Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

Boot and Start troubles

Started by ramaflore , Mar 24 2014 10:06 AM

  • Please log in to reply

#1
ramaflore
Posted 24 March 2014 - 10:06 AM

ramaflore

    Member

  • Member
  • PipPipPip
  • 210 posts

Hi,

 

I don't know if I have a malware or not but these are the 3 troubles:

 

You will see at the end my ADWCleaner log. All the files appeared on the log were cleaned with ADWCleaner. Nevertheless, on yesterday, I found that the key APN PIP on the registry and I deleted it. The date of the troubles matches with this log. The first two troubles (see below) appeared between 24 and 26 feb.

 

1. Starting Vista troubles

 

I have a black screen and it can't start Vista Business after Bios finnished and before the 'Microsoft Corporation' bar at bottom is blinking, so that I need to manually shut down drastically with the power OFF button to reboot my laptop.

My laptop couldn't start properly as the 'Microsoft Corporation' green progress bar at bottom doesn't appear.

This occured only if I 'm working on my laptop during a few hours.

If I'm working for a few minutes and I shut down my laptop, I can start without any troubles.

 

2. Bios can't save settings

 

If I turn off my laptop and unplug from the wall outlet and I start again after a few hours, the Bios come back with the old settings with 'AHCI enable'.
If I reboot my laptop after a few minutes (unplugged or not unplugged from wall outlet), there is no problem, it can save my last settings, and my laptop can boot with no problems.

 

What I did :

 

I ran SFC and CHKDSK, a 'Repair my Computer' with the Bootable Vista Cd, Memtest, check my HDD with HDDRegenerator. Check malwares with HitmanPro, ProcessHacker and AdwCleaner.

 

3. Clock time is not more synchronized. It works for one hour then it stopped and go backwards to the previous hour -1h. Then if I manually synchronized, it will do the same. This is new troubles since two days ago.

 

# AdwCleaner v3.019 - Rapport créé le 24/02/2014 à 01:44:04
# Mis à jour le 17/02/2014 par Xplode
# Système d'exploitation : Windows Vista ™ Business Service Pack 2 (32 bits)
# Nom d'utilisateur :
# Exécuté depuis : C:\Program Files\Nettoyage Disque Dur\AdwCleaner.exe
# Option : Scanner

***** [ Services ] *****


***** [ Fichiers / Dossiers ] *****

Dossier Présent \zap
Dossier Présent C:\Program Files\AskPartnerNetwork
Dossier Présent C:\ProgramData\apn
Dossier Présent C:\ProgramData\boost_interprocess
Dossier Présent C:\Users\Flore\AppData\Roaming\thinstall
Dossier Présent C:\Users\Transparence\AppData\Roaming\thinstall
Fichier Présent : C:\Users\Flore\AppData\Roaming\Mozilla\Firefox\Profiles\3mx75wwm.default\searchplugins\Askcom.xml
Fichier Présent : C:\Users\Flore\AppData\Roaming\Mozilla\Firefox\Profiles\3mx75wwm.default\searchplugins\delta.xml
Fichier Présent : C:\Users\Flore\AppData\Roaming\Mozilla\Firefox\Profiles\3mx75wwm.default\user.js

***** [ Raccourcis ] *****


***** [ Registre ] *****

Clé Présente : HKCU\Software\5b6de8cbc68be46
Clé Présente : HKCU\Software\APN PIP
Clé Présente : HKLM\SOFTWARE\Classes\CLSID\{6E993643-8FBC-44FE-BC85-D318495C4D96}
Clé Présente : HKLM\Software\PIP

***** [ Navigateurs ] *****

-\\ Internet Explorer v7.0.6002.18005


-\\ Mozilla Firefox v27.0.1 (fr)

[ Fichier : C:\Users\Flore\AppData\Roaming\Mozilla\Firefox\Profiles\3mx75wwm.default\prefs.js ]

Ligne Trouvée : user_pref("browser.search.selectedEngine", "Delta Search");
Ligne Trouvée : user_pref("extensions.delta.admin", false);
Ligne Trouvée : user_pref("extensions.delta.aflt", "babsst");
Ligne Trouvée : user_pref("extensions.delta.appId", "{C26644C4-2A12-4CA6-8F2E-0EDE6CF018F3}");
Ligne Trouvée : user_pref("extensions.delta.autoRvrt", "false");
Ligne Trouvée : user_pref("extensions.delta.dfltLng", "en");
Ligne Trouvée : user_pref("extensions.delta.excTlbr", false);
Ligne Trouvée : user_pref("extensions.delta.id", "000e8db70000000000000016d363ef36");
Ligne Trouvée : user_pref("extensions.delta.instlDay", "15786");
Ligne Trouvée : user_pref("extensions.delta.instlRef", "sst");
Ligne Trouvée : user_pref("extensions.delta.newTab", false);
Ligne Trouvée : user_pref("extensions.delta.prdct", "delta");
Ligne Trouvée : user_pref("extensions.delta.prtnrId", "delta");
Ligne Trouvée : user_pref("extensions.delta.rvrt", "false");
Ligne Trouvée : user_pref("extensions.delta.smplGrp", "none");
Ligne Trouvée : user_pref("extensions.delta.tlbrId", "base");
Ligne Trouvée : user_pref("extensions.delta.tlbrSrchUrl", "");
Ligne Trouvée : user_pref("extensions.delta.vrsn", "1.8.10.0");
Ligne Trouvée : user_pref("extensions.delta.vrsnTs", "1.8.10.012:59:57");
Ligne Trouvée : user_pref("extensions.delta.vrsni", "1.8.10.0");

[ Fichier : C:\Users\Transparence\AppData\Roaming\Mozilla\Firefox\Profiles\o0o0jxnv.Flore\prefs.js ]

Ligne Trouvée : user_pref("extensions.crossrider.bic", "141400f7e1d5aa8f107903e38cfa6891");
Ligne Trouvée : user_pref("extensions.requestpolicy.allowedOrigins", "depositfiles.com adf.ly imagevenue.com vistax64.com mirrorcreator.com ebuyclub.com twimg.com fcast.tv laredoute.fr tf1.fr virustotal.com sfr.fr sp[...]
Ligne Trouvée : user_pref("extensions.requestpolicy.allowedOriginsToDestinations", "163.com|netease.com amazon.ca|images-amazon.com amazon.ca|ssl-images-amazon.com amazon.cn|images-amazon.com amazon.cn|joyo.com amazo[...]

*************************



 Thanks in advance for your help !


  • 0

Advertisements

#2
emeraldnzl
Posted 27 March 2014 - 03:05 PM

emeraldnzl

    GeekU Instructor

  • GeekU Moderator
  • 20,051 posts

Hello ramaflore,

 

Sorry for the delay.

 

It's a bit uncertain from you description but I think you are saying that at times you can boot up normally.

 

If so please do this:

 

Please download Farbar Recovery Scan Tool from here and save it to your desktop.

Note: You need to run the version compatible with your system. If you are not sure which version applies to your system download both of them and try to run them. Only one of them will run on your system, that will be the right version.

  • Right click to run as administrator. When the tool opens click Yes to disclaimer.
  • Press Scan button.
  • It will produce a log called (FRST.txt) in the same directory the tool is run from.
  • Please copy and paste log back here.
  • The first time the tool is run, it makes also another log (Addition.txt). Please also paste that into your reply.

 
  • 0

#3
ramaflore
Posted 27 March 2014 - 05:31 PM

ramaflore

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 210 posts

Thank you Emerald for your reply. :)

 

No problem for the delay.

 

Could I run it under my User account but with Admin rights or it's better to run under my Admin account ?


  • 0

#4
emeraldnzl
Posted 27 March 2014 - 05:58 PM

emeraldnzl

    GeekU Instructor

  • GeekU Moderator
  • 20,051 posts

As long as you have Admin rights I think it will be fine. Right click on it and run as Administrator. :)


  • 0

#5
ramaflore
Posted 28 March 2014 - 06:19 AM

ramaflore

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 210 posts

Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 13-03-2014  01
Ran by Flore  (administrator) on  on 28-03-2014 13:05:15
Running from C:\Users\Flore\Desktop
Microsoft® Windows Vista™ Professionnel  Service Pack 2 (X86) OS Language: French Standard
Internet Explorer Version 7
Boot Mode: Normal

The only official download link for FRST:
Download link for 32-Bit version: http://www.bleepingc...can-tool/dl/81/
Download link for 64-Bit Version: http://www.bleepingc...can-tool/dl/82/
Download link from any site other than Bleeping Computer is unpermitted or outdated.
See tutorial for FRST: http://www.geekstogo...very-scan-tool/

==================== Processes (Whitelisted) =================

(Microsoft Corporation) C:\Windows\system32\SLsvc.exe
(Privacyware/PWI, Inc.) C:\Program Files\Privacyware\Privatefirewall 7.0\pfsvc.exe
(Blue Ridge Networks) C:\Program Files\Blue Ridge Networks\AppGuard\AppGuardAgent.exe
(Nitro PDF Software) C:\Program Files\Nitro PDF\Express\NitroPDFExpressDriverService.exe
(Nalpeiron Ltd.) C:\Windows\system32\NLSSRV32.EXE
(Microsoft Corporation) C:\Windows\system32\msiexec.exe
(Uniblue Systems Ltd) C:\Program Files\Uniblue\DriverScanner\dsmonitor.exe
(http://sf.net/projects/noautorun/) C:\Program Files\NoAutorun-1.1.2.25\NoAutorun.exe
(SHADOWDEFENDER.COM) C:\Program Files\Shadow Defender\DefenderDaemon.exe
(Blue Ridge Networks) C:\Program Files\Blue Ridge Networks\AppGuard\AppGuardGUI.exe
() C:\Program Files\SpyShelter Premium\SpyShelter.exe
(Privacyware/PWI, Inc.) C:\Program Files\Privacyware\Privatefirewall 7.0\PFGUI.exe
(Karen Kenworthy) C:\Program Files\Time Sync\PTSync.exe
(Microsoft Corporation) C:\Windows\system32\conime.exe
(Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe


==================== Registry (Whitelisted) ==================

HKLM\...\Run: [Shadow Defender Daemon] - C:\Program Files\Shadow Defender\DefenderDaemon.exe [253483 2011-02-21] (SHADOWDEFENDER.COM)
HKLM\...\Run: [AppGuardGUI] - C:\Program Files\Blue Ridge Networks\AppGuard\AppGuardGUI.exe [629064 2013-08-06] (Blue Ridge Networks)
HKLM\...\Run: [SpyShelter] - C:\Program Files\SpyShelter Premium\SpyShelter.exe [5083488 2014-02-13] ()
HKLM\...\Run: [Privatefirewall] - C:\Program Files\Privacyware\Privatefirewall 7.0\PFGUI.exe [3048480 2013-12-17] (Privacyware/PWI, Inc.)
HKLM\...\Policies\Explorer: [NoChangeStartMenu] 0
HKLM\...\Policies\Explorer: [NoDeletePrinter] 0
HKLM\...\Policies\Explorer: [NoDevMgrUpdate] 0
HKLM\...\Policies\Explorer: [NoDFSTab] 0
HKLM\...\Policies\Explorer: [NoEncryptOnMove] 0
HKLM\...\Policies\Explorer: [NoHardwareTab] 0
HKLM\...\Policies\Explorer: [NoLogoff] 0
HKLM\...\Policies\Explorer: [NoResolveSearch] 0
HKLM\...\Policies\Explorer: [NoRunasInstallPrompt] 0
HKLM\...\Policies\Explorer: [NoSetTaskbar] 0
HKLM\...\Policies\Explorer: [NoStartMenuSubFolders] 0
HKU\S-1-5-21-3960516785-660546420-3033704126-1000\...\Policies\Explorer: [NoChangeStartMenu] 0
HKU\S-1-5-21-3960516785-660546420-3033704126-1000\...\Policies\Explorer: [NoDeletePrinter] 0
HKU\S-1-5-21-3960516785-660546420-3033704126-1000\...\Policies\Explorer: [NoDevMgrUpdate] 0
HKU\S-1-5-21-3960516785-660546420-3033704126-1000\...\Policies\Explorer: [NoDFSTab] 0
HKU\S-1-5-21-3960516785-660546420-3033704126-1000\...\Policies\Explorer: [NoEncryptOnMove] 0
HKU\S-1-5-21-3960516785-660546420-3033704126-1000\...\Policies\Explorer: [NoHardwareTab] 0
HKU\S-1-5-21-3960516785-660546420-3033704126-1000\...\Policies\Explorer: [NoLogoff] 0
HKU\S-1-5-21-3960516785-660546420-3033704126-1000\...\Policies\Explorer: [NoResolveSearch] 0
HKU\S-1-5-21-3960516785-660546420-3033704126-1000\...\Policies\Explorer: [NoRunasInstallPrompt] 0
HKU\S-1-5-21-3960516785-660546420-3033704126-1000\...\Policies\Explorer: [NoSetTaskbar] 0
HKU\S-1-5-21-3960516785-660546420-3033704126-1000\...\Policies\Explorer: [NoStartMenuSubFolders] 0
HKU\S-1-5-21-3960516785-660546420-3033704126-1000\...\Policies\Explorer: [NoLowDiskSpaceChecks] 1

==================== Internet (Whitelisted) ====================

HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft...=ie&ar=iesearch
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKCU\Software\Microsoft\Internet Explorer\Main,Secondary Start Pages =
HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
SearchScopes: HKLM - DefaultScope value is missing.
SearchScopes: HKCU - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = http://www.bing.com/search
BHO: Java™ Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
DPF: {CF84DAC5-A4F5-419E-A0BA-C01FFD71112F} http://content.syste...el_4.5.22.0.cab
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1

FireFox:
========
FF ProfilePath: C:\Users\Flore\AppData\Roaming\Mozilla\Firefox\Profiles\3mx75wwm.default
FF Homepage: about:blank
FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF32_12_0_0_43.dll ()
FF Plugin: @java.com/DTPlugin,version=10.51.2 - C:\Program Files\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=10.51.2 - C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin: @microsoft.com/WPF,version=3.5 - c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF Plugin: @mozilla.zeniko.ch/SumatraPDF_Browser_Plugin - C:\Program Files\SumatraPDF\npPdfViewer.dll (Simon Bünzli)
FF Plugin: @veetle.com/veetleCorePlugin,version=0.9.19 - C:\Program Files\Veetle\plugins\npVeetle.dll (Veetle Inc)
FF Plugin: @veetle.com/veetlePlayerPlugin,version=0.9.18 - C:\Program Files\Veetle\Player\npvlc.dll (Veetle Inc)
FF Plugin: @videolan.org/vlc,version=2.0.2 - C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin: @videolan.org/vlc,version=2.1.0 - C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin HKCU: @mozilla.zeniko.ch/SumatraPDF_Browser_Plugin - C:\Program Files\SumatraPDF\npPdfViewer.dll (Simon Bünzli)
FF SearchPlugin: C:\Users\Flore\AppData\Roaming\Mozilla\Firefox\Profiles\3mx75wwm.default\searchplugins\s-amazon-fr.xml
FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\amazon-france.xml
FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\cnrtl-tlfi-fr.xml
FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\eBay-france.xml
FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\yahoo-france.xml
FF Extension: Fasterfox Lite - C:\Users\Flore\AppData\Roaming\Mozilla\Firefox\Profiles\3mx75wwm.default\Extensions\FasterFox_Lite@BigRedBrent [2012-09-27]
FF Extension: DownloadHelper - C:\Users\Flore\AppData\Roaming\Mozilla\Firefox\Profiles\3mx75wwm.default\Extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d} [2013-09-11]
FF Extension: Memory Fox - C:\Users\Flore\AppData\Roaming\Mozilla\Firefox\Profiles\3mx75wwm.default\Extensions\{E173B749-DB5B-4fd2-BA0E-94ECEA0CA55B} [2011-12-09]
FF Extension: Ghostery - C:\Users\Flore\AppData\Roaming\Mozilla\Firefox\Profiles\3mx75wwm.default\Extensions\[email protected] [2013-09-05]
FF Extension: Team Cymru's MHR - C:\Users\Flore\AppData\Roaming\Mozilla\Firefox\Profiles\3mx75wwm.default\Extensions\[email protected] [2012-08-03]
FF Extension: No Name - C:\Users\Flore\AppData\Roaming\Mozilla\Firefox\Profiles\3mx75wwm.default\Extensions\[email protected] [2012-08-01]
FF Extension: Movies Extractor Scout helper - C:\Users\Flore\AppData\Roaming\Mozilla\Firefox\Profiles\3mx75wwm.default\Extensions\{ABD59049-8F4C-4F50-A274-CC63527942FA}.xpi [2012-09-08]
FF Extension: Adblock Plus - C:\Users\Flore\AppData\Roaming\Mozilla\Firefox\Profiles\3mx75wwm.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2011-12-04]

========================== Services (Whitelisted) =================

R2 BRN_APPGUARD_SERVICE; C:\Program Files\Blue Ridge Networks\AppGuard\AppGuardAgent.exe [485704 2013-08-06] (Blue Ridge Networks)
R2 NitroExpressDriverReadSpool; C:\Program Files\Nitro PDF\Express\NitroPDFExpressDriverService.exe [196912 2009-12-15] (Nitro PDF Software)
R2 PFNet; C:\Program Files\Privacyware\Privatefirewall 7.0\pfsvc.exe [374600 2013-12-17] (Privacyware/PWI, Inc.)
S4 Secunia PSI Agent; C:\Program Files\Secunia\PSI\PSIA.exe [1326176 2012-06-27] (Secunia)
S4 Secunia Update Agent; C:\Program Files\Secunia\PSI\sua.exe [681056 2012-06-27] (Secunia)
S3 rpcapd; "%ProgramFiles%\WinPcap\rpcapd.exe" -d -f "%ProgramFiles%\WinPcap\rpcapd.ini" [X]

==================== Drivers (Whitelisted) ====================

R1 BrnFileLock; C:\Windows\system32\DRIVERS\BrnFilelock.sys [69920 2013-06-18] (Blue Ridge Networks)
R0 diskpt; C:\Windows\System32\drivers\diskpt.sys [204384 2011-03-31] (SHADOWDEFENDER.COM)
R3 DPPCMFilter; C:\Windows\System32\DRIVERS\DPPCMFilter.sys [456960 2008-07-08] (NEC Corporation, NEC Personal Products, Ltd.)
R3 EMSCR; C:\Windows\System32\DRIVERS\EMS7SK.sys [67584 2014-03-08] (ENE Technology Inc.)
R3 ESDCR; C:\Windows\System32\DRIVERS\ESD7SK.sys [46592 2014-03-08] (ENE Technology Inc.)
R1 ESProtectionDriver; C:\Program Files\Malwarebytes Anti-Exploit\MBAE.sys [44632 2013-12-17] ()
S3 flash; C:\Windows\system32\drivers\flash.sys [8064 2005-11-17] ()
R0 MBRGUARD; C:\Windows\System32\DRIVERS\mbrguard.sys [17768 2010-06-10] (Blue Ridge Networks)
S3 NETwLv32; C:\Windows\System32\DRIVERS\NETwLv32.sys [6639616 2014-03-08] (Intel Corporation)
R2 NPF; C:\Windows\System32\drivers\npf.sys [35088 2010-06-25] (CACE Technologies, Inc.)
S3 PSI; C:\Windows\System32\DRIVERS\psi_mf.sys [15544 2011-12-16] (Secunia)
R1 pwipf6; C:\Windows\System32\DRIVERS\pwipf6.sys [130568 2013-09-29] (Privacyware/PWI, Inc.)
R1 Spyshelter; C:\Program Files\SpyShelter Premium\SpyShelter.sys [413536 2014-02-13] (SpyShelter)
R1 SpyshelterKb; C:\Program Files\SpyShelter Premium\SpyshelterKb.sys [174432 2013-12-23] (SpyShelter)
R3 tap0901; C:\Windows\System32\DRIVERS\tap0901.sys [26624 2011-12-15] (The OpenVPN Project)
S4 TKDac; C:\Windows\system32\tkdacxp.sys [100160 2011-12-29] (INCA Internet Co., Ltd.)
S4 IpInIp; system32\DRIVERS\ipinip.sys [X]
S3 IRPFile; \??\G:\Backup Donnees Vista\Programmes installes\atool\IrpFile.sys [X]
S4 NwlnkFlt; system32\DRIVERS\nwlnkflt.sys [X]
S4 NwlnkFwd; system32\DRIVERS\nwlnkfwd.sys [X]
S3 utqxnta1; \??\C:\Windows\system32\Drivers\utqxnta1.sys [X]

==================== NetSvcs (Whitelisted) ===================


==================== One Month Created Files and Folders ========

2014-03-28 13:05 - 2014-03-28 13:06 - 00011043 _____ () C:\Users\Flore\Desktop\FRST.txt
2014-03-28 13:03 - 2014-03-28 13:05 - 00000000 ____D () C:\FRST
2014-03-28 13:03 - 2014-03-28 00:29 - 01145856 _____ (Farbar) C:\Users\Flore\Desktop\FRST.exe
2014-03-28 00:29 - 2014-03-28 00:29 - 01145856 _____ (Farbar) C:\Users\Transparence\Downloads\FRST.exe
2014-03-27 03:10 - 2014-03-27 03:10 - 00000000 ____D () C:\Users\Transparence\Downloads\Downloaded SWF Files
2014-03-27 01:38 - 2014-03-27 01:38 - 00000000 ____D () C:\Users\Transparence\Downloads\NetworkMiner_1-5
2014-03-24 14:22 - 2014-03-24 14:22 - 00000000 ____D () C:\Users\Flore\AppData\Local\Karen's Power Tools
2014-03-24 14:21 - 2014-03-24 14:21 - 00000000 ____D () C:\ProgramData\Karen's Power Tools
2014-03-24 14:21 - 2014-03-24 14:21 - 00000000 ____D () C:\Program Files\Time Sync
2014-03-23 20:37 - 2014-03-23 20:37 - 00000292 _____ () C:\Users\Transparence\Documents\PCWizard  erreur.txt
2014-03-23 00:18 - 2014-03-23 00:18 - 07699680 _____ () C:\Users\Transparence\Downloads\pc-wizard_2013.2.12.zip
2014-03-23 00:18 - 2014-03-23 00:18 - 00000000 ____D () C:\Users\Transparence\Downloads\pc-wizard_2013.2.12
2014-03-23 00:04 - 2014-03-23 00:04 - 02041695 _____ () C:\Users\Transparence\Downloads\cpu-z_1.69-en.zip
2014-03-22 14:11 - 2014-03-22 14:11 - 07858000 _____ () C:\Users\Transparence\Downloads\trimD6B213A7-6894-4B9E-9231-6755A11EDF7E_zps35679950.mp4
2014-03-21 11:25 - 2014-03-21 11:26 - 28871369 _____ () C:\Users\Transparence\Downloads\Original English software3.7.6.rar
2014-03-19 21:21 - 2014-03-19 21:21 - 00332800 _____ () C:\Users\Flore\Downloads\ListProcesses.exe
2014-03-19 13:33 - 2014-02-24 12:37 - 09427377 _____ () C:\Users\Flore\Downloads\Adobe HDS Downloader.rar
2014-03-17 14:45 - 2014-03-17 14:46 - 13245464 _____ () C:\Users\Transparence\Downloads\HDD Regenerator 2013.zip
2014-03-16 11:37 - 2014-03-16 11:37 - 00000000 ____D () C:\Users\Transparence\Downloads\Ashaa
2014-03-16 02:33 - 2014-03-16 02:33 - 01543790 _____ () C:\Users\Transparence\Downloads\PortableHEV1054.zip
2014-03-15 20:20 - 2014-03-15 20:20 - 00262233 _____ () C:\Users\Transparence\Downloads\Downloads.7z
2014-03-15 03:10 - 2014-03-15 03:10 - 00000000 ____D () C:\Users\Flore\AppData\Roaming\Process Hacker 2
2014-03-15 02:53 - 2014-03-15 02:53 - 00000000 ____D () C:\Users\Transparence\Downloads\ProcessHacker
2014-03-15 01:58 - 2014-03-15 01:58 - 01324976 _____ () C:\Users\Transparence\Downloads\NetworkMiner_1-5.zip
2014-03-15 01:02 - 2014-03-15 01:02 - 02720895 _____ () C:\Users\Transparence\Downloads\processhacker-2.33-bin.zip
2014-03-13 22:44 - 2014-03-13 22:44 - 00000195 _____ () C:\Users\Transparence\Documents\MA Request4.txt
2014-03-12 12:28 - 2014-03-12 12:28 - 00000000 ____D () C:\Users\Transparence\Downloads\Ashanti
2014-03-12 12:13 - 2014-03-12 12:13 - 00443553 _____ () C:\Users\Transparence\Downloads\Ashaa.zip
2014-03-12 12:12 - 2014-03-12 12:12 - 00008745 _____ () C:\Users\Transparence\Downloads\Ashanti.zip
2014-03-11 11:00 - 2014-03-11 11:01 - 30201703 _____ () C:\Users\Transparence\Downloads\French software3.7.5.rar
2014-03-09 11:51 - 2014-03-09 11:51 - 00118167 _____ () C:\Users\Flore\Downloads\CBS.7z
2014-03-09 11:50 - 2014-03-09 11:44 - 02832371 _____ () C:\Users\Flore\Downloads\CBS.log
2014-03-09 03:15 - 2014-03-09 03:18 - 56481409 _____ () C:\Users\Transparence\Downloads\p2015.wmv
2014-03-09 03:14 - 2014-03-09 03:17 - 61005445 _____ () C:\Users\Transparence\Downloads\p2034.wmv
2014-03-09 03:14 - 2014-03-09 03:17 - 56525205 _____ () C:\Users\Transparence\Downloads\p2036.wmv
2014-03-09 03:14 - 2014-03-09 03:17 - 56371849 _____ () C:\Users\Transparence\Downloads\p2038.wmv
2014-03-09 01:01 - 2014-03-09 01:01 - 00123808 _____ () C:\Users\Transparence\Downloads\firekeeper-0.3.1-windows.xpi
2014-03-08 16:02 - 2014-03-08 16:02 - 00470848 _____ (Intel Corporation) C:\Windows\system32\Drivers\iaStor.sys
2014-03-08 15:46 - 2014-03-08 15:46 - 06639616 _____ (Intel Corporation) C:\Windows\system32\Drivers\NETwLv32.sys
2014-03-08 15:46 - 2014-03-08 15:46 - 02756608 _____ (Intel Corporation) C:\Windows\system32\NETwLr32.dll
2014-03-08 15:46 - 2014-03-08 15:46 - 00675840 _____ (Intel Corporation) C:\Windows\system32\NETwLc32.dll
2014-03-08 15:41 - 2014-03-08 15:41 - 00313120 _____ (Marvell) C:\Windows\system32\Drivers\yk60x86.sys
2014-03-08 15:38 - 2014-03-08 15:38 - 00516096 _____ (Motorola Inc.) C:\Windows\system32\sm56co85.dll
2014-03-08 15:38 - 2014-03-08 15:38 - 00000000 ____D () C:\Program Files\Motorola
2014-03-08 15:37 - 2014-03-08 15:37 - 00046592 _____ (ENE Technology Inc.) C:\Windows\system32\Drivers\ESD7SK.sys
2014-03-08 15:36 - 2014-03-08 15:36 - 00067584 _____ (ENE Technology Inc.) C:\Windows\system32\Drivers\EMS7SK.sys
2014-03-08 15:35 - 2014-03-08 15:35 - 00000000 ____H () C:\ProgramData\DP45977C.lfl
2014-03-08 15:31 - 2014-03-08 15:31 - 37850112 _____ (Realtek Semiconductor Corp.) C:\Windows\system32\RCoRes.dat
2014-03-08 15:31 - 2014-03-08 15:31 - 27258112 _____ (Waves Audio Ltd.) C:\Windows\system32\MaxxAudioVnA.dll
2014-03-08 15:31 - 2014-03-08 15:31 - 13789440 _____ (Waves Audio Ltd.) C:\Windows\system32\MaxxAudioRealtek.dll
2014-03-08 15:31 - 2014-03-08 15:31 - 07162128 _____ (Dolby Laboratories) C:\Windows\system32\R4EEP32A.dll
2014-03-08 15:31 - 2014-03-08 15:31 - 06176944 _____ (Dolby Laboratories) C:\Windows\system32\DDPP32A.dll
2014-03-08 15:31 - 2014-03-08 15:31 - 05681192 _____ () C:\Windows\system32\Drivers\rtvienna.dat
2014-03-08 15:31 - 2014-03-08 15:31 - 04880152 _____ (ASUSTeKcomputer.Inc Inc) C:\Windows\system32\RTKSMlfx.dll
2014-03-08 15:31 - 2014-03-08 15:31 - 03354880 _____ (Waves Audio Ltd.) C:\Windows\system32\MaxxAudioVnN.dll
2014-03-08 15:31 - 2014-03-08 15:31 - 02876760 _____ (Realtek Semiconductor Corp.) C:\Windows\system32\Drivers\RTKVHDA.sys
2014-03-08 15:31 - 2014-03-08 15:31 - 02547928 _____ (Realtek Semiconductor Corp.) C:\Windows\system32\RtkPgExt.dll
2014-03-08 15:31 - 2014-03-08 15:31 - 02395680 _____ (Fortemedia Corporation) C:\Windows\system32\FMAPO.dll
2014-03-08 15:31 - 2014-03-08 15:31 - 01932544 _____ (Waves Audio Ltd.) C:\Windows\system32\MaxxAudioEQ.dll
2014-03-08 15:31 - 2014-03-08 15:31 - 01824000 _____ (Waves Audio Ltd.) C:\Windows\system32\WavesGUILib.dll
2014-03-08 15:31 - 2014-03-08 15:31 - 01673472 _____ (Waves Audio Ltd.) C:\Windows\system32\MaxxAudioRealtek2.dll
2014-03-08 15:31 - 2014-03-08 15:31 - 01596488 _____ (Realtek Semiconductor Corp.) C:\Windows\system32\RTSndMgr.cpl
2014-03-08 15:31 - 2014-03-08 15:31 - 01489072 _____ (Dolby Laboratories) C:\Windows\system32\DDPD32A.dll
2014-03-08 15:31 - 2014-03-08 15:31 - 01065216 _____ (Waves Audio Ltd.) C:\Windows\system32\MaxxAudioAPO50.dll
2014-03-08 15:31 - 2014-03-08 15:31 - 00938752 _____ (SRS Labs, Inc.) C:\Windows\system32\slcnt32.dll
2014-03-08 15:31 - 2014-03-08 15:31 - 00919600 _____ (Sony Corporation) C:\Windows\system32\SFSS_APO.dll
2014-03-08 15:31 - 2014-03-08 15:31 - 00873728 _____ (Waves Audio Ltd.) C:\Windows\system32\MaxxAudioAPO40.dll
2014-03-08 15:31 - 2014-03-08 15:31 - 00852016 _____ (Sony Corporation) C:\Windows\system32\MISS_APO.dll
2014-03-08 15:31 - 2014-03-08 15:31 - 00823040 _____ (DTS, Inc.) C:\Windows\system32\sl3apo32.dll
2014-03-08 15:31 - 2014-03-08 15:31 - 00790272 _____ (Waves Audio Ltd.) C:\Windows\system32\MaxxAudioAPOShell.dll
2014-03-08 15:31 - 2014-03-08 15:31 - 00782040 _____ (Realtek Semiconductor Corp.) C:\Windows\system32\RtkApoApi.dll
2014-03-08 15:31 - 2014-03-08 15:31 - 00761088 _____ (Waves Audio Ltd.) C:\Windows\system32\MaxxVoiceAPO20.dll
2014-03-08 15:31 - 2014-03-08 15:31 - 00708920 _____ (ASUSTeKcomputer.Inc Inc) C:\Windows\system32\RTKSMSettingsIPC.dll
2014-03-08 15:31 - 2014-03-08 15:31 - 00673037 _____ () C:\Windows\system32\Drivers\RTAIODAT.DAT
2014-03-08 15:31 - 2014-03-08 15:31 - 00642304 _____ (Waves Audio Ltd.) C:\Windows\system32\MaxxSpeechAPO.dll
2014-03-08 15:31 - 2014-03-08 15:31 - 00604928 _____ (DTS, Inc.) C:\Windows\system32\sltech32.dll
2014-03-08 15:31 - 2014-03-08 15:31 - 00509184 _____ (Waves Audio Ltd.) C:\Windows\system32\MaxxVolumeSDAPO.dll
2014-03-08 15:31 - 2014-03-08 15:31 - 00509184 _____ (Waves Audio Ltd.) C:\Windows\system32\MaxxAudioAPO30.dll
2014-03-08 15:31 - 2014-03-08 15:31 - 00502584 _____ () C:\Windows\system32\audioLibVc.dll
2014-03-08 15:31 - 2014-03-08 15:31 - 00426944 _____ (DTS) C:\Windows\system32\DTSU2PLFX32.dll
2014-03-08 15:31 - 2014-03-08 15:31 - 00403392 _____ (DTS) C:\Windows\system32\DTSU2PGFX32.dll
2014-03-08 15:31 - 2014-03-08 15:31 - 00352016 _____ (Dolby Laboratories) C:\Windows\system32\R4EED32A.dll
2014-03-08 15:31 - 2014-03-08 15:31 - 00346048 _____ (DTS) C:\Windows\system32\DTSU2PREC32.dll
2014-03-08 15:31 - 2014-03-08 15:31 - 00272048 _____ (Dolby Laboratories) C:\Windows\system32\DDPO32A.dll
2014-03-08 15:31 - 2014-03-08 15:31 - 00219312 _____ (Dolby Laboratories) C:\Windows\system32\DDPA32.dll
2014-03-08 15:31 - 2014-03-08 15:31 - 00218368 _____ (TODO: <Company name>) C:\Windows\system32\slprp32.dll
2014-03-08 15:31 - 2014-03-08 15:31 - 00188696 _____ () C:\Windows\system32\AcpiServiceVnA.dll
2014-03-08 15:31 - 2014-03-08 15:31 - 00182472 _____ (Andrea Electronics Corporation) C:\Windows\system32\AERTACap.dll
2014-03-08 15:31 - 2014-03-08 15:31 - 00123608 _____ (Realtek Semiconductor Corp.) C:\Windows\system32\RtkCoInstII.dll
2014-03-08 15:31 - 2014-03-08 15:31 - 00106768 _____ (Dolby Laboratories) C:\Windows\system32\R4EEL32A.dll
2014-03-08 15:31 - 2014-03-08 15:31 - 00092584 _____ (Real Sound Lab SIA) C:\Windows\system32\CONEQMSAPOGUILibrary.dll
2014-03-08 15:31 - 2014-03-08 15:31 - 00091920 _____ (Dolby Laboratories) C:\Windows\system32\R4EEA32A.dll
2014-03-08 15:31 - 2014-03-08 15:31 - 00062224 _____ (Dolby Laboratories) C:\Windows\system32\R4EEG32A.dll
2014-03-08 15:16 - 2014-03-08 15:16 - 00000000 ____D () C:\ProgramData\Uniblue
2014-03-08 15:15 - 2014-03-28 04:05 - 00000328 _____ () C:\Windows\Tasks\dsmonitor.job
2014-03-08 15:15 - 2014-03-08 15:15 - 00000982 _____ () C:\Users\Public\Desktop\DriverScanner.lnk
2014-03-08 15:15 - 2014-03-08 15:15 - 00000000 ____D () C:\Users\Flore\AppData\Roaming\Uniblue
2014-03-08 15:15 - 2014-03-08 15:15 - 00000000 ____D () C:\Program Files\Uniblue
2014-03-08 15:13 - 2014-03-08 15:13 - 05597448 _____ (Uniblue Systems Ltd ) C:\Users\Transparence\Downloads\driverscanner.exe
2014-03-08 14:04 - 2014-03-08 14:04 - 00001266 _____ () C:\Users\Flore\Desktop\JRT.txt
2014-03-08 13:39 - 2014-03-08 13:39 - 01037734 _____ (Thisisu) C:\Users\Flore\Downloads\JRT.exe
2014-03-08 13:37 - 2014-02-20 07:33 - 01037734 _____ (Thisisu) C:\Users\Flore\Desktop\JRT_NEW.exe
2014-03-08 01:49 - 2014-03-08 01:49 - 00000000 ____D () C:\Users\Transparence\Downloads\FTS_SDMMCCardReaderCB714_2000_1008544
2014-03-08 01:48 - 2014-03-08 01:48 - 00641339 _____ () C:\Users\Transparence\Downloads\FTS_SDMMCCardReaderCB714_2000_1008544.ZIP
2014-03-08 01:31 - 2014-03-08 01:31 - 02488672 _____ () C:\Users\Transparence\Downloads\FujitsuSiemensDeskUpdate.exe
2014-03-07 13:05 - 2014-03-08 01:49 - 00004007 _____ () C:\Users\Transparence\Documents\A essayer problem ordi.txt
2014-03-06 19:26 - 2014-03-06 19:26 - 00000000 _____ () C:\Windows\setuperr.log
2014-03-06 19:26 - 2014-03-06 19:26 - 00000000 _____ () C:\Windows\setupact.log
2014-03-06 18:02 - 2009-04-11 07:32 - 00177128 _____ (Microsoft Corporation) C:\Windows\system32\hal.dll
2014-03-06 12:39 - 2014-03-06 12:39 - 00097347 _____ () C:\Users\Transparence\Downloads\hal.zip
2014-03-06 01:16 - 2014-03-06 01:16 - 00000106 _____ () C:\Users\Transparence\AppData\Roaming\burnaware.ini
2014-03-06 01:10 - 2014-01-27 00:11 - 569180160 _____ () C:\Users\Transparence\Downloads\CD.Pirate.Informatique.n°20.décembre-février.2014-S-O-U.iso
2014-03-05 08:48 - 2009-04-11 07:32 - 00177128 _____ (Microsoft Corporation) C:\Users\Transparence\Downloads\hal.dll
2014-03-05 02:59 - 2014-03-05 02:59 - 00000022 _____ () C:\Users\Transparence\Documents\cartouche imprimante Serge.txt
2014-03-05 02:27 - 2014-03-05 02:27 - 00031550 _____ () C:\Users\Transparence\Downloads\BitKiller1.3.zip
2014-03-05 02:11 - 2014-03-05 02:12 - 04605563 _____ () C:\Users\Transparence\Downloads\LPLDH.rar
2014-03-04 00:09 - 2014-03-04 00:09 - 00006385 _____ () C:\Users\Flore\Desktop\MD5Report.htm
2014-03-04 00:03 - 2014-03-04 00:03 - 00000751 _____ () C:\Users\Flore\Desktop\UVK.lnk
2014-03-04 00:03 - 2014-03-04 00:03 - 00000000 ____D () C:\Users\Flore\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\UVK
2014-03-03 23:43 - 2014-03-03 23:44 - 00000000 ____D () C:\Users\Transparence\Downloads\Tweaking.com - Windows Repair
2014-03-03 23:29 - 2014-01-28 01:42 - 05788648 ____N (Carifred) C:\Users\Transparence\Downloads\UVKPortable.exe
2014-03-03 23:26 - 2014-03-03 23:26 - 00001033 _____ () C:\Users\Transparence\Desktop\Revouninstaller.lnk
2014-03-03 23:05 - 2014-03-03 23:05 - 03092809 _____ () C:\Users\Transparence\Downloads\tweaking.com_windows_repair_aio.zip
2014-03-03 00:01 - 2014-03-03 00:02 - 21845536 _____ (Blue Ridge Networks ) C:\Users\Transparence\Downloads\AppGuardSetup(1).exe
2014-03-02 22:00 - 2014-03-02 22:00 - 00000052 _____ () C:\Users\Flore\Documents\AppGuard4 serial.txt
2014-03-02 21:44 - 2014-03-02 21:44 - 00000000 ____D () C:\Program Files\Privacyware
2014-03-02 21:44 - 2013-09-29 21:24 - 00130568 _____ (Privacyware/PWI, Inc.) C:\Windows\system32\Drivers\pwipf6.sys
2014-03-02 21:34 - 2014-03-02 21:34 - 03749640 _____ (PWI, Inc. ) C:\Users\Flore\Desktop\privatefirewall.exe
2014-03-02 21:29 - 2014-03-02 21:29 - 08663808 _____ ( ) C:\Users\Flore\Downloads\setup(2).exe
2014-03-02 14:21 - 2014-03-02 14:23 - 00000000 ____D () C:\Users\Transparence\Downloads\CrystalDiskInfo6_1_8
2014-03-02 14:20 - 2014-03-02 14:21 - 02545407 _____ () C:\Users\Transparence\Downloads\CrystalDiskInfo6_1_8.zip
2014-03-02 12:53 - 2014-03-02 14:21 - 00000000 ____D () C:\Users\Transparence\Downloads\driverview
2014-03-02 12:53 - 2014-03-02 12:53 - 00044861 _____ () C:\Users\Transparence\Downloads\driverview.zip
2014-03-01 12:38 - 2014-03-01 12:38 - 02657280 _____ (Resplendence Software Projects Sp. ) C:\Users\Flore\Downloads\whocrashedSetup.exe
2014-03-01 12:37 - 2014-03-01 12:37 - 00930952 _____ (CNET Download.com) C:\Users\Flore\Downloads\cbsidlm-cbsi183-WhoCrashed-SEO-75205821.exe
2014-03-01 11:59 - 2014-02-27 15:26 - 04130656 _____ (Kaspersky Lab ZAO) C:\Users\Flore\Downloads\TDSSKiller.exe
2014-03-01 11:57 - 2014-03-01 11:57 - 04110135 _____ () C:\Users\Flore\Downloads\tdsskiller(1).zip
2014-03-01 11:55 - 2014-03-01 11:55 - 00008528 _____ () C:\Users\Flore\AppData\Local\Temp12.html
2014-03-01 11:55 - 2014-03-01 11:55 - 00002708 _____ () C:\Users\Flore\AppData\Local\Temp9.html
2014-03-01 11:55 - 2014-03-01 11:55 - 00002708 _____ () C:\Users\Flore\AppData\Local\Temp4.html
2014-03-01 11:27 - 2014-03-01 11:51 - 00000000 ____D () C:\Windows\Minidump
2014-03-01 11:06 - 2014-03-01 11:06 - 00035712 _____ () C:\Windows\system32\Drivers\BlackBox.sys
2014-02-28 19:17 - 2014-02-28 19:17 - 00000000 ____D () C:\Users\Transparence\AppData\Local\Apps\2.0
2014-02-28 18:56 - 2014-02-28 18:56 - 00000000 ____D () C:\Users\Transparence\AppData\Roaming\Thinstall
2014-02-27 22:25 - 2014-02-27 22:25 - 02036875 _____ () C:\Users\Flore\Downloads\geek.zip
2014-02-27 15:29 - 2014-02-27 15:30 - 00000000 ____D () C:\Users\Transparence\Downloads\webvulnscan9
2014-02-27 15:19 - 2014-02-27 21:29 - 00000920 _____ () C:\Windows\certutil.log
2014-02-27 14:09 - 2014-02-27 14:25 - 29656899 _____ () C:\Users\Transparence\Downloads\los2g.Acunetix.Web.Vulnerability.Scanner.Consultant.Edition.9.0.20140206.rar


==================== One Month Modified Files and Folders =======

2014-03-28 13:06 - 2014-03-28 13:05 - 00011043 _____ () C:\Users\Flore\Desktop\FRST.txt
2014-03-28 13:05 - 2014-03-28 13:03 - 00000000 ____D () C:\FRST
2014-03-28 04:08 - 2006-11-02 14:01 - 00032612 _____ () C:\Windows\Tasks\SCHEDLGU.TXT
2014-03-28 04:05 - 2014-03-08 15:15 - 00000328 _____ () C:\Windows\Tasks\dsmonitor.job
2014-03-28 04:04 - 2006-11-02 14:01 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-03-28 04:04 - 2006-11-02 13:47 - 00005168 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
2014-03-28 04:04 - 2006-11-02 13:47 - 00005168 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
2014-03-28 00:29 - 2014-03-28 13:03 - 01145856 _____ (Farbar) C:\Users\Flore\Desktop\FRST.exe
2014-03-28 00:29 - 2014-03-28 00:29 - 01145856 _____ (Farbar) C:\Users\Transparence\Downloads\FRST.exe
2014-03-27 14:14 - 2013-09-10 00:46 - 00000000 ____D () C:\Program Files\VPNium
2014-03-27 03:10 - 2014-03-27 03:10 - 00000000 ____D () C:\Users\Transparence\Downloads\Downloaded SWF Files
2014-03-27 01:38 - 2014-03-27 01:38 - 00000000 ____D () C:\Users\Transparence\Downloads\NetworkMiner_1-5
2014-03-26 02:44 - 2012-08-15 12:51 - 00107008 _____ () C:\Users\Transparence\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2014-03-24 14:22 - 2014-03-24 14:22 - 00000000 ____D () C:\Users\Flore\AppData\Local\Karen's Power Tools
2014-03-24 14:21 - 2014-03-24 14:21 - 00000000 ____D () C:\ProgramData\Karen's Power Tools
2014-03-24 14:21 - 2014-03-24 14:21 - 00000000 ____D () C:\Program Files\Time Sync
2014-03-23 22:42 - 2013-09-28 16:58 - 00000000 ____D () C:\Users\Transparence\AppData\Local\CrashDumps
2014-03-23 20:37 - 2014-03-23 20:37 - 00000292 _____ () C:\Users\Transparence\Documents\PCWizard  erreur.txt
2014-03-23 20:25 - 2006-11-02 12:18 - 00000000 ____D () C:\Windows\system32\Msdtc
2014-03-23 18:30 - 2006-11-02 11:22 - 27262976 _____ () C:\Windows\system32\config\software_previous
2014-03-23 18:30 - 2006-11-02 11:22 - 26476544 _____ () C:\Windows\system32\config\components_previous
2014-03-23 18:30 - 2006-11-02 11:22 - 16515072 _____ () C:\Windows\system32\config\system_previous
2014-03-23 18:30 - 2006-11-02 11:22 - 00786432 _____ () C:\Windows\system32\config\default_previous
2014-03-23 18:30 - 2006-11-02 11:22 - 00262144 _____ () C:\Windows\system32\config\security_previous
2014-03-23 18:30 - 2006-11-02 11:22 - 00094208 _____ () C:\Windows\system32\config\sam_previous
2014-03-23 18:27 - 2013-09-17 09:49 - 00000000 ____D () C:\Users\Flore\AppData\Roaming\SpyShelter
2014-03-23 18:27 - 2013-09-14 22:49 - 00000000 ____D () C:\Users\Transparence\AppData\Roaming\SpyShelter
2014-03-23 18:27 - 2013-09-14 22:44 - 00000000 ____D () C:\ProgramData\Licenses
2014-03-23 18:27 - 2012-08-18 19:59 - 00000000 ____D () C:\Program Files\HWiNFO32
2014-03-23 18:27 - 2012-08-12 13:17 - 00000000 ____D () C:\Users\Transparence
2014-03-23 18:27 - 2012-08-12 13:17 - 00000000 ____D () C:\Users\Flore
2014-03-23 18:27 - 2006-11-02 12:18 - 00000000 ____D () C:\Windows\system32\spool
2014-03-23 18:27 - 2006-11-02 12:18 - 00000000 ____D () C:\Windows\registration
2014-03-23 12:11 - 2013-09-22 13:09 - 01967938 _____ () C:\Windows\WindowsUpdate.log
2014-03-23 00:19 - 2014-01-01 13:07 - 00000000 ____D () C:\Users\Flore\AppData\Local\CrashDumps
2014-03-23 00:18 - 2014-03-23 00:18 - 07699680 _____ () C:\Users\Transparence\Downloads\pc-wizard_2013.2.12.zip
2014-03-23 00:18 - 2014-03-23 00:18 - 00000000 ____D () C:\Users\Transparence\Downloads\pc-wizard_2013.2.12
2014-03-23 00:04 - 2014-03-23 00:04 - 02041695 _____ () C:\Users\Transparence\Downloads\cpu-z_1.69-en.zip
2014-03-22 14:11 - 2014-03-22 14:11 - 07858000 _____ () C:\Users\Transparence\Downloads\trimD6B213A7-6894-4B9E-9231-6755A11EDF7E_zps35679950.mp4
2014-03-21 11:26 - 2014-03-21 11:25 - 28871369 _____ () C:\Users\Transparence\Downloads\Original English software3.7.6.rar
2014-03-19 22:54 - 2012-08-05 20:26 - 00000000 ____D () C:\Users\Transparence\AppData\Roaming\vlc
2014-03-19 21:21 - 2014-03-19 21:21 - 00332800 _____ () C:\Users\Flore\Downloads\ListProcesses.exe
2014-03-19 13:24 - 2013-09-11 11:10 - 00000000 ____D () C:\Program Files\Everything search
2014-03-17 14:46 - 2014-03-17 14:45 - 13245464 _____ () C:\Users\Transparence\Downloads\HDD Regenerator 2013.zip
2014-03-16 11:37 - 2014-03-16 11:37 - 00000000 ____D () C:\Users\Transparence\Downloads\Ashaa
2014-03-16 02:33 - 2014-03-16 02:33 - 01543790 _____ () C:\Users\Transparence\Downloads\PortableHEV1054.zip
2014-03-15 20:20 - 2014-03-15 20:20 - 00262233 _____ () C:\Users\Transparence\Downloads\Downloads.7z
2014-03-15 03:10 - 2014-03-15 03:10 - 00000000 ____D () C:\Users\Flore\AppData\Roaming\Process Hacker 2
2014-03-15 02:53 - 2014-03-15 02:53 - 00000000 ____D () C:\Users\Transparence\Downloads\ProcessHacker
2014-03-15 01:58 - 2014-03-15 01:58 - 01324976 _____ () C:\Users\Transparence\Downloads\NetworkMiner_1-5.zip
2014-03-15 01:02 - 2014-03-15 01:02 - 02720895 _____ () C:\Users\Transparence\Downloads\processhacker-2.33-bin.zip
2014-03-13 22:44 - 2014-03-13 22:44 - 00000195 _____ () C:\Users\Transparence\Documents\MA Request4.txt
2014-03-12 18:43 - 2009-04-11 17:42 - 01639742 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-03-12 12:28 - 2014-03-12 12:28 - 00000000 ____D () C:\Users\Transparence\Downloads\Ashanti
2014-03-12 12:13 - 2014-03-12 12:13 - 00443553 _____ () C:\Users\Transparence\Downloads\Ashaa.zip
2014-03-12 12:12 - 2014-03-12 12:12 - 00008745 _____ () C:\Users\Transparence\Downloads\Ashanti.zip
2014-03-11 11:01 - 2014-03-11 11:00 - 30201703 _____ () C:\Users\Transparence\Downloads\French software3.7.5.rar
2014-03-09 12:13 - 2013-09-22 11:08 - 00000308 _____ () C:\Windows\Tasks\FreeFixer background scan.job
2014-03-09 11:51 - 2014-03-09 11:51 - 00118167 _____ () C:\Users\Flore\Downloads\CBS.7z
2014-03-09 11:44 - 2014-03-09 11:50 - 02832371 _____ () C:\Users\Flore\Downloads\CBS.log
2014-03-09 03:18 - 2014-03-09 03:15 - 56481409 _____ () C:\Users\Transparence\Downloads\p2015.wmv
2014-03-09 03:17 - 2014-03-09 03:14 - 61005445 _____ () C:\Users\Transparence\Downloads\p2034.wmv
2014-03-09 03:17 - 2014-03-09 03:14 - 56525205 _____ () C:\Users\Transparence\Downloads\p2036.wmv
2014-03-09 03:17 - 2014-03-09 03:14 - 56371849 _____ () C:\Users\Transparence\Downloads\p2038.wmv
2014-03-09 01:01 - 2014-03-09 01:01 - 00123808 _____ () C:\Users\Transparence\Downloads\firekeeper-0.3.1-windows.xpi
2014-03-08 16:02 - 2014-03-08 16:02 - 00470848 _____ (Intel Corporation) C:\Windows\system32\Drivers\iaStor.sys
2014-03-08 15:46 - 2014-03-08 15:46 - 06639616 _____ (Intel Corporation) C:\Windows\system32\Drivers\NETwLv32.sys
2014-03-08 15:46 - 2014-03-08 15:46 - 02756608 _____ (Intel Corporation) C:\Windows\system32\NETwLr32.dll
2014-03-08 15:46 - 2014-03-08 15:46 - 00675840 _____ (Intel Corporation) C:\Windows\system32\NETwLc32.dll
2014-03-08 15:41 - 2014-03-08 15:41 - 00313120 _____ (Marvell) C:\Windows\system32\Drivers\yk60x86.sys
2014-03-08 15:38 - 2014-03-08 15:38 - 00516096 _____ (Motorola Inc.) C:\Windows\system32\sm56co85.dll
2014-03-08 15:38 - 2014-03-08 15:38 - 00000000 ____D () C:\Program Files\Motorola
2014-03-08 15:37 - 2014-03-08 15:37 - 00046592 _____ (ENE Technology Inc.) C:\Windows\system32\Drivers\ESD7SK.sys
2014-03-08 15:36 - 2014-03-08 15:36 - 00067584 _____ (ENE Technology Inc.) C:\Windows\system32\Drivers\EMS7SK.sys
2014-03-08 15:35 - 2014-03-08 15:35 - 00000000 ____H () C:\ProgramData\DP45977C.lfl
2014-03-08 15:33 - 2012-08-12 13:14 - 00000000 ____D () C:\Windows\system32\RTCOM
2014-03-08 15:31 - 2014-03-08 15:31 - 37850112 _____ (Realtek Semiconductor Corp.) C:\Windows\system32\RCoRes.dat
2014-03-08 15:31 - 2014-03-08 15:31 - 27258112 _____ (Waves Audio Ltd.) C:\Windows\system32\MaxxAudioVnA.dll
2014-03-08 15:31 - 2014-03-08 15:31 - 13789440 _____ (Waves Audio Ltd.) C:\Windows\system32\MaxxAudioRealtek.dll
2014-03-08 15:31 - 2014-03-08 15:31 - 07162128 _____ (Dolby Laboratories) C:\Windows\system32\R4EEP32A.dll
2014-03-08 15:31 - 2014-03-08 15:31 - 06176944 _____ (Dolby Laboratories) C:\Windows\system32\DDPP32A.dll
2014-03-08 15:31 - 2014-03-08 15:31 - 05681192 _____ () C:\Windows\system32\Drivers\rtvienna.dat
2014-03-08 15:31 - 2014-03-08 15:31 - 04880152 _____ (ASUSTeKcomputer.Inc Inc) C:\Windows\system32\RTKSMlfx.dll
2014-03-08 15:31 - 2014-03-08 15:31 - 03354880 _____ (Waves Audio Ltd.) C:\Windows\system32\MaxxAudioVnN.dll
2014-03-08 15:31 - 2014-03-08 15:31 - 02876760 _____ (Realtek Semiconductor Corp.) C:\Windows\system32\Drivers\RTKVHDA.sys
2014-03-08 15:31 - 2014-03-08 15:31 - 02547928 _____ (Realtek Semiconductor Corp.) C:\Windows\system32\RtkPgExt.dll
2014-03-08 15:31 - 2014-03-08 15:31 - 02395680 _____ (Fortemedia Corporation) C:\Windows\system32\FMAPO.dll
2014-03-08 15:31 - 2014-03-08 15:31 - 01932544 _____ (Waves Audio Ltd.) C:\Windows\system32\MaxxAudioEQ.dll
2014-03-08 15:31 - 2014-03-08 15:31 - 01824000 _____ (Waves Audio Ltd.) C:\Windows\system32\WavesGUILib.dll
2014-03-08 15:31 - 2014-03-08 15:31 - 01673472 _____ (Waves Audio Ltd.) C:\Windows\system32\MaxxAudioRealtek2.dll
2014-03-08 15:31 - 2014-03-08 15:31 - 01596488 _____ (Realtek Semiconductor Corp.) C:\Windows\system32\RTSndMgr.cpl
2014-03-08 15:31 - 2014-03-08 15:31 - 01489072 _____ (Dolby Laboratories) C:\Windows\system32\DDPD32A.dll
2014-03-08 15:31 - 2014-03-08 15:31 - 01065216 _____ (Waves Audio Ltd.) C:\Windows\system32\MaxxAudioAPO50.dll
2014-03-08 15:31 - 2014-03-08 15:31 - 00938752 _____ (SRS Labs, Inc.) C:\Windows\system32\slcnt32.dll
2014-03-08 15:31 - 2014-03-08 15:31 - 00919600 _____ (Sony Corporation) C:\Windows\system32\SFSS_APO.dll
2014-03-08 15:31 - 2014-03-08 15:31 - 00873728 _____ (Waves Audio Ltd.) C:\Windows\system32\MaxxAudioAPO40.dll
2014-03-08 15:31 - 2014-03-08 15:31 - 00852016 _____ (Sony Corporation) C:\Windows\system32\MISS_APO.dll
2014-03-08 15:31 - 2014-03-08 15:31 - 00823040 _____ (DTS, Inc.) C:\Windows\system32\sl3apo32.dll
2014-03-08 15:31 - 2014-03-08 15:31 - 00790272 _____ (Waves Audio Ltd.) C:\Windows\system32\MaxxAudioAPOShell.dll
2014-03-08 15:31 - 2014-03-08 15:31 - 00782040 _____ (Realtek Semiconductor Corp.) C:\Windows\system32\RtkApoApi.dll
2014-03-08 15:31 - 2014-03-08 15:31 - 00761088 _____ (Waves Audio Ltd.) C:\Windows\system32\MaxxVoiceAPO20.dll
2014-03-08 15:31 - 2014-03-08 15:31 - 00708920 _____ (ASUSTeKcomputer.Inc Inc) C:\Windows\system32\RTKSMSettingsIPC.dll
2014-03-08 15:31 - 2014-03-08 15:31 - 00673037 _____ () C:\Windows\system32\Drivers\RTAIODAT.DAT
2014-03-08 15:31 - 2014-03-08 15:31 - 00642304 _____ (Waves Audio Ltd.) C:\Windows\system32\MaxxSpeechAPO.dll
2014-03-08 15:31 - 2014-03-08 15:31 - 00604928 _____ (DTS, Inc.) C:\Windows\system32\sltech32.dll
2014-03-08 15:31 - 2014-03-08 15:31 - 00509184 _____ (Waves Audio Ltd.) C:\Windows\system32\MaxxVolumeSDAPO.dll
2014-03-08 15:31 - 2014-03-08 15:31 - 00509184 _____ (Waves Audio Ltd.) C:\Windows\system32\MaxxAudioAPO30.dll
2014-03-08 15:31 - 2014-03-08 15:31 - 00502584 _____ () C:\Windows\system32\audioLibVc.dll
2014-03-08 15:31 - 2014-03-08 15:31 - 00426944 _____ (DTS) C:\Windows\system32\DTSU2PLFX32.dll
2014-03-08 15:31 - 2014-03-08 15:31 - 00403392 _____ (DTS) C:\Windows\system32\DTSU2PGFX32.dll
2014-03-08 15:31 - 2014-03-08 15:31 - 00352016 _____ (Dolby Laboratories) C:\Windows\system32\R4EED32A.dll
2014-03-08 15:31 - 2014-03-08 15:31 - 00346048 _____ (DTS) C:\Windows\system32\DTSU2PREC32.dll
2014-03-08 15:31 - 2014-03-08 15:31 - 00272048 _____ (Dolby Laboratories) C:\Windows\system32\DDPO32A.dll
2014-03-08 15:31 - 2014-03-08 15:31 - 00219312 _____ (Dolby Laboratories) C:\Windows\system32\DDPA32.dll
2014-03-08 15:31 - 2014-03-08 15:31 - 00218368 _____ (TODO: <Company name>) C:\Windows\system32\slprp32.dll
2014-03-08 15:31 - 2014-03-08 15:31 - 00188696 _____ () C:\Windows\system32\AcpiServiceVnA.dll
2014-03-08 15:31 - 2014-03-08 15:31 - 00182472 _____ (Andrea Electronics Corporation) C:\Windows\system32\AERTACap.dll
2014-03-08 15:31 - 2014-03-08 15:31 - 00123608 _____ (Realtek Semiconductor Corp.) C:\Windows\system32\RtkCoInstII.dll
2014-03-08 15:31 - 2014-03-08 15:31 - 00106768 _____ (Dolby Laboratories) C:\Windows\system32\R4EEL32A.dll
2014-03-08 15:31 - 2014-03-08 15:31 - 00092584 _____ (Real Sound Lab SIA) C:\Windows\system32\CONEQMSAPOGUILibrary.dll
2014-03-08 15:31 - 2014-03-08 15:31 - 00091920 _____ (Dolby Laboratories) C:\Windows\system32\R4EEA32A.dll
2014-03-08 15:31 - 2014-03-08 15:31 - 00062224 _____ (Dolby Laboratories) C:\Windows\system32\R4EEG32A.dll
2014-03-08 15:31 - 2012-08-12 14:02 - 02328792 _____ (Realtek Semiconductor Corp.) C:\Windows\system32\RtkAPO.dll
2014-03-08 15:16 - 2014-03-08 15:16 - 00000000 ____D () C:\ProgramData\Uniblue
2014-03-08 15:15 - 2014-03-08 15:15 - 00000982 _____ () C:\Users\Public\Desktop\DriverScanner.lnk
2014-03-08 15:15 - 2014-03-08 15:15 - 00000000 ____D () C:\Users\Flore\AppData\Roaming\Uniblue
2014-03-08 15:15 - 2014-03-08 15:15 - 00000000 ____D () C:\Program Files\Uniblue
2014-03-08 15:13 - 2014-03-08 15:13 - 05597448 _____ (Uniblue Systems Ltd ) C:\Users\Transparence\Downloads\driverscanner.exe
2014-03-08 14:04 - 2014-03-08 14:04 - 00001266 _____ () C:\Users\Flore\Desktop\JRT.txt
2014-03-08 13:42 - 2012-08-07 09:34 - 00000000 ____D () C:\Windows\ERUNT
2014-03-08 13:41 - 2011-12-18 23:03 - 00000000 ____D () C:\Program Files\Nettoyage Disque Dur
2014-03-08 13:39 - 2014-03-08 13:39 - 01037734 _____ (Thisisu) C:\Users\Flore\Downloads\JRT.exe
2014-03-08 13:36 - 2014-02-24 01:44 - 00000000 ____D () C:\AdwCleaner
2014-03-08 01:49 - 2014-03-08 01:49 - 00000000 ____D () C:\Users\Transparence\Downloads\FTS_SDMMCCardReaderCB714_2000_1008544
2014-03-08 01:49 - 2014-03-07 13:05 - 00004007 _____ () C:\Users\Transparence\Documents\A essayer problem ordi.txt
2014-03-08 01:48 - 2014-03-08 01:48 - 00641339 _____ () C:\Users\Transparence\Downloads\FTS_SDMMCCardReaderCB714_2000_1008544.ZIP
2014-03-08 01:31 - 2014-03-08 01:31 - 02488672 _____ () C:\Users\Transparence\Downloads\FujitsuSiemensDeskUpdate.exe
2014-03-06 19:29 - 2012-08-24 00:24 - 00000680 _____ () C:\Users\Flore\AppData\Local\d3d9caps.dat
2014-03-06 19:26 - 2014-03-06 19:26 - 00000000 _____ () C:\Windows\setuperr.log
2014-03-06 19:26 - 2014-03-06 19:26 - 00000000 _____ () C:\Windows\setupact.log
2014-03-06 12:39 - 2014-03-06 12:39 - 00097347 _____ () C:\Users\Transparence\Downloads\hal.zip
2014-03-06 01:16 - 2014-03-06 01:16 - 00000106 _____ () C:\Users\Transparence\AppData\Roaming\burnaware.ini
2014-03-05 02:59 - 2014-03-05 02:59 - 00000022 _____ () C:\Users\Transparence\Documents\cartouche imprimante Serge.txt
2014-03-05 02:27 - 2014-03-05 02:27 - 00031550 _____ () C:\Users\Transparence\Downloads\BitKiller1.3.zip
2014-03-05 02:12 - 2014-03-05 02:11 - 04605563 _____ () C:\Users\Transparence\Downloads\LPLDH.rar
2014-03-04 00:09 - 2014-03-04 00:09 - 00006385 _____ () C:\Users\Flore\Desktop\MD5Report.htm
2014-03-04 00:03 - 2014-03-04 00:03 - 00000751 _____ () C:\Users\Flore\Desktop\UVK.lnk
2014-03-04 00:03 - 2014-03-04 00:03 - 00000000 ____D () C:\Users\Flore\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\UVK
2014-03-04 00:03 - 2013-01-27 01:10 - 00000000 ____D () C:\Program Files\UVK
2014-03-03 23:44 - 2014-03-03 23:43 - 00000000 ____D () C:\Users\Transparence\Downloads\Tweaking.com - Windows Repair
2014-03-03 23:26 - 2014-03-03 23:26 - 00001033 _____ () C:\Users\Transparence\Desktop\Revouninstaller.lnk
2014-03-03 23:05 - 2014-03-03 23:05 - 03092809 _____ () C:\Users\Transparence\Downloads\tweaking.com_windows_repair_aio.zip
2014-03-03 00:02 - 2014-03-03 00:01 - 21845536 _____ (Blue Ridge Networks ) C:\Users\Transparence\Downloads\AppGuardSetup(1).exe
2014-03-02 22:00 - 2014-03-02 22:00 - 00000052 _____ () C:\Users\Flore\Documents\AppGuard4 serial.txt
2014-03-02 21:44 - 2014-03-02 21:44 - 00000000 ____D () C:\Program Files\Privacyware
2014-03-02 21:44 - 2012-07-30 11:53 - 00000146 _____ () C:\Windows\ODBC.INI
2014-03-02 21:34 - 2014-03-02 21:34 - 03749640 _____ (PWI, Inc. ) C:\Users\Flore\Desktop\privatefirewall.exe
2014-03-02 21:30 - 2013-09-17 09:49 - 00000884 _____ () C:\Users\Public\Desktop\SpyShelter Premium.lnk
2014-03-02 21:30 - 2013-09-17 09:49 - 00000000 ____D () C:\Program Files\SpyShelter Premium
2014-03-02 21:29 - 2014-03-02 21:29 - 08663808 _____ ( ) C:\Users\Flore\Downloads\setup(2).exe
2014-03-02 21:02 - 2012-08-26 00:35 - 00000000 ____D () C:\Program Files\SystemRequirementsLab
2014-03-02 14:23 - 2014-03-02 14:21 - 00000000 ____D () C:\Users\Transparence\Downloads\CrystalDiskInfo6_1_8
2014-03-02 14:21 - 2014-03-02 14:20 - 02545407 _____ () C:\Users\Transparence\Downloads\CrystalDiskInfo6_1_8.zip
2014-03-02 14:21 - 2014-03-02 12:53 - 00000000 ____D () C:\Users\Transparence\Downloads\driverview
2014-03-02 12:53 - 2014-03-02 12:53 - 00044861 _____ () C:\Users\Transparence\Downloads\driverview.zip
2014-03-01 20:46 - 2012-05-08 13:47 - 00000000 ____D () C:\Program Files\WhoCrashed
2014-03-01 20:36 - 2013-12-28 11:38 - 00005810 _____ () C:\Windows\PFRO.log
2014-03-01 12:50 - 2011-12-15 15:18 - 00065547 _____ () C:\VEW.txt
2014-03-01 12:38 - 2014-03-01 12:38 - 02657280 _____ (Resplendence Software Projects Sp. ) C:\Users\Flore\Downloads\whocrashedSetup.exe
2014-03-01 12:37 - 2014-03-01 12:37 - 00930952 _____ (CNET Download.com) C:\Users\Flore\Downloads\cbsidlm-cbsi183-WhoCrashed-SEO-75205821.exe
2014-03-01 12:25 - 2013-09-29 12:29 - 00000850 _____ () C:\Users\Flore\Desktop\Event Log Explorer.lnk
2014-03-01 12:25 - 2013-09-29 12:29 - 00000000 ____D () C:\Users\Flore\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Event Log Explorer
2014-03-01 12:25 - 2013-09-29 12:29 - 00000000 ____D () C:\Program Files\Event Log Explorer
2014-03-01 12:25 - 2013-09-29 12:28 - 00000000 ____D () C:\Users\Flore\Downloads\Event Log Explorer
2014-03-01 11:57 - 2014-03-01 11:57 - 04110135 _____ () C:\Users\Flore\Downloads\tdsskiller(1).zip
2014-03-01 11:55 - 2014-03-01 11:55 - 00008528 _____ () C:\Users\Flore\AppData\Local\Temp12.html
2014-03-01 11:55 - 2014-03-01 11:55 - 00002708 _____ () C:\Users\Flore\AppData\Local\Temp9.html
2014-03-01 11:55 - 2014-03-01 11:55 - 00002708 _____ () C:\Users\Flore\AppData\Local\Temp4.html
2014-03-01 11:51 - 2014-03-01 11:27 - 00000000 ____D () C:\Windows\Minidump
2014-03-01 11:51 - 2011-12-03 21:02 - 00145547 _____ () C:\Windows\Minidump\Mini030114-02.dmp
2014-03-01 11:27 - 2011-12-03 21:02 - 00145611 _____ () C:\Windows\Minidump\Mini030114-01.dmp
2014-03-01 11:06 - 2014-03-01 11:06 - 00035712 _____ () C:\Windows\system32\Drivers\BlackBox.sys
2014-02-28 21:48 - 2006-11-02 12:18 - 00000000 ____D () C:\Windows\system32\LogFiles
2014-02-28 19:17 - 2014-02-28 19:17 - 00000000 ____D () C:\Users\Transparence\AppData\Local\Apps\2.0
2014-02-28 18:56 - 2014-02-28 18:56 - 00000000 ____D () C:\Users\Transparence\AppData\Roaming\Thinstall
2014-02-28 15:16 - 2012-07-13 00:54 - 01244192 _____ () C:\Users\Flore\Downloads\adwcleaner.exe
2014-02-28 14:07 - 2013-12-12 00:14 - 00000000 ____D () C:\Program Files\HitmanPro
2014-02-28 13:57 - 2013-12-12 00:14 - 00001780 _____ () C:\Users\Public\Desktop\HitmanPro.lnk
2014-02-28 01:28 - 2014-02-28 01:28 - 06646624 _____ () C:\Users\Transparence\Downloads\havij.rar
2014-02-27 22:52 - 2014-01-01 12:53 - 00000000 ____D () C:\Program Files\Mozilla Firefox
2014-02-27 22:52 - 2012-11-26 13:28 - 00000846 _____ () C:\Users\Public\Desktop\Mozilla Firefox.lnk
2014-02-27 22:37 - 2012-04-27 17:18 - 00000000 ____D () C:\Users\Transparence\Documents\StreamTransport
2014-02-27 22:36 - 2013-12-28 00:59 - 00000000 ____D () C:\Program Files\Mozilla Maintenance Service
2014-02-27 22:36 - 2013-01-27 11:19 - 00000000 ____D () C:\Program Files\WinPcap
2014-02-27 22:36 - 2012-07-27 16:40 - 00000000 ____D () C:\Users\Transparence\AppData\Roaming\MycView
2014-02-27 22:36 - 2012-06-28 01:10 - 00000000 ____D () C:\Program Files\MycView
2014-02-27 22:36 - 2012-04-28 00:06 - 00000000 ____D () C:\Program Files\Replay Video Capture 6
2014-02-27 22:26 - 2012-08-31 23:53 - 00000000 ____D () C:\Users\Flore\Downloads\geek
2014-02-27 22:25 - 2014-02-27 22:25 - 02036875 _____ () C:\Users\Flore\Downloads\geek.zip
2014-02-27 21:29 - 2014-02-27 15:19 - 00000920 _____ () C:\Windows\certutil.log
2014-02-27 15:30 - 2014-02-27 15:29 - 00000000 ____D () C:\Users\Transparence\Downloads\webvulnscan9
2014-02-27 15:26 - 2014-03-01 11:59 - 04130656 _____ (Kaspersky Lab ZAO) C:\Users\Flore\Downloads\TDSSKiller.exe
2014-02-27 15:19 - 2014-02-15 23:22 - 00000000 ____D () C:\Program Files\Mozilla Firefox(2)
2014-02-27 14:25 - 2014-02-27 14:09 - 29656899 _____ () C:\Users\Transparence\Downloads\los2g.Acunetix.Web.Vulnerability.Scanner.Consultant.Edition.9.0.20140206.rar


Files to move or delete:
====================
C:\Users\Transparence\Firefox Setup 16.0.exe


Some content of TEMP:
====================
C:\Users\Flore\AppData\Local\Temp\fp_pl_pfs_installer.exe


==================== Bamital & volsnap Check =================

C:\Windows\explorer.exe => MD5 is legit
C:\Windows\system32\winlogon.exe => MD5 is legit
C:\Windows\system32\wininit.exe => MD5 is legit
C:\Windows\system32\svchost.exe => MD5 is legit
C:\Windows\system32\services.exe => MD5 is legit
C:\Windows\system32\User32.dll => MD5 is legit
C:\Windows\system32\userinit.exe => MD5 is legit
C:\Windows\system32\rpcss.dll => MD5 is legit
C:\Windows\system32\Drivers\volsnap.sys => MD5 is legit


LastRegBack: 2014-03-28 13:08

==================== End Of Log ============================


  • 0

#6
ramaflore
Posted 28 March 2014 - 06:23 AM

ramaflore

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 210 posts

Additional scan result of Farbar Recovery Scan Tool (x86) Version: 13-03-2014  01
Ran by Flore at 2014-03-28 13:07:03
Running from C:\Users\Flore\Desktop
Boot Mode: Normal
==========================================================


==================== Security Center ========================

AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
FW: Privatefirewall (Enabled) {16337F50-A853-219F-6DEC-E7BDA0A7E8E7}

==================== Installed Programs ======================

7-Zip 9.20 (HKLM\...\7-Zip) (Version:  - )
Adobe Flash Player 12 ActiveX (HKLM\...\Adobe Flash Player ActiveX) (Version: 12.0.0.38 - Adobe Systems Incorporated)
Adobe Flash Player 12 Plugin (HKLM\...\Adobe Flash Player Plugin) (Version: 12.0.0.43 - Adobe Systems Incorporated)
Autorun Angel 1.0.34 (HKLM\...\{210F3CE3-C716-416C-99AE-7151A0968BF2}_is1) (Version:  - NictaTech Software)
Blue Ridge Networks AppGuard (HKLM\...\{2C9B1E69-DD05-40F5-8378-056A117028F9}) (Version: 3.5.6.1 - Blue Ridge Networks)
BurnAware Free 5.1 (HKLM\...\BurnAware Free_is1) (Version:  - Burnaware Technologies)
CutePDF Writer 2.8 (HKLM\...\CutePDF Writer Installation) (Version:  - )
Daum PotPlayer 1.5.33948 (HKLM\...\PotPlayer) (Version:  - )
doPDF 7.3 printer (HKLM\...\doPDF 7 printer_is1) (Version:  - Softland)
DriverMax 6 (HKLM\...\DMX5_is1) (Version: 6.35.0.349 - Innovative Solutions)
DriverScanner (HKLM\...\{C2F8CA82-2BD9-4513-B2D1-08A47914C1DA}_is1) (Version: 4.0.12.2 - Uniblue Systems Ltd)
ERUNT 1.1j (HKLM\...\ERUNT_is1) (Version:  - Lars Hederer)
Event Log Explorer 4.2 (HKLM\...\Event Log Explorer_is1) (Version: 4.2 - FSPro Labs)
FreeFixer (HKLM\...\FreeFixer1.05) (Version: 1.05 - Kephyr)
FuturixImager (HKLM\...\FuturixImager6) (Version: 6.0.3 - )
Google Books Downloader version 2.3 (HKLM\...\{216729B6-014A-F413-814F-F17F74FBA113}_is1) (Version: 2.3 - GBOOKSDOWNLOADER.COM)
HitmanPro 3.7 (HKLM\...\HitmanPro37) (Version: 3.7.9.212 - SurfRight B.V.)
ImgBurn (HKLM\...\ImgBurn) (Version: 2.5.7.0 - LIGHTNING UK!)
Intel® Graphics Media Accelerator Driver (HKLM\...\HDMI) (Version: 7.14.10.1103 - Intel Corporation)
Java 7 Update 51 (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F83217051FF}) (Version: 7.0.510 - Oracle)
Java Auto Updater (Version: 2.1.9.8 - Sun Microsystems, Inc.) Hidden
Karen's Time Sync (HKLM\...\Karen's Time Sync) (Version: 2.0.0.2 - Karen Kenworthy)
Malwarebytes Anti-Exploit version 0.09.5.0250 (HKLM\...\Malwarebytes Anti-Exploit_is1) (Version: 0.09.5.0250 - Malwarebytes)
MAXA Cookie Manager Pro 5.3 (HKLM\...\MAXA Cookie Manager_is1) (Version:  - MAXA)
Microsoft .NET Framework 3.5 Language Pack SP1 - fra (Version: 3.5.30729 - Microsoft Corporation) Hidden
Microsoft .NET Framework 3.5 SP1 (Version: 3.5.30729 - Microsoft Corporation) Hidden
Microsoft .NET Framework 4 Client Profile (HKLM\...\Microsoft .NET Framework 4 Client Profile) (Version: 4.0.30319 - Microsoft Corporation)
Microsoft .NET Framework 4 Client Profile (Version: 4.0.30319 - Microsoft Corporation) Hidden
Microsoft .NET Framework 4 Client Profile FRA Language Pack (Version: 4.0.30319 - Microsoft Corporation) Hidden
Microsoft .NET Framework 4 Extended (HKLM\...\Microsoft .NET Framework 4 Extended) (Version: 4.0.30319 - Microsoft Corporation)
Microsoft .NET Framework 4 Extended (Version: 4.0.30319 - Microsoft Corporation) Hidden
Microsoft .NET Framework 4 Extended FRA Language Pack (Version: 4.0.30319 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2005 Redistributable (HKLM\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Minimem (HKLM\...\{23157413-FB7F-404D-B558-F33B9827F579}) (Version: 2.1.1 - Kerkia)
Module linguistique Microsoft .NET Framework 3.5 SP1- fra (HKLM\...\Microsoft .NET Framework 3.5 Language Pack SP1 - fra) (Version:  - Microsoft Corporation)
Module linguistique Microsoft .NET Framework 4 Client Profile FRA (HKLM\...\Microsoft .NET Framework 4 Client Profile FRA Language Pack) (Version: 4.0.30319 - Microsoft Corporation)
Module linguistique Microsoft .NET Framework 4 Extended FRA (HKLM\...\Microsoft .NET Framework 4 Extended FRA Language Pack) (Version: 4.0.30319 - Microsoft Corporation)
Motorola SM56 Speakerphone Modem (HKLM\...\SMSERIAL) (Version: 6.12.25.06 - Motorola Inc)
Mozilla Firefox 27.0.1 (x86 fr) (HKLM\...\Mozilla Firefox 27.0.1 (x86 fr)) (Version: 27.0.1 - Mozilla)
Mozilla Maintenance Service (HKLM\...\MozillaMaintenanceService) (Version: 26.0 - Mozilla)
MPC-HC 1.6.8 (HKLM\...\{2624B969-7135-4EB1-B0F6-2D8C397B45F7}_is1) (Version: 1.6.8.7417 - MPC-HC Team)
PDF to Word (HKLM\...\{E6CBC979-E613-49E6-A37B-3C342DE35235}_is1) (Version:  - Quick PDF)
Privatefirewall 7.0 (HKLM\...\{E8EA933E-03A2-4E62-9F52-812C72BE2A6B}) (Version: 7.0.30.3 - PWI, Inc.)
Proxy Goblin (HKLM\...\{08FF3F4E-8B88-4655-9FFC-300ED44AE2B9}) (Version: 2.5.8 - Molura)
Puran Defrag Free Edition 7.3 (HKLM\...\Puran Defrag Free Edition_is1) (Version:  - Puran Software)
Puran File Recovery 1.2 (HKLM\...\Puran File Recovery_is1) (Version:  - Puran Software)
Puran Registry Defrag 1.2 (HKLM\...\Puran Registry Defrag_is1) (Version:  - Puran Software)
Quantum analyseur faible résonance magnétique (3) 3.7.5 (HKLM\...\Quantum analyseur faible résonance magnétique (3)) (Version: 3.7.5 - Quantum)
Realtek High Definition Audio Driver (HKLM\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.7071 - Realtek Semiconductor Corp.)
Replay Video Capture 6 (HKLM\...\Replay Video Capture6.0.3) (Version: 6.0.3 - Applian Technologies Inc.)
Revo Uninstaller 1.95 (HKLM\...\Revo Uninstaller) (Version: 1.95 - VS Revo Group)
Secunia PSI (3.0.0.2004) (HKLM\...\Secunia PSI) (Version: 3.0.0.2004 - Secunia)
Shadow Defender (HKLM\...\{93A07A0D-454E-43d1-86A9-5DE9C5F4411A}) (Version: 1.1.0.331 - ShadowDefender.com)
SopCast 3.8.3 (HKLM\...\SopCast) (Version: 3.8.3 - www.sopcast.com)
SpyShelter Premium 9.0 (HKLM\...\SpyShelter_is1) (Version: 9.0 - )
StreamTransport version: 1.1.1.1 (HKLM\...\{FA0BBB87-91A1-4BFD-9005-EB058BBA0E14}_is1) (Version:  - )
SumatraPDF (HKLM\...\SumatraPDF) (Version: 2.3.2 - Krzysztof Kowalczyk)
System Requirements Lab for Intel (HKLM\...\{1EBDF6D2-CEA0-484C-A23E-2DDAD7FD0DD0}) (Version: 4.5.22.0 - Husdawg, LLC)
Update for Microsoft .NET Framework 3.5 SP1 (KB2836940) (HKLM\...\{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}.KB2836940) (Version: 1 - Microsoft Corporation)
Update for Microsoft .NET Framework 3.5 SP1 (KB963707) (HKLM\...\{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}.KB963707) (Version: 1 - Microsoft Corporation)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523) (HKLM\...\{3C3901C5-3455-3E0A-A214-0B093A5070A6}.KB2533523) (Version: 1 - Microsoft Corporation)
Update for Microsoft .NET Framework 4 Client Profile (KB2600217) (HKLM\...\{3C3901C5-3455-3E0A-A214-0B093A5070A6}.KB2600217) (Version: 1 - Microsoft Corporation)
Update for Microsoft .NET Framework 4 Client Profile (KB2836939) (HKLM\...\{3C3901C5-3455-3E0A-A214-0B093A5070A6}.KB2836939) (Version: 1 - Microsoft Corporation)
Update for Microsoft .NET Framework 4 Extended (KB2533523) (HKLM\...\{0A0CADCF-78DA-33C4-A350-CD51849B9702}.KB2533523) (Version: 1 - Microsoft Corporation)
Update for Microsoft .NET Framework 4 Extended (KB2600217) (HKLM\...\{0A0CADCF-78DA-33C4-A350-CD51849B9702}.KB2600217) (Version: 1 - Microsoft Corporation)
Update for Microsoft .NET Framework 4 Extended (KB2836939) (HKLM\...\{0A0CADCF-78DA-33C4-A350-CD51849B9702}.KB2836939) (Version: 1 - Microsoft Corporation)
UVK (HKLM\...\UVK) (Version: 2.4.2.0 - Carifred)
Veetle TV (HKLM\...\Veetle TV) (Version: 0.9.19 - Veetle, Inc)
VirusTotal Uploader 2.0 (HKLM\...\VirusTotalUploader2.0) (Version:  - )
VLC media player 2.1.0 (HKLM\...\VLC media player) (Version: 2.1.0 - VideoLAN)
VPNium  (HKLM\...\VPNium) (Version:  - )
WhoCrashed 5.00 (HKLM\...\WhoCrashed_is1) (Version:  - Resplendence Software Projects Sp.)
Windows Media Player Firefox Plugin (HKLM\...\{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}) (Version: 1.0.0.8 - Microsoft Corp)
WinPcap 4.1.2 (HKLM\...\WinPcapInst) (Version: 4.1.0.2001 - CACE Technologies)

==================== Restore Points  =========================

08-03-2014 14:29:09 DriverScanner - 08/03/2014 15:29:08
08-03-2014 14:33:11 Installation du package de pilote logiciel : Realtek Semiconductor Corp. Contrôleurs audio, vidéo et jeu
08-03-2014 14:36:17 DriverScanner - 08/03/2014 15:36:16
08-03-2014 14:36:36 Installation du package de pilote logiciel : ENE Technology Inc. Contrôleurs de stockage
08-03-2014 14:37:16 Installation du package de pilote logiciel : ENE Technology Inc. Contrôleurs de stockage
08-03-2014 14:37:59 DriverScanner - 08/03/2014 15:37:58
08-03-2014 14:38:19 Installation du package de pilote logiciel : Motorola Inc Modems
08-03-2014 14:40:52 DriverScanner - 08/03/2014 15:40:52
08-03-2014 14:41:15 Installation du package de pilote logiciel : Marvell Cartes réseau
08-03-2014 14:42:16 DriverScanner - 08/03/2014 15:42:15
08-03-2014 14:42:35 Installation du package de pilote logiciel : Intel Périphériques système
08-03-2014 14:45:59 DriverScanner - 08/03/2014 15:45:58
08-03-2014 14:47:22 Installation du package de pilote logiciel : Intel Cartes réseau
08-03-2014 14:58:48 DriverScanner - 08/03/2014 15:58:47
08-03-2014 15:02:51 Installation du package de pilote logiciel : Intel Contrôleurs IDE ATA/ATAPI
08-03-2014 15:31:04 DriverScanner - 08/03/2014 16:31:03
08-03-2014 15:32:30 Installation du package de pilote logiciel : Sony Ericsson Contrôleurs de bus USB
09-03-2014 13:10:59 Point de contrôle planifié
10-03-2014 13:14:30 Point de contrôle planifié
11-03-2014 11:10:09 Point de contrôle planifié
12-03-2014 13:20:17 Point de contrôle planifié
13-03-2014 14:51:03 Point de contrôle planifié
14-03-2014 19:19:24 Point de contrôle planifié
15-03-2014 12:23:07 Point de contrôle planifié
16-03-2014 12:27:29 Point de contrôle planifié
17-03-2014 12:38:19 Point de contrôle planifié
18-03-2014 14:57:47 Point de contrôle planifié
21-03-2014 11:09:12 Point de contrôle planifié
23-03-2014 14:12:35 Point de contrôle planifié
23-03-2014 17:24:44 Opération de restauration
24-03-2014 22:15:36 Point de contrôle planifié
25-03-2014 13:15:54 Point de contrôle planifié
26-03-2014 14:47:03 Point de contrôle planifié
27-03-2014 14:02:49 Point de contrôle planifié

==================== Hosts content: ==========================

2012-07-03 01:37 - 2012-08-23 19:55 - 00000027 ____A C:\Windows\system32\Drivers\etc\hosts
127.0.0.1       localhost

==================== Scheduled Tasks (whitelisted) =============

Task: {0CAB7B68-718C-40E0-B83B-89DDF7007DC8} - System32\Tasks\Microsoft\Windows\PLA\System\ConvertLogEntries => Rundll32.exe %windir%\system32\pla.dll,PlaConvertLogEntries
Task: {155723BA-60E2-4354-93AF-84EAC8D3C2D8} - System32\Tasks\Microsoft\Windows\Wireless\GatherWirelessInfo => C:\Windows\system32\gatherWirelessInfo.vbs [2008-01-21] ()
Task: {22E1772E-7DFE-4C5F-841F-1C93FD5D82A4} - System32\Tasks\Microsoft\Windows\NetworkAccessProtection\NAPStatus UI
Task: {2DE18FE4-6467-484F-8431-206702EC5546} - System32\Tasks\Microsoft\Windows\RAC\RACAgent => C:\Windows\system32\RacAgent.exe [2008-01-21] (Microsoft Corporation)
Task: {2E5B7D97-F14C-4CFF-864E-620AABA892D1} - System32\Tasks\Microsoft\Windows\Shell\CrawlStartPages
Task: {376542B4-71CA-42E4-B938-D58D73A9540B} - System32\Tasks\dsmonitor => C:\Program Files\Uniblue\DriverScanner\dsmonitor.exe [2014-01-07] (Uniblue Systems Ltd)
Task: {445898A1-2876-4F23-97AA-075125B92339} - System32\Tasks\NoAutorun => C:\Program Files\NoAutorun-1.1.2.25\NoAutorun.exe [2010-11-07] (http://sf.net/projects/noautorun/)
Task: {4B13F0A3-699A-4D99-B0EE-E94E92D01285} - System32\Tasks\Microsoft\Windows\Customer Experience Improvement Program\VistaSP1CEIP => C:\Windows\servicing\vsp1ceip.exe [2008-01-21] (Microsoft Corporation)
Task: {4D9ED535-C955-4F99-B189-12E0406D62B2} - System32\Tasks\Microsoft\Windows\Tcpip\WSHReset => C:\Windows\system32\netsh.exe [2006-11-02] (Microsoft Corporation)
Task: {9A95925D-E94B-4732-938D-AD40641B50A1} - \Baidu PC Faster Update No Task File
Task: {A31C7163-6640-4247-BA5D-804262E143C1} - System32\Tasks\Microsoft\Windows\MobilePC\TMM
Task: {AF36DA66-8A8A-49EA-9F10-B9BB62304256} - System32\Tasks\FreeFixer background scan => C:\Program Files\FreeFixer\freefixer.exe [2013-07-11] (Kephyr)
Task: C:\Windows\Tasks\dsmonitor.job => C:\Program Files\Uniblue\DriverScanner\dsmonitor.exe
Task: C:\Windows\Tasks\FreeFixer background scan.job => C:\Program Files\FreeFixer\freefixer.exe

==================== Loaded Modules (whitelisted) =============

2012-05-01 14:19 - 2012-03-11 13:55 - 00088656 _____ () C:\Windows\System32\cpwmon2k.dll
2013-08-06 16:44 - 2013-08-06 16:44 - 00194888 _____ () C:\Program Files\Blue Ridge Networks\AppGuard\AppGuard.dll
2013-09-17 09:49 - 2013-05-22 20:03 - 00033080 _____ () C:\Windows\system32\SpyShelterShellExt.dll
2013-09-17 09:49 - 2014-02-13 12:13 - 05083488 _____ () C:\Program Files\SpyShelter Premium\SpyShelter.exe
2013-09-17 09:49 - 2014-02-13 12:14 - 00345952 _____ () C:\Program Files\SpyShelter Premium\klhelper.dll
2014-01-01 12:53 - 2014-02-13 01:36 - 03578992 _____ () C:\Program Files\Mozilla Firefox\mozjs.dll

==================== Alternate Data Streams (whitelisted) =========

AlternateDataStreams: C:\Windows:nlsPreferences
AlternateDataStreams: C:\ProgramData\TEMP:905844AA

==================== Safe Mode (whitelisted) ===================


==================== Disabled items from MSCONFIG ==============

MSCONFIG\startupfolder: C:^Users^Flore^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^ERUNT AutoBackup.lnk => C:\Windows\pss\ERUNT AutoBackup.lnk.Startup
MSCONFIG\startupreg: DriverMax_RESTART => "C:\Program Files\DriverMax\drivermax.exe" -RESTART
MSCONFIG\startupreg: HotKeysCmds => C:\Windows\system32\hkcmd.exe
MSCONFIG\startupreg: IgfxTray => C:\Windows\system32\igfxtray.exe
MSCONFIG\startupreg: Persistence => C:\Windows\system32\igfxpers.exe
MSCONFIG\startupreg: RTHDVCPL => RtHDVCpl.exe
MSCONFIG\startupreg: SunJavaUpdateSched => "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
MSCONFIG\startupreg: Windows Defender => %ProgramFiles%\Windows Defender\MSASCui.exe -hide

==================== Faulty Device Manager Devices =============


==================== Event log errors: =========================

Application errors:
==================
Error: (03/28/2014 04:06:23 AM) (Source: Perflib) (User: )
Description: PNRPsvcC:\Windows\system32\pnrpperf.dll4

Error: (03/28/2014 04:06:21 AM) (Source: Perflib) (User: )
Description: EmdCacheC:\Windows\system32\emdmgmt.dll4

Error: (03/28/2014 04:06:21 AM) (Source: Perflib) (User: )
Description: BITSC:\Windows\system32\bitsperf.dll4

Error: (03/27/2014 03:20:04 AM) (Source: Perflib) (User: )
Description: PNRPsvcC:\Windows\system32\pnrpperf.dll4

Error: (03/27/2014 03:20:04 AM) (Source: Perflib) (User: )
Description: BITSC:\Windows\system32\bitsperf.dll4

Error: (03/26/2014 01:12:43 PM) (Source: Perflib) (User: )
Description: EmdCacheC:\Windows\system32\emdmgmt.dll4

Error: (03/25/2014 03:23:17 AM) (Source: Perflib) (User: )
Description: PNRPsvcC:\Windows\system32\pnrpperf.dll4

Error: (03/25/2014 03:23:15 AM) (Source: Perflib) (User: )
Description: EmdCacheC:\Windows\system32\emdmgmt.dll4

Error: (03/25/2014 03:23:15 AM) (Source: Perflib) (User: )
Description: BITSC:\Windows\system32\bitsperf.dll4

Error: (03/23/2014 00:11:31 PM) (Source: Microsoft-Windows-CAPI2) (User: )
Description:
Details:
Could not query the status of the EventSystem service.

System Error:
Un arrêt système est en cours.


System errors:
=============
Error: (03/28/2014 04:05:37 AM) (Source: Microsoft-Windows-LanguagePackSetup) (User: AUTORITE NT)
Description: 0x80070032

Error: (03/28/2014 04:04:50 AM) (Source: Microsoft-Windows-TaskScheduler) (User: AUTORITE NT)
Description: 2147942402

Error: (03/28/2014 04:04:35 AM) (Source: pcmcia) (User: )
Description: Le contrôleur PCMCIA a rencontré une erreur lors de la lecture des données de configuration du périphérique.

Error: (03/27/2014 02:14:20 PM) (Source: Dhcp) (User: )
Description: Le bail de l'adresse IP 10.7.0.2 pour la carte réseau dont l'adresse réseau est 00FF1311AA22 a été refusé par le serveur DHCP 10.11.3.254 (celui-ci a envoyé un message DHCPNACK).

Error: (03/27/2014 02:13:28 PM) (Source: Dhcp) (User: )
Description: Le bail de l'adresse IP 10.1.0.2 pour la carte réseau dont l'adresse réseau est 00FF1311AA22 a été refusé par le serveur DHCP 10.7.3.254 (celui-ci a envoyé un message DHCPNACK).

Error: (03/27/2014 03:19:42 AM) (Source: Microsoft-Windows-LanguagePackSetup) (User: AUTORITE NT)
Description: 0x80070032

Error: (03/27/2014 03:19:02 AM) (Source: Microsoft-Windows-TaskScheduler) (User: AUTORITE NT)
Description: 2147942402

Error: (03/27/2014 03:18:49 AM) (Source: pcmcia) (User: )
Description: Le contrôleur PCMCIA a rencontré une erreur lors de la lecture des données de configuration du périphérique.

Error: (03/26/2014 02:59:00 AM) (Source: Microsoft-Windows-LanguagePackSetup) (User: AUTORITE NT)
Description: 0x80070032

Error: (03/26/2014 02:56:33 AM) (Source: Microsoft-Windows-TaskScheduler) (User: AUTORITE NT)
Description: 2147942402


Microsoft Office Sessions:
=========================
Error: (03/28/2014 04:06:23 AM) (Source: Perflib)(User: )
Description: PNRPsvcC:\Windows\system32\pnrpperf.dll4

Error: (03/28/2014 04:06:21 AM) (Source: Perflib)(User: )
Description: EmdCacheC:\Windows\system32\emdmgmt.dll4

Error: (03/28/2014 04:06:21 AM) (Source: Perflib)(User: )
Description: BITSC:\Windows\system32\bitsperf.dll4

Error: (03/27/2014 03:20:04 AM) (Source: Perflib)(User: )
Description: PNRPsvcC:\Windows\system32\pnrpperf.dll4

Error: (03/27/2014 03:20:04 AM) (Source: Perflib)(User: )
Description: BITSC:\Windows\system32\bitsperf.dll4

Error: (03/26/2014 01:12:43 PM) (Source: Perflib)(User: )
Description: EmdCacheC:\Windows\system32\emdmgmt.dll4

Error: (03/25/2014 03:23:17 AM) (Source: Perflib)(User: )
Description: PNRPsvcC:\Windows\system32\pnrpperf.dll4

Error: (03/25/2014 03:23:15 AM) (Source: Perflib)(User: )
Description: EmdCacheC:\Windows\system32\emdmgmt.dll4

Error: (03/25/2014 03:23:15 AM) (Source: Perflib)(User: )
Description: BITSC:\Windows\system32\bitsperf.dll4

Error: (03/23/2014 00:11:31 PM) (Source: Microsoft-Windows-CAPI2)(User: )
Description:
Details:
Could not query the status of the EventSystem service.

System Error:
Un arrêt système est en cours.


CodeIntegrity Errors:
===================================
  Date: 2014-03-28 13:06:02.796
  Description: Le module d’intégrité du code ne peut pas vérifier l’intégrité image du fichier \Device\HarddiskVolume1\Program Files\SpyShelter Premium\SpyshelterKb.sys car le jeu de hachages d’images par page n’a pas été trouvé sur le système.

  Date: 2014-03-28 13:06:02.140
  Description: Le module d’intégrité du code ne peut pas vérifier l’intégrité image du fichier \Device\HarddiskVolume1\Program Files\SpyShelter Premium\SpyshelterKb.sys car le jeu de hachages d’images par page n’a pas été trouvé sur le système.

  Date: 2014-03-28 13:06:01.454
  Description: Le module d’intégrité du code ne peut pas vérifier l’intégrité image du fichier \Device\HarddiskVolume1\Program Files\SpyShelter Premium\SpyshelterKb.sys car le jeu de hachages d’images par page n’a pas été trouvé sur le système.

  Date: 2014-03-28 13:06:00.814
  Description: Le module d’intégrité du code ne peut pas vérifier l’intégrité image du fichier \Device\HarddiskVolume1\Program Files\SpyShelter Premium\SpyshelterKb.sys car le jeu de hachages d’images par page n’a pas été trouvé sur le système.

  Date: 2014-03-28 13:06:00.159
  Description: Le module d’intégrité du code ne peut pas vérifier l’intégrité image du fichier \Device\HarddiskVolume1\Program Files\SpyShelter Premium\SpyShelter.sys car le jeu de hachages d’images par page n’a pas été trouvé sur le système.

  Date: 2014-03-28 13:05:59.504
  Description: Le module d’intégrité du code ne peut pas vérifier l’intégrité image du fichier \Device\HarddiskVolume1\Program Files\SpyShelter Premium\SpyShelter.sys car le jeu de hachages d’images par page n’a pas été trouvé sur le système.

  Date: 2014-03-28 13:05:58.833
  Description: Le module d’intégrité du code ne peut pas vérifier l’intégrité image du fichier \Device\HarddiskVolume1\Program Files\SpyShelter Premium\SpyShelter.sys car le jeu de hachages d’images par page n’a pas été trouvé sur le système.

  Date: 2014-03-28 13:05:58.178
  Description: Le module d’intégrité du code ne peut pas vérifier l’intégrité image du fichier \Device\HarddiskVolume1\Program Files\SpyShelter Premium\SpyShelter.sys car le jeu de hachages d’images par page n’a pas été trouvé sur le système.

  Date: 2014-03-28 13:05:48.631
  Description: Le module d’intégrité du code ne peut pas vérifier l’intégrité image du fichier \Device\HarddiskVolume1\Windows\System32\drivers\BrnFileLock.sys car le jeu de hachages d’images par page n’a pas été trouvé sur le système.

  Date: 2014-03-28 13:05:47.976
  Description: Le module d’intégrité du code ne peut pas vérifier l’intégrité image du fichier \Device\HarddiskVolume1\Windows\System32\drivers\BrnFileLock.sys car le jeu de hachages d’images par page n’a pas été trouvé sur le système.


==================== Memory info ===========================

Percentage of memory in use: 66%
Total physical RAM: 1013.44 MB
Available physical RAM: 338.71 MB
Total Pagefile: 2285.2 MB
Available Pagefile: 1496.3 MB
Total Virtual: 2047.88 MB
Available Virtual: 1924.99 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:67.84 GB) (Free:15.42 GB) NTFS ==>[Drive with boot components (obtained from BCD)]
Drive d: (Données) (Fixed) (Total:43.94 GB) (Free:3.44 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or Vista) (Size: 112 GB) (Disk ID: BEE6BEE6)

Partition: GPT Partition Type.

==================== End Of Log ============================


  • 0

#7
emeraldnzl
Posted 28 March 2014 - 02:19 PM

emeraldnzl

    GeekU Instructor

  • GeekU Moderator
  • 20,051 posts
Hello ramaflore,

Download the attached fixlist.txt file and save it to the Desktop.

NOTE. It's important that both files, FRST and fixlist.txt are in the same location or the fix will not work.

NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system

Run FRST/FRST64 and press the Fix button just once and wait.
The tool will make a log on the Desktop (Fixlog.txt). Please post it to your reply.

After that

Please download ComboFix from this location:

Link

* IMPORTANT !!! Save ComboFix.exe to your Desktop

Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools.
  • Double click on ComboFix.exe & follow the prompts.
  • If you have an older Operating System you may be asked whether you want to install the Recovery Console. Click yes and follow any prompts.
  • Your desktop may go blank. This is normal.
  • ComboFix may appear to be doing nothing for quite long periods, this is normal, just leave it to do it's job.
  • ComboFix may reboot your machine. This is normal too.
**Note: Do not mouseclick combo-fix's window while it's running. That may cause it to stall**

When finished, it will produce a log for you. Please include the C:\ComboFix.txt in your next reply.
  • 0

#8
ramaflore
Posted 29 March 2014 - 06:13 AM

ramaflore

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 210 posts

Here you are the requested files :

 

    ComboFix 14-03-24.01 - Flore 29/03/2014   1:17.4.2 - x86
Microsoft® Windows Vista™ Professionnel   6.0.6002.2.1252.33.1036.18.1013.344 [GMT 1:00]
Lancé depuis: c:\users\Flore\Desktop\ComboFix.exe
FW: Privatefirewall *Enabled* {16337F50-A853-219F-6DEC-E7BDA0A7E8E7}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((   Autres suppressions   ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\program files\AntiSpy1.4
c:\program files\AntiSpy1.4\AntiSpy.dat
c:\program files\AntiSpy1.4\AntiSpy.exe
c:\windows\security\Database\tmp.edb
.
.
(((((((((((((((((((((((((((((   Fichiers créés du 2014-02-28 au 2014-03-29  ))))))))))))))))))))))))))))))))))))
.
.
2014-03-29 00:41 . 2014-03-29 00:41    --------    d-----w-    c:\users\Transparence\AppData\Local\temp
2014-03-29 00:41 . 2014-03-29 00:41    --------    d-----w-    c:\users\Default\AppData\Local\temp
2014-03-28 12:03 . 2014-03-29 00:06    --------    d-----w-    C:\FRST
2014-03-24 13:22 . 2014-03-24 13:22    --------    d-----w-    c:\users\Flore\AppData\Local\Karen's Power Tools
2014-03-24 13:21 . 2014-03-24 13:21    --------    d-----w-    c:\program files\Time Sync
2014-03-24 13:21 . 2014-03-24 13:21    --------    d-----w-    c:\programdata\Karen's Power Tools
2014-03-15 02:10 . 2014-03-15 02:10    --------    d-----w-    c:\users\Flore\AppData\Roaming\Process Hacker 2
2014-03-08 15:02 . 2014-03-08 15:02    470848    ----a-w-    c:\windows\system32\drivers\iaStor.sys
2014-03-08 14:46 . 2014-03-08 14:46    6639616    ----a-w-    c:\windows\system32\drivers\NETwLv32.sys
2014-03-08 14:46 . 2014-03-08 14:46    675840    ----a-w-    c:\windows\system32\NETwLc32.dll
2014-03-08 14:46 . 2014-03-08 14:46    2756608    ----a-w-    c:\windows\system32\NETwLr32.dll
2014-03-08 14:41 . 2014-03-08 14:41    313120    ----a-w-    c:\windows\system32\drivers\yk60x86.sys
2014-03-08 14:38 . 2014-03-08 14:38    --------    d-----w-    c:\program files\Motorola
2014-03-08 14:38 . 2014-03-08 14:38    516096    ----a-w-    c:\windows\system32\sm56co85.dll
2014-03-08 14:37 . 2014-03-08 14:37    46592    ----a-w-    c:\windows\system32\drivers\ESD7SK.sys
2014-03-08 14:36 . 2014-03-08 14:36    67584    ----a-w-    c:\windows\system32\drivers\EMS7SK.sys
2014-03-08 14:16 . 2014-03-08 14:16    --------    d-----w-    c:\programdata\Uniblue
2014-03-08 14:15 . 2014-03-08 14:15    --------    d-----w-    c:\users\Flore\AppData\Roaming\Uniblue
2014-03-08 14:15 . 2014-03-08 14:15    --------    d-----w-    c:\program files\Uniblue
2014-03-02 20:44 . 2013-09-29 20:24    130568    ----a-w-    c:\windows\system32\drivers\pwipf6.sys
2014-03-02 20:44 . 2014-03-02 20:44    --------    d-----w-    c:\program files\Privacyware
2014-03-01 10:06 . 2014-03-01 10:06    35712    ----a-w-    c:\windows\system32\drivers\BlackBox.sys
2014-02-28 18:17 . 2014-02-28 18:17    --------    d-----w-    c:\users\Transparence\AppData\Local\Apps
2014-02-28 17:56 . 2014-02-28 17:56    --------    d-----w-    c:\users\Transparence\AppData\Roaming\Thinstall
.
.
.
((((((((((((((((((((((((((((((((((   Compte-rendu de Find3M   ))))))))))))))))))))))))))))))))))))))))))))))))
.
2014-03-08 14:31 . 2012-08-12 13:02    2328792    ----a-w-    c:\windows\system32\RtkAPO.dll
2014-02-08 12:21 . 2013-09-17 08:49    3397120    ----a-w-    c:\windows\system32\Osklauncher.exe
2014-01-28 22:18 . 2014-01-21 10:41    71048    ----a-w-    c:\windows\system32\FlashPlayerCPLApp.cpl
2014-01-28 22:18 . 2014-01-21 10:41    692616    ----a-w-    c:\windows\system32\FlashPlayerApp.exe
2014-01-21 10:31 . 2014-01-21 10:32    94632    ----a-w-    c:\windows\system32\WindowsAccessBridge.dll
2011-11-23 13:03 . 2012-08-24 12:49    951608    ----a-w-    c:\program files\FTSDeskUpdate.exe
.
.
(((((((((((((((((((((((((((((((((   Points de chargement Reg   ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés
REGEDIT4
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Shadow Defender Daemon"="c:\program files\Shadow Defender\DefenderDaemon.exe" [2011-02-21 253483]
"AppGuardGUI"="c:\program files\Blue Ridge Networks\AppGuard\AppGuardGUI.exe" [2013-08-06 629064]
"SpyShelter"="c:\program files\SpyShelter Premium\SpyShelter.exe" [2014-02-13 5083488]
"Privatefirewall"="c:\program files\Privacyware\Privatefirewall 7.0\PFGUI.exe" [2013-12-17 3048480]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Karen's Time Sync.lnk - c:\program files\Time Sync\PTSync.exe /Sync [2008-11-10 833008]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"NoDevMgrUpdate"= 0 (0x0)
"NoDFSTab"= 0 (0x0)
"NoEncryptOnMove"= 0 (0x0)
"NoResolveTrack"= 0 (0x0)
"NoStartMenuSubFolders"= 0 (0x0)
.
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"NoDevMgrUpdate"= 0 (0x0)
"NoDFSTab"= 0 (0x0)
"NoEncryptOnMove"= 0 (0x0)
"NoResolveTrack"= 0 (0x0)
"NoStartMenuSubFolders"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\hitmanpro37]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\hitmanpro37.sys]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\HitmanPro37Crusader]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\HitmanPro37CrusaderBoot]
@=""
.
[HKLM\~\startupfolder\C:^Users^Flore^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^ERUNT AutoBackup.lnk]
path=c:\users\Flore\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ERUNT AutoBackup.lnk
backup=c:\windows\pss\ERUNT AutoBackup.lnk.Startup
backupExtension=.Startup
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DriverMax_RESTART]
2012-07-31 09:07    11324352    ----a-w-    c:\program files\DriverMax\drivermax.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HotKeysCmds]
2008-02-11 18:13    166424    ----a-w-    c:\windows\System32\hkcmd.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IgfxTray]
2008-02-11 18:13    141848    ----a-w-    c:\windows\System32\igfxtray.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Persistence]
2008-02-11 18:13    133656    ----a-w-    c:\windows\System32\igfxpers.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RTHDVCPL]
2006-11-09 09:57    3784704    ----a-w-    c:\windows\RtHDVCpl.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
2013-07-02 08:16    254336    ----a-w-    c:\program files\Common Files\Java\Java Update\jusched.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Windows Defender]
2008-01-21 02:23    1008184    ----a-w-    c:\program files\Windows Defender\MSASCui.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LocalServiceNoNetwork    REG_MULTI_SZ       PLA DPS BFE mpssvc
LocalServiceAndNoImpersonation    REG_MULTI_SZ       FontCache
bthsvcs    REG_MULTI_SZ       BthServ
.
Contenu du dossier 'Tâches planifiées'
.
2014-03-29 c:\windows\Tasks\dsmonitor.job
- c:\program files\Uniblue\DriverScanner\dsmonitor.exe [2014-03-08 10:22]
.
2014-03-09 c:\windows\Tasks\FreeFixer background scan.job
- c:\program files\FreeFixer\freefixer.exe [2013-07-11 13:17]
.
.
------- Examen supplémentaire -------
.
uStart Page = about:blank
mStart Page = about:blank
TCP: DhcpNameServer = 192.168.1.1
FF - ProfilePath - c:\users\Flore\AppData\Roaming\Mozilla\Firefox\Profiles\3mx75wwm.default\
FF - prefs.js: browser.startup.homepage - about:blank
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2014-03-29 01:08
Windows 6.0.6002 Service Pack 2 NTFS
.
Recherche de processus cachés ...
.
Recherche d'éléments en démarrage automatique cachés ...
.
Recherche de fichiers cachés ...
.
Scan terminé avec succès
Fichiers cachés: 0
.
**************************************************************************
.
--------------------- CLES DE REGISTRE BLOQUEES ---------------------
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil32_12_0_0_38_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil32_12_0_0_38_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
"MSCurrentCountry"=dword:000000b5
.
--------------------- DLLs chargées dans les processus actifs ---------------------
.
- - - - - - - > 'Explorer.exe'(6352)
c:\windows\system32\PuranDefrag.dll
c:\program files\Shadow Defender\ShellExt.dll
c:\program files\7-Zip\7-zip.dll
.
------------------------ Autres processus actifs ------------------------
.
c:\program files\Privacyware\Privatefirewall 7.0\pfsvc.exe
c:\program files\Blue Ridge Networks\AppGuard\AppGuardAgent.exe
c:\program files\Nitro PDF\Express\NitroPDFExpressDriverService.exe
c:\windows\system32\NLSSRV32.EXE
c:\program files\NoAutorun-1.1.2.25\NoAutorun.exe
c:\windows\system32\conime.exe
c:\windows\servicing\TrustedInstaller.exe
c:\windows\system32\wbem\WmiApSrv.exe
.
**************************************************************************
.
Heure de fin: 2014-03-29  01:16:16 - La machine a redémarré
ComboFix-quarantined-files.txt  2014-03-29 00:15
ComboFix2.txt  2012-08-23 18:59
.
Avant-CF: 16 457 592 832 octets libres
Après-CF: 19 258 773 504 octets libres
.
- - End Of File - - F48846F40A88562385565B8540C580F5
5C616939100B85E558DA92B899A0FC36
 

 

Here is the combofix quarantine also : 

2014-03-29 00:17:12 . 2014-03-29 00:17:12              512 ----a-w-  C:\Qoobox\Quarantine\MBR_HardDisk0.mbr
2014-03-08 14:34:59 . 2014-03-08 14:34:59        1,056,768 ----atw-  C:\Qoobox\Quarantine\C\Windows\security\database\tmp.edb.vir
2013-04-06 14:29:49 . 2013-03-30 11:48:13        3,690,496 ----a-w-  C:\Qoobox\Quarantine\C\Program Files\AntiSpy1.4\AntiSpy.exe.vir
2013-04-06 14:29:49 . 2013-04-06 14:38:26            3,517 ----a-w-  C:\Qoobox\Quarantine\C\Program Files\AntiSpy1.4\AntiSpy.dat.vir
2012-08-23 18:57:31 . 2012-08-23 18:57:31              157 ----a-w-  C:\Qoobox\Quarantine\Registry_backups\HKLM-Run-HDD Regenerator.reg.dat
2012-08-07 21:45:25 . 2014-03-29 00:28:54            8,170 ----a-w-  C:\Qoobox\Quarantine\Registry_backups\tcpip.reg
2012-08-07 21:15:49 . 2014-03-29 00:44:00              430 ----a-w-  C:\Qoobox\Quarantine\catchme.log
2010-09-03 13:03:50 . 2010-10-14 20:48:26        4,249,872 ----a-w-  C:\Qoobox\Quarantine\C\Program Files\HDD Regenerator\HDD Regenerator.exe.vir
2009-11-24 00:04:00 . 2009-11-24 00:04:00        1,141,248 ----a-w-  C:\Qoobox\Quarantine\C\Windows\System32\cc32100mt.dll.vir
 

 

Fixlog here :

 

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x86) Version: 13-03-2014  01
Ran by Flore at 2014-03-29 01:06:01 Run:1
Running from C:\Users\Flore\Desktop
Boot Mode: Normal

==============================================

Content of fixlist:
*****************
FF Extension: Ghostery - C:\Users\Flore\AppData\Roaming\Mozilla\Firefox\Profiles\3mx75wwm.default\Extensions\[email protected] [2013-09-05]
C:\Users\Flore\AppData\Roaming\Mozilla\Firefox\Profiles\3mx75wwm.default\Extensions\[email protected]
*****************

C:\Users\Flore\AppData\Roaming\Mozilla\Firefox\Profiles\3mx75wwm.default\Extensions\[email protected] => Moved successfully.
"C:\Users\Flore\AppData\Roaming\Mozilla\Firefox\Profiles\3mx75wwm.default\Extensions\[email protected]" => File/Directory not found.

==== End of Fixlog ====


  • 0

#9
ramaflore
Posted 29 March 2014 - 12:36 PM

ramaflore

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 210 posts

I checked almost all the quarantined files with Virustotal and they are safe. The only files I didn't check was cc32100mt.dll, catchme.log and tmp.edb. 

 

Why Combos put those files in a quarantine folder ?


  • 0

#10
emeraldnzl
Posted 29 March 2014 - 03:05 PM

emeraldnzl

    GeekU Instructor

  • GeekU Moderator
  • 20,051 posts

Hello ramaflore,

There are a number of possible reasons why ComboFix removes a file. I believe it does use heuristics to identify suspicious activity and will remove a file if it is suspicious even if in other ways it appears legitimate. In this case see here for some details. There you will see there is a program called PC Antispy, a rogue program which was bad and another called Antispy which is a users choice firewall program. If this one is the firewall then I would say that you already appear to have Private Firewall. Having two firewalls running at the same time can lead to conflict.

We can attempt to return them to where they were if you like.

Moving on

Please download Malwarebytes Anti-Malware Free from here .

  • Double click to install the progamme
  • When the popup "Completing the Malwarebytes Anti-Malware Setup Wizard" appears, uncheck the box enable free trial of Malwarebytes Anti-Malware Premium

MBAMcompletinginstall.jpg



  • The MBAM console/dashboard will appear together with an alert to update - click the green button Update Now
  • When update is complete select Settings > Detection and Protection and check (tick) Scan for rootkits

MBAMSettings-1.jpg

Go back to the Dashboard and click on the green Scan Now button.

MBAM1.jpg



  • If threats are detected, click the Apply Actions button, MBAM may ask for a reboot. Let it do so.

MBAMReboot.JPG



  • On completion of the scan (or after the reboot) select View Detailed Log (to the right on the light green strip)
  • Click on the Export button and select Text file and save to the desktop

MBAMLog.JPG

Copy and paste the log back here.
 

 


  • 0

Advertisements

#11
ramaflore
Posted 29 March 2014 - 05:55 PM

ramaflore

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 210 posts

I downloaded Antispy myself to check agains virus and rootkits, this program has nothing to do with PC AntiSpy, there isn't any firewall.

Unfortunately, AntiSpy has the same name exe file that PC AntiSpy used and I guess that Combofix can't distinguish both files.

 

Here is the link : https://code.google..../downloads/list

 

Here a link from the well-known Wilderssecurity forum : http://www.wildersse...ad.php?t=349660

 

About HDD Regenerator, it's a legitimate file also from here : http://www.dposoft.net/hdd.html


Edited by ramaflore, 29 March 2014 - 06:05 PM.

  • 0

#12
emeraldnzl
Posted 29 March 2014 - 07:22 PM

emeraldnzl

    GeekU Instructor

  • GeekU Moderator
  • 20,051 posts

It's interesting because the HDD Regenerator seems to have been removed to quarantine on and earlier run.

 

ComboFix appears to have been run 4 times. My thought is why didn't ComboFix remove Antispy on one of those earlier runs?

 

In any event from what you say I think they are false positives.

You can either download and reinstall or we can do this:

1. Close any open browsers.

2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

3. Open notepad and copy/paste the text in the quotebox below into it:
 

DEQUARANTINE::
C:\Qoobox\Quarantine\C\Program Files\AntiSpy1.4\AntiSpy.exe.vir
C:\Qoobox\Quarantine\C\Program Files\AntiSpy1.4\AntiSpy.dat.vir
C:\Qoobox\Quarantine\C\Program Files\HDD Regenerator\HDD Regenerator.exe.vir
QUIT::

Save this as CFScript.txt, in the same location as ComboFix.exe

CFScriptB-4.gif

Refering to the picture above, drag CFScript into ComboFix.exe

When finished, it will produce a log for you at C:\ComboFix.txt. Please post that here for further review.

For the HDD Regenerator registry entries do this:

Navigate to C:\Qoobox\Quarantine\Registry_backups\HKLM-Run-HDD Regenerator.reg.dat and rename the file  C:\Qoobox\Quarantine\Registry_backups\HKLM-Run-HDD Regenerator.reg (that is removing the extension. dat) and double click on the file to merge the entries.

When you return post the ComboFix.txt and tell me how the registry merge went.
 

 

 


  • 0

#13
ramaflore
Posted 30 March 2014 - 07:03 AM

ramaflore

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 210 posts

Malwarebytes Anti-Malware
www.malwarebytes.org

Scan Date: 30/03/2014
Scan Time: 14:46:03
Logfile: mbam log.txt
Administrator: Yes

Version: 2.00.0.1000
Malware Database: v2014.03.30.02
Rootkit Database: v2014.03.27.01
License: Free
Malware Protection: Disabled
Malicious Website Protection: Disabled
Chameleon: Disabled

OS: Windows Vista Service Pack 2
CPU: x86
File System: NTFS
User: Flore

Scan Type: Threat Scan
Result: Completed
Objects Scanned: 245574
Time Elapsed: 38 min, 7 sec

Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Enabled
Shuriken: Enabled
PUP: Enabled
PUM: Enabled

Processes: 0
(No malicious items detected)

Modules: 0
(No malicious items detected)

Registry Keys: 0
(No malicious items detected)

Registry Values: 0
(No malicious items detected)

Registry Data: 0
(No malicious items detected)

Folders: 0
(No malicious items detected)

Files: 5
PUP.Optional.Spigot.A, C:\Users\Flore\Downloads\SopCast.zip, , [80809b65837d9e62c0a6aa7255ac2dd3],
PUP.Optional.OpenCandy, C:\Users\Flore\Downloads\veetle-0.9.19.exe, , [2bd542be03fd1fe13f8a062821e336ca],
PUP.Keylogger, C:\Users\Transparence\Downloads\Project Neptune v2.0.rar, , [827ed42c15eb59a7e415fe1b9272956b],
PUP.Optional.Spigot.A, C:\Users\Transparence\Downloads\SopCast.zip, , [a35d8a7679873bc504623fdd639ef709],
PUP.Optional.OpenCandy, C:\Users\Transparence\Downloads\veetle-0.9.19.exe, , [21df738dfb05ed132f9a62cc14f0e61a],

Physical Sectors: 0
(No malicious items detected)


(end)


  • 0

#14
ramaflore
Posted 30 March 2014 - 07:24 AM

ramaflore

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 210 posts

C:\Qoobox\Quarantine\C\Program Files\AntiSpy1.4\AntiSpy.dat.vir -> C:\Program Files\AntiSpy1.4\AntiSpy.dat ( 3517 bytes )
C:\Qoobox\Quarantine\C\Program Files\AntiSpy1.4\AntiSpy.exe.vir -> C:\Program Files\AntiSpy1.4\AntiSpy.exe ( 3690496 bytes )
C:\Qoobox\Quarantine\C\Program Files\HDD Regenerator\HDD Regenerator.exe.vir -> C:\Program Files\HDD Regenerator\HDD Regenerator.exe ( 4249872 bytes )
 

Done !

 

After pasted Cscript to Combofix, it generated the results above, and after that I lost my Internet connection, so that I reboot my laptop to recover Internet connection.


  • 0

#15
emeraldnzl
Posted 30 March 2014 - 01:32 PM

emeraldnzl

    GeekU Instructor

  • GeekU Moderator
  • 20,051 posts

after that I lost my Internet connection, so that I reboot my laptop to recover Internet connection.


That would have been ComboFix. It disconnects from the internet while it runs and yes, a reboot is the way to restore connection.

Moving on

Please run a free online scan with the ESET Online Scanner

Vista / Win7 users: Right-click on the either the IE or FF icon in the Start Menu or Quick Launch Bar on the Taskbar and select Run as Administrator.

Note: This scan works with Internet Explorer or Mozilla FireFox.

 If using Mozilla Firefox you will need to download esetsmartinstaller_enu.exe when prompted then double click on it to install.

 
  • Click the green ESET Online Scanner box
  • Tick the box next to YES, I accept the Terms of Use
     then click on: Start
  • You may see a panel towards the top of the screen telling you the website wants to install an addon... click and allow it to install. If your firewall asks whether you want to allow installation, say yes.
  • Make sure that the option Scan archives is checked.
  • Now click on Advanced Settings and select the following:
    • Scan for potentially unwanted applications
    • Scan for potentially unsafe applications
    • Enable Anti-Stealth Technology
  • Click on Start
  • The virus signature database will begin to download. Be patient this make take some time depending on the speed of your Internet Connection.
  • When completed the Online Scan will begin automatically. The scan may take several hours.
  • Do not touch either the Mouse or keyboard during the scan otherwise it may stall.
  • When completed select Uninstall application on close, before you do that though, make sure you copy the logfile to notepad somewhere you can find it again
  • Then click on: Finish
  • Copy and paste that log as a reply to this topic and tell me how your machine is now.

 
  • 0
Back to Computer Won't Boot - Malware Related · Next Unread Topic →




Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

  1. Geeks to Go Community
  2. Security
  3. Computer Won't Boot - Malware Related

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP