Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

Slow windows start for 5 minutes [Solved]


  • This topic is locked This topic is locked

#1
Lusky

Lusky

    Member

  • Member
  • PipPip
  • 17 posts
Hi,

windows is slowed for 5 minutes after boot, exactly there are small 1 second freeze every 3 seconds, the mouse is stopped during that second, even the windows start sound is slowed, programs take more time to start during that time.
The screens before the desktop (welcome...) seems slower than usual.
During the 5 minutes, no process is using the cpu, only known process taking cpu while starting.
After the 5 minutes, everything is running fine, no slowdown at all.

I have used other tool removal like adwcleaner, malwarebytes, combofix and avast without any success.

Thanks by advance




OTL logfile created on: 20/10/2013 11:39:51 - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = H:\d
Ultimate Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7601.17514)
Locale: 0000040c | Country: France | Language: FRA | Date Format: dd/MM/yyyy

2,00 Gb Total Physical Memory | 1,45 Gb Available Physical Memory | 72,74% Memory free
4,00 Gb Paging File | 3,07 Gb Available in Paging File | 76,82% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 200,00 Gb Total Space | 115,12 Gb Free Space | 57,56% Space Free | Partition Type: NTFS
Drive E: | 465,76 Gb Total Space | 21,67 Gb Free Space | 4,65% Space Free | Partition Type: NTFS
Drive H: | 1663,02 Gb Total Space | 184,49 Gb Free Space | 11,09% Space Free | Partition Type: NTFS

Computer Name: LUSKY-PC | User Name: Lusky | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2013/10/20 11:21:41 | 000,602,112 | ---- | M] (OldTimer Tools) -- H:\d\OTL.exe
PRC - [2013/09/11 19:56:12 | 000,829,524 | ---- | M] ( ) -- H:\Program Files\Miranda IM Fr\miranda32.exe
PRC - [2013/05/02 01:33:29 | 004,858,456 | ---- | M] (AVAST Software) -- C:\Program Files\AVAST Software\Avast\AvastUI.exe
PRC - [2013/05/02 01:33:29 | 000,046,808 | ---- | M] (AVAST Software) -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe
PRC - [2012/11/23 04:48:41 | 000,049,152 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\taskhost.exe
PRC - [2011/10/12 22:10:00 | 000,397,312 | ---- | M] (AMD) -- C:\Windows\System32\atieclxx.exe
PRC - [2011/10/12 22:09:32 | 000,176,128 | ---- | M] (AMD) -- C:\Windows\System32\atiesrxx.exe
PRC - [2011/10/12 16:18:28 | 000,291,840 | ---- | M] (Advanced Micro Devices, Inc.) -- C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe
PRC - [2011/05/26 05:31:41 | 002,616,320 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe


========== Modules (No Company Name) ==========

MOD - [2013/10/11 08:37:40 | 011,914,752 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Web\6ebbfafc5521934f7e1c154937a2788b\System.Web.ni.dll
MOD - [2013/10/11 08:37:32 | 000,771,584 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\d473c19e69818875b9c739cad8f386a5\System.Runtime.Remoting.ni.dll
MOD - [2013/09/15 22:21:47 | 000,240,128 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\WindowsFormsIntegra#\03dc83fbe48384390aed7a455e949789\WindowsFormsIntegration.ni.dll
MOD - [2013/09/15 22:19:38 | 002,297,856 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Core\9e38ddbb3a90cc3e782a0640788b1fcb\System.Core.ni.dll
MOD - [2013/09/15 22:15:13 | 014,340,096 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\930e99b2f62cea8c4aa070527d15f748\PresentationFramework.ni.dll
MOD - [2013/09/15 22:12:42 | 012,436,480 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\28ea347a952d20959ac6ae02d7457d39\System.Windows.Forms.ni.dll
MOD - [2013/09/15 22:12:31 | 001,593,344 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\5aa44bce7933e4de09d935848f868a4b\System.Drawing.ni.dll
MOD - [2013/09/15 22:12:27 | 012,238,336 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\PresentationCore\585b8f6cc7ba86886462d0dc9753c98f\PresentationCore.ni.dll
MOD - [2013/09/15 22:12:12 | 003,348,480 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\WindowsBase\1f6f220f9efe936d1158c79b9d4b451f\WindowsBase.ni.dll
MOD - [2013/09/15 22:12:04 | 005,464,064 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\09db78d6068543df01862a023aca785a\System.Xml.ni.dll
MOD - [2013/09/15 22:11:59 | 000,978,432 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\8f7d83126a3cf283e5ac97f2d6d99f12\System.Configuration.ni.dll
MOD - [2013/09/15 22:11:52 | 007,989,760 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System\5d22a30e587e2cac106b81fb351e7c08\System.ni.dll
MOD - [2013/09/11 19:55:44 | 000,057,432 | ---- | M] () -- H:\Program Files\Miranda IM Fr\zlib.dll
MOD - [2013/09/11 19:55:14 | 000,036,961 | ---- | M] () -- H:\Program Files\Miranda IM Fr\Plugins\dbx_mmap.dll
MOD - [2013/08/23 12:14:20 | 000,368,128 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\a2920ed81e097f8551231a9350697bbd\PresentationFramework.Aero.ni.dll
MOD - [2013/08/23 12:12:35 | 000,060,928 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\UIAutomationProvider\8f4a3d09bd38a742ccfe4a20a126fff5\UIAutomationProvider.ni.dll
MOD - [2013/08/23 12:11:32 | 011,499,520 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\9a6c1b7af18b4d5a91dc7f8d6617522f\mscorlib.ni.dll
MOD - [2013/08/07 21:25:24 | 000,093,696 | ---- | M] () -- C:\Program Files\FileZilla FTP Client\fzshellext.dll
MOD - [2012/05/24 21:20:54 | 000,110,592 | ---- | M] () -- H:\Program Files\Miranda IM Fr\Plugins\folders.dll
MOD - [2011/10/12 16:23:40 | 000,369,152 | ---- | M] () -- C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLI.Aspect.CrossDisplay.Graphics.Dashboard.dll
MOD - [2011/10/12 16:18:34 | 000,095,232 | ---- | M] () -- C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Proxy.Native.dll
MOD - [2011/09/08 23:47:50 | 000,094,315 | ---- | M] () -- H:\Program Files\Miranda IM Fr\Plugins\StartupStatus.dll
MOD - [2011/05/26 05:27:17 | 000,311,296 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_fr_b77a5c561934e089\mscorlib.resources.dll
MOD - [2011/05/26 05:25:26 | 000,212,992 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\System.resources\2.0.0.0_fr_b77a5c561934e089\System.resources.dll
MOD - [2011/05/15 18:37:04 | 000,555,520 | ---- | M] () -- H:\Program Files\Miranda IM Fr\Plugins\spellcheckerW.dll
MOD - [2011/03/19 23:31:02 | 000,099,328 | ---- | M] () -- H:\Program Files\Miranda IM Fr\Plugins\updater.dll
MOD - [2011/02/09 22:56:56 | 000,082,021 | ---- | M] () -- H:\Program Files\Miranda IM Fr\Plugins\KeepStatus.dll
MOD - [2008/02/13 19:20:20 | 000,056,832 | ---- | M] () -- H:\Program Files\Miranda IM Fr\Plugins\keyboardnotify.dll
MOD - [2007/07/20 15:37:56 | 000,129,536 | ---- | M] () -- H:\Program Files\Miranda IM Fr\Plugins\MetaContacts.dll
MOD - [2006/07/21 19:09:54 | 000,692,224 | ---- | M] () -- H:\Program Files\Miranda IM Fr\Plugins\fingerprint.dll
MOD - [2006/05/29 14:14:04 | 000,024,576 | ---- | M] () -- H:\Program Files\Miranda IM Fr\Plugins\PackFr.dll
MOD - [2006/05/21 19:02:34 | 000,037,888 | ---- | M] () -- H:\Program Files\Miranda IM Fr\Plugins\mToolTip.dll
MOD - [2005/12/09 15:06:26 | 000,053,248 | ---- | M] () -- H:\Program Files\Miranda IM Fr\Plugins\mtextcontrol.dll
MOD - [2005/07/13 21:55:54 | 000,042,496 | ---- | M] () -- H:\Program Files\Miranda IM Fr\Plugins\NewStatusNotify.dll
MOD - [2004/12/16 21:03:44 | 000,098,304 | ---- | M] () -- H:\Program Files\Miranda IM Fr\Plugins\YAMN.dll
MOD - [2004/10/07 09:40:24 | 000,069,632 | ---- | M] () -- H:\Program Files\Miranda IM Fr\Plugins\FullScreenDetectorMirandaPlugin.dll
MOD - [2004/09/21 22:50:00 | 000,004,608 | ---- | M] () -- H:\Program Files\Miranda IM Fr\Plugins\YAMN\simple.dll
MOD - [2004/07/16 20:29:00 | 000,037,888 | ---- | M] () -- H:\Program Files\Miranda IM Fr\Plugins\PNGImg.dll
MOD - [2002/06/21 05:01:58 | 000,155,648 | ---- | M] () -- H:\Program Files\Miranda IM Fr\ssleay32.dll
MOD - [2002/06/21 05:01:32 | 000,659,456 | ---- | M] () -- H:\Program Files\Miranda IM Fr\libeay32.dll


========== Services (SafeList) ==========

SRV - [2013/10/09 04:19:14 | 000,565,672 | ---- | M] (Valve Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\Steam\SteamService.exe -- (Steam Client Service)
SRV - [2013/05/27 06:57:27 | 000,680,960 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\mpsvc.dll -- (WinDefend)
SRV - [2013/05/02 01:33:29 | 000,046,808 | ---- | M] (AVAST Software) [Auto | Running] -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe -- (avast! Antivirus)
SRV - [2011/10/12 22:09:32 | 000,176,128 | ---- | M] (AMD) [Auto | Running] -- C:\Windows\System32\atiesrxx.exe -- (AMD External Events Utility)
SRV - [2011/10/12 16:18:28 | 000,291,840 | ---- | M] (Advanced Micro Devices, Inc.) [Auto | Running] -- C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe -- (AMD FUEL Service)
SRV - [2009/07/14 03:16:13 | 000,025,088 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\sensrsvc.dll -- (SensrSvc)
SRV - [2009/07/14 03:16:12 | 001,004,544 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\PeerDistSvc.dll -- (PeerDistSvc)


========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Windows\system32\XDva401.sys -- (XDva401)
DRV - File not found [Kernel | On_Demand | Stopped] -- System32\drivers\rdvgkmd.sys -- (VGPU)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Windows\system32\Drivers\PROCEXP151.SYS -- (PROCEXP151)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Users\Lusky\AppData\Local\Temp\catchme.sys -- (catchme)
DRV - File not found [Kernel | On_Demand | Unknown] -- -- (au169y0u)
DRV - [2013/07/04 16:38:20 | 000,188,176 | ---- | M] (Oracle Corporation) [Kernel | System | Running] -- C:\Windows\System32\drivers\VBoxDrv.sys -- (VBoxDrv)
DRV - [2013/06/17 22:37:07 | 000,013,232 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\System32\apf003.sys -- (apf003)
DRV - [2013/06/17 14:12:32 | 000,691,696 | ---- | M] () [Kernel | Boot | Running] -- C:\Windows\System32\drivers\sptd.sys -- (sptd)
DRV - [2013/05/02 16:52:41 | 000,174,664 | ---- | M] () [Kernel | Boot | Running] -- C:\Windows\System32\drivers\aswVmm.sys -- (aswVmm)
DRV - [2013/05/02 01:34:09 | 000,765,736 | ---- | M] (AVAST Software) [File_System | System | Running] -- C:\Windows\System32\drivers\aswSnx.sys -- (aswSnx)
DRV - [2013/05/02 01:34:09 | 000,368,944 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\System32\drivers\aswSP.sys -- (aswSP)
DRV - [2013/05/02 01:34:09 | 000,061,680 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\System32\drivers\aswRdr2.sys -- (aswRdr)
DRV - [2013/05/02 01:34:09 | 000,056,080 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\System32\drivers\aswTdi.sys -- (aswTdi)
DRV - [2013/05/02 01:34:09 | 000,049,376 | ---- | M] () [Kernel | Boot | Running] -- C:\Windows\System32\drivers\aswRvrt.sys -- (aswRvrt)
DRV - [2013/05/02 01:34:08 | 000,066,336 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\Windows\System32\drivers\aswMonFlt.sys -- (aswMonFlt)
DRV - [2013/05/02 01:34:07 | 000,029,816 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\Windows\System32\drivers\aswFsBlk.sys -- (aswFsBlk)
DRV - [2013/01/30 13:11:50 | 000,295,936 | ---- | M] (EldoS Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\sscbfs3.sys -- (SSCBFS3)
DRV - [2011/10/12 22:55:06 | 008,598,528 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\atikmdag.sys -- (amdkmdag)
DRV - [2011/10/12 21:30:18 | 000,257,024 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\atikmpag.sys -- (amdkmdap)
DRV - [2011/06/07 00:06:54 | 000,211,984 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\AtihdW73.sys -- (AtiHDAudioService)
DRV - [2010/11/20 23:29:34 | 000,015,872 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\rdpvideominiport.sys -- (RdpVideoMiniport)
DRV - [2010/11/20 23:29:24 | 000,052,224 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV - [2010/11/20 23:29:03 | 000,175,360 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\vmbus.sys -- (vmbus)
DRV - [2010/11/20 23:29:03 | 000,112,640 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\tsusbhub.sys -- (tsusbhub)
DRV - [2010/11/20 23:29:03 | 000,077,184 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\Synth3dVsc.sys -- (Synth3dVsc)
DRV - [2010/11/20 23:29:03 | 000,062,464 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\dmvsc.sys -- (dmvsc)
DRV - [2010/11/20 23:29:03 | 000,040,704 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\vmstorfl.sys -- (storflt)
DRV - [2010/11/20 23:29:03 | 000,028,032 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\storvsc.sys -- (storvsc)
DRV - [2010/11/20 23:29:03 | 000,027,264 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\TsUsbGD.sys -- (TsUsbGD)
DRV - [2010/11/20 23:29:03 | 000,025,600 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\terminpt.sys -- (terminpt)
DRV - [2010/11/20 23:29:03 | 000,017,920 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\VMBusHID.sys -- (VMBusHID)
DRV - [2010/11/20 23:29:03 | 000,005,632 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\vms3cap.sys -- (s3cap)
DRV - [2010/02/18 09:18:22 | 000,037,944 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\amdiox86.sys -- (amdiox86)
DRV - [2009/07/14 01:45:33 | 000,083,456 | ---- | M] (Brother Industries Ltd.) [Kernel | System | Running] -- C:\Windows\System32\drivers\serial.sys -- (Serial)
DRV - [2009/07/14 00:02:52 | 000,347,264 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvm62x32.sys -- (NVENETFD)
DRV - [2006/11/02 08:57:08 | 000,020,992 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\irsir.sys -- (irsir)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\..\SearchScopes,DefaultScope =
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...ms}&FORM=IE8SRC

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.fr/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = fr
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 90 54 CB 83 8B 6B CE 01 [binary data]
IE - HKCU\..\SearchScopes,DefaultScope =
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...Box&FORM=IE8SRC
IE - HKCU\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.bing.com/...ms}&FORM=IE8SRC
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..browser.search.addSBtoToolbar: false
FF - prefs.js..browser.search.defaultenginename: "Google CH-FR"
FF - prefs.js..browser.search.selectedEngine: "Google CH-FR"
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "http://www.google.fr/ig"
FF - prefs.js..extensions.enabledAddons: fr-classique-reforme1990%40dictionaries.addons.mozilla.org:4.3
FF - prefs.js..extensions.enabledAddons: foxmarks%40kei.com:4.2.1
FF - prefs.js..extensions.enabledAddons: tabscope%40xuldev.org:1.5
FF - prefs.js..extensions.enabledAddons: tiletabs%40DW-dev:10.1
FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:24.0
FF - prefs.js..extensions.enabledItems: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}:1.2.2
FF - prefs.js..extensions.enabledItems: [email protected]:0.6
FF - prefs.js..extensions.enabledItems: {ee56ecf0-6e7a-479a-8162-e123a991c7e7}:0.4.4
FF - prefs.js..extensions.enabledItems: [email protected]:1.12.0.36949
FF - prefs.js..extensions.enabledItems: [email protected]:1.5.7
FF - prefs.js..extensions.enabledItems: {655397ca-4766-496b-b7a8-3a5b176ee4c2}:1.4.5
FF - prefs.js..extensions.enabledItems: [email protected]:0.5.12
FF - prefs.js..extensions.enabledItems: {16466865-007f-4ce4-aeb5-a0aa8b34c61a}:3.2
FF - prefs.js..extensions.enabledItems: {E2883E8F-472F-4fb0-9522-AC9BF37916A7}:1.6.2.87
FF - prefs.js..extensions.enabledItems: [email protected]:0.6.1
FF - prefs.js..extensions.enabledItems: {5fb1186a-3398-4c47-b579-0f2eee222ad1}:0.9.0.76
FF - prefs.js..extensions.enabledItems: [email protected]:0.2.0.7
FF - prefs.js..extensions.enabledItems: {15613dee-6815-4f83-90da-2c578102b6c8}:1.0.4
FF - prefs.js..extensions.enabledItems: [email protected]:0.3.6
FF - prefs.js..extensions.enabledItems: [email protected]:0.7
FF - prefs.js..extensions.enabledItems: [email protected]:1.6.8
FF - prefs.js..extensions.enabledItems: [email protected]:2.3.0
FF - prefs.js..network.proxy.autoconfig_url: "file:///h:/d/free-youtube-rule2.pac"
FF - prefs.js..network.proxy.socks: "127.0.0.1"
FF - prefs.js..network.proxy.socks_port: 9050
FF - prefs.js..network.proxy.type: 0
FF - user.js - File not found

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32_11_9_900_117.dll ()
FF - HKLM\Software\MozillaPlugins\@esn.me/esnsonar,version=0.70.4: C:\Program Files\Battlelog Web Plugins\Sonar\0.70.4\npesnsonar.dll (ESN Social Software AB)
FF - HKLM\Software\MozillaPlugins\@esn/esnlaunch,version=2.1.7: C:\Program Files\Battlelog Web Plugins\2.1.7\npesnlaunch.dll (ESN Social Software AB)
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.25.2: C:\Windows\system32\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.25.2: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.0.8: C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files\AVAST Software\Avast\WebRep\FF [2013/06/17 14:05:46 | 000,000,000 | ---D | M]

[2013/06/17 15:06:27 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Lusky\AppData\Roaming\mozilla\Extensions
[2013/10/17 19:17:46 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Lusky\AppData\Roaming\mozilla\Firefox\Profiles\exodfja2.default\extensions
[2013/06/17 15:06:37 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\Lusky\AppData\Roaming\mozilla\Firefox\Profiles\exodfja2.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2013/06/17 15:06:39 | 000,000,000 | ---D | M] (EPUBReader) -- C:\Users\Lusky\AppData\Roaming\mozilla\Firefox\Profiles\exodfja2.default\extensions\{5384767E-00D9-40E9-B72F-9CC39D655D6F}
[2013/06/17 15:06:41 | 000,000,000 | ---D | M] (Adobe DLM (powered by getPlus®)) -- C:\Users\Lusky\AppData\Roaming\mozilla\Firefox\Profiles\exodfja2.default\extensions\{E2883E8F-472F-4fb0-9522-AC9BF37916A7}
[2013/06/17 15:06:36 | 000,000,000 | ---D | M] ("Xmarks") -- C:\Users\Lusky\AppData\Roaming\mozilla\Firefox\Profiles\exodfja2.default\extensions\[email protected]
[2013/06/17 15:06:37 | 000,000,000 | ---D | M] (Dictionnaire français «Classique & Réforme 1990») -- C:\Users\Lusky\AppData\Roaming\mozilla\Firefox\Profiles\exodfja2.default\extensions\[email protected]
[2013/06/17 15:06:55 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Lusky\AppData\Roaming\mozilla\Firefox\Profiles\exodfja2.default - Copy\extensions
[2013/06/17 15:06:50 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\Lusky\AppData\Roaming\mozilla\Firefox\Profiles\exodfja2.default - Copy\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2013/06/17 15:06:53 | 000,000,000 | ---D | M] (EPUBReader) -- C:\Users\Lusky\AppData\Roaming\mozilla\Firefox\Profiles\exodfja2.default - Copy\extensions\{5384767E-00D9-40E9-B72F-9CC39D655D6F}
[2013/06/17 15:06:54 | 000,000,000 | ---D | M] (TabGroups Manager) -- C:\Users\Lusky\AppData\Roaming\mozilla\Firefox\Profiles\exodfja2.default - Copy\extensions\{ca526f8b-9e0a-4756-9077-19d6f3e64ea8}
[2013/06/17 15:06:55 | 000,000,000 | ---D | M] (Adobe DLM (powered by getPlus®)) -- C:\Users\Lusky\AppData\Roaming\mozilla\Firefox\Profiles\exodfja2.default - Copy\extensions\{E2883E8F-472F-4fb0-9522-AC9BF37916A7}
[2013/06/17 15:06:47 | 000,000,000 | ---D | M] (Ctrl-Tab) -- C:\Users\Lusky\AppData\Roaming\mozilla\Firefox\Profiles\exodfja2.default - Copy\extensions\[email protected]
[2013/06/17 15:06:47 | 000,000,000 | ---D | M] (Flashbug) -- C:\Users\Lusky\AppData\Roaming\mozilla\Firefox\Profiles\exodfja2.default - Copy\extensions\[email protected]
[2013/06/17 15:06:50 | 000,000,000 | ---D | M] ("Xmarks") -- C:\Users\Lusky\AppData\Roaming\mozilla\Firefox\Profiles\exodfja2.default - Copy\extensions\[email protected]
[2013/06/17 15:06:50 | 000,000,000 | ---D | M] (Dictionnaire français «Classique & Réforme 1990») -- C:\Users\Lusky\AppData\Roaming\mozilla\Firefox\Profiles\exodfja2.default - Copy\extensions\[email protected]
[2013/06/17 15:06:50 | 000,000,000 | ---D | M] (Vlc Kontextmenü) -- C:\Users\Lusky\AppData\Roaming\mozilla\Firefox\Profiles\exodfja2.default - Copy\extensions\[email protected]atauscher.de
[2013/04/21 10:40:20 | 000,301,821 | ---- | M] () (No name found) -- C:\Users\Lusky\AppData\Roaming\mozilla\firefox\profiles\exodfja2.default\extensions\[email protected]
[2013/08/02 09:33:09 | 000,003,958 | ---- | M] () (No name found) -- C:\Users\Lusky\AppData\Roaming\mozilla\firefox\profiles\exodfja2.default\extensions\[email protected]
[2013/10/04 22:21:37 | 002,209,401 | ---- | M] () (No name found) -- C:\Users\Lusky\AppData\Roaming\mozilla\firefox\profiles\exodfja2.default\extensions\[email protected]
[2013/10/17 19:17:46 | 000,390,473 | ---- | M] () (No name found) -- C:\Users\Lusky\AppData\Roaming\mozilla\firefox\profiles\exodfja2.default\extensions\[email protected]
[2012/03/31 22:14:45 | 000,081,251 | ---- | M] () (No name found) -- C:\Users\Lusky\AppData\Roaming\mozilla\firefox\profiles\exodfja2.default\extensions\[email protected]
[2013/09/23 20:04:39 | 000,248,650 | ---- | M] () (No name found) -- C:\Users\Lusky\AppData\Roaming\mozilla\firefox\profiles\exodfja2.default\extensions\[email protected]
[2013/09/08 20:43:57 | 000,160,818 | ---- | M] () (No name found) -- C:\Users\Lusky\AppData\Roaming\mozilla\firefox\profiles\exodfja2.default\extensions\[email protected]
[2012/09/12 11:33:19 | 000,621,521 | ---- | M] () (No name found) -- C:\Users\Lusky\AppData\Roaming\mozilla\firefox\profiles\exodfja2.default\extensions\[email protected]
[2013/10/05 22:21:02 | 000,119,969 | ---- | M] () (No name found) -- C:\Users\Lusky\AppData\Roaming\mozilla\firefox\profiles\exodfja2.default\extensions\[email protected]
[2013/05/02 23:08:02 | 000,009,582 | ---- | M] () (No name found) -- C:\Users\Lusky\AppData\Roaming\mozilla\firefox\profiles\exodfja2.default\extensions\[email protected]
[2013/04/11 21:13:52 | 000,232,420 | ---- | M] () (No name found) -- C:\Users\Lusky\AppData\Roaming\mozilla\firefox\profiles\exodfja2.default\extensions\{655397ca-4766-496b-b7a8-3a5b176ee4c2}.xpi
[2011/11/10 23:32:21 | 000,093,926 | ---- | M] () (No name found) -- C:\Users\Lusky\AppData\Roaming\mozilla\firefox\profiles\exodfja2.default\extensions\{ba243cb0-b824-4a26-9418-73ee795d9b9d}.xpi
[2013/10/10 09:19:14 | 000,915,554 | ---- | M] () (No name found) -- C:\Users\Lusky\AppData\Roaming\mozilla\firefox\profiles\exodfja2.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi
[2012/03/29 22:14:45 | 000,129,271 | ---- | M] () (No name found) -- C:\Users\Lusky\AppData\Roaming\mozilla\firefox\profiles\exodfja2.default - Copy\extensions\[email protected]
[2012/11/17 21:48:27 | 000,284,001 | ---- | M] () (No name found) -- C:\Users\Lusky\AppData\Roaming\mozilla\firefox\profiles\exodfja2.default - Copy\extensions\[email protected]
[2013/02/24 12:56:19 | 002,163,784 | ---- | M] () (No name found) -- C:\Users\Lusky\AppData\Roaming\mozilla\firefox\profiles\exodfja2.default - Copy\extensions\[email protected]
[2013/02/10 02:48:16 | 000,141,008 | ---- | M] () (No name found) -- C:\Users\Lusky\AppData\Roaming\mozilla\firefox\profiles\exodfja2.default - Copy\extensions\[email protected]
[2011/04/14 15:54:54 | 000,021,763 | ---- | M] () (No name found) -- C:\Users\Lusky\AppData\Roaming\mozilla\firefox\profiles\exodfja2.default - Copy\extensions\[email protected]
[2012/03/31 22:14:45 | 000,081,251 | ---- | M] () (No name found) -- C:\Users\Lusky\AppData\Roaming\mozilla\firefox\profiles\exodfja2.default - Copy\extensions\[email protected]
[2011/11/24 23:33:11 | 000,255,318 | ---- | M] () (No name found) -- C:\Users\Lusky\AppData\Roaming\mozilla\firefox\profiles\exodfja2.default - Copy\extensions\[email protected]
[2013/02/10 23:15:28 | 000,636,948 | ---- | M] () (No name found) -- C:\Users\Lusky\AppData\Roaming\mozilla\firefox\profiles\exodfja2.default - Copy\extensions\[email protected]
[2012/05/17 18:57:35 | 000,022,247 | ---- | M] () (No name found) -- C:\Users\Lusky\AppData\Roaming\mozilla\firefox\profiles\exodfja2.default - Copy\extensions\[email protected]
[2011/06/05 19:40:38 | 000,217,846 | ---- | M] () (No name found) -- C:\Users\Lusky\AppData\Roaming\mozilla\firefox\profiles\exodfja2.default - Copy\extensions\[email protected]
[2012/07/27 11:07:50 | 000,057,698 | ---- | M] () (No name found) -- C:\Users\Lusky\AppData\Roaming\mozilla\firefox\profiles\exodfja2.default - Copy\extensions\[email protected]
[2012/09/12 11:33:19 | 000,621,521 | ---- | M] () (No name found) -- C:\Users\Lusky\AppData\Roaming\mozilla\firefox\profiles\exodfja2.default - Copy\extensions\[email protected]
[2012/12/30 01:16:16 | 000,282,113 | ---- | M] () (No name found) -- C:\Users\Lusky\AppData\Roaming\mozilla\firefox\profiles\exodfja2.default - Copy\extensions\[email protected]
[2011/07/01 18:11:03 | 000,710,352 | ---- | M] () (No name found) -- C:\Users\Lusky\AppData\Roaming\mozilla\firefox\profiles\exodfja2.default - Copy\extensions\{15613dee-6815-4f83-90da-2c578102b6c8}.xpi
[2012/10/18 23:00:47 | 000,220,296 | ---- | M] () (No name found) -- C:\Users\Lusky\AppData\Roaming\mozilla\firefox\profiles\exodfja2.default - Copy\extensions\{655397ca-4766-496b-b7a8-3a5b176ee4c2}.xpi
[2011/11/10 23:32:21 | 000,093,926 | ---- | M] () (No name found) -- C:\Users\Lusky\AppData\Roaming\mozilla\firefox\profiles\exodfja2.default - Copy\extensions\{ba243cb0-b824-4a26-9418-73ee795d9b9d}.xpi
[2013/02/14 23:15:23 | 000,817,280 | ---- | M] () (No name found) -- C:\Users\Lusky\AppData\Roaming\mozilla\firefox\profiles\exodfja2.default - Copy\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi
[2012/12/29 00:07:15 | 000,747,868 | ---- | M] () (No name found) -- C:\Users\Lusky\AppData\Roaming\mozilla\firefox\profiles\exodfja2.default - Copy\extensions\{dc572301-7619-498c-a57d-39143191b318}.xpi
[2011/08/15 22:39:48 | 000,026,585 | ---- | M] () (No name found) -- C:\Users\Lusky\AppData\Roaming\mozilla\firefox\profiles\exodfja2.default - Copy\extensions\{dc5d9a10-2736-11da-8cd6-0800200c9a66}.xpi
[2013/10/19 18:58:54 | 000,002,216 | ---- | M] () -- C:\Users\Lusky\AppData\Roaming\mozilla\firefox\profiles\exodfja2.default\searchplugins\google-ch-fr.xml
[2010/08/24 15:40:08 | 000,004,855 | ---- | M] () -- C:\Users\Lusky\AppData\Roaming\mozilla\firefox\profiles\exodfja2.default\searchplugins\google-images.xml
[2013/10/19 18:58:54 | 000,002,091 | ---- | M] () -- C:\Users\Lusky\AppData\Roaming\mozilla\firefox\profiles\exodfja2.default\searchplugins\google-translate-en-fr.xml
[2013/10/19 18:58:54 | 000,006,130 | ---- | M] () -- C:\Users\Lusky\AppData\Roaming\mozilla\firefox\profiles\exodfja2.default\searchplugins\google-translate-fr-en.xml
[2013/10/19 18:58:54 | 000,002,533 | ---- | M] () -- C:\Users\Lusky\AppData\Roaming\mozilla\firefox\profiles\exodfja2.default\searchplugins\imdb.xml
[2013/10/19 18:58:54 | 000,002,273 | ---- | M] () -- C:\Users\Lusky\AppData\Roaming\mozilla\firefox\profiles\exodfja2.default\searchplugins\mediadico---anglaisfranais.xml
[2013/10/19 18:58:54 | 000,002,311 | ---- | M] () -- C:\Users\Lusky\AppData\Roaming\mozilla\firefox\profiles\exodfja2.default\searchplugins\wikipdia-fr---lire.xml
[2011/08/16 19:18:50 | 000,002,468 | ---- | M] () -- C:\Users\Lusky\AppData\Roaming\mozilla\firefox\profiles\exodfja2.default\searchplugins\wiktionnaire-fr.xml
[2013/10/19 18:58:54 | 000,002,549 | ---- | M] () -- C:\Users\Lusky\AppData\Roaming\mozilla\firefox\profiles\exodfja2.default\searchplugins\wr-english-french.xml
[2013/10/19 18:58:55 | 000,002,549 | ---- | M] () -- C:\Users\Lusky\AppData\Roaming\mozilla\firefox\profiles\exodfja2.default\searchplugins\wr-french-english.xml

O1 HOSTS File: ([2009/06/10 23:39:37 | 000,000,824 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O2 - BHO: (Java™ Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (avast! Online Security) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
O2 - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O3 - HKLM\..\Toolbar: (avast! Online Security) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
O4 - HKLM..\Run: [avast] C:\Program Files\AVAST Software\Avast\avastUI.exe (AVAST Software)
O4 - HKLM..\Run: [StartCCC] C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
O4 - Startup: C:\Users\Lusky\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\miranda32.lnk = H:\Program Files\Miranda IM Fr\miranda32.exe ( )
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 212.27.40.240 212.27.40.241
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{DBF0A545-0CEF-4169-813E-7AB83D396A71}: DhcpNameServer = 212.27.40.240 212.27.40.241
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation)
O21 - SSODL: EldosMountNotificator - {C28617FD-4FE7-4043-AD51-C8132CE90106} - C:\Windows\System32\SSCbFsMntNtf3.dll (EldoS Corporation)
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O22 - SharedTaskScheduler: {C28617FD-4FE7-4043-AD51-C8132CE90106} - Virtual Storage Mount Notification - C:\Windows\System32\SSCbFsMntNtf3.dll (EldoS Corporation)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009/06/10 23:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O32 - AutoRun File - [2009/11/28 20:18:54 | 000,000,000 | ---- | M] () - E:\AUTOEXEC.BAT -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)

========== Files/Folders - Created Within 30 Days ==========

[2013/10/19 23:05:27 | 000,000,000 | ---D | C] -- C:\Windows\temp
[2013/10/19 23:05:04 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN
[2013/10/14 22:49:11 | 000,000,000 | ---D | C] -- C:\Users\Lusky\AppData\Roaming\Pingus
[2013/10/13 16:03:59 | 000,000,000 | ---D | C] -- C:\Users\Lusky\AppData\Local\Altap
[2013/10/13 14:29:48 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Notepad++
[2013/10/13 14:29:38 | 000,000,000 | ---D | C] -- C:\Users\Lusky\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Notepad++
[2013/10/11 21:22:08 | 000,000,000 | ---D | C] -- C:\Users\Lusky\AppData\Local\My Games
[2013/10/10 21:17:33 | 000,133,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\ataport.sys
[2013/10/10 21:17:11 | 000,271,360 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\conhost.exe
[2013/10/10 21:17:11 | 000,169,984 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\winsrv.dll
[2013/10/10 21:17:11 | 000,005,120 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-file-l1-1-0.dll
[2013/10/10 21:17:11 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-sysinfo-l1-1-0.dll
[2013/10/10 21:17:11 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-synch-l1-1-0.dll
[2013/10/10 21:17:11 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-namedpipe-l1-1-0.dll
[2013/10/10 21:17:11 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-string-l1-1-0.dll
[2013/10/10 21:17:11 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-rtlsupport-l1-1-0.dll
[2013/10/10 21:17:10 | 000,004,608 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-processthreads-l1-1-0.dll
[2013/10/10 21:17:10 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-misc-l1-1-0.dll
[2013/10/10 21:17:10 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-localregistry-l1-1-0.dll
[2013/10/10 21:17:10 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-processenvironment-l1-1-0.dll
[2013/10/10 21:17:10 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-memory-l1-1-0.dll
[2013/10/10 21:17:10 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-libraryloader-l1-1-0.dll
[2013/10/10 21:17:10 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-interlocked-l1-1-0.dll
[2013/10/10 21:17:10 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-profile-l1-1-0.dll
[2013/10/10 21:17:10 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-io-l1-1-0.dll
[2013/10/10 21:17:09 | 000,004,608 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-threadpool-l1-1-0.dll
[2013/10/10 21:17:09 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-xstate-l1-1-0.dll
[2013/10/10 21:17:09 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-heap-l1-1-0.dll
[2013/10/10 21:17:09 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-handle-l1-1-0.dll
[2013/10/10 21:17:09 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-fibers-l1-1-0.dll
[2013/10/10 21:17:09 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-errorhandling-l1-1-0.dll
[2013/10/10 21:17:09 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-delayload-l1-1-0.dll
[2013/10/10 21:17:09 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-debug-l1-1-0.dll
[2013/10/10 21:17:09 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-datetime-l1-1-0.dll
[2013/10/10 21:17:08 | 000,006,144 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-security-base-l1-1-0.dll
[2013/10/10 21:17:08 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-localization-l1-1-0.dll
[2013/10/10 21:17:08 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-util-l1-1-0.dll
[2013/10/10 21:17:08 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-console-l1-1-0.dll
[2013/10/08 09:07:43 | 000,000,000 | ---D | C] -- C:\Users\Lusky\AppData\Roaming\Altap
[2013/10/07 18:42:54 | 000,000,000 | ---D | C] -- C:\Users\Lusky\Documents\My SugarSync
[2013/10/07 18:34:11 | 000,000,000 | ---D | C] -- C:\Users\Lusky\AppData\Local\SugarSync
[2013/10/07 18:34:08 | 000,225,024 | ---- | C] (EldoS Corporation) -- C:\Windows\System32\SSCbFsNetRdr3.dll
[2013/10/07 18:34:08 | 000,159,488 | ---- | C] (EldoS Corporation) -- C:\Windows\System32\SSCbFsMntNtf3.dll
[2013/10/07 18:33:02 | 000,295,936 | ---- | C] (EldoS Corporation) -- C:\Windows\System32\drivers\sscbfs3.sys
[2013/10/07 18:32:49 | 000,000,000 | ---D | C] -- C:\Program Files\SugarSync
[2013/10/06 21:50:14 | 000,000,000 | ---D | C] -- C:\Users\Lusky\AppData\Local\Paint.NET
[2013/10/05 18:49:51 | 000,000,000 | ---D | C] -- C:\Users\Lusky\AppData\Roaming\Bioshock2Steam
[2013/10/05 18:49:51 | 000,000,000 | ---D | C] -- C:\Users\Lusky\Documents\Bioshock2
[2013/10/04 00:30:11 | 000,000,000 | ---D | C] -- C:\Users\Lusky\AppData\Local\CrashDumps
[2013/10/02 20:33:06 | 000,000,000 | ---D | C] -- C:\Users\Lusky\AppData\Local\DOSBox
[2013/10/02 17:54:09 | 000,000,000 | ---D | C] -- C:\Users\Lusky\AppData\Roaming\ScummVM
[2013/09/28 20:46:02 | 000,000,000 | ---D | C] -- C:\Users\Lusky\AppData\Local\EA Games
[2013/09/27 23:00:04 | 000,000,000 | ---D | C] -- C:\Users\Lusky\Documents\Facepalm Games
[2013/09/27 22:16:13 | 000,000,000 | ---D | C] -- C:\Users\Lusky\AppData\Local\Chromium
[2013/09/27 22:14:44 | 000,000,000 | ---D | C] -- C:\Program Files\Rockstar Games
[2013/09/25 23:09:39 | 000,000,000 | ---D | C] -- C:\Users\Lusky\AppData\Local\IdeoSi
[2013/09/23 23:04:29 | 000,000,000 | ---D | C] -- C:\Users\Lusky\AppData\Local\Electronic Arts
[2013/09/23 23:03:55 | 000,000,000 | ---D | C] -- C:\Users\Lusky\Documents\Electronic Arts
[2013/09/23 23:02:36 | 000,000,000 | ---D | C] -- C:\Users\Lusky\Documents\Electrontic Arts
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2013/10/20 11:00:57 | 000,022,944 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2013/10/20 11:00:57 | 000,022,944 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2013/10/20 10:51:40 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2013/10/20 10:51:26 | 1610,162,176 | -HS- | M] () -- C:\hiberfil.sys
[2013/10/17 08:49:43 | 000,000,835 | ---- | M] () -- C:\Users\Lusky\Application Data\Microsoft\Internet Explorer\Quick Launch\Torrent.lnk
[2013/10/13 21:35:20 | 000,745,056 | ---- | M] () -- C:\Windows\System32\perfh00C.dat
[2013/10/13 21:35:20 | 000,686,330 | ---- | M] () -- C:\Windows\System32\perfh007.dat
[2013/10/13 21:35:20 | 000,651,938 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2013/10/13 21:35:20 | 000,468,808 | ---- | M] () -- C:\Windows\System32\perfh001.dat
[2013/10/13 21:35:20 | 000,148,574 | ---- | M] () -- C:\Windows\System32\perfc00C.dat
[2013/10/13 21:35:20 | 000,147,458 | ---- | M] () -- C:\Windows\System32\perfc007.dat
[2013/10/13 21:35:20 | 000,120,870 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2013/10/13 21:35:20 | 000,093,466 | ---- | M] () -- C:\Windows\System32\perfc001.dat
[2013/10/11 08:37:26 | 000,692,616 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerApp.exe
[2013/10/11 08:37:26 | 000,071,048 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerCPLApp.cpl
[2013/10/07 18:34:10 | 000,001,852 | ---- | M] () -- C:\Users\Public\Desktop\SugarSync.lnk
[2013/10/02 23:51:43 | 000,000,600 | ---- | M] () -- C:\Users\Lusky\AppData\Roaming\winscp.rnd
[2013/09/22 23:05:04 | 000,139,032 | ---- | M] () -- C:\Windows\System32\drivers\PnkBstrK.sys
[2013/09/22 23:04:56 | 000,290,184 | ---- | M] () -- C:\Windows\System32\PnkBstrB.xtr
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

========== Files Created - No Company Name ==========

[2013/10/17 08:49:43 | 000,000,835 | ---- | C] () -- C:\Users\Lusky\Application Data\Microsoft\Internet Explorer\Quick Launch\Torrent.lnk
[2013/10/07 18:34:10 | 000,001,852 | ---- | C] () -- C:\Users\Public\Desktop\SugarSync.lnk
[2013/10/02 22:18:19 | 000,000,834 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Altap Salamander (beta x86).lnk
[2013/08/31 23:13:14 | 000,139,032 | ---- | C] () -- C:\Windows\System32\drivers\PnkBstrK.sys
[2013/08/31 22:54:03 | 000,290,184 | ---- | C] () -- C:\Windows\System32\PnkBstrB.exe
[2013/08/31 22:44:32 | 000,076,888 | ---- | C] () -- C:\Windows\System32\PnkBstrA.exe
[2013/08/31 22:36:39 | 002,601,752 | ---- | C] () -- C:\Windows\System32\pbsvc_moh.exe
[2013/08/30 20:09:49 | 002,580,552 | ---- | C] () -- C:\Windows\System32\pbsvc.exe
[2013/08/29 19:26:28 | 000,138,056 | ---- | C] () -- C:\Users\Lusky\AppData\Roaming\PnkBstrK.sys
[2013/08/01 00:09:28 | 000,000,080 | ---- | C] () -- C:\Users\Lusky\.gitconfig
[2013/07/31 23:20:10 | 000,000,000 | ---- | C] () -- C:\Users\Lusky\.hgrc
[2013/07/31 21:46:58 | 000,000,010 | ---- | C] () -- C:\Users\Lusky\.bash_history
[2013/07/30 19:20:01 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe
[2013/07/30 19:20:01 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe
[2013/07/30 19:20:01 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
[2013/07/30 19:20:01 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
[2013/07/30 19:20:01 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
[2013/07/04 01:18:07 | 000,000,496 | ---- | C] () -- C:\Users\Lusky\AppData\Local\glade-3.conf
[2013/07/04 01:18:07 | 000,000,218 | ---- | C] () -- C:\Users\Lusky\AppData\Local\recently-used.xbel
[2013/06/18 00:12:23 | 000,008,192 | ---- | C] () -- C:\Windows\d3dx.dat
[2013/06/17 22:37:07 | 000,016,304 | ---- | C] () -- C:\Windows\System32\apl003.sys
[2013/06/17 22:37:07 | 000,013,232 | ---- | C] () -- C:\Windows\System32\apf003.sys
[2013/06/17 14:26:28 | 000,000,000 | ---- | C] () -- C:\Windows\ativpsrm.bin
[2013/06/17 14:12:42 | 000,000,600 | ---- | C] () -- C:\Users\Lusky\AppData\Roaming\winscp.rnd
[2013/06/17 14:06:15 | 000,174,664 | ---- | C] () -- C:\Windows\System32\drivers\aswVmm.sys
[2013/06/17 14:06:15 | 000,049,376 | ---- | C] () -- C:\Windows\System32\drivers\aswRvrt.sys

========== ZeroAccess Check ==========

[2009/07/14 06:42:31 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini

[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2013/07/26 03:55:59 | 012,872,704 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2010/11/20 23:29:20 | 000,606,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
"" = %systemroot%\system32\wbem\wbemess.dll -- [2009/07/14 03:16:17 | 000,342,528 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both

< End of report >
  • 0

Advertisements


#2
Valinorum

Valinorum

    GeekU Guardian Bot

  • GeekU Moderator
  • 2,909 posts
Hi Lusky, :)

:welcome:

My name is Valinorum and I will be your helper today. Before we proceed, please, acknowledge yourself the following(s):

  • Please do not create any new threads on this while we are working on your system, as it wastes another volunteer's time.
  • Please do not install any new software while we are working on this system,as it may hinder our process.
  • Malware removal is a complicated process so don't stop following the steps even if the symptoms are not found. Keep up with me until I declare you clean.
  • Please do not try to fix anything without being ask.
  • Please do not attach your logs. Do a Copy/Paste of the entire contents of the log file and submit it inside your post unless directed otherwise.
  • Please print or save the instructions I give you for quick reference. We may be using Safe mode and you will not always be able to access this thread.
  • Back up your data. I will not knowingly suggest your any course that might damage your system but sometimes Malwares infections are so severe that only option we have is to re-format and re-install the operating system.
  • If you are confused about any instruction stop and ask. do not keep going on.
  • Do not repeat the steps if you face any problems.
  • The fixes are for your system only. Please refrain from using these fixes on other system as it may do serious damage.

Note: Please, bare in mind that I am still a trainee and my replies need to be reviewed by my teachers before I post them to you which requires time as both teachers and helpers are volunteers here. Take it as a good thing because now you have two people examining your problem. I really hope that we will be able to send you home with a smile on your face. :)

 

In future, do not run Combofix unless asked as it is a powerful removal tool which, if run incorrectly, can make the machine unbootable.

Can you please post the Extras.txt which is created in the same location of OTL.exe as well as the Combofix log located in C:\ComboFix.txt.

Regards,
Valinorum
  • 0

#3
Lusky

Lusky

    Member

  • Topic Starter
  • Member
  • PipPip
  • 17 posts
Here is the extras.txt file.



OTL Extras logfile created on: 20/10/2013 11:39:51 - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = H:\d
Ultimate Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7601.17514)
Locale: 0000040c | Country: France | Language: FRA | Date Format: dd/MM/yyyy

2,00 Gb Total Physical Memory | 1,45 Gb Available Physical Memory | 72,74% Memory free
4,00 Gb Paging File | 3,07 Gb Available in Paging File | 76,82% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 200,00 Gb Total Space | 115,12 Gb Free Space | 57,56% Space Free | Partition Type: NTFS
Drive E: | 465,76 Gb Total Space | 21,67 Gb Free Space | 4,65% Space Free | Partition Type: NTFS
Drive H: | 1663,02 Gb Total Space | 184,49 Gb Free Space | 11,09% Space Free | Partition Type: NTFS

Computer Name: LUSKY-PC | User Name: Lusky | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)

[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\FirefoxPortable 4\App\Firefox\firefox.exe (Mozilla Corporation)

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
htmlfile [edit] -- Reg Error: Key error.
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" (VideoLAN)
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" (VideoLAN)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
"FirewallDisableNotify" = 0
"AntiVirusDisableNotify" = 0
"UpdatesDisableNotify" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

========== System Restore Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]


========== Vista Active Open Ports Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0083F751-DDCA-4A14-8704-6756DA7A2D39}" = rport=10243 | protocol=6 | dir=out | app=system |
"{038AF411-88FB-4DDA-B278-0E7C54227EAB}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{0AA89D86-E6E3-4DC3-8F5D-8AEC2B8A07BA}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{28AF0B1A-1CFB-4A6B-9BA0-E2195D825CE4}" = lport=137 | protocol=17 | dir=in | app=system |
"{366A2D87-0755-4B9E-8383-834B15DC7DAA}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | [email protected],-28539 |
"{376DB47A-3D50-4911-A01D-78A1ACCD2927}" = lport=139 | protocol=6 | dir=in | app=system |
"{395B7918-A982-413E-B0C9-67F07E6E8B3E}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
"{428A33C6-A3A6-4B2C-B78E-5C5678B7D9DD}" = lport=2869 | protocol=6 | dir=in | app=system |
"{4603D8CB-A643-40FE-873D-98CD63B05CFA}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{4F8711FA-26EE-42D3-8565-8CE129D4E8ED}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{583C0E11-38B7-4786-8A1E-1E9BFCCC0D35}" = rport=139 | protocol=6 | dir=out | app=system |
"{640475B1-A013-4E07-A050-40C4775D502D}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{7BD564F8-9D77-4BB3-8149-9B556BAAA573}" = rport=137 | protocol=17 | dir=out | app=system |
"{A4EC24B1-9CCE-4D19-9233-BED196570E04}" = lport=138 | protocol=17 | dir=in | app=system |
"{B5195BFD-F0EF-41C2-910A-8A310E254F49}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{DD7B1E6D-0B3A-4688-B03C-4ECE872DE54F}" = rport=445 | protocol=6 | dir=out | app=system |
"{EC7A2015-C612-4DEA-95BE-FD9F07F6D3BD}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{F24BF464-639A-4C1F-BBD9-A30B83F9E376}" = rport=138 | protocol=17 | dir=out | app=system |
"{F8B4DCCF-AEDA-4328-B8D6-33895A142452}" = lport=10243 | protocol=6 | dir=in | app=system |
"{F9D2FB63-36E0-4E29-9FBC-0B8109B65D1E}" = lport=445 | protocol=6 | dir=in | app=system |
"{FCBA4C5A-265F-4758-963E-15BDEB5379EF}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |

========== Vista Active Application Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0671FC8F-4F0E-4948-BCD1-8D54485C1175}" = protocol=6 | dir=in | app=h:\jeux\steam\steamapps\common\team fortress 2\hl2.exe |
"{08442155-AB0C-4CE0-AE99-C46FF6C8420E}" = protocol=6 | dir=in | app=h:\jeux\steam\steamapps\common\archeblade\binaries\win32\archeblade.exe |
"{09958923-22A4-4E8B-B8D3-1E4F68C5F3D1}" = protocol=6 | dir=in | app=h:\program files\origin games\battlefield 1942\bf1942.exe |
"{0B2B1A5D-1B49-4FFB-A752-FE0C06AFCF4B}" = protocol=17 | dir=in | app=h:\jeux\steam\steamapps\common\castlecrashersdemo\castle.exe |
"{1140CF7F-B865-46A7-B4AE-0A48775333DE}" = protocol=6 | dir=in | app=h:\jeux\steam\steamapps\common\medal of honor\mp\mohmpgame.exe |
"{1853A6D9-2595-44CD-ACEF-91F131D07E5F}" = protocol=6 | dir=in | app=c:\program files\battlelog web plugins\sonar\0.70.4\sonarhost.exe |
"{188CFC90-6177-47DB-8A74-DC125CF60870}" = protocol=6 | dir=in | app=h:\jeux\steam\steamapps\common\medal of honor\support\ea help\electronic_arts_technical_support.htm |
"{1A05E42A-3718-40E2-9FD1-8EC751BAF525}" = protocol=17 | dir=in | app=h:\juex\tom clancy's splinter cell blacklist\src\system\blacklist_game.exe |
"{1ACFF3B7-E6EC-4B48-820C-80C79E0AA06C}" = protocol=6 | dir=in | app=h:\jeux\steam\steamapps\common\bioshock 2\sp\builds\binaries\bioshock2launcher.exe |
"{1C97F42E-E46B-42D7-80D8-8250AD22FAF2}" = protocol=17 | dir=in | app=h:\jeux\steam\steamapps\common\alien breed 2 assault\binaries\alienbreed2assault.exe |
"{1DF5633C-1642-4BCE-AC46-B909B5AE3897}" = protocol=17 | dir=in | app=c:\programdata\battle.net\agent\agent.1737\agent.exe |
"{2103E506-3F73-4367-A91B-FE21B8B8B628}" = protocol=17 | dir=in | app=h:\jeux\steam\steamapps\common\dead space\support\ea help\electronic_arts_technical_support.htm |
"{2602FE43-63E3-4C15-B5C5-366DB5A9C422}" = protocol=6 | dir=in | app=h:\jeux\steam\steamapps\common\dead space\support\ea help\electronic_arts_technical_support.htm |
"{28B9FBA9-FB1F-4B33-83EB-068AF0E650A9}" = protocol=6 | dir=in | app=h:\jeux\steam\steamapps\common\castlecrashersdemo\castle.exe |
"{29872347-A5F0-4F77-A2A6-3BAFB0D67C61}" = protocol=17 | dir=in | app=h:\jeux\steam\steamapps\common\trine 2\trine2_launcher.exe |
"{2B0D1D31-28D9-4590-9D22-E713503DDDFA}" = protocol=58 | dir=in | [email protected],-28545 |
"{2CF4ECC2-F842-4D8D-959B-896F119C2730}" = protocol=6 | dir=in | app=h:\jeux\steam\steamapps\common\alien breed 2 assault\binaries\alienbreed2assault.exe |
"{2DAEE06E-921D-47FA-B613-224274EFA077}" = protocol=6 | dir=in | app=h:\jeux\steam\steamapps\common\mirrors edge\support\ea help\electronic_arts_technical_support.htm |
"{2FE386D9-ECB4-48A9-B7C4-962B5515719D}" = protocol=6 | dir=in | app=h:\jeux\steam\steamapps\common\dead space\dead space.exe |
"{30C17453-DDFF-4D04-A514-6FDCA6CC0B69}" = protocol=17 | dir=in | app=h:\jeux\steam\steamapps\common\mirrors edge\support\ea help\electronic_arts_technical_support.htm |
"{35B08CF8-61D3-4966-900A-161547105994}" = protocol=6 | dir=in | app=h:\juex\tom clancy's splinter cell blacklist\src\system\blacklist_game.exe |
"{3A7F3BBF-3631-4203-AA59-5A955D4D7454}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{3C2D2354-BE4A-4CBD-AAF2-B5AB8E06F4CF}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{3CD1549E-922B-46C8-85F7-C1499129EBF6}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{3CDF39A3-4FCD-431E-B04B-B286387370DF}" = protocol=6 | dir=in | app=h:\jeux\steam\steamapps\common\burnout™ paradise the ultimate box\burnoutconfigtool.exe |
"{4218B35C-3FB5-41E0-9F43-8AF2EF2C3A07}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{4A49C52F-1230-469E-B05A-57B687DC9B40}" = protocol=6 | dir=in | app=h:\jeux\steam\steamapps\common\command and conquer red alert 3 uprising\support\ea help\electronic_arts_technical_support.htm |
"{4E8F8B27-668A-41F3-96C6-0564C7CB3242}" = dir=out | app=h:\jeux\max payne 3\maxpayne3.exe |
"{502B1735-9D0B-457F-A0F7-E94F930079B8}" = protocol=6 | dir=in | app=h:\jeux\steam\steamapps\common\burnout™ paradise the ultimate box\support\ea help\electronic_arts_technical_support.htm |
"{56AE5AD6-8E65-4FF9-885B-E10DA4D1533B}" = protocol=17 | dir=in | app=h:\jeux\steam\steamapps\common\titan quest\titan quest.exe |
"{570E8D58-062D-4372-88A2-A59C8838F8D7}" = protocol=17 | dir=in | app=h:\jeux\steam\steamapps\common\homefront demo\binaries\homefront.exe |
"{573E50DF-0A3E-428C-A33E-9255949BE3E5}" = protocol=17 | dir=in | app=h:\jeux\steam\steamapps\common\mirrors edge\binaries\mirrorsedge.exe |
"{5AB84C8B-78A4-46ED-90B8-A27D1A0015AE}" = protocol=17 | dir=in | app=c:\windows\system32\pnkbstra.exe |
"{5CE64B6A-A918-4057-8336-4B384F7E15C0}" = protocol=6 | dir=in | app=h:\jeux\steam\steam.exe |
"{5E2A5EAB-09BE-4AB7-B8B4-FD468F0083D8}" = protocol=6 | dir=in | app=h:\jeux\steam\steamapps\common\command and conquer red alert 3 uprising\ra3ep1.exe |
"{632C86F9-A62B-4E04-BDF6-94C1B7281824}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{66E37AA4-1BF4-4D8A-8825-8E1EBC7BF778}" = protocol=17 | dir=in | app=h:\program files\origin games\battlefield 3\bf3.exe |
"{6725EB99-4409-4FBF-8F3D-43DD5C1E8A32}" = protocol=17 | dir=in | app=h:\juex\tom clancy's splinter cell blacklist\blacklist_launcher.exe |
"{6ACA2D0F-A7BA-44A0-BA98-BD094A884FF6}" = protocol=6 | dir=in | app=h:\juex\tom clancy's splinter cell blacklist\blacklist_launcher.exe |
"{779928B3-94B6-4469-B601-51B824DB6820}" = protocol=17 | dir=in | app=h:\jeux\steam\steamapps\common\left 4 dead 2\left4dead2.exe |
"{7BF32A08-4086-4EF3-A446-76239F668F84}" = protocol=17 | dir=in | app=h:\jeux\steam\steamapps\common\burnout™ paradise the ultimate box\burnoutparadise.exe |
"{7C32DD5C-0E88-4876-A6BD-B0E1F81FBFFF}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{7D16F43A-A8FA-49FD-8AE1-F3400F534F6E}" = protocol=6 | dir=in | app=h:\jeux\steam\steamapps\common\terraria\terraria.exe |
"{7F1D6F46-1EE0-409D-9A02-9E5727565644}" = protocol=6 | dir=in | app=h:\jeux\steam\steamapps\common\portal 2\portal2.exe |
"{844A33E8-4111-4A8C-AFA7-04CE2D472039}" = protocol=6 | dir=in | app=h:\jeux\steam\steamapps\common\titan quest immortal throne\tqit.exe |
"{84C09415-4C9F-4B84-9C0D-18758404BA85}" = protocol=17 | dir=in | app=c:\users\lusky\appdata\roaming\utorrent\utorrent.exe |
"{871EB63B-709A-4409-B264-F07C590BF6BC}" = protocol=58 | dir=in | app=system |
"{9126C85B-3897-4EA8-BB4F-8B1EECE2CA17}" = protocol=58 | dir=out | [email protected],-28546 |
"{93BE8608-C85A-41EA-B328-5D7934C7FD87}" = protocol=17 | dir=in | app=h:\jeux\steam\steam.exe |
"{95976669-B74E-4561-9B56-D348CCC759AC}" = protocol=6 | dir=in | app=h:\jeux\steam\steamapps\common\left 4 dead 2\left4dead2.exe |
"{95F1AD85-6E8E-48DA-84A7-82A8B85564F7}" = protocol=1 | dir=in | [email protected],-28543 |
"{9895B28E-221F-4B35-8EE7-9B25CEA02A0B}" = protocol=17 | dir=in | app=h:\jeux\steam\steamapps\common\bioshock 2\mp\builds\binaries\bioshock2launcher.exe |
"{98A6B504-93CE-480E-8B61-E31419091E0A}" = protocol=6 | dir=in | app=h:\jeux\steam\steamapps\common\sid meier's civilization v\launcher.exe |
"{99FE16C4-BE1E-4C83-BB13-A4DA68A6F8CA}" = protocol=6 | dir=in | app=h:\jeux\steam\steamapps\common\bioshock 2\mp\builds\binaries\bioshock2launcher.exe |
"{9B198D5B-08F2-4111-A75F-B4EA6736F38F}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{A3838899-5B9B-4A93-BD6C-9DFDE2C8B098}" = protocol=17 | dir=in | app=h:\jeux\steam\steamapps\common\command and conquer red alert 3 uprising\support\ea help\electronic_arts_technical_support.htm |
"{A8C48E02-414D-4F57-970E-53955CCA2E2F}" = protocol=17 | dir=in | app=h:\jeux\steam\steamapps\common\terraria\terraria.exe |
"{AB42A308-2CD5-4998-8994-51FF020FED37}" = protocol=6 | dir=in | app=c:\windows\system32\pnkbstra.exe |
"{AE5DEEDE-8F2B-4A92-A981-B6C83967DD21}" = protocol=17 | dir=in | app=h:\jeux\steam\steamapps\common\half-life 2 deathmatch\hl2.exe |
"{AEDFE1B9-06E8-4FD4-8541-C815107649B9}" = protocol=17 | dir=in | app=h:\jeux\steam\steamapps\common\medal of honor\mp\mohmpgame.exe |
"{AFF378BA-47D2-458D-9CDE-C5E65FB27AF1}" = protocol=6 | dir=in | app=h:\juex\tom clancy's splinter cell blacklist\src\system\blacklist_dx11_game.exe |
"{B09D2F9E-71AF-406E-90BC-943703F4684F}" = protocol=17 | dir=in | app=h:\jeux\steam\steamapps\common\archeblade\binaries\win32\archeblade.exe |
"{B0F33809-F4E1-468C-8536-2E6D8068BA33}" = protocol=6 | dir=in | app=h:\jeux\steam\steamapps\common\burnout™ paradise the ultimate box\burnoutparadise.exe |
"{B18DB657-8DA0-4BCE-A60F-F15A27EB55D5}" = protocol=6 | dir=in | app=c:\windows\system32\pnkbstrb.exe |
"{B6388464-C9DF-4771-8AD7-438EC55C50EC}" = protocol=17 | dir=in | app=h:\program files\origin games\dead space 3\deadspace3.exe |
"{B7853C90-A895-46E6-AD15-F2FFDE385FAC}" = protocol=17 | dir=in | app=c:\program files\battlelog web plugins\sonar\0.70.4\sonarhost.exe |
"{B8AB8A4D-32F7-4508-B1E0-CDEE5FF929C5}" = protocol=17 | dir=in | app=h:\juex\tom clancy's splinter cell blacklist\src\system\blacklist_dx11_game.exe |
"{B92D585C-17C2-4B0A-94CE-0DAD31EC3A18}" = protocol=17 | dir=in | app=h:\jeux\steam\steamapps\common\portal 2\portal2.exe |
"{B9DD03B9-862E-4C31-94FD-D2C3CECAC3C8}" = protocol=58 | dir=out | [email protected],-503 |
"{BE7010FC-7695-481E-9AF3-C040FEBA2767}" = protocol=17 | dir=in | app=h:\jeux\steam\steamapps\common\dead space\dead space.exe |
"{BEC65641-F3B8-4EE2-B4A6-07925A3B3C17}" = protocol=6 | dir=in | app=h:\juex\tom clancy's splinter cell blacklist\src\system\gu.exe |
"{C1B82A97-21B2-4621-948E-290BCF69CA45}" = protocol=6 | dir=in | app=h:\jeux\steam\steamapps\common\borderlands\binaries\borderlands.exe |
"{C27F7AD3-702D-4667-883B-AF1A89221055}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{C416BDF3-3B75-43AF-AB99-D2AB915E7716}" = protocol=17 | dir=in | app=h:\jeux\steam\steamapps\common\burnout™ paradise the ultimate box\burnoutconfigtool.exe |
"{C4A9A010-90A4-4B46-946B-E103AE9C2E51}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{C897782F-E1AA-4825-8311-304110241D43}" = protocol=6 | dir=in | app=c:\users\lusky\appdata\roaming\utorrent\utorrent.exe |
"{C9FCD9ED-16E5-4DC9-8659-08A018B9A505}" = protocol=17 | dir=in | app=h:\jeux\steam\steamapps\common\burnout™ paradise the ultimate box\support\ea help\electronic_arts_technical_support.htm |
"{CA12217B-7F8E-4CE9-A577-6F56E2E00786}" = protocol=17 | dir=in | app=h:\jeux\steam\steamapps\common\medal of honor\support\ea help\electronic_arts_technical_support.htm |
"{CA2886A0-1F2A-4DA8-9B01-9CE1CC3A011B}" = protocol=6 | dir=in | app=h:\program files\origin games\dead space 3\deadspace3.exe |
"{CBCDF136-9270-4C18-8825-96DA12CB700F}" = protocol=6 | dir=in | app=c:\programdata\battle.net\agent\agent.1737\agent.exe |
"{CEC12687-D961-483B-9087-8B5D0A0094DB}" = protocol=17 | dir=in | app=h:\jeux\steam\steamapps\common\titan quest immortal throne\tqit.exe |
"{D50170C5-64CD-445B-AB25-738C656EB8F3}" = protocol=17 | dir=in | app=h:\jeux\steam\steamapps\common\sid meier's civilization v\launcher.exe |
"{D5539D11-8BB4-4D1D-BF97-7FD6EBBFC5ED}" = protocol=6 | dir=in | app=h:\jeux\steam\steamapps\common\homefront demo\binaries\homefront.exe |
"{D76831FA-F98D-4D94-B488-891DEF447CE4}" = protocol=6 | dir=in | app=h:\jeux\steam\steamapps\common\half-life 2 deathmatch\hl2.exe |
"{D798470A-ABCA-4D82-B9FF-D359A737C0E3}" = protocol=6 | dir=in | app=h:\jeux\steam\steamapps\common\mirrors edge\binaries\mirrorsedge.exe |
"{D7E19A5F-EEA2-480B-A9E1-6D70FB7B7233}" = protocol=17 | dir=in | app=c:\windows\system32\pnkbstrb.exe |
"{D92C64C0-9B80-4DE6-9F5A-174250CEBBD4}" = protocol=17 | dir=in | app=h:\program files\origin games\battlefield 1942\bf1942.exe |
"{E66EA7EF-A997-4348-ABE7-9BFF6F23068A}" = protocol=17 | dir=in | app=h:\jeux\steam\steamapps\common\team fortress 2\hl2.exe |
"{E6F5FD0C-F541-452A-8B91-6AB60D0B09D6}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{E717DEDA-94FA-4C18-865E-4E9725462334}" = protocol=17 | dir=in | app=h:\jeux\steam\steamapps\common\bioshock 2\sp\builds\binaries\bioshock2launcher.exe |
"{E9651A10-C848-4992-A486-06C38384AA7C}" = protocol=6 | dir=in | app=h:\jeux\steam\steamapps\common\trine 2\trine2_launcher.exe |
"{EC1B38E6-7BBC-4B1A-927D-DBB3497C842A}" = protocol=6 | dir=out | app=system |
"{F47748E3-F1D3-4094-86BC-A939E05E79D7}" = protocol=6 | dir=in | app=h:\jeux\steam\steamapps\common\titan quest\titan quest.exe |
"{F47E9638-40DF-4684-B952-C1FF788B5366}" = protocol=17 | dir=in | app=h:\juex\tom clancy's splinter cell blacklist\src\system\gu.exe |
"{F83C50D3-F609-47E3-8CB4-4E0127595237}" = protocol=6 | dir=in | app=h:\program files\origin games\battlefield 3\bf3.exe |
"{FCA5C4CE-FD48-4161-9677-F2056F77BD40}" = dir=out | app=h:\jeux\max payne 3\playmaxpayne3.exe |
"{FD54ACBC-C8C4-4458-9D80-F53D4AEAD97E}" = protocol=17 | dir=in | app=h:\jeux\steam\steamapps\common\command and conquer red alert 3 uprising\ra3ep1.exe |
"{FE12531E-927E-4B0D-B3E8-64FE910600BC}" = protocol=17 | dir=in | app=h:\jeux\steam\steamapps\common\borderlands\binaries\borderlands.exe |
"{FF2B3111-20C9-45B6-8520-118082CC6B26}" = protocol=1 | dir=out | [email protected],-28544 |
"{FF508376-1C05-4F82-9B6F-6CD9EA1ADEC2}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"TCP Query User{12D4652F-0C91-4084-9297-14C68235A062}C:\program files\altap salamander\salamand.exe" = protocol=6 | dir=in | app=c:\program files\altap salamander\salamand.exe |
"TCP Query User{17187409-E12E-44B2-9F55-1B7B7E401B57}C:\program files\utorrent\utorrent.exe" = protocol=6 | dir=in | app=c:\program files\utorrent\utorrent.exe |
"TCP Query User{260208AC-EC3A-4E71-A17E-43AB1E6D99C5}H:\program files\eclipse\eclipse.exe" = protocol=6 | dir=in | app=h:\program files\eclipse\eclipse.exe |
"TCP Query User{2B03D3F0-DA77-4F3F-8043-3FFCD3C6184B}F:\portable python 2.7.5.1\app\python.exe" = protocol=6 | dir=in | app=f:\portable python 2.7.5.1\app\python.exe |
"TCP Query User{34AA2BEA-E853-4395-BF4C-074B9E2AC2D4}C:\program files\videolan\vlc\vlc.exe" = protocol=6 | dir=in | app=c:\program files\videolan\vlc\vlc.exe |
"TCP Query User{351EF315-CD5B-4003-B20A-94AD3A7BEE8A}H:\jeux\assassin's creed iii\ac3sp.exe" = protocol=6 | dir=in | app=h:\jeux\assassin's creed iii\ac3sp.exe |
"TCP Query User{364393CC-029E-4F47-932A-8FE5EA6DC7B1}H:\jeux\far cry 3 blood dragon\bin\fc3_blooddragon.exe" = protocol=6 | dir=in | app=h:\jeux\far cry 3 blood dragon\bin\fc3_blooddragon.exe |
"TCP Query User{62E20918-0CA7-49C6-9044-B6DE20DF3340}C:\program files\utorrent\utorrent.exe" = protocol=6 | dir=in | app=c:\program files\utorrent\utorrent.exe |
"TCP Query User{62E21D19-D89C-4E8F-BBB7-9574F109B4C8}H:\jeux\saints row iv\saintsrowiv.exe" = protocol=6 | dir=in | app=h:\jeux\saints row iv\saintsrowiv.exe |
"TCP Query User{718F73C3-BA71-4D18-BF15-3563C29A155D}H:\jeux\far cry 3 blood dragon\bin\fc3_blooddragon_d3d11.exe" = protocol=6 | dir=in | app=h:\jeux\far cry 3 blood dragon\bin\fc3_blooddragon_d3d11.exe |
"TCP Query User{7C74AD74-1DA3-40D3-967D-EA56DF4B1F55}H:\jeux\guild wars 2\gw2.exe" = protocol=6 | dir=in | app=h:\jeux\guild wars 2\gw2.exe |
"TCP Query User{82538F24-AFF7-4DE9-B429-1E6470673574}H:\d\giteye-1.2.2-windows.x86\giteye.exe" = protocol=6 | dir=in | app=h:\d\giteye-1.2.2-windows.x86\giteye.exe |
"TCP Query User{8B759A47-D16B-4CF2-96DC-8400C12C9B31}H:\jeux\dmc devi may cry\binaries\win32\dmc-devilmaycry.exe" = protocol=6 | dir=in | app=h:\jeux\dmc devi may cry\binaries\win32\dmc-devilmaycry.exe |
"TCP Query User{95B49F26-BB33-4780-8E4B-71D27C86E26B}C:1\portable python 2.7.5.1\app\python.exe" = protocol=6 | dir=in | app=c:1\portable python 2.7.5.1\app\python.exe |
"TCP Query User{A7539F9B-06F6-446B-BFAA-083747FDC34D}H:\jeux\mass effect 3\binaries\win32\masseffect3.exe" = protocol=6 | dir=in | app=h:\jeux\mass effect 3\binaries\win32\masseffect3.exe |
"TCP Query User{C67526C7-EDFC-40F0-BF25-A9701DB9F367}H:\program files\origin games\battlefield bad company 2\bfbc2game.exe" = protocol=6 | dir=in | app=h:\program files\origin games\battlefield bad company 2\bfbc2game.exe |
"TCP Query User{C9DC8557-837D-4FBD-B29A-8B687711C705}H:\jeux\kingdoms of amalur reckoning\reckoning.exe" = protocol=6 | dir=in | app=h:\jeux\kingdoms of amalur reckoning\reckoning.exe |
"TCP Query User{DBA1D183-C8CA-4C64-B0BE-ED6467DCBC5E}H:\program files\python275\python.exe" = protocol=6 | dir=in | app=h:\program files\python275\python.exe |
"TCP Query User{F7BD9B88-9048-4B06-BE50-BC6AD37655E8}H:\jeux\starcraft ii\versions\base24944\sc2.exe" = protocol=6 | dir=in | app=h:\jeux\starcraft ii\versions\base24944\sc2.exe |
"TCP Query User{FC20B032-A7EC-40C9-BBA6-5676E1258D1C}H:\jeux\the witcher 2\bin\witcher2.exe" = protocol=6 | dir=in | app=h:\jeux\the witcher 2\bin\witcher2.exe |
"UDP Query User{0604BA1F-4F65-47CB-8706-4DC6DD7D5BD1}C:1\portable python 2.7.5.1\app\python.exe" = protocol=17 | dir=in | app=c:1\portable python 2.7.5.1\app\python.exe |
"UDP Query User{12C7323A-4896-46C7-8C9C-530CFDF714B9}H:\jeux\dmc devi may cry\binaries\win32\dmc-devilmaycry.exe" = protocol=17 | dir=in | app=h:\jeux\dmc devi may cry\binaries\win32\dmc-devilmaycry.exe |
"UDP Query User{42732067-5908-4EE1-AD57-7E36C06F862E}H:\jeux\kingdoms of amalur reckoning\reckoning.exe" = protocol=17 | dir=in | app=h:\jeux\kingdoms of amalur reckoning\reckoning.exe |
"UDP Query User{4CE2D2A3-6966-4DB8-9657-712C8DC9A079}H:\jeux\mass effect 3\binaries\win32\masseffect3.exe" = protocol=17 | dir=in | app=h:\jeux\mass effect 3\binaries\win32\masseffect3.exe |
"UDP Query User{789A1D5B-7FA4-4EA3-A83D-8A9C373574C4}C:\program files\altap salamander\salamand.exe" = protocol=17 | dir=in | app=c:\program files\altap salamander\salamand.exe |
"UDP Query User{7D927D0F-E6B2-4CB3-BF44-1C26623E77B5}H:\jeux\starcraft ii\versions\base24944\sc2.exe" = protocol=17 | dir=in | app=h:\jeux\starcraft ii\versions\base24944\sc2.exe |
"UDP Query User{8579412C-F1C2-4085-B988-CB8B9531A644}H:\program files\python275\python.exe" = protocol=17 | dir=in | app=h:\program files\python275\python.exe |
"UDP Query User{86D1DB41-F056-44B3-907D-B6915503340A}H:\program files\origin games\battlefield bad company 2\bfbc2game.exe" = protocol=17 | dir=in | app=h:\program files\origin games\battlefield bad company 2\bfbc2game.exe |
"UDP Query User{919D52C4-EF79-44E0-9FCF-38A21FDEBAF6}H:\jeux\far cry 3 blood dragon\bin\fc3_blooddragon.exe" = protocol=17 | dir=in | app=h:\jeux\far cry 3 blood dragon\bin\fc3_blooddragon.exe |
"UDP Query User{94787F88-9D09-45B1-9E6F-80D1B1860D6A}H:\jeux\assassin's creed iii\ac3sp.exe" = protocol=17 | dir=in | app=h:\jeux\assassin's creed iii\ac3sp.exe |
"UDP Query User{9AAA662A-E668-4504-8751-CD6F7740778C}H:\program files\eclipse\eclipse.exe" = protocol=17 | dir=in | app=h:\program files\eclipse\eclipse.exe |
"UDP Query User{9AFA7F89-D81E-4380-99A6-DFED57D257E5}F:\portable python 2.7.5.1\app\python.exe" = protocol=17 | dir=in | app=f:\portable python 2.7.5.1\app\python.exe |
"UDP Query User{ABB655C4-6D9F-44E1-BF6C-76C9AA61D862}H:\jeux\the witcher 2\bin\witcher2.exe" = protocol=17 | dir=in | app=h:\jeux\the witcher 2\bin\witcher2.exe |
"UDP Query User{AC8A910B-BC2B-4F67-8AD5-53FC5F9944C9}H:\jeux\far cry 3 blood dragon\bin\fc3_blooddragon_d3d11.exe" = protocol=17 | dir=in | app=h:\jeux\far cry 3 blood dragon\bin\fc3_blooddragon_d3d11.exe |
"UDP Query User{BC4D2868-3E9B-49A9-8A85-D598343E5F50}C:\program files\utorrent\utorrent.exe" = protocol=17 | dir=in | app=c:\program files\utorrent\utorrent.exe |
"UDP Query User{C1727700-9F90-4798-9674-7B39E0F8559D}C:\program files\videolan\vlc\vlc.exe" = protocol=17 | dir=in | app=c:\program files\videolan\vlc\vlc.exe |
"UDP Query User{CE39107E-E814-489F-82A0-547C2BCE268C}H:\d\giteye-1.2.2-windows.x86\giteye.exe" = protocol=17 | dir=in | app=h:\d\giteye-1.2.2-windows.x86\giteye.exe |
"UDP Query User{DC843BC1-9509-4C3F-9CF8-96B194D7EE15}H:\jeux\saints row iv\saintsrowiv.exe" = protocol=17 | dir=in | app=h:\jeux\saints row iv\saintsrowiv.exe |
"UDP Query User{ECE3DB8A-1B85-46AF-BDDE-0B768842F27D}H:\jeux\guild wars 2\gw2.exe" = protocol=17 | dir=in | app=h:\jeux\guild wars 2\gw2.exe |
"UDP Query User{F5344636-980D-40AD-BA50-AE15DDABB28F}C:\program files\utorrent\utorrent.exe" = protocol=17 | dir=in | app=c:\program files\utorrent\utorrent.exe |

========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0A0CADCF-78DA-33C4-A350-CD51849B9702}" = Microsoft .NET Framework 4 Extended
"{15C9BD50-860B-4A2D-A3B1-18C79D6779A0}" = AMD Drag and Drop Transcoding
"{171DC7CE-1F54-0669-709F-78A9969B6709}" = AMD Fuel
"{19A492A0-888F-44A0-9B21-D91700763F62}" = Catalyst Control Center - Branding
"{26A24AE4-039D-4CA4-87B4-2F83217021FF}" = Java 7 Update 25
"{2A168DCB-EC12-C3D6-AC15-F276B3ED5165}" = AMD Media Foundation Decoders
"{2E2253E9-3EAD-D9DF-EDCA-A893551EB081}" = AMD Catalyst Install Manager
"{3AC8457C-0385-4BEA-A959-E095F05D6D67}" = Battlefield: Bad Company 2
"{3B2A7E23-AC7E-46BB-B725-65C555F8FFC5}" = Oracle VM VirtualBox 4.2.16
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{45C9DB7E-0C2D-FEB9-6191-3ED32ADC077F}" = ccc-utility
"{476CD9DE-C45F-4443-BFA7-E51C58B7E455}" = Populous
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{5BE7BD06-512B-43bf-AD78-3BD2A5F5F7B3}" = Battlefield 1942
"{5C9885BC-AE82-3E65-A77F-F5F0AFA1581E}" = Catalyst Control Center InstallProxy
"{617B349B-B3EF-DEA0-B862-AB7860AD8283}" = CCC Help English
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{72EF03F5-0507-4861-9A44-D99FD4C41417}" = Paint.NET v3.5.11
"{76285C16-411A-488A-BCE3-C83CB933D8CF}" = Battlefield 3
"{9530AE42-DAE1-4619-9594-B23487285D17}" = NVIDIA PhysX
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{A25FF1C0-80B6-4B8B-A551-DC525697A408}" = AMD APP SDK Runtime
"{A6356F2F-D3E1-4D83-9AA2-72871DD0C298}" = Tom Clancy's Splinter Cell Blacklist
"{D4329609-4102-4F8C-B83F-7FE024EEA314}" = Dead Space 3
"{D69C8EDE-BBC5-436B-8E0E-C5A6D311CF4F}" = Microsoft XNA Framework Redistributable 4.0 Refresh
"{DBDD570E-0952-475f-9453-AB88F3DD5659}" = Python 2.7.5
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
"{F9A07813-F6A5-4B47-D833-13740767E04B}" = AMD VISION Engine Control Center
"{FAA1581E-2C88-6910-BA69-447D63E8EF12}" = Catalyst Control Center Graphics Previews Common
"7-Zip" = 7-Zip 9.20
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"Altap Salamander 2.54" = Altap Salamander 2.54
"Altap Salamander 3.0 beta 3 (x86)" = Altap Salamander 3.0 beta 3 (x86)
"avast" = avast! Free Antivirus
"Battlelog Web Plugins" = Battlelog Web Plugins
"ESN Sonar-0.70.4" = ESN Sonar
"FileZilla Client" = FileZilla Client 3.7.3
"FreeCommander XE_is1" = FreeCommander XE
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware version 1.75.0.1300
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Extended" = Microsoft .NET Framework 4 Extended
"Miranda IM" = Miranda IM 0.10.17
"Notepad++" = Notepad++
"numpy-py2.7" = Python 2.7 numpy-1.7.1
"Origin" = Origin
"Pillow-py2.7" = Python 2.7 Pillow-2.1.0
"PIL-py2.7" = Python 2.7 PIL-1.1.7
"Pinball FX2_is1" = Pinball FX2
"Pingus" = Pingus
"pip-py2.7" = Python 2.7 pip-1.3.1
"PunkBusterSvc" = PunkBuster Services
"py2exe-py2.7" = Python 2.7 py2exe-0.6.10dev
"pygame-py2.7" = Python 2.7 pygame-1.9.2pre
"pyglet-py2.7" = Python 2.7 pyglet-1.2alpha1
"PyOpenGL-accelerate-py2.7" = Python 2.7 PyOpenGL-accelerate-3.0.2
"PyScripter_is1" = PyScripter 2.5.3
"Rockstar Games Social Club" = Rockstar Games Social Club
"setuptools-py2.7" = Python 2.7 setuptools-0.7.4
"Skullgirls_is1" = Skullgirls
"SmartGit/Hg 4.6_is1" = SmartGit/Hg 4.6.1
"smc.freeimage-py2.7" = Python 2.7 smc.freeimage-0.3dev
"STDU Viewer_is1" = STDU Viewer version 1.6.206.0
"Steam App 17410" = Mirror's Edge
"Steam App 17470" = Dead Space
"Steam App 207230" = Archeblade
"Steam App 24740" = Burnout Paradise: The Ultimate Box
"Steam App 24800" = Command and Conquer: Red Alert 3 - Uprising
"Steam App 47830" = Medal of Honor™ Multiplayer
"Steam App 8930" = Sid Meier's Civilization V
"SugarSync" = SugarSync
"U2FpbnRzUm93SVY=_is1" = Saints Row IV Update and DLC pack
"Uplay" = Uplay
"VLC media player" = VLC media player 2.0.8
"XnView_is1" = XnView 2.03

========== HKEY_CURRENT_USER Uninstall List ==========

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"uTorrent" = Torrent

========== Last 20 Event Log Errors ==========

[ Application Events ]
Error - 18/10/2013 12:11:49 | Computer Name = Lusky-PC | Source = WinMgmt | ID = 10
Description =

Error - 19/10/2013 05:29:57 | Computer Name = Lusky-PC | Source = WinMgmt | ID = 10
Description =

Error - 19/10/2013 05:51:38 | Computer Name = Lusky-PC | Source = WinMgmt | ID = 10
Description =

Error - 19/10/2013 05:58:43 | Computer Name = Lusky-PC | Source = WinMgmt | ID = 10
Description =

Error - 19/10/2013 06:05:26 | Computer Name = Lusky-PC | Source = Application Error | ID = 1000
Description = Nom de lapplication dfaillante VirtualBox.exe, version : 4.2.16.0,
horodatage : 0x51d588dc Nom du module dfaillant : unknown, version : 0.0.0.0, horodatage
: 0x00000000 Code dexception : 0xc0000005 Dcalage derreur : 0x43e8e042 ID du processus
dfaillant : 0x864 Heure de dbut de lapplication dfaillante : 0x01ceccb1f3fe2580
Chemin
daccs de lapplication dfaillante : H:\Program Files\Oracle\VirtualBox\VirtualBox.exe
Chemin
daccs du module dfaillant: unknown ID de rapport : f9459c98-38a5-11e3-8eed-0016178f0c8e

Error - 19/10/2013 09:40:37 | Computer Name = Lusky-PC | Source = SideBySide | ID = 16842785
Description = La cration du contexte dactivation a chou pour h:\program files\smartgithg
4.6\bin\smartgithg64.exe. Assembly dpendant Microsoft.Windows.Common-Controls,language="&#x2a;",processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0"
introuvable. Utilisez sxstrace.exe pour un diagnostic dtaill.

Error - 19/10/2013 09:40:37 | Computer Name = Lusky-PC | Source = SideBySide | ID = 16842785
Description = La cration du contexte dactivation a chou pour h:\program files\smartgithg
4.6\bin\smartgithgc64.exe. Assembly dpendant Microsoft.Windows.Common-Controls,language="&#x2a;",processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0"
introuvable. Utilisez sxstrace.exe pour un diagnostic dtaill.

Error - 19/10/2013 12:03:34 | Computer Name = Lusky-PC | Source = WinMgmt | ID = 10
Description =

Error - 19/10/2013 13:09:43 | Computer Name = Lusky-PC | Source = Application Error | ID = 1000
Description = Nom de lapplication dfaillante salamand.exe, version : 2.5.4.69,
horodatage : 0x4c7f58e7 Nom du module dfaillant : SugarSyncVFSNamespace32.dll_unloaded,
version : 0.0.0.0, horodatage : 0x52461c69 Code dexception : 0xc0000005 Dcalage
derreur : 0x62543126 ID du processus dfaillant : 0xff0 Heure de dbut de lapplication
dfaillante : 0x01cecce5021df590 Chemin daccs de lapplication dfaillante : C:\Program
Files\Altap Salamander\salamand.exe Chemin daccs du module dfaillant: SugarSyncVFSNamespace32.dll
ID
de rapport : 3ee03160-38e1-11e3-96cd-0016178f0c8e

Error - 19/10/2013 13:52:34 | Computer Name = Lusky-PC | Source = Application Error | ID = 1000
Description = Nom de lapplication dfaillante salamand.exe, version : 2.5.4.69,
horodatage : 0x4c7f58e7 Nom du module dfaillant : SugarSyncVFSNamespace32.dll_unloaded,
version : 0.0.0.0, horodatage : 0x52461c69 Code dexception : 0xc0000005 Dcalage
derreur : 0x66823126 ID du processus dfaillant : 0x458 Heure de dbut de lapplication
dfaillante : 0x01ceccee0abde940 Chemin daccs de lapplication dfaillante : C:\Program
Files\Altap Salamander\salamand.exe Chemin daccs du module dfaillant: SugarSyncVFSNamespace32.dll
ID
de rapport : 3b88e150-38e7-11e3-96cd-0016178f0c8e

Error - 19/10/2013 17:36:36 | Computer Name = Lusky-PC | Source = Application Error | ID = 1000
Description = Nom de lapplication dfaillante VirtualBox.exe, version : 4.2.16.0,
horodatage : 0x51d588dc Nom du module dfaillant : unknown, version : 0.0.0.0, horodatage
: 0x00000000 Code dexception : 0xc0000005 Dcalage derreur : 0x43948042 ID du processus
dfaillant : 0x5a8 Heure de dbut de lapplication dfaillante : 0x01cecd1336874330
Chemin
daccs de lapplication dfaillante : H:\Program Files\Oracle\VirtualBox\VirtualBox.exe
Chemin
daccs du module dfaillant: unknown ID de rapport : 879d6cb8-3906-11e3-96cd-0016178f0c8e

Error - 20/10/2013 04:54:54 | Computer Name = Lusky-PC | Source = WinMgmt | ID = 10
Description =

[ System Events ]
Error - 19/10/2013 12:01:08 | Computer Name = Lusky-PC | Source = Ntfs | ID = 262281
Description = Le gestionnaire des ressources de la transaction par dfaut sur le
volume C: a rencontr une erreur non renouvelable et na pas pu dmarrer. Les donnes
contiennent le code de lerreur.

Error - 19/10/2013 16:24:53 | Computer Name = Lusky-PC | Source = Service Control Manager | ID = 7030
Description = Le service PEVSystemStart est marqu comme tant interactif. Cependant,
le systme est configur pour ne pas autoriser les services interactifs. Ce service
peut ne pas fonctionner correctement.

Error - 19/10/2013 16:30:04 | Computer Name = Lusky-PC | Source = Service Control Manager | ID = 7030
Description = Le service PEVSystemStart est marqu comme tant interactif. Cependant,
le systme est configur pour ne pas autoriser les services interactifs. Ce service
peut ne pas fonctionner correctement.

Error - 19/10/2013 16:34:28 | Computer Name = Lusky-PC | Source = Service Control Manager | ID = 7030
Description = Le service PEVSystemStart est marqu comme tant interactif. Cependant,
le systme est configur pour ne pas autoriser les services interactifs. Ce service
peut ne pas fonctionner correctement.

Error - 19/10/2013 16:57:04 | Computer Name = Lusky-PC | Source = Service Control Manager | ID = 7030
Description = Le service PEVSystemStart est marqu comme tant interactif. Cependant,
le systme est configur pour ne pas autoriser les services interactifs. Ce service
peut ne pas fonctionner correctement.

Error - 19/10/2013 17:00:43 | Computer Name = Lusky-PC | Source = Service Control Manager | ID = 7030
Description = Le service PEVSystemStart est marqu comme tant interactif. Cependant,
le systme est configur pour ne pas autoriser les services interactifs. Ce service
peut ne pas fonctionner correctement.

Error - 19/10/2013 17:04:19 | Computer Name = Lusky-PC | Source = Service Control Manager | ID = 7030
Description = Le service PEVSystemStart est marqu comme tant interactif. Cependant,
le systme est configur pour ne pas autoriser les services interactifs. Ce service
peut ne pas fonctionner correctement.

Error - 19/10/2013 19:18:39 | Computer Name = Lusky-PC | Source = Ntfs | ID = 262281
Description = Le gestionnaire des ressources de la transaction par dfaut sur le
volume 200Go a rencontr une erreur non renouvelable et na pas pu dmarrer. Les
donnes contiennent le code de lerreur.

Error - 19/10/2013 19:21:49 | Computer Name = Lusky-PC | Source = volsnap | ID = 393230
Description = Les clichs instantans C: ont t annuls cause dune dfaillance
dE/S sur le volume C:.

Error - 20/10/2013 04:51:03 | Computer Name = Lusky-PC | Source = Ntfs | ID = 262281
Description = Le gestionnaire des ressources de la transaction par dfaut sur le
volume C: a rencontr une erreur non renouvelable et na pas pu dmarrer. Les donnes
contiennent le code de lerreur.


< End of report >
  • 0

#4
Valinorum

Valinorum

    GeekU Guardian Bot

  • GeekU Moderator
  • 2,909 posts
Also the Combofix log located in C:\Combofix.txt
  • 0

#5
Lusky

Lusky

    Member

  • Topic Starter
  • Member
  • PipPip
  • 17 posts
Here is the Combofix.txt file :

ComboFix 13-10-19.02 - Lusky 19/10/2013 22:57:11.5.2 - x86
Microsoft Windows7 dition Intgrale 6.1.7601.1.1252.33.1036.18.2047.958 [GMT 2:00]
Lanc depuis: h:\d\ComboFix.exe
AV: avast! Antivirus *Disabled/Updated* {2B2D1395-420B-D5C9-657E-930FE358FC3C}
SP: avast! Antivirus *Disabled/Updated* {904CF271-6431-DA47-5FCE-A87D98DFB681}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((( Fichiers crs du 2013-09-19 au 2013-10-19 ))))))))))))))))))))))))))))))))))))
.
.
2013-10-19 21:04 . 2013-10-19 21:04 -------- d-----w- c:\users\Public\AppData\Local\temp
2013-10-19 21:04 . 2013-10-19 21:04 -------- d-----w- c:\users\Default\AppData\Local\temp
2013-10-14 20:49 . 2013-10-14 20:52 -------- d-----w- c:\users\Lusky\AppData\Roaming\Pingus
2013-10-13 14:03 . 2013-10-13 14:03 -------- d-----w- c:\users\Lusky\AppData\Local\Altap
2013-10-11 19:22 . 2013-10-11 19:22 -------- d-----w- c:\users\Lusky\AppData\Local\My Games
2013-10-10 19:22 . 2013-09-05 05:02 7328304 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{C36AB9FB-DF66-4FF8-AEFD-9CE2B8F2B845}\mpengine.dll
2013-10-08 07:07 . 2013-10-08 07:07 -------- d-----w- c:\users\Lusky\AppData\Roaming\Altap
2013-10-07 16:34 . 2013-10-08 15:59 -------- d-----w- c:\users\Lusky\AppData\Local\SugarSync
2013-10-07 16:34 . 2013-01-30 11:12 225024 ----a-w- c:\windows\system32\SSCbFsNetRdr3.dll
2013-10-07 16:34 . 2013-01-30 11:12 159488 ----a-w- c:\windows\system32\SSCbFsMntNtf3.dll
2013-10-07 16:33 . 2013-01-30 11:11 295936 ----a-w- c:\windows\system32\drivers\sscbfs3.sys
2013-10-07 16:32 . 2013-10-07 16:34 -------- d-----w- c:\program files\SugarSync
2013-10-06 19:50 . 2013-10-18 17:00 -------- d-----w- c:\users\Lusky\AppData\Local\Paint.NET
2013-10-05 16:49 . 2013-10-05 17:16 -------- d-----w- c:\users\Lusky\AppData\Roaming\Bioshock2Steam
2013-10-03 22:30 . 2013-10-19 10:05 -------- d-----w- c:\users\Lusky\AppData\Local\CrashDumps
2013-10-02 18:33 . 2013-10-02 19:11 -------- d-----w- c:\users\Lusky\AppData\Local\DOSBox
2013-10-02 15:54 . 2013-10-02 15:54 -------- d-----w- c:\users\Lusky\AppData\Roaming\ScummVM
2013-09-28 18:46 . 2013-09-28 18:46 -------- d-----w- c:\users\Lusky\AppData\Local\EA Games
2013-09-27 20:16 . 2013-09-27 20:16 -------- d-----w- c:\users\Lusky\AppData\Local\Chromium
2013-09-27 20:14 . 2013-09-27 20:14 -------- d-----w- c:\program files\Rockstar Games
2013-09-25 21:09 . 2013-09-25 21:09 -------- d-----w- c:\users\Lusky\AppData\Local\IdeoSi
2013-09-23 21:04 . 2013-09-23 21:04 -------- d-----w- c:\users\Lusky\AppData\Local\Electronic Arts
.
.
.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2013-10-11 06:37 . 2013-06-17 13:09 71048 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2013-10-11 06:37 . 2013-06-17 13:09 692616 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2013-09-22 21:05 . 2013-08-31 21:13 139032 ----a-w- c:\windows\system32\drivers\PnkBstrK.sys
2013-09-22 21:04 . 2013-08-31 21:14 290184 ----a-w- c:\windows\system32\PnkBstrB.xtr
2013-09-22 21:04 . 2013-08-31 20:54 290184 ----a-w- c:\windows\system32\PnkBstrB.exe
2013-09-12 20:43 . 2013-08-31 20:54 290184 ----a-w- c:\windows\system32\PnkBstrB.ex0
2013-09-01 09:37 . 2013-08-29 17:26 138056 ----a-w- c:\users\Lusky\AppData\Roaming\PnkBstrK.sys
2013-08-31 21:14 . 2013-08-31 20:44 76888 ----a-w- c:\windows\system32\PnkBstrA.exe
2013-08-28 16:42 . 2013-08-31 20:36 2601752 ----a-w- c:\windows\system32\pbsvc_moh.exe
2013-08-07 02:22 . 2013-06-17 12:43 238872 ------w- c:\windows\system32\MpSigStub.exe
2013-07-25 08:57 . 2013-09-15 20:07 1620992 ----a-w- c:\windows\system32\WMVDECOD.DLL
.
.
((((((((((((((((((((((((((((((((( Points de chargement Reg ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* les lments vides & les lments initiaux lgitimes ne sont pas lists
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
@="{472083B0-C522-11CF-8763-00608CC02F24}"
[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
2013-05-01 23:33 121968 ----a-w- c:\program files\AVAST Software\Avast\ashShell.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\EldosIconOverlay]
@="{69925D1B-6A0F-4413-861A-81AB98039DB9}"
[HKEY_CLASSES_ROOT\CLSID\{69925D1B-6A0F-4413-861A-81AB98039DB9}]
2013-01-30 11:12 159488 ----a-w- c:\windows\System32\SSCbFsMntNtf3.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\SugarSyncBackedUp]
@="{0C4A258A-3F3B-4FFF-80A7-9B3BEC139472}"
[HKEY_CLASSES_ROOT\CLSID\{0C4A258A-3F3B-4FFF-80A7-9B3BEC139472}]
2013-09-28 00:01 2090848 ----a-w- c:\program files\SugarSync\SugarSyncShellExt.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\SugarSyncPending]
@="{62CCD8E3-9C21-41E1-B55E-1E26DFC68511}"
[HKEY_CLASSES_ROOT\CLSID\{62CCD8E3-9C21-41E1-B55E-1E26DFC68511}]
2013-09-28 00:01 2090848 ----a-w- c:\program files\SugarSync\SugarSyncShellExt.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\SugarSyncRoot]
@="{39D54CC2-69CF-43b4-B167-577D25E7F496}"
[HKEY_CLASSES_ROOT\CLSID\{39D54CC2-69CF-43b4-B167-577D25E7F496}]
2013-09-28 00:01 2090848 ----a-w- c:\program files\SugarSync\SugarSyncShellExt.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\SugarSyncShared]
@="{1574C9EF-7D58-488F-B358-8B78C1538F51}"
[HKEY_CLASSES_ROOT\CLSID\{1574C9EF-7D58-488F-B358-8B78C1538F51}]
2013-09-28 00:01 2090848 ----a-w- c:\program files\SugarSync\SugarSyncShellExt.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\SugarSyncSharedPending]
@="{F7395C2E-A5D8-4a32-9536-5C6A9F1DC450}"
[HKEY_CLASSES_ROOT\CLSID\{F7395C2E-A5D8-4a32-9536-5C6A9F1DC450}]
2013-09-28 00:01 2090848 ----a-w- c:\program files\SugarSync\SugarSyncShellExt.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"avast"="c:\program files\AVAST Software\Avast\avastUI.exe" [2013-05-01 4858456]
"StartCCC"="c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2011-10-12 343168]
.
c:\users\Lusky\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
miranda32.lnk - h:\program files\Miranda IM Fr\miranda32.exe [2013-9-11 829524]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\SharedTaskScheduler]
"{C28617FD-4FE7-4043-AD51-C8132CE90106}"= "c:\windows\system32\SSCbFsMntNtf3.dll" [2013-01-30 159488]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
"EldosMountNotificator"= {C28617FD-4FE7-4043-AD51-C8132CE90106} - c:\windows\system32\SSCbFsMntNtf3.dll [2013-01-30 159488]
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
2013-03-12 05:32 253816 ----a-w- c:\program files\Common Files\Java\Java Update\jusched.exe
.
R3 apf003;apf003;c:\windows\system32\apf003.sys [2013-06-17 13232]
R3 dmvsc;dmvsc;c:\windows\system32\drivers\dmvsc.sys [2010-11-20 62464]
R3 PROCEXP151;PROCEXP151;c:\windows\system32\Drivers\PROCEXP151.SYS [x]
R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys [2010-11-20 15872]
R3 Synth3dVsc;Synth3dVsc;c:\windows\system32\drivers\synth3dvsc.sys [2010-11-20 77184]
R3 terminpt;Microsoft Remote Desktop Input Driver;c:\windows\system32\drivers\terminpt.sys [2010-11-20 25600]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-20 52224]
R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys [2010-11-20 27264]
R3 tsusbhub;tsusbhub;c:\windows\system32\drivers\tsusbhub.sys [2010-11-20 112640]
R3 VGPU;VGPU;c:\windows\system32\drivers\rdvgkmd.sys [x]
R3 XDva401;XDva401;c:\windows\system32\XDva401.sys [x]
S0 aswRvrt;aswRvrt; [x]
S0 aswVmm;aswVmm; [x]
S0 sptd;sptd;c:\windows\System32\Drivers\sptd.sys [2013-06-17 691696]
S1 aswSnx;aswSnx; [x]
S1 aswSP;aswSP; [x]
S1 VBoxDrv;VirtualBox Service;c:\windows\system32\DRIVERS\VBoxDrv.sys [2013-07-04 188176]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [2011-10-12 176128]
S2 AMD FUEL Service;AMD FUEL Service;c:\program files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [2011-10-12 291840]
S2 aswFsBlk;aswFsBlk; [x]
S2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [2013-05-01 66336]
S3 amdiox86;AMD IO Driver;c:\windows\system32\DRIVERS\amdiox86.sys [2010-02-18 37944]
S3 AtiHDAudioService;AMD Function Driver for HD Audio Service;c:\windows\system32\drivers\AtihdW73.sys [2011-06-06 211984]
S3 SSCBFS3;SugarSync CallBack File System driver v3;c:\windows\system32\DRIVERS\sscbfs3.sys [2013-01-30 295936]
.
.
.
------- Examen supplmentaire -------
.
uStart Page = hxxp://www.google.fr/
TCP: DhcpNameServer = 212.27.40.240 212.27.40.241
.
.
------- Associations de fichier -------
.
.scr=SageThumbsImage.scr
.
.
--------------------- CLES DE REGISTRE BLOQUEES ---------------------
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
--------------------- DLLs charges dans les processus actifs ---------------------
.
- - - - - - - > 'Explorer.exe'(1248)
c:\windows\system32\SSCbFsMntNtf3.dll
.
Heure de fin: 2013-10-19 23:05:25
ComboFix-quarantined-files.txt 2013-10-19 21:05
ComboFix2.txt 2013-10-19 20:36
ComboFix3.txt 2013-10-19 10:48
ComboFix4.txt 2013-09-07 13:46
ComboFix5.txt 2013-10-19 20:56
.
Avant-CF: 112277426176 octets libres
Aprs-CF: 112238391296 octets libres
.
- - End Of File - - E874786027915171DD60345D537BFE22
A36C5E4F47E84449FF07ED3517B43A31
  • 0

#6
Valinorum

Valinorum

    GeekU Guardian Bot

  • GeekU Moderator
  • 2,909 posts
Hi Lusky, :)

Sorry for the delay. I was busy with my university and classes.

  • Step #1 Uninstall Programs
    I want you to uninstall the following program(s) listed below due to poor reputation we receive about them. To uninstall a program, go to Start > Control Panel > Uninstall a program or Start > Control Panel > Programs and Features. Wait for the list to fill up and double-click on the items I have listed below and follow the on-screen instruction to remove/uninstall them.

  • PunkBuster Services

 

  • Step #2

    Click on Start.
    Type cmd in the search box.
    Right click on cmd and choose Run as Administrator
    Type sfc /scannow in the command promt.
    Note: The space between c and / is required
The scan will take some time. Let it finish.

 

  • Step #3 Scan with Rogue Killer
    • Download Rogue Killer from one of the suitable links below to your Desktop. Since you are running a 64bit system, choose the second link. :)

      Download link for 32 bit system
    Download link for 64 bit system
  • Let the pre-scan finish. After that click on Scan;
  • The scan won't take long;
  • A log has been created on your Desktop;
  • Copy and paste the content of the log in your next reply.

 

  • Required Log(s):
  • Rogue Killer Log.

Regards,
Valinorum
  • 0

#7
Lusky

Lusky

    Member

  • Topic Starter
  • Member
  • PipPip
  • 17 posts
Punkbuster removed.
Sfc run with no error founds.

So the rogue killer log:


RogueKiller V8.7.5 [Oct 22 2013] par Tigzy
mail : tigzyRK<at>gmail<dot>com
Remontees : http://www.adlice.com/forum/
Site Web : http://www.sur-la-to...om/RogueKiller/
Blog : http://tigzyrk.blogspot.com/

Systeme d'exploitation : Windows 7 (6.1.7601 Service Pack 1) 32 bits version
Demarrage : Mode normal
Utilisateur : Lusky [Droits d'admin]
Mode : Recherche -- Date : 10/22/2013 18:23:44
| ARK || FAK || MBR |

Processus malicieux : 0

Entrees de registre : 3
[HJ POL][PUM] HKLM\[...]\System : DisableRegistryTools (0) -> TROUV?
[HJ DESK][PUM] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> TROUV?
[HJ DESK][PUM] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> TROUV?

Tches planifi?es : 0

Entr?es Startup : 0

Navigateurs web : 0

Fichiers / Dossiers particuliers:

Driver : [CHARGE]
[Address] IRP[IRP_MJ_CREATE] : C:\Windows\System32\drivers\partmgr.sys -> HOOKED (Unknown @ 0x84A741F8)
[Address] IRP[IRP_MJ_CLOSE] : C:\Windows\System32\drivers\partmgr.sys -> HOOKED (Unknown @ 0x84A741F8)
[Address] IRP[IRP_MJ_DEVICE_CONTROL] : C:\Windows\System32\drivers\partmgr.sys -> HOOKED (Unknown @ 0x84A741F8)
[Address] IRP[IRP_MJ_INTERNAL_DEVICE_CONTROL] : C:\Windows\System32\drivers\partmgr.sys -> HOOKED (Unknown @ 0x84A741F8)
[Address] IRP[IRP_MJ_POWER] : C:\Windows\System32\drivers\partmgr.sys -> HOOKED (Unknown @ 0x84A741F8)
[Address] IRP[IRP_MJ_SYSTEM_CONTROL] : C:\Windows\System32\drivers\partmgr.sys -> HOOKED (Unknown @ 0x84A741F8)
[Address] IRP[IRP_MJ_PNP] : C:\Windows\System32\drivers\partmgr.sys -> HOOKED (Unknown @ 0x84A741F8)

Ruches Externes:
-> E:\windows\system32\config\SYSTEM | DRVINFO [Drv - E:] | SYSTEMINFO [Sys - C:] [Sys32 - FOUND] | USERINFO [Startup - FOUND]
-> E:\windows\system32\config\SOFTWARE | DRVINFO [Drv - E:] | SYSTEMINFO [Sys - C:] [Sys32 - FOUND] | USERINFO [Startup - FOUND]
-> E:\windows\system32\config\SECURITY | DRVINFO [Drv - E:] | SYSTEMINFO [Sys - C:] [Sys32 - FOUND] | USERINFO [Startup - FOUND]
-> E:\windows\system32\config\SAM | DRVINFO [Drv - E:] | SYSTEMINFO [Sys - C:] [Sys32 - FOUND] | USERINFO [Startup - FOUND]
-> E:\windows\system32\config\DEFAULT | DRVINFO [Drv - E:] | SYSTEMINFO [Sys - C:] [Sys32 - FOUND] | USERINFO [Startup - FOUND]
-> E:\Documents and Settings\Default User.WINDOWS\NTUSER.DAT | DRVINFO [Drv - E:] | SYSTEMINFO [Sys - C:] [Sys32 - FOUND] | USERINFO [Startup - FOUND]
-> E:\Documents and Settings\Default User.WINDOWS.0\NTUSER.DAT | DRVINFO [Drv - E:] | SYSTEMINFO [Sys - C:] [Sys32 - FOUND] | USERINFO [Startup - FOUND]
-> E:\Documents and Settings\LocalService\NTUSER.DAT | DRVINFO [Drv - E:] | SYSTEMINFO [Sys - C:] [Sys32 - FOUND] | USERINFO [Startup - FOUND]
-> E:\Documents and Settings\LocalService.AUTORITE NT\NTUSER.DAT | DRVINFO [Drv - E:] | SYSTEMINFO [Sys - C:] [Sys32 - FOUND] | USERINFO [Startup - FOUND]
-> E:\Documents and Settings\Lusky\NTUSER.DAT | DRVINFO [Drv - E:] | SYSTEMINFO [Sys - C:] [Sys32 - FOUND] | USERINFO [Startup - FOUND]
-> E:\Documents and Settings\Lusky.MAISON-A30A2F2A\NTUSER.DAT | DRVINFO [Drv - E:] | SYSTEMINFO [Sys - C:] [Sys32 - FOUND] | USERINFO [Startup - FOUND]
-> E:\Documents and Settings\NetworkService\NTUSER.DAT | DRVINFO [Drv - E:] | SYSTEMINFO [Sys - C:] [Sys32 - FOUND] | USERINFO [Startup - FOUND]
-> E:\Documents and Settings\NetworkService.AUTORITE NT\NTUSER.DAT | DRVINFO [Drv - E:] | SYSTEMINFO [Sys - C:] [Sys32 - FOUND] | USERINFO [Startup - FOUND]

Infection :

Fichier HOSTS:
--> %SystemRoot%\System32\drivers\etc\hosts




MBR Verif:

+++++ PhysicalDrive0: (\\.\PHYSICALDRIVE0 @ SCSI) ST2000DL 003-9VT166 SCSI Disk Device +++++
--- User ---
[MBR] a4a7b30fe053aed4983c685cdf1e8098
[BSP] f45a61ac8f023ea83cdd7ff492c72397 : Windows 7/8 MBR Code
Partition table:
0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 63 | Size: 204797 Mo
1 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 419425020 | Size: 1702929 Mo
User = LL1 ... OK!
Error reading LL2 MBR!

+++++ PhysicalDrive1: (\\.\PHYSICALDRIVE1 @ SCSI) WDC WD50 00AACS-00G8B SCSI Disk Device +++++
--- User ---
[MBR] 7c25432f45a6b8b7389e28c93237a26d
[BSP] c84cddcbb37dc9126b7823279b97e9be : Windows XP MBR Code
Partition table:
0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 63 | Size: 476938 Mo
User = LL1 ... OK!
Error reading LL2 MBR!

Termine : << RKreport[0]_S_10222013_182344.txt >>
  • 0

#8
Valinorum

Valinorum

    GeekU Guardian Bot

  • GeekU Moderator
  • 2,909 posts
Hi Lusky, :)

  • Step #4 Fix with RogueKiller
    Download link for 64 bit system
  • Let the pre-scan finish. After that click on Scan and wait for the scan to finish;
  • Click on Delete;
  • Now again click on Scan and wait for the scan to finish;
  • Click on Report and a log file will open;
  • Copy and paste the whole content of that report in your next reply.

  • Required Log(s):
  • Rogue Killer report.

Regards,
Valinorum
[/list][/list]
  • 0

#9
Lusky

Lusky

    Member

  • Topic Starter
  • Member
  • PipPip
  • 17 posts
Delete done, the 3 registry entries have disappeared:


RogueKiller V8.7.5 [Oct 22 2013] par Tigzy
mail : tigzyRK<at>gmail<dot>com
Remontees : http://www.adlice.com/forum/
Site Web : http://www.sur-la-to...om/RogueKiller/
Blog : http://tigzyrk.blogspot.com/

Systeme d'exploitation : Windows 7 (6.1.7601 Service Pack 1) 32 bits version
Demarrage : Mode normal
Utilisateur : Lusky [Droits d'admin]
Mode : Recherche -- Date : 10/23/2013 19:28:44
| ARK || FAK || MBR |

Processus malicieux : 0

Entrees de registre : 0

Tches planifies : 0

Entres Startup : 0

Navigateurs web : 0

Fichiers / Dossiers particuliers:

Driver : [CHARGE]
[Inline] EAT @explorer.exe ([email protected]@@[email protected]) : DUI70.dll -> HOOKED (Unknown @ 0x59AA8CF2)
[Inline] EAT @explorer.exe ([email protected]@@[email protected]@@) : DUI70.dll -> HOOKED (Unknown @ 0x5C06B9BE)
[Inline] EAT @explorer.exe ([email protected]@@[email protected]@@) : DUI70.dll -> HOOKED (Unknown @ 0x59BECFC2)
[Inline] EAT @explorer.exe ([email protected]@@[email protected]) : DUI70.dll -> HOOKED (Unknown @ 0x59BEEE02)
[Inline] EAT @explorer.exe ([email protected]@@[email protected]) : DUI70.dll -> HOOKED (Unknown @ 0x59AA8CB2)
[Inline] EAT @explorer.exe ([email protected]@@[email protected]) : DUI70.dll -> HOOKED (Unknown @ 0x59BEEE56)
[Inline] EAT @explorer.exe ([email protected]@@[email protected]) : DUI70.dll -> HOOKED (Unknown @ 0x59BEEC62)
[Inline] EAT @explorer.exe ([email protected]@@[email protected]@@) : DUI70.dll -> HOOKED (Unknown @ 0x5C065E72)
[Inline] EAT @explorer.exe ([email protected]@@[email protected]@@) : DUI70.dll -> HOOKED (Unknown @ 0x59BECF76)
[Inline] EAT @explorer.exe ([email protected]@@[email protected]) : DUI70.dll -> HOOKED (Unknown @ 0x59AA8C4A)
[Inline] EAT @explorer.exe ([email protected]@@[email protected]) : DUI70.dll -> HOOKED (Unknown @ 0x59BEEEA2)
[Inline] EAT @explorer.exe ([email protected]@@[email protected]@@) : DUI70.dll -> HOOKED (Unknown @ 0x5C077072)
[Inline] EAT @explorer.exe ([email protected]@@[email protected]@@) : DUI70.dll -> HOOKED (Unknown @ 0x59BED076)
[Inline] EAT @explorer.exe ([email protected]@@[email protected]@@) : DUI70.dll -> HOOKED (Unknown @ 0x5C071512)
[Inline] EAT @explorer.exe ([email protected]@@[email protected]@@) : DUI70.dll -> HOOKED (Unknown @ 0x5BEB9D92)
[Inline] EAT @explorer.exe ([email protected]@@[email protected]) : DUI70.dll -> HOOKED (Unknown @ 0x59BEEFC6)
[Inline] EAT @firefox.exe ([email protected]@@[email protected]@V?$[email protected]@@@[email protected]@[email protected][email protected]@@Z) : mozjs.dll -> HOOKED (C:\Program Files\AVAST Software\Avast\aswJsFlt.dll @ 0x620B4610)
[Inline] EAT @firefox.exe ([email protected]@@[email protected]) : MSVCP90.dll -> HOOKED (Unknown @ 0x5B6C8EB0)
[Inline] EAT @firefox.exe ([email protected]@@3V?$[email protected]?$[email protected]@[email protected]@@[email protected]) : MSVCP90.dll -> HOOKED (Unknown @ 0x5B096E88)
[Inline] EAT @firefox.exe ([email protected]@@3V?$[email protected]?$[email protected]@[email protected]@@[email protected]) : MSVCP90.dll -> HOOKED (Unknown @ 0x5B096FB0)
[Inline] EAT @firefox.exe ([email protected]@@3V?$[email protected]?$[email protected]@[email protected]@@[email protected]) : MSVCP90.dll -> HOOKED (Unknown @ 0x5B097040)
[Inline] EAT @firefox.exe ([email protected]@@3V?$[email protected]?$[email protected]@[email protected]@@[email protected]) : MSVCP90.dll -> HOOKED (Unknown @ 0x5B0C6E28)
[Inline] EAT @firefox.exe ([email protected]@@3V?$[email protected]_WU?$[email protected][email protected]@@@[email protected]) : MSVCP90.dll -> HOOKED (Unknown @ 0x5B0C6880)
[Inline] EAT @firefox.exe ([email protected]@@3V?$[email protected]?$[email protected]@[email protected]@@[email protected]) : MSVCP90.dll -> HOOKED (Unknown @ 0x5B0C6F88)
[Inline] EAT @firefox.exe ([email protected]@@3V?$[email protected]_WU?$[email protected][email protected]@@@[email protected]) : MSVCP90.dll -> HOOKED (Unknown @ 0x5B0C6950)
[Inline] EAT @firefox.exe ([email protected]@@3V?$[email protected]?$[email protected]@[email protected]@@[email protected]) : MSVCP90.dll -> HOOKED (Unknown @ 0x5B0C6E60)
[Inline] EAT @firefox.exe ([email protected]@@3V?$[email protected]_WU?$[email protected][email protected]@@@[email protected]) : MSVCP90.dll -> HOOKED (Unknown @ 0x5B0C69E0)
[Inline] EAT @firefox.exe ([email protected]@@[email protected]) : DUI70.dll -> HOOKED (Unknown @ 0x59AA8CF2)
[Inline] EAT @firefox.exe ([email protected]@@[email protected]@@) : DUI70.dll -> HOOKED (Unknown @ 0x5C06B9BE)
[Inline] EAT @firefox.exe ([email protected]@@[email protected]@@) : DUI70.dll -> HOOKED (Unknown @ 0x59BECFC2)
[Inline] EAT @firefox.exe ([email protected]@@[email protected]) : DUI70.dll -> HOOKED (Unknown @ 0x59BEEE02)
[Inline] EAT @firefox.exe ([email protected]@@[email protected]) : DUI70.dll -> HOOKED (Unknown @ 0x59AA8CB2)
[Inline] EAT @firefox.exe ([email protected]@@[email protected]) : DUI70.dll -> HOOKED (Unknown @ 0x59BEEE56)
[Inline] EAT @firefox.exe ([email protected]@@[email protected]) : DUI70.dll -> HOOKED (Unknown @ 0x59BEEC62)
[Inline] EAT @firefox.exe ([email protected]@@[email protected]@@) : DUI70.dll -> HOOKED (Unknown @ 0x5C065E72)
[Inline] EAT @firefox.exe ([email protected]@@[email protected]@@) : DUI70.dll -> HOOKED (Unknown @ 0x59BECF76)
[Inline] EAT @firefox.exe ([email protected]@@[email protected]) : DUI70.dll -> HOOKED (Unknown @ 0x59AA8C4A)
[Inline] EAT @firefox.exe ([email protected]@@[email protected]) : DUI70.dll -> HOOKED (Unknown @ 0x59BEEEA2)
[Inline] EAT @firefox.exe ([email protected]@@[email protected]@@) : DUI70.dll -> HOOKED (Unknown @ 0x5C077072)
[Inline] EAT @firefox.exe ([email protected]@@[email protected]@@) : DUI70.dll -> HOOKED (Unknown @ 0x59BED076)
[Inline] EAT @firefox.exe ([email protected]@@[email protected]@@) : DUI70.dll -> HOOKED (Unknown @ 0x5C071512)
[Inline] EAT @firefox.exe ([email protected]@@[email protected]@@) : DUI70.dll -> HOOKED (Unknown @ 0x5BEB9D92)
[Inline] EAT @firefox.exe ([email protected]@@[email protected]) : DUI70.dll -> HOOKED (Unknown @ 0x59BEEFC6)

Ruches Externes:
-> E:\windows\system32\config\SYSTEM | DRVINFO [Drv - E:] | SYSTEMINFO [Sys - C:] [Sys32 - FOUND] | USERINFO [Startup - FOUND]
-> E:\windows\system32\config\SOFTWARE | DRVINFO [Drv - E:] | SYSTEMINFO [Sys - C:] [Sys32 - FOUND] | USERINFO [Startup - FOUND]
-> E:\windows\system32\config\SECURITY | DRVINFO [Drv - E:] | SYSTEMINFO [Sys - C:] [Sys32 - FOUND] | USERINFO [Startup - FOUND]
-> E:\windows\system32\config\SAM | DRVINFO [Drv - E:] | SYSTEMINFO [Sys - C:] [Sys32 - FOUND] | USERINFO [Startup - FOUND]
-> E:\windows\system32\config\DEFAULT | DRVINFO [Drv - E:] | SYSTEMINFO [Sys - C:] [Sys32 - FOUND] | USERINFO [Startup - FOUND]
-> E:\Documents and Settings\Default User.WINDOWS\NTUSER.DAT | DRVINFO [Drv - E:] | SYSTEMINFO [Sys - C:] [Sys32 - FOUND] | USERINFO [Startup - FOUND]
-> E:\Documents and Settings\Default User.WINDOWS.0\NTUSER.DAT | DRVINFO [Drv - E:] | SYSTEMINFO [Sys - C:] [Sys32 - FOUND] | USERINFO [Startup - FOUND]
-> E:\Documents and Settings\LocalService\NTUSER.DAT | DRVINFO [Drv - E:] | SYSTEMINFO [Sys - C:] [Sys32 - FOUND] | USERINFO [Startup - FOUND]
-> E:\Documents and Settings\LocalService.AUTORITE NT\NTUSER.DAT | DRVINFO [Drv - E:] | SYSTEMINFO [Sys - C:] [Sys32 - FOUND] | USERINFO [Startup - FOUND]
-> E:\Documents and Settings\Lusky\NTUSER.DAT | DRVINFO [Drv - E:] | SYSTEMINFO [Sys - C:] [Sys32 - FOUND] | USERINFO [Startup - FOUND]
-> E:\Documents and Settings\Lusky.MAISON-A30A2F2A\NTUSER.DAT | DRVINFO [Drv - E:] | SYSTEMINFO [Sys - C:] [Sys32 - FOUND] | USERINFO [Startup - FOUND]
-> E:\Documents and Settings\NetworkService\NTUSER.DAT | DRVINFO [Drv - E:] | SYSTEMINFO [Sys - C:] [Sys32 - FOUND] | USERINFO [Startup - FOUND]
-> E:\Documents and Settings\NetworkService.AUTORITE NT\NTUSER.DAT | DRVINFO [Drv - E:] | SYSTEMINFO [Sys - C:] [Sys32 - FOUND] | USERINFO [Startup - FOUND]

Infection :

Fichier HOSTS:
--> %SystemRoot%\System32\drivers\etc\hosts




MBR Verif:

+++++ PhysicalDrive0: (\\.\PHYSICALDRIVE0 @ SCSI) ST2000DL 003-9VT166 SCSI Disk Device +++++
--- User ---
[MBR] a4a7b30fe053aed4983c685cdf1e8098
[BSP] f45a61ac8f023ea83cdd7ff492c72397 : Windows 7/8 MBR Code
Partition table:
0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 63 | Size: 204797 Mo
1 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 419425020 | Size: 1702929 Mo
User = LL1 ... OK!
Error reading LL2 MBR!

+++++ PhysicalDrive1: (\\.\PHYSICALDRIVE1 @ SCSI) WDC WD50 00AACS-00G8B SCSI Disk Device +++++
--- User ---
[MBR] 7c25432f45a6b8b7389e28c93237a26d
[BSP] c84cddcbb37dc9126b7823279b97e9be : Windows XP MBR Code
Partition table:
0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 63 | Size: 476938 Mo
User = LL1 ... OK!
Error reading LL2 MBR!

Termine : << RKreport[0]_S_10232013_192844.txt >>
RKreport[0]_D_10232013_192734.txt;RKreport[0]_S_10222013_182344.txt;RKreport[0]_S_10232013_192606.txt
  • 0

#10
Lusky

Lusky

    Member

  • Topic Starter
  • Member
  • PipPip
  • 17 posts
Hi,


since the delete of those registry entries, new icons have appeared on desktop (shortcut to user and computer or system), I guess it's linked to the policy change. But the problem is still here, is there any other program/scan to launch ?


Regards
  • 0

Advertisements


#11
Valinorum

Valinorum

    GeekU Guardian Bot

  • GeekU Moderator
  • 2,909 posts
Before I introduce new program(s) to you, can you redo Step: 4 for me please? Make sure everything is checked in the Drivers tab. :)
  • 0

#12
Lusky

Lusky

    Member

  • Topic Starter
  • Member
  • PipPip
  • 17 posts
There is no checkbox in Drivers tabs, only lines with Legit to true and one with false when firefox is launched:

[Inline] EAT @firefox.exe ([email protected]@@[email protected]@V?$[email protected]@@@[email protected]@[email protected][email protected]@@Z) : mozjs.dll -> HOOKED (C:\Program Files\AVAST Software\Avast\aswJsFlt.dll @ 0x6EDD4610)


Result after delete (but nothing was in registry tab) :

RogueKiller V8.7.5 [Oct 22 2013] by Tigzy
mail : tigzyRK<at>gmail<dot>com
Feedback : http://www.adlice.com/forum/
Website : http://www.adlice.co...es/roguekiller/
Blog : http://tigzyrk.blogspot.com/

Operating System : Windows 7 (6.1.7601 Service Pack 1) 32 bits version
Started in : Normal mode
User : Lusky [Admin rights]
Mode : Remove -- Date : 10/26/2013 12:44:09
| ARK || FAK || MBR |

Bad processes : 0

Registry Entries : 0

Scheduled tasks : 0

Startup Entries : 0

Web browsers : 0

Particular Files / Folders:

Driver : [LOADED]
[Inline] EAT @firefox.exe ([email protected]@@[email protected]@V?$[email protected]@@@[email protected]@[email protected][email protected]@@Z) : mozjs.dll -> HOOKED (C:\Program Files\AVAST Software\Avast\aswJsFlt.dll @ 0x6EDD4610)

External Hives:
-> E:\windows\system32\config\SYSTEM | DRVINFO [Drv - E:] | SYSTEMINFO [Sys - C:] [Sys32 - FOUND] | USERINFO [Startup - FOUND]
-> E:\windows\system32\config\SOFTWARE | DRVINFO [Drv - E:] | SYSTEMINFO [Sys - C:] [Sys32 - FOUND] | USERINFO [Startup - FOUND]
-> E:\windows\system32\config\SECURITY | DRVINFO [Drv - E:] | SYSTEMINFO [Sys - C:] [Sys32 - FOUND] | USERINFO [Startup - FOUND]
-> E:\windows\system32\config\SAM | DRVINFO [Drv - E:] | SYSTEMINFO [Sys - C:] [Sys32 - FOUND] | USERINFO [Startup - FOUND]
-> E:\windows\system32\config\DEFAULT | DRVINFO [Drv - E:] | SYSTEMINFO [Sys - C:] [Sys32 - FOUND] | USERINFO [Startup - FOUND]
-> E:\Documents and Settings\Default User.WINDOWS\NTUSER.DAT | DRVINFO [Drv - E:] | SYSTEMINFO [Sys - C:] [Sys32 - FOUND] | USERINFO [Startup - FOUND]
-> E:\Documents and Settings\Default User.WINDOWS.0\NTUSER.DAT | DRVINFO [Drv - E:] | SYSTEMINFO [Sys - C:] [Sys32 - FOUND] | USERINFO [Startup - FOUND]
-> E:\Documents and Settings\LocalService\NTUSER.DAT | DRVINFO [Drv - E:] | SYSTEMINFO [Sys - C:] [Sys32 - FOUND] | USERINFO [Startup - FOUND]
-> E:\Documents and Settings\LocalService.AUTORITE NT\NTUSER.DAT | DRVINFO [Drv - E:] | SYSTEMINFO [Sys - C:] [Sys32 - FOUND] | USERINFO [Startup - FOUND]
-> E:\Documents and Settings\Lusky\NTUSER.DAT | DRVINFO [Drv - E:] | SYSTEMINFO [Sys - C:] [Sys32 - FOUND] | USERINFO [Startup - FOUND]
-> E:\Documents and Settings\Lusky.MAISON-A30A2F2A\NTUSER.DAT | DRVINFO [Drv - E:] | SYSTEMINFO [Sys - C:] [Sys32 - FOUND] | USERINFO [Startup - FOUND]
-> E:\Documents and Settings\NetworkService\NTUSER.DAT | DRVINFO [Drv - E:] | SYSTEMINFO [Sys - C:] [Sys32 - FOUND] | USERINFO [Startup - FOUND]
-> E:\Documents and Settings\NetworkService.AUTORITE NT\NTUSER.DAT | DRVINFO [Drv - E:] | SYSTEMINFO [Sys - C:] [Sys32 - FOUND] | USERINFO [Startup - FOUND]

Infection :

HOSTS File:
--> %SystemRoot%\System32\drivers\etc\hosts




MBR Check:

+++++ PhysicalDrive0: (\\.\PHYSICALDRIVE0 @ SCSI) ST2000DL 003-9VT166 SCSI Disk Device +++++
--- User ---
[MBR] a4a7b30fe053aed4983c685cdf1e8098
[BSP] f45a61ac8f023ea83cdd7ff492c72397 : Windows 7/8 MBR Code
Partition table:
0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 63 | Size: 204797 Mo
1 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 419425020 | Size: 1702929 Mo
User = LL1 ... OK!
Error reading LL2 MBR!

+++++ PhysicalDrive1: (\\.\PHYSICALDRIVE1 @ SCSI) WDC WD50 00AACS-00G8B SCSI Disk Device +++++
--- User ---
[MBR] 7c25432f45a6b8b7389e28c93237a26d
[BSP] c84cddcbb37dc9126b7823279b97e9be : Windows XP MBR Code
Partition table:
0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 63 | Size: 476938 Mo
User = LL1 ... OK!
Error reading LL2 MBR!

Finished : << RKreport[0]_D_10262013_124409.txt >>
RKreport[0]_D_10232013_192734.txt;RKreport[0]_S_10222013_182344.txt;RKreport[0]_S_10232013_192606.txt
RKreport[0]_S_10232013_192844.txt;RKreport[0]_S_10242013_175434.txt;RKreport[0]_S_10262013_123312.txt
RKreport[0]_S_10262013_123522.txt;RKreport[0]_S_10262013_123712.txt
  • 0

#13
Valinorum

Valinorum

    GeekU Guardian Bot

  • GeekU Moderator
  • 2,909 posts
Hi Lusky, :)

  • Step #5 Fix with AdwCleaner
    Download : ADWCleaner to your desktop.

    NOTE: If using Internet Explorer and get an alert that stops the program downloading, click on the warning and allow the download to complete.

    Close all programs and click on the AdwCleaner icon.

    Posted Image

    Click on Scan and follow the prompts. Let it run unhindered. When done, click on the Clean button, and follow the prompts. Allow the system to reboot. You will then be presented with the report. Copy & Paste this report on your next reply.

    The report will be saved in the C:\AdwCleaner folder. as AdwCleaner[S0].txt

 

  • Step #6 Fix with Junkware Removal Tool
    Posted Image Please download Junkware Removal Tool to your desktop.
  • Shut down your protection software now to avoid potential conflicts.
  • Run the tool by double-clicking it. If you are using Windows Vista, 7, or 8; instead of double-clicking, right-mouse click JRT.exe and select "Run as Administrator".
  • The tool will open and start scanning your system.
  • Please be patient as this can take a while to complete depending on your system's specifications.
  • On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
  • Post the contents of JRT.txt into your next message.

 

  • Step #7 Run ESET Online Scanner

    Note: You can use either Internet Explorer or Mozilla FireFox for this scan. You will however need to disable your current installed Anti-Virus, how to do so can be read here.

    Vista / 7 users: You will need to to right-click on the either the Internet Explorer or Firefox icon in the Start Menu or Quick Launch Bar on the Taskbar and select Run as Administrator from the context menu.

    • Please go here then click on: Posted Image

      Note: If using Mozilla Firefox you will need to download esetsmartinstaller_enu.exe when prompted then double click on it to install.
      All of the below instructions are compatible with either Internet Explorer or Mozilla FireFox.

    • Select the option YES, I accept the Terms of Use then click on:Posted Image
    • When prompted allow the Add-On/Active X to install.
    • Uncheck the box beside Remove Found Threats
    • Make sure that the option Scan archives is checked.
    • Now click on Advanced Settings and select the following:
    • Scan for potentially unwanted applications
    • Scan for potentially unsafe applications
    • Enable Anti-Stealth Technology
  • Now click on:Posted Image
  • The virus signature database... will begin to download. Be patient this make take some time depending on the speed of your Internet Connection.
  • When completed the Online Scan will begin automatically. The scan may take several hours.
  • Wait for the scan to finish. Do not touch either the Mouse or keyboard during the scan. Otherwise it may stall.


When The Scan is Complete:

  • If No Threats Were Found:

    • Put a checkmark in "Uninstall application on close"
    • Close the program
    • Report to me that nothing was found
  • If Threats Were Found:
    • Click on "list of threats found"
    • Click on "export to text file" and save it to the desktop as ESET SCAN.txt
    • Click on Back
    • Put a checkmark in "Uninstall application on close" (Be sure you have saved the file first)
    • Click on Finish
    • Close the program
    • Copy and paste the report here


Note: Do not forget to re-enable your Anti-Virus application after running the above scan!


 

  • Step #8 Scan with Security Check
    • Download Security Check by screen317 to your Desktop from any of the following location;
    • Link 1
    • Link 2
  • Right click on the program and choose Run as Administrator;
  • After the checking a log will appear;
  • Copy and Paste the content of the log in your next reply.

 

  • Required Log(s):
  • AdwCleaner log;
  • JRT.txt;
  • ESET scan log;
  • Security Check log.

How is your PC running?

Regards,
Valinorum
  • 0

#14
Lusky

Lusky

    Member

  • Topic Starter
  • Member
  • PipPip
  • 17 posts
Hi,

here is the adwcleaner file:

# AdwCleaner v3.010 - Rapport cr le 28/10/2013 01:23:12
# Mis jour le 20/10/2013 par Xplode
# Systme d'exploitation : Windows 7 Ultimate Service Pack 1 (32 bits)
# Nom d'utilisateur : Lusky - LUSKY-PC
# Excut depuis : H:\d\adwcleaner.exe
# Option : Nettoyer

***** [ Services ] *****


***** [ Fichiers / Dossiers ] *****


***** [ Raccourcis ] *****


***** [ Registre ] *****


***** [ Navigateurs ] *****

-\\ Internet Explorer v8.0.7601.17514


-\\ Mozilla Firefox v

[ Fichier : C:\Users\Lusky\AppData\Roaming\Mozilla\Firefox\Profiles\exodfja2.default\prefs.js ]


[ Fichier : C:\Users\Lusky\AppData\Roaming\Mozilla\Firefox\Profiles\exodfja2.default - Copy\prefs.js ]


*************************

AdwCleaner[R0].txt - [1974 octets] - [22/08/2013 08:15:32]
AdwCleaner[R10].txt - [1601 octets] - [18/10/2013 02:10:13]
AdwCleaner[R11].txt - [1898 octets] - [19/10/2013 10:54:27]
AdwCleaner[R12].txt - [1727 octets] - [19/10/2013 11:25:20]
AdwCleaner[R13].txt - [1788 octets] - [19/10/2013 17:38:03]
AdwCleaner[R14].txt - [1850 octets] - [20/10/2013 15:29:21]
AdwCleaner[R15].txt - [1911 octets] - [28/10/2013 01:22:10]
AdwCleaner[R1].txt - [1014 octets] - [22/08/2013 10:27:28]
AdwCleaner[R2].txt - [1074 octets] - [31/08/2013 22:01:47]
AdwCleaner[R3].txt - [1123 octets] - [07/09/2013 13:43:19]
AdwCleaner[R4].txt - [1183 octets] - [08/09/2013 10:19:21]
AdwCleaner[R5].txt - [1244 octets] - [22/09/2013 20:14:48]
AdwCleaner[R6].txt - [1307 octets] - [22/09/2013 20:16:49]
AdwCleaner[R7].txt - [1364 octets] - [25/09/2013 23:28:07]
AdwCleaner[R8].txt - [1424 octets] - [25/09/2013 23:40:57]
AdwCleaner[R9].txt - [1484 octets] - [27/09/2013 23:43:36]
AdwCleaner[S0].txt - [2047 octets] - [22/08/2013 08:16:55]
AdwCleaner[S1].txt - [1960 octets] - [19/10/2013 10:55:32]
AdwCleaner[S2].txt - [1831 octets] - [28/10/2013 01:23:12]

########## EOF - C:\AdwCleaner\AdwCleaner[S2].txt - [1891 octets] ##########



and the JRT one:

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.0.7 (10.15.2013:3)
OS: Windows 7 Ultimate x86
Ran by Lusky on 28/10/2013 at 1:33:04,54
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




~~~ Services



~~~ Registry Values



~~~ Registry Keys

Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\dt soft\daemon tools toolbar



~~~ Files



~~~ Folders



~~~ Event Viewer Logs were cleared





~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on 28/10/2013 at 1:35:36,71
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

The others when it's done!
  • 0

#15
Valinorum

Valinorum

    GeekU Guardian Bot

  • GeekU Moderator
  • 2,909 posts
Sure. I await your reply. :)
  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP