TechSpot

Sirefef and others

Inactive
By Aerbach
Sep 27, 2012
  1. Hi everyone,

    My computer is infected with various viruses (identified by ESET): Sirefef.AP and .W, Conedex.B and .C, Agent.BA, Patched.A.Gen. ESET alerts pop up every 2 minutes on average and a scan failed to remove these, only to find them.

    I followed the 5 steps and you will find the logs below. Any help would be greatly appreciated.

    Thanks a lot!

    *******************
    Malwarebytes

    27/09/2012 12:57:38
    mbam-log-2012-09-27 (12-57-38).txt

    Scan type: Quick scan
    Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
    Scan options disabled: P2P
    Objects scanned: 292783
    Time elapsed: 4 minute(s), 36 second(s)

    Memory Processes Detected: 0
    (No malicious items detected)

    Memory Modules Detected: 0
    (No malicious items detected)

    Registry Keys Detected: 0
    (No malicious items detected)

    Registry Values Detected: 0
    (No malicious items detected)

    Registry Data Items Detected: 0
    (No malicious items detected)

    Folders Detected: 0
    (No malicious items detected)

    Files Detected: 2
    \Desktop\SetupRevelationV2.exe (HackTool.SnadBoy) -> Quarantined and deleted successfully.
    C:\Windows\Installer\{d96ce672-8178-7d6b-c681-96dfb17650d5}\U\80000032.@ (Rootkit.0Access) -> Quarantined and deleted successfully.

    (end)

    ***************************************************************
    GMER

    GMER 1.0.15.15641 - http://www.gmer.net
    Rootkit scan 2012-09-27 14:58:02
    Windows 6.1.7601 Service Pack 1
    Running: q2k0f8v5.exe


    ---- Registry - GMER 1.0.15 ----

    Reg HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\2c8158c80aaf
    Reg HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\2c8158c8f10e
    Reg HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\506313fd6b60
    Reg HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\f07bcbac6a41
    Reg HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\2c8158c80aaf (not active ControlSet)
    Reg HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\2c8158c8f10e (not active ControlSet)
    Reg HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\506313fd6b60 (not active ControlSet)
    Reg HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\f07bcbac6a41 (not active ControlSet)

    ---- EOF - GMER 1.0.15 ----

    **************************************************************************

    DDS.txt

    .
    DDS (Ver_2011-08-26.01) - NTFSAMD64
    Internet Explorer: 9.0.8112.16421 BrowserJavaVersion: 10.7.2
    Run by e.frot at 14:59:46 on 2012-09-27
    Microsoft Windows 7 Professionnel 6.1.7601.1.1252.33.1036.18.8127.5517 [GMT 2:00]
    .
    AV: ESET Endpoint Security 5.0 *Enabled/Updated* {77DEAFED-8149-104B-25A1-21771CA47CD1}
    SP: ESET Endpoint Security 5.0 *Enabled/Updated* {CCBF4E09-A773-1FC5-1F11-1A056723366C}
    SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
    FW: Pare-feu personnel d'ESET *Enabled* {4FE52EC8-CB26-1113-0EFE-8842E2773BAA}
    .
    ============== Running Processes ===============
    .
    C:\Windows\system32\wininit.exe
    C:\Windows\system32\lsm.exe
    C:\Windows\system32\svchost.exe -k DcomLaunch
    C:\Windows\system32\nvvsvc.exe
    C:\Windows\system32\svchost.exe -k RPCSS
    C:\Program Files (x86)\Trusteer\Rapport\bin\RapportMgmtService.exe
    C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
    C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
    C:\Windows\system32\svchost.exe -k netsvcs
    C:\Windows\system32\svchost.exe -k LocalService
    C:\Windows\system32\nvvsvc.exe
    C:\Windows\SYSTEM32\WISPTIS.EXE
    C:\Windows\system32\svchost.exe -k NetworkService
    C:\Windows\System32\spoolsv.exe
    C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
    C:\Program Files (x86)\ABBYY PDF Transformer 3.0\NetworkLicenseServer.exe
    C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
    C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
    C:\Program Files\Bonjour\mDNSResponder.exe
    C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe
    C:\Program Files\ESET\ESET Endpoint Security\x86\ekrn.exe
    C:\Program Files (x86)\LogMeIn\x64\LMIGuardianSvc.exe
    C:\Program Files (x86)\LogMeIn\x64\RaMaint.exe
    C:\Program Files (x86)\LogMeIn\x64\LogMeIn.exe
    C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe
    C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
    C:\Program Files\MySQL\MySQL Server 5.5\bin\mysqld.exe
    C:\Windows\System32\svchost.exe -k HPZ12
    C:\Program Files (x86)\Sony\PMB\PMBDeviceInfoProvider.exe
    C:\Windows\System32\svchost.exe -k HPZ12
    C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
    C:\Program Files (x86)\PostgreSQL\8.4\bin\postgres.exe
    C:\Windows\system32\conhost.exe
    C:\Windows\system32\svchost.exe -k imgsvc
    C:\Program Files (x86)\ArcSoft\Magic-I Visual Effects 2\uCamMonitor.exe
    C:\Program Files (x86)\Sony\VAIO Event Service\VESMgr.exe
    C:\Program Files\Sony\VCM Intelligent Network Service Manager\VcmINSMgr.exe
    C:\Program Files\Sony\VAIO Smart Network\VSNService.exe
    C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
    C:\Windows\SysWOW64\DllHost.exe
    C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
    C:\Program Files (x86)\Sony\VAIO Event Service\VESMgrSub.exe
    C:\Program Files (x86)\PostgreSQL\8.4\bin\postgres.exe
    C:\Program Files (x86)\PostgreSQL\8.4\bin\postgres.exe
    C:\Program Files (x86)\PostgreSQL\8.4\bin\postgres.exe
    C:\Program Files (x86)\PostgreSQL\8.4\bin\postgres.exe
    C:\Program Files (x86)\PostgreSQL\8.4\bin\postgres.exe
    C:\Windows\system32\taskhost.exe
    C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe
    C:\Windows\system32\Dwm.exe
    C:\Windows\Explorer.EXE
    C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
    C:\Program Files (x86)\LogMeIn\x64\LogMeInSystray.exe
    C:\Program Files\TortoiseHg\TortoiseHgOverlayServer.exe
    C:\Program Files\ESET\ESET Endpoint Security\egui.exe
    C:\Users\e.frot\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe
    C:\Windows\SYSTEM32\WISPTIS.EXE
    C:\Program Files\Common Files\microsoft shared\ink\TabTip.exe
    C:\Users\e.frot\AppData\Local\Google\Chrome\Application\chrome.exe
    C:\Program Files\Sony\VAIO Smart Network\VSNClient.exe
    C:\Program Files (x86)\Common Files\Microsoft Shared\Ink\TabTip32.exe
    C:\Users\e.frot\AppData\Roaming\Dropbox\bin\Dropbox.exe
    C:\Program Files (x86)\Sony\PMB\PMBVolumeWatcher.exe
    C:\Program Files (x86)\Evernote\Evernote\EvernoteClipper.exe
    C:\Program Files (x86)\Real\RealPlayer\Update\realsched.exe
    C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
    C:\Program Files (x86)\iTunes\iTunesHelper.exe
    C:\Windows\system32\SearchIndexer.exe
    C:\Program Files (x86)\Trusteer\Rapport\bin\RapportService.exe
    C:\Windows\system32\taskeng.exe
    C:\Users\e.frot\AppData\Local\Google\Chrome\Application\chrome.exe
    C:\Users\e.frot\AppData\Local\Google\Chrome\Application\chrome.exe
    C:\Users\e.frot\AppData\Local\Google\Chrome\Application\chrome.exe
    C:\Users\e.frot\AppData\Local\Google\Chrome\Application\chrome.exe
    C:\Users\e.frot\AppData\Local\Google\Chrome\Application\chrome.exe
    C:\Users\e.frot\AppData\Local\Google\Chrome\Application\chrome.exe
    C:\Users\e.frot\AppData\Local\Google\Chrome\Application\chrome.exe
    C:\Users\e.frot\AppData\Local\Google\Chrome\Application\chrome.exe
    C:\Program Files\iPod\bin\iPodService.exe
    C:\Users\e.frot\AppData\Local\Google\Chrome\Application\chrome.exe
    C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
    C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
    C:\Program Files\Sony\VAIO Care\VCPerfService.exe
    C:\Program Files\Sony\VAIO Care\listener.exe
    C:\Program Files\Sony\VAIO Update 5\VAIOUpdt.exe
    C:\Program Files\Sony\VAIO Update Common\VUAgent.exe
    C:\Program Files\Common Files\Microsoft Shared\Ink\InputPersonalization.exe
    C:\Windows\system32\taskhost.exe
    C:\Users\e.frot\AppData\Local\Google\Chrome\Application\chrome.exe
    C:\Windows\splwow64.exe
    "C:\Windows\SysWOW64\svchost.exe" -k LocalServiceDns
    C:\Program Files (x86)\Microsoft Office\Office14\OUTLOOK.EXE
    C:\Windows\sysWow64\SearchProtocolHost.exe
    C:\Windows\system32\SearchFilterHost.exe
    C:\Users\e.frot\AppData\Local\Google\Chrome\Application\chrome.exe
    C:\Windows\system32\PrintIsolationHost.exe
    C:\Users\e.frot\AppData\Local\Google\Chrome\Application\chrome.exe
    C:\Windows\system32\SearchProtocolHost.exe
    C:\Windows\system32\DllHost.exe
    C:\Windows\system32\DllHost.exe
    C:\Windows\SysWOW64\cmd.exe
    C:\Windows\system32\conhost.exe
    C:\Windows\SysWOW64\cscript.exe
    C:\Windows\system32\wbem\wmiprvse.exe
    .
    ============== Pseudo HJT Report ===============
    .
    uStart Page = hxxp://isearch.babylon.com/?affID=115131&tt=3812_3&babsrc=HP_iclro&mntrId=9892785f00000000000054424914e0eb
    uDefault_Page_URL = hxxp://www.google.com/ig/redirectdomain?brand=SVED&bmod=EU01
    uInternet Settings,ProxyOverride = *.local
    mWinlogon: Userinit=userinit.exe,
    BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
    BHO: Babylon toolbar helper: {2eecd738-5844-4a99-b4b6-146bf802613b} - C:\Program Files (x86)\BabylonToolbar\BabylonToolbar\1.6.9.12\bh\BabylonToolbar.dll
    BHO: RealPlayer Download and Record Plugin for Internet Explorer: {3049c3e9-b461-4bc5-8870-4c09146192ca} - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll
    BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - C:\PROGRA~2\MICROS~1\Office14\GROOVEEX.DLL
    BHO: Java(tm) Plug-In SSV Helper: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll
    BHO: Programme d'aide de l'Assistant de connexion Windows Live ID: {9030d464-4c02-4abf-8ecc-5164760863c6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    BHO: LastPass Browser Helper Object: {95d9ecf5-2a4d-4550-be49-70d42f71296e} - C:\Program Files (x86)\LastPass\LPBar.dll
    BHO: Office Document Cache Handler: {b4f3a835-0e21-4959-ba22-42b3008e02ff} - C:\PROGRA~2\MICROS~1\Office14\URLREDIR.DLL
    BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll
    TB: LastPass Toolbar: {9f6b5cc3-5c7b-4b5c-97af-19dec1e380e5} - C:\Program Files (x86)\LastPass\LPBar.dll
    TB: Babylon Toolbar: {98889811-442d-49dd-99d7-dc866be87dbc} - C:\Program Files (x86)\BabylonToolbar\BabylonToolbar\1.6.9.12\BabylonToolbarTlbr.dll
    uRun: [Google Update] "C:\Users\e.frot\AppData\Local\Google\Update\GoogleUpdate.exe" /c
    uRun: [Spotify Web Helper] "C:\Users\e.frot\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe"
    uRun: [Adobe Reader Synchronizer] "C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AdobeCollabSync.exe"
    uRun: [GoogleChromeAutoLaunch_A9631577BE348CFE759D552FD766CD02] "C:\Users\e.frot\AppData\Local\Google\Chrome\Application\chrome.exe" --no-startup-window
    uRun: [Media Finder] "C:\Program Files (x86)\Media Finder\Media Finder.exe" /opentotray
    mRun: [PMBVolumeWatcher] C:\Program Files (x86)\Sony\PMB\PMBVolumeWatcher.exe
    mRun: [SignIn] "C:\Program Files (x86)\Microsoft Online Services\Sign In\SignIn.exe" /autorun
    mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
    mRun: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
    mRun: [TkBellExe] "C:\Program Files (x86)\Real\RealPlayer\update\realsched.exe" -osboot
    mRun: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
    mRun: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
    mRun: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
    mRun: [BCSSync] "C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe" /DelayServices
    dRunOnce: [{91120000-002F-0000-0000-0000000FF1CE}] C:\Windows\system32\cmd.exe /C del "C:\ProgramData\Microsoft Help\Rgstrtn.lck" /Q /A:H
    dRunOnce: [{91120000-0014-0000-0000-0000000FF1CE}] C:\Windows\system32\cmd.exe /C del "C:\ProgramData\Microsoft Help\Rgstrtn.lck" /Q /A:H
    StartupFolder: C:\Users\E7590~1.FRO\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\Dropbox.lnk - C:\Users\e.frot\AppData\Roaming\Dropbox\bin\Dropbox.exe
    StartupFolder: C:\Users\E7590~1.FRO\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\EVERNO~1.LNK - C:\Program Files (x86)\Evernote\Evernote\EvernoteClipper.exe
    StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\MICROS~1.LNK - C:\Windows\Installer\{90140000-003D-0000-0000-0000000FF1CE}\outicon.exe
    mPolicies-explorer: NoActiveDesktop = 1 (0x1)
    mPolicies-explorer: NoActiveDesktopChanges = 1 (0x1)
    mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5)
    mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
    mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
    IE: &Envoyer à OneNote - C:\PROGRA~2\MICROS~1\Office14\ONBttnIE.dll/105
    IE: Add to Evernote 4.0 - C:\Program Files (x86)\Evernote\Evernote\EvernoteIE.dll/204
    IE: Download with &Media Finder - C:\Program Files (x86)\Media Finder\hook.html
    IE: E&xporter vers Microsoft Excel - C:\PROGRA~2\MICROS~1\Office14\EXCEL.EXE/3000
    IE: {A95fe080-8f5d-11d2-a20b-00aa003c157a} - res://C:\Program Files (x86)\Evernote\Evernote\EvernoteIE.dll/204
    IE: {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
    IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
    IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll
    IE: {43699cd0-e34f-11de-8a39-0800200c9a66} - {95D9ECF5-2A4D-4550-BE49-70D42F71296E} - C:\Program Files (x86)\LastPass\LPBar.dll
    IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
    LSP: mswsock.dll
    DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab
    DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab
    DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab
    TCP: Interfaces\{38936D5E-AF80-4F9F-9E9C-F21FA582C303}\D4963627F65636F6E6F6D69687D23405C4 : DhcpNameServer = 192.168.0.10
    TCP: Interfaces\{8D9D241B-8423-47AA-84D7-20EDAD500683} : NameServer = 192.168.0.10
    Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\microsoft shared\OFFICE14\MSOXMLMF.DLL
    Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL
    Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
    SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - C:\PROGRA~2\MICROS~1\Office14\GROOVEEX.DLL
    {18DF081C-E8AD-4283-A596-FA578C2EBDC3}
    {2EECD738-5844-4a99-B4B6-146BF802613B}
    {3049C3E9-B461-4BC5-8870-4C09146192CA}
    {72853161-30C5-4D22-B7F9-0BBC1D38A37E}
    {761497BB-D6F0-462C-B6EB-D4DAF1D92D43}
    {9030D464-4C02-4ABF-8ECC-5164760863C6}
    {95D9ECF5-2A4D-4550-BE49-70D42F71296E}
    {B4F3A835-0E21-4959-BA22-42B3008E02FF}
    {DBC80044-A445-435b-BC74-9C25C1C588A9}
    {9f6b5cc3-5c7b-4b5c-97af-19dec1e380e5}
    {98889811-442D-49dd-99D7-DC866BE87DBC}
    mRun-x64: [PMBVolumeWatcher] C:\Program Files (x86)\Sony\PMB\PMBVolumeWatcher.exe
    mRun-x64: [SignIn] "C:\Program Files (x86)\Microsoft Online Services\Sign In\SignIn.exe" /autorun
    mRun-x64: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
    mRun-x64: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
    mRun-x64: [TkBellExe] "C:\Program Files (x86)\Real\RealPlayer\update\realsched.exe" -osboot
    mRun-x64: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
    mRun-x64: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
    mRun-x64: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
    mRun-x64: [BCSSync] "C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe" /DelayServices
    IE-X64: {A95fe080-8f5d-11d2-a20b-00aa003c157a} - res://C:\Program Files (x86)\Evernote\Evernote\EvernoteIE.dll/204
    IE-X64: {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
    SEH-X64: {B5A7F190-DDA6-4420-B3BA-52453494E6CD}: Groove GFS Stub Execution Hook
    .
    ================= FIREFOX ===================
    .
    FF - ProfilePath - C:\Users\e.frot\AppData\Roaming\Mozilla\Firefox\Profiles\cp0s9d0r.default\
    FF - prefs.js: browser.startup.homepage - hxxp://isearch.babylon.com/?affID=115131&tt=3812_3&babsrc=HP_iclro&mntrId=9892785f00000000000054424914e0eb
    FF - prefs.js: keyword.URL - hxxp://isearch.babylon.com/?affID=115131&tt=3812_3&babsrc=KW_iclro&mntrId=9892785f00000000000054424914e0eb&q=
    FF - prefs.js: browser.search.selectedEngine - iSearch
    FF - plugin: C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL
    FF - plugin: C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL
    FF - plugin: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll
    FF - plugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll
    FF - plugin: C:\Program Files (x86)\Google\Update\1.3.21.111\npGoogleUpdate3.dll
    FF - plugin: C:\Program Files (x86)\Google\Update\1.3.21.115\npGoogleUpdate3.dll
    FF - plugin: C:\Program Files (x86)\Google\Update\1.3.21.123\npGoogleUpdate3.dll
    FF - plugin: C:\Program Files (x86)\Google\Update\1.3.21.69\npGoogleUpdate3.dll
    FF - plugin: C:\Program Files (x86)\Google\Update\1.3.21.79\npGoogleUpdate3.dll
    FF - plugin: C:\Program Files (x86)\Google\Update\1.3.21.99\npGoogleUpdate3.dll
    FF - plugin: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll
    FF - plugin: c:\Program Files (x86)\Microsoft Silverlight\5.1.10411.0\npctrlui.dll
    FF - plugin: C:\Program Files (x86)\Microsoft\Office Live\npOLW.dll
    FF - plugin: C:\Program Files (x86)\Opera\program\plugins\nppl3260.dll
    FF - plugin: C:\Program Files (x86)\Opera\program\plugins\nprjplug.dll
    FF - plugin: C:\Program Files (x86)\Opera\program\plugins\nprpjplug.dll
    FF - plugin: C:\Program Files (x86)\Virtual Earth 3D\npVE3D.dll
    FF - plugin: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
    FF - plugin: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll
    FF - plugin: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll
    FF - plugin: C:\Users\e.frot\AppData\Local\Google\Update\1.3.21.115\npGoogleUpdate3.dll
    FF - plugin: C:\Users\e.frot\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll
    FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_3_300_271.dll
    FF - plugin: C:\Windows\SysWOW64\npDeployJava1.dll
    FF - plugin: C:\Windows\SysWOW64\npmproxy.dll
    .
    ---- FIREFOX POLICIES ----
    FF - user.js: extensions.BabylonToolbar.autoRvrt - false
    FF - user.js: extensions.BabylonToolbar_i.newTab - false
    FF - user.js: extensions.BabylonToolbar.tlbrSrchUrl - hxxp://search.babylon.com/?babsrc=TB_def&mntrId=9892785f00000000000054424914e0eb&q=
    FF - user.js: extensions.BabylonToolbar.id - 9892785f00000000000054424914e0eb
    FF - user.js: extensions.BabylonToolbar.appId - {BDB69379-802F-4eaf-B541-F8DE92DD98DB}
    FF - user.js: extensions.BabylonToolbar.instlDay - 15603
    FF - user.js: extensions.BabylonToolbar.vrsn - 1.6.9.12
    FF - user.js: extensions.BabylonToolbar.vrsni - 1.6.9.12
    FF - user.js: extensions.BabylonToolbar_i.vrsnTs - 1.6.9.1213:08:38
    FF - user.js: extensions.BabylonToolbar.prtnrId - babylon
    FF - user.js: extensions.BabylonToolbar.prdct - BabylonToolbar
    FF - user.js: extensions.BabylonToolbar.aflt - babsst
    FF - user.js: extensions.BabylonToolbar_i.smplGrp - none
    FF - user.js: extensions.BabylonToolbar.tlbrId - iclaro
    FF - user.js: extensions.BabylonToolbar.instlRef - sst
    FF - user.js: extensions.BabylonToolbar.dfltLng - en
    FF - user.js: extensions.BabylonToolbar.excTlbr - false
    FF - user.js: extensions.BabylonToolbar.admin - false
    FF - user.js: extensions.BabylonToolbar_i.babTrack - affID=115131&tt=3812_3
    FF - user.js: extensions.BabylonToolbar_i.babExt -
    FF - user.js: extensions.BabylonToolbar_i.srcExt - iclro
    .
    ============= SERVICES / DRIVERS ===============
    .
    R0 epfwwfp;epfwwfp;C:\Windows\system32\DRIVERS\epfwwfp.sys --> C:\Windows\system32\DRIVERS\epfwwfp.sys [?]
    R0 PxHlpa64;PxHlpa64;C:\Windows\system32\Drivers\PxHlpa64.sys --> C:\Windows\system32\Drivers\PxHlpa64.sys [?]
    R0 RapportKE64;RapportKE64;C:\Windows\system32\Drivers\RapportKE64.sys --> C:\Windows\system32\Drivers\RapportKE64.sys [?]
    R1 eamonm;eamonm;C:\Windows\system32\DRIVERS\eamonm.sys --> C:\Windows\system32\DRIVERS\eamonm.sys [?]
    R1 EpfwLWF;Epfw NDIS LightWeight Filter;C:\Windows\system32\DRIVERS\EpfwLWF.sys --> C:\Windows\system32\DRIVERS\EpfwLWF.sys [?]
    R1 RapportCerberus_42020;RapportCerberus_42020;C:\ProgramData\Trusteer\Rapport\store\exts\RapportCerberus\baseline\RapportCerberus64_42020.sys [2012-8-20 397720]
    R1 RapportEI64;RapportEI64;C:\Program Files (x86)\Trusteer\Rapport\bin\x64\RapportEI64.sys [2012-9-7 55096]
    R1 RapportPG64;RapportPG64;C:\Program Files (x86)\Trusteer\Rapport\bin\x64\RapportPG64.sys [2012-9-7 297240]
    R1 vwififlt;Virtual WiFi Filter Driver;C:\Windows\system32\DRIVERS\vwififlt.sys --> C:\Windows\system32\DRIVERS\vwififlt.sys [?]
    R2 ABBYY.Licensing.PDFTransformer.Classic.3.0;ABBYY PDF Transformer 3.0, Service de Gestion des Licences;C:\Program Files (x86)\ABBYY PDF Transformer 3.0\NetworkLicenseServer.exe [2010-2-1 759048]
    R2 AdobeARMservice;Adobe Acrobat Update Service;C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2012-7-27 63960]
    R2 ekrn;ESET Service;C:\Program Files\ESET\ESET Endpoint Security\x86\ekrn.exe [2012-7-4 999704]
    R2 LMIGuardianSvc;LMIGuardianSvc;C:\Program Files (x86)\LogMeIn\x64\LMIGuardianSvc.exe [2010-9-30 375208]
    R2 LMIInfo;LogMeIn Kernel Information Provider;C:\Program Files (x86)\LogMeIn\x64\rainfo.sys [2010-1-27 15928]
    R2 LMIRfsDriver;LogMeIn Remote File System Driver;\??\C:\Windows\system32\drivers\LMIRfsDriver.sys --> C:\Windows\system32\drivers\LMIRfsDriver.sys [?]
    R2 MBAMScheduler;MBAMScheduler;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [2012-9-27 399432]
    R2 MBAMService;MBAMService;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2012-9-27 676936]
    R2 PMBDeviceInfoProvider;PMBDeviceInfoProvider;C:\Program Files (x86)\Sony\PMB\PMBDeviceInfoProvider.exe [2009-10-24 360224]
    R2 RapportMgmtService;Rapport Management Service;C:\Program Files (x86)\Trusteer\Rapport\bin\RapportMgmtService.exe [2012-9-7 976728]
    R2 rimspci;rimspci;C:\Windows\system32\drivers\rimssne64.sys --> C:\Windows\system32\drivers\rimssne64.sys [?]
    R2 risdsnpe;risdsnpe;C:\Windows\system32\drivers\risdsne64.sys --> C:\Windows\system32\drivers\risdsne64.sys [?]
    R2 SampleCollector;VAIO Care Performance Service;C:\Program Files\Sony\VAIO Care\VCPerfService.exe [2011-9-2 259192]
    R2 uCamMonitor;CamMonitor;C:\Program Files (x86)\ArcSoft\Magic-I Visual Effects 2\uCamMonitor.exe [2010-4-26 104960]
    R2 VcmINSMgr;VAIO Content Metadata Intelligent Network Service Manager;C:\Program Files\Sony\VCM Intelligent Network Service Manager\VcmINSMgr.exe [2010-2-19 386416]
    R2 VSNService;VSNService;C:\Program Files\Sony\VAIO Smart Network\VSNService.exe [2010-4-26 822784]
    R3 ArcSoftKsUFilter;ArcSoft Magic-I Visual Effect;C:\Windows\system32\DRIVERS\ArcSoftKsUFilter.sys --> C:\Windows\system32\DRIVERS\ArcSoftKsUFilter.sys [?]
    R3 e1yexpress;Intel(R) Gigabit Network Connections Driver;C:\Windows\system32\DRIVERS\e1y62x64.sys --> C:\Windows\system32\DRIVERS\e1y62x64.sys [?]
    R3 HECIx64;Intel(R) Management Engine Interface;C:\Windows\system32\drivers\HECIx64.sys --> C:\Windows\system32\drivers\HECIx64.sys [?]
    R3 hidkmdf;Microsoft HID Class Shim for KMDF;C:\Windows\system32\drivers\hidkmdf.sys --> C:\Windows\system32\drivers\hidkmdf.sys [?]
    R3 MBAMProtector;MBAMProtector;\??\C:\Windows\system32\drivers\mbam.sys --> C:\Windows\system32\drivers\mbam.sys [?]
    R3 NW1950;NextWindow 1950 Touch Screen;C:\Windows\system32\drivers\NW1950.sys --> C:\Windows\system32\drivers\NW1950.sys [?]
    R3 osppsvc;Office Software Protection Platform;C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-1-9 4925184]
    R3 SFEP;Sony Firmware Extension Parser;C:\Windows\system32\drivers\SFEP.sys --> C:\Windows\system32\drivers\SFEP.sys [?]
    R3 VUAgent;VUAgent;C:\Program Files\Sony\VAIO Update Common\VUAgent.exe [2012-1-13 1256040]
    S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
    S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
    S2 gupdate;Service Google Update (gupdate);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2010-4-26 135664]
    S2 postgresql-8.4;postgresql-8.4 - PostgreSQL Server 8.4;C:/Program Files (x86)/PostgreSQL/8.4/bin/pg_ctl.exe runservice -N "postgresql-8.4" -D "C:/Program Files (x86)/PostgreSQL/8.4/data" -w --> C:/Program Files (x86)/PostgreSQL/8.4/bin/pg_ctl.exe runservice -N postgresql-8.4 [?]
    S2 Roxio Upnp Server 10;Roxio Upnp Server 10;C:\Program Files (x86)\Roxio\Digital Home 10\RoxioUpnpService10.exe [2009-11-25 362992]
    S2 SkypeUpdate;Skype Updater;C:\Program Files (x86)\Skype\Updater\Updater.exe [2012-7-13 160944]
    S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-4-4 250288]
    S3 btwampfl;Bluetooth AMP USB Filter;C:\Windows\system32\drivers\btwampfl.sys --> C:\Windows\system32\drivers\btwampfl.sys [?]
    S3 btwl2cap;Bluetooth L2CAP Service;C:\Windows\system32\DRIVERS\btwl2cap.sys --> C:\Windows\system32\DRIVERS\btwl2cap.sys [?]
    S3 ESHASRV;ESET SHA Service;C:\Program Files\ESET\ESET Endpoint Security\EShaSrv.exe [2012-7-4 190208]
    S3 fssfltr;fssfltr;C:\Windows\system32\DRIVERS\fssfltr.sys --> C:\Windows\system32\DRIVERS\fssfltr.sys [?]
    S3 fsssvc;Windows Live Family Safety Service;C:\Program Files (x86)\Windows Live\Family Safety\fsssvc.exe [2010-9-23 1493352]
    S3 gupdatem;Service Google Update (gupdatem);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2010-4-26 135664]
    S3 ivusb;Initio Driver for USB Default Controller;C:\Windows\system32\DRIVERS\ivusb.sys --> C:\Windows\system32\DRIVERS\ivusb.sys [?]
    S3 Microsoft SharePoint Workspace Audit Service;Microsoft SharePoint Workspace Audit Service;C:\Program Files (x86)\Microsoft Office\Office14\GROOVE.EXE [2011-6-12 31125880]
    S3 MozillaMaintenance;Mozilla Maintenance Service;C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe [2012-4-25 113120]
    S3 Roxio UPnP Renderer 10;Roxio UPnP Renderer 10;C:\Program Files (x86)\Roxio\Digital Home 10\RoxioUPnPRenderer10.exe [2009-11-25 313840]
    S3 SOHCImp;VAIO Media plus Content Importer;C:\Program Files (x86)\Common Files\Sony Shared\SOHLib\SOHCImp.exe [2010-9-10 108400]
    S3 SOHDms;VAIO Media plus Digital Media Server;C:\Program Files (x86)\Common Files\Sony Shared\SOHLib\SOHDms.exe [2010-10-12 423280]
    S3 SOHDs;VAIO Media plus Device Searcher;C:\Program Files (x86)\Common Files\Sony Shared\SOHLib\SOHDs.exe [2010-9-10 67952]
    S3 SpfService;VAIO Entertainment Common Service;C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\SPF\SpfService64.exe [2011-1-20 286936]
    S3 StorSvc;Service de stockage;C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted [2009-7-14 20992]
    S3 TsUsbFlt;TsUsbFlt;C:\Windows\system32\drivers\tsusbflt.sys --> C:\Windows\system32\drivers\tsusbflt.sys [?]
    S3 USBAAPL64;Apple Mobile USB Driver;C:\Windows\system32\Drivers\usbaapl64.sys --> C:\Windows\system32\Drivers\usbaapl64.sys [?]
    S3 VAIO Power Management;VAIO Power Management;C:\Program Files\Sony\VAIO Power Management\SPMService.exe [2010-4-26 574320]
    S3 VCFw;VAIO Content Folder Watcher;C:\Program Files (x86)\Common Files\Sony Shared\VAIO Content Folder Watcher\VCFw.exe [2011-1-20 887000]
    S3 VcmIAlzMgr;VAIO Content Metadata Intelligent Analyzing Manager;C:\Program Files\Sony\VCM Intelligent Analyzing Manager\VcmIAlzMgr.exe [2011-5-19 549616]
    S3 VcmXmlIfHelper;VAIO Content Metadata XML Interface;C:\Program Files\Common Files\Sony Shared\VcmXml\VcmXmlIfHelper64.exe [2011-2-18 99104]
    S3 WatAdminSvc;Service Windows Activation Technologies;C:\Windows\system32\Wat\WatAdminSvc.exe --> C:\Windows\system32\Wat\WatAdminSvc.exe [?]
    S3 WDC_SAM;WD SCSI Pass Thru driver;C:\Windows\system32\DRIVERS\wdcsam64.sys --> C:\Windows\system32\DRIVERS\wdcsam64.sys [?]
    S3 WSDPrintDevice;Prise en charge de l’impression WSD via UMB;C:\Windows\system32\DRIVERS\WSDPrint.sys --> C:\Windows\system32\DRIVERS\WSDPrint.sys [?]
    .
    =============== Created Last 30 ================
    .
    2012-09-27 10:56:4025928----a-w-C:\Windows\System32\drivers\mbam.sys
    2012-09-27 09:35:33--------d-----w-C:\Program Files (x86)\TileMill-v0.10.0
    2012-09-26 13:05:54--------d-----w-C:\TDSSKiller_Quarantine
    2012-09-26 08:02:48--------d-----w-C:\ProgramData\AVAST Software
    2012-09-26 08:02:48--------d-----w-C:\Program Files\AVAST Software
    2012-09-20 11:37:53--------d-sh--w-C:\Windows\SysWow64\%APPDATA%
    2012-09-20 11:34:00--------d-----w-C:\Program Files\ESET
    2012-09-20 11:08:37--------d-----w-C:\Program Files (x86)\BabylonToolbar
    2012-09-20 11:08:21--------d-----w-C:\Users\e.frot\AppData\Roaming\Media Finder
    2012-09-20 11:07:53--------d-----w-C:\ProgramData\Babylon
    2012-09-20 11:07:52--------d-----w-C:\Users\e.frot\AppData\Roaming\Babylon
    2012-09-20 10:55:32--------d-----w-C:\ProgramData\ODIR
    2012-09-20 10:55:23209608----a-w-C:\Windows\SysWow64\Tabctl32.ocx
    2012-09-20 10:55:23101888----a-w-C:\Windows\SysWow64\VB6STKIT.DLL
    2012-09-20 10:55:23--------d-----w-C:\Program Files (x86)\ODIR
    2012-09-19 08:54:49--------d-----w-C:\Users\e.frot\AppData\Roaming\ESET
    2012-09-19 08:54:49--------d-----w-C:\Users\e.frot\AppData\Local\ESET
    2012-09-19 08:24:24--------d-----w-C:\Windows\PCHEALTH
    2012-09-19 08:13:17--------d-----w-C:\Program Files (x86)\Microsoft Visual Studio 8
    2012-09-19 08:12:30--------d-----w-C:\Program Files (x86)\Microsoft Analysis Services
    2012-09-17 07:19:5933240----a-w-C:\Windows\System32\drivers\GEARAspiWDM.sys
    2012-09-17 07:19:07--------d-----w-C:\Program Files\iPod
    2012-09-17 07:19:06--------d-----w-C:\ProgramData\34BE82C4-E596-4e99-A191-52C6199EBF69
    2012-09-17 07:19:06--------d-----w-C:\Program Files\iTunes
    2012-09-17 07:19:06--------d-----w-C:\Program Files (x86)\iTunes
    2012-09-13 06:52:36950128----a-w-C:\Windows\System32\drivers\ndis.sys
    2012-09-13 06:52:3641472----a-w-C:\Windows\System32\drivers\RNDISMP.sys
    2012-09-13 06:52:35574464----a-w-C:\Windows\System32\d3d10level9.dll
    2012-09-13 06:52:35490496----a-w-C:\Windows\SysWow64\d3d10level9.dll
    2012-09-13 06:52:34376688----a-w-C:\Windows\System32\drivers\netio.sys
    2012-09-13 06:52:34288624----a-w-C:\Windows\System32\drivers\FWPKCLNT.SYS
    2012-09-13 06:52:341913200----a-w-C:\Windows\System32\drivers\tcpip.sys
    2012-09-06 08:03:43--------d-----w-C:\Program Files (x86)\Stata12
    2012-09-04 07:33:3995208----a-w-C:\Windows\SysWow64\WindowsAccessBridge-32.dll
    .
    ==================== Find3M ====================
    .
    2012-09-21 15:04:2573136----a-w-C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
    2012-09-21 15:04:25696240----a-w-C:\Windows\SysWow64\FlashPlayerApp.exe
    2012-09-19 08:23:4872860----a-w-C:\ProgramData\bdinstall.bin
    2012-09-07 09:07:30101688----a-w-C:\Windows\System32\drivers\RapportKE64.sys
    2012-09-04 07:33:33821736----a-w-C:\Windows\SysWow64\npDeployJava1.dll
    2012-09-04 07:33:33746984----a-w-C:\Windows\SysWow64\deployJava1.dll
    2012-08-21 11:01:20125872----a-w-C:\Windows\System32\GEARAspi64.dll
    2012-08-21 11:01:20106928----a-w-C:\Windows\SysWow64\GEARAspi.dll
    2012-07-18 18:15:063148800----a-w-C:\Windows\System32\win32k.sys
    2012-07-12 07:45:0987488----a-w-C:\Windows\System32\LMIRfsClientNP.dll
    2012-07-12 07:45:0880800----a-w-C:\Windows\System32\LMIinit.dll
    2012-07-12 07:45:0834720----a-w-C:\Windows\System32\LMIport.dll
    2012-07-10 08:16:32213416----a-w-C:\Windows\System32\drivers\eamonm.sys
    2012-07-10 08:16:32179920----a-w-C:\Windows\System32\drivers\edevmon.sys
    2012-07-06 20:07:42552960----a-w-C:\Windows\System32\drivers\bthport.sys
    2012-07-04 22:13:2759392----a-w-C:\Windows\System32\browcli.dll
    2012-07-04 22:13:27136704----a-w-C:\Windows\System32\browser.dll
    2012-07-04 21:14:3441984----a-w-C:\Windows\SysWow64\browcli.dll
    2010-07-08 08:37:14101544----a-w-C:\Program Files\Common Files\LinkInstaller.exe
    .
    ============= FINISH: 15:00:34,11 ===============
    ******************************************************************************
    Attach.txt
    .
    UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
    IF REQUESTED, ZIP IT UP & ATTACH IT
    .
    DDS (Ver_2011-08-26.01)
    .
    Microsoft Windows 7 Professionnel
    Boot Device: \Device\HarddiskVolume2
    Install Date: 10/08/2010 12:54:02
    System Uptime: 27/09/2012 14:08:11 (1 hours ago)
    .
    Motherboard: Sony Corporation | | VAIO
    Processor: Intel(R) Core(TM)2 Duo CPU E7500 @ 2.93GHz | N/A | 2936/267mhz
    .
    ==== Disk Partitions =========================
    .
    C: is FIXED (NTFS) - 921 GiB total, 781,061 GiB free.
    D: is CDROM ()
    .
    ==== Disabled Device Manager Items =============
    .
    Class GUID: {4d36e972-e325-11ce-bfc1-08002be10318}
    Description: Atheros AR9285 Wireless Network Adapter
    Device ID: PCI\VEN_168C&DEV_002B&SUBSYS_E017105B&REV_01\4&2ED0F873&0&00E0
    Manufacturer: Atheros Communications Inc.
    Name: Atheros AR9285 Wireless Network Adapter
    PNP Device ID: PCI\VEN_168C&DEV_002B&SUBSYS_E017105B&REV_01\4&2ED0F873&0&00E0
    Service: athr
    .
    ==== System Restore Points ===================
    .
    RP260: 19/09/2012 10:10:29 - Installed Microsoft Office Professionnel Plus 2010
    RP261: 19/09/2012 10:42:06 - ESET Endpoint Security a été installé
    RP262: 19/09/2012 19:15:58 - Windows Update
    RP263: 20/09/2012 11:53:17 - ESET Endpoint Security a été installé
    RP264: 20/09/2012 13:02:03 - ESET Endpoint Security a été installé
    RP265: 20/09/2012 13:33:25 - ESET Smart Security a été installé
    RP266: 25/09/2012 13:50:54 - Installed Microsoft Office Professionnel 2010
    RP267: 26/09/2012 10:02:33 - Installation avast! Free Antivirus
    RP268: 26/09/2012 15:16:58 - Installation avast! Free Antivirus
    RP269: 27/09/2012 09:38:12 - ESET Endpoint Security a été installé
    .
    ==== Installed Programs ======================
    .
    .
    7-Zip 9.20
    ABBYY PDF Transformer 3.0
    Adobe Flash Player 11 ActiveX
    Adobe Flash Player 11 Plugin
    Adobe Reader X (10.1.4) - Français
    Apple Application Support
    Apple Software Update
    ArcSoft Magic-I Visual Effects 2
    ArcSoft WebCam Companion 3
    ArcSoft WebCam Message Board
    Babylon toolbar on IE
    Clavier à distance avec PlayStation 3
    CyberLink YouPaint
    D3DX10
    Definition update for Microsoft Office 2010 (KB982726)
    Definition Update for Microsoft Office 2010 (KB982726) 32-Bit Edition
    Dropbox
    Evernote v. 4.5.8
    Galerie de photos Windows Live
    Gestion de l’alimentation de VAIO
    GIMP 2.6.11
    GnuWin32: sed-4.2.1
    Google Chrome
    Google Update Helper
    Google Earth
    GPL Ghostscript 8.71
    GSview 4.9
    Java 7 Update 7
    Java Auto Updater
    Java(TM) 6 Update 31
    JavaFX 2.1.1
    Junk Mail filter update
    LaTeX2RTF
    LogMeIn
    Malwarebytes Anti-Malware version 1.65.0.1400
    MathType 6
    MD5 Checksum Tool 2.7
    Media Gallery
    Microsoft Access database engine 2010 (French)
    Microsoft Office 2010 Service Pack 1 (SP1)
    Microsoft Office Access MUI (French) 2010
    Microsoft Office Excel MUI (French) 2010
    Microsoft Office File Validation Add-In
    Microsoft Office Groove MUI (French) 2010
    Microsoft Office InfoPath MUI (French) 2010
    Microsoft Office Live Add-in 1.5
    Microsoft Office OneNote MUI (French) 2010
    Microsoft Office Outlook MUI (French) 2010
    Microsoft Office PowerPoint MUI (French) 2010
    Microsoft Office PowerPoint Viewer 2007 (French)
    Microsoft Office Professional Plus 2010
    Microsoft Office Professionnel 2010
    Microsoft Office Professionnel Plus 2010
    Microsoft Office Proof (Arabic) 2010
    Microsoft Office Proof (Dutch) 2010
    Microsoft Office Proof (English) 2010
    Microsoft Office Proof (French) 2010
    Microsoft Office Proof (German) 2010
    Microsoft Office Proof (Spanish) 2010
    Microsoft Office Proofing (French) 2010
    Microsoft Office Publisher MUI (French) 2010
    Microsoft Office Shared MUI (French) 2010
    Microsoft Office Single Image 2010
    Microsoft Office Suite Activation Assistant
    Microsoft Office Word MUI (French) 2010
    Microsoft Online Services - Connexion
    Microsoft SQL Server 2005 Compact Edition [ENU]
    Microsoft SQL Server Compact 3.5 SP1 English
    Microsoft Touch Pack for Windows 7
    Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
    Microsoft Visual C++ 2005 Redistributable
    Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
    Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
    Microsoft Visual C++ 2010 x86 Redistributable - 10.0.30319
    Microsoft Works
    Microsoft XNA Framework Redistributable 3.0
    MiKTeX 2.8
    MiKTeX 2.9
    Module de compatibilité pour Microsoft Office System 2007
    Mozilla Firefox 14.0.1 (x86 fr)
    Mozilla Maintenance Service
    MSVCRT
    MSVCRT_amd64
    MSXML 4.0 SP2 (KB954430)
    MSXML 4.0 SP2 (KB973688)
    Notepad++
    ODIR
    Opera 11.01
    Outil de restauration de données VAIO
    Paramètres de contrôle du contenu VAIO
    Paramètres des fonctions d'origine VAIO
    Philcarto5.01
    PMB
    PMB VAIO Edition Guide
    PMB VAIO Edition Plug-in
    PostGIS 1.5.3 for PostgreSQL 8.4 (remove only)
    PostgreSQL 8.4
    Prise en charge du transfert VAIO
    Quantum GIS Lisboa 1.8.0 Lisboa
    QuickTime
    Rapport
    RealNetworks - Microsoft Visual C++ 2008 Runtime
    RealPlayer
    Realtek High Definition Audio Driver
    RealUpgrade 1.1
    Roxio Central Audio
    Roxio Central Copy
    Roxio Central Core
    Roxio Central Data
    Roxio Central Tools
    Roxio Easy Media Creator 10 LJ
    Roxio Easy Media Creator Home
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2160841)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2446708)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2478663)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2604121)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2633870)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368v2)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2656405)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2686827)
    Security Update for Microsoft .NET Framework 4 Extended (KB2416472)
    Security Update for Microsoft .NET Framework 4 Extended (KB2487367)
    Security Update for Microsoft .NET Framework 4 Extended (KB2656351)
    Security Update for Microsoft Excel 2010 (KB2597166) 32-Bit Edition
    Security Update for Microsoft InfoPath 2010 (KB2553322) 32-Bit Edition
    Security Update for Microsoft InfoPath 2010 (KB2553431) 32-Bit Edition
    Security Update for Microsoft Office 2010 (KB2553091)
    Security Update for Microsoft Office 2010 (KB2553096)
    Security Update for Microsoft Office 2010 (KB2553371) 32-Bit Edition
    Security Update for Microsoft Office 2010 (KB2553447) 32-Bit Edition
    Security Update for Microsoft Office 2010 (KB2589320) 32-Bit Edition
    Security Update for Microsoft Office 2010 (KB2598039) 32-Bit Edition
    Security Update for Microsoft Office 2010 (KB2598243) 32-Bit Edition
    Security Update for Microsoft PowerPoint 2010 (KB2553185) 32-Bit Edition
    Security Update for Microsoft SharePoint Workspace 2010 (KB2566445)
    Security Update for Microsoft Visio Viewer 2010 (KB2597981) 32-Bit Edition
    Security Update for Module linguistique Microsoft .NET Framework 4 Client Profile FRA (KB2478663)
    Security Update for Module linguistique Microsoft .NET Framework 4 Client Profile FRA (KB2518870)
    Setting Utility Series
    Skype™ 5.10
    SnadBoy's Revelation v2
    SOHLib Merge Module
    Sony Home Network Library
    Spotify
    Stata 12
    SyncBack
    Tcu
    TeXaide 4
    Texmaker
    TeXnicCenter Version 1.0 Stable RC1
    TileMill 0.10.0
    Unity Web Player
    Update for Microsoft .NET Framework 4 Client Profile (KB2468871)
    Update for Microsoft .NET Framework 4 Client Profile (KB2473228)
    Update for Microsoft .NET Framework 4 Client Profile (KB2533523)
    Update for Microsoft .NET Framework 4 Client Profile (KB2600217)
    Update for Microsoft .NET Framework 4 Extended (KB2468871)
    Update for Microsoft .NET Framework 4 Extended (KB2533523)
    Update for Microsoft .NET Framework 4 Extended (KB2600217)
    Update for Microsoft Office 2010 (KB2553065)
    Update for Microsoft Office 2010 (KB2553092)
    Update for Microsoft Office 2010 (KB2553181) 32-Bit Edition
    Update for Microsoft Office 2010 (KB2553267) 32-Bit Edition
    Update for Microsoft Office 2010 (KB2553270) 32-Bit Edition
    Update for Microsoft Office 2010 (KB2553310) 32-Bit Edition
    Update for Microsoft Office 2010 (KB2566458)
    Update for Microsoft Office 2010 (KB2596964) 32-Bit Edition
    Update for Microsoft Office 2010 (KB2597091) 32-Bit Edition
    Update for Microsoft OneNote 2010 (KB2553290) 32-Bit Edition
    Update for Microsoft OneNote 2010 (KB2589345) 32-Bit Edition
    Update for Microsoft Outlook 2010 (KB2553248) 32-Bit Edition
    Update for Microsoft Outlook Social Connector 2010 (KB2553406) 32-Bit Edition
    VAIO - PMB VAIO Edition Guide
    VAIO - PMB VAIO Edition Plug-in
    VAIO Care
    VAIO Control Center
    VAIO Data Restore Tool
    VAIO DVD Menu Data
    VAIO Entertainment Platform
    VAIO Event Service
    VAIO Gate
    VAIO Gate Default
    VAIO Hardware Diagnostics
    VAIO Media plus
    VAIO Media plus Opening Movie
    VAIO Movie Story Template Data
    VAIO Premium Partners
    VAIO screensaver
    VAIO Smart Network
    VAIO Update
    VAIO Wallpaper Contents
    VLC media player 1.1.7
    VU5x86
    Windows Live
    Windows Live Communications Platform
    Windows Live FolderShare
    Windows Live Installer
    Windows Live Mail
    Windows Live Messenger
    Windows Live Movie Maker
    Windows Live Photo Common
    Windows Live Photo Gallery
    Windows Live PIMT Platform
    Windows Live SOXE
    Windows Live SOXE Definitions
    Windows Live UX Platform
    Windows Live UX Platform Language Pack
    Windows Live Writer
    Windows Live Writer Resources
    .
    ==== End Of File ===========================
     
  2. Jay Pfoutz

    Jay Pfoutz Malware Helper Posts: 4,286   +49

    Hello, and welcome to TechSpot.


    [​IMG] Please see here for the board rules and other FAQ.

    Please feel free to introduce yourself, after you follow the steps below to get started.

    Information
    • From this point on, please do not make any more changes to your computer; such as install/uninstall programs, use special fix tools, delete files, edit the registry, etc. - unless advised by a malware removal helper.
    • Please do not ask for help elsewhere (in this site or other sites). Doing so can result in system changes, which may not show up in the logs you post.
    • If you have already asked for help somewhere, please post the link to the topic you were helped.
    • We try our best to reply quickly, but for any reason we do not reply in two days, please reply to this topic with the word BUMP!
    • Lastly, keep in mind that we are volunteers, so you do not have to pay for malware removal. Persist in this topic until its close, and your computer is declared clean.
    ComboFix

    Please download ComboFix[​IMG] by sUBs
    From BleepingComputer.com

    Please save the file to your Desktop, but rename it first to svchost.exe

    Important information about ComboFix

    Before the download:
    • Please copy and paste these instructions to Notepad and save to your Desktop, or print them - for easier access.
    • It is important to rename ComboFix before the download.
    • Please do not rename ComboFix to other names, but only the one indicated.
    After the download:
    • Close any open browsers.
    • Very Important: Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before performing a scan. They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results". Please visit here if you don't know how.
    • WARNING: Combofix will disconnect your machine from the Internet as soon as it starts
    • Please do not attempt to re-connect your machine back to the Internet until ComboFix has completely finished.
    • If there is no Internet connection after running ComboFix, then restart your computer to restore back your connection.
    Running ComboFix:
    • Double click on svchost.exe & follow the prompts.
    • It will attempt to install the Recovery Console:
    • When ComboFix finishes, it will produce a report for you.
    • Please post the "C:\Combo-Fix.txt" in your next reply.
    Troubleshooting ComboFix

    Safe Mode:

    If you still cannot get ComboFix to run, try booting into Safe Mode, and run it there.

    (To boot into Safe Mode, tap F8 after BIOS, and just before the Windows
    logo appears. A list of options will appear, select "Safe Mode.")

    Re-downloading:

    If this doesn't work either, try the same method (above method), but try to download it again, except name
    ComboFix.exe to iexplore.exe, explorer.exe, or winlogon.exe.

    Malware is known for blocking all "user" processes, except for its whitelist of system important processes such as iexplore.exe, explorer.exe, winlogon.exe.

    NOTE: If you encounter a message "illegal operation attempted on registry key that has been marked for deletion" and no programs will run - please just reboot and that will resolve that error.
     
  3. Aerbach

    Aerbach TS Rookie Topic Starter Posts: 18

    Hello,

    Thanks for your help. Here's the log from ComboFix.

    ComboFix 12-09-27.01 - SYSTEM 27/09/2012 16:22:19.1.2 - x64 MINIMAL
    Microsoft Windows 7 Professionnel 6.1.7601.1.1252.33.1036.18.8127.6854 [GMT 2:00]
    Lancé depuis: C:\Users\e.frot\Desktop\ComboFix.exe
    AV: ESET Endpoint Security 5.0 *Disabled/Updated* {77DEAFED-8149-104B-25A1-21771CA47CD1}
    FW: Pare-feu personnel d'ESET *Disabled* {4FE52EC8-CB26-1113-0EFE-8842E2773BAA}
    SP: ESET Endpoint Security 5.0 *Disabled/Updated* {CCBF4E09-A773-1FC5-1F11-1A056723366C}
    SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
    * Un nouveau point de restauration a été créé
    * Un antivirus résident est actif



    (((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))


    C:\Windows\Installer\{d96ce672-8178-7d6b-c681-96dfb17650d5}\@
    C:\Windows\Installer\{d96ce672-8178-7d6b-c681-96dfb17650d5}\L\00000004.@
    C:\Windows\Installer\{d96ce672-8178-7d6b-c681-96dfb17650d5}\L\201d3dde
    C:\Windows\Installer\{d96ce672-8178-7d6b-c681-96dfb17650d5}\U\00000004.@
    C:\Windows\Installer\{d96ce672-8178-7d6b-c681-96dfb17650d5}\U\00000008.@
    C:\Windows\Installer\{d96ce672-8178-7d6b-c681-96dfb17650d5}\U\000000cb.@
    C:\Windows\Installer\{d96ce672-8178-7d6b-c681-96dfb17650d5}\U\80000000.@
    C:\Windows\Installer\{d96ce672-8178-7d6b-c681-96dfb17650d5}\U\80000032.@
    C:\Windows\Installer\{d96ce672-8178-7d6b-c681-96dfb17650d5}\U\80000064.@
    C:\Windows\SysWow64\pt
    C:\Windows\SysWow64\pt\Lagoon.resources.dll

    Une copie infectée de C:\Windows\system32\services.exe a été trouvée et désinfectée
    Copie restaurée à partir de - C:\32788R22FWJFW\HarddiskVolumeShadowCopy4_!Windows!System32!services.exe


    ((((((((((((((((((((((((((((( Fichiers créés du 2012-08-27 au 2012-09-27 ))))))))))))))))))))))))))))))))))))


    2012-09-27 14:29:13 . 2012-09-27 14:29:13--------d-----w-C:\Users\postgres\AppData\Local\temp
    2012-09-27 14:29:13 . 2012-09-27 14:29:13--------d-----w-C:\Users\m.stryszowska\AppData\Local\temp
    2012-09-27 14:29:13 . 2012-09-27 14:29:13--------d-----w-C:\Users\E7590~1~FRO\AppData\Local\temp
    2012-09-27 14:29:13 . 2012-09-27 14:29:13--------d-----w-C:\Users\e.frot\AppData\Local\temp
    2012-09-27 10:56:40 . 2012-09-07 15:04:4625928----a-w-C:\Windows\system32\drivers\mbam.sys
    2012-09-27 09:35:33 . 2012-09-27 09:37:30--------d-----w-C:\Program Files (x86)\TileMill-v0.10.0
    2012-09-26 13:05:54 . 2012-09-26 13:05:54--------d-----w-C:\TDSSKiller_Quarantine
    2012-09-26 08:03:29 . 2012-08-21 09:12:02285328----a-w-C:\Windows\system32\aswBoot.exe
    2012-09-26 08:02:48 . 2012-09-27 06:47:59--------d-----w-C:\ProgramData\AVAST Software
    2012-09-26 08:02:48 . 2012-09-26 08:02:48--------d-----w-C:\Program Files\AVAST Software
    2012-09-20 11:37:53 . 2012-09-20 11:37:53--------d-sh--w-C:\Windows\SysWow64\%APPDATA%
    2012-09-20 11:34:00 . 2012-09-27 07:42:14--------d-----w-C:\Program Files\ESET
    2012-09-20 11:08:37 . 2012-09-20 11:08:39307----a-w-C:\user.js
    2012-09-20 11:08:37 . 2012-09-20 11:08:37--------d-----w-C:\Program Files (x86)\BabylonToolbar
    2012-09-20 11:08:21 . 2012-09-20 11:13:07--------d-----w-C:\Users\e.frot\AppData\Roaming\Media Finder
    2012-09-20 11:07:53 . 2012-09-20 11:07:53--------d-----w-C:\ProgramData\Babylon
    2012-09-20 11:07:52 . 2012-09-20 11:07:52--------d-----w-C:\Users\e.frot\AppData\Roaming\Babylon
    2012-09-20 10:55:32 . 2012-09-20 10:55:32--------d-----w-C:\ProgramData\ODIR
    2012-09-20 10:55:23 . 2012-09-20 10:55:24--------d-----w-C:\Program Files (x86)\ODIR
    2012-09-20 10:55:23 . 2000-12-05 22:00:00209608----a-w-C:\Windows\SysWow64\Tabctl32.ocx
    2012-09-20 10:55:23 . 1999-03-25 23:00:00101888----a-w-C:\Windows\SysWow64\VB6STKIT.DLL
    2012-09-20 09:41:11 . 2012-09-20 09:41:11--------d-----w-C:\Users\administrateur\AppData\Local\ElevatedDiagnostics
    2012-09-20 09:29:42 . 2012-09-20 09:29:42--------d-----w-C:\Users\administrateur\AppData\Local\ESET
    2012-09-20 09:29:40 . 2012-09-20 09:35:30--------d-----w-C:\Users\administrateur\AppData\Roaming\TortoiseHg
    2012-09-20 09:29:40 . 2012-09-20 09:29:41--------d-----w-C:\Users\administrateur\AppData\Roaming\Apple Computer
    2012-09-20 09:29:40 . 2012-09-20 09:29:40--------d-----w-C:\Users\administrateur\AppData\Local\LogMeIn
    2012-09-20 09:28:48 . 2012-09-20 09:28:48--------d-----w-C:\Users\administrateur\AppData\Local\Trusteer
    2012-09-19 08:54:49 . 2012-09-19 08:54:49--------d-----w-C:\Users\e.frot\AppData\Local\ESET
    2012-09-19 08:24:24 . 2012-09-19 08:24:24--------d-----w-C:\Windows\PCHEALTH
    2012-09-19 08:24:24 . 2012-09-19 08:24:24--------d-----w-C:\Program Files (x86)\Microsoft Sync Framework
    2012-09-19 08:13:17 . 2012-09-19 08:13:17--------d-----w-C:\Program Files (x86)\Microsoft Visual Studio 8
    2012-09-19 08:12:30 . 2012-09-19 08:12:30--------d-----w-C:\Program Files (x86)\Microsoft Analysis Services
    2012-09-17 07:19:59 . 2012-08-21 11:01:2033240----a-w-C:\Windows\system32\drivers\GEARAspiWDM.sys
    2012-09-17 07:19:07 . 2012-09-17 07:19:07--------d-----w-C:\Program Files\iPod
    2012-09-17 07:19:06 . 2012-09-17 07:19:58--------d-----w-C:\ProgramData\34BE82C4-E596-4e99-A191-52C6199EBF69
    2012-09-17 07:19:06 . 2012-09-17 07:19:57--------d-----w-C:\Program Files\iTunes
    2012-09-17 07:19:06 . 2012-09-17 07:19:57--------d-----w-C:\Program Files (x86)\iTunes
    2012-09-13 06:52:36 . 2012-08-22 18:12:40950128----a-w-C:\Windows\system32\drivers\ndis.sys
    2012-09-13 06:52:36 . 2012-07-04 20:26:0341472----a-w-C:\Windows\system32\drivers\RNDISMP.sys
    2012-09-13 06:52:35 . 2012-08-02 17:58:52574464----a-w-C:\Windows\system32\d3d10level9.dll
    2012-09-13 06:52:35 . 2012-08-02 16:57:20490496----a-w-C:\Windows\SysWow64\d3d10level9.dll
    2012-09-13 06:52:34 . 2012-08-22 18:12:501913200----a-w-C:\Windows\system32\drivers\tcpip.sys
    2012-09-13 06:52:34 . 2012-08-22 18:12:40376688----a-w-C:\Windows\system32\drivers\netio.sys
    2012-09-13 06:52:34 . 2012-08-22 18:12:33288624----a-w-C:\Windows\system32\drivers\FWPKCLNT.SYS
    2012-09-06 08:03:43 . 2012-09-06 08:11:33--------d-----w-C:\Program Files (x86)\Stata12
    2012-09-04 07:34:05 . 2012-09-04 07:34:05--------d-----w-C:\Program Files (x86)\Common Files\Java
    2012-09-04 07:33:39 . 2012-09-04 07:33:3495208----a-w-C:\Windows\SysWow64\WindowsAccessBridge-32.dll
    .


    (((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))

    2012-09-21 15:04:25 . 2012-04-04 07:04:03696240----a-w-C:\Windows\SysWow64\FlashPlayerApp.exe
    2012-09-21 15:04:25 . 2011-05-24 06:59:3873136----a-w-C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
    2012-09-19 08:23:48 . 2010-08-12 11:11:4672860----a-w-C:\ProgramData\bdinstall.bin
    2012-09-13 16:22:07 . 2010-08-13 12:48:3864462936----a-w-C:\Windows\system32\MRT.exe
    2012-09-07 09:07:30 . 2011-05-04 07:18:55101688----a-w-C:\Windows\system32\drivers\RapportKE64.sys
    2012-09-04 07:33:33 . 2012-06-25 13:24:59821736----a-w-C:\Windows\SysWow64\npDeployJava1.dll
    2012-09-04 07:33:33 . 2010-09-28 07:23:25746984----a-w-C:\Windows\SysWow64\deployJava1.dll
    2012-08-21 11:01:20 . 2011-06-08 08:35:39125872----a-w-C:\Windows\system32\GEARAspi64.dll
    2012-08-21 11:01:20 . 2011-06-08 08:35:39106928----a-w-C:\Windows\SysWow64\GEARAspi.dll
    2012-07-18 18:15:06 . 2012-08-20 07:38:143148800----a-w-C:\Windows\system32\win32k.sys
    2012-07-12 07:45:09 . 2010-09-21 13:52:0087488----a-w-C:\Windows\system32\LMIRfsClientNP.dll
    2012-07-12 07:45:08 . 2010-09-21 13:52:0034720----a-w-C:\Windows\system32\LMIport.dll
    2012-07-12 07:45:08 . 2010-09-21 13:51:5680800----a-w-C:\Windows\system32\LMIinit.dll
    2012-07-10 08:16:32 . 2012-07-10 08:16:32213416----a-w-C:\Windows\system32\drivers\eamonm.sys
    2012-07-10 08:16:32 . 2012-07-10 08:16:32179920----a-w-C:\Windows\system32\drivers\edevmon.sys
    2012-07-06 20:07:42 . 2012-08-20 16:52:08552960----a-w-C:\Windows\system32\drivers\bthport.sys
    2012-07-04 22:16:43 . 2012-08-20 07:38:2073216----a-w-C:\Windows\system32\netapi32.dll
    2012-07-04 22:13:27 . 2012-08-20 07:38:2059392----a-w-C:\Windows\system32\browcli.dll
    2012-07-04 22:13:27 . 2012-08-20 07:38:20136704----a-w-C:\Windows\system32\browser.dll
    2012-07-04 21:14:34 . 2012-08-20 07:38:1941984----a-w-C:\Windows\SysWow64\browcli.dll
    2010-07-08 08:37:14 . 2010-07-08 08:37:14101544----a-w-C:\Program Files\Common Files\LinkInstaller.exe


    ((((((((((((((((((((((((((((((((( Points de chargement Reg ))))))))))))))))))))))))))))))))))))))))))))))))


    *Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés
    REGEDIT4

    [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
    "PMBVolumeWatcher"="C:\Program Files (x86)\Sony\PMB\PMBVolumeWatcher.exe" [2010-01-21 18:31:32 597792]
    "SignIn"="C:\Program Files (x86)\Microsoft Online Services\Sign In\SignIn.exe" [2010-03-09 21:39:02 1734512]
    "Adobe ARM"="C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-07-27 20:51:26 919008]
    "APSDaemon"="C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-08-27 19:32:54 59280]
    "TkBellExe"="C:\Program Files (x86)\Real\RealPlayer\update\realsched.exe" [2011-10-31 09:53:37 273528]
    "QuickTime Task"="C:\Program Files (x86)\QuickTime\QTTask.exe" [2012-04-18 18:56:22 421888]
    "SunJavaUpdateSched"="C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe" [2012-07-03 07:04:54 252848]
    "iTunesHelper"="C:\Program Files (x86)\iTunes\iTunesHelper.exe" [2012-09-09 21:30:34 421776]
    "BCSSync"="C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe" [2010-03-13 12:54:26 91520]

    C:\Users\Emmanuel Frot\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
    Dropbox.lnk - C:\Users\e.frot\AppData\Roaming\Dropbox\bin\Dropbox.exe [2012-7-25 26909544]

    C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\
    Microsoft Outlook 2010.lnk - C:\Windows\Installer\{90140000-003D-0000-0000-0000000FF1CE}\outicon.exe [2012-9-25 303456]

    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
    "ConsentPromptBehaviorAdmin"= 5 (0x5)
    "ConsentPromptBehaviorUser"= 3 (0x3)
    "EnableUIADesktopToggle"= 0 (0x0)

    [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]
    "LoadAppInit_DLLs"=0 (0x0)

    [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
    Security PackagesREG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
    @=""

    R0 epfwwfp;epfwwfp;C:\Windows\system32\DRIVERS\epfwwfp.sys [2012-03-29 09:03:56 63008]
    R0 RapportKE64;RapportKE64;C:\Windows\System32\Drivers\RapportKE64.sys [2012-09-07 09:07:30 101688]
    R1 eamonm;eamonm;C:\Windows\system32\DRIVERS\eamonm.sys [2012-07-10 08:16:32 213416]
    R1 ehdrv;ehdrv;C:\Windows\system32\DRIVERS\ehdrv.sys [2012-03-29 09:03:54 152136]
    R1 EpfwLWF;Epfw NDIS LightWeight Filter;C:\Windows\system32\DRIVERS\EpfwLWF.sys [2012-03-29 09:03:54 38288]
    R1 RapportCerberus_42020;RapportCerberus_42020;C:\ProgramData\Trusteer\Rapport\store\exts\RapportCerberus\baseline\RapportCerberus64_42020.sys [2012-08-20 09:01:58 397720]
    R1 RapportEI64;RapportEI64;C:\Program Files (x86)\Trusteer\Rapport\bin\x64\RapportEI64.sys [2012-09-07 09:07:30 55096]
    R1 RapportPG64;RapportPG64;C:\Program Files (x86)\Trusteer\Rapport\bin\x64\RapportPG64.sys [2012-09-07 09:07:30 297240]
    R1 vwififlt;Virtual WiFi Filter Driver;C:\Windows\system32\DRIVERS\vwififlt.sys [2009-07-14 00:07:22 59904]
    R2 ABBYY.Licensing.PDFTransformer.Classic.3.0;ABBYY PDF Transformer 3.0, Service de Gestion des Licences;C:\Program Files (x86)\ABBYY PDF Transformer 3.0\NetworkLicenseServer.exe [2010-02-01 15:51:07 759048]
    R2 AdobeARMservice;Adobe Acrobat Update Service;C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2012-07-27 20:51:26 63960]
    R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 13:27:14 138576]
    R2 ekrn;ESET Service;C:\Program Files\ESET\ESET Endpoint Security\x86\ekrn.exe [2012-07-04 08:17:42 999704]
    R2 gupdate;Service Google Update (gupdate);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2010-04-26 04:23:59 135664]
    R2 LMIGuardianSvc;LMIGuardianSvc;C:\Program Files (x86)\LogMeIn\x64\LMIGuardianSvc.exe [2012-07-12 07:45:08 375208]
    R2 LMIInfo;LogMeIn Kernel Information Provider;C:\Program Files (x86)\LogMeIn\x64\RaInfo.sys [2010-01-27 10:22:02 15928]
    R2 MBAMScheduler;MBAMScheduler;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [2012-09-07 15:04:46 399432]
    R2 MBAMService;MBAMService;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2012-09-07 15:04:46 676936]
    R2 PMBDeviceInfoProvider;PMBDeviceInfoProvider;C:\Program Files (x86)\Sony\PMB\PMBDeviceInfoProvider.exe [2009-10-24 01:18:54 360224]
    R2 postgresql-8.4;postgresql-8.4 - PostgreSQL Server 8.4;C:/Program Files (x86)/PostgreSQL/8.4/bin/pg_ctl.exe runservice -N postgresql-8.4 -D C:/Program Files (x86)/PostgreSQL/8.4/data -w [x]
    R2 RapportMgmtService;Rapport Management Service;C:\Program Files (x86)\Trusteer\Rapport\bin\RapportMgmtService.exe [2012-09-07 09:07:12 976728]
    R2 Roxio Upnp Server 10;Roxio Upnp Server 10;C:\Program Files (x86)\Roxio\Digital Home 10\RoxioUpnpService10.exe [2009-11-25 02:49:14 362992]
    R2 SampleCollector;VAIO Care Performance Service;C:\Program Files\Sony\VAIO Care\VCPerfService.exe [2011-01-29 03:36:18 259192]
    R2 SkypeUpdate;Skype Updater;C:\Program Files (x86)\Skype\Updater\Updater.exe [2012-07-13 11:28:36 160944]
    R2 uCamMonitor;CamMonitor;C:\Program Files (x86)\ArcSoft\Magic-I Visual Effects 2\uCamMonitor.exe [2008-09-18 08:59:10 104960]
    R2 VcmINSMgr;VAIO Content Metadata Intelligent Network Service Manager;C:\Program Files\Sony\VCM Intelligent Network Service Manager\VcmINSMgr.exe [2010-02-19 17:19:26 386416]
    R2 VSNService;VSNService;C:\Program Files\Sony\VAIO Smart Network\VSNService.exe [2010-03-08 09:04:04 822784]
    R3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-09-21 15:04:25 250288]
    R3 ArcSoftKsUFilter;ArcSoft Magic-I Visual Effect;C:\Windows\system32\DRIVERS\ArcSoftKsUFilter.sys [2009-05-26 12:32:04 19968]
    R3 btwampfl;Bluetooth AMP USB Filter;C:\Windows\system32\drivers\btwampfl.sys [2010-03-17 09:06:17 334888]
    R3 btwl2cap;Bluetooth L2CAP Service;C:\Windows\system32\DRIVERS\btwl2cap.sys [2010-03-17 09:05:31 39464]
    R3 e1yexpress;Intel(R) Gigabit Network Connections Driver;C:\Windows\system32\DRIVERS\e1y62x64.sys [2009-10-20 11:40:42 287960]
    R3 ESHASRV;ESET SHA Service;C:\Program Files\ESET\ESET Endpoint Security\EShaSrv.exe [2012-07-04 08:18:44 190208]
    R3 gupdatem;Service Google Update (gupdatem);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2010-04-26 04:23:59 135664]
    R3 ivusb;Initio Driver for USB Default Controller;C:\Windows\system32\DRIVERS\ivusb.sys [2010-07-28 23:25:10 29720]
    R3 MBAMProtector;MBAMProtector;C:\Windows\system32\drivers\mbam.sys [2012-09-07 15:04:46 25928]
    R3 Microsoft SharePoint Workspace Audit Service;Microsoft SharePoint Workspace Audit Service;C:\Program Files (x86)\Microsoft Office\Office14\GROOVE.EXE [2011-06-12 09:15:00 31125880]
    R3 MozillaMaintenance;Mozilla Maintenance Service;C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe [2012-07-18 07:23:54 113120]
    R3 osppsvc;Office Software Protection Platform;C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-09 19:34:24 4925184]
    R3 Roxio UPnP Renderer 10;Roxio UPnP Renderer 10;C:\Program Files (x86)\Roxio\Digital Home 10\RoxioUPnPRenderer10.exe [2009-11-25 02:49:04 313840]
    R3 SOHCImp;VAIO Media plus Content Importer;C:\Program Files (x86)\Common Files\Sony Shared\SOHLib\SOHCImp.exe [2010-09-10 06:47:30 108400]
    R3 SOHDms;VAIO Media plus Digital Media Server;C:\Program Files (x86)\Common Files\Sony Shared\SOHLib\SOHDms.exe [2010-10-12 13:52:48 423280]
    R3 SOHDs;VAIO Media plus Device Searcher;C:\Program Files (x86)\Common Files\Sony Shared\SOHLib\SOHDs.exe [2010-09-10 06:47:30 67952]
    R3 SpfService;VAIO Entertainment Common Service;C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\SPF\SpfService64.exe [2011-01-20 10:27:18 286936]
    R3 TsUsbFlt;TsUsbFlt;C:\Windows\system32\drivers\tsusbflt.sys [2010-11-20 11:07:05 59392]
    R3 USBAAPL64;Apple Mobile USB Driver;C:\Windows\system32\Drivers\usbaapl64.sys [2012-02-15 10:01:50 52736]
    R3 VAIO Power Management;VAIO Power Management;C:\Program Files\Sony\VAIO Power Management\SPMService.exe [2010-01-20 13:10:10 574320]
    R3 VCFw;VAIO Content Folder Watcher;C:\Program Files (x86)\Common Files\Sony Shared\VAIO Content Folder Watcher\VCFw.exe [2011-01-20 10:16:26 887000]
    R3 VcmIAlzMgr;VAIO Content Metadata Intelligent Analyzing Manager;C:\Program Files\Sony\VCM Intelligent Analyzing Manager\VcmIAlzMgr.exe [2011-05-19 17:15:44 549616]
    R3 VcmXmlIfHelper;VAIO Content Metadata XML Interface;C:\Program Files\Common Files\Sony Shared\VcmXml\VcmXmlIfHelper64.exe [2011-02-18 20:15:06 99104]
    R3 VUAgent;VUAgent;C:\Program Files\Sony\VAIO Update Common\VUAgent.exe [2012-01-13 08:55:10 1256040]
    R3 WatAdminSvc;Service Windows Activation Technologies;C:\Windows\system32\Wat\WatAdminSvc.exe [2010-08-10 12:57:11 1255736]
    R3 WDC_SAM;WD SCSI Pass Thru driver;C:\Windows\system32\DRIVERS\wdcsam64.sys [2009-02-13 09:02:52 14464]
    R3 WSDPrintDevice;Prise en charge de l’impression WSD via UMB;C:\Windows\system32\DRIVERS\WSDPrint.sys [2009-07-14 00:39:20 23040]
    S0 PxHlpa64;PxHlpa64;C:\Windows\System32\Drivers\PxHlpa64.sys [2009-07-09 10:00:00 55280]
    S2 rimspci;rimspci;C:\Windows\system32\drivers\rimssne64.sys [2010-03-19 10:03:49 93184]
    S2 risdsnpe;risdsnpe;C:\Windows\system32\drivers\risdsne64.sys [2010-03-19 10:03:46 77312]
    S3 HECIx64;Intel(R) Management Engine Interface;C:\Windows\system32\drivers\HECIx64.sys [2009-10-20 12:44:37 56344]
    S3 hidkmdf;Microsoft HID Class Shim for KMDF;C:\Windows\system32\drivers\hidkmdf.sys [2010-03-01 21:10:15 14328]
    S3 NW1950;NextWindow 1950 Touch Screen;C:\Windows\system32\drivers\NW1950.sys [2010-03-01 21:09:52 26104]
    S3 SFEP;Sony Firmware Extension Parser;C:\Windows\system32\drivers\SFEP.sys [2010-02-11 19:19:26 12032]


    Contenu du dossier 'Tâches planifiées'

    2012-09-27 C:\Windows\Tasks\Adobe Flash Player Updater.job
    - C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-04 07:04:03 . 2012-09-21 15:04:25]

    2012-09-27 C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
    - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2010-04-26 04:24:00 . 2010-04-26 04:23:59]

    2012-09-27 C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
    - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2010-04-26 04:24:00 . 2010-04-26 04:23:59]

    2012-09-27 C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1990744735-274163681-257148038-1115Core.job
    - C:\Users\e.frot\AppData\Local\Google\Update\GoogleUpdate.exe [2011-10-05 15:48:04 . 2011-10-05 15:48:03]

    2012-09-27 C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1990744735-274163681-257148038-1115UA.job
    - C:\Users\e.frot\AppData\Local\Google\Update\GoogleUpdate.exe [2011-10-05 15:48:04 . 2011-10-05 15:48:03]

    2012-09-27 C:\Windows\Tasks\ReclaimerUpdateFiles_e.frot.job
    - C:\Users\e.frot\AppData\Roaming\Real\Update\UpgradeHelper\RealPlayer\10.20\agent\rnupgagent.exe [2012-09-27 09:16:59 . 2012-09-27 09:16:58]

    2012-09-27 C:\Windows\Tasks\ReclaimerUpdateXML_e.frot.job
    - C:\Users\e.frot\AppData\Roaming\Real\Update\UpgradeHelper\RealPlayer\10.20\agent\rnupgagent.exe [2012-09-27 09:16:59 . 2012-09-27 09:16:58]

    2012-09-27 C:\Windows\Tasks\RNUpgradeHelperLogonPrompt_e.frot.job
    - C:\Users\e.frot\AppData\Roaming\Real\Update\UpgradeHelper\RealPlayer\10.20\agent\rnupgagent.exe [2012-09-27 09:16:59 . 2012-09-27 09:16:58]


    --------- X64 Entries -----------


    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\1TortoiseNormal]
    @="{C5994560-53D9-4125-87C9-F193FC689CB2}"
    [HKEY_CLASSES_ROOT\CLSID\{C5994560-53D9-4125-87C9-F193FC689CB2}]
    2011-06-13 09:20:4475544----a-w-C:\Program Files\Common Files\TortoiseOverlays\TortoiseOverlays.dll

    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\2TortoiseModified]
    @="{C5994561-53D9-4125-87C9-F193FC689CB2}"
    [HKEY_CLASSES_ROOT\CLSID\{C5994561-53D9-4125-87C9-F193FC689CB2}]
    2011-06-13 09:20:4475544----a-w-C:\Program Files\Common Files\TortoiseOverlays\TortoiseOverlays.dll

    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\3TortoiseConflict]
    @="{C5994562-53D9-4125-87C9-F193FC689CB2}"
    [HKEY_CLASSES_ROOT\CLSID\{C5994562-53D9-4125-87C9-F193FC689CB2}]
    2011-06-13 09:20:4475544----a-w-C:\Program Files\Common Files\TortoiseOverlays\TortoiseOverlays.dll

    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\4TortoiseLocked]
    @="{C5994563-53D9-4125-87C9-F193FC689CB2}"
    [HKEY_CLASSES_ROOT\CLSID\{C5994563-53D9-4125-87C9-F193FC689CB2}]
    2011-06-13 09:20:4475544----a-w-C:\Program Files\Common Files\TortoiseOverlays\TortoiseOverlays.dll

    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\5TortoiseReadOnly]
    @="{C5994564-53D9-4125-87C9-F193FC689CB2}"
    [HKEY_CLASSES_ROOT\CLSID\{C5994564-53D9-4125-87C9-F193FC689CB2}]
    2011-06-13 09:20:4475544----a-w-C:\Program Files\Common Files\TortoiseOverlays\TortoiseOverlays.dll

    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\6TortoiseDeleted]
    @="{C5994565-53D9-4125-87C9-F193FC689CB2}"
    [HKEY_CLASSES_ROOT\CLSID\{C5994565-53D9-4125-87C9-F193FC689CB2}]
    2011-06-13 09:20:4475544----a-w-C:\Program Files\Common Files\TortoiseOverlays\TortoiseOverlays.dll

    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\7TortoiseAdded]
    @="{C5994566-53D9-4125-87C9-F193FC689CB2}"
    [HKEY_CLASSES_ROOT\CLSID\{C5994566-53D9-4125-87C9-F193FC689CB2}]
    2011-06-13 09:20:4475544----a-w-C:\Program Files\Common Files\TortoiseOverlays\TortoiseOverlays.dll

    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\8TortoiseIgnored]
    @="{C5994567-53D9-4125-87C9-F193FC689CB2}"
    [HKEY_CLASSES_ROOT\CLSID\{C5994567-53D9-4125-87C9-F193FC689CB2}]
    2011-06-13 09:20:4475544----a-w-C:\Program Files\Common Files\TortoiseOverlays\TortoiseOverlays.dll

    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\9TortoiseUnversioned]
    @="{C5994568-53D9-4125-87C9-F193FC689CB2}"
    [HKEY_CLASSES_ROOT\CLSID\{C5994568-53D9-4125-87C9-F193FC689CB2}]
    2011-06-13 09:20:4475544----a-w-C:\Program Files\Common Files\TortoiseOverlays\TortoiseOverlays.dll

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "NvCplDaemon"="C:\Windows\system32\NvCpl.dll" [2010-03-15 13:33:00 16397416]
    "RtHDVCpl"="C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe" [2010-02-05 06:28:39 9645088]
    "LogMeIn GUI"="C:\Program Files (x86)\LogMeIn\x64\LogMeInSystray.exe" [2010-01-27 10:22:02 57928]
    "TortoiseHgOverlayIconServer"="C:\Program Files\TortoiseHg\TortoiseHgOverlayServer.exe" [2012-03-03 22:34:00 47616]
    "egui"="C:\Program Files\ESET\ESET Endpoint Security\egui.exe" [2012-07-04 08:17:36 4133072]

    ------- Examen supplémentaire -------

    mLocal Page = C:\Windows\SysWOW64\blank.htm
    TCP: Interfaces\{8D9D241B-8423-47AA-84D7-20EDAD500683}: NameServer = 192.168.0.10
    FF - ProfilePath -

    - - - - ORPHELINS SUPPRIMES - - - -

    ShellIconOverlayIdentifiers-{FB314ED9-A251-47B7-93E1-CDD82E34AF8B} - (no file)
    ShellIconOverlayIdentifiers-{FB314EDA-A251-47B7-93E1-CDD82E34AF8B} - (no file)
    ShellIconOverlayIdentifiers-{FB314EDB-A251-47B7-93E1-CDD82E34AF8B} - (no file)
    ShellIconOverlayIdentifiers-{FB314ED9-A251-47B7-93E1-CDD82E34AF8B} - (no file)
    ShellIconOverlayIdentifiers-{FB314EDA-A251-47B7-93E1-CDD82E34AF8B} - (no file)
    ShellIconOverlayIdentifiers-{FB314EDB-A251-47B7-93E1-CDD82E34AF8B} - (no file)
    ShellIconOverlayIdentifiers-{FB314EDC-A251-47B7-93E1-CDD82E34AF8B} - (no file)



    [HKEY_LOCAL_MACHINE\system\ControlSet001\services\postgresql-8.4]
    "ImagePath"="C:/Program Files (x86)/PostgreSQL/8.4/bin/pg_ctl.exe runservice -N \"postgresql-8.4\" -D \"C:/Program Files (x86)/PostgreSQL/8.4/data\" -w"
    --

    [HKEY_LOCAL_MACHINE\system\ControlSet001\services\SampleCollector]
    "ImagePath"="\"C:\Program Files\Sony\VAIO Care\VCPerfService.exe\" \"/service\" \"/sstates\" \"/sampleinterval=5000\" \"/procinterval=5\" \"/dllinterval=120\" \"/counter=\Processor(_Total)\% Processor Time:1/counter=\PhysicalDisk(_Total)\Disk Bytes/sec:1\" \"/counter=\Network Interface(*)\Bytes Total/sec:1\" \"/expandcounter=\Processor Information(*)\Processor Frequency:1\" \"/expandcounter=\Processor(*)\% Idle Time:1\" \"/expandcounter=\Processor(*)\% C1 Time:1\" \"/expandcounter=\Processor(*)\% C2 Time:1\" \"/expandcounter=\Processor(*)\% C3 Time:1\" \"/expandcounter=\Processor(*)\% Processor Time:1\" \"/directory=C:\ProgramData\Sony Corporation\VAIO Care\inteldata\""

    [HKEY_LOCAL_MACHINE\system\ControlSet001\services\MySQL]
    "ImagePath"="\"C:\Program Files\MySQL\MySQL Server 5.5\bin\mysqld\" --defaults-file=\"C:\Program Files\MySQL\MySQL Server 5.5\my.ini\" MySQL"

    [HKEY_LOCAL_MACHINE\system\ControlSet001\services\postgresql-8.4]
    "ImagePath"="C:/Program Files (x86)/PostgreSQL/8.4/bin/pg_ctl.exe runservice -N \"postgresql-8.4\" -D \"C:/Program Files (x86)/PostgreSQL/8.4/data\" -w"

    --------------------- CLES DE REGISTRE BLOQUEES ---------------------

    [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
    @Denied: (A 2) (Everyone)
    @="FlashBroker"
    "LocalizedString"="@C:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_4_402_278_ActiveX.exe,-101"

    [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
    "Enabled"=dword:00000001

    [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
    @="C:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_4_402_278_ActiveX.exe"

    [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
    @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

    [HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
    @Denied: (A 2) (Everyone)
    @="IFlashBroker5"

    [HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
    @="{00020424-0000-0000-C000-000000000046}"

    [HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
    @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
    "Version"="1.0"

    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
    @Denied: (A 2) (Everyone)
    @="FlashBroker"
    "LocalizedString"="@C:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_4_402_278_ActiveX.exe,-101"

    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
    "Enabled"=dword:00000001

    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
    @="C:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_4_402_278_ActiveX.exe"

    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
    @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
    @Denied: (A 2) (Everyone)
    @="Shockwave Flash Object"

    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
    @="C:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_4_402_278.ocx"
    "ThreadingModel"="Apartment"

    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
    @="0"

    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
    @="ShockwaveFlash.ShockwaveFlash.11"

    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
    @="C:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_4_402_278.ocx, 1"

    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
    @="{D27CDB6B-AE6D-11cf-96B8-444553540000}"

    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
    @="1.0"

    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
    @="ShockwaveFlash.ShockwaveFlash"

    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
    @Denied: (A 2) (Everyone)
    @="Macromedia Flash Factory Object"

    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
    @="C:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_4_402_278.ocx"
    "ThreadingModel"="Apartment"

    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
    @="FlashFactory.FlashFactory.1"

    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
    @="C:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_4_402_278.ocx, 1"

    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
    @="{D27CDB6B-AE6D-11cf-96B8-444553540000}"

    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
    @="1.0"

    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
    @="FlashFactory.FlashFactory"

    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
    @Denied: (A 2) (Everyone)
    @="IFlashBroker5"

    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
    @="{00020424-0000-0000-C000-000000000046}"

    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
    @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
    "Version"="1.0"

    [HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Office\Common\Smart Tag\Actions\{B7EFF951-E52F-45CC-9EF7-57124F2177CC}]
    @Denied: (A) (Everyone)
    "Solution"="{15727DE6-F92D-4E46-ACB4-0E2C58B31A18}"

    [HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Schema Library\ActionsPane3]
    @Denied: (A) (Everyone)

    [HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Schema Library\ActionsPane3\0]
    "Key"="ActionsPane3"
    "Location"="C:\\Program Files (x86)\\Common Files\\Microsoft Shared\\VSTO\\ActionsPane3.xsd"

    [HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]
    @Denied: (Full) (Everyone)

    Heure de fin: 2012-09-27 16:31:31
    ComboFix-quarantined-files.txt 2012-09-27 14:31:31

    Avant-CF: 838 707 662 848 octets libres
    Après-CF: 838 839 377 920 octets libres

    - - End Of File - - 65BCA41C4B3D76EA72B99A769E950AD0
     
  4. Jay Pfoutz

    Jay Pfoutz Malware Helper Posts: 4,286   +49

    Good work...

    • Download RogueKiller and save it on your desktop.
    • Quit all programs
    • Start RogueKiller.exe.
    • Wait until Prescan has finished ...
    • Click on Scan
    [​IMG]

    • Wait for the end of the scan.
    • The report has been created on the desktop.
    • Click on the Delete button.
    [​IMG]

    • The report has been created on the desktop.
    • Next click on the ShortcutsFix

      [​IMG]
    • The report has been created on the desktop.
    Please post:

    All RKreport.txt text files located on your desktop.
     
  5. Aerbach

    Aerbach TS Rookie Topic Starter Posts: 18

    I cannot run RogueKiller, I got the message that it is not a valid Win32 application. By the way, ESET stopped sending me alerts about the viruses I mentioned above.
     
  6. Jay Pfoutz

    Jay Pfoutz Malware Helper Posts: 4,286   +49

    Let's try RKILL:

    Please download RKill to your desktop from the following link.

    RKill Download Link - (Download page will open in a new tab or browser window.)

    When at the download page, click on the Download Now button labeled iExplore.exe download link. When you are prompted where to save it, please save it on your desktop.

    Once it is downloaded, double-click on the iExplore.exe icon in order to automatically attempt to stop any processes associated with System Progressive Protection and other Rogue programs. Please be patient while the program looks for various malware programs and ends them. When it has finished, the black window will automatically close and you can continue with the next step. The log will launch, please post it.

    If you continue having problems running RKill, you can download the other renamed versions of RKill from the RKill download page. Both of these files are renamed copies of RKill, which you can try instead. Please note that the download page will open in a new browser window or tab.
     
  7. Aerbach

    Aerbach TS Rookie Topic Starter Posts: 18

    RKill ran smoothly. That's the log:

    Rkill 2.4.3 by Lawrence Abrams (Grinler)
    http://www.bleepingcomputer.com/
    Copyright 2008-2012 BleepingComputer.com
    More Information about Rkill can be found at this link:
    http://www.bleepingcomputer.com/forums/topic308364.html

    Program started at: 09/27/2012 06:57:19 PM in x64 mode.
    Windows Version: Windows 7 Professional Service Pack 1

    Checking for Windows services to stop:

    * No malware services found to stop.

    Checking for processes to terminate:

    * No malware processes found to kill.

    Checking Registry for malware related settings:

    * No issues found in the Registry.

    Resetting .EXE, .COM, & .BAT associations in the Windows Registry.

    Performing miscellaneous checks:

    * Windows Defender Disabled

    [HKLM\SOFTWARE\Microsoft\Windows Defender]
    "DisableAntiSpyware" = dword:00000001

    Checking Windows Service Integrity:

    * Windows Defender (WinDefend) is not Running.
    Startup Type set to: Manual

    * Pilote d’autorisation du Pare-feu Windows (mpsdrv) is not Running.
    Startup Type set to: Manual

    * iphlpsvc [Missing Service]
    * MpsSvc [Missing Service]

    Searching for Missing Digital Signatures:

    * No issues found.

    Checking HOSTS File:

    * HOSTS file entries found:

    127.0.0.1 localhost

    Program finished at: 09/27/2012 06:57:37 PM
    Execution time: 0 hours(s), 0 minute(s), and 17 seconds(s)
     
  8. Jay Pfoutz

    Jay Pfoutz Malware Helper Posts: 4,286   +49

    Now, RogueKiller again, please. :)
     
  9. Aerbach

    Aerbach TS Rookie Topic Starter Posts: 18

    Hi,

    still got the same message with RogueKiller: it is not a valid Win32 application.
     
  10. Jay Pfoutz

    Jay Pfoutz Malware Helper Posts: 4,286   +49

    Please download and run TDSSKiller to your desktop as outlined below:

    Doubleclick on TDSSKiller.exe to run the application, then click on Change parameters.

    For Windows XP, double-click to start.
    For Vista or Windows 7, do a right-click on the program, select Run as Administrator to start, & when prompted Allow to run.

    [​IMG]

    -------------------------

    Check the boxes beside Verify Driver Digital Signature and Detect TDLFS file system, then click OK.

    [​IMG]

    ------------------------

    Click the Start Scan button.

    [​IMG]

    -----------------------

    If a suspicious object is detected, the default action will be Skip, click on Continue
    If you get the warning about a file UnsignedFile.Multi.Generic or LockedFile.Multi.Generic please choose
    Skip and click on Continue


    [​IMG]

    ----------------------

    If malicious objects are found, they will show in the Scan results and offer three (3) options.

    Ensure Cure is selected, then click Continue => Reboot now to finish the cleaning process.
    Note: If Cure is not available, please choose Skip instead, do not choose Delete unless instructed.


    [​IMG]


    --------------------

    A report will be created in your root directory, (usually C:\ folder) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt". Please copy and paste its contents on your next reply.
    Sometimes these logs can be very large, in that case please attach it or zip it up and attach it.

    -------------------

    Here's a summary of what to do if you would like to print it out:

    If a suspicious object is detected, the default action will be Skip, click on Continue
    If you get the warning about a file UnsignedFile.Multi.Generic or LockedFile.Multi.Generic please choose
    Skip and click on Continue

    If malicious objects are found, they will show in the Scan results and offer three (3) options.

    Ensure Cure is selected, then click Continue => Reboot now to finish the cleaning process.
    Note: If Cure is not available, please choose Skip instead, do not choose Delete unless instructed.
     
  11. Aerbach

    Aerbach TS Rookie Topic Starter Posts: 18

    I attached it, it is too long to be included here.
     

    Attached Files:

     
  12. Jay Pfoutz

    Jay Pfoutz Malware Helper Posts: 4,286   +49

    Scan for malware

    [​IMG] Please download Malwarebytes Anti-Malware from HERE.


    Double Click mbam-setup.exe to install the application.
    • Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes Anti-Malware, then click Finish.
    • If an update is found, it will download and install the latest version.
    • Once the program has loaded, select "Perform Quick Scan", then click Scan.
    • The scan may take some time to finish,so please be patient.
    • When the scan is complete, click OK, then Show Results to view the results.
    • Make sure that everything is checked, and click Remove Selected.
    • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart. If you are prompted to restart, please allow it to restart your computer. Failure to do this, will cause the infection to still be active on the computer.
    • Please save the log to a location you will remember.
    • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
    • The log can also be found at C:\Documents and Settings\Username\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Logs\log-date.txt or at C:\Program Files\Malwarebytes' Anti-Malware\Logs\log-date.txt
    • Copy and paste the entire report in your next reply.

    ===============================================


    Please download OTL to your Desktop. (If you already have it downloaded, then just follow the instructions below).
    • Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
    • Copy the code below in the quotebox, and then under the Custom Scans/Fixes box paste it in:

    • Click the Run Scan button. The scan will not take long.
      • When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt. These are saved in the same location as OTL.
      • Please copy (Edit->Select All, Edit->Copy) and paste (Edit->Paste) the contents of these files, one at a time.

    Note: in the event that OTL fails to run, please use alternate download links to try again:

    http://oldtimer.geekstogo.com/OTL.com
    http://oldtimer.geekstogo.com/OTL.scr
     
  13. Aerbach

    Aerbach TS Rookie Topic Starter Posts: 18

    That's the Anti-Malware log (no malware detected)

    Malwarebytes Anti-Malware 1.65.0.1400
    www.malwarebytes.org

    Database version: v2012.10.02.02

    Windows 7 Service Pack 1 x64 NTFS
    Internet Explorer 9.0.8112.16421

    02/10/2012 08:47:01
    mbam-log-2012-10-02 (08-47-01).txt

    Scan type: Quick scan
    Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
    Scan options disabled: P2P
    Objects scanned: 301210
    Time elapsed: 3 minute(s), 15 second(s)

    Memory Processes Detected: 0
    (No malicious items detected)

    Memory Modules Detected: 0
    (No malicious items detected)

    Registry Keys Detected: 0
    (No malicious items detected)

    Registry Values Detected: 0
    (No malicious items detected)

    Registry Data Items Detected: 0
    (No malicious items detected)

    Folders Detected: 0
    (No malicious items detected)

    Files Detected: 0
    (No malicious items detected)

    (end)
     
  14. Aerbach

    Aerbach TS Rookie Topic Starter Posts: 18

    I attached OTL.txt.
     

    Attached Files:

    • OTL.Txt
      File size:
      254.4 KB
      Views:
      1
  15. Aerbach

    Aerbach TS Rookie Topic Starter Posts: 18

    And that's Extras.txt

    OTL Extras logfile created on: 02/10/2012 08:53:10 - Run 1
    OTL by OldTimer - Version 3.2.70.1 Folder = C:\Users\e.frot\Desktop
    64bit- Professional Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
    Internet Explorer (Version = 9.0.8112.16421)
    Locale: 0000040c | Country: France | Language: FRA | Date Format: dd/MM/yyyy

    7,94 Gb Total Physical Memory | 5,85 Gb Available Physical Memory | 73,71% Memory free
    15,87 Gb Paging File | 13,38 Gb Available in Paging File | 84,29% Paging File free
    Paging file location(s): ?:\pagefile.sys [binary data]

    %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
    Drive C: | 921,41 Gb Total Space | 781,04 Gb Free Space | 84,77% Space Free | Partition Type: NTFS
    Drive P: | 461,07 Gb Total Space | 217,01 Gb Free Space | 47,07% Space Free | Partition Type: NTFS
    Drive S: | 461,07 Gb Total Space | 217,01 Gb Free Space | 47,07% Space Free | Partition Type: NTFS

    Computer Name: EMMANUEL | User Name: e.frot | Logged in as Administrator.
    Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans
    Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

    ========== Extra Registry (SafeList) ==========


    ========== File Associations ==========

    64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
    .html[@ = Opera.HTML] -- C:\Program Files (x86)\Opera\Opera.exe (Opera Software)
    .url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
    .cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)
    .html [@ = Opera.HTML] -- C:\Program Files (x86)\Opera\Opera.exe (Opera Software)

    ========== Shell Spawning ==========

    64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
    batfile [open] -- "%1" %*
    cmdfile [open] -- "%1" %*
    comfile [open] -- "%1" %*
    exefile [open] -- "%1" %*
    helpfile [open] -- Reg Error: Unable to open value key
    htmlfile [edit] -- Reg Error: Unable to open value key
    htmlfile [print] -- rundll32.exe %SystemRoot%\system32\mshtml.dll,PrintHTML "%1" (Microsoft Corporation)
    https [open] -- "C:\Program Files (x86)\Opera\opera.exe" "%1" (Opera Software)
    inffile [install] -- %SystemRoot%\System32\rundll32.exe setupapi,InstallHinfSection DefaultInstall 132 %1 (Microsoft Corporation)
    InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
    InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
    piffile [open] -- "%1" %*
    regfile [merge] -- Reg Error: Unable to open value key
    scrfile [config] -- "%1"
    scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
    scrfile [open] -- "%1" /S
    txtfile [edit] -- Reg Error: Unable to open value key
    Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
    Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
    Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
    Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
    Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
    Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
    Folder [explore] -- Reg Error: Value error.
    Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
    batfile [open] -- "%1" %*
    cmdfile [open] -- "%1" %*
    comfile [open] -- "%1" %*
    cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
    exefile [open] -- "%1" %*
    helpfile [open] -- Reg Error: Unable to open value key
    htmlfile [edit] -- Reg Error: Unable to open value key
    https [open] -- "C:\Program Files (x86)\Opera\opera.exe" "%1" (Opera Software)
    piffile [open] -- "%1" %*
    regfile [merge] -- Reg Error: Unable to open value key
    scrfile [config] -- "%1"
    scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
    scrfile [open] -- "%1" /S
    txtfile [edit] -- Reg Error: Unable to open value key
    Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
    Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
    Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
    Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
    Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
    Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
    Folder [explore] -- Reg Error: Value error.
    Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

    ========== Security Center Settings ==========

    64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
    "cval" = 1
    "FirewallDisableNotify" = 0
    "AntiVirusDisableNotify" = 0
    "UpdatesDisableNotify" = 0

    64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

    64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
    "VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data]
    "AntiVirusOverride" = 0
    "AntiSpywareOverride" = 0
    "FirewallOverride" = 0

    64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]

    ========== System Restore Settings ==========

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
    "DisableSR" = 0

    ========== Firewall Settings ==========

    64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

    64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

    64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]

    ========== Authorized Applications List ==========

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]


    ========== Vista Active Open Ports Exception List ==========

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]

    ========== Vista Active Application Exception List ==========

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]

    ========== HKEY_LOCAL_MACHINE Uninstall List ==========

    64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
    "{115B60D5-BBDB-490E-AF2E-064D37A3CE01}" = Media Gallery MergeModules x64
    "{11D25EF7-85FC-4B58-8278-485939C8637F}" = VAIO Update Merge Module x64
    "{133D3F07-D558-46CE-80E8-F4D75DBBAD63}" = PMB VAIO Edition Plug-in
    "{1493B2AE-0261-47D2-B1AA-F4DAD0F6C48B}" = iTunes
    "{18609BE9-C461-41C7-82F1-5DF4D732BB7E}" = MySQL Server 5.5
    "{1B8ABA62-74F0-47ED-B18C-A43128E591B8}" = Windows Live ID Sign-in Assistant
    "{1C6B6716-84AC-412A-A296-247D41EBB7FB}" = Setup_msm_VCMS_x64
    "{1DD81E7D-0D28-4CEB-87B2-C041A4FCB215}" = Rapport
    "{26A24AE4-039D-4CA4-87B4-2F86416018FF}" = Java(TM) 6 Update 18 (64-bit)
    "{26A24AE4-039D-4CA4-87B4-2F86417005FF}" = Java(TM) 7 Update 5 (64-bit)
    "{3D3E663D-4E7E-4577-A560-7ECDDD45548A}" = PVSonyDll
    "{436E0B79-2CFB-4E5F-9380-E17C1B25D0C5}" = WIDCOMM Bluetooth Software
    "{46261E1C-5E0D-484E-8CCC-7F770375FBA2}" = VU5x64
    "{46A5FBE9-ADB3-4493-A1CC-B4CFFD24D26A}" = Windows Live Family Safety
    "{4B5F58F7-C7D1-3CE3-9B37-B657F0852643}" = Microsoft .NET Framework 4 Client Profile FRA Language Pack
    "{583E320A-F7F7-4A23-A80E-26995A5371CC}" = MySQL Connector/ODBC 5.1
    "{5AFD1F5C-8FDA-413C-AF38-F1E7BD10D72F}" = VMp MergeModule x64
    "{5EB6F3CB-46F4-451F-A028-7F6D8D35D7D0}" = Windows Live Language Selector
    "{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
    "{6ACE7F46-FACE-4125-AE86-672F4F2A6A28}" = Bing Maps 3D
    "{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}" = Bonjour
    "{7446FE8D-C1F9-4D42-AAAE-5DBCE58605A6}" = Apple Mobile Device Support
    "{7BF099BD-10EE-4B04-A195-CAE2742C943E}" = Setup_VEP_x64
    "{7C3AC18F-F19B-4082-8D13-7D603848E06C}" = VAIO Update Merge Module x64
    "{8220EEFE-38CD-377E-8595-13398D740ACE}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17
    "{8338783A-0968-3B85-AFC7-BAAE0A63DC50}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x64 9.0.30729.5570
    "{86FDC3FD-C642-44AE-8758-1B5FAC688E33}" = TortoiseHg 2.3.1 (x64)
    "{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
    "{8E34682C-8118-31F1-BC4C-98CD9675E1C2}" = Microsoft .NET Framework 4 Extended
    "{90140000-002A-0000-1000-0000000FF1CE}" = Microsoft Office Office 64-bit Components 2010
    "{90140000-002A-040C-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (French) 2010
    "{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting
    "{C0C31BCC-56FB-42a7-8766-D29E1BD74C7d}" = Python 2.7.3 (64-bit)
    "{C69A835B-67A5-4542-AD24-FE36E3140BA9}" = Setup_msm_VOFS_x64
    "{D7C307E7-96A7-4BEE-ACF8-D795007E7C16}" = 64 Bit HP CIO Components Installer
    "{DA54F80E-261C-41A2-A855-549A144F2F59}" = Windows Live MIME IFilter
    "{E743BA71-5955-420B-AA52-67508054AD66}" = VAIO Update Merge Module x64
    "{EE936C7A-EA40-31D5-9B65-8E3E089C3828}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x64 9.0.30729.4148
    "{F2B186B7-DA7A-4AB2-A225-E18FC2EF09F2}" = ESET Endpoint Security
    "{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
    "{F83779DF-E1F5-43A2-A7BE-732F856FADB7}" = Microsoft SQL Server Compact 3.5 SP1 x64 English
    "{FA300000-0001-6400-0000-074957833700}" = ABBYY PDF Transformer 3.0
    "{FE4BE0BD-1EDB-4D24-9614-847B3C472887}" = Windows Live Family Safety
    "3366905E6EFF86120E12E2DB3F8F2EDC3B7F5003" = Package de pilotes Windows - Broadcom HIDClass (09/11/2009 6.3.0.1500)
    "C3D0C7A1290AAA6A45D0D0422262CE3370E27BE5" = Package de pilotes Windows - Broadcom Corporation (BTHUSB) Bluetooth (02/12/2010 6.3.0.3820)
    "CCleaner" = CCleaner
    "D9022850BCF278EAFBF9EDC8741DC09A1AE20B6B" = Package de pilotes Windows - Broadcom Corporation (BTHUSB) Bluetooth (02/28/2010 6.3.0.3850)
    "HECI" = Intel(R) Management Engine Interface
    "Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
    "Microsoft .NET Framework 4 Client Profile FRA Language Pack" = Module linguistique Microsoft .NET Framework 4 Client Profile FRA
    "Microsoft .NET Framework 4 Extended" = Microsoft .NET Framework 4 Extended
    "NVIDIA Drivers" = NVIDIA Drivers
    "WinHTTrack Website Copier_is1" = WinHTTrack Website Copier 3.44-1 (x64)

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
    "{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
    "{00B03993-F5A1-47B1-9C54-EC8FBDDDE17E}" = VAIO Care
    "{0214A441-A4AB-43A8-8DEF-2F73C5364673}" = Microsoft Works
    "{0489D044-6386-4BDF-9F98-577D60CF79DD}" = VAIO Entertainment Platform
    "{04EAE65A-CDCF-480F-B754-5C3A9364239C}" = Paramètres des fonctions d'origine VAIO
    "{06C05B90-2127-4933-8ABA-61833BDE13FA}" = Paramètres de contrôle du contenu VAIO
    "{0899D75A-C2FC-42EA-A702-5B9A5F24EAD5}" = VAIO Smart Network
    "{08E81ABD-79F7-49C2-881F-FD6CB0975693}" = Roxio Central Data
    "{09F56A49-A7B1-4AAB-95B9-D13094254AD1}" = Windows Live UX Platform Language Pack
    "{0B0F231F-CE6A-483D-AA23-77B364F75917}" = Windows Live Installer
    "{0E64B098-8018-4256-BA23-C316A43AD9B0}" = QuickTime
    "{1111706F-666A-4037-7777-211328764D10}" = JavaFX 2.1.1
    "{196BB40D-1578-3D01-B289-BEFC77A11A1E}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.30319
    "{1DD81E7D-0D28-4CEB-87B2-C041A4FCB215}" = Rapport
    "{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
    "{1F54DAFA-9261-4A62-B59D-6C9F26B48FE4}" = Roxio Central Tools
    "{1F6AB0E7-8CDD-4B93-8A23-AA9EB2FEFCE4}" = Junk Mail filter update
    "{200FEC62-3C34-4D60-9CE8-EC372E01C08F}" = Windows Live SOXE Definitions
    "{2075CB0A-D26F-4DAA-B424-5079296B43BA}" = Windows Live FolderShare
    "{22008CF9-2B54-4022-AFD8-3B7D42C89E6B}" = PMB VAIO Edition Plug-in
    "{26A24AE4-039D-4CA4-87B4-2F83216031FF}" = Java(TM) 6 Update 31
    "{26A24AE4-039D-4CA4-87B4-2F83217007FF}" = Java 7 Update 7
    "{28C2DED6-325B-4CC7-983A-1777C8F7FBAB}" = RealUpgrade 1.1
    "{2BDD5DFD-9F1F-4754-8BEB-A780D49E8C73}" = Sony Home Network Library
    "{3336F667-9049-4D46-98B6-4C743EEBC5B1}" = Windows Live Photo Gallery
    "{339F9B4D-00CB-4C1C-BED8-EC86A9AB602A}" = PMB VAIO Edition Guide
    "{34319F1F-7CF2-4CC9-B357-1AE7D2FF3AC5}" = Windows Live
    "{36C5BBF0-E5BF-4DE1-B684-7E90B0C93FB5}" = VAIO Care
    "{3898934B-05AE-41CD-96BE-70DA9BFBCE1F}" = Microsoft XNA Framework Redistributable 3.0
    "{3B20DD42-DA27-4615-8A27-501F5EA63393}_is1" = MD5 Checksum Tool 2.7
    "{3B9A92DA-6374-4872-B646-253F18624D5F}" = Windows Live Writer
    "{4475560E-9418-4908-A158-472D873AE139}" = LogMeIn
    "{488F0347-C4A7-4374-91A7-30818BEDA710}" = Galerie de photos Windows Live
    "{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
    "{4A221E47-E361-45C3-886A-7B2D7AD0E5AA}" = SOHLib Merge Module
    "{4CBABDFD-49F8-47FD-BE7D-ECDE7270525A}" = Windows Live PIMT Platform
    "{5006A0E8-B9B0-48DF-981A-41D005B3E937}" = Stata 12
    "{537BF16E-7412-448C-95D8-846E85A1D817}" = Roxio Easy Media Creator 10 LJ
    "{548D4E14-F59D-4FA3-A357-CE5BA0D41D34}" = Opera 11.01
    "{57B955CE-B5D3-495D-AF1B-FAEE0540BFEF}" = Outil de restauration de données VAIO
    "{596BED91-A1D8-4DF1-8CD1-1C777F7588AC}" = VAIO DVD Menu Data
    "{5A3C1721-F8ED-11E0-8AFB-B8AC6F97B88E}" = Google Earth
    "{5BEE8F1F-BD32-4553-8107-500439E43BD7}" = VAIO Update
    "{5DDAFB4B-C52E-468A-9E23-3B0CEEB671BF}" = Prise en charge du transfert VAIO
    "{6057E21C-ABE9-4059-AE3E-3BEB9925E660}" = Windows Live Messenger
    "{62687B11-58B5-4A18-9BC3-9DF4CE03F194}" = Windows Live Writer Resources
    "{63EC2120-1742-4625-AA47-C6A8AEC9C64C}" = Apple Application Support
    "{641DD10E-47E0-4A1D-B858-EF507F948C50}" = VAIO Hardware Diagnostics
    "{65B138AE-F636-4D4C-BA5D-A06E21E47C53}" = Clavier à distance avec PlayStation 3
    "{682B3E4F-696A-42DE-A41C-4C07EA1678B4}" = Windows Live SOXE
    "{6ACF0A95-340A-46D6-B1AC-F22CDB51F475}" = ArcSoft WebCam Message Board
    "{6D423AE8-0E7D-4703-8EF7-500C5D36FD7F}" = Sony Home Network Library
    "{6DEC8BD5-7574-47FA-B080-492BBBE2FEA3}" = Windows Live Movie Maker
    "{6FA8BA2C-052B-4072-B8E2-2302C268BE9E}" = VAIO Movie Story Template Data
    "{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
    "{72042FA6-5609-489F-A8EA-3C2DD650F667}" = VAIO Control Center
    "{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
    "{72BF1DA0-2B00-4794-9173-159722019B74}" = CyberLink YouPaint
    "{73A4F29F-31AC-4EBD-AA1B-0CC5F18C8F83}" = Roxio Central Audio
    "{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
    "{7770E71B-2D43-4800-9CB3-5B6CAAEBEBEA}" = RealNetworks - Microsoft Visual C++ 2008 Runtime
    "{7BB90344-0647-468E-925A-7F69F7983421}" = ArcSoft Magic-I Visual Effects 2
    "{803E4FA5-A940-4420-B89D-A8BC2E160247}" = Gestion de l’alimentation de VAIO
    "{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
    "{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
    "{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT
    "{8DE50158-80AA-4FF2-9E9F-0A7C46F71FCD}" = VAIO Media plus
    "{8FF90DB8-6DED-44A3-B182-244FEC09012F}" = Microsoft Touch Pack for Windows 7
    "{90120000-0020-040C-0000-0000000FF1CE}" = Module de compatibilité pour Microsoft Office System 2007
    "{90140000-0015-040C-0000-0000000FF1CE}" = Microsoft Office Access MUI (French) 2010
    "{90140000-0015-040C-0000-0000000FF1CE}_Office14.PROPLUSR_{C3AE9E57-4CD3-44FB-802F-9B461B26E3EB}" = Microsoft Office 2010 Service Pack 1 (SP1)
    "{90140000-0016-040C-0000-0000000FF1CE}" = Microsoft Office Excel MUI (French) 2010
    "{90140000-0016-040C-0000-0000000FF1CE}_Office14.PROPLUSR_{C3AE9E57-4CD3-44FB-802F-9B461B26E3EB}" = Microsoft Office 2010 Service Pack 1 (SP1)
    "{90140000-0018-040C-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (French) 2010
    "{90140000-0018-040C-0000-0000000FF1CE}_Office14.PROPLUSR_{C3AE9E57-4CD3-44FB-802F-9B461B26E3EB}" = Microsoft Office 2010 Service Pack 1 (SP1)
    "{90140000-0019-040C-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (French) 2010
    "{90140000-0019-040C-0000-0000000FF1CE}_Office14.PROPLUSR_{C3AE9E57-4CD3-44FB-802F-9B461B26E3EB}" = Microsoft Office 2010 Service Pack 1 (SP1)
    "{90140000-001A-040C-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (French) 2010
    "{90140000-001A-040C-0000-0000000FF1CE}_Office14.PROPLUSR_{C3AE9E57-4CD3-44FB-802F-9B461B26E3EB}" = Microsoft Office 2010 Service Pack 1 (SP1)
    "{90140000-001B-040C-0000-0000000FF1CE}" = Microsoft Office Word MUI (French) 2010
    "{90140000-001B-040C-0000-0000000FF1CE}_Office14.PROPLUSR_{C3AE9E57-4CD3-44FB-802F-9B461B26E3EB}" = Microsoft Office 2010 Service Pack 1 (SP1)
    "{90140000-001F-0401-0000-0000000FF1CE}" = Microsoft Office Proof (Arabic) 2010
    "{90140000-001F-0401-0000-0000000FF1CE}_Office14.PROPLUSR_{1A43C155-3DDA-43C9-92C5-0E7D0B2B156D}" = Microsoft Office 2010 Service Pack 1 (SP1)
    "{90140000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2010
    "{90140000-001F-0407-0000-0000000FF1CE}_Office14.PROPLUSR_{65A2328E-FDFB-4CA3-8582-357EA6825FEA}" = Microsoft Office 2010 Service Pack 1 (SP1)
    "{90140000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2010
    "{90140000-001F-0409-0000-0000000FF1CE}_Office14.PROPLUSR_{99ACCA38-6DD3-48A8-96AE-A283C9759279}" = Microsoft Office 2010 Service Pack 1 (SP1)
    "{90140000-001F-0409-0000-0000000FF1CE}_Office14.SingleImage_{99ACCA38-6DD3-48A8-96AE-A283C9759279}" = Microsoft Office 2010 Service Pack 1 (SP1)
    "{90140000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2010
    "{90140000-001F-040C-0000-0000000FF1CE}_Office14.PROPLUSR_{46298F6A-1E7E-4D4A-B5F5-106A4F0E48C6}" = Microsoft Office 2010 Service Pack 1 (SP1)
    "{90140000-001F-0413-0000-0000000FF1CE}" = Microsoft Office Proof (Dutch) 2010
    "{90140000-001F-0413-0000-0000000FF1CE}_Office14.PROPLUSR_{5072FEA2-862C-4BF0-9654-CB0DCBE2BE28}" = Microsoft Office 2010 Service Pack 1 (SP1)
    "{90140000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2010
    "{90140000-001F-0C0A-0000-0000000FF1CE}_Office14.PROPLUSR_{DEA87BE2-FFCC-4F33-9946-FCBE55A1E998}" = Microsoft Office 2010 Service Pack 1 (SP1)
    "{90140000-002A-0000-1000-0000000FF1CE}_Office14.PROPLUSR_{967EF02C-5C7E-4718-8FCB-BDC050190CCF}" = Microsoft Office 2010 Service Pack 1 (SP1)
    "{90140000-002A-0000-1000-0000000FF1CE}_Office14.SingleImage_{967EF02C-5C7E-4718-8FCB-BDC050190CCF}" = Microsoft Office 2010 Service Pack 1 (SP1)
    "{90140000-002A-040C-1000-0000000FF1CE}_Office14.PROPLUSR_{0CCCD9C7-637C-41CA-A293-6E9992109B09}" = Microsoft Office 2010 Service Pack 1 (SP1)
    "{90140000-002C-040C-0000-0000000FF1CE}" = Microsoft Office Proofing (French) 2010
    "{90140000-002C-040C-0000-0000000FF1CE}_Office14.PROPLUSR_{C8E4AA87-3E5A-4C70-8CB7-43FE25C99B74}" = Microsoft Office 2010 Service Pack 1 (SP1)
    "{90140000-003D-0000-0000-0000000FF1CE}" = Microsoft Office Single Image 2010
    "{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{047B0968-E622-4FAA-9B4B-121FA109EDDE}" = Microsoft Office 2010 Service Pack 1 (SP1)
    "{90140000-0044-040C-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (French) 2010
    "{90140000-0044-040C-0000-0000000FF1CE}_Office14.PROPLUSR_{C3AE9E57-4CD3-44FB-802F-9B461B26E3EB}" = Microsoft Office 2010 Service Pack 1 (SP1)
    "{90140000-006E-040C-0000-0000000FF1CE}" = Microsoft Office Shared MUI (French) 2010
    "{90140000-006E-040C-0000-0000000FF1CE}_Office14.PROPLUSR_{7C5C7E8C-F6D2-43AC-93A4-89E4FF7367E6}" = Microsoft Office 2010 Service Pack 1 (SP1)
    "{90140000-00A1-040C-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (French) 2010
    "{90140000-00A1-040C-0000-0000000FF1CE}_Office14.PROPLUSR_{C3AE9E57-4CD3-44FB-802F-9B461B26E3EB}" = Microsoft Office 2010 Service Pack 1 (SP1)
    "{90140000-00BA-040C-0000-0000000FF1CE}" = Microsoft Office Groove MUI (French) 2010
    "{90140000-00BA-040C-0000-0000000FF1CE}_Office14.PROPLUSR_{C3AE9E57-4CD3-44FB-802F-9B461B26E3EB}" = Microsoft Office 2010 Service Pack 1 (SP1)
    "{90140000-00D1-040C-0000-0000000FF1CE}" = Microsoft Access database engine 2010 (French)
    "{90140000-2005-0000-0000-0000000FF1CE}" = Microsoft Office File Validation Add-In
    "{91140000-0011-0000-0000-0000000FF1CE}" = Microsoft Office Professional Plus 2010
    "{91140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUSR_{047B0968-E622-4FAA-9B4B-121FA109EDDE}" = Microsoft Office 2010 Service Pack 1 (SP1)
    "{9238E8A4-BEBA-43A3-B926-769BDBF194C5}" = VAIO Media plus Opening Movie
    "{92EA4134-10D1-418A-91E1-5A0453131A38}" = Windows Live Movie Maker
    "{95120000-00AF-040C-0000-0000000FF1CE}" = Microsoft Office PowerPoint Viewer 2007 (French)
    "{96D0B6C6-5A72-4B47-8583-A87E55F5FE81}" =
    "{98F2FA0E-923A-48C2-8EC7-62BD97E38FC0}" = VAIO Data Restore Tool
    "{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
    "{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
    "{9D56775A-93F3-44A3-8092-840E3826DE30}" = Windows Live Mail
    "{9FAE6E8D-E686-49F5-A574-0A58DFD9580C}" = Windows Live Mail
    "{A6B90666-2A1F-49E8-A40E-27EAAD11C096}" = Sony Home Network Library
    "{A726AE06-AAA3-43D1-87E3-70F510314F04}" = Windows Live Writer
    "{A7C30414-2382-4086-B0D6-01A88ABA21C3}" = VAIO Gate
    "{A7DA438C-2E43-4C20-BFDA-C1F4A6208558}" = Setting Utility Series
    "{A91E3887-5185-4091-AF33-AB0048444055}" = Microsoft Online Services - Connexion
    "{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
    "{A9BDCA6B-3653-467B-AC83-94367DA3BFE3}" = Windows Live Photo Common
    "{AAAFC670-569B-4A2F-82B4-42945E0DE3EF}" = Windows Live Writer
    "{AC76BA86-7AD7-1036-7B44-AA1000000001}" = Adobe Reader X (10.1.4) - Français
    "{B6A26DE5-F2B5-4D58-9570-4FC760E00FCD}" = Roxio Central Copy
    "{B6A98E5F-D6A7-46FB-9E9D-1F7BF443491C}" = PMB
    "{B7546697-2A80-4256-A24B-1C33163F535B}" = VAIO Gate Default
    "{C416CBB4-00BA-4E78-878A-590C5FD4A7A1}" = VAIO Media plus
    "{C6579A65-9CAE-4B31-8B6B-3306E0630A66}" = Apple Software Update
    "{C7477742-DDB4-43E5-AC8D-0259E1E661B1}" = VAIO Event Service
    "{C893D8C0-1BA0-4517-B11C-E89B65E72F70}" = Windows Live Photo Common
    "{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2}" = Windows Live UX Platform
    "{D0B44725-3666-492D-BEF6-587A14BD9BD9}" = MSVCRT_amd64
    "{D2D23D08-D10E-43D6-883C-78E0B2AC9CC6}" = VU5x86
    "{D45240D3-B6B3-4FF9-B243-54ECE3E10066}" = Windows Live Communications Platform
    "{D531F5A4-18F6-4130-B9A4-9179D6E349FC}" = VAIO Care
    "{D60F97EC-EF06-4E1E-B0D1-C2CBABA62FA3}" = VAIO Wallpaper Contents
    "{DD88F979-FA58-41AC-980C-A6E1A82B61D9}" = Media Gallery
    "{DE8AAC73-6D8D-483E-96EA-CAEDDADB9079}" = ArcSoft WebCam Companion 3
    "{DED01768-E634-11E1-AEB0-984BE15F174E}" = Evernote v. 4.5.8
    "{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10
    "{E50AE784-FABE-46DA-A1F8-7B6B56DCB22E}" = Microsoft Office Suite Activation Assistant
    "{E59113EB-0285-4BFD-A37A-B79EAC6B8F4B}" = Microsoft SQL Server Compact 3.5 SP1 English
    "{EB4DF488-AAEF-406F-A341-CB2AAA315B90}" = Windows Live Messenger
    "{ED439A64-F018-4DD4-8BA5-328D85AB09AB}" = Roxio Central Core
    "{EE7257A2-39A2-4D2F-9DAC-F9F25B8AE1D8}" = Skype™ 5.10
    "{EFBA1469-E0DA-4825-96AB-12B2988E9A28}" = Media Gallery
    "{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
    "{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
    "{F40BBEC7-C2A4-4A00-9B24-7A055A2C5262}" = Microsoft Office Live Add-in 1.5
    "{FB77DB0C-6951-47B6-9D80-A0FDBEE0334C}" =
    "{FE51662F-D8F6-43B5-99D9-D4894AF00F83}" = Roxio Easy Media Creator Home
    "{FF228206-8C64-4FEB-B0D0-544B5B7B0C1B}" = Tcu
    "7-Zip" = 7-Zip 9.20
    "ABBYY PDF Transformer 3.0" = ABBYY PDF Transformer 3.0
    "Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
    "Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
    "BabylonToolbar" = Babylon toolbar on IE
    "DSMT6" = MathType 6
    "DSTE4" = TeXaide 4
    "GPL Ghostscript 8.71" = GPL Ghostscript 8.71
    "GSview 4.9" = GSview 4.9
    "InstallShield_{22008CF9-2B54-4022-AFD8-3B7D42C89E6B}" = VAIO - PMB VAIO Edition Plug-in
    "InstallShield_{339F9B4D-00CB-4C1C-BED8-EC86A9AB602A}" = VAIO - PMB VAIO Edition Guide
    "InstallShield_{6FA8BA2C-052B-4072-B8E2-2302C268BE9E}" = VAIO Movie Story Template Data
    "InstallShield_{72BF1DA0-2B00-4794-9173-159722019B74}" = CyberLink YouPaint
    "latex2rtf" = LaTeX2RTF
    "Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware version 1.65.0.1400
    "MiKTeX 2.8" = MiKTeX 2.8
    "MiKTeX 2.9" = MiKTeX 2.9
    "Mozilla Firefox 14.0.1 (x86 fr)" = Mozilla Firefox 14.0.1 (x86 fr)
    "MozillaMaintenanceService" = Mozilla Maintenance Service
    "Notepad++" = Notepad++
    "ODIR_is1" = ODIR
    "Office14.PROPLUSR" = Microsoft Office Professionnel Plus 2010
    "Office14.SingleImage" = Microsoft Office Professionnel 2010
    "Philcarto" = Philcarto5.01
    "PostGIS 1.5 for PostgreSQL 8.4" = PostGIS 1.5.3 for PostgreSQL 8.4 (remove only)
    "PostgreSQL 8.4" = PostgreSQL 8.4
    "Quantum GIS Lisboa" = Quantum GIS Lisboa 1.8.0 Lisboa
    "Rapport_msi" = Rapport
    "RealPlayer 12.0" = RealPlayer
    "sed-4.2.1_is1" = GnuWin32: sed-4.2.1
    "SnadBoy's Revelation v2" = SnadBoy's Revelation v2
    "SyncBack_is1" = SyncBack
    "Texmaker" = Texmaker
    "TeXnicCenter_is1" = TeXnicCenter Version 1.0 Stable RC1
    "TileMill" = TileMill 0.10.0
    "VAIO Help and Support" =
    "VAIO Premium Partners" = VAIO Premium Partners
    "VAIO screensaver" = VAIO screensaver
    "VLC media player" = VLC media player 1.1.7
    "WinGimp-2.0_is1" = GIMP 2.6.11
    "WinLiveSuite" = Windows Live

    ========== HKEY_CURRENT_USER Uninstall List ==========

    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
    "Dropbox" = Dropbox
    "Google Chrome" = Google Chrome
    "Spotify" = Spotify
    "UnityWebPlayer" = Unity Web Player

    ========== Last 20 Event Log Errors ==========

    [ Application Events ]
    Error - 24/10/2011 04:23:31 | Computer Name = EMMANUEL.economix.local | Source = Application Error | ID = 1000
    Description = Nom de l’application défaillante AcroRd32.exe, version : 10.1.1.33,
    horodatage : 0x4e64e4e2 Nom du module défaillant : AcroRd32.dll, version : 10.1.1.33,
    horodatage : 0x4e64f98b Code d’exception : 0xc0000005 Décalage d’erreur : 0x00021b12
    ID
    du processus défaillant : 0x1954 Heure de début de l’application défaillante : 0x01cc9226025a3f1c
    Chemin
    d’accès de l’application défaillante : C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AcroRd32.exe
    Chemin
    d’accès du module défaillant: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AcroRd32.dll
    ID
    de rapport : 748b8c62-fe19-11e0-8de0-f07bcbac6a41

    Error - 25/10/2011 05:35:34 | Computer Name = EMMANUEL.economix.local | Source = Application Error | ID = 1000
    Description = Nom de l’application défaillante plugin-container.exe, version : 7.0.1.4288,
    horodatage : 0x4e83b8cd Nom du module défaillant : NPSWF32.dll, version : 11.0.1.152,
    horodatage : 0x4e7d14af Code d’exception : 0xc0000005 Décalage d’erreur : 0x00198024
    ID
    du processus défaillant : 0x2bc Heure de début de l’application défaillante : 0x01cc92ea292c3fbe
    Chemin
    d’accès de l’application défaillante : C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe
    Chemin
    d’accès du module défaillant: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll ID
    de rapport : aff40b99-feec-11e0-8dc1-f07bcbac6a41

    Error - 03/11/2011 04:59:20 | Computer Name = EMMANUEL.economix.local | Source = Application Error | ID = 1000
    Description = Nom de l’application défaillante plugin-container.exe, version : 7.0.1.4288,
    horodatage : 0x4e83b8cd Nom du module défaillant : NPSWF32.dll, version : 11.0.1.152,
    horodatage : 0x4e7d14af Code d’exception : 0xc0000005 Décalage d’erreur : 0x00198024
    ID
    du processus défaillant : 0x1af8 Heure de début de l’application défaillante : 0x01cc9a01c5f6de07
    Chemin
    d’accès de l’application défaillante : C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe
    Chemin
    d’accès du module défaillant: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll ID
    de rapport : 1d83c18f-05fa-11e1-8def-f07bcbac6a41

    Error - 07/11/2011 05:19:59 | Computer Name = EMMANUEL.economix.local | Source = Application Hang | ID = 1002
    Description = Le programme SoftwareUpdate.exe version 2.1.3.127 a cessé d’interagir
    avec Windows et a été fermé. Pour déterminer si des informations supplémentaires
    sont disponibles, consultez l’historique du problème dans le Centre de maintenance.

    ID
    de processus : 1244 Heure de début : 01cc9d2864376ba3 Heure de fin : 15 Chemin d’accès
    de l’application : C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe

    ID
    de rapport :

    Error - 05/12/2011 09:27:47 | Computer Name = EMMANUEL.economix.local | Source = Application Hang | ID = 1002
    Description = Le programme notepad++.exe version 5.7.0.0 a cessé d’interagir avec
    Windows et a été fermé. Pour déterminer si des informations supplémentaires sont
    disponibles, consultez l’historique du problème dans le Centre de maintenance. ID
    de processus : 794 Heure de début : 01ccb32bd866c03c Heure de fin : 15 Chemin d’accès
    de l’application : C:\Program Files (x86)\Notepad++\notepad++.exe ID de rapport
    : e5eb8b6c-1f44-11e1-bd71-f07bcbac6a41

    Error - 05/12/2011 10:45:08 | Computer Name = EMMANUEL.economix.local | Source = Application Error | ID = 1000
    Description = Nom de l’application défaillante plugin-container.exe, version : 8.0.0.4325,
    horodatage : 0x4eb4a91a Nom du module défaillant : NPSWF32.dll, version : 11.1.102.55,
    horodatage : 0x4eaf86ce Code d’exception : 0xc0000005 Décalage d’erreur : 0x00198824
    ID
    du processus défaillant : 0x1110 Heure de début de l’application défaillante : 0x01ccb329ad4be859
    Chemin
    d’accès de l’application défaillante : C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe
    Chemin
    d’accès du module défaillant: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll ID
    de rapport : b97978b8-1f4f-11e1-bd71-f07bcbac6a41

    Error - 29/12/2011 09:24:06 | Computer Name = EMMANUEL.economix.local | Source = SideBySide | ID = 16842785
    Description = La création du contexte d’activation a échoué pour « C:\Windows\Installer\{0214A441-A4AB-43A8-8DEF-2F73C5364673}\WksCal.exe ».
    Assembly
    dépendant msadctls,processorArchitecture="x86",type="win32",version="1.0.1801.0"
    introuvable. Utilisez sxstrace.exe pour un diagnostic détaillé.

    Error - 30/12/2011 06:11:18 | Computer Name = EMMANUEL.economix.local | Source = Application Error | ID = 1000
    Description = Nom de l’application défaillante plugin-container.exe, version : 9.0.1.4371,
    horodatage : 0x4ef15e07 Nom du module défaillant : NPSWF32.dll, version : 11.1.102.55,
    horodatage : 0x4eaf86ce Code d’exception : 0xc0000005 Décalage d’erreur : 0x00198824
    ID
    du processus défaillant : 0x1458 Heure de début de l’application défaillante : 0x01ccc6d0336ff2b8
    Chemin
    d’accès de l’application défaillante : C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe
    Chemin
    d’accès du module défaillant: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll ID
    de rapport : 9d29b9dd-32ce-11e1-abad-f07bcbac6a41

    Error - 10/02/2012 05:20:02 | Computer Name = EMMANUEL.economix.local | Source = Application Hang | ID = 1002
    Description = Le programme gimp-2.6.exe version 0.0.0.0 a cessé d’interagir avec
    Windows et a été fermé. Pour déterminer si des informations supplémentaires sont
    disponibles, consultez l’historique du problème dans le Centre de maintenance. ID
    de processus : 15fc Heure de début : 01cce7d50d6c5165 Heure de fin : 8 Chemin d’accès
    de l’application : C:\Program Files (x86)\GIMP-2.0\bin\gimp-2.6.exe ID de rapport
    : 5ceb253e-53c8-11e1-943f-f07bcbac6a41

    Error - 10/02/2012 09:13:30 | Computer Name = EMMANUEL.economix.local | Source = Application Error | ID = 1000
    Description = Nom de l’application défaillante plugin-container.exe, version : 10.0.0.4411,
    horodatage : 0x4f25484e Nom du module défaillant : NPSWF32.dll, version : 11.1.102.55,
    horodatage : 0x4eaf86ce Code d’exception : 0xc0000005 Décalage d’erreur : 0x00198824
    ID
    du processus défaillant : 0x958 Heure de début de l’application défaillante : 0x01cce7ce5a790b3e
    Chemin
    d’accès de l’application défaillante : C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe
    Chemin
    d’accès du module défaillant: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll ID
    de rapport : 05f2828d-53e9-11e1-943f-f07bcbac6a41

    [ System Events ]
    Error - 28/09/2012 03:11:37 | Computer Name = EMMANUEL.economix.local | Source = Service Control Manager | ID = 7009
    Description = Le dépassement de délai (30000 millisecondes) a été atteint lors de
    l’attente de la connexion du service Roxio Upnp Server 10.

    Error - 28/09/2012 03:13:50 | Computer Name = EMMANUEL.economix.local | Source = Service Control Manager | ID = 7022
    Description = Le service VAIO Care Performance Service est en attente de démarrage.

    Error - 01/10/2012 02:53:47 | Computer Name = EMMANUEL.economix.local | Source = Service Control Manager | ID = 7023
    Description = Le service Publication des ressources de découverte de fonctions s’est
    arrêté avec l’erreur : %%-2147024891

    Error - 01/10/2012 02:53:49 | Computer Name = EMMANUEL.economix.local | Source = Service Control Manager | ID = 7023
    Description = Le service Explorateur d’ordinateurs s’est arrêté avec l’erreur :
    %%1060

    Error - 01/10/2012 02:55:27 | Computer Name = EMMANUEL.economix.local | Source = DCOM | ID = 10016
    Description =

    Error - 01/10/2012 02:56:07 | Computer Name = EMMANUEL.economix.local | Source = Service Control Manager | ID = 7009
    Description = Le dépassement de délai (30000 millisecondes) a été atteint lors de
    l’attente de la connexion du service Roxio Upnp Server 10.

    Error - 02/10/2012 02:37:35 | Computer Name = EMMANUEL.economix.local | Source = Service Control Manager | ID = 7023
    Description = Le service Publication des ressources de découverte de fonctions s’est
    arrêté avec l’erreur : %%-2147024891

    Error - 02/10/2012 02:37:35 | Computer Name = EMMANUEL.economix.local | Source = Service Control Manager | ID = 7023
    Description = Le service Explorateur d’ordinateurs s’est arrêté avec l’erreur :
    %%1060

    Error - 02/10/2012 02:38:55 | Computer Name = EMMANUEL.economix.local | Source = DCOM | ID = 10016
    Description =

    Error - 02/10/2012 02:40:10 | Computer Name = EMMANUEL.economix.local | Source = Service Control Manager | ID = 7009
    Description = Le dépassement de délai (30000 millisecondes) a été atteint lors de
    l’attente de la connexion du service Roxio Upnp Server 10.


    < End of report >
     
  16. Jay Pfoutz

    Jay Pfoutz Malware Helper Posts: 4,286   +49

    Please delete your copy of ComboFix, download a new one, run a scan, and post a new log. Sirefef is back.

    Please also do the following to rid the adware:

    Download AdwCleaner by Xplode onto your Desktop.
    • Double click on AdwCleaner.exe to run the tool.
    • Click on Delete.
    • A logfile will automatically open after the scan has finished.
    • Please post the content of that logfile in your reply.
    • You can find the logfile at C:\AdwCleaner[Rn].txt as well - n is the order number.
     
  17. Aerbach

    Aerbach TS Rookie Topic Starter Posts: 18

    The ComboFix scan took quite a while. The log is pasted below. AdwCleaner ended up with an AutoIt Error: Subscript used with non-Array variable.

    ComboFix 12-10-02.01 - e.frot 02/10/2012 10:29:25.2.2 - x64
    Microsoft Windows 7 Professionnel 6.1.7601.1.1252.33.1036.18.8127.5895 [GMT 2:00]
    Lancé depuis: c:\users\e.frot\Desktop\ComboFix.exe
    AV: ESET Endpoint Security 5.0 *Disabled/Updated* {77DEAFED-8149-104B-25A1-21771CA47CD1}
    FW: Pare-feu personnel d'ESET *Disabled* {4FE52EC8-CB26-1113-0EFE-8842E2773BAA}
    SP: ESET Endpoint Security 5.0 *Disabled/Updated* {CCBF4E09-A773-1FC5-1F11-1A056723366C}
    SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
    .
    .
    ((((((((((((((((((((((((((((( Fichiers créés du 2012-09-02 au 2012-10-02 ))))))))))))))))))))))))))))))))))))
    .
    .
    2012-10-02 09:12 . 2012-10-02 09:12--------d-----w-c:\users\postgres\AppData\Local\temp
    2012-10-02 09:12 . 2012-10-02 09:12--------d-----w-c:\users\m.stryszowska\AppData\Local\temp
    2012-10-02 09:12 . 2012-10-02 09:12--------d-----w-c:\users\Emmanuel Frot\AppData\Local\temp
    2012-10-02 09:12 . 2012-10-02 09:12--------d-----w-c:\users\E7590~1~FRO\AppData\Local\temp
    2012-10-02 09:12 . 2012-10-02 09:12--------d-----w-c:\users\Default\AppData\Local\temp
    2012-10-02 09:12 . 2012-10-02 09:12--------d-----w-c:\users\administrateur\AppData\Local\temp
    2012-10-02 06:46 . 2012-10-02 06:46--------d-----w-c:\program files (x86)\Malwarebytes' Anti-Malware
    2012-10-02 06:46 . 2012-09-07 15:0425928----a-w-c:\windows\system32\drivers\mbam.sys
    2012-09-27 14:41 . 2012-08-21 21:01245760----a-w-c:\windows\system32\OxpsConverter.exe
    2012-09-27 14:31 . 2012-10-02 09:14--------d-----w-c:\users\e.frot\AppData\Local\temp
    2012-09-27 09:35 . 2012-09-27 09:37--------d-----w-c:\program files (x86)\TileMill-v0.10.0
    2012-09-26 13:05 . 2012-09-26 13:05--------d-----w-C:\TDSSKiller_Quarantine
    2012-09-26 08:03 . 2012-08-21 09:12285328----a-w-c:\windows\system32\aswBoot.exe
    2012-09-26 08:02 . 2012-09-27 06:47--------d-----w-c:\programdata\AVAST Software
    2012-09-26 08:02 . 2012-09-26 08:02--------d-----w-c:\program files\AVAST Software
    2012-09-20 11:37 . 2012-09-20 11:37--------d-sh--w-c:\windows\SysWow64\%APPDATA%
    2012-09-20 11:34 . 2012-09-27 07:42--------d-----w-c:\program files\ESET
    2012-09-20 11:08 . 2012-09-20 11:08307----a-w-C:\user.js
    2012-09-20 11:08 . 2012-09-20 11:08--------d-----w-c:\program files (x86)\BabylonToolbar
    2012-09-20 11:08 . 2012-09-20 11:13--------d-----w-c:\users\e.frot\AppData\Roaming\Media Finder
    2012-09-20 11:07 . 2012-09-20 11:07--------d-----w-c:\programdata\Babylon
    2012-09-20 11:07 . 2012-09-20 11:07--------d-----w-c:\users\e.frot\AppData\Roaming\Babylon
    2012-09-20 10:55 . 2012-09-20 10:55--------d-----w-c:\programdata\ODIR
    2012-09-20 10:55 . 2012-09-20 10:55--------d-----w-c:\program files (x86)\ODIR
    2012-09-20 10:55 . 2000-12-05 22:00209608----a-w-c:\windows\SysWow64\Tabctl32.ocx
    2012-09-20 10:55 . 1999-03-25 23:00101888----a-w-c:\windows\SysWow64\VB6STKIT.DLL
    2012-09-20 09:41 . 2012-09-20 09:41--------d-----w-c:\users\administrateur\AppData\Local\ElevatedDiagnostics
    2012-09-20 09:29 . 2012-09-20 09:29--------d-----w-c:\users\administrateur\AppData\Local\ESET
    2012-09-20 09:29 . 2012-09-20 09:35--------d-----w-c:\users\administrateur\AppData\Roaming\TortoiseHg
    2012-09-20 09:29 . 2012-09-20 09:29--------d-----w-c:\users\administrateur\AppData\Roaming\Apple Computer
    2012-09-20 09:29 . 2012-09-20 09:29--------d-----w-c:\users\administrateur\AppData\Local\LogMeIn
    2012-09-20 09:28 . 2012-09-20 09:28--------d-----w-c:\users\administrateur\AppData\Local\Trusteer
    2012-09-19 08:54 . 2012-09-19 08:54--------d-----w-c:\users\e.frot\AppData\Local\ESET
    2012-09-19 08:24 . 2012-09-19 08:24--------d-----w-c:\windows\PCHEALTH
    2012-09-19 08:24 . 2012-09-19 08:24--------d-----w-c:\program files (x86)\Microsoft Sync Framework
    2012-09-19 08:13 . 2012-09-19 08:13--------d-----w-c:\program files (x86)\Microsoft Visual Studio 8
    2012-09-19 08:12 . 2012-09-19 08:12--------d-----w-c:\program files (x86)\Microsoft Analysis Services
    2012-09-17 07:19 . 2012-08-21 11:0133240----a-w-c:\windows\system32\drivers\GEARAspiWDM.sys
    2012-09-17 07:19 . 2012-09-17 07:19--------d-----w-c:\program files\iPod
    2012-09-17 07:19 . 2012-09-17 07:19--------d-----w-c:\programdata\34BE82C4-E596-4e99-A191-52C6199EBF69
    2012-09-17 07:19 . 2012-09-17 07:19--------d-----w-c:\program files\iTunes
    2012-09-17 07:19 . 2012-09-17 07:19--------d-----w-c:\program files (x86)\iTunes
    2012-09-13 06:52 . 2012-08-22 18:12950128----a-w-c:\windows\system32\drivers\ndis.sys
    2012-09-13 06:52 . 2012-07-04 20:2641472----a-w-c:\windows\system32\drivers\RNDISMP.sys
    2012-09-13 06:52 . 2012-08-02 17:58574464----a-w-c:\windows\system32\d3d10level9.dll
    2012-09-13 06:52 . 2012-08-02 16:57490496----a-w-c:\windows\SysWow64\d3d10level9.dll
    2012-09-13 06:52 . 2012-08-22 18:121913200----a-w-c:\windows\system32\drivers\tcpip.sys
    2012-09-13 06:52 . 2012-08-22 18:12376688----a-w-c:\windows\system32\drivers\netio.sys
    2012-09-13 06:52 . 2012-08-22 18:12288624----a-w-c:\windows\system32\drivers\FWPKCLNT.SYS
    2012-09-06 08:03 . 2012-09-06 08:11--------d-----w-c:\program files (x86)\Stata12
    2012-09-04 07:34 . 2012-09-04 07:34--------d-----w-c:\program files (x86)\Common Files\Java
    2012-09-04 07:33 . 2012-09-04 07:3395208----a-w-c:\windows\SysWow64\WindowsAccessBridge-32.dll
    .
    .
    .
    (((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2012-09-21 15:04 . 2012-04-04 07:04696240----a-w-c:\windows\SysWow64\FlashPlayerApp.exe
    2012-09-21 15:04 . 2011-05-24 06:5973136----a-w-c:\windows\SysWow64\FlashPlayerCPLApp.cpl
    2012-09-19 08:23 . 2010-08-12 11:1172860----a-w-c:\programdata\bdinstall.bin
    2012-09-13 16:22 . 2010-08-13 12:4864462936----a-w-c:\windows\system32\MRT.exe
    2012-09-07 09:07 . 2011-05-04 07:18101688----a-w-c:\windows\system32\drivers\RapportKE64.sys
    2012-09-04 07:33 . 2012-06-25 13:24821736----a-w-c:\windows\SysWow64\npDeployJava1.dll
    2012-09-04 07:33 . 2010-09-28 07:23746984----a-w-c:\windows\SysWow64\deployJava1.dll
    2012-08-21 11:01 . 2011-06-08 08:35125872----a-w-c:\windows\system32\GEARAspi64.dll
    2012-08-21 11:01 . 2011-06-08 08:35106928----a-w-c:\windows\SysWow64\GEARAspi.dll
    2012-07-18 18:15 . 2012-08-20 07:383148800----a-w-c:\windows\system32\win32k.sys
    2012-07-12 07:45 . 2010-09-21 13:5287488----a-w-c:\windows\system32\LMIRfsClientNP.dll
    2012-07-12 07:45 . 2010-09-21 13:5234720----a-w-c:\windows\system32\LMIport.dll
    2012-07-12 07:45 . 2010-09-21 13:5180800----a-w-c:\windows\system32\LMIinit.dll
    2012-07-10 08:16 . 2012-07-10 08:16213416----a-w-c:\windows\system32\drivers\eamonm.sys
    2012-07-10 08:16 . 2012-07-10 08:16179920----a-w-c:\windows\system32\drivers\edevmon.sys
    2012-07-09 11:42 . 2012-07-09 11:424547984----a-w-c:\windows\system32\usbaaplrc.dll
    2012-07-09 11:42 . 2012-07-09 11:4252736----a-w-c:\windows\system32\drivers\usbaapl64.sys
    2012-07-06 20:07 . 2012-08-20 16:52552960----a-w-c:\windows\system32\drivers\bthport.sys
    2012-07-04 22:16 . 2012-08-20 07:3873216----a-w-c:\windows\system32\netapi32.dll
    2012-07-04 22:13 . 2012-08-20 07:3859392----a-w-c:\windows\system32\browcli.dll
    2012-07-04 22:13 . 2012-08-20 07:38136704----a-w-c:\windows\system32\browser.dll
    2012-07-04 21:14 . 2012-08-20 07:3841984----a-w-c:\windows\SysWow64\browcli.dll
    2010-07-08 08:37 . 2010-07-08 08:37101544----a-w-c:\program files\Common Files\LinkInstaller.exe
    .
    .
    ((((((((((((((((((((((((((((((((( Points de chargement Reg ))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    *Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés
    REGEDIT4
    .
    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "Spotify Web Helper"="c:\users\e.frot\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe" [2012-09-19 1193176]
    "Adobe Reader Synchronizer"="c:\program files (x86)\Adobe\Reader 10.0\Reader\AdobeCollabSync.exe" [2012-07-27 1261512]
    "GoogleChromeAutoLaunch_A9631577BE348CFE759D552FD766CD02"="c:\users\e.frot\AppData\Local\Google\Chrome\Application\chrome.exe" [2012-09-25 1239064]
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
    "PMBVolumeWatcher"="c:\program files (x86)\Sony\PMB\PMBVolumeWatcher.exe" [2010-01-21 597792]
    "SignIn"="c:\program files (x86)\Microsoft Online Services\Sign In\SignIn.exe" [2010-03-09 1734512]
    "Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-07-27 919008]
    "APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-08-27 59280]
    "TkBellExe"="c:\program files (x86)\Real\RealPlayer\update\realsched.exe" [2011-10-31 273528]
    "QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2012-04-18 421888]
    "SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2012-07-03 252848]
    "iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2012-09-09 421776]
    "BCSSync"="c:\program files (x86)\Microsoft Office\Office14\BCSSync.exe" [2010-03-13 91520]
    .
    c:\users\Emmanuel Frot\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
    Dropbox.lnk - c:\users\e.frot\AppData\Roaming\Dropbox\bin\Dropbox.exe [2012-7-25 26909544]
    .
    c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
    Microsoft Outlook 2010.lnk - c:\windows\Installer\{90140000-003D-0000-0000-0000000FF1CE}\outicon.exe [2012-9-25 303456]
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
    "ConsentPromptBehaviorAdmin"= 5 (0x5)
    "ConsentPromptBehaviorUser"= 3 (0x3)
    "EnableUIADesktopToggle"= 0 (0x0)
    .
    [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]
    "LoadAppInit_DLLs"=0 (0x0)
    .
    [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
    Security PackagesREG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
    @=""
    .
    R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
    R2 gupdate;Service Google Update (gupdate);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-04-26 135664]
    R2 Roxio Upnp Server 10;Roxio Upnp Server 10;c:\program files (x86)\Roxio\Digital Home 10\RoxioUpnpService10.exe [2009-11-25 362992]
    R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe [2012-07-13 160944]
    R3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-09-21 250288]
    R3 btwampfl;Bluetooth AMP USB Filter;c:\windows\system32\drivers\btwampfl.sys [2010-03-17 334888]
    R3 btwl2cap;Bluetooth L2CAP Service;c:\windows\system32\DRIVERS\btwl2cap.sys [2010-03-17 39464]
    R3 ESHASRV;ESET SHA Service;c:\program files\ESET\ESET Endpoint Security\EShaSrv.exe [2012-07-04 190208]
    R3 gupdatem;Service Google Update (gupdatem);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-04-26 135664]
    R3 ivusb;Initio Driver for USB Default Controller;c:\windows\system32\DRIVERS\ivusb.sys [2010-07-28 29720]
    R3 Microsoft SharePoint Workspace Audit Service;Microsoft SharePoint Workspace Audit Service;c:\program files (x86)\Microsoft Office\Office14\GROOVE.EXE [2011-06-12 31125880]
    R3 MozillaMaintenance;Mozilla Maintenance Service;c:\program files (x86)\Mozilla Maintenance Service\maintenanceservice.exe [2012-07-18 113120]
    R3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-09 4925184]
    R3 Roxio UPnP Renderer 10;Roxio UPnP Renderer 10;c:\program files (x86)\Roxio\Digital Home 10\RoxioUPnPRenderer10.exe [2009-11-25 313840]
    R3 SOHCImp;VAIO Media plus Content Importer;c:\program files (x86)\Common Files\Sony Shared\SOHLib\SOHCImp.exe [2010-09-10 108400]
    R3 SOHDms;VAIO Media plus Digital Media Server;c:\program files (x86)\Common Files\Sony Shared\SOHLib\SOHDms.exe [2010-10-12 423280]
    R3 SOHDs;VAIO Media plus Device Searcher;c:\program files (x86)\Common Files\Sony Shared\SOHLib\SOHDs.exe [2010-09-10 67952]
    R3 SpfService;VAIO Entertainment Common Service;c:\program files\Common Files\Sony Shared\VAIO Entertainment Platform\SPF\SpfService64.exe [2011-01-20 286936]
    R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-20 59392]
    R3 VAIO Power Management;VAIO Power Management;c:\program files\Sony\VAIO Power Management\SPMService.exe [2010-01-20 574320]
    R3 VCFw;VAIO Content Folder Watcher;c:\program files (x86)\Common Files\Sony Shared\VAIO Content Folder Watcher\VCFw.exe [2011-01-20 887000]
    R3 VcmIAlzMgr;VAIO Content Metadata Intelligent Analyzing Manager;c:\program files\Sony\VCM Intelligent Analyzing Manager\VcmIAlzMgr.exe [2011-05-19 549616]
    R3 VcmXmlIfHelper;VAIO Content Metadata XML Interface;c:\program files\Common Files\Sony Shared\VcmXml\VcmXmlIfHelper64.exe [2011-02-18 99104]
    R3 WatAdminSvc;Service Windows Activation Technologies;c:\windows\system32\Wat\WatAdminSvc.exe [2010-08-10 1255736]
    R3 WDC_SAM;WD SCSI Pass Thru driver;c:\windows\system32\DRIVERS\wdcsam64.sys [2009-02-13 14464]
    R3 WSDPrintDevice;Prise en charge de l’impression WSD via UMB;c:\windows\system32\DRIVERS\WSDPrint.sys [2009-07-14 23040]
    S0 epfwwfp;epfwwfp;c:\windows\system32\DRIVERS\epfwwfp.sys [2012-03-29 63008]
    S0 PxHlpa64;PxHlpa64;c:\windows\System32\Drivers\PxHlpa64.sys [2009-07-09 55280]
    S0 RapportKE64;RapportKE64;c:\windows\System32\Drivers\RapportKE64.sys [2012-09-07 101688]
    S1 eamonm;eamonm;c:\windows\system32\DRIVERS\eamonm.sys [2012-07-10 213416]
    S1 ehdrv;ehdrv;c:\windows\system32\DRIVERS\ehdrv.sys [2012-03-29 152136]
    S1 EpfwLWF;Epfw NDIS LightWeight Filter;c:\windows\system32\DRIVERS\EpfwLWF.sys [2012-03-29 38288]
    S1 RapportCerberus_42020;RapportCerberus_42020;c:\programdata\Trusteer\Rapport\store\exts\RapportCerberus\baseline\RapportCerberus64_42020.sys [2012-08-20 397720]
    S1 RapportEI64;RapportEI64;c:\program files (x86)\Trusteer\Rapport\bin\x64\RapportEI64.sys [2012-09-07 55096]
    S1 RapportPG64;RapportPG64;c:\program files (x86)\Trusteer\Rapport\bin\x64\RapportPG64.sys [2012-09-07 297240]
    S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [2009-07-14 59904]
    S2 ABBYY.Licensing.PDFTransformer.Classic.3.0;ABBYY PDF Transformer 3.0, Service de Gestion des Licences;c:\program files (x86)\ABBYY PDF Transformer 3.0\NetworkLicenseServer.exe [2010-02-01 759048]
    S2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2012-07-27 63960]
    S2 ekrn;ESET Service;c:\program files\ESET\ESET Endpoint Security\x86\ekrn.exe [2012-07-04 999704]
    S2 LMIGuardianSvc;LMIGuardianSvc;c:\program files (x86)\LogMeIn\x64\LMIGuardianSvc.exe [2012-07-12 375208]
    S2 LMIInfo;LogMeIn Kernel Information Provider;c:\program files (x86)\LogMeIn\x64\RaInfo.sys [2010-01-27 15928]
    S2 PMBDeviceInfoProvider;PMBDeviceInfoProvider;c:\program files (x86)\Sony\PMB\PMBDeviceInfoProvider.exe [2009-10-24 360224]
    S2 postgresql-8.4;postgresql-8.4 - PostgreSQL Server 8.4;C:/Program Files (x86)/PostgreSQL/8.4/bin/pg_ctl.exe runservice -N postgresql-8.4 -D C:/Program Files (x86)/PostgreSQL/8.4/data -w [x]
    S2 RapportMgmtService;Rapport Management Service;c:\program files (x86)\Trusteer\Rapport\bin\RapportMgmtService.exe [2012-09-07 976728]
    S2 rimspci;rimspci;c:\windows\system32\drivers\rimssne64.sys [2010-03-19 93184]
    S2 risdsnpe;risdsnpe;c:\windows\system32\drivers\risdsne64.sys [2010-03-19 77312]
    S2 SampleCollector;VAIO Care Performance Service;c:\program files\Sony\VAIO Care\VCPerfService.exe [2011-01-29 259192]
    S2 uCamMonitor;CamMonitor;c:\program files (x86)\ArcSoft\Magic-I Visual Effects 2\uCamMonitor.exe [2008-09-18 104960]
    S2 VcmINSMgr;VAIO Content Metadata Intelligent Network Service Manager;c:\program files\Sony\VCM Intelligent Network Service Manager\VcmINSMgr.exe [2010-02-19 386416]
    S2 VSNService;VSNService;c:\program files\Sony\VAIO Smart Network\VSNService.exe [2010-03-08 822784]
    S3 ArcSoftKsUFilter;ArcSoft Magic-I Visual Effect;c:\windows\system32\DRIVERS\ArcSoftKsUFilter.sys [2009-05-26 19968]
    S3 e1yexpress;Intel(R) Gigabit Network Connections Driver;c:\windows\system32\DRIVERS\e1y62x64.sys [2009-10-20 287960]
    S3 HECIx64;Intel(R) Management Engine Interface;c:\windows\system32\drivers\HECIx64.sys [2009-10-20 56344]
    S3 hidkmdf;Microsoft HID Class Shim for KMDF;c:\windows\system32\drivers\hidkmdf.sys [2010-03-01 14328]
    S3 NW1950;NextWindow 1950 Touch Screen;c:\windows\system32\drivers\NW1950.sys [2010-03-01 26104]
    S3 SFEP;Sony Firmware Extension Parser;c:\windows\system32\drivers\SFEP.sys [2010-02-11 12032]
    S3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys [2012-07-09 52736]
    S3 VUAgent;VUAgent;c:\program files\Sony\VAIO Update Common\VUAgent.exe [2012-01-13 1256040]
    .
    .
    Contenu du dossier 'Tâches planifiées'
    .
    2012-10-02 c:\windows\Tasks\Adobe Flash Player Updater.job
    - c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-04 15:04]
    .
    2012-10-02 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
    - c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-04-26 04:23]
    .
    2012-10-02 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
    - c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-04-26 04:23]
    .
    2012-10-01 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1990744735-274163681-257148038-1115Core.job
    - c:\users\e.frot\AppData\Local\Google\Update\GoogleUpdate.exe [2011-10-05 15:48]
    .
    2012-10-02 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1990744735-274163681-257148038-1115UA.job
    - c:\users\e.frot\AppData\Local\Google\Update\GoogleUpdate.exe [2011-10-05 15:48]
    .
    2012-10-01 c:\windows\Tasks\ReclaimerUpdateFiles_e.frot.job
    - c:\users\e.frot\AppData\Roaming\Real\Update\UpgradeHelper\RealPlayer\10.20\agent\rnupgagent.exe [2012-09-27 09:16]
    .
    2012-10-01 c:\windows\Tasks\ReclaimerUpdateXML_e.frot.job
    - c:\users\e.frot\AppData\Roaming\Real\Update\UpgradeHelper\RealPlayer\10.20\agent\rnupgagent.exe [2012-09-27 09:16]
    .
    2012-10-02 c:\windows\Tasks\RNUpgradeHelperLogonPrompt_e.frot.job
    - c:\users\e.frot\AppData\Roaming\Real\Update\UpgradeHelper\RealPlayer\10.20\agent\rnupgagent.exe [2012-09-27 09:16]
    .
    .
    --------- X64 Entries -----------
    .
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\1TortoiseNormal]
    @="{C5994560-53D9-4125-87C9-F193FC689CB2}"
    [HKEY_CLASSES_ROOT\CLSID\{C5994560-53D9-4125-87C9-F193FC689CB2}]
    2011-06-13 09:2075544----a-w-c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\2TortoiseModified]
    @="{C5994561-53D9-4125-87C9-F193FC689CB2}"
    [HKEY_CLASSES_ROOT\CLSID\{C5994561-53D9-4125-87C9-F193FC689CB2}]
    2011-06-13 09:2075544----a-w-c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\3TortoiseConflict]
    @="{C5994562-53D9-4125-87C9-F193FC689CB2}"
    [HKEY_CLASSES_ROOT\CLSID\{C5994562-53D9-4125-87C9-F193FC689CB2}]
    2011-06-13 09:2075544----a-w-c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\4TortoiseLocked]
    @="{C5994563-53D9-4125-87C9-F193FC689CB2}"
    [HKEY_CLASSES_ROOT\CLSID\{C5994563-53D9-4125-87C9-F193FC689CB2}]
    2011-06-13 09:2075544----a-w-c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\5TortoiseReadOnly]
    @="{C5994564-53D9-4125-87C9-F193FC689CB2}"
    [HKEY_CLASSES_ROOT\CLSID\{C5994564-53D9-4125-87C9-F193FC689CB2}]
    2011-06-13 09:2075544----a-w-c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\6TortoiseDeleted]
    @="{C5994565-53D9-4125-87C9-F193FC689CB2}"
    [HKEY_CLASSES_ROOT\CLSID\{C5994565-53D9-4125-87C9-F193FC689CB2}]
    2011-06-13 09:2075544----a-w-c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\7TortoiseAdded]
    @="{C5994566-53D9-4125-87C9-F193FC689CB2}"
    [HKEY_CLASSES_ROOT\CLSID\{C5994566-53D9-4125-87C9-F193FC689CB2}]
    2011-06-13 09:2075544----a-w-c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\8TortoiseIgnored]
    @="{C5994567-53D9-4125-87C9-F193FC689CB2}"
    [HKEY_CLASSES_ROOT\CLSID\{C5994567-53D9-4125-87C9-F193FC689CB2}]
    2011-06-13 09:2075544----a-w-c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\9TortoiseUnversioned]
    @="{C5994568-53D9-4125-87C9-F193FC689CB2}"
    [HKEY_CLASSES_ROOT\CLSID\{C5994568-53D9-4125-87C9-F193FC689CB2}]
    2011-06-13 09:2075544----a-w-c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
    @="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
    [HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
    2012-06-30 04:1997792----a-w-c:\users\e.frot\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
    @="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
    [HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
    2012-06-30 04:1997792----a-w-c:\users\e.frot\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
    @="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
    [HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
    2012-06-30 04:1997792----a-w-c:\users\e.frot\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4]
    @="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"
    [HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]
    2012-06-30 04:1997792----a-w-c:\users\e.frot\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2010-03-15 16397416]
    "RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2010-02-05 9645088]
    "LogMeIn GUI"="c:\program files (x86)\LogMeIn\x64\LogMeInSystray.exe" [2010-01-27 57928]
    "TortoiseHgOverlayIconServer"="c:\program files\TortoiseHg\TortoiseHgOverlayServer.exe" [2012-03-03 47616]
    "egui"="c:\program files\ESET\ESET Endpoint Security\egui.exe" [2012-07-04 4133072]
    .
    ------- Examen supplémentaire -------
    .
    uLocal Page = c:\windows\system32\blank.htm
    uStart Page = hxxp://isearch.babylon.com/?affID=115131&tt=3812_3&babsrc=HP_iclro&mntrId=9892785f00000000000054424914e0eb
    mLocal Page = c:\windows\SysWOW64\blank.htm
    uInternet Settings,ProxyOverride = *.local
    IE: &Envoyer à OneNote - c:\progra~2\MICROS~1\Office14\ONBttnIE.dll/105
    IE: Add to Evernote 4.0 - c:\program files (x86)\Evernote\Evernote\EvernoteIE.dll/204
    IE: Download with &Media Finder - c:\program files (x86)\Media Finder\hook.html
    IE: E&xporter vers Microsoft Excel - c:\progra~2\MICROS~1\Office14\EXCEL.EXE/3000
    TCP: Interfaces\{8D9D241B-8423-47AA-84D7-20EDAD500683}: NameServer = 192.168.0.10
    FF - ProfilePath - c:\users\e.frot\AppData\Roaming\Mozilla\Firefox\Profiles\cp0s9d0r.default\
    FF - prefs.js: browser.startup.homepage - hxxp://isearch.babylon.com/?affID=115131&tt=3812_3&babsrc=HP_iclro&mntrId=9892785f00000000000054424914e0eb
    FF - prefs.js: keyword.URL - hxxp://isearch.babylon.com/?affID=115131&tt=3812_3&babsrc=KW_iclro&mntrId=9892785f00000000000054424914e0eb&q=
    FF - prefs.js: browser.search.selectedEngine - iSearch
    FF - user.js: extensions.BabylonToolbar.autoRvrt - false
    FF - user.js: extensions.BabylonToolbar_i.newTab - false
    FF - user.js: extensions.BabylonToolbar.tlbrSrchUrl - hxxp://search.babylon.com/?babsrc=TB_def&mntrId=9892785f00000000000054424914e0eb&q=
    FF - user.js: extensions.BabylonToolbar.id - 9892785f00000000000054424914e0eb
    FF - user.js: extensions.BabylonToolbar.appId - {BDB69379-802F-4eaf-B541-F8DE92DD98DB}
    FF - user.js: extensions.BabylonToolbar.instlDay - 15603
    FF - user.js: extensions.BabylonToolbar.vrsn - 1.6.9.12
    FF - user.js: extensions.BabylonToolbar.vrsni - 1.6.9.12
    FF - user.js: extensions.BabylonToolbar_i.vrsnTs - 1.6.9.1213:08
    FF - user.js: extensions.BabylonToolbar.prtnrId - babylon
    FF - user.js: extensions.BabylonToolbar.prdct - BabylonToolbar
    FF - user.js: extensions.BabylonToolbar.aflt - babsst
    FF - user.js: extensions.BabylonToolbar_i.smplGrp - none
    FF - user.js: extensions.BabylonToolbar.tlbrId - iclaro
    FF - user.js: extensions.BabylonToolbar.instlRef - sst
    FF - user.js: extensions.BabylonToolbar.dfltLng - en
    FF - user.js: extensions.BabylonToolbar.excTlbr - false
    FF - user.js: extensions.BabylonToolbar.admin - false
    FF - user.js: extensions.BabylonToolbar_i.babTrack - affID=115131&tt=3812_3
    FF - user.js: extensions.BabylonToolbar_i.babExt -
    FF - user.js: extensions.BabylonToolbar_i.srcExt - iclro
    .
    - - - - ORPHELINS SUPPRIMES - - - -
    .
    Wow6432Node-HKCU-Run-Media Finder - c:\program files (x86)\Media Finder\Media Finder.exe
    .
    .
    .
    [HKEY_LOCAL_MACHINE\system\ControlSet001\services\postgresql-8.4]
    "ImagePath"="C:/Program Files (x86)/PostgreSQL/8.4/bin/pg_ctl.exe runservice -N \"postgresql-8.4\" -D \"C:/Program Files (x86)/PostgreSQL/8.4/data\" -w"
    --
    .
    [HKEY_LOCAL_MACHINE\system\ControlSet001\services\SampleCollector]
    "ImagePath"="\"c:\program files\Sony\VAIO Care\VCPerfService.exe\" \"/service\" \"/sstates\" \"/sampleinterval=5000\" \"/procinterval=5\" \"/dllinterval=120\" \"/counter=\Processor(_Total)\% Processor Time:1/counter=\PhysicalDisk(_Total)\Disk Bytes/sec:1\" \"/counter=\Network Interface(*)\Bytes Total/sec:1\" \"/expandcounter=\Processor Information(*)\Processor Frequency:1\" \"/expandcounter=\Processor(*)\% Idle Time:1\" \"/expandcounter=\Processor(*)\% C1 Time:1\" \"/expandcounter=\Processor(*)\% C2 Time:1\" \"/expandcounter=\Processor(*)\% C3 Time:1\" \"/expandcounter=\Processor(*)\% Processor Time:1\" \"/directory=c:\programdata\Sony Corporation\VAIO Care\inteldata\""
    .
    [HKEY_LOCAL_MACHINE\system\ControlSet001\services\MySQL]
    "ImagePath"="\"c:\program files\MySQL\MySQL Server 5.5\bin\mysqld\" --defaults-file=\"c:\program files\MySQL\MySQL Server 5.5\my.ini\" MySQL"
    .
    [HKEY_LOCAL_MACHINE\system\ControlSet001\services\postgresql-8.4]
    "ImagePath"="C:/Program Files (x86)/PostgreSQL/8.4/bin/pg_ctl.exe runservice -N \"postgresql-8.4\" -D \"C:/Program Files (x86)/PostgreSQL/8.4/data\" -w"
    .
    --------------------- CLES DE REGISTRE BLOQUEES ---------------------
    .
    [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
    @Denied: (A 2) (Everyone)
    @="FlashBroker"
    "LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_4_402_278_ActiveX.exe,-101"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
    "Enabled"=dword:00000001
    .
    [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
    @="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_4_402_278_ActiveX.exe"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
    @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
    @Denied: (A 2) (Everyone)
    @="IFlashBroker5"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
    @="{00020424-0000-0000-C000-000000000046}"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
    @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
    "Version"="1.0"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
    @Denied: (A 2) (Everyone)
    @="FlashBroker"
    "LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_4_402_278_ActiveX.exe,-101"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
    "Enabled"=dword:00000001
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
    @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_4_402_278_ActiveX.exe"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
    @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
    @Denied: (A 2) (Everyone)
    @="Shockwave Flash Object"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
    @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_4_402_278.ocx"
    "ThreadingModel"="Apartment"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
    @="0"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
    @="ShockwaveFlash.ShockwaveFlash.11"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
    @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_4_402_278.ocx, 1"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
    @="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
    @="1.0"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
    @="ShockwaveFlash.ShockwaveFlash"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
    @Denied: (A 2) (Everyone)
    @="Macromedia Flash Factory Object"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
    @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_4_402_278.ocx"
    "ThreadingModel"="Apartment"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
    @="FlashFactory.FlashFactory.1"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
    @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_4_402_278.ocx, 1"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
    @="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
    @="1.0"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
    @="FlashFactory.FlashFactory"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
    @Denied: (A 2) (Everyone)
    @="IFlashBroker5"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
    @="{00020424-0000-0000-C000-000000000046}"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
    @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
    "Version"="1.0"
    .
    [HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Office\Common\Smart Tag\Actions\{B7EFF951-E52F-45CC-9EF7-57124F2177CC}]
    @Denied: (A) (Everyone)
    "Solution"="{15727DE6-F92D-4E46-ACB4-0E2C58B31A18}"
    .
    [HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Schema Library\ActionsPane3]
    @Denied: (A) (Everyone)
    .
    [HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Schema Library\ActionsPane3\0]
    "Key"="ActionsPane3"
    "Location"="c:\\Program Files (x86)\\Common Files\\Microsoft Shared\\VSTO\\ActionsPane3.xsd"
    .
    [HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]
    @Denied: (Full) (Everyone)
    .
    [HKEY_LOCAL_MACHINE\system\ControlSet001\services\TrustedInstaller\Security]
    @DACL=(02 0000)
    @SACL=
    "Security"=hex:01,00,14,80,90,00,00,00,a0,00,00,00,14,00,00,00,34,00,00,00,02,
    00,20,00,01,00,00,00,02,c0,18,00,00,00,0c,00,01,02,00,00,00,00,00,05,20,00,\
    .
    ------------------------ Autres processus actifs ------------------------
    .
    c:\program files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
    c:\program files (x86)\PostgreSQL\8.4\bin\pg_ctl.exe
    c:\program files (x86)\PostgreSQL\8.4\bin\postgres.exe
    c:\program files (x86)\Sony\VAIO Event Service\VESMgr.exe
    c:\program files (x86)\PostgreSQL\8.4\bin\postgres.exe
    c:\windows\SysWOW64\DllHost.exe
    c:\program files (x86)\Sony\VAIO Event Service\VESMgrSub.exe
    c:\program files (x86)\PostgreSQL\8.4\bin\postgres.exe
    c:\program files (x86)\PostgreSQL\8.4\bin\postgres.exe
    c:\program files (x86)\PostgreSQL\8.4\bin\postgres.exe
    c:\program files (x86)\PostgreSQL\8.4\bin\postgres.exe
    c:\program files (x86)\Common Files\Microsoft Shared\Ink\TabTip32.exe
    c:\program files (x86)\Trusteer\Rapport\bin\RapportService.exe
    c:\program files\Sony\VAIO Care\listener.exe
    .
    **************************************************************************
    .
    Heure de fin: 2012-10-02 11:20:23 - La machine a redémarré
    ComboFix-quarantined-files.txt 2012-10-02 09:20
    ComboFix2.txt 2012-09-27 14:31
    .
    Avant-CF: 840 276 398 080 octets libres
    Après-CF: 839 836 389 376 octets libres
    .
    - - End Of File - - 12B2A70C2B7CACB686384B725CEE3E64
     
  18. Jay Pfoutz

    Jay Pfoutz Malware Helper Posts: 4,286   +49

    It's important that AdwCleaner works...please try again in Safe Mode.
     
  19. Aerbach

    Aerbach TS Rookie Topic Starter Posts: 18

    It worked in Safe Mode.

    # AdwCleaner v2.003 - Rapport créé le 02/10/2012 à 18:46:35
    # Mis à jour le 23/09/2012 par Xplode
    # Système d'exploitation : Windows 7 Professional Service Pack 1 (64 bits)
    # Mode de démarrage : Mode sans échec
    # Exécuté depuis : C:\Users\e.frot\Desktop\adwcleaner.exe
    # Option [Suppression]


    ***** [Services] *****


    ***** [Fichiers / Dossiers] *****

    Fichier Supprimé : C:\user.js

    ***** [Registre] *****


    ***** [Navigateurs] *****

    -\\ Internet Explorer v9.0.8112.16421


    -\\ Mozilla Firefox v14.0.1 (fr)

    Nom du profil : default
    Fichier : C:\Users\e.frot\AppData\Roaming\Mozilla\Firefox\Profiles\cp0s9d0r.default\prefs.js

    [OK] Le fichier ne contient aucune entrée illégitime.

    -\\ Google Chrome v22.0.1229.79

    Fichier : C:\Users\m.stryszowska\AppData\Local\Google\Chrome\User Data\Default\Preferences

    [OK] Le fichier ne contient aucune entrée illégitime.

    Fichier : C:\Users\e.frot\AppData\Local\Google\Chrome\User Data\Default\Preferences

    [OK] Le fichier ne contient aucune entrée illégitime.

    -\\ Opera v11.1.1190.0

    Fichier : C:\Users\m.stryszowska\AppData\Roaming\Opera\Opera\operaprefs.ini

    [OK] Le fichier ne contient aucune entrée illégitime.

    Fichier : C:\Users\e.frot\AppData\Roaming\Opera\Opera\operaprefs.ini

    [OK] Le fichier ne contient aucune entrée illégitime.

    Fichier : C:\Users\Emmanuel Frot\AppData\Roaming\Opera\Opera\operaprefs.ini

    [OK] Le fichier ne contient aucune entrée illégitime.

    *************************

    AdwCleaner[S5].txt - [1542 octets] - [02/10/2012 18:46:35]

    ########## EOF - C:\AdwCleaner[S5].txt - [1602 octets] ##########
     
  20. Jay Pfoutz

    Jay Pfoutz Malware Helper Posts: 4,286   +49

    Please open OTL, click the Quick Scan button, and post log(s) in next reply.
     
  21. Aerbach

    Aerbach TS Rookie Topic Starter Posts: 18

    The log is attached;
     

    Attached Files:

    • OTL.Txt
      File size:
      123 KB
      Views:
      1
  22. Jay Pfoutz

    Jay Pfoutz Malware Helper Posts: 4,286   +49

    Please open OTL, copy the content below in the box and paste it to the Custom Scans/Fixes box in OTL:

    Then, hit Run Fix. When the fix log launches, please post that in your next reply.
     
  23. Aerbach

    Aerbach TS Rookie Topic Starter Posts: 18

    ========== OTL ==========
    64bit-Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{381FFDE8-2394-4F90-B10D-FC6124A40F8C} deleted successfully.
    64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{381FFDE8-2394-4F90-B10D-FC6124A40F8C}\ not found.
    Starting removal of ActiveX control {8AD9C840-044E-11D1-B3E9-00805F499D93}
    64bit-Registry delete failed. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{8AD9C840-044E-11D1-B3E9-00805F499D93}\ scheduled to be deleted on reboot.
    Unable to delete 64bit registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8AD9C840-044E-11D1-B3E9-00805F499D93}\ .
    64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{8AD9C840-044E-11D1-B3E9-00805F499D93}\ not found.
    Unable to delete 64bit registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8AD9C840-044E-11D1-B3E9-00805F499D93}\ .
    Registry key HKEY_USERS\S-1-5-21-3271330585-619059924-3069627241-1001\SOFTWARE\Classes\CLSID\{8AD9C840-044E-11D1-B3E9-00805F499D93}\ deleted successfully.
    Starting removal of ActiveX control {CAFEEFAC-0016-0000-0018-ABCDEFFEDCBA}
    64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{CAFEEFAC-0016-0000-0018-ABCDEFFEDCBA}\ not found.
    64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0018-ABCDEFFEDCBA}\ not found.
    64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{CAFEEFAC-0016-0000-0018-ABCDEFFEDCBA}\ not found.
    64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0018-ABCDEFFEDCBA}\ not found.
    Starting removal of ActiveX control {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}
    64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}\ not found.
    64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}\ not found.
    64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}\ not found.
    64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}\ not found.
    Starting removal of ActiveX control {8AD9C840-044E-11D1-B3E9-00805F499D93}
    Registry delete failed. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{8AD9C840-044E-11D1-B3E9-00805F499D93}\ scheduled to be deleted on reboot.
    Unable to delete registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8AD9C840-044E-11D1-B3E9-00805F499D93}\ .
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{8AD9C840-044E-11D1-B3E9-00805F499D93}\ not found.
    Unable to delete registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8AD9C840-044E-11D1-B3E9-00805F499D93}\ .
    Starting removal of ActiveX control {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA}
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA}\ not found.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA}\ not found.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA}\ not found.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA}\ not found.
    Starting removal of ActiveX control {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}\ not found.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}\ not found.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}\ not found.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}\ not found.
    ========== FILES ==========
    C:\Windows\Installer\{d96ce672-8178-7d6b-c681-96dfb17650d5}\U folder moved successfully.
    C:\Windows\Installer\{d96ce672-8178-7d6b-c681-96dfb17650d5}\L folder moved successfully.
    C:\Windows\Installer\{d96ce672-8178-7d6b-c681-96dfb17650d5} folder moved successfully.
    C:\Windows\assembly\Desktop.ini moved successfully.

    OTL by OldTimer - Version 3.2.70.1 log created on 10032012_112132

    Files\Folders moved on Reboot...

    PendingFileRenameOperations files...

    Registry entries deleted on Reboot...
    64bit-Registry delete failed. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{8AD9C840-044E-11D1-B3E9-00805F499D93}\ scheduled to be deleted on reboot.
    Unable to delete 64bit registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8AD9C840-044E-11D1-B3E9-00805F499D93}\ .
    Registry delete failed. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{8AD9C840-044E-11D1-B3E9-00805F499D93}\ scheduled to be deleted on reboot.
    Unable to delete registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8AD9C840-044E-11D1-B3E9-00805F499D93}\ .
     
  24. Aerbach

    Aerbach TS Rookie Topic Starter Posts: 18

    MMhhh... bad news. I cannot start Microsoft Office any more. When I start my computer, Windows launches the installer but then it fails, like if it was trying to reinstall Office but could not find all the components it needs. Any suggestion?
     
  25. Aerbach

    Aerbach TS Rookie Topic Starter Posts: 18

    Let me be more precise: if I open any Office application, the installer launches and fails. If I open Explorer, the control panel, or tries to open a folder, Windows displays an error.
     


Add New Comment

TechSpot Members
Login or sign up for free,
it takes about 30 seconds.
You may also...


Get complete access to the TechSpot community. Join thousands of technology enthusiasts that contribute and share knowledge in our forum. Get a private inbox, upload your own photo gallery and more.