Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

infected with Random audio ads and music from Audiodg.exe


  • This topic is locked This topic is locked
18 replies to this topic

#1 Wave81

Wave81

  • Members
  • 17 posts
  • OFFLINE
  •  
  • Local time:06:49 AM

Posted 14 June 2014 - 07:39 PM

Virus detected by windows : Virtool:win32/Beeinject

link to the original topic : http://www.bleepingcomputer.com/forums/t/537642/random-audio-ads-and-music-from-audiodgexe/

 

Problem description :

 

My computer recently started playing random ads and music suddenly. No browsers are open and no programs are running.  The only way to stop it is by stopping the audiodg.exe process in task manager.  However, it just restarts again a few minutes later. 

I have tried running Malwarebytes and it found nothing.

 

see the original topic link above to know what have been done with Broni

 

here the dds log :

 

 

DDS (Ver_2012-11-20.01) - NTFS_AMD64
Internet Explorer: 8.0.7601.17514  BrowserJavaVersion: 10.60.2
Run by Manuel.Goulet at 20:20:38 on 2014-06-14
Microsoft Windows 7 Entreprise   6.1.7601.1.1252.2.1036.18.3969.1294 [GMT -4:00]
.
AV: McAfee VirusScan Enterprise *Enabled/Updated* {86355677-4064-3EA7-ABB3-1B136EB04637}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: McAfee VirusScan Enterprise Antispyware Module *Enabled/Updated* {3D54B793-665E-3129-9103-206115370C8A}
FW: McAfee Pare-feu Host Intrusion Prevention *Enabled* {959DA8E2-3527-57D1-4915-924367AD4FE9}
.
============== Running Processes ===============
.
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k GPSvcGroup
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\spoolsv.exe
C:\Program Files\Broadcom Corporation\Broadcom USH Host Components\CV\bin\HostControlService.exe
C:\Program Files\Broadcom Corporation\Broadcom USH Host Components\CV\bin\HostStorageService.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files (x86)\Sophos\SafeGuard Enterprise\Client\SGNAuthServicen.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\System32\svchost.exe -k NetworkService
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\Windows\SysWOW64\atashost.exe
C:\Windows\SysWOW64\BEDevCtl.exe
C:\Windows\SysWOW64\BEFCSvcn.exe
C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe
C:\Program Files (x86)\Cisco Systems\VPN Client\cvpnd.exe
C:\Program Files (x86)\Juniper Networks\Common Files\dsNcService.exe
C:\Program Files\McAfee\Host Intrusion Prevention\FireSvc.exe
C:\Program Files\Intel\iCLS Client\HeciServer.exe
C:\Program Files (x86)\Intel\Services\IPT\jhi_service.exe
C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe
C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe
C:\Program Files (x86)\McAfee\VirusScan Enterprise\x64\EngineServer.exe
C:\Program Files (x86)\McAfee\Common Framework\FrameworkService.exe
C:\Program Files (x86)\McAfee\VirusScan Enterprise\VsTskMgr.exe
C:\Windows\system32\mfevtps.exe
C:\Windows\system32\o2flash.exe
C:\Windows\SysWOW64\srvany.exe
C:\Windows\sysWOW64\SDIOAssist.exe
C:\Windows\SysWOW64\SGN_MasterServicen.exe
C:\Program Files (x86)\Common Files\VMware\USB\vmware-usbarbitrator64.exe
C:\Program Files (x86)\McAfee\Common Framework\naPrdMgr.exe
C:\Windows\System32\svchost.exe -k secsvcs
C:\Program Files (x86)\Wireless AutoSwitch\WrlsAutoSW.exs
C:\Windows\SysWOW64\CCM\CcmExec.exe
C:\Program Files (x86)\McAfee\VirusScan Enterprise\x64\McShield.exe
C:\Program Files\Common Files\McAfee\SystemCore\mfefire.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Program Files (x86)\McAfee\VirusScan Enterprise\x64\mfeann.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\sysWOW64\wbem\wmiprvse.exe
C:\Windows\system32\taskhost.exe
C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files (x86)\McAfee\Common Framework\UdaterUI.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\Program Files (x86)\McAfee\Common Framework\McTray.exe
C:\Windows\system32\SearchIndexer.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe
C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
C:\Windows\sysWOW64\wbem\wmiprvse.exe
C:\Users\manuel.goulet\Downloads\msert.exe
C:\Windows\system32\taskhost.exe
C:\Program Files (x86)\Mozilla Firefox\firefox.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\System32\cscript.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = about:blank
mStart Page = about:blank
BHO: Groove GFS Browser Helper: {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL
BHO: Java™ Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll
BHO: Programme d'aide de l'Assistant de connexion Windows Live: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL
BHO: Java™ Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll
mRun: [ShStatEXE] "C:\Program Files (x86)\McAfee\VirusScan Enterprise\SHSTAT.EXE" /STANDALONE
mRun: [McAfeeUpdaterUI] "C:\Program Files (x86)\McAfee\Common Framework\udaterui.exe" /StartedFromRunKey
mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
uPolicies-Explorer: NoDriveTypeAutoRun = dword:145
uPolicies-Explorer: NoDrives = dword:0
mPolicies-Explorer: NoDriveTypeAutoRun = dword:255
mPolicies-Explorer: NoDrives = dword:0
mPolicies-System: ConsentPromptBehaviorAdmin = dword:0
mPolicies-System: ConsentPromptBehaviorUser = dword:3
mPolicies-System: EnableLUA = dword:0
mPolicies-System: EnableUIADesktopToggle = dword:0
mPolicies-System: PromptOnSecureDesktop = dword:0
mPolicies-System: legalnoticecaption = Avis Légal
mPolicies-Windows\System: UserPolicyMode = dword:2
IE: E&xport to Microsoft Excel - C:\PROGRA~2\MICROS~2\Office14\EXCEL.EXE/3000
IE: Se&nd to OneNote - C:\PROGRA~2\MICROS~2\Office14\ONBttnIE.dll/105
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll
IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
Trusted Zone: itsm-prod-mt-cgi.com
DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} - hxxp://download.eset.com/special/eos/OnlineScanner.cab
DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} - hxxps://akamaicdn.webex.com/client/WBXclient-T27L10NSP32EP12-14923/webex/ieatgpc1.cab
DPF: {F27237D7-93C8-44C2-AC6E-D6057B9A918F} - hxxps://sera-mtl.cgi.com/dana-cached/sc/JuniperSetupClient.cab
TCP: NameServer = 192.168.0.1
TCP: Interfaces\{D252302F-DB92-4396-8CE7-0F6E6AD871A8} : DHCPNameServer = 192.168.0.1
Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll
SSODL: WebCheck - <orphaned>
SEH: Groove GFS Stub Execution Hook - {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL
LSA: Notification Packages =  scecli C:\Program Files\WIDCOMM\Bluetooth Software\BtwProximityCP.dll
x64-mStart Page = about:blank
x64-BHO: Groove GFS Browser Helper: {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL
x64-BHO: Java™ Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll
x64-BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL
x64-BHO: Java™ Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll
x64-Run: [McAfee Host Intrusion Prevention Tray] "C:\Program Files\McAfee\Host Intrusion Prevention\FireTray.exe"
x64-IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll
x64-IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
x64-DPF: {AA570693-00E2-4907-B6F1-60A1199B030C} - hxxps://juniper.net/dana-cached/sc/JuniperSetupClient64.cab
x64-Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
x64-Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - <orphaned>
x64-Notify: igfxcui - igfxdev.dll
x64-SSODL: WebCheck - <orphaned>
x64-SEH: Groove GFS Stub Execution Hook - {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL
.
================= FIREFOX ===================
.
FF - ProfilePath - C:\Users\manuel.goulet\AppData\Roaming\Mozilla\Firefox\Profiles\t1h6snfj.default-1401135936852\
FF - prefs.js: browser.startup.homepage - www.google.ca
FF - plugin: C:\PROGRA~2\MICROS~2\Office14\NPAUTHZ.DLL
FF - plugin: C:\PROGRA~2\MICROS~2\Office14\NPSPWRAP.DLL
FF - plugin: C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll
FF - plugin: C:\Program Files (x86)\Common Files\VMware\VMware Remote Console Plug-in 5.1\Firefox\np-vmware-vmrc.dll
FF - plugin: C:\Program Files (x86)\Java\jre7\bin\dtplugin\npdeployJava1.dll
FF - plugin: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll
FF - plugin: C:\Program Files (x86)\Microsoft Silverlight\5.1.10411.0\npctrlui.dll
FF - plugin: C:\Users\manuel.goulet\AppData\Roaming\Mozilla\plugins\npatgpc.dll
FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_14_0_0_125.dll
.
============= SERVICES / DRIVERS ===============
.
R0 BE_FLTI;BE_FLTI;C:\Windows\System32\drivers\be_fltim.sys [2010-10-15 92416]
R0 BeFlt;BeFlt;C:\Windows\System32\drivers\BEFLT.SYS [2010-10-15 121600]
R0 CEAES2M;CEAES2M;C:\Windows\System32\drivers\cegaes2m.sys [2010-10-14 57088]
R0 CEAESM;CEAESM;C:\Windows\System32\drivers\cegaesm.sys [2010-10-14 57088]
R0 CEHMACM;CEHMACM;C:\Windows\System32\drivers\cehmacm.sys [2010-10-14 27904]
R0 CERNDM;CERNDM;C:\Windows\System32\drivers\cerndm.sys [2010-10-14 17664]
R0 CESHAM;CESHAM;C:\Windows\System32\drivers\cesham.sys [2010-10-14 26368]
R0 iusb3hcs;Pilote de commutateur de contrôleur d'hôte Intel® USB 3.0;C:\Windows\System32\drivers\iusb3hcs.sys [2012-12-6 16152]
R0 mfehidk;McAfee Inc. mfehidk;C:\Windows\System32\drivers\mfehidk.sys [2013-6-5 673624]
R0 mfewfpk;McAfee Inc. mfewfpk;C:\Windows\System32\drivers\mfewfpk.sys [2013-7-12 305536]
R1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;C:\Windows\System32\drivers\dtsoftbus01.sys [2014-4-26 283064]
R1 mfenlfk;McAfee NDIS Light Filter;C:\Windows\System32\drivers\mfenlfk.sys [2014-3-29 76224]
R3 FireNfcp;McAfee Inc. FireNfcp;C:\Windows\System32\drivers\FireNfcp.sys [2014-3-29 53728]
R3 HipShieldK;McAfee Inc. HipShieldK;C:\Windows\System32\drivers\HipShieldK.sys [2014-3-29 197576]
R3 IntcDAud;Son Intel® pour écrans;C:\Windows\System32\drivers\IntcDAud.sys [2012-12-6 331264]
R3 iusb3hub;Pilote de concentrateur Intel® USB 3.0;C:\Windows\System32\drivers\iusb3hub.sys [2012-12-6 356120]
R3 iusb3xhc;Pilote du contrôleur d'hôte extensible Intel® USB 3.0;C:\Windows\System32\drivers\iusb3xhc.sys [2012-12-6 787736]
R3 MBAMProtector;MBAMProtector;C:\Windows\System32\drivers\mbam.sys [2014-6-13 25816]
R3 MBAMWebAccessControl;MBAMWebAccessControl;C:\Windows\System32\drivers\mwac.sys [2014-6-13 63704]
R3 mfeavfk;McAfee Inc. mfeavfk;C:\Windows\System32\drivers\mfeavfk.sys [2013-6-5 282736]
R3 mfefirek;McAfee Inc. mfefirek;C:\Windows\System32\drivers\mfefirek.sys [2014-3-29 496592]
S3 Acceler;Accelerometer Service;C:\Windows\System32\drivers\accelern.sys [2011-10-18 27760]
S3 bcbtums;Bluetooth RAM Firmware Download USB Filter;C:\Windows\System32\drivers\bcbtums.sys [2012-12-6 135720]
S3 btwampfl;btwampfl Bluetooth filter driver;C:\Windows\System32\drivers\btwampfl.sys [2012-12-6 615464]
S3 btwl2cap;Bluetooth L2CAP Service;C:\Windows\System32\drivers\btwl2cap.sys [2012-12-6 39976]
S3 cvusbdrv;Dell ControlVault;C:\Windows\System32\drivers\cvusbdrv.sys [2010-8-24 38440]
S3 dmvsc;dmvsc;C:\Windows\System32\drivers\dmvsc.sys [2010-11-21 71168]
S3 mferkdet;McAfee Inc. mferkdet;C:\Windows\System32\drivers\mferkdet.sys [2013-6-5 100904]
.
=============== File Associations ===============
.
ShellExec: SC2Editor.exe: open="D:/1/SC/StarCraft II/Support/SC2Editor.exe" "%1"
ShellExec: SC2Switcher.exe: open="D:/1/SC/StarCraft II/Support/SC2Switcher.exe" "%1"
.
=============== Created Last 30 ================
.
2014-06-15 00:14:12    10702536    ----a-w-    C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{F45CA000-B459-4FC6-891D-946D215CA9AC}\mpengine.dll
2014-06-14 23:14:21    1638912    ----a-w-    C:\Windows\System32\mshtml.tlb
2014-06-14 23:14:20    1638912    ----a-w-    C:\Windows\SysWow64\mshtml.tlb
2014-06-14 23:05:16    111016    ----a-w-    C:\Windows\System32\WindowsAccessBridge-64.dll
2014-06-14 23:03:44    98216    ----a-w-    C:\Windows\SysWow64\WindowsAccessBridge-32.dll
2014-06-14 16:59:30    --------    d-----w-    C:\Program Files (x86)\ESET
2014-06-14 04:32:01    --------    d-----w-    C:\ProgramData\Malwarebytes' Anti-Malware (portable)
2014-06-14 03:56:47    122584    ----a-w-    C:\Windows\System32\drivers\MBAMSwissArmy.sys
2014-06-14 03:56:03    92888    ----a-w-    C:\Windows\System32\drivers\mbamchameleon.sys
2014-06-14 03:56:03    63704    ----a-w-    C:\Windows\System32\drivers\mwac.sys
2014-06-14 03:56:03    25816    ----a-w-    C:\Windows\System32\drivers\mbam.sys
2014-06-14 03:56:02    --------    d-----w-    C:\Program Files (x86)\Malwarebytes Anti-Malware
2014-06-13 18:26:01    --------    d-sh--w-    C:\$RECYCLE.BIN
2014-06-13 18:03:26    --------    d-----w-    C:\Windows\ERUNT
2014-06-13 17:48:01    --------    d-----w-    C:\AdwCleaner
2014-06-13 10:59:32    --------    d-----w-    C:\ProgramData\Malwarebytes
2014-06-12 00:05:42    --------    d-----w-    C:\Users\manuel.goulet\AppData\Local\CrashDumps
2014-06-11 13:26:42    --------    d-----w-    C:\ProgramData\RogueKiller
2014-06-11 13:18:37    --------    d-----w-    C:\Windows\pss
2014-06-07 18:13:37    543744    ----a-w-    C:\Windows\System32\drivers\stwrt64.sys
2014-06-07 18:13:36    499200    ----a-w-    C:\Windows\System32\stcplx64.dll
2014-06-07 18:13:36    2188800    ----a-w-    C:\Windows\System32\stapo64.dll
2014-06-07 18:13:35    672256    ------w-    C:\Windows\System32\stapi64.dll
2014-06-07 18:13:35    572760    ----a-w-    C:\Windows\System32\MaxxVoiceAPO64.dll
2014-06-07 18:13:35    255488    ----a-w-    C:\Windows\System32\st646428.dll
2014-06-07 18:13:35    1008472    ----a-w-    C:\Windows\System32\MaxxAudioAPOShell64.dll
2014-06-07 18:13:34    576856    ----a-w-    C:\Windows\System32\MaxxAudioAPO4064.dll
2014-06-07 18:13:25    --------    d-----w-    C:\Program Files\IDT
2014-06-07 18:12:29    --------    d-----w-    C:\Users\manuel.goulet\Audio
2014-06-07 18:11:51    --------    d-----w-    C:\Users\manuel.goulet\AppData\Local\Dell
2014-06-06 13:16:40    98816    ----a-w-    C:\Windows\sed.exe
2014-06-06 13:16:40    256000    ----a-w-    C:\Windows\PEV.exe
2014-06-06 13:16:40    208896    ----a-w-    C:\Windows\MBR.exe
.
==================== Find3M  ====================
.
2014-06-14 22:50:04    71344    ----a-w-    C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
2014-06-14 22:50:04    699056    ----a-w-    C:\Windows\SysWow64\FlashPlayerApp.exe
2014-06-06 06:08:06    53728    ----a-w-    C:\Windows\System32\drivers\FireNfcp.sys
2014-04-27 18:55:48    43520    ----a-w-    C:\Windows\SysWow64\CmdLineExt03.dll
2014-04-26 20:22:23    283064    ----a-w-    C:\Windows\System32\drivers\dtsoftbus01.sys
2014-04-09 10:09:48    594032    ----a-w-    C:\Windows\System32\dsNcSmartCardProv.dll
2014-04-09 10:09:48    423536    ----a-w-    C:\Windows\System32\dsNcCredProv.dll
2014-04-09 10:09:22    358000    ----a-w-    C:\Windows\SysWow64\dsGinaLoaderX64.dll
2014-03-31 13:35:08    270496    ------w-    C:\Windows\System32\MpSigStub.exe
.
============= FINISH: 20:21:48,33 ===============
 

Attached Files



BC AdBot (Login to Remove)

 


#2 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:06:49 AM

Posted 14 June 2014 - 08:35 PM




Hello Wave81

I would like to welcome you to the Malware Removal section of the forum.

Around here they call me Gringo and I will be glad to help you with your malware problems.

Very Important --> Please read this post completely, I have spent my time to put together somethings for you to keep in mind while I am helping you to make things go easier, faster and smoother for both of us!

  • Please do not run any tools unless instructed to do so.
    • We ask you to run different tools in a specific order to ensure the malware is completely removed from your machine, and running any additional tools may detect false positives, interfere with our tools, or cause unforeseen damage or system instability.
  • Please do not attach logs or use code boxes, just copy and paste the text.
    • Due to the high volume of logs we receive it helps to receive everything in the same format, and code boxes make the logs very difficult to read. Also, attachments require us to download and open the reports when it is easier to just read the reports in your post.
  • Please read every post completely before doing anything.
    • Pay special attention to the NOTE: lines, these entries identify an individual issue or important step in the cleanup process.
  • Please provide feedback about your experience as we go.
    • A short statement describing how the computer is working helps us understand where to go next, for example: I am still getting redirected, the computer is running normally, etc. Please do not describe the computer as "the same", this requires the extra step of looking back at your previous post.
NOTE: At the top of your post, click on the "Follow This Topic" Button, make sure that the "Receive notification" box is checked and that it is set to "Instantly" - This will send you an e-mail as soon as I reply to your topic, allowing us to resolve the issue faster.

NOTE: Backup any files that cannot be replaced. Removing malware can be unpredictable and this step can save a lot of heartaches if things don't go as planed. You can put them on a CD/DVD, external drive or a pen drive, anywhere except on the computer.

NOTE: It is good practice to copy and paste the instructions into notepad and print them in case it is necessary for you to go offline during the cleanup process. To open notepad, navigate to Start Menu > All Programs > Accessories > Notepad. Please remember to copy the entire post so you do not miss any instructions.
.





I would like you to run this program for me.

Please download Farbar Recovery Scan Tool and save it to your desktop.

Note: You need to run the version compatibale with your system. If you are not sure which version applies to your system download both of them and try to run them. Only one of them will run on your system, that will be the right version.
  • Double-click to run it. When the tool opens click Yes to disclaimer.
  • Press Scan button.
  • It will make a log (FRST.txt) in the same directory the tool is run. Please copy and paste it to your reply.
  • The first time the tool is run, it makes also another log (Addition.txt). Please attach it to your reply.
.





I would also like to get some extra information on one of the files on the computer

Run FRST like you did before and Type the following in the edit box after "Search:".

rpcss.dll

It then should look like:

Search: rpcss.dll

Click Search button and post the log (Search.txt) it makes to your reply.

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#3 Wave81

Wave81
  • Topic Starter

  • Members
  • 17 posts
  • OFFLINE
  •  
  • Local time:06:49 AM

Posted 15 June 2014 - 06:24 AM

Hi,
 
thank you so much for your help !
 
I dont have the option to attache the addition.txt so i paste it right after the FRST.txt
 
 
Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 12-06-2014 02
Ran by Manuel.Goulet (administrator) on CGI-304954 on 15-06-2014 07:07:58
Running from C:\Users\manuel.goulet\Downloads
Platform: Windows 7 Enterprise Service Pack 1 (X64) OS Language: French Standard
Internet Explorer Version 8
Boot Mode: Normal

The only official download link for FRST:
Download link for 32-Bit version: http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/81/
Download link for 64-Bit Version: http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/82/
Download link from any site other than Bleeping Computer is unpermitted or outdated.
See tutorial for FRST: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(Broadcom Corporation) C:\Program Files\Broadcom Corporation\Broadcom USH Host Components\CV\bin\HostControlService.exe
(Broadcom Corporation) C:\Program Files\Broadcom Corporation\Broadcom USH Host Components\CV\bin\HostStorageService.exe
(Utimaco Safeware AG - a member of the Sophos Group) C:\Program Files (x86)\Sophos\SafeGuard Enterprise\Client\SGNAuthServicen.exe
(Cisco WebEx LLC) C:\Windows\SysWOW64\atashost.exe
(Utimaco Safeware AG - a member of the Sophos Group) C:\Windows\SysWOW64\BEDevCtl.exe
(Utimaco Safeware AG - a member of the Sophos Group) C:\Windows\SysWOW64\BEFCSvcn.exe
(Broadcom Corporation.) C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe
(Cisco Systems, Inc.) C:\Program Files (x86)\Cisco Systems\VPN Client\cvpnd.exe
(Juniper Networks) C:\Program Files (x86)\Juniper Networks\Common Files\dsNcService.exe
(McAfee, Inc.) C:\Program Files\McAfee\Host Intrusion Prevention\FireSvc.exe
(Intel® Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Services\IPT\jhi_service.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe
(McAfee, Inc.) C:\Program Files (x86)\McAfee\VirusScan Enterprise\x64\EngineServer.exe
(McAfee, Inc.) C:\Program Files (x86)\McAfee\Common Framework\FrameworkService.exe
(McAfee, Inc.) C:\Program Files (x86)\McAfee\VirusScan Enterprise\VsTskMgr.exe
(McAfee, Inc.) C:\Windows\System32\mfevtps.exe
(O2Micro International) C:\Windows\System32\o2flash.exe
() C:\Windows\SysWOW64\srvany.exe
(O2Micro.) C:\Windows\SysWOW64\SDIOAssist.exe
(Utimaco Safeware AG - a member of the Sophos Group) C:\Windows\SysWOW64\SGN_MasterServicen.exe
(McAfee, Inc.) C:\Program Files (x86)\McAfee\Common Framework\naPrdMgr.exe
(Sase Sham, Inc.) C:\Program Files (x86)\Wireless AutoSwitch\WrlsAutoSW.exs
(Microsoft Corporation) C:\Windows\SysWOW64\CCM\CcmExec.exe
(McAfee, Inc.) C:\Program Files (x86)\McAfee\VirusScan Enterprise\x64\McShield.exe
(McAfee, Inc.) C:\Program Files\Common Files\McAfee\SystemCore\mfefire.exe
(McAfee, Inc.) C:\Program Files (x86)\McAfee\VirusScan Enterprise\x64\mfeann.exe
(Microsoft Corporation) C:\Windows\SysWOW64\wbem\WmiPrvSE.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe
(McAfee, Inc.) C:\Program Files (x86)\McAfee\Common Framework\UdaterUI.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(McAfee, Inc.) C:\Program Files (x86)\McAfee\Common Framework\McTray.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
(Microsoft Corporation) C:\Windows\SysWOW64\wbem\WmiPrvSE.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe


==================== Registry (Whitelisted) ==================

HKLM\...\Run: [McAfee Host Intrusion Prevention Tray] => C:\Program Files\McAfee\Host Intrusion Prevention\FireTray.exe [257400 2013-02-04] (McAfee, Inc.)
HKLM-x32\...\Run: [ShStatEXE] => C:\Program Files (x86)\McAfee\VirusScan Enterprise\SHSTAT.EXE [124224 2011-08-31] (McAfee, Inc.)
HKLM-x32\...\Run: [McAfeeUpdaterUI] => C:\Program Files (x86)\McAfee\Common Framework\udaterui.exe [161088 2011-05-19] (McAfee, Inc.)
HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959904 2014-05-08] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [256896 2014-05-07] (Oracle Corporation)
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
Lsa: [Notification Packages] scecli C:\Program Files\WIDCOMM\Bluetooth Software\BtwProximityCP.dll

==================== Internet (Whitelisted) ====================

HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 0x48244B179979CE01
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = fr-ca
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = about:blank
StartMenuInternet: IEXPLORE.EXE - C:\Program Files (x86)\Internet Explorer\iexplore.exe
SearchScopes: HKLM-x32 - DefaultScope value is missing.
BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
BHO: Java™ Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
BHO-x32: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
BHO-x32: Java™ Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO-x32: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
BHO-x32: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO-x32: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
DPF: HKLM {AA570693-00E2-4907-B6F1-60A1199B030C} https://juniper.net/dana-cached/sc/JuniperSetupClient64.cab
DPF: HKLM-x32 {7530BFB8-7293-4D34-9923-61A11451AFC5} http://download.eset.com/special/eos/OnlineScanner.cab
DPF: HKLM-x32 {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} https://akamaicdn.webex.com/client/WBXclient-T27L10NSP32EP12-14923/webex/ieatgpc1.cab
DPF: HKLM-x32 {F27237D7-93C8-44C2-AC6E-D6057B9A918F} https://sera-mtl.cgi.com/dana-cached/sc/JuniperSetupClient.cab
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
Tcpip\Parameters: [DhcpNameServer] 192.168.0.1

FireFox:
========
FF ProfilePath: C:\Users\manuel.goulet\AppData\Roaming\Mozilla\Firefox\Profiles\t1h6snfj.default-1401135936852
FF Homepage: www.google.ca
FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF64_14_0_0_125.dll ()
FF Plugin: @java.com/DTPlugin,version=10.60.2 - C:\Program Files\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=10.60.2 - C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin: @microsoft.com/GENUINE - disabled No File
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - C:\Program Files\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 - C:\PROGRA~1\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_14_0_0_125.dll ()
FF Plugin-x32: @java.com/DTPlugin,version=10.60.2 - C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.60.2 - C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @microsoft.com/GENUINE - disabled No File
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 - C:\Program Files (x86)\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 - C:\PROGRA~2\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 - C:\PROGRA~2\MICROS~2\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin-x32: @videolan.org/vlc,version=2.0.7 - C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin-x32: @vmware.com/vmrc,version=5.1.0.00000 - C:\Program Files (x86)\Common Files\VMware\VMware Remote Console Plug-in 5.1\Firefox\np-vmware-vmrc.dll (VMware, Inc.)
FF Plugin-x32: Adobe Reader - C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin ProgramFiles/Appdata: C:\Users\manuel.goulet\AppData\Roaming\mozilla\plugins\npatgpc.dll (Cisco WebEx LLC)
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\amazon-france.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\cnrtl-tlfi-fr.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\eBay-france.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\yahoo-france.xml

==================== Services (Whitelisted) =================

R2 BEDevCtl; C:\Windows\SysWOW64\BEDevCtl.exe [905216 2010-10-15] (Utimaco Safeware AG - a member of the Sophos Group) [File not signed]
R2 BEFCSvcn; C:\Windows\SysWOW64\BEFCSvcn.exe [20480 2010-10-15] (Utimaco Safeware AG - a member of the Sophos Group) [File not signed]
R2 enterceptAgent; C:\Program Files\McAfee\Host Intrusion Prevention\FireSvc.exe [645680 2013-05-23] (McAfee, Inc.)
R2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe [1809720 2014-05-12] (Malwarebytes Corporation)
R2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [860472 2014-05-12] (Malwarebytes Corporation)
R2 McAfeeEngineService; C:\Program Files (x86)\McAfee\VirusScan Enterprise\x64\EngineServer.exe [20792 2011-08-31] (McAfee, Inc.)
R2 McAfeeFramework; C:\Program Files (x86)\McAfee\Common Framework\FrameworkService.exe [120128 2011-05-19] (McAfee, Inc.)
R2 McShield; C:\Program Files (x86)\McAfee\VirusScan Enterprise\x64\McShield.exe [181480 2011-08-31] (McAfee, Inc.)
R2 McTaskManager; C:\Program Files (x86)\McAfee\VirusScan Enterprise\VsTskMgr.exe [66880 2011-08-31] (McAfee, Inc.)
R2 mfefire; C:\Program Files\Common Files\McAfee\SystemCore\\mfefire.exe [212664 2012-10-09] (McAfee, Inc.)
R2 mfevtp; C:\Windows\system32\mfevtps.exe [170440 2012-12-18] (McAfee, Inc.)
R2 O2FLASH; C:\Windows\system32\o2flash.exe [244328 2011-11-16] (O2Micro International)
R2 O2SDIOAssist; C:\Windows\SysWOW64\srvany.exe [8192 2003-04-18] () [File not signed]
R2 SGNAuthService; C:\Program Files (x86)\Sophos\SafeGuard Enterprise\Client\SGNAuthServicen.exe [647168 2010-10-15] (Utimaco Safeware AG - a member of the Sophos Group) [File not signed]
R2 SGN_BEService; C:\Windows\SysWOW64\SGN_MasterServicen.exe [49152 2010-10-15] (Utimaco Safeware AG - a member of the Sophos Group) [File not signed]
R2 SGN_LogSystem; C:\Windows\SysWOW64\SGN_MasterServicen.exe [49152 2010-10-15] (Utimaco Safeware AG - a member of the Sophos Group) [File not signed]
R2 SGN_Sem; C:\Windows\SysWOW64\SGN_MasterServicen.exe [49152 2010-10-15] (Utimaco Safeware AG - a member of the Sophos Group) [File not signed]
R2 SGN_Trans; C:\Windows\SysWOW64\SGN_MasterServicen.exe [49152 2010-10-15] (Utimaco Safeware AG - a member of the Sophos Group) [File not signed]
S3 smstsmgr; C:\Windows\SysWOW64\CCM\TSManager.exe [246624 2009-09-18] (Microsoft Corporation)
R2 Wireless_AutoSwitch; C:\Program Files (x86)\Wireless AutoSwitch\WrlsAutoSW.exs [146535 2011-04-10] (Sase Sham, Inc.) [File not signed]

==================== Drivers (Whitelisted) ====================

S3 bcbtums; C:\Windows\System32\drivers\bcbtums.sys [135720 2012-12-06] (Broadcom Corporation.)
R0 BeFlt; C:\Windows\System32\DRIVERS\BEFLT.SYS [121600 2010-10-15] (Utimaco Safeware AG - a member of the Sophos Group)
R0 BeFlt; C:\Windows\SysWOW64\DRIVERS\BEFLT.SYS [97536 2010-10-15] (Utimaco Safeware AG - a member of the Sophos Group)
R0 BE_FLTI; C:\Windows\System32\DRIVERS\be_fltim.sys [92416 2010-10-15] (Utimaco Safeware AG - a member of the Sophos Group)
R0 BE_FLTI; C:\Windows\SysWOW64\DRIVERS\be_fltim.sys [50944 2010-10-15] (Utimaco Safeware AG - a member of the Sophos Group)
R0 CEAES2M; C:\Windows\System32\Drivers\cegaes2m.sys [57088 2010-10-14] (Utimaco Safeware AG - a member of the Sophos Group)
R0 CEAES2M; C:\Windows\SysWOW64\Drivers\cegaes2m.sys [63232 2010-10-14] (Utimaco Safeware AG - a member of the Sophos Group)
R0 CEAESM; C:\Windows\System32\Drivers\cegaesm.sys [57088 2010-10-14] (Utimaco Safeware AG - a member of the Sophos Group)
R0 CEAESM; C:\Windows\SysWOW64\Drivers\cegaesm.sys [62720 2010-10-14] (Utimaco Safeware AG - a member of the Sophos Group)
R0 CEHMACM; C:\Windows\System32\Drivers\cehmacm.sys [27904 2010-10-14] (Utimaco Safeware AG - a member of the Sophos Group)
R0 CERNDM; C:\Windows\System32\Drivers\CERNDM.sys [17664 2010-10-14] (Utimaco Safeware AG - a member of the Sophos Group)
R0 CESHAM; C:\Windows\System32\Drivers\cesham.sys [26368 2010-10-14] (Utimaco Safeware AG - a member of the Sophos Group)
R0 CESHAM; C:\Windows\SysWOW64\Drivers\cesham.sys [24832 2010-10-14] (Utimaco Safeware AG - a member of the Sophos Group)
R3 CVPNDRVA; C:\Windows\system32\Drivers\CVPNDRVA.sys [306536 2011-03-04] ()
R1 dtsoftbus01; C:\Windows\System32\DRIVERS\dtsoftbus01.sys [283064 2014-04-26] (Disc Soft Ltd)
R3 FireNfcp; C:\Windows\System32\drivers\FireNfcp.sys [53728 2014-06-06] (McAfee, Inc.)
R3 HipShieldK; C:\Windows\System32\drivers\HipShieldK.sys [197576 2013-02-04] (McAfee, Inc.)
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25816 2014-05-12] (Malwarebytes Corporation)
R3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [122584 2014-06-15] (Malwarebytes Corporation)
R3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [63704 2014-05-12] (Malwarebytes Corporation)
R3 mfeapfk; C:\Windows\System32\drivers\mfeapfk.sys [169192 2012-12-18] (McAfee, Inc.)
U3 mfeapfk01; No ImagePath
R3 mfeavfk; C:\Windows\System32\drivers\mfeavfk.sys [282736 2012-12-18] (McAfee, Inc.)
U3 mfeavfk01; No ImagePath
R3 mfefirek; C:\Windows\System32\drivers\mfefirek.sys [496592 2012-12-18] (McAfee, Inc.)
R0 mfehidk; C:\Windows\System32\drivers\mfehidk.sys [673624 2012-12-18] (McAfee, Inc.)
R1 mfenlfk; C:\Windows\System32\DRIVERS\mfenlfk.sys [76224 2012-12-18] (McAfee, Inc.)
S3 mferkdet; C:\Windows\System32\drivers\mferkdet.sys [100904 2011-08-31] (McAfee, Inc.)
S4 mfetdik; C:\Windows\System32\drivers\mfetdik.sys [86368 2011-08-31] (McAfee, Inc.)
R0 mfewfpk; C:\Windows\System32\drivers\mfewfpk.sys [305536 2012-12-18] (McAfee, Inc.)
R1 NEOFLTR_710_20169; C:\Windows\system32\Drivers\NEOFLTR_710_20169.SYS [99152 2012-01-13] (Juniper Networks)
S3 prepdrvr; C:\Windows\SysWOW64\CCM\prepdrv.sys [26992 2009-09-18] (Microsoft Corporation)
R0 SGSTDRVM; C:\Windows\System32\Drivers\sgstdrvm.sys [57088 2010-10-14] (Utimaco Safeware AG - a member of the Sophos Group)
R0 SGSTDRVM; C:\Windows\SysWOW64\Drivers\sgstdrvm.sys [51968 2010-10-14] (Utimaco Safeware AG - a member of the Sophos Group)
R3 ST_ACCEL; C:\Windows\System32\DRIVERS\ST_ACCEL.sys [68208 2012-05-21] (STMicroelectronics)
S3 catchme; \??\C:\ComboFix\catchme.sys [X]
S3 VGPU; System32\drivers\rdvgkmd.sys [X]
S3 VMnetAdapter; system32\DRIVERS\vmnetadapter.sys [X]

==================== NetSvcs (Whitelisted) ===================


==================== One Month Created Files and Folders ========

2014-06-15 07:07 - 2014-06-15 07:08 - 00016816 _____ () C:\Users\manuel.goulet\Downloads\FRST.txt
2014-06-15 07:07 - 2014-06-15 07:08 - 00000000 ____D () C:\FRST
2014-06-15 07:06 - 2014-06-15 07:06 - 02081792 _____ (Farbar) C:\Users\manuel.goulet\Downloads\FRST64.exe
2014-06-14 20:26 - 2014-06-15 07:05 - 00000000 ____D () C:\Users\manuel.goulet\Desktop\New AM
2014-06-14 20:18 - 2014-06-14 20:18 - 00688992 ____R (Swearware) C:\Users\manuel.goulet\Downloads\dds.com
2014-06-14 19:27 - 2014-06-14 19:36 - 110019352 _____ (Microsoft Corporation) C:\Users\manuel.goulet\Downloads\msert.exe
2014-06-14 19:14 - 2014-04-29 13:18 - 09076224 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-06-14 19:14 - 2014-04-29 13:14 - 06041600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2014-06-14 19:14 - 2014-04-29 10:33 - 01638912 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-06-14 19:14 - 2014-04-29 10:01 - 01638912 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2014-06-14 19:12 - 2014-06-14 19:12 - 00002213 _____ () C:\Users\manuel.goulet\Desktop\NetWorker Management Console.lnk
2014-06-14 19:05 - 2014-06-14 19:05 - 00313256 _____ (Oracle Corporation) C:\Windows\system32\javaws.exe
2014-06-14 19:05 - 2014-06-14 19:05 - 00189352 _____ (Oracle Corporation) C:\Windows\system32\javaw.exe
2014-06-14 19:05 - 2014-06-14 19:05 - 00189352 _____ (Oracle Corporation) C:\Windows\system32\java.exe
2014-06-14 19:05 - 2014-06-14 19:05 - 00111016 _____ (Oracle Corporation) C:\Windows\system32\WindowsAccessBridge-64.dll
2014-06-14 19:05 - 2014-06-14 19:05 - 00000000 ____D () C:\Program Files\Java
2014-06-14 19:03 - 2014-06-14 19:03 - 00264616 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaws.exe
2014-06-14 19:03 - 2014-06-14 19:03 - 00175528 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaw.exe
2014-06-14 19:03 - 2014-06-14 19:03 - 00175528 _____ (Oracle Corporation) C:\Windows\SysWOW64\java.exe
2014-06-14 19:03 - 2014-06-14 19:03 - 00098216 _____ (Oracle Corporation) C:\Windows\SysWOW64\WindowsAccessBridge-32.dll
2014-06-14 19:03 - 2014-06-14 19:03 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java
2014-06-14 19:00 - 2014-06-14 19:01 - 30984104 _____ (Oracle Corporation) C:\Users\manuel.goulet\Downloads\jre-7u60-windows-x64.exe
2014-06-14 19:00 - 2014-06-14 19:00 - 29405096 _____ (Oracle Corporation) C:\Users\manuel.goulet\Downloads\jre-7u60-windows-i586.exe
2014-06-14 18:56 - 2014-06-14 18:56 - 00002441 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader XI.lnk
2014-06-14 18:56 - 2014-06-14 18:56 - 00002019 _____ () C:\Users\Public\Desktop\Adobe Reader XI.lnk
2014-06-14 18:55 - 2014-06-14 18:55 - 00000000 ____D () C:\Program Files (x86)\Adobe
2014-06-14 12:59 - 2014-06-14 12:59 - 00000000 ____D () C:\Program Files (x86)\ESET
2014-06-14 12:37 - 2014-06-14 12:37 - 01016261 _____ (Thisisu) C:\Users\manuel.goulet\Downloads\JRT.exe
2014-06-14 12:29 - 2014-06-14 12:29 - 01333465 _____ () C:\Users\manuel.goulet\Downloads\adwcleaner_3.212.exe
2014-06-14 12:22 - 2014-06-14 12:22 - 00448512 _____ (OldTimer Tools) C:\Users\manuel.goulet\Downloads\TFC.exe
2014-06-14 00:32 - 2014-06-14 00:33 - 00000000 ____D () C:\ProgramData\Malwarebytes' Anti-Malware (portable)
2014-06-14 00:13 - 2014-06-14 00:13 - 14349744 _____ (Malwarebytes Corp.) C:\Users\manuel.goulet\Downloads\mbar-1.07.0.1012.exe
2014-06-13 23:56 - 2014-06-15 07:07 - 00122584 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-06-13 23:56 - 2014-06-14 00:30 - 00092888 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2014-06-13 23:56 - 2014-06-13 23:56 - 00001102 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2014-06-13 23:56 - 2014-06-13 23:56 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware
2014-06-13 23:56 - 2014-05-12 07:26 - 00063704 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2014-06-13 23:56 - 2014-05-12 07:25 - 00025816 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2014-06-13 23:55 - 2014-06-13 23:55 - 17292760 _____ (Malwarebytes Corporation ) C:\Users\manuel.goulet\Downloads\mbam-setup-2.0.2.1012(1).exe
2014-06-13 23:51 - 2014-06-13 23:52 - 00042542 _____ () C:\Users\manuel.goulet\Downloads\Result.txt
2014-06-13 23:50 - 2014-06-13 23:50 - 00400384 _____ (Farbar) C:\Users\manuel.goulet\Downloads\MiniToolBox.exe
2014-06-13 23:49 - 2014-06-13 23:49 - 00002711 _____ () C:\Users\manuel.goulet\Downloads\FSS.txt
2014-06-13 23:48 - 2014-06-13 23:48 - 00415744 _____ (Farbar) C:\Users\manuel.goulet\Downloads\FSS.exe
2014-06-13 23:44 - 2014-06-13 23:45 - 00854378 _____ () C:\Users\manuel.goulet\Downloads\SecurityCheck.exe
2014-06-13 21:19 - 2014-06-13 21:19 - 01940216 _____ (Bleeping Computer, LLC) C:\Users\manuel.goulet\Downloads\rKill.exe
2014-06-13 14:36 - 2014-06-14 19:17 - 00000392 _____ () C:\Windows\setupact.log
2014-06-13 14:36 - 2014-06-14 19:08 - 00003722 _____ () C:\Windows\PFRO.log
2014-06-13 14:36 - 2014-06-13 14:36 - 00000000 _____ () C:\Windows\setuperr.log
2014-06-13 14:25 - 2014-06-13 14:25 - 00024433 _____ () C:\ComboFix.txt
2014-06-13 14:25 - 2014-06-13 14:25 - 00000000 ____D () C:\Users\Public\AppData\Local\temp
2014-06-13 14:25 - 2014-06-13 14:25 - 00000000 ____D () C:\Users\Default\AppData\Local\temp
2014-06-13 14:25 - 2014-06-13 14:25 - 00000000 ____D () C:\Users\Default User\AppData\Local\temp
2014-06-13 14:25 - 2014-06-13 14:25 - 00000000 ____D () C:\Users\CGISAG\AppData\Local\temp
2014-06-13 14:25 - 2014-06-13 14:25 - 00000000 ____D () C:\Users\CGI\AppData\Local\temp
2014-06-13 14:03 - 2014-06-13 14:03 - 00000000 ____D () C:\Windows\ERUNT
2014-06-13 13:48 - 2014-06-14 12:31 - 00000000 ____D () C:\AdwCleaner
2014-06-13 11:02 - 2014-06-15 07:06 - 00000000 ____D () C:\Users\manuel.goulet\Desktop\AM
2014-06-13 06:59 - 2014-06-13 06:59 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-06-13 06:56 - 2014-06-13 06:56 - 17292760 _____ (Malwarebytes Corporation ) C:\Users\manuel.goulet\Downloads\mbam-setup-2.0.2.1012.exe
2014-06-12 14:53 - 2014-06-12 14:53 - 00189564 _____ () C:\Users\manuel.goulet\Desktop\Backup Server Client Schedule.htm
2014-06-11 20:05 - 2014-06-13 13:50 - 00000000 ____D () C:\Users\manuel.goulet\AppData\Local\CrashDumps
2014-06-11 09:26 - 2014-06-11 09:26 - 00000000 ____D () C:\ProgramData\RogueKiller
2014-06-11 09:18 - 2014-06-11 09:18 - 00000000 ____D () C:\Windows\pss
2014-06-10 20:38 - 2014-06-10 20:38 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2014-06-10 10:55 - 2014-06-10 10:55 - 00010658 _____ () C:\Users\manuel.goulet\Desktop\bootstrap 7 mai au 10 juin 2014.xlsx
2014-06-07 14:13 - 2014-06-07 14:16 - 00000000 ____D () C:\Program Files\IDT
2014-06-07 14:13 - 2012-09-20 12:26 - 02188800 _____ (IDT, Inc.) C:\Windows\system32\stapo64.dll
2014-06-07 14:13 - 2012-09-20 12:26 - 00672256 ____N (IDT, Inc.) C:\Windows\system32\stapi64.dll
2014-06-07 14:13 - 2012-09-20 12:26 - 00543744 _____ (IDT, Inc.) C:\Windows\system32\Drivers\stwrt64.sys
2014-06-07 14:13 - 2012-09-20 12:26 - 00499200 _____ (IDT, Inc.) C:\Windows\system32\stcplx64.dll
2014-06-07 14:13 - 2012-09-20 12:26 - 00255488 _____ (IDT, Inc.) C:\Windows\system32\st646428.dll
2014-06-07 14:13 - 2012-04-30 04:23 - 01008472 _____ (Waves Audio Ltd.) C:\Windows\system32\MaxxAudioAPOShell64.dll
2014-06-07 14:13 - 2012-01-31 03:59 - 00576856 _____ (Waves Audio Ltd.) C:\Windows\system32\MaxxAudioAPO4064.dll
2014-06-07 14:13 - 2012-01-05 03:05 - 00572760 _____ (Waves Audio Ltd.) C:\Windows\system32\MaxxVoiceAPO64.dll
2014-06-07 14:12 - 2014-06-07 14:12 - 00000000 ____D () C:\Users\manuel.goulet\Audio
2014-06-07 14:11 - 2014-06-07 14:11 - 00000000 ____D () C:\Users\manuel.goulet\AppData\Local\Dell
2014-06-06 09:16 - 2011-06-26 02:45 - 00256000 _____ () C:\Windows\PEV.exe
2014-06-06 09:16 - 2010-11-07 13:20 - 00208896 _____ () C:\Windows\MBR.exe
2014-06-06 09:16 - 2009-04-20 00:56 - 00060416 _____ (NirSoft) C:\Windows\NIRCMD.exe
2014-06-06 09:16 - 2000-08-30 20:00 - 00518144 _____ (SteelWerX) C:\Windows\SWREG.exe
2014-06-06 09:16 - 2000-08-30 20:00 - 00406528 _____ (SteelWerX) C:\Windows\SWSC.exe
2014-06-06 09:16 - 2000-08-30 20:00 - 00098816 _____ () C:\Windows\sed.exe
2014-06-06 09:16 - 2000-08-30 20:00 - 00080412 _____ () C:\Windows\grep.exe
2014-06-06 09:16 - 2000-08-30 20:00 - 00068096 _____ () C:\Windows\zip.exe
2014-06-06 09:15 - 2014-06-13 14:25 - 00000000 ____D () C:\Qoobox
2014-06-06 09:15 - 2014-06-06 10:25 - 00000000 ____D () C:\Windows\erdnt
2014-06-05 08:53 - 2014-06-05 08:53 - 00055296 _____ () C:\Users\manuel.goulet\Desktop\Demande de restauration REQ000001132181 WO0000000359373  .msg
2014-06-04 09:57 - 2014-06-04 09:57 - 00000000 ____D () C:\Users\manuel.goulet\Desktop\IA
2014-05-29 10:26 - 2014-05-29 10:26 - 00003499 _____ () C:\Users\manuel.goulet\Desktop\CPRFERSQL2 vss erreurs .txt
2014-05-28 10:54 - 2014-05-28 10:54 - 00061440 _____ () C:\Users\manuel.goulet\Desktop\RE CDPQ CRQ000000139979 - Tâche à fermer  EN ATTENTE.msg
2014-05-26 16:25 - 2014-05-26 16:25 - 00000000 ____D () C:\Users\manuel.goulet\Desktop\Anciennes données de Firefox
2014-05-22 12:19 - 2014-05-26 13:45 - 00000000 ____D () C:\Users\manuel.goulet\Desktop\Relève

==================== One Month Modified Files and Folders =======

2014-06-15 07:08 - 2014-06-15 07:07 - 00016816 _____ () C:\Users\manuel.goulet\Downloads\FRST.txt
2014-06-15 07:08 - 2014-06-15 07:07 - 00000000 ____D () C:\FRST
2014-06-15 07:08 - 2013-07-05 11:15 - 00000000 ____D () C:\Users\manuel.goulet\AppData\Local\Temp
2014-06-15 07:07 - 2014-06-13 23:56 - 00122584 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-06-15 07:06 - 2014-06-15 07:06 - 02081792 _____ (Farbar) C:\Users\manuel.goulet\Downloads\FRST64.exe
2014-06-15 07:06 - 2014-06-13 11:02 - 00000000 ____D () C:\Users\manuel.goulet\Desktop\AM
2014-06-15 07:05 - 2014-06-14 20:26 - 00000000 ____D () C:\Users\manuel.goulet\Desktop\New AM
2014-06-15 04:32 - 2013-06-19 10:59 - 01093275 _____ () C:\Windows\WindowsUpdate.log
2014-06-14 20:46 - 2011-10-19 07:43 - 00749846 _____ () C:\Windows\system32\perfh00C.dat
2014-06-14 20:46 - 2011-10-19 07:43 - 00150308 _____ () C:\Windows\system32\perfc00C.dat
2014-06-14 20:46 - 2009-07-14 01:13 - 01674634 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-06-14 20:18 - 2014-06-14 20:18 - 00688992 ____R (Swearware) C:\Users\manuel.goulet\Downloads\dds.com
2014-06-14 19:36 - 2014-06-14 19:27 - 110019352 _____ (Microsoft Corporation) C:\Users\manuel.goulet\Downloads\msert.exe
2014-06-14 19:26 - 2009-07-14 00:45 - 00019328 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-06-14 19:26 - 2009-07-14 00:45 - 00019328 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-06-14 19:20 - 2011-10-19 07:45 - 00000495 _____ () C:\Windows\SMSCFG.ini
2014-06-14 19:17 - 2014-06-13 14:36 - 00000392 _____ () C:\Windows\setupact.log
2014-06-14 19:17 - 2009-07-14 01:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-06-14 19:12 - 2014-06-14 19:12 - 00002213 _____ () C:\Users\manuel.goulet\Desktop\NetWorker Management Console.lnk
2014-06-14 19:08 - 2014-06-13 14:36 - 00003722 _____ () C:\Windows\PFRO.log
2014-06-14 19:05 - 2014-06-14 19:05 - 00313256 _____ (Oracle Corporation) C:\Windows\system32\javaws.exe
2014-06-14 19:05 - 2014-06-14 19:05 - 00189352 _____ (Oracle Corporation) C:\Windows\system32\javaw.exe
2014-06-14 19:05 - 2014-06-14 19:05 - 00189352 _____ (Oracle Corporation) C:\Windows\system32\java.exe
2014-06-14 19:05 - 2014-06-14 19:05 - 00111016 _____ (Oracle Corporation) C:\Windows\system32\WindowsAccessBridge-64.dll
2014-06-14 19:05 - 2014-06-14 19:05 - 00000000 ____D () C:\Program Files\Java
2014-06-14 19:04 - 2013-10-16 15:00 - 00000000 ____D () C:\ProgramData\Oracle
2014-06-14 19:03 - 2014-06-14 19:03 - 00264616 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaws.exe
2014-06-14 19:03 - 2014-06-14 19:03 - 00175528 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaw.exe
2014-06-14 19:03 - 2014-06-14 19:03 - 00175528 _____ (Oracle Corporation) C:\Windows\SysWOW64\java.exe
2014-06-14 19:03 - 2014-06-14 19:03 - 00098216 _____ (Oracle Corporation) C:\Windows\SysWOW64\WindowsAccessBridge-32.dll
2014-06-14 19:03 - 2014-06-14 19:03 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java
2014-06-14 19:01 - 2014-06-14 19:00 - 30984104 _____ (Oracle Corporation) C:\Users\manuel.goulet\Downloads\jre-7u60-windows-x64.exe
2014-06-14 19:00 - 2014-06-14 19:00 - 29405096 _____ (Oracle Corporation) C:\Users\manuel.goulet\Downloads\jre-7u60-windows-i586.exe
2014-06-14 18:56 - 2014-06-14 18:56 - 00002441 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader XI.lnk
2014-06-14 18:56 - 2014-06-14 18:56 - 00002019 _____ () C:\Users\Public\Desktop\Adobe Reader XI.lnk
2014-06-14 18:55 - 2014-06-14 18:55 - 00000000 ____D () C:\Program Files (x86)\Adobe
2014-06-14 18:55 - 2011-10-19 08:18 - 00000000 ____D () C:\ProgramData\Adobe
2014-06-14 18:50 - 2013-07-15 13:28 - 00699056 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2014-06-14 18:50 - 2013-07-15 13:28 - 00071344 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2014-06-14 18:40 - 2013-07-05 12:03 - 00003960 _____ () C:\Windows\System32\Tasks\User_Feed_Synchronization-{7D066480-2BD4-4649-8A78-8F27DD166F27}
2014-06-14 12:59 - 2014-06-14 12:59 - 00000000 ____D () C:\Program Files (x86)\ESET
2014-06-14 12:37 - 2014-06-14 12:37 - 01016261 _____ (Thisisu) C:\Users\manuel.goulet\Downloads\JRT.exe
2014-06-14 12:31 - 2014-06-13 13:48 - 00000000 ____D () C:\AdwCleaner
2014-06-14 12:29 - 2014-06-14 12:29 - 01333465 _____ () C:\Users\manuel.goulet\Downloads\adwcleaner_3.212.exe
2014-06-14 12:22 - 2014-06-14 12:22 - 00448512 _____ (OldTimer Tools) C:\Users\manuel.goulet\Downloads\TFC.exe
2014-06-14 12:21 - 2014-03-30 12:09 - 00001945 _____ () C:\Windows\epplauncher.mif
2014-06-14 00:33 - 2014-06-14 00:32 - 00000000 ____D () C:\ProgramData\Malwarebytes' Anti-Malware (portable)
2014-06-14 00:30 - 2014-06-13 23:56 - 00092888 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2014-06-14 00:13 - 2014-06-14 00:13 - 14349744 _____ (Malwarebytes Corp.) C:\Users\manuel.goulet\Downloads\mbar-1.07.0.1012.exe
2014-06-13 23:56 - 2014-06-13 23:56 - 00001102 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2014-06-13 23:56 - 2014-06-13 23:56 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware
2014-06-13 23:55 - 2014-06-13 23:55 - 17292760 _____ (Malwarebytes Corporation ) C:\Users\manuel.goulet\Downloads\mbam-setup-2.0.2.1012(1).exe
2014-06-13 23:52 - 2014-06-13 23:51 - 00042542 _____ () C:\Users\manuel.goulet\Downloads\Result.txt
2014-06-13 23:50 - 2014-06-13 23:50 - 00400384 _____ (Farbar) C:\Users\manuel.goulet\Downloads\MiniToolBox.exe
2014-06-13 23:49 - 2014-06-13 23:49 - 00002711 _____ () C:\Users\manuel.goulet\Downloads\FSS.txt
2014-06-13 23:48 - 2014-06-13 23:48 - 00415744 _____ (Farbar) C:\Users\manuel.goulet\Downloads\FSS.exe
2014-06-13 23:45 - 2014-06-13 23:44 - 00854378 _____ () C:\Users\manuel.goulet\Downloads\SecurityCheck.exe
2014-06-13 21:19 - 2014-06-13 21:19 - 01940216 _____ (Bleeping Computer, LLC) C:\Users\manuel.goulet\Downloads\rKill.exe
2014-06-13 15:58 - 2013-07-10 14:27 - 00000000 ____D () C:\Users\manuel.goulet\AppData\Roaming\Skype
2014-06-13 15:18 - 2011-10-19 07:56 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Shark007 Codecs
2014-06-13 15:17 - 2011-10-19 07:54 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ImgBurn
2014-06-13 15:15 - 2011-10-19 07:54 - 00000000 ____D () C:\Program Files (x86)\ImgBurn
2014-06-13 14:36 - 2014-06-13 14:36 - 00000000 _____ () C:\Windows\setuperr.log
2014-06-13 14:25 - 2014-06-13 14:25 - 00024433 _____ () C:\ComboFix.txt
2014-06-13 14:25 - 2014-06-13 14:25 - 00000000 ____D () C:\Users\Public\AppData\Local\temp
2014-06-13 14:25 - 2014-06-13 14:25 - 00000000 ____D () C:\Users\Default\AppData\Local\temp
2014-06-13 14:25 - 2014-06-13 14:25 - 00000000 ____D () C:\Users\Default User\AppData\Local\temp
2014-06-13 14:25 - 2014-06-13 14:25 - 00000000 ____D () C:\Users\CGISAG\AppData\Local\temp
2014-06-13 14:25 - 2014-06-13 14:25 - 00000000 ____D () C:\Users\CGI\AppData\Local\temp
2014-06-13 14:25 - 2014-06-06 09:15 - 00000000 ____D () C:\Qoobox
2014-06-13 14:24 - 2009-07-13 22:34 - 00000215 _____ () C:\Windows\system.ini
2014-06-13 14:03 - 2014-06-13 14:03 - 00000000 ____D () C:\Windows\ERUNT
2014-06-13 13:50 - 2014-06-11 20:05 - 00000000 ____D () C:\Users\manuel.goulet\AppData\Local\CrashDumps
2014-06-13 13:43 - 2013-07-15 08:15 - 00002280 ____H () C:\Users\manuel.goulet\Documents\Default.rdp
2014-06-13 13:43 - 2013-07-05 12:01 - 00000000 ____D () C:\Users\manuel.goulet\Desktop\task
2014-06-13 11:00 - 2013-07-12 12:03 - 00000600 _____ () C:\Users\manuel.goulet\AppData\Local\PUTTY.RND
2014-06-13 06:59 - 2014-06-13 06:59 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-06-13 06:56 - 2014-06-13 06:56 - 17292760 _____ (Malwarebytes Corporation ) C:\Users\manuel.goulet\Downloads\mbam-setup-2.0.2.1012.exe
2014-06-12 16:01 - 2009-07-14 01:32 - 00000000 ____D () C:\Windows\system32\FxsTmp
2014-06-12 14:53 - 2014-06-12 14:53 - 00189564 _____ () C:\Users\manuel.goulet\Desktop\Backup Server Client Schedule.htm
2014-06-12 14:52 - 2013-08-15 06:54 - 00000000 ____D () C:\Users\manuel.goulet\AppData\Local\CutePDF Writer
2014-06-12 14:37 - 2013-07-15 14:23 - 00000600 _____ () C:\Users\manuel.goulet\AppData\Roaming\winscp.rnd
2014-06-11 12:12 - 2014-02-26 12:33 - 00000000 ____D () C:\Users\manuel.goulet\AppData\Local\Battle.net
2014-06-11 11:59 - 2014-02-26 12:33 - 00000000 ____D () C:\Program Files (x86)\Battle.net
2014-06-11 11:40 - 2013-07-05 12:01 - 00000000 ____D () C:\Users\manuel.goulet\Desktop\restore
2014-06-11 09:26 - 2014-06-11 09:26 - 00000000 ____D () C:\ProgramData\RogueKiller
2014-06-11 09:21 - 2013-07-05 12:05 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service
2014-06-11 09:18 - 2014-06-11 09:18 - 00000000 ____D () C:\Windows\pss
2014-06-11 09:18 - 2013-07-05 11:16 - 00000000 ___RD () C:\Users\manuel.goulet\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
2014-06-11 09:18 - 2009-07-13 23:20 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup
2014-06-10 20:38 - 2014-06-10 20:38 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2014-06-10 10:55 - 2014-06-10 10:55 - 00010658 _____ () C:\Users\manuel.goulet\Desktop\bootstrap 7 mai au 10 juin 2014.xlsx
2014-06-07 14:16 - 2014-06-07 14:13 - 00000000 ____D () C:\Program Files\IDT
2014-06-07 14:12 - 2014-06-07 14:12 - 00000000 ____D () C:\Users\manuel.goulet\Audio
2014-06-07 14:12 - 2013-07-05 11:15 - 00000000 ____D () C:\Users\manuel.goulet
2014-06-07 14:11 - 2014-06-07 14:11 - 00000000 ____D () C:\Users\manuel.goulet\AppData\Local\Dell
2014-06-06 10:30 - 2009-07-13 23:20 - 00000000 __RHD () C:\Users\Default
2014-06-06 10:25 - 2014-06-06 09:15 - 00000000 ____D () C:\Windows\erdnt
2014-06-06 09:18 - 2014-03-30 13:06 - 00000000 ____D () C:\Quarantine
2014-06-06 09:12 - 2013-07-27 08:21 - 00000000 ____D () C:\Windows\Minidump
2014-06-06 08:53 - 2014-03-17 09:42 - 00000000 ___RD () C:\Program Files (x86)\Skype
2014-06-06 08:53 - 2013-04-04 08:56 - 00000000 ____D () C:\ProgramData\Skype
2014-06-06 08:16 - 2011-10-18 15:01 - 00003242 _____ () C:\freefallprotection.log
2014-06-06 08:16 - 2011-10-18 15:01 - 00000000 ___HD () C:\Program Files (x86)\InstallShield Installation Information
2014-06-06 02:08 - 2014-03-29 16:42 - 00053728 _____ (McAfee, Inc.) C:\Windows\system32\Drivers\FireNfcp.sys
2014-06-05 08:53 - 2014-06-05 08:53 - 00055296 _____ () C:\Users\manuel.goulet\Desktop\Demande de restauration REQ000001132181 WO0000000359373  .msg
2014-06-04 09:57 - 2014-06-04 09:57 - 00000000 ____D () C:\Users\manuel.goulet\Desktop\IA
2014-06-02 13:02 - 2013-07-05 12:01 - 00000000 ____D () C:\Users\manuel.goulet\Desktop\probleme VSS
2014-06-01 10:16 - 2013-07-05 12:00 - 00000000 ____D () C:\Users\manuel.goulet\Desktop\failed journalier
2014-05-29 10:26 - 2014-05-29 10:26 - 00003499 _____ () C:\Users\manuel.goulet\Desktop\CPRFERSQL2 vss erreurs .txt
2014-05-28 10:54 - 2014-05-28 10:54 - 00061440 _____ () C:\Users\manuel.goulet\Desktop\RE CDPQ CRQ000000139979 - Tâche à fermer  EN ATTENTE.msg
2014-05-26 16:25 - 2014-05-26 16:25 - 00000000 ____D () C:\Users\manuel.goulet\Desktop\Anciennes données de Firefox
2014-05-26 13:45 - 2014-05-22 12:19 - 00000000 ____D () C:\Users\manuel.goulet\Desktop\Relève

Some content of TEMP:
====================
C:\Users\manuel.goulet\AppData\Local\Temp\Quarantine.exe


==================== Bamital & volsnap Check =================

C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2014-06-08 00:35

==================== End Of Log ============================
 
 

 

 

 

 

 

 

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 12-06-2014 02
Ran by Manuel.Goulet at 2014-06-15 07:09:13
Running from C:\Users\manuel.goulet\Downloads
Boot Mode: Normal
==========================================================


==================== Security Center ========================

AV: McAfee VirusScan Enterprise (Enabled - Up to date) {86355677-4064-3EA7-ABB3-1B136EB04637}
AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: McAfee VirusScan Enterprise Antispyware Module (Enabled - Up to date) {3D54B793-665E-3129-9103-206115370C8A}
FW: McAfee Pare-feu Host Intrusion Prevention (Enabled) {959DA8E2-3527-57D1-4915-924367AD4FE9}

==================== Installed Programs ======================

Adobe Flash Player 11 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 11.8.800.94 - Adobe Systems Incorporated)
Adobe Flash Player 14 Plugin (HKLM-x32\...\Adobe Flash Player Plugin) (Version: 14.0.0.125 - Adobe Systems Incorporated)
Adobe Reader XI (11.0.07) - Français (HKLM-x32\...\{AC76BA86-7AD7-1036-7B44-AB0000000001}) (Version: 11.0.07 - Adobe Systems Incorporated)
Assistant de connexion Windows Live (HKLM-x32\...\{DCE8CD14-FBF5-4464-B9A4-E18E473546C7}) (Version: 5.000.818.5 - Microsoft Corporation)
AuthenTec Fingerprint Driver (Version: 1.5.0.0295 - AuthenTec) Hidden
Battle.net (HKLM-x32\...\Battle.net) (Version:  - Blizzard Entertainment)
BMC Remedy User 7.1 (HKLM-x32\...\{1F695CFF-C3A2-4A06-8D40-2FC93BC4208A}) (Version: 7.1 - BMC Software, Inc.)
Cisco Systems VPN Client (HKLM\...\{5FDC06BF-3D3D-4367-8FFB-4FAFCB61972D}) (Version: 5.0.7 - Cisco Systems, Inc.)
Cisco Unified Presenter Add-in 6x5 (HKCU\...\Cisco Unified Presenter Add-in 6x5) (Version:  - )
Cisco WebEx Meetings (HKLM-x32\...\ActiveTouchMeetingClient) (Version:  - Cisco WebEx LLC)
Citrix XenApp Plugin pour applications hébergées (HKLM-x32\...\{388C130B-0079-46B4-A0D5-DC2DD7A89A7B}) (Version: 11.0.0.5357 - Citrix Systems, Inc.)
Configuration Manager Client (x32 Version: 4.00.6487.2000 - Microsoft Corporation) Hidden
Crystal11_Redistributables (HKLM-x32\...\{154A9EEB-05FC-45E6-B7BD-75D27ED02276}) (Version: 1.00.0000 - BMC Software Inc.)
CutePDF Writer 2.8 (HKLM\...\CutePDF Writer Installation) (Version:  - )
DAEMON Tools Lite (HKLM-x32\...\DAEMON Tools Lite) (Version: 4.49.1.0356 - Disc Soft Ltd)
Definition Update for Microsoft Office 2010 (KB982726) 32-Bit Edition (HKLM-x32\...\{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{A3AD381D-848C-4478-80DC-228E37309308}) (Version:  - Microsoft)
Dell Client System Update (HKLM-x32\...\{04566294-A6B6-4462-9721-031073EB3694}) (Version: 1.3.0 - Dell Inc.)
Dell ControlVault Host Components Installer 64 bit (HKLM\...\{55E79447-F6B0-46CB-9F58-F82DAC9C2286}) (Version: 2.1.2.187 - Broadcom Corporation)
Dell Touchpad (HKLM\...\{9F72EF8B-AEC9-4CA5-B483-143980AFD6FD}) (Version: 8.1200.101.116 - ALPS ELECTRIC CO., LTD.)
ESET Online Scanner v3 (HKLM-x32\...\ESET Online Scanner) (Version:  - )
IDT Audio (HKLM-x32\...\{E3A5A8AB-58F6-45FF-AFCB-C9AE18C05001}) (Version: 1.0.6428.0 - IDT)
ImgBurn (HKLM-x32\...\ImgBurn) (Version: 2.5.5.0 - LIGHTNING UK!)
Intel® Identity Protection Technology 1.1.2.0 (HKLM-x32\...\{C01A86F5-56E7-101F-9BC9-E3F1025EB779}) (Version: 1.1.2.0 - Intel Corporation)
Intel® Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 8.1.0.1281 - Intel Corporation)
Intel® Network Connections Drivers (HKLM\...\PROSet) (Version: 15.4 - Intel)
Intel® OpenCL CPU Runtime (HKLM-x32\...\{FCB3772C-B7D0-4933-B1A9-3707EBACC573}) (Version:  - Intel Corporation)
Intel® Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 8.15.10.2712 - Intel Corporation)
Intel® Rapid Storage Technology (HKLM-x32\...\{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}) (Version: 11.2.0.1006 - Intel Corporation)
Intel® USB 3.0 eXtensible Host Controller Driver (HKLM-x32\...\{240C3DDD-C5E9-4029-9DF7-95650D040CF2}) (Version: 1.0.3.214 - Intel Corporation)
Intel® Trusted Connect Service Client (Version: 1.24.738.1 - Intel Corporation) Hidden
Java 7 Update 60 (64-bit) (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F06417060FF}) (Version: 7.0.600 - Oracle)
Java 7 Update 60 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F03217060FF}) (Version: 7.0.600 - Oracle)
Java Auto Updater (x32 Version: 2.1.60.19 - Oracle, Inc.) Hidden
Java SE Development Kit 7 Update 25 (HKLM-x32\...\{32A3A4F4-B792-11D6-A78A-00B0D0170250}) (Version: 1.7.0.250 - Oracle)
join.me (HKCU\...\JoinMe) (Version: 1.13.0.114 - LogMeIn, Inc.)
Juniper Networks Host Checker (HKCU\...\Neoteris_Host_Checker) (Version: 7.4.0.30611 - Juniper Networks)
Juniper Networks Network Connect 7.1.0 (HKLM-x32\...\Juniper Network Connect 7.1.0) (Version: 7.1.0.20169 - Juniper Networks)
Juniper Networks Network Connect 7.4.0 (HKLM-x32\...\Juniper Network Connect 7.4.0) (Version: 7.4.0.30611 - Juniper Networks)
Juniper Networks Secure Application Manager (HKLM-x32\...\Neoteris_Secure_Application_Manager) (Version: 7.1.0.20169 - Juniper Networks)
Juniper Networks, Inc. Setup Client (HKCU\...\Juniper_Setup_Client) (Version: 7.4.9.44981 - Juniper Networks, Inc.)
Juniper Networks, Inc. Setup Client 64-bit Activex Control (HKLM\...\Juniper_Setup_Client Activex Control) (Version: 2.1.1.1 - Juniper Networks, Inc.)
Malwarebytes Anti-Malware version 2.0.2.1012 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.2.1012 - Malwarebytes Corporation)
McAfee Agent (HKLM-x32\...\{397F4DE2-3C5A-415C-9A36-1D8C2B30B92D}) (Version: 4.5.0.1852 - McAfee, Inc.)
McAfee AntiSpyware Enterprise Module (HKLM-x32\...\McAfee Anti-Spyware Enterprise Module) (Version: 8.7.0.129 - McAfee, Inc.)
McAfee Host Intrusion Prevention (HKLM\...\{D2B9C003-A3CD-44A0-9DE5-52FE986C03E5}_Uninst) (Version: 8.00.0202 - McAfee, Inc.)
McAfee Host Intrusion Prevention (Version: 8.00.0202 - McAfee, Inc.) Hidden
McAfee VirusScan Enterprise (HKLM-x32\...\{147BCE03-C0F1-4C9F-8157-6A89B6D2D973}) (Version: 8.7.00051 - McAfee, Inc.)
Microsoft .NET Framework 4 Client Profile (HKLM\...\Microsoft .NET Framework 4 Client Profile) (Version: 4.0.30319 - Microsoft Corporation)
Microsoft .NET Framework 4 Client Profile (Version: 4.0.30319 - Microsoft Corporation) Hidden
Microsoft .NET Framework 4 Extended (HKLM\...\Microsoft .NET Framework 4 Extended) (Version: 4.0.30319 - Microsoft Corporation)
Microsoft .NET Framework 4 Extended (Version: 4.0.30319 - Microsoft Corporation) Hidden
Microsoft Conferencing Add-in for Microsoft Office Outlook (HKLM-x32\...\{1C1A21AF-75C5-42A1-89B9-419121336BF5}) (Version: 8.0.6362.149 - Microsoft Corporation)
Microsoft Office 2010 Language Pack Service Pack 1 (SP1) (HKLM-x32\...\{90140000-0100-040C-0000-0000000FF1CE}_Office14.OMUI.fr-fr_{C929DDD6-AD73-4251-B988-83FF2835FCF8}) (Version:  - Microsoft)
Microsoft Office 2010 Language Pack Service Pack 1 (SP1) (x32 Version:  - Microsoft) Hidden
Microsoft Office 2010 Service Pack 1 (SP1) (HKLM-x32\...\{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{047B0968-E622-4FAA-9B4B-121FA109EDDE}) (Version:  - Microsoft)
Microsoft Office 2010 Service Pack 1 (SP1) (x32 Version:  - Microsoft) Hidden
Microsoft Office Access MUI (English) 2010 (x32 Version: 14.0.6029.1000 - Microsoft Corporation) Hidden
Microsoft Office Access MUI (French) 2010 (x32 Version: 14.0.6029.1000 - Microsoft Corporation) Hidden
Microsoft Office Access Setup Metadata MUI (English) 2010 (x32 Version: 14.0.6029.1000 - Microsoft Corporation) Hidden
Microsoft Office Excel MUI (English) 2010 (x32 Version: 14.0.6029.1000 - Microsoft Corporation) Hidden
Microsoft Office Excel MUI (French) 2010 (x32 Version: 14.0.6029.1000 - Microsoft Corporation) Hidden
Microsoft Office Groove MUI (English) 2010 (x32 Version: 14.0.6029.1000 - Microsoft Corporation) Hidden
Microsoft Office Groove MUI (French) 2010 (x32 Version: 14.0.6029.1000 - Microsoft Corporation) Hidden
Microsoft Office InfoPath MUI (English) 2010 (x32 Version: 14.0.6029.1000 - Microsoft Corporation) Hidden
Microsoft Office InfoPath MUI (French) 2010 (x32 Version: 14.0.6029.1000 - Microsoft Corporation) Hidden
Microsoft Office Language Pack 2010 - French/Français (HKLM-x32\...\Office14.OMUI.fr-fr) (Version: 14.0.6029.1000 - Microsoft Corporation)
Microsoft Office Live Meeting 2007 (HKLM-x32\...\{AC388C78-2619-452C-BFBE-FABCC3194387}) (Version: 8.0.6362.149 - Microsoft Corporation)
Microsoft Office O MUI (French) 2010 (x32 Version: 14.0.6029.1000 - Microsoft Corporation) Hidden
Microsoft Office Office 64-bit Components 2010 (Version: 14.0.6029.1000 - Microsoft Corporation) Hidden
Microsoft Office OneNote MUI (English) 2010 (x32 Version: 14.0.6029.1000 - Microsoft Corporation) Hidden
Microsoft Office OneNote MUI (French) 2010 (x32 Version: 14.0.6029.1000 - Microsoft Corporation) Hidden
Microsoft Office Outlook MUI (English) 2010 (x32 Version: 14.0.6029.1000 - Microsoft Corporation) Hidden
Microsoft Office Outlook MUI (French) 2010 (x32 Version: 14.0.6029.1000 - Microsoft Corporation) Hidden
Microsoft Office PowerPoint MUI (English) 2010 (x32 Version: 14.0.6029.1000 - Microsoft Corporation) Hidden
Microsoft Office PowerPoint MUI (French) 2010 (x32 Version: 14.0.6029.1000 - Microsoft Corporation) Hidden
Microsoft Office Professional Plus 2010 (HKLM-x32\...\Office14.PROPLUS) (Version: 14.0.6029.1000 - Microsoft Corporation)
Microsoft Office Professional Plus 2010 (x32 Version: 14.0.6029.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (Arabic) 2010 (x32 Version: 14.0.6029.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (Dutch) 2010 (x32 Version: 14.0.6029.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (English) 2010 (x32 Version: 14.0.6029.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (French) 2010 (x32 Version: 14.0.6029.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (German) 2010 (x32 Version: 14.0.6029.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (Spanish) 2010 (x32 Version: 14.0.6029.1000 - Microsoft Corporation) Hidden
Microsoft Office Proofing (English) 2010 (x32 Version: 14.0.6029.1000 - Microsoft Corporation) Hidden
Microsoft Office Proofing (French) 2010 (x32 Version: 14.0.6029.1000 - Microsoft Corporation) Hidden
Microsoft Office Publisher MUI (English) 2010 (x32 Version: 14.0.6029.1000 - Microsoft Corporation) Hidden
Microsoft Office Publisher MUI (French) 2010 (x32 Version: 14.0.6029.1000 - Microsoft Corporation) Hidden
Microsoft Office Shared 64-bit MUI (English) 2010 (Version: 14.0.6029.1000 - Microsoft Corporation) Hidden
Microsoft Office Shared 64-bit MUI (French) 2010 (Version: 14.0.6029.1000 - Microsoft Corporation) Hidden
Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2010 (Version: 14.0.6029.1000 - Microsoft Corporation) Hidden
Microsoft Office Shared MUI (English) 2010 (x32 Version: 14.0.6029.1000 - Microsoft Corporation) Hidden
Microsoft Office Shared MUI (French) 2010 (x32 Version: 14.0.6029.1000 - Microsoft Corporation) Hidden
Microsoft Office Shared Setup Metadata MUI (English) 2010 (x32 Version: 14.0.6029.1000 - Microsoft Corporation) Hidden
Microsoft Office SharePoint Designer MUI (French) 2010 (x32 Version: 14.0.6029.1000 - Microsoft Corporation) Hidden
Microsoft Office Visio Viewer 2007 (HKLM-x32\...\{95120000-0052-040C-0000-0000000FF1CE}) (Version: 12.0.6612.1000 - Microsoft Corporation)
Microsoft Office Word MUI (English) 2010 (x32 Version: 14.0.6029.1000 - Microsoft Corporation) Hidden
Microsoft Office Word MUI (French) 2010 (x32 Version: 14.0.6029.1000 - Microsoft Corporation) Hidden
Microsoft Office X MUI (French) 2010 (x32 Version: 14.0.6029.1000 - Microsoft Corporation) Hidden
Microsoft SharePoint Designer 2010 Service Pack 1 (SP1) (x32 Version:  - Microsoft) Hidden
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.10411.0 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{6ce5bae9-d3ca-4b99-891a-1dc6c118a5fc}) (Version: 8.0.59192 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual J# 2.0 Redistributable Package - SE (x64) (HKLM\...\Microsoft Visual J# 2.0 Redistributable Package - SE (x64)) (Version:  - Microsoft Corporation)
Microsoft Visual J# 2.0 Redistributable Package - SE (x64) (Version: 2.0.50728 - Microsoft Corporation) Hidden
MobaXterm (HKLM-x32\...\{559EEDF2-9FDF-4524-BB3A-C69297E3BA75}) (Version: 6.5.0.0 - Mobatek)
Mozilla Firefox 30.0 (x86 fr) (HKLM-x32\...\Mozilla Firefox 30.0 (x86 fr)) (Version: 30.0 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 29.0.1 - Mozilla)
O2Micro Flash Memory Card Windows Driver (HKLM-x32\...\InstallShield_{6DC8AD9A-28D0-4800-818D-61667A971ED1}) (Version: 3.0.07.37 - O2Micro International LTD.)
O2Micro Flash Memory Card Windows Driver (x32 Version: 3.0.07.37 - O2Micro International LTD.) Hidden
Outil de téléchargement Windows Live (HKLM-x32\...\{205C6BDD-7B73-42DE-8505-9A093F35A238}) (Version: 14.0.8014.1029 - Microsoft Corporation)
Renesas Electronics USB 3.0 Host Controller Driver (HKLM-x32\...\InstallShield_{5442DAB8-7177-49E1-8B22-09A049EA5996}) (Version: 2.0.30.0 - Renesas Electronics Corporation)
Renesas Electronics USB 3.0 Host Controller Driver (x32 Version: 2.0.30.0 - Renesas Electronics Corporation) Hidden
SkillSoft Course Manager (HKLM-x32\...\SkillSoft Course Manager) (Version:  - )
Skype™ 6.16 (HKLM-x32\...\{7A3C7E05-EE37-47D6-99E1-2EB05A3DA3F7}) (Version: 6.16.105 - Skype Technologies S.A.)
SMS Client Setup Bootstrap (x32 Version: 4.00.6487.2000 - Microsoft Corporation) Hidden
Sophos SafeGuard 5.50.8 Client (HKLM\...\{6267109C-50D2-4667-9FF6-03FB9A94A771}) (Version: 5.50.8.13 - Sophos Plc)
Sophos SafeGuard 5.50.8 Client Configuration (HKLM-x32\...\{AE0661BF-1AD5-4F87-B2E2-113644478453}) (Version: 5.50.8.13 - Sophos Plc)
Sophos SafeGuard Preinstall 5.50.8 (HKLM-x32\...\{CDBAAE82-1725-4BDF-9770-69EA174318F1}) (Version: 5.50.8.13 - Sophos Plc)
ST Microelectronics 3 Axis Digital Accelerometer Solution (HKLM-x32\...\{9C24F411-9CA7-4A8A-91F3-F08A4A38EB31}) (Version: 4.10.0030 - ST Microelectronics)
Star wars Battlefront II version 1.3 (HKLM-x32\...\{2EF34761-F147-4984-8AF1-BB9F8DA76CDD}_is1) (Version: 1.3 - )
StarCraft II (HKLM-x32\...\StarCraft II) (Version:  - Blizzard Entertainment)
Thief - Deadly Shadows (HKLM-x32\...\{FC123EEA-330A-4685-911C-95B8F5E9DE68}) (Version: 1.0 - )
unincar (HKLM-x32\...\{eb4c7b00-66dd-43cc-6fd4-201961863adc}) (Version: 1.0.0 - citgen)
Update for Microsoft .NET Framework 4 Client Profile (KB2468871) (HKLM-x32\...\{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}.KB2468871) (Version: 1 - Microsoft Corporation)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523) (HKLM-x32\...\{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}.KB2533523) (Version: 1 - Microsoft Corporation)
Update for Microsoft .NET Framework 4 Client Profile (KB2600217) (HKLM-x32\...\{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}.KB2600217) (Version: 1 - Microsoft Corporation)
Update for Microsoft .NET Framework 4 Client Profile (KB2836939) (HKLM-x32\...\{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}.KB2836939) (Version: 1 - Microsoft Corporation)
Update for Microsoft .NET Framework 4 Client Profile (KB2836939v3) (HKLM-x32\...\{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}.KB2836939v3) (Version: 3 - Microsoft Corporation)
Update for Microsoft .NET Framework 4 Extended (KB2468871) (HKLM-x32\...\{8E34682C-8118-31F1-BC4C-98CD9675E1C2}.KB2468871) (Version: 1 - Microsoft Corporation)
Update for Microsoft .NET Framework 4 Extended (KB2533523) (HKLM-x32\...\{8E34682C-8118-31F1-BC4C-98CD9675E1C2}.KB2533523) (Version: 1 - Microsoft Corporation)
Update for Microsoft .NET Framework 4 Extended (KB2600217) (HKLM-x32\...\{8E34682C-8118-31F1-BC4C-98CD9675E1C2}.KB2600217) (Version: 1 - Microsoft Corporation)
Update for Microsoft .NET Framework 4 Extended (KB2836939) (HKLM-x32\...\{8E34682C-8118-31F1-BC4C-98CD9675E1C2}.KB2836939) (Version: 1 - Microsoft Corporation)
Update for Microsoft .NET Framework 4 Extended (KB2836939v3) (HKLM-x32\...\{8E34682C-8118-31F1-BC4C-98CD9675E1C2}.KB2836939v3) (Version: 3 - Microsoft Corporation)
Update for Microsoft Office 2010 (KB2553065) (HKLM-x32\...\{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{A8686D24-1E89-43A1-973E-05A258D2B3F8}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2553092) (HKLM-x32\...\{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{7AC49FC8-F8D2-4DD8-9086-09E52385A21F}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2553181) 32-Bit Edition (HKLM-x32\...\{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{48E1B6C2-7299-4F3F-AA63-42F0ACE55AA4}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2553267) 32-Bit Edition (HKLM-x32\...\{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{18B3CF2A-73F7-4716-B1AE-86D68726D408}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2553270) 32-Bit Edition (HKLM-x32\...\{90140000-001F-0413-0000-0000000FF1CE}_Office14.OMUI.fr-fr_{AC5C66AB-7561-4D7E-9EAD-0204DE4EEC9B}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2553310) 32-Bit Edition (HKLM-x32\...\{90140000-006E-0409-0000-0000000FF1CE}_Office14.PROPLUS_{73E67A3A-8D61-44EF-90C2-1697C3DBE668}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2553310) 32-Bit Edition (HKLM-x32\...\{90140000-006E-040C-0000-0000000FF1CE}_Office14.OMUI.fr-fr_{B9A75D61-A9B7-452A-9FFB-BA8AC6697C99}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2553378) 32-Bit Edition (HKLM-x32\...\{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{14B7142F-D7E2-4FB0-9E3B-7CAA8D7FFC56}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2553378) 32-Bit Edition (HKLM-x32\...\{90140000-0100-040C-0000-0000000FF1CE}_Office14.OMUI.fr-fr_{14B7142F-D7E2-4FB0-9E3B-7CAA8D7FFC56}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2566458) (HKLM-x32\...\{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{EFB525A0-E1C0-4E32-9968-FE401BC87363}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2596964) 32-Bit Edition (HKLM-x32\...\{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{ED31DE9A-3E13-4E2C-9106-E0D8AFFB9FA6}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2598242) 32-Bit Edition (HKLM-x32\...\{90140000-001F-0401-0000-0000000FF1CE}_Office14.OMUI.fr-fr_{9A584D01-C70A-4626-95C9-AEAADD9056CF}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2598242) 32-Bit Edition (HKLM-x32\...\{90140000-001F-0407-0000-0000000FF1CE}_Office14.OMUI.fr-fr_{007CC0F3-15DE-426D-95B5-B019FCEF58CE}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2598242) 32-Bit Edition (HKLM-x32\...\{90140000-001F-0409-0000-0000000FF1CE}_Office14.OMUI.fr-fr_{C4F26A9B-B121-4135-8084-A0D9C780C7C8}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2598242) 32-Bit Edition (HKLM-x32\...\{90140000-001F-0409-0000-0000000FF1CE}_Office14.PROPLUS_{C4F26A9B-B121-4135-8084-A0D9C780C7C8}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2598242) 32-Bit Edition (HKLM-x32\...\{90140000-001F-040C-0000-0000000FF1CE}_Office14.OMUI.fr-fr_{460FF681-BC66-4C38-99DF-7012E03F1EBA}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2598242) 32-Bit Edition (HKLM-x32\...\{90140000-001F-040C-0000-0000000FF1CE}_Office14.PROPLUS_{460FF681-BC66-4C38-99DF-7012E03F1EBA}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2598242) 32-Bit Edition (HKLM-x32\...\{90140000-001F-0C0A-0000-0000000FF1CE}_Office14.OMUI.fr-fr_{C633216E-FF30-45B6-B2AB-21922A9353EF}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2598242) 32-Bit Edition (HKLM-x32\...\{90140000-001F-0C0A-0000-0000000FF1CE}_Office14.PROPLUS_{C633216E-FF30-45B6-B2AB-21922A9353EF}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2687503) 32-Bit Edition (HKLM-x32\...\{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{B1FA5E8C-2342-45AF-8A62-5E860042F8DF}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2687509) 32-Bit Edition (HKLM-x32\...\{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{1CBEDB37-C438-473F-8BA0-2535B0D237E2}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2687509) 32-Bit Edition (HKLM-x32\...\{90140000-002A-0000-1000-0000000FF1CE}_Office14.PROPLUS_{1CBEDB37-C438-473F-8BA0-2535B0D237E2}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2760631) 32-Bit Edition (HKLM-x32\...\{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{35698CB7-AAA2-4577-B505-DBFF504AEF23}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2767886) 32-Bit Edition (HKLM-x32\...\{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{9CFD026D-EB1C-48C2-9DD2-8E8875F251B2}) (Version:  - Microsoft)
Update for Microsoft OneNote 2010 (KB2553290) 32-Bit Edition (HKLM-x32\...\{90140000-00A1-0409-0000-0000000FF1CE}_Office14.PROPLUS_{9865DC3A-2898-48D9-B96A-46397571C934}) (Version:  - Microsoft)
Update for Microsoft OneNote 2010 (KB2553290) 32-Bit Edition (HKLM-x32\...\{90140000-00A1-040C-0000-0000000FF1CE}_Office14.OMUI.fr-fr_{FD88F03A-5684-4BF7-A01F-8514F8D3CB59}) (Version:  - Microsoft)
Update for Microsoft Outlook 2010 (KB2597090) 32-Bit Edition (HKLM-x32\...\{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{F1CBE095-403D-466D-BB13-B185A5F33231}) (Version:  - Microsoft)
Update for Microsoft Outlook 2010 (KB2687623) 32-Bit Edition (HKLM-x32\...\{90140000-001A-0409-0000-0000000FF1CE}_Office14.PROPLUS_{47894754-0FEC-4920-9A65-6C1E732587AC}) (Version:  - Microsoft)
Update for Microsoft Outlook 2010 (KB2687623) 32-Bit Edition (HKLM-x32\...\{90140000-001A-040C-0000-0000000FF1CE}_Office14.OMUI.fr-fr_{C7CC374E-D4BF-4820-858D-2327FB924177}) (Version:  - Microsoft)
Update for Microsoft Outlook Social Connector 2010 (KB2553406) 32-Bit Edition (HKLM-x32\...\{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{BC6DFBFD-16DD-47E1-A7EF-2C062930FA4F}) (Version:  - Microsoft)
Update for Microsoft Outlook Social Connector 2010 (KB2553406) 32-Bit Edition (HKLM-x32\...\{90140000-001A-0409-0000-0000000FF1CE}_Office14.PROPLUS_{1EEFF749-6F29-4F0B-AB08-4C6EA52AA110}) (Version:  - Microsoft)
Update for Microsoft Outlook Social Connector 2010 (KB2553406) 32-Bit Edition (HKLM-x32\...\{90140000-001A-040C-0000-0000000FF1CE}_Office14.OMUI.fr-fr_{7EB5858D-D86C-4081-BA4E-B2BFA32A6760}) (Version:  - Microsoft)
Update for Microsoft PowerPoint 2010 (KB2598240) 32-Bit Edition (HKLM-x32\...\{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{6B6DDDCE-B456-4FE1-9A07-DBC1708E4158}) (Version:  - Microsoft)
Update for Microsoft SharePoint Designer 2010 (KB2553459) 32-Bit Edition (HKLM-x32\...\{90140000-0017-040C-0000-0000000FF1CE}_Office14.OMUI.fr-fr_{8D6F6314-5740-4E66-8371-2F0849A2B460}) (Version:  - Microsoft)
Update for Microsoft SharePoint Workspace 2010 (KB2589371) 32-Bit Edition (HKLM-x32\...\{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{5DA2D071-A54C-47C0-83E5-43C63DBFD936}) (Version:  - Microsoft)
Update for Microsoft SharePoint Workspace 2010 (KB2589371) 32-Bit Edition (HKLM-x32\...\{90140000-002A-0000-1000-0000000FF1CE}_Office14.PROPLUS_{5DA2D071-A54C-47C0-83E5-43C63DBFD936}) (Version:  - Microsoft)
VLC media player 2.0.7 (HKLM-x32\...\VLC media player) (Version: 2.0.7 - VideoLAN)
VMware vSphere Client 5.1 (HKLM-x32\...\{09DC364B-A77A-49A0-972B-E43F0DACC5E3}) (Version: 5.1.0.2669 - VMware, Inc.)
WIDCOMM Bluetooth Software (HKLM\...\{A1439D4F-FD46-47F2-A1D3-FEE097C29A09}) (Version: 6.5.1.2410 - Broadcom Corporation)
Win7codecs (HKLM-x32\...\{8C0CAA7A-3272-4991-A808-2C7559DE3409}) (Version: 2.8.8 - Shark007)
WinRAR 5.00 beta 8 (64-bit) (HKLM\...\WinRAR archiver) (Version: 5.00.8 - win.rar GmbH)
WinSCP 5.1.5 (HKLM-x32\...\winscp3_is1) (Version: 5.1.5 - Martin Prikryl)
Wireless AutoSwitch XPV (HKLM-x32\...\{F5D6C337-165E-4B6E-A58E-633FFCA35D2D}) (Version: 1.5.5 - Sase Sham, Inc.)
x64 Components v2.9.1 (HKLM\...\x64 Components_is1) (Version: 2.9.1 - Shark007)

==================== Restore Points  =========================

07-06-2014 18:16:24 Configuré IDT Audio
11-06-2014 13:47:31 Windows Update
13-06-2014 18:17:31 ComboFix created restore point
14-06-2014 23:02:23 Installed Java 7 Update 60
14-06-2014 23:04:47 Installed Java 7 Update 60 (64-bit)
14-06-2014 23:12:29 Windows Update

==================== Hosts content: ==========================

2009-07-13 22:34 - 2014-06-14 19:15 - 00000027 ____A C:\Windows\system32\Drivers\etc\hosts
127.0.0.1       localhost

==================== Scheduled Tasks (whitelisted) =============

Task: {42BBDA2A-FFBB-4677-8846-89E6BAF40F66} - System32\Tasks\Dell\Client System Update => C:\Program Files (x86)\Dell\ClientSystemUpdate\DellClientSystemUpdate.exe [2012-10-11] (Dell Inc.)

==================== Loaded Modules (whitelisted) =============

2011-10-19 07:45 - 2009-11-05 08:40 - 00085504 _____ () C:\Windows\System32\cpwmon64.dll
2012-12-06 14:38 - 2003-04-18 19:06 - 00008192 _____ () C:\Windows\SysWOW64\srvany.exe
2011-08-31 20:07 - 2011-08-31 20:07 - 00145728 _____ () C:\Program Files (x86)\McAfee\VirusScan Enterprise\x64\VsEvntUI.dll
2011-03-17 00:07 - 2011-03-17 00:07 - 04297568 _____ () C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Cultures\OFFICE.ODF
2010-10-14 22:13 - 2010-10-14 22:13 - 00223744 _____ () C:\Windows\system32\SPTBASEN.dll
2014-05-01 01:55 - 2014-05-01 01:55 - 00137728 _____ () C:\Users\manuel.goulet\AppData\Roaming\unincar\cumadis.dll
2010-10-14 22:11 - 2010-10-14 22:11 - 00167936 ____R () C:\Program Files (x86)\Sophos\SafeGuard Enterprise\Client\SPTBASEN.dll
2011-03-04 13:49 - 2011-03-04 13:49 - 00202752 _____ () C:\Program Files (x86)\Cisco Systems\VPN Client\vpnapi.dll
2007-04-18 20:30 - 2007-04-18 20:30 - 00393216 _____ () C:\Program Files (x86)\McAfee\Common Framework\cryptocme2.dll
2007-04-18 20:30 - 2007-04-18 20:30 - 00471040 _____ () C:\Program Files (x86)\McAfee\Common Framework\ccme_base.dll
2011-05-19 16:05 - 2011-05-19 16:05 - 00070976 _____ () C:\Program Files (x86)\McAfee\Common Framework\boost_thread-vc80-mt-1_32.dll
2011-08-31 20:07 - 2011-08-31 20:07 - 00148800 _____ () C:\Program Files (x86)\McAfee\VirusScan Enterprise\VsEvntUI.dll
2010-10-14 22:11 - 2010-10-14 22:11 - 00167936 _____ () C:\Windows\SysWOW64\SPTBASEN.dll
2011-03-17 00:11 - 2011-03-17 00:11 - 04297568 _____ () C:\Program Files (x86)\Common Files\microsoft shared\OFFICE14\Cultures\OFFICE.ODF
2013-06-05 11:43 - 2013-06-05 11:43 - 00172544 _____ () C:\Windows\assembly\NativeImages_v2.0.50727_32\IsdiInterop\4a95e57f496b639719d700b5d5758800\IsdiInterop.ni.dll
2012-12-06 14:51 - 2012-05-30 14:55 - 00059904 _____ () C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IsdiInterop.dll
2012-12-06 15:19 - 2012-07-18 12:55 - 01198912 _____ () C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\ACE.dll
2014-06-10 20:38 - 2014-06-10 20:38 - 03852912 _____ () C:\Program Files (x86)\Mozilla Firefox\mozjs.dll
2014-05-01 01:54 - 2014-05-01 01:54 - 00116736 _____ () C:\Users\manuel.goulet\AppData\Roaming\unincar\adcoing.dll

==================== Alternate Data Streams (whitelisted) =========


==================== Safe Mode (whitelisted) ===================

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\McAfeeEngineService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\SGNAuthService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\atashost => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfefire => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfefirek => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfefirek.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfehidk => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfehidk.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfevtp => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\SGNAuthService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Wdf01000.sys => ""="Driver"

==================== EXE Association (whitelisted) =============


==================== MSCONFIG/TASK MANAGER disabled items =========

MSCONFIG\startupfolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Bluetooth.lnk => C:\Windows\pss\Bluetooth.lnk.CommonStartup
MSCONFIG\startupfolder: C:^Users^manuel.goulet^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^OneNote 2010 - Capture d’écran et lancement.lnk => C:\Windows\pss\OneNote 2010 - Capture d’écran et lancement.lnk.Startup
MSCONFIG\startupreg: Adobe ARM => "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
MSCONFIG\startupreg: Apoint => C:\Program Files\DellTPad\Apoint.exe
MSCONFIG\startupreg: BCSSync => "C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe" /DelayServices
MSCONFIG\startupreg: Cache Cleaner => "C:\Users\manuel.goulet\AppData\Roaming\Juniper Networks\Host Checker\dsCCProc.exe" -action delete
MSCONFIG\startupreg: DAEMON Tools Lite => "C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe" -autorun
MSCONFIG\startupreg: FreeFallProtection => C:\Program Files (x86)\STMicroelectronics\AccelerometerP11\FF_Protection.exe
MSCONFIG\startupreg: HotKeysCmds => C:\Windows\system32\hkcmd.exe
MSCONFIG\startupreg: IAStorIcon => C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIconLaunch.exe "C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe" 60
MSCONFIG\startupreg: IgfxTray => C:\Windows\system32\igfxtray.exe
MSCONFIG\startupreg: IMSS => "C:\Program Files (x86)\Intel\Intel® Management Engine Components\IMSS\PIconStartup.exe"
MSCONFIG\startupreg: MSC => "C:\Program Files\Microsoft Security Client\msseces.exe" -hide -runkey
MSCONFIG\startupreg: NUSB3MON => "C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe"
MSCONFIG\startupreg: Persistence => C:\Windows\system32\igfxpers.exe
MSCONFIG\startupreg: SGNMasterApplication => C:\Program Files (x86)\Sophos\SafeGuard Enterprise\Client\SGNMaster.exe
MSCONFIG\startupreg: SunJavaUpdateSched => "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
MSCONFIG\startupreg: SysTrayApp => C:\Program Files\IDT\WDM\sttray64.exe
MSCONFIG\startupreg: USB3MON => "C:\Program Files (x86)\Intel\Intel® USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe"

==================== Faulty Device Manager Devices =============

Name: Dell Wireless 1504 802.11b/g/n (2.4GHz)
Description: Dell Wireless 1504 802.11b/g/n (2.4GHz)
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Broadcom
Service: BCM43XX
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.

Name: Cisco Systems VPN Adapter for 64-bit Windows
Description: Cisco Systems VPN Adapter for 64-bit Windows
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Cisco Systems
Service: CVirtA
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.


==================== Event log errors: =========================

Application errors:
==================
Error: (06/15/2014 00:32:14 AM) (Source: SideBySide) (EventID: 80) (User: )
Description: La création du contexte d’activation a échoué pour « C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest1 ». Erreur dans le fichier de manifeste ou de stratégie « C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest2 » à la ligne C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest3.
Une version de composant nécessaire à l’application est en conflit avec une autre version de composant déjà active.
Les composants en conflit sont :
Composant 1 : C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.
Composant 2 : C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.

Error: (06/14/2014 09:09:05 PM) (Source: SideBySide) (EventID: 80) (User: )
Description: La création du contexte d’activation a échoué pour « C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest1 ». Erreur dans le fichier de manifeste ou de stratégie « C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest2 » à la ligne C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest3.
Une version de composant nécessaire à l’application est en conflit avec une autre version de composant déjà active.
Les composants en conflit sont :
Composant 1 : C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.
Composant 2 : C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.

Error: (06/14/2014 07:17:51 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (06/14/2014 07:08:44 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003


System errors:
=============
Error: (06/15/2014 03:17:30 AM) (Source: NETLOGON) (EventID: 5719) (User: )
Description: Cet ordinateur n’a pas pu configurer une session sécurisée avec un contrôleur
de domaine dans le domaine CNEDOM pour la raison suivante :
%%1311

Cela peut entraîner des problèmes d’authentification. Vérifiez que cet
ordinateur est connecté au réseau. Si le problème persiste,
contactez votre administrateur de domaine.



INFORMATIONS SUPPLÉMENTAIRES

Si cet ordinateur est un contrôleur de domaine pour le domaine spécifié, il
installe la session sécurisée sur l’émulateur de contrôleur de domaine principal dans le domaine
spécifié. Sinon, cet ordinateur installe la session sécurisée sur n’importe quel contrôleur de domaine
du domaine spécifié.

Error: (06/14/2014 11:17:30 PM) (Source: NETLOGON) (EventID: 5719) (User: )
Description: Cet ordinateur n’a pas pu configurer une session sécurisée avec un contrôleur
de domaine dans le domaine CNEDOM pour la raison suivante :
%%1311

Cela peut entraîner des problèmes d’authentification. Vérifiez que cet
ordinateur est connecté au réseau. Si le problème persiste,
contactez votre administrateur de domaine.



INFORMATIONS SUPPLÉMENTAIRES

Si cet ordinateur est un contrôleur de domaine pour le domaine spécifié, il
installe la session sécurisée sur l’émulateur de contrôleur de domaine principal dans le domaine
spécifié. Sinon, cet ordinateur installe la session sécurisée sur n’importe quel contrôleur de domaine
du domaine spécifié.

Error: (06/14/2014 07:20:45 PM) (Source: DCOM) (EventID: 10016) (User: AUTORITE NT)
Description: spécifiques à l’applicationLocalExécution{24FF4FDC-1D9F-4195-8C79-0DA39248FF48}{B292921D-AF50-400C-9B75-0C57A7F29BA1}AUTORITE NTSystèmeS-1-5-18LocalHost (utilisation de LRPC)

Error: (06/14/2014 07:18:47 PM) (Source: Microsoft-Windows-GroupPolicy) (EventID: 1129) (User: CNEDOM)
Description: Échec du traitement de la stratégie de groupe en raison d’une absence de connectivité réseau vers un contrôleur de domaine. Il peut s’agir d’un problème temporaire. Un message de réussite est généré une fois que l’ordinateur est connecté au contrôleur de domaine et que la stratégie de groupe est correctement traitée. Si aucun message de réussite ne s’affiche pendant plusieurs heures, contactez votre administrateur.

Error: (06/14/2014 07:17:53 PM) (Source: Microsoft-Windows-GroupPolicy) (EventID: 1129) (User: AUTORITE NT)
Description: Échec du traitement de la stratégie de groupe en raison d’une absence de connectivité réseau vers un contrôleur de domaine. Il peut s’agir d’un problème temporaire. Un message de réussite est généré une fois que l’ordinateur est connecté au contrôleur de domaine et que la stratégie de groupe est correctement traitée. Si aucun message de réussite ne s’affiche pendant plusieurs heures, contactez votre administrateur.

Error: (06/14/2014 07:17:23 PM) (Source: Service Control Manager) (EventID: 7006) (User: )
Description: L’appel ScRegSetValueExW a échoué pour Security avec l’erreur :
%%5

Error: (06/14/2014 07:17:17 PM) (Source: Service Control Manager) (EventID: 7006) (User: )
Description: L’appel ScRegSetValueExW a échoué pour Security avec l’erreur :
%%5

Error: (06/14/2014 07:17:18 PM) (Source: NETLOGON) (EventID: 5719) (User: )
Description: Cet ordinateur n’a pas pu configurer une session sécurisée avec un contrôleur
de domaine dans le domaine CNEDOM pour la raison suivante :
%%1311

Cela peut entraîner des problèmes d’authentification. Vérifiez que cet
ordinateur est connecté au réseau. Si le problème persiste,
contactez votre administrateur de domaine.



INFORMATIONS SUPPLÉMENTAIRES

Si cet ordinateur est un contrôleur de domaine pour le domaine spécifié, il
installe la session sécurisée sur l’émulateur de contrôleur de domaine principal dans le domaine
spécifié. Sinon, cet ordinateur installe la session sécurisée sur n’importe quel contrôleur de domaine
du domaine spécifié.

Error: (06/14/2014 07:11:38 PM) (Source: DCOM) (EventID: 10016) (User: AUTORITE NT)
Description: spécifiques à l’applicationLocalExécution{24FF4FDC-1D9F-4195-8C79-0DA39248FF48}{B292921D-AF50-400C-9B75-0C57A7F29BA1}AUTORITE NTSystèmeS-1-5-18LocalHost (utilisation de LRPC)

Error: (06/14/2014 07:09:22 PM) (Source: Microsoft-Windows-GroupPolicy) (EventID: 1129) (User: CNEDOM)
Description: Échec du traitement de la stratégie de groupe en raison d’une absence de connectivité réseau vers un contrôleur de domaine. Il peut s’agir d’un problème temporaire. Un message de réussite est généré une fois que l’ordinateur est connecté au contrôleur de domaine et que la stratégie de groupe est correctement traitée. Si aucun message de réussite ne s’affiche pendant plusieurs heures, contactez votre administrateur.


Microsoft Office Sessions:
=========================
Error: (06/15/2014 00:32:14 AM) (Source: SideBySide) (EventID: 80) (User: )
Description: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifestC:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifestc:\program files (x86)\ESET\eset online scanner\ESETSmartInstaller.exe

Error: (06/14/2014 09:09:05 PM) (Source: SideBySide) (EventID: 80) (User: )
Description: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifestC:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifestc:\program files (x86)\ESET\eset online scanner\ESETSmartInstaller.exe

Error: (06/14/2014 07:17:51 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (06/14/2014 07:08:44 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003


CodeIntegrity Errors:
===================================
  Date: 2014-06-06 10:01:41.617
  Description: Windows ne peut pas vérifier l’intégrité d’image du fichier \Device\HarddiskVolume2\ComboFix\catchme.sys, car le fichier à hacher est introuvable sur le système. Une modification matérielle ou logicielle récente a peut-être installé un fichier incorrectement signé ou endommagé ou il s’agit éventuellement d’un logiciel malveillant d’une source inconnue.

  Date: 2014-06-06 10:01:41.577
  Description: Windows ne peut pas vérifier l’intégrité d’image du fichier \Device\HarddiskVolume2\ComboFix\catchme.sys, car le fichier à hacher est introuvable sur le système. Une modification matérielle ou logicielle récente a peut-être installé un fichier incorrectement signé ou endommagé ou il s’agit éventuellement d’un logiciel malveillant d’une source inconnue.


==================== Memory info ===========================

Percentage of memory in use: 62%
Total physical RAM: 3969.22 MB
Available physical RAM: 1488.47 MB
Total Pagefile: 7936.62 MB
Available Pagefile: 5306.38 MB
Total Virtual: 8192 MB
Available Virtual: 8191.82 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:156.2 GB) (Free:106.82 GB) NTFS
Drive d: (Data) (Fixed) (Total:309.21 GB) (Free:249.7 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 466 GB) (Disk ID: 2C6C9F73)
Partition 1: (Active) - (Size=356 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=156 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=309 GB) - (Type=07 NTFS)

==================== End Of Log ============================

 

 

 

 

 
 
 
 
Farbar Recovery Scan Tool (x64) Version: 12-06-2014 02
Ran by Manuel.Goulet at 2014-06-15 07:13:47
Running from C:\Users\manuel.goulet\Downloads
Boot Mode: Normal

================== Search Files: "rpcss.dll" =============

C:\Windows\winsxs\amd64_microsoft-windows-com-base-qfe-rpcss_31bf3856ad364e35_6.1.7601.17514_none_c7f0e16b547f887d\rpcss.dll
[2010-11-20 23:24][2010-11-20 23:24] 0512000 ____A (Microsoft Corporation) 5C627D1B1138676C0A7AB2C2C190D123 [File is signed]

C:\Windows\System32\rpcss.dll
[2010-11-20 23:24][2010-11-20 23:24] 0512000 ____A (Microsoft Corporation) 5C627D1B1138676C0A7AB2C2C190D123 [File is signed]

C:\Windows\erdnt\cache64\rpcss.dll
[2014-06-06 10:25][2010-11-20 23:24] 0512000 ____A (Microsoft Corporation) 5C627D1B1138676C0A7AB2C2C190D123 [File is signed]

====== End Of Search ======


Edited by Wave81, 15 June 2014 - 06:29 AM.


#4 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:06:49 AM

Posted 15 June 2014 - 02:17 PM


Hello Wave81

I Would like you to do the following.

Please print out or make a copy in notepad of any instructions given, as sometimes it is necessary to go offline and you will lose access to them.

Run Combofix:

You may be asked to install or update the Recovery Console (Win XP Only) if this happens please allow it to do so (you will need to be connected to the internet for this)

Before you run Combofix I will need you to turn off any security software you have running, If you do not know how to do this you can find out >here< or >here<

Combofix may need to reboot your computer more than once to do its job this is normal.

You can download Combofix from one of these links. I want you to save it to the desktop and run it from there.1. Close any open browsers or any other programs that are open.
2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

Double click on combofix.exe & follow the prompts.
When finished, it will produce a report for you.

Note 1: Do not mouseclick combofix's window while it's running. That may cause it to stall

Note 2: If you receive an error "Illegal operation attempted on a registry key that has been marked for deletion." Please restart the computer

"information and logs"
  • In your next post I need the following
  • Log from Combofix
  • let me know of any problems you may have had
  • How is the computer doing now?
Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#5 Wave81

Wave81
  • Topic Starter

  • Members
  • 17 posts
  • OFFLINE
  •  
  • Local time:06:49 AM

Posted 15 June 2014 - 09:05 PM

Hi,

 

I had no problem by running combofix. I activated my speaker and I will let leave it like this for two hours.

 

 

here is the log :

 

thank you !

 

 

 

 

ComboFix 14-06-13.01 - Manuel.Goulet 2014-06-15  21:51:05.3.4 - x64
Microsoft Windows 7 Entreprise   6.1.7601.1.1252.2.1036.18.3969.2346 [GMT -4:00]
Lancé depuis: c:\users\manuel.goulet\Downloads\ComboFix.exe
AV: McAfee VirusScan Enterprise *Disabled/Updated* {86355677-4064-3EA7-ABB3-1B136EB04637}
FW: McAfee Pare-feu Host Intrusion Prevention *Enabled* {959DA8E2-3527-57D1-4915-924367AD4FE9}
SP: McAfee VirusScan Enterprise Antispyware Module *Disabled/Updated* {3D54B793-665E-3129-9103-206115370C8A}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
(((((((((((((((((((((((((((((   Fichiers créés du 2014-05-16 au 2014-06-16  ))))))))))))))))))))))))))))))))))))
.
.
2014-06-16 01:55 . 2014-06-16 01:55    --------    d-----w-    c:\users\Default\AppData\Local\temp
2014-06-16 01:55 . 2014-06-16 01:55    --------    d-----w-    c:\users\CGISAG\AppData\Local\temp
2014-06-16 01:55 . 2014-06-16 01:55    --------    d-----w-    c:\users\CGI\AppData\Local\temp
2014-06-15 11:07 . 2014-06-15 11:10    --------    d-----w-    C:\FRST
2014-06-15 00:31 . 2014-06-16 01:51    75888    ----a-w-    c:\programdata\Microsoft\Windows Defender\Definition Updates\{F45CA000-B459-4FC6-891D-946D215CA9AC}\offreg.dll
2014-06-15 00:14 . 2014-05-20 05:18    10702536    ----a-w-    c:\programdata\Microsoft\Windows Defender\Definition Updates\{F45CA000-B459-4FC6-891D-946D215CA9AC}\mpengine.dll
2014-06-14 23:14 . 2014-04-29 14:33    1638912    ----a-w-    c:\windows\system32\mshtml.tlb
2014-06-14 23:14 . 2014-04-29 14:01    1638912    ----a-w-    c:\windows\SysWow64\mshtml.tlb
2014-06-14 23:14 . 2014-04-29 17:18    9076224    ----a-w-    c:\windows\system32\mshtml.dll
2014-06-14 23:05 . 2014-06-14 23:05    313256    ----a-w-    c:\windows\system32\javaws.exe
2014-06-14 23:05 . 2014-06-14 23:05    111016    ----a-w-    c:\windows\system32\WindowsAccessBridge-64.dll
2014-06-14 23:05 . 2014-06-14 23:05    189352    ----a-w-    c:\windows\system32\javaw.exe
2014-06-14 23:05 . 2014-06-14 23:05    189352    ----a-w-    c:\windows\system32\java.exe
2014-06-14 23:05 . 2014-06-14 23:05    --------    d-----w-    c:\program files\Java
2014-06-14 23:04 . 2014-06-14 23:04    --------    d-----w-    c:\program files (x86)\Common Files\Java
2014-06-14 23:03 . 2014-06-14 23:03    98216    ----a-w-    c:\windows\SysWow64\WindowsAccessBridge-32.dll
2014-06-14 22:55 . 2014-06-14 22:55    --------    d-----w-    c:\program files (x86)\Common Files\Adobe
2014-06-14 16:59 . 2014-06-14 16:59    --------    d-----w-    c:\program files (x86)\ESET
2014-06-14 04:32 . 2014-06-14 04:33    --------    d-----w-    c:\programdata\Malwarebytes' Anti-Malware (portable)
2014-06-14 03:56 . 2014-06-15 23:03    122584    ----a-w-    c:\windows\system32\drivers\MBAMSwissArmy.sys
2014-06-14 03:56 . 2014-06-14 04:30    92888    ----a-w-    c:\windows\system32\drivers\mbamchameleon.sys
2014-06-14 03:56 . 2014-05-12 11:26    63704    ----a-w-    c:\windows\system32\drivers\mwac.sys
2014-06-14 03:56 . 2014-05-12 11:25    25816    ----a-w-    c:\windows\system32\drivers\mbam.sys
2014-06-14 03:56 . 2014-06-14 03:56    --------    d-----w-    c:\program files (x86)\Malwarebytes Anti-Malware
2014-06-13 18:03 . 2014-06-13 18:03    --------    d-----w-    c:\windows\ERUNT
2014-06-13 17:48 . 2014-06-14 16:31    --------    d-----w-    C:\AdwCleaner
2014-06-13 10:59 . 2014-06-13 10:59    --------    d-----w-    c:\programdata\Malwarebytes
2014-06-12 00:05 . 2014-06-15 19:51    --------    d-----w-    c:\users\manuel.goulet\AppData\Local\CrashDumps
2014-06-11 13:26 . 2014-06-11 13:26    --------    d-----w-    c:\programdata\RogueKiller
2014-06-07 18:13 . 2012-09-20 16:26    543744    ----a-w-    c:\windows\system32\drivers\stwrt64.sys
2014-06-07 18:13 . 2012-09-20 16:26    499200    ----a-w-    c:\windows\system32\stcplx64.dll
2014-06-07 18:13 . 2012-09-20 16:26    2188800    ----a-w-    c:\windows\system32\stapo64.dll
2014-06-07 18:13 . 2012-09-20 16:26    672256    ------w-    c:\windows\system32\stapi64.dll
2014-06-07 18:13 . 2012-09-20 16:26    255488    ----a-w-    c:\windows\system32\st646428.dll
2014-06-07 18:13 . 2012-04-30 08:23    1008472    ----a-w-    c:\windows\system32\MaxxAudioAPOShell64.dll
2014-06-07 18:13 . 2012-01-05 07:05    572760    ----a-w-    c:\windows\system32\MaxxVoiceAPO64.dll
2014-06-07 18:13 . 2012-01-31 07:59    576856    ----a-w-    c:\windows\system32\MaxxAudioAPO4064.dll
2014-06-07 18:13 . 2014-06-07 18:16    --------    d-----w-    c:\program files\IDT
2014-06-07 18:12 . 2014-06-07 18:12    --------    d-----w-    c:\users\manuel.goulet\Audio
2014-06-07 18:11 . 2014-06-07 18:11    --------    d-----w-    c:\users\manuel.goulet\AppData\Local\Dell
2014-06-06 12:53 . 2014-06-06 12:53    --------    d-----w-    c:\program files (x86)\Common Files\Skype
.
.
.
((((((((((((((((((((((((((((((((((   Compte-rendu de Find3M   ))))))))))))))))))))))))))))))))))))))))))))))))
.
2014-06-14 22:50 . 2013-07-15 17:28    71344    ----a-w-    c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2014-06-14 22:50 . 2013-07-15 17:28    699056    ----a-w-    c:\windows\SysWow64\FlashPlayerApp.exe
2014-06-06 06:08 . 2014-03-29 20:42    53728    ----a-w-    c:\windows\system32\drivers\FireNfcp.sys
2014-04-27 18:55 . 2014-04-27 18:44    43520    ----a-w-    c:\windows\SysWow64\CmdLineExt03.dll
2014-04-26 20:22 . 2014-04-26 20:22    283064    ----a-w-    c:\windows\system32\drivers\dtsoftbus01.sys
2014-04-09 10:09 . 2013-07-10 19:27    594032    ----a-w-    c:\windows\system32\dsNcSmartCardProv.dll
2014-04-09 10:09 . 2013-07-10 19:27    423536    ----a-w-    c:\windows\system32\dsNcCredProv.dll
2014-04-09 10:09 . 2014-04-09 10:09    358000    ----a-w-    c:\windows\SysWow64\dsGinaLoaderX64.dll
2014-03-31 13:35 . 2010-11-21 03:27    270496    ------w-    c:\windows\system32\MpSigStub.exe
.
.
(((((((((((((((((((((((((((((((((   Points de chargement Reg   ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\SgnIconOvln1]
@="{93c136f0-91dc-4456-a586-98f72aff8d89}"
[HKEY_CLASSES_ROOT\CLSID\{93c136f0-91dc-4456-a586-98f72aff8d89}]
2010-10-15 19:03    303104    ----a-w-    c:\windows\System32\sgn_beshellextn.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\SgnIconOvln2]
@="{93c136f0-91dc-4457-a586-98f72aff8d89}"
[HKEY_CLASSES_ROOT\CLSID\{93c136f0-91dc-4457-a586-98f72aff8d89}]
2010-10-15 19:03    303104    ----a-w-    c:\windows\System32\sgn_beshellextn.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\SgnIconOvln3]
@="{93c136f0-91dc-4458-a586-98f72aff8d89}"
[HKEY_CLASSES_ROOT\CLSID\{93c136f0-91dc-4458-a586-98f72aff8d89}]
2010-10-15 19:03    303104    ----a-w-    c:\windows\System32\sgn_beshellextn.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"ShStatEXE"="c:\program files (x86)\McAfee\VirusScan Enterprise\SHSTAT.EXE" [2011-09-01 124224]
"McAfeeUpdaterUI"="c:\program files (x86)\McAfee\Common Framework\udaterui.exe" [2011-05-19 161088]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2014-05-08 959904]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2014-05-07 256896]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 0 (0x0)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Notification Packages    REG_MULTI_SZ       scecli c:\program files\WIDCOMM\Bluetooth Software\BtwProximityCP.dll
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\McAfeeEngineService]
@="Service"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\SGNAuthService]
@="Service"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
.
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x]
R2 MBAMScheduler;MBAMScheduler;c:\program files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe;c:\program files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe [x]
R2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes Anti-Malware\mbamservice.exe;c:\program files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [x]
R2 O2SDIOAssist;O2SDIOAssist;c:\windows\SysWOW64\srvany.exe;c:\windows\SysWOW64\srvany.exe [x]
R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe;c:\program files (x86)\Skype\Updater\Updater.exe [x]
R3 Acceler;Accelerometer Service;c:\windows\system32\drivers\accelern.sys;c:\windows\SYSNATIVE\drivers\accelern.sys [x]
R3 bcbtums;Bluetooth RAM Firmware Download USB Filter;c:\windows\system32\drivers\bcbtums.sys;c:\windows\SYSNATIVE\drivers\bcbtums.sys [x]
R3 btwampfl;btwampfl Bluetooth filter driver;c:\windows\system32\drivers\btwampfl.sys;c:\windows\SYSNATIVE\drivers\btwampfl.sys [x]
R3 btwl2cap;Bluetooth L2CAP Service;c:\windows\system32\DRIVERS\btwl2cap.sys;c:\windows\SYSNATIVE\DRIVERS\btwl2cap.sys [x]
R3 cvusbdrv;Dell ControlVault;c:\windows\system32\Drivers\cvusbdrv.sys;c:\windows\SYSNATIVE\Drivers\cvusbdrv.sys [x]
R3 dmvsc;dmvsc;c:\windows\system32\drivers\dmvsc.sys;c:\windows\SYSNATIVE\drivers\dmvsc.sys [x]
R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys;c:\windows\SYSNATIVE\drivers\mbam.sys [x]
R3 MBAMWebAccessControl;MBAMWebAccessControl;c:\windows\system32\drivers\mwac.sys;c:\windows\SYSNATIVE\drivers\mwac.sys [x]
R3 mferkdet;McAfee Inc. mferkdet;c:\windows\system32\drivers\mferkdet.sys;c:\windows\SYSNATIVE\drivers\mferkdet.sys [x]
R3 nusb3hub;Renesas Electronics USB 3.0 Hub Driver;c:\windows\system32\drivers\nusb3hub.sys;c:\windows\SYSNATIVE\drivers\nusb3hub.sys [x]
R3 nusb3xhc;Renesas Electronics USB 3.0 Host Controller Driver;c:\windows\system32\drivers\nusb3xhc.sys;c:\windows\SYSNATIVE\drivers\nusb3xhc.sys [x]
R3 O2MDFRDR;O2MDFRDR;c:\windows\system32\drivers\O2MDFw7x64.sys;c:\windows\SYSNATIVE\drivers\O2MDFw7x64.sys [x]
R3 O2MDRRDR;O2MDRRDR;c:\windows\system32\drivers\O2MDRw7x64.sys;c:\windows\SYSNATIVE\drivers\O2MDRw7x64.sys [x]
R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys;c:\windows\SYSNATIVE\drivers\rdpvideominiport.sys [x]
R3 Synth3dVsc;Microsoft Virtual 3D Video Transport Driver;c:\windows\system32\drivers\Synth3dVsc.sys;c:\windows\SYSNATIVE\drivers\Synth3dVsc.sys [x]
R3 terminpt;Microsoft Remote Desktop Input Driver;c:\windows\system32\drivers\terminpt.sys;c:\windows\SYSNATIVE\drivers\terminpt.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys;c:\windows\SYSNATIVE\drivers\tsusbflt.sys [x]
R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys;c:\windows\SYSNATIVE\drivers\TsUsbGD.sys [x]
R3 tsusbhub;Remote Deskotop USB Hub;c:\windows\system32\drivers\tsusbhub.sys;c:\windows\SYSNATIVE\drivers\tsusbhub.sys [x]
R3 VGPU;VGPU;c:\windows\system32\drivers\rdvgkmd.sys;c:\windows\SYSNATIVE\drivers\rdvgkmd.sys [x]
R3 WatAdminSvc;Service Windows Activation Technologies;c:\windows\system32\Wat\WatAdminSvc.exe;c:\windows\SYSNATIVE\Wat\WatAdminSvc.exe [x]
S0 BE_FLTI;BE_FLTI;c:\windows\SYSTEM32\DRIVERS\be_fltim.sys;c:\windows\SYSNATIVE\DRIVERS\be_fltim.sys [x]
S0 BeFlt;BeFlt;c:\windows\SYSTEM32\DRIVERS\BEFLT.SYS;c:\windows\SYSNATIVE\DRIVERS\BEFLT.SYS [x]
S0 CEAES2M;CEAES2M;c:\windows\System32\Drivers\cegaes2m.sys;c:\windows\SYSNATIVE\Drivers\cegaes2m.sys [x]
S0 CEAESM;CEAESM;c:\windows\System32\Drivers\cegaesm.sys;c:\windows\SYSNATIVE\Drivers\cegaesm.sys [x]
S0 CEHMACM;CEHMACM;c:\windows\System32\Drivers\cehmacm.sys;c:\windows\SYSNATIVE\Drivers\cehmacm.sys [x]
S0 CERNDM;CERNDM;c:\windows\System32\Drivers\CERNDM.sys;c:\windows\SYSNATIVE\Drivers\CERNDM.sys [x]
S0 CESHAM;CESHAM;c:\windows\System32\Drivers\cesham.sys;c:\windows\SYSNATIVE\Drivers\cesham.sys [x]
S0 iusb3hcs;Pilote de commutateur de contrôleur d'hôte Intel® USB 3.0;c:\windows\system32\drivers\iusb3hcs.sys;c:\windows\SYSNATIVE\drivers\iusb3hcs.sys [x]
S0 mfewfpk;McAfee Inc. mfewfpk;c:\windows\system32\drivers\mfewfpk.sys;c:\windows\SYSNATIVE\drivers\mfewfpk.sys [x]
S0 SGSTDRVM;SGMKeyStore Driver;c:\windows\System32\Drivers\sgstdrvm.sys;c:\windows\SYSNATIVE\Drivers\sgstdrvm.sys [x]
S0 stdcfltn;Disk Class Filter Driver for Accelerometer;c:\windows\system32\DRIVERS\stdcfltn.sys;c:\windows\SYSNATIVE\DRIVERS\stdcfltn.sys [x]
S1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;c:\windows\system32\DRIVERS\dtsoftbus01.sys;c:\windows\SYSNATIVE\DRIVERS\dtsoftbus01.sys [x]
S1 mfenlfk;McAfee NDIS Light Filter;c:\windows\system32\DRIVERS\mfenlfk.sys;c:\windows\SYSNATIVE\DRIVERS\mfenlfk.sys [x]
S1 NEOFLTR_710_20169;Juniper Networks TDI Filter Driver (NEOFLTR_710_20169);c:\windows\system32\Drivers\NEOFLTR_710_20169.SYS;c:\windows\SYSNATIVE\Drivers\NEOFLTR_710_20169.SYS [x]
S2 atashost;WebEx Service Host for Support Center;c:\windows\SysWOW64\atashost.exe;c:\windows\SysWOW64\atashost.exe [x]
S2 BEDevCtl;SafeGuard® Device Encryption Controller;c:\windows\SysWOW64\BEDevCtl.exe;c:\windows\SysWOW64\BEDevCtl.exe [x]
S2 BEFCSvcn;SafeGuard® Kernel Feature Client;c:\windows\SysWOW64\BEFCSvcn.exe;c:\windows\SysWOW64\BEFCSvcn.exe [x]
S2 Credential Vault Host Control Service;Credential Vault Host Control Service;c:\program files\Broadcom Corporation\Broadcom USH Host Components\CV\bin\HostControlService.exe;c:\program files\Broadcom Corporation\Broadcom USH Host Components\CV\bin\HostControlService.exe [x]
S2 Credential Vault Host Storage;Credential Vault Host Storage;c:\program files\Broadcom Corporation\Broadcom USH Host Components\CV\bin\HostStorageService.exe;c:\program files\Broadcom Corporation\Broadcom USH Host Components\CV\bin\HostStorageService.exe [x]
S2 enterceptAgent;McAfee Host Intrusion Prevention Service;c:\program files\McAfee\Host Intrusion Prevention\FireSvc.exe;c:\program files\McAfee\Host Intrusion Prevention\FireSvc.exe [x]
S2 IAStorDataMgrSvc;Intel® Rapid Storage Technology;c:\program files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe;c:\program files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe [x]
S2 Intel® Capability Licensing Service Interface;Intel® Capability Licensing Service Interface;c:\program files\Intel\iCLS Client\HeciServer.exe;c:\program files\Intel\iCLS Client\HeciServer.exe [x]
S2 jhi_service;Intel® Identity Protection Technology Host Interface Service;c:\program files (x86)\Intel\Services\IPT\jhi_service.exe;c:\program files (x86)\Intel\Services\IPT\jhi_service.exe [x]
S2 McAfeeEngineService;McAfee Engine Service;c:\program files (x86)\McAfee\VirusScan Enterprise\x64\EngineServer.exe;c:\program files (x86)\McAfee\VirusScan Enterprise\x64\EngineServer.exe [x]
S2 mfefire;McAfee Firewall Core Service;c:\program files\Common Files\McAfee\SystemCore\\mfefire.exe;c:\program files\Common Files\McAfee\SystemCore\\mfefire.exe [x]
S2 mfevtp;McAfee Validation Trust Protection Service;c:\windows\system32\mfevtps.exe;c:\windows\SYSNATIVE\mfevtps.exe [x]
S2 SGN_BEService;SafeGuard® Base Encryption Service;c:\windows\SysWOW64\SGN_MasterServicen.exe;c:\windows\SysWOW64\SGN_MasterServicen.exe [x]
S2 SGN_LogSystem;SafeGuard® Log Service;c:\windows\SysWOW64\SGN_MasterServicen.exe;c:\windows\SysWOW64\SGN_MasterServicen.exe [x]
S2 SGN_Sem;SafeGuard® System Event Manager;c:\windows\SysWOW64\SGN_MasterServicen.exe;c:\windows\SysWOW64\SGN_MasterServicen.exe [x]
S2 SGN_Trans;SafeGuard® Transport Service;c:\windows\SysWOW64\SGN_MasterServicen.exe;c:\windows\SysWOW64\SGN_MasterServicen.exe [x]
S2 SGNAuthService;SGNAuthService;c:\program files (x86)\Sophos\SafeGuard Enterprise\Client\SGNAuthServicen.exe;c:\program files (x86)\Sophos\SafeGuard Enterprise\Client\SGNAuthServicen.exe [x]
S2 UNS;Intel® Management and Security Application User Notification Service;c:\program files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe;c:\program files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe [x]
S2 VMUSBArbService;VMware USB Arbitration Service;c:\program files (x86)\Common Files\VMware\USB\vmware-usbarbitrator64.exe;c:\program files (x86)\Common Files\VMware\USB\vmware-usbarbitrator64.exe [x]
S2 Wireless_AutoSwitch;Wireless AutoSwitch;c:\program files (x86)\Wireless AutoSwitch\WrlsAutoSW.exs;c:\program files (x86)\Wireless AutoSwitch\WrlsAutoSW.exs [x]
S3 FireNfcp;McAfee Inc. FireNfcp;c:\windows\system32\drivers\FireNfcp.sys;c:\windows\SYSNATIVE\drivers\FireNfcp.sys [x]
S3 HipShieldK;McAfee Inc. HipShieldK;c:\windows\system32\drivers\HipShieldK.sys;c:\windows\SYSNATIVE\drivers\HipShieldK.sys [x]
S3 IntcDAud;Son Intel® pour écrans;c:\windows\system32\DRIVERS\IntcDAud.sys;c:\windows\SYSNATIVE\DRIVERS\IntcDAud.sys [x]
S3 iusb3hub;Pilote de concentrateur Intel® USB 3.0;c:\windows\system32\DRIVERS\iusb3hub.sys;c:\windows\SYSNATIVE\DRIVERS\iusb3hub.sys [x]
S3 iusb3xhc;Pilote du contrôleur d'hôte extensible Intel® USB 3.0;c:\windows\system32\DRIVERS\iusb3xhc.sys;c:\windows\SYSNATIVE\DRIVERS\iusb3xhc.sys [x]
S3 mfefirek;McAfee Inc. mfefirek;c:\windows\system32\drivers\mfefirek.sys;c:\windows\SYSNATIVE\drivers\mfefirek.sys [x]
S3 O2SDJRDR;O2SDJRDR;c:\windows\system32\DRIVERS\o2sdjw7x64.sys;c:\windows\SYSNATIVE\DRIVERS\o2sdjw7x64.sys [x]
S3 ST_ACCEL;STMicroelectronics Accelerometer Service;c:\windows\system32\DRIVERS\ST_ACCEL.sys;c:\windows\SYSNATIVE\DRIVERS\ST_ACCEL.sys [x]
.
.
--- Autres Services/Pilotes en mémoire ---
.
*Deregistered* - mfeapfk01
*Deregistered* - mfeavfk01
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\SgnIconOvln1]
@="{93c136f0-91dc-4456-a586-98f72aff8d89}"
[HKEY_CLASSES_ROOT\CLSID\{93c136f0-91dc-4456-a586-98f72aff8d89}]
2010-10-15 19:03    254976    ----a-w-    c:\windows\System32\sgn_beshellextn.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\SgnIconOvln2]
@="{93c136f0-91dc-4457-a586-98f72aff8d89}"
[HKEY_CLASSES_ROOT\CLSID\{93c136f0-91dc-4457-a586-98f72aff8d89}]
2010-10-15 19:03    254976    ----a-w-    c:\windows\System32\sgn_beshellextn.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\SgnIconOvln3]
@="{93c136f0-91dc-4458-a586-98f72aff8d89}"
[HKEY_CLASSES_ROOT\CLSID\{93c136f0-91dc-4458-a586-98f72aff8d89}]
2010-10-15 19:03    254976    ----a-w-    c:\windows\System32\sgn_beshellextn.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"McAfee Host Intrusion Prevention Tray"="c:\program files\McAfee\Host Intrusion Prevention\FireTray.exe" [2013-02-04 257400]
.
------- Examen supplémentaire -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = about:blank
mStart Page = about:blank
mLocal Page = c:\windows\SysWOW64\blank.htm
IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~2\Office14\EXCEL.EXE/3000
IE: Se&nd to OneNote - c:\progra~2\MICROS~2\Office14\ONBttnIE.dll/105
Trusted Zone: cgiclients.com\mail
Trusted Zone: itsm-prod-mt-cgi.com
TCP: DhcpNameServer = 192.168.0.1
FF - ProfilePath - c:\users\manuel.goulet\AppData\Roaming\Mozilla\Firefox\Profiles\t1h6snfj.default-1401135936852\
FF - prefs.js: browser.startup.homepage - www.google.ca
.
- - - - ORPHELINS SUPPRIMES - - - -
.
AddRemove-ImgBurn - c:\program files (x86)\ImgBurn\uninstall.exe
AddRemove-Cisco Unified Presenter Add-in 6x5 - c:\users\manuel.goulet\AppData\Roaming\Macromedia\Flash Player\www.macromedia.com\bin\ciscounifiedaddin6x5\ciscounifiedaddin6x5.exe
.
.
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Wireless_AutoSwitch]
"ImagePath"="\"c:\program files (x86)\Wireless AutoSwitch\WrlsAutoSW.exs\""
.
--------------------- CLES DE REGISTRE BLOQUEES ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_8_800_94_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_8_800_94_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_8_800_94_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_8_800_94_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_8_800_94.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.11"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_8_800_94.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_8_800_94.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_8_800_94.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\McAfee]
"SymbolicLinkValue"=hex(6):5c,00,52,00,65,00,67,00,69,00,73,00,74,00,72,00,79,
   00,5c,00,4d,00,41,00,43,00,48,00,49,00,4e,00,45,00,5c,00,53,00,6f,00,66,00,\
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Network Associates]
"SymbolicLinkValue"=hex(6):5c,00,52,00,65,00,67,00,69,00,73,00,74,00,72,00,79,
   00,5c,00,4d,00,41,00,43,00,48,00,49,00,4e,00,45,00,5c,00,53,00,6f,00,66,00,\
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Office\Common\Smart Tag\Actions\{B7EFF951-E52F-45CC-9EF7-57124F2177CC}]
@Denied: (A) (Everyone)
"Solution"="{15727DE6-F92D-4E46-ACB4-0E2C58B31A18}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3]
@Denied: (A) (Everyone)
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3\0]
"Key"="ActionsPane3"
"Location"="c:\\Program Files (x86)\\Common Files\\Microsoft Shared\\VSTO\\ActionsPane3.xsd"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Heure de fin: 2014-06-15  21:57:37
ComboFix-quarantined-files.txt  2014-06-16 01:57
ComboFix2.txt  2014-06-13 18:25
ComboFix3.txt  2014-06-06 14:29
.
Avant-CF: 114 251 452 416 octets libres
Après-CF: 114 116 239 360 octets libres
.
- - End Of File - - 8B521C36BCD5F8D03628AD2C24E9EBE4
A36C5E4F47E84449FF07ED3517B43A31
 



#6 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:06:49 AM

Posted 16 June 2014 - 03:35 AM


Hello Wave81

At this time I would like you to run this script for me and it is a good time to check out the computer to see if there is anything else that needs to be addressed.

:Run CFScript:

Please start by opening Notepad and copy/paste the text in the box into the window:

ClearJavaCache::


 
Save it to your desktop as CFScript.txt

Referring to the picture above, drag CFScript.txt into ComboFix.exe
CFScriptB-4.gif
This will let ComboFix run again.
Restart if you have to.
Save the produced logfile to your desktop.

Note: Do not mouseclick combofix's window whilst it's running. That may cause it to stall

Note 2: If you receive an error "Illegal operation attempted on a registry key that has been marked for deletion." Please restart the computer

"information and logs"
  • In your next post I need the following
    • report from Combofix
    • let me know of any problems you may have had
    • How is the computer doing now after running the script?
Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#7 Wave81

Wave81
  • Topic Starter

  • Members
  • 17 posts
  • OFFLINE
  •  
  • Local time:06:49 AM

Posted 16 June 2014 - 07:53 AM

Hi,

 

yesterday after two hours I got ads and music again :(

 

I ran the script with combofix I had not problem.

 

i'll come back later to let you know if the problem is still there

 

here is the log

 

thank you

 

 

ComboFix 14-06-16.01 - Manuel.Goulet 2014-06-16   8:25.4.4 - x64
Microsoft Windows 7 Entreprise   6.1.7601.1.1252.2.1036.18.3969.2554 [GMT -4:00]
Lancé depuis: c:\users\manuel.goulet\Desktop\ComboFix.exe
Commutateurs utilisés :: c:\users\manuel.goulet\Desktop\CFScript.txt.txt
AV: McAfee VirusScan Enterprise *Enabled/Updated* {86355677-4064-3EA7-ABB3-1B136EB04637}
FW: McAfee Pare-feu Host Intrusion Prevention *Enabled* {959DA8E2-3527-57D1-4915-924367AD4FE9}
SP: McAfee VirusScan Enterprise Antispyware Module *Enabled/Updated* {3D54B793-665E-3129-9103-206115370C8A}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
 * Un nouveau point de restauration a été créé
.
.
(((((((((((((((((((((((((((((   Fichiers créés du 2014-05-16 au 2014-06-16  ))))))))))))))))))))))))))))))))))))
.
.
2014-06-16 12:33 . 2014-06-16 12:33    --------    d-----w-    c:\users\Default\AppData\Local\temp
2014-06-16 12:33 . 2014-06-16 12:33    --------    d-----w-    c:\users\CGISAG\AppData\Local\temp
2014-06-16 12:33 . 2014-06-16 12:33    --------    d-----w-    c:\users\CGI\AppData\Local\temp
2014-06-15 11:07 . 2014-06-15 11:10    --------    d-----w-    C:\FRST
2014-06-15 00:31 . 2014-06-16 04:33    75888    ----a-w-    c:\programdata\Microsoft\Windows Defender\Definition Updates\{F45CA000-B459-4FC6-891D-946D215CA9AC}\offreg.dll
2014-06-15 00:14 . 2014-05-20 05:18    10702536    ----a-w-    c:\programdata\Microsoft\Windows Defender\Definition Updates\{F45CA000-B459-4FC6-891D-946D215CA9AC}\mpengine.dll
2014-06-14 23:14 . 2014-04-29 14:33    1638912    ----a-w-    c:\windows\system32\mshtml.tlb
2014-06-14 23:14 . 2014-04-29 14:01    1638912    ----a-w-    c:\windows\SysWow64\mshtml.tlb
2014-06-14 23:14 . 2014-04-29 17:18    9076224    ----a-w-    c:\windows\system32\mshtml.dll
2014-06-14 23:05 . 2014-06-14 23:05    313256    ----a-w-    c:\windows\system32\javaws.exe
2014-06-14 23:05 . 2014-06-14 23:05    111016    ----a-w-    c:\windows\system32\WindowsAccessBridge-64.dll
2014-06-14 23:05 . 2014-06-14 23:05    189352    ----a-w-    c:\windows\system32\javaw.exe
2014-06-14 23:05 . 2014-06-14 23:05    189352    ----a-w-    c:\windows\system32\java.exe
2014-06-14 23:05 . 2014-06-14 23:05    --------    d-----w-    c:\program files\Java
2014-06-14 23:04 . 2014-06-14 23:04    --------    d-----w-    c:\program files (x86)\Common Files\Java
2014-06-14 23:03 . 2014-06-14 23:03    98216    ----a-w-    c:\windows\SysWow64\WindowsAccessBridge-32.dll
2014-06-14 22:55 . 2014-06-14 22:55    --------    d-----w-    c:\program files (x86)\Common Files\Adobe
2014-06-14 16:59 . 2014-06-14 16:59    --------    d-----w-    c:\program files (x86)\ESET
2014-06-14 04:32 . 2014-06-14 04:33    --------    d-----w-    c:\programdata\Malwarebytes' Anti-Malware (portable)
2014-06-14 03:56 . 2014-06-16 09:54    122584    ----a-w-    c:\windows\system32\drivers\MBAMSwissArmy.sys
2014-06-14 03:56 . 2014-06-14 04:30    92888    ----a-w-    c:\windows\system32\drivers\mbamchameleon.sys
2014-06-14 03:56 . 2014-05-12 11:26    63704    ----a-w-    c:\windows\system32\drivers\mwac.sys
2014-06-14 03:56 . 2014-05-12 11:25    25816    ----a-w-    c:\windows\system32\drivers\mbam.sys
2014-06-14 03:56 . 2014-06-14 03:56    --------    d-----w-    c:\program files (x86)\Malwarebytes Anti-Malware
2014-06-13 18:03 . 2014-06-13 18:03    --------    d-----w-    c:\windows\ERUNT
2014-06-13 17:48 . 2014-06-14 16:31    --------    d-----w-    C:\AdwCleaner
2014-06-13 10:59 . 2014-06-13 10:59    --------    d-----w-    c:\programdata\Malwarebytes
2014-06-12 00:05 . 2014-06-15 19:51    --------    d-----w-    c:\users\manuel.goulet\AppData\Local\CrashDumps
2014-06-11 13:26 . 2014-06-11 13:26    --------    d-----w-    c:\programdata\RogueKiller
2014-06-07 18:13 . 2012-09-20 16:26    543744    ----a-w-    c:\windows\system32\drivers\stwrt64.sys
2014-06-07 18:13 . 2012-09-20 16:26    499200    ----a-w-    c:\windows\system32\stcplx64.dll
2014-06-07 18:13 . 2012-09-20 16:26    2188800    ----a-w-    c:\windows\system32\stapo64.dll
2014-06-07 18:13 . 2012-09-20 16:26    672256    ------w-    c:\windows\system32\stapi64.dll
2014-06-07 18:13 . 2012-09-20 16:26    255488    ----a-w-    c:\windows\system32\st646428.dll
2014-06-07 18:13 . 2012-04-30 08:23    1008472    ----a-w-    c:\windows\system32\MaxxAudioAPOShell64.dll
2014-06-07 18:13 . 2012-01-05 07:05    572760    ----a-w-    c:\windows\system32\MaxxVoiceAPO64.dll
2014-06-07 18:13 . 2012-01-31 07:59    576856    ----a-w-    c:\windows\system32\MaxxAudioAPO4064.dll
2014-06-07 18:13 . 2014-06-07 18:16    --------    d-----w-    c:\program files\IDT
2014-06-07 18:12 . 2014-06-07 18:12    --------    d-----w-    c:\users\manuel.goulet\Audio
2014-06-07 18:11 . 2014-06-07 18:11    --------    d-----w-    c:\users\manuel.goulet\AppData\Local\Dell
2014-06-06 12:53 . 2014-06-06 12:53    --------    d-----w-    c:\program files (x86)\Common Files\Skype
.
.
.
((((((((((((((((((((((((((((((((((   Compte-rendu de Find3M   ))))))))))))))))))))))))))))))))))))))))))))))))
.
2014-06-14 22:50 . 2013-07-15 17:28    71344    ----a-w-    c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2014-06-14 22:50 . 2013-07-15 17:28    699056    ----a-w-    c:\windows\SysWow64\FlashPlayerApp.exe
2014-06-06 06:08 . 2014-03-29 20:42    53728    ----a-w-    c:\windows\system32\drivers\FireNfcp.sys
2014-04-27 18:55 . 2014-04-27 18:44    43520    ----a-w-    c:\windows\SysWow64\CmdLineExt03.dll
2014-04-26 20:22 . 2014-04-26 20:22    283064    ----a-w-    c:\windows\system32\drivers\dtsoftbus01.sys
2014-04-09 10:09 . 2013-07-10 19:27    594032    ----a-w-    c:\windows\system32\dsNcSmartCardProv.dll
2014-04-09 10:09 . 2013-07-10 19:27    423536    ----a-w-    c:\windows\system32\dsNcCredProv.dll
2014-04-09 10:09 . 2014-04-09 10:09    358000    ----a-w-    c:\windows\SysWow64\dsGinaLoaderX64.dll
2014-03-31 13:35 . 2010-11-21 03:27    270496    ------w-    c:\windows\system32\MpSigStub.exe
.
.
(((((((((((((((((((((((((((((((((   Points de chargement Reg   ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\SgnIconOvln1]
@="{93c136f0-91dc-4456-a586-98f72aff8d89}"
[HKEY_CLASSES_ROOT\CLSID\{93c136f0-91dc-4456-a586-98f72aff8d89}]
2010-10-15 19:03    303104    ----a-w-    c:\windows\System32\sgn_beshellextn.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\SgnIconOvln2]
@="{93c136f0-91dc-4457-a586-98f72aff8d89}"
[HKEY_CLASSES_ROOT\CLSID\{93c136f0-91dc-4457-a586-98f72aff8d89}]
2010-10-15 19:03    303104    ----a-w-    c:\windows\System32\sgn_beshellextn.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\SgnIconOvln3]
@="{93c136f0-91dc-4458-a586-98f72aff8d89}"
[HKEY_CLASSES_ROOT\CLSID\{93c136f0-91dc-4458-a586-98f72aff8d89}]
2010-10-15 19:03    303104    ----a-w-    c:\windows\System32\sgn_beshellextn.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Cache Cleaner"="c:\users\manuel.goulet\AppData\Roaming\Juniper Networks\Host Checker\dsCCProc.exe" [2014-04-09 49264]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"ShStatEXE"="c:\program files (x86)\McAfee\VirusScan Enterprise\SHSTAT.EXE" [2011-09-01 124224]
"McAfeeUpdaterUI"="c:\program files (x86)\McAfee\Common Framework\udaterui.exe" [2011-05-19 161088]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2014-05-08 959904]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2014-05-07 256896]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 0 (0x0)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Notification Packages    REG_MULTI_SZ       scecli c:\program files\WIDCOMM\Bluetooth Software\BtwProximityCP.dll
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\McAfeeEngineService]
@="Service"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\SGNAuthService]
@="Service"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
.
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x]
R2 MBAMScheduler;MBAMScheduler;c:\program files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe;c:\program files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe [x]
R2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes Anti-Malware\mbamservice.exe;c:\program files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [x]
R2 O2SDIOAssist;O2SDIOAssist;c:\windows\SysWOW64\srvany.exe;c:\windows\SysWOW64\srvany.exe [x]
R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe;c:\program files (x86)\Skype\Updater\Updater.exe [x]
R3 Acceler;Accelerometer Service;c:\windows\system32\drivers\accelern.sys;c:\windows\SYSNATIVE\drivers\accelern.sys [x]
R3 bcbtums;Bluetooth RAM Firmware Download USB Filter;c:\windows\system32\drivers\bcbtums.sys;c:\windows\SYSNATIVE\drivers\bcbtums.sys [x]
R3 btwampfl;btwampfl Bluetooth filter driver;c:\windows\system32\drivers\btwampfl.sys;c:\windows\SYSNATIVE\drivers\btwampfl.sys [x]
R3 btwl2cap;Bluetooth L2CAP Service;c:\windows\system32\DRIVERS\btwl2cap.sys;c:\windows\SYSNATIVE\DRIVERS\btwl2cap.sys [x]
R3 cvusbdrv;Dell ControlVault;c:\windows\system32\Drivers\cvusbdrv.sys;c:\windows\SYSNATIVE\Drivers\cvusbdrv.sys [x]
R3 dmvsc;dmvsc;c:\windows\system32\drivers\dmvsc.sys;c:\windows\SYSNATIVE\drivers\dmvsc.sys [x]
R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys;c:\windows\SYSNATIVE\drivers\mbam.sys [x]
R3 MBAMWebAccessControl;MBAMWebAccessControl;c:\windows\system32\drivers\mwac.sys;c:\windows\SYSNATIVE\drivers\mwac.sys [x]
R3 mferkdet;McAfee Inc. mferkdet;c:\windows\system32\drivers\mferkdet.sys;c:\windows\SYSNATIVE\drivers\mferkdet.sys [x]
R3 nusb3hub;Renesas Electronics USB 3.0 Hub Driver;c:\windows\system32\drivers\nusb3hub.sys;c:\windows\SYSNATIVE\drivers\nusb3hub.sys [x]
R3 nusb3xhc;Renesas Electronics USB 3.0 Host Controller Driver;c:\windows\system32\drivers\nusb3xhc.sys;c:\windows\SYSNATIVE\drivers\nusb3xhc.sys [x]
R3 O2MDFRDR;O2MDFRDR;c:\windows\system32\drivers\O2MDFw7x64.sys;c:\windows\SYSNATIVE\drivers\O2MDFw7x64.sys [x]
R3 O2MDRRDR;O2MDRRDR;c:\windows\system32\drivers\O2MDRw7x64.sys;c:\windows\SYSNATIVE\drivers\O2MDRw7x64.sys [x]
R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys;c:\windows\SYSNATIVE\drivers\rdpvideominiport.sys [x]
R3 Synth3dVsc;Microsoft Virtual 3D Video Transport Driver;c:\windows\system32\drivers\Synth3dVsc.sys;c:\windows\SYSNATIVE\drivers\Synth3dVsc.sys [x]
R3 terminpt;Microsoft Remote Desktop Input Driver;c:\windows\system32\drivers\terminpt.sys;c:\windows\SYSNATIVE\drivers\terminpt.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys;c:\windows\SYSNATIVE\drivers\tsusbflt.sys [x]
R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys;c:\windows\SYSNATIVE\drivers\TsUsbGD.sys [x]
R3 tsusbhub;Remote Deskotop USB Hub;c:\windows\system32\drivers\tsusbhub.sys;c:\windows\SYSNATIVE\drivers\tsusbhub.sys [x]
R3 VGPU;VGPU;c:\windows\system32\drivers\rdvgkmd.sys;c:\windows\SYSNATIVE\drivers\rdvgkmd.sys [x]
R3 WatAdminSvc;Service Windows Activation Technologies;c:\windows\system32\Wat\WatAdminSvc.exe;c:\windows\SYSNATIVE\Wat\WatAdminSvc.exe [x]
S0 BE_FLTI;BE_FLTI;c:\windows\SYSTEM32\DRIVERS\be_fltim.sys;c:\windows\SYSNATIVE\DRIVERS\be_fltim.sys [x]
S0 BeFlt;BeFlt;c:\windows\SYSTEM32\DRIVERS\BEFLT.SYS;c:\windows\SYSNATIVE\DRIVERS\BEFLT.SYS [x]
S0 CEAES2M;CEAES2M;c:\windows\System32\Drivers\cegaes2m.sys;c:\windows\SYSNATIVE\Drivers\cegaes2m.sys [x]
S0 CEAESM;CEAESM;c:\windows\System32\Drivers\cegaesm.sys;c:\windows\SYSNATIVE\Drivers\cegaesm.sys [x]
S0 CEHMACM;CEHMACM;c:\windows\System32\Drivers\cehmacm.sys;c:\windows\SYSNATIVE\Drivers\cehmacm.sys [x]
S0 CERNDM;CERNDM;c:\windows\System32\Drivers\CERNDM.sys;c:\windows\SYSNATIVE\Drivers\CERNDM.sys [x]
S0 CESHAM;CESHAM;c:\windows\System32\Drivers\cesham.sys;c:\windows\SYSNATIVE\Drivers\cesham.sys [x]
S0 iusb3hcs;Pilote de commutateur de contrôleur d'hôte Intel® USB 3.0;c:\windows\system32\drivers\iusb3hcs.sys;c:\windows\SYSNATIVE\drivers\iusb3hcs.sys [x]
S0 mfewfpk;McAfee Inc. mfewfpk;c:\windows\system32\drivers\mfewfpk.sys;c:\windows\SYSNATIVE\drivers\mfewfpk.sys [x]
S0 SGSTDRVM;SGMKeyStore Driver;c:\windows\System32\Drivers\sgstdrvm.sys;c:\windows\SYSNATIVE\Drivers\sgstdrvm.sys [x]
S0 stdcfltn;Disk Class Filter Driver for Accelerometer;c:\windows\system32\DRIVERS\stdcfltn.sys;c:\windows\SYSNATIVE\DRIVERS\stdcfltn.sys [x]
S1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;c:\windows\system32\DRIVERS\dtsoftbus01.sys;c:\windows\SYSNATIVE\DRIVERS\dtsoftbus01.sys [x]
S1 mfenlfk;McAfee NDIS Light Filter;c:\windows\system32\DRIVERS\mfenlfk.sys;c:\windows\SYSNATIVE\DRIVERS\mfenlfk.sys [x]
S1 NEOFLTR_710_20169;Juniper Networks TDI Filter Driver (NEOFLTR_710_20169);c:\windows\system32\Drivers\NEOFLTR_710_20169.SYS;c:\windows\SYSNATIVE\Drivers\NEOFLTR_710_20169.SYS [x]
S2 atashost;WebEx Service Host for Support Center;c:\windows\SysWOW64\atashost.exe;c:\windows\SysWOW64\atashost.exe [x]
S2 BEDevCtl;SafeGuard® Device Encryption Controller;c:\windows\SysWOW64\BEDevCtl.exe;c:\windows\SysWOW64\BEDevCtl.exe [x]
S2 BEFCSvcn;SafeGuard® Kernel Feature Client;c:\windows\SysWOW64\BEFCSvcn.exe;c:\windows\SysWOW64\BEFCSvcn.exe [x]
S2 Credential Vault Host Control Service;Credential Vault Host Control Service;c:\program files\Broadcom Corporation\Broadcom USH Host Components\CV\bin\HostControlService.exe;c:\program files\Broadcom Corporation\Broadcom USH Host Components\CV\bin\HostControlService.exe [x]
S2 Credential Vault Host Storage;Credential Vault Host Storage;c:\program files\Broadcom Corporation\Broadcom USH Host Components\CV\bin\HostStorageService.exe;c:\program files\Broadcom Corporation\Broadcom USH Host Components\CV\bin\HostStorageService.exe [x]
S2 enterceptAgent;McAfee Host Intrusion Prevention Service;c:\program files\McAfee\Host Intrusion Prevention\FireSvc.exe;c:\program files\McAfee\Host Intrusion Prevention\FireSvc.exe [x]
S2 IAStorDataMgrSvc;Intel® Rapid Storage Technology;c:\program files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe;c:\program files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe [x]
S2 Intel® Capability Licensing Service Interface;Intel® Capability Licensing Service Interface;c:\program files\Intel\iCLS Client\HeciServer.exe;c:\program files\Intel\iCLS Client\HeciServer.exe [x]
S2 jhi_service;Intel® Identity Protection Technology Host Interface Service;c:\program files (x86)\Intel\Services\IPT\jhi_service.exe;c:\program files (x86)\Intel\Services\IPT\jhi_service.exe [x]
S2 McAfeeEngineService;McAfee Engine Service;c:\program files (x86)\McAfee\VirusScan Enterprise\x64\EngineServer.exe;c:\program files (x86)\McAfee\VirusScan Enterprise\x64\EngineServer.exe [x]
S2 mfefire;McAfee Firewall Core Service;c:\program files\Common Files\McAfee\SystemCore\\mfefire.exe;c:\program files\Common Files\McAfee\SystemCore\\mfefire.exe [x]
S2 mfevtp;McAfee Validation Trust Protection Service;c:\windows\system32\mfevtps.exe;c:\windows\SYSNATIVE\mfevtps.exe [x]
S2 SGN_BEService;SafeGuard® Base Encryption Service;c:\windows\SysWOW64\SGN_MasterServicen.exe;c:\windows\SysWOW64\SGN_MasterServicen.exe [x]
S2 SGN_LogSystem;SafeGuard® Log Service;c:\windows\SysWOW64\SGN_MasterServicen.exe;c:\windows\SysWOW64\SGN_MasterServicen.exe [x]
S2 SGN_Sem;SafeGuard® System Event Manager;c:\windows\SysWOW64\SGN_MasterServicen.exe;c:\windows\SysWOW64\SGN_MasterServicen.exe [x]
S2 SGN_Trans;SafeGuard® Transport Service;c:\windows\SysWOW64\SGN_MasterServicen.exe;c:\windows\SysWOW64\SGN_MasterServicen.exe [x]
S2 SGNAuthService;SGNAuthService;c:\program files (x86)\Sophos\SafeGuard Enterprise\Client\SGNAuthServicen.exe;c:\program files (x86)\Sophos\SafeGuard Enterprise\Client\SGNAuthServicen.exe [x]
S2 UNS;Intel® Management and Security Application User Notification Service;c:\program files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe;c:\program files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe [x]
S2 VMUSBArbService;VMware USB Arbitration Service;c:\program files (x86)\Common Files\VMware\USB\vmware-usbarbitrator64.exe;c:\program files (x86)\Common Files\VMware\USB\vmware-usbarbitrator64.exe [x]
S2 Wireless_AutoSwitch;Wireless AutoSwitch;c:\program files (x86)\Wireless AutoSwitch\WrlsAutoSW.exs;c:\program files (x86)\Wireless AutoSwitch\WrlsAutoSW.exs [x]
S3 FireNfcp;McAfee Inc. FireNfcp;c:\windows\system32\drivers\FireNfcp.sys;c:\windows\SYSNATIVE\drivers\FireNfcp.sys [x]
S3 HipShieldK;McAfee Inc. HipShieldK;c:\windows\system32\drivers\HipShieldK.sys;c:\windows\SYSNATIVE\drivers\HipShieldK.sys [x]
S3 IntcDAud;Son Intel® pour écrans;c:\windows\system32\DRIVERS\IntcDAud.sys;c:\windows\SYSNATIVE\DRIVERS\IntcDAud.sys [x]
S3 iusb3hub;Pilote de concentrateur Intel® USB 3.0;c:\windows\system32\DRIVERS\iusb3hub.sys;c:\windows\SYSNATIVE\DRIVERS\iusb3hub.sys [x]
S3 iusb3xhc;Pilote du contrôleur d'hôte extensible Intel® USB 3.0;c:\windows\system32\DRIVERS\iusb3xhc.sys;c:\windows\SYSNATIVE\DRIVERS\iusb3xhc.sys [x]
S3 mfefirek;McAfee Inc. mfefirek;c:\windows\system32\drivers\mfefirek.sys;c:\windows\SYSNATIVE\drivers\mfefirek.sys [x]
S3 O2SDJRDR;O2SDJRDR;c:\windows\system32\DRIVERS\o2sdjw7x64.sys;c:\windows\SYSNATIVE\DRIVERS\o2sdjw7x64.sys [x]
S3 ST_ACCEL;STMicroelectronics Accelerometer Service;c:\windows\system32\DRIVERS\ST_ACCEL.sys;c:\windows\SYSNATIVE\DRIVERS\ST_ACCEL.sys [x]
.
.
--- Autres Services/Pilotes en mémoire ---
.
*Deregistered* - mfeapfk01
*Deregistered* - mfeavfk01
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\SgnIconOvln1]
@="{93c136f0-91dc-4456-a586-98f72aff8d89}"
[HKEY_CLASSES_ROOT\CLSID\{93c136f0-91dc-4456-a586-98f72aff8d89}]
2010-10-15 19:03    254976    ----a-w-    c:\windows\System32\sgn_beshellextn.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\SgnIconOvln2]
@="{93c136f0-91dc-4457-a586-98f72aff8d89}"
[HKEY_CLASSES_ROOT\CLSID\{93c136f0-91dc-4457-a586-98f72aff8d89}]
2010-10-15 19:03    254976    ----a-w-    c:\windows\System32\sgn_beshellextn.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\SgnIconOvln3]
@="{93c136f0-91dc-4458-a586-98f72aff8d89}"
[HKEY_CLASSES_ROOT\CLSID\{93c136f0-91dc-4458-a586-98f72aff8d89}]
2010-10-15 19:03    254976    ----a-w-    c:\windows\System32\sgn_beshellextn.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"McAfee Host Intrusion Prevention Tray"="c:\program files\McAfee\Host Intrusion Prevention\FireTray.exe" [2013-02-04 257400]
.
------- Examen supplémentaire -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = about:blank
mStart Page = about:blank
mLocal Page = c:\windows\SysWOW64\blank.htm
IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~2\Office14\EXCEL.EXE/3000
IE: Se&nd to OneNote - c:\progra~2\MICROS~2\Office14\ONBttnIE.dll/105
Trusted Zone: cgiclients.com\mail
Trusted Zone: itsm-prod-mt-cgi.com
TCP: DhcpNameServer = 192.168.0.1
FF - ProfilePath - c:\users\manuel.goulet\AppData\Roaming\Mozilla\Firefox\Profiles\t1h6snfj.default-1401135936852\
FF - prefs.js: browser.startup.homepage - www.google.ca
.
- - - - ORPHELINS SUPPRIMES - - - -
.
AddRemove-ImgBurn - c:\program files (x86)\ImgBurn\uninstall.exe
.
.
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Wireless_AutoSwitch]
"ImagePath"="\"c:\program files (x86)\Wireless AutoSwitch\WrlsAutoSW.exs\""
.
--------------------- CLES DE REGISTRE BLOQUEES ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_8_800_94_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_8_800_94_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_8_800_94_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_8_800_94_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_8_800_94.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.11"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_8_800_94.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_8_800_94.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_8_800_94.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\McAfee]
"SymbolicLinkValue"=hex(6):5c,00,52,00,65,00,67,00,69,00,73,00,74,00,72,00,79,
   00,5c,00,4d,00,41,00,43,00,48,00,49,00,4e,00,45,00,5c,00,53,00,6f,00,66,00,\
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Network Associates]
"SymbolicLinkValue"=hex(6):5c,00,52,00,65,00,67,00,69,00,73,00,74,00,72,00,79,
   00,5c,00,4d,00,41,00,43,00,48,00,49,00,4e,00,45,00,5c,00,53,00,6f,00,66,00,\
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Office\Common\Smart Tag\Actions\{B7EFF951-E52F-45CC-9EF7-57124F2177CC}]
@Denied: (A) (Everyone)
"Solution"="{15727DE6-F92D-4E46-ACB4-0E2C58B31A18}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3]
@Denied: (A) (Everyone)
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3\0]
"Key"="ActionsPane3"
"Location"="c:\\Program Files (x86)\\Common Files\\Microsoft Shared\\VSTO\\ActionsPane3.xsd"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Heure de fin: 2014-06-16  08:42:20
ComboFix-quarantined-files.txt  2014-06-16 12:42
ComboFix2.txt  2014-06-16 01:57
ComboFix3.txt  2014-06-13 18:25
ComboFix4.txt  2014-06-06 14:29
.
Avant-CF: 117 249 626 112 octets libres
Après-CF: 116 656 508 928 octets libres
.
- - End Of File - - A79E75C27C7550BF1B151BCECA8F19C3
A36C5E4F47E84449FF07ED3517B43A31
 



#8 Wave81

Wave81
  • Topic Starter

  • Members
  • 17 posts
  • OFFLINE
  •  
  • Local time:06:49 AM

Posted 16 June 2014 - 08:47 AM

Hi,

 

i'm still getting random audio ads ans music :(

 

I would like to know, would it be better to run combo fix in safe mode? If yes this i snot an option for me . My laptop is protected by safeguard sophos and it does not allow me to go into that mode with F8 or F5 :(

 

thank you



#9 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:06:49 AM

Posted 16 June 2014 - 12:24 PM





Hello Wave81

Malwarebytes Anti-Rootkit

1.Download Malwarebytes Anti-Rootkit
2.Unzip the contents to a folder in a convenient location.
3.Open the folder where the contents were unzipped and run mbar.exe
4.Follow the instructions in the wizard to update and allow the program to scan your computer for threats.
5.Click on the Cleanup button to remove any threats and reboot if prompted to do so.
6.Wait while the system shuts down and the cleanup process is performed.
7.Perform another scan with Malwarebytes Anti-Rootkit to verify that no threats remain. If they do, then click Cleanup once more and repeat the process.
8.If no additional threats were found, verify that your system is now running normally, making sure that the following items are functional:
  • •Internet access
    •Windows Update
    •Windows Firewall
9.If there are additional problems with your system, such as any of those listed above or other system issues, then run the 'fixdamage' tool included with Malwarebytes Anti-Rootkit and reboot.
10.Verify that your system is now functioning normally.


--RogueKiller--

Download & SAVE to your Desktop RogueKiller for 32bit or Roguekiller for 64bit
  • Quit all programs that you may have started.
  • Please disconnect any external drives from the computer before you run this scan!
  • For Vista or Windows 7, right-click and select "Run as Administrator to start"
  • For Windows XP, double-click to start.
  • Wait until Prescan has finished ...
  • Then Click on "Scan" button
  • Wait until the Status box shows "Scan Finished"
  • click on "delete"
  • Wait until the Status box shows "Deleting Finished"
  • Click on "Report" and copy/paste the content of the Notepad into your next reply.
  • the scan will make two reports the one I would like to see is called RKreport[2].txt on your Desktop
  • Exit/Close RogueKiller+
send me the reports made from MBAR and Roguekiller and also let me know how the computer is doing at this time.

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#10 Wave81

Wave81
  • Topic Starter

  • Members
  • 17 posts
  • OFFLINE
  •  
  • Local time:06:49 AM

Posted 16 June 2014 - 02:22 PM

Hi,

 

I got an error when I ran malwarebyte anti-rootkit

 

error: the system volumes seems inaccessible or encrypted. Scan cant continue

 

and rkill found nothing

 

log:

 

Rkill 2.6.6 by Lawrence Abrams (Grinler)
http://www.bleepingcomputer.com/
Copyright 2008-2014 BleepingComputer.com
More Information about Rkill can be found at this link:
 http://www.bleepingcomputer.com/forums/topic308364.html

Program started at: 06/16/2014 03:15:27 PM in x64 mode.
Windows Version: Windows 7 Enterprise Service Pack 1

Checking for Windows services to stop:

 * No malware services found to stop.

Checking for processes to terminate:

 * C:\Windows\SysWOW64\BEDevCtl.exe (PID: 1996) [WD-HEUR]
 * C:\Windows\SysWOW64\BEFCSvcn.exe (PID: 2028) [WD-HEUR]
 * C:\Windows\SysWOW64\srvany.exe (PID: 2840) [WD-HEUR]
 * C:\Windows\SysWOW64\SGN_MasterServicen.exe (PID: 2904) [WD-HEUR]

4 proccesses terminated!

Checking Registry for malware related settings:

 * No issues found in the Registry.

Resetting .EXE, .COM, & .BAT associations in the Windows Registry.

Performing miscellaneous checks:

 * No issues found.

Checking Windows Service Integrity:

 * No issues found.

Searching for Missing Digital Signatures:

 * No issues found.

Checking HOSTS File:

 * HOSTS file entries found:

  216.208.127.120      ads.lacaisse.com
  127.0.0.1       localhost

Program finished at: 06/16/2014 03:16:40 PM
Execution time: 0 hours(s), 1 minute(s), and 13 seconds(s)



#11 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:06:49 AM

Posted 16 June 2014 - 08:27 PM

Hello Wave81

I didn't ask for RFKill to be run I had asked for RogueKiller which is a different program

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#12 Wave81

Wave81
  • Topic Starter

  • Members
  • 17 posts
  • OFFLINE
  •  
  • Local time:06:49 AM

Posted 16 June 2014 - 08:43 PM

Hi

 

very sorry about that !

 

here the correct log :

 

RogueKiller V9.0.2.0 (x64) [Jun  3 2014] par Adlice Software
Mail : http://www.adlice.com/contact/
Remontées : http://forum.adlice.com
Site Web : http://www.surlatoile.org/RogueKiller/
Blog : http://www.adlice.com

Système d'exploitation : Windows 7 (6.1.7601 Service Pack 1) 64 bits version
Démarrage : Mode normal
Utilisateur : Manuel.Goulet [Droits d'admin]
Mode : Suppression -- Date : 06/16/2014  21:41:28

¤¤¤ Processus malicieux : 3 ¤¤¤
[ZeroAccess] McShield.exe -- [x] -> TUÉ [TermProc]
[Suspicious.Path] dsHostChecker.exe -- C:\Users\manuel.goulet\AppData\Roaming\Juniper Networks\Host Checker\dsHostChecker.exe[7] -> TUÉ [TermProc]
[Suspicious.Path] JuniperSetupClient.exe -- C:\Users\manuel.goulet\AppData\Roaming\Juniper Networks\Setup Client\JuniperSetupClient.exe[7] -> TUÉ [TermProc]

¤¤¤ Entrées de registre : 14 ¤¤¤
[Suspicious.Path] (X64) HKEY_USERS\S-1-5-21-2517322852-2756488711-390072363-5959\Software\Microsoft\Windows\CurrentVersion\Run | Cache Cleaner : "C:\Users\manuel.goulet\AppData\Roaming\Juniper Networks\Host Checker\dsCCProc.exe" -action delete [x] -> SUPPRIMÉ
[Suspicious.Path] (X86) HKEY_USERS\S-1-5-21-2517322852-2756488711-390072363-5959\Software\Microsoft\Windows\CurrentVersion\Run | Cache Cleaner : "C:\Users\manuel.goulet\AppData\Roaming\Juniper Networks\Host Checker\dsCCProc.exe" -action delete  -> ERROR [2]
[PUM.Policies] (X64) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System | DisableRegistryTools : 0  -> NON SELECTIONNÉ
[PUM.Policies] (X86) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System | DisableRegistryTools : 0  -> NON SELECTIONNÉ
[PUM.Policies] (X64) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System | EnableLUA : 0  -> NON SELECTIONNÉ
[PUM.Policies] (X86) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System | EnableLUA : 0  -> NON SELECTIONNÉ
[PUM.Policies] (X64) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System | ConsentPromptBehaviorAdmin : 0  -> NON SELECTIONNÉ
[PUM.Policies] (X86) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System | ConsentPromptBehaviorAdmin : 0  -> NON SELECTIONNÉ
[PUM.StartMenu] (X64) HKEY_USERS\S-1-5-21-2517322852-2756488711-390072363-5959\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced | Start_ShowMyGames : 0  -> NON SELECTIONNÉ
[PUM.StartMenu] (X86) HKEY_USERS\S-1-5-21-2517322852-2756488711-390072363-5959\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced | Start_ShowMyGames : 0  -> NON SELECTIONNÉ
[PUM.DesktopIcons] (X64) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {20D04FE0-3AEA-1069-A2D8-08002B30309D} : 1  -> NON SELECTIONNÉ
[PUM.DesktopIcons] (X64) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {59031a47-3f72-44a7-89c5-5595fe6b30ee} : 1  -> NON SELECTIONNÉ
[PUM.DesktopIcons] (X86) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {20D04FE0-3AEA-1069-A2D8-08002B30309D} : 1  -> NON SELECTIONNÉ
[PUM.DesktopIcons] (X86) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {59031a47-3f72-44a7-89c5-5595fe6b30ee} : 1  -> NON SELECTIONNÉ

¤¤¤ Tâches planifiées : 1 ¤¤¤
[Suspicious.Path] \\{FC67CC04-56A5-4CFD-B918-74DC83F7DAB3} -- C:\Windows\system32\pcalua.exe (-a "C:\Users\manuel.goulet\Desktop\Nouveau dossier\vpnclient_setup.exe" -d "C:\Users\manuel.goulet\Desktop\Nouveau dossier") -> SUPPRIMÉ

¤¤¤ Fichiers : 0 ¤¤¤

¤¤¤ Fichier HOSTS : 1 ¤¤¤
[C:\Windows\System32\drivers\etc\hosts] 127.0.0.1       localhost

¤¤¤ Antirootkit : 127 ¤¤¤
[EAT:Addr] (explorer.exe) igfxsrvc.dll - DllCanUnloadNow : C:\Windows\system32\igfxrFRA.lrc @ 0x32011d8
[EAT:Addr] (explorer.exe) igfxsrvc.dll - DllGetClassObject : C:\Windows\system32\igfxrFRA.lrc @ 0x3204480
[EAT:Addr] (explorer.exe) igfxsrvc.dll - DllRegisterServer : C:\Windows\system32\igfxrFRA.lrc @ 0x3204770
[EAT:Addr] (explorer.exe) igfxsrvc.dll - DllUnregisterServer : C:\Windows\system32\igfxrFRA.lrc @ 0x3204784
[IAT:Addr] (iexplore.exe) ADVAPI32.dll - TraceEvent : Unknown @ 0x77f39d9c
[IAT:Addr] (iexplore.exe) ADVAPI32.dll - GetTraceEnableFlags : Unknown @ 0x77ee8b35
[IAT:Addr] (iexplore.exe) ADVAPI32.dll - GetTraceEnableLevel : Unknown @ 0x77ee8aff
[IAT:Addr] (iexplore.exe) ADVAPI32.dll - GetTraceLoggerHandle : Unknown @ 0x77ee8a96
[IAT:Addr] (iexplore.exe) ADVAPI32.dll - UnregisterTraceGuids : Unknown @ 0x77eeb065
[IAT:Addr] (iexplore.exe) ADVAPI32.dll - RegisterTraceGuidsW : Unknown @ 0x77ee865a
[IAT:Addr] (iexplore.exe) ADVAPI32.dll - RegCloseKey : Unknown @ 0x77c7469d
[IAT:Addr] (iexplore.exe) ADVAPI32.dll - RegQueryValueExW : Unknown @ 0x77c746ad
[IAT:Addr] (iexplore.exe) ADVAPI32.dll - RegOpenKeyExW : Unknown @ 0x77c7468d
[IAT:Addr] (iexplore.exe) KERNEL32.dll - CreateFileW : Unknown @ 0x77e2cc56
[IAT:Addr] (iexplore.exe) KERNEL32.dll - GetWindowsDirectoryW : Unknown @ 0x77e204b6
[IAT:Addr] (iexplore.exe) KERNEL32.dll - TerminateProcess : Unknown @ 0x77e22331
[IAT:Addr] (iexplore.exe) KERNEL32.dll - DeleteCriticalSection : Unknown @ 0x77f19ac5
[IAT:Addr] (iexplore.exe) KERNEL32.dll - HeapSetInformation : Unknown @ 0x77e34157
[IAT:Addr] (iexplore.exe) KERNEL32.dll - SetErrorMode : Unknown @ 0x77e34a51
[IAT:Addr] (iexplore.exe) KERNEL32.dll - InitializeCriticalSection : Unknown @ 0x77f1a149
[IAT:Addr] (iexplore.exe) KERNEL32.dll - LoadLibraryW : Unknown @ 0x77e33c01
[IAT:Addr] (iexplore.exe) KERNEL32.dll - GetVersionExW : Unknown @ 0x77e23b1a
[IAT:Addr] (iexplore.exe) KERNEL32.dll - GetProcAddress : Unknown @ 0x77e333d3
[IAT:Addr] (iexplore.exe) KERNEL32.dll - GetModuleHandleW : Unknown @ 0x77e3374d
[IAT:Addr] (iexplore.exe) KERNEL32.dll - IsWow64Process : Unknown @ 0x77e24785
[IAT:Addr] (iexplore.exe) KERNEL32.dll - GetCurrentProcess : Unknown @ 0x77e2cdcf
[IAT:Addr] (iexplore.exe) KERNEL32.dll - RaiseException : Unknown @ 0x77e1eb60
[IAT:Addr] (iexplore.exe) KERNEL32.dll - LoadLibraryA : Unknown @ 0x77e3395c
[IAT:Addr] (iexplore.exe) KERNEL32.dll - GetSystemDefaultLCID : Unknown @ 0x77e27db8
[IAT:Addr] (iexplore.exe) KERNEL32.dll - GetUserDefaultLCID : Unknown @ 0x77e36584
[IAT:Addr] (iexplore.exe) KERNEL32.dll - GetFileTime : Unknown @ 0x77e20f6f
[IAT:Addr] (iexplore.exe) KERNEL32.dll - GetCommandLineW : Unknown @ 0x77e3679e
[IAT:Addr] (iexplore.exe) KERNEL32.dll - LocalAlloc : Unknown @ 0x77e33363
[IAT:Addr] (iexplore.exe) KERNEL32.dll - ExpandEnvironmentStringsW : Unknown @ 0x77e24680
[IAT:Addr] (iexplore.exe) KERNEL32.dll - CreateProcessW : Unknown @ 0x77de204d
[IAT:Addr] (iexplore.exe) KERNEL32.dll - LocalFree : Unknown @ 0x77e2ca64
[IAT:Addr] (iexplore.exe) KERNEL32.dll - lstrlenW : Unknown @ 0x77e2d9e8
[IAT:Addr] (iexplore.exe) KERNEL32.dll - SetDllDirectoryW : Unknown @ 0x77e6c7cf
[IAT:Addr] (iexplore.exe) KERNEL32.dll - GetLastError : Unknown @ 0x77e2bf00
[IAT:Addr] (iexplore.exe) KERNEL32.dll - SetLastError : Unknown @ 0x77e2bb08
[IAT:Addr] (iexplore.exe) KERNEL32.dll - CloseHandle : Unknown @ 0x77e2ca7c
[IAT:Addr] (iexplore.exe) KERNEL32.dll - InitializeCriticalSectionAndSpinCount : Unknown @ 0x77e33939
[IAT:Addr] (iexplore.exe) KERNEL32.dll - LeaveCriticalSection : Unknown @ 0x77f07760
[IAT:Addr] (iexplore.exe) KERNEL32.dll - EnterCriticalSection : Unknown @ 0x77f077a0
[IAT:Addr] (iexplore.exe) KERNEL32.dll - SearchPathW : Unknown @ 0x77e23dac
[IAT:Addr] (iexplore.exe) KERNEL32.dll - GetUserDefaultUILanguage : Unknown @ 0x77e222ef
[IAT:Addr] (iexplore.exe) KERNEL32.dll - GetSystemDefaultUILanguage : Unknown @ 0x77e1731d
[IAT:Addr] (iexplore.exe) KERNEL32.dll - UnmapViewOfFile : Unknown @ 0x77e2db13
[IAT:Addr] (iexplore.exe) KERNEL32.dll - FreeLibrary : Unknown @ 0x77e2d9d0
[IAT:Addr] (iexplore.exe) KERNEL32.dll - GetLocaleInfoW : Unknown @ 0x77e36596
[IAT:Addr] (iexplore.exe) KERNEL32.dll - CreateFileMappingW : Unknown @ 0x77e20a7f
[IAT:Addr] (iexplore.exe) KERNEL32.dll - MapViewOfFile : Unknown @ 0x77e2899b
[IAT:Addr] (iexplore.exe) KERNEL32.dll - LoadLibraryExW : Unknown @ 0x77e24775
[IAT:Addr] (iexplore.exe) KERNEL32.dll - LoadResource : Unknown @ 0x77e2984d
[IAT:Addr] (iexplore.exe) KERNEL32.dll - FindResourceExW : Unknown @ 0x77e247ea
[IAT:Addr] (iexplore.exe) KERNEL32.dll - UnhandledExceptionFilter : Unknown @ 0x77e3ed38
[IAT:Addr] (iexplore.exe) KERNEL32.dll - GetSystemTimeAsFileTime : Unknown @ 0x77e32fde
[IAT:Addr] (iexplore.exe) KERNEL32.dll - ReleaseMutex : Unknown @ 0x77e2ba72
[IAT:Addr] (iexplore.exe) KERNEL32.dll - GetCurrentProcessId : Unknown @ 0x77e2cac4
[IAT:Addr] (iexplore.exe) KERNEL32.dll - GetCurrentThreadId : Unknown @ 0x77e2bb80
[IAT:Addr] (iexplore.exe) KERNEL32.dll - GetTickCount : Unknown @ 0x77e2ba60
[IAT:Addr] (iexplore.exe) KERNEL32.dll - QueryPerformanceCounter : Unknown @ 0x77e2bb9f
[IAT:Addr] (iexplore.exe) KERNEL32.dll - GetModuleHandleA : Unknown @ 0x77e2cf41
[IAT:Addr] (iexplore.exe) KERNEL32.dll - SetUnhandledExceptionFilter : Unknown @ 0x77e33d01
[IAT:Addr] (iexplore.exe) KERNEL32.dll - GetStartupInfoW : Unknown @ 0x77e33891
[IAT:Addr] (iexplore.exe) KERNEL32.dll - InterlockedCompareExchange : Unknown @ 0x77e2bb92
[IAT:Addr] (iexplore.exe) KERNEL32.dll - Sleep : Unknown @ 0x77e2ba46
[IAT:Addr] (iexplore.exe) KERNEL32.dll - InterlockedExchange : Unknown @ 0x77e2bf0a
[IAT:Addr] (iexplore.exe) KERNEL32.dll - VerifyVersionInfoW : Unknown @ 0x77e20e91
[IAT:Addr] (iexplore.exe) KERNEL32.dll - GetCurrentDirectoryW : Unknown @ 0x77e3c13a
[IAT:Addr] (iexplore.exe) KERNEL32.dll - GetModuleFileNameW : Unknown @ 0x77e33c26
[IAT:Addr] (iexplore.exe) KERNEL32.dll - VerSetConditionMask : Unknown @ 0x77ee3030
[IAT:Addr] (iexplore.exe) USER32.dll - CharNextW : Unknown @ 0x77d20be6
[IAT:Addr] (iexplore.exe) USER32.dll - SendMessageTimeoutW : Unknown @ 0x77d1e459
[IAT:Addr] (iexplore.exe) USER32.dll - IsWindowVisible : Unknown @ 0x77d24d69
[IAT:Addr] (iexplore.exe) USER32.dll - IsWindowEnabled : Unknown @ 0x77d1a9b9
[IAT:Addr] (iexplore.exe) USER32.dll - AllowSetForegroundWindow : Unknown @ 0x77d17b60
[IAT:Addr] (iexplore.exe) USER32.dll - GetWindowThreadProcessId : Unknown @ 0x77d1ee32
[IAT:Addr] (iexplore.exe) USER32.dll - FindWindowExW : Unknown @ 0x77d4712b
[IAT:Addr] (iexplore.exe) USER32.dll - MessageBoxW : Unknown @ 0x77d6ea5f
[IAT:Addr] (iexplore.exe) USER32.dll - LoadStringW : Unknown @ 0x77d1dfba
[IAT:Addr] (iexplore.exe) msvcrt.dll - memcpy : Unknown @ 0x6ff59910
[IAT:Addr] (iexplore.exe) msvcrt.dll - bsearch : Unknown @ 0x6ff5b34a
[IAT:Addr] (iexplore.exe) msvcrt.dll - exit : Unknown @ 0x6ff636aa
[IAT:Addr] (iexplore.exe) msvcrt.dll - wcsncmp : Unknown @ 0x6ff5b05e
[IAT:Addr] (iexplore.exe) msvcrt.dll - iswspace : Unknown @ 0x6ff5aacb
[IAT:Addr] (iexplore.exe) msvcrt.dll - memset : Unknown @ 0x6ff59790
[IAT:Addr] (iexplore.exe) ntdll.dll - RtlUnwind : Unknown @ 0x77edfa18
[IAT:Addr] (iexplore.exe) SHLWAPI.dll - PathCombineW : Unknown @ 0x6de3c39c
[IAT:Addr] (iexplore.exe) SHLWAPI.dll - UrlCanonicalizeW : Unknown @ 0x6de37472
[IAT:Addr] (iexplore.exe) SHLWAPI.dll -  : Unknown @ 0x6de662e7
[IAT:Addr] (iexplore.exe) SHLWAPI.dll - PathIsURLW : Unknown @ 0x6de355bf
[IAT:Addr] (iexplore.exe) SHLWAPI.dll - SHGetValueW : Unknown @ 0x6de3a955
[IAT:Addr] (iexplore.exe) SHLWAPI.dll - SHSetValueW : Unknown @ 0x6de3170c
[IAT:Addr] (iexplore.exe) SHLWAPI.dll - SHRegGetValueW : Unknown @ 0x6de3b8ba
[IAT:Addr] (iexplore.exe) SHLWAPI.dll -  : Unknown @ 0x6de3bee6
[IAT:Addr] (iexplore.exe) SHLWAPI.dll -  : Unknown @ 0x6de35605
[IAT:Addr] (iexplore.exe) SHLWAPI.dll - PathRemoveFileSpecW : Unknown @ 0x6de33248
[IAT:Addr] (iexplore.exe) SHLWAPI.dll - PathAppendW : Unknown @ 0x6de381ef
[IAT:Addr] (iexplore.exe) SHLWAPI.dll - PathQuoteSpacesW : Unknown @ 0x6de5ce21
[IAT:Addr] (iexplore.exe) SHLWAPI.dll - UrlCreateFromPathW : Unknown @ 0x6de2c9a1
[IAT:Addr] (iexplore.exe) SHLWAPI.dll - UrlApplySchemeW : Unknown @ 0x6de22f29
[IAT:Addr] (iexplore.exe) SHLWAPI.dll - SHEnumValueW : Unknown @ 0x6de2cafd
[IAT:Addr] (iexplore.exe) SHLWAPI.dll - StrStrW : Unknown @ 0x6de2e52d
[IAT:Addr] (iexplore.exe) SHLWAPI.dll - PathFindFileNameW : Unknown @ 0x6de3bb71
[IAT:Addr] (iexplore.exe) SHLWAPI.dll -  : Unknown @ 0x6de3bb2d
[IAT:Addr] (iexplore.exe) SHELL32.dll - CommandLineToArgvW : Unknown @ 0x73819ee8
[IAT:Addr] (iexplore.exe) SHELL32.dll -  : Unknown @ 0x7388bd29
[IAT:Addr] (iexplore.exe) ole32.dll - CoInitialize : Unknown @ 0x7255b636
[IAT:Addr] (iexplore.exe) ole32.dll - CoUninitialize : Unknown @ 0x725886d3
[IAT:Addr] (iexplore.exe) iertutil.dll -  : C:\Windows\SYSTEM32\wow64.dll @ 0x747cafa6
[IAT:Addr] (iexplore.exe) iertutil.dll -  : Unknown @ 0x74771b29
[IAT:Addr] (iexplore.exe) iertutil.dll -  : Unknown @ 0x7474343d
[IAT:Addr] (iexplore.exe) iertutil.dll -  : C:\Windows\SYSTEM32\wow64.dll @ 0x747c6136
[IAT:Addr] (iexplore.exe) iertutil.dll -  : Unknown @ 0x7476ad43
[IAT:Addr] (iexplore.exe) iertutil.dll -  : Unknown @ 0x7470f1e6
[IAT:Addr] (iexplore.exe) iertutil.dll -  : Unknown @ 0x74766a51
[IAT:Addr] (iexplore.exe) iertutil.dll -  : Unknown @ 0x7474e509
[IAT:Addr] (iexplore.exe) iertutil.dll -  : Unknown @ 0x7474e371
[IAT:Addr] (iexplore.exe) iertutil.dll -  : Unknown @ 0x7474e20c
[IAT:Addr] (iexplore.exe) iertutil.dll -  : Unknown @ 0x7474e30e
[IAT:Addr] (iexplore.exe) iertutil.dll -  : Unknown @ 0x74602add
[IAT:Addr] (iexplore.exe) iertutil.dll -  : Unknown @ 0x74743466
[IAT:Addr] (iexplore.exe) iertutil.dll -  : Unknown @ 0x74743425
[IAT:Addr] (iexplore.exe) urlmon.dll -  : Unknown @ 0x72444720
[IAT:Addr] (iexplore.exe) urlmon.dll -  : Unknown @ 0x7242fdd6
[IAT:Addr] (iexplore.exe) urlmon.dll -  : Unknown @ 0x72416169

¤¤¤ Navigateurs web : 0 ¤¤¤

¤¤¤ MBR Verif : ¤¤¤
+++++ PhysicalDrive0: ST9500423AS +++++
--- User ---
[MBR] 70bdcc38ef14a9bc409555af17af9c96
[BSP] 165afe6a5a592760d5650158c0478f17 : Windows Vista/7/8 MBR Code
Partition table:
0 - [ACTIVE] NTFS (0x7) [VISIBLE] Offset (sectors): 2048 | Size: 356 MB
1 - [XXXXXX] NTFS (0x7) [VISIBLE] Offset (sectors): 731136 | Size: 159946 MB
2 - [XXXXXX] NTFS (0x7) [VISIBLE] Offset (sectors): 328300544 | Size: 316636 MB
User != LL1 ... KO!
--- LL1 ---
[MBR] c1420a868318a5c87d65eb836c5535c4
[BSP] 702a2e4b5f06f27fa7bd5882f869f32e : Unknown MBR Code
Partition table:
0 - [ACTIVE] NTFS (0x7) [VISIBLE] Offset (sectors): 2048 | Size: 356 MB
1 - [XXXXXX] NTFS (0x7) [VISIBLE] Offset (sectors): 731136 | Size: 159946 MB
2 - [XXXXXX] NTFS (0x7) [VISIBLE] Offset (sectors): 328300544 | Size: 316636 MB
User != LL2 ... KO!
--- LL2 ---
[MBR] c1420a868318a5c87d65eb836c5535c4
[BSP] 702a2e4b5f06f27fa7bd5882f869f32e : Unknown MBR Code
Partition table:
0 - [ACTIVE] NTFS (0x7) [VISIBLE] Offset (sectors): 2048 | Size: 356 MB
1 - [XXXXXX] NTFS (0x7) [VISIBLE] Offset (sectors): 731136 | Size: 159946 MB
2 - [XXXXXX] NTFS (0x7) [VISIBLE] Offset (sectors): 328300544 | Size: 316636 MB


============================================
RKreport_SCN_06162014_214012.log



#13 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:06:49 AM

Posted 17 June 2014 - 06:32 AM


Create and Run Batch File
  • Open Notepad and copy/paste the entire contents of the codebox below, into Notepad:

@echo off
>Log1.txt (
ipconfig /all
nslookup google.com
nslookup yahoo.com
ping -n 2 google.com
ping -n 2 yahoo.com
route print
)
start Log1.txt
del %0
  • Save this as router.bat Choose to Save type as - All Files and where to save - Desktop - then close the Notepad file.

    It should look like this: batfileicon.gif <--XP
    Double-click on router.bat to run it. it will open notepad when done please post back the results

gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#14 Wave81

Wave81
  • Topic Starter

  • Members
  • 17 posts
  • OFFLINE
  •  
  • Local time:06:49 AM

Posted 17 June 2014 - 12:06 PM

hi

 

Configuration IP de Windows

   Nom de l'h“te . . . . . . . . . . : CGI-304954
   Suffixe DNS principal . . . . . . : CNEDOM.CGI.COM
   Type de noeud. . . . . . . . . .  : Hybride
   Routage IP activ‚ . . . . . . . . : Non
   Proxy WINS activ‚ . . . . . . . . : Non
   Liste de recherche du suffixe DNS.: CNEDOM.CGI.COM

Carte Ethernet Connexion au r‚seau local* 16 :

   Statut du m‚dia. . . . . . . . . . . . : M‚dia d‚connect‚
   Suffixe DNS propre … la connexion. . . :
   Description. . . . . . . . . . . . . . : Juniper Network Connect Virtual Adapter
   Adresse physique . . . . . . . . . . . : 00-FF-10-54-3E-06
   DHCP activ‚. . . . . . . . . . . . . . : Oui
   Configuration automatique activ‚e. . . : Oui

Carte Ethernet Connexion au r‚seau local :

   Suffixe DNS propre … la connexion. . . :
   Description. . . . . . . . . . . . . . : Broadcom NetXtreme Gigabit Ethernet
   Adresse physique . . . . . . . . . . . : D4-BE-D9-84-35-B7
   DHCP activ‚. . . . . . . . . . . . . . : Oui
   Configuration automatique activ‚e. . . : Oui
   Adresse IPv4. . . . . . . . . . . . . .: 192.168.0.102(pr‚f‚r‚)
   Masque de sous-r‚seau. . . .ÿ. . . . . : 255.255.255.0
   Bail obtenu. . . . . . . . .ÿ. . . . . : 16 juin 2014 21:53:34
   Bail expirant. . . . . . . . .ÿ. . . . : 18 juin 2014 09:53:34
   Passerelle par d‚faut. . . .ÿ. . . . . : 192.168.0.1
   Serveur DHCP . . . . . . . . . . . . . : 192.168.0.1
   Serveurs DNS. . .  . . . . . . . . . . : 192.168.0.1
   NetBIOS sur Tcpip. . . . . . . . . . . : Activ‚
Serveur :   UnKnown
Address:  192.168.0.1

DNS request timed out.
    timeout was 2 seconds.
Nom :    google.com
Addresses:  2607:f8b0:4006:802::1006
      173.194.43.7
      173.194.43.6
      173.194.43.9
      173.194.43.4
      173.194.43.3
      173.194.43.5
      173.194.43.1
      173.194.43.0
      173.194.43.2
      173.194.43.8
      173.194.43.14

Serveur :   UnKnown
Address:  192.168.0.1

Nom :    yahoo.com
Addresses:  98.138.253.109
      206.190.36.45
      98.139.183.24


Envoi d'une requˆte 'ping' sur google.com [173.194.43.14] avec 32 octets de donn‚esÿ:
R‚ponse de 173.194.43.14ÿ: octets=32 temps=33 ms TTL=55
R‚ponse de 173.194.43.14ÿ: octets=32 temps=33 ms TTL=55

Statistiques Ping pour 173.194.43.14:
    Paquetsÿ: envoy‚s = 2, re‡us = 2, perdus = 0 (perte 0%),
Dur‚e approximative des boucles en millisecondes :
    Minimum = 33ms, Maximum = 33ms, Moyenne = 33ms

Envoi d'une requˆte 'ping' sur yahoo.com [98.139.183.24] avec 32 octets de donn‚esÿ:
R‚ponse de 98.139.183.24ÿ: octets=32 temps=37 ms TTL=54
R‚ponse de 98.139.183.24ÿ: octets=32 temps=82 ms TTL=54

Statistiques Ping pour 98.139.183.24:
    Paquetsÿ: envoy‚s = 2, re‡us = 2, perdus = 0 (perte 0%),
Dur‚e approximative des boucles en millisecondes :
    Minimum = 37ms, Maximum = 82ms, Moyenne = 59ms
===========================================================================
Liste d'Interfaces
 15...00 ff 10 54 3e 06 ......Juniper Network Connect Virtual Adapter
 11...d4 be d9 84 35 b7 ......Broadcom NetXtreme Gigabit Ethernet
  1...........................Software Loopback Interface 1
===========================================================================

IPv4 Table de routage
===========================================================================
Itin‚raires actifsÿ:
Destination r‚seau    Masque r‚seau  Adr. passerelle   Adr. interface M‚trique
          0.0.0.0          0.0.0.0      192.168.0.1    192.168.0.102     10
        127.0.0.0        255.0.0.0         On-link         127.0.0.1    306
        127.0.0.1  255.255.255.255         On-link         127.0.0.1    306
  127.255.255.255  255.255.255.255         On-link         127.0.0.1    306
      192.168.0.0    255.255.255.0         On-link     192.168.0.102    266
    192.168.0.102  255.255.255.255         On-link     192.168.0.102    266
    192.168.0.255  255.255.255.255         On-link     192.168.0.102    266
        224.0.0.0        240.0.0.0         On-link         127.0.0.1    306
        224.0.0.0        240.0.0.0         On-link     192.168.0.102    266
  255.255.255.255  255.255.255.255         On-link         127.0.0.1    306
  255.255.255.255  255.255.255.255         On-link     192.168.0.102    266
===========================================================================
Itin‚raires persistantsÿ:
  Aucun

IPv6 Table de routage
===========================================================================
Itin‚raires actifsÿ:
 If Metric Network Destination      Gateway
  1    306 ::1/128                  On-link
  1    306 ff00::/8                 On-link
===========================================================================
Itin‚raires persistantsÿ:
  Aucun
 



#15 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:06:49 AM

Posted 19 June 2014 - 03:20 AM


Hello


I would like you to set the router's DNS settings to point to open DNS.

You can see how to this here. - https://store.opendns.com/setup/router/

Just pick which router you are using and follow the instructions listed using the settings that they provide


Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users