Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

WChelper.dll , conhost.exe


  • This topic is locked This topic is locked
24 replies to this topic

#1 Pgi007be

Pgi007be

  • Members
  • 19 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:04:20 AM

Posted 12 January 2014 - 09:12 AM

Dear Forum members,

 

Thanks in advance to help me solving this issue.

My current AVAST antivir warns me that my PC is infested by the WChelper.dll file linked to the conhost.exe process.
I don't know how to solve that. My PC is very slow.

 

********************************

Hereunder pasted : the DDS.txt log

********************************

DDS (Ver_2012-11-20.01) - NTFS_x86
Internet Explorer: 9.0.8112.16526
Run by Pascal at 14:59:19 on 2014-01-12
Microsoft® Windows Vista™ Édition Familiale Premium   6.0.6002.2.1252.32.1036.18.3070.1142 [GMT 1:00]
.
AV: avast! Antivirus *Enabled/Updated* {17AD7D40-BA12-9C46-7131-94903A54AD8B}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: avast! Antivirus *Enabled/Updated* {ACCC9CA4-9C28-93C8-4B81-AFE241D3E736}
.
============== Running Processes ================
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\nvvsvc.exe
C:\Windows\system32\SLsvc.exe
C:\Windows\system32\rundll32.exe
C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
C:\Windows\System32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
C:\Windows\system32\IoctlSvc.exe
C:\Windows\system32\PSIService.exe
C:\Program Files\CyberLink\Shared Files\RichVideo.exe
C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\15.5.0\ToolbarUpdater.exe
C:\Windows\system32\SearchIndexer.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\system32\taskeng.exe
C:\Windows\Explorer.EXE
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\HomeCinema\PlayMovie\PMVService.exe
C:\Program Files\CyberLink\PowerDVD8\PDVD8Serv.exe
C:\Program Files\CyberLink\Shared Files\brs.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Program Files\DivX\DivX Update\DivXUpdate.exe
C:\Program Files\UsbBoost\TurboHddUsb.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Alwil Software\Avast5\AvastUI.exe
C:\Program Files\Medion\LifeCloud Desktop Applications\HipServAgent\HipServAgent.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Windows\ehome\ehtray.exe
C:\Program Files\DAEMON Tools Lite\daemon.exe
C:\Windows\System32\spool\drivers\w32x86\3\E_FATIFCE.EXE
C:\Program Files\Common Files\Nero\Lib\NMIndexStoreSvr.exe
C:\Program Files\Nokia\Nokia Suite\NokiaSuite.exe
C:\Users\Pascal\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe
C:\Program Files\Common Files\Apple\Internet Services\ApplePhotoStreams.exe
C:\Program Files\Common Files\Apple\Internet Services\iCloudServices.exe
C:\Program Files\LaCie\Genie Backup Assistant\GBMAgent.exe
C:\Windows\System32\wscript.exe
C:\Users\Pascal\AppData\Roaming\Public\conhost.exe
C:\Program Files\McAfee Security Scan\3.8.130\SSScheduler.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Users\Pascal\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\conhost.exe
C:\Windows\ehome\ehmsas.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Users\Pascal\AppData\Roaming\Dropbox\bin\Dropbox.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe
C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe
C:\Users\Pascal\AppData\Roaming\Public\conhost.exe
C:\Users\Pascal\AppData\Roaming\Public\conhost.exe
C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
C:\Program Files\PC Connectivity Solution\Transports\NclUSBSrv.exe
C:\Program Files\PC Connectivity Solution\Transports\NclRSSrv.exe
C:\Program Files\PC Connectivity Solution\Transports\NclMSBTSrvEx.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Windows\system32\Macromed\Flash\FlashUtil32_11_9_900_170_ActiveX.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Windows\system32\mmc.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\system32\conime.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k rpcss
C:\Windows\System32\svchost.exe -k secsvcs
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k GPSvcGroup
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\system32\svchost.exe -k imgsvc
C:\Windows\System32\svchost.exe -k WerSvcGroup
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxps://www.google.be/
uSearch Bar = hxxp://www.bing.com
uDefault_Page_URL = hxxp://www.aldi.com/
mStart Page = hxxp://www.trooner.com/
mDefault_Page_URL = hxxp://www.aldi.com/
BHO: vShare Plugin: {043C5167-00BB-4324-AF7E-62013FAEDACF} - c:\program files\vshare\vshare_toolbar.dll
BHO: MSS+ Identifier: {0E8A89AD-95D7-40EB-8D9D-083EF7066A01} - c:\program files\mcafee security scan\3.8.130\McAfeeMSS_IE.dll
BHO: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: DivX Plus Web Player HTML5 <video>: {326E768D-4182-46FD-9C16-1449A49795F4} - c:\program files\divx\divx plus web player\ie\divxhtml5\DivXHTML5.dll
BHO: Java™ Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - c:\program files\java\jre6\bin\ssv.dll
BHO: {7E853D72-626A-48EC-A868-BA8D5E23E045} - <orphaned>
BHO: avast! Online Security: {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - c:\program files\alwil software\avast5\aswWebRepIE.dll
BHO: Programme d'aide de l'Assistant de connexion Windows Live: {9030D464-4C02-4ABF-8ECC-5164760863C6} - c:\program files\common files\microsoft shared\windows

live\WindowsLiveLogin.dll
BHO: Easy Photo Print: {9421DD08-935F-4701-A9CA-22DF90AC4EA6} - c:\program files\epson software\easy photo print\EPTBL.dll
BHO: Google Toolbar Helper: {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
BHO: Java™ Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - c:\program files\java\jre6\bin\jp2ssv.dll
TB: Google Toolbar: {2318C2B1-4965-11D4-9B18-009027A5CD4F} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
TB: vShare Plugin: {043C5167-00BB-4324-AF7E-62013FAEDACF} - c:\program files\vshare\vshare_toolbar.dll
TB: Easy Photo Print: {9421DD08-935F-4701-A9CA-22DF90AC4EA6} - c:\program files\epson software\easy photo print\EPTBL.dll
TB: vShare Plugin: {043C5167-00BB-4324-AF7E-62013FAEDACF} - c:\program files\vshare\vshare_toolbar.dll
TB: Google Toolbar: {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
TB: avast! Online Security: {CC1A175A-E45B-41ED-A30C-C9B1D7A0C02F} - c:\program files\alwil software\avast5\aswWebRepIE.dll
uRun: [Sidebar] c:\program files\windows sidebar\sidebar.exe /autoRun
uRun: [ehTray.exe] c:\windows\ehome\ehTray.exe
uRun: [DAEMON Tools Lite] "c:\program files\daemon tools lite\daemon.exe" -autorun
uRun: [EPSON SX410 Series] c:\windows\system32\spool\drivers\w32x86\3\e_fatifce.exe /fu "c:\windows\temp\E_S7EB3.tmp" /EF "HKCU"
uRun: [IndxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "c:\program files\common files\nero\lib\NMIndexStoreSvr.exe" ASO-616B5711-6DAE-4795-A05F-39A1E5104020
uRun: [NokiaSuite.exe] c:\program files\nokia\nokia suite\NokiaSuite.exe -tray
uRun: [Spotify Web Helper] "c:\users\pascal\appdata\roaming\spotify\data\SpotifyWebHelper.exe"
uRun: [swg] "c:\program files\google\googletoolbarnotifier\GoogleToolbarNotifier.exe"
uRun: [ApplePhotoStreams] c:\program files\common files\apple\internet services\ApplePhotoStreams.exe
uRun: [iCloudServices] c:\program files\common files\apple\internet services\iCloudServices.exe
uRun: [GBMLite8AgentLaCie] c:\program files\lacie\genie backup assistant\GBMAgent.exe
uRun: [SURVIVAL] wscript.exe //B "c:\users\pascal\appdata\local\temp\SURVIVAL.vbe"
uRun: [APS] c:\users\pascal\appdata\roaming\public\conhost.exe
uRun: [WMPNSCFG] c:\program files\windows media player\WMPNSCFG.exe
uRunOnce: [Shockwave Updater] c:\windows\system32\adobe\shockw~1\SWHELP~1.EXE -Update -1103472 -"Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.0; Trident/5.0; SLCC1; .NET CLR

2.0.50727; Media Center PC 5.0; .NET CLR 3.5.30729; .NET4.0C; .NET CLR 3.0.30729)"

-"http://www.larecre.net/fr/geographie/belgique/belgique_politique_hydrographie_exercices.html"
mRun: [Windows Defender] c:\program files\windows defender\MSASCui.exe -hide
mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
mRun: [NvMediaCenter] RUNDLL32.EXE c:\windows\system32\NvMcTray.dll,NvTaskbarInit
mRun: [SynTPEnh] c:\program files\synaptics\syntp\SynTPEnh.exe
mRun: [UpdatePDRShortCut] "c:\program files\homecinema\powerdirector\muitransfer\muistartmenu.exe" "c:\program files\homecinema\powerdirector" updatewithcreateonce

"software\cyberlink\powerdirector\7.0"
mRun: [UpdatePPShortCut] "c:\program files\homecinema\powerproducer\muitransfer\muistartmenu.exe" "c:\program files\homecinema\powerproducer" update

"software\cyberlink\powerproducer\5.0"
mRun: [PlayMovie] "c:\program files\homecinema\playmovie\PMVService.exe"
mRun: [UCam_Menu] "c:\program files\homecinema\youcam\muitransfer\muistartmenu.exe" "c:\program files\homecinema\youcam" updatewithcreateonce "software\cyberlink\youcam\2.0"
mRun: [Google EULA Launcher] c:\program files\google\google eula\GoogleEULALauncher.exe GE
mRun: [beid] "c:\program files\belgium identity card\beid35gui.exe" /startup
mRun: [NBKeyScan] "c:\program files\nero\nero8\nero backitup\NBKeyScan.exe"
mRun: [RemoteControl8] "c:\program files\cyberlink\powerdvd8\PDVD8Serv.exe"
mRun: [PDVD8LanguageShortcut] "c:\program files\cyberlink\powerdvd8\language\Language.exe"
mRun: [BDRegion] c:\program files\cyberlink\shared files\brs.exe
mRun: [Nikon Message Center 2] c:\program files\nikon\nikon message center 2\NkMC2.exe -s
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe"
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
mRun: [DivXUpdate] "c:\program files\divx\divx update\DivXUpdate.exe" /CHECKNOW
mRun: [APSDaemon] "c:\program files\common files\apple\apple application support\APSDaemon.exe"
mRun: [NSU_agent] "c:\program files\nokia\nokia software updater\nsu3ui_agent.exe"
mRun: [UsbBoost] c:\program files\usbboost\TurboHddUsb.exe
mRun: [GBMLite8AgentLaCie] c:\program files\lacie\genie backup assistant\GBMAgent.exe
mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
mRun: [AvastUI.exe] "c:\program files\alwil software\avast5\AvastUI.exe" /nogui
mRun: [HipServ Agent] c:\program files\medion\lifecloud desktop applications\hipservagent\HipServAgent.exe
StartupFolder: c:\users\pascal\appdata\roaming\microsoft\windows\start menu\programs\startup\conhost.exe
StartupFolder: c:\users\pascal\appdata\roaming\micros~1\windows\startm~1\programs\startup\dropbox.lnk - c:\users\pascal\appdata\roaming\dropbox\bin\Dropbox.exe
StartupFolder: c:\users\pascal\appdata\roaming\microsoft\windows\start menu\programs\startup\SURVIVAL.vbe
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\mcafee~1.lnk - c:\program files\mcafee security scan\3.8.130\SSScheduler.exe
mPolicies-Explorer: BindDirectlyToPropertySetStorage = dword:0
mPolicies-System: EnableUIADesktopToggle = dword:0
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: E&xporter vers Microsoft Excel - c:\progra~1\micros~4\office12\EXCEL.EXE/3000
IE: Google Sidewiki... - c:\program files\google\google toolbar\component\GoogleToolbarDynamic_mui_en_6CE5017F567343CA.dll/cmsidewiki.html
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - c:\program files\windows live\writer\WriterBrowserExtension.dll
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\program files\microsoft office\office12\ONBttnIE.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503}
DPF: {4C833081-D026-4FF8-968F-7EAB660D2FBA} - hxxp://download.livetv.ru/livetv.ru/cab/tvants.cab.rar
DPF: {5D637FAD-E202-48D1-8F18-5B9C459BD1E3} - hxxp://www.mypix.com/be/fr/importer/newconf/aurigma5.8.1.0/ImageUploader5.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_11-windows-i586.cab
DPF: {8FEFF364-6A5F-4966-A917-A3AC28411659} - hxxp://download.sopcast.cn/download/SOPCORE.CAB
DPF: {CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_11-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_11-windows-i586.cab
DPF: {DB28CF23-0083-40B5-BF63-69925D672385} - hxxp://www.nero.com/doc/NeroVersionChecker.cab
TCP: NameServer = 192.168.1.1
TCP: Interfaces\{7FF8A629-99C1-4BD1-AB7F-28BD3B9CA009} : DHCPNameServer = 192.168.1.1
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\program files\common files\skype\Skype4COM.dll
Handler: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} -
Handler: vsharechrome - {3F3A4B8A-86FC-43A4-BB00-6D7EBE9D4484} - c:\program files\vshare\vshare_toolbar.dll
LSA: Security Packages =  kerberos msv1_0 schannel wdigest tspkg
mASetup: {8A69D345-D564-463c-AFF1-A69D9E530F96} - "c:\program files\google\chrome\application\31.0.1650.63\installer\chrmstp.exe" --configure-user-settings --verbose-logging --

system-level --multi-install --chrome
.
============= SERVICES / DRIVERS ===============
.
R0 aswRvrt;avast! Revert;c:\windows\system32\drivers\aswRvrt.sys [2013-3-16 49944]
R0 aswVmm;avast! VM Monitor;c:\windows\system32\drivers\aswVmm.sys [2013-3-16 180248]
R1 aswKbd;aswKbd;c:\windows\system32\drivers\aswKbd.sys [2012-11-10 20624]
R1 aswSnx;aswSnx;c:\windows\system32\drivers\aswSnx.sys [2011-4-27 775952]
R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [2009-7-12 410528]
R1 avgtp;avgtp;c:\windows\system32\drivers\avgtpx86.sys [2012-8-30 37664]
R1 FNETURPX;FNETURPX;c:\windows\system32\drivers\FNETURPX.SYS [2013-5-19 7936]
R2 {49DE1C67-83F8-4102-99E0-C16DCC7EEC796};{49DE1C67-83F8-4102-99E0-C16DCC7EEC796};c:\program files\homecinema\playmovie\000.fcl [2009-3-19 61424]
R2 {FE4C91E7-22C2-4D0C-9F6B-82F1B7742054};Power Control [2010/11/24 22:45:37];c:\program files\cyberlink\powerdvd8\000.fcl [2009-8-28 87536]
R2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [2009-7-12 67824]
R2 avast! Antivirus;avast! Antivirus;c:\program files\alwil software\avast5\AvastSvc.exe [2010-7-29 50344]
R2 FontCache;Service de cache de police Windows;c:\windows\system32\svchost.exe -k LocalServiceAndNoImpersonation [2008-1-21 21504]
R2 vToolbarUpdater15.5.0;vToolbarUpdater15.5.0;c:\program files\common files\avg secure search\vtoolbarupdater\15.5.0\ToolbarUpdater.exe [2013-8-14 1643184]
R3 DCamUSBGene;Genesys Logic USB2.0 PC Camera;c:\windows\system32\drivers\USBGENE.sys [2009-3-17 175360]
R3 netr28;Ralink 802.11n Wireless Driver for Windows Vista;c:\windows\system32\drivers\netr28.sys [2009-3-19 436224]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 SkypeUpdate;Skype Updater;c:\program files\skype\updater\Updater.exe [2012-7-13 160944]
S3 cxbu0wdm;CardMan 3x21;c:\windows\system32\drivers\cxbu0wdm.sys [2009-6-14 97792]
S3 FNETTBOH;FNETTBOH;c:\windows\system32\drivers\FNETTBOH.SYS [2013-5-19 23680]
S3 McComponentHostService;McAfee Security Scan Component Host Service;c:\program files\mcafee security scan\3.8.130\McCHSvc.exe [2013-9-6 235216]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\microsoft.net\framework\v4.0.30319\wpf\WPFFontCache_v0400.exe [2013-7-20 754856]
.
=============== Created Last 30 ================
.
2014-01-12 13:55:34 -------- d-----w- C:\Repair
2014-01-12 11:29:17 62576 ----a-w- c:\programdata\microsoft\windows defender\definition updates\{e8eac457-6ad6-49e3-b289-76bfdb3691df}\offreg.dll
2014-01-12 10:46:20 -------- d-----w- c:\users\pascal\appdata\roaming\ParetoLogic
2014-01-12 10:46:20 -------- d-----w- c:\users\pascal\appdata\roaming\DriverCure
2014-01-12 10:45:49 -------- d-----w- c:\program files\common files\ParetoLogic
2014-01-12 10:45:45 -------- d-----w- c:\programdata\ParetoLogic
2014-01-12 10:45:45 -------- d-----w- c:\program files\ParetoLogic
2014-01-10 19:44:33 7760024 ----a-w- c:\programdata\microsoft\windows defender\definition updates\{e8eac457-6ad6-49e3-b289-76bfdb3691df}\mpengine.dll
2014-01-06 21:19:58 -------- d-----w- c:\program files\Medion
2014-01-06 21:18:37 -------- d-----w- c:\users\pascal\appdata\local\{6EF6A90A-DFF8-4DB8-93FD-4572F39935B1}
2014-01-04 18:44:10 -------- d-----w- c:\users\pascal\appdata\roaming\Public
2014-01-04 13:15:56 83404540 ----a-w- c:\users\pascal\appdata\roaming\microsoft\windows\start menu\programs\startup\conhost.exe
2013-12-30 15:08:36 72352551 --sha-w- c:\users\pascal\appdata\roaming\microsoft\windows\start menu\programs\startup\SURVIVAL.vbe
2013-12-18 21:13:28 -------- d-----w- c:\programdata\tmp
2013-12-18 21:13:28 -------- d-----w- c:\programdata\hps
2013-12-18 21:09:46 -------- d-----w- c:\program files\myPIX
.
==================== Find3M  ====================
.
2013-12-27 13:20:25 775952 ----a-w- c:\windows\system32\drivers\aswSnx.sys
2013-12-27 13:20:25 180248 ----a-w- c:\windows\system32\drivers\aswVmm.sys
2013-12-27 13:20:24 67824 ----a-w- c:\windows\system32\drivers\aswMonFlt.sys
2013-12-27 13:20:23 43152 ----a-w- c:\windows\avastSS.scr
2013-12-11 13:48:53 71048 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2013-12-11 13:48:53 692616 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2013-12-04 20:02:48 49944 ----a-w- c:\windows\system32\drivers\aswRvrt.sys
2013-11-19 02:33:38 230048 ------w- c:\windows\system32\MpSigStub.exe
2013-11-14 22:50:50 1806848 ----a-w- c:\windows\system32\jscript9.dll
2013-11-14 22:42:41 1129472 ----a-w- c:\windows\system32\wininet.dll
2013-11-14 22:42:32 1427968 ----a-w- c:\windows\system32\inetcpl.cpl
2013-11-14 22:38:54 142848 ----a-w- c:\windows\system32\ieUnatt.exe
2013-11-14 22:38:16 420864 ----a-w- c:\windows\system32\vbscript.dll
2013-11-14 22:35:52 2382848 ----a-w- c:\windows\system32\mshtml.tlb
2013-10-30 02:13:01 1304064 ----a-w- c:\windows\system32\WMALFXGFXDSP.dll
2013-10-30 02:12:54 335360 ----a-w- c:\windows\system32\SysFxUI.dll
2013-10-30 01:43:04 130048 ----a-w- c:\windows\system32\drivers\drmk.sys
2013-10-30 00:43:06 167936 ----a-w- c:\windows\system32\drivers\portcls.sys
2013-10-30 00:35:24 2050560 ----a-w- c:\windows\system32\win32k.sys
2013-10-22 07:19:59 158208 ----a-w- c:\windows\system32\imagehlp.dll
.
============= FINISH: 15:03:06,26 ===============

Attached Files



BC AdBot (Login to Remove)

 


#2 B-boy/StyLe/

B-boy/StyLe/

    Bleepin' Freestyler


  • Malware Response Team
  • 8,307 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Bulgaria
  • Local time:05:20 AM

Posted 12 January 2014 - 09:59 AM

Hello! Welcome to BleepingComputer Forums! :welcome:
My name is Georgi and and I will be helping you with your computer problems.

Before we begin, please note the following:

  • I will working be on your Malware issues, this may or may not, solve other issues you have with your machine.
  • The logs can take some time to research, so please be patient with me.
  • Stay with the topic until I tell you that your system is clean. Missing symptoms does not mean that everything is okay.
  • Instructions that I give are for your system only!
  • Please do not run any tools until requested ! The reason for this is so I know what is going on with the machine at any time. Some programs can interfere with others and hamper the recovery process.
  • Please perform all steps in the order received. If you can't understand something don't hesitate to ask.
  • Again I would like to remind you to make no further changes to your computer unless I direct you to do so. I will not help you if you do not follow my instructions.

 

Please download Farbar Recovery Scan Tool and save it to your desktop.

Note: You need to run the version compatibale with your system. If you are not sure which version applies to your system download both of them and try to run them. Only one of them will run on your system, that will be the right version.

  • Double-click to run it. When the tool opens click Yes to disclaimer.
  • Press Scan button.
  • It will make a log (FRST.txt) in the same directory the tool is run. Please copy and paste it to your reply.
  • The first time the tool is run, it makes also another log (Addition.txt). Please attach it to your reply.

 

Regards,

Georgi


cXfZ4wS.png


#3 Pgi007be

Pgi007be
  • Topic Starter

  • Members
  • 19 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:04:20 AM

Posted 12 January 2014 - 10:57 AM

Thanks you for your quick answer.

Hereafter the requested info.

********** FRST.TXT *************

Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 12-01-2014
Ran by Pascal (administrator) on NEWMEDION on 12-01-2014 16:14:59
Running from C:\Repair
Microsoft® Windows Vista™ Édition Familiale Premium  Service Pack 2 (X86) OS Language: French Standard
Internet Explorer Version 9
Boot Mode: Normal

==================== Processes (Whitelisted) ===================

(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(Microsoft Corporation) C:\Windows\System32\SLsvc.exe
(AVAST Software) C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
(Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Nero AG) C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
(Prolific Technology Inc.) C:\Windows\System32\IoctlSvc.exe
() C:\Windows\System32\PSIService.exe
() C:\Program Files\CyberLink\Shared Files\RichVideo.exe
(AVG Secure Search) C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\15.5.0\ToolbarUpdater.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\MSASCui.exe
(Synaptics, Inc.) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(CyberLink Corp.) C:\Program Files\HomeCinema\PlayMovie\PMVService.exe
(CyberLink Corp.) C:\Program Files\CyberLink\PowerDVD8\PDVD8Serv.exe
(cyberlink) C:\Program Files\CyberLink\Shared Files\brs.exe
(Microsoft Corporation) C:\Program Files\Windows Media Player\wmpnscfg.exe
() C:\Program Files\DivX\DivX Update\DivXUpdate.exe
(FNet Co., Ltd.) C:\Program Files\UsbBoost\TurboHddUsb.exe
(Apple Inc.) C:\Program Files\iTunes\iTunesHelper.exe
(AVAST Software) C:\Program Files\Alwil Software\Avast5\AvastUI.exe
(Axentra Corporation) C:\Program Files\Medion\LifeCloud Desktop Applications\HipServAgent\HipServAgent.exe
(Microsoft Corporation) C:\Program Files\Windows Sidebar\sidebar.exe
(Microsoft Corporation) C:\Windows\ehome\ehtray.exe
(DT Soft Ltd) C:\Program Files\DAEMON Tools Lite\daemon.exe
(SEIKO EPSON CORPORATION) C:\Windows\System32\spool\drivers\w32x86\3\E_FATIFCE.EXE
(Nero AG) C:\Program Files\Common Files\Nero\Lib\NMIndexStoreSvr.exe
(Nokia) C:\Program Files\Nokia\Nokia Suite\NokiaSuite.exe
() C:\Users\Pascal\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe
(Apple Inc.) C:\Program Files\Common Files\Apple\Internet Services\ApplePhotoStreams.exe
(Apple Inc.) C:\Program Files\Common Files\Apple\Internet Services\iCloudServices.exe
(Genie-soft) C:\Program Files\LaCie\Genie Backup Assistant\GBMAgent.exe
(Microsoft Corporation) C:\Windows\System32\wscript.exe
(Hôte de la fenêtre de la console) C:\Users\Pascal\AppData\Roaming\Public\conhost.exe
(McAfee, Inc.) C:\Program Files\McAfee Security Scan\3.8.130\SSScheduler.exe
(Microsoft Corporation) C:\Windows\System32\wbem\unsecapp.exe
(Hôte de la fenêtre de la console) C:\Users\Pascal\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\conhost.exe
(Microsoft Corporation) C:\Windows\ehome\ehmsas.exe
(Dropbox, Inc.) C:\Users\Pascal\AppData\Roaming\Dropbox\bin\Dropbox.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(Nero AG) C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe
(Synaptics, Inc.) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(Apple Inc.) C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe
(Hôte de la fenêtre de la console) C:\Users\Pascal\AppData\Roaming\Public\conhost.exe
(Hôte de la fenêtre de la console) C:\Users\Pascal\AppData\Roaming\Public\conhost.exe
(Nokia) C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
(Nokia) C:\Program Files\PC Connectivity Solution\Transports\NclUSBSrv.exe
(Nokia) C:\Program Files\PC Connectivity Solution\Transports\NclRSSrv.exe
(Nokia) C:\Program Files\PC Connectivity Solution\Transports\NclMSBTSrvEx.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
(Adobe Systems Incorporated) C:\Windows\System32\Macromed\Flash\FlashUtil32_11_9_900_170_ActiveX.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
(Microsoft Corporation) C:\Windows\System32\conime.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe

==================== Registry (Whitelisted) ==================

HKLM\...\Run: [Windows Defender] - C:\Program Files\Windows Defender\MSASCui.exe [1008184 2008-01-21] (Microsoft Corporation)
HKLM\...\Run: [NvCplDaemon] - C:\Windows\system32\NvCpl.dll [13560352 2008-09-29] (NVIDIA Corporation)
HKLM\...\Run: [NvMediaCenter] - C:\Windows\system32\NvMcTray.dll [92704 2008-09-29] (NVIDIA Corporation)
HKLM\...\Run: [SynTPEnh] - C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [1328424 2008-07-03] (Synaptics, Inc.)
HKLM\...\Run: [UpdatePDRShortCut] - C:\Program Files\HomeCinema\PowerDirector\MUITransfer\MUIStartMenu.exe [222504 2008-01-04] (CyberLink Corp.)
HKLM\...\Run: [UpdatePPShortCut] - C:\Program Files\HomeCinema\PowerProducer\MUITransfer\MUIStartMenu.exe [222504 2008-02-21] (CyberLink Corp.)
HKLM\...\Run: [PlayMovie] - C:\Program Files\HomeCinema\PlayMovie\PMVService.exe [172032 2008-10-21] (CyberLink Corp.)
HKLM\...\Run: [UCam_Menu] - C:\Program Files\HomeCinema\YouCam\MUITransfer\MUIStartMenu.exe [210216 2008-06-13] (CyberLink Corp.)
HKLM\...\Run: [Google EULA Launcher] - C:\Program Files\Google\Google EULA\GoogleEULALauncher.exe [20480 2008-10-14] (Google)
HKLM\...\Run: [beid] - C:\Program Files\Belgium Identity Card\beid35gui.exe [2035712 2009-02-02] (Belgian Government)
HKLM\...\Run: [NBKeyScan] - C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe [2221352 2008-12-02] (Nero AG)
HKLM\...\Run: [RemoteControl8] - C:\Program Files\CyberLink\PowerDVD8\PDVD8Serv.exe [91432 2009-07-16] (CyberLink Corp.)
HKLM\...\Run: [PDVD8LanguageShortcut] - C:\Program Files\CyberLink\PowerDVD8\Language\Language.exe [50472 2009-04-15] (CyberLink Corp.)
HKLM\...\Run: [BDRegion] - C:\Program Files\Cyberlink\Shared Files\brs.exe [75048 2009-08-28] (cyberlink)
HKLM\...\Run: [Nikon Message Center 2] - C:\Program Files\Nikon\Nikon Message Center 2\NkMC2.exe [619008 2010-05-25] (Nikon Corporation)
HKLM\...\Run: [Adobe Reader Speed Launcher] - C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe [41056 2013-05-08] (Adobe Systems Incorporated)
HKLM\...\Run: [Adobe ARM] - C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [958576 2013-04-04] (Adobe Systems Incorporated)
HKLM\...\Run: [DivXUpdate] - C:\Program Files\DivX\DivX Update\DivXUpdate.exe [1259376 2011-07-29] ()
HKLM\...\Run: [APSDaemon] - C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe [59720 2013-04-21] (Apple Inc.)
HKLM\...\Run: [NSU_agent] - C:\Program Files\Nokia\Nokia Software Updater\nsu3ui_agent.exe [190768 2012-02-28] ()
HKLM\...\Run: [UsbBoost] - C:\Program Files\UsbBoost\TurboHddUsb.exe [3788800 2013-05-19] (FNet Co., Ltd.)
HKLM\...\Run: [GBMLite8AgentLaCie] - C:\Program Files\LaCie\Genie Backup Assistant\GBMAgent.exe [189056 2008-09-18] (Genie-soft)
HKLM\...\Run: [QuickTime Task] - C:\Program Files\QuickTime\QTTask.exe [421888 2013-05-01] (Apple Inc.)
HKLM\...\Run: [iTunesHelper] - C:\Program Files\iTunes\iTunesHelper.exe [152392 2013-11-02] (Apple Inc.)
HKLM\...\Run: [AvastUI.exe] - C:\Program Files\Alwil Software\Avast5\AvastUI.exe [3764024 2013-12-27] (AVAST Software)
HKLM\...\Run: [HipServ Agent] - C:\Program Files\Medion\LifeCloud Desktop Applications\HipServAgent\HipServAgent.exe [2722920 2013-09-30] (Axentra Corporation)
Winlogon\Notify\ScCertProp: wlnotify.dll [X]
HKCU\...\Run: [ehTray.exe] - C:\Windows\ehome\ehTray.exe [125952 2008-01-21] (Microsoft Corporation)
HKCU\...\Run: [DAEMON Tools Lite] - C:\Program Files\DAEMON Tools Lite\daemon.exe [687560 2008-12-29] (DT Soft Ltd)
HKCU\...\Run: [EPSON SX410 Series] - C:\Windows\system32\spool\DRIVERS\W32X86\3\E_FATIFCE.EXE [199680 2008-10-02] (SEIKO EPSON CORPORATION)
HKCU\...\Run: [IndxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] - C:\Program Files\Common Files\Nero\Lib\NMIndexStoreSvr.exe [1840424 2009-03-25] (Nero AG)
HKCU\...\Run: [] - [x]
HKCU\...\Run: [NokiaSuite.exe] - C:\Program Files\Nokia\Nokia Suite\NokiaSuite.exe [1083264 2012-01-10] (Nokia)
HKCU\...\Run: [Spotify Web Helper] - C:\Users\Pascal\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe [1193176 2012-09-08] ()
HKCU\...\Run: [swg] - C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe [39408 2009-04-14] (Google Inc.)
HKCU\...\Run: [ApplePhotoStreams] - C:\Program Files\Common Files\Apple\Internet Services\ApplePhotoStreams.exe [59720 2013-04-05] (Apple Inc.)
HKCU\...\Run: [iCloudServices] - C:\Program Files\Common Files\Apple\Internet Services\iCloudServices.exe [59720 2013-04-05] (Apple Inc.)
HKCU\...\Run: [GBMLite8AgentLaCie] - C:\Program Files\LaCie\Genie Backup Assistant\GBMAgent.exe [189056 2008-09-18] (Genie-soft)
HKCU\...\Run: [SURVIVAL] - C:\Users\Pascal\AppData\Local\Temp\SURVIVAL.vbe [72352551 2013-11-23] () <===== ATTENTION
HKCU\...\Run: [APS] - C:\Users\Pascal\AppData\Roaming\Public\conhost.exe [83404540 2013-12-09] (Hôte de la fenêtre de la console)
HKCU\...\Run: [WMPNSCFG] - C:\Program Files\Windows Media Player\WMPNSCFG.exe [202240 2008-01-21] (Microsoft Corporation)
HKCU\...\RunOnce: [Shockwave Updater] - C:\Windows\System32\Adobe\SHOCKW~1\SWHELP~1.EXE -Update -1103472 -"Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.0; Trident/5.0; SLCC1; .NET CLR 2.0.50727; Media Center PC 5.0; .NET CLR 3.5.30729; .NET4.0C; .NET CLR 3.0.30729)" -"http://www.larecre.net/fr/geographie/belgique/belgique_politique_hydrographie_exercices.html" [460216 2009-01-16] (Adobe Systems, Inc.)
MountPoints2: {9001ea21-45c6-11e0-82e2-00222003b2ce} - I:\PMBP_Win.exe
MountPoints2: {cae7b2d3-340b-11de-ba39-00222003b2ce} - G:\SETUP.EXE
HKU\Default\...\Run: [WindowsWelcomeCenter] - C:\Windows\system32\oobefldr.dll [ 2009-04-11] (Microsoft Corporation)
HKU\Default User\...\Run: [WindowsWelcomeCenter] - C:\Windows\system32\oobefldr.dll [ 2009-04-11] (Microsoft Corporation)
HKU\Famille\...\Run: [BullGuard] - "C:\Program Files\BullGuard Ltd\BullGuard\BullGuard.exe"
HKU\Famille\...\Run: [ehTray.exe] - C:\Windows\ehome\ehTray.exe [ 2008-01-21] (Microsoft Corporation)
HKU\Famille\...\Run: [DAEMON Tools Lite] - C:\Program Files\DAEMON Tools Lite\daemon.exe [ 2008-12-29] (DT Soft Ltd)
HKU\Famille\...\Run: [EPSON SX410 Series] - C:\Windows\system32\spool\DRIVERS\W32X86\3\E_FATIFCE.EXE [ 2008-10-02] (SEIKO EPSON CORPORATION)
HKU\Famille\...\Run: [IndxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] - C:\Program Files\Common Files\Nero\Lib\NMIndexStoreSvr.exe [ 2009-03-25] (Nero AG)
HKU\Famille\...\Run: [WMPNSCFG] - C:\Program Files\Windows Media Player\WMPNSCFG.exe [ 2008-01-21] (Microsoft Corporation)
HKU\Famille\...\Run: [] - [x]
HKU\Famille\...\Run: [NokiaSuite.exe] - C:\Program Files\Nokia\Nokia Suite\NokiaSuite.exe [ 2012-01-10] (Nokia)
HKU\Famille\...\Run: [PC Suite Tray] - C:\Program Files\Nokia\Nokia PC Suite 7\PCSuite.exe [ 2011-12-16] (Nokia)
HKU\Famille\...\Run: [swg] - C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe [ 2009-04-14] (Google Inc.)
HKU\Famille\...\RunOnce: [Shockwave Updater] - C:\Windows\System32\Adobe\Shockwave 11\SwHelper_1103472.exe [ 2009-01-16] (Adobe Systems, Inc.)
Startup: C:\Users\Pascal\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\conhost.exe (Hôte de la fenêtre de la console)
Startup: C:\Users\Pascal\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk
ShortcutTarget: Dropbox.lnk -> C:\Users\Pascal\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
Startup: C:\Users\Pascal\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\SURVIVAL.vbe ()

==================== Internet (Whitelisted) ====================

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.google.be/
HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.aldi.com/
HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.bing.com
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.trooner.com/
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.aldi.com/
SearchScopes: HKCU - DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKCU - {043C5167-00BB-4324-AF7E-62013FAEDACF} URL = http://vshare.toolbarhome.com/search.aspx?q={searchTerms}&srch=dsp
BHO: vShare Plugin - {043C5167-00BB-4324-AF7E-62013FAEDACF} - C:\Program Files\vShare\vshare_toolbar.dll ()
BHO: MSS+ Identifier - {0E8A89AD-95D7-40EB-8D9D-083EF7066A01} - C:\Program Files\McAfee Security Scan\3.8.130\McAfeeMSS_IE.dll (McAfee, Inc.)
BHO: Adobe PDF Link Helper - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
BHO: DivX Plus Web Player HTML5 <video> - {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Program Files\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll (DivX, LLC)
BHO: Java™ Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
BHO: No Name - {7E853D72-626A-48EC-A868-BA8D5E23E045} -  No File
BHO: avast! Online Security - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\Alwil Software\Avast5\aswWebRepIE.dll (AVAST Software)
BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
BHO: Easy Photo Print - {9421DD08-935F-4701-A9CA-22DF90AC4EA6} - C:\Program Files\Epson Software\Easy Photo Print\EPTBL.dll (SEIKO EPSON CORPORATION / CyCom Technology Corp.)
BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)
Toolbar: HKLM - Easy Photo Print - {9421DD08-935F-4701-A9CA-22DF90AC4EA6} - C:\Program Files\Epson Software\Easy Photo Print\EPTBL.dll (SEIKO EPSON CORPORATION / CyCom Technology Corp.)
Toolbar: HKLM - vShare Plugin - {043C5167-00BB-4324-AF7E-62013FAEDACF} - C:\Program Files\vShare\vshare_toolbar.dll ()
Toolbar: HKLM - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
Toolbar: HKLM - avast! Online Security - {CC1A175A-E45B-41ED-A30C-C9B1D7A0C02F} - C:\Program Files\Alwil Software\Avast5\aswWebRepIE.dll (AVAST Software)
Toolbar: HKCU - Google Toolbar - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
Toolbar: HKCU - vShare Plugin - {043C5167-00BB-4324-AF7E-62013FAEDACF} - C:\Program Files\vShare\vshare_toolbar.dll ()
Toolbar: HKCU - No Name - {E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39} -  No File
DPF: {4C833081-D026-4FF8-968F-7EAB660D2FBA} http://download.livetv.ru/livetv.ru/cab/tvants.cab.rar
DPF: {5D637FAD-E202-48D1-8F18-5B9C459BD1E3} http://www.mypix.com/be/fr/importer/newconf/aurigma5.8.1.0/ImageUploader5.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_11-windows-i586.cab
DPF: {8FEFF364-6A5F-4966-A917-A3AC28411659} http://download.sopcast.cn/download/SOPCORE.CAB
DPF: {CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_11-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_11-windows-i586.cab
DPF: {DB28CF23-0083-40B5-BF63-69925D672385} http://www.nero.com/doc/NeroVersionChecker.cab
Handler: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\Windows Live\Messenger\msgrapp.8.5.1302.1018.dll (Microsoft Corporation)
Handler: ms-itss - {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Program Files\Common Files\Microsoft Shared\Information Retrieval\msitss.dll (Microsoft Corporation)
Handler: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\Windows Live\Messenger\msgrapp.8.5.1302.1018.dll (Microsoft Corporation)
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
Handler: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - C:\Program Files\Common Files\AVG Secure Search\ViProtocolInstaller\15.5.0\ViProtocol.dll No File
Handler: vsharechrome - {3F3A4B8A-86FC-43A4-BB00-6D7EBE9D4484} - C:\Program Files\vShare\vshare_toolbar.dll ()
Winsock: Catalog5 07 C:\Program Files\Bonjour\mdnsNSP.dll [121704] (Apple Inc.)
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1

Chrome:
=======
CHR HomePage: hxxp://www.google.be/webhp?hl=fr
CHR RestoreOnStartup: "hxxp://www.google.com/"
CHR Extension: (Google Drive) - C:\Users\Pascal\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.3_0 [2013-01-05]
CHR Extension: (YouTube) - C:\Users\Pascal\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.6_0 [2013-05-19]
CHR Extension: (Google Search) - C:\Users\Pascal\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.20_0 [2013-05-19]
CHR Extension: (Chrome In-App Payments service) - C:\Users\Pascal\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.4.11_0 [2013-09-18]
CHR Extension: (DivX Plus Web Player HTML5 \u003Cvideo\u003E) - C:\Users\Pascal\AppData\Local\Google\Chrome\User Data\Default\Extensions\nneajnkjbffgblleaoojgaacokifdkhm\2.1.2.145_0 [2013-01-05]
CHR Extension: (Gmail) - C:\Users\Pascal\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0 [2013-01-05]
CHR HKLM\...\Chrome\Extension: [nneajnkjbffgblleaoojgaacokifdkhm] - C:\Program Files\DivX\DivX Plus Web Player\chrome\DivXHTML5\DivXHTML5.crx [2011-12-12]
CHR HKCU\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION

========================== Services (Whitelisted) =================

R2 avast! Antivirus; C:\Program Files\Alwil Software\Avast5\AvastSvc.exe [50344 2013-12-27] (AVAST Software)
S3 McComponentHostService; C:\Program Files\McAfee Security Scan\3.8.130\McCHSvc.exe [235216 2013-09-06] (McAfee, Inc.)
S2 ProtexisLicensing; C:\Windows\system32\PSIService.exe [177704 2007-06-05] ()
R2 RichVideo; C:\Program Files\CyberLink\Shared Files\RichVideo.exe [241734 2008-06-28] ()
S3 usnjsvc; C:\Program Files\Windows Live\Messenger\usnsvc.exe [98328 2007-10-18] (Microsoft Corporation)
R2 vToolbarUpdater15.5.0; C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\15.5.0\ToolbarUpdater.exe [1643184 2013-08-14] (AVG Secure Search)
S3 WLSetupSvc; C:\Program Files\Windows Live\installer\WLSetupSvc.exe [266240 2007-10-25] (Microsoft Corporation)

==================== Drivers (Whitelisted) ====================

R1 aswKbd; C:\Windows\System32\Drivers\aswKbd.sys [20624 2012-10-30] (AVAST Software)
R2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [67824 2013-12-27] (AVAST Software)
R1 aswRdr; C:\Windows\system32\drivers\aswRdr.sys [54832 2013-12-27] (AVAST Software)
R0 aswRvrt; C:\Windows\System32\Drivers\aswRvrt.sys [49944 2013-12-04] ()
R1 aswSnx; C:\Windows\system32\drivers\aswSnx.sys [775952 2013-12-27] (AVAST Software)
R1 aswSP; C:\Windows\system32\drivers\aswSP.sys [410528 2013-12-27] (AVAST Software)
R1 aswTdi; C:\Windows\system32\drivers\aswTdi.sys [57672 2013-12-27] (AVAST Software)
R0 aswVmm; C:\Windows\System32\Drivers\aswVmm.sys [180248 2013-12-27] ()
R1 avgtp; C:\Windows\system32\drivers\avgtpx86.sys [37664 2013-08-14] (AVG Technologies)
S3 cxbu0wdm; C:\Windows\System32\DRIVERS\cxbu0wdm.sys [97792 2009-06-14] (OMNIKEY)
R3 DCamUSBGene; C:\Windows\System32\DRIVERS\usbgene.sys [175360 2008-10-02] ()
R1 ElbyCDIO; C:\Windows\System32\Drivers\ElbyCDIO.sys [24744 2009-09-11] (Elaborate Bytes AG)
R3 ElbyDelay; C:\Windows\System32\Drivers\ElbyDelay.sys [11984 2007-02-16] (Elaborate Bytes AG)
S3 FNETTBOH; C:\Windows\System32\drivers\FNETTBOH.SYS [23680 2013-05-19] (FNet Co., Ltd.)
R1 FNETURPX; C:\Windows\System32\drivers\FNETURPX.SYS [7936 2013-05-19] (FNet Co., Ltd.)
R0 sptd; C:\Windows\System32\Drivers\sptd.sys [717296 2009-04-28] ()
S3 w800bus; C:\Windows\System32\DRIVERS\w800bus.sys [60768 2005-06-13] (MCCI)
R2 {49DE1C67-83F8-4102-99E0-C16DCC7EEC796}; C:\Program Files\HomeCinema\PlayMovie\000.fcl [61424 2008-10-21] (Cyberlink Corp.)
R2 {FE4C91E7-22C2-4D0C-9F6B-82F1B7742054}; C:\Program Files\CyberLink\PowerDVD8\000.fcl [87536 2009-08-28] (CyberLink Corp.)
U3 antut1r7; C:\Windows\System32\Drivers\antut1r7.sys [0 ] (Microsoft Corporation)
S4 adp94xx; \SystemRoot\system32\drivers\adp94xx.sys [x]
S4 adpahci; \SystemRoot\system32\drivers\adpahci.sys [x]
S4 adpu160m; \SystemRoot\system32\drivers\adpu160m.sys [x]
S4 adpu320; \SystemRoot\system32\drivers\adpu320.sys [x]
R1 AFD; \SystemRoot\system32\drivers\afd.sys [x]
S3 agp440; \SystemRoot\system32\drivers\agp440.sys [x]
S4 aic78xx; \SystemRoot\system32\drivers\djsvs.sys [x]
S4 aliide; \SystemRoot\system32\drivers\aliide.sys [x]
S3 amdagp; \SystemRoot\system32\drivers\amdagp.sys [x]
S4 amdide; \SystemRoot\system32\drivers\amdide.sys [x]
S4 AmdK7; \SystemRoot\system32\drivers\amdk7.sys [x]
S4 AmdK8; \SystemRoot\system32\drivers\amdk8.sys [x]
S4 arc; \SystemRoot\system32\drivers\arc.sys [x]
S4 arcsas; \SystemRoot\system32\drivers\arcsas.sys [x]
S4 blbdrive; \SystemRoot\system32\drivers\blbdrive.sys [x]
S3 BrFiltLo; \SystemRoot\system32\drivers\brfiltlo.sys [x]
S3 BrFiltUp; \SystemRoot\system32\drivers\brfiltup.sys [x]
S4 Brserid; \SystemRoot\system32\drivers\brserid.sys [x]
S4 BrSerWdm; \SystemRoot\system32\drivers\brserwdm.sys [x]
S4 BrUsbMdm; \SystemRoot\system32\drivers\brusbmdm.sys [x]
S3 BrUsbSer; \SystemRoot\system32\drivers\brusbser.sys [x]
S4 BTHMODEM; \SystemRoot\system32\drivers\bthmodem.sys [x]
S4 circlass; \SystemRoot\system32\drivers\circlass.sys [x]
S4 cmdide; \SystemRoot\system32\drivers\cmdide.sys [x]
S4 Crusoe; \SystemRoot\system32\drivers\crusoe.sys [x]
R3 DXGKrnl; \SystemRoot\System32\drivers\dxgkrnl.sys [x]
S4 elxstor; \SystemRoot\system32\drivers\elxstor.sys [x]
S4 ErrDev; \SystemRoot\system32\drivers\errdev.sys [x]
S3 gagp30kx; \SystemRoot\system32\drivers\gagp30kx.sys [x]
S4 HidBth; \SystemRoot\system32\drivers\hidbth.sys [x]
S4 HidIr; \SystemRoot\system32\drivers\hidir.sys [x]
S4 HpCISSs; \SystemRoot\system32\drivers\hpcisss.sys [x]
S4 i2omp; \SystemRoot\system32\drivers\i2omp.sys [x]
S4 iaStorV; \SystemRoot\system32\drivers\iastorv.sys [x]
S4 iirsp; \SystemRoot\system32\drivers\iirsp.sys [x]
S3 IntcAzAudAddService; system32\drivers\RTKVHDA.sys [x]
S3 IpInIp; system32\DRIVERS\ipinip.sys [x]
S4 IPMIDRV; \SystemRoot\system32\drivers\ipmidrv.sys [x]
S4 isapnp; \SystemRoot\system32\drivers\isapnp.sys [x]
S4 iteatapi; \SystemRoot\system32\drivers\iteatapi.sys [x]
S4 iteraid; \SystemRoot\system32\drivers\iteraid.sys [x]
S4 kbdhid; \SystemRoot\system32\drivers\kbdhid.sys [x]
S4 LSI_FC; \SystemRoot\system32\drivers\lsi_fc.sys [x]
S4 LSI_SAS; \SystemRoot\system32\drivers\lsi_sas.sys [x]
S4 LSI_SCSI; \SystemRoot\system32\drivers\lsi_scsi.sys [x]
R2 luafv; \SystemRoot\system32\drivers\luafv.sys [x]
S4 megasas; \SystemRoot\system32\drivers\megasas.sys [x]
S4 MegaSR; \SystemRoot\system32\drivers\megasr.sys [x]
S4 mpio; \SystemRoot\system32\drivers\mpio.sys [x]
S4 Mraid35x; \SystemRoot\system32\drivers\mraid35x.sys [x]
R3 MRxDAV; \SystemRoot\system32\drivers\mrxdav.sys [x]
S4 msdsm; \SystemRoot\system32\drivers\msdsm.sys [x]
S4 nfrd960; \SystemRoot\system32\drivers\nfrd960.sys [x]
S4 ntrigdigi; \SystemRoot\system32\drivers\ntrigdigi.sys [x]
S4 nvraid; \SystemRoot\system32\drivers\nvraid.sys [x]
S4 nvstor; \SystemRoot\system32\drivers\nvstor.sys [x]
S3 nv_agp; \SystemRoot\system32\drivers\nv_agp.sys [x]
S3 NwlnkFlt; system32\DRIVERS\nwlnkflt.sys [x]
S3 NwlnkFwd; system32\DRIVERS\nwlnkfwd.sys [x]
S4 ohci1394; \SystemRoot\system32\drivers\ohci1394.sys [x]
S3 Parport; \SystemRoot\system32\drivers\parport.sys [x]
S2 Parvdm; \SystemRoot\system32\drivers\parvdm.sys [x]
S4 pciide; \SystemRoot\system32\drivers\pciide.sys [x]
S4 pcmcia; \SystemRoot\system32\drivers\pcmcia.sys [x]
S4 Processor; \SystemRoot\system32\drivers\processr.sys [x]
S3 Profos; \??\C:\Program Files\BullGuard Ltd\BullGuard\antirootkit\profos.sys [x]
S4 ql2300; \SystemRoot\system32\drivers\ql2300.sys [x]
S4 ql40xx; \SystemRoot\system32\drivers\ql40xx.sys [x]
S3 QWAVEdrv; \SystemRoot\system32\drivers\qwavedrv.sys [x]
S4 rdpdr; \SystemRoot\system32\drivers\rdpdr.sys [x]
S4 sbp2port; \SystemRoot\system32\drivers\sbp2port.sys [x]
S3 Serenum; \SystemRoot\system32\drivers\serenum.sys [x]
S3 Serial; \SystemRoot\system32\drivers\serial.sys [x]
S4 sermouse; \SystemRoot\system32\drivers\sermouse.sys [x]
S4 sffdisk; \SystemRoot\system32\drivers\sffdisk.sys [x]
S3 sffp_mmc; \SystemRoot\system32\drivers\sffp_mmc.sys [x]
S3 sffp_sd; \SystemRoot\system32\drivers\sffp_sd.sys [x]
S4 sfloppy; \SystemRoot\system32\drivers\sfloppy.sys [x]
S3 sisagp; \SystemRoot\system32\drivers\sisagp.sys [x]
S4 SiSRaid2; \SystemRoot\system32\drivers\sisraid2.sys [x]
S4 SiSRaid4; \SystemRoot\system32\drivers\sisraid4.sys [x]
S4 Symc8xx; \SystemRoot\system32\drivers\symc8xx.sys [x]
S4 Sym_hi; \SystemRoot\system32\drivers\sym_hi.sys [x]
S4 Sym_u3; \SystemRoot\system32\drivers\sym_u3.sys [x]
S3 Trufos; \??\C:\Program Files\BullGuard Ltd\BullGuard\antirootkit\trufos.sys [x]
S3 uagp35; \SystemRoot\system32\drivers\uagp35.sys [x]
S3 uliagpkx; \SystemRoot\system32\drivers\uliagpkx.sys [x]
S4 uliahci; \SystemRoot\system32\drivers\uliahci.sys [x]
S4 UlSata; \SystemRoot\system32\drivers\ulsata.sys [x]
S4 ulsata2; \SystemRoot\system32\drivers\ulsata2.sys [x]
S4 usbcir; \SystemRoot\system32\drivers\usbcir.sys [x]
S4 usbohci; \SystemRoot\system32\drivers\usbohci.sys [x]
R1 VgaSave; \SystemRoot\System32\drivers\vga.sys [x]
S3 viaagp; \SystemRoot\system32\drivers\viaagp.sys [x]
S4 ViaC7; \SystemRoot\system32\drivers\viac7.sys [x]
S4 viaide; \SystemRoot\system32\drivers\viaide.sys [x]
S4 vsmraid; \SystemRoot\system32\drivers\vsmraid.sys [x]
S4 WacomPen; \SystemRoot\system32\drivers\wacompen.sys [x]
S4 Wd; \SystemRoot\system32\drivers\wd.sys [x]
S4 WmiAcpi; \SystemRoot\system32\drivers\wmiacpi.sys [x]
S4 ws2ifsl; \SystemRoot\system32\drivers\ws2ifsl.sys [x]
U3 mbr; \??\C:\Users\Pascal\AppData\Local\Temp\mbr.sys [x]

==================== NetSvcs (Whitelisted) ===================

==================== One Month Created Files and Folders ========

2014-01-12 16:13 - 2014-01-12 16:13 - 00000000 ____D C:\FRST
2014-01-12 15:03 - 2014-01-12 15:03 - 00019270 _____ C:\Users\Pascal\Desktop\dds.txt
2014-01-12 15:03 - 2014-01-12 15:03 - 00011254 _____ C:\Users\Pascal\Desktop\attach.txt
2014-01-12 14:55 - 2014-01-12 16:14 - 00000000 ____D C:\Repair
2014-01-12 11:47 - 2014-01-12 11:47 - 00000446 _____ C:\Windows\Tasks\ParetoLogic Registration3.job
2014-01-12 11:46 - 2014-01-12 11:46 - 00000000 ____D C:\Users\Pascal\AppData\Roaming\ParetoLogic
2014-01-12 11:46 - 2014-01-12 11:46 - 00000000 ____D C:\Users\Pascal\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\ParetoLogic
2014-01-12 11:46 - 2014-01-12 11:46 - 00000000 ____D C:\Users\Pascal\AppData\Roaming\DriverCure
2014-01-12 11:45 - 2014-01-12 11:45 - 00000906 _____ C:\Users\Pascal\Desktop\ParetoLogic PC Health Advisor.lnk
2014-01-12 11:45 - 2014-01-12 11:45 - 00000420 _____ C:\Windows\Tasks\ParetoLogic Update Version3.job
2014-01-12 11:45 - 2014-01-12 11:45 - 00000378 _____ C:\Windows\Tasks\PC Health Advisor Defrag.job
2014-01-12 11:45 - 2014-01-12 11:45 - 00000360 _____ C:\Windows\Tasks\PC Health Advisor.job
2014-01-12 11:45 - 2014-01-12 11:45 - 00000000 ____D C:\ProgramData\ParetoLogic
2014-01-12 11:45 - 2014-01-12 11:45 - 00000000 ____D C:\Program Files\ParetoLogic
2014-01-12 11:45 - 2014-01-12 11:45 - 00000000 ____D C:\Program Files\Common Files\ParetoLogic
2014-01-12 11:44 - 2014-01-12 11:44 - 05248216 _____ (ParetoLogic Inc.) C:\Users\Pascal\Downloads\ParetoLogic PC Health Advisor_fr.exe
2014-01-12 11:35 - 2014-01-12 11:35 - 00000000 ___RD C:\Users\Pascal\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\CyberLink PowerDVD 8
2014-01-06 22:20 - 2014-01-06 22:20 - 00001162 _____ C:\Users\Pascal\Desktop\Naviguer jusqu'à mon Stora (www).lnk
2014-01-06 22:20 - 2014-01-06 22:20 - 00000000 ____D C:\Users\Pascal\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Medion
2014-01-06 22:19 - 2014-01-06 22:19 - 00000000 ____D C:\Program Files\Medion
2014-01-06 22:18 - 2014-01-06 22:18 - 00000000 ____D C:\Users\Pascal\AppData\Local\{6EF6A90A-DFF8-4DB8-93FD-4572F39935B1}
2014-01-04 19:44 - 2014-01-04 19:44 - 00000000 ____D C:\Users\Pascal\AppData\Roaming\Public
2013-12-28 13:37 - 2013-12-28 13:37 - 00000000 ___RD C:\Users\Famille\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\CyberLink PowerDVD 8
2013-12-23 09:50 - 2013-12-23 09:50 - 00000935 _____ C:\Users\Pascal\Desktop\DAPlayer.lnk
2013-12-18 22:13 - 2013-12-18 22:48 - 00000000 ____D C:\ProgramData\tmp
2013-12-18 22:13 - 2013-12-18 22:21 - 00000000 ____D C:\ProgramData\hps
2013-12-18 22:13 - 2013-12-18 22:13 - 00001166 _____ C:\Users\Public\Desktop\Mes créations photo myPIX.com.lnk
2013-12-18 22:13 - 2013-12-18 22:13 - 00001111 _____ C:\Users\Public\Desktop\Galerie photo CEWE.lnk
2013-12-18 22:09 - 2013-12-18 22:09 - 00000000 ____D C:\Program Files\myPIX
2013-12-13 03:02 - 2013-11-15 00:13 - 12344320 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2013-12-13 03:02 - 2013-11-14 23:50 - 09739264 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2013-12-13 03:02 - 2013-11-14 23:50 - 01806848 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2013-12-13 03:02 - 2013-11-14 23:43 - 01105408 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2013-12-13 03:02 - 2013-11-14 23:42 - 01427968 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2013-12-13 03:02 - 2013-11-14 23:42 - 01129472 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2013-12-13 03:02 - 2013-11-14 23:41 - 00231936 _____ (Microsoft Corporation) C:\Windows\system32\url.dll
2013-12-13 03:02 - 2013-11-14 23:40 - 00065024 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2013-12-13 03:02 - 2013-11-14 23:38 - 00717824 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2013-12-13 03:02 - 2013-11-14 23:38 - 00420864 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2013-12-13 03:02 - 2013-11-14 23:38 - 00142848 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2013-12-13 03:02 - 2013-11-14 23:37 - 00607744 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2013-12-13 03:02 - 2013-11-14 23:36 - 01796096 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2013-12-13 03:02 - 2013-11-14 23:36 - 00073216 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2013-12-13 03:02 - 2013-11-14 23:35 - 02382848 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2013-12-13 03:02 - 2013-11-14 23:32 - 00176640 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll

==================== One Month Modified Files and Folders =======

2014-01-12 16:14 - 2014-01-12 14:55 - 00000000 ____D C:\Repair
2014-01-12 16:13 - 2014-01-12 16:13 - 00000000 ____D C:\FRST
2014-01-12 16:03 - 2009-04-14 18:33 - 01056358 _____ C:\Windows\WindowsUpdate.log
2014-01-12 16:01 - 2010-05-28 19:52 - 00001056 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-01-12 16:00 - 2009-05-25 10:32 - 00000292 ____H C:\Windows\Tasks\{783AF354-B514-42d6-970E-3E8BF0A5279C}.job
2014-01-12 16:00 - 2009-05-25 10:32 - 00000292 ____H C:\Windows\Tasks\{5B57CF47-0BFA-43c6-ACF9-3B3653DCADBA}.job
2014-01-12 15:57 - 2009-04-14 21:21 - 00087552 _____ C:\Users\Pascal\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2014-01-12 15:46 - 2012-04-08 09:13 - 00001002 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
2014-01-12 15:32 - 2006-11-02 13:47 - 00003616 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
2014-01-12 15:32 - 2006-11-02 13:47 - 00003616 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
2014-01-12 15:29 - 2012-09-29 12:25 - 00004096 ____H C:\Users\Pascal\AppData\Local\keyfile3.drm
2014-01-12 15:27 - 2009-04-28 16:57 - 00000000 ____D C:\Users\Pascal\AppData\Local\Microsoft Help
2014-01-12 15:03 - 2014-01-12 15:03 - 00019270 _____ C:\Users\Pascal\Desktop\dds.txt
2014-01-12 15:03 - 2014-01-12 15:03 - 00011254 _____ C:\Users\Pascal\Desktop\attach.txt
2014-01-12 15:01 - 2010-01-28 21:27 - 00001052 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-01-12 11:47 - 2014-01-12 11:47 - 00000446 _____ C:\Windows\Tasks\ParetoLogic Registration3.job
2014-01-12 11:46 - 2014-01-12 11:46 - 00000000 ____D C:\Users\Pascal\AppData\Roaming\ParetoLogic
2014-01-12 11:46 - 2014-01-12 11:46 - 00000000 ____D C:\Users\Pascal\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\ParetoLogic
2014-01-12 11:46 - 2014-01-12 11:46 - 00000000 ____D C:\Users\Pascal\AppData\Roaming\DriverCure
2014-01-12 11:45 - 2014-01-12 11:45 - 00000906 _____ C:\Users\Pascal\Desktop\ParetoLogic PC Health Advisor.lnk
2014-01-12 11:45 - 2014-01-12 11:45 - 00000420 _____ C:\Windows\Tasks\ParetoLogic Update Version3.job
2014-01-12 11:45 - 2014-01-12 11:45 - 00000378 _____ C:\Windows\Tasks\PC Health Advisor Defrag.job
2014-01-12 11:45 - 2014-01-12 11:45 - 00000360 _____ C:\Windows\Tasks\PC Health Advisor.job
2014-01-12 11:45 - 2014-01-12 11:45 - 00000000 ____D C:\ProgramData\ParetoLogic
2014-01-12 11:45 - 2014-01-12 11:45 - 00000000 ____D C:\Program Files\ParetoLogic
2014-01-12 11:45 - 2014-01-12 11:45 - 00000000 ____D C:\Program Files\Common Files\ParetoLogic
2014-01-12 11:44 - 2014-01-12 11:44 - 05248216 _____ (ParetoLogic Inc.) C:\Users\Pascal\Downloads\ParetoLogic PC Health Advisor_fr.exe
2014-01-12 11:41 - 2005-04-08 03:16 - 00000000 ___HD C:\Users\Pascal\AppData\Roaming\8E5BC176
2014-01-12 11:37 - 2013-11-03 18:43 - 00000000 ____D C:\Users\Pascal\AppData\Roaming\Dropbox
2014-01-12 11:36 - 2013-11-03 20:09 - 00000000 ___RD C:\Users\Pascal\Dropbox
2014-01-12 11:35 - 2014-01-12 11:35 - 00000000 ___RD C:\Users\Pascal\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\CyberLink PowerDVD 8
2014-01-12 11:33 - 2009-04-14 21:17 - 00099270 _____ C:\ProgramData\nvModes.001
2014-01-12 11:33 - 2006-11-02 14:01 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2014-01-11 00:08 - 2006-11-02 14:01 - 00032616 _____ C:\Windows\Tasks\SCHEDLGU.TXT
2014-01-07 19:33 - 2011-01-08 21:11 - 00000000 ____D C:\Users\Pascal\AppData\Roaming\XBMC
2014-01-06 22:20 - 2014-01-06 22:20 - 00001162 _____ C:\Users\Pascal\Desktop\Naviguer jusqu'à mon Stora (www).lnk
2014-01-06 22:20 - 2014-01-06 22:20 - 00000000 ____D C:\Users\Pascal\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Medion
2014-01-06 22:19 - 2014-01-06 22:19 - 00000000 ____D C:\Program Files\Medion
2014-01-06 22:18 - 2014-01-06 22:18 - 00000000 ____D C:\Users\Pascal\AppData\Local\{6EF6A90A-DFF8-4DB8-93FD-4572F39935B1}
2014-01-06 21:20 - 2006-11-02 12:18 - 00000000 ___RD C:\Users\Public
2014-01-04 19:44 - 2014-01-04 19:44 - 00000000 ____D C:\Users\Pascal\AppData\Roaming\Public
2014-01-04 14:24 - 2006-11-02 11:33 - 01504012 _____ C:\Windows\system32\PerfStringBackup.INI
2013-12-30 20:20 - 2008-01-21 03:47 - 00145106 _____ C:\Windows\PFRO.log
2013-12-30 17:32 - 2009-04-14 18:42 - 00099270 _____ C:\ProgramData\nvModes.dat
2013-12-28 13:38 - 2009-04-28 19:05 - 00000000 ____D C:\Users\Famille\AppData\Local\Google
2013-12-28 13:37 - 2013-12-28 13:37 - 00000000 ___RD C:\Users\Famille\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\CyberLink PowerDVD 8
2013-12-27 14:21 - 2012-12-01 17:54 - 00001888 _____ C:\Users\Public\Desktop\avast! Free Antivirus.lnk
2013-12-27 14:20 - 2013-03-16 20:27 - 00180248 _____ C:\Windows\system32\Drivers\aswVmm.sys
2013-12-27 14:20 - 2011-04-27 19:11 - 00775952 _____ (AVAST Software) C:\Windows\system32\Drivers\aswSnx.sys
2013-12-27 14:20 - 2010-07-29 21:19 - 00043152 _____ (AVAST Software) C:\Windows\avastSS.scr
2013-12-27 14:20 - 2009-07-12 19:00 - 00410528 _____ (AVAST Software) C:\Windows\system32\Drivers\aswSP.sys
2013-12-27 14:20 - 2009-07-12 19:00 - 00270240 _____ (AVAST Software) C:\Windows\system32\aswBoot.exe
2013-12-27 14:20 - 2009-07-12 19:00 - 00067824 _____ (AVAST Software) C:\Windows\system32\Drivers\aswMonFlt.sys
2013-12-27 14:20 - 2009-07-12 19:00 - 00057672 _____ (AVAST Software) C:\Windows\system32\Drivers\aswTdi.sys
2013-12-27 14:20 - 2009-07-12 19:00 - 00054832 _____ (AVAST Software) C:\Windows\system32\Drivers\aswRdr.sys
2013-12-23 10:27 - 2010-11-24 22:20 - 00000094 _____ C:\Users\Pascal\AppData\Roaming\default.pls
2013-12-23 09:50 - 2013-12-23 09:50 - 00000935 _____ C:\Users\Pascal\Desktop\DAPlayer.lnk
2013-12-23 09:50 - 2010-05-01 11:50 - 00000000 ____D C:\Users\Pascal\AppData\Roaming\Digiarty
2013-12-23 09:50 - 2010-05-01 11:50 - 00000000 ____D C:\Program Files\Digiarty
2013-12-21 09:54 - 2013-11-03 18:46 - 00000000 ____D C:\Users\Pascal\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dropbox
2013-12-18 22:48 - 2013-12-18 22:13 - 00000000 ____D C:\ProgramData\tmp
2013-12-18 22:21 - 2013-12-18 22:13 - 00000000 ____D C:\ProgramData\hps
2013-12-18 22:13 - 2013-12-18 22:13 - 00001166 _____ C:\Users\Public\Desktop\Mes créations photo myPIX.com.lnk
2013-12-18 22:13 - 2013-12-18 22:13 - 00001111 _____ C:\Users\Public\Desktop\Galerie photo CEWE.lnk
2013-12-18 22:09 - 2013-12-18 22:09 - 00000000 ____D C:\Program Files\myPIX
2013-12-13 03:39 - 2006-11-02 13:47 - 00433088 _____ C:\Windows\system32\FNTCACHE.DAT
2013-12-13 03:18 - 2009-03-19 09:12 - 00000000 ____D C:\ProgramData\Microsoft Help
2013-12-13 03:14 - 2013-08-10 15:49 - 00000000 ____D C:\Windows\system32\MRT
2013-12-13 03:04 - 2006-11-02 11:24 - 88123800 _____ (Microsoft Corporation) C:\Windows\system32\mrt.exe

Files to move or delete:
====================
C:\Users\Pascal\AppData\Local\Temp\SURVIVAL.vbe
C:\ProgramData\PKP_DLes.DAT
C:\ProgramData\PKP_DLet.DAT
C:\ProgramData\PKP_DLev.DAT
C:\Users\Pascal\AppData\Roaming\settings.ini
C:\Windows\Tasks\{5B57CF47-0BFA-43c6-ACF9-3B3653DCADBA}.job
C:\Windows\Tasks\{783AF354-B514-42d6-970E-3E8BF0A5279C}.job

Some content of TEMP:
====================
C:\Users\Famille\AppData\Local\Temp\NOSEventMessages.dll
C:\Users\Famille\AppData\Local\Temp\SearchWithGoogleUpdate.exe
C:\Users\Pascal\AppData\Local\Temp\aswV5Hlp.dll
C:\Users\Pascal\AppData\Local\Temp\avguidx.dll
C:\Users\Pascal\AppData\Local\Temp\bitool.dll
C:\Users\Pascal\AppData\Local\Temp\CommonInstaller.exe
C:\Users\Pascal\AppData\Local\Temp\DATA.exe
C:\Users\Pascal\AppData\Local\Temp\DivXSetup.exe
C:\Users\Pascal\AppData\Local\Temp\FlashPlayerUpdate.exe
C:\Users\Pascal\AppData\Local\Temp\FlashPlayerUpdate01.exe
C:\Users\Pascal\AppData\Local\Temp\FlashPlayerUpdate02.exe
C:\Users\Pascal\AppData\Local\Temp\FlashPlayerUpdate03.exe
C:\Users\Pascal\AppData\Local\Temp\iGearedHelper.dll
C:\Users\Pascal\AppData\Local\Temp\MachineIdCreator.exe
C:\Users\Pascal\AppData\Local\Temp\Nokia_Suite_PCS_update.exe
C:\Users\Pascal\AppData\Local\Temp\NOSEventMessages.dll
C:\Users\Pascal\AppData\Local\Temp\oi_{FC610CA5-6577-457B-954D-43B691AAD110}.exe
C:\Users\Pascal\AppData\Local\Temp\SearchWithGoogleUpdate.exe
C:\Users\Pascal\AppData\Local\Temp\ToolbarInstaller.exe
C:\Users\Pascal\AppData\Local\Temp\UNINSTALL.EXE
C:\Users\Pascal\AppData\Local\Temp\_is1D43.exe
C:\Users\Pascal\AppData\Local\Temp\_is2B18.exe
C:\Users\Pascal\AppData\Local\Temp\_is4A4B.exe
C:\Users\Pascal\AppData\Local\Temp\_is98C8.exe

==================== Bamital & volsnap Check =================

C:\Windows\explorer.exe => MD5 is legit
C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\System32\rpcss.dll => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit

LastRegBack: 2014-01-12 11:40

==================== End Of Log ============================

 

Attached Files



#4 B-boy/StyLe/

B-boy/StyLe/

    Bleepin' Freestyler


  • Malware Response Team
  • 8,307 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Bulgaria
  • Local time:05:20 AM

Posted 13 January 2014 - 03:22 PM

Hello,

 

I am sorry about the delay but I had a busy day at the office. Also we are at different timezone.

Please delete your copy of FRST and download the latest one from the link above and run a new scan then post the logs in your next reply.

 

Thanks!

 

 

Regards,

Georgi


cXfZ4wS.png


#5 B-boy/StyLe/

B-boy/StyLe/

    Bleepin' Freestyler


  • Malware Response Team
  • 8,307 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Bulgaria
  • Local time:05:20 AM

Posted 15 January 2014 - 06:36 AM

Hi,

 

Are you still there?

 

 

Regards,

Georgi


cXfZ4wS.png


#6 Pgi007be

Pgi007be
  • Topic Starter

  • Members
  • 19 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:04:20 AM

Posted 15 January 2014 - 01:33 PM

Yes I'm there ... with big problems of accessing my pc correctly.

I don't understand your last request.

I followed what you requested me reg. the FRST report, using the link you gave me.

And the day after , you ask me again to use the same link ???

 

Please explain me what I have to do exacly.

 

Thanks

Pascal



#7 B-boy/StyLe/

B-boy/StyLe/

    Bleepin' Freestyler


  • Malware Response Team
  • 8,307 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Bulgaria
  • Local time:05:20 AM

Posted 15 January 2014 - 01:40 PM

Hi,

 

FRST was updated to correct a bug and that's why I asked you to download the latest version from the link above and to run a new scan.

All of your Windows services were reported as missing and the developer updated FRST to fix that out.

So I need to see fresh logs from the latest version of FRST so I can write a fix to remove the baddies from your computer. :)

I am sorry for the inconvenience caused.

 

 

Regards,

Georgi


cXfZ4wS.png


#8 Pgi007be

Pgi007be
  • Topic Starter

  • Members
  • 19 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:04:20 AM

Posted 15 January 2014 - 02:05 PM

OK thanks Georgi, hereafter, the log of FRST

 

**************

Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 15-01-2014 01
Ran by Pascal (administrator) on NEWMEDION on 15-01-2014 19:56:01
Running from C:\Repair
Microsoft® Windows Vista™ Édition Familiale Premium  Service Pack 2 (X86) OS Language: French Standard
Internet Explorer Version 9
Boot Mode: Normal

The only official download link for FRST:
Download link for 32-Bit version: http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/81/
Download link for 64-Bit Version: http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/82/
Download link from any site other than Bleeping Computer is unpermitted or outdated.
See tutorial for FRST: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) ===================

(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(Microsoft Corporation) C:\Windows\System32\SLsvc.exe
(AVAST Software) C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
(Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Nero AG) C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
(Prolific Technology Inc.) C:\Windows\System32\IoctlSvc.exe
() C:\Windows\System32\PSIService.exe
() C:\Program Files\CyberLink\Shared Files\RichVideo.exe
(AVG Secure Search) C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\15.5.0\ToolbarUpdater.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\MSASCui.exe
(Synaptics, Inc.) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(CyberLink Corp.) C:\Program Files\HomeCinema\PlayMovie\PMVService.exe
(Microsoft Corporation) C:\Program Files\Windows Media Player\wmpnscfg.exe
(CyberLink Corp.) C:\Program Files\CyberLink\PowerDVD8\PDVD8Serv.exe
(cyberlink) C:\Program Files\CyberLink\Shared Files\brs.exe
() C:\Program Files\DivX\DivX Update\DivXUpdate.exe
(FNet Co., Ltd.) C:\Program Files\UsbBoost\TurboHddUsb.exe
(Genie-soft) C:\Program Files\LaCie\Genie Backup Assistant\GBMAgent.exe
(Apple Inc.) C:\Program Files\iTunes\iTunesHelper.exe
(AVAST Software) C:\Program Files\Alwil Software\Avast5\AvastUI.exe
(Axentra Corporation) C:\Program Files\Medion\LifeCloud Desktop Applications\HipServAgent\HipServAgent.exe
(Microsoft Corporation) C:\Program Files\Windows Sidebar\sidebar.exe
(Microsoft Corporation) C:\Windows\ehome\ehtray.exe
(DT Soft Ltd) C:\Program Files\DAEMON Tools Lite\daemon.exe
(SEIKO EPSON CORPORATION) C:\Windows\System32\spool\drivers\w32x86\3\E_FATIFCE.EXE
(Nero AG) C:\Program Files\Common Files\Nero\Lib\NMIndexStoreSvr.exe
(Nokia) C:\Program Files\Nokia\Nokia Suite\NokiaSuite.exe
() C:\Users\Pascal\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe
(Apple Inc.) C:\Program Files\Common Files\Apple\Internet Services\ApplePhotoStreams.exe
(Apple Inc.) C:\Program Files\Common Files\Apple\Internet Services\iCloudServices.exe
(Microsoft Corporation) C:\Windows\System32\wscript.exe
(Hôte de la fenêtre de la console) C:\Users\Pascal\AppData\Roaming\Public\conhost.exe
(McAfee, Inc.) C:\Program Files\McAfee Security Scan\3.8.130\SSScheduler.exe
(Hôte de la fenêtre de la console) C:\Users\Pascal\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\conhost.exe
(Dropbox, Inc.) C:\Users\Pascal\AppData\Roaming\Dropbox\bin\Dropbox.exe
(Microsoft Corporation) C:\Windows\ehome\ehmsas.exe
(Nero AG) C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe
(Apple Inc.) C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(Hôte de la fenêtre de la console) C:\Users\Pascal\AppData\Roaming\Public\conhost.exe
(Apple Inc.) C:\Program Files\Common Files\Apple\Internet Services\ApplePhotoStreamsDownloader.exe
(Nokia) C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
(Nokia) C:\Program Files\PC Connectivity Solution\Transports\NclUSBSrv.exe
(Nokia) C:\Program Files\PC Connectivity Solution\Transports\NclRSSrv.exe
(Nokia) C:\Program Files\PC Connectivity Solution\Transports\NclMSBTSrvEx.exe
(Synaptics, Inc.) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(Microsoft Corporation) C:\Windows\System32\wbem\unsecapp.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
(Adobe Systems Incorporated) C:\Windows\System32\Macromed\Flash\FlashUtil32_11_9_900_170_ActiveX.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe

==================== Registry (Whitelisted) ==================

HKLM\...\Run: [Windows Defender] - C:\Program Files\Windows Defender\MSASCui.exe [1008184 2008-01-21] (Microsoft Corporation)
HKLM\...\Run: [NvCplDaemon] - C:\Windows\system32\NvCpl.dll [13560352 2008-09-29] (NVIDIA Corporation)
HKLM\...\Run: [NvMediaCenter] - C:\Windows\system32\NvMcTray.dll [92704 2008-09-29] (NVIDIA Corporation)
HKLM\...\Run: [SynTPEnh] - C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [1328424 2008-07-03] (Synaptics, Inc.)
HKLM\...\Run: [UpdatePDRShortCut] - C:\Program Files\HomeCinema\PowerDirector\MUITransfer\MUIStartMenu.exe [222504 2008-01-04] (CyberLink Corp.)
HKLM\...\Run: [UpdatePPShortCut] - C:\Program Files\HomeCinema\PowerProducer\MUITransfer\MUIStartMenu.exe [222504 2008-02-21] (CyberLink Corp.)
HKLM\...\Run: [PlayMovie] - C:\Program Files\HomeCinema\PlayMovie\PMVService.exe [172032 2008-10-21] (CyberLink Corp.)
HKLM\...\Run: [UCam_Menu] - C:\Program Files\HomeCinema\YouCam\MUITransfer\MUIStartMenu.exe [210216 2008-06-13] (CyberLink Corp.)
HKLM\...\Run: [Google EULA Launcher] - C:\Program Files\Google\Google EULA\GoogleEULALauncher.exe [20480 2008-10-14] (Google)
HKLM\...\Run: [beid] - C:\Program Files\Belgium Identity Card\beid35gui.exe [2035712 2009-02-02] (Belgian Government)
HKLM\...\Run: [NBKeyScan] - C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe [2221352 2008-12-02] (Nero AG)
HKLM\...\Run: [RemoteControl8] - C:\Program Files\CyberLink\PowerDVD8\PDVD8Serv.exe [91432 2009-07-16] (CyberLink Corp.)
HKLM\...\Run: [PDVD8LanguageShortcut] - C:\Program Files\CyberLink\PowerDVD8\Language\Language.exe [50472 2009-04-15] (CyberLink Corp.)
HKLM\...\Run: [BDRegion] - C:\Program Files\Cyberlink\Shared Files\brs.exe [75048 2009-08-28] (cyberlink)
HKLM\...\Run: [Nikon Message Center 2] - C:\Program Files\Nikon\Nikon Message Center 2\NkMC2.exe [619008 2010-05-25] (Nikon Corporation)
HKLM\...\Run: [Adobe Reader Speed Launcher] - C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe [41056 2013-05-08] (Adobe Systems Incorporated)
HKLM\...\Run: [Adobe ARM] - C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [958576 2013-04-04] (Adobe Systems Incorporated)
HKLM\...\Run: [DivXUpdate] - C:\Program Files\DivX\DivX Update\DivXUpdate.exe [1259376 2011-07-29] ()
HKLM\...\Run: [APSDaemon] - C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe [59720 2013-04-21] (Apple Inc.)
HKLM\...\Run: [NSU_agent] - C:\Program Files\Nokia\Nokia Software Updater\nsu3ui_agent.exe [190768 2012-02-28] ()
HKLM\...\Run: [UsbBoost] - C:\Program Files\UsbBoost\TurboHddUsb.exe [3788800 2013-05-19] (FNet Co., Ltd.)
HKLM\...\Run: [GBMLite8AgentLaCie] - C:\Program Files\LaCie\Genie Backup Assistant\GBMAgent.exe [189056 2008-09-18] (Genie-soft)
HKLM\...\Run: [QuickTime Task] - C:\Program Files\QuickTime\QTTask.exe [421888 2013-05-01] (Apple Inc.)
HKLM\...\Run: [iTunesHelper] - C:\Program Files\iTunes\iTunesHelper.exe [152392 2013-11-02] (Apple Inc.)
HKLM\...\Run: [AvastUI.exe] - C:\Program Files\Alwil Software\Avast5\AvastUI.exe [3764024 2013-12-27] (AVAST Software)
HKLM\...\Run: [HipServ Agent] - C:\Program Files\Medion\LifeCloud Desktop Applications\HipServAgent\HipServAgent.exe [2722920 2013-09-30] (Axentra Corporation)
Winlogon\Notify\ScCertProp: wlnotify.dll [X]
HKCU\...\Run: [ehTray.exe] - C:\Windows\ehome\ehTray.exe [125952 2008-01-21] (Microsoft Corporation)
HKCU\...\Run: [DAEMON Tools Lite] - C:\Program Files\DAEMON Tools Lite\daemon.exe [687560 2008-12-29] (DT Soft Ltd)
HKCU\...\Run: [EPSON SX410 Series] - C:\Windows\system32\spool\DRIVERS\W32X86\3\E_FATIFCE.EXE [199680 2008-10-02] (SEIKO EPSON CORPORATION)
HKCU\...\Run: [IndxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] - C:\Program Files\Common Files\Nero\Lib\NMIndexStoreSvr.exe [1840424 2009-03-25] (Nero AG)
HKCU\...\Run: [] - [x]
HKCU\...\Run: [NokiaSuite.exe] - C:\Program Files\Nokia\Nokia Suite\NokiaSuite.exe [1083264 2012-01-10] (Nokia)
HKCU\...\Run: [Spotify Web Helper] - C:\Users\Pascal\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe [1193176 2012-09-08] ()
HKCU\...\Run: [swg] - C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe [39408 2009-04-14] (Google Inc.)
HKCU\...\Run: [ApplePhotoStreams] - C:\Program Files\Common Files\Apple\Internet Services\ApplePhotoStreams.exe [59720 2013-04-05] (Apple Inc.)
HKCU\...\Run: [iCloudServices] - C:\Program Files\Common Files\Apple\Internet Services\iCloudServices.exe [59720 2013-04-05] (Apple Inc.)
HKCU\...\Run: [GBMLite8AgentLaCie] - C:\Program Files\LaCie\Genie Backup Assistant\GBMAgent.exe [189056 2008-09-18] (Genie-soft)
HKCU\...\Run: [SURVIVAL] - C:\Users\Pascal\AppData\Local\Temp\SURVIVAL.vbe [72352551 2013-11-23] () <===== ATTENTION
HKCU\...\Run: [APS] - C:\Users\Pascal\AppData\Roaming\Public\conhost.exe [83404540 2013-12-09] (Hôte de la fenêtre de la console)
HKCU\...\Run: [WMPNSCFG] - C:\Program Files\Windows Media Player\WMPNSCFG.exe [202240 2008-01-21] (Microsoft Corporation)
HKCU\...\RunOnce: [Shockwave Updater] - C:\Windows\System32\Adobe\SHOCKW~1\SWHELP~1.EXE -Update -1103472 -"Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.0; Trident/5.0; SLCC1; .NET CLR 2.0.50727; Media Center PC 5.0; .NET CLR 3.5.30729; .NET4.0C; .NET CLR 3.0.30729)" -"http://www.larecre.net/fr/geographie/belgique/belgique_politique_hydrographie_exercices.html" [460216 2009-01-16] (Adobe Systems, Inc.)
MountPoints2: {9001ea21-45c6-11e0-82e2-00222003b2ce} - I:\PMBP_Win.exe
MountPoints2: {cae7b2d3-340b-11de-ba39-00222003b2ce} - G:\SETUP.EXE
HKU\Default\...\Run: [WindowsWelcomeCenter] - C:\Windows\system32\oobefldr.dll [ 2009-04-11] (Microsoft Corporation)
HKU\Default User\...\Run: [WindowsWelcomeCenter] - C:\Windows\system32\oobefldr.dll [ 2009-04-11] (Microsoft Corporation)
HKU\Famille\...\Run: [BullGuard] - "C:\Program Files\BullGuard Ltd\BullGuard\BullGuard.exe"
HKU\Famille\...\Run: [ehTray.exe] - C:\Windows\ehome\ehTray.exe [ 2008-01-21] (Microsoft Corporation)
HKU\Famille\...\Run: [DAEMON Tools Lite] - C:\Program Files\DAEMON Tools Lite\daemon.exe [ 2008-12-29] (DT Soft Ltd)
HKU\Famille\...\Run: [EPSON SX410 Series] - C:\Windows\system32\spool\DRIVERS\W32X86\3\E_FATIFCE.EXE [ 2008-10-02] (SEIKO EPSON CORPORATION)
HKU\Famille\...\Run: [IndxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] - C:\Program Files\Common Files\Nero\Lib\NMIndexStoreSvr.exe [ 2009-03-25] (Nero AG)
HKU\Famille\...\Run: [WMPNSCFG] - C:\Program Files\Windows Media Player\WMPNSCFG.exe [ 2008-01-21] (Microsoft Corporation)
HKU\Famille\...\Run: [] - [x]
HKU\Famille\...\Run: [NokiaSuite.exe] - C:\Program Files\Nokia\Nokia Suite\NokiaSuite.exe [ 2012-01-10] (Nokia)
HKU\Famille\...\Run: [PC Suite Tray] - C:\Program Files\Nokia\Nokia PC Suite 7\PCSuite.exe [ 2011-12-16] (Nokia)
HKU\Famille\...\Run: [swg] - C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe [ 2009-04-14] (Google Inc.)
HKU\Famille\...\RunOnce: [Shockwave Updater] - C:\Windows\System32\Adobe\Shockwave 11\SwHelper_1103472.exe [ 2009-01-16] (Adobe Systems, Inc.)
Startup: C:\Users\Pascal\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\conhost.exe (Hôte de la fenêtre de la console)
Startup: C:\Users\Pascal\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk
ShortcutTarget: Dropbox.lnk -> C:\Users\Pascal\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
Startup: C:\Users\Pascal\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\SURVIVAL.vbe ()

==================== Internet (Whitelisted) ====================

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.google.be/
HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.aldi.com/
HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.bing.com
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.trooner.com/
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.aldi.com/
SearchScopes: HKCU - DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKCU - {043C5167-00BB-4324-AF7E-62013FAEDACF} URL = http://vshare.toolbarhome.com/search.aspx?q={searchTerms}&srch=dsp
BHO: vShare Plugin - {043C5167-00BB-4324-AF7E-62013FAEDACF} - C:\Program Files\vShare\vshare_toolbar.dll ()
BHO: MSS+ Identifier - {0E8A89AD-95D7-40EB-8D9D-083EF7066A01} - C:\Program Files\McAfee Security Scan\3.8.130\McAfeeMSS_IE.dll (McAfee, Inc.)
BHO: Adobe PDF Link Helper - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
BHO: DivX Plus Web Player HTML5 <video> - {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Program Files\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll (DivX, LLC)
BHO: Java™ Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
BHO: No Name - {7E853D72-626A-48EC-A868-BA8D5E23E045} -  No File
BHO: avast! Online Security - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\Alwil Software\Avast5\aswWebRepIE.dll (AVAST Software)
BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
BHO: Easy Photo Print - {9421DD08-935F-4701-A9CA-22DF90AC4EA6} - C:\Program Files\Epson Software\Easy Photo Print\EPTBL.dll (SEIKO EPSON CORPORATION / CyCom Technology Corp.)
BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)
Toolbar: HKLM - Easy Photo Print - {9421DD08-935F-4701-A9CA-22DF90AC4EA6} - C:\Program Files\Epson Software\Easy Photo Print\EPTBL.dll (SEIKO EPSON CORPORATION / CyCom Technology Corp.)
Toolbar: HKLM - vShare Plugin - {043C5167-00BB-4324-AF7E-62013FAEDACF} - C:\Program Files\vShare\vshare_toolbar.dll ()
Toolbar: HKLM - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
Toolbar: HKLM - avast! Online Security - {CC1A175A-E45B-41ED-A30C-C9B1D7A0C02F} - C:\Program Files\Alwil Software\Avast5\aswWebRepIE.dll (AVAST Software)
Toolbar: HKCU - Google Toolbar - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
Toolbar: HKCU - vShare Plugin - {043C5167-00BB-4324-AF7E-62013FAEDACF} - C:\Program Files\vShare\vshare_toolbar.dll ()
Toolbar: HKCU - No Name - {E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39} -  No File
DPF: {4C833081-D026-4FF8-968F-7EAB660D2FBA} http://download.livetv.ru/livetv.ru/cab/tvants.cab.rar
DPF: {5D637FAD-E202-48D1-8F18-5B9C459BD1E3} http://www.mypix.com/be/fr/importer/newconf/aurigma5.8.1.0/ImageUploader5.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_11-windows-i586.cab
DPF: {8FEFF364-6A5F-4966-A917-A3AC28411659} http://download.sopcast.cn/download/SOPCORE.CAB
DPF: {CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_11-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_11-windows-i586.cab
DPF: {DB28CF23-0083-40B5-BF63-69925D672385} http://www.nero.com/doc/NeroVersionChecker.cab
Handler: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\Windows Live\Messenger\msgrapp.8.5.1302.1018.dll (Microsoft Corporation)
Handler: ms-itss - {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Program Files\Common Files\Microsoft Shared\Information Retrieval\msitss.dll (Microsoft Corporation)
Handler: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\Windows Live\Messenger\msgrapp.8.5.1302.1018.dll (Microsoft Corporation)
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
Handler: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - C:\Program Files\Common Files\AVG Secure Search\ViProtocolInstaller\15.5.0\ViProtocol.dll No File
Handler: vsharechrome - {3F3A4B8A-86FC-43A4-BB00-6D7EBE9D4484} - C:\Program Files\vShare\vshare_toolbar.dll ()
Winsock: Catalog5 07 C:\Program Files\Bonjour\mdnsNSP.dll [121704] (Apple Inc.)
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1

Chrome:
=======
CHR HomePage: hxxp://www.google.be/webhp?hl=fr
CHR RestoreOnStartup: "hxxp://www.google.com/"
CHR Extension: (Google Drive) - C:\Users\Pascal\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.3_0 [2013-01-05]
CHR Extension: (YouTube) - C:\Users\Pascal\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.6_0 [2013-05-19]
CHR Extension: (Google Search) - C:\Users\Pascal\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.20_0 [2013-05-19]
CHR Extension: (Chrome In-App Payments service) - C:\Users\Pascal\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.4.11_0 [2013-09-18]
CHR Extension: (DivX Plus Web Player HTML5 \u003Cvideo\u003E) - C:\Users\Pascal\AppData\Local\Google\Chrome\User Data\Default\Extensions\nneajnkjbffgblleaoojgaacokifdkhm\2.1.2.145_0 [2013-01-05]
CHR Extension: (Gmail) - C:\Users\Pascal\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0 [2013-01-05]
CHR HKLM\...\Chrome\Extension: [nneajnkjbffgblleaoojgaacokifdkhm] - C:\Program Files\DivX\DivX Plus Web Player\chrome\DivXHTML5\DivXHTML5.crx [2011-12-12]
CHR HKCU\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION

========================== Services (Whitelisted) =================

R2 avast! Antivirus; C:\Program Files\Alwil Software\Avast5\AvastSvc.exe [50344 2013-12-27] (AVAST Software)
S3 McComponentHostService; C:\Program Files\McAfee Security Scan\3.8.130\McCHSvc.exe [235216 2013-09-06] (McAfee, Inc.)
R2 ProtexisLicensing; C:\Windows\system32\PSIService.exe [177704 2007-06-05] ()
R2 RichVideo; C:\Program Files\CyberLink\Shared Files\RichVideo.exe [241734 2008-06-28] ()
S3 usnjsvc; C:\Program Files\Windows Live\Messenger\usnsvc.exe [98328 2007-10-18] (Microsoft Corporation)
R2 vToolbarUpdater15.5.0; C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\15.5.0\ToolbarUpdater.exe [1643184 2013-08-14] (AVG Secure Search)
S3 WLSetupSvc; C:\Program Files\Windows Live\installer\WLSetupSvc.exe [266240 2007-10-25] (Microsoft Corporation)

==================== Drivers (Whitelisted) ====================

R1 aswKbd; C:\Windows\System32\Drivers\aswKbd.sys [20624 2012-10-30] (AVAST Software)
R2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [67824 2013-12-27] (AVAST Software)
R1 aswRdr; C:\Windows\system32\drivers\aswRdr.sys [54832 2013-12-27] (AVAST Software)
R0 aswRvrt; C:\Windows\System32\Drivers\aswRvrt.sys [49944 2013-12-04] ()
R1 aswSnx; C:\Windows\system32\drivers\aswSnx.sys [775952 2013-12-27] (AVAST Software)
R1 aswSP; C:\Windows\system32\drivers\aswSP.sys [410528 2013-12-27] (AVAST Software)
R1 aswTdi; C:\Windows\system32\drivers\aswTdi.sys [57672 2013-12-27] (AVAST Software)
R0 aswVmm; C:\Windows\System32\Drivers\aswVmm.sys [180248 2013-12-27] ()
R1 avgtp; C:\Windows\system32\drivers\avgtpx86.sys [37664 2013-08-14] (AVG Technologies)
S3 cxbu0wdm; C:\Windows\System32\DRIVERS\cxbu0wdm.sys [97792 2009-06-14] (OMNIKEY)
R3 DCamUSBGene; C:\Windows\System32\DRIVERS\usbgene.sys [175360 2008-10-02] ()
R1 ElbyCDIO; C:\Windows\System32\Drivers\ElbyCDIO.sys [24744 2009-09-11] (Elaborate Bytes AG)
R3 ElbyDelay; C:\Windows\System32\Drivers\ElbyDelay.sys [11984 2007-02-16] (Elaborate Bytes AG)
S3 FNETTBOH; C:\Windows\System32\drivers\FNETTBOH.SYS [23680 2013-05-19] (FNet Co., Ltd.)
R1 FNETURPX; C:\Windows\System32\drivers\FNETURPX.SYS [7936 2013-05-19] (FNet Co., Ltd.)
R0 sptd; C:\Windows\System32\Drivers\sptd.sys [717296 2009-04-28] ()
S3 w800bus; C:\Windows\System32\DRIVERS\w800bus.sys [60768 2005-06-13] (MCCI)
R2 {49DE1C67-83F8-4102-99E0-C16DCC7EEC796}; C:\Program Files\HomeCinema\PlayMovie\000.fcl [61424 2008-10-21] (Cyberlink Corp.)
R2 {FE4C91E7-22C2-4D0C-9F6B-82F1B7742054}; C:\Program Files\CyberLink\PowerDVD8\000.fcl [87536 2009-08-28] (CyberLink Corp.)
U3 af7d4hga; C:\Windows\System32\Drivers\af7d4hga.sys [0 ] (Microsoft Corporation)
S3 IntcAzAudAddService; system32\drivers\RTKVHDA.sys [x]
S3 IpInIp; system32\DRIVERS\ipinip.sys [x]
S3 NwlnkFlt; system32\DRIVERS\nwlnkflt.sys [x]
S3 NwlnkFwd; system32\DRIVERS\nwlnkfwd.sys [x]
S3 Profos; \??\C:\Program Files\BullGuard Ltd\BullGuard\antirootkit\profos.sys [x]
S3 Trufos; \??\C:\Program Files\BullGuard Ltd\BullGuard\antirootkit\trufos.sys [x]

==================== NetSvcs (Whitelisted) ===================

==================== One Month Created Files and Folders ========

2014-01-15 19:23 - 2014-01-15 19:24 - 00000000 ___RD C:\Users\Pascal\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\CyberLink PowerDVD 8
2014-01-12 16:13 - 2014-01-12 16:13 - 00000000 ____D C:\FRST
2014-01-12 15:03 - 2014-01-12 15:03 - 00019270 _____ C:\Users\Pascal\Desktop\dds.txt
2014-01-12 15:03 - 2014-01-12 15:03 - 00011254 _____ C:\Users\Pascal\Desktop\attach.txt
2014-01-12 14:55 - 2014-01-15 19:56 - 00000000 ____D C:\Repair
2014-01-12 11:47 - 2014-01-12 18:00 - 00000446 _____ C:\Windows\Tasks\ParetoLogic Registration3.job
2014-01-12 11:46 - 2014-01-12 11:46 - 00000000 ____D C:\Users\Pascal\AppData\Roaming\ParetoLogic
2014-01-12 11:46 - 2014-01-12 11:46 - 00000000 ____D C:\Users\Pascal\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\ParetoLogic
2014-01-12 11:46 - 2014-01-12 11:46 - 00000000 ____D C:\Users\Pascal\AppData\Roaming\DriverCure
2014-01-12 11:45 - 2014-01-15 19:20 - 00000420 _____ C:\Windows\Tasks\ParetoLogic Update Version3.job
2014-01-12 11:45 - 2014-01-15 19:20 - 00000378 _____ C:\Windows\Tasks\PC Health Advisor Defrag.job
2014-01-12 11:45 - 2014-01-15 19:20 - 00000360 _____ C:\Windows\Tasks\PC Health Advisor.job
2014-01-12 11:45 - 2014-01-12 11:45 - 00000906 _____ C:\Users\Pascal\Desktop\ParetoLogic PC Health Advisor.lnk
2014-01-12 11:45 - 2014-01-12 11:45 - 00000000 ____D C:\ProgramData\ParetoLogic
2014-01-12 11:45 - 2014-01-12 11:45 - 00000000 ____D C:\Program Files\ParetoLogic
2014-01-12 11:45 - 2014-01-12 11:45 - 00000000 ____D C:\Program Files\Common Files\ParetoLogic
2014-01-12 11:44 - 2014-01-12 11:44 - 05248216 _____ (ParetoLogic Inc.) C:\Users\Pascal\Downloads\ParetoLogic PC Health Advisor_fr.exe
2014-01-06 22:20 - 2014-01-06 22:20 - 00001162 _____ C:\Users\Pascal\Desktop\Naviguer jusqu'à mon Stora (www).lnk
2014-01-06 22:20 - 2014-01-06 22:20 - 00000000 ____D C:\Users\Pascal\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Medion
2014-01-06 22:19 - 2014-01-06 22:19 - 00000000 ____D C:\Program Files\Medion
2014-01-06 22:18 - 2014-01-06 22:18 - 00000000 ____D C:\Users\Pascal\AppData\Local\{6EF6A90A-DFF8-4DB8-93FD-4572F39935B1}
2014-01-04 19:44 - 2014-01-04 19:44 - 00000000 ____D C:\Users\Pascal\AppData\Roaming\Public
2013-12-28 13:37 - 2013-12-28 13:37 - 00000000 ___RD C:\Users\Famille\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\CyberLink PowerDVD 8
2013-12-23 09:50 - 2013-12-23 09:50 - 00000935 _____ C:\Users\Pascal\Desktop\DAPlayer.lnk
2013-12-18 22:13 - 2013-12-18 22:48 - 00000000 ____D C:\ProgramData\tmp
2013-12-18 22:13 - 2013-12-18 22:21 - 00000000 ____D C:\ProgramData\hps
2013-12-18 22:13 - 2013-12-18 22:13 - 00001166 _____ C:\Users\Public\Desktop\Mes créations photo myPIX.com.lnk
2013-12-18 22:13 - 2013-12-18 22:13 - 00001111 _____ C:\Users\Public\Desktop\Galerie photo CEWE.lnk
2013-12-18 22:09 - 2013-12-18 22:09 - 00000000 ____D C:\Program Files\myPIX

==================== One Month Modified Files and Folders =======

2014-01-15 19:56 - 2014-01-12 14:55 - 00000000 ____D C:\Repair
2014-01-15 19:49 - 2012-04-08 09:13 - 00001002 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
2014-01-15 19:42 - 2009-04-14 18:33 - 01123320 _____ C:\Windows\WindowsUpdate.log
2014-01-15 19:28 - 2005-04-08 03:16 - 00000000 ___HD C:\Users\Pascal\AppData\Roaming\8E5BC176
2014-01-15 19:25 - 2013-11-03 20:09 - 00000000 ___RD C:\Users\Pascal\Dropbox
2014-01-15 19:25 - 2013-11-03 18:43 - 00000000 ____D C:\Users\Pascal\AppData\Roaming\Dropbox
2014-01-15 19:24 - 2014-01-15 19:23 - 00000000 ___RD C:\Users\Pascal\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\CyberLink PowerDVD 8
2014-01-15 19:23 - 2010-01-28 21:27 - 00001052 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-01-15 19:23 - 2009-05-25 10:32 - 00000292 ____H C:\Windows\Tasks\{783AF354-B514-42d6-970E-3E8BF0A5279C}.job
2014-01-15 19:23 - 2009-05-25 10:32 - 00000292 ____H C:\Windows\Tasks\{5B57CF47-0BFA-43c6-ACF9-3B3653DCADBA}.job
2014-01-15 19:20 - 2014-01-12 11:45 - 00000420 _____ C:\Windows\Tasks\ParetoLogic Update Version3.job
2014-01-15 19:20 - 2014-01-12 11:45 - 00000378 _____ C:\Windows\Tasks\PC Health Advisor Defrag.job
2014-01-15 19:20 - 2014-01-12 11:45 - 00000360 _____ C:\Windows\Tasks\PC Health Advisor.job
2014-01-15 19:20 - 2009-04-14 21:17 - 00099270 _____ C:\ProgramData\nvModes.001
2014-01-15 19:20 - 2006-11-02 14:01 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2014-01-15 19:20 - 2006-11-02 13:47 - 00003616 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
2014-01-15 19:20 - 2006-11-02 13:47 - 00003616 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
2014-01-12 22:25 - 2006-11-02 14:01 - 00032616 _____ C:\Windows\Tasks\SCHEDLGU.TXT
2014-01-12 22:02 - 2010-05-28 19:52 - 00001056 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-01-12 21:45 - 2009-04-14 21:21 - 00096256 _____ C:\Users\Pascal\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2014-01-12 18:00 - 2014-01-12 11:47 - 00000446 _____ C:\Windows\Tasks\ParetoLogic Registration3.job
2014-01-12 16:13 - 2014-01-12 16:13 - 00000000 ____D C:\FRST
2014-01-12 15:29 - 2012-09-29 12:25 - 00004096 ____H C:\Users\Pascal\AppData\Local\keyfile3.drm
2014-01-12 15:27 - 2009-04-28 16:57 - 00000000 ____D C:\Users\Pascal\AppData\Local\Microsoft Help
2014-01-12 15:03 - 2014-01-12 15:03 - 00019270 _____ C:\Users\Pascal\Desktop\dds.txt
2014-01-12 15:03 - 2014-01-12 15:03 - 00011254 _____ C:\Users\Pascal\Desktop\attach.txt
2014-01-12 11:46 - 2014-01-12 11:46 - 00000000 ____D C:\Users\Pascal\AppData\Roaming\ParetoLogic
2014-01-12 11:46 - 2014-01-12 11:46 - 00000000 ____D C:\Users\Pascal\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\ParetoLogic
2014-01-12 11:46 - 2014-01-12 11:46 - 00000000 ____D C:\Users\Pascal\AppData\Roaming\DriverCure
2014-01-12 11:45 - 2014-01-12 11:45 - 00000906 _____ C:\Users\Pascal\Desktop\ParetoLogic PC Health Advisor.lnk
2014-01-12 11:45 - 2014-01-12 11:45 - 00000000 ____D C:\ProgramData\ParetoLogic
2014-01-12 11:45 - 2014-01-12 11:45 - 00000000 ____D C:\Program Files\ParetoLogic
2014-01-12 11:45 - 2014-01-12 11:45 - 00000000 ____D C:\Program Files\Common Files\ParetoLogic
2014-01-12 11:44 - 2014-01-12 11:44 - 05248216 _____ (ParetoLogic Inc.) C:\Users\Pascal\Downloads\ParetoLogic PC Health Advisor_fr.exe
2014-01-07 19:33 - 2011-01-08 21:11 - 00000000 ____D C:\Users\Pascal\AppData\Roaming\XBMC
2014-01-06 22:20 - 2014-01-06 22:20 - 00001162 _____ C:\Users\Pascal\Desktop\Naviguer jusqu'à mon Stora (www).lnk
2014-01-06 22:20 - 2014-01-06 22:20 - 00000000 ____D C:\Users\Pascal\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Medion
2014-01-06 22:19 - 2014-01-06 22:19 - 00000000 ____D C:\Program Files\Medion
2014-01-06 22:18 - 2014-01-06 22:18 - 00000000 ____D C:\Users\Pascal\AppData\Local\{6EF6A90A-DFF8-4DB8-93FD-4572F39935B1}
2014-01-06 21:20 - 2006-11-02 12:18 - 00000000 ___RD C:\Users\Public
2014-01-04 19:44 - 2014-01-04 19:44 - 00000000 ____D C:\Users\Pascal\AppData\Roaming\Public
2014-01-04 14:24 - 2006-11-02 11:33 - 01504012 _____ C:\Windows\system32\PerfStringBackup.INI
2013-12-30 20:20 - 2008-01-21 03:47 - 00145106 _____ C:\Windows\PFRO.log
2013-12-30 17:32 - 2009-04-14 18:42 - 00099270 _____ C:\ProgramData\nvModes.dat
2013-12-28 13:38 - 2009-04-28 19:05 - 00000000 ____D C:\Users\Famille\AppData\Local\Google
2013-12-28 13:37 - 2013-12-28 13:37 - 00000000 ___RD C:\Users\Famille\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\CyberLink PowerDVD 8
2013-12-27 14:21 - 2012-12-01 17:54 - 00001888 _____ C:\Users\Public\Desktop\avast! Free Antivirus.lnk
2013-12-27 14:20 - 2013-03-16 20:27 - 00180248 _____ C:\Windows\system32\Drivers\aswVmm.sys
2013-12-27 14:20 - 2011-04-27 19:11 - 00775952 _____ (AVAST Software) C:\Windows\system32\Drivers\aswSnx.sys
2013-12-27 14:20 - 2010-07-29 21:19 - 00043152 _____ (AVAST Software) C:\Windows\avastSS.scr
2013-12-27 14:20 - 2009-07-12 19:00 - 00410528 _____ (AVAST Software) C:\Windows\system32\Drivers\aswSP.sys
2013-12-27 14:20 - 2009-07-12 19:00 - 00270240 _____ (AVAST Software) C:\Windows\system32\aswBoot.exe
2013-12-27 14:20 - 2009-07-12 19:00 - 00067824 _____ (AVAST Software) C:\Windows\system32\Drivers\aswMonFlt.sys
2013-12-27 14:20 - 2009-07-12 19:00 - 00057672 _____ (AVAST Software) C:\Windows\system32\Drivers\aswTdi.sys
2013-12-27 14:20 - 2009-07-12 19:00 - 00054832 _____ (AVAST Software) C:\Windows\system32\Drivers\aswRdr.sys
2013-12-23 10:27 - 2010-11-24 22:20 - 00000094 _____ C:\Users\Pascal\AppData\Roaming\default.pls
2013-12-23 09:50 - 2013-12-23 09:50 - 00000935 _____ C:\Users\Pascal\Desktop\DAPlayer.lnk
2013-12-23 09:50 - 2010-05-01 11:50 - 00000000 ____D C:\Users\Pascal\AppData\Roaming\Digiarty
2013-12-23 09:50 - 2010-05-01 11:50 - 00000000 ____D C:\Program Files\Digiarty
2013-12-21 09:54 - 2013-11-03 18:46 - 00000000 ____D C:\Users\Pascal\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dropbox
2013-12-18 22:48 - 2013-12-18 22:13 - 00000000 ____D C:\ProgramData\tmp
2013-12-18 22:21 - 2013-12-18 22:13 - 00000000 ____D C:\ProgramData\hps
2013-12-18 22:13 - 2013-12-18 22:13 - 00001166 _____ C:\Users\Public\Desktop\Mes créations photo myPIX.com.lnk
2013-12-18 22:13 - 2013-12-18 22:13 - 00001111 _____ C:\Users\Public\Desktop\Galerie photo CEWE.lnk
2013-12-18 22:09 - 2013-12-18 22:09 - 00000000 ____D C:\Program Files\myPIX

Files to move or delete:
====================
C:\Users\Pascal\AppData\Local\Temp\SURVIVAL.vbe
C:\ProgramData\PKP_DLes.DAT
C:\ProgramData\PKP_DLet.DAT
C:\ProgramData\PKP_DLev.DAT
C:\Users\Pascal\AppData\Roaming\settings.ini
C:\Windows\Tasks\{5B57CF47-0BFA-43c6-ACF9-3B3653DCADBA}.job
C:\Windows\Tasks\{783AF354-B514-42d6-970E-3E8BF0A5279C}.job

Some content of TEMP:
====================
C:\Users\Famille\AppData\Local\Temp\NOSEventMessages.dll
C:\Users\Famille\AppData\Local\Temp\SearchWithGoogleUpdate.exe
C:\Users\Pascal\AppData\Local\Temp\aswV5Hlp.dll
C:\Users\Pascal\AppData\Local\Temp\avguidx.dll
C:\Users\Pascal\AppData\Local\Temp\bitool.dll
C:\Users\Pascal\AppData\Local\Temp\CommonInstaller.exe
C:\Users\Pascal\AppData\Local\Temp\DATA.exe
C:\Users\Pascal\AppData\Local\Temp\DivXSetup.exe
C:\Users\Pascal\AppData\Local\Temp\FlashPlayerUpdate.exe
C:\Users\Pascal\AppData\Local\Temp\FlashPlayerUpdate01.exe
C:\Users\Pascal\AppData\Local\Temp\FlashPlayerUpdate02.exe
C:\Users\Pascal\AppData\Local\Temp\FlashPlayerUpdate03.exe
C:\Users\Pascal\AppData\Local\Temp\iGearedHelper.dll
C:\Users\Pascal\AppData\Local\Temp\MachineIdCreator.exe
C:\Users\Pascal\AppData\Local\Temp\Nokia_Suite_PCS_update.exe
C:\Users\Pascal\AppData\Local\Temp\NOSEventMessages.dll
C:\Users\Pascal\AppData\Local\Temp\oi_{FC610CA5-6577-457B-954D-43B691AAD110}.exe
C:\Users\Pascal\AppData\Local\Temp\SearchWithGoogleUpdate.exe
C:\Users\Pascal\AppData\Local\Temp\ToolbarInstaller.exe
C:\Users\Pascal\AppData\Local\Temp\UNINSTALL.EXE
C:\Users\Pascal\AppData\Local\Temp\_is1D43.exe
C:\Users\Pascal\AppData\Local\Temp\_is2B18.exe
C:\Users\Pascal\AppData\Local\Temp\_is4A4B.exe
C:\Users\Pascal\AppData\Local\Temp\_is98C8.exe

==================== Bamital & volsnap Check =================

C:\Windows\explorer.exe => MD5 is legit
C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\System32\rpcss.dll => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit

LastRegBack: 2014-01-15 19:31

==================== End Of Log ============================



#9 B-boy/StyLe/

B-boy/StyLe/

    Bleepin' Freestyler


  • Malware Response Team
  • 8,307 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Bulgaria
  • Local time:05:20 AM

Posted 15 January 2014 - 07:37 PM

Hi,
 
 
Please download the following file => and save it to the Desktop.
NOTE. It's important that both files, FRST and fixlist.txt are in the same location or the fix will not work.

Run FRST and press the Fix button just once and wait.
The tool will make a log on the Desktop (Fixlog.txt). Please post it to your reply.
 
 
Regards,
Georgi


cXfZ4wS.png


#10 Pgi007be

Pgi007be
  • Topic Starter

  • Members
  • 19 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:04:20 AM

Posted 16 January 2014 - 01:10 PM

Hello Georgi,

 

I've performed your request but during the fix, my AVAST antivirus warned me about a malware detection (same msg reg. wchelper and conhost).

 

Here is the log of FIX :

 

***********************

 

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x86) Version: 15-01-2014 03
Ran by Pascal at 2014-01-16 19:00:55 Run:1
Running from C:\Repair
Boot Mode: Normal

==============================================

Content of fixlist:
*****************
start
(Microsoft Corporation) C:\Windows\System32\wscript.exe
(Hôte de la fenêtre de la console) C:\Users\Pascal\AppData\Roaming\Public\conhost.exe
C:\Users\Pascal\AppData\Roaming\Public\conhost.exe
(McAfee, Inc.) C:\Program Files\McAfee Security Scan\3.8.130\SSScheduler.exe
C:\Program Files\McAfee Security Scan
(Hôte de la fenêtre de la console) C:\Users\Pascal\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\conhost.exe
C:\Users\Pascal\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\conhost.exe
HKCU\...\Run: [] - [x]
HKCU\...\Run: [SURVIVAL] - C:\Users\Pascal\AppData\Local\Temp\SURVIVAL.vbe [72352551 2013-11-23] () <===== ATTENTION
C:\Users\Pascal\AppData\Local\Temp\SURVIVAL.vbe
HKCU\...\Run: [APS] - C:\Users\Pascal\AppData\Roaming\Public\conhost.exe [83404540 2013-12-09] (Hôte de la fenêtre de la console)
HKU\Famille\...\Run: [] - [x]
Startup: C:\Users\Pascal\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\conhost.exe (Hôte de la fenêtre de la console)
Startup: C:\Users\Pascal\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\SURVIVAL.vbe ()
C:\Users\Pascal\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\SURVIVAL.vbe
SearchScopes: HKCU - {043C5167-00BB-4324-AF7E-62013FAEDACF} URL = http://vshare.toolbarhome.com/search.aspx?q={searchTerms}&srch=dsp
BHO: vShare Plugin - {043C5167-00BB-4324-AF7E-62013FAEDACF} - C:\Program Files\vShare\vshare_toolbar.dll ()
BHO: MSS+ Identifier - {0E8A89AD-95D7-40EB-8D9D-083EF7066A01} - C:\Program Files\McAfee Security Scan\3.8.130\McAfeeMSS_IE.dll (McAfee, Inc.)
BHO: No Name - {7E853D72-626A-48EC-A868-BA8D5E23E045} -  No File
Toolbar: HKLM - vShare Plugin - {043C5167-00BB-4324-AF7E-62013FAEDACF} - C:\Program Files\vShare\vshare_toolbar.dll ()
Toolbar: HKCU - vShare Plugin - {043C5167-00BB-4324-AF7E-62013FAEDACF} - C:\Program Files\vShare\vshare_toolbar.dll ()
Toolbar: HKCU - No Name - {E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39} -  No File
Handler: vsharechrome - {3F3A4B8A-86FC-43A4-BB00-6D7EBE9D4484} - C:\Program Files\vShare\vshare_toolbar.dll ()
CHR HKCU\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION
S3 McComponentHostService; C:\Program Files\McAfee Security Scan\3.8.130\McCHSvc.exe [235216 2013-09-06] (McAfee, Inc.)
2014-01-12 11:47 - 2014-01-12 18:00 - 00000446 _____ C:\Windows\Tasks\ParetoLogic Registration3.job
2014-01-12 11:46 - 2014-01-12 11:46 - 00000000 ____D C:\Users\Pascal\AppData\Roaming\ParetoLogic
2014-01-12 11:46 - 2014-01-12 11:46 - 00000000 ____D C:\Users\Pascal\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\ParetoLogic
2014-01-12 11:46 - 2014-01-12 11:46 - 00000000 ____D C:\Users\Pascal\AppData\Roaming\DriverCure
2014-01-12 11:45 - 2014-01-15 19:20 - 00000420 _____ C:\Windows\Tasks\ParetoLogic Update Version3.job
2014-01-12 11:45 - 2014-01-15 19:20 - 00000378 _____ C:\Windows\Tasks\PC Health Advisor Defrag.job
2014-01-12 11:45 - 2014-01-15 19:20 - 00000360 _____ C:\Windows\Tasks\PC Health Advisor.job
2014-01-12 11:45 - 2014-01-12 11:45 - 00000906 _____ C:\Users\Pascal\Desktop\ParetoLogic PC Health Advisor.lnk
2014-01-12 11:45 - 2014-01-12 11:45 - 00000000 ____D C:\ProgramData\ParetoLogic
2014-01-12 11:45 - 2014-01-12 11:45 - 00000000 ____D C:\Program Files\ParetoLogic
2014-01-12 11:45 - 2014-01-12 11:45 - 00000000 ____D C:\Program Files\Common Files\ParetoLogic
2014-01-12 11:44 - 2014-01-12 11:44 - 05248216 _____ (ParetoLogic Inc.) C:\Users\Pascal\Downloads\ParetoLogic PC Health Advisor_fr.exe
2014-01-06 22:18 - 2014-01-06 22:18 - 00000000 ____D C:\Users\Pascal\AppData\Local\{6EF6A90A-DFF8-4DB8-93FD-4572F39935B1}
Folder: C:\Users\Pascal\AppData\Roaming\8E5BC176
C:\Windows\Tasks\{5B57CF47-0BFA-43c6-ACF9-3B3653DCADBA}.job
C:\Windows\Tasks\{783AF354-B514-42d6-970E-3E8BF0A5279C}.job
C:\Users\Famille\AppData\Local\Temp
end
*****************

[2264] C:\Windows\System32\wscript.exe => Process closed successfully.
[1276] C:\Users\Pascal\AppData\Roaming\Public\conhost.exe => Process closed successfully.
[5676] C:\Users\Pascal\AppData\Roaming\Public\conhost.exe => Process closed successfully.
C:\Users\Pascal\AppData\Roaming\Public\conhost.exe => Moved successfully.
[3860] C:\Program Files\McAfee Security Scan\3.8.130\SSScheduler.exe => Process closed successfully.
C:\Program Files\McAfee Security Scan => Moved successfully.
[3820] C:\Users\Pascal\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\conhost.exe => Process closed successfully.
C:\Users\Pascal\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\conhost.exe => Moved successfully.
HKCU\Software\Microsoft\Windows\CurrentVersion\Run\\ => Value deleted successfully.
HKCU\Software\Microsoft\Windows\CurrentVersion\Run\\SURVIVAL => Value deleted successfully.
C:\Users\Pascal\AppData\Local\Temp\SURVIVAL.vbe => Moved successfully.
HKCU\Software\Microsoft\Windows\CurrentVersion\Run\\APS => Value deleted successfully.
HKU\Famille\Software\Microsoft\Windows\CurrentVersion\Run\\ => Value deleted successfully.
C:\Users\Pascal\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\conhost.exe => Moved successfully.
C:\Users\Pascal\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\SURVIVAL.vbe => Moved successfully.
"C:\Users\Pascal\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\SURVIVAL.vbe" => File/Directory not found.
HKCU\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{043C5167-00BB-4324-AF7E-62013FAEDACF} => Key deleted successfully.
HKCR\Wow6432Node\CLSID\{043C5167-00BB-4324-AF7E-62013FAEDACF} => Key not found.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{043C5167-00BB-4324-AF7E-62013FAEDACF} => Key deleted successfully.
HKCR\CLSID\{043C5167-00BB-4324-AF7E-62013FAEDACF} => Key deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{0E8A89AD-95D7-40EB-8D9D-083EF7066A01} => Key deleted successfully.
HKCR\CLSID\{0E8A89AD-95D7-40EB-8D9D-083EF7066A01} => Key deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{7E853D72-626A-48EC-A868-BA8D5E23E045} => Key deleted successfully.
HKCR\CLSID\{7E853D72-626A-48EC-A868-BA8D5E23E045} => Key not found.
HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar\\{043C5167-00BB-4324-AF7E-62013FAEDACF} => Value deleted successfully.
HKCR\CLSID\{043C5167-00BB-4324-AF7E-62013FAEDACF} => Key not found.
HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{043C5167-00BB-4324-AF7E-62013FAEDACF} => Value deleted successfully.
HKCR\CLSID\{043C5167-00BB-4324-AF7E-62013FAEDACF} => Key not found.
HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39} => Value deleted successfully.
HKCR\CLSID\{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39} => Key deleted successfully.
HKCR\PROTOCOLS\Handler\vsharechrome => Key deleted successfully.
HKCR\CLSID\{3F3A4B8A-86FC-43A4-BB00-6D7EBE9D4484} => Key deleted successfully.
HKCU\SOFTWARE\Policies\Google => Key deleted successfully.
McComponentHostService => Service deleted successfully.
C:\Windows\Tasks\ParetoLogic Registration3.job => Moved successfully.
C:\Users\Pascal\AppData\Roaming\ParetoLogic => Moved successfully.
C:\Users\Pascal\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\ParetoLogic => Moved successfully.
C:\Users\Pascal\AppData\Roaming\DriverCure => Moved successfully.
C:\Windows\Tasks\ParetoLogic Update Version3.job => Moved successfully.
C:\Windows\Tasks\PC Health Advisor Defrag.job => Moved successfully.
C:\Windows\Tasks\PC Health Advisor.job => Moved successfully.
C:\Users\Pascal\Desktop\ParetoLogic PC Health Advisor.lnk => Moved successfully.
C:\ProgramData\ParetoLogic => Moved successfully.
C:\Program Files\ParetoLogic => Moved successfully.
C:\Program Files\Common Files\ParetoLogic => Moved successfully.
C:\Users\Pascal\Downloads\ParetoLogic PC Health Advisor_fr.exe => Moved successfully.
C:\Users\Pascal\AppData\Local\{6EF6A90A-DFF8-4DB8-93FD-4572F39935B1} => Moved successfully.

========================= Folder: C:\Users\Pascal\AppData\Roaming\8E5BC176 ========================

2014-01-04 19:47 - 2014-01-04 19:52 - 0001220 ____H () C:\Users\Pascal\AppData\Roaming\8E5BC176\04-01-2014
2014-01-05 10:49 - 2014-01-05 12:16 - 0001109 ____H () C:\Users\Pascal\AppData\Roaming\8E5BC176\05-01-2014
2014-01-06 21:25 - 2014-01-06 23:32 - 0002351 ____H () C:\Users\Pascal\AppData\Roaming\8E5BC176\06-01-2014
2014-01-07 20:17 - 2014-01-07 23:59 - 0017247 ____H () C:\Users\Pascal\AppData\Roaming\8E5BC176\07-01-2014
2014-01-08 00:02 - 2014-01-08 00:03 - 0000413 ____H () C:\Users\Pascal\AppData\Roaming\8E5BC176\08-01-2014
2014-01-09 20:30 - 2014-01-09 20:46 - 0000513 ____H () C:\Users\Pascal\AppData\Roaming\8E5BC176\09-01-2014
2014-01-10 20:39 - 2014-01-10 22:17 - 0001664 ____H () C:\Users\Pascal\AppData\Roaming\8E5BC176\10-01-2014
2014-01-12 11:41 - 2014-01-12 19:27 - 0082322 ____H () C:\Users\Pascal\AppData\Roaming\8E5BC176\12-01-2014
2014-01-15 19:28 - 2014-01-15 21:33 - 0043679 ____H () C:\Users\Pascal\AppData\Roaming\8E5BC176\15-01-2014
2014-01-16 18:52 - 2014-01-16 18:53 - 0000158 ____H () C:\Users\Pascal\AppData\Roaming\8E5BC176\16-01-2014
2014-01-04 14:15 - 2014-01-16 19:02 - 0000049 _____ () C:\Users\Pascal\AppData\Roaming\8E5BC176\ak.tmp

====== End of Folder: ======

C:\Windows\Tasks\{5B57CF47-0BFA-43c6-ACF9-3B3653DCADBA}.job => Moved successfully.
C:\Windows\Tasks\{783AF354-B514-42d6-970E-3E8BF0A5279C}.job => Moved successfully.
C:\Users\Famille\AppData\Local\Temp => Moved successfully.

==== End of Fixlog ====



#11 B-boy/StyLe/

B-boy/StyLe/

    Bleepin' Freestyler


  • Malware Response Team
  • 8,307 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Bulgaria
  • Local time:05:20 AM

Posted 17 January 2014 - 07:11 AM

Hi,

 

This is normal and probably avast detected the baddies when we removed them with FRST.

 

I want to make sure there is nothing lurking on the system so just in case I want you to go through these steps:

 

 

 

STEP 1

 

 

  • Please download RKill by Grinler from the link below and save it to your desktop.

    Rkill
  • Before we begin, you should disable your anti-malware softwares you have installed so they do not interfere RKill running as some anti-malware softwares detect RKill as malicious. Please refer to this page if you are not sure how.
  • Double-click on Rkill on your desktop to run it. (If you are using Windows Vista, please right-click on it and select Run As Administrator)
  • A black screen will appear and then disappear. Please do not worry, that is normal. This means that the tool has been successfully executed.
  • If nothing happens or if the tool does not run, please let me know in your next reply.
  • A log pops up at the end of the run. This log file is located at C:\rkill.log.
  • Please post the log in your next reply.

 

 

STEP 2

 

 

  • Please download RogueKiller.exe and save to the desktop.
  • Close all windows and browsers
  • Right-click the program and select 'Run as Administrator'
  • Press the scan button.
  • A report opens on the desktop named - RKreport.txt
  • Please copy and past the results at pastebin.com and post the link to the log in your next reply.

 

 

STEP 3
 

 

Please download the latest version of TDSSKiller from here and save it to your Desktop.

  • Doubleclick on TDSSKiller.exe to run the application, then click on Change parameters.
    image000q.png
  • Put a checkmark beside loaded modules.
    Sbf88.png
  • A reboot will be needed to apply the changes. Do it.
  • TDSSKiller will launch automatically after the reboot. Also your computer may seem very slow and unusable. This is normal. Give it enough time to load your background programs.
  • Then click on Change parameters in TDSSKiller.
  • Check all boxes then click OK.
    JtwHB.png
  • Click the Start Scan button.
    19695967.jpg
  • The scan should take no longer than 2 minutes.
  • If a suspicious object is detected, the default action will be Skip, click on Continue.
    67776163.jpg
  • If malicious objects are found, they will show in the Scan results - Select action for found objects and offer three options.
    Ensure Cure (default) is selected, then click Continue > Reboot now to finish the cleaning process.
    62117367.jpg
    Note: If Cure is not available, please choose Skip instead, do not choose Delete unless instructed.
  • A report will be created in your root directory, (usually C:\ folder) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt". Please copy and past the results at pastebin.com and post the link to the log in your next reply.

 

 

STEP 4

 

 

Please download Malwarebytes Anti-Rootkit mbamicontw5.gif and save it to your desktop.

  • Be sure to print out and follow these instructions for performing a scan.
  • Caution: This is a beta version so also read the disclaimer and back up all your data before using.
  • When the scan completes, click on the Cleanup button to remove any threats found and reboot the computer if prompted to do so.
  • Perform another scan with Malwarebytes Anti-Rootkit to verify that no threats remain. If they do, then click Cleanup once more and repeat the process.
  • If there are problems with Internet access, Windows Update, Windows Firewall or other system issues, run the fixdamage tool located in the folder Malwarebytes Anti-Rootkit was run from and reboot your computer.
  • Two files (mbar-log-YYYY-MM-DD, system-log.txt) will be created and saved within that same folder.
  • Copy and paste the contents of these two log files in your next reply.

Note: Further documentation on this tool can be found in the ReadMe.rtf file which is located in the Malwarebytes Anti-Rootkit (mbar) folder.

 

 

STEP 5

 

 

1.Please download HitmanPro.

  • For 32-bit Operating System - dEMD6.gif.
  • This is the mirror - dEMD6.gif
  • For 64-bit Operating System - dEMD6.gif
  • This is the mirror - dEMD6.gif

2.Launch the program by double clicking on the 5vo5F.jpg icon. (Windows Vista/7 users right click on the HitmanPro icon and select run as administrator).

Note: If the program won't run please then open the program while holding down the left CTRL key until the program is loaded.

3.Click on the next button. You must agree with the terms of EULA. (if asked)

4.Check the box beside "No, I only want to perform a one-time scan to check this computer".

5.Click on the next button.

6.The program will start to scan the computer. The scan will typically take no more than 2-3 minutes.

7.When the scan is done click on drop-down menu of the found entries (if any) and choose - Apply to all => Ignore <= IMPORTANT!!!
 
8.Click on the next button.

9.Click on the "Save Log" button.

10.Save that file to your desktop and post the content of that file in your next reply.
 
Note: if there isn't a dropdown menu when the scan is done then please don't delete anything and close HitmanPro

Navigate to C:\ProgramData\HitmanPro\Logs open the report and copy and paste it to your next reply.

 

 

 

STEP 6

 

 

Download Security Check by screen317 from here.

  • Save it to your Desktop.
  • Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
  • A Notepad document should open automatically called checkup.txt; please post the contents of that document.

 

and then if there aren't any issues left I'll give you my final recommendations. :)

 

 

Regards,

Georgi


cXfZ4wS.png


#12 Pgi007be

Pgi007be
  • Topic Starter

  • Members
  • 19 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:04:20 AM

Posted 18 January 2014 - 03:31 PM

Hi Georgi,

 

Thanks a lot, my pc seems tu run better after the last boot.

 

As requested , hereafter the logs.

 

Note, they corresponds to the 3 first steps.

I'm afraid to start the step 4 now because I can't back-up all my disk contents now.
Is it really an important step ?

Can I jump to the step 5 ?

 

Thanks in advance for your answer.

 

*******RKILL *******************

Rkill 2.6.5 by Lawrence Abrams (Grinler)
http://www.bleepingcomputer.com/
Copyright 2008-2014 BleepingComputer.com
More Information about Rkill can be found at this link:
 http://www.bleepingcomputer.com/forums/topic308364.html

Program started at: 01/18/2014 08:09:57 PM in x86 mode.
Windows Version: Windows Vista ™ Home Premium Service Pack 2

Checking for Windows services to stop:

 * No malware services found to stop.

Checking for processes to terminate:

 * C:\Windows\system32\IoctlSvc.exe (PID: 1240) [WD-HEUR]

1 proccess terminated!

Checking Registry for malware related settings:

 * No issues found in the Registry.

Resetting .EXE, .COM, & .BAT associations in the Windows Registry.
  * HKCU\SOFTWARE\Classes\.exe "@" exists and is set to !
  * HKCU\SOFTWARE\Classes\.exe has been deleted!

Performing miscellaneous checks:

 * No issues found.

Checking Windows Service Integrity:

 * No issues found.

Searching for Missing Digital Signatures:

 * No issues found.

Checking HOSTS File:

 * HOSTS file entries found:

  127.0.0.1       localhost
  ::1             localhost

Program finished at: 01/18/2014 08:15:48 PM
Execution time: 0 hours(s), 5 minute(s), and 50 seconds(s)

 

 

********RogueKiller ***********

RogueKiller V8.8.2 [Jan 17 2014] par Tigzy
mail : tigzyRK<at>gmail<dot>com
Remontees : http://www.adlice.com/forum/
Site Web : http://www.sur-la-toile.com/RogueKiller/
Blog : http://www.adlice.com

Systeme d'exploitation : Windows Vista (6.0.6002 Service Pack 2) 32 bits version
Demarrage : Mode normal
Utilisateur : Pascal [Droits d'admin]
Mode : Recherche -- Date : 01/18/2014 20:51:49
| ARK || FAK || MBR |

¤¤¤ Processus malicieux : 1 ¤¤¤
[SUSP PATH] setup.exe -- C:\Windows\Temp\CR_75060.tmp\setup.exe [7] -> TUÉ [Tree]

¤¤¤ Entrees de registre : 4 ¤¤¤
[HJ SMENU][PUM] HKLM\[...]\Advanced : Start_ShowMyGames (0) -> TROUVÉ
[HJ SMENU][PUM] HKLM\[...]\Advanced : Start_ShowRun (0) -> TROUVÉ
[HJ DESK][PUM] HKCU\[...]\ClassicStartMenu : {645FF040-5081-101B-9F08-00AA002F954E} (1) -> TROUVÉ
[HJ DESK][PUM] HKCU\[...]\NewStartPanel : {645FF040-5081-101B-9F08-00AA002F954E} (1) -> TROUVÉ

¤¤¤ Tâches planifiées : 0 ¤¤¤

¤¤¤ Entrées Startup : 0 ¤¤¤

¤¤¤ Navigateurs web : 0 ¤¤¤

¤¤¤ Addons navigateur : 0 ¤¤¤

¤¤¤ Fichiers / Dossiers particuliers: ¤¤¤

¤¤¤ Driver : [CHARGE] ¤¤¤
[Address] IRP[IRP_MJ_CREATE] : C:\Windows\System32\drivers\mountmgr.sys -> HOOKED (Unknown @ 0x869231F8)
[Address] IRP[IRP_MJ_CLOSE] : C:\Windows\System32\drivers\mountmgr.sys -> HOOKED (Unknown @ 0x869231F8)
[Address] IRP[IRP_MJ_DEVICE_CONTROL] : C:\Windows\System32\drivers\mountmgr.sys -> HOOKED (Unknown @ 0x869231F8)
[Address] IRP[IRP_MJ_INTERNAL_DEVICE_CONTROL] : C:\Windows\System32\drivers\mountmgr.sys -> HOOKED (Unknown @ 0x869231F8)
[Address] IRP[IRP_MJ_POWER] : C:\Windows\System32\drivers\mountmgr.sys -> HOOKED (Unknown @ 0x869231F8)
[Address] IRP[IRP_MJ_SYSTEM_CONTROL] : C:\Windows\System32\drivers\mountmgr.sys -> HOOKED (Unknown @ 0x869231F8)
[Address] IRP[IRP_MJ_PNP] : C:\Windows\System32\drivers\mountmgr.sys -> HOOKED (Unknown @ 0x869231F8)
[Inline] EAT @explorer.exe (FwDoNothingOnObject) : FirewallAPI.dll -> HOOKED (Unknown @ 0x36984F66)
[Inline] EAT @explorer.exe (FwEnableMemTracing) : FirewallAPI.dll -> HOOKED (Unknown @ 0x36984F66)
[Inline] EAT @explorer.exe (FwSetMemLeakPolicy) : FirewallAPI.dll -> HOOKED (Unknown @ 0x36984F66)

¤¤¤ Ruches Externes: ¤¤¤

¤¤¤ Infection :  ¤¤¤

¤¤¤ Fichier HOSTS: ¤¤¤
--> %SystemRoot%\System32\drivers\etc\hosts

127.0.0.1       localhost
::1             localhost

¤¤¤ MBR Verif: ¤¤¤

+++++ PhysicalDrive0: (\\.\PHYSICALDRIVE0 @ IDE) WDC WD3200BEVT-00ZCT0 ATA Device +++++
--- User ---
[MBR] 88c51cceccd2dd769d45738f0abe986c
[BSP] 7f6cdc5b608cf8ea71c8c85fc3c6ee72 : Windows Vista MBR Code
Partition table:
0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 2048 | Size: 273395 Mo
1 - [XXXXXX] FAT32-LBA (0x0c) [VISIBLE] Offset (sectors): 559915008 | Size: 31848 Mo
User = LL1 ... OK!
User = LL2 ... OK!

Termine : << RKreport[0]_S_01182014_205149.txt >>

 

 

********  TDSSKiller **********

 

0 issue thus I don't put the content of the log here because too long



#13 B-boy/StyLe/

B-boy/StyLe/

    Bleepin' Freestyler


  • Malware Response Team
  • 8,307 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Bulgaria
  • Local time:05:20 AM

Posted 18 January 2014 - 09:39 PM

Hi,

 

I'm afraid to start the step 4 now because I can't back-up all my disk contents now.
Is it really an important step ?

Can I jump to the step 5 ?

 

Run MBAM instead:

 

  • Please download the newest version of Malwarebytes' Anti-Malware and install it.
  • Please start the application by double-click on it's icon.
  • Once the program has loaded go to the UPDATE tab and check for updates.
  • When the update is complete, select the Scanner tab
  • Select Perform quick scan, then click Scan.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Be sure that everything is checked, and click Remove Selected.
  • When completed, a log will open in Notepad.
  • Please save it to a convenient location and post the results in your next reply.

 

and then proceed with the rest of the steps.

 

 

Regards,

Georgi


cXfZ4wS.png


#14 Pgi007be

Pgi007be
  • Topic Starter

  • Members
  • 19 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:04:20 AM

Posted 19 January 2014 - 08:41 AM

Georgi,

 

Here are the logs :

 

***** replaced STEP 4 : MBAM *******

Malwarebytes Anti-Malware (Essai) 1.75.0.1300
www.malwarebytes.org

Version de la base de données: v2014.01.19.03

Windows Vista Service Pack 2 x86 NTFS
Internet Explorer 9.0.8112.16421
Pascal :: NEWMEDION [administrateur]

Protection: Activé

19/01/2014 13:06:13
mbam-log-2014-01-19 (13-06-13).txt

Type d'examen: Examen rapide
Options d'examen activées: Mémoire | Démarrage | Registre | Système de fichiers | Heuristique/Extra | Heuristique/Shuriken | PUP | PUM
Options d'examen désactivées: P2P
Elément(s) analysé(s): 266093
Temps écoulé: 30 minute(s), 12 seconde(s)

Processus mémoire détecté(s): 0
(Aucun élément nuisible détecté)

Module(s) mémoire détecté(s): 0
(Aucun élément nuisible détecté)

Clé(s) du Registre détectée(s): 2
HKCU\SOFTWARE\Cognac (Rogue.Multiple) -> Mis en quarantaine et supprimé avec succès.
HKCU\SOFTWARE\ColdWare (Malware.Trace) -> Mis en quarantaine et supprimé avec succès.

Valeur(s) du Registre détectée(s): 0
(Aucun élément nuisible détecté)

Elément(s) de données du Registre détecté(s): 0
(Aucun élément nuisible détecté)

Dossier(s) détecté(s): 0
(Aucun élément nuisible détecté)

Fichier(s) détecté(s): 3
C:\Users\Pascal\AppData\Local\Temp\nsf393D.tmp (PUP.Optional.Somoto.A) -> Mis en quarantaine et supprimé avec succès.
C:\Users\Pascal\Downloads\install_www--64-z.exe (Trojan.Banker) -> Mis en quarantaine et supprimé avec succès.
C:\Users\Pascal\Downloads\TuneUpUtilities2011.rar (RiskWare.Tool.CK) -> Mis en quarantaine et supprimé avec succès.

(fin)

 

******* STEP 5 : HitManPro ***********

HitmanPro 3.7.8.208
www.hitmanpro.com
   Computer name . . . . : NEWMEDION
   Windows . . . . . . . : 6.0.2.6002.X86/2
   User name . . . . . . : NewMedion\Pascal
   UAC . . . . . . . . . : Enabled
   License . . . . . . . : Trial (30 days left)
   Scan date . . . . . . : 2014-01-19 13:53:20
   Scan mode . . . . . . : Normal
   Scan duration . . . . : 8m 32s
   Disk access mode  . . : Direct disk access (SRB)
   Cloud . . . . . . . . : Internet
   Reboot  . . . . . . . : No
   Threats . . . . . . . : 1
   Traces  . . . . . . . : 43
   Objects scanned . . . : 2.612.017
   Files scanned . . . . : 132.234
   Remnants scanned  . . : 701.419 files / 1.778.364 keys
Miniport ____________________________________________________________________
   Primary
      DriverObject . . . : 86B9A7A0
      DriverName . . . . : \Driver\atapi
      DriverPath . . . . : \SystemRoot\system32\drivers\atapi.sys
      StartIo  . . . . . : 00000000 +0
      IRP_MJ_SCSI  . . . : 86B221F8 +0
   Solution
      DriverObject . . . : 86B9A7A0
      DriverName . . . . : \Driver\atapi
      DriverPath . . . . : \SystemRoot\system32\drivers\atapi.sys
      StartIo  . . . . . : 00000000 +0
      IRP_MJ_SCSI  . . . : 83B26A2C \SystemRoot\system32\drivers\ataport.SYS+18988
Malware _____________________________________________________________________
   C:\Users\Pascal\Downloads\BitTorrent\Completed\CopyTrans Suite v 4.72 FRENCH\KEYGEN-FFF.exe -> Quarantined
      Size . . . . . . . : 177.152 bytes
      Age  . . . . . . . : 365.6 days (2013-01-18 23:30:58)
      Entropy  . . . . . : 7.7
      SHA-256  . . . . . : 6A3AF3430DD664E3AC44CF2B745DB0840878E713C622EC94D0B07C0E2AEA552D
    > G Data . . . . . . : Gen:Variant.Kazy.19219 (Engine-A)
      Fuzzy  . . . . . . : 114.0

Suspicious files ____________________________________________________________
   C:\Users\Pascal\Documents\Mes fichiers reçus\mp3tagv245asetup.exe
      Size . . . . . . . : 2.161.920 bytes
      Age  . . . . . . . : 1503.7 days (2009-12-07 22:07:08)
      Entropy  . . . . . : 8.0
      SHA-256  . . . . . : 5AA83EC0B02E29DBE00E0BB757D67553B545F2E395F3509ACC02D9E285F44CC6
      Needs elevation  . : Yes
      Fuzzy  . . . . . . : 22.0
         Program has no publisher information but prompts the user for permission elevation.
         Entropy (or randomness) indicates the program is encrypted, compressed or obfuscated. This is not typical for most programs.
         Authors name is missing in version info. This is not common to most programs.
         Version control is missing. This file is probably created by an individual. This is not typical for most programs.

Potential Unwanted Programs _________________________________________________
   HKU\S-1-5-21-2759936944-2233773602-1720250349-1000\Software\Softonic\ (Softonic)
Cookies _____________________________________________________________________
   C:\Users\Pascal\AppData\Local\Google\Chrome\User Data\Default\Cookies:ad.yieldmanager.com
   C:\Users\Pascal\AppData\Local\Google\Chrome\User Data\Default\Cookies:adbrite.com
   C:\Users\Pascal\AppData\Local\Google\Chrome\User Data\Default\Cookies:ads.adhese.be
   C:\Users\Pascal\AppData\Local\Google\Chrome\User Data\Default\Cookies:ads.ookla.com
   C:\Users\Pascal\AppData\Local\Google\Chrome\User Data\Default\Cookies:adtech.de
   C:\Users\Pascal\AppData\Local\Google\Chrome\User Data\Default\Cookies:advertising.com
   C:\Users\Pascal\AppData\Local\Google\Chrome\User Data\Default\Cookies:atdmt.com
   C:\Users\Pascal\AppData\Local\Google\Chrome\User Data\Default\Cookies:casalemedia.com
   C:\Users\Pascal\AppData\Local\Google\Chrome\User Data\Default\Cookies:doubleclick.net
   C:\Users\Pascal\AppData\Local\Google\Chrome\User Data\Default\Cookies:invitemedia.com
   C:\Users\Pascal\AppData\Local\Google\Chrome\User Data\Default\Cookies:media6degrees.com
   C:\Users\Pascal\AppData\Local\Google\Chrome\User Data\Default\Cookies:pool-eu-ie.creative-serving.com
   C:\Users\Pascal\AppData\Local\Google\Chrome\User Data\Default\Cookies:statcounter.com
   C:\Users\Pascal\AppData\Local\Google\Chrome\User Data\Default\Cookies:yadro.ru
   C:\Users\Pascal\AppData\Roaming\Microsoft\Windows\Cookies\2QASL1KG.txt
   C:\Users\Pascal\AppData\Roaming\Microsoft\Windows\Cookies\JUAT1LIH.txt
   C:\Users\Pascal\AppData\Roaming\Microsoft\Windows\Cookies\OGYRM5Q0.txt
   C:\Users\Pascal\AppData\Roaming\Microsoft\Windows\Cookies\pascal@2o7[2].txt
   C:\Users\Pascal\AppData\Roaming\Microsoft\Windows\Cookies\pascal@ad.trackbar[1].txt
   C:\Users\Pascal\AppData\Roaming\Microsoft\Windows\Cookies\pascal@adserver.hardsextube[1].txt
   C:\Users\Pascal\AppData\Roaming\Microsoft\Windows\Cookies\pascal@advertising[1].txt
   C:\Users\Pascal\AppData\Roaming\Microsoft\Windows\Cookies\pascal@adviva[2].txt
   C:\Users\Pascal\AppData\Roaming\Microsoft\Windows\Cookies\pascal@be.sitestat[1].txt
   C:\Users\Pascal\AppData\Roaming\Microsoft\Windows\Cookies\pascal@be.sitestat[2].txt
   C:\Users\Pascal\AppData\Roaming\Microsoft\Windows\Cookies\pascal@bluestreak[1].txt
   C:\Users\Pascal\AppData\Roaming\Microsoft\Windows\Cookies\pascal@content.yieldmanager[2].txt
   C:\Users\Pascal\AppData\Roaming\Microsoft\Windows\Cookies\pascal@content.yieldmanager[3].txt
   C:\Users\Pascal\AppData\Roaming\Microsoft\Windows\Cookies\pascal@exoclick[2].txt
   C:\Users\Pascal\AppData\Roaming\Microsoft\Windows\Cookies\pascal@hardsextube[1].txt
   C:\Users\Pascal\AppData\Roaming\Microsoft\Windows\Cookies\pascal@media6degrees[1].txt
   C:\Users\Pascal\AppData\Roaming\Microsoft\Windows\Cookies\pascal@rts.doublepimp[1].txt
   C:\Users\Pascal\AppData\Roaming\Microsoft\Windows\Cookies\pascal@smartadserver[1].txt
   C:\Users\Pascal\AppData\Roaming\Microsoft\Windows\Cookies\pascal@tradedoubler[1].txt
   C:\Users\Pascal\AppData\Roaming\Microsoft\Windows\Cookies\pascal@weborama[2].txt
   C:\Users\Pascal\AppData\Roaming\Microsoft\Windows\Cookies\pascal@www.hardsextube[1].txt
   C:\Users\Pascal\AppData\Roaming\Microsoft\Windows\Cookies\pascal@www.porndad[2].txt
   C:\Users\Pascal\AppData\Roaming\Microsoft\Windows\Cookies\pascal@www.sexerencontres[1].txt
   C:\Users\Pascal\AppData\Roaming\Microsoft\Windows\Cookies\pascal@zedo[1].txt
   C:\Users\Pascal\AppData\Roaming\Microsoft\Windows\Cookies\PT3RWITU.txt
   C:\Users\Pascal\AppData\Roaming\Microsoft\Windows\Cookies\WSJU1PWB.txt

 

******** STEP 6 : Checkup.txt ***********

 Results of screen317's Security Check version 0.99.79 
 Windows Vista Service Pack 2 x86 (UAC is enabled) 
 Internet Explorer 9 
 Internet Explorer 8 
``````````````Antivirus/Firewall Check:``````````````
avast! Antivirus  
 Antivirus up to date!  
`````````Anti-malware/Other Utilities Check:`````````
 Malwarebytes Anti-Malware version 1.75.0.1300 
 CCleaner    
 Java™ 6 Update 11 
 Java version out of Date!
 Adobe Flash Player 10 Flash Player out of Date!
 Adobe Reader 9 Adobe Reader out of Date!
 Google Chrome 31.0.1650.63 
 Google Chrome 32.0.1700.76 
````````Process Check: objlist.exe by Laurent```````` 
 Windows Defender MSASCui.exe
 Malwarebytes Anti-Malware mbamservice.exe 
 Malwarebytes Anti-Malware mbamgui.exe 
 Malwarebytes' Anti-Malware mbamscheduler.exe  
 Windows Defender MSASCui.exe  
 Alwil Software Avast5 AvastSvc.exe 
 Alwil Software Avast5 AvastUI.exe 
`````````````````System Health check`````````````````
 Total Fragmentation on Drive C:  %
````````````````````End of Log``````````````````````
 



#15 Pgi007be

Pgi007be
  • Topic Starter

  • Members
  • 19 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:04:20 AM

Posted 19 January 2014 - 08:55 AM

Note also that after sending you this log, I've lost my internet session.
A reboot was necessary but during this reboot, HITMANPRO appears on my screen.

Rgds






0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users