010-09-17 201584]
"MWLTSR"="c:\program files (x86)\EgisTec MyWinLocker\MWLTSR.exe" [2010-11-08 125808]
"APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2013-01-28 59720]
"AirPort Base Station Agent"="c:\program files (x86)\AirPort\APAgent.exe" [2009-11-11 771360]
"BDRegion"="c:\program files (x86)\Cyberlink\Shared files\brs.exe" [2012-06-29 78352]
"IAStorIcon"="c:\program files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIconLaunch.exe" [2012-02-29 56088]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2012-07-03 252848]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"IsMyWinLockerReboot"="msiexec.exe" [2010-11-21 73216]
.
c:\users\Eric CARIOU\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
HotSync Manager.lnk - c:\program files (x86)\palmOne\HOTSYNC.EXE [2004-4-13 299008]
OpenVPN GUI.lnk - c:\program files (x86)\OpenVPN\bin\openvpn-gui-1.0.3.exe [2011-12-15 104712]
Spamihilator.lnk - c:\program files\Spamihilator\spamihilator.exe [2013-1-18 2472448]
taskmgr - Raccourci.lnk - c:\windows\System32\taskmgr.exe [2010-11-21 257024]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Logitech SetPoint.lnk - c:\program files\Logitech\SetPoint\SetPoint.exe [2013-3-23 1207312]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 0 (0x0)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)
"DelayedDesktopSwitchTimeout"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"NoWelcomeScreen"= 1 (0x1)
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\run-]
"Powersuite Monitor"="c:\program files (x86)\Uniblue\Powersuite\powersuite_monitor.exe"
"<NO NAME>"=
"Adobe Acrobat Speed Launcher"="c:\program files (x86)\Adobe\Acrobat 10.0\Acrobat\Acrobat_sl.exe"
.
R2 BBSvc;BingBar Service;c:\program files (x86)\Microsoft\BingBar\7.1.391.0\BBSvc.exe [2012-06-11 193616]
R2 CLKMSVC10_9EC60124;CyberLink Product - 2013/01/19 10:30;c:\program files (x86)\CyberLink\PowerDVD9\NavFilter\kmsvc.exe [2012-06-29 243728]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe [2013-01-08 161536]
R3 AceecaUSBDx64;AceecaUSBDx64;c:\windows\system32\DRIVERS\AceecaUSBDx64.sys [2012-09-27 66552]
R3 AMPPALP;Protocole Intel® Centrino® Wireless Bluetooth® + High Speed;c:\windows\system32\DRIVERS\amppal.sys [2012-12-08 163368]
R3 AtiHDAudioService;AMD Function Driver for HD Audio Service;c:\windows\system32\drivers\AtihdW76.sys [2012-04-25 96896]
R3 Bluetooth Media Service;Bluetooth Media Service;c:\program files (x86)\Intel\Bluetooth\mediasrv.exe [2011-12-19 1304912]
R3 cpudrv64;cpudrv64;c:\program files (x86)\SystemRequirementsLab\cpudrv64.sys [2011-06-02 17864]
R3 dmvsc;dmvsc;c:\windows\system32\drivers\dmvsc.sys [2010-11-21 71168]
R3 GamesAppService;GamesAppService;c:\program files (x86)\WildTangent Games\App\GamesAppService.exe [2010-10-12 206072]
R3 GenericMount Helper Service;GenericMount Helper Service;c:\program files (x86)\Norton Ghost\Shared\Drivers\GenericMountHelperx64.exe [2010-02-12 2227216]
R3 intaud_WaveExtensible;Intel WiDi Audio Device;c:\windows\system32\drivers\intelaud.sys [2012-02-28 34232]
R3 MyWiFiDHCPDNS;Wireless PAN DHCP Server;c:\program files\Intel\WiFi\bin\PanDhcpDns.exe [2012-12-03 272176]
R3 NisDrv;Microsoft Network Inspection System;c:\windows\system32\DRIVERS\NisDrvWFP.sys [2013-01-20 130008]
R3 NisSrv;Inspection du réseau Microsoft;c:\program files\Microsoft Security Client\NisSrv.exe [2013-01-27 379360]
R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys [2012-08-23 19456]
R3 RSPCIESTOR;Realtek PCIE CardReader Driver;c:\windows\system32\DRIVERS\RtsPStor.sys [2012-12-29 340112]
R3 SmbDrvI;SmbDrvI; [x]
R3 Sony PC Companion;Sony PC Companion;c:\program files (x86)\Sony\Sony PC Companion\PCCService.exe [2013-02-04 155824]
R3 Symantec SymSnap VSS Provider;Symantec SymSnap VSS Provider;c:\windows\system32\dllhost.exe [2009-07-14 9728]
R3 Synth3dVsc;Synth3dVsc;c:\windows\system32\drivers\synth3dvsc.sys [2010-11-21 88960]
R3 tapoas;TAP-Win32 Adapter OAS;c:\windows\system32\DRIVERS\tapoas.sys [2012-07-15 30720]
R3 terminpt;Microsoft Remote Desktop Input Driver;c:\windows\system32\drivers\terminpt.sys [2012-08-23 29696]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2012-08-23 57856]
R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys [2012-08-23 30208]
R3 tsusbhub;tsusbhub;c:\windows\system32\drivers\tsusbhub.sys [2010-11-21 117248]
R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys [2012-12-13 54784]
R3 VBoxNetAdp;VirtualBox Host-Only Ethernet Adapter;c:\windows\system32\DRIVERS\VBoxNetAdp.sys [2012-09-13 131416]
R3 VBoxNetFlt;VirtualBox Bridged Networking Service; [x]
R3 VBoxUSB;VirtualBox USB;c:\windows\system32\Drivers\VBoxUSB.sys [2012-09-13 105816]
R3 VGPU;VGPU; [x]
R3 vpcuxd;Service stub de virtualisation USB;c:\windows\system32\DRIVERS\vpcuxd.sys [2010-11-20 16384]
R3 WatAdminSvc;Service Windows Activation Technologies;c:\windows\system32\Wat\WatAdminSvc.exe [2012-09-26 1255736]
R4 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service; [x]
R4 McComponentHostServiceSony;McAfee Security Scan Component Host Service for Sony;c:\program files (x86)\Sony\MSS\3.0.271\McCHSvc.exe [2012-03-30 237328]
R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe [2010-09-22 57184]
S0 iaStorA;iaStorA;c:\windows\system32\DRIVERS\iaStorA.sys [2012-12-29 647736]
S0 iaStorF;iaStorF;c:\windows\system32\DRIVERS\iaStorF.sys [2012-12-29 28216]
S0 iusb3hcs;Pilote de commutateur de contrôleur d'hôte Intel® USB 3.0;c:\windows\system32\DRIVERS\iusb3hcs.sys [2012-03-09 16152]
S0 mv61xx;mv61xx;c:\windows\system32\drivers\mv61xx.sys [2011-04-25 182576]
S0 PxHlpa64;PxHlpa64;c:\windows\System32\Drivers\PxHlpa64.sys [2011-05-24 55952]
S1 mwlPSDFilter;mwlPSDFilter;c:\windows\system32\DRIVERS\mwlPSDFilter.sys [2012-10-30 22912]
S1 mwlPSDNServ;mwlPSDNServ;c:\windows\system32\DRIVERS\mwlPSDNServ.sys [2012-10-30 20328]
S1 mwlPSDVDisk;mwlPSDVDisk;c:\windows\system32\DRIVERS\mwlPSDVDisk.sys [2012-10-30 62584]
S2 ActiveDelayDeviceService;ActiveDelayDeviceService;c:\program files (x86)\Sony\VAIO Boot Manager\ActiveDelayDeviceService.exe [2012-03-20 78472]
S2 AMPPALR3;Intel® Centrino® Wireless Bluetooth® + High Speed Service;c:\program files\Intel\BluetoothHS\BTHSAmpPalService.exe [2012-12-08 753704]
S2 BingDesktopUpdate;Bing Desktop Update service;c:\program files (x86)\Microsoft\BingDesktop\BingDesktopUpdater.exe [2013-03-07 168536]
S2 Bluetooth Device Monitor;Bluetooth Device Monitor;c:\program files (x86)\Intel\Bluetooth\devmonsrv.exe [2011-12-19 1014096]
S2 Bluetooth OBEX Service;Bluetooth OBEX Service;c:\program files (x86)\Intel\Bluetooth\obexsrv.exe [2011-12-19 1104208]
S2 BTHSSecurityMgr;Intel® Centrino® Wireless Bluetooth® + High Speed Security Service;c:\program files\Intel\BluetoothHS\BTHSSecurityMgr.exe [2012-09-12 135984]
S2 EgisTec Ticket Service;EgisTec Ticket Service;c:\program files (x86)\Common Files\EgisTec\Services\EgisTicketService.exe [2010-11-08 172912]
S2 FPLService;TrueSuiteService;c:\program files\AuthenTec TrueSuite\TrueSuiteService.exe [2012-02-20 300360]
S2 GobiQDLService;Qualcomm Gobi Anywhere Download Service;c:\program files (x86)\Huawei\Gobi\GobiQDLService\GobiQDLService.exe [2011-03-04 318464]
S2 IAStorDataMgrSvc;Intel® Rapid Storage Technology;c:\program files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe [2012-02-01 13592]
S2 IconMan_R;IconMan_R;c:\program files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe [2012-02-23 2429544]
S2 Intel® Capability Licensing Service Interface;Intel® Capability Licensing Service Interface;c:\program files\Intel\iCLS Client\HeciServer.exe [2012-02-02 628448]
S2 Intel® ME Service;Intel® ME Service;c:\program files (x86)\Intel\Intel® Management Engine Components\FWService\IntelMeFWService.exe [2012-03-23 127320]
S2 jhi_service;Intel® Dynamic Application Loader Host Interface Service;c:\program files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe [2012-03-23 162648]
S2 L4301_Solar;Logitech Solar Keyboard Service;c:\program files\Logitech\SolarApp\L4301_Solar.exe [2010-10-26 403536]
S2 LaCieDesktopManagerService;LaCieDesktopManagerService;c:\program files\LaCie\Desktop Manager\lacie_dm_service.exe [2013-01-02 1379840]
S2 NitroDriverReadSpool8;NitroPDFDriverCreatorReadSpool8;c:\program files\Common Files\Nitro\Pro\8.0\NitroPDFDriverService8x64.exe [2012-10-09 230408]
S2 nlsX86cc;Nalpeiron Licensing Service;c:\windows\SysWOW64\NLSSRV32.EXE [2012-10-09 69640]
S2 PCloudd;PCloudd;c:\program files (x86)\LenovoEMC Storage Manager\pCloudd.exe [2012-12-12 221048]
S2 QPCopyEngine;QPCopyEngine;c:\program files\Iomega\QuikProtect\QpMonitor.exe [2010-06-24 394544]
S2 RtkAudioService;Realtek Audio Service;c:\program files\Realtek\Audio\HDA\RtkAudioService64.exe [2012-03-02 199272]
S2 SampleCollector;VAIO Care Performance Service;c:\program files\Sony\VAIO Care\VCPerfService.exe [2012-08-06 156672]
S2 SBSDWSCService;SBSD Security Center Service;c:\program files (x86)\Spybot - Search & Destroy\SDWinSec.exe [2009-01-26 1153368]
S2 SwiService;Sierra Wireless Service;c:\program files (x86)\Sierra Wireless Inc\QMIPackage\Utils\SWIService.exe [2012-01-13 152944]
S2 sxuptp;SXUPTP Driver;c:\windows\system32\DRIVERS\sxuptp.sys [2011-07-11 294400]
S2 TwonkyMedia;TwonkyMedia;c:\program files (x86)\TwonkyMedia\twonkymediaserverwatchdog.exe [2012-02-03 512840]
S2 TwonkyWebDav;TwonkyWebDav;c:\program files (x86)\TwonkyMedia\twonkywebdav.exe [2012-02-03 250696]
S2 UNS;Intel® Management and Security Application User Notification Service;c:\program files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe [2012-03-23 362840]
S2 VAIO Power Management;VAIO Power Management;c:\program files\Sony\VAIO Power Management\SPMService.exe [2012-01-10 535688]
S2 VSNService;VSNService;c:\program files\Sony\VAIO Smart Network\VSNService.exe [2012-03-26 978056]
S2 WTGService;WTGService;c:\program files (x86)\OneClickInternet\WTGService.exe [2011-03-09 342984]
S2 ZeroConfigService;Intel® PROSet/Wireless Zero Configuration Service;c:\program files\Intel\WiFi\bin\ZeroConfigService.exe [2012-12-03 3386160]
S3 ALSysIO;ALSysIO;c:\users\ERICCA~1\AppData\Local\Temp\ALSysIO64.sys [x]
S3 AMPPAL;Carte réseau virtuelle Intel® Centrino® Wireless Bluetooth® + High Speed;c:\windows\system32\DRIVERS\AMPPAL.sys [2012-12-08 163368]
S3 ATSwpWDF;AuthenTec TruePrint WBF Driver;c:\windows\system32\DRIVERS\ATSwpWDF.sys [2011-08-19 1050016]
S3 BBUpdate;BBUpdate;c:\program files (x86)\Microsoft\BingBar\7.1.391.0\SeaPort.exe [2012-06-11 240208]
S3 btmaux;Intel Bluetooth Auxiliary Service;c:\windows\system32\DRIVERS\btmaux.sys [2011-12-13 94720]
S3 btmhsf;btmhsf;c:\windows\system32\DRIVERS\btmhsf.sys [2013-03-23 849408]
S3 GenericMount;Generic Mount Driver;c:\windows\system32\DRIVERS\GenericMount.sys [2010-02-12 66608]
S3 gobi3kfilter;Qualcomm Gobi 3000 USB Composite Device Filter Driver;c:\windows\system32\DRIVERS\gobi3kfilter.sys [2010-12-13 34304]
S3 gobi3kmbb;Qualcomm Gobi 3000 USB-NDIS 6.20 miniport;c:\windows\system32\DRIVERS\gobi3kmbb.sys [2011-04-21 399872]
S3 gobi3kserial;Qualcomm Gobi 3000 USB Device for Legacy Serial Communication;c:\windows\system32\DRIVERS\gobi3kserial.sys [2010-12-13 233984]
S3 ibtfltcoex;ibtfltcoex;c:\windows\system32\DRIVERS\iBtFltCoex.sys [2013-03-23 60928]
S3 IntcDAud;Intel® Display Audio;c:\windows\system32\DRIVERS\IntcDAud.sys [2012-04-25 331264]
S3 intelkmd;intelkmd;c:\windows\system32\DRIVERS\igdpmd64.sys [2012-04-25 14748416]
S3 iusb3hub;Pilote de concentrateur Intel® USB 3.0;c:\windows\system32\DRIVERS\iusb3hub.sys [2013-01-18 358456]
S3 iusb3xhc;Pilote du contrôleur d'hôte extensible Intel® USB 3.0;c:\windows\system32\DRIVERS\iusb3xhc.sys [2013-02-11 791608]
S3 iwdbus;IWD Bus Enumerator;c:\windows\system32\DRIVERS\iwdbus.sys [2012-02-28 25496]
S3 LEqdUsb;Logitech SetPoint Unifying KMDF USB Filter;c:\windows\system32\DRIVERS\LEqdUsb.Sys [2009-06-17 74256]
S3 LHidEqd;Logitech SetPoint Unifying KMDF HID Filter;c:\windows\system32\DRIVERS\LHidEqd.Sys [2009-06-17 13328]
S3 QsFsFltr;QsFsFltr;c:\windows\system32\DRIVERS\QsFsFltr.sys [2010-06-24 22584]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [2013-02-20 769168]
S3 SFEP;Sony Firmware Extension Parser;c:\windows\system32\DRIVERS\SFEP.sys [2012-01-16 14336]
S3 SymSnapService;SymSnapService;c:\program files (x86)\Norton Ghost\Shared\Drivers\SymSnapServicex64.exe [2010-02-11 2963960]
S3 VCService;VCService;c:\program files\Sony\VAIO Care\VCService.exe [2012-10-12 54760]
S3 vNICdrv;Iomega Virtual Miniport;c:\windows\system32\DRIVERS\vNICdrv.sys [2012-09-09 20048]
S3 VUAgent;VUAgent;c:\program files\Sony\VAIO Update\VUAgent.exe [2012-10-26 1286784]
.
.
--- Autres Services/Pilotes en mémoire ---
.
*NewlyCreated* - ALSYSIO
*Deregistered* - CLKMDRV10_9EC60124
.
Contenu du dossier 'Tâches planifiées'
.
2013-04-13 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-09-17 18:10]
.
2013-04-13 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-10-08 03:22]
.
2013-04-13 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-10-08 03:22]
.
2013-04-13 c:\windows\Tasks\powersuite_monitor.job
- c:\program files (x86)\Uniblue\Powersuite\powersuite_monitor.exe [2012-09-30 02:38]
.
2013-04-07 c:\windows\Tasks\Spybot - Search & Destroy -  Scheduled Task.job
- c:\program files (x86)\Spybot - Search & Destroy\SpybotSD.exe [2012-10-01 13:31]
.
2013-04-07 c:\windows\Tasks\Spybot - Search & Destroy Updater -  Scheduled Task.job
- c:\program files (x86)\Spybot - Search & Destroy\SDUpdate.exe [2012-10-01 13:31]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RtHDVBg_Dolby"="c:\program files\Realtek\Audio\HDA\RAVBg64.exe" [2012-03-02 1158248]
"RtHDVBg"="c:\program files\Realtek\Audio\HDA\RAVBg64.exe" [2012-03-02 1158248]
"QuiKProtect"="c:\program files\Iomega\QuikProtect\StartQuikProtect.exe" [2010-06-24 58672]
"boinctray"="c:\program files\BOINC\boinctray.exe" [2013-03-12 72336]
"SynTPEnh"="c:\program files (x86)\Synaptics\SynTP\SynTPEnh.exe" [BU]
"Kernel and Hardware Abstraction Layer"="KHALMNPR.EXE" [2009-06-17 130576]
"LaCie Desktop Manager Launcher"="c:\program files\LaCie\Desktop Manager\lacie_launcherd.exe" [BU]
"MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2013-01-27 1281512]
.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost  - LocalService
FontCache
.
------- Examen supplémentaire -------
.
uStart Page = hxxp://vaioportal.sony.eu
uLocal Page = c:\windows\system32\blank.htm
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = <local>
IE: &Envoyer à OneNote - c:\progra~2\MICROS~2\Office14\ONBttnIE.dll/105
IE: Ajouter la cible du lien à un fichier PDF existant - c:\program files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Ajouter à un fichier PDF existant - c:\program files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppend.html
IE: Consulter les dictionnaires (SYSTRAN) - c:\program files (x86)\SYSTRAN\Desktop\\GUIres.dll/lookup.js
IE: Convertir au format Adobe PDF - c:\program files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECapture.html
IE: Convertir la cible du lien au format Adobe PDF - c:\program files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: E&xporter vers Microsoft Excel - c:\progra~2\MICROS~2\Office14\EXCEL.EXE/3000
IE: Traduire (SYSTRAN) - c:\program files (x86)\SYSTRAN\Desktop\\GUIres.dll/translate.js
TCP: DhcpNameServer = 192.168.0.254
TCP: Interfaces\{41D72894-860E-4A86-8DB9-0A75905C019A}: NameServer = 8.8.8.8,8.8.4.4,4.2.2.1,4.2.2.2,208.67.222.222,208.67.220.220,8.26.56.26,8.20.247.20,156.154.70.1,156.154.71.1
TCP: Interfaces\{C114F508-4967-4D94-8BB0-6A032259E414}: NameServer = 192.168.1.35
FF - ProfilePath - c:\users\Eric CARIOU\AppData\Roaming\Mozilla\Firefox\Profiles\oagrga6b.default\
FF - prefs.js: browser.startup.homepage - hxxps://news.google.fr/news?pz=1&zx=dravv379l1x4&ned=fr&hl=fr&q
.
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\SampleCollector]
"ImagePath"="\"c:\program files\Sony\VAIO Care\VCPerfService.exe\" \"/service\" \"/sstates\" \"/sampleinterval=10000\" \"/procinterval=5\" \"/dllinterval=120\" \"/counter=\Processor(_Total)\% Processor Time:1\" \"/counter=\PhysicalDisk(_Total)\Disk Bytes/sec:1\" \"/counter=\Network Interface(*)\Bytes Total/sec:1\" \"/expandcounter=\Processor Information(*)\Processor Frequency:1\" \"&\" \"/expandcounter=\Processor(*)\% Idle Time:1\" \"/expandcounter=\Processor(*)\% C1 Time:1\" \"/expandcounter=\Processor(*)\% C2 Time:1\" \"/expandcounter=\Processor(*)\%C3 & Time:1\" \"/expandcounter=\Processor(*)\% Processor Time:1\" \"/directory=c:\programdata\Sony Corporation\VAIO Care\inteldata\""
.
--------------------- CLES DE REGISTRE BLOQUEES ---------------------
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_6_602_180_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_6_602_180_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_6_602_180_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_6_602_180_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{8D8763AB-E93B-4812-964E-F04E0008FD50}\Version]
@Denied: (A) (Everyone)
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_6_602_180.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.11"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_6_602_180.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_6_602_180.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_6_602_180.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\software\McAfee]
"SymbolicLinkValue"=hex(6):5c,00,72,00,65,00,67,00,69,00,73,00,74,00,72,00,79,
   00,5c,00,6d,00,61,00,63,00,68,00,69,00,6e,00,65,00,5c,00,53,00,6f,00,66,00,\
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Office\Common\Smart Tag\Actions\{B7EFF951-E52F-45CC-9EF7-57124F2177CC}]
@Denied: (A) (Everyone)
"Solution"="{15727DE6-F92D-4E46-ACB4-0E2C58B31A18}"
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Schema Library\ActionsPane3]
@Denied: (A) (Everyone)
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Schema Library\ActionsPane3\0]
"Key"="ActionsPane3"
"Location"="c:\\Program Files (x86)\\Common Files\\Microsoft Shared\\VSTO\\ActionsPane3.xsd"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Heure de fin: 2013-04-13  17:52:24
ComboFix-quarantined-files.txt  2013-04-13 15:52
ComboFix2.txt  2013-04-09 15:29
.
Avant-CF: 112 578 502 656 octets libres
Après-CF: 114 558 959 616 octets libres
.
- - End Of File - - 7EFACBECD0149CD5A0B3C7AB71B209D0
 

***************************************************************************************************************************************************************************************************************************************************

 

 Results of screen317's Security Check version 0.99.62  
 Windows 7 Service Pack 1 x64 (UAC is disabled!)  
 Internet Explorer 9  
``````````````Antivirus/Firewall Check:``````````````
Microsoft Security Essentials   
  (On Access scanning disabled!)
 Error obtaining update status for antivirus!  
`````````Anti-malware/Other Utilities Check:`````````
 Out of date HijackThis  installed!
 Spybot - Search & Destroy
 Norton Ghost    
 HijackThis 2.0.2    
 Java 7 Update 17  
 Adobe Flash Player 11.6.602.180  
 Adobe Reader 10.1.6 Adobe Reader out of Date!  
 Mozilla Firefox 19.0.2 Firefox out of Date!  
````````Process Check: objlist.exe by Laurent````````  
 Microsoft Security Essentials MSMpEng.exe
 Spybot Teatimer.exe is disabled!
 Sony VAIOCA~1 Iolo IOLOTO~1.EXE
`````````````````System Health check`````````````````
 Total Fragmentation on Drive C: =
````````````````````End of Log``````````````````````
 

 

 

***************************************************************************************************************************************************************************************************************************************************

 

 

# AdwCleaner v2.200 - Rapport créé le 13/04/2013 à 17:57:58
# Mis à jour le 02/04/2013 par Xplode
# Système d'exploitation : Windows 7 Ultimate Service Pack 1 (64 bits)
# Nom d'utilisateur : Eric CARIOU - DIR1
# Mode de démarrage : Normal
# Exécuté depuis : C:\Users\Eric CARIOU\Desktop\adwcleaner.exe
# Option [Suppression]


***** [Services] *****


***** [Fichiers / Dossiers] *****

Dossier Supprimé : C:\ProgramData\APN
Dossier Supprimé : C:\Users\Eric CARIOU\AppData\Roaming\OpenCandy

***** [Registre] *****

Clé Supprimée : HKLM\Software\Classes\Installer\Features\90C64EA18BA25EE488BF80DCF07F2FFD
Clé Supprimée : HKLM\Software\Classes\Installer\Products\90C64EA18BA25EE488BF80DCF07F2FFD

***** [Navigateurs] *****

-\\ Internet Explorer v10.0.9200.16537

[OK] Le registre ne contient aucune entrée illégitime.

-\\ Mozilla Firefox v19.0.2 (fr)

Fichier : C:\Users\Eric CARIOU\AppData\Roaming\Mozilla\Firefox\Profiles\oagrga6b.default\prefs.js

[OK] Le fichier ne contient aucune entrée illégitime.

*************************

AdwCleaner[S1].txt - [1071 octets] - [13/04/2013 17:57:58]

########## EOF - C:\AdwCleaner[S1].txt - [1131 octets] ##########
 



#4 nasdaq

nasdaq

  • Malware Response Team
  • 39,179 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:07:54 PM

Posted 13 April 2013 - 12:26 PM

I suggest your remove HijackThis 2.0.2 using the Add/Remove Programs list.
This tool is not reporting Windows 7 data correctly.
===

Critical vulnerabilities have been identified in old version of Adobe Flash Player please get the latest version.

Summary: Adobe has released security updates for Adobe Flash Player 11.6.602.180 and earlier versions for Windows and Macintosh, Adobe Flash Player 11.2.202.275 and earlier versions for Linux, Adobe Flash Player 11.1.115.48 and earlier versions for Android 4.x, and Adobe Flash Player 11.1.111.44 and earlier versions for Android 3.x and 2.x. These updates address vulnerabilities that could cause a crash and potentially allow an attacker to take control of the affected system.

Get the latest Flash Player

On the top of the page you will be given an opportunity to download the version for your operating system.
Make sure you select appropriate version.

You will also have an option to install the Free! McAfee Security Scan Plus Un-check the box if you are NOT using McAfee's virus protection software.

For the users of Internet Explorer download version 11.
Flash Player 11 (64 bit)
Flash Player 11 (32 bit)
===


Get the latest version of the Adobe Reader.
http://get.adobe.com/reader/
Before your download I suggest you unckeck the box on the top right "Yes, install McAfee Security Scan Plus - optional" this is not required if you are not a McAfee subscriber. While the installation is in progress you can also deny the installation of any other programs that may be suggested.

When installed remove your old version of the Reader using the Add/Remove Programs applet if present.
===

I'd like us to scan your machine with ESET OnlineScan
  • Hold down Control and click on the following link to open ESET OnlineScan in a new window.
    ESET OnlineScan
  • Click the esetOnline.png button.
  • For alternate browsers only: (Microsoft Internet Explorer users can skip these steps)
    • Click on esetSmartInstall.png to download the ESET Smart Installer. Save it to your desktop.
    • Double click on the esetSmartInstallDesktopIcon.png icon on your desktop.
  • Check esetAcceptTerms.png
  • Click the esetStart.png button.
  • Accept any security warnings from your browser.
  • Check esetScanArchives.png
  • Push the Start button.
  • ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
  • When the scan completes, push esetListThreats.png
  • Push esetExport.png, and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.
  • Push the esetBack.png button.
  • Push the esetFinish.png button.
  • Please let me know what problem persists.


#5 ERIC78450

ERIC78450
  • Topic Starter

  • Members
  • 20 posts
  • OFFLINE
  •  
  • Local time:01:54 AM

Posted 13 April 2013 - 01:22 PM

I removed HijackThis 2.0.2 using add/remove program list.

I removed Flashplayer and reinstalled the latest version.

I remvoed AbodeReader and reinstalled the latest version.

 

The ESET scanner is in progress (28%) ...


Please note that viruses are rarely detected on my C: drive but systematically on the D: drive after a "windows backup" operation (the d: drive is used for backup purpose only).

Viruses can be easily removed from the D: drive but they reappear after a new backup.

I tried several scanners like McAfee Total Protection, Panda, Sophos ... none of them have been able to cure my system !

I also created this morning a BitDefender rescue CD (based on the Linux OS) but it wasn't able to my SSD drive, unfortunately.

I'm fighting against the viruses for more than 3 weeks now, I encountered many blue screens ... the integrated system recovery doesn't work anymore except in the safe mode !


I'm desperate !!!!

 

Thank you very much for your time, it much appreciated



#6 ERIC78450

ERIC78450
  • Topic Starter

  • Members
  • 20 posts
  • OFFLINE
  •  
  • Local time:01:54 AM

Posted 14 April 2013 - 04:42 AM

Here is the ESET report ... virus have been found on my C: drive !!!

 

C:\Users\Eric CARIOU\AppData\Local\Downloaded Installations\{38851BED-A515-4C46-A53E-39F18B17086C}\PCmover Professional.msi    multiple threats
C:\Users\Eric CARIOU\AppData\Local\Downloaded Installations\{4EADC25D-0F6F-4CED-A9DD-9497D1F8E3B1}\PCmover Professional.msi    a variant of Win32/PSWTool.PWDump.A application
C:\Users\Eric CARIOU\AppData\Local\Downloaded Installations\{D35612EE-BE8F-42CB-99F6-23964015DF5A}\PCmover.msi    a variant of Win32/PSWTool.PWDump.A application
C:\Users\Eric CARIOU\Documents\Programmes d'installation divers\coretemp_1236.exe    probably a variant of Win32/InstallIQ application
C:\Users\Eric CARIOU\Documents\Programmes d'installation divers\dexpot_ivy_r1928.exe    Win32/OpenCandy application
C:\Windows\Installer\18a659.msi    multiple threats


D:\DIR1\Backup Set 2013-04-09 220001\Backup Files 2013-04-09 220001\Backup files 31.zip    multiple threats
D:\DIR1\Backup Set 2013-04-09 220001\Backup Files 2013-04-09 220001\Backup files 34.zip    Java/Exploit.Agent.NSE trojan
D:\DIR1\Backup Set 2013-04-09 220001\Backup Files 2013-04-09 220001\Backup files 56.zip    multiple threats



#7 nasdaq

nasdaq

  • Malware Response Team
  • 39,179 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:07:54 PM

Posted 14 April 2013 - 09:25 AM

Please download Flash_Disinfector.exe by sUBs and save it to your desktop.
  • Double-click Flash_Disinfector.exe to run it and follow any prompts that may appear.
  • The utility may ask you to insert your flash drive and/or other removable drives. Please do so and allow the utility to clean up those drives as well.
  • Hold down the Shift key when inserting the drive until Windows detects it to keep autorun.inf from executing if it is present.
  • Wait until it has finished scanning and then exit the program.
  • Reboot your computer when done.
Note: As part of its routine, Flash_Disinfector will create a hidden folder named autorun.inf in each partition and every USB drive that was plugged in when you ran it. Do not delete this folder...it will help protect your drives from future infection by keeping the autorun file from being installed on the root drive and running other malicious files.

#8 ERIC78450

ERIC78450
  • Topic Starter

  • Members
  • 20 posts
  • OFFLINE
  •  
  • Local time:01:54 AM

Posted 14 April 2013 - 11:58 AM

I launched Flash_Disinfector.exe and no hidden folder was created on my USB drive ????

In fact nothing happens when I launch Flash_Disinfector.exe ... no prompt, no folder created (of course I changed my file display option to see hidden files).



#9 nasdaq

nasdaq

  • Malware Response Team
  • 39,179 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:07:54 PM

Posted 14 April 2013 - 12:15 PM

Have you now tried to run a virus scan on the USB drive?

#10 ERIC78450

ERIC78450
  • Topic Starter

  • Members
  • 20 posts
  • OFFLINE
  •  
  • Local time:01:54 AM

Posted 14 April 2013 - 12:23 PM

Bonjour Nasdaq,

 

Parles-tu Français, je vois que tu es basé à Montréal ?

 

Yes I scanned several time my D: Drive with Microsoft Essentials ... viruses are found after a Windows Backup !

I can delete the viruses but they reappear after a new backup !

 

I encountered a new blue screen today and the situation is worst than before :

 

When starting windows in the safe mode I have also a blue screen !

Fortunately I created a windows recovery CD yesterday so I was able to restore my system ...



#11 nasdaq

nasdaq

  • Malware Response Team
  • 39,179 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:07:54 PM

Posted 14 April 2013 - 01:43 PM

Oui je parle le Français.

viruses are found after a Windows Backup !

Can you post the file(s) that MSE identifies as bad?

Please run the DDS tool and post the Attach.txt log we may be able to identify the reason for the BSOD.

#12 ERIC78450

ERIC78450
  • Topic Starter

  • Members
  • 20 posts
  • OFFLINE
  •  
  • Local time:01:54 AM

Posted 14 April 2013 - 02:07 PM

Je vais alors continuer en Français si ça ne te dérange pas, c'est un peu plus facile pour moi !

Je n'ai pas de liste texte des virus trouvés, je n'ai qu'un copie d'écran mais je ne trouve pas comment attacher un fichier image.

 

D'autre part j'ai essayé de booter avec le Rescue CD Linux de BitDefender et malheureusement il ne trouve pas mon disque C: qui est en SSD.

J'ai tenté la même opération avec le Rescue CD AVIRA et idem, il ne trouve pas mon disque SSD !!!

 

Merci de me dire comment joindre un fichier comme cela tu pourra voir la liste des virus trouvés par MSE.

 

Il y a notamment obfuscator qui explique peut-être que les virus ne soient pas détectés, il y a également des virus téléchargeurs d'autres virus ... c'est la panoplie complète !!!


Edited by ERIC78450, 14 April 2013 - 02:08 PM.


#13 ERIC78450

ERIC78450
  • Topic Starter

  • Members
  • 20 posts
  • OFFLINE
  •  
  • Local time:01:54 AM

Posted 14 April 2013 - 02:20 PM

Et voici les rapports DDS :

 

DDS (Ver_2012-11-20.01) - NTFS_AMD64
Internet Explorer: 10.0.9200.16537  BrowserJavaVersion: 10.17.2
Run by Eric CARIOU at 21:19:08 on 2013-04-14
Microsoft Windows 7 Édition Intégrale   6.1.7601.1.1252.33.1036.18.8089.4925 [GMT 2:00]
.
AV: Microsoft Security Essentials *Enabled/Updated* {3F839487-C7A2-C958-E30C-E2825BA31FB5}
SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: Microsoft Security Essentials *Enabled/Updated* {84E27563-E198-C6D6-D9BC-D9F020245508}
.
============== Running Processes ===============
.
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Program Files\AuthenTec TrueSuite\TrueSuiteService.exe
C:\Windows\system32\svchost.exe -k RPCSS
C:\Program Files\Microsoft Security Client\MsMpEng.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k GPSvcGroup
C:\Program Files\Logitech\SolarApp\L4301_Solar.exe
C:\Program Files\Common Files\Logishrd\Bluetooth\LBTServ.exe
C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe
C:\Program Files (x86)\Common Files\EgisTec\Services\EgisTicketService.exe
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k WbioSvcGroup
C:\Program Files (x86)\Sony\VAIO Boot Manager\ActiveDelayDeviceService.exe
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files (x86)\Microsoft\BingDesktop\BingDesktopUpdater.exe
C:\Program Files (x86)\Intel\Bluetooth\devmonsrv.exe
C:\Windows\system32\WLANExt.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Windows\system32\svchost.exe -k bthsvcs
C:\Program Files\Intel\WiFi\bin\EvtEng.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files (x86)\Huawei\Gobi\GobiQDLService\GobiQDLService.exe
C:\Program Files\Intel\iCLS Client\HeciServer.exe
C:\Program Files (x86)\Intel\Intel® Management Engine Components\FWService\IntelMeFWService.exe
C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe
C:\Program Files\LaCie\Desktop Manager\lacie_dm_service.exe
C:\Program Files\Common Files\Nitro\Pro\8.0\NitroPDFDriverService8x64.exe
C:\Windows\SysWOW64\NLSSRV32.EXE
C:\Program Files (x86)\Norton Ghost\Agent\VProSvc.exe
C:\Program Files (x86)\LenovoEMC Storage Manager\pCloudd.exe
C:\Program Files\Iomega\QuikProtect\QpMonitor.exe
C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files (x86)\Sierra Wireless Inc\QMIPackage\Utils\SWIService.exe
C:\Program Files (x86)\TwonkyMedia\twonkymediaserverwatchdog.exe
C:\Program Files (x86)\TwonkyMedia\twonkywebdav.exe
C:\Program Files (x86)\Sony\VAIO Control Center\VESMgr.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Program Files (x86)\Sony\VAIO Control Center\VESMgrSub.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Program Files (x86)\Sony\VAIO Control Center\VESMgrSub.exe
C:\Program Files (x86)\OneClickInternet\WTGService.exe
C:\Windows\SysWOW64\DllHost.exe
C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe
C:\Program Files (x86)\Intel\Bluetooth\obexsrv.exe
C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\SysWOW64\DllHost.exe
C:\Program Files\Microsoft Security Client\NisSrv.exe
C:\Windows\System32\vds.exe
C:\Program Files (x86)\Norton Ghost\Shared\Drivers\SymSnapServicex64.exe
C:\Windows\system32\taskhost.exe
C:\Windows\system32\taskeng.exe
C:\Program Files (x86)\Sony\VAIO Control Center\VESGfxMgr.exe
C:\Windows\system32\igfxext.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\igfxsrvc.exe
C:\Program Files\Core Temp\Core Temp.exe
C:\Windows\system32\Dwm.exe
C:\Program Files\AuthenTec TrueSuite\TouchControl.exe
C:\Windows\Explorer.EXE
C:\Program Files\AuthenTec TrueSuite\BioMonitor.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
C:\Program Files\BOINC\boinctray.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Microsoft Security Client\msseces.exe
C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe
C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files (x86)\Skype\Phone\Skype.exe
C:\Program Files\BOINC\boincmgr.exe
C:\Program Files\Logitech\SetPoint\LBTWiz.exe
C:\Program Files\Logitech\SetPoint\SetPoint.exe
C:\Program Files (x86)\palmOne\HOTSYNC.EXE
C:\Program Files (x86)\OpenVPN\bin\openvpn-gui-1.0.3.exe
C:\Program Files\Spamihilator\spamihilator.exe
C:\Windows\System32\taskmgr.exe
C:\Program Files\BOINC\boinc.exe
C:\Program Files\Iomega\Quikprotect\QuikProtect.exe
C:\PROGRAM FILES\SYNAPTICS\SYNTP\SYNTPHELPER.EXE
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Program Files (x86)\Norton Ghost\Agent\VProTray.exe
C:\Program Files (x86)\EgisTec IPS\PmmUpdate.exe
C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe
C:\Program Files (x86)\AirPort\APAgent.exe
C:\Program Files (x86)\CyberLink\Shared files\brs.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\Program Files\Logitech\SetPoint\x86\SetPoint32.exe
C:\Program Files\Common Files\Logishrd\KHAL2\KHALMNPR.EXE
C:\Windows\system32\SearchIndexer.exe
C:\Program Files (x86)\EgisTec MyWinLocker\MWLTSR.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Program Files (x86)\EgisTec IPS\EgisUpdate.exe
C:\Program Files\Sony\VAIO Smart Network\VSNService.exe
C:\Program Files\Sony\VAIO Smart Network\VSNClient.exe
C:\Program Files (x86)\OpenVPN\bin\openvpn.exe
C:\Program Files\Sony\VAIO Power Management\SPMgr.exe
C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe
C:\Program Files (x86)\Microsoft Office\Office14\OUTLOOK.EXE
C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
C:\Program Files\Intel\BluetoothHS\BTHSAmpPalService.exe
C:\Program Files\Intel\BluetoothHS\BTHSSecurityMgr.exe
C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe
C:\Program Files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe
C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
C:\Program Files\Sony\VAIO Care\VCPerfService.exe
C:\Program Files\Sony\VAIO Care\listener.exe
C:\Program Files\Sony\VAIO Power Management\SPMService.exe
C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
C:\Program Files\Sony\VAIO Improvement\vim.exe
C:\Program Files\Sony\VAIO Improvement\vim.exe
C:\Program Files\Sony\VAIO Care\VCSystemTray.exe
C:\Program Files\Sony\VAIO Update\VUAgent.exe
C:\Windows\system32\svchost.exe -k SDRSVC
C:\Program Files\Sony\VAIO Care\VCService.exe
C:\Program Files (x86)\Microsoft\BingBar\7.1.391.0\SeaPort.exe
C:\Program Files\Sony\VAIO Care\VCAgent.exe
C:\Program Files (x86)\Mozilla Firefox\firefox.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\System32\cscript.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://vaioportal.sony.eu
uProxyOverride = <local>
BHO: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO: Java™ Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll
BHO: TrueSuite Website Log On: {8590886E-EC8C-43C1-A32C-E4C2B0B6395B} - C:\Program Files\AuthenTec TrueSuite\x86\IEBHO.dll
BHO: Programme d'aide de l'Assistant de connexion Windows Live ID: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO: Adobe PDF Conversion Toolbar Helper: {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL
BHO: Bing Bar Helper: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files (x86)\Microsoft\BingBar\7.1.391.0\BingExt.dll
BHO: Java™ Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll
BHO: SmartSelect Class: {F4971EE7-DAA0-4053-9964-665D8EE6A077} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
TB: Adobe PDF: {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
TB: Adobe PDF: {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
TB: SYSTRAN Toolbar: {2a93ced7-6418-4594-bd8a-007c7fe99612} -
TB: Bing Bar: {8dcb7100-df86-4384-8842-8fa844297b3f} -
uRun: [iCloudServices] C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe
uRun: [ApplePhotoStreams] C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe
uRun: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
uRun: [Skype] "C:\Program Files (x86)\Skype\Phone\Skype.exe" /minimized /regrun
uRun: [boincmgr] "C:\Program Files\BOINC\boincmgr.exe" /a /s
mRun: [Norton Ghost 15.0] "C:\Program Files (x86)\Norton Ghost\Agent\VProTray.exe"
mRun: [EgisTecPMMUpdate] "C:\Program Files (x86)\EgisTec IPS\PmmUpdate.exe"
mRun: [EgisUpdate] "C:\Program Files (x86)\EgisTec IPS\EgisUpdate.exe" -d
mRun: [MWLTSR] C:\Program Files (x86)\EgisTec MyWinLocker\MWLTSR.exe /run
mRun: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
mRun: [AirPort Base Station Agent] "C:\Program Files (x86)\AirPort\APAgent.exe"
mRun: [BDRegion] C:\Program Files (x86)\Cyberlink\Shared files\brs.exe
mRun: [IAStorIcon] C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIconLaunch.exe "C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe" 60
mRun: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
mRun: [Adobe Acrobat Speed Launcher] "C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Acrobat_sl.exe"
mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
dRunOnce: [IsMyWinLockerReboot] msiexec.exe /qn /x{voidguid}
StartupFolder: C:\Users\ERICCA~1\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\HOTSYN~1.LNK - C:\Program Files (x86)\palmOne\HOTSYNC.EXE
StartupFolder: C:\Users\ERICCA~1\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\OPENVP~1.LNK - C:\Program Files (x86)\OpenVPN\bin\openvpn-gui-1.0.3.exe
StartupFolder: C:\Users\ERICCA~1\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\SPAMIH~1.LNK - C:\Program Files\Spamihilator\spamihilator.exe
StartupFolder: C:\Users\ERICCA~1\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\TASKMG~1.LNK - C:\Windows\System32\taskmgr.exe
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\LOGITE~1.LNK - C:\Program Files\Logitech\SetPoint\SetPoint.exe
uPolicies-Explorer: NoDrives = dword:0
mPolicies-Explorer: NoWelcomeScreen = dword:1
mPolicies-Explorer: NoDrives = dword:0
mPolicies-System: ConsentPromptBehaviorAdmin = dword:0
mPolicies-System: ConsentPromptBehaviorUser = dword:3
mPolicies-System: EnableLUA = dword:0
mPolicies-System: EnableUIADesktopToggle = dword:0
mPolicies-System: PromptOnSecureDesktop = dword:0
mPolicies-Windows\System: UseOEMBackground = dword:1
IE: &Envoyer à OneNote - C:\PROGRA~2\MICROS~2\Office14\ONBttnIE.dll/105
IE: Ajouter la cible du lien à un fichier PDF existant - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Ajouter à un fichier PDF existant - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppend.html
IE: Consulter les dictionnaires (SYSTRAN) - C:\Program Files (x86)\SYSTRAN\Desktop\\GUIres.dll/lookup.js
IE: Convertir au format Adobe PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECapture.html
IE: Convertir la cible du lien au format Adobe PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: E&xporter vers Microsoft Excel - C:\PROGRA~2\MICROS~2\Office14\EXCEL.EXE/3000
IE: Traduire (SYSTRAN) - C:\Program Files (x86)\SYSTRAN\Desktop\\GUIres.dll/translate.js
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll
IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
IE: {A95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\Program Files (x86)\Evernote\Evernote\EvernoteIE.dll/204
.
INFO: HKCU has more than 50 listed domains.
If you wish to scan all of them, select the 'Force scan all domains' option.
.
.
INFO: HKLM has more than 50 listed domains.
   If you wish to scan all of them, select the 'Force scan all domains' option.
.
DPF: {CF84DAC5-A4F5-419E-A0BA-C01FFD71112F} - hxxp://content.systemrequirementslab.com.s3.amazonaws.com/global/bin/srldetect_intel_4.5.13.0.cab
TCP: NameServer = 192.168.1.35
TCP: Interfaces\{41D72894-860E-4A86-8DB9-0A75905C019A} : NameServer = 8.8.8.8,8.8.4.4,4.2.2.1,4.2.2.2,208.67.222.222,208.67.220.220,8.26.56.26,8.20.247.20,156.154.70.1,156.154.71.1
TCP: Interfaces\{962D1B4F-E1B9-4857-B375-BC69196810CD} : DHCPNameServer = 192.168.0.254
TCP: Interfaces\{962D1B4F-E1B9-4857-B375-BC69196810CD}\2656C6B696E6E2268303E2537484A7 : DHCPNameServer = 192.168.2.1
TCP: Interfaces\{962D1B4F-E1B9-4857-B375-BC69196810CD}\2656C6B696E6E2732636 : DHCPNameServer = 192.168.2.1
TCP: Interfaces\{962D1B4F-E1B9-4857-B375-BC69196810CD}\45F4755425 : DHCPNameServer = 10.0.255.254
TCP: Interfaces\{962D1B4F-E1B9-4857-B375-BC69196810CD}\75966496F55434F547 : DHCPNameServer = 192.168.2.1
TCP: Interfaces\{962D1B4F-E1B9-4857-B375-BC69196810CD}\75966496F55434F55374 : DHCPNameServer = 192.168.2.1
TCP: Interfaces\{C114F508-4967-4D94-8BB0-6A032259E414} : NameServer = 192.168.1.35
TCP: Interfaces\{D8C73534-93F6-4D25-9600-1D3AFC394CDC} : DHCPNameServer = 192.168.1.35
Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll
Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
SSODL: WebCheck - <orphaned>
x64-BHO: Java™ Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll
x64-BHO: TrueSuite Website Log On: {8590886E-EC8C-43C1-A32C-E4C2B0B6395B} - C:\Program Files\AuthenTec TrueSuite\IEBHO.dll
x64-BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
x64-BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL
x64-BHO: Java™ Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll
x64-Run: [RtHDVBg_Dolby] C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe /FORPCEE4
x64-Run: [RtHDVBg] C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe /SONYAPO
x64-Run: [QuiKProtect] C:\Program Files\Iomega\QuikProtect\StartQuikProtect.exe
x64-Run: [boinctray] "C:\Program Files\BOINC\boinctray.exe"
x64-Run: [SynTPEnh] C:\Program Files (x86)\Synaptics\SynTP\SynTPEnh.exe
x64-Run: [Kernel and Hardware Abstraction Layer] KHALMNPR.EXE
x64-Run: [LaCie Desktop Manager Launcher] "C:\Program Files\LaCie\Desktop Manager\lacie_launcherd.exe"
x64-Run: [MSC] "C:\Program Files\Microsoft Security Client\msseces.exe" -hide -runkey
x64-IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll
x64-IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
.
INFO: x64-HKLM has more than 50 listed domains.
   If you wish to scan all of them, select the 'Force scan all domains' option.
.
x64-Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
x64-Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - <orphaned>
x64-Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - <orphaned>
x64-Notify: igfxcui - igfxdev.dll
x64-Notify: LBTWlgn - c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll
x64-SSODL: WebCheck - <orphaned>
.
================= FIREFOX ===================
.
FF - ProfilePath - C:\Users\Eric CARIOU\AppData\Roaming\Mozilla\Firefox\Profiles\oagrga6b.default\
FF - prefs.js: browser.startup.homepage - hxxps://news.google.fr/news?pz=1&zx=dravv379l1x4&ned=fr&hl=fr&q
FF - plugin: C:\PROGRA~2\MICROS~2\Office14\NPAUTHZ.DLL
FF - plugin: C:\PROGRA~2\MICROS~2\Office14\NPSPWRAP.DLL
FF - plugin: C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Air\nppdf32.dll
FF - plugin: C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll
FF - plugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll
FF - plugin: C:\Program Files (x86)\Google\Update\1.3.21.135\npGoogleUpdate3.dll
FF - plugin: C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIIPT.dll
FF - plugin: C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIUpdater.dll
FF - plugin: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll
FF - plugin: c:\Program Files (x86)\Microsoft Silverlight\5.1.20125.0\npctrlui.dll
FF - plugin: C:\Program Files (x86)\Nitro\Pro 8\npdf.dll
FF - plugin: C:\Program Files (x86)\Nitro\Pro 8\npnitroie.dll
FF - plugin: C:\Program Files (x86)\Nitro\Pro 8\npnitromozilla.dll
FF - plugin: C:\Program Files (x86)\Sony\Media Go\npmediago.dll
FF - plugin: C:\Program Files (x86)\Sony\PLAYSTATION Network Downloader\nppsndl.dll
FF - plugin: C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\0\NP_wtapp.dll
FF - plugin: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
FF - plugin: C:\Users\Eric CARIOU\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll
FF - plugin: C:\Windows\System32\Wat\npWatWeb.dll
FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_7_700_169.dll
FF - plugin: C:\Windows\SysWOW64\npDeployJava1.dll
FF - plugin: C:\Windows\SysWOW64\npmproxy.dll
FF - ExtSQL: 2013-04-14 12:54; webbooster@iminent.com; C:\Program Files (x86)\Iminent\webbooster@iminent.com
.
============= SERVICES / DRIVERS ===============
.
R0 iaStorA;iaStorA;C:\Windows\System32\drivers\iaStorA.sys [2012-12-29 647736]
R0 iaStorF;iaStorF;C:\Windows\System32\drivers\iaStorF.sys [2012-12-29 28216]
R0 iusb3hcs;Pilote de commutateur de contrôleur d'hôte Intel® USB 3.0;C:\Windows\System32\drivers\iusb3hcs.sys [2012-3-12 16152]
R0 MpFilter;Microsoft Malware Protection Driver;C:\Windows\System32\drivers\MpFilter.sys [2013-1-20 230320]
R0 mv61xx;mv61xx;C:\Windows\System32\drivers\mv61xx.sys [2012-4-25 182576]
R0 PxHlpa64;PxHlpa64;C:\Windows\System32\drivers\PxHlpa64.sys [2012-9-17 55952]
R1 mwlPSDFilter;mwlPSDFilter;C:\Windows\System32\drivers\mwlPSDFilter.sys [2012-10-30 22912]
R1 mwlPSDNServ;mwlPSDNServ;C:\Windows\System32\drivers\mwlPSDNserv.sys [2012-10-30 20328]
R1 mwlPSDVDisk;mwlPSDVDisk;C:\Windows\System32\drivers\mwlPSDVDisk.sys [2012-10-30 62584]
R2 ActiveDelayDeviceService;ActiveDelayDeviceService;C:\Program Files (x86)\Sony\VAIO Boot Manager\ActiveDelayDeviceService.exe [2012-9-17 78472]
R2 AMPPALR3;Intel® Centrino® Wireless Bluetooth® + High Speed Service;C:\Program Files\Intel\BluetoothHS\BTHSAmpPalService.exe [2012-12-8 753704]
R2 BingDesktopUpdate;Bing Desktop Update service;C:\Program Files (x86)\Microsoft\BingDesktop\BingDesktopUpdater.exe [2013-3-7 168536]
R2 Bluetooth Device Monitor;Bluetooth Device Monitor;C:\Program Files (x86)\Intel\Bluetooth\devmonsrv.exe [2011-12-19 1014096]
R2 Bluetooth OBEX Service;Bluetooth OBEX Service;C:\Program Files (x86)\Intel\Bluetooth\obexsrv.exe [2011-12-19 1104208]
R2 BTHSSecurityMgr;Intel® Centrino® Wireless Bluetooth® + High Speed Security Service;C:\Program Files\Intel\BluetoothHS\BTHSSecurityMgr.exe [2012-9-12 135984]
R2 EgisTec Ticket Service;EgisTec Ticket Service;C:\Program Files (x86)\Common Files\EgisTec\Services\EgisTicketService.exe [2010-11-9 172912]
R2 FPLService;TrueSuiteService;C:\Program Files\AuthenTec TrueSuite\TrueSuiteService.exe [2012-2-20 300360]
R2 GobiQDLService;Qualcomm Gobi Anywhere Download Service;C:\Program Files (x86)\Huawei\Gobi\GobiQDLService\GobiQDLService.exe [2012-9-17 318464]
R2 IAStorDataMgrSvc;Intel® Rapid Storage Technology;C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe [2012-4-26 13592]
R2 IconMan_R;IconMan_R;C:\Program Files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe [2013-3-21 2429544]
R2 Intel® Capability Licensing Service Interface;Intel® Capability Licensing Service Interface;C:\Program Files\Intel\iCLS Client\HeciServer.exe [2012-2-2 628448]
R2 Intel® ME Service;Intel® ME Service;C:\Program Files (x86)\Intel\Intel® Management Engine Components\FWService\IntelMeFWService.exe [2012-9-17 127320]
R2 jhi_service;Intel® Dynamic Application Loader Host Interface Service;C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\Jhi_service.exe [2012-9-17 162648]
R2 L4301_Solar;Logitech Solar Keyboard Service;C:\Program Files\Logitech\SolarApp\L4301_Solar.exe [2010-10-26 403536]
R2 LaCieDesktopManagerService;LaCieDesktopManagerService;C:\Program Files\LaCie\Desktop Manager\lacie_dm_service.exe [2013-3-31 1379840]
R2 NisDrv;Microsoft Network Inspection System;C:\Windows\System32\drivers\NisDrvWFP.sys [2013-1-20 130008]
R2 NitroDriverReadSpool8;NitroPDFDriverCreatorReadSpool8;C:\Program Files\Common Files\Nitro\Pro\8.0\NitroPDFDriverService8x64.exe [2012-10-10 230408]
R2 nlsX86cc;Nalpeiron Licensing Service;C:\Windows\SysWOW64\NLSSRV32.EXE [2012-10-10 69640]
R2 PCloudd;PCloudd;C:\Program Files (x86)\LenovoEMC Storage Manager\pCloudd.exe [2012-12-12 221048]
R2 QPCopyEngine;QPCopyEngine;C:\Program Files\Iomega\Quikprotect\QpMonitor.exe [2010-6-24 394544]
R2 RtkAudioService;Realtek Audio Service;C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe [2012-9-17 199272]
R2 SampleCollector;VAIO Care Performance Service;C:\Program Files\Sony\VAIO Care\VCPerfService.exe [2012-8-6 156672]
R2 SBSDWSCService;SBSD Security Center Service;C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe [2012-10-1 1153368]
R2 SwiService;Sierra Wireless Service;C:\Program Files (x86)\Sierra Wireless Inc\QMIPackage\Utils\SwiService.exe [2012-1-13 152944]
R2 sxuptp;SXUPTP Driver;C:\Windows\System32\drivers\sxuptp.sys [2013-1-23 294400]
R2 TwonkyMedia;TwonkyMedia;C:\Program Files (x86)\TwonkyMedia\twonkymediaserverwatchdog.exe -serviceversion 0 --> C:\Program Files (x86)\TwonkyMedia\twonkymediaserverwatchdog.exe -serviceversion 0 [?]
R2 TwonkyWebDav;TwonkyWebDav;C:\Program Files (x86)\TwonkyMedia\twonkywebdav.exe -start --> C:\Program Files (x86)\TwonkyMedia\twonkywebdav.exe -start [?]
R2 UNS;Intel® Management and Security Application User Notification Service;C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe [2012-9-17 362840]
R2 VAIO Power Management;VAIO Power Management;C:\Program Files\Sony\VAIO Power Management\SPMService.exe [2012-9-17 535688]
R2 VSNService;VSNService;C:\Program Files\Sony\VAIO Smart Network\VSNService.exe [2012-9-17 978056]
R2 WTGService;WTGService;C:\Program Files (x86)\OneClickInternet\WTGService.exe [2012-9-17 342984]
R2 ZeroConfigService;Intel® PROSet/Wireless Zero Configuration Service;C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe [2012-12-3 3386160]
R3 AMPPAL;Carte réseau virtuelle Intel® Centrino® Wireless Bluetooth® + High Speed;C:\Windows\System32\drivers\AmpPal.sys [2012-12-8 163368]
R3 ATSwpWDF;AuthenTec TruePrint WBF Driver;C:\Windows\System32\drivers\ATSwpWDF.sys [2011-8-19 1050016]
R3 BBUpdate;BBUpdate;C:\Program Files (x86)\Microsoft\BingBar\7.1.391.0\SeaPort.EXE [2012-6-11 240208]
R3 btmaux;Intel Bluetooth Auxiliary Service;C:\Windows\System32\drivers\btmaux.sys [2011-12-13 94720]
R3 btmhsf;btmhsf;C:\Windows\System32\drivers\btmhsf.sys [2013-3-23 849408]
R3 GenericMount;Generic Mount Driver;C:\Windows\System32\drivers\GenericMount.sys [2010-2-12 66608]
R3 gobi3kfilter;Qualcomm Gobi 3000 USB Composite Device Filter Driver;C:\Windows\System32\drivers\gobi3kfilter.sys [2012-9-17 34304]
R3 gobi3kmbb;Qualcomm Gobi 3000 USB-NDIS 6.20 miniport;C:\Windows\System32\drivers\gobi3kmbb.sys [2012-9-17 399872]
R3 gobi3kserial;Qualcomm Gobi 3000 USB Device for Legacy Serial Communication;C:\Windows\System32\drivers\gobi3kserial.sys [2012-9-17 233984]
R3 ibtfltcoex;ibtfltcoex;C:\Windows\System32\drivers\iBtFltCoex.sys [2013-3-23 60928]
R3 IntcDAud;Intel® Display Audio;C:\Windows\System32\drivers\IntcDAud.sys [2012-4-25 331264]
R3 intelkmd;intelkmd;C:\Windows\System32\drivers\igdpmd64.sys [2012-4-25 14748416]
R3 iusb3hub;Pilote de concentrateur Intel® USB 3.0;C:\Windows\System32\drivers\iusb3hub.sys [2013-3-16 358456]
R3 iusb3xhc;Pilote du contrôleur d'hôte extensible Intel® USB 3.0;C:\Windows\System32\drivers\iusb3xhc.sys [2013-2-11 791608]
R3 iwdbus;IWD Bus Enumerator;C:\Windows\System32\drivers\iwdbus.sys [2012-2-28 25496]
R3 LEqdUsb;Logitech SetPoint Unifying KMDF USB Filter;C:\Windows\System32\drivers\LEqdUsb.sys [2009-6-17 74256]
R3 LHidEqd;Logitech SetPoint Unifying KMDF HID Filter;C:\Windows\System32\drivers\LHidEqd.sys [2009-6-17 13328]
R3 NisSrv;Inspection du réseau Microsoft;C:\Program Files\Microsoft Security Client\NisSrv.exe [2013-1-27 379360]
R3 QsFsFltr;QsFsFltr;C:\Windows\System32\drivers\QsFsFltr.sys [2010-6-24 22584]
R3 RTL8167;Realtek 8167 NT Driver;C:\Windows\System32\drivers\Rt64win7.sys [2013-2-20 769168]
R3 SFEP;Sony Firmware Extension Parser;C:\Windows\System32\drivers\SFEP.sys [2012-1-16 14336]
R3 SymSnapService;SymSnapService;C:\Program Files (x86)\Norton Ghost\Shared\Drivers\SymSnapServicex64.exe [2010-2-11 2963960]
R3 VCService;VCService;C:\Program Files\Sony\VAIO Care\VCService.exe [2012-10-12 54760]
R3 vNICdrv;Iomega Virtual Miniport;C:\Windows\System32\drivers\vNICdrv.sys [2012-9-9 20048]
R3 VUAgent;VUAgent;C:\Program Files\Sony\VAIO Update\VUAgent.exe [2012-12-29 1286784]
S2 BBSvc;BingBar Service;C:\Program Files (x86)\Microsoft\BingBar\7.1.391.0\BBSvc.EXE [2012-6-11 193616]
S2 CLKMSVC10_9EC60124;CyberLink Product - 2013/01/19 10:30:27;C:\Program Files (x86)\CyberLink\PowerDVD9\NavFilter\kmsvc.exe [2012-6-29 243728]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
S2 SkypeUpdate;Skype Updater;C:\Program Files (x86)\Skype\Updater\Updater.exe [2013-1-8 161536]
S3 AceecaUSBDx64;AceecaUSBDx64;C:\Windows\System32\drivers\AceecaUSBDx64.sys [2011-4-5 66552]
S3 AMPPALP;Protocole Intel® Centrino® Wireless Bluetooth® + High Speed;C:\Windows\System32\drivers\AmpPal.sys [2012-12-8 163368]
S3 AtiHDAudioService;AMD Function Driver for HD Audio Service;C:\Windows\System32\drivers\AtihdW76.sys [2012-4-25 96896]
S3 Bluetooth Media Service;Bluetooth Media Service;C:\Program Files (x86)\Intel\Bluetooth\mediasrv.exe [2011-12-19 1304912]
S3 cpudrv64;cpudrv64;C:\Program Files (x86)\SystemRequirementsLab\cpudrv64.sys [2011-6-2 17864]
S3 dmvsc;dmvsc;C:\Windows\System32\drivers\dmvsc.sys [2010-11-21 71168]
S3 GamesAppService;GamesAppService;C:\Program Files (x86)\WildTangent Games\App\GamesAppService.exe [2010-10-12 206072]
S3 GenericMount Helper Service;GenericMount Helper Service;C:\Program Files (x86)\Norton Ghost\Shared\Drivers\GenericMountHelperx64.exe [2010-2-12 2227216]
S3 intaud_WaveExtensible;Intel WiDi Audio Device;C:\Windows\System32\drivers\intelaud.sys [2012-2-28 34232]
S3 MyWiFiDHCPDNS;Wireless PAN DHCP Server;C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe [2012-12-3 272176]
S3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;C:\Windows\System32\drivers\rdpvideominiport.sys [2012-10-24 19456]
S3 RSPCIESTOR;Realtek PCIE CardReader Driver;C:\Windows\System32\drivers\RtsPStor.sys [2012-12-29 340112]
S3 Sony PC Companion;Sony PC Companion;C:\Program Files (x86)\Sony\Sony PC Companion\PCCService.exe [2012-11-20 155824]
S3 Symantec SymSnap VSS Provider;Symantec SymSnap VSS Provider;C:\Windows\System32\dllhost.exe [2009-7-14 9728]
S3 Synth3dVsc;Synth3dVsc;C:\Windows\System32\drivers\Synth3dVsc.sys [2010-11-21 88960]
S3 tapoas;TAP-Win32 Adapter OAS;C:\Windows\System32\drivers\tapoas.sys [2012-7-15 30720]
S3 terminpt;Microsoft Remote Desktop Input Driver;C:\Windows\System32\drivers\terminpt.sys [2012-10-24 29696]
S3 TsUsbFlt;TsUsbFlt;C:\Windows\System32\drivers\TsUsbFlt.sys [2012-10-24 57856]
S3 TsUsbGD;Remote Desktop Generic USB Device;C:\Windows\System32\drivers\TsUsbGD.sys [2012-10-24 30208]
S3 tsusbhub;tsusbhub;C:\Windows\System32\drivers\tsusbhub.sys [2010-11-21 117248]
S3 USBAAPL64;Apple Mobile USB Driver;C:\Windows\System32\drivers\usbaapl64.sys [2012-12-13 54784]
S3 VBoxUSB;VirtualBox USB;C:\Windows\System32\drivers\VBoxUSB.sys [2012-9-13 105816]
S3 vpcuxd;Service stub de virtualisation USB;C:\Windows\System32\drivers\vpcuxd.sys [2012-9-26 16384]
S3 WatAdminSvc;Service Windows Activation Technologies;C:\Windows\System32\Wat\WatAdminSvc.exe [2012-9-26 1255736]
S4 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service; [x]
S4 McComponentHostServiceSony;McAfee Security Scan Component Host Service for Sony;C:\Program Files (x86)\Sony\MSS\3.0.271\McCHSvc.exe [2012-3-30 237328]
S4 wlcrasvc;Windows Live Mesh remote connections service;C:\Program Files\Windows Live\Mesh\wlcrasvc.exe [2010-9-22 57184]
.
=============== Created Last 30 ================
.
2013-04-14 16:34:32    76232    ----a-w-    C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{613F999A-2CEC-4818-AEE0-3E213FC8841E}\offreg.dll
2013-04-14 10:54:28    --------    d-----w-    C:\Program Files (x86)\Iminent
2013-04-14 10:50:29    --------    d-----w-    C:\ProgramData\APN
2013-04-14 10:36:06    9311288    ----a-w-    C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{613F999A-2CEC-4818-AEE0-3E213FC8841E}\mpengine.dll
2013-04-13 17:58:23    9311288    ----a-w-    C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2013-04-13 17:45:14    --------    d-----w-    C:\Program Files (x86)\ESET
2013-04-13 15:59:27    --------    d-sh--w-    C:\$RECYCLE.BIN
2013-04-13 08:01:43    3153408    ----a-w-    C:\Windows\System32\win32k.sys
2013-04-13 08:01:40    223752    ----a-w-    C:\Windows\System32\drivers\fvevol.sys
2013-04-13 08:01:28    6656    ----a-w-    C:\Windows\SysWow64\apisetschema.dll
2013-04-13 08:01:28    5550424    ----a-w-    C:\Windows\System32\ntoskrnl.exe
2013-04-13 08:01:28    43520    ----a-w-    C:\Windows\System32\csrsrv.dll
2013-04-13 08:01:28    3968856    ----a-w-    C:\Windows\SysWow64\ntkrnlpa.exe
2013-04-13 08:01:28    3913560    ----a-w-    C:\Windows\SysWow64\ntoskrnl.exe
2013-04-13 08:01:28    112640    ----a-w-    C:\Windows\System32\smss.exe
2013-04-13 06:49:07    --------    d-----w-    C:\Program Files\Bitdefender
2013-04-12 10:37:07    --------    d-----w-    C:\Program Files\TAP-Windows
2013-04-12 10:37:06    --------    d-----w-    C:\Program Files\OpenVPN
2013-04-11 19:53:24    --------    d-----w-    C:\Program Files (x86)\Panda Security
2013-04-09 15:44:28    5049517    ----a-r-    C:\ComboFix.exe
2013-04-09 14:50:49    98816    ----a-w-    C:\Windows\sed.exe
2013-04-09 14:50:49    256000    ----a-w-    C:\Windows\PEV.exe
2013-04-09 14:50:49    208896    ----a-w-    C:\Windows\MBR.exe
2013-04-07 08:36:32    --------    d-----w-    C:\ProgramData\Sophos
2013-04-05 17:50:49    1085344    ----a-w-    C:\Windows\System32\npDeployJava1.dll
2013-04-05 17:50:45    108448    ----a-w-    C:\Windows\System32\WindowsAccessBridge-64.dll
2013-04-05 17:50:13    861088    ----a-w-    C:\Windows\SysWow64\npDeployJava1.dll
2013-04-05 17:50:09    95648    ----a-w-    C:\Windows\SysWow64\WindowsAccessBridge-32.dll
2013-04-02 19:52:46    972264    ------w-    C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{51A27425-2728-429B-8811-37C4B2829193}\gapaengine.dll
2013-04-02 19:52:04    --------    d-----w-    C:\Program Files (x86)\Microsoft Security Client
2013-04-02 19:52:02    --------    d-----w-    C:\Program Files\Microsoft Security Client
2013-04-02 11:27:28    --------    d-----w-    C:\Program Files (x86)\Citrix
2013-04-02 11:04:08    --------    d-----w-    C:\Users\Eric CARIOU\AppData\Local\Citrix
2013-04-02 06:33:44    --------    d-----w-    C:\Program Files\Common Files\McAfee
2013-04-01 17:33:36    --------    d-----w-    C:\Program Files (x86)\Trend Micro
2013-04-01 16:53:36    --------    d-----w-    C:\Program Files\Enigma Software Group
2013-04-01 16:52:50    --------    d-----w-    C:\Windows\6B6C4C461B7E4A419E70ACFBB22B1D81.TMP
2013-04-01 16:52:49    --------    d-----w-    C:\Program Files (x86)\Common Files\Wise Installation Wizard
2013-03-31 17:39:10    --------    d-----w-    C:\Program Files\LaCie
2013-03-30 11:34:48    118850    ----a-w-    C:\Windows\ctpu.exe
2013-03-30 11:34:32    57344    ----a-w-    C:\Windows\ResENU.dll
2013-03-29 14:15:18    --------    d-----w-    C:\Users\Eric CARIOU\AppData\Local\{0162627F-2036-4F50-8F0D-76ADDD187825}
2013-03-28 17:25:38    --------    d-----w-    C:\Users\Eric CARIOU\AppData\Local\{EEAD3FA2-AE8D-4E1D-B411-5FEB516A2C74}
2013-03-28 16:12:40    --------    d-----w-    C:\Program Files (x86)\Catamount Software
2013-03-23 19:43:36    --------    d-----w-    C:\Users\Eric CARIOU\AppData\Local\Licenses
2013-03-23 19:38:00    --------    d-----w-    C:\ProgramData\TriDef 3D
2013-03-23 19:37:35    --------    d-----w-    C:\ProgramData\DDD
2013-03-23 14:38:18    53248    ----a-r-    C:\Users\Eric CARIOU\AppData\Roaming\Microsoft\Installer\{3EE9BCAE-E9A9-45E5-9B1C-83A4D357E05C}\ARPPRODUCTICON.exe
2013-03-23 14:26:55    --------    d-----w-    C:\ProgramData\Synaptics
2013-03-23 14:23:24    --------    d-----w-    C:\Program Files\Synaptics
2013-03-23 10:06:49    --------    d-----w-    C:\Users\Eric CARIOU\AppData\Roaming\Synaptics
2013-03-23 09:48:00    849408    ----a-w-    C:\Windows\System32\drivers\btmhsf.sys
2013-03-23 09:48:00    60928    ----a-w-    C:\Windows\System32\drivers\iBtFltCoex.sys
2013-03-23 09:48:00    53632    ----a-w-    C:\Windows\System32\opphelper.dll
2013-03-21 16:25:44    --------    d-----w-    C:\Windows\System32\EM680Manufacturers
2013-03-20 21:00:14    333424    ----a-r-    C:\Users\Eric CARIOU\AppData\Roaming\Microsoft\Installer\{F33D873A-5A8E-4E59-B9EF-2252FE160E93}\BOINCManagerShortc_A93DE976FB764046A81032A4C7BB0936.exe
2013-03-20 21:00:14    333424    ----a-r-    C:\Users\Eric CARIOU\AppData\Roaming\Microsoft\Installer\{F33D873A-5A8E-4E59-B9EF-2252FE160E93}\ARPPRODUCTICON.exe
2013-03-19 12:08:21    5256944    ----a-w-    C:\Windows\uninst.exe
2013-03-19 12:08:21    --------    d-----w-    C:\ProgramData\PC1Data
2013-03-19 12:00:21    --------    d-----w-    C:\Users\Eric CARIOU\AppData\Roaming\SpeedyPC Software
2013-03-19 12:00:21    --------    d-----w-    C:\Users\Eric CARIOU\AppData\Roaming\DriverCure
2013-03-19 12:00:07    --------    d-----w-    C:\ProgramData\SpeedyPC Software
2013-03-18 22:13:47    --------    d-----w-    C:\Users\Eric CARIOU\AppData\Local\{1E8CA56F-B6AC-412F-95E6-BA642D629370}
2013-03-18 21:13:23    --------    d-----w-    C:\Users\Eric CARIOU\AppData\Local\Logishrd
2013-03-16 16:48:46    358456    ----a-w-    C:\Windows\System32\drivers\iusb3hub.sys
.
==================== Find3M  ====================
.
2013-04-13 17:37:25    71048    ----a-w-    C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
2013-04-13 17:37:25    691592    ----a-w-    C:\Windows\SysWow64\FlashPlayerApp.exe
2013-04-05 17:50:41    963488    ----a-w-    C:\Windows\System32\deployJava1.dll
2013-04-05 17:50:04    782240    ----a-w-    C:\Windows\SysWow64\deployJava1.dll
2013-03-23 15:33:28    18960    ----a-w-    C:\Windows\System32\drivers\LNonPnP.sys
2013-03-12 17:32:38    1073808    ----a-w-    C:\Windows\boinc.scr
2013-03-11 23:10:56    282744    ------w-    C:\Windows\System32\MpSigStub.exe
2013-02-21 10:30:16    1766912    ----a-w-    C:\Windows\SysWow64\wininet.dll
2013-02-21 10:29:39    2877440    ----a-w-    C:\Windows\SysWow64\jscript9.dll
2013-02-21 10:29:37    61440    ----a-w-    C:\Windows\SysWow64\iesetup.dll
2013-02-21 10:29:37    109056    ----a-w-    C:\Windows\SysWow64\iesysprep.dll
2013-02-21 10:15:07    2240512    ----a-w-    C:\Windows\System32\wininet.dll
2013-02-21 10:14:09    3958784    ----a-w-    C:\Windows\System32\jscript9.dll
2013-02-21 10:14:05    67072    ----a-w-    C:\Windows\System32\iesetup.dll
2013-02-21 10:14:05    136704    ----a-w-    C:\Windows\System32\iesysprep.dll
2013-02-20 20:03:30    769168    ----a-w-    C:\Windows\System32\drivers\Rt64win7.sys
2013-02-20 20:03:30    74344    ----a-w-    C:\Windows\System32\RtNicProp64.dll
2013-02-20 20:03:30    107552    ----a-w-    C:\Windows\System32\RTNUninst64.dll
2013-02-19 12:01:03    2706432    ----a-w-    C:\Windows\SysWow64\mshtml.tlb
2013-02-19 11:42:14    2706432    ----a-w-    C:\Windows\System32\mshtml.tlb
2013-02-19 11:10:53    71680    ----a-w-    C:\Windows\SysWow64\RegisterIEPKEYs.exe
2013-02-19 10:51:18    89600    ----a-w-    C:\Windows\System32\RegisterIEPKEYs.exe
2013-02-12 05:45:24    135168    ----a-w-    C:\Windows\apppatch\AppPatch64\AcXtrnal.dll
2013-02-12 05:45:22    350208    ----a-w-    C:\Windows\apppatch\AppPatch64\AcLayers.dll
2013-02-12 05:45:22    308736    ----a-w-    C:\Windows\apppatch\AppPatch64\AcGenral.dll
2013-02-12 05:45:22    111104    ----a-w-    C:\Windows\apppatch\AppPatch64\acspecfc.dll
2013-02-12 04:48:31    474112    ----a-w-    C:\Windows\apppatch\AcSpecfc.dll
2013-02-12 04:48:26    2176512    ----a-w-    C:\Windows\apppatch\AcGenral.dll
2013-02-12 04:12:05    19968    ----a-w-    C:\Windows\System32\drivers\usb8023.sys
2013-02-11 11:01:47    791608    ----a-w-    C:\Windows\System32\drivers\iusb3xhc.sys
2013-02-06 07:49:21    30736    ----a-w-    C:\Windows\System32\drivers\L8042Kbd.sys
2013-01-31 05:08:40    467184    ----a-w-    C:\Windows\System32\drivers\SynTP.sys
2013-01-31 05:08:34    114416    ----a-w-    C:\Windows\SysWow64\SynTPCOM.dll
2013-01-31 05:08:30    229616    ----a-w-    C:\Windows\System32\SynTPAPI.dll
2013-01-31 05:08:30    180464    ----a-w-    C:\Windows\System32\SynTPCo16.dll
2013-01-31 05:08:26    532208    ----a-w-    C:\Windows\SysWow64\SynCOM.dll
2013-01-31 05:08:24    1035504    ----a-w-    C:\Windows\System32\SynCOM.dll
2013-01-20 13:59:04    230320    ----a-w-    C:\Windows\System32\drivers\MpFilter.sys
2013-01-20 13:59:04    130008    ----a-w-    C:\Windows\System32\drivers\NisDrvWFP.sys
2013-01-19 09:29:20    29480    ----a-w-    C:\Windows\SysWow64\msxml3a.dll
2013-01-18 11:41:38    829264    ----a-w-    C:\Windows\System32\msvcr100.dll
2013-01-18 11:41:38    773968    ----a-w-    C:\Windows\SysWow64\msvcr100.dll
2013-01-18 11:41:38    608080    ----a-w-    C:\Windows\System32\msvcp100.dll
2013-01-18 11:41:38    421200    ----a-w-    C:\Windows\SysWow64\msvcp100.dll
.
============= FINISH: 21:19:30.66 ===============

 

 

 

.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2012-11-20.01)
.
Microsoft Windows 7 Édition Intégrale
Boot Device: \Device\HarddiskVolume2
Install Date: 26/09/2012 12:33:45
System Uptime: 14/04/2013 20:57:12 (1 hours ago)
.
Motherboard: Sony Corporation |  | VAIO
Processor: Intel® Core™ i7-3612QM CPU @ 2.10GHz | N/A | 2101/100mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 452 GiB total, 106.518 GiB free.
D: is FIXED (NTFS) - 1863 GiB total, 784.076 GiB free.
Q: is NetworkDisk (NTFS) - 911 GiB total, 184.936 GiB free.
W: is NetworkDisk (NTFS) - 116 GiB total, 16.561 GiB free.
Z: is NetworkDisk (NTFS) - 116 GiB total, 16.561 GiB free.
.
==== Disabled Device Manager Items =============
.
==== System Restore Points ===================
.
RP453: 13/04/2013 11:53:20 - Sauvegarde Windows
RP455: 13/04/2013 16:36:13 - Microsoft Antimalware Checkpoint
RP456: 13/04/2013 18:15:41 - Sauvegarde Windows
RP457: 13/04/2013 19:37:28 - Removed Adobe Reader X (10.1.6) MUI.
RP458: 13/04/2013 22:00:15 - Sauvegarde Windows
RP459: 14/04/2013 12:16:04 - Removed PCmover Professional.
RP460: 14/04/2013 12:58:55 - Removed Sophos Virus Removal Tool.
RP461: 14/04/2013 19:59:30 - Removed Sophos Virus Removal Tool.
.
==== Installed Programs ======================
.
????? Windows Live
?????? Windows Live
???????? ?????????? Windows Live
?????????? Windows Live
??????????? ?? Windows Live
???????????? Windows Live
Acksys Networking Devices Manager 2.10.2
Adobe Acrobat X Standard - English, Français, Deutsch
Adobe AIR
Adobe Flash Player 11 ActiveX
Adobe Flash Player 11 Plugin
Adobe Reader XI (11.0.02) - Français
AirPort
Aloha TriPeaks
AMD APP SDK Runtime
AMD Catalyst Install Manager
Apple Application Support
Apple Mobile Device Support
Apple Software Update
ArcSoft WebCam Companion 4
AuthenTec TrueSuite
AuthenTec WinBio FingerPrint Software
Avanquest update
Bejeweled 3
Bing Bar
Bing Bureau
Blue Squirrel BlueSync
BOINC
Bonjour
BUFFALO AirStation Configuration Tool
BUFFALO Ethernet Converter Manager
BUFFALO Network-USB Navigator
Build-a-lot 2
Catalyst Control Center
Catalyst Control Center - Branding
Catalyst Control Center Graphics Previews Common
Catalyst Control Center InstallProxy
Catalyst Control Center Localization All
Catalyst Control Center Profiles Mobile
Catamount Software PocketMoney
ccc-utility64
CCC Help Chinese Standard
CCC Help Chinese Traditional
CCC Help Czech
CCC Help Danish
CCC Help Dutch
CCC Help English
CCC Help Finnish
CCC Help French
CCC Help German
CCC Help Greek
CCC Help Hungarian
CCC Help Italian
CCC Help Japanese
CCC Help Korean
CCC Help Norwegian
CCC Help Polish
CCC Help Portuguese
CCC Help Russian
CCC Help Spanish
CCC Help Swedish
CCC Help Thai
CCC Help Turkish
CDDRV_Installer
Chuzzle Deluxe
Contrôle ActiveX Windows Live Mesh pour connexions à distance
CopyTrans Suite désinstallation uniquement
Core Temp 1.0 RC5
Covera 2.1
CyberLink PowerDVD
D3DX10
Definition Update for Microsoft Office 2010 (KB982726) 32-Bit Edition
DesktopMirror for Outlook and Palm Desktop 4.5
Dexpot
Diagnostic du ventilateur de l'UC VAIO
Dolby Home Theater v4
Dream Aquarium
eReg
erLT
ESET Online Scanner v3
Evernote v. 4.5.2
FDUx86
Formant ActiveX programu Windows Live Mesh odpowiedzialny za obsluge polaczen zdalnych
Fotogalerija Windows Live
Galeria de Fotografias do Windows Live
Galeria fotografii uslugi Windows Live
Galerie de photos Windows Live
Galerie foto Windows Live
Gestion commerciale
Gobi_Firmware
Google Update Helper
Google Earth
HW Gobi 3000 Driver 1.08.00.00
iCloud
inSSIDer
Intel® Display Audio Driver
Intel® Management Engine Components
Intel® PROSet/Wireless for Bluetooth® + High Speed
Intel® PROSet/Wireless Software for Bluetooth® Technology
Intel® PROSet/Wireless WiFi Software Driver
Intel® Rapid Storage Technology
Intel® USB 3.0 eXtensible Host Controller Driver
Intel® WiDi
Intel® Wireless Display
Intel® PROSet/Wireless WiFi Software
Intel® Trusted Connect Service Client
Iomega QuikProtect (64-Bit)
iTunes
Java 7 Update 17
Java 7 Update 17 (64-bit)
Java Auto Updater
Jeux WildTangent
Jewel Match 3
Jewel Quest II
Junk Mail filter update
KhalInstallWrapper
KUx86
LaCie Desktop Manager 1.5.6
LenovoEMC Storage Manager
LiveUpdate 3.2 (Symantec Corporation)
Logiciel Intel® PROSet/Wireless
Logiciel Logitech Unifying 2.10
Logitech SetPoint
Logitech Solar App 1.0
Mahjongg Artifacts
Manuel VAIO
Media Go
Mesh Runtime
Microsoft .NET Framework 4 Client Profile
Microsoft .NET Framework 4 Client Profile FRA Language Pack
Microsoft .NET Framework 4 Extended
Microsoft .NET Framework 4 Extended FRA Language Pack
Microsoft Application Error Reporting
Microsoft Office 2010 Service Pack 1 (SP1)
Microsoft Office Access MUI (French) 2010
Microsoft Office Excel MUI (French) 2010
Microsoft Office Office 64-bit Components 2010
Microsoft Office OneNote MUI (French) 2010
Microsoft Office Outlook MUI (French) 2010
Microsoft Office PowerPoint MUI (French) 2010
Microsoft Office Professionnel 2010
Microsoft Office Proof (Arabic) 2010
Microsoft Office Proof (Dutch) 2010
Microsoft Office Proof (English) 2010
Microsoft Office Proof (French) 2010
Microsoft Office Proof (German) 2010
Microsoft Office Proof (Spanish) 2010
Microsoft Office Proofing (French) 2010
Microsoft Office Publisher MUI (French) 2010
Microsoft Office Shared 64-bit MUI (French) 2010
Microsoft Office Shared MUI (French) 2010
Microsoft Office Single Image 2010
Microsoft Office Word MUI (French) 2010
Microsoft Security Client
Microsoft Security Essentials
Microsoft Silverlight
Microsoft SQL Server 2005 Compact Edition [ENU]
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2005 Redistributable (x64)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.21022
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219
Module linguistique Microsoft .NET Framework 4 Client Profile FRA
Module linguistique Microsoft .NET Framework 4 Extended FRA
Mozilla Firefox 19.0.2 (x86 fr)
Mozilla Maintenance Service
MSVCRT
MSVCRT_amd64
MSXML 4.0 SP3 Parser
MSXML 4.0 SP3 Parser (KB2721691)
MSXML 4.0 SP3 Parser (KB2758694)
Mystery P.I. - The London Caper
MyWinLocker
MyWinLocker 4
Nitro Pro 8
Norton Ghost
Notepad++
OneClick Internet
OpenVPN 2.2.2
Outil de restauration de données VAIO
Package de pilotes Windows - Marvell Inc. (mv61xx) SCSIAdapter  (05/24/2012 1.2.0.8400)
Palm Desktop
PDF Combine
PlayStation®Network Downloader
PlayStation®Store
Poczta uslugi Windows Live
Podstawowe programy Windows Live
Pošta Windows Live
PX Profile Update
PYV_x86
QuickTime
Raccolta foto di Windows Live
Realtek Ethernet Controller Driver
Realtek High Definition Audio Driver
Realtek PCIE Card Reader
Renesas Electronics USB 3.0 Host Controller Driver
Roxio Creator LJ
S?????? f?t???af??? t?? Windows Live
Sage 100 Gestion commerciale
Sage Serveur
Samsung_MonSetup
Saturn 3D Space Tour screensaver v1.0
Secret! Desktop 5.2
Security Update for Microsoft .NET Framework 4 Client Profile (KB2604121)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368v2)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656405)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2686827)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2729449)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2736428)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2737019)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2742595)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2789642)
Security Update for Microsoft .NET Framework 4 Extended (KB2487367)
Security Update for Microsoft .NET Framework 4 Extended (KB2656351)
Security Update for Microsoft .NET Framework 4 Extended (KB2736428)
Security Update for Microsoft .NET Framework 4 Extended (KB2742595)
Security Update for Microsoft Excel 2010 (KB2597126) 32-Bit Edition
Security Update for Microsoft Filter Pack 2.0 (KB2553501) 32-Bit Edition
Security Update for Microsoft InfoPath 2010 (KB2760406) 32-Bit Edition
Security Update for Microsoft Office 2010 (KB2553091)
Security Update for Microsoft Office 2010 (KB2553096)
Security Update for Microsoft Office 2010 (KB2553371) 32-Bit Edition
Security Update for Microsoft Office 2010 (KB2553447) 32-Bit Edition
Security Update for Microsoft Office 2010 (KB2589320) 32-Bit Edition
Security Update for Microsoft Office 2010 (KB2598243) 32-Bit Edition
Security Update for Microsoft Office 2010 (KB2687501) 32-Bit Edition
Security Update for Microsoft Office 2010 (KB2687510) 32-Bit Edition
Security Update for Microsoft OneNote 2010 (KB2760600) 32-Bit Edition
Security Update for Microsoft Visio Viewer 2010 (KB2687505) 32-Bit Edition
Security Update for Microsoft Word 2010 (KB2760410) 32-Bit Edition
Sierra Wireless QMI Driver Package
Skype™ 6.1
Sony PC Companion 2.10.136
Sothink SWF Easy
Spamihilator 1.5.0 (32 bit)
Spamihilator 1.5.0 (64 bit)
Spybot - Search & Destroy
SSLx64
SSLx86
Stock Manager Conduit
Synaptics Pointing Device Driver
System Requirements Lab for Intel
Systran Desktop 7
TriDef 3D 5.7
TwonkyMedia
Uniblue Powersuite
Unity Web Player
Update for Microsoft .NET Framework 4 Client Profile (KB2468871)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523)
Update for Microsoft .NET Framework 4 Client Profile (KB2600217)
Update for Microsoft .NET Framework 4 Extended (KB2468871)
Update for Microsoft .NET Framework 4 Extended (KB2533523)
Update for Microsoft .NET Framework 4 Extended (KB2600217)
Update for Microsoft Office 2010 (KB2553065)
Update for Microsoft Office 2010 (KB2553181) 32-Bit Edition
Update for Microsoft Office 2010 (KB2553267) 32-Bit Edition
Update for Microsoft Office 2010 (KB2553270) 32-Bit Edition
Update for Microsoft Office 2010 (KB2553310) 32-Bit Edition
Update for Microsoft Office 2010 (KB2553378) 32-Bit Edition
Update for Microsoft Office 2010 (KB2566458)
Update for Microsoft Office 2010 (KB2596964) 32-Bit Edition
Update for Microsoft Office 2010 (KB2598242) 32-Bit Edition
Update for Microsoft Office 2010 (KB2687503) 32-Bit Edition
Update for Microsoft Office 2010 (KB2687509) 32-Bit Edition
Update for Microsoft Office 2010 (KB2760631) 32-Bit Edition
Update for Microsoft Office 2010 (KB2767886) 32-Bit Edition
Update for Microsoft OneNote 2010 (KB2553290) 32-Bit Edition
Update for Microsoft Outlook 2010 (KB2597090) 32-Bit Edition
Update for Microsoft Outlook 2010 (KB2687623) 32-Bit Edition
Update for Microsoft Outlook Social Connector 2010 (KB2553406) 32-Bit Edition
Update for Microsoft PowerPoint 2010 (KB2598240) 32-Bit Edition
Update for Microsoft SharePoint Workspace 2010 (KB2589371) 32-Bit Edition
Update Installer for WildTangent Games App
V3DPx86
VAIO - Microsoft Visual C++ 2010 SP1 Runtime 10.0.40219.325
VAIO 3D Portal
VAIO Care
VAIO Control Center
VAIO Data Restore Tool
VAIO Easy Connect
VAIO Gate
VAIO Gate Default
VAIO Gesture Control
VAIO Improvement
VAIO Improvement Validation
VAIO Smart Network
VAIO Transfer Support
VAIO Update
VBMx86
VCCx64
VCCx86
VHD
VIx64
VIx86
VMLx86
VPMx64
VSNx64
VSNx86
VSSTx64
VSSTx86
VU5x64
VU5x86
VWSTx86
WildTangent Games App
Windows 7 Logon Background Changer
Windows Driver Package - Marvell Inc. (mv61xx) SCSIAdapter  (04/14/2011 1.2.0.8200)
Windows Live
Windows Live Communications Platform
Windows Live Essentials
Windows Live Fotótár
Windows Live Fotogalerie
Windows Live Fotogalleri
Windows Live Fotogaléria
Windows Live Fotograf Galerisi
Windows Live ID Sign-in Assistant
Windows Live Installer
Windows Live Language Selector
Windows Live Mail
Windows Live Mesh
Windows Live Messenger
Windows Live MIME IFilter
Windows Live Movie Maker
Windows Live Photo Common
Windows Live Photo Gallery
Windows Live PIMT Platform
Windows Live Remote Client
Windows Live Remote Client Resources
Windows Live Remote Service
Windows Live Remote Service Resources
Windows Live SOXE
Windows Live SOXE Definitions
Windows Live Temel Parçalar
Windows Live UX Platform
Windows Live UX Platform Language Pack
Windows Live Writer
Windows Live Writer Resources
Windows Liven asennustyökalu
Windows Liven sähköposti
Windows Liven valokuvavalikoima
Windows Media Player Firefox Plugin
Windows XP Mode
WinZip 15.0
.
==== End Of File ===========================


 



#14 nasdaq

nasdaq

  • Malware Response Team
  • 39,179 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:07:54 PM

Posted 15 April 2013 - 08:02 AM

je n'ai qu'un copie d'écran mais je ne trouve pas comment attacher un fichier image.

Lors d'un affichage tu peut attacher un fichier.
Au bas de l'ecran, click Choose a file, tu doit naviguer pour trouver le fichier dans to ordi.
un fois trouber click Attach this file.
===

Ceci doit partir.
FF - ExtSQL: 2013-04-14 12:54; webbooster@iminent.com; C:\Program Files (x86)\Iminent\webbooster@iminent.com

Execute AdwCleaner, avec la function delete. Copie et colle le resultat.
===

Execute cet outil de Microsoft.
http://www.microsoft.com/security/scanner/en-us/default.aspx

===

Un autre programme a executer.

Please download RogueKiller© by Tigzy from one of the links below and save it to your desktop.
Link 1 Bleepingcomputer
Link 2 RogueKiller (par Tigzy)

Quit all running programs.

For Windows XP, double-click to start.
For Vista or Windows 7, do a right-click on the program, select Run as Administrator to start, & when prompted Allow to run.

Click Scan to scan the system.
When the scan completes > Close out the program > Don't Fix anything!

Don't run any other options, they're not all bad!!!!!!!

Post back the report which should be located on your desktop, DO NOT ATTACH THE LOG.

#15 ERIC78450

ERIC78450
  • Topic Starter

  • Members
  • 20 posts
  • OFFLINE
  •  
  • Local time:01:54 AM

Posted 15 April 2013 - 09:22 AM

Bonjour,

 

I'm sorry as I can't locate "choose a file" ???

 

C:\Program Files (x86)\Iminent\webbooster@iminent.com has been removed.

MSERT didn't report any problem.

 

RogueKiller has quarantined severa files :

 

boinc.src.vir

eula.txt

PhysicalDrive0_user.dat

PhysicalDrive1_user.dat

QuarantineReport.txt

 

ADWcleaner and RogueKiller reports below :

 

# AdwCleaner v2.200 - Rapport créé le 15/04/2013 à 15:21:28
# Mis à jour le 02/04/2013 par Xplode
# Système d'exploitation : Windows 7 Ultimate Service Pack 1 (64 bits)
# Nom d'utilisateur : Eric CARIOU - DIR1
# Mode de démarrage : Normal
# Exécuté depuis : C:\Users\Eric CARIOU\Desktop\Palm &  PC & divers\Recherche virus\adwcleaner.exe
# Option [Suppression]


***** [Services] *****


***** [Fichiers / Dossiers] *****

Dossier Supprimé : C:\ProgramData\APN

***** [Registre] *****

Clé Supprimée : HKCU\Software\Iminent
Clé Supprimée : HKLM\SOFTWARE\Classes\TypeLib\{2BF2028E-3F3C-4C05-AB45-B2F1DCFE0759}
Clé Supprimée : HKLM\SOFTWARE\Classes\TypeLib\{DB538320-D3C5-433C-BCA9-C4081A054FCF}
Clé Supprimée : HKLM\Software\Iminent
Clé Supprimée : HKLM\SOFTWARE\Microsoft\Tracing\Iminent_RASAPI32
Clé Supprimée : HKLM\SOFTWARE\Microsoft\Tracing\Iminent_RASMANCS
Clé Supprimée : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{02054E11-5113-4BE3-8153-AA8DFB5D3761}
Clé Supprimée : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{021B4049-F57D-4565-A693-FD3B04786BFA}
Clé Supprimée : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{0362AA09-808D-48E9-B360-FB51A8CBCE09}
Clé Supprimée : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{06844020-CD0B-3D3D-A7FE-371153013E49}
Clé Supprimée : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{0ADC01BB-303B-3F8E-93DA-12C140E85460}
Clé Supprimée : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{10D3722F-23E6-3901-B6C1-FF6567121920}
Clé Supprimée : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{1675E62B-F911-3B7B-A046-EB57261212F3}
Clé Supprimée : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{192929F2-9273-3894-91B0-F54671C4C861}
Clé Supprimée : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{2932897E-3036-43D9-8A64-B06447992065}
Clé Supprimée : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{2DE92D29-A042-3C37-BFF8-07C7D8893EFA}
Clé Supprimée : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{32B80AD6-1214-45F4-994E-78A5D482C000}
Clé Supprimée : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{3A8E103F-B2B7-3BEF-B3B0-88E29B2420E4}
Clé Supprimée : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{478CE5D3-D38E-3FFE-8DBE-8C4A0F1C4D8D}
Clé Supprimée : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{48B7DA4E-69ED-39E3-BAD5-3E3EFF22CFB0}
Clé Supprimée : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{5982F405-44E4-3BBB-BAC4-CF8141CBBC5C}
Clé Supprimée : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{5D8C3CC3-3C05-38A1-B244-924A23115FE9}
Clé Supprimée : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{641593AF-D9FD-30F7-B783-36E16F7A2E08}
Clé Supprimée : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{711FC48A-1356-3932-94D8-A8B733DBC7E4}
Clé Supprimée : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{72227B7F-1F02-3560-95F5-592E68BACC0C}
Clé Supprimée : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{7B5E8CE3-4722-4C0E-A236-A6FF731BEF37}
Clé Supprimée : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{890D4F59-5ED0-3CB4-8E0E-74A5A86E7ED0}
Clé Supprimée : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{8C68913C-AC3C-4494-8B9C-984D87C85003}
Clé Supprimée : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{8D019513-083F-4AA5-933F-7D43A6DA82C4}
Clé Supprimée : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{923F6FB8-A390-370E-A0D2-DD505432481D}
Clé Supprimée : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{9BBB26EF-B178-35D6-9D3D-B485F4279FE5}
Clé Supprimée : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{A62DDBE0-8D2A-339A-B089-8CBCC5CD322A}
Clé Supprimée : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{A82AD04D-0B8E-3A49-947B-6A69A8A9C96D}
Clé Supprimée : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{ADEB3CC9-A05D-4FCC-BD09-9025456AA3EA}
Clé Supprimée : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{B06D4521-D09C-3F41-8E39-9D784CCA2A75}
Clé Supprimée : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{C06DAD42-6F39-4CE1-83CC-9A8B9105E556}
Clé Supprimée : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{C2E799D0-43A5-3477-8A98-FC5F3677F35C}
Clé Supprimée : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{D16107CD-2AD5-46A8-BA59-303B7C32C500}
Clé Supprimée : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{D25B101F-8188-3B43-9D85-201F372BC205}
Clé Supprimée : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{D2BA7595-5E44-3F1E-880F-03B3139FA5ED}
Clé Supprimée : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{D35F5C81-17D9-3E1C-A1FC-4472542E1D25}
Clé Supprimée : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{D8FA96CA-B250-312C-AF34-4FF1DD72589D}
Clé Supprimée : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{DAFC1E63-3359-416D-9BC2-E7DCA6F7B0F3}
Clé Supprimée : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{DC5E5C44-80FD-3697-9E65-9F286D92F3E7}
Clé Supprimée : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{E1B4C9DE-D741-385F-981E-6745FACE6F01}
Clé Supprimée : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{E7B623F5-9715-3F9F-A671-D1485A39F8A2}
Clé Supprimée : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{ED916A7B-7C68-3198-B87D-2DABC30A5587}
Clé Supprimée : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{EFA1BDB2-BB3D-3D9A-8EB5-D0D22E0F64F4}
Clé Supprimée : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{F4CBF4DD-F8FE-35BA-BB7E-68304DAAB70B}
Clé Supprimée : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{FC32005D-E27C-32E0-ADFA-152F598B75E7}
Clé Supprimée : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{68B81CCD-A80C-4060-8947-5AE69ED01199}
Clé Supprimée : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{E6B969FB-6D33-48D2-9061-8BBD4899EB08}
Clé Supprimée : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\SearchTheWebARP
Clé Supprimée : HKLM\SOFTWARE\Classes\Interface\{021B4049-F57D-4565-A693-FD3B04786BFA}
Clé Supprimée : HKLM\SOFTWARE\Classes\Interface\{0362AA09-808D-48E9-B360-FB51A8CBCE09}
Clé Supprimée : HKLM\SOFTWARE\Classes\Interface\{06844020-CD0B-3D3D-A7FE-371153013E49}
Clé Supprimée : HKLM\SOFTWARE\Classes\Interface\{0ADC01BB-303B-3F8E-93DA-12C140E85460}
Clé Supprimée : HKLM\SOFTWARE\Classes\Interface\{10D3722F-23E6-3901-B6C1-FF6567121920}
Clé Supprimée : HKLM\SOFTWARE\Classes\Interface\{1675E62B-F911-3B7B-A046-EB57261212F3}
Clé Supprimée : HKLM\SOFTWARE\Classes\Interface\{192929F2-9273-3894-91B0-F54671C4C861}
Clé Supprimée : HKLM\SOFTWARE\Classes\Interface\{2932897E-3036-43D9-8A64-B06447992065}
Clé Supprimée : HKLM\SOFTWARE\Classes\Interface\{2DE92D29-A042-3C37-BFF8-07C7D8893EFA}
Clé Supprimée : HKLM\SOFTWARE\Classes\Interface\{32B80AD6-1214-45F4-994E-78A5D482C000}
Clé Supprimée : HKLM\SOFTWARE\Classes\Interface\{3A8E103F-B2B7-3BEF-B3B0-88E29B2420E4}
Clé Supprimée : HKLM\SOFTWARE\Classes\Interface\{478CE5D3-D38E-3FFE-8DBE-8C4A0F1C4D8D}
Clé Supprimée : HKLM\SOFTWARE\Classes\Interface\{48B7DA4E-69ED-39E3-BAD5-3E3EFF22CFB0}
Clé Supprimée : HKLM\SOFTWARE\Classes\Interface\{5982F405-44E4-3BBB-BAC4-CF8141CBBC5C}
Clé Supprimée : HKLM\SOFTWARE\Classes\Interface\{5D8C3CC3-3C05-38A1-B244-924A23115FE9}
Clé Supprimée : HKLM\SOFTWARE\Classes\Interface\{641593AF-D9FD-30F7-B783-36E16F7A2E08}
Clé Supprimée : HKLM\SOFTWARE\Classes\Interface\{711FC48A-1356-3932-94D8-A8B733DBC7E4}
Clé Supprimée : HKLM\SOFTWARE\Classes\Interface\{72227B7F-1F02-3560-95F5-592E68BACC0C}
Clé Supprimée : HKLM\SOFTWARE\Classes\Interface\{7B5E8CE3-4722-4C0E-A236-A6FF731BEF37}
Clé Supprimée : HKLM\SOFTWARE\Classes\Interface\{890D4F59-5ED0-3CB4-8E0E-74A5A86E7ED0}
Clé Supprimée : HKLM\SOFTWARE\Classes\Interface\{8C68913C-AC3C-4494-8B9C-984D87C85003}
Clé Supprimée : HKLM\SOFTWARE\Classes\Interface\{8D019513-083F-4AA5-933F-7D43A6DA82C4}
Clé Supprimée : HKLM\SOFTWARE\Classes\Interface\{923F6FB8-A390-370E-A0D2-DD505432481D}
Clé Supprimée : HKLM\SOFTWARE\Classes\Interface\{9BBB26EF-B178-35D6-9D3D-B485F4279FE5}
Clé Supprimée : HKLM\SOFTWARE\Classes\Interface\{A62DDBE0-8D2A-339A-B089-8CBCC5CD322A}
Clé Supprimée : HKLM\SOFTWARE\Classes\Interface\{A82AD04D-0B8E-3A49-947B-6A69A8A9C96D}
Clé Supprimée : HKLM\SOFTWARE\Classes\Interface\{ADEB3CC9-A05D-4FCC-BD09-9025456AA3EA}
Clé Supprimée : HKLM\SOFTWARE\Classes\Interface\{B06D4521-D09C-3F41-8E39-9D784CCA2A75}
Clé Supprimée : HKLM\SOFTWARE\Classes\Interface\{C06DAD42-6F39-4CE1-83CC-9A8B9105E556}
Clé Supprimée : HKLM\SOFTWARE\Classes\Interface\{C2E799D0-43A5-3477-8A98-FC5F3677F35C}
Clé Supprimée : HKLM\SOFTWARE\Classes\Interface\{D16107CD-2AD5-46A8-BA59-303B7C32C500}
Clé Supprimée : HKLM\SOFTWARE\Classes\Interface\{D25B101F-8188-3B43-9D85-201F372BC205}
Clé Supprimée : HKLM\SOFTWARE\Classes\Interface\{D2BA7595-5E44-3F1E-880F-03B3139FA5ED}
Clé Supprimée : HKLM\SOFTWARE\Classes\Interface\{D35F5C81-17D9-3E1C-A1FC-4472542E1D25}
Clé Supprimée : HKLM\SOFTWARE\Classes\Interface\{D8FA96CA-B250-312C-AF34-4FF1DD72589D}
Clé Supprimée : HKLM\SOFTWARE\Classes\Interface\{DAFC1E63-3359-416D-9BC2-E7DCA6F7B0F3}
Clé Supprimée : HKLM\SOFTWARE\Classes\Interface\{DC5E5C44-80FD-3697-9E65-9F286D92F3E7}
Clé Supprimée : HKLM\SOFTWARE\Classes\Interface\{E1B4C9DE-D741-385F-981E-6745FACE6F01}
Clé Supprimée : HKLM\SOFTWARE\Classes\Interface\{E7B623F5-9715-3F9F-A671-D1485A39F8A2}
Clé Supprimée : HKLM\SOFTWARE\Classes\Interface\{ED916A7B-7C68-3198-B87D-2DABC30A5587}
Clé Supprimée : HKLM\SOFTWARE\Classes\Interface\{EFA1BDB2-BB3D-3D9A-8EB5-D0D22E0F64F4}
Clé Supprimée : HKLM\SOFTWARE\Classes\Interface\{F4CBF4DD-F8FE-35BA-BB7E-68304DAAB70B}
Clé Supprimée : HKLM\SOFTWARE\Classes\Interface\{FC32005D-E27C-32E0-ADFA-152F598B75E7}

***** [Navigateurs] *****

-\\ Internet Explorer v10.0.9200.16537

[OK] Le registre ne contient aucune entrée illégitime.

-\\ Mozilla Firefox v19.0.2 (fr)

Fichier : C:\Users\Eric CARIOU\AppData\Roaming\Mozilla\Firefox\Profiles\oagrga6b.default\prefs.js

[OK] Le fichier ne contient aucune entrée illégitime.

*************************

AdwCleaner[S2].txt - [9882 octets] - [15/04/2013 15:21:28]

########## EOF - C:\AdwCleaner[S2].txt - [9942 octets] ##########
 

 

 

RogueKiller V8.5.4 [Mar 18 2013] par Tigzy
mail : tigzyRK<at>gmail<dot>com
Remontees : http://www.sur-la-toile.com/discussion-193725-1--RogueKiller-Remontees.html
Site Web : http://www.sur-la-toile.com/RogueKiller/
Blog : http://tigzyrk.blogspot.com/

Systeme d'exploitation : Windows 7 (6.1.7601 Service Pack 1) 64 bits version
Demarrage : Mode normal
Utilisateur : Eric CARIOU [Droits d'admin]
Mode : Recherche -- Date : 15/04/2013 16:08:04
| ARK || FAK || MBR |

¤¤¤ Processus malicieux : 0 ¤¤¤

¤¤¤ Entrees de registre : 13 ¤¤¤
[DNS] HKLM\[...]\ControlSet001\Services\Tcpip\Interfaces\{41D72894-860E-4A86-8DB9-0A75905C019A} : NameServer (8.8.8.8,8.8.4.4,4.2.2.1,4.2.2.2,208.67.222.222,208.67.220.220,8.26.56.26,8.20.247.20,156.154.70.1,156.154.71.1) -> TROUVÉ
[DNS] HKLM\[...]\ControlSet002\Services\Tcpip\Interfaces\{41D72894-860E-4A86-8DB9-0A75905C019A} : NameServer (8.8.8.8,8.8.4.4,4.2.2.1,4.2.2.2,208.67.222.222,208.67.220.220,8.26.56.26,8.20.247.20,156.154.70.1,156.154.71.1) -> TROUVÉ
[HJPOL] HKLM\[...]\System : DisableRegistryTools (0) -> TROUVÉ
[HJ] HKLM\[...]\System : ConsentPromptBehaviorAdmin (0) -> TROUVÉ
[HJPOL] HKLM\[...]\Wow6432Node\System : DisableRegistryTools (0) -> TROUVÉ
[HJ] HKLM\[...]\Wow6432Node\System : ConsentPromptBehaviorAdmin (0) -> TROUVÉ
[HJ] HKLM\[...]\System : EnableLUA (0) -> TROUVÉ
[HJ] HKLM\[...]\Wow6432Node\System : EnableLUA (0) -> TROUVÉ
[HJ DESK] HKCU\[...]\ClassicStartMenu : {59031A47-3F72-44A7-89C5-5595FE6B30EE} (1) -> TROUVÉ
[HJ DESK] HKCU\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> TROUVÉ
[HJ DESK] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> TROUVÉ
[HJ DESK] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> TROUVÉ
[SCREENSV][SUSP PATH] HKCU\[...]\Desktop (C:\Windows\boinc.scr) [7] -> TROUVÉ

¤¤¤ Fichiers / Dossiers particuliers: ¤¤¤

¤¤¤ Driver : [NON CHARGE] ¤¤¤

¤¤¤ Fichier HOSTS: ¤¤¤
--> C:\Windows\system32\drivers\etc\hosts

127.0.0.1       localhost


¤¤¤ MBR Verif: ¤¤¤

+++++ PhysicalDrive0: Volume0 +++++
--- User ---
[MBR] 3c99af543049fb955103dd0a83501544
[BSP] 6d19967adbdc68e5d9ad9c98f2901e36 : Windows 7/8 MBR Code
Partition table:
0 - [XXXXXX] ACER (0x27) [VISIBLE] Offset (sectors): 2048 | Size: 16649 Mo
1 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 34099200 | Size: 350 Mo
2 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 34816000 | Size: 463181 Mo
3 - [XXXXXX] EXTEN-LBA (0x0f) [VISIBLE] Offset (sectors): 983410688 | Size: 8210 Mo
User = LL1 ... OK!
Error reading LL2 MBR!

+++++ PhysicalDrive1: Seagate FreeAgent Go USB Device +++++
--- User ---
[MBR] 304484984da4c19655cae9a27bf33dbd
[BSP] 5cab7fac78b6fe5301595cea6da44b25 : Empty MBR Code
Partition table:
0 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 63 | Size: 610477 Mo
User = LL1 ... OK!
Error reading LL2 MBR!

Termine : << RKreport[1]_S_15042013_160804.txt >>
RKreport[1]_S_15042013_160804.txt


 






0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users