Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Am I infected ? Avast - Win32:Trojan-gen


  • This topic is locked This topic is locked
3 replies to this topic

#1 JMF11

JMF11

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Local time:05:29 AM

Posted 12 June 2014 - 03:37 PM

Hello,

 

My name is Jean-Marc, I'm normally cautious about my computer safety and recently I performed a scan of my computer. Avast detected some issues:

Win32:Trojan-gen in mini-KMS_activator_v1.052.exe

Oropax, Yankee Doodle, Diskspoiler in some .ldb files in the Recycle.bin

 

 

 

I discovered your site and went through the "information gathering" process proposed in another thread (http://www.bleepingcomputer.com/forums/t/536915/not-sure-if-i-have-a-virus/). I performed:

- Security Check

- Farbar Service Scanner

- MiniToolBox

- Malwarebytes Anti-Malware

- Malwarebytes Anti-Rootkit

- Rkill

 

Do I have a really a Trojan virus ? Below, the logs:

 

Thanks for your help !!!

 

Kind regards,

 

JMF

 

Results of screen317's Security Check version 0.99.84  
 Windows 7 Service Pack 1 x64 (UAC is enabled)  
 Internet Explorer 11  
``````````````Antivirus/Firewall Check:``````````````
avast! Antivirus   
 Antivirus up to date!   
`````````Anti-malware/Other Utilities Check:`````````
 Java 7 Update 55  
 Java version out of Date!
 Adobe Flash Player 13.0.0.214  
 Adobe Reader XI  
 Mozilla Firefox (30.0)
 Mozilla Thunderbird (24.6.0)
 Google Chrome 35.0.1916.114  
 Google Chrome 35.0.1916.153  
````````Process Check: objlist.exe by Laurent````````  
 AVAST Software Avast AvastSvc.exe  
 AVAST Software Avast avastui.exe  
`````````````````System Health check`````````````````
 Total Fragmentation on Drive C: =
````````````````````End of Log``````````````````````







Farbar Service Scanner Version: 10-06-2014
Ran by admin JMF (administrator) on 12-06-2014 at 21:20:50
Running from "C:\Users\admin JMF\Downloads"
Microsoft Windows 7 Édition Intégrale  Service Pack 1 (X64)
Boot Mode: Normal
****************************************************************

Internet Services:
============

Connection Status:
==============
Localhost is accessible.
LAN connected.
Google IP is accessible.
Google.com is accessible.
Yahoo.com is accessible.


Windows Firewall:
=============

Firewall Disabled Policy:
==================


System Restore:
============

System Restore Disabled Policy:
========================


Action Center:
============


Windows Update:
============

Windows Autoupdate Disabled Policy:
============================


Windows Defender:
==============

Other Services:
==============


File Check:
========
C:\Windows\System32\nsisvc.dll => File is digitally signed
C:\Windows\System32\drivers\nsiproxy.sys => File is digitally signed
C:\Windows\System32\drivers\afd.sys => File is digitally signed
C:\Windows\System32\drivers\tdx.sys => File is digitally signed
C:\Windows\System32\Drivers\tcpip.sys => File is digitally signed
C:\Windows\System32\dnsrslvr.dll => File is digitally signed
C:\Windows\System32\mpssvc.dll => File is digitally signed
C:\Windows\System32\bfe.dll => File is digitally signed
C:\Windows\System32\drivers\mpsdrv.sys => File is digitally signed
C:\Windows\System32\SDRSVC.dll => File is digitally signed
C:\Windows\System32\vssvc.exe => File is digitally signed
C:\Windows\System32\wscsvc.dll => File is digitally signed
C:\Windows\System32\wbem\WMIsvc.dll => File is digitally signed
C:\Windows\System32\wuaueng.dll => File is digitally signed
C:\Windows\System32\qmgr.dll => File is digitally signed
C:\Windows\System32\es.dll => File is digitally signed
C:\Windows\System32\cryptsvc.dll => File is digitally signed
C:\Program Files\Windows Defender\MpSvc.dll => File is digitally signed
C:\Windows\System32\ipnathlp.dll => File is digitally signed
C:\Windows\System32\iphlpsvc.dll => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed


**** End of log ****




Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (06/12/2014 09:06:55 PM) (Source: SideBySide) (User: )
Description: La création du contexte d’activation a échoué pour « Microsoft.VC80.MFCLOC,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50608.0"1 ».
Assembly dépendant Microsoft.VC80.MFCLOC,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50608.0" introuvable.
Utilisez sxstrace.exe pour un diagnostic détaillé.

Error: (06/12/2014 09:06:55 PM) (Source: SideBySide) (User: )
Description: La création du contexte d’activation a échoué pour « Microsoft.VC80.MFCLOC,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50608.0"1 ».
Assembly dépendant Microsoft.VC80.MFCLOC,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50608.0" introuvable.
Utilisez sxstrace.exe pour un diagnostic détaillé.

Error: (06/12/2014 08:55:09 PM) (Source: Application Error) (User: )
Description: Nom de l’application défaillante MSICommService.exe, version : 0.0.0.0, horodatage : 0x538d96bd
Nom du module défaillant : MSICommService.exe, version : 0.0.0.0, horodatage : 0x538d96bd
Code d’exception : 0xc0000005
Décalage d’erreur : 0x0000f695
ID du processus défaillant : 0x137c
Heure de début de l’application défaillante : 0xMSICommService.exe0
Chemin d’accès de l’application défaillante : MSICommService.exe1
Chemin d’accès du module défaillant: MSICommService.exe2
ID de rapport : MSICommService.exe3

Error: (06/12/2014 08:55:00 PM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (06/12/2014 08:54:59 PM) (Source: SideBySide) (User: )
Description: La création du contexte d’activation a échoué pour « Microsoft.VC80.MFCLOC,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50608.0"1 ».
Assembly dépendant Microsoft.VC80.MFCLOC,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50608.0" introuvable.
Utilisez sxstrace.exe pour un diagnostic détaillé.

Error: (06/12/2014 08:54:59 PM) (Source: SideBySide) (User: )
Description: La création du contexte d’activation a échoué pour « Microsoft.VC80.MFCLOC,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50608.0"1 ».
Assembly dépendant Microsoft.VC80.MFCLOC,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50608.0" introuvable.
Utilisez sxstrace.exe pour un diagnostic détaillé.

Error: (06/12/2014 08:38:10 PM) (Source: Application Hang) (User: )
Description: Le programme Explorer.EXE version 6.1.7601.17567 a cessé d’interagir avec Windows et a été fermé. Pour déterminer si des informations supplémentaires sont disponibles, consultez l’historique du problème dans le Centre de maintenance.

ID de processus : e48

Heure de début : 01cf85f9f6bf7876

Heure de fin : 33

Chemin d’accès de l’application : C:\Windows\Explorer.EXE

ID de rapport : b16bbbcb-f260-11e3-9e79-448a5b26ceb4

Error: (06/12/2014 06:52:33 AM) (Source: Application Error) (User: )
Description: Nom de l’application défaillante MSICommService.exe, version : 0.0.0.0, horodatage : 0x538d96bd
Nom du module défaillant : MSICommService.exe, version : 0.0.0.0, horodatage : 0x538d96bd
Code d’exception : 0xc0000005
Décalage d’erreur : 0x0000f695
ID du processus défaillant : 0x9b8
Heure de début de l’application défaillante : 0xMSICommService.exe0
Chemin d’accès de l’application défaillante : MSICommService.exe1
Chemin d’accès du module défaillant: MSICommService.exe2
ID de rapport : MSICommService.exe3

Error: (06/12/2014 06:51:30 AM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003


System errors:
=============
Error: (06/12/2014 09:06:48 PM) (Source: Service Control Manager) (User: )
Description: Le service MSI RAMDrive n’a pas pu démarrer en raison de l’erreur :
%%1058

Error: (06/12/2014 08:55:25 PM) (Source: Service Control Manager) (User: )
Description: Le service MSIDDR_CC s’est terminé de façon inattendue pour la 1ème fois.

Error: (06/12/2014 08:55:25 PM) (Source: Service Control Manager) (User: )
Description: Le service MSICPU_CC s’est terminé de façon inattendue pour la 2ème fois.

Error: (06/12/2014 08:55:25 PM) (Source: Service Control Manager) (User: )
Description: Le service MSICPU_CC s’est terminé de façon inattendue pour la 1ème fois.

Error: (06/12/2014 08:55:25 PM) (Source: Service Control Manager) (User: )
Description: Le service MSISuperIO_CC s’est terminé de façon inattendue pour la 1ème fois.

Error: (06/12/2014 08:55:09 PM) (Source: Service Control Manager) (User: )
Description: Le service MSICOMM_CC s’est terminé de façon inattendue pour la 1ème fois.

Error: (06/12/2014 08:54:44 PM) (Source: Service Control Manager) (User: )
Description: Le service MSI RAMDrive n’a pas pu démarrer en raison de l’erreur :
%%1058

Error: (06/12/2014 08:25:28 PM) (Source: Service Control Manager) (User: )
Description: Le dépassement de délai (30000 millisecondes) a été atteint lors de l’attente de la réponse transactionnelle du service MSICOMM_CC.

Error: (06/12/2014 08:24:58 PM) (Source: Service Control Manager) (User: )
Description: Le dépassement de délai (30000 millisecondes) a été atteint lors de l’attente de la réponse transactionnelle du service MSICOMM_CC.

Error: (06/12/2014 08:24:28 PM) (Source: Service Control Manager) (User: )
Description: Le dépassement de délai (30000 millisecondes) a été atteint lors de l’attente de la réponse transactionnelle du service MSICOMM_CC.


Microsoft Office Sessions:
=========================
Error: (06/12/2014 09:06:58 PM) (Source: WinMgmt)(User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (06/12/2014 09:06:55 PM) (Source: SideBySide)(User: )
Description: Microsoft.VC80.MFCLOC,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50608.0"C:\Program Files (x86)\Canon\Solution Menu EX\MFC80U.DLL

Error: (06/12/2014 09:06:55 PM) (Source: SideBySide)(User: )
Description: Microsoft.VC80.MFCLOC,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50608.0"C:\Program Files (x86)\Canon\Solution Menu EX\MFC80U.DLL

Error: (06/12/2014 08:55:09 PM) (Source: Application Error)(User: )
Description: MSICommService.exe0.0.0.0538d96bdMSICommService.exe0.0.0.0538d96bdc00000050000f695137c01cf866fd4a94e39C:\Program Files (x86)\MSI\Command Center\MSICommService.exeC:\Program Files (x86)\MSI\Command Center\MSICommService.exe12d40208-f263-11e3-bfd2-448a5b26ceb4

Error: (06/12/2014 08:55:00 PM) (Source: WinMgmt)(User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (06/12/2014 08:54:59 PM) (Source: SideBySide)(User: )
Description: Microsoft.VC80.MFCLOC,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50608.0"C:\Program Files (x86)\Canon\Solution Menu EX\MFC80U.DLL

Error: (06/12/2014 08:54:59 PM) (Source: SideBySide)(User: )
Description: Microsoft.VC80.MFCLOC,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50608.0"C:\Program Files (x86)\Canon\Solution Menu EX\MFC80U.DLL

Error: (06/12/2014 08:38:10 PM) (Source: Application Hang)(User: )
Description: Explorer.EXE6.1.7601.17567e4801cf85f9f6bf787633C:\Windows\Explorer.EXEb16bbbcb-f260-11e3-9e79-448a5b26ceb4

Error: (06/12/2014 06:52:33 AM) (Source: Application Error)(User: )
Description: MSICommService.exe0.0.0.0538d96bdMSICommService.exe0.0.0.0538d96bdc00000050000f6959b801cf85fa1ed3be16C:\Program Files (x86)\MSI\Command Center\MSICommService.exeC:\Program Files (x86)\MSI\Command Center\MSICommService.exe5d117ce7-f1ed-11e3-9e79-448a5b26ceb4

Error: (06/12/2014 06:51:30 AM) (Source: WinMgmt)(User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003



=========================== Installed Programs ============================
µTorrent (HKCU\...\uTorrent) (Version: 3.4.2.31515 - BitTorrent Inc.)
7-Zip 9.20 (x64 edition) (HKLM\...\{23170F69-40C1-2702-0920-000001000000}) (Version: 9.20.00.0 - Igor Pavlov)
Adobe Flash Player 13 Plugin (HKCU-x32\...\Adobe Flash Player Plugin) (Version: 13.0.0.214 - Adobe Systems Incorporated)
Adobe Flash Player 13 Plugin (HKLM-x32\...\Adobe Flash Player Plugin) (Version: 13.0.0.214 - Adobe Systems Incorporated)
Adobe Photoshop Lightroom 5.3 64-bit (HKLM\...\{2DD71ACB-552D-402C-9529-7906ACB95C30}) (Version: 5.3.1 - Adobe Systems Incorporated)
Adobe Reader XI (11.0.07) - Français (HKCU-x32\...\{AC76BA86-7AD7-1036-7B44-AB0000000001}) (Version: 11.0.07 - Adobe Systems Incorporated)
Adobe Reader XI (11.0.07) - Français (HKLM-x32\...\{AC76BA86-7AD7-1036-7B44-AB0000000001}) (Version: 11.0.07 - Adobe Systems Incorporated)
Apple Application Support (HKCU-x32\...\{46F044A5-CE8B-4196-984E-5BD6525E361D}) (Version: 2.3.6 - Apple Inc.)
Apple Application Support (HKLM-x32\...\{46F044A5-CE8B-4196-984E-5BD6525E361D}) (Version: 2.3.6 - Apple Inc.)
Apple Software Update (HKCU-x32\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
avast! Free Antivirus (HKCU-x32\...\Avast) (Version: 9.0.2018 - Avast Software)
avast! Free Antivirus (HKLM-x32\...\Avast) (Version: 9.0.2018 - Avast Software)
Bitcoin Armory (HKCU-x32\...\Bitcoin Armory) (Version: 0.91.2.0 - Armory Technologies Inc.)
Bitcoin Armory (HKLM-x32\...\Bitcoin Armory) (Version: 0.91.2.0 - Armory Technologies Inc.)
Bitcoin Core (64-bit) (HKCU\...\Bitcoin Core (64-bit)) (Version: 0.9.1 - Bitcoin Core project)
Canon Easy-PhotoPrint EX (HKCU-x32\...\Easy-PhotoPrint EX) (Version:  - )
Canon Easy-PhotoPrint EX (HKLM-x32\...\Easy-PhotoPrint EX) (Version:  - )
Canon Easy-PhotoPrint Pro - Pro9000 series Extention Data (HKCU-x32\...\Canon Easy-PhotoPrint Pro - Pro9000 series Extention Data) (Version:  - )
Canon Easy-PhotoPrint Pro - Pro9000 series Extention Data (HKLM-x32\...\Canon Easy-PhotoPrint Pro - Pro9000 series Extention Data) (Version:  - )
Canon Easy-PhotoPrint Pro - Pro9500 series Extention Data (HKCU-x32\...\Canon Easy-PhotoPrint Pro - Pro9500 series Extention Data) (Version:  - )
Canon Easy-PhotoPrint Pro - Pro9500 series Extention Data (HKLM-x32\...\Canon Easy-PhotoPrint Pro - Pro9500 series Extention Data) (Version:  - )
Canon Easy-PhotoPrint Pro (HKCU-x32\...\Easy-PhotoPrint Pro) (Version:  - )
Canon Easy-PhotoPrint Pro (HKLM-x32\...\Easy-PhotoPrint Pro) (Version:  - )
Canon IJ Network Scan Utility (HKCU-x32\...\Canon_IJ_Network_Scan_UTILITY) (Version:  - )
Canon IJ Network Scan Utility (HKLM-x32\...\Canon_IJ_Network_Scan_UTILITY) (Version:  - )
Canon IJ Network Tool (HKCU-x32\...\Canon_IJ_Network_UTILITY) (Version:  - )
Canon IJ Network Tool (HKLM-x32\...\Canon_IJ_Network_UTILITY) (Version:  - )
Canon MG8100 series MP Drivers (HKLM\...\{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_MG8100_series) (Version:  - )
Canon MP Navigator EX 4.0 (HKCU-x32\...\MP Navigator EX 4.0) (Version:  - )
Canon MP Navigator EX 4.0 (HKLM-x32\...\MP Navigator EX 4.0) (Version:  - )
Canon My Printer (HKCU-x32\...\CanonMyPrinter) (Version:  - )
Canon My Printer (HKLM-x32\...\CanonMyPrinter) (Version:  - )
Canon Solution Menu EX (HKCU-x32\...\CanonSolutionMenuEX) (Version:  - )
Canon Solution Menu EX (HKLM-x32\...\CanonSolutionMenuEX) (Version:  - )
CD-LabelPrint (HKCU-x32\...\MediaNavigation.CDLabelPrint) (Version:  - )
CD-LabelPrint (HKLM-x32\...\MediaNavigation.CDLabelPrint) (Version:  - )
ColorMunki Display 1.1.0 (HKCU-x32\...\ColorMunki Display_is1) (Version:  - X-Rite)
ColorMunki Display 1.1.0 (HKLM-x32\...\ColorMunki Display_is1) (Version:  - X-Rite)
Core Temp 1.0 RC6 (HKLM\...\{086D343F-8E78-4AFC-81AC-D6D414AFD8AC}_is1) (Version: 1.0 - Alcpu)
CPUID HWMonitor 1.25 (HKLM\...\CPUID HWMonitor_is1) (Version:  - )
CRRCSim 0.9.12 (HKCU-x32\...\CRRCSim) (Version: 0.9.12 - CRRCSim DevTeam)
CRRCSim 0.9.12 (HKLM-x32\...\CRRCSim) (Version: 0.9.12 - CRRCSim DevTeam)
CutePDF Writer 3.0 (HKLM\...\CutePDF Writer Installation) (Version:  3.0 - Acro Software Inc.)
Definition Update for Microsoft Office 2010 (KB982726) 64-Bit Edition (HKLM\...\{90140000-0011-0000-1000-0000000FF1CE}_Office14.PROPLUS_{2A16B95F-7377-410A-B961-EFD9394E1AF3}) (Version:  - Microsoft)
Enregistrement utilisateur de Canon MG8100 series (HKCU-x32\...\Enregistrement utilisateur de Canon MG8100 series) (Version:  - )
Enregistrement utilisateur de Canon MG8100 series (HKLM-x32\...\Enregistrement utilisateur de Canon MG8100 series) (Version:  - )
Evernote v. 5.4 (HKCU-x32\...\{59071464-DAEE-11E3-9080-00163E98E7D0}) (Version: 5.4.0.3698 - Evernote Corp.)
Evernote v. 5.4 (HKLM-x32\...\{59071464-DAEE-11E3-9080-00163E98E7D0}) (Version: 5.4.0.3698 - Evernote Corp.)
foobar2000 v1.3.2 (HKCU-x32\...\foobar2000) (Version: 1.3.2 - Peter Pawlowski)
foobar2000 v1.3.2 (HKLM-x32\...\foobar2000) (Version: 1.3.2 - Peter Pawlowski)
Glary Utilities 5.0 (HKCU-x32\...\Glary Utilities 5) (Version: 5.0.0.1 - Glarysoft Ltd)
Glary Utilities 5.0 (HKLM-x32\...\Glary Utilities 5) (Version: 5.0.0.1 - Glarysoft Ltd)
Google Chrome (HKCU-x32\...\Google Chrome) (Version: 35.0.1916.153 - Google Inc.)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 35.0.1916.153 - Google Inc.)
Google Update Helper (HKCU-x32 Version: 1.3.24.7 - Google Inc.) Hidden
Google Update Helper (x32 Version: 1.3.24.7 - Google Inc.) Hidden
Google Earth (HKCU-x32\...\{4D2A6330-2F8B-11E3-9C40-B8AC6F97B88E}) (Version: 7.1.2.2041 - Google)
Google Earth (HKLM-x32\...\{4D2A6330-2F8B-11E3-9C40-B8AC6F97B88E}) (Version: 7.1.2.2041 - Google)
GrampsAIO64 (HKCU-x32\...\GrampsAIO64) (Version: 3.4.8-1 - The GRAMPS project)
GrampsAIO64 (HKLM-x32\...\GrampsAIO64) (Version: 3.4.8-1 - The GRAMPS project)
Intel® Control Center (HKCU-x32\...\{F8A9085D-4C7A-41a9-8A77-C8998A96C421}) (Version: 1.2.1.1011 - Intel Corporation)
Intel® Control Center (HKLM-x32\...\{F8A9085D-4C7A-41a9-8A77-C8998A96C421}) (Version: 1.2.1.1011 - Intel Corporation)
Intel® Management Engine Components (HKCU-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 9.5.15.1730 - Intel Corporation)
Intel® Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 9.5.15.1730 - Intel Corporation)
Intel® Processor Graphics (HKCU-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 10.18.10.3540 - Intel Corporation)
Intel® Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 10.18.10.3540 - Intel Corporation)
Intel® Smart Connect Technology (HKLM\...\{939CD3F2-0EFA-4CE5-8164-1245F364EDD5}) (Version: 4.2.40.2418 - Intel Corporation)
Intel® USB 3.0 eXtensible Host Controller Driver (HKCU-x32\...\{240C3DDD-C5E9-4029-9DF7-95650D040CF2}) (Version: 2.5.0.19 - Intel Corporation)
Intel® USB 3.0 eXtensible Host Controller Driver (HKLM-x32\...\{240C3DDD-C5E9-4029-9DF7-95650D040CF2}) (Version: 2.5.0.19 - Intel Corporation)
Intel® Trusted Connect Service Client (Version: 1.31.8.1 - Intel Corporation) Hidden
Intel® Watchdog Timer Driver (Intel® WDT) (HKCU-x32\...\{3FD0C489-0F02-481a-A3E1-9754CD396761}) (Version:  - Intel Corporation)
Intel® Watchdog Timer Driver (Intel® WDT) (HKLM-x32\...\{3FD0C489-0F02-481a-A3E1-9754CD396761}) (Version:  - Intel Corporation)
IRCAMTools_HEarV3_Native (HKLM\...\{0C94826A-B9DA-410C-89FA-B5F3E732992A}) (Version: 3.2.21.32395 - Flux:: sound and picture development)
Java 7 Update 55 (HKCU-x32\...\{26A24AE4-039D-4CA4-87B4-2F83217055FF}) (Version: 7.0.550 - Oracle)
Java 7 Update 55 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83217055FF}) (Version: 7.0.550 - Oracle)
Java Auto Updater (HKCU-x32 Version: 2.1.9.8 - Sun Microsystems, Inc.) Hidden
Java Auto Updater (x32 Version: 2.1.9.8 - Sun Microsystems, Inc.) Hidden
KeePass Password Safe 2.26 (HKCU-x32\...\KeePassPasswordSafe2_is1) (Version: 2.26 - Dominik Reichl)
KeePass Password Safe 2.26 (HKLM-x32\...\KeePassPasswordSafe2_is1) (Version: 2.26 - Dominik Reichl)
LAME v3.99.3 (for Windows) (HKCU-x32\...\LAME_is1) (Version:  - )
LAME v3.99.3 (for Windows) (HKLM-x32\...\LAME_is1) (Version:  - )
Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 (Version: 4.5.50938 - Microsoft Corporation) Hidden
Microsoft Office Access MUI (French) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Excel MUI (French) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Groove MUI (French) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office InfoPath MUI (French) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Office 32-bit Components 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office OneNote MUI (French) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Outlook MUI (French) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office PowerPoint MUI (French) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Professional Plus 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Professionnel Plus 2010 (HKLM\...\Office14.PROPLUS) (Version: 14.0.7015.1000 - Microsoft Corporation)
Microsoft Office Proof (Arabic) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (Dutch) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (English) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (French) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (German) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (Spanish) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Proofing (French) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Publisher MUI (French) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Shared 32-bit MUI (French) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Shared MUI (French) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Word MUI (French) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30214.0 - Microsoft Corporation)
Microsoft SQL Server Compact 3.5 SP2 ENU (HKCU-x32 Version: 3.5.8080.0 - Microsoft Corporation) Hidden
Microsoft SQL Server Compact 3.5 SP2 ENU (x32 Version: 3.5.8080.0 - Microsoft Corporation) Hidden
Microsoft SQL Server Compact 3.5 SP2 x64 ENU (Version: 3.5.8080.0 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKCU-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKCU-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKCU-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
MozBackup 1.5.1 (HKCU-x32\...\MozBackup) (Version:  - Pavel Cvrcek)
MozBackup 1.5.1 (HKLM-x32\...\MozBackup) (Version:  - Pavel Cvrcek)
Mozilla Firefox 30.0 (x86 en-US) (HKCU-x32\...\Mozilla Firefox 30.0 (x86 en-US)) (Version: 30.0 - Mozilla)
Mozilla Firefox 30.0 (x86 en-US) (HKLM-x32\...\Mozilla Firefox 30.0 (x86 en-US)) (Version: 30.0 - Mozilla)
Mozilla Maintenance Service (HKCU-x32\...\MozillaMaintenanceService) (Version: 29.0.1 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 29.0.1 - Mozilla)
Mozilla Thunderbird 24.6.0 (x86 fr) (HKCU-x32\...\Mozilla Thunderbird 24.6.0 (x86 fr)) (Version: 24.6.0 - Mozilla)
Mozilla Thunderbird 24.6.0 (x86 fr) (HKLM-x32\...\Mozilla Thunderbird 24.6.0 (x86 fr)) (Version: 24.6.0 - Mozilla)
MSI Command Center (HKCU-x32\...\{85A2564E-9ED9-448A-91E4-B9211EE58A08}_is1) (Version: 1.0.0.67 - MSI)
MSI Command Center (HKLM-x32\...\{85A2564E-9ED9-448A-91E4-B9211EE58A08}_is1) (Version: 1.0.0.67 - MSI)
MSI Intel Extreme Tuning Utility (HKCU-x32 Version: 4.0.6.305 - Intel Corporation) Hidden
MSI Intel Extreme Tuning Utility (HKCU-x32\...\{2301bb34-385a-4a57-877f-c54347957fad}) (Version: 4.0.6.305 - Intel Corporation)
MSI Intel Extreme Tuning Utility (HKLM-x32\...\{2301bb34-385a-4a57-877f-c54347957fad}) (Version: 4.0.6.305 - Intel Corporation)
MSI Intel Extreme Tuning Utility (x32 Version: 4.0.6.305 - Intel Corporation) Hidden
MSI Live Update (HKCU-x32\...\{4F46CF54-47D2-41F4-B230-B0954C544420}}_is1) (Version: 6.0.005 - MSI)
MSI Live Update (HKLM-x32\...\{4F46CF54-47D2-41F4-B230-B0954C544420}}_is1) (Version: 6.0.005 - MSI)
MSI Super Charger (HKCU-x32\...\{7CDF10DD-A9B5-4DA3-AB95-E193248D4369}_is1) (Version: 1.2.025 - MSI)
MSI Super Charger (HKLM-x32\...\{7CDF10DD-A9B5-4DA3-AB95-E193248D4369}_is1) (Version: 1.2.025 - MSI)
OpenTX Companion (HKCU-x32\...\OpenTX) (Version:  - OpenTX)
OpenTX Companion (HKLM-x32\...\OpenTX) (Version:  - OpenTX)
Picasa 3 (HKCU-x32\...\Picasa 3) (Version: 3.9 - Google, Inc.)
Picasa 3 (HKLM-x32\...\Picasa 3) (Version: 3.9 - Google, Inc.)
QuickTime 7 (HKCU-x32\...\{111EE7DF-FC45-40C7-98A7-753AC46B12FB}) (Version: 7.75.80.95 - Apple Inc.)
QuickTime 7 (HKLM-x32\...\{111EE7DF-FC45-40C7-98A7-753AC46B12FB}) (Version: 7.75.80.95 - Apple Inc.)
Realtek Ethernet Controller Driver (HKCU-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 7.77.1126.2013 - Realtek)
Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 7.77.1126.2013 - Realtek)
Realtek High Definition Audio Driver (HKCU-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.7245 - Realtek Semiconductor Corp.)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.7245 - Realtek Semiconductor Corp.)
Service Pack 2 for Microsoft Office 2010 (KB2687455) 64-Bit Edition (HKLM\...\{90140000-0011-0000-1000-0000000FF1CE}_Office14.PROPLUS_{A3364707-2F53-4C83-8F68-C9877A9080C7}) (Version:  - Microsoft)
Service Pack 2 for Microsoft Office 2010 (KB2687455) 64-Bit Edition (Version:  - Microsoft) Hidden
SpeedFan (remove only) (HKCU-x32\...\SpeedFan) (Version:  - )
SpeedFan (remove only) (HKLM-x32\...\SpeedFan) (Version:  - )
TeamViewer 9 (HKCU-x32\...\TeamViewer 9) (Version: 9.0.28223 - TeamViewer)
TeamViewer 9 (HKLM-x32\...\TeamViewer 9) (Version: 9.0.28223 - TeamViewer)
TomTom HOME (HKCU-x32\...\{99072AB4-D795-44D5-9D65-E3C9F8322C97}) (Version: 2.9.7 - Nom de votre société)
TomTom HOME (HKLM-x32\...\{99072AB4-D795-44D5-9D65-E3C9F8322C97}) (Version: 2.9.7 - Nom de votre société)
TomTom HOME Visual Studio Merge Modules (HKCU-x32\...\{8F3C31C5-9C3A-4AA8-8EFA-71290A7AD533}) (Version: 1.0.2 - TomTom International B.V.)
TomTom HOME Visual Studio Merge Modules (HKLM-x32\...\{8F3C31C5-9C3A-4AA8-8EFA-71290A7AD533}) (Version: 1.0.2 - TomTom International B.V.)
TP-LINK TL-WN781ND Driver (HKCU-x32\...\{87C7B472-9BC2-43C8-9F03-86D2908E1A51}) (Version: 1.3.1 - TP-LINK)
TP-LINK TL-WN781ND Driver (HKLM-x32\...\{87C7B472-9BC2-43C8-9F03-86D2908E1A51}) (Version: 1.3.1 - TP-LINK)
Update for Microsoft Access 2010 (KB2553446) 64-Bit Edition (HKLM\...\{90140000-0011-0000-1000-0000000FF1CE}_Office14.PROPLUS_{FEF4C57D-0975-4D3C-ACC7-DCD038C3788F}) (Version:  - Microsoft)
Update for Microsoft Filter Pack 2.0 (KB2878281) 64-Bit Edition (HKLM\...\{90140000-0011-0000-1000-0000000FF1CE}_Office14.PROPLUS_{84B191B5-5319-463A-A305-8C4D53B1D20A}) (Version:  - Microsoft)
Update for Microsoft InfoPath 2010 (KB2817369) 64-Bit Edition (HKLM\...\{90140000-0011-0000-1000-0000000FF1CE}_Office14.PROPLUS_{DB0B0CDF-77EC-47B0-94E2-4738573A1E58}) (Version:  - Microsoft)
Update for Microsoft InfoPath 2010 (KB2817396) 64-Bit Edition (HKLM\...\{90140000-0011-0000-1000-0000000FF1CE}_Office14.PROPLUS_{1AA82E2E-7DB7-4C70-910C-BBB657A6B3A5}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2589298) 64-Bit Edition (HKLM\...\{90140000-0011-0000-1000-0000000FF1CE}_Office14.PROPLUS_{79C725A1-3964-421C-A528-78C1C083C7C7}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2589352) 64-Bit Edition (HKLM\...\{90140000-0011-0000-1000-0000000FF1CE}_Office14.PROPLUS_{95BE5D45-A3DD-4CB1-8C35-D75DD7B4D862}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2589352) 64-Bit Edition (HKLM\...\{90140000-0043-0000-1000-0000000FF1CE}_Office14.PROPLUS_{95BE5D45-A3DD-4CB1-8C35-D75DD7B4D862}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2589375) 64-Bit Edition (HKLM\...\{90140000-0011-0000-1000-0000000FF1CE}_Office14.PROPLUS_{EBD18DE5-BC84-4B57-9A30-097044871F9A}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2597087) 64-Bit Edition (HKLM\...\{90140000-0011-0000-1000-0000000FF1CE}_Office14.PROPLUS_{4AD36582-256B-433D-8593-F31773A15CA4}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2597087) 64-Bit Edition (HKLM\...\{90140000-0043-0000-1000-0000000FF1CE}_Office14.PROPLUS_{4AD36582-256B-433D-8593-F31773A15CA4}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2760598) 64-Bit Edition (HKLM\...\{90140000-0011-0000-1000-0000000FF1CE}_Office14.PROPLUS_{F216169C-2B40-429B-8370-B5BA06EC5423}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2760598) 64-Bit Edition (HKLM\...\{90140000-0043-0000-1000-0000000FF1CE}_Office14.PROPLUS_{F216169C-2B40-429B-8370-B5BA06EC5423}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2794737) 64-Bit Edition (HKLM\...\{90140000-0011-0000-1000-0000000FF1CE}_Office14.PROPLUS_{07DC9C6C-E916-4F42-8677-716930ED0393}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2825635) 64-Bit Edition (HKLM\...\{90140000-0011-0000-1000-0000000FF1CE}_Office14.PROPLUS_{6E760BBA-B83F-4C2D-918F-5F91EF6C9861}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2825640) 64-Bit Edition (HKLM\...\{90140000-0011-0000-1000-0000000FF1CE}_Office14.PROPLUS_{43F59F4D-7179-497E-BE99-BC6F7D1DDCBA}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2825640) 64-Bit Edition (HKLM\...\{90140000-0044-040C-1000-0000000FF1CE}_Office14.PROPLUS_{43F59F4D-7179-497E-BE99-BC6F7D1DDCBA}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2878225) 64-Bit Edition (HKLM\...\{90140000-0011-0000-1000-0000000FF1CE}_Office14.PROPLUS_{8A6BDA63-4D23-4485-A466-8979E10BCF49}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2878225) 64-Bit Edition (HKLM\...\{90140000-0043-0000-1000-0000000FF1CE}_Office14.PROPLUS_{8A6BDA63-4D23-4485-A466-8979E10BCF49}) (Version:  - Microsoft)
Update for Microsoft OneNote 2010 (KB2837595) 64-Bit Edition (HKLM\...\{90140000-0011-0000-1000-0000000FF1CE}_Office14.PROPLUS_{3029C408-1DD1-4273-8E58-87CB1B638FC8}) (Version:  - Microsoft)
Update for Microsoft OneNote 2010 (KB2837595) 64-Bit Edition (HKLM\...\{90140000-0043-0000-1000-0000000FF1CE}_Office14.PROPLUS_{3029C408-1DD1-4273-8E58-87CB1B638FC8}) (Version:  - Microsoft)
Update for Microsoft Outlook 2010 (KB2687567) 64-Bit Edition (HKLM\...\{90140000-0011-0000-1000-0000000FF1CE}_Office14.PROPLUS_{DDDC32A5-9528-4771-B91A-97A8E1D7957B}) (Version:  - Microsoft)
Update for Microsoft Outlook 2010 (KB2687567) 64-Bit Edition (HKLM\...\{90140000-001A-040C-1000-0000000FF1CE}_Office14.PROPLUS_{9F9FB522-8E37-4AF6-A956-6D8AC3D72C03}) (Version:  - Microsoft)
Update for Microsoft PowerPoint 2010 (KB2837579) 64-Bit Edition (HKLM\...\{90140000-0011-0000-1000-0000000FF1CE}_Office14.PROPLUS_{A20A650C-F820-4CE4-AEA5-EC140192FAFB}) (Version:  - Microsoft)
Update for Microsoft PowerPoint 2010 (KB2837579) 64-Bit Edition (HKLM\...\{90140000-0018-040C-1000-0000000FF1CE}_Office14.PROPLUS_{5572FF46-6142-452E-8FF5-DF2A5C3AEA16}) (Version:  - Microsoft)
Update for Microsoft SharePoint Workspace 2010 (KB2760601) 64-Bit Edition (HKLM\...\{90140000-0011-0000-1000-0000000FF1CE}_Office14.PROPLUS_{77374F16-2DC6-4EEF-AFAD-C59FDA2E010D}) (Version:  - Microsoft)
Update for Microsoft SharePoint Workspace 2010 (KB2760601) 64-Bit Edition (HKLM\...\{90140000-0043-0000-1000-0000000FF1CE}_Office14.PROPLUS_{77374F16-2DC6-4EEF-AFAD-C59FDA2E010D}) (Version:  - Microsoft)
Update for Microsoft Visio 2010 (KB2880526) 64-Bit Edition (HKLM\...\{90140000-0011-0000-1000-0000000FF1CE}_Office14.PROPLUS_{F6F342A1-530B-4D48-A468-1E3F70928984}) (Version:  - Microsoft)
Update for Microsoft Visio Viewer 2010 (KB2837587) 64-Bit Edition (HKLM\...\{90140000-0011-0000-1000-0000000FF1CE}_Office14.PROPLUS_{C950A55F-82E3-4CC8-8FA2-E8A2A0F651F3}) (Version:  - Microsoft)
Update for Microsoft Word 2010 (KB2880529) 64-Bit Edition (HKLM\...\{90140000-0011-0000-1000-0000000FF1CE}_Office14.PROPLUS_{89FDC8D9-FB84-4EFE-950D-AF4EECC3B64C}) (Version:  - Microsoft)
VLC media player 2.1.3 (HKCU-x32\...\VLC media player) (Version: 2.1.3 - VideoLAN)
VLC media player 2.1.3 (HKLM-x32\...\VLC media player) (Version: 2.1.3 - VideoLAN)
XMind 2013 (v3.4.1) (HKCU-x32\...\XMind_is1) (Version: 3.4.1.201401221918 - XMind Ltd.)
XMind 2013 (v3.4.1) (HKLM-x32\...\XMind_is1) (Version: 3.4.1.201401221918 - XMind Ltd.)
XRD i1d3 (HKCU-x32 Version: 1.0.135 - X-Rite) Hidden
XRD i1d3 (x32 Version: 1.0.135 - X-Rite) Hidden
X-Rite Device Services Manager (HKCU-x32\...\{4A42F9A2-D49D-4CE8-8E3B-04FEB8C1F22B}) (Version: 2.3.75 - X-Rite)
X-Rite Device Services Manager (HKLM-x32\...\{4A42F9A2-D49D-4CE8-8E3B-04FEB8C1F22B}) (Version: 2.3.75 - X-Rite)

========================= Devices: ================================

Name: MSI RAMDrive
Description: MSI RAMDrive
Class Guid: {ffb1c341-4539-11d3-b88d-00c04fad5172}
Manufacturer: Micro-Star Int'l Co., Ltd.
Service: RAMDriv
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.


========================= Memory info: ===================================

Percentage of memory in use: 27%
Total physical RAM: 8054.02 MB
Available physical RAM: 5875 MB
Total Pagefile: 16106.22 MB
Available Pagefile: 13911.66 MB
Total Virtual: 4095.88 MB
Available Virtual: 3975.54 MB

========================= Partitions: =====================================

1 Drive c: () (Fixed) (Total:223.47 GB) (Free:135.35 GB) NTFS
2 Drive d: (Data) (Fixed) (Total:1863.01 GB) (Free:1562.05 GB) NTFS

========================= Users: ========================================

comptes d'utilisateurs de \\ADMINJMF-PC

admin JMF                Administrateur           Invit‚                   
JMF                      
La commande s'est termin‚e correctement.

========================= Restore Points ==================================

09-06-2014 01:00:10 Windows Update
11-06-2014 05:46:40 Windows Update
11-06-2014 18:20:12 Installed QuickTime 7

**** End of log ****





Malwarebytes Anti-Malware
www.malwarebytes.org

Scan Date: 12/06/2014
Scan Time: 21:40:31
Logfile: Malwarebytes.txt
Administrator: Yes

Version: 2.00.2.1012
Malware Database: v2014.06.12.11
Rootkit Database: v2014.06.02.01
License: Trial
Malware Protection: Enabled
Malicious Website Protection: Enabled
Self-protection: Disabled

OS: Windows 7 Service Pack 1
CPU: x64
File System: NTFS
User: admin JMF

Scan Type: Threat Scan
Result: Completed
Objects Scanned: 302043
Time Elapsed: 3 min, 18 sec

Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Disabled
Heuristics: Enabled
PUP: Enabled
PUM: Enabled

Processes: 0
(No malicious items detected)

Modules: 0
(No malicious items detected)

Registry Keys: 1
PUP.Optional.InstallBrain.A, HKLM\SOFTWARE\WOW6432NODE\InstallIQ, , [653683f4235870c65acc12a7e51d0cf4],

Registry Values: 0
(No malicious items detected)

Registry Data: 0
(No malicious items detected)

Folders: 0
(No malicious items detected)

Files: 24
PUP.Optional.SafeInstall.A, C:\Users\JMF\Downloads\coretemp(1).exe, , [26753b3cf08b003682f49eb10df42ad6],
PUP.Optional.SafeInstall.A, C:\Users\JMF\Downloads\coretemp.exe, , [aeed25526b103105adc9aba445bc12ee],
PUP.Optional.Delta.A, C:\Users\JMF\AppData\Roaming\Mozilla\Firefox\Profiles\35jojc8c.default\searchplugins\delta.xml, , [4f4cee898fecfb3ba0a3cbe946bc24dc],
PUP.Optional.Babylon.A, C:\Users\JMF\AppData\Roaming\Mozilla\Firefox\Profiles\35jojc8c.default\prefs.js, Good: (), Bad: (user_pref("extensions.BabylonToolbar_i.newTab", true);), ,[1b80beb924576dc92f290f93d331a759]
PUP.Optional.Babylon.A, C:\Users\JMF\AppData\Roaming\Mozilla\Firefox\Profiles\35jojc8c.default\prefs.js, Good: (), Bad: (user_pref("extensions.BabylonToolbar_i.newTabUrl", "http://www.delta-search.com/?affID=119370&babsrc=NT_ss&mntrId=764da78000000000000000197ef30881");), ,[1c7fcdaae8937abc5800950d8e766a96]
PUP.Optional.Delta.A, C:\Users\JMF\AppData\Roaming\Mozilla\Firefox\Profiles\35jojc8c.default\prefs.js, Good: (), Bad: (user_pref("extensions.delta.admin", false);), ,[64376d0a2b5093a36ef19c06b351916f]
PUP.Optional.Delta.A, C:\Users\JMF\AppData\Roaming\Mozilla\Firefox\Profiles\35jojc8c.default\prefs.js, Good: (), Bad: (user_pref("extensions.delta.aflt", "babsst");), ,[594271064833d462550afca6f80cfe02]
PUP.Optional.Delta.A, C:\Users\JMF\AppData\Roaming\Mozilla\Firefox\Profiles\35jojc8c.default\prefs.js, Good: (), Bad: (user_pref("extensions.delta.appId", "{C26644C4-2A12-4CA6-8F2E-0EDE6CF018F3}");), ,[118ab8bf3a4160d6dc835d458a7a8c74]
PUP.Optional.Delta.A, C:\Users\JMF\AppData\Roaming\Mozilla\Firefox\Profiles\35jojc8c.default\prefs.js, Good: (), Bad: (user_pref("extensions.delta.autoRvrt", "false");), ,[0c8f5720196274c2ee71f3af09fb619f]
PUP.Optional.Delta.A, C:\Users\JMF\AppData\Roaming\Mozilla\Firefox\Profiles\35jojc8c.default\prefs.js, Good: (), Bad: (user_pref("extensions.delta.dfltLng", "en");), ,[bbe0fa7d0477fb3b37289e04a75dfa06]
PUP.Optional.Delta.A, C:\Users\JMF\AppData\Roaming\Mozilla\Firefox\Profiles\35jojc8c.default\prefs.js, Good: (), Bad: (user_pref("extensions.delta.excTlbr", false);), ,[0d8e24536d0eb680b9a6a2001ee64fb1]
PUP.Optional.Delta.A, C:\Users\JMF\AppData\Roaming\Mozilla\Firefox\Profiles\35jojc8c.default\prefs.js, Good: (), Bad: (user_pref("extensions.delta.id", "764da78000000000000000197ef30881");), ,[8f0c51269ae13afc540b148e9074ca36]
PUP.Optional.Delta.A, C:\Users\JMF\AppData\Roaming\Mozilla\Firefox\Profiles\35jojc8c.default\prefs.js, Good: (), Bad: (user_pref("extensions.delta.instlDay", "15745");), ,[4f4ccdaa6e0d12240a55960c3fc5936d]
PUP.Optional.Delta.A, C:\Users\JMF\AppData\Roaming\Mozilla\Firefox\Profiles\35jojc8c.default\prefs.js, Good: (), Bad: (user_pref("extensions.delta.instlRef", "sst");), ,[b1eae98e790279bdfe61cfd3788c2ed2]
PUP.Optional.Delta.A, C:\Users\JMF\AppData\Roaming\Mozilla\Firefox\Profiles\35jojc8c.default\prefs.js, Good: (), Bad: (user_pref("extensions.delta.newTab", false);), ,[95069add8eed49edfc639a08e81c21df]
PUP.Optional.Delta.A, C:\Users\JMF\AppData\Roaming\Mozilla\Firefox\Profiles\35jojc8c.default\prefs.js, Good: (), Bad: (user_pref("extensions.delta.prdct", "delta");), ,[b0ebcdaa0a71a294550abce6d232629e]
PUP.Optional.Delta.A, C:\Users\JMF\AppData\Roaming\Mozilla\Firefox\Profiles\35jojc8c.default\prefs.js, Good: (), Bad: (user_pref("extensions.delta.prtnrId", "delta");), ,[93085c1bc3b8e25470ef960ca26221df]
PUP.Optional.Delta.A, C:\Users\JMF\AppData\Roaming\Mozilla\Firefox\Profiles\35jojc8c.default\prefs.js, Good: (), Bad: (user_pref("extensions.delta.rvrt", "false");), ,[772495e2a5d63006d18ebee493713ec2]
PUP.Optional.Delta.A, C:\Users\JMF\AppData\Roaming\Mozilla\Firefox\Profiles\35jojc8c.default\prefs.js, Good: (), Bad: (user_pref("extensions.delta.smplGrp", "none");), ,[3962f285bebddc5aed72adf58f75619f]
PUP.Optional.Delta.A, C:\Users\JMF\AppData\Roaming\Mozilla\Firefox\Profiles\35jojc8c.default\prefs.js, Good: (), Bad: (user_pref("extensions.delta.tlbrId", "base");), ,[019a4c2bfd7ecc6a63fc663c7a8acc34]
PUP.Optional.Delta.A, C:\Users\JMF\AppData\Roaming\Mozilla\Firefox\Profiles\35jojc8c.default\prefs.js, Good: (), Bad: (user_pref("extensions.delta.tlbrSrchUrl", "");), ,[8c0f5126d7a447efa4bb5f43659f8080]
PUP.Optional.Delta.A, C:\Users\JMF\AppData\Roaming\Mozilla\Firefox\Profiles\35jojc8c.default\prefs.js, Good: (), Bad: (user_pref("extensions.delta.vrsn", "1.8.10.0");), ,[1d7e482fff7ca78fec73257d7c88ac54]
PUP.Optional.Delta.A, C:\Users\JMF\AppData\Roaming\Mozilla\Firefox\Profiles\35jojc8c.default\prefs.js, Good: (), Bad: (user_pref("extensions.delta.vrsnTs", "1.8.10.018:23:39");), ,[f0ab6a0d1764270f1748841ebb491de3]
PUP.Optional.Delta.A, C:\Users\JMF\AppData\Roaming\Mozilla\Firefox\Profiles\35jojc8c.default\prefs.js, Good: (), Bad: (user_pref("extensions.delta.vrsni", "1.8.10.0");), ,[13881b5c93e85cda1e413072ab5927d9]

Physical Sectors: 0
(No malicious items detected)


(end)



---------------------------------------
Malwarebytes Anti-Rootkit BETA 1.07.0.1012

© Malwarebytes Corporation 2011-2012

OS version: 6.1.7601 Windows 7 Service Pack 1 x64

Account is Administrative

Internet Explorer version: 11.0.9600.17126

File system is: NTFS
Disk drives: C:\ DRIVE_FIXED, D:\ DRIVE_FIXED
CPU speed: 3.200000 GHz
Memory total: 8445251584, free: 6024794112

Downloaded database version: v2014.06.12.11
Downloaded database version: v2014.06.02.01
=======================================
Initializing...
Done!
Scanning drivers directory: C:\WINDOWS\SYSTEM32\drivers...
Done!
Drive 0
This is a System drive
Scanning MBR on drive 0...
Inspecting partition table:
MBR Signature: 55AA
Disk Signature: 8616E8D6

Partition information:

    Partition 0 type is Primary (0x7)
    Partition is ACTIVE.
    Partition starts at LBA: 2048  Numsec = 204800
    Partition file system is NTFS
    Partition is bootable

    Partition 1 type is Primary (0x7)
    Partition is NOT ACTIVE.
    Partition starts at LBA: 206848  Numsec = 468652032

    Partition 2 type is Empty (0x0)
    Partition is NOT ACTIVE.
    Partition starts at LBA: 0  Numsec = 0

    Partition 3 type is Empty (0x0)
    Partition is NOT ACTIVE.
    Partition starts at LBA: 0  Numsec = 0

Disk Size: 240057409536 bytes
Sector size: 512 bytes

Scanning physical sectors of unpartitioned space on drive 0 (1-2047-468842128-468862128)...
Done!
Drive 1
Scanning MBR on drive 1...
Inspecting partition table:
MBR Signature: 55AA
Disk Signature: 578B1052

Partition information:

    Partition 0 type is Primary (0x7)
    Partition is NOT ACTIVE.
    Partition starts at LBA: 2048  Numsec = 3907024896

    Partition 1 type is Empty (0x0)
    Partition is NOT ACTIVE.
    Partition starts at LBA: 0  Numsec = 0

    Partition 2 type is Empty (0x0)
    Partition is NOT ACTIVE.
    Partition starts at LBA: 0  Numsec = 0

    Partition 3 type is Empty (0x0)
    Partition is NOT ACTIVE.
    Partition starts at LBA: 0  Numsec = 0

Disk Size: 2000398934016 bytes
Sector size: 512 bytes

Done!
Scan finished
=======================================


Removal queue found; removal started
Removing C:\ProgramData\Malwarebytes' Anti-Malware (portable)\MBR-0-i.mbam...
Removing C:\ProgramData\Malwarebytes' Anti-Malware (portable)\VBR-0-0-2048-i.mbam...
Removing C:\ProgramData\Malwarebytes' Anti-Malware (portable)\MBR-0-r.mbam...
Removing C:\ProgramData\Malwarebytes' Anti-Malware (portable)\MBR-1-i.mbam...
Removing C:\ProgramData\Malwarebytes' Anti-Malware (portable)\MBR-1-r.mbam...
Removal finished



Malwarebytes Anti-Rootkit BETA 1.07.0.1012
www.malwarebytes.org

Database version: v2014.06.12.11

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 11.0.9600.17126
admin JMF :: ADMINJMF-PC [administrator]

12/06/2014 21:51:39
mbar-log-2014-06-12 (21-51-39).txt

Scan type: Quick scan
Scan options enabled: Anti-Rootkit | Drivers | MBR | Physical Sectors | Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken
Scan options disabled:
Objects scanned: 304550
Time elapsed: 3 minute(s), 25 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

Physical Sectors Detected: 0
(No malicious items detected)

(end)



Rkill 2.6.6 by Lawrence Abrams (Grinler)
http://www.bleepingcomputer.com/
Copyright 2008-2014 BleepingComputer.com
More Information about Rkill can be found at this link:
 http://www.bleepingcomputer.com/forums/topic308364.html

Program started at: 06/12/2014 10:01:09 PM in x64 mode.
Windows Version: Windows 7 Ultimate Service Pack 1

Checking for Windows services to stop:

 * No malware services found to stop.

Checking for processes to terminate:

 * No malware processes found to kill.

Checking Registry for malware related settings:

 * No issues found in the Registry.

Resetting .EXE, .COM, & .BAT associations in the Windows Registry.

Performing miscellaneous checks:

 * No issues found.

Checking Windows Service Integrity:

 * No issues found.

Searching for Missing Digital Signatures:

 * No issues found.

Checking HOSTS File:

 * No issues found.

Program finished at: 06/12/2014 10:01:20 PM
Execution time: 0 hours(s), 0 minute(s), and 11 seconds(s)

 



BC AdBot (Login to Remove)

 


m

#2 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 72,195 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:10:29 PM

Posted 12 June 2014 - 04:03 PM

Hello
VirusTotal shows mini-KMS_Activator as a crack or keygen malware
https://www.virustotal.com/ru/file/c8bffc3bd85ffa0b770b0a9f9214b42ccd6027b0099a0dc29a2ed4e31fc2617f/analysis/

Microsoft says Diskspoiler is a virus.
http://www.microsoft.com/security/portal/threat/encyclopedia/entry.aspx?Name=Virus%3ADOS%2FDiskspoiler.1308&ThreatID=-2147447268#tab=1
But it appears to be new..

I suggest you repost this topic for a deeper look as these types can be dangerous.

Please follow this Preparation Guide, do steps 6,7 and 8 and post in a new topic.
Let me know if all went well.
How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook

#3 JMF11

JMF11
  • Topic Starter

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Local time:05:29 AM

Posted 12 June 2014 - 04:43 PM

Done :-)



#4 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 72,195 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:10:29 PM

Posted 13 June 2014 - 11:11 AM

Thank you!

New topic
http://www.bleepingcomputer.com/forums/t/537526/avast-win32trojan-gen/#entry3393537

Now that your log is properly posted, you should NOT make further changes to your computer (install/uninstall programs, use special fix tools, delete files, edit the registry, etc) unless advised by a Malware Removal Team member, nor should you continue to ask for help elsewhere. Doing so can result in system changes which may not show it the log you already posted. Further, any modifications you make on your own may cause confusion for the helper assisting you and could complicate the malware removal process which would extend the time it takes to clean your computer.
From this point on the Malware Removal Team should be the only members that you take advice from, until they have verified your log as clean.
Please be patient. It may take a while to get a response because the Malware Removal Team members are very busy working logs posted before yours. They are volunteers who will help you out as soon as possible. Once you have made your post and are waiting, please DO NOT make another reply until it has been responded to by a member of the Malware Removal Team. Generally the staff checks the forum for postings that have 0 replies as this makes it easier for them to identify those who have not been helped. If you post another response there will be 1 reply. A team member, looking for a new log to work may assume another MRL Team member is already assisting you and not open the thread to respond.
The current wait time is 1 - 3 days and ALL logs are answered.
If HelpBot replies to your topic, PLEASE follow Step One so it will report your topic to the team members.
To avoid confusion, I am closing this topic.
How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users