Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

my Hijackthis log am I infected? [Solved]


  • This topic is locked This topic is locked

#1
Geekl33t

Geekl33t

    Member

  • Member
  • PipPip
  • 22 posts
Hey guys

Could you look my Hijackthis log and see if I got any virus? Your help would be really appriciated. Here is my Hijackthis log:

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 23:13:55, on 26/11/2013
Platform: Windows Vista SP2 (WinNT 6.00.1906)
MSIE: Internet Explorer v9.00 (9.00.8112.16520)


Boot mode: Normal

Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\taskeng.exe
C:\Windows\System32\igfxtray.exe
C:\Windows\System32\hkcmd.exe
C:\Windows\System32\igfxpers.exe
C:\Windows\system32\igfxsrvc.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\HP\QuickPlay\QPService.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QLBCTRL.exe
C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
C:\Program Files\IDT\WDM\sttray.exe
C:\Program Files\Microsoft IntelliType Pro\itype.exe
C:\Program Files\VMware\VMware Workstation\vmware-tray.exe
C:\Program Files\AVAST Software\Avast\AvastUI.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe
C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe
C:\Windows\ehome\ehtray.exe
C:\Windows\ehome\ehmsas.exe
C:\Program Files\Skype\Phone\Skype.exe
C:\Program Files\TuneUp Utilities 2012\TuneUpUtilitiesApp32.exe
C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
C:\Program Files\Hewlett-Packard\Shared\hpqToaster.exe
C:\Users\Portable\AppData\Roaming\BitTorrent\BitTorrent.exe
C:\Windows\system32\conime.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Users\Portable\Desktop\hijackthis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = Preserve
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.bing.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.h...resario&pf=cnnb
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.h...resario&pf=cnnb
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O1 - Hosts: ::1 localhost
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Java™ Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll
O2 - BHO: avast! Online Security - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll
O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Windows Live Messenger Companion Helper - {9FDDE16B-836F-4806-AB1F-1455CBEFF289} - C:\Program Files\Windows Live\Companion\companioncore.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll
O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
O3 - Toolbar: avast! Online Security - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll
O4 - HKLM\..\Run: [IgfxTray] C:\Windows\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\Windows\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] C:\Windows\system32\igfxpers.exe
O4 - HKLM\..\Run: [SynTPEnh] %ProgramFiles%\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [QPService] "C:\Program Files\HP\QuickPlay\QPService.exe"
O4 - HKLM\..\Run: [UpdateLBPShortCut] "C:\Program Files\CyberLink\LabelPrint\MUITransfer\MUIStartMenu.exe" "C:\Program Files\CyberLink\LabelPrint" UpdateWithCreateOnce "Software\CyberLink\LabelPrint\2.5"
O4 - HKLM\..\Run: [UpdatePSTShortCut] "C:\Program Files\CyberLink\DVD Suite\MUITransfer\MUIStartMenu.exe" "C:\Program Files\CyberLink\DVD Suite" UpdateWithCreateOnce "Software\CyberLink\PowerStarter"
O4 - HKLM\..\Run: [UCam_Menu] "C:\Program Files\CyberLink\YouCam\MUITransfer\MUIStartMenu.exe" "C:\Program Files\CyberLink\YouCam" UpdateWithCreateOnce "Software\CyberLink\YouCam\2.0"
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [QlbCtrl.exe] C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe /Start
O4 - HKLM\..\Run: [UpdateP2GoShortCut] "C:\Program Files\CyberLink\Power2Go\MUITransfer\MUIStartMenu.exe" "C:\Program Files\CyberLink\Power2Go" UpdateWithCreateOnce "SOFTWARE\CyberLink\Power2Go\6.0"
O4 - HKLM\..\Run: [UpdatePDIRShortCut] "C:\Program Files\CyberLink\PowerDirector\MUITransfer\MUIStartMenu.exe" "C:\Program Files\CyberLink\PowerDirector" UpdateWithCreateOnce "SOFTWARE\CyberLink\PowerDirector\7.0"
O4 - HKLM\..\Run: [WirelessAssistant] C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
O4 - HKLM\..\Run: [APSDaemon] "C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe"
O4 - HKLM\..\Run: [SysTrayApp] C:\Program Files\IDT\WDM\sttray.exe
O4 - HKLM\..\Run: [itype] "c:\Program Files\Microsoft IntelliType Pro\itype.exe"
O4 - HKLM\..\Run: [FileZilla Server Interface] "C:\Program Files\FileZilla Server\FileZilla Server Interface.exe"
O4 - HKLM\..\Run: [vmware-tray.exe] "C:\Program Files\VMware\VMware Workstation\vmware-tray.exe"
O4 - HKLM\..\Run: [AvastUI.exe] "C:\Program Files\AVAST Software\Avast\AvastUI.exe" /nogui
O4 - HKLM\..\Run: [20131121] C:\Program Files\AVAST Software\Avast\setup\emupdate\48f54678-fe67-43ee-8c52-4f4907c9cc78.exe /check
O4 - HKCU\..\Run: [LightScribe Control Panel] C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe -hidden
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program Files\DAEMON Tools Lite\DTLite.exe" -autorun
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /minimized /regrun
O4 - HKCU\..\Run: [DriverScanner] "C:\Program Files\Uniblue\DriverScanner\launcher.exe" delay 20000
O4 - HKCU\..\Run: [Facebook Update] "C:\Users\Portable\AppData\Local\Facebook\Update\FacebookUpdate.exe" /c /nocrashserver
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'SERVICE RÉSEAU')
O9 - Extra button: @C:\Program Files\Windows Live\Companion\companionlang.dll,-600 - {0000036B-C524-4050-81A0-243669A86B9F} - C:\Program Files\Windows Live\Companion\companioncore.dll
O9 - Extra button: @C:\Program Files\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1004 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: @C:\Program Files\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1003 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O10 - Unknown file in Winsock LSP: c:\windows\system32\vsocklib.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\vsocklib.dll
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O18 - Protocol: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\Windows\system32\browseui.dll
O23 - Service: @%SystemRoot%\system32\aelupsvc.dll,-1 (AeLookupSvc) - Unknown owner - C:\Windows\system32\svchost.exe
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe
O23 - Service: @%systemroot%\system32\appinfo.dll,-100 (Appinfo) - Unknown owner - C:\Windows\system32\svchost.exe
O23 - Service: @%SystemRoot%\system32\audiosrv.dll,-204 (AudioEndpointBuilder) - Unknown owner - C:\Windows\System32\svchost.exe
O23 - Service: @%SystemRoot%\system32\audiosrv.dll,-200 (Audiosrv) - Unknown owner - C:\Windows\System32\svchost.exe
O23 - Service: avast! Antivirus - AVAST Software - C:\Program Files\AVAST Software\Avast\AvastSvc.exe
O23 - Service: avast! Firewall - AVAST Software - C:\Program Files\AVAST Software\Avast\afwServ.exe
O23 - Service: @%SystemRoot%\system32\bfe.dll,-1001 (BFE) - Unknown owner - C:\Windows\system32\svchost.exe
O23 - Service: @%SystemRoot%\system32\qmgr.dll,-1000 (BITS) - Unknown owner - C:\Windows\System32\svchost.exe
O23 - Service: Service Bonjour (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: @%systemroot%\system32\browser.dll,-100 (Browser) - Unknown owner - C:\Windows\System32\svchost.exe
O23 - Service: @%SystemRoot%\System32\certprop.dll,-11 (CertPropSvc) - Unknown owner - C:\Windows\system32\svchost.exe
O23 - Service: Com4QLBEx - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe
O23 - Service: @%SystemRoot%\system32\cryptsvc.dll,-1001 (CryptSvc) - Unknown owner - C:\Windows\system32\svchost.exe
O23 - Service: @oleres.dll,-5012 (DcomLaunch) - Unknown owner - C:\Windows\system32\svchost.exe
O23 - Service: @dfsrres.dll,-101 (DFSR) - Unknown owner - C:\Windows\system32\DFSR.exe
O23 - Service: @%SystemRoot%\system32\dhcpcsvc.dll,-100 (Dhcp) - Unknown owner - C:\Windows\system32\svchost.exe
O23 - Service: @%SystemRoot%\System32\dnsapi.dll,-101 (Dnscache) - Unknown owner - C:\Windows\system32\svchost.exe
O23 - Service: @%systemroot%\system32\dot3svc.dll,-1102 (dot3svc) - Unknown owner - C:\Windows\system32\svchost.exe
O23 - Service: @%systemroot%\system32\dps.dll,-500 (DPS) - Unknown owner - C:\Windows\System32\svchost.exe
O23 - Service: @%systemroot%\system32\eapsvc.dll,-1 (EapHost) - Unknown owner - C:\Windows\System32\svchost.exe
O23 - Service: @%SystemRoot%\ehome\ehrecvr.exe,-101 (ehRecvr) - Unknown owner - C:\Windows\ehome\ehRecvr.exe
O23 - Service: @%SystemRoot%\ehome\ehsched.exe,-101 (ehSched) - Unknown owner - C:\Windows\ehome\ehsched.exe
O23 - Service: @%SystemRoot%\ehome\ehstart.dll,-101 (ehstart) - Unknown owner - C:\Windows\system32\svchost.exe
O23 - Service: @%SystemRoot%\system32\emdmgmt.dll,-1000 (EMDMgmt) - Unknown owner - C:\Windows\system32\svchost.exe
O23 - Service: @%SystemRoot%\system32\wevtsvc.dll,-200 (Eventlog) - Unknown owner - C:\Windows\System32\svchost.exe
O23 - Service: @comres.dll,-2450 (EventSystem) - Unknown owner - C:\Windows\system32\svchost.exe
O23 - Service: Easybits Shared Services for Windows (ezSharedSvc) - Unknown owner - C:\Windows\system32\svchost.exe
O23 - Service: @%systemroot%\system32\fdPHost.dll,-100 (fdPHost) - Unknown owner - C:\Windows\system32\svchost.exe
O23 - Service: @%systemroot%\system32\fdrespub.dll,-100 (FDResPub) - Unknown owner - C:\Windows\system32\svchost.exe
O23 - Service: @%systemroot%\system32\FntCache.dll,-100 (FontCache) - Unknown owner - C:\Windows\system32\svchost.exe
O23 - Service: @gpapi.dll,-112 (gpsvc) - Unknown owner - C:\Windows\system32\svchost.exe
O23 - Service: Service Google Update (gupdate) (gupdate) - Unknown owner - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Service Google Update (gupdatem) (gupdatem) - Unknown owner - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: @%SystemRoot%\System32\hidserv.dll,-101 (hidserv) - Unknown owner - C:\Windows\system32\svchost.exe
O23 - Service: @%SystemRoot%\system32\kmsvc.dll,-6 (hkmsvc) - Unknown owner - C:\Windows\System32\svchost.exe
O23 - Service: HP Health Check Service - Hewlett-Packard - c:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe
O23 - Service: hpqwmiex - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
O23 - Service: @%SystemRoot%\system32\ikeext.dll,-501 (IKEEXT) - Unknown owner - C:\Windows\system32\svchost.exe
O23 - Service: @%systemroot%\system32\IPBusEnum.dll,-102 (IPBusEnum) - Unknown owner - C:\Windows\system32\svchost.exe
O23 - Service: @%SystemRoot%\system32\iphlpsvc.dll,-200 (iphlpsvc) - Unknown owner - C:\Windows\System32\svchost.exe
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe
O23 - Service: @comres.dll,-2946 (KtmRm) - Unknown owner - C:\Windows\System32\svchost.exe
O23 - Service: @%systemroot%\system32\srvsvc.dll,-100 (LanmanServer) - Unknown owner - C:\Windows\system32\svchost.exe
O23 - Service: @%systemroot%\system32\wkssvc.dll,-100 (LanmanWorkstation) - Unknown owner - C:\Windows\System32\svchost.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: @%SystemRoot%\system32\lltdres.dll,-1 (lltdsvc) - Unknown owner - C:\Windows\System32\svchost.exe
O23 - Service: @%SystemRoot%\system32\lmhsvc.dll,-101 (lmhosts) - Unknown owner - C:\Windows\system32\svchost.exe
O23 - Service: Ma-Config Agent (MaConfigAgent) - Unknown owner - C:\Program Files\ma-config.com\MaConfigAgent.exe
O23 - Service: MBAMScheduler - Malwarebytes Corporation - C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe
O23 - Service: MBAMService - Malwarebytes Corporation - C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
O23 - Service: @%systemroot%\system32\mmcss.dll,-100 (MMCSS) - Unknown owner - C:\Windows\system32\svchost.exe
O23 - Service: @%SystemRoot%\system32\FirewallAPI.dll,-23090 (MpsSvc) - Unknown owner - C:\Windows\system32\svchost.exe
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe
O23 - Service: @%SystemRoot%\system32\iscsidsc.dll,-5000 (MSiSCSI) - Unknown owner - C:\Windows\system32\svchost.exe
O23 - Service: @%SystemRoot%\system32\msimsg.dll,-27 (msiserver) - Unknown owner - C:\Windows\System32\msiexec.exe
O23 - Service: @%SystemRoot%\system32\qagentrt.dll,-6 (napagent) - Unknown owner - C:\Windows\System32\svchost.exe
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe
O23 - Service: @%SystemRoot%\system32\netman.dll,-109 (Netman) - Unknown owner - C:\Windows\System32\svchost.exe
O23 - Service: @%SystemRoot%\system32\netprof.dll,-246 (netprofm) - Unknown owner - C:\Windows\System32\svchost.exe
O23 - Service: @%SystemRoot%\System32\nlasvc.dll,-1 (NlaSvc) - Unknown owner - C:\Windows\System32\svchost.exe
O23 - Service: nProtect GameGuard Service (npggsvc) - Unknown owner - C:\Windows\system32\GameMon.des.exe (file missing)
O23 - Service: @%SystemRoot%\system32\nsisvc.dll,-200 (nsi) - Unknown owner - C:\Windows\system32\svchost.exe
O23 - Service: @%SystemRoot%\system32\p2psvc.dll,-8004 (p2pimsvc) - Unknown owner - C:\Windows\System32\svchost.exe
O23 - Service: @%SystemRoot%\system32\p2psvc.dll,-8006 (p2psvc) - Unknown owner - C:\Windows\System32\svchost.exe
O23 - Service: @%SystemRoot%\system32\pcasvc.dll,-1 (PcaSvc) - Unknown owner - C:\Windows\system32\svchost.exe
O23 - Service: @%systemroot%\system32\pla.dll,-500 (pla) - Unknown owner - C:\Windows\System32\svchost.exe
O23 - Service: @%SystemRoot%\system32\umpnpmgr.dll,-100 (PlugPlay) - Unknown owner - C:\Windows\system32\svchost.exe
O23 - Service: PnkBstrA - Unknown owner - C:\Windows\system32\PnkBstrA.exe
O23 - Service: @%SystemRoot%\system32\p2psvc.dll,-8002 (PNRPAutoReg) - Unknown owner - C:\Windows\System32\svchost.exe
O23 - Service: @%SystemRoot%\system32\p2psvc.dll,-8000 (PNRPsvc) - Unknown owner - C:\Windows\System32\svchost.exe
O23 - Service: @%SystemRoot%\System32\polstore.dll,-5010 (PolicyAgent) - Unknown owner - C:\Windows\system32\svchost.exe
O23 - Service: @%systemroot%\system32\profsvc.dll,-300 (ProfSvc) - Unknown owner - C:\Windows\system32\svchost.exe
O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe
O23 - Service: @%SystemRoot%\system32\qwave.dll,-1 (QWAVE) - Unknown owner - C:\Windows\system32\svchost.exe
O23 - Service: @%Systemroot%\system32\rasauto.dll,-200 (RasAuto) - Unknown owner - C:\Windows\system32\svchost.exe
O23 - Service: @%Systemroot%\system32\rasmans.dll,-200 (RasMan) - Unknown owner - C:\Windows\system32\svchost.exe
O23 - Service: Recovery Service for Windows - Unknown owner - C:\Program Files\SMINST\BLService.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared files\RichVideo.exe
O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - CACE Technologies, Inc. - C:\Program Files\WinPcap\rpcapd.exe
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe
O23 - Service: @oleres.dll,-5010 (RpcSs) - Unknown owner - C:\Windows\system32\svchost.exe
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe
O23 - Service: @%SystemRoot%\System32\SCardSvr.dll,-1 (SCardSvr) - Unknown owner - C:\Windows\system32\svchost.exe
O23 - Service: @%SystemRoot%\system32\schedsvc.dll,-100 (Schedule) - Unknown owner - C:\Windows\system32\svchost.exe
O23 - Service: @%SystemRoot%\System32\certprop.dll,-13 (SCPolicySvc) - Unknown owner - C:\Windows\system32\svchost.exe
O23 - Service: @%SystemRoot%\system32\sdrsvc.dll,-107 (SDRSVC) - Unknown owner - C:\Windows\system32\svchost.exe
O23 - Service: @%SystemRoot%\system32\seclogon.dll,-7001 (seclogon) - Unknown owner - C:\Windows\system32\svchost.exe
O23 - Service: @%SystemRoot%\system32\Sens.dll,-200 (SENS) - Unknown owner - C:\Windows\system32\svchost.exe
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
O23 - Service: @%SystemRoot%\System32\SessEnv.dll,-1026 (SessionEnv) - Unknown owner - C:\Windows\System32\svchost.exe
O23 - Service: @%SystemRoot%\system32\ipnathlp.dll,-106 (SharedAccess) - Unknown owner - C:\Windows\System32\svchost.exe
O23 - Service: @%SystemRoot%\System32\shsvcs.dll,-12288 (ShellHWDetection) - Unknown owner - C:\Windows\System32\svchost.exe
O23 - Service: Skype Updater (SkypeUpdate) - Skype Technologies - C:\Program Files\Skype\Updater\Updater.exe
O23 - Service: @%SystemRoot%\system32\SLsvc.exe,-101 (slsvc) - Unknown owner - C:\Windows\system32\SLsvc.exe
O23 - Service: @%SystemRoot%\system32\SLUINotify.dll,-103 (SLUINotify) - Unknown owner - C:\Windows\system32\svchost.exe
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe
O23 - Service: @%systemroot%\system32\ssdpsrv.dll,-100 (SSDPSRV) - Unknown owner - C:\Windows\system32\svchost.exe
O23 - Service: @%SystemRoot%\system32\sstpsvc.dll,-200 (SstpSvc) - Unknown owner - C:\Windows\system32\svchost.exe
O23 - Service: Audio Service (STacSV) - IDT, Inc. - C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_827e372d\STacSV.exe
O23 - Service: @%SystemRoot%\system32\wiaservc.dll,-9 (stisvc) - Unknown owner - C:\Windows\system32\svchost.exe
O23 - Service: @%SystemRoot%\System32\swprv.dll,-103 (swprv) - Unknown owner - C:\Windows\System32\svchost.exe
O23 - Service: @%SystemRoot%\system32\sysmain.dll,-1000 (SysMain) - Unknown owner - C:\Windows\system32\svchost.exe
O23 - Service: @%SystemRoot%\system32\TabSvc.dll,-100 (TabletInputService) - Unknown owner - C:\Windows\System32\svchost.exe
O23 - Service: @%SystemRoot%\system32\tapisrv.dll,-10100 (TapiSrv) - Unknown owner - C:\Windows\System32\svchost.exe
O23 - Service: @%SystemRoot%\system32\tbssvc.dll,-100 (TBS) - Unknown owner - C:\Windows\System32\svchost.exe
O23 - Service: TeamViewer 8 (TeamViewer8) - TeamViewer GmbH - C:\Program Files\TeamViewer\Version8\TeamViewer_Service.exe
O23 - Service: Tenable Nessus - Tenable Network Security, Inc - C:\Program Files\Tenable\Nessus\nessus-service.exe
O23 - Service: @%SystemRoot%\System32\termsrv.dll,-268 (TermService) - Unknown owner - C:\Windows\System32\svchost.exe
O23 - Service: @%SystemRoot%\System32\shsvcs.dll,-8192 (Themes) - Unknown owner - C:\Windows\System32\svchost.exe
O23 - Service: @%systemroot%\system32\mmcss.dll,-102 (THREADORDER) - Unknown owner - C:\Windows\system32\svchost.exe
O23 - Service: @%SystemRoot%\system32\trkwks.dll,-1 (TrkWks) - Unknown owner - C:\Windows\System32\svchost.exe
O23 - Service: @%SystemRoot%\servicing\TrustedInstaller.exe,-100 (TrustedInstaller) - Unknown owner - C:\Windows\servicing\TrustedInstaller.exe
O23 - Service: TuneUp Utilities Service (TuneUp.UtilitiesSvc) - TuneUp Software - C:\Program Files\TuneUp Utilities 2012\TuneUpUtilitiesService32.exe
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe
O23 - Service: @%systemroot%\system32\upnphost.dll,-213 (upnphost) - Unknown owner - C:\Windows\system32\svchost.exe
O23 - Service: @%SystemRoot%\system32\dwm.exe,-2000 (UxSms) - Unknown owner - C:\Windows\System32\svchost.exe
O23 - Service: @%SystemRoot%\System32\uxtuneup.dll,-4096 (UxTuneUp) - Unknown owner - C:\Windows\System32\svchost.exe
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe
O23 - Service: VMware Authorization Service (VMAuthdService) - VMware, Inc. - C:\Program Files\VMware\VMware Workstation\vmware-authd.exe
O23 - Service: VMware DHCP Service (VMnetDHCP) - VMware, Inc. - C:\Windows\system32\vmnetdhcp.exe
O23 - Service: VMware USB Arbitration Service (VMUSBArbService) - VMware, Inc. - C:\Program Files\Common Files\VMware\USB\vmware-usbarbitrator.exe
O23 - Service: VMware NAT Service - VMware, Inc. - C:\Windows\system32\vmnat.exe
O23 - Service: VMware Workstation Server (VMwareHostd) - Unknown owner - C:\Program Files\VMware\VMware Workstation\vmware-hostd.exe
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe
O23 - Service: @%SystemRoot%\system32\w32time.dll,-200 (W32Time) - Unknown owner - C:\Windows\system32\svchost.exe
O23 - Service: @%SystemRoot%\system32\wcncsvc.dll,-3 (wcncsvc) - Unknown owner - C:\Windows\System32\svchost.exe
O23 - Service: @%SystemRoot%\system32\WcsPlugInService.dll,-200 (WcsPlugInService) - Unknown owner - C:\Windows\system32\svchost.exe
O23 - Service: @%systemroot%\system32\wdi.dll,-502 (WdiServiceHost) - Unknown owner - C:\Windows\System32\svchost.exe
O23 - Service: @%systemroot%\system32\wdi.dll,-500 (WdiSystemHost) - Unknown owner - C:\Windows\System32\svchost.exe
O23 - Service: @%systemroot%\system32\webclnt.dll,-100 (WebClient) - Unknown owner - C:\Windows\system32\svchost.exe
O23 - Service: @%SystemRoot%\system32\wecsvc.dll,-200 (Wecsvc) - Unknown owner - C:\Windows\system32\svchost.exe
O23 - Service: @%SystemRoot%\System32\wercplsupport.dll,-101 (wercplsupport) - Unknown owner - C:\Windows\System32\svchost.exe
O23 - Service: @%SystemRoot%\System32\wersvc.dll,-100 (WerSvc) - Unknown owner - C:\Windows\System32\svchost.exe
O23 - Service: @%ProgramFiles%\Windows Defender\MsMpRes.dll,-103 (WinDefend) - Unknown owner - C:\Windows\System32\svchost.exe
O23 - Service: @%SystemRoot%\system32\winhttp.dll,-100 (WinHttpAutoProxySvc) - Unknown owner - C:\Windows\system32\svchost.exe
O23 - Service: @%Systemroot%\system32\wbem\wmisvc.dll,-205 (Winmgmt) - Unknown owner - C:\Windows\system32\svchost.exe
O23 - Service: @%Systemroot%\system32\wsmsvc.dll,-101 (WinRM) - Unknown owner - C:\Windows\System32\svchost.exe
O23 - Service: @%SystemRoot%\System32\wlansvc.dll,-257 (Wlansvc) - Unknown owner - C:\Windows\system32\svchost.exe
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe
O23 - Service: @%ProgramFiles%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files\Windows Media Player\wmpnetwk.exe
O23 - Service: @%SystemRoot%\system32\wpcsvc.dll,-100 (WPCSvc) - Unknown owner - C:\Windows\system32\svchost.exe
O23 - Service: @%SystemRoot%\system32\wpdbusenum.dll,-100 (WPDBusEnum) - Unknown owner - C:\Windows\system32\svchost.exe
O23 - Service: @c:\Windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe,-100 (WPFFontCache_v0400) - Unknown owner - C:\Windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe
O23 - Service: @%SystemRoot%\System32\wscsvc.dll,-200 (wscsvc) - Unknown owner - C:\Windows\System32\svchost.exe
O23 - Service: @%systemroot%\system32\SearchIndexer.exe,-103 (WSearch) - Unknown owner - C:\Windows\system32\SearchIndexer.exe
O23 - Service: Windows Update (wuauserv) - Unknown owner - C:\Windows\system32\svchost.exe
O23 - Service: @%SystemRoot%\system32\wudfsvc.dll,-1000 (wudfsvc) - Unknown owner - C:\Windows\system32\svchost.exe

--
End of file - 27473 bytes


Thanks in advance for your help :thumbsup:
  • 0

Advertisements


#2
pystryker

pystryker

    Trusted Helper

  • Malware Removal
  • 3,886 posts
Hello and welcome to Geeks to Go! My nickname is Pystryker :) , and I will be helping you with your issue today.

Please note: I am currently in training and all my fixes must be approved by my teacher before being posted. This gives you the advantage of having two people working to solve your problems.

Before we get started, I have a few things I need to go over with you

  • Please do not install any new software during the cleaning process other than the tools I provide for you. This can hinder the cleaning process.
  • Please subscribe to this topic. By subscribing, the board will notify you when a new reply is added to your topic. You can find instructions on how to do that by clicking here.
  • If any of your security programs give you a warning about any tool I ask you to use, please do not worry. All the links and tools I provide to you will be safe.
  • Please read through my instructions carefully and completely before executing them.
  • Please make sure that all the programs I ask you to download are downloaded to and run from your Desktop.
  • Please make sure you print out these instructions so that you will be able to refer to them while working on your machine. Part of the solution(s) to your problem may involve us working in Safe Mode and you will need them to go by.
  • Please do not run any tools other than the ones I ask you to, when I ask you to. Some of these tools can be very dangerous if used improperly. Also, if you use a tool that I have not requested you use, it can cause false positives, thereby delaying the complete cleaning of your machine.
  • Please read through my instructions carefully and make sure you complete them from start to finish. I will make sure that I lay the instructions out in a step by step order to make them easy to follow
  • This is a complicated process. It requires several steps, patience, and careful following of my instructions in the order they are given to diagnose your problems to get your machine back in working order.
  • Please stay with me until the end of all steps and procedures and I declare your system clean. Just because there is a lack of symptoms does not indicate a clean machine. I promise to do the same for you.
  • Please make sure you reply within 3 days to my responses, if there is no reply within 3 days, the topic will be closed and you will need to request the topic be reopened.
  • Before we get started, please remember we will do our best to get your machine repaired. However, there are some cases where the only solution is a reformat and reinstall of the operating system. This is a worst case scenario though.
  • It is impossible for me to know what interactions may happen between your computer's software and the tools we will use to clean your machine. Therefore, I highly recommend you backup any critical personal files on your machine before we start.
  • If possible, please have your original Windows installation disks handy, just in case.
  • If you have any questions at all, please don't hesitate to ask. There's no such thing as a stupid question when dealing with malware.
  • If you are unsure of an instruction I give you, or if something unexepected occurs, Do NOT proceed! Stop and ask for clarification of the instruction or tell me what occurred.
  • Please copy and paste the contents of any requested logs in your replies. Do not attach the log files in your replies unless requested to do so.
  • Please remember, the fixes are for your machine and your machine ONLY!



Once we have cleaned your machine, we'll have some cleanup and prevention steps to go through. We will also provide you with some information about how to reduce your chances of infection and get some protections in place to help defend you against this in the future

Please be patient while I am analyzing your logs. I know you are probably scared and very frustrated with this problem, but I am a volunteer and sometimes life does get in the way. :)

Now, let's get started, shall we? :thumbsup:


Hello :) We no longer use Hijack This as it doesn't give us enough information anymore. Please follow the steps below and we'll take a look at what's going on with your machine.


What symptoms is your machine experiencing?




Step 1: Download and scan with OTL


Download OTL

Download OTL to your desktop by clicking here. If for some reason, that link is not working, please click here for a secondary site.

  • Close any open windows and then double click (Vista, Windows 7, 8, right click and then click Run as Administrator) the icon to start OTL.
  • Please make sure the following boxes are checked.
  • Scan All Users
  • Use Company-Name WhiteList
  • Skip Microsoft Files
  • Use No-Company-Name Whitelist
  • LOP Check
  • Purity Check
  • Please check Use Safelist is checked under Extra Registry.
  • Copy the contents of the quote box below Do not copy the word quote! and paste them into the Custom Scans/Fixes box at the bottom of OTL's control panel.

    %SYSTEMDRIVE%\*.exe
    /md5start
    services.*
    explorer.exe
    winlogon.exe
    Userinit.exe
    svchost.exe
    /md5stop
    dir "%systemdrive%\*" /S /A:L /C

  • Click the Run Scan button.

Posted Image

  • Please do not interrupt the scanning process. It may take a while to complete the scan, so please be patient. :)
  • When the scan is finished, it will generate 2 logs, OTL.txt and Extras.txt, each in a Notepad window. Both of these logs are saved in the same location as OTL. In this case, on your desktop.
  • Please post each log in your next reply.



Step 2: Download and scan with aswMBR


  • Please download aswMBR.exe to your desktop.
  • Double click the file to run it.
  • It will ask if you want to download the latest Avast! virus definitions, please answer yes.

Posted Image

  • Click the Scan button to begin the scan.

Posted Image

  • Once the scan has finished, click on Save Log, save it to your desktop as asw.txt, and please post it in your next reply.
  • Click Exit

Things I need to see in your next post:

  • OTL Log
  • OTL Extras Log
  • aswMBR Log
  • What symptoms is your machine experiencing?

  • 0

#3
Geekl33t

Geekl33t

    Member

  • Topic Starter
  • Member
  • PipPip
  • 22 posts
Hey Pystryker

Thanks for your help that I really appriciated :thumbsup:

I did what you asked me to do so here are the logs:

OTL log:

OTL logfile created on: 27/11/2013 13:57:15 - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Portable\Desktop
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 0000080C | Country: Belgique | Language: FRB | Date Format: d/MM/yyyy

2,93 Gb Total Physical Memory | 1,44 Gb Available Physical Memory | 49,06% Memory free
6,08 Gb Paging File | 4,56 Gb Available in Paging File | 75,02% Paging File free
Paging file location(s): ?:\pagefile.sys

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 287,23 Gb Total Space | 193,50 Gb Free Space | 67,37% Space Free | Partition Type: NTFS
Drive D: | 10,86 Gb Total Space | 1,73 Gb Free Space | 15,92% Space Free | Partition Type: NTFS

Computer Name: PC-DE-PORTABLE | User Name: Portable | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2013/11/27 13:39:52 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Portable\Desktop\OTL.exe
PRC - [2013/11/16 13:23:44 | 003,568,312 | ---- | M] (AVAST Software) -- C:\Program Files\AVAST Software\Avast\AvastUI.exe
PRC - [2013/11/16 13:23:43 | 000,050,344 | ---- | M] (AVAST Software) -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe
PRC - [2013/11/16 13:23:20 | 000,116,776 | ---- | M] (AVAST Software) -- C:\Program Files\AVAST Software\Avast\afwServ.exe
PRC - [2013/10/01 13:14:40 | 005,087,584 | ---- | M] (TeamViewer GmbH) -- C:\Program Files\TeamViewer\Version8\TeamViewer_Service.exe
PRC - [2013/09/25 13:23:10 | 003,261,680 | ---- | M] (Tenable Network Security, Inc) -- C:\Program Files\Tenable\Nessus\nessusd.exe
PRC - [2013/09/25 13:20:24 | 000,017,136 | ---- | M] (Tenable Network Security, Inc) -- C:\Program Files\Tenable\Nessus\nessus-service.exe
PRC - [2013/09/08 17:25:06 | 001,786,704 | ---- | M] (CybelSoft) -- C:\Program Files\ma-config.com\MaConfigAgent.exe
PRC - [2013/04/04 13:50:32 | 000,701,512 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
PRC - [2013/04/04 13:50:32 | 000,532,040 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe
PRC - [2013/04/04 13:50:32 | 000,418,376 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe
PRC - [2012/08/15 14:18:40 | 000,357,016 | ---- | M] (VMware, Inc.) -- C:\Windows\System32\vmnetdhcp.exe
PRC - [2012/08/15 14:18:06 | 000,104,088 | ---- | M] (VMware, Inc.) -- C:\Program Files\VMware\VMware Workstation\vmware-tray.exe
PRC - [2012/08/15 14:17:26 | 000,435,864 | ---- | M] (VMware, Inc.) -- C:\Windows\System32\vmnat.exe
PRC - [2012/08/15 13:36:34 | 015,680,000 | ---- | M] () -- C:\Program Files\VMware\VMware Workstation\vmware-hostd.exe
PRC - [2012/08/15 12:19:58 | 000,079,872 | ---- | M] (VMware, Inc.) -- C:\Program Files\VMware\VMware Workstation\vmware-authd.exe
PRC - [2012/08/01 16:10:26 | 000,719,512 | ---- | M] (VMware, Inc.) -- C:\Program Files\Common Files\VMware\USB\vmware-usbarbitrator.exe
PRC - [2011/12/14 15:57:02 | 001,212,224 | ---- | M] (TuneUp Software) -- C:\Program Files\TuneUp Utilities 2012\TuneUpUtilitiesApp32.exe
PRC - [2011/12/14 15:57:00 | 001,514,304 | ---- | M] (TuneUp Software) -- C:\Program Files\TuneUp Utilities 2012\TuneUpUtilitiesService32.exe
PRC - [2009/06/03 20:43:18 | 000,450,652 | ---- | M] (IDT, Inc.) -- C:\Program Files\IDT\WDM\sttray.exe
PRC - [2009/06/03 20:43:18 | 000,217,170 | ---- | M] (IDT, Inc.) -- C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_827e372d\stacsv.exe
PRC - [2009/04/11 07:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2008/12/23 16:18:20 | 000,365,952 | ---- | M] () -- C:\Program Files\SMINST\BLService.exe
PRC - [2008/01/21 03:23:32 | 001,008,184 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Defender\MSASCui.exe


========== Modules (No Company Name) ==========

MOD - [2013/11/16 13:23:50 | 019,336,120 | ---- | M] () -- C:\Program Files\AVAST Software\Avast\libcef.dll
MOD - [2013/10/12 10:14:31 | 000,978,944 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\f453ecc6bb7fc8d52d61247676944623\System.Configuration.ni.dll
MOD - [2013/10/12 10:09:43 | 012,434,432 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\73d9bc894522543b561a0342dac87c06\System.Windows.Forms.ni.dll
MOD - [2013/09/18 12:23:10 | 000,998,400 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Management\e77e7cdf3072d5a658832b8863ff439e\System.Management.ni.dll
MOD - [2013/09/17 15:53:03 | 005,462,016 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\09f5b3f7a363b742a73937e818595597\System.Xml.ni.dll
MOD - [2013/09/17 15:52:19 | 001,593,344 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\c0df7e124d8d5e2821fd7d3921d404f7\System.Drawing.ni.dll
MOD - [2013/09/17 15:50:12 | 007,977,984 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System\d7153acb7b6ccb5a6a886d6f0ab732b1\System.ni.dll
MOD - [2013/09/17 15:49:05 | 011,497,984 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\6a938df70a8b7996a3890b4f34c83906\mscorlib.ni.dll
MOD - [2013/08/07 20:25:24 | 000,093,696 | ---- | M] () -- C:\Program Files\FileZilla FTP Client\fzshellext.dll
MOD - [2012/11/09 04:02:18 | 001,752,576 | ---- | M] () -- C:\PROGRA~1\FILESH~1\fsshell.dll
MOD - [2011/05/28 22:04:56 | 000,140,288 | ---- | M] () -- C:\Program Files\WinRAR\rarext.dll
MOD - [2008/09/23 17:21:22 | 000,066,856 | ---- | M] () -- C:\Program Files\HP\QuickPlay\Kernel\Common\MCEMediaStatus.dll
MOD - [2007/08/14 13:59:54 | 006,365,184 | ---- | M] () -- C:\Program Files\Common Files\LightScribe\QtGui4.dll
MOD - [2007/07/12 13:55:52 | 000,131,072 | ---- | M] () -- C:\Program Files\Common Files\LightScribe\plugins\imageformats\qjpeg4.dll
MOD - [2007/07/12 13:55:28 | 001,581,056 | ---- | M] () -- C:\Program Files\Common Files\LightScribe\QtCore4.dll


========== Services (SafeList) ==========

SRV - [2013/11/16 13:23:43 | 000,050,344 | ---- | M] (AVAST Software) [Auto | Running] -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe -- (avast! Antivirus)
SRV - [2013/11/16 13:23:20 | 000,116,776 | ---- | M] (AVAST Software) [Auto | Running] -- C:\Program Files\AVAST Software\Avast\afwServ.exe -- (avast! Firewall)
SRV - [2013/10/01 13:14:40 | 005,087,584 | ---- | M] (TeamViewer GmbH) [Auto | Running] -- C:\Program Files\TeamViewer\Version8\TeamViewer_Service.exe -- (TeamViewer8)
SRV - [2013/09/25 13:20:24 | 000,017,136 | ---- | M] (Tenable Network Security, Inc) [Auto | Running] -- C:\Program Files\Tenable\Nessus\nessus-service.exe -- (Tenable Nessus)
SRV - [2013/09/08 17:25:06 | 001,786,704 | ---- | M] (CybelSoft) [Auto | Running] -- C:\Program Files\ma-config.com\MaConfigAgent.exe -- (MaConfigAgent)
SRV - [2013/09/05 09:34:30 | 000,171,680 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files\Skype\Updater\Updater.exe -- (SkypeUpdate)
SRV - [2013/04/04 13:50:32 | 000,701,512 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)
SRV - [2013/04/04 13:50:32 | 000,418,376 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe -- (MBAMScheduler)
SRV - [2012/08/15 14:18:40 | 000,357,016 | ---- | M] (VMware, Inc.) [Auto | Running] -- C:\Windows\System32\vmnetdhcp.exe -- (VMnetDHCP)
SRV - [2012/08/15 14:17:26 | 000,435,864 | ---- | M] (VMware, Inc.) [Auto | Running] -- C:\Windows\System32\vmnat.exe -- (VMware NAT Service)
SRV - [2012/08/15 13:36:34 | 015,680,000 | ---- | M] () [Auto | Running] -- C:\Program Files\VMware\VMware Workstation\vmware-hostd.exe -- (VMwareHostd)
SRV - [2012/08/15 12:19:58 | 000,079,872 | ---- | M] (VMware, Inc.) [Auto | Running] -- C:\Program Files\VMware\VMware Workstation\vmware-authd.exe -- (VMAuthdService)
SRV - [2012/08/01 16:10:26 | 000,719,512 | ---- | M] (VMware, Inc.) [Auto | Running] -- C:\Program Files\Common Files\VMware\USB\vmware-usbarbitrator.exe -- (VMUSBArbService)
SRV - [2012/05/03 18:30:00 | 004,696,760 | ---- | M] (INCA Internet Co., Ltd.) [On_Demand | Stopped] -- C:\Windows\System32\GameMon.des -- (npggsvc)
SRV - [2012/02/26 15:42:28 | 000,632,320 | ---- | M] (FileZilla Project) [Disabled | Stopped] -- C:\Program Files\FileZilla Server\FileZilla Server.exe -- (FileZilla Server)
SRV - [2011/12/14 15:57:00 | 001,514,304 | ---- | M] (TuneUp Software) [Auto | Running] -- C:\Program Files\TuneUp Utilities 2012\TuneUpUtilitiesService32.exe -- (TuneUp.UtilitiesSvc)
SRV - [2011/12/14 15:56:50 | 000,028,992 | ---- | M] (TuneUp Software) [Auto | Running] -- C:\Windows\System32\uxtuneup.dll -- (UxTuneUp)
SRV - [2010/06/25 18:07:20 | 000,117,264 | ---- | M] (CACE Technologies, Inc.) [On_Demand | Stopped] -- C:\Program Files\WinPcap\rpcapd.exe -- (rpcapd)
SRV - [2009/06/03 20:43:18 | 000,217,170 | ---- | M] (IDT, Inc.) [Auto | Running] -- C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_827e372d\stacsv.exe -- (STacSV)
SRV - [2009/03/31 09:39:36 | 000,233,472 | ---- | M] (Teruten) [Disabled | Stopped] -- C:\Windows\System32\FsUsbExService.Exe -- (FsUsbExService)
SRV - [2008/12/23 16:18:20 | 000,365,952 | ---- | M] () [Auto | Running] -- C:\Program Files\SMINST\BLService.exe -- (Recovery Service for Windows)
SRV - [2008/11/08 15:11:10 | 001,238,344 | ---- | M] (Famatech International Corp.) [Disabled | Stopped] -- C:\Windows\System32\rserver30\RServer3.exe -- (RServer3)
SRV - [2008/04/07 09:17:30 | 000,430,592 | ---- | M] (Nokia.) [On_Demand | Stopped] -- C:\Program Files\PC Connectivity Solution\ServiceLayer.exe -- (ServiceLayer)
SRV - [2008/02/03 12:00:00 | 000,129,992 | ---- | M] (EasyBits Sofware AS) [Auto | Running] -- C:\Windows\System32\ezsvc7.dll -- (ezSharedSvc)
SRV - [2008/01/21 03:23:32 | 000,272,952 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\mpsvc.dll -- (WinDefend)


========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\VBoxNetFlt.sys -- (VBoxNetFlt)
DRV - File not found [Kernel | System | Stopped] -- C:\Windows\system32\drivers\NIS\1000000.07D\SRTSPX.SYS -- (SRTSPX)
DRV - File not found [File_System | System | Stopped] -- C:\Windows\system32\drivers\NIS\1000000.07D\SRTSP.SYS -- (SRTSP)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\nwlnkfwd.sys -- (NwlnkFwd)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\nwlnkflt.sys -- (NwlnkFlt)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\VirusDefs\20080829.024\NAVEX15.SYS -- (NAVEX15)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\VirusDefs\20080829.024\NAVENG.SYS -- (NAVENG)
DRV - File not found [Kernel | Auto | Stopped] -- C:\Program Files\LogMeIn\x86\RaInfo.sys -- (LMIInfo)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\ipinip.sys -- (IpInIp)
DRV - [2013/11/19 01:01:48 | 000,247,192 | ---- | M] (AVAST Software) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\aswndis2.sys -- (aswNdis2)
DRV - [2013/11/16 13:23:57 | 000,774,392 | ---- | M] (AVAST Software) [File_System | System | Running] -- C:\Windows\System32\drivers\aswSnx.sys -- (aswSnx)
DRV - [2013/11/16 13:23:57 | 000,403,440 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\System32\drivers\aswSP.sys -- (aswSP)
DRV - [2013/11/16 13:23:57 | 000,178,304 | ---- | M] () [Kernel | Boot | Running] -- C:\Windows\System32\drivers\aswVmm.sys -- (aswVmm)
DRV - [2013/11/16 13:23:57 | 000,057,672 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\System32\drivers\aswTdi.sys -- (aswTdi)
DRV - [2013/11/16 13:23:57 | 000,049,944 | ---- | M] () [Kernel | Boot | Running] -- C:\Windows\System32\drivers\aswRvrt.sys -- (aswRvrt)
DRV - [2013/11/16 13:23:56 | 000,070,384 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\Windows\System32\drivers\aswMonFlt.sys -- (aswMonFlt)
DRV - [2013/11/16 13:23:56 | 000,054,832 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\System32\drivers\aswRdr.sys -- (aswRdr)
DRV - [2013/11/16 13:23:56 | 000,035,656 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\Windows\System32\drivers\aswFsBlk.sys -- (aswFsBlk)
DRV - [2013/11/16 13:23:29 | 000,026,136 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\System32\drivers\aswKbd.sys -- (aswKbd)
DRV - [2013/11/16 13:23:20 | 000,012,112 | ---- | M] (ALWIL Software) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\aswNdis.sys -- (aswNdis)
DRV - [2013/10/24 12:40:36 | 000,086,888 | ---- | M] (LogMeIn, Inc.) [File_System | Disabled | Stopped] -- C:\Windows\System32\LMIRfsClientNP.dll -- (LMIRfsClientNP)
DRV - [2013/10/19 16:21:43 | 000,038,112 | ---- | M] (Tenable Network Security, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\NessusMp60.sys -- (NessusMp60)
DRV - [2013/05/02 05:23:48 | 000,123,648 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ss_bmdm.sys -- (ss_bmdm)
DRV - [2013/05/02 05:23:48 | 000,098,432 | ---- | M] (MCCI) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ss_bbus.sys -- (ss_bbus)
DRV - [2013/05/02 05:23:48 | 000,014,848 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ss_bmdfl.sys -- (ss_bmdfl)
DRV - [2013/05/02 05:23:42 | 000,153,672 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ssadmdm.sys -- (ssadmdm)
DRV - [2013/05/02 05:23:42 | 000,136,904 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ssadbus.sys -- (ssadbus)
DRV - [2013/05/02 05:23:42 | 000,032,064 | ---- | M] (Google Inc) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ssadadb.sys -- (androidusb)
DRV - [2013/05/02 05:23:42 | 000,017,864 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ssadmdfl.sys -- (ssadmdfl)
DRV - [2013/04/30 10:57:02 | 000,047,640 | ---- | M] (LogMeIn, Inc.) [File_System | Auto | Running] -- C:\Windows\System32\drivers\LMIRfsDriver.sys -- (LMIRfsDriver)
DRV - [2013/04/12 11:33:02 | 000,104,720 | ---- | M] (Oracle Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\VBoxNetAdp.sys -- (VBoxNetAdp)
DRV - [2013/04/12 11:32:06 | 000,084,752 | ---- | M] (Oracle Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\VBoxUSB.sys -- (VBoxUSB)
DRV - [2013/04/04 13:50:32 | 000,022,856 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\Windows\System32\drivers\mbam.sys -- (MBAMProtector)
DRV - [2012/12/20 13:02:49 | 000,242,240 | ---- | M] (DT Soft Ltd) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\dtsoftbus01.sys -- (dtsoftbus01)
DRV - [2012/08/15 14:18:38 | 000,061,848 | ---- | M] (VMware, Inc.) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\vmx86.sys -- (vmx86)
DRV - [2012/08/15 14:18:28 | 000,025,752 | ---- | M] (VMware, Inc.) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\vmnetuserif.sys -- (VMnetuserif)
DRV - [2012/08/15 14:16:50 | 000,037,016 | ---- | M] (VMware, Inc.) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\vmnetbridge.sys -- (VMnetBridge)
DRV - [2012/08/15 14:16:48 | 000,016,664 | ---- | M] (VMware, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\vmnetadapter.sys -- (VMnetAdapter)
DRV - [2012/08/01 16:10:30 | 000,041,496 | ---- | M] (VMware, Inc.) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\hcmon.sys -- (hcmon)
DRV - [2012/08/01 16:10:24 | 000,031,280 | ---- | M] (VMware, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\vmusb.sys -- (vmusb)
DRV - [2012/07/06 11:29:26 | 000,071,152 | ---- | M] (VMware, Inc.) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\vmci.sys -- (vmci)
DRV - [2012/07/06 11:29:26 | 000,061,296 | ---- | M] (VMware, Inc.) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\vsock.sys -- (vsock)
DRV - [2011/12/15 19:29:42 | 000,026,624 | ---- | M] (The OpenVPN Project) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\tap0901.sys -- (tap0901)
DRV - [2011/10/13 17:33:58 | 000,010,064 | ---- | M] (TuneUp Software) [Kernel | On_Demand | Running] -- C:\Program Files\TuneUp Utilities 2012\TuneUpUtilitiesDriver32.sys -- (TuneUpUtilitiesDrv)
DRV - [2011/08/10 15:39:48 | 000,045,288 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\dc3d.sys -- (dc3d)
DRV - [2011/07/21 19:55:50 | 000,016,640 | ---- | M] (CybelSoft) [Kernel | On_Demand | Stopped] -- C:\Program Files\ma-config.com\Drivers\driverhardwarev2.sys -- (driverhardwarev2)
DRV - [2011/07/12 08:36:28 | 000,022,768 | ---- | M] (VMware, Inc.) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\vstor2-mntapi10-shared.sys -- (vstor2-mntapi10-shared)
DRV - [2010/07/01 18:11:24 | 000,012,352 | ---- | M] () [Kernel | Unavailable | Unknown] -- C:\Program Files\Unlocker\UnlockerDriver5.sys -- (UnlockerDriver5)
DRV - [2010/06/25 18:07:14 | 000,035,088 | ---- | M] (CACE Technologies, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\npf.sys -- (NPF)
DRV - [2009/09/30 13:53:12 | 001,184,768 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\athr.sys -- (athr)
DRV - [2009/06/03 20:43:18 | 000,407,040 | ---- | M] (IDT, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\stwrt.sys -- (STHDA)
DRV - [2009/03/31 09:39:36 | 000,036,608 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\System32\FsUsbExDisk.Sys -- (FsUsbExDisk)
DRV - [2008/12/23 12:47:52 | 000,138,240 | ---- | M] (Realtek Corporation ) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\Rtlh86.sys -- (RTL8169)
DRV - [2008/09/22 06:49:36 | 000,112,128 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\IntcHdmi.sys -- (IntcHdmiAddService)
DRV - [2008/04/24 06:49:26 | 000,045,848 | ---- | M] (Famatech International Corp.) [Kernel | System | Running] -- C:\Windows\System32\rserver30\raddrvv3.sys -- (raddrvv3)
DRV - [2008/01/21 03:23:20 | 002,225,664 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\NETw3v32.sys -- (NETw3v32)
DRV - [2007/09/17 15:53:26 | 000,021,632 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\pccsmcfd.sys -- (pccsmcfd)
DRV - [2007/06/18 16:12:04 | 000,016,768 | ---- | M] (Hewlett-Packard Development Company, L.P.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\HpqKbFiltr.sys -- (HpqKbFiltr)
DRV - [2006/11/01 04:01:56 | 000,003,328 | ---- | M] (Famatech International Corp.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\rminiv3.sys -- (mirrorv3)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.h...resario&pf=cnnb
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.h...resario&pf=cnnb
IE - HKLM\..\SearchScopes,DefaultScope =
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...ms}&FORM=IE8SRC
IE - HKLM\..\SearchScopes\{06CFEDC0-41F4-4152-B070-C14DD6C23DE6}: "URL" = http://slirsredirect...hpcnnbie7-fr-be
IE - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.co...g}&sourceid=ie7
IE - HKLM\..\SearchScopes\{8E169268-D370-4639-9190-BFE5EDFC4A98}: "URL" = http://fr.search.yah...p06&type=ie2008
IE - HKLM\..\SearchScopes\{993f1df9-4ef3-450c-bf9c-f312f7be85d0}: "URL" = http://search.mywebs...r={searchTerms}
IE - HKLM\..\SearchScopes\{FA417BC8-796B-484F-826A-851B72200CCE}: "URL" = http://be.kelkoopart...tnerId=96913939


IE - HKU\.DEFAULT\..\SearchScopes,DefaultScope =
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\..\SearchScopes,DefaultScope =
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-19\..\SearchScopes,DefaultScope =
IE - HKU\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-20\..\SearchScopes,DefaultScope =

IE - HKU\S-1-5-21-2259745054-535292464-177051247-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = Preserve
IE - HKU\S-1-5-21-2259745054-535292464-177051247-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.bing.com
IE - HKU\S-1-5-21-2259745054-535292464-177051247-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://be.msn.com/de...fr-be&ocid=iehp
IE - HKU\S-1-5-21-2259745054-535292464-177051247-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = fr-be
IE - HKU\S-1-5-21-2259745054-535292464-177051247-1000\..\SearchScopes,DefaultScope = {9D5BD211-422C-4164-9298-BB4186A30F31}
IE - HKU\S-1-5-21-2259745054-535292464-177051247-1000\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...Box&FORM=IE8SRC
IE - HKU\S-1-5-21-2259745054-535292464-177051247-1000\..\SearchScopes\{06CFEDC0-41F4-4152-B070-C14DD6C23DE6}: "URL" = http://slirsredirect...hpcnnbie7-fr-be
IE - HKU\S-1-5-21-2259745054-535292464-177051247-1000\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.bing.com/...ms}&FORM=IE8SRC
IE - HKU\S-1-5-21-2259745054-535292464-177051247-1000\..\SearchScopes\{8E169268-D370-4639-9190-BFE5EDFC4A98}: "URL" = http://fr.search.yah...p06&type=ie2008
IE - HKU\S-1-5-21-2259745054-535292464-177051247-1000\..\SearchScopes\{993f1df9-4ef3-450c-bf9c-f312f7be85d0}: "URL" = http://search.mywebs...r={searchTerms}
IE - HKU\S-1-5-21-2259745054-535292464-177051247-1000\..\SearchScopes\{9D5BD211-422C-4164-9298-BB4186A30F31}: "URL" = http://www.bing.com/...-FR&form=IE0004
IE - HKU\S-1-5-21-2259745054-535292464-177051247-1000\..\SearchScopes\{FA417BC8-796B-484F-826A-851B72200CCE}: "URL" = http://be.kelkoopart...tnerId=96913939
IE - HKU\S-1-5-21-2259745054-535292464-177051247-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-2259745054-535292464-177051247-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local>


========== FireFox ==========

FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@haihaisoft/HPReader_Plugin: C:\Program Files\Haihaisoft PDF Reader\npHPReader.dll (Haihaisoft)
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.17.2: C:\Windows\system32\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.17.2: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.20913.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeLive,version=1.5: C:\Program Files\Microsoft\Office Live\npOLW.dll ()
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3555.0308: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.165\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.165\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.0.1: C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF - HKCU\Software\MozillaPlugins\@haihaisoft/HPReader_Plugin: C:\Program Files\Haihaisoft PDF Reader\npHPReader.dll (Haihaisoft)
FF - HKCU\Software\MozillaPlugins\@Skype Limited.com/Facebook Video Calling Plugin: C:\Users\Portable\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll (Skype Limited)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files\AVAST Software\Avast\WebRep\FF [2013/11/16 13:24:07 | 000,000,000 | ---D | M]

[2012/10/06 20:19:19 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Portable\AppData\Roaming\mozilla\Firefox\extensions
[2012/10/06 20:19:28 | 000,000,000 | ---D | M] (BittorrentBar_FR) -- C:\Users\Portable\AppData\Roaming\mozilla\Firefox\extensions\{ef79f67a-6ad7-4715-a0f8-932fca442023}

========== Chrome ==========

CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:originalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}{google:bookmarkBarPinned}{google:searchClient}{google:sourceId}{google:instantExtendedEnabledParameter}{google:omniboxStartMarginParameter}ie={inputEncoding}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client={google:suggestClient}&q={searchTerms}&{google:cursorPosition}{google:zeroPrefixUrl}{google:pageClassification}sugkey={google:suggestAPIKeyParameter},
CHR - Extension: Documents Google = C:\Users\Portable\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.5_0\
CHR - Extension: Google\u00A0Drive = C:\Users\Portable\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.3_0\
CHR - Extension: YouTube = C:\Users\Portable\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.6_0\
CHR - Extension: Recherche Google = C:\Users\Portable\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.20_0\
CHR - Extension: avast! Online Security = C:\Users\Portable\AppData\Local\Google\Chrome\User Data\Default\Extensions\gomekmidlodglbbmalcneegieacbdmki\9.0.2005.45_0\
CHR - Extension: Google\u00A0Wallet = C:\Users\Portable\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.5.0_0\
CHR - Extension: Gmail = C:\Users\Portable\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\

O1 HOSTS File: ([2013/03/26 14:03:39 | 000,000,759 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2 - BHO: (Java™ Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (avast! Online Security) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
O2 - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O3 - HKLM\..\Toolbar: (avast! Online Security) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
O3 - HKU\S-1-5-21-2259745054-535292464-177051247-1000\..\Toolbar\WebBrowser: (no name) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No CLSID value found.
O4 - HKLM..\Run: [20131121] C:\Program Files\AVAST Software\Avast\setup\emupdate\48f54678-fe67-43ee-8c52-4f4907c9cc78.exe (AVAST Software)
O4 - HKLM..\Run: [APSDaemon] C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [AvastUI.exe] C:\Program Files\AVAST Software\Avast\AvastUI.exe (AVAST Software)
O4 - HKLM..\Run: [FileZilla Server Interface] C:\Program Files\FileZilla Server\FileZilla Server Interface.exe (FileZilla Project)
O4 - HKLM..\Run: [SysTrayApp] C:\Program Files\IDT\WDM\sttray.exe (IDT, Inc.)
O4 - HKLM..\Run: [UpdateLBPShortCut] C:\Program Files\CyberLink\LabelPrint\MUITransfer\MUIStartMenu.exe (CyberLink Corp.)
O4 - HKLM..\Run: [UpdateP2GoShortCut] C:\Program Files\CyberLink\Power2Go\MUITransfer\MUIStartMenu.exe (CyberLink Corp.)
O4 - HKLM..\Run: [UpdatePDIRShortCut] C:\Program Files\CyberLink\PowerDirector\MUITransfer\MUIStartMenu.exe (CyberLink Corp.)
O4 - HKLM..\Run: [UpdatePSTShortCut] C:\Program Files\CyberLink\DVD Suite\MUITransfer\MUIStartMenu.exe (CyberLink Corp.)
O4 - HKLM..\Run: [vmware-tray.exe] C:\Program Files\VMware\VMware Workstation\vmware-tray.exe (VMware, Inc.)
O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
O4 - HKU\S-1-5-19..\Run: [WindowsWelcomeCenter] C:\Windows\System32\oobefldr.dll (Microsoft Corporation)
O4 - HKU\S-1-5-20..\Run: [WindowsWelcomeCenter] C:\Windows\System32\oobefldr.dll (Microsoft Corporation)
O4 - HKU\S-1-5-21-2259745054-535292464-177051247-1000..\Run: [DAEMON Tools Lite] C:\Program Files\DAEMON Tools Lite\DTLite.exe (DT Soft Ltd)
O4 - HKU\S-1-5-21-2259745054-535292464-177051247-1000..\Run: [DriverScanner] C:\Program Files\Uniblue\DriverScanner\launcher.exe (Uniblue Systems Limited)
O4 - HKU\S-1-5-21-2259745054-535292464-177051247-1000..\Run: [Facebook Update] C:\Users\Portable\AppData\Local\Facebook\Update\FacebookUpdate.exe (Facebook Inc.)
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000005 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000011 - C:\Windows\System32\vsocklib.dll (VMware, Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000012 - C:\Windows\System32\vsocklib.dll (VMware, Inc.)
O13 - gopher Prefix: missing
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Reg Error: Value error.)
O16 - DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_31)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 10.17.2)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{B6351627-FDAF-44F1-BC69-BAC9AC63C67D}: DhcpNameServer = 192.168.1.1
O18 - Protocol\Handler\livecall - No CLSID value found
O18 - Protocol\Handler\msnim - No CLSID value found
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL (Skype Technologies)
O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)
O24 - Desktop WallPaper:
O24 - Desktop BackupWallPaper:
O27 - HKLM IFEO\driverscanner.exe: Debugger - C:\Program Files\TuneUp Utilities 2012\TUAutoReactivator32.exe (TuneUp Software)
O27 - HKLM IFEO\dtlite.exe: Debugger - C:\Program Files\TuneUp Utilities 2012\TUAutoReactivator32.exe (TuneUp Software)
O27 - HKLM IFEO\filezilla server interface.exe: Debugger - C:\Program Files\TuneUp Utilities 2012\TUAutoReactivator32.exe (TuneUp Software)
O27 - HKLM IFEO\filezilla server.exe: Debugger - C:\Program Files\TuneUp Utilities 2012\TUAutoReactivator32.exe (TuneUp Software)
O27 - HKLM IFEO\labelprint.exe: Debugger - C:\Program Files\TuneUp Utilities 2012\TUAutoReactivator32.exe (TuneUp Software)
O27 - HKLM IFEO\npsguide.exe: Debugger - C:\Program Files\TuneUp Utilities 2012\TUAutoReactivator32.exe (TuneUp Software)
O27 - HKLM IFEO\pdr.exe: Debugger - C:\Program Files\TuneUp Utilities 2012\TUAutoReactivator32.exe (TuneUp Software)
O27 - HKLM IFEO\power2go.exe: Debugger - C:\Program Files\TuneUp Utilities 2012\TUAutoReactivator32.exe (TuneUp Software)
O27 - HKLM IFEO\powerstarter.exe: Debugger - C:\Program Files\TuneUp Utilities 2012\TUAutoReactivator32.exe (TuneUp Software)
O27 - HKLM IFEO\rserver3.exe: Debugger - C:\Program Files\TuneUp Utilities 2012\TUAutoReactivator32.exe (TuneUp Software)
O27 - HKLM IFEO\sptdinst-x86.exe: Debugger - C:\Program Files\TuneUp Utilities 2012\TUAutoReactivator32.exe (TuneUp Software)
O27 - HKLM IFEO\unins000.exe: Debugger - C:\Program Files\TuneUp Utilities 2012\TUAutoReactivator32.exe (TuneUp Software)
O27 - HKLM IFEO\uninstall.exe: Debugger - C:\Program Files\TuneUp Utilities 2012\TUAutoReactivator32.exe (TuneUp Software)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006/09/18 22:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O33 - MountPoints2\{d2e51406-4a97-11e2-aa53-00269e7f71dd}\Shell - "" = AutoRun
O33 - MountPoints2\{d2e51406-4a97-11e2-aa53-00269e7f71dd}\Shell\AutoRun\command - "" = F:\setup.exe
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)

========== Files/Folders - Created Within 30 Days ==========

[2013/11/27 13:46:18 | 000,000,000 | ---D | C] -- C:\Users\Portable\Desktop\Nouveau dossier (2)
[2013/11/27 13:39:48 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\Portable\Desktop\OTL.exe
[2013/11/27 13:39:26 | 004,745,728 | ---- | C] (AVAST Software) -- C:\Users\Portable\Desktop\aswmbr.exe
[2013/11/26 21:43:50 | 000,000,000 | ---D | C] -- C:\Users\Portable\Documents\Any Video Converter Professional
[2013/11/26 21:43:40 | 000,000,000 | ---D | C] -- C:\Users\Portable\AppData\Roaming\AnvSoft
[2013/11/26 21:18:52 | 000,000,000 | ---D | C] -- C:\Users\Portable\AppData\Roaming\VC
[2013/11/26 21:18:52 | 000,000,000 | ---D | C] -- C:\Users\Portable\Documents\TEncoder
[2013/11/19 15:22:56 | 000,000,000 | ---D | C] -- C:\Users\Portable\AppData\Local\{6EB7E24E-0215-4691-98EC-73C7567A1C7F}
[2013/11/18 13:49:31 | 000,000,000 | ---D | C] -- C:\Users\Portable\AppData\Local\{6A91277E-265C-4744-99B1-2FBD6B306167}
[2013/11/17 18:16:11 | 000,000,000 | ---D | C] -- C:\Users\Portable\AppData\Roaming\X-Chat 2
[2013/11/17 18:16:08 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\XChat
[2013/11/17 18:16:08 | 000,000,000 | ---D | C] -- C:\Program Files\xchat
[2013/11/17 15:30:50 | 000,000,000 | ---D | C] -- C:\Users\Portable\AppData\Local\{4422BFB5-F55D-486A-9209-45D50F1C386F}
[2013/11/16 13:29:09 | 000,000,000 | ---D | C] -- C:\Users\Portable\AppData\Roaming\AVAST Software
[2013/11/16 13:28:39 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avast
[2013/11/16 13:24:27 | 000,057,672 | ---- | C] (AVAST Software) -- C:\Windows\System32\drivers\aswTdi.sys
[2013/11/16 13:24:26 | 000,403,440 | ---- | C] (AVAST Software) -- C:\Windows\System32\drivers\aswSP.sys
[2013/11/16 13:24:24 | 000,774,392 | ---- | C] (AVAST Software) -- C:\Windows\System32\drivers\aswSnx.sys
[2013/11/16 13:24:23 | 000,070,384 | ---- | C] (AVAST Software) -- C:\Windows\System32\drivers\aswMonFlt.sys
[2013/11/16 13:24:22 | 000,035,656 | ---- | C] (AVAST Software) -- C:\Windows\System32\drivers\aswFsBlk.sys
[2013/11/16 13:24:20 | 000,054,832 | ---- | C] (AVAST Software) -- C:\Windows\System32\drivers\aswRdr.sys
[2013/11/16 13:24:18 | 000,026,136 | ---- | C] (AVAST Software) -- C:\Windows\System32\drivers\aswKbd.sys
[2013/11/16 13:24:17 | 000,247,192 | ---- | C] (AVAST Software) -- C:\Windows\System32\drivers\aswndis2.sys
[2013/11/16 13:23:53 | 000,043,152 | ---- | C] (AVAST Software) -- C:\Windows\avastSS.scr
[2013/11/16 13:23:20 | 000,012,112 | ---- | C] (ALWIL Software) -- C:\Windows\System32\drivers\aswNdis.sys
[2013/11/16 06:24:15 | 000,000,000 | ---D | C] -- C:\Users\Portable\AppData\Local\{F163BA12-B5EF-49C2-9DAC-F18A17D77E4D}
[2013/11/15 21:52:58 | 000,000,000 | ---D | C] -- C:\Users\Portable\AppData\Roaming\TeamViewer
[2013/11/15 21:45:20 | 000,000,000 | ---D | C] -- C:\Program Files\TeamViewer
[2013/11/15 21:12:59 | 000,031,560 | ---- | C] (LogMeIn, Inc.) -- C:\Windows\System32\LMIport.dll
[2013/11/15 21:12:54 | 000,086,888 | ---- | C] (LogMeIn, Inc.) -- C:\Windows\System32\LMIRfsClientNP.dll
[2013/11/15 21:12:54 | 000,047,640 | ---- | C] (LogMeIn, Inc.) -- C:\Windows\System32\drivers\LMIRfsDriver.sys
[2013/11/15 21:12:47 | 000,085,832 | ---- | C] (LogMeIn, Inc.) -- C:\Windows\System32\LMIinit.dll
[2013/11/15 21:12:05 | 000,000,000 | ---D | C] -- C:\Program Files\LogMeIn
[2013/11/11 05:10:25 | 000,000,000 | ---D | C] -- C:\Users\Portable\AppData\Local\{DA82EAF9-62A0-423D-B1DB-0E947E77D50C}
[2013/11/09 06:25:35 | 000,000,000 | ---D | C] -- C:\Users\Portable\AppData\Local\{F3BD1C20-308C-4789-BE3A-437A9F46A8DB}
[2013/11/05 15:30:10 | 000,000,000 | ---D | C] -- C:\Users\Portable\AppData\Local\{334A1C3F-379B-4653-9A1E-B22FA0C68E9B}
[2013/11/05 02:16:53 | 000,000,000 | ---D | C] -- C:\Users\Portable\AppData\Local\{2AFF0EC9-4215-4180-BCF2-3D2CDBCB6BA3}
[2013/11/04 04:56:14 | 000,000,000 | ---D | C] -- C:\Users\Portable\AppData\Local\{0775C405-F1B5-46EF-8C93-EC982A1CE1B6}
[2013/11/02 05:34:06 | 000,000,000 | ---D | C] -- C:\Users\Portable\AppData\Local\{D8858A87-7FC9-419C-8417-0930552D0CBE}
[2013/11/01 05:17:05 | 000,000,000 | ---D | C] -- C:\Users\Portable\AppData\Local\{254000AF-70AD-4E46-B032-A8225B8D4460}
[2013/10/31 08:50:50 | 006,583,664 | ---- | C] (AVAST Software) -- C:\Program Fil
[2013/10/30 12:44:31 | 000,000,000 | ---D | C] -- C:\ProgramData\rvlkl
[2013/10/30 04:32:03 | 000,000,000 | ---D | C] -- C:\Users\Portable\AppData\Local\{576E0862-AAD6-4A6F-9979-507E70617806}
[2013/10/28 14:16:58 | 000,000,000 | ---D | C] -- C:\Users\Portable\.zenmap

========== Files - Modified Within 30 Days ==========

[2013/11/27 13:39:52 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Portable\Desktop\OTL.exe
[2013/11/27 13:39:36 | 004,745,728 | ---- | M] (AVAST Software) -- C:\Users\Portable\Desktop\aswmbr.exe
[2013/11/27 13:11:00 | 000,001,060 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2013/11/27 13:11:00 | 000,001,056 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2013/11/27 12:59:18 | 000,115,712 | ---- | M] () -- C:\Users\Portable\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2013/11/27 12:34:49 | 000,003,216 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2013/11/27 12:34:49 | 000,003,216 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2013/11/27 11:31:01 | 000,000,940 | ---- | M] () -- C:\Windows\tasks\FacebookUpdateTaskUserS-1-5-21-2259745054-535292464-177051247-1000UA.job
[2013/11/27 08:37:31 | 000,000,256 | ---- | M] () -- C:\ProgramData\hpqp.ini
[2013/11/27 08:36:04 | 000,001,024 | ---- | M] () -- C:\.rnd
[2013/11/27 08:34:45 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2013/11/26 21:52:36 | 001,279,960 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2013/11/26 21:52:36 | 000,751,776 | ---- | M] () -- C:\Windows\System32\perfh00C.dat
[2013/11/26 21:52:36 | 000,721,058 | ---- | M] () -- C:\Windows\System32\perfh013.dat
[2013/11/26 21:52:36 | 000,156,364 | ---- | M] () -- C:\Windows\System32\perfc00C.dat
[2013/11/26 21:52:36 | 000,153,434 | ---- | M] () -- C:\Windows\System32\perfc013.dat
[2013/11/26 21:52:35 | 000,705,836 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2013/11/26 20:31:01 | 000,000,918 | ---- | M] () -- C:\Windows\tasks\FacebookUpdateTaskUserS-1-5-21-2259745054-535292464-177051247-1000Core.job
[2013/11/22 06:15:24 | 165,247,010 | ---- | M] () -- C:\Windows\MEMORY.DMP
[2013/11/19 01:01:48 | 000,247,192 | ---- | M] (AVAST Software) -- C:\Windows\System32\drivers\aswndis2.sys
[2013/11/18 05:42:19 | 000,396,656 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2013/11/16 13:28:39 | 000,001,919 | ---- | M] () -- C:\Users\Public\Desktop\avast! SafeZone.lnk
[2013/11/16 13:28:39 | 000,001,859 | ---- | M] () -- C:\Users\Public\Desktop\avast! Premier.lnk
[2013/11/16 13:23:57 | 000,774,392 | ---- | M] (AVAST Software) -- C:\Windows\System32\drivers\aswSnx.sys
[2013/11/16 13:23:57 | 000,403,440 | ---- | M] (AVAST Software) -- C:\Windows\System32\drivers\aswSP.sys
[2013/11/16 13:23:57 | 000,178,304 | ---- | M] () -- C:\Windows\System32\drivers\aswVmm.sys
[2013/11/16 13:23:57 | 000,057,672 | ---- | M] (AVAST Software) -- C:\Windows\System32\drivers\aswTdi.sys
[2013/11/16 13:23:57 | 000,049,944 | ---- | M] () -- C:\Windows\System32\drivers\aswRvrt.sys
[2013/11/16 13:23:56 | 000,070,384 | ---- | M] (AVAST Software) -- C:\Windows\System32\drivers\aswMonFlt.sys
[2013/11/16 13:23:56 | 000,054,832 | ---- | M] (AVAST Software) -- C:\Windows\System32\drivers\aswRdr.sys
[2013/11/16 13:23:56 | 000,035,656 | ---- | M] (AVAST Software) -- C:\Windows\System32\drivers\aswFsBlk.sys
[2013/11/16 13:23:53 | 000,269,216 | ---- | M] (AVAST Software) -- C:\Windows\System32\aswBoot.exe
[2013/11/16 13:23:53 | 000,043,152 | ---- | M] (AVAST Software) -- C:\Windows\avastSS.scr
[2013/11/16 13:23:29 | 000,026,136 | ---- | M] (AVAST Software) -- C:\Windows\System32\drivers\aswKbd.sys
[2013/11/16 13:23:20 | 000,012,112 | ---- | M] (ALWIL Software) -- C:\Windows\System32\drivers\aswNdis.sys
[2013/11/15 21:45:25 | 000,000,955 | ---- | M] () -- C:\Users\Public\Desktop\TeamViewer 8.lnk
[2013/11/15 05:13:58 | 000,001,969 | ---- | M] () -- C:\Users\Public\Desktop\Google Chrome.lnk
[2013/11/04 21:08:25 | 000,006,756 | ---- | M] () -- C:\Users\Portable\AppData\Local\d3d9caps.dat
[2013/10/31 19:27:59 | 000,000,782 | ---- | M] () -- C:\Users\Portable\Desktop\BitTorrent.lnk
[2013/10/31 19:27:59 | 000,000,762 | ---- | M] () -- C:\Users\Portable\Application Data\Microsoft\Internet Explorer\Quick Launch\BitTorrent.lnk
[2013/10/30 15:18:31 | 697,745,408 | ---- | M] () -- C:\Users\Portable\Desktop\187.Code.Meurtre.Tetar.DVD-RIP-Fr.avi
[2013/10/29 14:19:06 | 000,000,334 | ---- | M] () -- C:\Windows\tasks\HPCeeScheduleForPortable.job

========== Files Created - No Company Name ==========

[2013/11/19 19:46:33 | 165,247,010 | ---- | C] () -- C:\Windows\MEMORY.DMP
[2013/11/18 05:41:57 | 000,396,656 | ---- | C] () -- C:\Windows\System32\FNTCACHE.DAT
[2013/11/16 13:28:39 | 000,001,919 | ---- | C] () -- C:\Users\Public\Desktop\avast! SafeZone.lnk
[2013/11/16 13:28:39 | 000,001,859 | ---- | C] () -- C:\Users\Public\Desktop\avast! Premier.lnk
[2013/11/16 13:24:26 | 000,178,304 | ---- | C] () -- C:\Windows\System32\drivers\aswVmm.sys
[2013/11/16 13:24:25 | 000,049,944 | ---- | C] () -- C:\Windows\System32\drivers\aswRvrt.sys
[2013/11/15 21:45:25 | 000,000,967 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TeamViewer 8.lnk
[2013/11/15 21:45:25 | 000,000,955 | ---- | C] () -- C:\Users\Public\Desktop\TeamViewer 8.lnk
[2013/11/13 06:02:25 | 000,218,228 | ---- | C] () -- C:\Windows\System32\WFP.TMF
[2013/10/31 19:27:59 | 000,000,782 | ---- | C] () -- C:\Users\Portable\Desktop\BitTorrent.lnk
[2013/10/29 20:02:34 | 697,745,408 | ---- | C] () -- C:\Users\Portable\Desktop\187.Code.Meurtre.Tetar.DVD-RIP-Fr.avi
[2013/10/26 14:15:16 | 000,000,218 | ---- | C] () -- C:\Users\Portable\AppData\Local\recently-used.xbel
[2013/10/01 17:56:09 | 000,000,290 | RHS- | C] () -- C:\ProgramData\ntuser.pol
[2013/08/28 22:03:36 | 000,054,272 | ---- | C] () -- C:\Windows\sassr.dat
[2013/08/20 12:29:23 | 000,061,952 | -H-- | C] () -- C:\Windows\System32\sinvfct.dll
[2013/07/18 16:40:42 | 000,110,080 | ---- | C] () -- C:\Windows\sysk32.dll
[2013/06/27 21:26:34 | 000,000,175 | ---- | C] () -- C:\Windows\System32\drivers\aswVmm.sys.sum
[2013/06/27 09:54:47 | 000,000,175 | ---- | C] () -- C:\Windows\System32\drivers\aswSnx.sys.sum
[2013/06/27 09:54:34 | 000,000,175 | ---- | C] () -- C:\Windows\System32\drivers\aswSP.sys.sum
[2013/05/22 19:43:48 | 000,974,848 | ---- | C] () -- C:\Windows\System32\cis-2.4.dll
[2013/05/22 19:43:48 | 000,081,920 | ---- | C] () -- C:\Windows\System32\issacapi_bs-2.3.dll
[2013/05/22 19:43:48 | 000,065,536 | ---- | C] () -- C:\Windows\System32\issacapi_pe-2.3.dll
[2013/05/22 19:43:48 | 000,057,344 | ---- | C] () -- C:\Windows\System32\issacapi_se-2.3.dll
[2013/05/18 19:40:41 | 000,129,024 | ---- | C] () -- C:\Windows\System32\AVERM.dll
[2013/05/18 19:40:41 | 000,028,672 | ---- | C] () -- C:\Windows\System32\AVEQT.dll
[2013/05/18 18:53:36 | 000,178,688 | ---- | C] () -- C:\Windows\System32\unrar.dll
[2013/04/28 14:22:50 | 000,003,153 | ---- | C] () -- C:\Program Files\visit-nosteam.ro.html
[2013/04/28 14:22:50 | 000,000,084 | ---- | C] () -- C:\Program Files\update-cssource.bat
[2013/01/26 17:49:33 | 000,000,000 | ---- | C] () -- C:\Windows\nsreg.dat
[2013/01/26 17:48:48 | 000,004,578 | ---- | C] () -- C:\Windows\mozver.dat
[2013/01/02 20:18:31 | 000,022,328 | ---- | C] () -- C:\Windows\System32\drivers\PnkBstrK.sys
[2013/01/02 20:18:30 | 000,022,328 | ---- | C] () -- C:\Users\Portable\AppData\Roaming\PnkBstrK.sys
[2013/01/02 20:18:14 | 000,103,736 | ---- | C] () -- C:\Windows\System32\PnkBstrB.exe
[2013/01/02 20:18:10 | 000,066,872 | ---- | C] () -- C:\Windows\System32\PnkBstrA.exe
[2013/01/02 20:18:05 | 000,000,319 | ---- | C] () -- C:\Windows\game.ini
[2012/12/14 22:32:03 | 000,000,000 | ---- | C] () -- C:\Users\Portable\cd
[2012/05/16 13:56:15 | 000,000,091 | ---- | C] () -- C:\Windows\LEXSTAT.INI
[2011/12/17 11:43:34 | 000,115,712 | ---- | C] () -- C:\Users\Portable\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011/12/14 20:36:47 | 000,110,592 | ---- | C] () -- C:\Windows\System32\FsUsbExDevice.Dll
[2011/12/14 20:36:47 | 000,036,608 | ---- | C] () -- C:\Windows\System32\FsUsbExDisk.Sys
[2011/12/12 17:10:40 | 000,107,612 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchema.bin
[2011/12/12 17:10:39 | 000,117,248 | ---- | C] () -- C:\Windows\System32\EhStorAuthn.dll
[2011/12/12 14:14:19 | 000,000,056 | -H-- | C] () -- C:\Windows\System32\ezsidmv.dat
[2011/11/29 08:13:16 | 000,006,756 | ---- | C] () -- C:\Users\Portable\AppData\Local\d3d9caps.dat
[2011/11/29 01:07:19 | 000,000,256 | ---- | C] () -- C:\ProgramData\hpqp.ini

========== ZeroAccess Check ==========

[2006/11/02 13:54:22 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini

[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2012/06/08 18:47:00 | 011,586,048 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2009/04/11 07:28:19 | 000,614,912 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
"" = %systemroot%\system32\wbem\wbemess.dll -- [2009/04/11 07:28:25 | 000,347,648 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both

========== LOP Check ==========

[2013/11/26 21:43:40 | 000,000,000 | ---D | M] -- C:\Users\Portable\AppData\Roaming\AnvSoft
[2013/11/16 13:29:09 | 000,000,000 | ---D | M] -- C:\Users\Portable\AppData\Roaming\AVAST Software
[2013/11/27 13:41:33 | 000,000,000 | ---D | M] -- C:\Users\Portable\AppData\Roaming\BitTorrent
[2013/10/11 03:55:24 | 000,000,000 | ---D | M] -- C:\Users\Portable\AppData\Roaming\BleachBit
[2013/03/26 13:53:26 | 000,000,000 | ---D | M] -- C:\Users\Portable\AppData\Roaming\CoffeeCup Software
[2012/08/24 11:56:38 | 000,000,000 | ---D | M] -- C:\Users\Portable\AppData\Roaming\com.zoosk.Desktop.096E6A67431258A508A2446A847B240591D2C99B.1
[2013/11/22 23:08:46 | 000,000,000 | ---D | M] -- C:\Users\Portable\AppData\Roaming\DAEMON Tools Lite
[2013/02/24 04:48:11 | 000,000,000 | ---D | M] -- C:\Users\Portable\AppData\Roaming\Dev-Cpp
[2013/10/30 01:52:42 | 000,000,000 | ---D | M] -- C:\Users\Portable\AppData\Roaming\FileZilla
[2013/05/18 19:40:38 | 000,000,000 | ---D | M] -- C:\Users\Portable\AppData\Roaming\GetRightToGo
[2012/06/26 13:23:13 | 000,000,000 | ---D | M] -- C:\Users\Portable\AppData\Roaming\Haihaisoft PDF Reader
[2013/05/18 18:55:36 | 000,000,000 | ---D | M] -- C:\Users\Portable\AppData\Roaming\Leawo
[2011/12/14 21:01:40 | 000,000,000 | ---D | M] -- C:\Users\Portable\AppData\Roaming\PC Suite
[2013/06/23 20:31:28 | 000,000,000 | ---D | M] -- C:\Users\Portable\AppData\Roaming\Radmin
[2013/09/13 18:53:07 | 000,000,000 | ---D | M] -- C:\Users\Portable\AppData\Roaming\Samsung
[2013/03/14 18:22:53 | 000,000,000 | ---D | M] -- C:\Users\Portable\AppData\Roaming\Systenance
[2013/11/15 21:54:08 | 000,000,000 | ---D | M] -- C:\Users\Portable\AppData\Roaming\TeamViewer
[2013/10/27 22:47:59 | 000,000,000 | ---D | M] -- C:\Users\Portable\AppData\Roaming\Tenable
[2013/05/18 18:55:38 | 000,000,000 | ---D | M] -- C:\Users\Portable\AppData\Roaming\tiger-k
[2011/11/29 10:17:11 | 000,000,000 | ---D | M] -- C:\Users\Portable\AppData\Roaming\TuneUp Software
[2012/10/06 20:18:32 | 000,000,000 | ---D | M] -- C:\Users\Portable\AppData\Roaming\Uniblue
[2013/11/26 21:41:16 | 000,000,000 | ---D | M] -- C:\Users\Portable\AppData\Roaming\VC
[2013/01/25 15:10:48 | 000,000,000 | ---D | M] -- C:\Users\Portable\AppData\Roaming\WildTangent
[2013/10/07 08:39:04 | 000,000,000 | ---D | M] -- C:\Users\Portable\AppData\Roaming\Windows Live Writer
[2013/01/26 18:24:08 | 000,000,000 | ---D | M] -- C:\Users\Portable\AppData\Roaming\Wireshark
[2013/11/26 22:27:44 | 000,000,000 | ---D | M] -- C:\Users\Portable\AppData\Roaming\X-Chat 2
[2013/10/21 14:58:24 | 000,000,000 | ---D | M] -- C:\Users\Portable\AppData\Roaming\ZHP

========== Purity Check ==========



========== Custom Scans ==========

< MD5 for: EXPLORER.EXE >
[2009/03/17 18:50:23 | 002,923,520 | ---- | M] (Microsoft Corporation) MD5=37440D09DEAE0B672A04DCCF7ABF06BE -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6000.16771_none_4f83bb287ccdb7e3\explorer.exe
[2009/03/17 18:50:22 | 002,927,104 | ---- | M] (Microsoft Corporation) MD5=4F554999D7D5F05DAAEBBA7B5BA1089D -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6001.18164_none_5177ca9879e978e8\explorer.exe
[2009/03/17 18:50:22 | 002,927,616 | ---- | M] (Microsoft Corporation) MD5=50BA5850147410CDE89C523AD3BC606E -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6001.22298_none_51e4f8c7931bd1e1\explorer.exe
[2009/04/11 07:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) MD5=D07D4C3038F3578FFCE1C0237F2A1253 -- C:\Windows\explorer.exe
[2009/04/11 07:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) MD5=D07D4C3038F3578FFCE1C0237F2A1253 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6002.18005_none_53a0201e76de3a0b\explorer.exe
[2009/03/17 18:50:23 | 002,923,520 | ---- | M] (Microsoft Corporation) MD5=E7156B0B74762D9DE0E66BDCDE06E5FB -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6000.20947_none_5033cb5995cd990b\explorer.exe
[2008/01/21 03:24:24 | 002,927,104 | ---- | M] (Microsoft Corporation) MD5=FFA764631CB70A30065C12EF8E174F9F -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6001.18000_none_51b4a71279bc6ebf\explorer.exe

< MD5 for: SERVICES >
[2013/05/17 18:17:04 | 002,558,922 | ---- | M] () MD5=6EB623A4C0BE6C87B4BC13321606D21B -- C:\Program Files\Wireshark\services
[2006/09/18 22:41:30 | 000,017,244 | ---- | M] () MD5=9F534244B7F8F55D5C0BB498D8D481E7 -- C:\Windows\System32\drivers\etc\services
[2006/09/18 22:41:30 | 000,017,244 | ---- | M] () MD5=9F534244B7F8F55D5C0BB498D8D481E7 -- C:\Windows\winsxs\x86_microsoft-windows-w..nfrastructure-other_31bf3856ad364e35_6.0.6000.16386_none_024e4071fa6fea95\services

< MD5 for: SERVICES.EXE >
[2008/01/21 03:24:48 | 000,279,040 | ---- | M] (Microsoft Corporation) MD5=2B336AB6286D6C81FA02CBAB914E3C6C -- C:\Windows\winsxs\x86_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.0.6001.18000_none_cf5fc067cd49010a\services.exe
[2009/04/11 07:27:59 | 000,279,552 | ---- | M] (Microsoft Corporation) MD5=D4E6D91C1349B7BFB3599A6ADA56851B -- C:\Windows\System32\services.exe
[2009/04/11 07:27:59 | 000,279,552 | ---- | M] (Microsoft Corporation) MD5=D4E6D91C1349B7BFB3599A6ADA56851B -- C:\Windows\winsxs\x86_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.0.6002.18005_none_d14b3973ca6acc56\services.exe

< MD5 for: SERVICES.EXE.MUI >
[2009/03/17 18:18:33 | 000,019,968 | ---- | M] (Microsoft Corporation) MD5=428F511BDE3B3C034FCA7830C1BD0676 -- C:\Windows\System32\nl-NL\services.exe.mui
[2009/03/17 18:18:33 | 000,019,968 | ---- | M] (Microsoft Corporation) MD5=428F511BDE3B3C034FCA7830C1BD0676 -- C:\Windows\winsxs\x86_microsoft-windows-s..ontroller.resources_31bf3856ad364e35_6.0.6000.16386_nl-nl_20d27679b21218f4\services.exe.mui
[2009/03/17 18:13:15 | 000,020,480 | ---- | M] (Microsoft Corporation) MD5=C780967616B794778D1B444B1DB550BB -- C:\Windows\System32\fr-FR\services.exe.mui
[2009/03/17 18:13:15 | 000,020,480 | ---- | M] (Microsoft Corporation) MD5=C780967616B794778D1B444B1DB550BB -- C:\Windows\winsxs\x86_microsoft-windows-s..ontroller.resources_31bf3856ad364e35_6.0.6000.16386_fr-fr_0a4957fe1c0324f4\services.exe.mui

< MD5 for: SERVICES.LNK >
[2008/01/21 03:42:58 | 000,001,688 | ---- | M] () MD5=C50AE46E57C3F3FB61A3B3A1E5D9C412 -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\services.lnk
[2008/01/21 03:42:58 | 000,001,688 | ---- | M] () MD5=C50AE46E57C3F3FB61A3B3A1E5D9C412 -- C:\Users\All Users\Microsoft\Windows\Start Menu\Programs\Administrative Tools\services.lnk

< MD5 for: SERVICES.MOF >
[2006/09/18 22:46:11 | 000,002,866 | ---- | M] () MD5=26A11C895A7F0B6D32105EBE127D8500 -- C:\Windows\System32\wbem\services.mof
[2006/09/18 22:46:11 | 000,002,866 | ---- | M] () MD5=26A11C895A7F0B6D32105EBE127D8500 -- C:\Windows\winsxs\x86_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.0.6001.18000_none_cf5fc067cd49010a\services.mof
[2006/09/18 22:46:11 | 000,002,866 | ---- | M] () MD5=26A11C895A7F0B6D32105EBE127D8500 -- C:\Windows\winsxs\x86_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.0.6002.18005_none_d14b3973ca6acc56\services.mof

< MD5 for: SERVICES.MSC >
[2009/03/17 18:13:47 | 000,092,751 | ---- | M] () MD5=1E203CFA3C6C7661317793BEEBA3423B -- C:\Windows\System32\fr-FR\services.msc
[2009/03/17 18:13:47 | 000,092,751 | ---- | M] () MD5=1E203CFA3C6C7661317793BEEBA3423B -- C:\Windows\winsxs\x86_microsoft-windows-s..cessnapin.resources_31bf3856ad364e35_6.0.6000.16386_fr-fr_448b27e9f26cbee7\services.msc
[2006/09/18 22:29:40 | 000,092,745 | ---- | M] () MD5=7A1D35F59468B8118AF5B8E21DF78AE2 -- C:\Windows\System32\services.msc
[2006/09/18 22:29:40 | 000,092,745 | ---- | M] () MD5=7A1D35F59468B8118AF5B8E21DF78AE2 -- C:\Windows\winsxs\x86_microsoft-windows-servicessnapin_31bf3856ad364e35_6.0.6001.18000_none_cf63e2a445bae4e3\services.msc
[2009/03/17 18:18:29 | 000,092,747 | ---- | M] () MD5=E4FE4D28A62170560B388B241E5F2D6B -- C:\Windows\System32\nl-NL\services.msc
[2009/03/17 18:18:29 | 000,092,747 | ---- | M] () MD5=E4FE4D28A62170560B388B241E5F2D6B -- C:\Windows\winsxs\x86_microsoft-windows-s..cessnapin.resources_31bf3856ad364e35_6.0.6000.16386_nl-nl_5b144665887bb2e7\services.msc

< MD5 for: SERVICES.TICO >
[2009/09/25 14:00:00 | 000,002,038 | ---- | M] () MD5=D669B1B2EBE288A61680C3C863828D28 -- C:\Program Files\TuneUp Utilities 2012\data\services.tico

< MD5 for: SVCHOST.EXE >
[2008/01/21 03:23:43 | 000,021,504 | ---- | M] (Microsoft Corporation) MD5=3794B461C45882E06856F282EEF025AF -- C:\Windows\System32\svchost.exe
[2008/01/21 03:23:43 | 000,021,504 | ---- | M] (Microsoft Corporation) MD5=3794B461C45882E06856F282EEF025AF -- C:\Windows\winsxs\x86_microsoft-windows-services-svchost_31bf3856ad364e35_6.0.6001.18000_none_b5bb59a1054dbde5\svchost.exe
[2013/04/04 13:50:32 | 000,218,184 | ---- | M] () MD5=B4C6E3889BB310CA7E974A04EC6E46AC -- C:\Program Files\Malwarebytes' Anti-Malware\Chameleon\svchost.exe

< MD5 for: USERINIT.EXE >
[2008/01/21 03:24:49 | 000,025,088 | ---- | M] (Microsoft Corporation) MD5=0E135526E9785D085BCD9AEDE6FBCBF9 -- C:\Windows\System32\userinit.exe
[2008/01/21 03:24:49 | 000,025,088 | ---- | M] (Microsoft Corporation) MD5=0E135526E9785D085BCD9AEDE6FBCBF9 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.0.6001.18000_none_dc28ba15d1aff80b\userinit.exe

< MD5 for: WINLOGON.EXE >
[2009/04/11 07:28:13 | 000,314,368 | ---- | M] (Microsoft Corporation) MD5=898E7C06A350D4A1A64A9EA264D55452 -- C:\Windows\System32\winlogon.exe
[2009/04/11 07:28:13 | 000,314,368 | ---- | M] (Microsoft Corporation) MD5=898E7C06A350D4A1A64A9EA264D55452 -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.0.6002.18005_none_71ae7a22d2134741\winlogon.exe
[2013/04/04 13:50:32 | 000,218,184 | ---- | M] () MD5=B4C6E3889BB310CA7E974A04EC6E46AC -- C:\Program Files\Malwarebytes' Anti-Malware\Chameleon\winlogon.exe
[2008/01/21 03:24:49 | 000,314,880 | ---- | M] (Microsoft Corporation) MD5=C2610B6BDBEFC053BBDAB4F1B965CB24 -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.0.6001.18000_none_6fc30116d4f17bf5\winlogon.exe

< dir "%systemdrive%\*" /S /A:L /C >
Le volume dans le lecteur C n'a pas de nom.
Le num‚ro de s‚rie du volume est A612-E04E
R‚pertoire de C:\
02/11/2006 14:02 <JONCTION> Documents and Settings [C:\Users]
0 fichier(s) 0 octets
R‚pertoire de C:\Program Files\Windows NT
29/11/2011 01:57 <JONCTION> Bureau-accessoires [C:\Program Files\Windows NT\Accessories]
0 fichier(s) 0 octets
R‚pertoire de C:\ProgramData
29/11/2011 01:57 <JONCTION> Bureaublad [C:\Users\Public\Desktop]
02/11/2006 14:02 <JONCTION> Desktop [C:\Users\Public\Desktop]
29/11/2011 01:57 <JONCTION> Documenten [C:\Users\Public\Documents]
02/11/2006 14:02 <JONCTION> Documents [C:\Users\Public\Documents]
29/11/2011 01:57 <JONCTION> Favorieten [C:\Users\Public\Favorites]
02/11/2006 14:02 <JONCTION> Favorites [C:\Users\Public\Favorites]
29/11/2011 01:57 <JONCTION> Menu Start [C:\ProgramData\Microsoft\Windows\Start Menu]
29/11/2011 01:57 <JONCTION> Sjablonen [C:\ProgramData\Microsoft\Windows\Templates]
02/11/2006 14:02 <JONCTION> Start Menu [C:\ProgramData\Microsoft\Windows\Start Menu]
02/11/2006 14:02 <JONCTION> Templates [C:\ProgramData\Microsoft\Windows\Templates]
0 fichier(s) 0 octets
R‚pertoire de C:\ProgramData\Microsoft\Windows\Start Menu
29/11/2011 01:57 <JONCTION> Programma's [C:\ProgramData\Microsoft\Windows\Start Menu\Programs]
0 fichier(s) 0 octets
R‚pertoire de C:\Users
02/11/2006 14:02 <SYMLINKD> All Users [C:\ProgramData]
02/11/2006 14:02 <JONCTION> Default User [C:\Users\Default]
0 fichier(s) 0 octets
R‚pertoire de C:\Users\All Users
29/11/2011 01:57 <JONCTION> Bureaublad [C:\Users\Public\Desktop]
02/11/2006 14:02 <JONCTION> Desktop [C:\Users\Public\Desktop]
29/11/2011 01:57 <JONCTION> Documenten [C:\Users\Public\Documents]
02/11/2006 14:02 <JONCTION> Documents [C:\Users\Public\Documents]
29/11/2011 01:57 <JONCTION> Favorieten [C:\Users\Public\Favorites]
02/11/2006 14:02 <JONCTION> Favorites [C:\Users\Public\Favorites]
29/11/2011 01:57 <JONCTION> Menu Start [C:\ProgramData\Microsoft\Windows\Start Menu]
29/11/2011 01:57 <JONCTION> Sjablonen [C:\ProgramData\Microsoft\Windows\Templates]
02/11/2006 14:02 <JONCTION> Start Menu [C:\ProgramData\Microsoft\Windows\Start Menu]
02/11/2006 14:02 <JONCTION> Templates [C:\ProgramData\Microsoft\Windows\Templates]
0 fichier(s) 0 octets
R‚pertoire de C:\Users\All Users\Microsoft\Windows\Start Menu
29/11/2011 01:57 <JONCTION> Programma's [C:\ProgramData\Microsoft\Windows\Start Menu\Programs]
0 fichier(s) 0 octets
R‚pertoire de C:\Users\Default
02/11/2006 14:02 <JONCTION> Application Data [C:\Users\Default\AppData\Roaming]
02/11/2006 14:02 <JONCTION> Cookies [C:\Users\Default\AppData\Roaming\Microsoft\Windows\Cookies]
02/11/2006 14:02 <JONCTION> Local Settings [C:\Users\Default\AppData\Local]
29/11/2011 01:57 <JONCTION> Menu Start [C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu]
29/11/2011 01:57 <JONCTION> Mijn documenten [C:\Users\Default\Documents]
02/11/2006 14:02 <JONCTION> My Documents [C:\Users\Default\Documents]
02/11/2006 14:02 <JONCTION> NetHood [C:\Users\Default\AppData\Roaming\Microsoft\Windows\Network Shortcuts]
29/11/2011 01:57 <JONCTION> Netwerkprinteromgeving [C:\Users\Default\AppData\Roaming\Microsoft\Windows\Printer Shortcuts]
02/11/2006 14:02 <JONCTION> PrintHood [C:\Users\Default\AppData\Roaming\Microsoft\Windows\Printer Shortcuts]
02/11/2006 14:02 <JONCTION> Recent [C:\Users\Default\AppData\Roaming\Microsoft\Windows\Recent]
02/11/2006 14:02 <JONCTION> SendTo [C:\Users\Default\AppData\Roaming\Microsoft\Windows\SendTo]
29/11/2011 01:57 <JONCTION> Sjablonen [C:\Users\Default\AppData\Roaming\Microsoft\Windows\Templates]
02/11/2006 14:02 <JONCTION> Start Menu [C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu]
02/11/2006 14:02 <JONCTION> Templates [C:\Users\Default\AppData\Roaming\Microsoft\Windows\Templates]
0 fichier(s) 0 octets
R‚pertoire de C:\Users\Default\AppData\Local
02/11/2006 14:02 <JONCTION> Application Data [C:\Users\Default\AppData\Local]
29/11/2011 01:57 <JONCTION> Geschiedenis [C:\Users\Default\AppData\Local\Microsoft\Windows\History]
02/11/2006 14:02 <JONCTION> History [C:\Users\Default\AppData\Local\Microsoft\Windows\History]
02/11/2006 14:02 <JONCTION> Temporary Internet Files [C:\Users\Default\AppData\Local\Microsoft\Windows\Temporary Internet Files]
0 fichier(s) 0 octets
R‚pertoire de C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu
29/11/2011 01:57 <JONCTION> Programma's [C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs]
0 fichier(s) 0 octets
R‚pertoire de C:\Users\Default\Documents
29/11/2011 01:57 <JONCTION> Mijn afbeeldingen [C:\Users\Default\Pictures]
29/11/2011 01:57 <JONCTION> Mijn muziek [C:\Users\Default\Music]
29/11/2011 01:57 <JONCTION> Mijn video's [C:\Users\Default\Videos]
02/11/2006 14:02 <JONCTION> My Music [C:\Users\Default\Music]
02/11/2006 14:02 <JONCTION> My Pictures [C:\Users\Default\Pictures]
02/11/2006 14:02 <JONCTION> My Videos [C:\Users\Default\Videos]
0 fichier(s) 0 octets
R‚pertoire de C:\Users\LogMeInRemoteUser
15/11/2013 21:18 <JONCTION> Application Data [C:\Users\LogMeInRemoteUser\AppData\Roaming]
15/11/2013 21:18 <JONCTION> Cookies [C:\Users\LogMeInRemoteUser\AppData\Roaming\Microsoft\Windows\Cookies]
15/11/2013 21:18 <JONCTION> Local Settings [C:\Users\LogMeInRemoteUser\AppData\Local]
15/11/2013 21:18 <JONCTION> Menu D‚marrer [C:\Users\LogMeInRemoteUser\AppData\Roaming\Microsoft\Windows\Start Menu]
15/11/2013 21:17 <JONCTION> Mes documents [C:\Users\LogMeInRemoteUser\Documents]
15/11/2013 21:18 <JONCTION> ModŠles [C:\Users\LogMeInRemoteUser\AppData\Roaming\Microsoft\Windows\Templates]
15/11/2013 21:18 <JONCTION> Recent [C:\Users\LogMeInRemoteUser\AppData\Roaming\Microsoft\Windows\Recent]
15/11/2013 21:18 <JONCTION> SendTo [C:\Users\LogMeInRemoteUser\AppData\Roaming\Microsoft\Windows\SendTo]
15/11/2013 21:18 <JONCTION> Voisinage d'impression [C:\Users\LogMeInRemoteUser\AppData\Roaming\Microsoft\Windows\Printer Shortcuts]
15/11/2013 21:18 <JONCTION> Voisinage r‚seau [C:\Users\LogMeInRemoteUser\AppData\Roaming\Microsoft\Windows\Network Shortcuts]
0 fichier(s) 0 octets
R‚pertoire de C:\Users\LogMeInRemoteUser\AppData\Local
15/11/2013 21:18 <JONCTION> Application Data [C:\Users\LogMeInRemoteUser\AppData\Local]
15/11/2013 21:18 <JONCTION> Historique [C:\Users\LogMeInRemoteUser\AppData\Local\Microsoft\Windows\History]
15/11/2013 21:18 <JONCTION> Temporary Internet Files [C:\Users\LogMeInRemoteUser\AppData\Local\Microsoft\Windows\Temporary Internet Files]
0 fichier(s) 0 octets
R‚pertoire de C:\Users\LogMeInRemoteUser\AppData\Roaming\Microsoft\Windows\Start Menu
15/11/2013 21:18 <JONCTION> Programmes [C:\Users\LogMeInRemoteUser\AppData\Roaming\Microsoft\Windows\Start Menu\Programs]
0 fichier(s) 0 octets
R‚pertoire de C:\Users\LogMeInRemoteUser\Documents
15/11/2013 21:17 <JONCTION> Ma musique [C:\Users\LogMeInRemoteUser\Music]
15/11/2013 21:17 <JONCTION> Mes images [C:\Users\LogMeInRemoteUser\Pictures]
15/11/2013 21:17 <JONCTION> Mes vid‚os [C:\Users\LogMeInRemoteUser\Videos]
0 fichier(s) 0 octets
R‚pertoire de C:\Users\Portable
29/11/2011 01:57 <JONCTION> Application Data [C:\Users\Portable\AppData\Roaming]
29/11/2011 01:57 <JONCTION> Cookies [C:\Users\Portable\AppData\Roaming\Microsoft\Windows\Cookies]
29/11/2011 01:57 <JONCTION> Local Settings [C:\Users\Portable\AppData\Local]
29/11/2011 01:57 <JONCTION> Menu D‚marrer [C:\Users\Portable\AppData\Roaming\Microsoft\Windows\Start Menu]
29/11/2011 01:57 <JONCTION> Mes documents [C:\Users\Portable\Documents]
29/11/2011 01:57 <JONCTION> ModŠles [C:\Users\Portable\AppData\Roaming\Microsoft\Windows\Templates]
29/11/2011 01:57 <JONCTION> Recent [C:\Users\Portable\AppData\Roaming\Microsoft\Windows\Recent]
29/11/2011 01:57 <JONCTION> SendTo [C:\Users\Portable\AppData\Roaming\Microsoft\Windows\SendTo]
29/11/2011 01:57 <JONCTION> Voisinage d'impression [C:\Users\Portable\AppData\Roaming\Microsoft\Windows\Printer Shortcuts]
29/11/2011 01:57 <JONCTION> Voisinage r‚seau [C:\Users\Portable\AppData\Roaming\Microsoft\Windows\Network Shortcuts]
0 fichier(s) 0 octets
R‚pertoire de C:\Users\Portable\AppData\Local
29/11/2011 01:57 <JONCTION> Application Data [C:\Users\Portable\AppData\Local]
29/11/2011 01:57 <JONCTION> Historique [C:\Users\Portable\AppData\Local\Microsoft\Windows\History]
29/11/2011 01:57 <JONCTION> Temporary Internet Files [C:\Users\Portable\AppData\Local\Microsoft\Windows\Temporary Internet Files]
0 fichier(s) 0 octets
R‚pertoire de C:\Users\Portable\AppData\Roaming\Microsoft\Windows\Start Menu
29/11/2011 01:57 <JONCTION> Programmes [C:\Users\Portable\AppData\Roaming\Microsoft\Windows\Start Menu\Programs]
0 fichier(s) 0 octets
R‚pertoire de C:\Users\Portable\Documents
29/11/2011 01:57 <JONCTION> Ma musique [C:\Users\Portable\Music]
29/11/2011 01:57 <JONCTION> Mes images [C:\Users\Portable\Pictures]
29/11/2011 01:57 <JONCTION> Mes vid‚os [C:\Users\Portable\Videos]
0 fichier(s) 0 octets
R‚pertoire de C:\Users\Public\Documents
29/11/2011 01:57 <JONCTION> Mijn afbeeldingen [C:\Users\Public\Pictures]
29/11/2011 01:57 <JONCTION> Mijn muziek [C:\Users\Public\Music]
29/11/2011 01:57 <JONCTION> Mijn video's [C:\Users\Public\Videos]
02/11/2006 14:02 <JONCTION> My Music [C:\Users\Public\Music]
02/11/2006 14:02 <JONCTION> My Pictures [C:\Users\Public\Pictures]
02/11/2006 14:02 <JONCTION> My Videos [C:\Users\Public\Videos]
0 fichier(s) 0 octets
Total des fichiers list‚sÿ:
0 fichier(s) 0 octets
91 R‚p(s) 209.975.160.832 octets libres

========== Alternate Data Streams ==========

@Alternate Data Stream - 125 bytes -> C:\ProgramData\Temp:661DFA1C
@Alternate Data Stream - 12 bytes -> C:\Windows:{4B9A1497-0817-47C4-9612-D6A1C53ACF57}

< End of report >


OTL Extras log:

OTL Extras logfile created on: 27/11/2013 13:57:15 - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Portable\Desktop
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 0000080C | Country: Belgique | Language: FRB | Date Format: d/MM/yyyy

2,93 Gb Total Physical Memory | 1,44 Gb Available Physical Memory | 49,06% Memory free
6,08 Gb Paging File | 4,56 Gb Available in Paging File | 75,02% Paging File free
Paging file location(s): ?:\pagefile.sys

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 287,23 Gb Total Space | 193,50 Gb Free Space | 67,37% Space Free | Partition Type: NTFS
Drive D: | 10,86 Gb Total Space | 1,73 Gb Free Space | 15,92% Space Free | Partition Type: NTFS

Computer Name: PC-DE-PORTABLE | User Name: Portable | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)

[HKEY_USERS\S-1-5-21-2259745054-535292464-177051247-1000\SOFTWARE\Classes\<extension>]
.html [@ = ChromeHTML] -- Reg Error: Key error. File not found

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"VistaSp2" = Reg Error: Unknown registry data type -- File not found

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 0
"DisableNotifications" = 0

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Program Files\xchat\xchat.exe" = C:\Program Files\xchat\xchat.exe:*:Enabled:XChat IRC Client -- ()


========== Vista Active Open Ports Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{062730AB-03C8-4B5B-AE03-6F3C73395A51}" = lport=138 | protocol=17 | dir=in | app=system |
"{2284C11A-880D-44C8-A1F5-8C7C0C441AA8}" = lport=2869 | protocol=6 | dir=in | name=windows live communications platform (upnp) |
"{48827A89-661C-487B-8AD3-0E7C232A9AB0}" = lport=48113 | protocol=6 | dir=in | name=maconfig_tcp |
"{541538A7-C7AE-425B-9E47-2ECFE0CE8D1C}" = rport=2869 | protocol=6 | dir=out | app=system |
"{54C36D20-0A1D-4371-8469-4F115BEE5914}" = lport=53 | protocol=17 | dir=in | svc=sharedaccess | app=%systemroot%\system32\svchost.exe |
"{629CD9B7-ADCB-4F56-BD2F-49660F9B1AD6}" = lport=48114 | protocol=6 | dir=in | name=maconfig_tcptls |
"{65F67335-5ACF-44B9-A7A5-F934CEB8ED70}" = lport=68 | protocol=17 | dir=in | svc=sharedaccess | app=%systemroot%\system32\svchost.exe |
"{6E167738-C789-459B-9E7A-4623DAC37454}" = rport=139 | protocol=6 | dir=out | app=system |
"{722A6F26-6457-41E9-BBB0-FF5A63597A29}" = lport=547 | protocol=17 | dir=in | svc=sharedaccess | app=%systemroot%\system32\svchost.exe |
"{8C9DFA7C-81FB-417B-9969-9DD4F4D75370}" = lport=2869 | protocol=6 | dir=in | app=system |
"{9300CD04-44EF-4101-A058-FBE194FC84D9}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{93C99CB5-DA11-49B6-8330-793712562B03}" = lport=1900 | protocol=17 | dir=in | name=windows live communications platform (ssdp) |
"{959A477D-DD20-4713-952B-7BA817824D1D}" = lport=67 | protocol=17 | dir=in | svc=sharedaccess | app=%systemroot%\system32\svchost.exe |
"{9B6315A2-E713-4B70-86E1-AAE59068FEA6}" = lport=6004 | protocol=17 | dir=in | app=c:\program files\microsoft office\office12\outlook.exe |
"{C1F8499D-2FB8-485E-B898-558C3DD46509}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{CC77ADE0-BDC1-431F-B9F8-DD38E8A23A1E}" = lport=137 | protocol=17 | dir=in | app=system |
"{DB2869B1-19B3-412B-BB07-EEA0B14F30C7}" = rport=445 | protocol=6 | dir=out | app=system |
"{DC0EC2FE-3A25-4F22-909C-019D4FB18CF7}" = lport=445 | protocol=6 | dir=in | app=system |
"{DD8513AA-1CDD-466F-A1FD-849B6F9E1E5F}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | [email protected],-28539 |
"{E84533B6-70D1-4288-86D4-992E62D0166D}" = lport=139 | protocol=6 | dir=in | app=system |
"{ED138195-ABF3-414E-903F-BD5D4B7C8786}" = rport=138 | protocol=17 | dir=out | app=system |
"{EEBA8A3D-B7E5-453E-846C-F107A399E68F}" = rport=137 | protocol=17 | dir=out | app=system |
"{F6EBB967-2A9B-46FD-B0B5-3329E34AFFE4}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |

========== Vista Active Application Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{03FEF600-BDDC-4E7D-B01E-487477CD87F6}" = protocol=6 | dir=in | app=c:\program files\ma-config.com\maconfigagent.exe |
"{044B682F-D9DE-48D4-B9D7-AE5F72820CD6}" = dir=in | app=c:\program files\vmware\vmware workstation\vmware-authd.exe |
"{076347EE-6DC7-41ED-A384-615E837D7A01}" = protocol=6 | dir=in | app=c:\windows\system32\pnkbstra.exe |
"{160A599F-C59D-4929-8236-6D1F33200A4C}" = dir=in | app=c:\program files\windows live\sync\windowslivesync.exe |
"{1C292099-4892-4CDA-B443-19BE7C73E2F0}" = protocol=1 | dir=out | [email protected],-28544 |
"{1E811FD3-11E5-4401-9F1F-6F254134E5C0}" = dir=in | app=c:\program files\vmware\vmware workstation\vmware-hostd.exe |
"{2A0C32D5-213F-4A12-B421-E4016B93D45E}" = protocol=6 | dir=in | app=c:\windows\system32\muzapp.exe |
"{332DCCD8-BDE8-429B-A181-148B332FAC30}" = dir=in | app=c:\program files\hp\quickplay\qpservice.exe |
"{3C6EEA60-DD16-4729-B50C-3876768C994F}" = protocol=17 | dir=in | app=c:\windows\system32\pnkbstra.exe |
"{3F6454C2-BFEA-4F29-8D95-D3D71BCC5241}" = dir=in | app=c:\program files\hp\quickplay\qp.exe |
"{3FAE2295-DE14-41E9-BDFD-F298BEA95763}" = protocol=17 | dir=in | app=c:\windows\system32\muzapp.exe |
"{4051EA5B-68EB-4B67-AB80-F4FD470128E9}" = protocol=58 | dir=in | [email protected],-148 |
"{480BCE40-FED8-45A8-8AF5-ACF985767AA3}" = dir=in | app=c:\program files\vmware\vmware workstation\vmware-authd.exe |
"{4C7F4AD0-E45D-41FB-AB36-BE1C2CB36046}" = protocol=6 | dir=in | app=c:\windows\system32\pnkbstrb.exe |
"{4EB16095-0310-4ACB-8158-3C256D551A1B}" = protocol=6 | dir=in | app=c:\users\portable\appdata\roaming\bittorrent\bittorrent.exe |
"{5FE4C480-C633-4B7F-A990-DDB056987600}" = protocol=58 | dir=out | [email protected],-28546 |
"{614AD77D-2489-4997-A0AD-B13688DAB615}" = protocol=6 | dir=in | app=c:\program files\teamviewer\version8\teamviewer.exe |
"{65F523AA-D524-4F35-9CCD-99975E55DD0C}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{6726EAEE-46A2-46A6-ABCC-9298C1734ADB}" = protocol=6 | dir=in | app=c:\windows\system32\rserver30\rserver3.exe |
"{692EA972-0A97-47A1-B0B7-F8A956D5FA10}" = protocol=17 | dir=in | app=c:\program files\teamviewer\version8\teamviewer.exe |
"{6A15981C-0810-4FCD-B6FF-C4B764AA9E7D}" = protocol=6 | dir=in | app=c:\program files\samsung\samsung new pc studio\npsvsvr.exe |
"{6DCA6E5E-FFD6-4526-A32A-DA9FEE99E002}" = dir=in | app=c:\program files\common files\apple\apple application support\webkit2webprocess.exe |
"{793E23F8-AE1A-46B9-B45C-C0DC57BEC8E8}" = dir=in | app=c:\program files\vmware\vmware workstation\vmware-hostd.exe |
"{7B0CC398-4F61-46F7-A167-63E91D38D251}" = protocol=6 | dir=in | app=c:\program files\teamviewer\version8\teamviewer_service.exe |
"{834A0385-55CC-4522-A8CA-84B9AFF89B98}" = protocol=17 | dir=in | app=c:\windows\system32\pnkbstrb.exe |
"{889BA73D-3F42-4887-82AB-D63BCA2EFDE2}" = protocol=1 | dir=in | [email protected],-28543 |
"{A94D61D2-CF37-484D-82A8-3387EA78950C}" = protocol=17 | dir=in | app=c:\program files\ma-config.com\maconfigagent.exe |
"{BBE2F815-5DB0-46A4-B1F1-39AEC99CF584}" = protocol=17 | dir=in | app=c:\program files\samsung\samsung new pc studio\npsvsvr.exe |
"{BDF51575-DEC3-4E5F-8122-E01C8643216D}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{C4E7B733-1523-40A1-8899-26F65F0B98F2}" = protocol=17 | dir=in | app=c:\windows\system32\rserver30\rserver3.exe |
"{C9AE0005-5294-4A71-BDD0-1FB2F8C38252}" = protocol=17 | dir=in | app=c:\users\portable\appdata\roaming\bittorrent\bittorrent.exe |
"{CCB72F9B-988E-475F-9258-DD10E9D50BCE}" = dir=in | app=c:\program files\cyberlink\powerdirector\pdr.exe |
"{CCD334A9-7A46-4E52-9FF1-07EBDB93C9AD}" = protocol=17 | dir=in | app=c:\program files\samsung\samsung new pc studio\npsasvr.exe |
"{D2443770-8921-4C5E-82CF-52FA205476EB}" = dir=out | svc=sharedaccess | app=%systemroot%\system32\svchost.exe |
"{D4814A83-07EE-4958-8DCC-406C38808BCD}" = protocol=17 | dir=in | app=c:\program files\teamviewer\version8\teamviewer_service.exe |
"{D4B47A21-0886-4AEF-AB89-E6621C902731}" = protocol=58 | dir=in | [email protected],-28545 |
"{D614C3B3-2CA2-4A63-88D9-B7C636C32705}" = protocol=6 | dir=in | app=c:\program files\samsung\samsung new pc studio\npsasvr.exe |
"{D6B63BB2-7667-44B5-BF52-C26FD144520B}" = dir=in | app=c:\program files\windows live\mesh\moe.exe |
"{D7A07716-5555-4899-8033-64C109257B86}" = dir=in | app=c:\users\portable\appdata\local\facebook\video\skype\facebookvideocalling.exe |
"{EA2E321E-6F0F-405B-AEA1-22B12DA61F10}" = dir=in | app=c:\program files\windows live\contacts\wlcomm.exe |
"{F44CC276-1005-4096-9C02-C2C44A4BC26C}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{FD94E0A4-3B36-47C9-A250-3DFBC81D9FB3}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"TCP Query User{0CE13447-DBED-4529-A16D-B2F1C6ED04F9}C:\program files\cs source 2013\hl2.exe" = protocol=6 | dir=in | app=c:\program files\cs source 2013\hl2.exe |
"TCP Query User{212F326B-8882-4F18-B0DA-4B67D647DDAF}F:\server\server\bin\release\server.exe" = protocol=6 | dir=in | app=f:\server\server\bin\release\server.exe |
"TCP Query User{23C2B083-1BBF-4824-B114-01C45956CC86}C:\program files\nmap\ncat.exe" = protocol=6 | dir=in | app=c:\program files\nmap\ncat.exe |
"TCP Query User{3EB8C847-31A7-4C17-B7CD-4ABEEE8E9819}F:\svchost\svchost\bin\release\svchost.exe" = protocol=6 | dir=in | app=f:\svchost\svchost\bin\release\svchost.exe |
"TCP Query User{9264E4ED-6A63-42B3-8406-041C9C689D02}C:\program files\java\jre6\bin\java.exe" = protocol=6 | dir=in | app=c:\program files\java\jre6\bin\java.exe |
"TCP Query User{D24D174D-6B4B-4F66-AC1E-22BCBA575453}C:\program files\tenable\nessus\nessusd.exe" = protocol=6 | dir=in | app=c:\program files\tenable\nessus\nessusd.exe |
"TCP Query User{EA22E9AC-5EA5-4172-AC38-048AC4E7D823}C:\program files\xchat\xchat.exe" = protocol=6 | dir=in | app=c:\program files\xchat\xchat.exe |
"UDP Query User{34214A9B-A974-4FBA-A306-E9371E84AB5E}C:\program files\nmap\ncat.exe" = protocol=17 | dir=in | app=c:\program files\nmap\ncat.exe |
"UDP Query User{3CF0B5B5-8E9B-44B1-952A-9AEB9CB0F7D6}C:\program files\cs source 2013\hl2.exe" = protocol=17 | dir=in | app=c:\program files\cs source 2013\hl2.exe |
"UDP Query User{5F2861CF-F531-49F3-AC60-A38305D60A37}F:\svchost\svchost\bin\release\svchost.exe" = protocol=17 | dir=in | app=f:\svchost\svchost\bin\release\svchost.exe |
"UDP Query User{5FC5B57E-89C1-4CA8-851D-A3A942E7351C}C:\program files\tenable\nessus\nessusd.exe" = protocol=17 | dir=in | app=c:\program files\tenable\nessus\nessusd.exe |
"UDP Query User{A7F6AF7E-7165-4318-845D-C507A57C663B}F:\server\server\bin\release\server.exe" = protocol=17 | dir=in | app=f:\server\server\bin\release\server.exe |
"UDP Query User{C6472550-D80C-4196-9517-917355F84BFA}C:\program files\java\jre6\bin\java.exe" = protocol=17 | dir=in | app=c:\program files\java\jre6\bin\java.exe |
"UDP Query User{EEC0293F-94C0-4991-93FC-A97B0CFF3202}C:\program files\xchat\xchat.exe" = protocol=17 | dir=in | app=c:\program files\xchat\xchat.exe |

========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{003BFBBD-6C67-419E-A24D-0DCAFC3A5249}" = tools-freebsd
"{0054A0F6-00C9-4498-B821-B5C9578F433E}" = HP Help and Support
"{01FB4998-33C4-4431-85ED-079E3EEFE75D}" = CyberLink YouCam
"{043ECF7B-4724-4F7B-8A9D-BC22719E95F7}" = Microsoft SQL Server Compact 3.5 Design Tools FRA
"{05E379CC-F626-4E7D-8354-463865B303BF}" = Windows Live UX Platform Language Pack
"{07FCBED5-94C3-4F94-B9D3-360FA27C7B06}" = Microsoft Windows SDK for Visual Studio 2008 Express Tools for Win32
"{0B0F231F-CE6A-483D-AA23-77B364F75917}" = Windows Live Installer
"{0D94F75A-0EA6-4951-B3AF-B145FA9E05C6}" = VMware Workstation
"{0E7DBD52-B097-4F2B-A7C7-F105B0D20FDB}" = LightScribe System Software 1.14.17.1
"{0F5B4A82-9DAF-3D13-8CB8-AEB25E4A614E}" = Microsoft .NET Framework 4 Client Profile FRA Language Pack
"{15473D70-D791-3B5E-B174-2FD19EC0D017}" = Microsoft Visual C++ 2008 Express Edition - FRA
"{17050C48-16CB-4500-A102-CEAD750CE11E}" = HP User Guides 0138
"{18455581-E099-4BA8-BC6B-F34B2F06600C}" = Google Toolbar for Internet Explorer
"{196467F1-C11F-4F76-858B-5812ADC83B94}" = MSXML 4.0 SP3 Parser
"{197597A7-AD33-4898-9D8E-73066818B464}" = tools-netware
"{19A4A990-5343-4FF7-B3B5-6F046C091EDF}" = Windows Live Remote Client
"{1E2DA2E2-ABCD-461E-AD01-3D85D61DE5F6}" = Microsoft SQL Server Native Client
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{1F6AB0E7-8CDD-4B93-8A23-AA9EB2FEFCE4}" = Junk Mail filter update
"{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}" = CyberLink DVD Suite
"{200FEC62-3C34-4D60-9CE8-EC372E01C08F}" = Windows Live SOXE Definitions
"{20c31435-2a0a-4580-be8b-ac06fc243ca4}" = Python 2.7
"{227E8782-B2F4-4E97-B0EE-49DE9CC1C0C0}" = Windows Live Remote Service
"{228C6B46-64E2-404E-898A-EF0830603EF4}" = HPNetworkAssistant
"{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer
"{254C37AA-6B72-4300-84F6-98A82419187E}" = ActiveCheck component for HP Active Support Library
"{26A24AE4-039D-4CA4-87B4-2F83216031FF}" = Java™ 6 Update 31
"{26A24AE4-039D-4CA4-87B4-2F83217017FF}" = Java 7 Update 17
"{2D6E3D97-1FDF-4993-AC75-72F59EC445C5}" = Windows Live Family Safety
"{32364CEA-7855-4A3C-B674-53D8E9B97936}" = TuneUp Utilities 2012
"{3336F667-9049-4D46-98B6-4C743EEBC5B1}" = Windows Live Photo Gallery
"{3380F354-C5F7-4E71-8F51-EEE6C3F06C62}" = Fichiers de prise en charge de l'installation de Microsoft SQL Server (Français)
"{34319F1F-7CF2-4CC9-B357-1AE7D2FF3AC5}" = Windows Live
"{343666E2-A059-48AC-AD67-230BF74E2DB2}" = Apple Application Support
"{34D2AB40-150D-475D-AE32-BD23FB5EE355}" = HP Quick Launch Buttons 6.40 M1
"{3877C901-7B90-4727-A639-B6ED2DD59D43}" = ESU for Microsoft Vista
"{3B160861-7250-451E-B5EE-8B92BF30A710}" = Microsoft Works
"{3B9A92DA-6374-4872-B646-253F18624D5F}" = Windows Live Writer
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{3CC6CDEA-692E-45C4-8FF8-3AB0C198B785}" = Radmin Server 3.3
"{3E31821C-7917-367E-938E-E65FC413EA31}" = Microsoft .NET Framework 3.5 Language Pack SP1 - fra
"{3F59A7E0-BC01-4435-9E93-C7D7015C21DA}" = Microsoft SQL Server 2005 Tools Express Edition
"{40BF1E83-20EB-11D8-97C5-0009C5020658}" = Power2Go
"{45D707E9-F3C4-11D9-A373-0050BAE317E1}" = HP DVD Play 3.7
"{47F36D92-E58E-456D-B73C-3382737E4C42}" = HP Update
"{480DBB60-F0B6-45F2-B26F-1A2E11197791}" = Microsoft SQL Server 2005 Express Edition (SQLEXPRESS)
"{488F0347-C4A7-4374-91A7-30818BEDA710}" = Galerie de photos Windows Live
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4E76FF7E-AEBA-4C87-B788-CD47E5425B9D}" = Skype™ 6.9
"{529125EF-E3AC-4B74-97E6-F688A7C0F1BF}" = Paint.NET v3.5.10
"{52E225FC-FCB4-41F7-837B-6E37FB05BD7B}" = Adobe AIR
"{55D003F4-9599-44BF-BA9E-95D060730DD3}" = Contrôle ActiveX Windows Live Mesh pour connexions à distance
"{57A5AEC1-97FC-474D-92C4-908FCC2253D4}" = HP Customer Experience Enhancements
"{5DD4FCBD-A3C1-4155-9E17-4161C70AAABA}" = Segoe UI
"{62687B11-58B5-4A18-9BC3-9DF4CE03F194}" = Windows Live Writer Resources
"{65DA2EC9-0642-47E9-AAE2-B5267AA14D75}" = Activation Assistant for the 2007 Microsoft Office suites
"{669D4A35-146B-4314-89F1-1AC3D7B88367}" = HPAsset component for HP Active Support Library
"{682B3E4F-696A-42DE-A41C-4C07EA1678B4}" = Windows Live SOXE
"{6DEC8BD5-7574-47FA-B080-492BBBE2FEA3}" = Windows Live Movie Maker
"{6E5324C1-84FC-4F76-9A3A-C65E07F80EE6}" = Complément Messenger
"{6EA48908-220E-49A3-9682-476A7B61531C}" = Tenable Nessus
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{732A3F80-008B-4350-BD58-EC5AE98707B8}" = HP Common Access Service Library
"{76810709-A7D3-468D-9167-A1780C1E766C}" = Windows Live FolderShare
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
"{78A96B4C-A643-4D0F-98C2-A8E16A6669F9}" = Windows Live Messenger Companion Core
"{79155F2B-9895-49D7-8612-D92580E0DE5B}" = Bonjour
"{79361740-EAE3-11E2-9911-B8AC6F98CCE3}" = Google Earth Plug-in
"{7B15D70E-9449-4CFB-B9BC-798465B2BD5C}" = Norton Internet Security
"{7E84FAC8-C518-40F9-9807-7455301D6D25}" = SamsungConnectivityCableDriver
"{83C292B7-38A5-440B-A731-07070E81A64F}" = Windows Live PIMT Platform
"{841F1FB4-FDF8-461C-A496-3E1CFD84C0B5}" = Windows Live Mesh
"{842FAF7C-50EF-4463-9B8F-6222E1384D7D}" = Microsoft Windows SDK for Visual Studio 2008 Headers and Libraries
"{8833FFB6-5B0C-4764-81AA-06DFEED9A476}" = Realtek 8169 8168 8101E 8102E Ethernet Driver
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8C6D6116-B724-4810-8F2D-D047E6B7D68E}" = Mesh Runtime
"{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT
"{90120000-0011-0000-0000-0000000FF1CE}" = Microsoft Office Professional Plus 2007
"{90120000-0011-0000-0000-0000000FF1CE}_PROPLUS_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0015-040C-0000-0000000FF1CE}" = Microsoft Office Access MUI (French) 2007
"{90120000-0015-040C-0000-0000000FF1CE}_PROPLUS_{CF3C20A6-47B7-48DA-95C1-6FBB5A439AF8}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0016-040C-0000-0000000FF1CE}" = Microsoft Office Excel MUI (French) 2007
"{90120000-0016-040C-0000-0000000FF1CE}_PROPLUS_{CF3C20A6-47B7-48DA-95C1-6FBB5A439AF8}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0018-040C-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (French) 2007
"{90120000-0018-040C-0000-0000000FF1CE}_PROPLUS_{CF3C20A6-47B7-48DA-95C1-6FBB5A439AF8}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0019-040C-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (French) 2007
"{90120000-0019-040C-0000-0000000FF1CE}_PROPLUS_{CF3C20A6-47B7-48DA-95C1-6FBB5A439AF8}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001A-040C-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (French) 2007
"{90120000-001A-040C-0000-0000000FF1CE}_PROPLUS_{CF3C20A6-47B7-48DA-95C1-6FBB5A439AF8}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001B-040C-0000-0000000FF1CE}" = Microsoft Office Word MUI (French) 2007
"{90120000-001B-040C-0000-0000000FF1CE}_PROPLUS_{CF3C20A6-47B7-48DA-95C1-6FBB5A439AF8}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001F-0401-0000-0000000FF1CE}" = Microsoft Office Proof (Arabic) 2007
"{90120000-001F-0401-0000-0000000FF1CE}_PROPLUS_{3E8EA473-ECCE-405F-A9CA-59446AEADD3A}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2007
"{90120000-001F-0407-0000-0000000FF1CE}_PROPLUS_{928D7B99-2BEA-49F9-83B8-20FA57860643}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_PROPLUS_{1FF96026-A04A-4C3E-B50A-BB7022654D0F}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_PROPLUS_{71F055E8-E2C6-4214-BB3D-BFE03561B89E}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0413-0000-0000000FF1CE}" = Microsoft Office Proof (Dutch) 2007
"{90120000-001F-0413-0000-0000000FF1CE}_PROPLUS_{2C95E7EE-FEA7-4B3A-A6E5-DF90A88B816A}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007
"{90120000-001F-0C0A-0000-0000000FF1CE}_PROPLUS_{2314F9A1-126F-45CC-8A5E-DFAF866F3FBC}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-0020-040C-0000-0000000FF1CE}" = Module de compatibilité pour Microsoft Office System 2007
"{90120000-002C-040C-0000-0000000FF1CE}" = Microsoft Office Proofing (French) 2007
"{90120000-0044-040C-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (French) 2007
"{90120000-0044-040C-0000-0000000FF1CE}_PROPLUS_{CF3C20A6-47B7-48DA-95C1-6FBB5A439AF8}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-006E-040C-0000-0000000FF1CE}" = Microsoft Office Shared MUI (French) 2007
"{90120000-006E-040C-0000-0000000FF1CE}_PROPLUS_{8283FD64-6A3B-4104-9E12-7CA25EF29A1A}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90140000-2005-0000-0000-0000000FF1CE}" = Microsoft Office File Validation Add-In
"{917A8327-6E13-337F-918A-5D3C452F339E}" = MSDN Library for Microsoft Visual Studio 2008 Express Editions
"{92EA4134-10D1-418A-91E1-5A0453131A38}" = Windows Live Movie Maker
"{95120000-00AF-040C-0000-0000000FF1CE}" = Microsoft Office PowerPoint Viewer 2007 (French)
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{95140000-007A-040C-0000-0000000FF1CE}" = Microsoft Office Outlook Connector
"{95A747E0-DF19-46CB-A622-20A0107201BD}" = HP Total Care Setup
"{9644C161-5CDA-47DC-B90F-86C23330C75B}" = TuneUp Utilities Language Pack (fr-FR)
"{9BD2DD45-8763-4F12-BDC6-958FCFEF0FCB}" = Microsoft IntelliType Pro 8.2
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9C05B2CC-68D0-4B46-A9C8-40CC4BF10C33}" = Windows Live Family Safety
"{9D56775A-93F3-44A3-8092-840E3826DE30}" = Windows Live Mail
"{9FAE6E8D-E686-49F5-A574-0A58DFD9580C}" = Windows Live Mail
"{A726AE06-AAA3-43D1-87E3-70F510314F04}" = Windows Live Writer
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{A9BDCA6B-3653-467B-AC83-94367DA3BFE3}" = Windows Live Photo Common
"{AAAFC670-569B-4A2F-82B4-42945E0DE3EF}" = Windows Live Writer
"{AB1C87CB-1807-4CF0-B4C2-CEE14C18CDB4}" = tools-solaris
"{AB47EEE8-507B-331F-AA28-B7C7257F014C}" = Microsoft Windows SDK for Visual Studio 2008 Express Tools for .NET Framework
"{AB61A2E9-37D3-485D-9085-19FBDF8CEF4A}" = Windows Live Messenger
"{AB93C51F-71F9-4A28-8134-FE1B5B9373E9}" = Windows Live Remote Service Resources
"{AC599724-5755-48C1-ABE7-ABB857652930}" = PC Connectivity Solution
"{AC76BA86-7AD7-1036-7B44-A90000000001}" = Adobe Reader 9 - Français
"{AD72CFB4-C2BF-424E-9DF0-C7BAD1F30A11}" = Adobe Shockwave Player
"{AE0F62A7-A1A2-407F-9F4C-48939BD9AD8D}" = tools-winPre2k
"{AF844339-2F8A-4593-81B3-9F4C54038C4E}" = Windows Live MIME IFilter
"{B92C5909-1D37-4C51-8397-A28BB28E5DC3}" = Facebook Video Calling 1.2.0.287
"{BE361597-42AC-4513-9BA6-FFAB310038FB}" = Microsoft SQL Server Compact 3.5 FRA
"{C1845647-AAD6-4126-9335-4922BA3B0423}" = QuickShare
"{C2F8CA82-2BD9-4513-B2D1-08A47914C1DA}_is1" = Uniblue DriverScanner
"{C3A32068-8AB1-4327-BB16-BED9C6219DC7}" = Atheros Driver Installation Program
"{C59C179C-668D-49A9-B6EA-0121CCFC1243}" = LabelPrint
"{C6150D8A-86ED-41D3-87BB-F3BB51B0B77F}" = Windows Live ID Sign-in Assistant
"{C893D8C0-1BA0-4517-B11C-E89B65E72F70}" = Windows Live Photo Common
"{CB099890-1D5F-11D5-9EA9-0050BAE317E1}" = PowerDirector
"{CC158E44-6465-402E-B2BB-D86C455670FF}" = Ma-Config.com
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{CE7E3BE0-2DD3-4416-A690-F9E4A99A8CFF}" = HP Active Support Library
"{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2}" = Windows Live UX Platform
"{D0795B21-0CDA-4a92-AB9E-6E92D8111E44}" = SAMSUNG USB Driver for Mobile Phones
"{D102611A-6466-4101-A51D-51069303AC65}" = tools-linux
"{D45240D3-B6B3-4FF9-B243-54ECE3E10066}" = Windows Live Communications Platform
"{DC24971E-1946-445D-8A82-CE685433FA7D}" = Realtek USB 2.0 Card Reader
"{DECDCB7C-58CC-4865-91AF-627F9798FE48}" = Windows Live Mesh
"{DFDBE1F9-04CE-4645-BB6C-4590EABC7A9C}" = Windows Live Remote Client Resources
"{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10
"{E3A5A8AB-58F6-45FF-AFCB-C9AE18C05001}" = IDT Audio
"{E5B21F11-6933-4E0B-A25C-7963E3C07D11}" = Windows Live Messenger
"{E5E29403-3D25-40C6-892B-F9FEE2A95585}" = HP Wireless Assistant
"{E91E7BCC-C5CD-465A-BB29-AD1EA07F283D}" = Microsoft SQL Server VSS Writer
"{EEAA3E5E-1296-45AD-A59E-5D63F604867D}" = Radmin Viewer 3.3
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
"{F13F89CB-448B-49B0-BC63-4746499167C6}" = ActivePerl 5.16.3 Build 1603
"{F193FC0E-9E18-40FC-A974-509A1BDD240A}" = Samsung New PC Studio
"{F40BBEC7-C2A4-4A00-9B24-7A055A2C5262}" = Microsoft Office Live Add-in 1.5
"{FF29527A-44CD-3422-945E-981A13584000}" = VC Runtimes MSI
"{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
"{FFD9383C-01D5-4897-A954-43AF599AED30}" = tools-windows
"3A5DEFA413DDE699DBA6EBE0A63534ACA524D30F" = Package de pilotes Windows - Nokia pccsmcfd (10/12/2007 6.85.4.0)
"Activation Assistant for the 2007 Microsoft Office suites" = Activation Assistant for the 2007 Microsoft Office suites
"Adobe AIR" = Adobe AIR
"Astroburn Lite" = Astroburn Lite
"Autorijden van A tot Z oefenen" = Autorijden van A tot Z oefenen
"Avast" = avast! Premier
"BleachBit" = BleachBit
"CCleaner" = CCleaner
"DAEMON Tools Lite" = DAEMON Tools Lite
"File Shredder_is1" = File Shredder 2.5
"FileZilla Client" = FileZilla Client 3.7.3
"FileZilla Server" = FileZilla Server
"GIMP-2_is1" = GIMP 2.8.4
"Google Chrome" = Google Chrome
"Haihaisoft PDF Reader" = Haihaisoft PDF Reader
"HDMI" = Intel® Graphics Media Accelerator Driver
"InstallShield_{01FB4998-33C4-4431-85ED-079E3EEFE75D}" = CyberLink YouCam
"InstallShield_{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}" = CyberLink DVD Suite
"InstallShield_{40BF1E83-20EB-11D8-97C5-0009C5020658}" = Power2Go
"InstallShield_{C59C179C-668D-49A9-B6EA-0121CCFC1243}" = LabelPrint
"InstallShield_{CB099890-1D5F-11D5-9EA9-0050BAE317E1}" = PowerDirector
"InstallShield_{F193FC0E-9E18-40FC-A974-509A1BDD240A}" = Samsung New PC Studio
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware version 1.75.0.1300
"Microsoft .NET Framework 3.5 Language Pack SP1 - fra" = Module linguistique Microsoft .NET Framework 3.5 SP1- fra
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile FRA Language Pack" = Module linguistique Microsoft .NET Framework 4 Client Profile FRA
"Microsoft IntelliType Pro 8.2" = Microsoft IntelliType Pro 8.2
"Microsoft SQL Server 2005" = Microsoft SQL Server 2005
"Microsoft Visual C++ 2008 Express Edition - FRA" = Microsoft Visual C++ 2008 Express - Français
"MSDN Library for Microsoft Visual Studio 2008 Express Editions" = MSDN Library pour les éditions Microsoft Visual Studio 2008 Express
"Nmap" = Nmap 6.40
"PKR" = PKR
"PROPLUS" = Microsoft Office Professional Plus 2007
"ResourceHacker_is1" = Resource Hacker Version 3.6.0
"Revo Uninstaller" = Revo Uninstaller 1.94
"SAMSUNG Mobile Composite Device" = SAMSUNG Mobile Composite Device Software
"Samsung Mobile Modem Device" = Samsung Mobile Modem Device Software
"Samsung Mobile phone USB driver" = Samsung Mobile phone USB driver Software
"SynTPDeinstKey" = Synaptics Pointing Device Driver
"TeamViewer 8" = TeamViewer 8
"TuneUp Utilities 2012" = TuneUp Utilities 2012
"Unlocker" = Unlocker 1.9.1-x64
"VLC media player" = VLC media player 2.0.1
"VMware_Workstation" = VMware Workstation
"WildTangent hp Master Uninstall" = My HP Games
"WinHTTrack Website Copier_is1" = WinHTTrack Website Copier 3.47-27
"WinLiveSuite" = Windows Live
"WinPcapInst" = WinPcap 4.1.2
"WinRAR archiver" = WinRAR 4.01 (32 bits)
"Wireshark" = Wireshark 1.8.7 (32-bit)
"xchat" = XChat 2 (remove only)

========== HKEY_USERS Uninstall List ==========

[HKEY_USERS\S-1-5-21-2259745054-535292464-177051247-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"BitTorrent" = BitTorrent
"CodeBlocks" = CodeBlocks
"MyFreeCodec" = MyFreeCodec
"Notification de cadeaux MSN" = Notification de cadeaux MSN

========== Last 20 Event Log Errors ==========

[ Application Events ]
Error - 27/11/2013 9:11:30 | Computer Name = PC-de-Portable | Source = vmauthd | ID = 1000
Description = 2013-11-27T14:11:30.454+01:00| vthread-4| E105: Malformed perfmon
object, index=2

Error - 27/11/2013 9:11:30 | Computer Name = PC-de-Portable | Source = vmauthd | ID = 1000
Description = 2013-11-27T14:11:30.485+01:00| vthread-4| E105: Malformed perfmon
object, index=3

Error - 27/11/2013 9:11:30 | Computer Name = PC-de-Portable | Source = vmauthd | ID = 1000
Description = 2013-11-27T14:11:30.532+01:00| vthread-4| E105: Malformed perfmon
object, index=4

Error - 27/11/2013 9:11:30 | Computer Name = PC-de-Portable | Source = vmauthd | ID = 1000
Description = 2013-11-27T14:11:30.563+01:00| vthread-4| E105: Malformed perfmon
object, index=5

Error - 27/11/2013 9:11:35 | Computer Name = PC-de-Portable | Source = vmauthd | ID = 1000
Description = 2013-11-27T14:11:35.602+01:00| vthread-4| E105: Malformed perfmon
object, index=0

Error - 27/11/2013 9:11:35 | Computer Name = PC-de-Portable | Source = vmauthd | ID = 1000
Description = 2013-11-27T14:11:35.633+01:00| vthread-4| E105: Malformed perfmon
object, index=1

Error - 27/11/2013 9:11:35 | Computer Name = PC-de-Portable | Source = vmauthd | ID = 1000
Description = 2013-11-27T14:11:35.680+01:00| vthread-4| E105: Malformed perfmon
object, index=2

Error - 27/11/2013 9:11:35 | Computer Name = PC-de-Portable | Source = vmauthd | ID = 1000
Description = 2013-11-27T14:11:35.711+01:00| vthread-4| E105: Malformed perfmon
object, index=3

Error - 27/11/2013 9:11:35 | Computer Name = PC-de-Portable | Source = vmauthd | ID = 1000
Description = 2013-11-27T14:11:35.743+01:00| vthread-4| E105: Malformed perfmon
object, index=4

Error - 27/11/2013 9:11:35 | Computer Name = PC-de-Portable | Source = vmauthd | ID = 1000
Description = 2013-11-27T14:11:35.774+01:00| vthread-4| E105: Malformed perfmon
object, index=5

[ OSession Events ]
Error - 29/10/2012 10:42:31 | Computer Name = PC-de-Portable | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
12.0.6662.5003, Microsoft Office Version: 12.0.6612.1000. This session lasted 5
seconds with 0 seconds of active time. This session ended with a crash.

[ System Events ]
Error - 27/11/2013 3:36:32 | Computer Name = PC-de-Portable | Source = Service Control Manager | ID = 7000
Description =

Error - 27/11/2013 3:36:32 | Computer Name = PC-de-Portable | Source = Service Control Manager | ID = 7000
Description =

Error - 27/11/2013 3:37:19 | Computer Name = PC-de-Portable | Source = Service Control Manager | ID = 7026
Description =

Error - 27/11/2013 3:40:33 | Computer Name = PC-de-Portable | Source = Microsoft-Windows-LanguagePackSetup | ID = 1001
Description =

Error - 27/11/2013 3:51:22 | Computer Name = PC-de-Portable | Source = Microsoft-Windows-LanguagePackSetup | ID = 1003
Description =

Error - 27/11/2013 9:07:18 | Computer Name = PC-de-Portable | Source = atapi | ID = 262155
Description = Le pilote a détecté une erreur du contrôleur sur \Device\Ide\IdePort0.

Error - 27/11/2013 9:07:18 | Computer Name = PC-de-Portable | Source = atapi | ID = 262155
Description = Le pilote a détecté une erreur du contrôleur sur \Device\Ide\IdePort0.

Error - 27/11/2013 9:07:18 | Computer Name = PC-de-Portable | Source = atapi | ID = 262155
Description = Le pilote a détecté une erreur du contrôleur sur \Device\Ide\IdePort0.

Error - 27/11/2013 9:07:18 | Computer Name = PC-de-Portable | Source = atapi | ID = 262155
Description = Le pilote a détecté une erreur du contrôleur sur \Device\Ide\IdePort0.

Error - 27/11/2013 9:07:50 | Computer Name = PC-de-Portable | Source = volsnap | ID = 393230
Description = Les clichés instantanés C: ont été annulés à cause d'une défaillance
d'E/S sur le volume C:.

[ TuneUp Events ]
Error - 2/09/2012 15:56:00 | Computer Name = PC-de-Portable | Source = TuneUp.UtilitiesSvc | ID = 300
Description =

Error - 3/09/2012 7:22:39 | Computer Name = PC-de-Portable | Source = TuneUp.UtilitiesSvc | ID = 300
Description =

Error - 3/09/2012 7:22:39 | Computer Name = PC-de-Portable | Source = TuneUp.UtilitiesSvc | ID = 300
Description =

Error - 3/09/2012 7:22:39 | Computer Name = PC-de-Portable | Source = TuneUp.UtilitiesSvc | ID = 300
Description =


< End of report >


aswMBR log:

aswMBR version 0.9.9.1771 Copyright© 2011 AVAST Software
Run date: 2013-11-27 14:17:43
-----------------------------
14:17:43.862 OS Version: Windows 6.0.6002 Service Pack 2
14:17:43.862 Number of processors: 2 586 0x170A
14:17:43.877 ComputerName: PC-DE-PORTABLE UserName: Portable
14:17:46.779 Initialize success
14:17:52.348 AVAST engine defs: 13112600
14:18:16.840 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-0
14:18:16.840 Disk 0 Vendor: WDC_WD3200BEVT-60ZCT1 13.01A13 Size: 305245MB BusType: 3
14:18:16.996 Disk 0 MBR read successfully
14:18:16.996 Disk 0 MBR scan
14:18:16.996 Disk 0 unknown MBR code
14:18:17.027 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 294122 MB offset 2048
14:18:17.059 Disk 0 Partition 2 00 07 HPFS/NTFS NTFS 11119 MB offset 602363904
14:18:17.074 Disk 0 scanning sectors +625135616
14:18:17.152 Disk 0 scanning C:\Windows\system32\drivers
14:18:31.083 Service scanning
14:18:58.289 Modules scanning
14:19:06.776 Disk 0 trace - called modules:
14:19:06.807 ntkrnlpa.exe CLASSPNP.SYS disk.sys acpi.sys hal.dll ataport.SYS PCIIDEX.SYS msahci.sys
14:19:06.823 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x86b68810]
14:19:06.823 3 CLASSPNP.SYS[8b0098b3] -> nt!IofCallDriver -> [0x862ef360]
14:19:06.838 5 acpi.sys[8ae976bc] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP0T0L0-0[0x862b5b98]
14:19:08.804 AVAST engine scan C:\Windows
14:19:13.562 AVAST engine scan C:\Windows\system32
14:22:55.082 AVAST engine scan C:\Windows\system32\drivers
14:23:30.743 AVAST engine scan C:\Users\Portable
14:31:40.911 AVAST engine scan C:\ProgramData
15:00:44.746 Disk 0 MBR has been saved successfully to "C:\Users\Portable\Desktop\MBR.dat"
15:00:44.746 The log file has been saved successfully to "C:\Users\Portable\Desktop\aswMBR.txt"


What symptoms is your machine experiencing?

Well, sometimes I'm working on the computer and i get a blue screen. But I always make some scans on my pc with Malwarebytes and Avast! but I'm just scared of being infected by a undetectable virus.

That's it, I'm waiting you to reply and thanks again :thumbsup:
  • 0

#4
pystryker

pystryker

    Trusted Helper

  • Malware Removal
  • 3,886 posts

Hey Pystryker

Thanks for your help that I really appriciated :thumbsup:


You are very much welcome. :)


Overall, I don't see anything on your machine other than a bit of malware in Internet Explorer that's easily taken care of. However, there are some programs on your machine that we do not recommend, as they can cause more harm than good. I have some information for you and some programs that need uninstalling.

When posting, no need to put the logs in quote boxes. :)

The Dangers of P2P Programs

I noticed that you have a P2P file sharing program (BitTorrent) on your computer . I cannot stress highly enough the danger in using these types of programs. P2P programs are one of the major avenues of infection these days. The files downloaded with these programs are more likely than not infected with trojans, malware, rootkits, etc.

You run the risk of getting an infection that can compromise your sensitive data, such as financial records, personal information, etc. That is just the infection aspect of using P2P programs. You also run the risk of possible arrest, fines, or in severe cases, jail time for illegal downloading of copyrighted material.

Here are some information sources about the dangers of P2P programs:

FBI - Peer to Peer Scams

USA Today Artticle on P2P Programs

File Sharing Infects 500,000 Computers

I very much recommend you uninstall this program from your machine. If not, I can guarantee you will be back needing help with your machine again. The risks of infections from content downloaded with P2P programs far outweigh any benefit of using them.

It is, of course, your choice as to whether or not you remove the program from your machine. It is my duty though, to point out how dangerous it is to use these programs. However, I must request that you do not use it while we are cleaning your machine.


Registry Cleaner Warning

There were signs of multiple programs that are either currently or have been previously installed on your computer that contain registry cleaners.A registry cleaner will not increase your system's speed or performance, and has the potential to break your registry to the point that your PC is no longer bootable. At Geeks to Go we strongly advise that people stay away from any of the registry cleaners out there. Go here to get more information about why registry cleaners aren't needed. Technet blog also discusses this issue as well as Ed Bott.



Please disable Windows Defender and Avast for the duration of these instructions. You may re-enable them when the steps are completed.



Step 1: Temporarily Uninstall Punkbuster


PunkBuster Advice:

There are some issues with infections in relation to PunkBuster...

Your computer has installed gaming tools. Some of these, like Punkbuster, use spyware techniques to engage in the anti-piracy battle.
In the process, they take control of much of your PC, and they actually meet the definition of spyware/malware.
They are sometimes designed to prevent orderly removal or modification, and they have only limited respect for retaining the overall security and integrity of your machine.

My advice would be to download the removal tool from here. Use this to uninstall PunkBuster Services. Then when I give the all clear use it again to reinstall PunkBuster Services if you so wish.

So after you have downloaded the removal tool for PunkBuster Services run it as follows...

  • Right-click on pbsvc.exe and select select Run as Administrator.
  • Ensure Un-install/Remove PunkBuster Service is selected.
  • Click on Next >> Yes >> Finish.
  • Reboot(restart) your machine if not prompted to do so.


Step 2: Program Uninstalls


Please uninstall the following programs from you machine by following the instructions below:

  • Uniblue Driver Scanner - This can download the incorrect driver for your machine. Always download new drivers from the manufacturer's website.
  • Java™ 6 Update 31
  • Java 7 Update 17
  • TuneUp Utilities 2012

  • Open Programs and Features by clicking the Start button, clicking Control Panel, clicking Programs, and then clicking Programs and Features.
  • Select a program, and then click Uninstall. Please grant Administrator permission required If you are prompted for an administrator password or confirmation, type the password or provide confirmation.


Step 3: OTL Fix


Let's run an OTL fix:

Warning: This fix is to be used on this system and this system ONLY. Using this fix on any other machine other than yours can seriously damage it.

Be advised that when the fix commences, it will shut down all running processes and you may lose the dektop and icons, they will return on reboot.

Run OTL

  • Copy the text in the quote box below (do not copy the word "quote") and paste in the in the box marked Custom Scans/Fixes as shown in the graphic below.

Posted Image

:Commands
[createrestorepoint]

:OTL
SRV - [2011/12/14 15:57:00 | 001,514,304 | ---- | M] (TuneUp Software) [Auto | Running] -- C:\Program Files\TuneUp Utilities 2012\TuneUpUtilitiesService32.exe -- (TuneUp.UtilitiesSvc)
SRV - [2011/12/14 15:56:50 | 000,028,992 | ---- | M] (TuneUp Software) [Auto | Running] -- C:\Windows\System32\uxtuneup.dll -- (UxTuneUp)
IE - HKLM\..\SearchScopes\{993f1df9-4ef3-450c-bf9c-f312f7be85d0}: "URL" = http://search.mywebs...r={searchTerms}
IE - HKLM\..\SearchScopes\{FA417BC8-796B-484F-826A-851B72200CCE}: "URL" = http://be.kelkoopart...tnerId=96913939
IE - HKU\S-1-5-21-2259745054-535292464-177051247-1000\..\SearchScopes\{993f1df9-4ef3-450c-bf9c-f312f7be85d0}: "URL" = http://search.mywebs...r={searchTerms}
IE - HKU\S-1-5-21-2259745054-535292464-177051247-1000\..\SearchScopes\{FA417BC8-796B-484F-826A-851B72200CCE}: "URL" = http://be.kelkoopart...tnerId=96913939
O4 - HKU\S-1-5-21-2259745054-535292464-177051247-1000..\Run: [DriverScanner] C:\Program Files\Uniblue\DriverScanner\launcher.exe (Uniblue Systems Limited)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Reg Error: Value error.)
O16 - DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_31)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 10.17.2)
[2011/11/29 10:17:11 | 000,000,000 | ---D | M] -- C:\Users\Portable\AppData\Roaming\TuneUp Software
[2012/10/06 20:18:32 | 000,000,000 | ---D | M] -- C:\Users\Portable\AppData\Roaming\Uniblue
O27 - HKLM IFEO\driverscanner.exe: Debugger - C:\Program Files\TuneUp Utilities 2012\TUAutoReactivator32.exe (TuneUp Software)
O27 - HKLM IFEO\dtlite.exe: Debugger - C:\Program Files\TuneUp Utilities 2012\TUAutoReactivator32.exe (TuneUp Software)
O27 - HKLM IFEO\filezilla server interface.exe: Debugger - C:\Program Files\TuneUp Utilities 2012\TUAutoReactivator32.exe (TuneUp Software)
O27 - HKLM IFEO\filezilla server.exe: Debugger - C:\Program Files\TuneUp Utilities 2012\TUAutoReactivator32.exe (TuneUp Software)
O27 - HKLM IFEO\labelprint.exe: Debugger - C:\Program Files\TuneUp Utilities 2012\TUAutoReactivator32.exe (TuneUp Software)
O27 - HKLM IFEO\npsguide.exe: Debugger - C:\Program Files\TuneUp Utilities 2012\TUAutoReactivator32.exe (TuneUp Software)
O27 - HKLM IFEO\pdr.exe: Debugger - C:\Program Files\TuneUp Utilities 2012\TUAutoReactivator32.exe (TuneUp Software)
O27 - HKLM IFEO\power2go.exe: Debugger - C:\Program Files\TuneUp Utilities 2012\TUAutoReactivator32.exe (TuneUp Software)
O27 - HKLM IFEO\powerstarter.exe: Debugger - C:\Program Files\TuneUp Utilities 2012\TUAutoReactivator32.exe (TuneUp Software)
O27 - HKLM IFEO\rserver3.exe: Debugger - C:\Program Files\TuneUp Utilities 2012\TUAutoReactivator32.exe (TuneUp Software)
O27 - HKLM IFEO\sptdinst-x86.exe: Debugger - C:\Program Files\TuneUp Utilities 2012\TUAutoReactivator32.exe (TuneUp Software)
O27 - HKLM IFEO\unins000.exe: Debugger - C:\Program Files\TuneUp Utilities 2012\TUAutoReactivator32.exe (TuneUp Software)
O27 - HKLM IFEO\uninstall.exe: Debugger - C:\Program Files\TuneUp Utilities 2012\TUAutoReactivator32.exe (TuneUp Software)
@Alternate Data Stream - 125 bytes -> C:\ProgramData\Temp:661DFA1C
@Alternate Data Stream - 12 bytes -> C:\Windows:{4B9A1497-0817-47C4-9612-D6A1C53ACF57}


:Files
C:\Windows\System32\uxtuneup.dll
C:\Program Files\TuneUp Utilities 2012

:Commands
[emptytemp]


  • Click the Run Fix button at the top of the OTL control panel.
  • Let the program run until it's finished and then reboot the computer.
  • Once your machine has rebooted, a log will open. Please post that log in your next reply.

If you have any problems, questions, or need further explanation, please post a message in this thread and I will get back to you asap.



Step 4: Download and Run AdwCleaner


Download ADWcleaner by clicking here. Please save it to your Desktop


Posted Image

  • Double click (Vista and 7 Users)right click the adwcleaner.exe file and click Run as Adminstrator and accept the UAC prompt to run AdwCleaner
  • Close any open windows or browsers.
  • Pause your Anti-Virus program if it is running.
  • Once it starts, click on the Scan button.
  • Let the scan complete itself. This may take a few minutes.
  • Once the scan has finished, click the Clean button. When finished, it will ask to reboot. Please reboot.
  • When the machine has rebooted, a log will be produced. Please copy/paste that in your next reply. Here's how:
  • Click the Report button and the log will open. Copy and Paste the contents of the log file into your next reply.
This report is also saved at C:\AdwCleaner[R0].txt


Step 5: Download and Run Junkware Removal Tool


Posted Image Please download Junkware Removal Tool to your desktop.
  • Shut down your protection software now to avoid potential conflicts.
  • Run the tool by double-clicking it. If you are using Windows Vista, 7, or 8; instead of double-clicking, right-mouse click JRT.exe and select "Run as Administrator".
  • The tool will open and start scanning your system.
  • Please be patient as this can take a while to complete depending on your system's specifications.
  • On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
  • Post the contents of JRT.txt into your next message.


Step 6: OTL Quick Scan


  • Start OTL and this time click the Quick Scan button.
  • OTL will scan your machine and produce just one log this time, please post it in your next post
.


Things I need to see in your next post:

  • OTL Fix Log
  • AdwCleaner Log
  • Junkware Removal Tool Log
  • OTL Quick Scan Log

  • 0

#5
Geekl33t

Geekl33t

    Member

  • Topic Starter
  • Member
  • PipPip
  • 22 posts
Hey Pystryker

I'm back with the logs :D

Here they are:

OTL fix log:
All processes killed
========== COMMANDS ==========
Restore point Set: OTL Restore Point
========== OTL ==========
Error: No service named TuneUp.UtilitiesSvc was found to stop!
Service\Driver key TuneUp.UtilitiesSvc not found.
File C:\Program Files\TuneUp Utilities 2012\TuneUpUtilitiesService32.exe not found.
Error: No service named UxTuneUp was found to stop!
Service\Driver key UxTuneUp not found.
File C:\Windows\System32\uxtuneup.dll not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{993f1df9-4ef3-450c-bf9c-f312f7be85d0}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{993f1df9-4ef3-450c-bf9c-f312f7be85d0}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{FA417BC8-796B-484F-826A-851B72200CCE}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{FA417BC8-796B-484F-826A-851B72200CCE}\ not found.
Registry key HKEY_USERS\S-1-5-21-2259745054-535292464-177051247-1000\Software\Microsoft\Internet Explorer\SearchScopes\{993f1df9-4ef3-450c-bf9c-f312f7be85d0}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{993f1df9-4ef3-450c-bf9c-f312f7be85d0}\ not found.
Registry key HKEY_USERS\S-1-5-21-2259745054-535292464-177051247-1000\Software\Microsoft\Internet Explorer\SearchScopes\{FA417BC8-796B-484F-826A-851B72200CCE}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{FA417BC8-796B-484F-826A-851B72200CCE}\ not found.
Registry value HKEY_USERS\S-1-5-21-2259745054-535292464-177051247-1000\Software\Microsoft\Windows\CurrentVersion\Run\\DriverScanner not found.
File C:\Program Files\Uniblue\DriverScanner\launcher.exe not found.
Starting removal of ActiveX control {8AD9C840-044E-11D1-B3E9-00805F499D93}
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{8AD9C840-044E-11D1-B3E9-00805F499D93}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8AD9C840-044E-11D1-B3E9-00805F499D93}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{8AD9C840-044E-11D1-B3E9-00805F499D93}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8AD9C840-044E-11D1-B3E9-00805F499D93}\ not found.
Starting removal of ActiveX control {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA}
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA}\ not found.
Starting removal of ActiveX control {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}\ not found.
C:\Users\Portable\AppData\Roaming\TuneUp Software\TuneUp Utilities 2012\WinStyler\LogonScreens\Cache folder moved successfully.
C:\Users\Portable\AppData\Roaming\TuneUp Software\TuneUp Utilities 2012\WinStyler\LogonScreens folder moved successfully.
C:\Users\Portable\AppData\Roaming\TuneUp Software\TuneUp Utilities 2012\WinStyler\LogoAnimations\Cache folder moved successfully.
C:\Users\Portable\AppData\Roaming\TuneUp Software\TuneUp Utilities 2012\WinStyler\LogoAnimations folder moved successfully.
C:\Users\Portable\AppData\Roaming\TuneUp Software\TuneUp Utilities 2012\WinStyler\BootScreens\Cache folder moved successfully.
C:\Users\Portable\AppData\Roaming\TuneUp Software\TuneUp Utilities 2012\WinStyler\BootScreens folder moved successfully.
C:\Users\Portable\AppData\Roaming\TuneUp Software\TuneUp Utilities 2012\WinStyler folder moved successfully.
C:\Users\Portable\AppData\Roaming\TuneUp Software\TuneUp Utilities 2012 folder moved successfully.
C:\Users\Portable\AppData\Roaming\TuneUp Software\TU2012\TuningIndex folder moved successfully.
C:\Users\Portable\AppData\Roaming\TuneUp Software\TU2012\StartUp Manager folder moved successfully.
C:\Users\Portable\AppData\Roaming\TuneUp Software\TU2012\Speed Optimizer folder moved successfully.
C:\Users\Portable\AppData\Roaming\TuneUp Software\TU2012\Disk Space Explorer folder moved successfully.
C:\Users\Portable\AppData\Roaming\TuneUp Software\TU2012\Dashboard folder moved successfully.
C:\Users\Portable\AppData\Roaming\TuneUp Software\TU2012\Backups folder moved successfully.
C:\Users\Portable\AppData\Roaming\TuneUp Software\TU2012 folder moved successfully.
C:\Users\Portable\AppData\Roaming\TuneUp Software folder moved successfully.
Folder C:\Users\Portable\AppData\Roaming\Uniblue\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\driverscanner.exe\ not found.
File C:\Program Files\TuneUp Utilities 2012\TUAutoReactivator32.exe not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\dtlite.exe\ not found.
File C:\Program Files\TuneUp Utilities 2012\TUAutoReactivator32.exe not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\filezilla server interface.exe\ not found.
File C:\Program Files\TuneUp Utilities 2012\TUAutoReactivator32.exe not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\filezilla server.exe\ not found.
File C:\Program Files\TuneUp Utilities 2012\TUAutoReactivator32.exe not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\labelprint.exe\ not found.
File C:\Program Files\TuneUp Utilities 2012\TUAutoReactivator32.exe not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\npsguide.exe\ not found.
File C:\Program Files\TuneUp Utilities 2012\TUAutoReactivator32.exe not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\pdr.exe\ not found.
File C:\Program Files\TuneUp Utilities 2012\TUAutoReactivator32.exe not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\power2go.exe\ not found.
File C:\Program Files\TuneUp Utilities 2012\TUAutoReactivator32.exe not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\powerstarter.exe\ not found.
File C:\Program Files\TuneUp Utilities 2012\TUAutoReactivator32.exe not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\rserver3.exe\ not found.
File C:\Program Files\TuneUp Utilities 2012\TUAutoReactivator32.exe not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\sptdinst-x86.exe\ not found.
File C:\Program Files\TuneUp Utilities 2012\TUAutoReactivator32.exe not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\unins000.exe\ not found.
File C:\Program Files\TuneUp Utilities 2012\TUAutoReactivator32.exe not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\uninstall.exe\ not found.
File C:\Program Files\TuneUp Utilities 2012\TUAutoReactivator32.exe not found.
ADS C:\ProgramData\Temp:661DFA1C deleted successfully.
ADS C:\Windows:{4B9A1497-0817-47C4-9612-D6A1C53ACF57} deleted successfully.
========== FILES ==========
File\Folder C:\Windows\System32\uxtuneup.dll not found.
File\Folder C:\Program Files\TuneUp Utilities 2012 not found.
========== COMMANDS ==========

[EMPTYTEMP]

User: All Users

User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes
->Flash cache emptied: 57472 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: LogMeInRemoteUser
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes
->Flash cache emptied: 56504 bytes

User: Portable
->Temp folder emptied: 42762770 bytes
->Temporary Internet Files folder emptied: 8039913 bytes
->Java cache emptied: 0 bytes
->Google Chrome cache emptied: 42694663 bytes
->Flash cache emptied: 15488168 bytes

User: Public

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 12266037 bytes
RecycleBin emptied: 220147 bytes

Total Files Cleaned = 116,00 mb


OTL by OldTimer - Version 3.2.69.0 log created on 11272013_232827

Files\Folders moved on Reboot...
C:\Users\Portable\AppData\Local\Temp\ehmsas.txt moved successfully.
File move failed. C:\Windows\temp\_avast_\Webshlock.txt scheduled to be moved on reboot.
File move failed. C:\Windows\temp\vmware-SYSTEM\vmauthd.log scheduled to be moved on reboot.
C:\Windows\temp\vmware-SYSTEM\vmware-usbarb-5288.log moved successfully.
File\Folder C:\Windows\temp\TMP00000010FF8C8367945B6E19 not found!

PendingFileRenameOperations files...

Registry entries deleted on Reboot...

AdwCleaner log:
# AdwCleaner v3.013 - Rapport créé le 27/11/2013 à 23:47:28
# Mis à jour le 24/11/2013 par Xplode
# Système d'exploitation : Windows Vista ™ Home Premium Service Pack 2 (32 bits)
# Nom d'utilisateur : Portable - PC-DE-PORTABLE
# Exécuté depuis : C:\Users\Portable\Desktop\adwcleaner.exe
# Option : Nettoyer

***** [ Services ] *****


***** [ Fichiers / Dossiers ] *****

Dossier Supprimé : C:\ProgramData\rvlkl
Dossier Supprimé : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\myfree codec
Dossier Supprimé : C:\Program Files\myfree codec

***** [ Raccourcis ] *****


***** [ Registre ] *****

Clé Supprimée : HKCU\Software\Google\Chrome\Extensions\elhjaoldnkkbifioodjndkijecdeinld
Clé Supprimée : HKLM\SOFTWARE\Google\Chrome\Extensions\elhjaoldnkkbifioodjndkijecdeinld
Clé Supprimée : HKLM\SOFTWARE\Classes\driverscanner
Clé Supprimée : HKLM\SOFTWARE\Classes\protector_dll.protectorbho
Clé Supprimée : HKLM\SOFTWARE\Classes\protector_dll.protectorbho.1
Clé Supprimée : HKLM\SOFTWARE\Classes\AppID\{0A18A436-2A7A-49F3-A488-30538A2F6323}
Clé Supprimée : HKLM\SOFTWARE\Classes\CLSID\{00000001-4FEF-40D3-B3FA-E0531B897F98}
Clé Supprimée : HKLM\SOFTWARE\Classes\CLSID\{007EFBDF-8A5D-4930-97CC-A4B437CBA777}
Clé Supprimée : HKLM\SOFTWARE\Classes\CLSID\{5C3B5DAA-0AFF-4808-90FB-0F2F2D760E36}
Clé Supprimée : HKLM\SOFTWARE\Classes\CLSID\{64697678-0000-0010-8000-00AA00389B71}
Clé Supprimée : HKLM\SOFTWARE\Classes\CLSID\{FD501041-8EBE-11CE-8183-00AA00577DA2}
Clé Supprimée : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{9D5BD211-422C-4164-9298-BB4186A30F31}
Clé Supprimée : HKCU\Software\Myfree Codec
Clé Supprimée : HKCU\Software\smartbarbackup
Clé Supprimée : HKCU\Software\smartbarlog
Clé Supprimée : HKLM\Software\Myfree Codec
Clé Supprimée : HKLM\Software\Uniblue
Clé Supprimée : HKCU\Software\Microsoft\Windows\CurrentVersion\Uninstall\MyFreeCodec
Clé Supprimée : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\{D08D9F98-1C78-4704-87E6-368B0023D831}
Clé Supprimée : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\MyFreeCodec
Clé Supprimée : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\08121C32A9C319F4CB0C11FF059552A4

***** [ Navigateurs ] *****

-\\ Internet Explorer v9.0.8112.16520


-\\ Google Chrome v31.0.1650.57

[ Fichier : C:\Users\Portable\AppData\Local\Google\Chrome\User Data\Default\preferences ]


*************************

AdwCleaner[R0].txt - [2667 octets] - [27/11/2013 23:45:19]
AdwCleaner[S0].txt - [2566 octets] - [27/11/2013 23:47:28]

########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [2626 octets] ##########

Junkware Removal Tool log:
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.0.8 (11.05.2013:1)
OS: Windows Vista ™ Home Premium x86
Ran by Portable on mer. 27/11/2013 at 23:58:50,21
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




~~~ Services



~~~ Registry Values




~~~ Registry Keys

Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{06CFEDC0-41F4-4152-B070-C14DD6C23DE6}
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\SearchScopes\{06CFEDC0-41F4-4152-B070-C14DD6C23DE6}



~~~ Files



~~~ Folders

Successfully deleted: [Folder] "C:\Users\Portable\appdata\local\cre"
Successfully deleted: [Empty Folder] C:\Users\Portable\appdata\local\{0127D557-AE86-4193-9254-D00876E6EE2A}
Successfully deleted: [Empty Folder] C:\Users\Portable\appdata\local\{03085967-4190-4C46-B341-896049801B88}
Successfully deleted: [Empty Folder] C:\Users\Portable\appdata\local\{0775C405-F1B5-46EF-8C93-EC982A1CE1B6}
Successfully deleted: [Empty Folder] C:\Users\Portable\appdata\local\{0B0ACD6E-F0A5-40FA-B938-A90827D36E43}
Successfully deleted: [Empty Folder] C:\Users\Portable\appdata\local\{118EDCDA-925D-449E-96F8-763B940227BD}
Successfully deleted: [Empty Folder] C:\Users\Portable\appdata\local\{163C1D7E-81AA-435E-9BCE-76CB0C211A69}
Successfully deleted: [Empty Folder] C:\Users\Portable\appdata\local\{16D5761E-2C69-487D-856A-645066D48F27}
Successfully deleted: [Empty Folder] C:\Users\Portable\appdata\local\{193C1045-2B21-4E32-8D5D-885D0238C0E9}
Successfully deleted: [Empty Folder] C:\Users\Portable\appdata\local\{19E0DADF-FFF3-4C10-BC97-5D851F486D5D}
Successfully deleted: [Empty Folder] C:\Users\Portable\appdata\local\{1DC3F85A-7B46-423E-B3CF-814696385A20}
Successfully deleted: [Empty Folder] C:\Users\Portable\appdata\local\{1FE08583-E2CB-4555-AC66-515847309E9A}
Successfully deleted: [Empty Folder] C:\Users\Portable\appdata\local\{24126C62-C297-46DD-8F8F-D0F715BDB639}
Successfully deleted: [Empty Folder] C:\Users\Portable\appdata\local\{246A3A37-9413-4A5C-8FF2-08D0A136F40B}
Successfully deleted: [Empty Folder] C:\Users\Portable\appdata\local\{254000AF-70AD-4E46-B032-A8225B8D4460}
Successfully deleted: [Empty Folder] C:\Users\Portable\appdata\local\{25537B73-3B69-47D4-828A-80D7DAB3485E}
Successfully deleted: [Empty Folder] C:\Users\Portable\appdata\local\{27397149-AA60-488C-9200-DBAC74367383}
Successfully deleted: [Empty Folder] C:\Users\Portable\appdata\local\{2AFF0EC9-4215-4180-BCF2-3D2CDBCB6BA3}
Successfully deleted: [Empty Folder] C:\Users\Portable\appdata\local\{334A1C3F-379B-4653-9A1E-B22FA0C68E9B}
Successfully deleted: [Empty Folder] C:\Users\Portable\appdata\local\{336283F9-F899-4038-95C6-F183A89C0D2C}
Successfully deleted: [Empty Folder] C:\Users\Portable\appdata\local\{3406C19C-99C1-4449-9431-9BBC519177F9}
Successfully deleted: [Empty Folder] C:\Users\Portable\appdata\local\{35E4FDED-2B98-4B3E-9857-86E2D137A111}
Successfully deleted: [Empty Folder] C:\Users\Portable\appdata\local\{360F3422-6C10-4425-85EC-A483603115B7}
Successfully deleted: [Empty Folder] C:\Users\Portable\appdata\local\{3659EC4B-9721-4FC1-B64F-FC2A6BA81113}
Successfully deleted: [Empty Folder] C:\Users\Portable\appdata\local\{36845261-39BC-4467-8FE8-3D114152A871}
Successfully deleted: [Empty Folder] C:\Users\Portable\appdata\local\{3925EA76-6F48-488B-BB67-F12EC9B1A597}
Successfully deleted: [Empty Folder] C:\Users\Portable\appdata\local\{397FA0BC-FEE5-4E57-BD0F-12D3F171E332}
Successfully deleted: [Empty Folder] C:\Users\Portable\appdata\local\{3BFB103D-A367-4E96-B4F1-378D6C4BE419}
Successfully deleted: [Empty Folder] C:\Users\Portable\appdata\local\{3CAD396E-5248-47C1-BAE3-5376366B5EF7}
Successfully deleted: [Empty Folder] C:\Users\Portable\appdata\local\{3D28684D-DC66-4A03-B8E8-864947917456}
Successfully deleted: [Empty Folder] C:\Users\Portable\appdata\local\{3E521263-8AD7-4DAE-92DF-47BFF09C3238}
Successfully deleted: [Empty Folder] C:\Users\Portable\appdata\local\{4422BFB5-F55D-486A-9209-45D50F1C386F}
Successfully deleted: [Empty Folder] C:\Users\Portable\appdata\local\{4A366C57-5FEB-4D74-A581-1E21D4136154}
Successfully deleted: [Empty Folder] C:\Users\Portable\appdata\local\{4A90E36F-A5F8-4B38-9559-4E07991B5787}
Successfully deleted: [Empty Folder] C:\Users\Portable\appdata\local\{4E72C2C9-5A8B-443A-B277-69E2F4577F2E}
Successfully deleted: [Empty Folder] C:\Users\Portable\appdata\local\{52867ACD-6504-48CF-88B2-19401BE7A303}
Successfully deleted: [Empty Folder] C:\Users\Portable\appdata\local\{576E0862-AAD6-4A6F-9979-507E70617806}
Successfully deleted: [Empty Folder] C:\Users\Portable\appdata\local\{597F0C24-835D-47C3-82AC-6EDECB3DA858}
Successfully deleted: [Empty Folder] C:\Users\Portable\appdata\local\{599A06A2-9095-4CDC-8A8F-856EE394DF43}
Successfully deleted: [Empty Folder] C:\Users\Portable\appdata\local\{5A04F5C0-611A-4790-BB6F-BC0D31EB28DC}
Successfully deleted: [Empty Folder] C:\Users\Portable\appdata\local\{6002AC9F-4BD3-45B5-8D95-CECA28929410}
Successfully deleted: [Empty Folder] C:\Users\Portable\appdata\local\{60577A27-9F96-4DCC-976C-56FECC657ECB}
Successfully deleted: [Empty Folder] C:\Users\Portable\appdata\local\{65154D82-CA71-46CC-BB66-D7A91EF7DD7C}
Successfully deleted: [Empty Folder] C:\Users\Portable\appdata\local\{66E21A9A-BBF7-4CA6-ABC8-3602C7794E56}
Successfully deleted: [Empty Folder] C:\Users\Portable\appdata\local\{6A91277E-265C-4744-99B1-2FBD6B306167}
Successfully deleted: [Empty Folder] C:\Users\Portable\appdata\local\{6AD1D812-5881-42FB-B3CD-55ED82F9DE3A}
Successfully deleted: [Empty Folder] C:\Users\Portable\appdata\local\{6EB7E24E-0215-4691-98EC-73C7567A1C7F}
Successfully deleted: [Empty Folder] C:\Users\Portable\appdata\local\{7023408E-3FE9-46D8-8B58-BC072E551195}
Successfully deleted: [Empty Folder] C:\Users\Portable\appdata\local\{712325CE-62BA-42F8-B7A5-23258A9F7092}
Successfully deleted: [Empty Folder] C:\Users\Portable\appdata\local\{7B9CA849-66E8-4B26-A760-4C8A48FD24C4}
Successfully deleted: [Empty Folder] C:\Users\Portable\appdata\local\{7BC235F5-585B-469B-B621-DD1E7E5E2ABE}
Successfully deleted: [Empty Folder] C:\Users\Portable\appdata\local\{7C8CF5B4-5B02-4E1B-9956-579D0B2D69ED}
Successfully deleted: [Empty Folder] C:\Users\Portable\appdata\local\{7CC39893-5FB5-46DD-9CBB-A206C8734352}
Successfully deleted: [Empty Folder] C:\Users\Portable\appdata\local\{8081287E-32B4-4DF1-AFEC-B02C1A67A56B}
Successfully deleted: [Empty Folder] C:\Users\Portable\appdata\local\{80EE297B-33CA-4573-8848-89D06F91723A}
Successfully deleted: [Empty Folder] C:\Users\Portable\appdata\local\{882579DF-AA97-492C-9609-96BAB1BDFF75}
Successfully deleted: [Empty Folder] C:\Users\Portable\appdata\local\{8963D825-2469-489C-B6FF-067EB57C2955}
Successfully deleted: [Empty Folder] C:\Users\Portable\appdata\local\{8DF3BEDB-F66C-4B67-8FB4-98F8CC5CC9C3}
Successfully deleted: [Empty Folder] C:\Users\Portable\appdata\local\{9031D84A-F135-4F2C-AA80-0E5A75418F4F}
Successfully deleted: [Empty Folder] C:\Users\Portable\appdata\local\{913CFC7C-4E6F-4DBB-B133-9319F3F94982}
Successfully deleted: [Empty Folder] C:\Users\Portable\appdata\local\{9189AED5-7F6F-4C3E-84C5-3BBB73DC1EE2}
Successfully deleted: [Empty Folder] C:\Users\Portable\appdata\local\{95F5CE9F-EEBF-41D6-BEDF-0E24C33E3EDD}
Successfully deleted: [Empty Folder] C:\Users\Portable\appdata\local\{9616AFDA-D01F-4052-9ABD-5656DB461215}
Successfully deleted: [Empty Folder] C:\Users\Portable\appdata\local\{9938E253-62BA-4F3B-BD80-31477E785D2D}
Successfully deleted: [Empty Folder] C:\Users\Portable\appdata\local\{9A390C84-7AFE-4AA2-818C-D18A51FE7165}
Successfully deleted: [Empty Folder] C:\Users\Portable\appdata\local\{9BFD2DDB-CB81-4A16-854A-BB6025E7E4F9}
Successfully deleted: [Empty Folder] C:\Users\Portable\appdata\local\{9FA4503E-1BF1-4F6E-9376-AA3DF570BAB5}
Successfully deleted: [Empty Folder] C:\Users\Portable\appdata\local\{A19EF9CC-1D8D-4317-A035-FC4FF49CCD7D}
Successfully deleted: [Empty Folder] C:\Users\Portable\appdata\local\{A26D8401-0CF0-43F6-AD37-4C0E9B41D76B}
Successfully deleted: [Empty Folder] C:\Users\Portable\appdata\local\{A2A2236C-7C8C-497D-B748-5DE64378DBB8}
Successfully deleted: [Empty Folder] C:\Users\Portable\appdata\local\{AA4C98C1-A97D-4DC5-851B-F9378FA29EC2}
Successfully deleted: [Empty Folder] C:\Users\Portable\appdata\local\{AAE89280-ECA2-41F0-AE91-5A7B0DA454F3}
Successfully deleted: [Empty Folder] C:\Users\Portable\appdata\local\{AB1F08E9-7DF4-4608-AA27-2E09C854CE8B}
Successfully deleted: [Empty Folder] C:\Users\Portable\appdata\local\{AD70FD52-1704-46F2-BBF9-1630E98A6E78}
Successfully deleted: [Empty Folder] C:\Users\Portable\appdata\local\{AE6FE4F7-C510-4F4C-97A5-80864CEDE8E9}
Successfully deleted: [Empty Folder] C:\Users\Portable\appdata\local\{B9C5E98A-EDA9-4ED4-B5C6-E28A8E5EA3D6}
Successfully deleted: [Empty Folder] C:\Users\Portable\appdata\local\{BA303D01-7660-4FCE-BAC6-44AB7483A9F0}
Successfully deleted: [Empty Folder] C:\Users\Portable\appdata\local\{BD13D76F-DBC2-4CDE-BE74-9B2B4A0B09BF}
Successfully deleted: [Empty Folder] C:\Users\Portable\appdata\local\{BFA5C561-0B1E-4CF3-AE0D-080D9B051A76}
Successfully deleted: [Empty Folder] C:\Users\Portable\appdata\local\{C36FBA7C-8992-44A5-AADA-265CCE58673F}
Successfully deleted: [Empty Folder] C:\Users\Portable\appdata\local\{C4A99107-D1C3-4BE0-840F-FA088C647D19}
Successfully deleted: [Empty Folder] C:\Users\Portable\appdata\local\{C67998A7-8050-47B6-997C-AA2378CA2ABF}
Successfully deleted: [Empty Folder] C:\Users\Portable\appdata\local\{C98C29CF-33B8-4B22-BA26-1AA8BDF65DA3}
Successfully deleted: [Empty Folder] C:\Users\Portable\appdata\local\{CB6DC054-1D57-4BDF-B74A-BCF78B7D68BA}
Successfully deleted: [Empty Folder] C:\Users\Portable\appdata\local\{D1D124E0-5712-448A-AC56-692774F7AD46}
Successfully deleted: [Empty Folder] C:\Users\Portable\appdata\local\{D3568203-F810-46D0-901F-75EDC02F5CF1}
Successfully deleted: [Empty Folder] C:\Users\Portable\appdata\local\{D39FCBDC-455B-4083-9293-11CF56F8B5C2}
Successfully deleted: [Empty Folder] C:\Users\Portable\appdata\local\{D481DB02-31EE-49DA-9B44-DFCE221EF2D8}
Successfully deleted: [Empty Folder] C:\Users\Portable\appdata\local\{D8858A87-7FC9-419C-8417-0930552D0CBE}
Successfully deleted: [Empty Folder] C:\Users\Portable\appdata\local\{DA82EAF9-62A0-423D-B1DB-0E947E77D50C}
Successfully deleted: [Empty Folder] C:\Users\Portable\appdata\local\{DFE502CD-A7EF-4220-8268-F64450CCB670}
Successfully deleted: [Empty Folder] C:\Users\Portable\appdata\local\{E5DD2483-701C-4713-A6DF-DFD4193D39C1}
Successfully deleted: [Empty Folder] C:\Users\Portable\appdata\local\{E8AA49FB-B5A1-4DB8-A626-BC5636614F3A}
Successfully deleted: [Empty Folder] C:\Users\Portable\appdata\local\{EC694E6A-8FBD-496C-9958-6A9E1EE8C8CF}
Successfully deleted: [Empty Folder] C:\Users\Portable\appdata\local\{EE0D0AEA-AFB1-46F9-81A9-ABBC06FB8307}
Successfully deleted: [Empty Folder] C:\Users\Portable\appdata\local\{EFF1EC88-838F-4F4B-A62F-08A2CD6D3A5E}
Successfully deleted: [Empty Folder] C:\Users\Portable\appdata\local\{F163BA12-B5EF-49C2-9DAC-F18A17D77E4D}
Successfully deleted: [Empty Folder] C:\Users\Portable\appdata\local\{F2DF22F6-00F5-4D9A-9687-D5CDA8955A90}
Successfully deleted: [Empty Folder] C:\Users\Portable\appdata\local\{F3BD1C20-308C-4789-BE3A-437A9F46A8DB}
Successfully deleted: [Empty Folder] C:\Users\Portable\appdata\local\{F5CE6B94-1840-431B-89C3-05A8BA2DABBD}
Successfully deleted: [Empty Folder] C:\Users\Portable\appdata\local\{F5F5C5EC-EF5D-4657-827D-28F036F00056}
Successfully deleted: [Empty Folder] C:\Users\Portable\appdata\local\{F6F0C049-FE53-4486-AD5A-5D39CFD2F2F5}
Successfully deleted: [Empty Folder] C:\Users\Portable\appdata\local\{F950B239-7427-40A1-84D4-99B8CFBE4A95}
Successfully deleted: [Empty Folder] C:\Users\Portable\appdata\local\{FE3F107F-F8F8-4437-BD94-8194F95908D5}
Successfully deleted: [Empty Folder] C:\Users\Portable\appdata\local\{FFD5BE09-67E8-494D-BCAF-86F9F49CDE89}



~~~ Chrome

Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Policies\Google [Blacklisted Policy]



~~~ Event Viewer Logs were cleared





~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on jeu. 28/11/2013 at 0:04:00,34
Computer was rebooted
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

OTL quick scan log:
OTL logfile created on: 28/11/2013 0:06:15 - Run 2
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Portable\Desktop
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 0000080C | Country: Belgique | Language: FRB | Date Format: d/MM/yyyy

2,93 Gb Total Physical Memory | 1,64 Gb Available Physical Memory | 55,82% Memory free
6,08 Gb Paging File | 4,70 Gb Available in Paging File | 77,29% Paging File free
Paging file location(s): ?:\pagefile.sys

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 287,23 Gb Total Space | 193,29 Gb Free Space | 67,29% Space Free | Partition Type: NTFS
Drive D: | 10,86 Gb Total Space | 1,73 Gb Free Space | 15,92% Space Free | Partition Type: NTFS

Computer Name: PC-DE-PORTABLE | User Name: Portable | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2013/11/27 13:39:52 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Portable\Desktop\OTL.exe
PRC - [2013/11/16 13:23:44 | 003,568,312 | ---- | M] (AVAST Software) -- C:\Program Files\AVAST Software\Avast\AvastUI.exe
PRC - [2013/11/16 13:23:43 | 000,050,344 | ---- | M] (AVAST Software) -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe
PRC - [2013/11/16 13:23:20 | 000,116,776 | ---- | M] (AVAST Software) -- C:\Program Files\AVAST Software\Avast\afwServ.exe
PRC - [2013/10/01 13:14:40 | 005,087,584 | ---- | M] (TeamViewer GmbH) -- C:\Program Files\TeamViewer\Version8\TeamViewer_Service.exe
PRC - [2013/09/25 13:23:10 | 003,261,680 | ---- | M] (Tenable Network Security, Inc) -- C:\Program Files\Tenable\Nessus\nessusd.exe
PRC - [2013/09/25 13:20:24 | 000,017,136 | ---- | M] (Tenable Network Security, Inc) -- C:\Program Files\Tenable\Nessus\nessus-service.exe
PRC - [2013/09/08 17:25:06 | 001,786,704 | ---- | M] (CybelSoft) -- C:\Program Files\ma-config.com\MaConfigAgent.exe
PRC - [2012/08/15 14:18:40 | 000,357,016 | ---- | M] (VMware, Inc.) -- C:\Windows\System32\vmnetdhcp.exe
PRC - [2012/08/15 14:18:06 | 000,104,088 | ---- | M] (VMware, Inc.) -- C:\Program Files\VMware\VMware Workstation\vmware-tray.exe
PRC - [2012/08/15 14:17:26 | 000,435,864 | ---- | M] (VMware, Inc.) -- C:\Windows\System32\vmnat.exe
PRC - [2012/08/15 13:36:34 | 015,680,000 | ---- | M] () -- C:\Program Files\VMware\VMware Workstation\vmware-hostd.exe
PRC - [2012/08/15 12:19:58 | 000,079,872 | ---- | M] (VMware, Inc.) -- C:\Program Files\VMware\VMware Workstation\vmware-authd.exe
PRC - [2012/08/01 16:10:26 | 000,719,512 | ---- | M] (VMware, Inc.) -- C:\Program Files\Common Files\VMware\USB\vmware-usbarbitrator.exe
PRC - [2012/02/26 15:42:28 | 000,632,320 | ---- | M] (FileZilla Project) -- C:\Program Files\FileZilla Server\FileZilla Server.exe
PRC - [2009/06/03 20:43:18 | 000,450,652 | ---- | M] (IDT, Inc.) -- C:\Program Files\IDT\WDM\sttray.exe
PRC - [2009/06/03 20:43:18 | 000,217,170 | ---- | M] (IDT, Inc.) -- C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_827e372d\stacsv.exe
PRC - [2009/04/11 07:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2009/04/11 07:27:28 | 000,069,120 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\conime.exe
PRC - [2009/03/31 09:39:36 | 000,233,472 | ---- | M] (Teruten) -- C:\Windows\System32\FsUsbExService.Exe
PRC - [2008/12/23 16:18:20 | 000,365,952 | ---- | M] () -- C:\Program Files\SMINST\BLService.exe
PRC - [2008/01/21 03:23:32 | 001,008,184 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Defender\MSASCui.exe


========== Modules (No Company Name) ==========

MOD - [2013/11/16 13:23:50 | 019,336,120 | ---- | M] () -- C:\Program Files\AVAST Software\Avast\libcef.dll
MOD - [2013/10/12 10:14:31 | 000,978,944 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\f453ecc6bb7fc8d52d61247676944623\System.Configuration.ni.dll
MOD - [2013/10/12 10:09:43 | 012,434,432 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\73d9bc894522543b561a0342dac87c06\System.Windows.Forms.ni.dll
MOD - [2013/09/18 12:23:10 | 000,998,400 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Management\e77e7cdf3072d5a658832b8863ff439e\System.Management.ni.dll
MOD - [2013/09/17 15:53:03 | 005,462,016 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\09f5b3f7a363b742a73937e818595597\System.Xml.ni.dll
MOD - [2013/09/17 15:52:19 | 001,593,344 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\c0df7e124d8d5e2821fd7d3921d404f7\System.Drawing.ni.dll
MOD - [2013/09/17 15:50:12 | 007,977,984 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System\d7153acb7b6ccb5a6a886d6f0ab732b1\System.ni.dll
MOD - [2013/09/17 15:49:05 | 011,497,984 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\6a938df70a8b7996a3890b4f34c83906\mscorlib.ni.dll
MOD - [2013/08/07 20:25:24 | 000,093,696 | ---- | M] () -- C:\Program Files\FileZilla FTP Client\fzshellext.dll
MOD - [2012/11/09 04:02:18 | 001,752,576 | ---- | M] () -- C:\PROGRA~1\FILESH~1\fsshell.dll
MOD - [2011/05/28 22:04:56 | 000,140,288 | ---- | M] () -- C:\Program Files\WinRAR\rarext.dll
MOD - [2008/09/23 17:21:22 | 000,066,856 | ---- | M] () -- C:\Program Files\HP\QuickPlay\Kernel\Common\MCEMediaStatus.dll
MOD - [2007/08/14 13:59:54 | 006,365,184 | ---- | M] () -- C:\Program Files\Common Files\LightScribe\QtGui4.dll
MOD - [2007/07/12 13:55:52 | 000,131,072 | ---- | M] () -- C:\Program Files\Common Files\LightScribe\plugins\imageformats\qjpeg4.dll
MOD - [2007/07/12 13:55:28 | 001,581,056 | ---- | M] () -- C:\Program Files\Common Files\LightScribe\QtCore4.dll


========== Services (SafeList) ==========

SRV - [2013/11/16 13:23:43 | 000,050,344 | ---- | M] (AVAST Software) [Auto | Running] -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe -- (avast! Antivirus)
SRV - [2013/11/16 13:23:20 | 000,116,776 | ---- | M] (AVAST Software) [Auto | Running] -- C:\Program Files\AVAST Software\Avast\afwServ.exe -- (avast! Firewall)
SRV - [2013/10/01 13:14:40 | 005,087,584 | ---- | M] (TeamViewer GmbH) [Auto | Running] -- C:\Program Files\TeamViewer\Version8\TeamViewer_Service.exe -- (TeamViewer8)
SRV - [2013/09/25 13:20:24 | 000,017,136 | ---- | M] (Tenable Network Security, Inc) [Auto | Running] -- C:\Program Files\Tenable\Nessus\nessus-service.exe -- (Tenable Nessus)
SRV - [2013/09/08 17:25:06 | 001,786,704 | ---- | M] (CybelSoft) [Auto | Running] -- C:\Program Files\ma-config.com\MaConfigAgent.exe -- (MaConfigAgent)
SRV - [2013/09/05 09:34:30 | 000,171,680 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files\Skype\Updater\Updater.exe -- (SkypeUpdate)
SRV - [2013/04/04 13:50:32 | 000,701,512 | ---- | M] (Malwarebytes Corporation) [Auto | Stopped] -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)
SRV - [2013/04/04 13:50:32 | 000,418,376 | ---- | M] (Malwarebytes Corporation) [Auto | Stopped] -- C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe -- (MBAMScheduler)
SRV - [2012/08/15 14:18:40 | 000,357,016 | ---- | M] (VMware, Inc.) [Auto | Running] -- C:\Windows\System32\vmnetdhcp.exe -- (VMnetDHCP)
SRV - [2012/08/15 14:17:26 | 000,435,864 | ---- | M] (VMware, Inc.) [Auto | Running] -- C:\Windows\System32\vmnat.exe -- (VMware NAT Service)
SRV - [2012/08/15 13:36:34 | 015,680,000 | ---- | M] () [Auto | Running] -- C:\Program Files\VMware\VMware Workstation\vmware-hostd.exe -- (VMwareHostd)
SRV - [2012/08/15 12:19:58 | 000,079,872 | ---- | M] (VMware, Inc.) [Auto | Running] -- C:\Program Files\VMware\VMware Workstation\vmware-authd.exe -- (VMAuthdService)
SRV - [2012/08/01 16:10:26 | 000,719,512 | ---- | M] (VMware, Inc.) [Auto | Running] -- C:\Program Files\Common Files\VMware\USB\vmware-usbarbitrator.exe -- (VMUSBArbService)
SRV - [2012/05/03 18:30:00 | 004,696,760 | ---- | M] (INCA Internet Co., Ltd.) [On_Demand | Stopped] -- C:\Windows\System32\GameMon.des -- (npggsvc)
SRV - [2012/02/26 15:42:28 | 000,632,320 | ---- | M] (FileZilla Project) [Auto | Running] -- C:\Program Files\FileZilla Server\FileZilla Server.exe -- (FileZilla Server)
SRV - [2010/06/25 18:07:20 | 000,117,264 | ---- | M] (CACE Technologies, Inc.) [On_Demand | Stopped] -- C:\Program Files\WinPcap\rpcapd.exe -- (rpcapd)
SRV - [2009/06/03 20:43:18 | 000,217,170 | ---- | M] (IDT, Inc.) [Auto | Running] -- C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_827e372d\stacsv.exe -- (STacSV)
SRV - [2009/03/31 09:39:36 | 000,233,472 | ---- | M] (Teruten) [Auto | Running] -- C:\Windows\System32\FsUsbExService.Exe -- (FsUsbExService)
SRV - [2008/12/23 16:18:20 | 000,365,952 | ---- | M] () [Auto | Running] -- C:\Program Files\SMINST\BLService.exe -- (Recovery Service for Windows)
SRV - [2008/04/07 09:17:30 | 000,430,592 | ---- | M] (Nokia.) [On_Demand | Stopped] -- C:\Program Files\PC Connectivity Solution\ServiceLayer.exe -- (ServiceLayer)
SRV - [2008/02/03 12:00:00 | 000,129,992 | ---- | M] (EasyBits Sofware AS) [Auto | Running] -- C:\Windows\System32\ezsvc7.dll -- (ezSharedSvc)
SRV - [2008/01/21 03:23:32 | 000,272,952 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\mpsvc.dll -- (WinDefend)


========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\VBoxNetFlt.sys -- (VBoxNetFlt)
DRV - File not found [Kernel | System | Stopped] -- C:\Windows\system32\drivers\NIS\1000000.07D\SRTSPX.SYS -- (SRTSPX)
DRV - File not found [File_System | System | Stopped] -- C:\Windows\system32\drivers\NIS\1000000.07D\SRTSP.SYS -- (SRTSP)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\nwlnkfwd.sys -- (NwlnkFwd)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\nwlnkflt.sys -- (NwlnkFlt)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\VirusDefs\20080829.024\NAVEX15.SYS -- (NAVEX15)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\VirusDefs\20080829.024\NAVENG.SYS -- (NAVENG)
DRV - File not found [Kernel | Auto | Stopped] -- C:\Program Files\LogMeIn\x86\RaInfo.sys -- (LMIInfo)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\ipinip.sys -- (IpInIp)
DRV - [2013/11/19 01:01:48 | 000,247,192 | ---- | M] (AVAST Software) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\aswndis2.sys -- (aswNdis2)
DRV - [2013/11/16 13:23:57 | 000,774,392 | ---- | M] (AVAST Software) [File_System | System | Running] -- C:\Windows\System32\drivers\aswSnx.sys -- (aswSnx)
DRV - [2013/11/16 13:23:57 | 000,403,440 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\System32\drivers\aswSP.sys -- (aswSP)
DRV - [2013/11/16 13:23:57 | 000,178,304 | ---- | M] () [Kernel | Boot | Running] -- C:\Windows\System32\drivers\aswVmm.sys -- (aswVmm)
DRV - [2013/11/16 13:23:57 | 000,057,672 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\System32\drivers\aswTdi.sys -- (aswTdi)
DRV - [2013/11/16 13:23:57 | 000,049,944 | ---- | M] () [Kernel | Boot | Running] -- C:\Windows\System32\drivers\aswRvrt.sys -- (aswRvrt)
DRV - [2013/11/16 13:23:56 | 000,070,384 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\Windows\System32\drivers\aswMonFlt.sys -- (aswMonFlt)
DRV - [2013/11/16 13:23:56 | 000,054,832 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\System32\drivers\aswRdr.sys -- (aswRdr)
DRV - [2013/11/16 13:23:56 | 000,035,656 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\Windows\System32\drivers\aswFsBlk.sys -- (aswFsBlk)
DRV - [2013/11/16 13:23:29 | 000,026,136 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\System32\drivers\aswKbd.sys -- (aswKbd)
DRV - [2013/11/16 13:23:20 | 000,012,112 | ---- | M] (ALWIL Software) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\aswNdis.sys -- (aswNdis)
DRV - [2013/10/24 12:40:36 | 000,086,888 | ---- | M] (LogMeIn, Inc.) [File_System | Disabled | Stopped] -- C:\Windows\System32\LMIRfsClientNP.dll -- (LMIRfsClientNP)
DRV - [2013/10/19 16:21:43 | 000,038,112 | ---- | M] (Tenable Network Security, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\NessusMp60.sys -- (NessusMp60)
DRV - [2013/05/02 05:23:48 | 000,123,648 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ss_bmdm.sys -- (ss_bmdm)
DRV - [2013/05/02 05:23:48 | 000,098,432 | ---- | M] (MCCI) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ss_bbus.sys -- (ss_bbus)
DRV - [2013/05/02 05:23:48 | 000,014,848 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ss_bmdfl.sys -- (ss_bmdfl)
DRV - [2013/05/02 05:23:42 | 000,153,672 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ssadmdm.sys -- (ssadmdm)
DRV - [2013/05/02 05:23:42 | 000,136,904 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ssadbus.sys -- (ssadbus)
DRV - [2013/05/02 05:23:42 | 000,032,064 | ---- | M] (Google Inc) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ssadadb.sys -- (androidusb)
DRV - [2013/05/02 05:23:42 | 000,017,864 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ssadmdfl.sys -- (ssadmdfl)
DRV - [2013/04/30 10:57:02 | 000,047,640 | ---- | M] (LogMeIn, Inc.) [File_System | Auto | Running] -- C:\Windows\System32\drivers\LMIRfsDriver.sys -- (LMIRfsDriver)
DRV - [2013/04/12 11:33:02 | 000,104,720 | ---- | M] (Oracle Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\VBoxNetAdp.sys -- (VBoxNetAdp)
DRV - [2013/04/12 11:32:06 | 000,084,752 | ---- | M] (Oracle Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\VBoxUSB.sys -- (VBoxUSB)
DRV - [2013/04/04 13:50:32 | 000,022,856 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\System32\drivers\mbam.sys -- (MBAMProtector)
DRV - [2012/12/20 13:02:49 | 000,242,240 | ---- | M] (DT Soft Ltd) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\dtsoftbus01.sys -- (dtsoftbus01)
DRV - [2012/08/15 14:18:38 | 000,061,848 | ---- | M] (VMware, Inc.) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\vmx86.sys -- (vmx86)
DRV - [2012/08/15 14:18:28 | 000,025,752 | ---- | M] (VMware, Inc.) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\vmnetuserif.sys -- (VMnetuserif)
DRV - [2012/08/15 14:16:50 | 000,037,016 | ---- | M] (VMware, Inc.) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\vmnetbridge.sys -- (VMnetBridge)
DRV - [2012/08/15 14:16:48 | 000,016,664 | ---- | M] (VMware, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\vmnetadapter.sys -- (VMnetAdapter)
DRV - [2012/08/01 16:10:30 | 000,041,496 | ---- | M] (VMware, Inc.) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\hcmon.sys -- (hcmon)
DRV - [2012/08/01 16:10:24 | 000,031,280 | ---- | M] (VMware, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\vmusb.sys -- (vmusb)
DRV - [2012/07/06 11:29:26 | 000,071,152 | ---- | M] (VMware, Inc.) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\vmci.sys -- (vmci)
DRV - [2012/07/06 11:29:26 | 000,061,296 | ---- | M] (VMware, Inc.) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\vsock.sys -- (vsock)
DRV - [2011/12/15 19:29:42 | 000,026,624 | ---- | M] (The OpenVPN Project) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\tap0901.sys -- (tap0901)
DRV - [2011/08/10 15:39:48 | 000,045,288 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\dc3d.sys -- (dc3d)
DRV - [2011/07/21 19:55:50 | 000,016,640 | ---- | M] (CybelSoft) [Kernel | On_Demand | Stopped] -- C:\Program Files\ma-config.com\Drivers\driverhardwarev2.sys -- (driverhardwarev2)
DRV - [2011/07/12 08:36:28 | 000,022,768 | ---- | M] (VMware, Inc.) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\vstor2-mntapi10-shared.sys -- (vstor2-mntapi10-shared)
DRV - [2010/07/01 18:11:24 | 000,012,352 | ---- | M] () [Kernel | Unavailable | Unknown] -- C:\Program Files\Unlocker\UnlockerDriver5.sys -- (UnlockerDriver5)
DRV - [2010/06/25 18:07:14 | 000,035,088 | ---- | M] (CACE Technologies, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\npf.sys -- (NPF)
DRV - [2009/09/30 13:53:12 | 001,184,768 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\athr.sys -- (athr)
DRV - [2009/06/03 20:43:18 | 000,407,040 | ---- | M] (IDT, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\stwrt.sys -- (STHDA)
DRV - [2009/03/31 09:39:36 | 000,036,608 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\System32\FsUsbExDisk.Sys -- (FsUsbExDisk)
DRV - [2008/12/23 12:47:52 | 000,138,240 | ---- | M] (Realtek Corporation ) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\Rtlh86.sys -- (RTL8169)
DRV - [2008/09/22 06:49:36 | 000,112,128 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\IntcHdmi.sys -- (IntcHdmiAddService)
DRV - [2008/01/21 03:23:20 | 002,225,664 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\NETw3v32.sys -- (NETw3v32)
DRV - [2007/09/17 15:53:26 | 000,021,632 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\pccsmcfd.sys -- (pccsmcfd)
DRV - [2007/06/18 16:12:04 | 000,016,768 | ---- | M] (Hewlett-Packard Development Company, L.P.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\HpqKbFiltr.sys -- (HpqKbFiltr)
DRV - [2006/11/01 04:01:56 | 000,003,328 | ---- | M] (Famatech International Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\rminiv3.sys -- (mirrorv3)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.google.com
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com
IE - HKLM\..\SearchScopes,DefaultScope =
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...ms}&FORM=IE8SRC
IE - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.co...g}&sourceid=ie7
IE - HKLM\..\SearchScopes\{8E169268-D370-4639-9190-BFE5EDFC4A98}: "URL" = http://fr.search.yah...p06&type=ie2008


IE - HKU\.DEFAULT\..\SearchScopes,DefaultScope =
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\..\SearchScopes,DefaultScope =
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-19\..\SearchScopes,DefaultScope =
IE - HKU\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-20\..\SearchScopes,DefaultScope =

IE - HKU\S-1-5-21-2259745054-535292464-177051247-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = Preserve
IE - HKU\S-1-5-21-2259745054-535292464-177051247-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.bing.com
IE - HKU\S-1-5-21-2259745054-535292464-177051247-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://be.msn.com/de...fr-be&ocid=iehp
IE - HKU\S-1-5-21-2259745054-535292464-177051247-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = fr-be
IE - HKU\S-1-5-21-2259745054-535292464-177051247-1000\..\SearchScopes,DefaultScope =
IE - HKU\S-1-5-21-2259745054-535292464-177051247-1000\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...Box&FORM=IE8SRC
IE - HKU\S-1-5-21-2259745054-535292464-177051247-1000\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.bing.com/...ms}&FORM=IE8SRC
IE - HKU\S-1-5-21-2259745054-535292464-177051247-1000\..\SearchScopes\{8E169268-D370-4639-9190-BFE5EDFC4A98}: "URL" = http://fr.search.yah...p06&type=ie2008
IE - HKU\S-1-5-21-2259745054-535292464-177051247-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-2259745054-535292464-177051247-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local>


========== FireFox ==========

FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@haihaisoft/HPReader_Plugin: C:\Program Files\Haihaisoft PDF Reader\npHPReader.dll (Haihaisoft)
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.17.2: C:\Windows\system32\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.20913.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeLive,version=1.5: C:\Program Files\Microsoft\Office Live\npOLW.dll ()
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3555.0308: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.165\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.165\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.0.1: C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF - HKCU\Software\MozillaPlugins\@haihaisoft/HPReader_Plugin: C:\Program Files\Haihaisoft PDF Reader\npHPReader.dll (Haihaisoft)
FF - HKCU\Software\MozillaPlugins\@Skype Limited.com/Facebook Video Calling Plugin: C:\Users\Portable\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll (Skype Limited)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files\AVAST Software\Avast\WebRep\FF [2013/11/16 13:24:07 | 000,000,000 | ---D | M]

[2012/10/06 20:19:19 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Portable\AppData\Roaming\mozilla\Firefox\extensions
[2012/10/06 20:19:28 | 000,000,000 | ---D | M] (BittorrentBar_FR) -- C:\Users\Portable\AppData\Roaming\mozilla\Firefox\extensions\{ef79f67a-6ad7-4715-a0f8-932fca442023}

========== Chrome ==========

CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:originalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}{google:bookmarkBarPinned}{google:searchClient}{google:sourceId}{google:instantExtendedEnabledParameter}{google:omniboxStartMarginParameter}ie={inputEncoding}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client={google:suggestClient}&q={searchTerms}&{google:cursorPosition}{google:zeroPrefixUrl}{google:pageClassification}sugkey={google:suggestAPIKeyParameter},
CHR - Extension: Documents Google = C:\Users\Portable\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.5_0\
CHR - Extension: Google\u00A0Drive = C:\Users\Portable\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.3_0\
CHR - Extension: YouTube = C:\Users\Portable\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.6_0\
CHR - Extension: Recherche Google = C:\Users\Portable\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.20_0\
CHR - Extension: avast! Online Security = C:\Users\Portable\AppData\Local\Google\Chrome\User Data\Default\Extensions\gomekmidlodglbbmalcneegieacbdmki\9.0.2005.45_0\
CHR - Extension: Google\u00A0Wallet = C:\Users\Portable\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.5.0_0\
CHR - Extension: Gmail = C:\Users\Portable\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\

O1 HOSTS File: ([2013/03/26 14:03:39 | 000,000,759 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2 - BHO: (avast! Online Security) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
O3 - HKLM\..\Toolbar: (avast! Online Security) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
O3 - HKU\S-1-5-21-2259745054-535292464-177051247-1000\..\Toolbar\WebBrowser: (no name) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No CLSID value found.
O4 - HKLM..\Run: [20131121] C:\Program Files\AVAST Software\Avast\setup\emupdate\48f54678-fe67-43ee-8c52-4f4907c9cc78.exe (AVAST Software)
O4 - HKLM..\Run: [APSDaemon] C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [AvastUI.exe] C:\Program Files\AVAST Software\Avast\AvastUI.exe (AVAST Software)
O4 - HKLM..\Run: [FileZilla Server Interface] C:\Program Files\FileZilla Server\FileZilla Server Interface.exe (FileZilla Project)
O4 - HKLM..\Run: [SysTrayApp] C:\Program Files\IDT\WDM\sttray.exe (IDT, Inc.)
O4 - HKLM..\Run: [UpdateLBPShortCut] C:\Program Files\CyberLink\LabelPrint\MUITransfer\MUIStartMenu.exe (CyberLink Corp.)
O4 - HKLM..\Run: [UpdateP2GoShortCut] C:\Program Files\CyberLink\Power2Go\MUITransfer\MUIStartMenu.exe (CyberLink Corp.)
O4 - HKLM..\Run: [UpdatePDIRShortCut] C:\Program Files\CyberLink\PowerDirector\MUITransfer\MUIStartMenu.exe (CyberLink Corp.)
O4 - HKLM..\Run: [UpdatePSTShortCut] C:\Program Files\CyberLink\DVD Suite\MUITransfer\MUIStartMenu.exe (CyberLink Corp.)
O4 - HKLM..\Run: [vmware-tray.exe] C:\Program Files\VMware\VMware Workstation\vmware-tray.exe (VMware, Inc.)
O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
O4 - HKU\S-1-5-19..\Run: [WindowsWelcomeCenter] C:\Windows\System32\oobefldr.dll (Microsoft Corporation)
O4 - HKU\S-1-5-20..\Run: [WindowsWelcomeCenter] C:\Windows\System32\oobefldr.dll (Microsoft Corporation)
O4 - HKU\S-1-5-21-2259745054-535292464-177051247-1000..\Run: [DAEMON Tools Lite] C:\Program Files\DAEMON Tools Lite\DTLite.exe (DT Soft Ltd)
O4 - HKU\S-1-5-21-2259745054-535292464-177051247-1000..\Run: [Facebook Update] C:\Users\Portable\AppData\Local\Facebook\Update\FacebookUpdate.exe (Facebook Inc.)
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000005 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O13 - gopher Prefix: missing
O16 - DPF: {CAFEEFAC-0017-0000-0017-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{B6351627-FDAF-44F1-BC69-BAC9AC63C67D}: DhcpNameServer = 192.168.1.1
O18 - Protocol\Handler\livecall - No CLSID value found
O18 - Protocol\Handler\msnim - No CLSID value found
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL (Skype Technologies)
O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Windows\Web\Wallpaper\img20.jpg
O24 - Desktop BackupWallPaper: C:\Windows\Web\Wallpaper\img20.jpg
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006/09/18 22:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O33 - MountPoints2\{d2e51406-4a97-11e2-aa53-00269e7f71dd}\Shell - "" = AutoRun
O33 - MountPoints2\{d2e51406-4a97-11e2-aa53-00269e7f71dd}\Shell\AutoRun\command - "" = F:\setup.exe
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)

========== Files/Folders - Created Within 30 Days ==========

[2013/11/27 23:54:19 | 000,000,000 | ---D | C] -- C:\Windows\ERUNT
[2013/11/27 23:45:11 | 000,000,000 | ---D | C] -- C:\AdwCleaner
[2013/11/27 23:28:27 | 000,000,000 | ---D | C] -- C:\_OTL
[2013/11/27 23:16:18 | 000,000,000 | -HSD | C] -- C:\Config.Msi
[2013/11/27 23:07:55 | 001,034,531 | ---- | C] (Thisisu) -- C:\Users\Portable\Desktop\JRT.exe
[2013/11/27 13:46:18 | 000,000,000 | ---D | C] -- C:\Users\Portable\Desktop\Nouveau dossier (2)
[2013/11/27 13:39:48 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\Portable\Desktop\OTL.exe
[2013/11/27 13:39:26 | 004,745,728 | ---- | C] (AVAST Software) -- C:\Users\Portable\Desktop\aswmbr.exe
[2013/11/27 12:33:48 | 000,000,000 | ---D | C] -- C:\Users\Portable\Desktop\[www.Cpasbien.me] Sinister.2012.FRENCH.DVDRip.XviD-TMB
[2013/11/26 21:43:50 | 000,000,000 | ---D | C] -- C:\Users\Portable\Documents\Any Video Converter Professional
[2013/11/26 21:43:40 | 000,000,000 | ---D | C] -- C:\Users\Portable\AppData\Roaming\AnvSoft
[2013/11/26 21:19:02 | 000,000,000 | ---D | C] -- C:\Users\Portable\Desktop\Nouveau dossier
[2013/11/26 21:18:52 | 000,000,000 | ---D | C] -- C:\Users\Portable\AppData\Roaming\VC
[2013/11/26 21:18:52 | 000,000,000 | ---D | C] -- C:\Users\Portable\Documents\TEncoder
[2013/11/26 18:55:43 | 002,330,112 | ---- | C] (Mischel Internet Security) -- C:\Users\Portable\Desktop\FlashCookieRemover.exe
[2013/11/18 18:34:26 | 000,000,000 | ---D | C] -- C:\Users\Portable\Desktop\H Saison 4
[2013/11/17 18:16:11 | 000,000,000 | ---D | C] -- C:\Users\Portable\AppData\Roaming\X-Chat 2
[2013/11/17 18:16:08 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\XChat
[2013/11/17 18:16:08 | 000,000,000 | ---D | C] -- C:\Program Files\xchat
[2013/11/16 13:29:09 | 000,000,000 | ---D | C] -- C:\Users\Portable\AppData\Roaming\AVAST Software
[2013/11/16 13:28:39 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avast
[2013/11/16 13:24:27 | 000,057,672 | ---- | C] (AVAST Software) -- C:\Windows\System32\drivers\aswTdi.sys
[2013/11/16 13:24:26 | 000,403,440 | ---- | C] (AVAST Software) -- C:\Windows\System32\drivers\aswSP.sys
[2013/11/16 13:24:24 | 000,774,392 | ---- | C] (AVAST Software) -- C:\Windows\System32\drivers\aswSnx.sys
[2013/11/16 13:24:23 | 000,070,384 | ---- | C] (AVAST Software) -- C:\Windows\System32\drivers\aswMonFlt.sys
[2013/11/16 13:24:22 | 000,035,656 | ---- | C] (AVAST Software) -- C:\Windows\System32\drivers\aswFsBlk.sys
[2013/11/16 13:24:20 | 000,054,832 | ---- | C] (AVAST Software) -- C:\Windows\System32\drivers\aswRdr.sys
[2013/11/16 13:24:18 | 000,026,136 | ---- | C] (AVAST Software) -- C:\Windows\System32\drivers\aswKbd.sys
[2013/11/16 13:24:17 | 000,247,192 | ---- | C] (AVAST Software) -- C:\Windows\System32\drivers\aswndis2.sys
[2013/11/16 13:23:53 | 000,043,152 | ---- | C] (AVAST Software) -- C:\Windows\avastSS.scr
[2013/11/16 13:23:20 | 000,012,112 | ---- | C] (ALWIL Software) -- C:\Windows\System32\drivers\aswNdis.sys
[2013/11/15 21:52:58 | 000,000,000 | ---D | C] -- C:\Users\Portable\AppData\Roaming\TeamViewer
[2013/11/15 21:45:20 | 000,000,000 | ---D | C] -- C:\Program Files\TeamViewer
[2013/11/15 21:12:59 | 000,031,560 | ---- | C] (LogMeIn, Inc.) -- C:\Windows\System32\LMIport.dll
[2013/11/15 21:12:54 | 000,086,888 | ---- | C] (LogMeIn, Inc.) -- C:\Windows\System32\LMIRfsClientNP.dll
[2013/11/15 21:12:54 | 000,047,640 | ---- | C] (LogMeIn, Inc.) -- C:\Windows\System32\drivers\LMIRfsDriver.sys
[2013/11/15 21:12:47 | 000,085,832 | ---- | C] (LogMeIn, Inc.) -- C:\Windows\System32\LMIinit.dll
[2013/11/15 21:12:05 | 000,000,000 | ---D | C] -- C:\Program Files\LogMeIn
[2013/10/31 08:50:50 | 006,583,664 | ---- | C] (AVAST Software) -- C:\Program Fil

========== Files - Modified Within 30 Days ==========

[2013/11/27 23:58:33 | 000,000,256 | ---- | M] () -- C:\ProgramData\hpqp.ini
[2013/11/27 23:58:03 | 000,001,024 | ---- | M] () -- C:\.rnd
[2013/11/27 23:56:54 | 000,001,056 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2013/11/27 23:56:52 | 000,003,216 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2013/11/27 23:56:52 | 000,003,216 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2013/11/27 23:56:44 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2013/11/27 23:31:05 | 000,000,940 | ---- | M] () -- C:\Windows\tasks\FacebookUpdateTaskUserS-1-5-21-2259745054-535292464-177051247-1000UA.job
[2013/11/27 23:11:00 | 000,001,060 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2013/11/27 23:08:04 | 001,034,531 | ---- | M] (Thisisu) -- C:\Users\Portable\Desktop\JRT.exe
[2013/11/27 23:07:50 | 001,091,882 | ---- | M] () -- C:\Users\Portable\Desktop\adwcleaner.exe
[2013/11/27 23:01:36 | 000,840,264 | ---- | M] () -- C:\Users\Portable\Desktop\pbsvc.exe
[2013/11/27 21:23:45 | 000,117,760 | ---- | M] () -- C:\Users\Portable\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2013/11/27 20:31:01 | 000,000,918 | ---- | M] () -- C:\Windows\tasks\FacebookUpdateTaskUserS-1-5-21-2259745054-535292464-177051247-1000Core.job
[2013/11/27 13:45:12 | 000,126,546 | ---- | M] () -- C:\Users\Portable\Desktop\Sans titre.jpg
[2013/11/27 13:39:52 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Portable\Desktop\OTL.exe
[2013/11/27 13:39:36 | 004,745,728 | ---- | M] (AVAST Software) -- C:\Users\Portable\Desktop\aswmbr.exe
[2013/11/27 12:33:07 | 000,057,123 | ---- | M] () -- C:\Users\Portable\Desktop\sinister-french-dvdrip-2012.torrent
[2013/11/26 21:52:36 | 001,279,960 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2013/11/26 21:52:36 | 000,751,776 | ---- | M] () -- C:\Windows\System32\perfh00C.dat
[2013/11/26 21:52:36 | 000,721,058 | ---- | M] () -- C:\Windows\System32\perfh013.dat
[2013/11/26 21:52:36 | 000,156,364 | ---- | M] () -- C:\Windows\System32\perfc00C.dat
[2013/11/26 21:52:36 | 000,153,434 | ---- | M] () -- C:\Windows\System32\perfc013.dat
[2013/11/26 21:52:35 | 000,705,836 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2013/11/26 18:55:52 | 002,330,112 | ---- | M] (Mischel Internet Security) -- C:\Users\Portable\Desktop\FlashCookieRemover.exe
[2013/11/26 17:36:09 | 000,000,048 | ---- | M] () -- C:\Users\Portable\Desktop\Filma shqip.url
[2013/11/24 13:55:21 | 000,033,959 | ---- | M] () -- C:\Users\Portable\Desktop\Les nuits avec mon ennemi (Sleeping with the enemy) HD.avi.torrent
[2013/11/22 06:15:24 | 165,247,010 | ---- | M] () -- C:\Windows\MEMORY.DMP
[2013/11/21 20:31:41 | 000,421,888 | ---- | M] () -- C:\Users\Portable\Desktop\Folder campustoverfluit.pub
[2013/11/21 20:13:40 | 000,013,674 | ---- | M] () -- C:\Users\Portable\Desktop\studenthh.png
[2013/11/21 19:33:15 | 000,005,310 | ---- | M] () -- C:\Users\Portable\Desktop\slogan.png
[2013/11/21 19:33:01 | 000,036,449 | ---- | M] () -- C:\Users\Portable\Desktop\logo.png
[2013/11/19 01:01:48 | 000,247,192 | ---- | M] (AVAST Software) -- C:\Windows\System32\drivers\aswndis2.sys
[2013/11/18 05:42:19 | 000,396,656 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2013/11/17 20:16:32 | 2501,922,816 | ---- | M] () -- C:\Users\Portable\Desktop\Windows 7 Ultimate 32-bit [Original].iso
[2013/11/17 19:36:38 | 000,003,090 | ---- | M] () -- C:\Users\Portable\Desktop\[kickass.to]windows.7.loader.activator.v2.0.6.reloaded.daz.team.rjaa.torrent
[2013/11/16 13:28:39 | 000,001,919 | ---- | M] () -- C:\Users\Public\Desktop\avast! SafeZone.lnk
[2013/11/16 13:28:39 | 000,001,859 | ---- | M] () -- C:\Users\Public\Desktop\avast! Premier.lnk
[2013/11/16 13:23:57 | 000,774,392 | ---- | M] (AVAST Software) -- C:\Windows\System32\drivers\aswSnx.sys
[2013/11/16 13:23:57 | 000,403,440 | ---- | M] (AVAST Software) -- C:\Windows\System32\drivers\aswSP.sys
[2013/11/16 13:23:57 | 000,178,304 | ---- | M] () -- C:\Windows\System32\drivers\aswVmm.sys
[2013/11/16 13:23:57 | 000,057,672 | ---- | M] (AVAST Software) -- C:\Windows\System32\drivers\aswTdi.sys
[2013/11/16 13:23:57 | 000,049,944 | ---- | M] () -- C:\Windows\System32\drivers\aswRvrt.sys
[2013/11/16 13:23:56 | 000,070,384 | ---- | M] (AVAST Software) -- C:\Windows\System32\drivers\aswMonFlt.sys
[2013/11/16 13:23:56 | 000,054,832 | ---- | M] (AVAST Software) -- C:\Windows\System32\drivers\aswRdr.sys
[2013/11/16 13:23:56 | 000,035,656 | ---- | M] (AVAST Software) -- C:\Windows\System32\drivers\aswFsBlk.sys
[2013/11/16 13:23:53 | 000,269,216 | ---- | M] (AVAST Software) -- C:\Windows\System32\aswBoot.exe
[2013/11/16 13:23:53 | 000,043,152 | ---- | M] (AVAST Software) -- C:\Windows\avastSS.scr
[2013/11/16 13:23:29 | 000,026,136 | ---- | M] (AVAST Software) -- C:\Windows\System32\drivers\aswKbd.sys
[2013/11/16 13:23:20 | 000,012,112 | ---- | M] (ALWIL Software) -- C:\Windows\System32\drivers\aswNdis.sys
[2013/11/15 21:45:25 | 000,000,955 | ---- | M] () -- C:\Users\Public\Desktop\TeamViewer 8.lnk
[2013/11/15 05:13:58 | 000,001,969 | ---- | M] () -- C:\Users\Public\Desktop\Google Chrome.lnk
[2013/11/04 21:08:25 | 000,006,756 | ---- | M] () -- C:\Users\Portable\AppData\Local\d3d9caps.dat
[2013/10/30 15:18:31 | 697,745,408 | ---- | M] () -- C:\Users\Portable\Desktop\187.Code.Meurtre.Tetar.DVD-RIP-Fr.avi
[2013/10/29 14:19:06 | 000,000,334 | ---- | M] () -- C:\Windows\tasks\HPCeeScheduleForPortable.job

========== Files Created - No Company Name ==========

[2013/11/27 23:07:40 | 001,091,882 | ---- | C] () -- C:\Users\Portable\Desktop\adwcleaner.exe
[2013/11/27 23:01:25 | 000,840,264 | ---- | C] () -- C:\Users\Portable\Desktop\pbsvc.exe
[2013/11/27 13:45:10 | 000,126,546 | ---- | C] () -- C:\Users\Portable\Desktop\Sans titre.jpg
[2013/11/27 12:33:12 | 000,057,123 | ---- | C] () -- C:\Users\Portable\Desktop\sinister-french-dvdrip-2012.torrent
[2013/11/26 17:36:09 | 000,000,048 | ---- | C] () -- C:\Users\Portable\Desktop\Filma shqip.url
[2013/11/24 13:55:19 | 000,033,959 | ---- | C] () -- C:\Users\Portable\Desktop\Les nuits avec mon ennemi (Sleeping with the enemy) HD.avi.torrent
[2013/11/21 20:31:41 | 000,421,888 | ---- | C] () -- C:\Users\Portable\Desktop\Folder campustoverfluit.pub
[2013/11/21 20:13:38 | 000,013,674 | ---- | C] () -- C:\Users\Portable\Desktop\studenthh.png
[2013/11/21 19:33:12 | 000,005,310 | ---- | C] () -- C:\Users\Portable\Desktop\slogan.png
[2013/11/21 19:32:58 | 000,036,449 | ---- | C] () -- C:\Users\Portable\Desktop\logo.png
[2013/11/19 19:46:33 | 165,247,010 | ---- | C] () -- C:\Windows\MEMORY.DMP
[2013/11/18 05:41:57 | 000,396,656 | ---- | C] () -- C:\Windows\System32\FNTCACHE.DAT
[2013/11/17 19:37:46 | 2501,922,816 | ---- | C] () -- C:\Users\Portable\Desktop\Windows 7 Ultimate 32-bit [Original].iso
[2013/11/17 19:36:42 | 000,003,090 | ---- | C] () -- C:\Users\Portable\Desktop\[kickass.to]windows.7.loader.activator.v2.0.6.reloaded.daz.team.rjaa.torrent
[2013/11/16 13:28:39 | 000,001,919 | ---- | C] () -- C:\Users\Public\Desktop\avast! SafeZone.lnk
[2013/11/16 13:28:39 | 000,001,859 | ---- | C] () -- C:\Users\Public\Desktop\avast! Premier.lnk
[2013/11/16 13:24:26 | 000,178,304 | ---- | C] () -- C:\Windows\System32\drivers\aswVmm.sys
[2013/11/16 13:24:25 | 000,049,944 | ---- | C] () -- C:\Windows\System32\drivers\aswRvrt.sys
[2013/11/15 21:45:25 | 000,000,967 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TeamViewer 8.lnk
[2013/11/15 21:45:25 | 000,000,955 | ---- | C] () -- C:\Users\Public\Desktop\TeamViewer 8.lnk
[2013/11/13 06:02:25 | 000,218,228 | ---- | C] () -- C:\Windows\System32\WFP.TMF
[2013/10/29 20:02:34 | 697,745,408 | ---- | C] () -- C:\Users\Portable\Desktop\187.Code.Meurtre.Tetar.DVD-RIP-Fr.avi
[2013/10/26 14:15:16 | 000,000,218 | ---- | C] () -- C:\Users\Portable\AppData\Local\recently-used.xbel
[2013/10/01 17:56:09 | 000,000,290 | RHS- | C] () -- C:\ProgramData\ntuser.pol
[2013/08/28 22:03:36 | 000,054,272 | ---- | C] () -- C:\Windows\sassr.dat
[2013/08/20 12:29:23 | 000,061,952 | -H-- | C] () -- C:\Windows\System32\sinvfct.dll
[2013/07/18 16:40:42 | 000,110,080 | ---- | C] () -- C:\Windows\sysk32.dll
[2013/06/27 21:26:34 | 000,000,175 | ---- | C] () -- C:\Windows\System32\drivers\aswVmm.sys.sum
[2013/06/27 09:54:47 | 000,000,175 | ---- | C] () -- C:\Windows\System32\drivers\aswSnx.sys.sum
[2013/06/27 09:54:34 | 000,000,175 | ---- | C] () -- C:\Windows\System32\drivers\aswSP.sys.sum
[2013/05/22 19:43:48 | 000,974,848 | ---- | C] () -- C:\Windows\System32\cis-2.4.dll
[2013/05/22 19:43:48 | 000,081,920 | ---- | C] () -- C:\Windows\System32\issacapi_bs-2.3.dll
[2013/05/22 19:43:48 | 000,065,536 | ---- | C] () -- C:\Windows\System32\issacapi_pe-2.3.dll
[2013/05/22 19:43:48 | 000,057,344 | ---- | C] () -- C:\Windows\System32\issacapi_se-2.3.dll
[2013/05/18 19:40:41 | 000,129,024 | ---- | C] () -- C:\Windows\System32\AVERM.dll
[2013/05/18 19:40:41 | 000,028,672 | ---- | C] () -- C:\Windows\System32\AVEQT.dll
[2013/05/18 18:53:36 | 000,178,688 | ---- | C] () -- C:\Windows\System32\unrar.dll
[2013/04/28 14:22:50 | 000,003,153 | ---- | C] () -- C:\Program Files\visit-nosteam.ro.html
[2013/04/28 14:22:50 | 000,000,084 | ---- | C] () -- C:\Program Files\update-cssource.bat
[2013/01/26 17:49:33 | 000,000,000 | ---- | C] () -- C:\Windows\nsreg.dat
[2013/01/26 17:48:48 | 000,004,578 | ---- | C] () -- C:\Windows\mozver.dat
[2013/01/02 20:18:30 | 000,022,328 | ---- | C] () -- C:\Users\Portable\AppData\Roaming\PnkBstrK.sys
[2013/01/02 20:18:05 | 000,000,319 | ---- | C] () -- C:\Windows\game.ini
[2012/12/14 22:32:03 | 000,000,000 | ---- | C] () -- C:\Users\Portable\cd
[2012/05/16 13:56:15 | 000,000,091 | ---- | C] () -- C:\Windows\LEXSTAT.INI
[2011/12/17 11:43:34 | 000,117,760 | ---- | C] () -- C:\Users\Portable\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011/12/14 20:36:47 | 000,110,592 | ---- | C] () -- C:\Windows\System32\FsUsbExDevice.Dll
[2011/12/14 20:36:47 | 000,036,608 | ---- | C] () -- C:\Windows\System32\FsUsbExDisk.Sys
[2011/12/12 17:10:40 | 000,107,612 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchema.bin
[2011/12/12 17:10:39 | 000,117,248 | ---- | C] () -- C:\Windows\System32\EhStorAuthn.dll
[2011/12/12 14:14:19 | 000,000,056 | -H-- | C] () -- C:\Windows\System32\ezsidmv.dat
[2011/11/29 08:13:16 | 000,006,756 | ---- | C] () -- C:\Users\Portable\AppData\Local\d3d9caps.dat
[2011/11/29 01:07:19 | 000,000,256 | ---- | C] () -- C:\ProgramData\hpqp.ini

========== ZeroAccess Check ==========

[2006/11/02 13:54:22 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini

[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2012/06/08 18:47:00 | 011,586,048 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2009/04/11 07:28:19 | 000,614,912 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
"" = %systemroot%\system32\wbem\wbemess.dll -- [2009/04/11 07:28:25 | 000,347,648 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both

========== LOP Check ==========

[2013/11/26 21:43:40 | 000,000,000 | ---D | M] -- C:\Users\Portable\AppData\Roaming\AnvSoft
[2013/11/16 13:29:09 | 000,000,000 | ---D | M] -- C:\Users\Portable\AppData\Roaming\AVAST Software
[2013/11/27 23:07:22 | 000,000,000 | ---D | M] -- C:\Users\Portable\AppData\Roaming\BitTorrent
[2013/10/11 03:55:24 | 000,000,000 | ---D | M] -- C:\Users\Portable\AppData\Roaming\BleachBit
[2013/03/26 13:53:26 | 000,000,000 | ---D | M] -- C:\Users\Portable\AppData\Roaming\CoffeeCup Software
[2012/08/24 11:56:38 | 000,000,000 | ---D | M] -- C:\Users\Portable\AppData\Roaming\com.zoosk.Desktop.096E6A67431258A508A2446A847B240591D2C99B.1
[2013/11/22 23:08:46 | 000,000,000 | ---D | M] -- C:\Users\Portable\AppData\Roaming\DAEMON Tools Lite
[2013/02/24 04:48:11 | 000,000,000 | ---D | M] -- C:\Users\Portable\AppData\Roaming\Dev-Cpp
[2013/10/30 01:52:42 | 000,000,000 | ---D | M] -- C:\Users\Portable\AppData\Roaming\FileZilla
[2013/05/18 19:40:38 | 000,000,000 | ---D | M] -- C:\Users\Portable\AppData\Roaming\GetRightToGo
[2012/06/26 13:23:13 | 000,000,000 | ---D | M] -- C:\Users\Portable\AppData\Roaming\Haihaisoft PDF Reader
[2013/05/18 18:55:36 | 000,000,000 | ---D | M] -- C:\Users\Portable\AppData\Roaming\Leawo
[2011/12/14 21:01:40 | 000,000,000 | ---D | M] -- C:\Users\Portable\AppData\Roaming\PC Suite
[2013/06/23 20:31:28 | 000,000,000 | ---D | M] -- C:\Users\Portable\AppData\Roaming\Radmin
[2013/09/13 18:53:07 | 000,000,000 | ---D | M] -- C:\Users\Portable\AppData\Roaming\Samsung
[2013/03/14 18:22:53 | 000,000,000 | ---D | M] -- C:\Users\Portable\AppData\Roaming\Systenance
[2013/11/15 21:54:08 | 000,000,000 | ---D | M] -- C:\Users\Portable\AppData\Roaming\TeamViewer
[2013/10/27 22:47:59 | 000,000,000 | ---D | M] -- C:\Users\Portable\AppData\Roaming\Tenable
[2013/05/18 18:55:38 | 000,000,000 | ---D | M] -- C:\Users\Portable\AppData\Roaming\tiger-k
[2013/11/26 21:41:16 | 000,000,000 | ---D | M] -- C:\Users\Portable\AppData\Roaming\VC
[2013/01/25 15:10:48 | 000,000,000 | ---D | M] -- C:\Users\Portable\AppData\Roaming\WildTangent
[2013/10/07 08:39:04 | 000,000,000 | ---D | M] -- C:\Users\Portable\AppData\Roaming\Windows Live Writer
[2013/01/26 18:24:08 | 000,000,000 | ---D | M] -- C:\Users\Portable\AppData\Roaming\Wireshark
[2013/11/26 22:27:44 | 000,000,000 | ---D | M] -- C:\Users\Portable\AppData\Roaming\X-Chat 2
[2013/10/21 14:58:24 | 000,000,000 | ---D | M] -- C:\Users\Portable\AppData\Roaming\ZHP

========== Purity Check ==========



< End of report >


AND AGAIN A BIG THANKS TO YOU :cheers: :spoton:
  • 0

#6
pystryker

pystryker

    Trusted Helper

  • Malware Removal
  • 3,886 posts
Hello :)

The logs are looking good, but we have a couple more things I want to do to make absolutely sure you're clean. I'll submit what I want to do tonight, but my teacher is offline till the morning. And I'm about to head that way myself. :) I'll have instructions for you tomorrow so we can hopefully finish this up. :thumbsup:

AND AGAIN A BIG THANKS TO YOU :cheers: :spoton:


You are quite welcome :) It's our pleasure. :happy: :thumbsup:
  • 0

#7
pystryker

pystryker

    Trusted Helper

  • Malware Removal
  • 3,886 posts
Hi, let's run a sweep for remnants and check for any out of date programs on your machine. :)

Please disable your antivirus for the duration of my instructions. Don't forget to re-enable them after you have completed the steps.

Step 1: ESET Online Scanner


ESET Online Virus Scan

Please note: You can use Internet Explorer or Firefox for this step.

If you use Firefox, you will be prompted to download esetsmartinstaller_enu.exe. Please do so, then double click it to install it.

Please click on this link and then click the ESET Online Scanner bar ---->Posted Image

  • Select the option YES, I accept the Terms of Use then click on Start
  • When prompted allow the Add-On/Active X to install.
  • Make sure that the option Remove found threats is NOT checked.
  • Make sure that the option Scan archives is checked.
  • Now click on Advanced Settings and select the following:
  • Scan for potentially unwanted applications
  • Scan for potentially unsafe applications
  • Enable Anti-Stealth Technology
  • Now click on Start
  • The virus signature database will begin to download. Be patient this make take some time depending on the speed of your Internet Connection.
  • When completed the Online Scan will begin automatically. The scan may take several hours.
  • Do not touch either the Mouse or keyboard during the scan otherwise it may stall.
  • Now click on Finish
  • Use notepad to open the logfile located at C:\Program Files\ESET\EsetOnlineScanner\log.txt.
  • Copy and paste that log as a reply to this topic.


Step 2: Scan with Malwarebytes


I see you have Malwarebytes' Anti-Malware installed.

  • Please open the program.
  • Click on the Update tab then click Check for Updates

    Posted Image
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, check the following settings:
    • On the Settings tab, Scanner Settings, leave the default boxes checked but change the drop-down boxes to Show in results list and check for removal.

    Posted Image
  • On the Scanner tab, check Perform quick scan.

    Posted Image
  • When the scan is complete, click OK, then Show Results to view the results.

    Posted Image
  • Make sure that everything is checked, and click Remove Selected.

    Posted Image
  • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart. If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process. If asked to restart the computer, please do so immediately.
  • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
  • Copy and Paste the entire report in your next reply.



Step 3: SecurityCheck Scan


Download Security CheckPosted Image by screen317 from here or here.
  • Save it to your Desktop.
  • Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
  • A Notepad document should open automatically called checkup.txt; please post the contents of that document.


Things I need to see in your next post:

  • ESET Scan Log
  • MBAM Log
  • SecurityCheck Log

  • 0

#8
Geekl33t

Geekl33t

    Member

  • Topic Starter
  • Member
  • PipPip
  • 22 posts
Hey Pystryker

I'm back with some bad news. I made a scan with ESET and I got some infections :killcomp:

Here are the logs:

ESET scan log:
[email protected] as downloader log:
all ok
# version=8
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.6920
# api_version=3.0.2
# EOSSerial=cde957c0fef2014796fb2585f5972579
# engine=16063
# end=finished
# remove_checked=false
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=true
# antistealth_checked=true
# utc_time=2013-11-28 08:37:02
# local_time=2013-11-28 09:37:02 (+0100, Paris, Madrid)
# country="Belgium"
# lang=1033
# osver=6.0.6002 NT Service Pack 2
# compatibility_mode=772 16777213 66 80 1069955 1070024 0 0
# compatibility_mode=5892 16776573 100 100 18846 223203750 0 0
# scanned=337720
# found=5
# cleaned=0
# scan_time=11932
sh=5B4ADB49339B46E8D83A95120C5180657E6CC651 ft=1 fh=4abcc156663a2f07 vn="multiple threats" ac=I fn="C:\Users\Portable\Downloads\CheatEngine63.exe"
sh=955B40D50E3622BF054948C998FF102C02B7F15F ft=1 fh=4688a051628044e0 vn="a variant of Win32/SpeedingUpMyPC application" ac=I fn="C:\Users\Portable\Downloads\PCSM32_FR_FB_NAM.exe"
sh=DB0FA68A8198C6410F6402848F4853130D24E50F ft=1 fh=44d124005b0a5627 vn="multiple threats" ac=I fn="C:\Users\Portable\Downloads\PCSpeedMaximizer_AQFR_FB.exe"
sh=CB05D5BB6266F937393F47C1EB40C52EB8A02724 ft=1 fh=1c29f711adc6526c vn="a variant of Win32/Monitor.Spyagent.NAG application" ac=I fn="C:\Windows\sysk32.dll"
sh=992E4383B4D804E4DAD9ABF97D63FE124BAF81A6 ft=0 fh=0000000000000000 vn="a variant of MSIL/Toolbar.Linkury.C application" ac=I fn="C:\Windows\Installer\b3487d.msi"

MBAM log:
Malwarebytes Anti-Malware (PRO) 1.75.0.1300
www.malwarebytes.org

Version de la base de données: v2013.11.28.10

Windows Vista Service Pack 2 x86 NTFS (Mode sans échec/Réseau)
Internet Explorer 9.0.8112.16421
Portable :: PC-DE-PORTABLE [administrateur]

Protection: Désactivé

28/11/2013 23:38:50
mbam-log-2013-11-28 (23-38-50).txt

Type d'examen: Examen rapide
Options d'examen activées: Mémoire | Démarrage | Registre | Système de fichiers | Heuristique/Extra | Heuristique/Shuriken | PUP | PUM
Options d'examen désactivées: P2P
Elément(s) analysé(s): 232793
Temps écoulé: 5 minute(s), 51 seconde(s)

Processus mémoire détecté(s): 0
(Aucun élément nuisible détecté)

Module(s) mémoire détecté(s): 0
(Aucun élément nuisible détecté)

Clé(s) du Registre détectée(s): 0
(Aucun élément nuisible détecté)

Valeur(s) du Registre détectée(s): 0
(Aucun élément nuisible détecté)

Elément(s) de données du Registre détecté(s): 0
(Aucun élément nuisible détecté)

Dossier(s) détecté(s): 0
(Aucun élément nuisible détecté)

Fichier(s) détecté(s): 0
(Aucun élément nuisible détecté)

(fin)

SecurityCheck log:
Results of screen317's Security Check version 0.99.77
Windows Vista Service Pack 2 x86 (UAC is enabled)
Internet Explorer 9
Internet Explorer 8
``````````````Antivirus/Firewall Check:``````````````
avast! Antivirus
Antivirus out of date! (On Access scanning disabled!)
`````````Anti-malware/Other Utilities Check:`````````
Malwarebytes Anti-Malware version 1.75.0.1300
CCleaner
Adobe Reader 9 Adobe Reader out of Date!
Google Chrome 31.0.1650.48
Google Chrome 31.0.1650.57
````````Process Check: objlist.exe by Portable````````
`````````````````System Health check`````````````````
Total Fragmentation on Drive C: %
````````````````````End of Log``````````````````````


That's it, I'm waiting for the next instructions. I really want these viruses to be gone.

Thanks in advance mate :)
  • 0

#9
pystryker

pystryker

    Trusted Helper

  • Malware Removal
  • 3,886 posts

I'm back with some bad news. I made a scan with ESET and I got some infections :killcomp:


Don't junk the computer just yet. :) Actually, these are remnants and leftovers we're about to get rid of. Once this is done, we'll have some updates and such, but we'll get to that shortly. Please follow the steps below:

Please disable your antivirus for the duration of my instructions. Don't forget to re-enable them after you have completed the steps.


Let's run an OTL fix:

Warning: This fix is to be used on this system and this system ONLY. Using this fix on any other machine other than yours can seriously damage it.

Be advised that when the fix commences, it will shut down all running processes and you may lose the dektop and icons, they will return on reboot.

Run OTL

  • Copy the text in the quote box below (do not copy the word "quote") and paste in the in the box marked Custom Scans/Fixes as shown in the graphic below.

Posted Image

:Commands
[createrestorepoint]

:Files
C:\Users\Portable\Downloads\CheatEngine63.exe
C:\Users\Portable\Downloads\PCSM32_FR_FB_NAM.exe
C:\Users\Portable\Downloads\PCSpeedMaximizer_AQFR_FB.exe
C:\Windows\sysk32.dll
C:\Windows\Installer\b3487d.msi

:Commands
[reboot]



  • Click the Run Fix button at the top of the OTL control panel.
  • Let the program run until it's finished and then reboot the computer.
  • Once your machine has rebooted, a log will open. Please post that log in your next reply.
  • If the log doesn't open on reboot, you can find a copy of it here: C:\_OTL\MovedFiles

If you have any problems, questions, or need further explanation, please post a message in this thread and I will get back to you asap.


Things I need to see in your next post:

OTL Fix Log

  • 0

#10
Geekl33t

Geekl33t

    Member

  • Topic Starter
  • Member
  • PipPip
  • 22 posts
Hey Pystryker

I'm back again and I fixed the threads :cool:

Here's the log:
========== COMMANDS ==========
Restore point Set: OTL Restore Point
========== FILES ==========
C:\Users\Portable\Downloads\CheatEngine63.exe moved successfully.
C:\Users\Portable\Downloads\PCSM32_FR_FB_NAM.exe moved successfully.
C:\Users\Portable\Downloads\PCSpeedMaximizer_AQFR_FB.exe moved successfully.
C:\Windows\sysk32.dll moved successfully.
C:\Windows\Installer\b3487d.msi moved successfully.
========== COMMANDS ==========

OTL by OldTimer - Version 3.2.69.0 log created on 11292013_161228

I got some questions:
Were the files "sysk32.dll" and "b3487d.msi" spyware/trojan virus :confused: If yes, do I have to change all my accounts passwords? And why didn't Avast! antivirus or Malwarebytes detect it? And I really would like to know where these files might come from?

I'm waiting for other instructions :)

Thanks in advace mate :thumbsup:

Edited by Geekl33t, 29 November 2013 - 10:30 AM.

  • 0

#11
pystryker

pystryker

    Trusted Helper

  • Malware Removal
  • 3,886 posts

Were the files "sysk32.dll" and "b3487d.msi" spyware/trojan virus :confused: If yes, do I have to change all my accounts passwords?


The b3487d.msi file is MSIL/Toolbar.Linkury.C application toolbar related malware. It's associated with toolbars that get installed sometimes unwillingly on computers and comes packaged with most software that can be downloaded nowadays.

The sysk32.dll file is more than likely an orphan from one of the programs we uninstalled, such as the TuneUpUtilities or the Driver Scanner.

No need to change your accounts or passwords :) Had you had something like that on your machine, I would have brought that to your attention before we did any of the fixes. :)


And why didn't Avast! antivirus or Malwarebytes detect it?


Avast! and Malwarebytes detect active threats or attempts to change system files and such. We killed the infections, and those were the left over inactive files. They are only as good as the current detection database and this is why it is very important to check for both updates and run scans on a regular basis with both applications.


And now...



Great news, your logs are CLEAN! :thumbsup: :) Looks like that last fix did the trick. We still have a few things we need to address namely:


  • I need to remove the tools we installed on your machine.
  • We also have some programs on your machine that need updating to help protect you in the future.

Let's get started :)

Step 1: Program Updates


Please update your Avast! anti-virus, as it is showing it is out of date.


Updating Adobe Reader

  • Malware will exploit any vulnerabilities it can find in outdated software. If you are using Adobe Reader for reading pdf files, try using FoxIt Reader. It is a very capable alternative to Adobe.
  • Please click here to download FoxIt Reader.
  • If you wish to continue to use Adobe Reader, then please update it by clicking here.
  • Please remember to uncheck the option to install McAfee's Security Suite.


A word about Java

Java has become the #1 program exploited by thieves and hackers as of today. It's gotten so bad, the Department of Homeland Security recently recommended that users disable Java on their machines.

For more information regarding this, see the two articles below:

Forbes: US Department of Homeland Security Calls on user do disable Java

US warns on Java software

Unless you have software on your machine that absolutely requires Java, I highly recommend you completely remove it from your system.

If you do have software that requires it, then disable it until such time as it's needed by those programs.

Please click the link below for instructions to disable Java.

How to Disable Java in your Web Browser


If you wish to continue to use Java on your machine, please be sure to keep it updated by following the instructions below.


  • Click on this link Java Website and click Do I Have Java?
  • Then click the Verify Java Version button. It will scan your current version and show you if you have the most current version.

You can also download a tool called JavaRa that will automatically search for new updates and remove older versions of Java.
Click the link below to go to the download page to get the tool.

JavaRa

Once you have downloaded JavaRa

  • Unzip the files to the directory of your choice.
  • Double click the JavaRa icon in the directory and choose your language preference.
  • Click Remove Older Versions from the menu.
  • Click Yes.
  • If you get a warning that Internet Explorer needs to be closed, close it, then click ok.
  • JavaRa will then search for and remove old versions of Java from your machine.

You can find instructions for manually removing older versions for Windows XP, Vista, and 7 by clicking the link below:

Instructions for manually removing old versions of Java



Keeping your software updated

Another weapon against malicious programs and viruses is to keeping other programs updated. There are several programs out there that can check for out of date programs on your computer. One is Filehippo. You can run this on a weekly or monthly basis to check your programs for updates and then it will provide a link for you to download them.

Download Filehippo Updatechecker



Step 2: Remove Old Restore Points and Create a New One.


We're going to delete your old system restore points and create a new one now that your system is clean. We do this so that in the event you need to do a system restore, you will have a clean restore point to work from.

  • Start OTL and copy the contents in the quote box below.
  • Paste the Contents into the Custom Scans/Fixes button and click Run Fix
  • This will delete the old restore points and create a new one.


:Files
%systemroot%\system32\vssadmin delete shadows /for=c: /all /quiet /c

:Commands
[CreateRestorePoint]




Step 3: Tool Removal

You can delete aswMBR, Junkware Removal Tool and SecurityCheck from your desktop.

Start AdwCleaner and click the Uninstall button. AdwCleaner will uninstall itself from your machine.

Start OTL and click the Cleanup button. OTL will uninstall itself from your machine.

You can uninstall ESET Online Scanner at this time.


Step 4: Helpful Tips and Information to prevent infection


  • Do not use P2P programs.
  • Watch what you open in your emails. If you get an email from an unknown source with any attached files, do not open it.
  • Be careful of the websites you visit.
  • When installing new programs, don't be "click happy" and click through the screens. Many programs come with adware in them and are set to install them by default. Several programs require that you uncheck or select no to prevent the installation. Take you time and read each screen as you go. :)
  • To help protect yourself while on the web, I recommend you read How did I get infected in the first place?
  • Please take the time to read How to prevent your computer from becoming infected by CryptoLocker. This infection is gaining prominence and this link will help you take measures to protect your machine.


Any further issues remaining that I can assist you with?
  • 0

#12
Geekl33t

Geekl33t

    Member

  • Topic Starter
  • Member
  • PipPip
  • 22 posts
Hey Pystryker

Thanks alot for your time and your help I really appriciate that :D

You saved my computer mate :)

Again A BIG BIG THANKS :cheers: :spoton:

Peace :wave:

Edited by Geekl33t, 30 November 2013 - 07:36 PM.

  • 0

#13
pystryker

pystryker

    Trusted Helper

  • Malware Removal
  • 3,886 posts

Hey Pystryker

Thanks alot for your time and your help I really appriciate that :D

You saved my computer mate :)

Again A BIG BIG THANKS :cheers: :spoton:

Peace :wave:


You are very much welcome! :) :thumbsup:


Safe surfing!

Pystryker :cool:
  • 0

#14
Dakeyras

Dakeyras

    Anti-Malware Mammoth

  • Expert
  • 9,684 posts
Since this issue appears to be resolved ... this Topic has been closed. Glad we could help. :)

If you're the topic starter, and need this topic reopened, please contact a staff member with the address of the thread.

Everyone else please begin a New Topic.
  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP