Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

HijackThis Log: Please help Diagnose


  • This topic is locked This topic is locked
20 replies to this topic

#1 Nacuto

Nacuto

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:08:41 AM

Posted 08 May 2014 - 11:05 AM

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 18:01:59, on 08/05/2014
Platform: Windows 7 SP1 (WinNT 6.00.3505)
MSIE: Internet Explorer v11.0 (11.00.9600.16428)
Boot mode: Normal
 
Running processes:
C:\Program Files (x86)\Skype\Phone\Skype.exe
C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Trend Micro\HiJackThis\HiJackThis.exe
C:\Windows\SysWOW64\DllHost.exe
 
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/p/?LinkId=255141
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = 
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = 
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = 
F2 - REG:system.ini: UserInit=userinit.exe,
O2 - BHO: Java™ Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll
O2 - BHO: Logitech SetPoint - {AF949550-9094-4807-95EC-D1C317803333} - C:\Program Files\Logitech\SetPointP\32-bit\SetPointSmooth.dll
O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll
O2 - BHO: DVDVideoSoft.WebPageAdjuster - {EE932B49-D5C0-4D19-A3DA-CE0849258DE6} - C:\Program Files (x86)\Common Files\DVDVideoSoft\bin\IEDownloadMenuAndBtns.dll
O4 - HKLM\..\Run: [LogMeIn Hamachi Ui] "C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe" --auto-start
O4 - HKCU\..\Run: [SkyDrive] "C:\Users\Nacuto\AppData\Local\Microsoft\SkyDrive\SkyDrive.exe" /background
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [Bitdefender Wallet Agent] "C:\Program Files\Bitdefender\Bitdefender\pmbxag.exe" (User 'Système')
O4 - HKUS\.DEFAULT\..\Run: [Bitdefender Wallet Agent] "C:\Program Files\Bitdefender\Bitdefender\pmbxag.exe" (User 'Default user')
O8 - Extra context menu item: Free YouTube to MP3 Converter - C:\Program Files (x86)\Common Files\DVDVideoSoft\plugins\freeytmp3downloader.htm
O9 - Extra button: Free YouTube Download - {EE932B49-D5C0-4D19-A3DA-CE0849258DE6} - C:\Program Files (x86)\Common Files\DVDVideoSoft\bin\IEDownloadMenuAndBtns.dll
O9 - Extra 'Tools' menuitem: Free YouTube Download - {EE932B49-D5C0-4D19-A3DA-CE0849258DE6} - C:\Program Files (x86)\Common Files\DVDVideoSoft\bin\IEDownloadMenuAndBtns.dll
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O16 - DPF: {5AE58FCF-6F6A-49B2-B064-02492C66E3F4} (MUCatalogWebControl Class) - http://catalog.update.microsoft.com/v7/site/ClientControl/en/x86/MuCatalogWebControl.cab?1394487707044
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL
O23 - Service: @%SystemRoot%\system32\aelupsvc.dll,-1 (AeLookupSvc) - Unknown owner - C:\Windows\system32\svchost.exe
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
O23 - Service: @%systemroot%\system32\appidsvc.dll,-100 (AppIDSvc) - Unknown owner - C:\Windows\system32\svchost.exe
O23 - Service: @%systemroot%\system32\appinfo.dll,-100 (Appinfo) - Unknown owner - C:\Windows\system32\svchost.exe
O23 - Service: @appmgmts.dll,-3250 (AppMgmt) - Unknown owner - C:\Windows\system32\svchost.exe
O23 - Service: @%SystemRoot%\system32\audiosrv.dll,-204 (AudioEndpointBuilder) - Unknown owner - C:\Windows\System32\svchost.exe
O23 - Service: @%SystemRoot%\system32\audiosrv.dll,-200 (AudioSrv) - Unknown owner - C:\Windows\System32\svchost.exe
O23 - Service: @%SystemRoot%\system32\AxInstSV.dll,-103 (AxInstSV) - Unknown owner - C:\Windows\system32\svchost.exe
O23 - Service: @%SystemRoot%\system32\bdesvc.dll,-100 (BDESVC) - Unknown owner - C:\Windows\System32\svchost.exe
O23 - Service: @%SystemRoot%\system32\bfe.dll,-1001 (BFE) - Unknown owner - C:\Windows\system32\svchost.exe
O23 - Service: @%SystemRoot%\system32\qmgr.dll,-1000 (BITS) - Unknown owner - C:\Windows\System32\svchost.exe
O23 - Service: @%systemroot%\system32\browser.dll,-100 (Browser) - Unknown owner - C:\Windows\System32\svchost.exe
O23 - Service: @%SystemRoot%\System32\bthserv.dll,-101 (bthserv) - Unknown owner - C:\Windows\system32\svchost.exe
O23 - Service: @%SystemRoot%\System32\certprop.dll,-11 (CertPropSvc) - Unknown owner - C:\Windows\system32\svchost.exe
O23 - Service: @%SystemRoot%\system32\cryptsvc.dll,-1001 (CryptSvc) - Unknown owner - C:\Windows\system32\svchost.exe
O23 - Service: @%systemroot%\system32\cscsvc.dll,-200 (CscService) - Unknown owner - C:\Windows\System32\svchost.exe
O23 - Service: @oleres.dll,-5012 (DcomLaunch) - Unknown owner - C:\Windows\system32\svchost.exe
O23 - Service: @%SystemRoot%\system32\defragsvc.dll,-101 (defragsvc) - Unknown owner - C:\Windows\system32\svchost.exe
O23 - Service: @%SystemRoot%\system32\dhcpcore.dll,-100 (Dhcp) - Unknown owner - C:\Windows\system32\svchost.exe
O23 - Service: @%SystemRoot%\System32\dnsapi.dll,-101 (Dnscache) - Unknown owner - C:\Windows\system32\svchost.exe
O23 - Service: @%systemroot%\system32\dot3svc.dll,-1102 (dot3svc) - Unknown owner - C:\Windows\system32\svchost.exe
O23 - Service: @%systemroot%\system32\dps.dll,-500 (DPS) - Unknown owner - C:\Windows\System32\svchost.exe
O23 - Service: @%systemroot%\system32\eapsvc.dll,-1 (EapHost) - Unknown owner - C:\Windows\System32\svchost.exe
O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\ehome\ehrecvr.exe,-101 (ehRecvr) - Unknown owner - C:\Windows\ehome\ehRecvr.exe
O23 - Service: @%SystemRoot%\ehome\ehsched.exe,-101 (ehSched) - Unknown owner - C:\Windows\ehome\ehsched.exe
O23 - Service: @%SystemRoot%\system32\wevtsvc.dll,-200 (eventlog) - Unknown owner - C:\Windows\System32\svchost.exe
O23 - Service: @comres.dll,-2450 (EventSystem) - Unknown owner - C:\Windows\system32\svchost.exe
O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing)
O23 - Service: @%systemroot%\system32\fdPHost.dll,-100 (fdPHost) - Unknown owner - C:\Windows\system32\svchost.exe
O23 - Service: @%systemroot%\system32\fdrespub.dll,-100 (FDResPub) - Unknown owner - C:\Windows\system32\svchost.exe
O23 - Service: @%systemroot%\system32\FntCache.dll,-100 (FontCache) - Unknown owner - C:\Windows\system32\svchost.exe
O23 - Service: @gpapi.dll,-112 (gpsvc) - Unknown owner - C:\Windows\system32\svchost.exe
O23 - Service: Service Google Update (gupdate) (gupdate) - Unknown owner - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: Service Google Update (gupdatem) (gupdatem) - Unknown owner - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: LogMeIn Hamachi Tunneling Engine (Hamachi2Svc) - LogMeIn Inc. - C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2.exe
O23 - Service: @%SystemRoot%\System32\hidserv.dll,-101 (hidserv) - Unknown owner - C:\Windows\system32\svchost.exe
O23 - Service: @%SystemRoot%\system32\kmsvc.dll,-6 (hkmsvc) - Unknown owner - C:\Windows\System32\svchost.exe
O23 - Service: @%SystemRoot%\System32\ListSvc.dll,-100 (HomeGroupListener) - Unknown owner - C:\Windows\System32\svchost.exe
O23 - Service: @%SystemRoot%\System32\provsvc.dll,-100 (HomeGroupProvider) - Unknown owner - C:\Windows\System32\svchost.exe
O23 - Service: @%SystemRoot%\system32\ieetwcollectorres.dll,-1000 (IEEtwCollectorService) - Unknown owner - C:\Windows\system32\IEEtwCollector.exe (file missing)
O23 - Service: @%SystemRoot%\system32\ikeext.dll,-501 (IKEEXT) - Unknown owner - C:\Windows\system32\svchost.exe
O23 - Service: @%systemroot%\system32\IPBusEnum.dll,-102 (IPBusEnum) - Unknown owner - C:\Windows\system32\svchost.exe
O23 - Service: @%SystemRoot%\system32\iphlpsvc.dll,-500 (iphlpsvc) - Unknown owner - C:\Windows\System32\svchost.exe
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @comres.dll,-2946 (KtmRm) - Unknown owner - C:\Windows\System32\svchost.exe
O23 - Service: @%systemroot%\system32\srvsvc.dll,-100 (LanmanServer) - Unknown owner - C:\Windows\system32\svchost.exe
O23 - Service: @%systemroot%\system32\wkssvc.dll,-100 (LanmanWorkstation) - Unknown owner - C:\Windows\System32\svchost.exe
O23 - Service: @%SystemRoot%\system32\lltdres.dll,-1 (lltdsvc) - Unknown owner - C:\Windows\System32\svchost.exe
O23 - Service: @%SystemRoot%\system32\lmhsvc.dll,-101 (lmhosts) - Unknown owner - C:\Windows\system32\svchost.exe
O23 - Service: LMIGuardianSvc - LogMeIn, Inc. - C:\Program Files (x86)\LogMeIn Hamachi\LMIGuardianSvc.exe
O23 - Service: @%systemroot%\system32\mmcss.dll,-100 (MMCSS) - Unknown owner - C:\Windows\system32\svchost.exe
O23 - Service: @%SystemRoot%\system32\FirewallAPI.dll,-23090 (MpsSvc) - Unknown owner - C:\Windows\system32\svchost.exe
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\iscsidsc.dll,-5000 (MSiSCSI) - Unknown owner - C:\Windows\system32\svchost.exe
O23 - Service: @%SystemRoot%\system32\msimsg.dll,-27 (msiserver) - Unknown owner - C:\Windows\system32\msiexec.exe
O23 - Service: @%SystemRoot%\system32\qagentrt.dll,-6 (napagent) - Unknown owner - C:\Windows\System32\svchost.exe
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\netman.dll,-109 (Netman) - Unknown owner - C:\Windows\System32\svchost.exe
O23 - Service: @%SystemRoot%\system32\netprofm.dll,-202 (netprofm) - Unknown owner - C:\Windows\System32\svchost.exe
O23 - Service: @%SystemRoot%\System32\nlasvc.dll,-1 (NlaSvc) - Unknown owner - C:\Windows\System32\svchost.exe
O23 - Service: @%SystemRoot%\system32\nsisvc.dll,-200 (nsi) - Unknown owner - C:\Windows\system32\svchost.exe
O23 - Service: @%SystemRoot%\system32\pnrpsvc.dll,-8004 (p2pimsvc) - Unknown owner - C:\Windows\System32\svchost.exe
O23 - Service: @%SystemRoot%\system32\p2psvc.dll,-8006 (p2psvc) - Unknown owner - C:\Windows\System32\svchost.exe
O23 - Service: @%SystemRoot%\system32\pcasvc.dll,-1 (PcaSvc) - Unknown owner - C:\Windows\system32\svchost.exe
O23 - Service: @%SystemRoot%\system32\peerdistsvc.dll,-9000 (PeerDistSvc) - Unknown owner - C:\Windows\System32\svchost.exe
O23 - Service: @%systemroot%\sysWow64\perfhost.exe,-2 (PerfHost) - Unknown owner - C:\Windows\SysWow64\perfhost.exe
O23 - Service: @%systemroot%\system32\pla.dll,-500 (pla) - Unknown owner - C:\Windows\System32\svchost.exe
O23 - Service: @%SystemRoot%\system32\umpnpmgr.dll,-100 (PlugPlay) - Unknown owner - C:\Windows\system32\svchost.exe
O23 - Service: PnkBstrA - Unknown owner - C:\Windows\system32\PnkBstrA.exe
O23 - Service: @%SystemRoot%\system32\pnrpauto.dll,-8002 (PNRPAutoReg) - Unknown owner - C:\Windows\System32\svchost.exe
O23 - Service: @%SystemRoot%\system32\pnrpsvc.dll,-8000 (PNRPsvc) - Unknown owner - C:\Windows\System32\svchost.exe
O23 - Service: @%SystemRoot%\System32\polstore.dll,-5010 (PolicyAgent) - Unknown owner - C:\Windows\system32\svchost.exe
O23 - Service: @%SystemRoot%\system32\umpo.dll,-100 (Power) - Unknown owner - C:\Windows\system32\svchost.exe
O23 - Service: @%systemroot%\system32\profsvc.dll,-300 (ProfSvc) - Unknown owner - C:\Windows\system32\svchost.exe
O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\qwave.dll,-1 (QWAVE) - Unknown owner - C:\Windows\system32\svchost.exe
O23 - Service: @%Systemroot%\system32\rasauto.dll,-200 (RasAuto) - Unknown owner - C:\Windows\System32\svchost.exe
O23 - Service: @%Systemroot%\system32\rasmans.dll,-200 (RasMan) - Unknown owner - C:\Windows\System32\svchost.exe
O23 - Service: @regsvc.dll,-1 (RemoteRegistry) - Unknown owner - C:\Windows\system32\svchost.exe
O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - Riverbed Technology, Inc. - C:\Program Files (x86)\WinPcap\rpcapd.exe
O23 - Service: @%windir%\system32\RpcEpMap.dll,-1001 (RpcEptMapper) - Unknown owner - C:\Windows\system32\svchost.exe
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
O23 - Service: @oleres.dll,-5010 (RpcSs) - Unknown owner - C:\Windows\system32\svchost.exe
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\System32\SCardSvr.dll,-1 (SCardSvr) - Unknown owner - C:\Windows\system32\svchost.exe
O23 - Service: @%SystemRoot%\system32\schedsvc.dll,-100 (Schedule) - Unknown owner - C:\Windows\system32\svchost.exe
O23 - Service: @%SystemRoot%\System32\certprop.dll,-13 (SCPolicySvc) - Unknown owner - C:\Windows\system32\svchost.exe
O23 - Service: @%SystemRoot%\system32\sdrsvc.dll,-107 (SDRSVC) - Unknown owner - C:\Windows\system32\svchost.exe
O23 - Service: Ouverture de session secondaire (seclogon) - Unknown owner - C:\Windows\system32\svchost.exe
O23 - Service: @%SystemRoot%\system32\Sens.dll,-200 (SENS) - Unknown owner - C:\Windows\system32\svchost.exe
O23 - Service: @%SystemRoot%\System32\sensrsvc.dll,-1000 (SensrSvc) - Unknown owner - C:\Windows\system32\svchost.exe
O23 - Service: @%SystemRoot%\System32\SessEnv.dll,-1026 (SessionEnv) - Unknown owner - C:\Windows\System32\svchost.exe
O23 - Service: @%SystemRoot%\system32\ipnathlp.dll,-106 (SharedAccess) - Unknown owner - C:\Windows\System32\svchost.exe
O23 - Service: @%SystemRoot%\System32\shsvcs.dll,-12288 (ShellHWDetection) - Unknown owner - C:\Windows\System32\svchost.exe
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\sppuinotify.dll,-103 (sppuinotify) - Unknown owner - C:\Windows\system32\svchost.exe
O23 - Service: @%systemroot%\system32\ssdpsrv.dll,-100 (SSDPSRV) - Unknown owner - C:\Windows\system32\svchost.exe
O23 - Service: @%SystemRoot%\system32\sstpsvc.dll,-200 (SstpSvc) - Unknown owner - C:\Windows\system32\svchost.exe
O23 - Service: @%SystemRoot%\system32\wiaservc.dll,-9 (stisvc) - Unknown owner - C:\Windows\system32\svchost.exe
O23 - Service: @%SystemRoot%\System32\swprv.dll,-103 (swprv) - Unknown owner - C:\Windows\System32\svchost.exe
O23 - Service: @%SystemRoot%\system32\sysmain.dll,-1000 (SysMain) - Unknown owner - C:\Windows\system32\svchost.exe
O23 - Service: @%SystemRoot%\system32\TabSvc.dll,-100 (TabletInputService) - Unknown owner - C:\Windows\System32\svchost.exe
O23 - Service: @%SystemRoot%\system32\tapisrv.dll,-10100 (TapiSrv) - Unknown owner - C:\Windows\System32\svchost.exe
O23 - Service: @%SystemRoot%\system32\tbssvc.dll,-100 (TBS) - Unknown owner - C:\Windows\System32\svchost.exe
O23 - Service: TeamViewer 9 (TeamViewer9) - TeamViewer GmbH - C:\Program Files (x86)\TeamViewer\Version9\TeamViewer_Service.exe
O23 - Service: @%SystemRoot%\System32\termsrv.dll,-268 (TermService) - Unknown owner - C:\Windows\System32\svchost.exe
O23 - Service: @%SystemRoot%\System32\themeservice.dll,-8192 (Themes) - Unknown owner - C:\Windows\System32\svchost.exe
O23 - Service: @%systemroot%\system32\mmcss.dll,-102 (THREADORDER) - Unknown owner - C:\Windows\system32\svchost.exe
O23 - Service: @%SystemRoot%\system32\trkwks.dll,-1 (TrkWks) - Unknown owner - C:\Windows\System32\svchost.exe
O23 - Service: @%SystemRoot%\servicing\TrustedInstaller.exe,-100 (TrustedInstaller) - Unknown owner - C:\Windows\servicing\TrustedInstaller.exe
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
O23 - Service: @%SystemRoot%\system32\umrdp.dll,-1000 (UmRdpService) - Unknown owner - C:\Windows\System32\svchost.exe
O23 - Service: @%systemroot%\system32\upnphost.dll,-213 (upnphost) - Unknown owner - C:\Windows\system32\svchost.exe
O23 - Service: @%SystemRoot%\system32\dwm.exe,-2000 (UxSms) - Unknown owner - C:\Windows\System32\svchost.exe
O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\w32time.dll,-200 (W32Time) - Unknown owner - C:\Windows\system32\svchost.exe
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)
O23 - Service: @%systemroot%\system32\wbiosrvc.dll,-100 (WbioSrvc) - Unknown owner - C:\Windows\system32\svchost.exe
O23 - Service: @%SystemRoot%\system32\wcncsvc.dll,-3 (wcncsvc) - Unknown owner - C:\Windows\System32\svchost.exe
O23 - Service: @%SystemRoot%\system32\WcsPlugInService.dll,-200 (WcsPlugInService) - Unknown owner - C:\Windows\system32\svchost.exe
O23 - Service: @%systemroot%\system32\wdi.dll,-502 (WdiServiceHost) - Unknown owner - C:\Windows\System32\svchost.exe
O23 - Service: @%systemroot%\system32\wdi.dll,-500 (WdiSystemHost) - Unknown owner - C:\Windows\System32\svchost.exe
O23 - Service: @%systemroot%\system32\webclnt.dll,-100 (WebClient) - Unknown owner - C:\Windows\system32\svchost.exe
O23 - Service: @%SystemRoot%\system32\wecsvc.dll,-200 (Wecsvc) - Unknown owner - C:\Windows\system32\svchost.exe
O23 - Service: @%SystemRoot%\System32\wercplsupport.dll,-101 (wercplsupport) - Unknown owner - C:\Windows\System32\svchost.exe
O23 - Service: @%SystemRoot%\System32\wersvc.dll,-100 (WerSvc) - Unknown owner - C:\Windows\System32\svchost.exe
O23 - Service: @%ProgramFiles%\Windows Defender\MsMpRes.dll,-103 (WinDefend) - Unknown owner - C:\Windows\System32\svchost.exe
O23 - Service: @%SystemRoot%\system32\winhttp.dll,-100 (WinHttpAutoProxySvc) - Unknown owner - C:\Windows\system32\svchost.exe
O23 - Service: @%Systemroot%\system32\wbem\wmisvc.dll,-205 (Winmgmt) - Unknown owner - C:\Windows\system32\svchost.exe
O23 - Service: @%Systemroot%\system32\wsmsvc.dll,-101 (WinRM) - Unknown owner - C:\Windows\System32\svchost.exe
O23 - Service: @%SystemRoot%\System32\wlansvc.dll,-257 (Wlansvc) - Unknown owner - C:\Windows\system32\svchost.exe
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)
O23 - Service: @%SystemRoot%\system32\wpcsvc.dll,-100 (WPCSvc) - Unknown owner - C:\Windows\system32\svchost.exe
O23 - Service: @%SystemRoot%\system32\wpdbusenum.dll,-100 (WPDBusEnum) - Unknown owner - C:\Windows\system32\svchost.exe
O23 - Service: @%SystemRoot%\System32\wscsvc.dll,-200 (wscsvc) - Unknown owner - C:\Windows\System32\svchost.exe
O23 - Service: @%systemroot%\system32\SearchIndexer.exe,-103 (WSearch) - Unknown owner - C:\Windows\system32\SearchIndexer.exe
O23 - Service: Windows Update (wuauserv) - Unknown owner - C:\Windows\system32\svchost.exe
O23 - Service: @%SystemRoot%\system32\wudfsvc.dll,-1000 (wudfsvc) - Unknown owner - C:\Windows\system32\svchost.exe
O23 - Service: @%SystemRoot%\System32\wwansvc.dll,-257 (WwanSvc) - Unknown owner - C:\Windows\system32\svchost.exe
 
--
End of file - 21078 bytes
 


BC AdBot (Login to Remove)

 


#2 Machiavelli

Machiavelli

    Agent 007


  • Malware Response Instructor
  • 4,133 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Germany
  • Local time:01:41 AM

Posted 08 May 2014 - 12:42 PM

Hello and Welcome on board Nacuto :welcome:,

my Name is Machiavelli and I will assist you with your problem.
If you booted into safe mode on your computer then print my instructions!
I'm in the 'Malware Staff Team' and will provide you with advice:

To remove Malware on a computer can be very complicated. Malware (malicious software) is able to hide and so I may not be able to find it so easily. In order to remove Malware from you Computer, you need to follow my instructions carefully. Don't be worried if you don't know what to do. just ask me! Please stay in contact with me until the problem is fixed.

Below are a few tips:
  • Removing Malware is usually very difficult.
    We need to search and analyse a lot of files. As this is done in our free time, please be patient especially if I don't answer every day!
  • Please follow these instructions
    If you don't follow the instructions your computer may crash. If you fix your PC by yourself, this can be very risky!
  • Please stay in contact with me until your problem is resolved
    As Malware may not be totally removed in one session or in one day, please stay in contact with me until the problem is resolved.
  • Please don't run any other tools without consulting with me as this can complicate finding and removing all Malware
    Don't run any tools while I'm fixing your PC. That is counter productive and again, will only complicate finding and removing all Malware!
  • Read my post completely
    If you don't do so, you may make mistakes that could result in your System crashing by your own actions!
 

Hey,
which problems do you currently have? HJT is outdated so I will use another tool.

Please download OTL (by OldTimer) (if you haven't already) from the link below and save it to your Desktop.
 

Download Mirror #1

  • Please copy the text in the Quote box below, (Do Not copy the word Quote), and paste it in the customFix.png.pagespeed.ce.jU5V4w6MU1.pn box in OTL. To do that:
    • Highlight everything inside the quote box, (except the word Quote), right click the mouse and click Copy.

    netsvcs
    BASESERVICES
    %SYSTEMDRIVE%\*.exe
    /md5start
    services.*
    explorer.exe
    winlogon.exe
    Userinit.exe
    svchost.exe
    qmgr.dll
    mpsvc.dll
    winsock.*
    rpcss.dll
    /md5stop
    dir "%systemdrive%\*" /S /A:L /C
    CREATERESTOREPOINT

  • Open otlicon.png on the desktop. To do that:
    • XP users: Double click on the OTL icon.
    • Vista / 7 Users: Right click on the icon and click Run as Administrator)
  • Make sure all other windows are closed.
    • You will see a console like the one below:

      OTL_Main_Tutorial.gif
      • Click the box beside Scan All Users at the top of the console
      • If you have a 64bit Windows, click the box beside Include 64bit Scans at the top of the console.
      • Make sure the Output box at the top is set to Standard Output.
      • Check the boxes beside LOP Check and Purity Check.
      • Make sure that Use Safe List is checked under Extra Registry.
      • Place the mouse pointer inside the customFix.png.pagespeed.ce.jU5V4w6MU1.pn box, right click and click Paste. This will put the above script inside OTL
      • Click the runscanbutton.png.pagespeed.ce.KPQ_c3iHh button. Do not change any settings unless otherwise told to do so.
      • Let the scan run uninterrupted.
      • When the scan completes, it will open OTL.Txt on the desktop.
      • Please copy the contents of these files and paste it into your reply. To do that:
        • On the OTL.txt file Menu Bar click Edit then click Select All. This will highlight the contents of the file. Then click Copy.
        • Right click inside the forum post window then click Paste. This will paste the contents of the OTL.txt file in the in the post window.
      • Please do the same for the Extras.txt

~Machiavelli

If I don't reply within 24 hours please PM me!

  • Every topic with no replies within 5 days will be closed.
  • If you like my help here please give me feedback.

unite_blue.png
 
 


#3 Nacuto

Nacuto
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:08:41 AM

Posted 08 May 2014 - 03:55 PM

Hey, My pc is slow, and I feel that something take me to the connection.

Here :

OTL logfile created on: 08/05/2014 22:46:57 - Run 1
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\Nacuto\Desktop
64bit- Ultimate Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.11.9600.16428)
Locale: 0000040c | Country: France | Language: FRA | Date Format: dd/MM/yyyy
 
7,94 Gb Total Physical Memory | 2,23 Gb Available Physical Memory | 28,12% Memory free
15,87 Gb Paging File | 8,24 Gb Available in Paging File | 51,91% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 1862,92 Gb Total Space | 1467,49 Gb Free Space | 78,77% Space Free | Partition Type: NTFS
Drive E: | 465,75 Gb Total Space | 79,10 Gb Free Space | 16,98% Space Free | Partition Type: NTFS
Drive F: | 232,88 Gb Total Space | 209,73 Gb Free Space | 90,06% Space Free | Partition Type: NTFS
 
Computer Name: NACUTO-PC | User Name: Nacuto | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - [2014/05/08 22:43:56 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Nacuto\Desktop\OTL.exe
PRC - [2014/04/25 11:56:12 | 005,024,576 | ---- | M] (TeamViewer GmbH) -- C:\Program Files (x86)\TeamViewer\Version9\TeamViewer_Service.exe
PRC - [2014/04/24 02:33:15 | 000,841,032 | ---- | M] (Google Inc.) -- C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
PRC - [2014/04/15 10:46:32 | 003,814,736 | ---- | M] (LogMeIn Inc.) -- C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe
PRC - [2014/01/18 23:29:29 | 000,076,888 | ---- | M] () -- C:\Windows\SysWOW64\PnkBstrA.exe
 
 
========== Modules (No Company Name) ==========
 
MOD - [2014/04/24 02:33:13 | 000,390,472 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\34.0.1847.131\ppgooglenaclpluginchrome.dll
MOD - [2014/04/24 02:33:10 | 004,081,480 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\34.0.1847.131\pdf.dll
MOD - [2014/04/24 02:33:05 | 000,674,632 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\34.0.1847.131\libglesv2.dll
MOD - [2014/04/24 02:33:04 | 000,093,000 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\34.0.1847.131\libegl.dll
MOD - [2014/04/24 02:33:03 | 001,647,432 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\34.0.1847.131\ffmpegsumo.dll
MOD - [2014/04/24 02:33:01 | 000,065,352 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\34.0.1847.131\chrome_elf.dll
MOD - [2014/01/03 13:03:39 | 000,096,256 | ---- | M] () -- C:\Program Files (x86)\SplitMediaLabs\XSplit\swresample-0.dll
MOD - [2014/01/03 13:03:38 | 001,425,920 | ---- | M] () -- C:\Program Files (x86)\SplitMediaLabs\XSplit\avformat-54.dll
MOD - [2014/01/03 13:03:38 | 000,188,416 | ---- | M] () -- C:\Program Files (x86)\SplitMediaLabs\XSplit\avutil-52.dll
MOD - [2014/01/03 13:03:17 | 000,336,896 | ---- | M] () -- C:\Program Files (x86)\SplitMediaLabs\XSplit\swscale-2.dll
MOD - [2014/01/03 13:03:16 | 007,816,192 | ---- | M] () -- C:\Program Files (x86)\SplitMediaLabs\XSplit\avcodec-54.dll
 
 
========== Services (SafeList) ==========
 
SRV:64bit: - [2014/04/01 18:24:10 | 002,818,888 | ---- | M] (CybelSoft) [Disabled | Stopped] -- C:\Program Files\ma-config.com\MaConfigAgent.exe -- (MaConfigAgent)
SRV:64bit: - [2014/03/10 23:31:02 | 000,111,616 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\IEEtwCollector.exe -- (IEEtwCollectorService)
SRV:64bit: - [2014/02/05 11:32:24 | 016,941,856 | ---- | M] (NVIDIA Corporation) [Disabled | Stopped] -- C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe -- (NvStreamSvc)
SRV:64bit: - [2013/11/21 09:31:44 | 000,015,720 | ---- | M] (Intel Corporation) [Disabled | Stopped] -- C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe -- (IAStorDataMgrSvc)
SRV:64bit: - [2013/08/27 14:32:30 | 000,828,376 | ---- | M] (Intel® Corporation) [Disabled | Stopped] -- C:\Program Files\Intel\iCLS Client\SocketHeciServer.exe -- (Intel®
SRV:64bit: - [2013/08/27 14:32:14 | 000,747,520 | ---- | M] (Intel® Corporation) [Disabled | Stopped] -- C:\Program Files\Intel\iCLS Client\HeciServer.exe -- (Intel®
SRV:64bit: - [2013/06/13 21:31:10 | 000,357,144 | ---- | M] (Logitech, Inc.) [Disabled | Stopped] -- C:\Program Files\Common Files\LogiShrd\Bluetooth\lbtserv.exe -- (LBTServ)
SRV:64bit: - [2009/07/14 03:41:27 | 001,011,712 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\mpsvc.dll -- (WinDefend)
SRV:64bit: - [2009/07/14 03:40:01 | 000,193,536 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\appmgmts.dll -- (AppMgmt)
SRV - [2014/05/05 11:14:35 | 000,257,712 | ---- | M] (Adobe Systems Incorporated) [Disabled | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2014/04/25 11:56:12 | 005,024,576 | ---- | M] (TeamViewer GmbH) [Auto | Running] -- C:\Program Files (x86)\TeamViewer\Version9\TeamViewer_Service.exe -- (TeamViewer9)
SRV - [2014/04/15 10:46:28 | 002,227,536 | ---- | M] (LogMeIn Inc.) [On_Demand | Running] -- C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2.exe -- (Hamachi2Svc)
SRV - [2014/04/08 18:45:50 | 000,377,616 | ---- | M] (LogMeIn, Inc.) [Auto | Running] -- C:\Program Files (x86)\LogMeIn Hamachi\LMIGuardianSvc.exe -- (LMIGuardianSvc)
SRV - [2014/03/04 13:32:56 | 000,411,936 | ---- | M] (NVIDIA Corporation) [Disabled | Stopped] -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe -- (Stereo Service)
SRV - [2014/02/28 22:23:52 | 000,009,216 | ---- | M] (Hi-Rez Studios) [Disabled | Stopped] -- C:\Jeux\Smite\HiPatchService.exe -- (HiPatchService)
SRV - [2014/02/05 11:32:34 | 001,593,632 | ---- | M] (NVIDIA Corporation) [Disabled | Stopped] -- C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe -- (NvNetworkService)
SRV - [2014/01/18 23:29:29 | 000,076,888 | ---- | M] () [Auto | Running] -- C:\Windows\SysWOW64\PnkBstrA.exe -- (PnkBstrA)
SRV - [2013/12/21 08:04:16 | 000,065,432 | ---- | M] (Adobe Systems Incorporated) [Disabled | Stopped] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2013/12/10 01:27:38 | 000,390,616 | ---- | M] (Intel Corporation) [Disabled | Stopped] -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe -- (LMS)
SRV - [2013/12/10 01:27:36 | 000,169,432 | ---- | M] (Intel Corporation) [Disabled | Stopped] -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\Jhi_service.exe -- (jhi_service)
SRV - [2013/12/05 21:36:33 | 000,119,408 | ---- | M] (Mozilla Foundation) [Disabled | Stopped] -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2013/10/23 09:15:08 | 000,172,192 | R--- | M] (Skype Technologies) [Disabled | Stopped] -- C:\Program Files (x86)\Skype\Updater\Updater.exe -- (SkypeUpdate)
SRV - [2013/09/16 20:13:40 | 000,307,488 | ---- | M] () [Disabled | Stopped] -- C:\Program Files (x86)\NETGEAR\WNA3100M\WifiSvc.exe -- (WSWNA3100M)
SRV - [2013/08/28 23:47:18 | 000,563,624 | ---- | M] (Valve Corporation) [Disabled | Stopped] -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe -- (Steam Client Service)
SRV - [2013/03/01 03:48:58 | 000,118,520 | ---- | M] (Riverbed Technology, Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\WinPcap\rpcapd.exe -- (rpcapd)
SRV - [2010/03/18 13:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2009/06/10 23:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
 
 
========== Driver Services (SafeList) ==========
 
DRV:64bit: - [2014/02/24 17:33:46 | 000,017,568 | ---- | M] (CybelSoft) [Kernel | On_Demand | Stopped] -- C:\Program Files\ma-config.com\Drivers\ma-config_amd64.sys -- (ma-config_amd64)
DRV:64bit: - [2014/02/18 13:48:28 | 000,901,848 | ---- | M] (Realtek                                            ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Rt64win7.sys -- (RTL8167)
DRV:64bit: - [2013/12/27 20:42:26 | 000,039,200 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\nvvad64v.sys -- (nvvad_WaveExtensible)
DRV:64bit: - [2013/12/21 23:50:51 | 000,271,424 | ---- | M] (DT Soft Ltd) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\dtsoftbus01.sys -- (dtsoftbus01)
DRV:64bit: - [2013/12/10 01:27:36 | 000,100,312 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\TeeDriverx64.sys -- (MEIx64)
DRV:64bit: - [2013/11/21 09:31:28 | 000,632,168 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\iaStorA.sys -- (iaStorA)
DRV:64bit: - [2013/11/21 09:31:28 | 000,028,008 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\iaStorF.sys -- (iaStorF)
DRV:64bit: - [2013/09/17 16:48:30 | 000,795,632 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\iusb3xhc.sys -- (iusb3xhc)
DRV:64bit: - [2013/09/17 16:48:30 | 000,358,896 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\iusb3hub.sys -- (iusb3hub)
DRV:64bit: - [2013/09/17 16:48:30 | 000,020,464 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\iusb3hcs.sys -- (iusb3hcs)
DRV:64bit: - [2013/05/23 08:12:56 | 000,040,728 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\LUsbFilt.sys -- (LUsbFilt)
DRV:64bit: - [2013/05/23 08:12:52 | 000,059,160 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\LMouFilt.Sys -- (LMouFilt)
DRV:64bit: - [2013/05/23 08:12:50 | 000,076,568 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\LHidFilt.Sys -- (LHidFilt)
DRV:64bit: - [2013/03/01 03:49:12 | 000,036,600 | ---- | M] (Riverbed Technology, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\npf.sys -- (NPF)
DRV:64bit: - [2013/02/12 06:12:06 | 000,019,968 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usb8023x.sys -- (usb_rndisx)
DRV:64bit: - [2012/12/10 15:48:02 | 000,044,544 | ---- | M] (Research in Motion Ltd) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\RimSerial_AMD64.sys -- (RimVSerPort)
DRV:64bit: - [2012/03/01 08:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:64bit: - [2011/12/30 15:23:16 | 001,094,760 | ---- | M] (NETGEAR Corporation                           ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\wna3100m.sys -- (wna3100m)
DRV:64bit: - [2010/11/21 05:24:43 | 000,020,992 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\rdpvideominiport.sys -- (RdpVideoMiniport)
DRV:64bit: - [2010/11/21 05:24:33 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2010/11/21 05:23:48 | 000,117,248 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\tsusbhub.sys -- (tsusbhub)
DRV:64bit: - [2010/11/21 05:23:48 | 000,088,960 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\Synth3dVsc.sys -- (Synth3dVsc)
DRV:64bit: - [2010/11/21 05:23:48 | 000,071,168 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\dmvsc.sys -- (dmvsc)
DRV:64bit: - [2010/11/21 05:23:48 | 000,034,816 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\terminpt.sys -- (terminpt)
DRV:64bit: - [2010/11/21 05:23:47 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2010/11/21 05:23:47 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2010/11/21 05:23:47 | 000,031,232 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbGD.sys -- (TsUsbGD)
DRV:64bit: - [2010/11/21 05:23:47 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2009/07/14 03:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009/07/14 03:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009/07/14 03:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009/07/14 02:10:47 | 000,011,264 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\rootmdm.sys -- (ROOTMODEM)
DRV:64bit: - [2009/06/10 22:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009/06/10 22:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009/06/10 22:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009/06/10 22:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV:64bit: - [2009/03/18 17:35:42 | 000,033,856 | -H-- | M] (LogMeIn, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\hamachi.sys -- (hamachi)
DRV - [2009/07/14 03:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.google.com
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank
IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {33BB0A4E-99AF-4226-BDF6-49120163DE86}
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.google.com
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank
IE - HKLM\..\SearchScopes,DefaultScope = 
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
 
 
IE - HKU\.DEFAULT\..\SearchScopes,DefaultScope = 
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKU\S-1-5-18\..\SearchScopes,DefaultScope = 
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKU\S-1-5-19\..\SearchScopes,DefaultScope = 
 
IE - HKU\S-1-5-20\..\SearchScopes,DefaultScope = 
 
IE - HKU\S-1-5-21-3818266227-1873465231-1212256919-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.google.com
IE - HKU\S-1-5-21-3818266227-1873465231-1212256919-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank
IE - HKU\S-1-5-21-3818266227-1873465231-1212256919-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://fr.msn.com/?ocid=iehp
IE - HKU\S-1-5-21-3818266227-1873465231-1212256919-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = fr
IE - HKU\S-1-5-21-3818266227-1873465231-1212256919-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 00 37 93 33 59 CB CE 01  [binary data]
IE - HKU\S-1-5-21-3818266227-1873465231-1212256919-1000\..\SearchScopes,DefaultScope = 
IE - HKU\S-1-5-21-3818266227-1873465231-1212256919-1000\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE11SR
IE - HKU\S-1-5-21-3818266227-1873465231-1212256919-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
========== FireFox ==========
 
FF - prefs.js..browser.search.useDBForOrder: "false"
FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:26.0
FF - user.js - File not found
 
FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_13_0_0_206.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.25.2: C:\Windows\system32\npDeployJava1.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.25.2: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF:64bit: - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.30214.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_13_0_0_206.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\SysWOW64\Adobe\Director\np32dsw_1203133.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@intel-webapi.intel.com/Intel WebAPI ipt;version=4.0.5: C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIIPT.dll (Intel Corporation)
FF - HKLM\Software\MozillaPlugins\@intel-webapi.intel.com/Intel WebAPI updater: C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIUpdater.dll (Intel Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.51.2: C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.51.2: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\5.1.30214.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVision: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVisionStreaming: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
FF - HKLM\Software\MozillaPlugins\@pandonetworks.com/PandoWebPlugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll File not found
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.24.7\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.24.7\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.0.8: C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.1.2: C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.1.3: C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@talk.google.com/GoogleTalkPlugin: C:\Users\Nacuto\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll (Google)
FF - HKCU\Software\MozillaPlugins\@talk.google.com/O1DPlugin: C:\Users\Nacuto\AppData\Roaming\Mozilla\plugins\npo1d.dll (Google)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\Nacuto\AppData\Local\Google\Update\1.3.23.9\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\Nacuto\AppData\Local\Google\Update\1.3.23.9\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@unity3d.com/UnityPlayer,version=1.0: C:\Users\Nacuto\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS)
FF - HKCU\Software\MozillaPlugins\ubisoft.com/uplaypc: C:\Program Files (x86)\Ubisoft\Ubisoft Game Launcher\npuplaypc.dll File not found
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{F003DA68-8256-4b37-A6C4-350FA04494DF}: C:\Program Files\Logitech\SetPointP\LogiSmoothFirefoxExt [2013/10/02 18:23:33 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 26.0\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 26.0\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\{B64D9B05-48E1-4CEB-BF58-E0643994E900}: C:\Program Files (x86)\Common Files\DVDVideoSoft\plugins\ff\ [2014/04/26 12:07:46 | 000,000,000 | ---D | M]
 
[2014/01/24 19:24:30 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Nacuto\AppData\Roaming\mozilla\Extensions
[2014/01/24 19:24:13 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\browser\extensions
[2014/01/24 19:24:13 | 000,000,000 | ---D | M] (Default) -- C:\Program Files (x86)\Mozilla Firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
 
========== Chrome  ==========
 
CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:originalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}{google:bookmarkBarPinned}{google:searchClient}{google:sourceId}{google:instantExtendedEnabledParameter}{google:omniboxStartMarginParameter}ie={inputEncoding}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client={google:suggestClient}&gs_ri={google:suggestRid}&xssi=t&q={searchTerms}&{google:cursorPosition}{google:currentPageUrl}{google:pageClassification}sugkey={google:suggestAPIKeyParameter},
CHR - homepage: https://www.google.fr/
CHR - plugin: Error reading preferences file
CHR - Extension: Search Papoy = C:\Users\Nacuto\AppData\Local\Google\Chrome\User Data\Default\Extensions\ajkgkhepjponelmnplpciplmhagpknbg\1.3_0\
CHR - Extension: YouTube = C:\Users\Nacuto\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.6_0\
CHR - Extension: Adblock Plus = C:\Users\Nacuto\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb\1.8.1_0\
CHR - Extension: Adblock pour Youtubeâ„¢ = C:\Users\Nacuto\AppData\Local\Google\Chrome\User Data\Default\Extensions\cmedhionkhpnakcndndgjdbohmhepckk\2.16_0\
CHR - Extension: piano virtuel = C:\Users\Nacuto\AppData\Local\Google\Chrome\User Data\Default\Extensions\cohgcponedmbhgbbdinajeoapmoaifdj\4.9.3_0\
CHR - Extension: Recherche Google = C:\Users\Nacuto\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.20_0\
CHR - Extension: AdBlock = C:\Users\Nacuto\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.6.29_0\
CHR - Extension: Vérificateur de messages Google = C:\Users\Nacuto\AppData\Local\Google\Chrome\User Data\Default\Extensions\mihcahmgecmbnbcchbopgniflfhgnkff\4.4.0_0\
CHR - Extension: Google Wallet = C:\Users\Nacuto\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.6.1_1\
CHR - Extension: Deezer = C:\Users\Nacuto\AppData\Local\Google\Chrome\User Data\Default\Extensions\npfkoakaabdallkcdbpkkhfilkkngakh\1.3.2_0\
CHR - Extension: Outlook.com = C:\Users\Nacuto\AppData\Local\Google\Chrome\User Data\Default\Extensions\pfpeapihoiogbcmdmnibeplnikfnhoge\1.0.2_0\
CHR - Extension: Gmail = C:\Users\Nacuto\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\
 
O1 HOSTS File: ([2014/04/11 19:10:29 | 000,000,741 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2:64bit: - BHO: (Java™ Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2:64bit: - BHO: (Logitech SetPoint) - {AF949550-9094-4807-95EC-D1C317803333} - C:\Program Files\Logitech\SetPointP\SetPointSmooth.dll (Logitech, Inc.)
O2:64bit: - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O2:64bit: - BHO: (DVDVideoSoft IE Extension) - {EE932B49-D5C0-4D19-A3DA-CE0849258DE6} - C:\Program Files (x86)\Common Files\DVDVideoSoft\bin\IEDownloadMenuAndBtns64.dll (DVDVideoSoft Ltd.)
O2 - BHO: (Java™ Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (Logitech SetPoint) - {AF949550-9094-4807-95EC-D1C317803333} - C:\Program Files\Logitech\SetPointP\32-bit\SetPointSmooth.dll (Logitech, Inc.)
O2 - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O2 - BHO: (DVDVideoSoft IE Extension) - {EE932B49-D5C0-4D19-A3DA-CE0849258DE6} - C:\Program Files (x86)\Common Files\DVDVideoSoft\bin\IEDownloadMenuAndBtns.dll (DVDVideoSoft Ltd.)
O4:64bit: - HKLM..\Run: [RTHDVCPL] C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [LogMeIn Hamachi Ui] C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe (LogMeIn Inc.)
O4 - HKU\.DEFAULT..\Run: [Bitdefender Agent de l'application Wallet] "C:\Program Files\Bitdefender\Bitdefender\antispam32\bdapppassmgr.exe" File not found
O4 - HKU\.DEFAULT..\Run: [Bitdefender Wallet] "C:\Program Files\Bitdefender\Bitdefender\pwdmanui.exe" --hidden --nowizard File not found
O4 - HKU\.DEFAULT..\Run: [Bitdefender Wallet Agent] "C:\Program Files\Bitdefender\Bitdefender\pmbxag.exe" File not found
O4 - HKU\S-1-5-18..\Run: [Bitdefender Agent de l'application Wallet] "C:\Program Files\Bitdefender\Bitdefender\antispam32\bdapppassmgr.exe" File not found
O4 - HKU\S-1-5-18..\Run: [Bitdefender Wallet] "C:\Program Files\Bitdefender\Bitdefender\pwdmanui.exe" --hidden --nowizard File not found
O4 - HKU\S-1-5-18..\Run: [Bitdefender Wallet Agent] "C:\Program Files\Bitdefender\Bitdefender\pmbxag.exe" File not found
O4 - HKU\S-1-5-19..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-20..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-21-3818266227-1873465231-1212256919-1000..\Run: [SkyDrive] C:\Users\Nacuto\AppData\Local\Microsoft\SkyDrive\SkyDrive.exe (Microsoft Corporation)
O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 8
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0
O7 - HKU\S-1-5-21-3818266227-1873465231-1212256919-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O8:64bit: - Extra context menu item: Free YouTube to MP3 Converter - C:\Program Files (x86)\Common Files\DVDVideoSoft\plugins\freeytmp3downloader.htm ()
O8 - Extra context menu item: Free YouTube to MP3 Converter - C:\Program Files (x86)\Common Files\DVDVideoSoft\plugins\freeytmp3downloader.htm ()
O9:64bit: - Extra Button: Free YouTube Download - {EE932B49-D5C0-4D19-A3DA-CE0849258DE6} - C:\Program Files (x86)\Common Files\DVDVideoSoft\bin\IEDownloadMenuAndBtns64.dll (DVDVideoSoft Ltd.)
O9:64bit: - Extra 'Tools' menuitem : Free YouTube Download - {EE932B49-D5C0-4D19-A3DA-CE0849258DE6} - C:\Program Files (x86)\Common Files\DVDVideoSoft\bin\IEDownloadMenuAndBtns64.dll (DVDVideoSoft Ltd.)
O9 - Extra Button: Free YouTube Download - {EE932B49-D5C0-4D19-A3DA-CE0849258DE6} - C:\Program Files (x86)\Common Files\DVDVideoSoft\bin\IEDownloadMenuAndBtns.dll (DVDVideoSoft Ltd.)
O9 - Extra 'Tools' menuitem : Free YouTube Download - {EE932B49-D5C0-4D19-A3DA-CE0849258DE6} - C:\Program Files (x86)\Common Files\DVDVideoSoft\bin\IEDownloadMenuAndBtns.dll (DVDVideoSoft Ltd.)
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O15 - HKU\.DEFAULT\..Trusted Domains: clonewarsadventures.com ([]* in Trusted sites)
O15 - HKU\.DEFAULT\..Trusted Domains: freerealms.com ([]* in Trusted sites)
O15 - HKU\.DEFAULT\..Trusted Domains: soe.com ([]* in Trusted sites)
O15 - HKU\.DEFAULT\..Trusted Domains: sony.com ([]* in Trusted sites)
O15 - HKU\S-1-5-18\..Trusted Domains: clonewarsadventures.com ([]* in Trusted sites)
O15 - HKU\S-1-5-18\..Trusted Domains: freerealms.com ([]* in Trusted sites)
O15 - HKU\S-1-5-18\..Trusted Domains: soe.com ([]* in Trusted sites)
O15 - HKU\S-1-5-18\..Trusted Domains: sony.com ([]* in Trusted sites)
O15 - HKU\S-1-5-19\..Trusted Domains: clonewarsadventures.com ([]* in )
O15 - HKU\S-1-5-19\..Trusted Domains: freerealms.com ([]* in )
O15 - HKU\S-1-5-19\..Trusted Domains: soe.com ([]* in )
O15 - HKU\S-1-5-19\..Trusted Domains: sony.com ([]* in )
O15 - HKU\S-1-5-20\..Trusted Domains: clonewarsadventures.com ([]* in )
O15 - HKU\S-1-5-20\..Trusted Domains: freerealms.com ([]* in )
O15 - HKU\S-1-5-20\..Trusted Domains: soe.com ([]* in )
O15 - HKU\S-1-5-20\..Trusted Domains: sony.com ([]* in )
O16 - DPF: {5AE58FCF-6F6A-49B2-B064-02492C66E3F4} http://catalog.update.microsoft.com/v7/site/ClientControl/en/x86/MuCatalogWebControl.cab?1394487707044 (MUCatalogWebControl Class)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{09E017B8-95DB-4956-BB10-001A124578E1}: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{8681991F-23D8-4EBA-87F1-2DC8E03C6E1B}: DhcpNameServer = 212.27.40.240 212.27.40.241
O18:64bit: - Protocol\Handler\skype4com - No CLSID value found
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation)
O20:64bit: - Winlogon\Notify\LBTWlgn: DllName - (c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll) - c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll (Logitech, Inc.)
O20:64bit: - Winlogon\Notify\WB: DllName - (C:\Program Files (x86)\Stardock\MyColors\fast64.dll) -  File not found
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 0
O32 - AutoRun File - [2013/05/29 21:10:55 | 000,000,000 | ---- | M] () - E:\AUTOEXEC.BAT -- [ NTFS ]
O33 - MountPoints2\{932eb6ae-69c6-11e3-bc18-08606ed76f8d}\Shell - "" = AutoRun
O33 - MountPoints2\{932eb6ae-69c6-11e3-bc18-08606ed76f8d}\Shell\AutoRun\command - "" = D:\Autorun.exe
O33 - MountPoints2\{a7aa473d-ffab-11e2-bd87-08606ed76f8d}\Shell - "" = AutoRun
O33 - MountPoints2\{a7aa473d-ffab-11e2-bd87-08606ed76f8d}\Shell\AutoRun\command - "" = C:\Windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL D:\autorun.bat
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)
 
NetSvcs:64bit: AppMgmt - C:\Windows\SysNative\appmgmts.dll (Microsoft Corporation)
 
CREATERESTOREPOINT
Restore point Set: OTL Restore Point
 
========== Files/Folders - Created Within 30 Days ==========
 
[2014/05/08 22:44:12 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\Nacuto\Desktop\OTL.exe
[2014/05/08 17:54:04 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Trend Micro
[2014/05/08 17:54:04 | 000,000,000 | ---D | C] -- C:\Users\Nacuto\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\HiJackThis
[2014/05/08 17:46:33 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\LogMeIn Hamachi
[2014/05/08 17:46:33 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\LogMeIn Hamachi
[2014/05/08 17:20:25 | 000,000,000 | ---D | C] -- C:\Users\Nacuto\AppData\Roaming\.technic
[2014/05/07 07:47:07 | 000,000,000 | ---D | C] -- C:\Users\Nacuto\AppData\Roaming\TeamViewer
[2014/05/06 13:21:33 | 000,000,000 | R--D | C] -- C:\Users\Nacuto\OneDrive
[2014/05/06 13:21:33 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft OneDrive
[2014/05/04 14:08:03 | 000,000,000 | ---D | C] -- C:\Users\Nacuto\AppData\Local\LogMeIn Hamachi
[2014/05/03 23:17:05 | 000,000,000 | ---D | C] -- C:\Users\Nacuto\AppData\Local\CrashRpt
[2014/05/03 23:16:52 | 000,000,000 | ---D | C] -- C:\Users\Nacuto\AppData\Roaming\Achiwa
[2014/05/03 23:16:41 | 000,000,000 | ---D | C] -- C:\Users\Nacuto\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Achiwa
[2014/05/03 23:16:41 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Achiwa
[2014/05/03 23:16:40 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinPcap
[2014/05/03 23:16:38 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\WinPcap
[2014/05/03 23:16:27 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Achiwa
[2014/05/03 13:04:30 | 000,000,000 | ---D | C] -- C:\Users\Nacuto\Documents\Electronic Arts
[2014/05/03 12:08:32 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft WSE
[2014/05/02 22:32:15 | 000,000,000 | ---D | C] -- C:\Users\Nacuto\Documents\Command & Conquer Generals - Heure H Data
[2014/05/02 22:19:08 | 000,000,000 | ---D | C] -- C:\Users\Nacuto\Documents\Command and Conquer Generals Zero Hour Data
[2014/05/02 16:26:15 | 000,000,000 | ---D | C] -- C:\Users\Nacuto\AppData\Roaming\skyz
[2014/04/30 21:33:28 | 000,000,000 | ---D | C] -- C:\Users\Nacuto\AppData\Local\CrashDumps
[2014/04/30 19:17:55 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\projects
[2014/04/30 19:17:55 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\Logs
[2014/04/28 13:36:14 | 000,000,000 | ---D | C] -- C:\Users\Nacuto\AppData\Roaming\OBS
[2014/04/28 13:35:55 | 000,000,000 | ---D | C] -- C:\Users\Nacuto\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Open Broadcaster Software
[2014/04/28 13:35:54 | 000,000,000 | ---D | C] -- C:\Program Files\OBS
[2014/04/28 13:35:53 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\OBS
[2014/04/26 13:22:48 | 000,000,000 | ---D | C] -- C:\Users\Nacuto\Documents\NCSOFT
[2014/04/26 11:56:19 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\XSplit
[2014/04/26 11:51:49 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\SplitMediaLabs
[2014/04/26 11:20:14 | 000,000,000 | -HSD | C] -- C:\Windows\SysWow64\AI_RecycleBin
[2014/04/26 10:36:40 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CPUID
[2014/04/25 23:45:02 | 000,000,000 | ---D | C] -- C:\Users\Nacuto\AppData\Roaming\NCSOFT
[2014/04/25 23:45:02 | 000,000,000 | ---D | C] -- C:\Users\Nacuto\AppData\Local\NCSOFT
[2014/04/23 23:08:00 | 000,000,000 | ---D | C] -- C:\Users\Nacuto\AppData\Roaming\Factorio
[2014/04/22 21:10:06 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CrystalDiskInfo
[2014/04/22 21:10:05 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\CrystalDiskInfo
[2014/04/21 22:59:24 | 000,000,000 | ---D | C] -- C:\Users\Nacuto\AppData\Roaming\.minecraft
[2014/04/21 20:51:55 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\7-Zip
[2014/04/21 20:51:55 | 000,000,000 | ---D | C] -- C:\Program Files\7-Zip
[2014/04/16 19:17:15 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\AGEIA Technologies
[2014/04/16 19:16:42 | 000,599,840 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvStreaming.exe
[2014/04/16 19:14:33 | 031,474,976 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\nvoglv64.dll
[2014/04/16 19:14:33 | 023,716,640 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvoglv32.dll
[2014/04/16 19:14:33 | 018,302,384 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\nvwgf2umx.dll
[2014/04/16 19:14:33 | 015,783,992 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvwgf2um.dll
[2014/04/16 19:14:33 | 011,589,272 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\nvopencl.dll
[2014/04/16 19:14:33 | 009,690,424 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvopencl.dll
[2014/04/16 19:14:33 | 000,039,200 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\drivers\nvvad64v.sys
[2014/04/16 19:14:33 | 000,035,104 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\nvaudcap64v.dll
[2014/04/16 19:14:33 | 000,033,056 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvaudcap32v.dll
[2014/04/16 19:14:32 | 025,255,256 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\nvcompiler.dll
[2014/04/16 19:14:32 | 017,755,424 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\nvd3dumx.dll
[2014/04/16 19:14:32 | 017,561,544 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvcompiler.dll
[2014/04/16 19:14:32 | 011,636,176 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\nvcuda.dll
[2014/04/16 19:14:32 | 009,728,064 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvcuda.dll
[2014/04/16 19:14:32 | 003,143,456 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\nvcuvid.dll
[2014/04/16 19:14:32 | 003,093,280 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\nvapi64.dll
[2014/04/16 19:14:32 | 002,958,792 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvcuvid.dll
[2014/04/16 19:14:32 | 002,783,008 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\nvcuvenc.dll
[2014/04/16 19:14:32 | 002,715,264 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvapi.dll
[2014/04/16 19:14:32 | 002,411,976 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvcuvenc.dll
[2014/04/16 19:14:32 | 001,885,472 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\nvdispco6433523.dll
[2014/04/16 19:14:32 | 001,516,488 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\nvdispgenco6433523.dll
[2014/04/16 19:14:32 | 000,892,704 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\NvIFR64.dll
[2014/04/16 19:14:32 | 000,877,856 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\NvFBC64.dll
[2014/04/16 19:14:32 | 000,863,064 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysWow64\NvIFR.dll
[2014/04/16 19:14:32 | 000,846,168 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysWow64\NvFBC.dll
[2014/04/16 19:13:11 | 000,000,000 | ---D | C] -- C:\NVIDIA
[2014/04/16 19:11:36 | 000,901,848 | ---- | C] (Realtek                                            ) -- C:\Windows\SysNative\drivers\Rt64win7.sys
[2014/04/16 19:11:36 | 000,073,800 | ---- | C] (Realtek Semiconductor Corporation) -- C:\Windows\SysNative\RtNicProp64.dll
[2014/04/16 14:58:58 | 000,000,000 | ---D | C] -- C:\Program Files\Realtek
[2014/04/16 14:58:57 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\RTCOM
[2014/04/16 14:58:36 | 005,538,072 | ---- | C] (ASUSTeKcomputer.Inc Inc) -- C:\Windows\SysNative\RTKSMlfx.dll
[2014/04/16 14:58:36 | 002,810,072 | ---- | C] (Realtek Semiconductor Corp.) -- C:\Windows\SysNative\RtPgEx64.dll
[2014/04/16 14:58:36 | 002,587,352 | ---- | C] (Realtek Semiconductor Corp.) -- C:\Windows\SysNative\RtkAPO64.dll
[2014/04/16 14:58:36 | 002,103,040 | ---- | C] (Waves Audio Ltd.) -- C:\Windows\SysNative\WavesGUILib64.dll
[2014/04/16 14:58:36 | 001,662,024 | ---- | C] (Realtek Semiconductor Corp.) -- C:\Windows\SysNative\RTSnMg64.cpl
[2014/04/16 14:58:36 | 001,361,336 | ---- | C] (TOSHIBA Corporation) -- C:\Windows\SysNative\tosade.dll
[2014/04/16 14:58:36 | 001,286,360 | ---- | C] (Realtek Semiconductor Corp.) -- C:\Windows\SysNative\RTCOM64.dll
[2014/04/16 14:58:36 | 001,021,656 | ---- | C] (Realtek Semiconductor Corp.) -- C:\Windows\SysNative\RtkApi64.dll
[2014/04/16 14:58:36 | 001,014,016 | ---- | C] (SRS Labs, Inc.) -- C:\Windows\SysNative\slcnt64.dll
[2014/04/16 14:58:36 | 000,947,760 | ---- | C] (Sony Corporation) -- C:\Windows\SysNative\SFSS_APO.dll
[2014/04/16 14:58:36 | 000,897,792 | ---- | C] (DTS, Inc.) -- C:\Windows\SysNative\sl3apo64.dll
[2014/04/16 14:58:36 | 000,871,856 | ---- | C] (TOSHIBA Corporation) -- C:\Windows\SysNative\tossaeapo64.dll
[2014/04/16 14:58:36 | 000,836,544 | ---- | C] (TOSHIBA Corporation) -- C:\Windows\SysNative\tadefxapo264.dll
[2014/04/16 14:58:36 | 000,754,488 | ---- | C] (ASUSTeKcomputer.Inc Inc) -- C:\Windows\SysNative\RTKSMSettingsIPC.dll
[2014/04/16 14:58:36 | 000,722,688 | ---- | C] (DTS, Inc.) -- C:\Windows\SysNative\sltech64.dll
[2014/04/16 14:58:36 | 000,617,176 | ---- | C] (Realtek Semiconductor Corp.) -- C:\Windows\SysNative\RtDataProc64.dll
[2014/04/16 14:58:36 | 000,582,056 | ---- | C] (TOSHIBA Corporation) -- C:\Windows\SysNative\tosasfapo64.dll
[2014/04/16 14:58:36 | 000,518,896 | ---- | C] (SRS Labs, Inc.) -- C:\Windows\SysNative\SRSTSX64.dll
[2014/04/16 14:58:36 | 000,375,128 | ---- | C] (Dolby Laboratories, Inc.) -- C:\Windows\SysNative\RTEEP64A.dll
[2014/04/16 14:58:36 | 000,331,880 | ---- | C] (Realtek Semiconductor Corp.) -- C:\Windows\SysNative\RtlCPAPI64.dll
[2014/04/16 14:58:36 | 000,310,104 | ---- | C] (Dolby Laboratories, Inc.) -- C:\Windows\SysNative\RP3DHT64.dll
[2014/04/16 14:58:36 | 000,310,104 | ---- | C] (Dolby Laboratories, Inc.) -- C:\Windows\SysNative\RP3DAA64.dll
[2014/04/16 14:58:36 | 000,244,480 | ---- | C] (TODO: <Company name>) -- C:\Windows\SysNative\slprp64.dll
[2014/04/16 14:58:36 | 000,221,024 | ---- | C] (Synopsys, Inc.) -- C:\Windows\SysNative\SFNHK64.dll
[2014/04/16 14:58:36 | 000,211,184 | ---- | C] (SRS Labs, Inc.) -- C:\Windows\SysNative\SRSTSH64.dll
[2014/04/16 14:58:36 | 000,204,120 | ---- | C] (Dolby Laboratories, Inc.) -- C:\Windows\SysNative\RTEED64A.dll
[2014/04/16 14:58:36 | 000,198,896 | ---- | C] (SRS Labs, Inc.) -- C:\Windows\SysNative\SRSHP64.dll
[2014/04/16 14:58:36 | 000,162,224 | ---- | C] (TOSHIBA Corporation) -- C:\Windows\SysNative\toseaeapo64.dll
[2014/04/16 14:58:36 | 000,155,888 | ---- | C] (SRS Labs, Inc.) -- C:\Windows\SysNative\SRSWOW64.dll
[2014/04/16 14:58:36 | 000,149,608 | ---- | C] (Realtek Semiconductor Corp.) -- C:\Windows\SysNative\RtkCfg64.dll
[2014/04/16 14:58:36 | 000,148,416 | ---- | C] (TOSHIBA Corporation) -- C:\Windows\SysNative\tadefxapo.dll
[2014/04/16 14:58:36 | 000,101,208 | ---- | C] (Dolby Laboratories, Inc.) -- C:\Windows\SysNative\RTEEL64A.dll
[2014/04/16 14:58:36 | 000,081,248 | ---- | C] (Synopsys, Inc.) -- C:\Windows\SysNative\SFCOM64.dll
[2014/04/16 14:58:36 | 000,078,688 | ---- | C] (Synopsys, Inc.) -- C:\Windows\SysNative\SFAPO64.dll
[2014/04/16 14:58:36 | 000,078,680 | ---- | C] (Dolby Laboratories, Inc.) -- C:\Windows\SysNative\RTEEG64A.dll
[2014/04/16 14:58:36 | 000,074,064 | ---- | C] (Virage Logic Corporation / Sonic Focus) -- C:\Windows\SysWow64\SFCOM.dll
[2014/04/16 14:58:36 | 000,065,944 | ---- | C] (TOSHIBA CORPORATION.) -- C:\Windows\SysNative\tepeqapo64.dll
[2014/04/16 14:58:36 | 000,014,952 | ---- | C] (Realtek Semiconductor Corp.) -- C:\Windows\SysNative\RtkCoLDR64.dll
[2014/04/16 14:58:35 | 037,850,112 | ---- | C] (Realtek Semiconductor Corp.) -- C:\Windows\SysNative\RCoRes64.dat
[2014/04/16 14:58:35 | 027,518,208 | ---- | C] (Waves Audio Ltd.) -- C:\Windows\SysNative\MaxxAudioVnA64.dll
[2014/04/16 14:58:35 | 014,048,512 | ---- | C] (Waves Audio Ltd.) -- C:\Windows\SysNative\MaxxAudioRealtek64.dll
[2014/04/16 14:58:35 | 007,164,176 | ---- | C] (Dolby Laboratories) -- C:\Windows\SysNative\R4EEP64A.dll
[2014/04/16 14:58:35 | 003,610,880 | ---- | C] (Waves Audio Ltd.) -- C:\Windows\SysNative\MaxxAudioVnN64.dll
[2014/04/16 14:58:35 | 002,032,896 | ---- | C] (Waves Audio Ltd.) -- C:\Windows\SysNative\MaxxAudioEQ64.dll
[2014/04/16 14:58:35 | 001,916,672 | ---- | C] (Waves Audio Ltd.) -- C:\Windows\SysNative\MaxxAudioRealtek264.dll
[2014/04/16 14:58:35 | 001,325,312 | ---- | C] (Waves Audio Ltd.) -- C:\Windows\SysNative\MaxxAudioAPO5064.dll
[2014/04/16 14:58:35 | 001,084,160 | ---- | C] (Waves Audio Ltd.) -- C:\Windows\SysNative\MaxxAudioAPO4064.dll
[2014/04/16 14:58:35 | 000,922,880 | ---- | C] (Waves Audio Ltd.) -- C:\Windows\SysNative\MaxxAudioAPOShell64.dll
[2014/04/16 14:58:35 | 000,907,008 | ---- | C] (Waves Audio Ltd.) -- C:\Windows\SysNative\MaxxVoiceAPO2064.dll
[2014/04/16 14:58:35 | 000,906,800 | ---- | C] (Sony Corporation) -- C:\Windows\SysNative\MISS_APO.dll
[2014/04/16 14:58:35 | 000,790,272 | ---- | C] (Waves Audio Ltd.) -- C:\Windows\SysWow64\MaxxAudioAPOShell.dll
[2014/04/16 14:58:35 | 000,765,184 | ---- | C] (Waves Audio Ltd.) -- C:\Windows\SysNative\MaxxSpeechAPO64.dll
[2014/04/16 14:58:35 | 000,663,296 | ---- | C] (Waves Audio Ltd.) -- C:\Windows\SysNative\MaxxAudioAPO30.dll
[2014/04/16 14:58:35 | 000,662,784 | ---- | C] (Waves Audio Ltd.) -- C:\Windows\SysNative\MaxxVolumeSDAPO.dll
[2014/04/16 14:58:35 | 000,603,984 | ---- | C] (Knowles Acoustics ) -- C:\Windows\SysNative\KAAPORT64.dll
[2014/04/16 14:58:35 | 000,434,960 | ---- | C] (Dolby Laboratories) -- C:\Windows\SysNative\R4EED64A.dll
[2014/04/16 14:58:35 | 000,318,808 | ---- | C] (Waves Audio Ltd.) -- C:\Windows\SysNative\MaxxAudioAPO20.dll
[2014/04/16 14:58:35 | 000,151,256 | ---- | C] (Realtek Semiconductor Corp.) -- C:\Windows\SysNative\RCoInstII64.dll
[2014/04/16 14:58:35 | 000,141,584 | ---- | C] (Dolby Laboratories) -- C:\Windows\SysNative\R4EEL64A.dll
[2014/04/16 14:58:35 | 000,124,176 | ---- | C] (Dolby Laboratories) -- C:\Windows\SysNative\R4EEA64A.dll
[2014/04/16 14:58:35 | 000,075,024 | ---- | C] (Dolby Laboratories) -- C:\Windows\SysNative\R4EEG64A.dll
[2014/04/16 14:58:33 | 006,217,904 | ---- | C] (Dolby Laboratories) -- C:\Windows\SysNative\DDPP64A.dll
[2014/04/16 14:58:33 | 002,743,328 | ---- | C] (Fortemedia Corporation) -- C:\Windows\SysNative\FMAPO64.dll
[2014/04/16 14:58:33 | 001,938,608 | ---- | C] (Dolby Laboratories) -- C:\Windows\SysNative\DDPD64A.dll
[2014/04/16 14:58:33 | 001,756,264 | ---- | C] (DTS) -- C:\Windows\SysNative\DTSS2SpeakerDLL64.dll
[2014/04/16 14:58:33 | 001,568,360 | ---- | C] (DTS) -- C:\Windows\SysNative\DTSS2HeadphoneDLL64.dll
[2014/04/16 14:58:33 | 001,486,952 | ---- | C] (DTS) -- C:\Windows\SysNative\DTSBoostDLL64.dll
[2014/04/16 14:58:33 | 000,728,680 | ---- | C] (DTS) -- C:\Windows\SysNative\DTSBassEnhancementDLL64.dll
[2014/04/16 14:58:33 | 000,712,296 | ---- | C] (DTS) -- C:\Windows\SysNative\DTSSymmetryDLL64.dll
[2014/04/16 14:58:33 | 000,693,352 | ---- | C] (DTS) -- C:\Windows\SysNative\DTSVoiceClarityDLL64.dll
[2014/04/16 14:58:33 | 000,501,184 | ---- | C] (DTS) -- C:\Windows\SysNative\DTSU2PLFX64.dll
[2014/04/16 14:58:33 | 000,491,112 | ---- | C] (DTS) -- C:\Windows\SysNative\DTSNeoPCDLL64.dll
[2014/04/16 14:58:33 | 000,487,360 | ---- | C] (DTS) -- C:\Windows\SysNative\DTSU2PGFX64.dll
[2014/04/16 14:58:33 | 000,432,744 | ---- | C] (DTS) -- C:\Windows\SysNative\DTSLimiterDLL64.dll
[2014/04/16 14:58:33 | 000,428,648 | ---- | C] (DTS) -- C:\Windows\SysNative\DTSGainCompensatorDLL64.dll
[2014/04/16 14:58:33 | 000,415,680 | ---- | C] (DTS) -- C:\Windows\SysNative\DTSU2PREC64.dll
[2014/04/16 14:58:33 | 000,313,520 | ---- | C] (Dolby Laboratories) -- C:\Windows\SysNative\DDPO64A.dll
[2014/04/16 14:58:33 | 000,260,272 | ---- | C] (Dolby Laboratories) -- C:\Windows\SysNative\DDPA64.dll
[2014/04/16 14:58:33 | 000,242,792 | ---- | C] (DTS) -- C:\Windows\SysNative\DTSLFXAPO64.dll
[2014/04/16 14:58:33 | 000,242,792 | ---- | C] (DTS) -- C:\Windows\SysNative\DTSGFXAPO64.dll
[2014/04/16 14:58:33 | 000,241,768 | ---- | C] (DTS) -- C:\Windows\SysNative\DTSGFXAPONS64.dll
[2014/04/16 14:58:33 | 000,209,096 | ---- | C] (Andrea Electronics Corporation) -- C:\Windows\SysNative\AERTAC64.dll
[2014/04/16 14:58:33 | 000,113,576 | ---- | C] (Real Sound Lab SIA) -- C:\Windows\SysNative\CONEQMSAPOGUILibrary.dll
[2014/04/16 14:58:33 | 000,108,640 | ---- | C] (Andrea Electronics Corporation) -- C:\Windows\SysNative\AERTAR64.dll
[2014/04/16 14:58:30 | 002,080,472 | ---- | C] (Realtek Semiconductor Corp.) -- C:\Windows\RtlExUpd.dll
[2014/04/16 14:58:30 | 000,000,000 | -H-D | C] -- C:\Program Files (x86)\Temp
[2014/04/16 14:46:55 | 000,000,000 | ---D | C] -- C:\Intel
[2014/04/16 14:46:46 | 000,100,312 | ---- | C] (Intel Corporation) -- C:\Windows\SysNative\drivers\TeeDriverx64.sys
[2014/04/16 14:43:52 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ma-config.com
[2014/04/11 22:33:15 | 000,000,000 | ---D | C] -- C:\Users\Nacuto\AppData\Local\ElevatedDiagnostics
[2014/04/11 19:02:45 | 000,000,000 | ---D | C] -- C:\AdwCleaner
[2014/04/11 18:55:41 | 000,594,432 | ---- | C] (Realtek Semiconductor Corp. ) -- C:\Windows\SysWow64\Rtlihvs.dll
[2014/04/11 18:55:41 | 000,594,432 | ---- | C] (Realtek Semiconductor Corp. ) -- C:\Windows\SysNative\Rtlihvs.dll
[2014/04/11 18:55:41 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\NETGEAR
[2014/04/11 18:55:22 | 000,000,000 | ---D | C] -- C:\Users\Nacuto\AppData\Roaming\InstallShield
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
 
========== Files - Modified Within 30 Days ==========
 
[2014/05/08 22:43:56 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Nacuto\Desktop\OTL.exe
[2014/05/08 22:18:00 | 000,001,068 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2014/05/08 22:04:00 | 000,001,082 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-3818266227-1873465231-1212256919-1000UA.job
[2014/05/08 21:50:00 | 000,001,002 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2014/05/08 21:45:22 | 000,006,064 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2014/05/08 21:45:22 | 000,006,064 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2014/05/08 17:54:04 | 000,002,981 | ---- | M] () -- C:\Users\Nacuto\Desktop\HiJackThis.lnk
[2014/05/08 17:51:08 | 001,665,132 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2014/05/08 17:51:08 | 000,746,094 | ---- | M] () -- C:\Windows\SysNative\perfh00C.dat
[2014/05/08 17:51:08 | 000,652,976 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2014/05/08 17:51:08 | 000,149,110 | ---- | M] () -- C:\Windows\SysNative\perfc00C.dat
[2014/05/08 17:51:08 | 000,121,406 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2014/05/08 17:45:17 | 000,001,064 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2014/05/08 17:45:10 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2014/05/08 17:45:07 | 2097,090,559 | -HS- | M] () -- C:\hiberfil.sys
[2014/05/08 12:04:00 | 000,001,030 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-3818266227-1873465231-1212256919-1000Core.job
[2014/05/07 19:51:36 | 005,195,484 | ---- | M] () -- C:\Users\Nacuto\Desktop\20 - Scatman John - Scatman.mp3
[2014/05/05 11:14:35 | 000,692,400 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerApp.exe
[2014/05/05 11:14:35 | 000,070,832 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
[2014/05/03 23:16:41 | 000,000,995 | ---- | M] () -- C:\Users\Nacuto\Desktop\Achiwa.lnk
[2014/05/03 11:32:02 | 000,271,088 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2014/05/02 22:27:01 | 000,000,975 | ---- | M] () -- C:\Windows\eReg.dat
[2014/04/30 19:18:19 | 000,000,523 | ---- | M] () -- C:\Windows\SysWow64\0000000000000000_crash.json
[2014/04/26 17:09:27 | 000,000,008 | ---- | M] () -- C:\Users\Nacuto\AppData\Roaming\DofusAppId0_2
[2014/04/26 17:09:07 | 000,000,117 | ---- | M] () -- C:\Users\Nacuto\AppData\Roaming\D2Info0
[2014/04/26 12:07:58 | 000,001,536 | ---- | M] () -- C:\Users\Public\Desktop\Free YouTube to MP3 Converter.lnk
[2014/04/26 11:56:19 | 000,001,133 | ---- | M] () -- C:\Users\Nacuto\Application Data\Microsoft\Internet Explorer\Quick Launch\XSplit Broadcaster.lnk
[2014/04/25 00:42:35 | 000,002,427 | ---- | M] () -- C:\Users\Nacuto\Desktop\MegaDébrideur Download Manager.lnk
[2014/04/23 23:07:29 | 000,001,814 | ---- | M] () -- C:\Users\Nacuto\Desktop\Factorio v0.9.6.lnk
[2014/04/22 21:10:06 | 000,001,190 | ---- | M] () -- C:\Users\Nacuto\Desktop\CrystalDiskInfo.lnk
[2014/04/22 14:21:33 | 000,281,688 | ---- | M] () -- C:\Windows\SysWow64\PnkBstrB.xtr
[2014/04/22 14:21:33 | 000,281,688 | ---- | M] () -- C:\Windows\SysWow64\PnkBstrB.exe
[2014/04/16 14:59:05 | 000,000,000 | -H-- | M] () -- C:\ProgramData\DP45977C.lfl
[2014/04/16 14:58:27 | 000,001,769 | ---- | M] () -- C:\Windows\Language_trs.ini
[2014/04/11 19:03:13 | 000,001,186 | ---- | M] () -- C:\Users\Nacuto\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
 
========== Files Created - No Company Name ==========
 
[2014/05/08 17:54:04 | 000,002,981 | ---- | C] () -- C:\Users\Nacuto\Desktop\HiJackThis.lnk
[2014/05/07 19:50:35 | 005,195,484 | ---- | C] () -- C:\Users\Nacuto\Desktop\20 - Scatman John - Scatman.mp3
[2014/05/06 13:21:33 | 000,002,226 | ---- | C] () -- C:\Users\Nacuto\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Microsoft OneDrive.lnk
[2014/05/03 23:16:41 | 000,000,995 | ---- | C] () -- C:\Users\Nacuto\Desktop\Achiwa.lnk
[2014/05/02 22:24:37 | 000,000,975 | ---- | C] () -- C:\Windows\eReg.dat
[2014/04/30 19:18:19 | 000,000,523 | ---- | C] () -- C:\Windows\SysWow64\0000000000000000_crash.json
[2014/04/26 12:07:58 | 000,001,536 | ---- | C] () -- C:\Users\Public\Desktop\Free YouTube to MP3 Converter.lnk
[2014/04/26 11:56:19 | 000,001,133 | ---- | C] () -- C:\Users\Nacuto\Application Data\Microsoft\Internet Explorer\Quick Launch\XSplit Broadcaster.lnk
[2014/04/25 00:42:35 | 000,002,457 | ---- | C] () -- C:\Users\Nacuto\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\MegaDébrideur Download Manager.lnk
[2014/04/25 00:42:35 | 000,002,427 | ---- | C] () -- C:\Users\Nacuto\Desktop\MegaDébrideur Download Manager.lnk
[2014/04/23 23:07:29 | 000,001,814 | ---- | C] () -- C:\Users\Nacuto\Desktop\Factorio v0.9.6.lnk
[2014/04/22 21:10:06 | 000,001,190 | ---- | C] () -- C:\Users\Nacuto\Desktop\CrystalDiskInfo.lnk
[2014/04/16 14:59:05 | 000,000,000 | -H-- | C] () -- C:\ProgramData\DP45977C.lfl
[2014/04/16 14:58:36 | 005,681,192 | ---- | C] () -- C:\Windows\SysNative\drivers\rtvienna.dat
[2014/04/16 14:58:36 | 000,673,037 | ---- | C] () -- C:\Windows\SysNative\drivers\RTAIODAT.DAT
[2014/04/16 14:58:33 | 000,605,496 | ---- | C] () -- C:\Windows\SysNative\audioLibVc.dll
[2014/04/16 14:58:33 | 000,109,848 | ---- | C] () -- C:\Windows\SysNative\AcpiServiceVnA64.dll
[2014/04/16 14:58:27 | 000,001,769 | ---- | C] () -- C:\Windows\Language_trs.ini
[2014/04/11 19:21:29 | 000,271,088 | ---- | C] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2014/01/18 23:29:30 | 000,281,688 | ---- | C] () -- C:\Windows\SysWow64\PnkBstrB.exe
[2014/01/18 23:29:29 | 000,076,888 | ---- | C] () -- C:\Windows\SysWow64\PnkBstrA.exe
[2013/11/22 05:10:22 | 000,032,587 | ---- | C] () -- C:\ProgramData\1385089803.bdinstall.bin
[2013/11/22 04:42:05 | 000,054,847 | ---- | C] () -- C:\ProgramData\1385088105.bdinstall.bin
[2013/11/22 04:11:52 | 000,054,848 | ---- | C] () -- C:\ProgramData\1385086289.bdinstall.bin
[2013/11/22 03:41:39 | 000,054,848 | ---- | C] () -- C:\ProgramData\1385084477.bdinstall.bin
[2013/11/22 03:11:27 | 000,055,005 | ---- | C] () -- C:\ProgramData\1385082665.bdinstall.bin
[2013/11/21 04:47:31 | 000,054,854 | ---- | C] () -- C:\ProgramData\1385002028.bdinstall.bin
[2013/11/21 04:17:19 | 000,054,854 | ---- | C] () -- C:\ProgramData\1385000217.bdinstall.bin
[2013/11/21 03:47:07 | 000,054,853 | ---- | C] () -- C:\ProgramData\1384998405.bdinstall.bin
[2013/11/21 03:16:55 | 000,054,853 | ---- | C] () -- C:\ProgramData\1384996592.bdinstall.bin
[2013/11/21 02:46:43 | 000,054,853 | ---- | C] () -- C:\ProgramData\1384994781.bdinstall.bin
[2013/11/21 02:16:32 | 000,054,853 | ---- | C] () -- C:\ProgramData\1384992969.bdinstall.bin
[2013/11/21 01:46:20 | 000,054,853 | ---- | C] () -- C:\ProgramData\1384991159.bdinstall.bin
[2013/11/21 01:16:09 | 000,054,854 | ---- | C] () -- C:\ProgramData\1384989347.bdinstall.bin
[2013/11/21 00:45:57 | 000,054,853 | ---- | C] () -- C:\ProgramData\1384987533.bdinstall.bin
[2013/11/21 00:15:43 | 000,054,852 | ---- | C] () -- C:\ProgramData\1384985715.bdinstall.bin
[2013/11/20 23:45:26 | 000,054,852 | ---- | C] () -- C:\ProgramData\1384983900.bdinstall.bin
[2013/11/20 23:15:09 | 000,054,852 | ---- | C] () -- C:\ProgramData\1384982086.bdinstall.bin
[2013/11/20 22:44:57 | 000,054,852 | ---- | C] () -- C:\ProgramData\1384980273.bdinstall.bin
[2013/11/20 22:14:39 | 000,055,011 | ---- | C] () -- C:\ProgramData\1384978451.bdinstall.bin
[2013/11/15 00:24:38 | 000,636,036 | ---- | C] () -- C:\ProgramData\1384467353.bdinstall.bin
[2013/11/15 00:24:33 | 000,050,007 | ---- | C] () -- C:\ProgramData\1384467849.bdinstall.bin
[2013/11/14 23:40:36 | 000,007,605 | ---- | C] () -- C:\Users\Nacuto\AppData\Local\Resmon.ResmonCfg
[2013/10/24 11:59:12 | 000,000,045 | ---- | C] () -- C:\Windows\nfsc_patch.ini
[2013/10/12 23:05:17 | 000,811,292 | ---- | C] () -- C:\ProgramData\1381610414.bdinstall.bin
[2013/08/07 23:39:04 | 000,000,008 | ---- | C] () -- C:\Users\Nacuto\AppData\Roaming\DofusAppId0_3
[2013/08/07 23:21:23 | 000,000,008 | ---- | C] () -- C:\Users\Nacuto\AppData\Roaming\DofusAppId0_1
[2013/08/07 23:20:54 | 000,000,117 | ---- | C] () -- C:\Users\Nacuto\AppData\Roaming\D2Info0
[2013/08/07 23:20:54 | 000,000,008 | ---- | C] () -- C:\Users\Nacuto\AppData\Roaming\DofusAppId0_2
[2013/08/07 19:00:44 | 001,642,742 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2013/04/18 20:06:46 | 000,974,848 | ---- | C] () -- C:\Windows\SysWow64\cis-2.4.dll
[2013/04/18 20:06:46 | 000,081,920 | ---- | C] () -- C:\Windows\SysWow64\issacapi_bs-2.3.dll
[2013/04/18 20:06:46 | 000,065,536 | ---- | C] () -- C:\Windows\SysWow64\issacapi_pe-2.3.dll
[2013/04/18 20:06:46 | 000,057,344 | ---- | C] () -- C:\Windows\SysWow64\issacapi_se-2.3.dll
[2013/03/01 03:47:36 | 000,053,299 | ---- | C] () -- C:\Windows\SysWow64\pthreadVC.dll
[2013/02/13 12:27:54 | 000,001,536 | ---- | C] () -- C:\Windows\SysWow64\IusEventLog.dll
 
========== ZeroAccess Check ==========
 
[2009/07/14 06:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
 
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64
 
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"" = C:\Windows\SysNative\shell32.dll -- [2012/06/09 07:43:10 | 014,172,672 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2012/06/09 06:41:00 | 012,873,728 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009/07/14 03:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2010/11/21 05:24:25 | 000,606,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009/07/14 03:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
 
========== LOP Check ==========
 
[2014/05/04 15:48:28 | 000,000,000 | ---D | M] -- C:\Users\Nacuto\AppData\Roaming\.minecraft
[2014/05/08 17:26:45 | 000,000,000 | ---D | M] -- C:\Users\Nacuto\AppData\Roaming\.technic
[2014/05/06 13:12:06 | 000,000,000 | ---D | M] -- C:\Users\Nacuto\AppData\Roaming\Achiwa
[2014/01/23 00:03:57 | 000,000,000 | ---D | M] -- C:\Users\Nacuto\AppData\Roaming\AdamOutler
[2013/08/07 23:21:54 | 000,000,000 | ---D | M] -- C:\Users\Nacuto\AppData\Roaming\AnkamaCertificates
[2013/08/07 23:20:56 | 000,000,000 | ---D | M] -- C:\Users\Nacuto\AppData\Roaming\app
[2013/10/26 12:56:16 | 000,000,000 | ---D | M] -- C:\Users\Nacuto\AppData\Roaming\Awesomium
[2014/03/05 14:20:08 | 000,000,000 | ---D | M] -- C:\Users\Nacuto\AppData\Roaming\Battle.net
[2013/08/10 00:08:18 | 000,000,000 | ---D | M] -- C:\Users\Nacuto\AppData\Roaming\Carbon
[2014/01/06 21:14:59 | 000,000,000 | ---D | M] -- C:\Users\Nacuto\AppData\Roaming\Curse Advertising
[2013/12/10 22:18:58 | 000,000,000 | ---D | M] -- C:\Users\Nacuto\AppData\Roaming\DAEMON Tools Lite
[2014/05/02 22:15:24 | 000,000,000 | ---D | M] -- C:\Users\Nacuto\AppData\Roaming\DAEMON Tools Pro
[2013/08/07 23:21:23 | 000,000,000 | ---D | M] -- C:\Users\Nacuto\AppData\Roaming\Dofus
[2013/08/07 23:20:54 | 000,000,000 | ---D | M] -- C:\Users\Nacuto\AppData\Roaming\Dofus-2
[2013/08/07 23:39:04 | 000,000,000 | ---D | M] -- C:\Users\Nacuto\AppData\Roaming\Dofus-3
[2014/04/26 17:09:37 | 000,000,000 | ---D | M] -- C:\Users\Nacuto\AppData\Roaming\Dofus2
[2014/01/23 01:52:52 | 000,000,000 | ---D | M] -- C:\Users\Nacuto\AppData\Roaming\driver
[2014/04/26 12:08:02 | 000,000,000 | ---D | M] -- C:\Users\Nacuto\AppData\Roaming\DVDVideoSoft
[2014/01/20 20:45:55 | 000,000,000 | ---D | M] -- C:\Users\Nacuto\AppData\Roaming\ECSoftware
[2014/04/28 18:16:15 | 000,000,000 | ---D | M] -- C:\Users\Nacuto\AppData\Roaming\Factorio
[2013/08/22 19:02:48 | 000,000,000 | ---D | M] -- C:\Users\Nacuto\AppData\Roaming\GameRanger
[2013/10/02 18:24:08 | 000,000,000 | ---D | M] -- C:\Users\Nacuto\AppData\Roaming\Leadertech
[2013/08/08 11:42:57 | 000,000,000 | ---D | M] -- C:\Users\Nacuto\AppData\Roaming\LolClient
[2014/01/03 05:06:27 | 000,000,000 | ---D | M] -- C:\Users\Nacuto\AppData\Roaming\Might & Magic Heroes VI
[2014/05/01 21:25:14 | 000,000,000 | ---D | M] -- C:\Users\Nacuto\AppData\Roaming\Mumble
[2014/04/25 23:45:02 | 000,000,000 | ---D | M] -- C:\Users\Nacuto\AppData\Roaming\NCSOFT
[2014/03/15 15:38:50 | 000,000,000 | ---D | M] -- C:\Users\Nacuto\AppData\Roaming\Notepad++
[2014/04/28 13:36:14 | 000,000,000 | ---D | M] -- C:\Users\Nacuto\AppData\Roaming\OBS
[2013/10/19 23:01:55 | 000,000,000 | ---D | M] -- C:\Users\Nacuto\AppData\Roaming\OpenOffice
[2013/11/15 18:49:37 | 000,000,000 | ---D | M] -- C:\Users\Nacuto\AppData\Roaming\Origin
[2013/10/12 22:40:14 | 000,000,000 | ---D | M] -- C:\Users\Nacuto\AppData\Roaming\QuickScan
[2013/08/07 23:20:57 | 000,000,000 | ---D | M] -- C:\Users\Nacuto\AppData\Roaming\Reg
[2013/08/07 23:20:56 | 000,000,000 | ---D | M] -- C:\Users\Nacuto\AppData\Roaming\Reg.C9ECCBDBA4E09304DEEFB106465BC17F6D6749B9.1
[2013/08/07 22:53:22 | 000,000,000 | ---D | M] -- C:\Users\Nacuto\AppData\Roaming\Riot Games
[2014/02/16 20:23:18 | 000,000,000 | ---D | M] -- C:\Users\Nacuto\AppData\Roaming\Samsung
[2014/05/02 16:27:51 | 000,000,000 | ---D | M] -- C:\Users\Nacuto\AppData\Roaming\skyz
[2014/03/16 12:54:59 | 000,000,000 | ---D | M] -- C:\Users\Nacuto\AppData\Roaming\SplitMediaLabs
[2014/01/12 16:44:32 | 000,000,000 | ---D | M] -- C:\Users\Nacuto\AppData\Roaming\Spore
[2014/04/05 00:52:40 | 000,000,000 | ---D | M] -- C:\Users\Nacuto\AppData\Roaming\Spotify
[2014/05/07 07:47:07 | 000,000,000 | ---D | M] -- C:\Users\Nacuto\AppData\Roaming\TeamViewer
[2014/01/04 17:03:12 | 000,000,000 | ---D | M] -- C:\Users\Nacuto\AppData\Roaming\Todae
[2014/05/07 16:42:03 | 000,000,000 | ---D | M] -- C:\Users\Nacuto\AppData\Roaming\TS3Client
[2013/08/09 22:03:23 | 000,000,000 | ---D | M] -- C:\Users\Nacuto\AppData\Roaming\Unity
[2014/04/26 12:12:00 | 000,000,000 | ---D | M] -- C:\Users\Nacuto\AppData\Roaming\uTorrent
[2013/12/05 16:54:45 | 000,000,000 | ---D | M] -- C:\Users\Nacuto\AppData\Roaming\wargaming.net
 
========== Purity Check ==========
 
 
 
========== Custom Scans ==========
 
========== Base Services ==========
SRV:64bit: - [2009/07/14 03:40:01 | 000,072,192 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\aelupsvc.dll -- (AeLookupSvc)
SRV:64bit: - [2010/11/21 05:24:08 | 000,070,656 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\appinfo.dll -- (Appinfo)
SRV:64bit: - [2009/07/14 03:38:55 | 000,079,360 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\alg.exe -- (ALG)
SRV:64bit: - [2010/11/21 05:23:51 | 000,849,920 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\qmgr.dll -- (BITS)
SRV:64bit: - [2010/11/21 05:24:00 | 000,705,024 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\BFE.DLL -- (BFE)
SRV:64bit: - [2011/11/17 08:33:55 | 000,031,232 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\lsass.exe -- (KeyIso)
SRV:64bit: - [2009/07/14 03:40:50 | 000,402,944 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\es.dll -- (EventSystem)
SRV - [2009/07/14 03:15:19 | 000,271,360 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysWOW64\es.dll -- (EventSystem)
SRV:64bit: - [2012/07/05 00:13:27 | 000,136,704 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\browser.dll -- (Browser)
SRV:64bit: - [2012/06/02 07:41:28 | 000,184,320 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\cryptsvc.dll -- (CryptSvc)
SRV - [2012/06/02 06:36:29 | 000,140,288 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysWOW64\cryptsvc.dll -- (CryptSvc)
SRV:64bit: - [2010/11/21 05:24:01 | 000,512,000 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\rpcss.dll -- (DcomLaunch)
SRV:64bit: - [2010/11/21 05:24:00 | 000,317,952 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\dhcpcore.dll -- (Dhcp)
SRV - [2010/11/21 05:24:09 | 000,254,464 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysWOW64\dhcpcore.dll -- (Dhcp)
SRV:64bit: - [2011/03/03 08:24:16 | 000,183,296 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\dnsrslvr.dll -- (Dnscache)
SRV:64bit: - [2009/07/14 03:40:35 | 000,111,104 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\eapsvc.dll -- (EapHost)
SRV:64bit: - [2009/07/14 03:41:00 | 000,038,912 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\hidserv.dll -- (hidserv)
SRV - [2009/07/14 03:15:24 | 000,049,152 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysWOW64\hidserv.dll -- (hidserv)
SRV:64bit: - [2009/07/14 03:41:10 | 000,359,424 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\ipnathlp.dll -- (SharedAccess)
SRV:64bit: - [2010/11/21 05:23:48 | 000,501,248 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\IPSECSVC.DLL -- (PolicyAgent)
No service found with a name of MsMpSvc
No service found with a name of NisSrv
SRV:64bit: - [2009/07/14 03:41:54 | 000,524,288 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\swprv.dll -- (swprv)
SRV:64bit: - [2009/07/14 03:41:26 | 000,067,584 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\mmcss.dll -- (MMCSS)
SRV:64bit: - [2009/07/14 03:41:52 | 000,360,448 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\netman.dll -- (Netman)
SRV:64bit: - [2009/07/14 03:41:52 | 000,459,776 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\netprofm.dll -- (netprofm)
SRV - [2009/07/14 03:16:03 | 000,360,448 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysWOW64\netprofm.dll -- (netprofm)
SRV:64bit: - [2010/11/21 05:23:54 | 000,303,616 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\nlasvc.dll -- (NlaSvc)
SRV:64bit: - [2009/07/14 03:41:53 | 000,025,600 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\nsisvc.dll -- (nsi)
SRV:64bit: - [2011/05/24 13:42:55 | 000,404,480 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\umpnpmgr.dll -- (PlugPlay)
SRV:64bit: - [2010/11/21 05:24:27 | 000,559,104 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\spoolsv.exe -- (Spooler)
SRV:64bit: - [2011/11/17 08:33:55 | 000,031,232 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\lsass.exe -- (ProtectedStorage)
No service found with a name of EMDMgmt
SRV:64bit: - [2009/07/14 03:41:53 | 000,099,328 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\rasauto.dll -- (RasAuto)
SRV:64bit: - [2010/11/21 05:24:17 | 000,344,064 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\rasmans.dll -- (RasMan)
SRV:64bit: - [2010/11/21 05:24:01 | 000,512,000 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\rpcss.dll -- (RpcSs)
SRV:64bit: - [2010/11/21 05:24:16 | 000,030,720 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\seclogon.dll -- (seclogon)
SRV:64bit: - [2011/11/17 08:33:55 | 000,031,232 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\lsass.exe -- (SamSs)
SRV:64bit: - [2009/07/14 03:41:58 | 000,097,280 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\wscsvc.dll -- (wscsvc)
SRV:64bit: - [2010/11/21 05:23:48 | 000,236,032 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\srvsvc.dll -- (LanmanServer)
SRV:64bit: - [2010/11/21 05:23:55 | 000,370,688 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\shsvcs.dll -- (ShellHWDetection)
SRV - [2010/11/21 05:24:03 | 000,328,192 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysWOW64\shsvcs.dll -- (ShellHWDetection)
No service found with a name of slsvc
SRV:64bit: - [2010/11/21 05:24:16 | 001,110,016 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\schedsvc.dll -- (Schedule)
SRV:64bit: - [2010/11/21 05:24:32 | 000,316,928 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\tapisrv.dll -- (TapiSrv)
SRV - [2010/11/21 05:24:00 | 000,242,176 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysWOW64\tapisrv.dll -- (TapiSrv)
SRV:64bit: - [2009/07/14 03:41:55 | 000,044,544 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\themeservice.dll -- (Themes)
SRV:64bit: - [2012/05/01 07:40:20 | 000,209,920 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\profsvc.dll -- (ProfSvc)
SRV:64bit: - [2010/11/21 05:23:55 | 001,600,512 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\VSSVC.exe -- (VSS)
SRV:64bit: - [2010/11/21 05:24:32 | 000,679,424 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\audiosrv.dll -- (AudioSrv)
SRV:64bit: - [2010/11/21 05:24:32 | 000,679,424 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\audiosrv.dll -- (AudioEndpointBuilder)
SRV:64bit: - [2010/11/21 05:25:06 | 000,170,496 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\sdrsvc.dll -- (SDRSVC)
SRV:64bit: - [2009/07/14 03:41:27 | 001,011,712 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\mpsvc.dll -- (WinDefend)
SRV:64bit: - [2010/11/21 05:23:55 | 001,646,080 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\wevtsvc.dll -- (eventlog)
SRV:64bit: - [2010/11/21 05:24:28 | 000,828,416 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\MPSSVC.dll -- (MpsSvc)
SRV:64bit: - [2010/11/21 05:24:48 | 000,580,096 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\wiaservc.dll -- (stisvc)
SRV:64bit: - [2010/11/21 05:24:15 | 000,128,000 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\msiexec.exe -- (msiserver)
SRV - [2010/11/21 05:24:28 | 000,073,216 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysWow64\msiexec.exe -- (msiserver)
SRV:64bit: - [2009/07/14 03:41:56 | 000,242,688 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\wbem\WMIsvc.dll -- (Winmgmt)
SRV:64bit: - [2012/06/03 00:19:43 | 002,428,952 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\wuaueng.dll -- (wuauserv)
SRV:64bit: - [2010/11/21 05:24:09 | 000,252,416 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\dot3svc.dll -- (dot3svc)
SRV:64bit: - [2009/07/14 03:41:56 | 000,886,784 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\wlansvc.dll -- (Wlansvc)
SRV:64bit: - [2010/11/21 05:24:32 | 000,118,784 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\wkssvc.dll -- (LanmanWorkstation)
 
< %SYSTEMDRIVE%\*.exe  >
 
< MD5 for: EXPLORER.EXE  >
[2010/11/21 05:24:25 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=40D777B7A95E00593EB1568C68514493 -- C:\Windows\SysWOW64\explorer.exe
[2010/11/21 05:24:25 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=40D777B7A95E00593EB1568C68514493 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17514_none_ba2f56d3c4bcbafb\explorer.exe
[2010/11/21 05:24:11 | 002,872,320 | ---- | M] (Microsoft Corporation) MD5=AC4C51EB24AA95B77F705AB159189E24 -- C:\Windows\explorer.exe
[2010/11/21 05:24:11 | 002,872,320 | ---- | M] (Microsoft Corporation) MD5=AC4C51EB24AA95B77F705AB159189E24 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17514_none_afdaac81905bf900\explorer.exe
 
< MD5 for: MPSVC.DLL  >
[2013/05/27 07:26:41 | 001,011,712 | ---- | M] (Microsoft Corporation) MD5=7B6CD2C784B13D63481B6BF49605C026 -- C:\Windows\winsxs\amd64_security-malware-windows-defender_31bf3856ad364e35_6.1.7601.22341_none_b648c5e888076cca\MpSvc.dll
[2013/05/27 07:50:47 | 001,011,712 | ---- | M] (Microsoft Corporation) MD5=7CBB1D4D13DC62D7F529D87151FD3CD3 -- C:\Windows\winsxs\amd64_security-malware-windows-defender_31bf3856ad364e35_6.1.7601.18170_none_b59db7296f030a55\MpSvc.dll
[2009/07/14 03:41:27 | 001,011,712 | ---- | M] (Microsoft Corporation) MD5=CF318F60A84F15AF352439465A8D05F4 -- C:\Program Files\Windows Defender\MpSvc.dll
[2009/07/14 03:41:27 | 001,011,712 | ---- | M] (Microsoft Corporation) MD5=CF318F60A84F15AF352439465A8D05F4 -- C:\Windows\winsxs\amd64_security-malware-windows-defender_31bf3856ad364e35_6.1.7601.17514_none_b5e2b6396ecea306\MpSvc.dll
 
< MD5 for: QMGR.DLL  >
[2010/11/21 05:23:51 | 000,849,920 | ---- | M] (Microsoft Corporation) MD5=1EA7969E3271CBC59E1730697DC74682 -- C:\Windows\SysNative\qmgr.dll
[2010/11/21 05:23:51 | 000,849,920 | ---- | M] (Microsoft Corporation) MD5=1EA7969E3271CBC59E1730697DC74682 -- C:\Windows\winsxs\amd64_microsoft-windows-bits-client_31bf3856ad364e35_6.1.7601.17514_none_81b6ca5c101195cd\qmgr.dll
 
< MD5 for: RPCSS.DLL  >
[2010/11/21 05:24:01 | 000,512,000 | ---- | M] (Microsoft Corporation) MD5=5C627D1B1138676C0A7AB2C2C190D123 -- C:\Windows\SysNative\rpcss.dll
[2010/11/21 05:24:01 | 000,512,000 | ---- | M] (Microsoft Corporation) MD5=5C627D1B1138676C0A7AB2C2C190D123 -- C:\Windows\winsxs\amd64_microsoft-windows-com-base-qfe-rpcss_31bf3856ad364e35_6.1.7601.17514_none_c7f0e16b547f887d\rpcss.dll
 
< MD5 for: SERVICES  >
[2009/06/10 23:00:26 | 000,017,463 | ---- | M] () MD5=D9E1A01B480D961B7CF0509D597A92D6 -- C:\Windows\winsxs\amd64_microsoft-windows-w..nfrastructure-other_31bf3856ad364e35_6.1.7600.16385_none_6079f415110c0210\services
 
< MD5 for: SERVICES.ASFX  >
[2013/12/21 08:04:30 | 000,002,614 | ---- | M] () MD5=F1B43A488FA907619B1469F76373D812 -- C:\Program Files (x86)\Adobe\Reader 11.0\Reader\Locale\fr_FR\Services\Services.asfx
 
< MD5 for: SERVICES.ASFX18  >
[2012/09/23 21:43:42 | 000,002,616 | R--- | M] () MD5=939A97CCEC5E78C7D41262B21158D749 -- C:\Windows\Installer\$PatchCache$\Managed\68AB67CA7DA76301B744BA0000000010\11.0.0\services.asfx18
 
< MD5 for: SERVICES.CFG  >
[2012/09/23 20:43:36 | 000,603,848 | R--- | M] () MD5=81B120EAEE296F0E54F66C16C5A21367 -- C:\Windows\Installer\$PatchCache$\Managed\68AB67CA7DA76301B744BA0000000010\11.0.0\services.cfg
[2013/12/21 08:04:16 | 000,559,392 | ---- | M] () MD5=F9FBA73F44366AB3514BD1985707F178 -- C:\Program Files (x86)\Adobe\Reader 11.0\Reader\Services\Services.cfg
 
< MD5 for: SERVICES.EXE  >
[2009/07/14 03:39:37 | 000,328,704 | ---- | M] (Microsoft Corporation) MD5=24ACB7E5BE595468E3B9AA488B9B4FCB -- C:\Windows\SysNative\services.exe
[2009/07/14 03:39:37 | 000,328,704 | ---- | M] (Microsoft Corporation) MD5=24ACB7E5BE595468E3B9AA488B9B4FCB -- C:\Windows\winsxs\amd64_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.1.7600.16385_none_2b54b20ee6fa07b1\services.exe
 
< MD5 for: SERVICES.EXE.MUI  >
[2011/04/12 11:15:59 | 000,019,968 | ---- | M] (Microsoft Corporation) MD5=18A525B3727F2AE7E8D440F42FC82C2E -- C:\Windows\SysNative\fr-FR\services.exe.mui
[2011/04/12 11:15:59 | 000,019,968 | ---- | M] (Microsoft Corporation) MD5=18A525B3727F2AE7E8D440F42FC82C2E -- C:\Windows\winsxs\amd64_microsoft-windows-s..ontroller.resources_31bf3856ad364e35_6.1.7600.16385_fr-fr_68750ba1329f3c6f\services.exe.mui
 
< MD5 for: SERVICES.LNK  >
[2009/07/14 06:54:05 | 000,001,288 | ---- | M] () MD5=CA0D9F4743DFF86EBAF09D763139E958 -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\services.lnk
[2009/07/14 06:54:05 | 000,001,288 | ---- | M] () MD5=CA0D9F4743DFF86EBAF09D763139E958 -- C:\Users\All Users\Microsoft\Windows\Start Menu\Programs\Administrative Tools\services.lnk
 
< MD5 for: SERVICES.MOF  >
[2009/06/10 22:44:06 | 000,002,866 | ---- | M] () MD5=26A11C895A7F0B6D32105EBE127D8500 -- C:\Windows\SysNative\wbem\services.mof
[2009/06/10 22:44:06 | 000,002,866 | ---- | M] () MD5=26A11C895A7F0B6D32105EBE127D8500 -- C:\Windows\winsxs\amd64_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.1.7600.16385_none_2b54b20ee6fa07b1\services.mof
 
< MD5 for: SERVICES.MSC  >
[2011/04/12 11:15:58 | 000,092,751 | ---- | M] () MD5=1E203CFA3C6C7661317793BEEBA3423B -- C:\Windows\SysNative\fr-FR\services.msc
[2011/04/12 11:16:00 | 000,092,751 | ---- | M] () MD5=1E203CFA3C6C7661317793BEEBA3423B -- C:\Windows\SysWOW64\fr-FR\services.msc
[2011/04/12 11:15:58 | 000,092,751 | ---- | M] () MD5=1E203CFA3C6C7661317793BEEBA3423B -- C:\Windows\winsxs\amd64_microsoft-windows-s..cessnapin.resources_31bf3856ad364e35_6.1.7600.16385_fr-fr_a2b6db8d0908d662\services.msc
[2011/04/12 11:16:00 | 000,092,751 | ---- | M] () MD5=1E203CFA3C6C7661317793BEEBA3423B -- C:\Windows\winsxs\x86_microsoft-windows-s..cessnapin.resources_31bf3856ad364e35_6.1.7600.16385_fr-fr_4698400950ab652c\services.msc
[2009/06/10 22:38:36 | 000,092,745 | ---- | M] () MD5=7A1D35F59468B8118AF5B8E21DF78AE2 -- C:\Windows\SysNative\services.msc
[2009/06/10 23:21:09 | 000,092,745 | ---- | M] () MD5=7A1D35F59468B8118AF5B8E21DF78AE2 -- C:\Windows\SysWOW64\services.msc
[2009/06/10 22:38:36 | 000,092,745 | ---- | M] () MD5=7A1D35F59468B8118AF5B8E21DF78AE2 -- C:\Windows\winsxs\amd64_microsoft-windows-servicessnapin_31bf3856ad364e35_6.1.7600.16385_none_2b58d44b5f6beb8a\services.msc
[2009/06/10 23:21:09 | 000,092,745 | ---- | M] () MD5=7A1D35F59468B8118AF5B8E21DF78AE2 -- C:\Windows\winsxs\x86_microsoft-windows-servicessnapin_31bf3856ad364e35_6.1.7600.16385_none_cf3a38c7a70e7a54\services.msc
 
< MD5 for: SERVICES.PTXML  >
[2009/07/13 22:16:17 | 000,001,061 | ---- | M] () MD5=640D7DD61B1CFA6C96F80F68F78CDFA7 -- C:\Windows\SysNative\wdi\perftrack\Services.ptxml
[2009/07/13 22:16:17 | 000,001,061 | ---- | M] () MD5=640D7DD61B1CFA6C96F80F68F78CDFA7 -- C:\Windows\winsxs\amd64_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.1.7600.16385_none_2b54b20ee6fa07b1\Services.ptxml
 
< MD5 for: SERVICES.XCONFIG  >
[2014/03/29 16:55:40 | 000,003,642 | ---- | M] () MD5=489CD2E4452844137CADA9F2E84FA6FA -- C:\Program Files (x86)\OBS\services.xconfig
[2014/03/29 16:55:40 | 000,003,642 | ---- | M] () MD5=489CD2E4452844137CADA9F2E84FA6FA -- C:\Program Files\OBS\services.xconfig
 
< MD5 for: SVCHOST.EXE  >
[2009/07/14 03:14:41 | 000,020,992 | ---- | M] (Microsoft Corporation) MD5=54A47F6B5E09A77E61649109C6A08866 -- C:\Windows\SysWOW64\svchost.exe
[2009/07/14 03:14:41 | 000,020,992 | ---- | M] (Microsoft Corporation) MD5=54A47F6B5E09A77E61649109C6A08866 -- C:\Windows\winsxs\x86_microsoft-windows-services-svchost_31bf3856ad364e35_6.1.7600.16385_none_b591afc466a15356\svchost.exe
[2013/04/04 15:50:32 | 000,218,184 | ---- | M] () MD5=B4C6E3889BB310CA7E974A04EC6E46AC -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\Chameleon\svchost.exe
[2009/07/14 03:39:46 | 000,027,136 | ---- | M] (Microsoft Corporation) MD5=C78655BC80301D76ED4FEF1C1EA40A7D -- C:\Windows\SysNative\svchost.exe
[2009/07/14 03:39:46 | 000,027,136 | ---- | M] (Microsoft Corporation) MD5=C78655BC80301D76ED4FEF1C1EA40A7D -- C:\Windows\winsxs\amd64_microsoft-windows-services-svchost_31bf3856ad364e35_6.1.7600.16385_none_11b04b481efec48c\svchost.exe
 
< MD5 for: USERINIT.EXE  >
[2010/11/21 05:23:55 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\SysWOW64\userinit.exe
[2010/11/21 05:23:55 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7601.17514_none_de3024012ff21116\userinit.exe
[2010/11/21 05:24:28 | 000,030,720 | ---- | M] (Microsoft Corporation) MD5=BAFE84E637BF7388C96EF48D4D3FDD53 -- C:\Windows\SysNative\userinit.exe
[2010/11/21 05:24:28 | 000,030,720 | ---- | M] (Microsoft Corporation) MD5=BAFE84E637BF7388C96EF48D4D3FDD53 -- C:\Windows\winsxs\amd64_microsoft-windows-userinit_31bf3856ad364e35_6.1.7601.17514_none_3a4ebf84e84f824c\userinit.exe
 
< MD5 for: WINLOGON.EXE  >
[2010/11/21 05:24:29 | 000,390,656 | ---- | M] (Microsoft Corporation) MD5=1151B1BAA6F350B1DB6598E0FEA7C457 -- C:\ProgramData\Microsoft\Windows\RAI\64\winlogon.exe
[2010/11/21 05:24:29 | 000,390,656 | ---- | M] (Microsoft Corporation) MD5=1151B1BAA6F350B1DB6598E0FEA7C457 -- C:\Users\All Users\Microsoft\Windows\RAI\64\winlogon.exe
[2010/11/21 05:24:29 | 000,390,656 | ---- | M] (Microsoft Corporation) MD5=1151B1BAA6F350B1DB6598E0FEA7C457 -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7601.17514_none_cde90685eb910636\winlogon.exe
[2010/08/14 11:37:49 | 000,389,632 | ---- | M] (Microsoft Corporation) MD5=87A00ED70FEC36D0DD968E5058C29AA1 -- C:\Windows\SysNative\winlogon.exe
[2013/04/04 15:50:32 | 000,218,184 | ---- | M] () MD5=B4C6E3889BB310CA7E974A04EC6E46AC -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\Chameleon\winlogon.exe
 
< dir "% Systemdrive% \ *" / S / A: L / C  >
[2009/07/14 07:08:49 | 000,000,006 | -H-- | C] () -- C:\Windows\Tasks\SA.DAT
[2009/07/14 07:08:49 | 000,019,534 | ---- | C] () -- C:\Windows\Tasks\SCHEDLGU.TXT
[2013/08/22 19:05:43 | 000,001,002 | ---- | C] () -- C:\Windows\Tasks\Adobe Flash Player Updater.job
[2013/12/15 09:47:54 | 000,001,064 | ---- | C] () -- C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
[2013/12/15 09:47:55 | 000,001,068 | ---- | C] () -- C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
[2014/02/25 23:50:29 | 000,001,030 | ---- | C] () -- C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3818266227-1873465231-1212256919-1000Core.job
[2014/02/25 23:50:30 | 000,001,082 | ---- | C] () -- C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3818266227-1873465231-1212256919-1000UA.job
 
< End of report >







OTL Extras logfile created on: 08/05/2014 22:46:57 - Run 1
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\Nacuto\Desktop
64bit- Ultimate Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.11.9600.16428)
Locale: 0000040c | Country: France | Language: FRA | Date Format: dd/MM/yyyy
 
7,94 Gb Total Physical Memory | 2,23 Gb Available Physical Memory | 28,12% Memory free
15,87 Gb Paging File | 8,24 Gb Available in Paging File | 51,91% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 1862,92 Gb Total Space | 1467,49 Gb Free Space | 78,77% Space Free | Partition Type: NTFS
Drive E: | 465,75 Gb Total Space | 79,10 Gb Free Space | 16,98% Space Free | Partition Type: NTFS
Drive F: | 232,88 Gb Total Space | 209,73 Gb Free Space | 90,06% Space Free | Partition Type: NTFS
 
Computer Name: NACUTO-PC | User Name: Nacuto | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Extra Registry (SafeList) ==========
 
 
========== File Associations ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.html[@ = htmlfile] -- C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation)
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)
.html [@ = htmlfile] -- C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation)
 
[HKEY_USERS\S-1-5-21-3818266227-1873465231-1212256919-1000\SOFTWARE\Classes\<extension>]
.html [@ = ChromeHTML] -- Reg Error: Key error. File not found
 
========== Shell Spawning ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- Reg Error: Key error.
htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [print] -- "%systemroot%\system32\rundll32.exe" "%systemroot%\system32\mshtml.dll",PrintHTML "%1"
http [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
https [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" (VideoLAN)
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" (VideoLAN)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- "C:\Program Files\Internet Explorer\iexplore.exe" (Microsoft Corporation)
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- Reg Error: Key error.
htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [print] -- "%systemroot%\system32\rundll32.exe" "%systemroot%\system32\mshtml.dll",PrintHTML "%1"
http [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
https [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" (VideoLAN)
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" (VideoLAN)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- Reg Error: Value error.
 
========== Security Center Settings ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01  [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
 
========== Firewall Settings ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
 
========== Authorized Applications List ==========
 
 
========== Vista Active Open Ports Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{01335D59-2917-4F38-845D-F7AEAD3B57BD}" = lport=443 | protocol=6 | dir=in | app=c:\program files (x86)\nvidia corporation\netservice\nvnetworkservice.exe | 
"{0350998B-CB70-4FEF-9045-0255A4EF9744}" = lport=2869 | protocol=6 | dir=in | app=system | 
"{0A6D3FB2-3EDA-49B8-9AED-ACAC130BC854}" = lport=80 | protocol=6 | dir=in | app=c:\program files (x86)\nvidia corporation\netservice\nvnetworkservice.exe | 
"{0B7428CE-C546-4D85-92AF-E78E7E28DB87}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe | 
"{13BC9A59-EA24-40F7-90DF-702330DBF865}" = rport=138 | protocol=17 | dir=out | app=system | 
"{1E44E083-4A1B-4C50-A23D-484C8A70CE73}" = lport=48114 | protocol=6 | dir=in | name=maconfig_tcptls | 
"{1E48C1AC-689E-4728-B4EA-4D2E58343B09}" = lport=47987 | protocol=6 | dir=in | app=c:\program files\nvidia corporation\nvstreamsrv\nvstreamsvc.exe | 
"{21CF873E-4CBA-4228-B0A0-82B0427036AA}" = lport=445 | protocol=6 | dir=in | app=system | 
"{24C4F9D5-1C7F-46EE-9D2D-D6A2C375E126}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{34855921-E552-4E8E-A107-7DD60562F90C}" = lport=443 | protocol=6 | dir=in | app=c:\program files (x86)\nvidia corporation\netservice\nvnetworkservice.exe | 
"{380C346D-393B-46F2-AF20-B467876D6EE1}" = lport=5353 | protocol=17 | dir=in | app=c:\program files\nvidia corporation\nvstreamsrv\nvstreamsvc.exe | 
"{387429BE-DA00-464D-BC78-C0BD1B772F46}" = lport=10243 | protocol=6 | dir=in | app=system | 
"{40E8D794-EFFC-44D2-8098-384B67B1D914}" = lport=47987 | protocol=6 | dir=in | app=c:\program files\nvidia corporation\nvstreamsrv\nvstreamsvc.exe | 
"{43686D06-1AA1-4894-94FB-0D83751E5D6F}" = lport=48000 | protocol=17 | dir=in | app=c:\program files\nvidia corporation\nvstreamsrv\nvstreamer.exe | 
"{44FFDF89-1BB1-4ECA-A098-4ECB1DAAD827}" = lport=138 | protocol=17 | dir=in | app=system | 
"{451FB26B-4F9E-4E08-B8EF-5B67241FC201}" = lport=139 | protocol=6 | dir=in | app=system | 
"{517DF331-E3F1-43E2-966A-A2DED7C108FB}" = lport=48000 | protocol=17 | dir=in | app=c:\program files\nvidia corporation\nvstreamsrv\nvstreamer.exe | 
"{556344C8-6D39-484B-BC38-84CF2A6CBF5A}" = lport=48113 | protocol=6 | dir=in | name=maconfig_tcp | 
"{58845770-2F43-41C6-B779-1AAA9DD1F3F4}" = lport=47991 | protocol=6 | dir=in | app=c:\program files\nvidia corporation\nvstreamsrv\nvstreamer.exe | 
"{6EC2182C-345E-4F29-9943-A09B82590264}" = lport=47991 | protocol=6 | dir=in | app=c:\program files\nvidia corporation\nvstreamsrv\nvstreamer.exe | 
"{731C85BF-B047-4F9E-966E-B7BAE7429A07}" = lport=48000 | protocol=17 | dir=in | app=c:\program files\nvidia corporation\nvstreamsrv\nvstreamer.exe | 
"{756D487A-31AF-47C9-A7DA-58A4CFDEF532}" = rport=139 | protocol=6 | dir=out | app=system | 
"{78C74D79-33B2-4262-80B9-DBE2B9DD3D40}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{823455A1-49CE-4FB9-958F-C66EF8BB990A}" = lport=5353 | protocol=17 | dir=in | app=c:\program files\nvidia corporation\nvstreamsrv\nvstreamsvc.exe | 
"{8799A483-F337-476D-B24F-4EC62ED2051A}" = rport=137 | protocol=17 | dir=out | app=system | 
"{889A0204-E519-495A-8A4F-56BCC1B411D8}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{90F8515C-9928-49E9-A1D6-FFBE040E3304}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{92B437D6-71B1-4BD1-897D-CA9C8628AC23}" = rport=445 | protocol=6 | dir=out | app=system | 
"{982B9F22-4FD0-4289-AAFF-1B6E366EDED4}" = lport=48114 | protocol=6 | dir=in | name=maconfig_tcptls | 
"{A2879D5B-F202-4FD2-B02D-80A7D7076AF3}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 
"{A2CB2C71-6347-4B6C-BAAF-3959B08DE9A5}" = lport=80 | protocol=6 | dir=in | app=c:\program files (x86)\nvidia corporation\netservice\nvnetworkservice.exe | 
"{A9F25FB5-E35E-45D6-8B7D-0A8F7C104804}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 
"{BE5DD986-795C-44C6-8D6C-994CBAE7E07C}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 | 
"{CD828092-9ECF-463D-A85B-DD8A960EC5B0}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{E3D5DC5F-249E-4B18-A077-8718C5E67EB0}" = rport=10243 | protocol=6 | dir=out | app=system | 
"{E48D27BD-FBC3-4067-8081-DA1832F65143}" = lport=48113 | protocol=6 | dir=in | name=maconfig_tcp | 
"{E95736C6-4B6B-4D79-B6B4-180325654F04}" = lport=47987 | protocol=6 | dir=in | app=c:\program files\nvidia corporation\nvstreamsrv\nvstreamsvc.exe | 
"{F257D4B2-5DE9-48FD-9986-EA04A2D80816}" = lport=137 | protocol=17 | dir=in | app=system | 
"{F9E67D6B-57BB-49EA-8EDE-82CA60BA9A2F}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{FD2B534D-7280-4A19-8261-28C50CF8541E}" = lport=5353 | protocol=17 | dir=in | app=c:\program files\nvidia corporation\nvstreamsrv\nvstreamsvc.exe | 
"{FDB01125-39C3-4B6B-A3DF-40ADA2ECAB7C}" = lport=47991 | protocol=6 | dir=in | app=c:\program files\nvidia corporation\nvstreamsrv\nvstreamer.exe | 
 
========== Vista Active Application Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{00AA5555-11C2-4F1F-9D2A-7F3A361E1281}" = protocol=17 | dir=in | app=c:\programdata\battle.net\agent\agent.2816\agent.exe | 
"{05AA50EA-6743-4861-A12C-8F7D5BE44AEC}" = protocol=6 | dir=in | app=c:\programdata\battle.net\agent\agent.2880\agent.exe | 
"{05E0A383-996B-4726-9DEF-E11974F8406A}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 | 
"{06B44EDF-09B4-49B5-8EE4-E2471038395F}" = protocol=6 | dir=in | app=c:\programdata\battle.net\agent\agent.beta.2753\agent.exe | 
"{08141AF2-22A6-415B-B57B-9DD84C212A71}" = protocol=6 | dir=in | app=c:\windows\syswow64\pnkbstrb.exe | 
"{092C61D5-6DDC-46DE-B6E7-A9940D40F4C1}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{0B65C8FD-41E0-46B3-A7F1-C9FCD0CA5186}" = protocol=6 | dir=in | app=c:\jeux\steam\steamapps\common\counter-strike global offensive\csgo.exe | 
"{0C2295EC-3D64-402E-AD37-9C9DEBCE127B}" = dir=in | app=c:\users\nacuto\appdata\local\microsoft\skydrive\skydrive.exe | 
"{0D37E49D-9438-4F5D-A34C-DC4E47318ADB}" = protocol=6 | dir=in | app=c:\programdata\battle.net\agent\agent.2787\agent.exe | 
"{1233C9BE-FFC6-4B2B-B4A5-642DE9A469DE}" = protocol=6 | dir=in | app=c:\users\nacuto\appdata\local\apps\2.0\h45xj2ry.tnk\nq2wttrr.bc1\curs..tion_9e9e83ddf3ed3ead_0005.0001_181b5e0542e9eb6c\curseclient.exe | 
"{16CA2A0A-C58B-4AA7-AF52-613A26E9D5B0}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe | 
"{20C9C3EF-AC83-4D1F-B16F-91A3FD1F3D66}" = protocol=6 | dir=in | app=c:\windows\syswow64\pnkbstra.exe | 
"{251E5E53-1DC8-490F-8B44-63DB1D2D30F1}" = protocol=6 | dir=in | app=c:\jeux\age of empires iii\age3x.exe | 
"{2650F895-7711-4461-9E3F-F7E2D5C5D420}" = protocol=17 | dir=in | app=c:\jeux\age of empires iii\age3y.exe | 
"{2D04C0D1-2463-4FB3-853F-23229123B946}" = protocol=17 | dir=in | app=c:\programdata\battle.net\agent\agent.2880\agent.exe | 
"{3040C4D9-FF12-403B-A7D7-2063FA9E5EE5}" = protocol=17 | dir=in | app=c:\programdata\battle.net\agent\agent.2816\agent.exe | 
"{322272AE-F517-4300-94B1-33719FA7070C}" = protocol=6 | dir=in | app=c:\users\public\documents\blizzard entertainment\world of warcraft\wow-x.x.x.x-4.0.0.12911-eu-downloader.exe | 
"{33DB7AFA-AEB8-475E-94FB-FFE3CC635746}" = protocol=17 | dir=in | app=c:\programdata\battle.net\agent\agent.2717\agent.exe | 
"{38F9C699-2C1D-4C58-814D-88CE41A1E5FE}" = protocol=17 | dir=in | app=c:\program files (x86)\winamp\winamp.exe | 
"{3C819C8F-B494-49B8-A6D6-A02600AA619C}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{3CB34BEC-AD79-49BC-A2A5-285B864A7B60}" = protocol=17 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe | 
"{41E38BED-9067-46B5-AD7F-795814055778}" = protocol=6 | dir=in | app=c:\users\nacuto\appdata\roaming\spotify\spotify.exe | 
"{4382E114-3D35-4A23-98A7-880C27F94217}" = protocol=17 | dir=in | app=c:\users\nacuto\appdata\roaming\spotify\spotify.exe | 
"{4495C022-034B-4C91-A881-3B83F8225587}" = protocol=6 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe | 
"{462ED022-DE05-4030-994A-4EA163FF29E5}" = protocol=6 | dir=in | app=c:\jeux\ubisoft\farcry 3\bin\fc3updater.exe | 
"{47EF618E-90A1-4908-9DAB-D00D04313956}" = protocol=6 | dir=in | app=c:\program files (x86)\battle.net\battle.net.exe | 
"{4EDD97C9-A803-4504-A7AD-1E5B1365C7B4}" = protocol=6 | dir=in | app=c:\jeux\ubisoft\farcry 3\bin\fc3editor.exe | 
"{506ED667-88E5-46B0-B019-DBA9CE9965AB}" = protocol=6 | dir=in | app=c:\jeux\ubisoft\farcry 3\bin\farcry3.exe | 
"{53689B6B-2D2D-4256-9E52-F9B1C313A7F9}" = protocol=6 | dir=in | app=c:\program files (x86)\winamp\winamp.exe | 
"{5B631D61-6816-4794-BE03-0D4853562F58}" = protocol=6 | dir=in | app=c:\windows\syswow64\muzapp.exe | 
"{60957516-2568-4249-AD7F-74373663CF4A}" = protocol=17 | dir=in | app=c:\jeux\age of empires iii\age3x.exe | 
"{61D4881B-EA27-4C05-B994-8B6213C785B7}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{62F4F663-D7B0-4834-8576-A7A52B492B2D}" = protocol=6 | dir=in | app=c:\program files (x86)\teamviewer\version9\teamviewer_service.exe | 
"{6453BEC9-344F-411E-902B-F778D6C5C233}" = protocol=6 | dir=in | app=c:\jeux\steam\steamapps\common\counter-strike source\hl2.exe | 
"{663D1718-6351-462B-9DC1-917244D651EC}" = protocol=6 | dir=in | app=c:\jeux\steam\steamapps\common\path of exile\pathofexilesteam.exe | 
"{66D39866-B2F1-4EC6-A0BB-A3546F70D794}" = protocol=17 | dir=in | app=c:\jeux\ubisoft\farcry 3\bin\farcry3_d3d11.exe | 
"{69513722-616C-41F0-9B53-5C037CE02AB5}" = protocol=17 | dir=in | app=c:\windows\syswow64\pnkbstrb.exe | 
"{6B6ABA6E-886B-44E8-9E83-45D5A60E268D}" = protocol=6 | dir=in | app=c:\program files\ma-config.com\maconfigagent.exe | 
"{6DD24FFA-A8FE-41D0-B148-95E66A9F5D63}" = protocol=17 | dir=in | app=c:\programdata\battle.net\agent\agent.beta.2753\agent.exe | 
"{720006AE-A960-43BE-9C18-D76484DBCC0B}" = protocol=17 | dir=in | app=c:\users\nacuto\appdata\local\apps\2.0\h45xj2ry.tnk\nq2wttrr.bc1\curs..tion_9e9e83ddf3ed3ead_0005.0001_181b5e0542e9eb6c\curseclient.exe | 
"{730D64A3-B680-4864-B362-6C6754E76AEB}" = protocol=17 | dir=in | app=c:\programdata\battle.net\agent\agent.2787\agent.exe | 
"{74CEBFE4-652B-4D2C-A22D-B76C6F75EE1D}" = protocol=17 | dir=in | app=c:\programdata\battle.net\agent\agent.2787\agent.exe | 
"{798BA275-B69B-406E-9920-7F96435FCE90}" = protocol=17 | dir=in | app=c:\users\nacuto\appdata\roaming\spotify\spotify.exe | 
"{79A4CE4B-42D9-4DDE-92D9-4BE5CD9DED52}" = protocol=17 | dir=in | app=c:\jeux\hearthstone\hearthstone.exe | 
"{79B600F7-C20C-469A-97F7-F80E1A2F44D5}" = protocol=17 | dir=in | app=c:\programdata\battle.net\agent\agent.beta.2737\agent.exe | 
"{7A1A9F93-1C65-4E7B-8BA3-A33253FF1000}" = protocol=17 | dir=in | app=c:\windows\syswow64\muzapp.exe | 
"{7B389B20-E12F-4C31-9405-80BEACAE84BC}" = protocol=6 | dir=in | app=c:\users\nacuto\appdata\roaming\utorrent\utorrent.exe | 
"{7B438BFA-C2AC-4A78-BBD3-124A0148567B}" = protocol=6 | dir=in | app=c:\programdata\battle.net\agent\agent.2717\agent.exe | 
"{82823032-7A5D-4B03-A53A-C55B9D90C5A5}" = protocol=6 | dir=in | app=c:\jeux\steam\steamapps\common\team fortress 2\hl2.exe | 
"{86B95325-2E4B-4033-958C-3660367012CE}" = protocol=6 | dir=in | app=c:\programdata\battle.net\agent\agent.beta.2753\agent.exe | 
"{8E38C706-8D34-4DEF-BEBF-E31530076AE9}" = protocol=17 | dir=in | app=c:\users\public\documents\blizzard entertainment\world of warcraft\wow-x.x.x.x-4.0.0.12911-eu-downloader.exe | 
"{945271D2-9A3C-484C-A2D8-B4CFB0C37669}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{946D30DB-E711-446B-8CE3-800A394B0A42}" = protocol=17 | dir=in | app=c:\program files\ma-config.com\maconfigagent.exe | 
"{94F5733E-A13B-4BBE-B4D2-E9A6DFA4BFB4}" = protocol=17 | dir=in | app=%programfiles(x86)%\windows media player\wmplayer.exe | 
"{98DACE60-160C-49FE-9363-8B6D8DDE84BF}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe | 
"{9CEDE991-B13C-48BA-B1DE-C01921701589}" = protocol=17 | dir=in | app=c:\jeux\steam\steamapps\common\counter-strike global offensive\csgo.exe | 
"{9D4A67D1-8045-4B62-BFE1-077FBE7EDE36}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 | 
"{9FDCD66F-C7FC-4575-BDC7-2E351CD1CE38}" = protocol=6 | dir=in | app=c:\users\nacuto\appdata\local\apps\2.0\h45xj2ry.tnk\nq2wttrr.bc1\curs..tion_9e9e83ddf3ed3ead_0005.0001_181b5e0542e9eb6c\curseclient.exe | 
"{A16EE2C1-53AE-4827-865A-FE60D0D6B111}" = protocol=17 | dir=in | app=c:\jeux\ubisoft\farcry 3\bin\farcry3.exe | 
"{A2D4B292-89A2-4871-BF2D-EAD9184E1302}" = protocol=17 | dir=in | app=c:\program files (x86)\teamviewer\version9\teamviewer_service.exe | 
"{A411C1E3-F80F-42A4-A3E9-35C99D2B8544}" = protocol=6 | dir=in | app=c:\program files (x86)\teamviewer\version9\teamviewer.exe | 
"{A413F935-D981-407D-BA98-2FE9953CE402}" = protocol=17 | dir=in | app=c:\users\nacuto\appdata\roaming\utorrent\utorrent.exe | 
"{A4261657-4A1D-449D-838E-C44FDABECAD3}" = protocol=17 | dir=in | app=c:\jeux\ubisoft\farcry 3\bin\fc3editor.exe | 
"{A46A125C-D08E-4DDD-935B-7583EBFEC5EC}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{A5701805-D8DB-46F0-90D1-11FA7BAF37EC}" = protocol=17 | dir=in | app=c:\jeux\steam\steamapps\common\counter-strike source\hl2.exe | 
"{A6D82654-04C1-46BB-871E-BCB87F00E505}" = protocol=6 | dir=in | app=c:\jeux\age of empires iii\age3y.exe | 
"{A9EBD344-2A1D-4351-A441-4F13300520A0}" = protocol=17 | dir=in | app=c:\jeux\world of warcraft\world of warcraft launcher.exe | 
"{A9F164E8-4573-4DA1-B398-CDEEB0F541FD}" = protocol=17 | dir=in | app=c:\jeux\steam\steamapps\common\team fortress 2\hl2.exe | 
"{AE635DB9-918D-4685-A966-632D807391F9}" = protocol=6 | dir=in | app=c:\programdata\battle.net\agent\agent.2816\agent.exe | 
"{AEDF5955-043C-4D5B-B9E9-8AB65269ABA3}" = protocol=6 | dir=in | app=c:\program files\ma-config.com\maconfigagent.exe | 
"{B6620061-E82F-4997-AA68-761CD301120E}" = protocol=6 | dir=in | app=c:\programdata\battle.net\agent\agent.2816\agent.exe | 
"{B9DD6B92-7F5E-4734-A8D6-1CA8EF8D4359}" = protocol=17 | dir=in | app=c:\program files (x86)\teamviewer\version9\teamviewer.exe | 
"{BC16314A-67FD-4404-9105-FBFF73E6B848}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe | 
"{BF08C413-C191-4870-9551-E28E8B69EED4}" = protocol=6 | dir=in | app=c:\jeux\hearthstone\hearthstone.exe | 
"{BFE4AB70-FC76-4482-B6B5-B86B3E517B5B}" = protocol=17 | dir=in | app=c:\windows\syswow64\pnkbstra.exe | 
"{C8D5224C-257A-46FC-8414-9DA54F41CB63}" = protocol=17 | dir=in | app=c:\jeux\ubisoft\farcry 3\bin\fc3updater.exe | 
"{CA2A30F0-B7BD-4B97-BF0F-17470D19958B}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{CAD5AC53-B6D0-4529-88EB-6D6105F980B2}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{D39DA91E-947F-4DAE-9C3A-FD96366A17FF}" = protocol=6 | dir=in | app=c:\jeux\world of warcraft\world of warcraft launcher.exe | 
"{D40F648E-0F98-44DD-8F3C-B4624939B5B9}" = protocol=6 | dir=in | app=c:\users\nacuto\appdata\local\google\google talk plugin\googletalkplugin.exe | 
"{D5A25D16-8FA7-41C0-9BE5-712EC9022550}" = protocol=6 | dir=in | app=c:\programdata\battle.net\agent\agent.2717\agent.exe | 
"{D7E47777-9D7B-43F0-A76E-FBC946B9C2F8}" = protocol=6 | dir=out | app=system | 
"{DB1E098F-8813-40EB-8A9A-D40C2ACE4899}" = protocol=6 | dir=in | app=c:\jeux\ubisoft\farcry 3\bin\farcry3_d3d11.exe | 
"{E051701E-FDA4-4427-9AC9-CF4F8990F04A}" = protocol=17 | dir=in | app=c:\programdata\battle.net\agent\agent.beta.2753\agent.exe | 
"{E08D0EC1-E18B-4F5E-9EFF-94C0EAFD2FB7}" = protocol=17 | dir=in | app=c:\program files (x86)\battle.net\battle.net.exe | 
"{E1DCF02F-7C36-4CA1-8C07-14394AE931B9}" = protocol=17 | dir=in | app=c:\users\nacuto\appdata\local\google\google talk plugin\googletalkplugin.exe | 
"{E412A255-3B97-4C83-907B-754BDACD4271}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 | 
"{E575B74B-FB82-4830-8C21-A57655C2C757}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{EA0202EB-A5EB-4A94-BB3D-6FDBAC36700A}" = protocol=17 | dir=in | app=c:\program files\ma-config.com\maconfigagent.exe | 
"{EBEEEE3C-DD56-48A9-9B06-D0BBD27D44DF}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe | 
"{EF655BA6-2971-42C4-A72F-46B35C39135B}" = protocol=6 | dir=in | app=c:\users\nacuto\appdata\roaming\spotify\spotify.exe | 
"{EF71995D-D896-4020-9F81-4359507B8F3B}" = protocol=17 | dir=in | app=c:\jeux\steam\steamapps\common\path of exile\pathofexilesteam.exe | 
"{F149B9E3-6AFF-422C-937B-4AADEF5F51FE}" = protocol=58 | dir=in | app=system | 
"{F318DEC5-EA5C-4F2E-8C3A-EB03F0D9A51C}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 | 
"{F608A5F7-7897-496B-B5B5-9E589FA33DBC}" = protocol=17 | dir=in | app=c:\users\nacuto\appdata\local\apps\2.0\h45xj2ry.tnk\nq2wttrr.bc1\curs..tion_9e9e83ddf3ed3ead_0005.0001_181b5e0542e9eb6c\curseclient.exe | 
"{F67554D7-098C-45B1-9857-D65FC03B913F}" = protocol=6 | dir=in | app=c:\programdata\battle.net\agent\agent.beta.2737\agent.exe | 
"{F980CAFA-98E6-47E9-9C2B-EA1B0791D543}" = protocol=17 | dir=in | app=c:\programdata\battle.net\agent\agent.2717\agent.exe | 
"{FC71E7D4-3F7C-4BB8-81E9-9DCA94864201}" = protocol=58 | dir=out | name=@iphlpsvc.dll,-503 | 
"{FD08EBBA-16E5-4130-B1DA-A4D35EAABC9E}" = protocol=6 | dir=in | app=c:\programdata\battle.net\agent\agent.2787\agent.exe | 
"TCP Query User{169D6036-61BA-4F05-9EC1-BD7E55D34290}C:\jeux\warcraft iii\war3.exe" = protocol=6 | dir=in | app=c:\jeux\warcraft iii\war3.exe | 
"TCP Query User{3E84CC6C-EC4F-4378-880D-6E5768B089CB}C:\jeux\jeux horreur\slendytubbies v2 beta\slendytubbies v2 beta.exe" = protocol=6 | dir=in | app=c:\jeux\jeux horreur\slendytubbies v2 beta\slendytubbies v2 beta.exe | 
"TCP Query User{4129FE40-DDE2-4FA6-B345-2CBA811427EA}C:\program files (x86)\skype\phone\skype.exe" = protocol=6 | dir=in | app=c:\program files (x86)\skype\phone\skype.exe | 
"TCP Query User{4623AB3A-CB70-4708-BD9E-4DA8CE34F05D}C:\jeux\saints row iv\saintsrowiv.exe" = protocol=6 | dir=in | app=c:\jeux\saints row iv\saintsrowiv.exe | 
"TCP Query User{6D2D161A-9D94-4656-8D28-51599D6D160D}C:\jeux\need for speed most wanted\nfs13.exe" = protocol=6 | dir=in | app=c:\jeux\need for speed most wanted\nfs13.exe | 
"TCP Query User{6E301DC3-6308-4844-A5ED-08D3CBA23D76}C:\jeux\diablo iii\diablo iii.exe" = protocol=6 | dir=in | app=c:\jeux\diablo iii\diablo iii.exe | 
"TCP Query User{6F17F271-6D51-4587-8FF8-ED3782B35700}C:\jeux\planetside 2\planetside2.exe" = protocol=6 | dir=in | app=c:\jeux\planetside 2\planetside2.exe | 
"TCP Query User{8F9053FA-4FEA-4A1B-AE74-F59C074325EC}C:\jeux\saints row iv\saintsrowiv.exe" = protocol=6 | dir=in | app=c:\jeux\saints row iv\saintsrowiv.exe | 
"TCP Query User{B0623647-DC9C-47FA-ACBE-94AA141982FD}C:\jeux\steam\steam.exe" = protocol=6 | dir=in | app=c:\jeux\steam\steam.exe | 
"TCP Query User{B8AC9A19-F87D-4C06-B78D-CB5728CE826F}C:\program files\java\jre7\bin\javaw.exe" = protocol=6 | dir=in | app=c:\program files\java\jre7\bin\javaw.exe | 
"TCP Query User{BAF17FC4-7FD4-44A5-B976-0F0CF78AC44E}C:\jeux\ubisoft\farcry 3\bin\farcry3.exe" = protocol=6 | dir=in | app=c:\jeux\ubisoft\farcry 3\bin\farcry3.exe | 
"TCP Query User{C3C7E661-B7BC-4A36-A3A2-81F3043EF19E}C:\jeux\jeux horreur\survivers_beta_3.exe" = protocol=6 | dir=in | app=c:\jeux\jeux horreur\survivers_beta_3.exe | 
"TCP Query User{DD9F29FB-EA9F-4E2B-B67A-B16B34E4AA8D}E:\core cmangos-pandore 12576 sd2 2979 fr (3.3.5 - 12340)\realmd.exe" = protocol=6 | dir=in | app=e:\core cmangos-pandore 12576 sd2 2979 fr (3.3.5 - 12340)\realmd.exe | 
"TCP Query User{E092AD7D-1F12-4D91-A67C-A5146A196869}C:\jeux\ubisoft\might & magic heroes vi\might & magic heroes vi.exe" = protocol=6 | dir=in | app=c:\jeux\ubisoft\might & magic heroes vi\might & magic heroes vi.exe | 
"TCP Query User{E5B5301A-9319-4C9B-80D7-38B9F0A9CC23}C:\users\nacuto\appdata\roaming\gameranger\gameranger\gameranger.exe" = protocol=6 | dir=in | app=c:\users\nacuto\appdata\roaming\gameranger\gameranger\gameranger.exe | 
"TCP Query User{E8AA5B97-018E-4DEA-9F8E-0898B5598E59}C:\jeux\ea games\command & conquer generals - heure h\game.dat" = protocol=6 | dir=in | app=c:\jeux\ea games\command & conquer generals - heure h\game.dat | 
"TCP Query User{FB89B656-C38A-4757-A239-457310BC1534}C:\program files (x86)\java\jre7\bin\java.exe" = protocol=6 | dir=in | app=c:\program files (x86)\java\jre7\bin\java.exe | 
"UDP Query User{02880A36-C336-4EBF-8D2E-2E6F06DEECE7}C:\jeux\ea games\command & conquer generals - heure h\game.dat" = protocol=17 | dir=in | app=c:\jeux\ea games\command & conquer generals - heure h\game.dat | 
"UDP Query User{11273548-A0B0-494F-86DB-16F993DCD2DD}C:\jeux\planetside 2\planetside2.exe" = protocol=17 | dir=in | app=c:\jeux\planetside 2\planetside2.exe | 
"UDP Query User{2407F6B7-7962-4704-9361-9A4335E668AD}C:\jeux\jeux horreur\survivers_beta_3.exe" = protocol=17 | dir=in | app=c:\jeux\jeux horreur\survivers_beta_3.exe | 
"UDP Query User{268A032E-A626-4455-A658-B2200349738D}C:\jeux\steam\steam.exe" = protocol=17 | dir=in | app=c:\jeux\steam\steam.exe | 
"UDP Query User{4444CAF6-6F1D-4A24-83A1-51D5B7484207}E:\core cmangos-pandore 12576 sd2 2979 fr (3.3.5 - 12340)\realmd.exe" = protocol=17 | dir=in | app=e:\core cmangos-pandore 12576 sd2 2979 fr (3.3.5 - 12340)\realmd.exe | 
"UDP Query User{82BDBC77-1027-4E1C-A82F-FBD5E8D32CE1}C:\jeux\jeux horreur\slendytubbies v2 beta\slendytubbies v2 beta.exe" = protocol=17 | dir=in | app=c:\jeux\jeux horreur\slendytubbies v2 beta\slendytubbies v2 beta.exe | 
"UDP Query User{86D269EE-0F7E-483D-B8BD-20878F940613}C:\jeux\saints row iv\saintsrowiv.exe" = protocol=17 | dir=in | app=c:\jeux\saints row iv\saintsrowiv.exe | 
"UDP Query User{8AD2A979-6CF3-4FB3-8BB9-7E7DF1474B99}C:\jeux\ubisoft\farcry 3\bin\farcry3.exe" = protocol=17 | dir=in | app=c:\jeux\ubisoft\farcry 3\bin\farcry3.exe | 
"UDP Query User{8C39AE1D-4EAD-40FF-8008-7B79A6247998}C:\jeux\need for speed most wanted\nfs13.exe" = protocol=17 | dir=in | app=c:\jeux\need for speed most wanted\nfs13.exe | 
"UDP Query User{932EF471-9BE9-4FCD-8C94-09E648C12094}C:\jeux\ubisoft\might & magic heroes vi\might & magic heroes vi.exe" = protocol=17 | dir=in | app=c:\jeux\ubisoft\might & magic heroes vi\might & magic heroes vi.exe | 
"UDP Query User{A8175A16-354D-4099-BB3C-AB9D8213A501}C:\program files\java\jre7\bin\javaw.exe" = protocol=17 | dir=in | app=c:\program files\java\jre7\bin\javaw.exe | 
"UDP Query User{AE48B40A-0F74-4743-90DA-7FD0F0134877}C:\jeux\warcraft iii\war3.exe" = protocol=17 | dir=in | app=c:\jeux\warcraft iii\war3.exe | 
"UDP Query User{BF89F709-6E41-47A0-941A-4C0E8F294AEE}C:\users\nacuto\appdata\roaming\gameranger\gameranger\gameranger.exe" = protocol=17 | dir=in | app=c:\users\nacuto\appdata\roaming\gameranger\gameranger\gameranger.exe | 
"UDP Query User{C74F40A0-E7A9-40B6-8F82-413C70945450}C:\jeux\saints row iv\saintsrowiv.exe" = protocol=17 | dir=in | app=c:\jeux\saints row iv\saintsrowiv.exe | 
"UDP Query User{F65D412B-B815-4242-9EBA-22BB37E80B62}C:\program files (x86)\java\jre7\bin\java.exe" = protocol=17 | dir=in | app=c:\program files (x86)\java\jre7\bin\java.exe | 
"UDP Query User{F8E1C776-17CA-4DA8-BB1D-23C6C9771154}C:\jeux\diablo iii\diablo iii.exe" = protocol=17 | dir=in | app=c:\jeux\diablo iii\diablo iii.exe | 
"UDP Query User{F92C08B5-DBCE-47DA-BB67-500D7EC04589}C:\program files (x86)\skype\phone\skype.exe" = protocol=17 | dir=in | app=c:\program files (x86)\skype\phone\skype.exe | 
 
========== HKEY_LOCAL_MACHINE Uninstall List ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{19D411B5-350C-4DEA-BCA3-9E7B632A642D}" = Ma-Config.com (64 bits)
"{1D8E6291-B0D5-35EC-8441-6616F567A0F7}" = Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219
"{23170F69-40C1-2702-0920-000001000000}" = 7-Zip 9.20 (x64 edition)
"{26A24AE4-039D-4CA4-87B4-2F86417025FF}" = Java 7 Update 25 (64-bit)
"{27DEA29A-222C-45F8-B70D-0A7B303FC71B}" = Intel® Rapid Storage Technology
"{409CB30E-E457-4008-9B1A-ED1B9EA21140}" = Intel® Rapid Storage Technology
"{4B5F58F7-C7D1-3CE3-9B37-B657F0852643}" = Microsoft .NET Framework 4 Client Profile FRA Language Pack
"{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
"{6ce5bae9-d3ca-4b99-891a-1dc6c118a5fc}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{8220EEFE-38CD-377E-8595-13398D740ACE}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8E34682C-8118-31F1-BC4C-98CD9675E1C2}" = Microsoft .NET Framework 4 Extended
"{A39AE3AE-9808-39D2-AB7B-FF5F0335095E}" = Microsoft .NET Framework 4 Extended FRA Language Pack
"{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision" = NVIDIA Pilote 3D Vision 335.23
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.ControlPanel" = Panneau de configuration NVIDIA 335.23
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver" = NVIDIA Pilote graphique 335.23
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.GFExperience" = NVIDIA GeForce Experience 1.8.2.1
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NVIRUSB" = NVIDIA Pilote du contrôleur 3D Vision 335.21
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX" = NVIDIA Logiciel système PhysX 9.13.1220
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Update" = Mises à jour NVIDIA 11.10.13
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_GFExperience.LEDVisualizer" = NVIDIA LED Visualizer 1.0
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_GFExperience.NvStreamC" = GeForce Experience NvStream Client Components
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_GFExperience.NvStreamSrv" = SHIELD Streaming
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_installer" = NVIDIA Install Application
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Network.Service" = NVIDIA Network Service
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_ShadowPlay" = NVIDIA ShadowPlay 11.10.13
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Update.Core" = NVIDIA Update Core
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_VirtualAudio.Driver" = NVIDIA Virtual Audio 1.2.20
"{B5E06417-A4AC-4225-B36E-7E34C91616E7}" = Intel® Trusted Connect Service Client
"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
"CCleaner" = CCleaner
"CPUID CPU-Z_is1" = CPUID CPU-Z 1.69.2
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile FRA Language Pack" = Module linguistique Microsoft .NET Framework 4 Client Profile FRA
"Microsoft .NET Framework 4 Extended" = Microsoft .NET Framework 4 Extended
"Microsoft .NET Framework 4 Extended FRA Language Pack" = Module linguistique Microsoft .NET Framework 4 Extended FRA
"sp6" = Logitech SetPoint 6.61
"WinRAR archiver" = WinRAR 4.20 (64-bit)
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{048298C9-A4D3-490B-9FF9-AB023A9238F3}" = Steam
"{06F80017-8F98-4C94-B868-52358569FC32}" = Command & Conquer Generals
"{083EF76E-0760-4D7A-9508-0B88A3AF1889}" = HexEdit
"{0A3925EA-5B0E-401B-A189-7419149747B2}" = Adobe AIR
"{1C08A24C-B168-407E-A826-68FAF5F20710}" = Age of Empires III - The WarChiefs
"{240C3DDD-C5E9-4029-9DF7-95650D040CF2}" = Intel® USB 3.0 eXtensible Host Controller Driver
"{26A24AE4-039D-4CA4-87B4-2F83217025FF}" = Java 7 Update 51
"{3C87E0FF-BC0A-4F5E-951B-68DC3F8DF017}" = Smite
"{3C87E0FF-BC0A-4F5E-951B-68DC3F8DF1FC}" = Hi-Rez Studios Authenticate and Update Service
"{3E75652D-99B1-417E-B163-BEF33CAD3F16}" = League of Legends
"{3EE9BCAE-E9A9-45E5-9B1C-83A4D357E05C}" = eReg
"{45A66726-69BC-466B-A7A4-12FCBA4883D7}" = HiJackThis
"{485775E8-AEB8-46BD-922B-242879E03DD5}" = Age of Empires III
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{612C34C7-5E90-47D8-9B5C-0F717DD82726}" = swMSM
"{6459F338-FE52-4034-BCA7-74772DA0F24D}" = XSplit Broadcaster
"{65153EA5-8B6E-43B6-857B-C6E4FC25798A}" = Intel® Management Engine Components
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{716E0306-8318-4364-8B8F-0CC4E9376BAC}" = Analyseur et SDK MSXML 4.0 SP2
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{745D37C2-26F4-4B65-BA13-F9840EBFA75B}" = Might & Magic Heroes VI - Shades of Darkness
"{7A3C7E05-EE37-47D6-99E1-2EB05A3DA3F7}" = Skype™ 6.14
"{80407BA7-7763-4395-AB98-5233F1B34E65}" = NVIDIA PhysX
"{817522B1-2129-4D47-995E-3E2E3F3963DB}" = Windows Phone app for desktop
"{8833FFB6-5B0C-4764-81AA-06DFEED9A476}" = Realtek Ethernet Controller Driver
"{8E29C1CE-346A-3F59-AE22-8C5B7F230498}" = Google Talk Plugin
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{A313C1BB-04A5-49FA-AA26-6C3DDD9F6C7F}" = LogMeIn Hamachi
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Software Update Helper
"{AC76BA86-7AD7-1036-7B44-AB0000000001}" = Adobe Reader XI (11.0.06) - Français
"{B6350B0B-D9CF-40AD-BFF4-F30ACC3E388B}_is1" = Crysis 3
"{C05D8CDB-417D-4335-A38C-A0659EDFD6B8}" = Les Sims™ 3
"{C43C1415-3DFC-4089-9A32-0BECF28A6046}" = Age of Empires III - The Asian Dynasties
"{D3580358-0F78-402A-BE53-2E9D06383E04}" = NETGEAR WNA3100M N300 Wireless USB Adapter
"{E3B9C5A9-BD7A-4B56-B754-FAEA7DD6FA88}" = Far Cry 3
"{E3E71D07-CD27-46CB-8448-16D4FB29AA13}" = Microsoft WSE 3.0 Runtime
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F3E9C243-122E-4D6B-ACC1-E1FEC02F6CA1}" = Command and Conquer™ Generals - Heure H
"{F818243E-51A8-418D-8A71-595D5121BECA}" = Mumble 1.2.5
"Achiwa" = Achiwa 2.3.0
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 12 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 13 Plugin
"Adobe Shockwave Player" = Adobe Shockwave Player 12.0
"Angry IP Scanner" = Angry IP Scanner
"Battle.net" = Battle.net
"CrystalDiskInfo_is1" = CrystalDiskInfo 6.1.9a
"DAEMON Tools Pro" = DAEMON Tools Pro
"DMUninstaller" = DMUninstaller
"Free YouTube to MP3 Converter_is1" = Free YouTube to MP3 Converter version 3.12.33.424
"Google Chrome" = Google Chrome
"Hearthstone" = Hearthstone
"InstallShield_{06F80017-8F98-4C94-B868-52358569FC32}" = Command & Conquer Generals
"InstallShield_{1C08A24C-B168-407E-A826-68FAF5F20710}" = Age of Empires III - The WarChiefs
"InstallShield_{485775E8-AEB8-46BD-922B-242879E03DD5}" = Age of Empires III
"InstallShield_{C43C1415-3DFC-4089-9A32-0BECF28A6046}" = Age of Empires III - The Asian Dynasties
"InstallShield_{F3E9C243-122E-4D6B-ACC1-E1FEC02F6CA1}" = Command and Conquer™ Generals - Heure H
"League of Legends 3.0.1" = League of Legends
"LogMeIn Hamachi" = LogMeIn Hamachi
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware version 1.75.0.1300
"Mozilla Firefox 26.0 (x86 fr)" = Mozilla Firefox 26.0 (x86 fr)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"Need for Speed Most Wanted_is1" = Need for Speed Most Wanted
"Notepad++" = Notepad++
"NVIDIAStereo" = NVIDIA Stereoscopic 3D Driver
"Open Broadcaster Software" = Open Broadcaster Software
"Steam App 238960" = Path of Exile
"Steam App 240" = Counter-Strike: Source
"TeamSpeak 3 Client" = TeamSpeak 3 Client
"TeamViewer 9" = TeamViewer 9
"U2FpbnRzUm93SVY=_is1" = Saints Row IV
"VLC media player" = VLC media player 2.1.3
"WildStar" = WildStar
"Winamp" = Winamp
"WinPcapInst" = WinPcap 4.1.3
"WinRAR archiver" = WinRAR 4.20 (32-bit)
"World of Warcraft" = World of Warcraft
 
========== HKEY_USERS Uninstall List ==========
 
[HKEY_USERS\S-1-5-21-3818266227-1873465231-1212256919-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"101a9f93b8f0bb6f" = Curse Client
"2379653831.www.megadebrideur.com" = MegaDébrideur Download Manager
"GameRanger" = GameRanger
"OneDriveSetup.exe" = Microsoft OneDrive
"SOE-DC Universe Online Live PSG" = DC Universe Online Live
"SOE-PlanetSide 2 PSG" = PlanetSide 2
"Spotify" = Spotify
"UnityWebPlayer" = Unity Web Player
"uTorrent" = µTorrent
"Winamp Detect" = Détection de l'application Winamp
 
========== Last 20 Event Log Errors ==========
 
[ Application Events ]
Error - 08/05/2014 05:18:00 | Computer Name = Nacuto-PC | Source = MsiInstaller | ID = 11316
Description = 
 
Error - 08/05/2014 06:18:00 | Computer Name = Nacuto-PC | Source = MsiInstaller | ID = 11316
Description = 
 
Error - 08/05/2014 07:18:00 | Computer Name = Nacuto-PC | Source = MsiInstaller | ID = 11316
Description = 
 
Error - 08/05/2014 08:18:01 | Computer Name = Nacuto-PC | Source = MsiInstaller | ID = 11316
Description = 
 
Error - 08/05/2014 09:18:01 | Computer Name = Nacuto-PC | Source = MsiInstaller | ID = 11316
Description = 
 
Error - 08/05/2014 10:18:01 | Computer Name = Nacuto-PC | Source = MsiInstaller | ID = 11316
Description = 
 
Error - 08/05/2014 11:18:01 | Computer Name = Nacuto-PC | Source = MsiInstaller | ID = 11316
Description = 
 
Error - 08/05/2014 12:18:09 | Computer Name = Nacuto-PC | Source = MsiInstaller | ID = 11316
Description = 
 
Error - 08/05/2014 13:18:00 | Computer Name = Nacuto-PC | Source = MsiInstaller | ID = 11316
Description = 
 
Error - 08/05/2014 14:18:00 | Computer Name = Nacuto-PC | Source = MsiInstaller | ID = 11316
Description = 
 
Error - 08/05/2014 15:18:00 | Computer Name = Nacuto-PC | Source = MsiInstaller | ID = 11316
Description = 
 
Error - 08/05/2014 16:18:00 | Computer Name = Nacuto-PC | Source = MsiInstaller | ID = 11316
Description = 
 
[ System Events ]
Error - 04/05/2014 08:07:37 | Computer Name = Nacuto-PC | Source = Service Control Manager | ID = 7030
Description = Le service LogMeIn Hamachi Tunneling Engine est marqué comme étant
 interactif. Cependant, le système est configuré pour ne pas autoriser les services
 interactifs. Ce service peut ne pas fonctionner correctement.
 
Error - 04/05/2014 08:07:43 | Computer Name = Nacuto-PC | Source = Service Control Manager | ID = 7009
Description = Le dépassement de délai (30000 millisecondes) a été atteint lors de
 l’attente de la connexion du service LogMeIn Hamachi Tunneling Engine.
 
Error - 04/05/2014 08:07:43 | Computer Name = Nacuto-PC | Source = Service Control Manager | ID = 7000
Description = Le service LogMeIn Hamachi Tunneling Engine n’a pas pu démarrer en
 raison de l’erreur :   %%1053
 
Error - 04/05/2014 08:25:03 | Computer Name = Nacuto-PC | Source = bowser | ID = 8003
Description = 
 
Error - 04/05/2014 13:56:45 | Computer Name = Nacuto-PC | Source = volsnap | ID = 393251
Description = Les clichés instantanés du volume F: ont été annulés car le cliché
 instantané du volume n’a pas pu s’agrandir.
 
Error - 04/05/2014 19:08:28 | Computer Name = Nacuto-PC | Source = Service Control Manager | ID = 7011
Description = Le dépassement de délai (30000 millisecondes) a été atteint lors de
 l’attente de la réponse transactionnelle du service NvNetworkService.
 
Error - 05/05/2014 20:02:27 | Computer Name = Nacuto-PC | Source = Service Control Manager | ID = 7011
Description = Le dépassement de délai (30000 millisecondes) a été atteint lors de
 l’attente de la réponse transactionnelle du service NvNetworkService.
 
Error - 07/05/2014 12:06:56 | Computer Name = Nacuto-PC | Source = Service Control Manager | ID = 7011
Description = Le dépassement de délai (30000 millisecondes) a été atteint lors de
 l’attente de la réponse transactionnelle du service NvNetworkService.
 
Error - 08/05/2014 11:46:40 | Computer Name = Nacuto-PC | Source = Service Control Manager | ID = 7030
Description = Le service LogMeIn Hamachi Tunneling Engine est marqué comme étant
 interactif. Cependant, le système est configuré pour ne pas autoriser les services
 interactifs. Ce service peut ne pas fonctionner correctement.
 
Error - 08/05/2014 11:46:54 | Computer Name = Nacuto-PC | Source = NetBT | ID = 4321
Description = Le nom "WORKGROUP      :1d" n’a pas pu être enregistré sur l’interface
 avec l’adresse IP 25.109.124.103.  L’ordinateur avec l’adresse IP 25.142.214.46 n’a
 pas permis que le nom soit réclamé par  cet ordinateur.
 
 
< End of report >
 

Edited by Nacuto, 08 May 2014 - 04:02 PM.


#4 Machiavelli

Machiavelli

    Agent 007


  • Malware Response Instructor
  • 4,133 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Germany
  • Local time:01:41 AM

Posted 09 May 2014 - 07:10 AM

Hey,
looks quite good. ;)

Step 1: P2P Warning

IMPORTANT I see, you have one or more P2P (Person to Person) programs installed.

1.) You have following P2P program installed: uTorrent
2.) If you download files from non-documented sources per a P2P File sharing Program, you can expect a infection of malware. That isn't good for your PC. A long time ago File-sharing with P2P programs like UTorrent was fairly safe. But at this time it isn't true any more. Of course you can use P2P programs at your own risk, but that is maybe your source of your infection. It would be nice if you read this here. So after reading the text you will recognize why you shouldn't have them.
3.) Please read this reports about the danger of P2P Programs:4.) I would recommend that you uninstall the above. That would be nice. If you like to uninstall the P2P Program, you can do it via Start >> Control Panel >> Add or Remove Programs
5.) If you want to keep the program on your computer , don't use it while we are fixing your computer!

Step 2: Uninstalls
  • Click on the Start Start%20Orb.jpg button and select Control Panel
  • Click on Programs then click on Uninstall a program
  • You will now see a list of your installed software, double click on the following one by one to uninstall them:
    • Free YouTube to MP3 Converter version 3.12.33.424
    • DMUninstaller

  • Once you have done this, reboot your computer
Step 3: OTL Fix
  • Run OTL (If you have Windows Vista / Windows 7 / Windows 8 please do a Right click on the OTL icon and select Run as Administrator).
  • Copy (Ctrl+C) and Paste (Ctrl+V) all of the following text into the Custom Scans/Fixes box:


    :Commands
    [CREATERESTOREPOINT]
    
    :OTL
    FF - user.js - File not found
    FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_13_0_0_206.dll File not found
    FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.25.2: C:\Windows\system32\npDeployJava1.dll File not found
    FF - HKLM\Software\MozillaPlugins\@pandonetworks.com/PandoWebPlugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll File not found
    FF - HKCU\Software\MozillaPlugins\ubisoft.com/uplaypc: C:\Program Files (x86)\Ubisoft\Ubisoft Game Launcher\npuplaypc.dll File not found
    O2:64bit: - BHO: (DVDVideoSoft IE Extension) - {EE932B49-D5C0-4D19-A3DA-CE0849258DE6} - C:\Program Files (x86)\Common Files\DVDVideoSoft\bin\IEDownloadMenuAndBtns64.dll (DVDVideoSoft Ltd.)
    O2 - BHO: (DVDVideoSoft IE Extension) - {EE932B49-D5C0-4D19-A3DA-CE0849258DE6} - C:\Program Files (x86)\Common Files\DVDVideoSoft\bin\IEDownloadMenuAndBtns.dll (DVDVideoSoft Ltd.)
    O4 - HKU\.DEFAULT..\Run: [Bitdefender Agent de l'application Wallet] "C:\Program Files\Bitdefender\Bitdefender\antispam32\bdapppassmgr.exe" File not found
    O4 - HKU\.DEFAULT..\Run: [Bitdefender Wallet] "C:\Program Files\Bitdefender\Bitdefender\pwdmanui.exe" --hidden --nowizard File not found
    O4 - HKU\.DEFAULT..\Run: [Bitdefender Wallet Agent] "C:\Program Files\Bitdefender\Bitdefender\pmbxag.exe" File not found
    O4 - HKU\S-1-5-18..\Run: [Bitdefender Agent de l'application Wallet] "C:\Program Files\Bitdefender\Bitdefender\antispam32\bdapppassmgr.exe" File not found
    O4 - HKU\S-1-5-18..\Run: [Bitdefender Wallet] "C:\Program Files\Bitdefender\Bitdefender\pwdmanui.exe" --hidden --nowizard File not found
    O4 - HKU\S-1-5-18..\Run: [Bitdefender Wallet Agent] "C:\Program Files\Bitdefender\Bitdefender\pmbxag.exe" File not found
    O8:64bit: - Extra context menu item: Free YouTube to MP3 Converter - C:\Program Files (x86)\Common Files\DVDVideoSoft\plugins\freeytmp3downloader.htm ()
    O8 - Extra context menu item: Free YouTube to MP3 Converter - C:\Program Files (x86)\Common Files\DVDVideoSoft\plugins\freeytmp3downloader.htm ()
    O9:64bit: - Extra Button: Free YouTube Download - {EE932B49-D5C0-4D19-A3DA-CE0849258DE6} - C:\Program Files (x86)\Common Files\DVDVideoSoft\bin\IEDownloadMenuAndBtns64.dll (DVDVideoSoft Ltd.)
    O9:64bit: - Extra 'Tools' menuitem : Free YouTube Download - {EE932B49-D5C0-4D19-A3DA-CE0849258DE6} - C:\Program Files (x86)\Common Files\DVDVideoSoft\bin\IEDownloadMenuAndBtns64.dll (DVDVideoSoft Ltd.)
    O9 - Extra Button: Free YouTube Download - {EE932B49-D5C0-4D19-A3DA-CE0849258DE6} - C:\Program Files (x86)\Common Files\DVDVideoSoft\bin\IEDownloadMenuAndBtns.dll (DVDVideoSoft Ltd.)
    O9 - Extra 'Tools' menuitem : Free YouTube Download - {EE932B49-D5C0-4D19-A3DA-CE0849258DE6} - C:\Program Files (x86)\Common Files\DVDVideoSoft\bin\IEDownloadMenuAndBtns.dll (DVDVideoSoft Ltd.)
    O1364bit: - gopher Prefix: missing
    O13 - gopher Prefix: missing
    O15 - HKU\.DEFAULT\..Trusted Domains: clonewarsadventures.com ([]* in Trusted sites)
    O15 - HKU\.DEFAULT\..Trusted Domains: freerealms.com ([]* in Trusted sites)
    O15 - HKU\.DEFAULT\..Trusted Domains: soe.com ([]* in Trusted sites)
    O15 - HKU\.DEFAULT\..Trusted Domains: sony.com ([]* in Trusted sites)
    O15 - HKU\S-1-5-18\..Trusted Domains: clonewarsadventures.com ([]* in Trusted sites)
    O15 - HKU\S-1-5-18\..Trusted Domains: freerealms.com ([]* in Trusted sites)
    O15 - HKU\S-1-5-18\..Trusted Domains: soe.com ([]* in Trusted sites)
    O15 - HKU\S-1-5-18\..Trusted Domains: sony.com ([]* in Trusted sites)
    O15 - HKU\S-1-5-19\..Trusted Domains: clonewarsadventures.com ([]* in )
    O15 - HKU\S-1-5-19\..Trusted Domains: freerealms.com ([]* in )
    O15 - HKU\S-1-5-19\..Trusted Domains: soe.com ([]* in )
    O15 - HKU\S-1-5-19\..Trusted Domains: sony.com ([]* in )
    O15 - HKU\S-1-5-20\..Trusted Domains: clonewarsadventures.com ([]* in )
    O15 - HKU\S-1-5-20\..Trusted Domains: freerealms.com ([]* in )
    O15 - HKU\S-1-5-20\..Trusted Domains: soe.com ([]* in )
    O15 - HKU\S-1-5-20\..Trusted Domains: sony.com ([]* in )
    O20:64bit: - Winlogon\Notify\WB: DllName - (C:\Program Files (x86)\Stardock\MyColors\fast64.dll) -  File not found
    O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
    O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
    O33 - MountPoints2\{932eb6ae-69c6-11e3-bc18-08606ed76f8d}\Shell - "" = AutoRun
    O33 - MountPoints2\{932eb6ae-69c6-11e3-bc18-08606ed76f8d}\Shell\AutoRun\command - "" = D:\Autorun.exe
    O33 - MountPoints2\{a7aa473d-ffab-11e2-bd87-08606ed76f8d}\Shell - "" = AutoRun
    O33 - MountPoints2\{a7aa473d-ffab-11e2-bd87-08606ed76f8d}\Shell\AutoRun\command - "" = C:\Windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL D:\autorun.bat
    [2014/04/26 12:07:58 | 000,001,536 | ---- | M] () -- C:\Users\Public\Desktop\Free YouTube to MP3 Converter.lnk
    [2014/04/16 14:59:05 | 000,000,000 | -H-- | M] () -- C:\ProgramData\DP45977C.lfl
    [2014/04/26 12:08:02 | 000,000,000 | ---D | M] -- C:\Users\Nacuto\AppData\Roaming\DVDVideoSoft
    
    :Commands
    [EMPTYTEMP]
    
  • Click the Run Fix button.
  • After your computer has rebooted, post the Fixlog into your next reply.
Step 4: Adwarecleaner

Please download AdwCleaner (by Xplode) from the link below and save it to your Desktop:

Download Mirror #1
  • Right-click on AdwCleaner.exe and select Run as administrator. (If you have Windows XP the just run it)
  • Click Scan and let the scan run.
  • When it finishes, click Clean, following the on screen prompts
  • After your computer reboots, a log will open. Please Copy (Ctrl+C) and Paste (Ctrl+V) this into your next post.
Note: The log can also be found in here: C:\AdwCleaner\

Step 5: JRT

thisisujrt.gif  Please download Junkware Removal Tool to your desktop.
  • Shut down your protection software now to avoid potential conflicts.
  • Run the tool by double-clicking it. If you are using Windows Vista, 7, or 8; instead of double-clicking, right-mouse click JRT.exe and select "Run as Administrator".
  • The tool will open and start scanning your system.
  • Please be patient as this can take a while to complete depending on your system's specifications.
  • On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
  • Post the contents of JRT.txt into your next message.
Step 6: OTL QuickScan
  • Run OTL by double-clicking on it. (If you have Windows Vista / Windows 7 / Windows 8 please do a Right click on OTL.exe and select Run as Administrator)
  • Click Quick Scan to start OTL.
  • When OTL finishes scanning, a logs, OTL.txt will open.
  • Copy (Ctrl+C) and Paste (Ctrl+V) the contents of this log into your next post please.
Step 7: Question

How is your PC running?

~Machiavelli

If I don't reply within 24 hours please PM me!

  • Every topic with no replies within 5 days will be closed.
  • If you like my help here please give me feedback.

unite_blue.png
 
 


#5 Nacuto

Nacuto
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:08:41 AM

Posted 09 May 2014 - 01:16 PM

Step 3: OTL Fix

For the first run Otl fix, I had no log

Step 4: Adwarecleaner

For Adwcleaner : 
 

# AdwCleaner v3.207 - Rapport créé le 09/05/2014 à 20:02:23
# Mis à jour le 05/05/2014 par Xplode
# Système d'exploitation : Windows 7 Ultimate Service Pack 1 (64 bits)
# Nom d'utilisateur : Nacuto - NACUTO-PC
# Exécuté depuis : C:\Users\Nacuto\Desktop\AdwCleaner.exe
# Option : Nettoyer
 
***** [ Services ] *****
 
 
***** [ Fichiers / Dossiers ] *****
 
Dossier Supprimé : C:\Windows\SysWOW64\AI_RecycleBin
Dossier Supprimé : C:\Users\Invité\AppData\Local\Software
Dossier Supprimé : C:\Users\Nacuto\AppData\Local\Software
Dossier Supprimé : C:\Users\Nacuto\AppData\Local\Google\Chrome\User Data\Default\Extensions\ajkgkhepjponelmnplpciplmhagpknbg
 
***** [ Raccourcis ] *****
 
 
***** [ Registre ] *****
 
Clé Supprimée : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{EE932B49-D5C0-4D19-A3DA-CE0849258DE6}
Clé Supprimée : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{EE932B49-D5C0-4D19-A3DA-CE0849258DE6}
Clé Supprimée : [x64] HKLM\SOFTWARE\Classes\Interface\{237FDFDB-3722-470E-8BA8-90196DABE967}
 
***** [ Navigateurs ] *****
 
-\\ Internet Explorer v11.0.9600.16428
 
 
-\\ Mozilla Firefox v26.0 (fr)
 
[ Fichier : C:\Users\Nacuto\AppData\Roaming\Mozilla\Firefox\Profiles\eqbziffo.default\prefs.js ]
 
 
-\\ Google Chrome v34.0.1847.131
 
[ Fichier : C:\Users\Invité\AppData\Local\Google\Chrome\User Data\Default\preferences ]
 
 
[ Fichier : C:\Users\Nacuto\AppData\Local\Google\Chrome\User Data\Default\preferences ]
 
Supprimée [Search Provider] : hxxp://search.babylon.com/?q={searchTerms}&babsrc=SP_ss&mntrId=589874E5438FA18B&affID=121828&tsp=4968
Supprimée [Search Provider] : hxxp://start.iminent.com/?appId=0B4E2B1A-D052-47D8-BE28-67FFCDC5229B&ref=toolbox&q={searchTerms}
Supprimée [Search Provider] : hxxp://search.conduit.com/Results.aspx?ctid=CT3317919&octid=EB_ORIGINAL_CTID&SearchSource=58&CUI=&UM=4&UP=SP5EF6D1A4-120A-4E82-8930-409E34FFF5A8&q={searchTerms}&SSPV=
Supprimée [Extension] : ajkgkhepjponelmnplpciplmhagpknbg
 
*************************
 
AdwCleaner[R0].txt - [5600 octets] - [11/04/2014 19:02:46]
AdwCleaner[R1].txt - [1824 octets] - [09/05/2014 20:01:55]
AdwCleaner[S0].txt - [4984 octets] - [11/04/2014 19:03:13]
AdwCleaner[S1].txt - [2209 octets] - [09/05/2014 20:02:23]
 
########## EOF - C:\AdwCleaner\AdwCleaner[S1].txt - [2269 octets] ##########

Step 5: JRT

For JRT : 

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.1.4 (04.06.2014:1)
OS: Windows 7 Ultimate x64
Ran by Nacuto on 09/05/2014 at 20:05:33,13
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 
 
 
 
~~~ Services
 
 
 
~~~ Registry Values
 
 
 
~~~ Registry Keys
 
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\installer\upgradecodes\1c875dde39636004ca8cdaec335b4160
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\pricepeep_1_RASAPI32
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\pricepeep_1_RASMANCS
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Tracing\pricepeep_1_RASAPI32
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Tracing\pricepeep_1_RASMANCS
 
 
 
~~~ Files
 
 
 
~~~ Folders
 
 
 
~~~ Event Viewer Logs were cleared
 
 
 
 
 
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on 09/05/2014 at 20:08:56,33
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Step 6: OTL QuickScan

For OTL quick scan :

OTL logfile created on: 09/05/2014 20:10:31 - Run 1
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\Nacuto\Desktop
64bit- Ultimate Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.11.9600.16428)
Locale: 0000040c | Country: France | Language: FRA | Date Format: dd/MM/yyyy
 
7,94 Gb Total Physical Memory | 6,19 Gb Available Physical Memory | 78,01% Memory free
15,87 Gb Paging File | 13,88 Gb Available in Paging File | 87,44% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 1862,92 Gb Total Space | 1461,28 Gb Free Space | 78,44% Space Free | Partition Type: NTFS
Drive D: | 3,49 Gb Total Space | 0,00 Gb Free Space | 0,00% Space Free | Partition Type: CDFS
Drive E: | 465,75 Gb Total Space | 79,10 Gb Free Space | 16,98% Space Free | Partition Type: NTFS
Drive F: | 232,88 Gb Total Space | 209,73 Gb Free Space | 90,06% Space Free | Partition Type: NTFS
 
Computer Name: NACUTO-PC | User Name: Nacuto | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - [2014/05/09 20:09:55 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Nacuto\Desktop\OTL (1).exe
PRC - [2014/05/06 13:21:29 | 000,257,224 | ---- | M] (Microsoft Corporation) -- C:\Users\Nacuto\AppData\Local\Microsoft\SkyDrive\SkyDrive.exe
PRC - [2014/04/25 11:56:12 | 005,024,576 | ---- | M] (TeamViewer GmbH) -- C:\Program Files (x86)\TeamViewer\Version9\TeamViewer_Service.exe
PRC - [2014/04/24 02:33:15 | 000,841,032 | ---- | M] (Google Inc.) -- C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
PRC - [2014/01/18 23:29:29 | 000,076,888 | ---- | M] () -- C:\Windows\SysWOW64\PnkBstrA.exe
PRC - [2011/08/17 09:29:20 | 004,527,424 | ---- | M] (DT Soft Ltd) -- C:\Program Files (x86)\DAEMON Tools Pro\DTAgent.exe
 
 
========== Modules (No Company Name) ==========
 
MOD - [2014/04/24 02:33:13 | 000,390,472 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\34.0.1847.131\ppgooglenaclpluginchrome.dll
MOD - [2014/04/24 02:33:10 | 004,081,480 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\34.0.1847.131\pdf.dll
MOD - [2014/04/24 02:33:05 | 000,674,632 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\34.0.1847.131\libglesv2.dll
MOD - [2014/04/24 02:33:04 | 000,093,000 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\34.0.1847.131\libegl.dll
MOD - [2014/04/24 02:33:03 | 001,647,432 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\34.0.1847.131\ffmpegsumo.dll
MOD - [2014/04/24 02:33:01 | 000,065,352 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\34.0.1847.131\chrome_elf.dll
 
 
========== Services (SafeList) ==========
 
SRV:64bit: - [2014/04/01 18:24:10 | 002,818,888 | ---- | M] (CybelSoft) [Disabled | Stopped] -- C:\Program Files\ma-config.com\MaConfigAgent.exe -- (MaConfigAgent)
SRV:64bit: - [2014/03/10 23:31:02 | 000,111,616 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\IEEtwCollector.exe -- (IEEtwCollectorService)
SRV:64bit: - [2014/02/05 11:32:24 | 016,941,856 | ---- | M] (NVIDIA Corporation) [Disabled | Stopped] -- C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe -- (NvStreamSvc)
SRV:64bit: - [2013/11/21 09:31:44 | 000,015,720 | ---- | M] (Intel Corporation) [Disabled | Stopped] -- C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe -- (IAStorDataMgrSvc)
SRV:64bit: - [2013/08/27 14:32:30 | 000,828,376 | ---- | M] (Intel® Corporation) [Disabled | Stopped] -- C:\Program Files\Intel\iCLS Client\SocketHeciServer.exe -- (Intel®
SRV:64bit: - [2013/08/27 14:32:14 | 000,747,520 | ---- | M] (Intel® Corporation) [Disabled | Stopped] -- C:\Program Files\Intel\iCLS Client\HeciServer.exe -- (Intel®
SRV:64bit: - [2013/06/13 21:31:10 | 000,357,144 | ---- | M] (Logitech, Inc.) [Disabled | Stopped] -- C:\Program Files\Common Files\LogiShrd\Bluetooth\lbtserv.exe -- (LBTServ)
SRV:64bit: - [2009/07/14 03:41:27 | 001,011,712 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\mpsvc.dll -- (WinDefend)
SRV:64bit: - [2009/07/14 03:40:01 | 000,193,536 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\appmgmts.dll -- (AppMgmt)
SRV - [2014/05/05 11:14:35 | 000,257,712 | ---- | M] (Adobe Systems Incorporated) [Disabled | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2014/04/25 11:56:12 | 005,024,576 | ---- | M] (TeamViewer GmbH) [Auto | Running] -- C:\Program Files (x86)\TeamViewer\Version9\TeamViewer_Service.exe -- (TeamViewer9)
SRV - [2014/04/15 10:46:28 | 002,227,536 | ---- | M] (LogMeIn Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2.exe -- (Hamachi2Svc)
SRV - [2014/04/08 18:45:50 | 000,377,616 | ---- | M] (LogMeIn, Inc.) [Auto | Running] -- C:\Program Files (x86)\LogMeIn Hamachi\LMIGuardianSvc.exe -- (LMIGuardianSvc)
SRV - [2014/03/04 13:32:56 | 000,411,936 | ---- | M] (NVIDIA Corporation) [Disabled | Stopped] -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe -- (Stereo Service)
SRV - [2014/02/28 22:23:52 | 000,009,216 | ---- | M] (Hi-Rez Studios) [Disabled | Stopped] -- C:\Jeux\Smite\HiPatchService.exe -- (HiPatchService)
SRV - [2014/02/05 11:32:34 | 001,593,632 | ---- | M] (NVIDIA Corporation) [Disabled | Stopped] -- C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe -- (NvNetworkService)
SRV - [2014/01/18 23:29:29 | 000,076,888 | ---- | M] () [Auto | Running] -- C:\Windows\SysWOW64\PnkBstrA.exe -- (PnkBstrA)
SRV - [2013/12/21 08:04:16 | 000,065,432 | ---- | M] (Adobe Systems Incorporated) [Disabled | Stopped] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2013/12/10 01:27:38 | 000,390,616 | ---- | M] (Intel Corporation) [Disabled | Stopped] -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe -- (LMS)
SRV - [2013/12/10 01:27:36 | 000,169,432 | ---- | M] (Intel Corporation) [Disabled | Stopped] -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\Jhi_service.exe -- (jhi_service)
SRV - [2013/12/05 21:36:33 | 000,119,408 | ---- | M] (Mozilla Foundation) [Disabled | Stopped] -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2013/10/23 09:15:08 | 000,172,192 | R--- | M] (Skype Technologies) [Disabled | Stopped] -- C:\Program Files (x86)\Skype\Updater\Updater.exe -- (SkypeUpdate)
SRV - [2013/09/16 20:13:40 | 000,307,488 | ---- | M] () [Disabled | Stopped] -- C:\Program Files (x86)\NETGEAR\WNA3100M\WifiSvc.exe -- (WSWNA3100M)
SRV - [2013/08/28 23:47:18 | 000,563,624 | ---- | M] (Valve Corporation) [Disabled | Stopped] -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe -- (Steam Client Service)
SRV - [2013/03/01 03:48:58 | 000,118,520 | ---- | M] (Riverbed Technology, Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\WinPcap\rpcapd.exe -- (rpcapd)
SRV - [2010/03/18 13:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2009/06/10 23:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
 
 
========== Driver Services (SafeList) ==========
 
DRV:64bit: - [2014/02/24 17:33:46 | 000,017,568 | ---- | M] (CybelSoft) [Kernel | On_Demand | Stopped] -- C:\Program Files\ma-config.com\Drivers\ma-config_amd64.sys -- (ma-config_amd64)
DRV:64bit: - [2014/02/18 13:48:28 | 000,901,848 | ---- | M] (Realtek                                            ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Rt64win7.sys -- (RTL8167)
DRV:64bit: - [2013/12/27 20:42:26 | 000,039,200 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\nvvad64v.sys -- (nvvad_WaveExtensible)
DRV:64bit: - [2013/12/21 23:50:51 | 000,271,424 | ---- | M] (DT Soft Ltd) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\dtsoftbus01.sys -- (dtsoftbus01)
DRV:64bit: - [2013/12/10 01:27:36 | 000,100,312 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\TeeDriverx64.sys -- (MEIx64)
DRV:64bit: - [2013/11/21 09:31:28 | 000,632,168 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\iaStorA.sys -- (iaStorA)
DRV:64bit: - [2013/11/21 09:31:28 | 000,028,008 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\iaStorF.sys -- (iaStorF)
DRV:64bit: - [2013/09/17 16:48:30 | 000,795,632 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\iusb3xhc.sys -- (iusb3xhc)
DRV:64bit: - [2013/09/17 16:48:30 | 000,358,896 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\iusb3hub.sys -- (iusb3hub)
DRV:64bit: - [2013/09/17 16:48:30 | 000,020,464 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\iusb3hcs.sys -- (iusb3hcs)
DRV:64bit: - [2013/05/23 08:12:56 | 000,040,728 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\LUsbFilt.sys -- (LUsbFilt)
DRV:64bit: - [2013/05/23 08:12:52 | 000,059,160 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\LMouFilt.Sys -- (LMouFilt)
DRV:64bit: - [2013/05/23 08:12:50 | 000,076,568 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\LHidFilt.Sys -- (LHidFilt)
DRV:64bit: - [2013/03/01 03:49:12 | 000,036,600 | ---- | M] (Riverbed Technology, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\npf.sys -- (NPF)
DRV:64bit: - [2013/02/12 06:12:06 | 000,019,968 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usb8023x.sys -- (usb_rndisx)
DRV:64bit: - [2012/12/10 15:48:02 | 000,044,544 | ---- | M] (Research in Motion Ltd) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\RimSerial_AMD64.sys -- (RimVSerPort)
DRV:64bit: - [2012/03/01 08:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:64bit: - [2011/12/30 15:23:16 | 001,094,760 | ---- | M] (NETGEAR Corporation                           ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\wna3100m.sys -- (wna3100m)
DRV:64bit: - [2010/11/21 05:24:43 | 000,020,992 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\rdpvideominiport.sys -- (RdpVideoMiniport)
DRV:64bit: - [2010/11/21 05:24:33 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2010/11/21 05:23:48 | 000,117,248 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\tsusbhub.sys -- (tsusbhub)
DRV:64bit: - [2010/11/21 05:23:48 | 000,088,960 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\Synth3dVsc.sys -- (Synth3dVsc)
DRV:64bit: - [2010/11/21 05:23:48 | 000,071,168 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\dmvsc.sys -- (dmvsc)
DRV:64bit: - [2010/11/21 05:23:48 | 000,034,816 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\terminpt.sys -- (terminpt)
DRV:64bit: - [2010/11/21 05:23:47 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2010/11/21 05:23:47 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2010/11/21 05:23:47 | 000,031,232 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbGD.sys -- (TsUsbGD)
DRV:64bit: - [2010/11/21 05:23:47 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2009/07/14 03:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009/07/14 03:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009/07/14 03:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009/07/14 02:10:47 | 000,011,264 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\rootmdm.sys -- (ROOTMODEM)
DRV:64bit: - [2009/06/10 22:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009/06/10 22:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009/06/10 22:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009/06/10 22:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV:64bit: - [2009/03/18 17:35:42 | 000,033,856 | -H-- | M] (LogMeIn, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\hamachi.sys -- (hamachi)
DRV - [2009/07/14 03:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.google.com
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank
IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {33BB0A4E-99AF-4226-BDF6-49120163DE86}
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.google.com
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank
IE - HKLM\..\SearchScopes,DefaultScope = 
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.google.com
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://fr.msn.com/?ocid=iehp
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = fr
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 00 37 93 33 59 CB CE 01  [binary data]
IE - HKCU\..\SearchScopes,DefaultScope = 
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE11SR
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
========== FireFox ==========
 
FF - prefs.js..browser.search.useDBForOrder: "false"
FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:26.0
FF - user.js - File not found
 
FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_13_0_0_206.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.25.2: C:\Windows\system32\npDeployJava1.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.25.2: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF:64bit: - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.30214.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_13_0_0_206.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\SysWOW64\Adobe\Director\np32dsw_1203133.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@intel-webapi.intel.com/Intel WebAPI ipt;version=4.0.5: C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIIPT.dll (Intel Corporation)
FF - HKLM\Software\MozillaPlugins\@intel-webapi.intel.com/Intel WebAPI updater: C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIUpdater.dll (Intel Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.51.2: C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.51.2: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\5.1.30214.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVision: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVisionStreaming: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
FF - HKLM\Software\MozillaPlugins\@pandonetworks.com/PandoWebPlugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll File not found
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.24.7\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.24.7\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.0.8: C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.1.2: C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.1.3: C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@talk.google.com/GoogleTalkPlugin: C:\Users\Nacuto\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll (Google)
FF - HKCU\Software\MozillaPlugins\@talk.google.com/O1DPlugin: C:\Users\Nacuto\AppData\Roaming\Mozilla\plugins\npo1d.dll (Google)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\Nacuto\AppData\Local\Google\Update\1.3.24.7\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\Nacuto\AppData\Local\Google\Update\1.3.24.7\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@unity3d.com/UnityPlayer,version=1.0: C:\Users\Nacuto\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS)
FF - HKCU\Software\MozillaPlugins\ubisoft.com/uplaypc: C:\Program Files (x86)\Ubisoft\Ubisoft Game Launcher\npuplaypc.dll File not found
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{F003DA68-8256-4b37-A6C4-350FA04494DF}: C:\Program Files\Logitech\SetPointP\LogiSmoothFirefoxExt [2013/10/02 18:23:33 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 26.0\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 26.0\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins
 
[2014/01/24 19:24:30 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Nacuto\AppData\Roaming\mozilla\Extensions
[2014/01/24 19:24:13 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\browser\extensions
[2014/01/24 19:24:13 | 000,000,000 | ---D | M] (Default) -- C:\Program Files (x86)\Mozilla Firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
 
========== Chrome  ==========
 
CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:originalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}{google:bookmarkBarPinned}{google:searchClient}{google:sourceId}{google:instantExtendedEnabledParameter}{google:omniboxStartMarginParameter}ie={inputEncoding}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client={google:suggestClient}&gs_ri={google:suggestRid}&xssi=t&q={searchTerms}&{google:cursorPosition}{google:currentPageUrl}{google:pageClassification}sugkey={google:suggestAPIKeyParameter},
CHR - homepage: https://www.google.fr/
CHR - plugin: Error reading preferences file
CHR - Extension: Search Papoy = C:\Users\Nacuto\AppData\Local\Google\Chrome\User Data\Default\Extensions\ajkgkhepjponelmnplpciplmhagpknbg\1.3_0\
CHR - Extension: YouTube = C:\Users\Nacuto\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.6_0\
CHR - Extension: Adblock Plus = C:\Users\Nacuto\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb\1.8.1_0\
CHR - Extension: Adblock pour Youtubeâ„¢ = C:\Users\Nacuto\AppData\Local\Google\Chrome\User Data\Default\Extensions\cmedhionkhpnakcndndgjdbohmhepckk\2.16_0\
CHR - Extension: piano virtuel = C:\Users\Nacuto\AppData\Local\Google\Chrome\User Data\Default\Extensions\cohgcponedmbhgbbdinajeoapmoaifdj\4.9.3_0\
CHR - Extension: Recherche Google = C:\Users\Nacuto\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.20_0\
CHR - Extension: AdBlock = C:\Users\Nacuto\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.6.29_0\
CHR - Extension: Vérificateur de messages Google = C:\Users\Nacuto\AppData\Local\Google\Chrome\User Data\Default\Extensions\mihcahmgecmbnbcchbopgniflfhgnkff\4.4.0_0\
CHR - Extension: Google Wallet = C:\Users\Nacuto\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.6.1_1\
CHR - Extension: Deezer = C:\Users\Nacuto\AppData\Local\Google\Chrome\User Data\Default\Extensions\npfkoakaabdallkcdbpkkhfilkkngakh\1.3.2_0\
CHR - Extension: Outlook.com = C:\Users\Nacuto\AppData\Local\Google\Chrome\User Data\Default\Extensions\pfpeapihoiogbcmdmnibeplnikfnhoge\1.0.2_0\
CHR - Extension: Gmail = C:\Users\Nacuto\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\
 
O1 HOSTS File: ([2014/04/11 19:10:29 | 000,000,741 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2:64bit: - BHO: (Java™ Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2:64bit: - BHO: (Logitech SetPoint) - {AF949550-9094-4807-95EC-D1C317803333} - C:\Program Files\Logitech\SetPointP\SetPointSmooth.dll (Logitech, Inc.)
O2:64bit: - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O2 - BHO: (Java™ Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (Logitech SetPoint) - {AF949550-9094-4807-95EC-D1C317803333} - C:\Program Files\Logitech\SetPointP\32-bit\SetPointSmooth.dll (Logitech, Inc.)
O2 - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O4:64bit: - HKLM..\Run: [RTHDVCPL] C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [LogMeIn Hamachi Ui] C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe (LogMeIn Inc.)
O4 - HKCU..\Run: [DAEMON Tools Pro Agent] C:\Program Files (x86)\DAEMON Tools Pro\DTAgent.exe (DT Soft Ltd)
O4 - HKCU..\Run: [SkyDrive] C:\Users\Nacuto\AppData\Local\Microsoft\SkyDrive\SkyDrive.exe (Microsoft Corporation)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 8
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O16 - DPF: {5AE58FCF-6F6A-49B2-B064-02492C66E3F4} http://catalog.update.microsoft.com/v7/site/ClientControl/en/x86/MuCatalogWebControl.cab?1394487707044 (MUCatalogWebControl Class)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{09E017B8-95DB-4956-BB10-001A124578E1}: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{8681991F-23D8-4EBA-87F1-2DC8E03C6E1B}: DhcpNameServer = 212.27.40.240 212.27.40.241
O18:64bit: - Protocol\Handler\skype4com - No CLSID value found
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation)
O20:64bit: - Winlogon\Notify\LBTWlgn: DllName - (c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll) - c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll (Logitech, Inc.)
O20:64bit: - Winlogon\Notify\WB: DllName - (C:\Program Files (x86)\Stardock\MyColors\fast64.dll) -  File not found
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 0
O32 - AutoRun File - [2013/09/05 13:07:44 | 000,000,043 | R--- | M] () - D:\autorun.inf -- [ CDFS ]
O32 - AutoRun File - [2013/05/29 21:10:55 | 000,000,000 | ---- | M] () - E:\AUTOEXEC.BAT -- [ NTFS ]
O33 - MountPoints2\{932eb6ae-69c6-11e3-bc18-08606ed76f8d}\Shell - "" = AutoRun
O33 - MountPoints2\{932eb6ae-69c6-11e3-bc18-08606ed76f8d}\Shell\AutoRun\command - "" = D:\setup.exe -- [2013/09/05 13:09:49 | 000,450,904 | R--- | M] (                                                            )
O33 - MountPoints2\{a7aa473d-ffab-11e2-bd87-08606ed76f8d}\Shell - "" = AutoRun
O33 - MountPoints2\{a7aa473d-ffab-11e2-bd87-08606ed76f8d}\Shell\AutoRun\command - "" = C:\Windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL D:\autorun.bat
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)
 
========== Files/Folders - Created Within 30 Days ==========
 
[2014/05/09 20:10:09 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\Nacuto\Desktop\OTL (1).exe
[2014/05/09 20:05:32 | 000,000,000 | ---D | C] -- C:\Windows\ERUNT
[2014/05/09 20:05:09 | 001,016,261 | ---- | C] (Thisisu) -- C:\Users\Nacuto\Desktop\JRT.exe
[2014/05/09 20:02:05 | 000,536,576 | ---- | C] (SQLite Development Team) -- C:\Windows\SysWow64\sqlite3.dll
[2014/05/08 17:54:04 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Trend Micro
[2014/05/08 17:54:04 | 000,000,000 | ---D | C] -- C:\Users\Nacuto\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\HiJackThis
[2014/05/08 17:46:33 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\LogMeIn Hamachi
[2014/05/08 17:46:33 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\LogMeIn Hamachi
[2014/05/08 17:20:25 | 000,000,000 | ---D | C] -- C:\Users\Nacuto\AppData\Roaming\.technic
[2014/05/07 07:47:07 | 000,000,000 | ---D | C] -- C:\Users\Nacuto\AppData\Roaming\TeamViewer
[2014/05/06 13:21:33 | 000,000,000 | R--D | C] -- C:\Users\Nacuto\OneDrive
[2014/05/06 13:21:33 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft OneDrive
[2014/05/04 14:08:03 | 000,000,000 | ---D | C] -- C:\Users\Nacuto\AppData\Local\LogMeIn Hamachi
[2014/05/03 23:17:05 | 000,000,000 | ---D | C] -- C:\Users\Nacuto\AppData\Local\CrashRpt
[2014/05/03 23:16:52 | 000,000,000 | ---D | C] -- C:\Users\Nacuto\AppData\Roaming\Achiwa
[2014/05/03 23:16:41 | 000,000,000 | ---D | C] -- C:\Users\Nacuto\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Achiwa
[2014/05/03 23:16:41 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Achiwa
[2014/05/03 23:16:40 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinPcap
[2014/05/03 23:16:38 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\WinPcap
[2014/05/03 23:16:27 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Achiwa
[2014/05/03 13:04:30 | 000,000,000 | ---D | C] -- C:\Users\Nacuto\Documents\Electronic Arts
[2014/05/03 12:08:32 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft WSE
[2014/05/02 22:32:15 | 000,000,000 | ---D | C] -- C:\Users\Nacuto\Documents\Command & Conquer Generals - Heure H Data
[2014/05/02 22:19:08 | 000,000,000 | ---D | C] -- C:\Users\Nacuto\Documents\Command and Conquer Generals Zero Hour Data
[2014/05/02 16:26:15 | 000,000,000 | ---D | C] -- C:\Users\Nacuto\AppData\Roaming\skyz
[2014/04/30 21:33:28 | 000,000,000 | ---D | C] -- C:\Users\Nacuto\AppData\Local\CrashDumps
[2014/04/30 19:17:55 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\projects
[2014/04/30 19:17:55 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\Logs
[2014/04/28 13:36:14 | 000,000,000 | ---D | C] -- C:\Users\Nacuto\AppData\Roaming\OBS
[2014/04/28 13:35:55 | 000,000,000 | ---D | C] -- C:\Users\Nacuto\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Open Broadcaster Software
[2014/04/28 13:35:54 | 000,000,000 | ---D | C] -- C:\Program Files\OBS
[2014/04/28 13:35:53 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\OBS
[2014/04/26 13:22:48 | 000,000,000 | ---D | C] -- C:\Users\Nacuto\Documents\NCSOFT
[2014/04/26 11:56:19 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\XSplit
[2014/04/26 11:51:49 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\SplitMediaLabs
[2014/04/26 10:36:40 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CPUID
[2014/04/25 23:45:02 | 000,000,000 | ---D | C] -- C:\Users\Nacuto\AppData\Roaming\NCSOFT
[2014/04/25 23:45:02 | 000,000,000 | ---D | C] -- C:\Users\Nacuto\AppData\Local\NCSOFT
[2014/04/23 23:08:00 | 000,000,000 | ---D | C] -- C:\Users\Nacuto\AppData\Roaming\Factorio
[2014/04/22 21:10:06 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CrystalDiskInfo
[2014/04/22 21:10:05 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\CrystalDiskInfo
[2014/04/21 22:59:24 | 000,000,000 | ---D | C] -- C:\Users\Nacuto\AppData\Roaming\.minecraft
[2014/04/21 20:51:55 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\7-Zip
[2014/04/21 20:51:55 | 000,000,000 | ---D | C] -- C:\Program Files\7-Zip
[2014/04/16 19:17:15 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\AGEIA Technologies
[2014/04/16 19:13:11 | 000,000,000 | ---D | C] -- C:\NVIDIA
[2014/04/16 19:11:36 | 000,901,848 | ---- | C] (Realtek                                            ) -- C:\Windows\SysNative\drivers\Rt64win7.sys
[2014/04/16 14:58:58 | 000,000,000 | ---D | C] -- C:\Program Files\Realtek
[2014/04/16 14:58:57 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\RTCOM
[2014/04/16 14:58:36 | 005,538,072 | ---- | C] (ASUSTeKcomputer.Inc Inc) -- C:\Windows\SysNative\RTKSMlfx.dll
[2014/04/16 14:58:36 | 002,103,040 | ---- | C] (Waves Audio Ltd.) -- C:\Windows\SysNative\WavesGUILib64.dll
[2014/04/16 14:58:36 | 001,014,016 | ---- | C] (SRS Labs, Inc.) -- C:\Windows\SysNative\slcnt64.dll
[2014/04/16 14:58:36 | 000,897,792 | ---- | C] (DTS, Inc.) -- C:\Windows\SysNative\sl3apo64.dll
[2014/04/16 14:58:36 | 000,754,488 | ---- | C] (ASUSTeKcomputer.Inc Inc) -- C:\Windows\SysNative\RTKSMSettingsIPC.dll
[2014/04/16 14:58:36 | 000,722,688 | ---- | C] (DTS, Inc.) -- C:\Windows\SysNative\sltech64.dll
[2014/04/16 14:58:36 | 000,518,896 | ---- | C] (SRS Labs, Inc.) -- C:\Windows\SysNative\SRSTSX64.dll
[2014/04/16 14:58:36 | 000,375,128 | ---- | C] (Dolby Laboratories, Inc.) -- C:\Windows\SysNative\RTEEP64A.dll
[2014/04/16 14:58:36 | 000,310,104 | ---- | C] (Dolby Laboratories, Inc.) -- C:\Windows\SysNative\RP3DHT64.dll
[2014/04/16 14:58:36 | 000,310,104 | ---- | C] (Dolby Laboratories, Inc.) -- C:\Windows\SysNative\RP3DAA64.dll
[2014/04/16 14:58:36 | 000,244,480 | ---- | C] (TODO: <Company name>) -- C:\Windows\SysNative\slprp64.dll
[2014/04/16 14:58:36 | 000,221,024 | ---- | C] (Synopsys, Inc.) -- C:\Windows\SysNative\SFNHK64.dll
[2014/04/16 14:58:36 | 000,211,184 | ---- | C] (SRS Labs, Inc.) -- C:\Windows\SysNative\SRSTSH64.dll
[2014/04/16 14:58:36 | 000,204,120 | ---- | C] (Dolby Laboratories, Inc.) -- C:\Windows\SysNative\RTEED64A.dll
[2014/04/16 14:58:36 | 000,198,896 | ---- | C] (SRS Labs, Inc.) -- C:\Windows\SysNative\SRSHP64.dll
[2014/04/16 14:58:36 | 000,155,888 | ---- | C] (SRS Labs, Inc.) -- C:\Windows\SysNative\SRSWOW64.dll
[2014/04/16 14:58:36 | 000,101,208 | ---- | C] (Dolby Laboratories, Inc.) -- C:\Windows\SysNative\RTEEL64A.dll
[2014/04/16 14:58:36 | 000,081,248 | ---- | C] (Synopsys, Inc.) -- C:\Windows\SysNative\SFCOM64.dll
[2014/04/16 14:58:36 | 000,078,688 | ---- | C] (Synopsys, Inc.) -- C:\Windows\SysNative\SFAPO64.dll
[2014/04/16 14:58:36 | 000,078,680 | ---- | C] (Dolby Laboratories, Inc.) -- C:\Windows\SysNative\RTEEG64A.dll
[2014/04/16 14:58:36 | 000,074,064 | ---- | C] (Virage Logic Corporation / Sonic Focus) -- C:\Windows\SysWow64\SFCOM.dll
[2014/04/16 14:58:35 | 027,518,208 | ---- | C] (Waves Audio Ltd.) -- C:\Windows\SysNative\MaxxAudioVnA64.dll
[2014/04/16 14:58:35 | 014,048,512 | ---- | C] (Waves Audio Ltd.) -- C:\Windows\SysNative\MaxxAudioRealtek64.dll
[2014/04/16 14:58:35 | 007,164,176 | ---- | C] (Dolby Laboratories) -- C:\Windows\SysNative\R4EEP64A.dll
[2014/04/16 14:58:35 | 003,610,880 | ---- | C] (Waves Audio Ltd.) -- C:\Windows\SysNative\MaxxAudioVnN64.dll
[2014/04/16 14:58:35 | 002,032,896 | ---- | C] (Waves Audio Ltd.) -- C:\Windows\SysNative\MaxxAudioEQ64.dll
[2014/04/16 14:58:35 | 001,916,672 | ---- | C] (Waves Audio Ltd.) -- C:\Windows\SysNative\MaxxAudioRealtek264.dll
[2014/04/16 14:58:35 | 001,325,312 | ---- | C] (Waves Audio Ltd.) -- C:\Windows\SysNative\MaxxAudioAPO5064.dll
[2014/04/16 14:58:35 | 001,084,160 | ---- | C] (Waves Audio Ltd.) -- C:\Windows\SysNative\MaxxAudioAPO4064.dll
[2014/04/16 14:58:35 | 000,922,880 | ---- | C] (Waves Audio Ltd.) -- C:\Windows\SysNative\MaxxAudioAPOShell64.dll
[2014/04/16 14:58:35 | 000,907,008 | ---- | C] (Waves Audio Ltd.) -- C:\Windows\SysNative\MaxxVoiceAPO2064.dll
[2014/04/16 14:58:35 | 000,790,272 | ---- | C] (Waves Audio Ltd.) -- C:\Windows\SysWow64\MaxxAudioAPOShell.dll
[2014/04/16 14:58:35 | 000,765,184 | ---- | C] (Waves Audio Ltd.) -- C:\Windows\SysNative\MaxxSpeechAPO64.dll
[2014/04/16 14:58:35 | 000,663,296 | ---- | C] (Waves Audio Ltd.) -- C:\Windows\SysNative\MaxxAudioAPO30.dll
[2014/04/16 14:58:35 | 000,662,784 | ---- | C] (Waves Audio Ltd.) -- C:\Windows\SysNative\MaxxVolumeSDAPO.dll
[2014/04/16 14:58:35 | 000,603,984 | ---- | C] (Knowles Acoustics ) -- C:\Windows\SysNative\KAAPORT64.dll
[2014/04/16 14:58:35 | 000,434,960 | ---- | C] (Dolby Laboratories) -- C:\Windows\SysNative\R4EED64A.dll
[2014/04/16 14:58:35 | 000,318,808 | ---- | C] (Waves Audio Ltd.) -- C:\Windows\SysNative\MaxxAudioAPO20.dll
[2014/04/16 14:58:35 | 000,141,584 | ---- | C] (Dolby Laboratories) -- C:\Windows\SysNative\R4EEL64A.dll
[2014/04/16 14:58:35 | 000,124,176 | ---- | C] (Dolby Laboratories) -- C:\Windows\SysNative\R4EEA64A.dll
[2014/04/16 14:58:35 | 000,075,024 | ---- | C] (Dolby Laboratories) -- C:\Windows\SysNative\R4EEG64A.dll
[2014/04/16 14:58:33 | 006,217,904 | ---- | C] (Dolby Laboratories) -- C:\Windows\SysNative\DDPP64A.dll
[2014/04/16 14:58:33 | 002,743,328 | ---- | C] (Fortemedia Corporation) -- C:\Windows\SysNative\FMAPO64.dll
[2014/04/16 14:58:33 | 001,938,608 | ---- | C] (Dolby Laboratories) -- C:\Windows\SysNative\DDPD64A.dll
[2014/04/16 14:58:33 | 001,756,264 | ---- | C] (DTS) -- C:\Windows\SysNative\DTSS2SpeakerDLL64.dll
[2014/04/16 14:58:33 | 001,568,360 | ---- | C] (DTS) -- C:\Windows\SysNative\DTSS2HeadphoneDLL64.dll
[2014/04/16 14:58:33 | 001,486,952 | ---- | C] (DTS) -- C:\Windows\SysNative\DTSBoostDLL64.dll
[2014/04/16 14:58:33 | 000,728,680 | ---- | C] (DTS) -- C:\Windows\SysNative\DTSBassEnhancementDLL64.dll
[2014/04/16 14:58:33 | 000,712,296 | ---- | C] (DTS) -- C:\Windows\SysNative\DTSSymmetryDLL64.dll
[2014/04/16 14:58:33 | 000,693,352 | ---- | C] (DTS) -- C:\Windows\SysNative\DTSVoiceClarityDLL64.dll
[2014/04/16 14:58:33 | 000,501,184 | ---- | C] (DTS) -- C:\Windows\SysNative\DTSU2PLFX64.dll
[2014/04/16 14:58:33 | 000,491,112 | ---- | C] (DTS) -- C:\Windows\SysNative\DTSNeoPCDLL64.dll
[2014/04/16 14:58:33 | 000,487,360 | ---- | C] (DTS) -- C:\Windows\SysNative\DTSU2PGFX64.dll
[2014/04/16 14:58:33 | 000,432,744 | ---- | C] (DTS) -- C:\Windows\SysNative\DTSLimiterDLL64.dll
[2014/04/16 14:58:33 | 000,428,648 | ---- | C] (DTS) -- C:\Windows\SysNative\DTSGainCompensatorDLL64.dll
[2014/04/16 14:58:33 | 000,415,680 | ---- | C] (DTS) -- C:\Windows\SysNative\DTSU2PREC64.dll
[2014/04/16 14:58:33 | 000,313,520 | ---- | C] (Dolby Laboratories) -- C:\Windows\SysNative\DDPO64A.dll
[2014/04/16 14:58:33 | 000,260,272 | ---- | C] (Dolby Laboratories) -- C:\Windows\SysNative\DDPA64.dll
[2014/04/16 14:58:33 | 000,242,792 | ---- | C] (DTS) -- C:\Windows\SysNative\DTSLFXAPO64.dll
[2014/04/16 14:58:33 | 000,242,792 | ---- | C] (DTS) -- C:\Windows\SysNative\DTSGFXAPO64.dll
[2014/04/16 14:58:33 | 000,241,768 | ---- | C] (DTS) -- C:\Windows\SysNative\DTSGFXAPONS64.dll
[2014/04/16 14:58:33 | 000,113,576 | ---- | C] (Real Sound Lab SIA) -- C:\Windows\SysNative\CONEQMSAPOGUILibrary.dll
[2014/04/16 14:58:30 | 000,000,000 | -H-D | C] -- C:\Program Files (x86)\Temp
[2014/04/16 14:46:55 | 000,000,000 | ---D | C] -- C:\Intel
[2014/04/16 14:43:52 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ma-config.com
[2014/04/11 22:33:15 | 000,000,000 | ---D | C] -- C:\Users\Nacuto\AppData\Local\ElevatedDiagnostics
[2014/04/11 19:02:45 | 000,000,000 | ---D | C] -- C:\AdwCleaner
[2014/04/11 18:55:41 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\NETGEAR
[2014/04/11 18:55:22 | 000,000,000 | ---D | C] -- C:\Users\Nacuto\AppData\Roaming\InstallShield
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
 
========== Files - Modified Within 30 Days ==========
 
[2014/05/09 20:10:00 | 000,001,082 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-3818266227-1873465231-1212256919-1000UA.job
[2014/05/09 20:09:55 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Nacuto\Desktop\OTL (1).exe
[2014/05/09 20:09:04 | 001,665,132 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2014/05/09 20:09:04 | 000,746,094 | ---- | M] () -- C:\Windows\SysNative\perfh00C.dat
[2014/05/09 20:09:04 | 000,652,976 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2014/05/09 20:09:04 | 000,149,110 | ---- | M] () -- C:\Windows\SysNative\perfc00C.dat
[2014/05/09 20:09:04 | 000,121,406 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2014/05/09 20:05:01 | 001,016,261 | ---- | M] (Thisisu) -- C:\Users\Nacuto\Desktop\JRT.exe
[2014/05/09 20:03:41 | 000,006,064 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2014/05/09 20:03:41 | 000,006,064 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2014/05/09 20:03:21 | 000,001,064 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2014/05/09 20:03:13 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2014/05/09 20:03:10 | 2097,090,559 | -HS- | M] () -- C:\hiberfil.sys
[2014/05/09 20:01:46 | 001,316,991 | ---- | M] () -- C:\Users\Nacuto\Desktop\AdwCleaner (1).exe
[2014/05/09 19:50:00 | 000,001,002 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2014/05/09 19:18:00 | 000,001,068 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2014/05/09 07:10:00 | 000,001,030 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-3818266227-1873465231-1212256919-1000Core.job
[2014/05/08 17:54:04 | 000,002,981 | ---- | M] () -- C:\Users\Nacuto\Desktop\HiJackThis.lnk
[2014/05/07 19:51:36 | 005,195,484 | ---- | M] () -- C:\Users\Nacuto\Desktop\20 - Scatman John - Scatman.mp3
[2014/05/03 23:16:41 | 000,000,995 | ---- | M] () -- C:\Users\Nacuto\Desktop\Achiwa.lnk
[2014/05/03 11:32:02 | 000,271,088 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2014/05/02 22:27:01 | 000,000,975 | ---- | M] () -- C:\Windows\eReg.dat
[2014/04/30 19:18:19 | 000,000,523 | ---- | M] () -- C:\Windows\SysWow64\0000000000000000_crash.json
[2014/04/26 17:09:27 | 000,000,008 | ---- | M] () -- C:\Users\Nacuto\AppData\Roaming\DofusAppId0_2
[2014/04/26 17:09:07 | 000,000,117 | ---- | M] () -- C:\Users\Nacuto\AppData\Roaming\D2Info0
[2014/04/26 11:56:19 | 000,001,133 | ---- | M] () -- C:\Users\Nacuto\Application Data\Microsoft\Internet Explorer\Quick Launch\XSplit Broadcaster.lnk
[2014/04/25 00:42:35 | 000,002,427 | ---- | M] () -- C:\Users\Nacuto\Desktop\MegaDébrideur Download Manager.lnk
[2014/04/23 23:07:29 | 000,001,814 | ---- | M] () -- C:\Users\Nacuto\Desktop\Factorio v0.9.6.lnk
[2014/04/22 21:10:06 | 000,001,190 | ---- | M] () -- C:\Users\Nacuto\Desktop\CrystalDiskInfo.lnk
[2014/04/22 14:21:33 | 000,281,688 | ---- | M] () -- C:\Windows\SysWow64\PnkBstrB.xtr
[2014/04/22 14:21:33 | 000,281,688 | ---- | M] () -- C:\Windows\SysWow64\PnkBstrB.exe
[2014/04/16 14:59:05 | 000,000,000 | -H-- | M] () -- C:\ProgramData\DP45977C.lfl
[2014/04/16 14:58:27 | 000,001,769 | ---- | M] () -- C:\Windows\Language_trs.ini
[2014/04/11 19:03:13 | 000,001,186 | ---- | M] () -- C:\Users\Nacuto\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
 
========== Files Created - No Company Name ==========
 
[2014/05/09 20:01:48 | 001,316,991 | ---- | C] () -- C:\Users\Nacuto\Desktop\AdwCleaner (1).exe
[2014/05/08 17:54:04 | 000,002,981 | ---- | C] () -- C:\Users\Nacuto\Desktop\HiJackThis.lnk
[2014/05/07 19:50:35 | 005,195,484 | ---- | C] () -- C:\Users\Nacuto\Desktop\20 - Scatman John - Scatman.mp3
[2014/05/06 13:21:33 | 000,002,226 | ---- | C] () -- C:\Users\Nacuto\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Microsoft OneDrive.lnk
[2014/05/03 23:16:41 | 000,000,995 | ---- | C] () -- C:\Users\Nacuto\Desktop\Achiwa.lnk
[2014/05/02 22:24:37 | 000,000,975 | ---- | C] () -- C:\Windows\eReg.dat
[2014/04/30 19:18:19 | 000,000,523 | ---- | C] () -- C:\Windows\SysWow64\0000000000000000_crash.json
[2014/04/26 11:56:19 | 000,001,133 | ---- | C] () -- C:\Users\Nacuto\Application Data\Microsoft\Internet Explorer\Quick Launch\XSplit Broadcaster.lnk
[2014/04/25 00:42:35 | 000,002,457 | ---- | C] () -- C:\Users\Nacuto\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\MegaDébrideur Download Manager.lnk
[2014/04/25 00:42:35 | 000,002,427 | ---- | C] () -- C:\Users\Nacuto\Desktop\MegaDébrideur Download Manager.lnk
[2014/04/23 23:07:29 | 000,001,814 | ---- | C] () -- C:\Users\Nacuto\Desktop\Factorio v0.9.6.lnk
[2014/04/22 21:10:06 | 000,001,190 | ---- | C] () -- C:\Users\Nacuto\Desktop\CrystalDiskInfo.lnk
[2014/04/16 14:59:05 | 000,000,000 | -H-- | C] () -- C:\ProgramData\DP45977C.lfl
[2014/04/16 14:58:36 | 005,681,192 | ---- | C] () -- C:\Windows\SysNative\drivers\rtvienna.dat
[2014/04/16 14:58:36 | 000,673,037 | ---- | C] () -- C:\Windows\SysNative\drivers\RTAIODAT.DAT
[2014/04/16 14:58:33 | 000,605,496 | ---- | C] () -- C:\Windows\SysNative\audioLibVc.dll
[2014/04/16 14:58:33 | 000,109,848 | ---- | C] () -- C:\Windows\SysNative\AcpiServiceVnA64.dll
[2014/04/16 14:58:27 | 000,001,769 | ---- | C] () -- C:\Windows\Language_trs.ini
[2014/04/11 19:21:29 | 000,271,088 | ---- | C] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2014/01/18 23:29:30 | 000,281,688 | ---- | C] () -- C:\Windows\SysWow64\PnkBstrB.exe
[2014/01/18 23:29:29 | 000,076,888 | ---- | C] () -- C:\Windows\SysWow64\PnkBstrA.exe
[2013/11/22 05:10:22 | 000,032,587 | ---- | C] () -- C:\ProgramData\1385089803.bdinstall.bin
[2013/11/22 04:42:05 | 000,054,847 | ---- | C] () -- C:\ProgramData\1385088105.bdinstall.bin
[2013/11/22 04:11:52 | 000,054,848 | ---- | C] () -- C:\ProgramData\1385086289.bdinstall.bin
[2013/11/22 03:41:39 | 000,054,848 | ---- | C] () -- C:\ProgramData\1385084477.bdinstall.bin
[2013/11/22 03:11:27 | 000,055,005 | ---- | C] () -- C:\ProgramData\1385082665.bdinstall.bin
[2013/11/21 04:47:31 | 000,054,854 | ---- | C] () -- C:\ProgramData\1385002028.bdinstall.bin
[2013/11/21 04:17:19 | 000,054,854 | ---- | C] () -- C:\ProgramData\1385000217.bdinstall.bin
[2013/11/21 03:47:07 | 000,054,853 | ---- | C] () -- C:\ProgramData\1384998405.bdinstall.bin
[2013/11/21 03:16:55 | 000,054,853 | ---- | C] () -- C:\ProgramData\1384996592.bdinstall.bin
[2013/11/21 02:46:43 | 000,054,853 | ---- | C] () -- C:\ProgramData\1384994781.bdinstall.bin
[2013/11/21 02:16:32 | 000,054,853 | ---- | C] () -- C:\ProgramData\1384992969.bdinstall.bin
[2013/11/21 01:46:20 | 000,054,853 | ---- | C] () -- C:\ProgramData\1384991159.bdinstall.bin
[2013/11/21 01:16:09 | 000,054,854 | ---- | C] () -- C:\ProgramData\1384989347.bdinstall.bin
[2013/11/21 00:45:57 | 000,054,853 | ---- | C] () -- C:\ProgramData\1384987533.bdinstall.bin
[2013/11/21 00:15:43 | 000,054,852 | ---- | C] () -- C:\ProgramData\1384985715.bdinstall.bin
[2013/11/20 23:45:26 | 000,054,852 | ---- | C] () -- C:\ProgramData\1384983900.bdinstall.bin
[2013/11/20 23:15:09 | 000,054,852 | ---- | C] () -- C:\ProgramData\1384982086.bdinstall.bin
[2013/11/20 22:44:57 | 000,054,852 | ---- | C] () -- C:\ProgramData\1384980273.bdinstall.bin
[2013/11/20 22:14:39 | 000,055,011 | ---- | C] () -- C:\ProgramData\1384978451.bdinstall.bin
[2013/11/15 00:24:38 | 000,636,036 | ---- | C] () -- C:\ProgramData\1384467353.bdinstall.bin
[2013/11/15 00:24:33 | 000,050,007 | ---- | C] () -- C:\ProgramData\1384467849.bdinstall.bin
[2013/11/14 23:40:36 | 000,007,605 | ---- | C] () -- C:\Users\Nacuto\AppData\Local\Resmon.ResmonCfg
[2013/10/24 11:59:12 | 000,000,045 | ---- | C] () -- C:\Windows\nfsc_patch.ini
[2013/10/12 23:05:17 | 000,811,292 | ---- | C] () -- C:\ProgramData\1381610414.bdinstall.bin
[2013/08/07 23:39:04 | 000,000,008 | ---- | C] () -- C:\Users\Nacuto\AppData\Roaming\DofusAppId0_3
[2013/08/07 23:21:23 | 000,000,008 | ---- | C] () -- C:\Users\Nacuto\AppData\Roaming\DofusAppId0_1
[2013/08/07 23:20:54 | 000,000,117 | ---- | C] () -- C:\Users\Nacuto\AppData\Roaming\D2Info0
[2013/08/07 23:20:54 | 000,000,008 | ---- | C] () -- C:\Users\Nacuto\AppData\Roaming\DofusAppId0_2
[2013/08/07 19:00:44 | 001,642,742 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2013/04/18 20:06:46 | 000,974,848 | ---- | C] () -- C:\Windows\SysWow64\cis-2.4.dll
[2013/04/18 20:06:46 | 000,081,920 | ---- | C] () -- C:\Windows\SysWow64\issacapi_bs-2.3.dll
[2013/04/18 20:06:46 | 000,065,536 | ---- | C] () -- C:\Windows\SysWow64\issacapi_pe-2.3.dll
[2013/04/18 20:06:46 | 000,057,344 | ---- | C] () -- C:\Windows\SysWow64\issacapi_se-2.3.dll
[2013/03/01 03:47:36 | 000,053,299 | ---- | C] () -- C:\Windows\SysWow64\pthreadVC.dll
[2013/02/13 12:27:54 | 000,001,536 | ---- | C] () -- C:\Windows\SysWow64\IusEventLog.dll
 
========== ZeroAccess Check ==========
 
[2009/07/14 06:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
 
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64
 
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"" = C:\Windows\SysNative\shell32.dll -- [2012/06/09 07:43:10 | 014,172,672 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2012/06/09 06:41:00 | 012,873,728 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009/07/14 03:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2010/11/21 05:24:25 | 000,606,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009/07/14 03:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
 
========== LOP Check ==========
 
[2014/05/09 19:51:08 | 000,000,000 | ---D | M] -- C:\Users\Nacuto\AppData\Roaming\.minecraft
[2014/05/08 17:26:45 | 000,000,000 | ---D | M] -- C:\Users\Nacuto\AppData\Roaming\.technic
[2014/05/06 13:12:06 | 000,000,000 | ---D | M] -- C:\Users\Nacuto\AppData\Roaming\Achiwa
[2014/01/23 00:03:57 | 000,000,000 | ---D | M] -- C:\Users\Nacuto\AppData\Roaming\AdamOutler
[2013/08/07 23:21:54 | 000,000,000 | ---D | M] -- C:\Users\Nacuto\AppData\Roaming\AnkamaCertificates
[2013/08/07 23:20:56 | 000,000,000 | ---D | M] -- C:\Users\Nacuto\AppData\Roaming\app
[2013/10/26 12:56:16 | 000,000,000 | ---D | M] -- C:\Users\Nacuto\AppData\Roaming\Awesomium
[2014/03/05 14:20:08 | 000,000,000 | ---D | M] -- C:\Users\Nacuto\AppData\Roaming\Battle.net
[2013/08/10 00:08:18 | 000,000,000 | ---D | M] -- C:\Users\Nacuto\AppData\Roaming\Carbon
[2014/01/06 21:14:59 | 000,000,000 | ---D | M] -- C:\Users\Nacuto\AppData\Roaming\Curse Advertising
[2013/12/10 22:18:58 | 000,000,000 | ---D | M] -- C:\Users\Nacuto\AppData\Roaming\DAEMON Tools Lite
[2014/05/02 22:15:24 | 000,000,000 | ---D | M] -- C:\Users\Nacuto\AppData\Roaming\DAEMON Tools Pro
[2013/08/07 23:21:23 | 000,000,000 | ---D | M] -- C:\Users\Nacuto\AppData\Roaming\Dofus
[2013/08/07 23:20:54 | 000,000,000 | ---D | M] -- C:\Users\Nacuto\AppData\Roaming\Dofus-2
[2013/08/07 23:39:04 | 000,000,000 | ---D | M] -- C:\Users\Nacuto\AppData\Roaming\Dofus-3
[2014/04/26 17:09:37 | 000,000,000 | ---D | M] -- C:\Users\Nacuto\AppData\Roaming\Dofus2
[2014/01/23 01:52:52 | 000,000,000 | ---D | M] -- C:\Users\Nacuto\AppData\Roaming\driver
[2014/01/20 20:45:55 | 000,000,000 | ---D | M] -- C:\Users\Nacuto\AppData\Roaming\ECSoftware
[2014/04/28 18:16:15 | 000,000,000 | ---D | M] -- C:\Users\Nacuto\AppData\Roaming\Factorio
[2013/08/22 19:02:48 | 000,000,000 | ---D | M] -- C:\Users\Nacuto\AppData\Roaming\GameRanger
[2013/10/02 18:24:08 | 000,000,000 | ---D | M] -- C:\Users\Nacuto\AppData\Roaming\Leadertech
[2013/08/08 11:42:57 | 000,000,000 | ---D | M] -- C:\Users\Nacuto\AppData\Roaming\LolClient
[2014/01/03 05:06:27 | 000,000,000 | ---D | M] -- C:\Users\Nacuto\AppData\Roaming\Might & Magic Heroes VI
[2014/05/01 21:25:14 | 000,000,000 | ---D | M] -- C:\Users\Nacuto\AppData\Roaming\Mumble
[2014/04/25 23:45:02 | 000,000,000 | ---D | M] -- C:\Users\Nacuto\AppData\Roaming\NCSOFT
[2014/03/15 15:38:50 | 000,000,000 | ---D | M] -- C:\Users\Nacuto\AppData\Roaming\Notepad++
[2014/04/28 13:36:14 | 000,000,000 | ---D | M] -- C:\Users\Nacuto\AppData\Roaming\OBS
[2013/10/19 23:01:55 | 000,000,000 | ---D | M] -- C:\Users\Nacuto\AppData\Roaming\OpenOffice
[2013/11/15 18:49:37 | 000,000,000 | ---D | M] -- C:\Users\Nacuto\AppData\Roaming\Origin
[2013/10/12 22:40:14 | 000,000,000 | ---D | M] -- C:\Users\Nacuto\AppData\Roaming\QuickScan
[2013/08/07 23:20:57 | 000,000,000 | ---D | M] -- C:\Users\Nacuto\AppData\Roaming\Reg
[2013/08/07 23:20:56 | 000,000,000 | ---D | M] -- C:\Users\Nacuto\AppData\Roaming\Reg.C9ECCBDBA4E09304DEEFB106465BC17F6D6749B9.1
[2013/08/07 22:53:22 | 000,000,000 | ---D | M] -- C:\Users\Nacuto\AppData\Roaming\Riot Games
[2014/02/16 20:23:18 | 000,000,000 | ---D | M] -- C:\Users\Nacuto\AppData\Roaming\Samsung
[2014/05/02 16:27:51 | 000,000,000 | ---D | M] -- C:\Users\Nacuto\AppData\Roaming\skyz
[2014/03/16 12:54:59 | 000,000,000 | ---D | M] -- C:\Users\Nacuto\AppData\Roaming\SplitMediaLabs
[2014/01/12 16:44:32 | 000,000,000 | ---D | M] -- C:\Users\Nacuto\AppData\Roaming\Spore
[2014/04/05 00:52:40 | 000,000,000 | ---D | M] -- C:\Users\Nacuto\AppData\Roaming\Spotify
[2014/05/07 07:47:07 | 000,000,000 | ---D | M] -- C:\Users\Nacuto\AppData\Roaming\TeamViewer
[2014/01/04 17:03:12 | 000,000,000 | ---D | M] -- C:\Users\Nacuto\AppData\Roaming\Todae
[2014/05/07 16:42:03 | 000,000,000 | ---D | M] -- C:\Users\Nacuto\AppData\Roaming\TS3Client
[2013/08/09 22:03:23 | 000,000,000 | ---D | M] -- C:\Users\Nacuto\AppData\Roaming\Unity
[2014/04/26 12:12:00 | 000,000,000 | ---D | M] -- C:\Users\Nacuto\AppData\Roaming\uTorrent
[2013/12/05 16:54:45 | 000,000,000 | ---D | M] -- C:\Users\Nacuto\AppData\Roaming\wargaming.net
 
========== Purity Check ==========
 
 
 
< End of report >
 
Step 7: Question

How is your PC running? 

When my pc on, it's going to ram not much. But it takes time to turn off.


#6 Machiavelli

Machiavelli

    Agent 007


  • Malware Response Instructor
  • 4,133 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Germany
  • Local time:01:41 AM

Posted 09 May 2014 - 01:26 PM

Hey,
looks good ;)

Step 1: OTL Fix
  • Run OTL (If you have Windows Vista / Windows 7 / Windows 8 please do a Right click on the OTL icon and select Run as Administrator).
  • Copy (Ctrl+C) and Paste (Ctrl+V) all of the following text into the Custom Scans/Fixes box:


    :Commands
    [CREATERESTOREPOINT]
    
    :OTL
    FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_13_0_0_206.dll File not found
    FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.25.2: C:\Windows\system32\npDeployJava1.dll File not found
    FF - user.js - File not found
    FF - HKCU\Software\MozillaPlugins\ubisoft.com/uplaypc: C:\Program Files (x86)\Ubisoft\Ubisoft Game Launcher\npuplaypc.dll File not found
    O1364bit: - gopher Prefix: missing
    O13 - gopher Prefix: missing
    O20:64bit: - Winlogon\Notify\WB: DllName - (C:\Program Files (x86)\Stardock\MyColors\fast64.dll) -  File not found
    O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
    O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
    O33 - MountPoints2\{932eb6ae-69c6-11e3-bc18-08606ed76f8d}\Shell - "" = AutoRun
    O33 - MountPoints2\{932eb6ae-69c6-11e3-bc18-08606ed76f8d}\Shell\AutoRun\command - "" = D:\setup.exe -- [2013/09/05 13:09:49 | 000,450,904 | R--- | M] (                                                            )
    O33 - MountPoints2\{a7aa473d-ffab-11e2-bd87-08606ed76f8d}\Shell - "" = AutoRun
    O33 - MountPoints2\{a7aa473d-ffab-11e2-bd87-08606ed76f8d}\Shell\AutoRun\command - "" = C:\Windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL D:\autorun.bat
    [2014/04/16 14:58:30 | 000,000,000 | -H-D | C] -- C:\Program Files (x86)\Temp
    [2014/04/16 14:59:05 | 000,000,000 | -H-- | M] () -- C:\ProgramData\DP45977C.lfl
    
    :Commands
    [EMPTYTEMP]
    
  • Click the Run Fix button.
  • After your computer has rebooted, run OTL and click Quick Scan.
  • Copy and paste the contents of the log that it produces into your next post.
Step 2: Malwarebytes

Please download Malwarebytes Anti-Malware to your desktop Install the progamme and select update
Once it has updated select Settings > Detection and Protection
Tick Scan for rootkits

MBAMsettings.JPG

Go back to the Dashboard and select Scan Now

MBAMScan.JPG

If threats are detected, click the Apply Actions button, MBAM will ask for a reboot.

MBAMReboot.JPG

MBAMLog.JPG

On completion of the scan (or after the reboot) select View Detailed Log
Select Export > Select text file and save to the desktop
Attach/Post that log

Step 3: ESET

Please disable your AntiVirus before doing these steps!
  • If you have Win Vista / Win 7 / Win 8 please start IE as Administrator!
  • This will only work for Internet Explorer or FireFox
  • Please download ESET Online Scanner from here
How to do this?
  • Visit this website here
  • You will see a screen like this:

    e922iil8.png
    • Click Run ESET Online Scanner

      4e3svhbd.png
    • A Window will open (see above) - please click on the link
    • A window will pop up - please download the file to your Desktop
    • When the download has finished please run the program (for Win Vista/ Win7 / Win 8 User please run it as Administrator)

      p35jbmyy.png
    • Tick the box next to YES, I accept the Terms of Use then click on: Start
    • You may see a panel towards the top of the screen telling you the website wants to install an addon... click and allow it to install. If your firewall asks whether you want to allow installation, say yes.

      p3b9meru.png
    • Make sure that the option Remove found threats is NOT checked.
    • Make sure that the option Scan archives is checked.
    • Now click on Advanced Settings and select the following:
      • Scan for potentially unwanted applications
      • Scan for potentially unsafe applications
      • Enable Anti-Stealth Technology
    • Then click on Start
    • virus signature database will begin to download. Be patient this make take some time depending on the speed of your Internet Connection.
    • When completed the Online Scan will begin automatically. The scan may take several hours.
    • Do not touch either the Mouse or keyboard during the scan otherwise it may stall.
    • After the scan is finished please click on Finish
  • Use notepad to open the logfile located at C:\Program Files (x86)\ESET\ESET Online Scanner\log.txt
  • Copy and paste that log as a reply to this topic.
Step 4: Security Check

Download Security Check from here or here.
  • Save it to your Desktop.
  • Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
  • A Notepad document should open automatically called checkup.txt; please post the contents of that document.

~Machiavelli

If I don't reply within 24 hours please PM me!

  • Every topic with no replies within 5 days will be closed.
  • If you like my help here please give me feedback.

unite_blue.png
 
 


#7 Nacuto

Nacuto
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:08:41 AM

Posted 10 May 2014 - 03:07 AM

Step 1: OTL Fix
 

OTL logfile created on: 09/05/2014 23:08:01 - Run 2
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\Nacuto\Desktop
64bit- Ultimate Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.11.9600.16428)
Locale: 0000040c | Country: France | Language: FRA | Date Format: dd/MM/yyyy
 
7,94 Gb Total Physical Memory | 6,20 Gb Available Physical Memory | 78,10% Memory free
15,87 Gb Paging File | 13,86 Gb Available in Paging File | 87,30% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 1862,92 Gb Total Space | 1461,89 Gb Free Space | 78,47% Space Free | Partition Type: NTFS
Drive D: | 3,49 Gb Total Space | 0,00 Gb Free Space | 0,00% Space Free | Partition Type: CDFS
Drive E: | 465,75 Gb Total Space | 79,10 Gb Free Space | 16,98% Space Free | Partition Type: NTFS
Drive F: | 232,88 Gb Total Space | 209,73 Gb Free Space | 90,06% Space Free | Partition Type: NTFS
 
Computer Name: NACUTO-PC | User Name: Nacuto | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - [2014/05/09 20:09:55 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Nacuto\Desktop\OTL.exe
PRC - [2014/05/06 13:21:29 | 000,257,224 | ---- | M] (Microsoft Corporation) -- C:\Users\Nacuto\AppData\Local\Microsoft\SkyDrive\SkyDrive.exe
PRC - [2014/04/25 11:56:12 | 005,024,576 | ---- | M] (TeamViewer GmbH) -- C:\Program Files (x86)\TeamViewer\Version9\TeamViewer_Service.exe
PRC - [2014/04/24 02:33:15 | 000,841,032 | ---- | M] (Google Inc.) -- C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
PRC - [2014/04/15 10:46:32 | 003,814,736 | ---- | M] (LogMeIn Inc.) -- C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe
PRC - [2014/01/18 23:29:29 | 000,076,888 | ---- | M] () -- C:\Windows\SysWOW64\PnkBstrA.exe
PRC - [2011/08/17 09:29:20 | 004,527,424 | ---- | M] (DT Soft Ltd) -- C:\Program Files (x86)\DAEMON Tools Pro\DTAgent.exe
 
 
========== Modules (No Company Name) ==========
 
MOD - [2014/04/24 02:33:13 | 000,390,472 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\34.0.1847.131\ppgooglenaclpluginchrome.dll
MOD - [2014/04/24 02:33:10 | 004,081,480 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\34.0.1847.131\pdf.dll
MOD - [2014/04/24 02:33:05 | 000,674,632 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\34.0.1847.131\libglesv2.dll
MOD - [2014/04/24 02:33:04 | 000,093,000 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\34.0.1847.131\libegl.dll
MOD - [2014/04/24 02:33:03 | 001,647,432 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\34.0.1847.131\ffmpegsumo.dll
MOD - [2014/04/24 02:33:01 | 000,065,352 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\34.0.1847.131\chrome_elf.dll
 
 
========== Services (SafeList) ==========
 
SRV:64bit: - [2014/04/01 18:24:10 | 002,818,888 | ---- | M] (CybelSoft) [Disabled | Stopped] -- C:\Program Files\ma-config.com\MaConfigAgent.exe -- (MaConfigAgent)
SRV:64bit: - [2014/03/10 23:31:02 | 000,111,616 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\IEEtwCollector.exe -- (IEEtwCollectorService)
SRV:64bit: - [2014/02/05 11:32:24 | 016,941,856 | ---- | M] (NVIDIA Corporation) [Disabled | Stopped] -- C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe -- (NvStreamSvc)
SRV:64bit: - [2013/11/21 09:31:44 | 000,015,720 | ---- | M] (Intel Corporation) [Disabled | Stopped] -- C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe -- (IAStorDataMgrSvc)
SRV:64bit: - [2013/08/27 14:32:30 | 000,828,376 | ---- | M] (Intel® Corporation) [Disabled | Stopped] -- C:\Program Files\Intel\iCLS Client\SocketHeciServer.exe -- (Intel®
SRV:64bit: - [2013/08/27 14:32:14 | 000,747,520 | ---- | M] (Intel® Corporation) [Disabled | Stopped] -- C:\Program Files\Intel\iCLS Client\HeciServer.exe -- (Intel®
SRV:64bit: - [2013/06/13 21:31:10 | 000,357,144 | ---- | M] (Logitech, Inc.) [Disabled | Stopped] -- C:\Program Files\Common Files\LogiShrd\Bluetooth\lbtserv.exe -- (LBTServ)
SRV:64bit: - [2009/07/14 03:41:27 | 001,011,712 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\mpsvc.dll -- (WinDefend)
SRV:64bit: - [2009/07/14 03:40:01 | 000,193,536 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\appmgmts.dll -- (AppMgmt)
SRV - [2014/05/05 11:14:35 | 000,257,712 | ---- | M] (Adobe Systems Incorporated) [Disabled | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2014/04/25 11:56:12 | 005,024,576 | ---- | M] (TeamViewer GmbH) [Auto | Running] -- C:\Program Files (x86)\TeamViewer\Version9\TeamViewer_Service.exe -- (TeamViewer9)
SRV - [2014/04/15 10:46:28 | 002,227,536 | ---- | M] (LogMeIn Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2.exe -- (Hamachi2Svc)
SRV - [2014/04/08 18:45:50 | 000,377,616 | ---- | M] (LogMeIn, Inc.) [Auto | Running] -- C:\Program Files (x86)\LogMeIn Hamachi\LMIGuardianSvc.exe -- (LMIGuardianSvc)
SRV - [2014/03/04 13:32:56 | 000,411,936 | ---- | M] (NVIDIA Corporation) [Disabled | Stopped] -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe -- (Stereo Service)
SRV - [2014/02/28 22:23:52 | 000,009,216 | ---- | M] (Hi-Rez Studios) [Disabled | Stopped] -- C:\Jeux\Smite\HiPatchService.exe -- (HiPatchService)
SRV - [2014/02/05 11:32:34 | 001,593,632 | ---- | M] (NVIDIA Corporation) [Disabled | Stopped] -- C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe -- (NvNetworkService)
SRV - [2014/01/18 23:29:29 | 000,076,888 | ---- | M] () [Auto | Running] -- C:\Windows\SysWOW64\PnkBstrA.exe -- (PnkBstrA)
SRV - [2013/12/21 08:04:16 | 000,065,432 | ---- | M] (Adobe Systems Incorporated) [Disabled | Stopped] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2013/12/10 01:27:38 | 000,390,616 | ---- | M] (Intel Corporation) [Disabled | Stopped] -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe -- (LMS)
SRV - [2013/12/10 01:27:36 | 000,169,432 | ---- | M] (Intel Corporation) [Disabled | Stopped] -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\Jhi_service.exe -- (jhi_service)
SRV - [2013/12/05 21:36:33 | 000,119,408 | ---- | M] (Mozilla Foundation) [Disabled | Stopped] -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2013/10/23 09:15:08 | 000,172,192 | R--- | M] (Skype Technologies) [Disabled | Stopped] -- C:\Program Files (x86)\Skype\Updater\Updater.exe -- (SkypeUpdate)
SRV - [2013/09/16 20:13:40 | 000,307,488 | ---- | M] () [Disabled | Stopped] -- C:\Program Files (x86)\NETGEAR\WNA3100M\WifiSvc.exe -- (WSWNA3100M)
SRV - [2013/08/28 23:47:18 | 000,563,624 | ---- | M] (Valve Corporation) [Disabled | Stopped] -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe -- (Steam Client Service)
SRV - [2013/03/01 03:48:58 | 000,118,520 | ---- | M] (Riverbed Technology, Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\WinPcap\rpcapd.exe -- (rpcapd)
SRV - [2010/03/18 13:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2009/06/10 23:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
 
 
========== Driver Services (SafeList) ==========
 
DRV:64bit: - [2014/02/24 17:33:46 | 000,017,568 | ---- | M] (CybelSoft) [Kernel | On_Demand | Stopped] -- C:\Program Files\ma-config.com\Drivers\ma-config_amd64.sys -- (ma-config_amd64)
DRV:64bit: - [2014/02/18 13:48:28 | 000,901,848 | ---- | M] (Realtek                                            ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Rt64win7.sys -- (RTL8167)
DRV:64bit: - [2013/12/27 20:42:26 | 000,039,200 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\nvvad64v.sys -- (nvvad_WaveExtensible)
DRV:64bit: - [2013/12/21 23:50:51 | 000,271,424 | ---- | M] (DT Soft Ltd) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\dtsoftbus01.sys -- (dtsoftbus01)
DRV:64bit: - [2013/12/10 01:27:36 | 000,100,312 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\TeeDriverx64.sys -- (MEIx64)
DRV:64bit: - [2013/11/21 09:31:28 | 000,632,168 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\iaStorA.sys -- (iaStorA)
DRV:64bit: - [2013/11/21 09:31:28 | 000,028,008 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\iaStorF.sys -- (iaStorF)
DRV:64bit: - [2013/09/17 16:48:30 | 000,795,632 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\iusb3xhc.sys -- (iusb3xhc)
DRV:64bit: - [2013/09/17 16:48:30 | 000,358,896 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\iusb3hub.sys -- (iusb3hub)
DRV:64bit: - [2013/09/17 16:48:30 | 000,020,464 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\iusb3hcs.sys -- (iusb3hcs)
DRV:64bit: - [2013/05/23 08:12:56 | 000,040,728 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\LUsbFilt.sys -- (LUsbFilt)
DRV:64bit: - [2013/05/23 08:12:52 | 000,059,160 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\LMouFilt.Sys -- (LMouFilt)
DRV:64bit: - [2013/05/23 08:12:50 | 000,076,568 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\LHidFilt.Sys -- (LHidFilt)
DRV:64bit: - [2013/03/01 03:49:12 | 000,036,600 | ---- | M] (Riverbed Technology, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\npf.sys -- (NPF)
DRV:64bit: - [2013/02/12 06:12:06 | 000,019,968 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usb8023x.sys -- (usb_rndisx)
DRV:64bit: - [2012/12/10 15:48:02 | 000,044,544 | ---- | M] (Research in Motion Ltd) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\RimSerial_AMD64.sys -- (RimVSerPort)
DRV:64bit: - [2012/03/01 08:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:64bit: - [2011/12/30 15:23:16 | 001,094,760 | ---- | M] (NETGEAR Corporation                           ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\wna3100m.sys -- (wna3100m)
DRV:64bit: - [2010/11/21 05:24:43 | 000,020,992 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\rdpvideominiport.sys -- (RdpVideoMiniport)
DRV:64bit: - [2010/11/21 05:24:33 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2010/11/21 05:23:48 | 000,117,248 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\tsusbhub.sys -- (tsusbhub)
DRV:64bit: - [2010/11/21 05:23:48 | 000,088,960 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\Synth3dVsc.sys -- (Synth3dVsc)
DRV:64bit: - [2010/11/21 05:23:48 | 000,071,168 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\dmvsc.sys -- (dmvsc)
DRV:64bit: - [2010/11/21 05:23:48 | 000,034,816 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\terminpt.sys -- (terminpt)
DRV:64bit: - [2010/11/21 05:23:47 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2010/11/21 05:23:47 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2010/11/21 05:23:47 | 000,031,232 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbGD.sys -- (TsUsbGD)
DRV:64bit: - [2010/11/21 05:23:47 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2009/07/14 03:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009/07/14 03:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009/07/14 03:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009/07/14 02:10:47 | 000,011,264 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\rootmdm.sys -- (ROOTMODEM)
DRV:64bit: - [2009/06/10 22:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009/06/10 22:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009/06/10 22:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009/06/10 22:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV:64bit: - [2009/03/18 17:35:42 | 000,033,856 | -H-- | M] (LogMeIn, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\hamachi.sys -- (hamachi)
DRV - [2009/07/14 03:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.google.com
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank
IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {33BB0A4E-99AF-4226-BDF6-49120163DE86}
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.google.com
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank
IE - HKLM\..\SearchScopes,DefaultScope = 
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.google.com
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://fr.msn.com/?ocid=iehp
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = fr
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 00 37 93 33 59 CB CE 01  [binary data]
IE - HKCU\..\SearchScopes,DefaultScope = 
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE11SR
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
========== FireFox ==========
 
FF - prefs.js..browser.search.useDBForOrder: "false"
FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:26.0
FF - user.js - File not found
 
FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.25.2: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF:64bit: - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.30214.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_13_0_0_206.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\SysWOW64\Adobe\Director\np32dsw_1203133.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@intel-webapi.intel.com/Intel WebAPI ipt;version=4.0.5: C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIIPT.dll (Intel Corporation)
FF - HKLM\Software\MozillaPlugins\@intel-webapi.intel.com/Intel WebAPI updater: C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIUpdater.dll (Intel Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.51.2: C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.51.2: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\5.1.30214.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVision: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVisionStreaming: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
FF - HKLM\Software\MozillaPlugins\@pandonetworks.com/PandoWebPlugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll File not found
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.24.7\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.24.7\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.0.8: C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.1.2: C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.1.3: C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@talk.google.com/GoogleTalkPlugin: C:\Users\Nacuto\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll (Google)
FF - HKCU\Software\MozillaPlugins\@talk.google.com/O1DPlugin: C:\Users\Nacuto\AppData\Roaming\Mozilla\plugins\npo1d.dll (Google)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\Nacuto\AppData\Local\Google\Update\1.3.24.7\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\Nacuto\AppData\Local\Google\Update\1.3.24.7\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@unity3d.com/UnityPlayer,version=1.0: C:\Users\Nacuto\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{F003DA68-8256-4b37-A6C4-350FA04494DF}: C:\Program Files\Logitech\SetPointP\LogiSmoothFirefoxExt [2013/10/02 18:23:33 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 26.0\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 26.0\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins
 
[2014/01/24 19:24:30 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Nacuto\AppData\Roaming\mozilla\Extensions
[2014/01/24 19:24:13 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\browser\extensions
[2014/01/24 19:24:13 | 000,000,000 | ---D | M] (Default) -- C:\Program Files (x86)\Mozilla Firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
 
========== Chrome  ==========
 
CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:originalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}{google:bookmarkBarPinned}{google:searchClient}{google:sourceId}{google:instantExtendedEnabledParameter}{google:omniboxStartMarginParameter}ie={inputEncoding}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client={google:suggestClient}&gs_ri={google:suggestRid}&xssi=t&q={searchTerms}&{google:cursorPosition}{google:currentPageUrl}{google:pageClassification}sugkey={google:suggestAPIKeyParameter},
CHR - homepage: https://www.google.fr/
CHR - plugin: Error reading preferences file
CHR - Extension: Search Papoy = C:\Users\Nacuto\AppData\Local\Google\Chrome\User Data\Default\Extensions\ajkgkhepjponelmnplpciplmhagpknbg\1.3_0\
CHR - Extension: YouTube = C:\Users\Nacuto\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.6_0\
CHR - Extension: Adblock Plus = C:\Users\Nacuto\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb\1.8.1_0\
CHR - Extension: Adblock pour Youtubeâ„¢ = C:\Users\Nacuto\AppData\Local\Google\Chrome\User Data\Default\Extensions\cmedhionkhpnakcndndgjdbohmhepckk\2.16_0\
CHR - Extension: piano virtuel = C:\Users\Nacuto\AppData\Local\Google\Chrome\User Data\Default\Extensions\cohgcponedmbhgbbdinajeoapmoaifdj\4.9.3_0\
CHR - Extension: Recherche Google = C:\Users\Nacuto\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.20_0\
CHR - Extension: AdBlock = C:\Users\Nacuto\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.6.29_0\
CHR - Extension: Vérificateur de messages Google = C:\Users\Nacuto\AppData\Local\Google\Chrome\User Data\Default\Extensions\mihcahmgecmbnbcchbopgniflfhgnkff\4.4.0_0\
CHR - Extension: Google Wallet = C:\Users\Nacuto\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.6.1_1\
CHR - Extension: Deezer = C:\Users\Nacuto\AppData\Local\Google\Chrome\User Data\Default\Extensions\npfkoakaabdallkcdbpkkhfilkkngakh\1.3.2_0\
CHR - Extension: Outlook.com = C:\Users\Nacuto\AppData\Local\Google\Chrome\User Data\Default\Extensions\pfpeapihoiogbcmdmnibeplnikfnhoge\1.0.2_0\
CHR - Extension: Gmail = C:\Users\Nacuto\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\
 
O1 HOSTS File: ([2014/04/11 19:10:29 | 000,000,741 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2:64bit: - BHO: (Java™ Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2:64bit: - BHO: (Logitech SetPoint) - {AF949550-9094-4807-95EC-D1C317803333} - C:\Program Files\Logitech\SetPointP\SetPointSmooth.dll (Logitech, Inc.)
O2:64bit: - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O2 - BHO: (Java™ Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (Logitech SetPoint) - {AF949550-9094-4807-95EC-D1C317803333} - C:\Program Files\Logitech\SetPointP\32-bit\SetPointSmooth.dll (Logitech, Inc.)
O2 - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O4:64bit: - HKLM..\Run: [RTHDVCPL] C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [LogMeIn Hamachi Ui] C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe (LogMeIn Inc.)
O4 - HKCU..\Run: [DAEMON Tools Pro Agent] C:\Program Files (x86)\DAEMON Tools Pro\DTAgent.exe (DT Soft Ltd)
O4 - HKCU..\Run: [SkyDrive] C:\Users\Nacuto\AppData\Local\Microsoft\SkyDrive\SkyDrive.exe (Microsoft Corporation)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 8
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O1364bit: - gopher Prefix: missing
O16 - DPF: {5AE58FCF-6F6A-49B2-B064-02492C66E3F4} http://catalog.update.microsoft.com/v7/site/ClientControl/en/x86/MuCatalogWebControl.cab?1394487707044 (MUCatalogWebControl Class)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{09E017B8-95DB-4956-BB10-001A124578E1}: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{8681991F-23D8-4EBA-87F1-2DC8E03C6E1B}: DhcpNameServer = 212.27.40.240 212.27.40.241
O18:64bit: - Protocol\Handler\skype4com - No CLSID value found
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation)
O20:64bit: - Winlogon\Notify\LBTWlgn: DllName - (c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll) - c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll (Logitech, Inc.)
O32 - HKLM CDRom: AutoRun - 0
O32 - AutoRun File - [2013/09/05 13:07:44 | 000,000,043 | R--- | M] () - D:\autorun.inf -- [ CDFS ]
O32 - AutoRun File - [2013/05/29 21:10:55 | 000,000,000 | ---- | M] () - E:\AUTOEXEC.BAT -- [ NTFS ]
O33 - MountPoints2\{932eb6ae-69c6-11e3-bc18-08606ed76f8d}\Shell - "" = AutoRun
O33 - MountPoints2\{932eb6ae-69c6-11e3-bc18-08606ed76f8d}\Shell\AutoRun\command - "" = D:\setup.exe -- [2013/09/05 13:09:49 | 000,450,904 | R--- | M] (                                                            )
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)
 
========== Files/Folders - Created Within 30 Days ==========
 
[2014/05/09 23:02:47 | 000,000,000 | ---D | C] -- C:\_OTL
[2014/05/09 20:10:09 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\Nacuto\Desktop\OTL.exe
[2014/05/09 20:05:32 | 000,000,000 | ---D | C] -- C:\Windows\ERUNT
[2014/05/09 20:05:09 | 001,016,261 | ---- | C] (Thisisu) -- C:\Users\Nacuto\Desktop\JRT.exe
[2014/05/09 20:02:05 | 000,536,576 | ---- | C] (SQLite Development Team) -- C:\Windows\SysWow64\sqlite3.dll
[2014/05/08 17:54:04 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Trend Micro
[2014/05/08 17:54:04 | 000,000,000 | ---D | C] -- C:\Users\Nacuto\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\HiJackThis
[2014/05/08 17:46:33 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\LogMeIn Hamachi
[2014/05/08 17:46:33 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\LogMeIn Hamachi
[2014/05/08 17:20:25 | 000,000,000 | ---D | C] -- C:\Users\Nacuto\AppData\Roaming\.technic
[2014/05/07 07:47:07 | 000,000,000 | ---D | C] -- C:\Users\Nacuto\AppData\Roaming\TeamViewer
[2014/05/06 13:21:33 | 000,000,000 | R--D | C] -- C:\Users\Nacuto\OneDrive
[2014/05/06 13:21:33 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft OneDrive
[2014/05/04 14:08:03 | 000,000,000 | ---D | C] -- C:\Users\Nacuto\AppData\Local\LogMeIn Hamachi
[2014/05/03 23:17:05 | 000,000,000 | ---D | C] -- C:\Users\Nacuto\AppData\Local\CrashRpt
[2014/05/03 23:16:52 | 000,000,000 | ---D | C] -- C:\Users\Nacuto\AppData\Roaming\Achiwa
[2014/05/03 23:16:41 | 000,000,000 | ---D | C] -- C:\Users\Nacuto\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Achiwa
[2014/05/03 23:16:41 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Achiwa
[2014/05/03 23:16:40 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinPcap
[2014/05/03 23:16:38 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\WinPcap
[2014/05/03 23:16:27 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Achiwa
[2014/05/03 13:04:30 | 000,000,000 | ---D | C] -- C:\Users\Nacuto\Documents\Electronic Arts
[2014/05/03 12:08:32 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft WSE
[2014/05/02 22:32:15 | 000,000,000 | ---D | C] -- C:\Users\Nacuto\Documents\Command & Conquer Generals - Heure H Data
[2014/05/02 22:19:08 | 000,000,000 | ---D | C] -- C:\Users\Nacuto\Documents\Command and Conquer Generals Zero Hour Data
[2014/05/02 16:26:15 | 000,000,000 | ---D | C] -- C:\Users\Nacuto\AppData\Roaming\skyz
[2014/04/30 21:33:28 | 000,000,000 | ---D | C] -- C:\Users\Nacuto\AppData\Local\CrashDumps
[2014/04/30 19:17:55 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\projects
[2014/04/30 19:17:55 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\Logs
[2014/04/28 13:36:14 | 000,000,000 | ---D | C] -- C:\Users\Nacuto\AppData\Roaming\OBS
[2014/04/28 13:35:55 | 000,000,000 | ---D | C] -- C:\Users\Nacuto\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Open Broadcaster Software
[2014/04/28 13:35:54 | 000,000,000 | ---D | C] -- C:\Program Files\OBS
[2014/04/28 13:35:53 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\OBS
[2014/04/26 13:22:48 | 000,000,000 | ---D | C] -- C:\Users\Nacuto\Documents\NCSOFT
[2014/04/26 11:56:19 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\XSplit
[2014/04/26 11:51:49 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\SplitMediaLabs
[2014/04/26 10:36:40 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CPUID
[2014/04/25 23:45:02 | 000,000,000 | ---D | C] -- C:\Users\Nacuto\AppData\Roaming\NCSOFT
[2014/04/25 23:45:02 | 000,000,000 | ---D | C] -- C:\Users\Nacuto\AppData\Local\NCSOFT
[2014/04/23 23:08:00 | 000,000,000 | ---D | C] -- C:\Users\Nacuto\AppData\Roaming\Factorio
[2014/04/22 21:10:06 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CrystalDiskInfo
[2014/04/22 21:10:05 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\CrystalDiskInfo
[2014/04/21 22:59:24 | 000,000,000 | ---D | C] -- C:\Users\Nacuto\AppData\Roaming\.minecraft
[2014/04/21 20:51:55 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\7-Zip
[2014/04/21 20:51:55 | 000,000,000 | ---D | C] -- C:\Program Files\7-Zip
[2014/04/16 19:17:15 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\AGEIA Technologies
[2014/04/16 19:13:11 | 000,000,000 | ---D | C] -- C:\NVIDIA
[2014/04/16 19:11:36 | 000,901,848 | ---- | C] (Realtek                                            ) -- C:\Windows\SysNative\drivers\Rt64win7.sys
[2014/04/16 14:58:58 | 000,000,000 | ---D | C] -- C:\Program Files\Realtek
[2014/04/16 14:58:57 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\RTCOM
[2014/04/16 14:58:36 | 005,538,072 | ---- | C] (ASUSTeKcomputer.Inc Inc) -- C:\Windows\SysNative\RTKSMlfx.dll
[2014/04/16 14:58:36 | 002,103,040 | ---- | C] (Waves Audio Ltd.) -- C:\Windows\SysNative\WavesGUILib64.dll
[2014/04/16 14:58:36 | 001,014,016 | ---- | C] (SRS Labs, Inc.) -- C:\Windows\SysNative\slcnt64.dll
[2014/04/16 14:58:36 | 000,897,792 | ---- | C] (DTS, Inc.) -- C:\Windows\SysNative\sl3apo64.dll
[2014/04/16 14:58:36 | 000,754,488 | ---- | C] (ASUSTeKcomputer.Inc Inc) -- C:\Windows\SysNative\RTKSMSettingsIPC.dll
[2014/04/16 14:58:36 | 000,722,688 | ---- | C] (DTS, Inc.) -- C:\Windows\SysNative\sltech64.dll
[2014/04/16 14:58:36 | 000,518,896 | ---- | C] (SRS Labs, Inc.) -- C:\Windows\SysNative\SRSTSX64.dll
[2014/04/16 14:58:36 | 000,375,128 | ---- | C] (Dolby Laboratories, Inc.) -- C:\Windows\SysNative\RTEEP64A.dll
[2014/04/16 14:58:36 | 000,310,104 | ---- | C] (Dolby Laboratories, Inc.) -- C:\Windows\SysNative\RP3DHT64.dll
[2014/04/16 14:58:36 | 000,310,104 | ---- | C] (Dolby Laboratories, Inc.) -- C:\Windows\SysNative\RP3DAA64.dll
[2014/04/16 14:58:36 | 000,244,480 | ---- | C] (TODO: <Company name>) -- C:\Windows\SysNative\slprp64.dll
[2014/04/16 14:58:36 | 000,221,024 | ---- | C] (Synopsys, Inc.) -- C:\Windows\SysNative\SFNHK64.dll
[2014/04/16 14:58:36 | 000,211,184 | ---- | C] (SRS Labs, Inc.) -- C:\Windows\SysNative\SRSTSH64.dll
[2014/04/16 14:58:36 | 000,204,120 | ---- | C] (Dolby Laboratories, Inc.) -- C:\Windows\SysNative\RTEED64A.dll
[2014/04/16 14:58:36 | 000,198,896 | ---- | C] (SRS Labs, Inc.) -- C:\Windows\SysNative\SRSHP64.dll
[2014/04/16 14:58:36 | 000,155,888 | ---- | C] (SRS Labs, Inc.) -- C:\Windows\SysNative\SRSWOW64.dll
[2014/04/16 14:58:36 | 000,101,208 | ---- | C] (Dolby Laboratories, Inc.) -- C:\Windows\SysNative\RTEEL64A.dll
[2014/04/16 14:58:36 | 000,081,248 | ---- | C] (Synopsys, Inc.) -- C:\Windows\SysNative\SFCOM64.dll
[2014/04/16 14:58:36 | 000,078,688 | ---- | C] (Synopsys, Inc.) -- C:\Windows\SysNative\SFAPO64.dll
[2014/04/16 14:58:36 | 000,078,680 | ---- | C] (Dolby Laboratories, Inc.) -- C:\Windows\SysNative\RTEEG64A.dll
[2014/04/16 14:58:36 | 000,074,064 | ---- | C] (Virage Logic Corporation / Sonic Focus) -- C:\Windows\SysWow64\SFCOM.dll
[2014/04/16 14:58:35 | 027,518,208 | ---- | C] (Waves Audio Ltd.) -- C:\Windows\SysNative\MaxxAudioVnA64.dll
[2014/04/16 14:58:35 | 014,048,512 | ---- | C] (Waves Audio Ltd.) -- C:\Windows\SysNative\MaxxAudioRealtek64.dll
[2014/04/16 14:58:35 | 007,164,176 | ---- | C] (Dolby Laboratories) -- C:\Windows\SysNative\R4EEP64A.dll
[2014/04/16 14:58:35 | 003,610,880 | ---- | C] (Waves Audio Ltd.) -- C:\Windows\SysNative\MaxxAudioVnN64.dll
[2014/04/16 14:58:35 | 002,032,896 | ---- | C] (Waves Audio Ltd.) -- C:\Windows\SysNative\MaxxAudioEQ64.dll
[2014/04/16 14:58:35 | 001,916,672 | ---- | C] (Waves Audio Ltd.) -- C:\Windows\SysNative\MaxxAudioRealtek264.dll
[2014/04/16 14:58:35 | 001,325,312 | ---- | C] (Waves Audio Ltd.) -- C:\Windows\SysNative\MaxxAudioAPO5064.dll
[2014/04/16 14:58:35 | 001,084,160 | ---- | C] (Waves Audio Ltd.) -- C:\Windows\SysNative\MaxxAudioAPO4064.dll
[2014/04/16 14:58:35 | 000,922,880 | ---- | C] (Waves Audio Ltd.) -- C:\Windows\SysNative\MaxxAudioAPOShell64.dll
[2014/04/16 14:58:35 | 000,907,008 | ---- | C] (Waves Audio Ltd.) -- C:\Windows\SysNative\MaxxVoiceAPO2064.dll
[2014/04/16 14:58:35 | 000,790,272 | ---- | C] (Waves Audio Ltd.) -- C:\Windows\SysWow64\MaxxAudioAPOShell.dll
[2014/04/16 14:58:35 | 000,765,184 | ---- | C] (Waves Audio Ltd.) -- C:\Windows\SysNative\MaxxSpeechAPO64.dll
[2014/04/16 14:58:35 | 000,663,296 | ---- | C] (Waves Audio Ltd.) -- C:\Windows\SysNative\MaxxAudioAPO30.dll
[2014/04/16 14:58:35 | 000,662,784 | ---- | C] (Waves Audio Ltd.) -- C:\Windows\SysNative\MaxxVolumeSDAPO.dll
[2014/04/16 14:58:35 | 000,603,984 | ---- | C] (Knowles Acoustics ) -- C:\Windows\SysNative\KAAPORT64.dll
[2014/04/16 14:58:35 | 000,434,960 | ---- | C] (Dolby Laboratories) -- C:\Windows\SysNative\R4EED64A.dll
[2014/04/16 14:58:35 | 000,318,808 | ---- | C] (Waves Audio Ltd.) -- C:\Windows\SysNative\MaxxAudioAPO20.dll
[2014/04/16 14:58:35 | 000,141,584 | ---- | C] (Dolby Laboratories) -- C:\Windows\SysNative\R4EEL64A.dll
[2014/04/16 14:58:35 | 000,124,176 | ---- | C] (Dolby Laboratories) -- C:\Windows\SysNative\R4EEA64A.dll
[2014/04/16 14:58:35 | 000,075,024 | ---- | C] (Dolby Laboratories) -- C:\Windows\SysNative\R4EEG64A.dll
[2014/04/16 14:58:33 | 006,217,904 | ---- | C] (Dolby Laboratories) -- C:\Windows\SysNative\DDPP64A.dll
[2014/04/16 14:58:33 | 002,743,328 | ---- | C] (Fortemedia Corporation) -- C:\Windows\SysNative\FMAPO64.dll
[2014/04/16 14:58:33 | 001,938,608 | ---- | C] (Dolby Laboratories) -- C:\Windows\SysNative\DDPD64A.dll
[2014/04/16 14:58:33 | 001,756,264 | ---- | C] (DTS) -- C:\Windows\SysNative\DTSS2SpeakerDLL64.dll
[2014/04/16 14:58:33 | 001,568,360 | ---- | C] (DTS) -- C:\Windows\SysNative\DTSS2HeadphoneDLL64.dll
[2014/04/16 14:58:33 | 001,486,952 | ---- | C] (DTS) -- C:\Windows\SysNative\DTSBoostDLL64.dll
[2014/04/16 14:58:33 | 000,728,680 | ---- | C] (DTS) -- C:\Windows\SysNative\DTSBassEnhancementDLL64.dll
[2014/04/16 14:58:33 | 000,712,296 | ---- | C] (DTS) -- C:\Windows\SysNative\DTSSymmetryDLL64.dll
[2014/04/16 14:58:33 | 000,693,352 | ---- | C] (DTS) -- C:\Windows\SysNative\DTSVoiceClarityDLL64.dll
[2014/04/16 14:58:33 | 000,501,184 | ---- | C] (DTS) -- C:\Windows\SysNative\DTSU2PLFX64.dll
[2014/04/16 14:58:33 | 000,491,112 | ---- | C] (DTS) -- C:\Windows\SysNative\DTSNeoPCDLL64.dll
[2014/04/16 14:58:33 | 000,487,360 | ---- | C] (DTS) -- C:\Windows\SysNative\DTSU2PGFX64.dll
[2014/04/16 14:58:33 | 000,432,744 | ---- | C] (DTS) -- C:\Windows\SysNative\DTSLimiterDLL64.dll
[2014/04/16 14:58:33 | 000,428,648 | ---- | C] (DTS) -- C:\Windows\SysNative\DTSGainCompensatorDLL64.dll
[2014/04/16 14:58:33 | 000,415,680 | ---- | C] (DTS) -- C:\Windows\SysNative\DTSU2PREC64.dll
[2014/04/16 14:58:33 | 000,313,520 | ---- | C] (Dolby Laboratories) -- C:\Windows\SysNative\DDPO64A.dll
[2014/04/16 14:58:33 | 000,260,272 | ---- | C] (Dolby Laboratories) -- C:\Windows\SysNative\DDPA64.dll
[2014/04/16 14:58:33 | 000,242,792 | ---- | C] (DTS) -- C:\Windows\SysNative\DTSLFXAPO64.dll
[2014/04/16 14:58:33 | 000,242,792 | ---- | C] (DTS) -- C:\Windows\SysNative\DTSGFXAPO64.dll
[2014/04/16 14:58:33 | 000,241,768 | ---- | C] (DTS) -- C:\Windows\SysNative\DTSGFXAPONS64.dll
[2014/04/16 14:58:33 | 000,113,576 | ---- | C] (Real Sound Lab SIA) -- C:\Windows\SysNative\CONEQMSAPOGUILibrary.dll
[2014/04/16 14:46:55 | 000,000,000 | ---D | C] -- C:\Intel
[2014/04/16 14:43:52 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ma-config.com
[2014/04/11 22:33:15 | 000,000,000 | ---D | C] -- C:\Users\Nacuto\AppData\Local\ElevatedDiagnostics
[2014/04/11 19:02:45 | 000,000,000 | ---D | C] -- C:\AdwCleaner
[2014/04/11 18:55:41 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\NETGEAR
[2014/04/11 18:55:22 | 000,000,000 | ---D | C] -- C:\Users\Nacuto\AppData\Roaming\InstallShield
 
========== Files - Modified Within 30 Days ==========
 
[2014/05/09 23:10:00 | 000,001,082 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-3818266227-1873465231-1212256919-1000UA.job
[2014/05/09 23:05:56 | 000,006,064 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2014/05/09 23:05:56 | 000,006,064 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2014/05/09 23:05:50 | 000,001,064 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2014/05/09 23:05:37 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2014/05/09 23:05:35 | 2097,090,559 | -HS- | M] () -- C:\hiberfil.sys
[2014/05/09 22:50:00 | 000,001,002 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2014/05/09 22:19:12 | 000,001,068 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2014/05/09 20:09:55 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Nacuto\Desktop\OTL.exe
[2014/05/09 20:09:04 | 001,665,132 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2014/05/09 20:09:04 | 000,746,094 | ---- | M] () -- C:\Windows\SysNative\perfh00C.dat
[2014/05/09 20:09:04 | 000,652,976 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2014/05/09 20:09:04 | 000,149,110 | ---- | M] () -- C:\Windows\SysNative\perfc00C.dat
[2014/05/09 20:09:04 | 000,121,406 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2014/05/09 20:05:01 | 001,016,261 | ---- | M] (Thisisu) -- C:\Users\Nacuto\Desktop\JRT.exe
[2014/05/09 20:01:46 | 001,316,991 | ---- | M] () -- C:\Users\Nacuto\Desktop\AdwCleaner.exe
[2014/05/09 07:10:00 | 000,001,030 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-3818266227-1873465231-1212256919-1000Core.job
[2014/05/08 17:54:04 | 000,002,981 | ---- | M] () -- C:\Users\Nacuto\Desktop\HiJackThis.lnk
[2014/05/07 19:51:36 | 005,195,484 | ---- | M] () -- C:\Users\Nacuto\Desktop\20 - Scatman John - Scatman.mp3
[2014/05/03 23:16:41 | 000,000,995 | ---- | M] () -- C:\Users\Nacuto\Desktop\Achiwa.lnk
[2014/05/03 11:32:02 | 000,271,088 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2014/05/02 22:27:01 | 000,000,975 | ---- | M] () -- C:\Windows\eReg.dat
[2014/04/30 19:18:19 | 000,000,523 | ---- | M] () -- C:\Windows\SysWow64\0000000000000000_crash.json
[2014/04/26 17:09:27 | 000,000,008 | ---- | M] () -- C:\Users\Nacuto\AppData\Roaming\DofusAppId0_2
[2014/04/26 17:09:07 | 000,000,117 | ---- | M] () -- C:\Users\Nacuto\AppData\Roaming\D2Info0
[2014/04/26 11:56:19 | 000,001,133 | ---- | M] () -- C:\Users\Nacuto\Application Data\Microsoft\Internet Explorer\Quick Launch\XSplit Broadcaster.lnk
[2014/04/25 00:42:35 | 000,002,427 | ---- | M] () -- C:\Users\Nacuto\Desktop\MegaDébrideur Download Manager.lnk
[2014/04/23 23:07:29 | 000,001,814 | ---- | M] () -- C:\Users\Nacuto\Desktop\Factorio v0.9.6.lnk
[2014/04/22 21:10:06 | 000,001,190 | ---- | M] () -- C:\Users\Nacuto\Desktop\CrystalDiskInfo.lnk
[2014/04/22 14:21:33 | 000,281,688 | ---- | M] () -- C:\Windows\SysWow64\PnkBstrB.xtr
[2014/04/22 14:21:33 | 000,281,688 | ---- | M] () -- C:\Windows\SysWow64\PnkBstrB.exe
[2014/04/16 14:58:27 | 000,001,769 | ---- | M] () -- C:\Windows\Language_trs.ini
[2014/04/11 19:03:13 | 000,001,186 | ---- | M] () -- C:\Users\Nacuto\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk
 
========== Files Created - No Company Name ==========
 
[2014/05/09 20:01:48 | 001,316,991 | ---- | C] () -- C:\Users\Nacuto\Desktop\AdwCleaner.exe
[2014/05/08 17:54:04 | 000,002,981 | ---- | C] () -- C:\Users\Nacuto\Desktop\HiJackThis.lnk
[2014/05/07 19:50:35 | 005,195,484 | ---- | C] () -- C:\Users\Nacuto\Desktop\20 - Scatman John - Scatman.mp3
[2014/05/06 13:21:33 | 000,002,226 | ---- | C] () -- C:\Users\Nacuto\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Microsoft OneDrive.lnk
[2014/05/03 23:16:41 | 000,000,995 | ---- | C] () -- C:\Users\Nacuto\Desktop\Achiwa.lnk
[2014/05/02 22:24:37 | 000,000,975 | ---- | C] () -- C:\Windows\eReg.dat
[2014/04/30 19:18:19 | 000,000,523 | ---- | C] () -- C:\Windows\SysWow64\0000000000000000_crash.json
[2014/04/26 11:56:19 | 000,001,133 | ---- | C] () -- C:\Users\Nacuto\Application Data\Microsoft\Internet Explorer\Quick Launch\XSplit Broadcaster.lnk
[2014/04/25 00:42:35 | 000,002,457 | ---- | C] () -- C:\Users\Nacuto\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\MegaDébrideur Download Manager.lnk
[2014/04/25 00:42:35 | 000,002,427 | ---- | C] () -- C:\Users\Nacuto\Desktop\MegaDébrideur Download Manager.lnk
[2014/04/23 23:07:29 | 000,001,814 | ---- | C] () -- C:\Users\Nacuto\Desktop\Factorio v0.9.6.lnk
[2014/04/22 21:10:06 | 000,001,190 | ---- | C] () -- C:\Users\Nacuto\Desktop\CrystalDiskInfo.lnk
[2014/04/16 14:58:36 | 005,681,192 | ---- | C] () -- C:\Windows\SysNative\drivers\rtvienna.dat
[2014/04/16 14:58:36 | 000,673,037 | ---- | C] () -- C:\Windows\SysNative\drivers\RTAIODAT.DAT
[2014/04/16 14:58:33 | 000,605,496 | ---- | C] () -- C:\Windows\SysNative\audioLibVc.dll
[2014/04/16 14:58:33 | 000,109,848 | ---- | C] () -- C:\Windows\SysNative\AcpiServiceVnA64.dll
[2014/04/16 14:58:27 | 000,001,769 | ---- | C] () -- C:\Windows\Language_trs.ini
[2014/04/11 19:21:29 | 000,271,088 | ---- | C] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2014/01/18 23:29:30 | 000,281,688 | ---- | C] () -- C:\Windows\SysWow64\PnkBstrB.exe
[2014/01/18 23:29:29 | 000,076,888 | ---- | C] () -- C:\Windows\SysWow64\PnkBstrA.exe
[2013/11/22 05:10:22 | 000,032,587 | ---- | C] () -- C:\ProgramData\1385089803.bdinstall.bin
[2013/11/22 04:42:05 | 000,054,847 | ---- | C] () -- C:\ProgramData\1385088105.bdinstall.bin
[2013/11/22 04:11:52 | 000,054,848 | ---- | C] () -- C:\ProgramData\1385086289.bdinstall.bin
[2013/11/22 03:41:39 | 000,054,848 | ---- | C] () -- C:\ProgramData\1385084477.bdinstall.bin
[2013/11/22 03:11:27 | 000,055,005 | ---- | C] () -- C:\ProgramData\1385082665.bdinstall.bin
[2013/11/21 04:47:31 | 000,054,854 | ---- | C] () -- C:\ProgramData\1385002028.bdinstall.bin
[2013/11/21 04:17:19 | 000,054,854 | ---- | C] () -- C:\ProgramData\1385000217.bdinstall.bin
[2013/11/21 03:47:07 | 000,054,853 | ---- | C] () -- C:\ProgramData\1384998405.bdinstall.bin
[2013/11/21 03:16:55 | 000,054,853 | ---- | C] () -- C:\ProgramData\1384996592.bdinstall.bin
[2013/11/21 02:46:43 | 000,054,853 | ---- | C] () -- C:\ProgramData\1384994781.bdinstall.bin
[2013/11/21 02:16:32 | 000,054,853 | ---- | C] () -- C:\ProgramData\1384992969.bdinstall.bin
[2013/11/21 01:46:20 | 000,054,853 | ---- | C] () -- C:\ProgramData\1384991159.bdinstall.bin
[2013/11/21 01:16:09 | 000,054,854 | ---- | C] () -- C:\ProgramData\1384989347.bdinstall.bin
[2013/11/21 00:45:57 | 000,054,853 | ---- | C] () -- C:\ProgramData\1384987533.bdinstall.bin
[2013/11/21 00:15:43 | 000,054,852 | ---- | C] () -- C:\ProgramData\1384985715.bdinstall.bin
[2013/11/20 23:45:26 | 000,054,852 | ---- | C] () -- C:\ProgramData\1384983900.bdinstall.bin
[2013/11/20 23:15:09 | 000,054,852 | ---- | C] () -- C:\ProgramData\1384982086.bdinstall.bin
[2013/11/20 22:44:57 | 000,054,852 | ---- | C] () -- C:\ProgramData\1384980273.bdinstall.bin
[2013/11/20 22:14:39 | 000,055,011 | ---- | C] () -- C:\ProgramData\1384978451.bdinstall.bin
[2013/11/15 00:24:38 | 000,636,036 | ---- | C] () -- C:\ProgramData\1384467353.bdinstall.bin
[2013/11/15 00:24:33 | 000,050,007 | ---- | C] () -- C:\ProgramData\1384467849.bdinstall.bin
[2013/11/14 23:40:36 | 000,007,605 | ---- | C] () -- C:\Users\Nacuto\AppData\Local\Resmon.ResmonCfg
[2013/10/24 11:59:12 | 000,000,045 | ---- | C] () -- C:\Windows\nfsc_patch.ini
[2013/10/12 23:05:17 | 000,811,292 | ---- | C] () -- C:\ProgramData\1381610414.bdinstall.bin
[2013/08/07 23:39:04 | 000,000,008 | ---- | C] () -- C:\Users\Nacuto\AppData\Roaming\DofusAppId0_3
[2013/08/07 23:21:23 | 000,000,008 | ---- | C] () -- C:\Users\Nacuto\AppData\Roaming\DofusAppId0_1
[2013/08/07 23:20:54 | 000,000,117 | ---- | C] () -- C:\Users\Nacuto\AppData\Roaming\D2Info0
[2013/08/07 23:20:54 | 000,000,008 | ---- | C] () -- C:\Users\Nacuto\AppData\Roaming\DofusAppId0_2
[2013/08/07 19:00:44 | 001,642,742 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2013/04/18 20:06:46 | 000,974,848 | ---- | C] () -- C:\Windows\SysWow64\cis-2.4.dll
[2013/04/18 20:06:46 | 000,081,920 | ---- | C] () -- C:\Windows\SysWow64\issacapi_bs-2.3.dll
[2013/04/18 20:06:46 | 000,065,536 | ---- | C] () -- C:\Windows\SysWow64\issacapi_pe-2.3.dll
[2013/04/18 20:06:46 | 000,057,344 | ---- | C] () -- C:\Windows\SysWow64\issacapi_se-2.3.dll
[2013/03/01 03:47:36 | 000,053,299 | ---- | C] () -- C:\Windows\SysWow64\pthreadVC.dll
[2013/02/13 12:27:54 | 000,001,536 | ---- | C] () -- C:\Windows\SysWow64\IusEventLog.dll
 
========== ZeroAccess Check ==========
 
[2009/07/14 06:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
 
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64
 
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"" = C:\Windows\SysNative\shell32.dll -- [2012/06/09 07:43:10 | 014,172,672 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2012/06/09 06:41:00 | 012,873,728 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009/07/14 03:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2010/11/21 05:24:25 | 000,606,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009/07/14 03:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
 
========== LOP Check ==========
 
[2014/05/09 19:51:08 | 000,000,000 | ---D | M] -- C:\Users\Nacuto\AppData\Roaming\.minecraft
[2014/05/08 17:26:45 | 000,000,000 | ---D | M] -- C:\Users\Nacuto\AppData\Roaming\.technic
[2014/05/06 13:12:06 | 000,000,000 | ---D | M] -- C:\Users\Nacuto\AppData\Roaming\Achiwa
[2014/01/23 00:03:57 | 000,000,000 | ---D | M] -- C:\Users\Nacuto\AppData\Roaming\AdamOutler
[2013/08/07 23:21:54 | 000,000,000 | ---D | M] -- C:\Users\Nacuto\AppData\Roaming\AnkamaCertificates
[2013/08/07 23:20:56 | 000,000,000 | ---D | M] -- C:\Users\Nacuto\AppData\Roaming\app
[2013/10/26 12:56:16 | 000,000,000 | ---D | M] -- C:\Users\Nacuto\AppData\Roaming\Awesomium
[2014/03/05 14:20:08 | 000,000,000 | ---D | M] -- C:\Users\Nacuto\AppData\Roaming\Battle.net
[2013/08/10 00:08:18 | 000,000,000 | ---D | M] -- C:\Users\Nacuto\AppData\Roaming\Carbon
[2014/01/06 21:14:59 | 000,000,000 | ---D | M] -- C:\Users\Nacuto\AppData\Roaming\Curse Advertising
[2013/12/10 22:18:58 | 000,000,000 | ---D | M] -- C:\Users\Nacuto\AppData\Roaming\DAEMON Tools Lite
[2014/05/02 22:15:24 | 000,000,000 | ---D | M] -- C:\Users\Nacuto\AppData\Roaming\DAEMON Tools Pro
[2013/08/07 23:21:23 | 000,000,000 | ---D | M] -- C:\Users\Nacuto\AppData\Roaming\Dofus
[2013/08/07 23:20:54 | 000,000,000 | ---D | M] -- C:\Users\Nacuto\AppData\Roaming\Dofus-2
[2013/08/07 23:39:04 | 000,000,000 | ---D | M] -- C:\Users\Nacuto\AppData\Roaming\Dofus-3
[2014/04/26 17:09:37 | 000,000,000 | ---D | M] -- C:\Users\Nacuto\AppData\Roaming\Dofus2
[2014/01/23 01:52:52 | 000,000,000 | ---D | M] -- C:\Users\Nacuto\AppData\Roaming\driver
[2014/01/20 20:45:55 | 000,000,000 | ---D | M] -- C:\Users\Nacuto\AppData\Roaming\ECSoftware
[2014/04/28 18:16:15 | 000,000,000 | ---D | M] -- C:\Users\Nacuto\AppData\Roaming\Factorio
[2013/08/22 19:02:48 | 000,000,000 | ---D | M] -- C:\Users\Nacuto\AppData\Roaming\GameRanger
[2013/10/02 18:24:08 | 000,000,000 | ---D | M] -- C:\Users\Nacuto\AppData\Roaming\Leadertech
[2013/08/08 11:42:57 | 000,000,000 | ---D | M] -- C:\Users\Nacuto\AppData\Roaming\LolClient
[2014/01/03 05:06:27 | 000,000,000 | ---D | M] -- C:\Users\Nacuto\AppData\Roaming\Might & Magic Heroes VI
[2014/05/01 21:25:14 | 000,000,000 | ---D | M] -- C:\Users\Nacuto\AppData\Roaming\Mumble
[2014/04/25 23:45:02 | 000,000,000 | ---D | M] -- C:\Users\Nacuto\AppData\Roaming\NCSOFT
[2014/03/15 15:38:50 | 000,000,000 | ---D | M] -- C:\Users\Nacuto\AppData\Roaming\Notepad++
[2014/04/28 13:36:14 | 000,000,000 | ---D | M] -- C:\Users\Nacuto\AppData\Roaming\OBS
[2013/10/19 23:01:55 | 000,000,000 | ---D | M] -- C:\Users\Nacuto\AppData\Roaming\OpenOffice
[2013/11/15 18:49:37 | 000,000,000 | ---D | M] -- C:\Users\Nacuto\AppData\Roaming\Origin
[2013/10/12 22:40:14 | 000,000,000 | ---D | M] -- C:\Users\Nacuto\AppData\Roaming\QuickScan
[2013/08/07 23:20:57 | 000,000,000 | ---D | M] -- C:\Users\Nacuto\AppData\Roaming\Reg
[2013/08/07 23:20:56 | 000,000,000 | ---D | M] -- C:\Users\Nacuto\AppData\Roaming\Reg.C9ECCBDBA4E09304DEEFB106465BC17F6D6749B9.1
[2013/08/07 22:53:22 | 000,000,000 | ---D | M] -- C:\Users\Nacuto\AppData\Roaming\Riot Games
[2014/02/16 20:23:18 | 000,000,000 | ---D | M] -- C:\Users\Nacuto\AppData\Roaming\Samsung
[2014/05/02 16:27:51 | 000,000,000 | ---D | M] -- C:\Users\Nacuto\AppData\Roaming\skyz
[2014/03/16 12:54:59 | 000,000,000 | ---D | M] -- C:\Users\Nacuto\AppData\Roaming\SplitMediaLabs
[2014/01/12 16:44:32 | 000,000,000 | ---D | M] -- C:\Users\Nacuto\AppData\Roaming\Spore
[2014/04/05 00:52:40 | 000,000,000 | ---D | M] -- C:\Users\Nacuto\AppData\Roaming\Spotify
[2014/05/07 07:47:07 | 000,000,000 | ---D | M] -- C:\Users\Nacuto\AppData\Roaming\TeamViewer
[2014/01/04 17:03:12 | 000,000,000 | ---D | M] -- C:\Users\Nacuto\AppData\Roaming\Todae
[2014/05/07 16:42:03 | 000,000,000 | ---D | M] -- C:\Users\Nacuto\AppData\Roaming\TS3Client
[2013/08/09 22:03:23 | 000,000,000 | ---D | M] -- C:\Users\Nacuto\AppData\Roaming\Unity
[2014/04/26 12:12:00 | 000,000,000 | ---D | M] -- C:\Users\Nacuto\AppData\Roaming\uTorrent
[2013/12/05 16:54:45 | 000,000,000 | ---D | M] -- C:\Users\Nacuto\AppData\Roaming\wargaming.net
 
========== Purity Check ==========
 
 
 
< End of report >

Step 2: Malwarebytes
Malwarebytes Anti-Malware
www.malwarebytes.org
 
Date de l'examen: 09/05/2014
Heure de l'examen: 23:26:56
Fichier journal: Scan mbam.txt
Administrateur: Oui
 
Version: 2.00.1.1004
Base de données Malveillants: v2014.05.09.12
Base de données Rootkits: v2014.03.27.01
Licence: Essai
Protection contre les malveillants: Activé(e)
Protection contre les sites Web malveillants: Activé(e)
Chameleon: Désactivé(e)
 
Système d'exploitation: Windows 7 Service Pack 1
Processeur: x64
Système de fichiers: NTFS
Utilisateur: Nacuto
 
Type d'examen: Examen "Menaces"
Résultat: Terminé
Objets analysés: 285669
Temps écoulé: 8 min, 7 sec
 
Mémoire: Activé(e)
Démarrage: Activé(e)
Système de fichiers: Activé(e)
Archives: Activé(e)
Rootkits: Activé(e)
Shuriken: Activé(e)
PUP: Avertir
PUM: Activé(e)
 
Processus: 0
(No malicious items detected)
 
Modules: 0
(No malicious items detected)
 
Clés du Registre: 2
PUP.Optional.PlusHD.A, HKU\S-1-5-18-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\APPDATALOW\SOFTWARE\Plus-HD-1.3, Aucune action, choix de l'utilisateur, [8080e8181be53ec218d01274b74b6f91], 
PUP.Optional.Wajam.A, HKU\S-1-5-21-3818266227-1873465231-1212256919-501-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\WAJAM, Aucune action, choix de l'utilisateur, [a35db44c857bba460d90d2db57acd32d], 
 
Valeurs du Registre: 1
PUP.Optional.Wajam.A, HKU\S-1-5-21-3818266227-1873465231-1212256919-501-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\WAJAM|affiliate_id, 1401, Aucune action, choix de l'utilisateur, [a35db44c857bba460d90d2db57acd32d]
 
Données du Registre: 1
PUP.Optional.Qone8, HKLM\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES|DefaultScope, {33BB0A4E-99AF-4226-BDF6-49120163DE86}, Bon: ({0633EE93-D776-472f-A0FF-E1416B8B2E3A}), Mauvais: ({33BB0A4E-99AF-4226-BDF6-49120163DE86}),Aucune action, choix de l'utilisateur,[8c746f9107f94fb106c6b988c143df21]
 
Dossiers: 0
(No malicious items detected)
 
Fichiers: 0
(No malicious items detected)
 
Secteurs physiques: 0
(No malicious items detected)
 
 
(end)

Step 3: ESET

ESETSmartInstaller@High as downloader log:
all ok
# version=8
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.6920
# api_version=3.0.2
# EOSSerial=40b7bb7427d60f4490edfb3a15388e3e
# engine=18201
# end=finished
# remove_checked=false
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=true
# antistealth_checked=true
# utc_time=2014-05-09 11:22:58
# local_time=2014-05-10 01:22:58 )
# country="France"
# lang=1033
# osver=6.1.7601 NT Service Pack 1
# compatibility_mode=5893 16776574 100 94 0 151307628 0 0
# scanned=387886
# found=59
# cleaned=0
# scan_time=6528
sh=144AD18DA0C3EADBEB1495FDEA01A37FCEF59CEF ft=1 fh=69fe12774fa2e3ab vn="a variant of Win32/HackTool.Crack.BQ potentially unsafe application" ac=I fn="C:\Jeux\Saints Row IV\steam_api.dll"
sh=DA0FB77CECB4247F067294DA5E54E0020844FECE ft=1 fh=96c9faddf1c23368 vn="Win32/Bundled.Toolbar.Google.D potentially unsafe application" ac=I fn="C:\Users\Nacuto\Downloads\ccleaner_4-13_fr_14492.exe"
sh=402E9FC94B95C5478B3E3619AF559DC52700FC82 ft=1 fh=c71c0011b1588916 vn="a variant of Win32/InstallCore.D potentially unwanted application" ac=I fn="C:\Users\Nacuto\Downloads\FreeYouTubeToMP3Converter.exe"
sh=B697F76C8DCE538F37E57893A43322E3D60380B2 ft=0 fh=0000000000000000 vn="a variant of Win32/HackTool.Crack.BQ potentially unsafe application" ac=I fn="C:\Users\Nacuto\Videos\Outlast.zone-telechargement.com.iso"
sh=B5B41E946960F17050C00A4891CFF46B08486A4D ft=1 fh=79895fd74f1827db vn="Win32/Bundled.Toolbar.Google.D potentially unsafe application" ac=I fn="C:\Windows\System32\Adobe\Shockwave 12\gt.exe"
sh=B5B41E946960F17050C00A4891CFF46B08486A4D ft=1 fh=79895fd74f1827db vn="Win32/Bundled.Toolbar.Google.D potentially unsafe application" ac=I fn="C:\Windows\SysWOW64\Adobe\Shockwave 12\gt.exe"
sh=CBA4A01E180CD737F57112C1CDE9BAEC4540CBA2 ft=0 fh=0000000000000000 vn="Win32/OpenCandy potentially unsafe application" ac=I fn="E:\Documents and Settings\Administrateur\Bureau\Téléchargements\kag_win.zip"
sh=65A23BFB2DED446B3892B61F51728CD7E6981276 ft=1 fh=d853b354c5be6e06 vn="Win32/OpenCandy potentially unsafe application" ac=I fn="E:\Documents and Settings\Administrateur\Bureau\Téléchargements\kag_win\setup.exe"
sh=968E2F36EDB0BFADEC618CDD122DE48EFAC482DF ft=1 fh=18785b3ebaf2b7e4 vn="multiple threats" ac=I fn="E:\Documents and Settings\Administrateur\Local Settings\Temp\freezefrogsa.exe"
sh=968E2F36EDB0BFADEC618CDD122DE48EFAC482DF ft=1 fh=18785b3ebaf2b7e4 vn="multiple threats" ac=I fn="E:\Documents and Settings\Administrateur\Local Settings\Temp\FREEzeFrogUpgrade.exe"
sh=261CACC79B4B8FF9A7A2A75162178377C069C868 ft=1 fh=6885c1417d3b07df vn="Win32/OpenCandy potentially unsafe application" ac=I fn="E:\Documents and Settings\Administrateur\Local Settings\Temp\CDBurnerXP-updates\cdbxp_setup_4.3.8.2568.exe"
sh=F07CF3D001C6175B87A4608DFE6C7C29F802A9A9 ft=1 fh=863e87353786590a vn="Win32/OpenCandy potentially unsafe application" ac=I fn="E:\Documents and Settings\Administrateur\Local Settings\Temp\CDBurnerXP-updates\cdbxp_setup_4.3.8.2631.exe"
sh=72BFA5F025C5A299F5875875BBCD4BAA830E8B27 ft=1 fh=ef698bb93ddb846d vn="Win32/OpenCandy potentially unsafe application" ac=I fn="E:\Documents and Settings\Administrateur\Local Settings\Temp\CDBurnerXP-updates\cdbxp_setup_4.3.9.2762.exe"
sh=43BCF42B83E5DBAFDCA0BF2B85E154E9461CE418 ft=1 fh=c8dcd2d38905918b vn="Win32/OpenCandy potentially unsafe application" ac=I fn="E:\Documents and Settings\Administrateur\Local Settings\Temp\CDBurnerXP-updates\cdbxp_setup_4.4.0.2838.exe"
sh=6993E82AC590DA3F8C5B67FF61A57967C790FD0C ft=1 fh=7199e86da722d3ea vn="a variant of Win32/Adware.GabPath.CO application" ac=I fn="E:\Documents and Settings\All Users\Application Data\QuestScan\questscan191.exe"
sh=79FE03A90AEEECC480CFBA568EB5887224062CAF ft=1 fh=c895f14e2e96e9ab vn="a variant of Win32/Adware.GabPath.CO application" ac=I fn="E:\Documents and Settings\All Users\Application Data\QuestScan\questscan193.exe"
sh=1781127F81446208F92914760445607C3779CC39 ft=0 fh=0000000000000000 vn="a variant of Win32/Adware.OneStep.AT application" ac=I fn="E:\Documents and Settings\Default User\Local Settings\Temporary Internet Files\Content.IE5\8SBC22RP\upgrade[1].cab"
sh=68CA00EF712A61D480F417BE934321FC5CDB5882 ft=0 fh=0000000000000000 vn="a variant of Win32/Adware.OneStep.AT application" ac=I fn="E:\Documents and Settings\Default User\Local Settings\Temporary Internet Files\Content.IE5\8SBC22RP\upgrade[2].cab"
sh=1E6A6C0BB82CA30D7D2B935E007430A18682EFBD ft=0 fh=0000000000000000 vn="a variant of Win32/Adware.OneStep.AY application" ac=I fn="E:\Documents and Settings\Default User\Local Settings\Temporary Internet Files\Content.IE5\8SBC22RP\upgrade[3].cab"
sh=54C0030C9738104678161E865193311112C3E10B ft=0 fh=0000000000000000 vn="a variant of Win32/Adware.GabPath.CO application" ac=I fn="E:\Documents and Settings\Default User\Local Settings\Temporary Internet Files\Content.IE5\8SBC22RP\upgrade[4].cab"
sh=7DA4160C5F914633E089D4B11EEC85573D039DBB ft=0 fh=0000000000000000 vn="a variant of Win32/Adware.OneStep.AT application" ac=I fn="E:\Documents and Settings\Default User\Local Settings\Temporary Internet Files\Content.IE5\J2T0QF8H\upgrade[1].cab"
sh=C94984DAE6523C502283207B17942E9894B90813 ft=0 fh=0000000000000000 vn="a variant of Win32/Adware.OneStep.AT application" ac=I fn="E:\Documents and Settings\Default User\Local Settings\Temporary Internet Files\Content.IE5\J2T0QF8H\upgrade[2].cab"
sh=B23006F0F1271D362809187FD01D32A236087504 ft=0 fh=0000000000000000 vn="a variant of Win32/Adware.OneStep.AY application" ac=I fn="E:\Documents and Settings\Default User\Local Settings\Temporary Internet Files\Content.IE5\J2T0QF8H\upgrade[3].cab"
sh=12D75367FCC397A672C5D245B9302932D1048A0D ft=0 fh=0000000000000000 vn="a variant of Win32/Adware.OneStep.AT application" ac=I fn="E:\Documents and Settings\Default User\Local Settings\Temporary Internet Files\Content.IE5\J2T0QF8H\upgrade[4].cab"
sh=AA4368AE9460BFDF2F02D562B3ECBDFE1D4ED75D ft=0 fh=0000000000000000 vn="a variant of Win32/Adware.GabPath.CO application" ac=I fn="E:\Documents and Settings\Default User\Local Settings\Temporary Internet Files\Content.IE5\J2T0QF8H\upgrade[5].cab"
sh=BA11983AE83C22200DB296CA8E7830428ED0D59D ft=0 fh=0000000000000000 vn="a variant of Win32/Adware.OneStep.AT application" ac=I fn="E:\Documents and Settings\Default User\Local Settings\Temporary Internet Files\Content.IE5\L3RDS2OT\upgrade[1].cab"
sh=F0DA3BC28CBC7FCC3DD544FEBF39C7B62FB7832F ft=0 fh=0000000000000000 vn="a variant of Win32/Adware.OneStep.AT application" ac=I fn="E:\Documents and Settings\Default User\Local Settings\Temporary Internet Files\Content.IE5\L3RDS2OT\upgrade[2].cab"
sh=E200722E84D9832914140D03F1E9EC935348CCD6 ft=0 fh=0000000000000000 vn="a variant of Win32/Adware.OneStep.AY application" ac=I fn="E:\Documents and Settings\Default User\Local Settings\Temporary Internet Files\Content.IE5\L3RDS2OT\upgrade[3].cab"
sh=ABBC6C9BF8A98C1386302E056F95AF5F431F4860 ft=0 fh=0000000000000000 vn="a variant of Win32/Adware.OneStep.AY application" ac=I fn="E:\Documents and Settings\Default User\Local Settings\Temporary Internet Files\Content.IE5\L3RDS2OT\upgrade[4].cab"
sh=90170AC784ED0B7827E79E98E6FEB866DB21FBBE ft=0 fh=0000000000000000 vn="a variant of Win32/Adware.GabPath.CO application" ac=I fn="E:\Documents and Settings\Default User\Local Settings\Temporary Internet Files\Content.IE5\L3RDS2OT\upgrade[5].cab"
sh=71A27169EE47C13EAFAE41DDE1C3185631707F1B ft=0 fh=0000000000000000 vn="a variant of Win32/Adware.GabPath.CO application" ac=I fn="E:\Documents and Settings\Default User\Local Settings\Temporary Internet Files\Content.IE5\L3RDS2OT\upgrade[6].cab"
sh=A0AE7CA65D255DFBCDC89FDAD80AFB9A230FDFDA ft=0 fh=0000000000000000 vn="a variant of Win32/Adware.OneStep.AT application" ac=I fn="E:\Documents and Settings\Default User\Local Settings\Temporary Internet Files\Content.IE5\URU3F2HL\upgrade[1].cab"
sh=A0F6496C439C236B2902A7A491CA910D1A7A6AFD ft=0 fh=0000000000000000 vn="a variant of Win32/Adware.OneStep.AT application" ac=I fn="E:\Documents and Settings\Default User\Local Settings\Temporary Internet Files\Content.IE5\URU3F2HL\upgrade[2].cab"
sh=57D7F72058F218C6F0697996677A9805DFCA39AC ft=0 fh=0000000000000000 vn="a variant of Win32/Adware.OneStep.AY application" ac=I fn="E:\Documents and Settings\Default User\Local Settings\Temporary Internet Files\Content.IE5\URU3F2HL\upgrade[3].cab"
sh=FF9323FEACD60B67FCC5C0088FF6A07FB513B709 ft=0 fh=0000000000000000 vn="a variant of Win32/Adware.GabPath.CO application" ac=I fn="E:\Documents and Settings\Default User\Local Settings\Temporary Internet Files\Content.IE5\URU3F2HL\upgrade[4].cab"
sh=F3E72C18C92804E05D25319CA3A53922E7C35F8D ft=0 fh=0000000000000000 vn="a variant of Win32/Adware.GabPath.CO application" ac=I fn="E:\Documents and Settings\Default User\Local Settings\Temporary Internet Files\Content.IE5\URU3F2HL\upgrade[5].cab"
sh=A3D5D4A4EEB1080E2C9FA17DCBAD759DE2A29530 ft=1 fh=73642ecd97566093 vn="Win32/HackTool.Crack.CC potentially unsafe application" ac=I fn="E:\jeux\Trine 2\steam_api.dll"
sh=44E22BDB11EFD0C60DA4F700526D735A5A9063FE ft=1 fh=59eb92dcc763ec43 vn="a variant of MSIL/Injector.ACF trojan" ac=I fn="E:\jeux\Trine 2\trine2_32bit.exe"
sh=E1E6DAD227148CC2599E2D4E4F94D4C9C7407BFF ft=1 fh=8b935df443b01644 vn="a variant of MSIL/Injector.ACF trojan" ac=I fn="E:\jeux\Trine 2\trine2_launcher.exe"
sh=DE9C7C14137400C6DD90ED5E5BB6E672845E604E ft=1 fh=9484ffc72b170f41 vn="Win32/HackTool.CheatEngine.AB potentially unsafe application" ac=I fn="E:\Program Files\eMule\webserver\Emule\Yuusha\yuusha_color_trainer.exe"
sh=B6C74D0C5A8A43C5B63424CF79346E270ACFC3F9 ft=1 fh=c71c0011a0b1d149 vn="probably a variant of Win32/Adware.180Solutions application" ac=I fn="E:\Program Files\FREEzeFrog\bin\2.0.13.0\FREEzeFrogSA.exe"
sh=7A6BD87EBB662CC74CF4A92C1B2479F106D7B9FB ft=1 fh=c71c0011dfbc355f vn="a variant of Win32/Adware.HotBar.R application" ac=I fn="E:\Program Files\FREEzeFrog\bin\2.0.13.0\FREEzeFrogSACB.exe"
sh=DE81F05C4548CC4776A54CC42C75D27EDB790389 ft=1 fh=d85d566582e7b2f3 vn="a variant of Win32/Adware.HotBar.S application" ac=I fn="E:\Program Files\FREEzeFrog\bin\2.0.13.0\FREEzeFrogSAHook.dll"
sh=7208B08344F200CD6BF51588E7FA0DF61E4758A8 ft=1 fh=e1fc7ddbfd350f77 vn="a variant of Win32/Adware.HotBar.E application" ac=I fn="E:\Program Files\FREEzeFrog\bin\2.0.13.0\FREEzeFrogUninstaller.exe"
sh=544333EFBD805A7A9319C4FE30992D24187A7712 ft=0 fh=0000000000000000 vn="Win32/Adware.OneStep application" ac=I fn="E:\Program Files\Mozilla Firefox\extensions\{F0E1168A-B4B5-484C-B77E-0D28E6B64096}\chrome\questscan.jar"
sh=2620B4B77E2054B9392CB5BA5578D8F601E423E5 ft=1 fh=c71c001137a5824a vn="a variant of Win32/Adware.OneStep.AS application" ac=I fn="E:\Program Files\QuestScan\questscan.dll"
sh=79FE03A90AEEECC480CFBA568EB5887224062CAF ft=1 fh=c895f14e2e96e9ab vn="a variant of Win32/Adware.GabPath.CO application" ac=I fn="E:\Program Files\QuestScan\questscan.exe"
sh=48E51EDFBEDF8D291F6B07510E7DBD3016713870 ft=1 fh=c71c0011c36c494b vn="a variant of Generik.EUHLGKA trojan" ac=I fn="E:\Program Files\ShopperReports3\bin\3.1.71.0\BRNstIE.dll"
sh=0DAFC51FB5CF7A6C85CC79D9DBAAC46F0C3CDFC7 ft=1 fh=c71c00112c4d66e2 vn="a variant of Win32/Adware.Toolbar.Shopper.AC application" ac=I fn="E:\Program Files\ShopperReports3\bin\3.1.71.0\CmndFF.dll"
sh=24F87D54616DD3DF8D05ABBDB3747188CD626F21 ft=1 fh=c71c0011319744df vn="a variant of Win32/Adware.Toolbar.Shopper.AC application" ac=I fn="E:\Program Files\ShopperReports3\bin\3.1.71.0\Pltfrm.dll"
sh=AEE47D67BA6A24284339FEAF95FDA24500CE6EC5 ft=1 fh=c71c00113c971073 vn="a variant of Win32/Adware.Toolbar.Shopper.AC application" ac=I fn="E:\Program Files\ShopperReports3\bin\3.1.71.0\ShopperReports.dll"
sh=53EC86BD1AD85C446345422B375D28CD20CD2967 ft=1 fh=775f19822638b1da vn="Win32/Toolbar.SearchSuite potentially unwanted application" ac=I fn="E:\Program Files\Windows iLivid Toolbar\Datamngr\datamngr.dll"
sh=F2626F658FECAA3F86DED951F062A31A05B393AF ft=1 fh=1873575f059915ea vn="Win32/Toolbar.SearchSuite potentially unwanted application" ac=I fn="E:\Program Files\Windows iLivid Toolbar\Datamngr\datamngrUI.exe"
sh=4745252F6DFFA4A93EDF76C601B5D5EF8C053C0A ft=1 fh=368b6bc9801ae50d vn="Win32/Toolbar.SearchSuite potentially unwanted application" ac=I fn="E:\Program Files\Windows iLivid Toolbar\Datamngr\IEBHO.dll"
sh=5964449246A3084926CE19CF15557BCE1C16A96E ft=1 fh=94aca66c345f2d11 vn="Win32/Toolbar.SearchSuite potentially unwanted application" ac=I fn="E:\Program Files\Windows iLivid Toolbar\Datamngr\FirefoxExtension\components\DataMngrHlp.dll"
sh=8D1B69902A404A5799FD5EADDFBF3E363339CBDE ft=1 fh=07f1a7bb45044fb5 vn="probably a variant of Win32/Toolbar.Visicom.C potentially unwanted application" ac=I fn="E:\Program Files\Windows iLivid Toolbar\ToolBar\dtUser.exe"
sh=9C2CF5513C85626B8CDD1B0F6F3F489A9E8F205D ft=1 fh=f4a5782808bfd480 vn="a variant of Win32/Toolbar.Visicom.A potentially unwanted application" ac=I fn="E:\Program Files\Windows iLivid Toolbar\ToolBar\searchquband.dll"
sh=9069C1AE362702A5CFD0947D07C49791244CF7E1 ft=1 fh=b2a7890de2375dad vn="a variant of Win32/Toolbar.Visicom.B potentially unwanted application" ac=I fn="E:\Program Files\Windows iLivid Toolbar\ToolBar\searchqudtx.dll"
sh=F6FD18E1B9283BF5F3880416D6AE5CC55AF97351 ft=1 fh=f004c4868bb2dbae vn="a variant of Win32/TFTPD32.A potentially unsafe application" ac=I fn="E:\Program Files\WTInstaller\Install\WTGeekBox.exe"

Step 4: Security Check
 
 Results of screen317's Security Check version 0.99.83  
 Windows 7 Service Pack 1 x64 (UAC is disabled!)  
 Internet Explorer 11  
``````````````Antivirus/Firewall Check:`````````````` 
 WMI entry may not exist for antivirus; attempting automatic update. 
`````````Anti-malware/Other Utilities Check:````````` 
 Java 7 Update 51  
 Java version out of Date! 
 Adobe Flash Player 13.0.0.206  
 Adobe Reader XI  
 Mozilla Firefox (26.0) 
 Google Chrome 34.0.1847.116  
 Google Chrome 34.0.1847.131  
````````Process Check: objlist.exe by Laurent````````  
`````````````````System Health check````````````````` 
 Total Fragmentation on Drive C: = 
````````````````````End of Log`````````````````````` 

 


#8 Machiavelli

Machiavelli

    Agent 007


  • Malware Response Instructor
  • 4,133 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Germany
  • Local time:01:41 AM

Posted 10 May 2014 - 04:31 AM

Hey,
nearly done. :)

Step 1: OTL Fix
  • Run OTL (If you have Windows Vista / Windows 7 / Windows 8 please do a Right click on the OTL icon and select Run as Administrator).
  • Copy (Ctrl+C) and Paste (Ctrl+V) all of the following text into the Custom Scans/Fixes box:


    :Commands
    [CREATERESTOREPOINT]
    
    :OTL
    IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {33BB0A4E-99AF-4226-BDF6-49120163DE86}
    FF - user.js - File not found
    O1364bit: - gopher Prefix: missing
    O33 - MountPoints2\{932eb6ae-69c6-11e3-bc18-08606ed76f8d}\Shell - "" = AutoRun
    O33 - MountPoints2\{932eb6ae-69c6-11e3-bc18-08606ed76f8d}\Shell\AutoRun\command - "" = D:\setup.exe -- [2013/09/05 13:09:49 | 000,450,904 | R--- | M] (                                                            )
    :Files
    C:\Jeux\Saints Row IV\steam_api.dll
    C:\Users\Nacuto\Downloads\ccleaner_4-13_fr_14492.exe
    C:\Users\Nacuto\Downloads\FreeYouTubeToMP3Converter.exe
    C:\Users\Nacuto\Videos\Outlast.zone-telechargement.com.iso
    C:\Windows\System32\Adobe\Shockwave 12\gt.exe
    C:\Windows\SysWOW64\Adobe\Shockwave 12\gt.exe
    E:\Documents and Settings\Administrateur\Bureau\Téléchargements\kag_win.zip
    E:\Documents and Settings\Administrateur\Bureau\Téléchargements\kag_win
    E:\Documents and Settings\Administrateur\Local Settings\Temp\freezefrogsa.exe
    E:\Documents and Settings\Administrateur\Local Settings\Temp\FREEzeFrogUpgrade.exe
    E:\Documents and Settings\Administrateur\Local Settings\Temp\CDBurnerXP-updates
    E:\Documents and Settings\All Users\Application Data\QuestScan
    E:\Documents and Settings\Default User\Local Settings\Temporary Internet Files\Content.IE5\8SBC22RP
    E:\Documents and Settings\Default User\Local Settings\Temporary Internet Files\Content.IE5\J2T0QF8H
    E:\Documents and Settings\Default User\Local Settings\Temporary Internet Files\Content.IE5\L3RDS2OT
    E:\Documents and Settings\Default User\Local Settings\Temporary Internet Files\Content.IE5\URU3F2HL
    E:\jeux\Trine 2
    E:\Program Files\eMule\webserver\Emule\Yuusha\yuusha_color_trainer.exe
    E:\Program Files\FREEzeFrog
    E:\Program Files\Mozilla Firefox\extensions\{F0E1168A-B4B5-484C-B77E-0D28E6B64096}\chrome\questscan.jar
    E:\Program Files\QuestScan
    E:\Program Files\ShopperReports3
    E:\Program Files\Windows iLivid Toolbar
    E:\Program Files\WTInstaller
    
    :Reg
    [-HKEY_USERS\S-1-5-18-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\APPDATALOW\SOFTWARE\Plus-HD-1.3]
    
    [-HKEY_USERS\S-1-5-21-3818266227-1873465231-1212256919-501-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\WAJAM]
    
    :Commands
    [EMPTYTEMP]
    
  • Click the Run Fix button.
  • After your computer has rebooted, run OTL and click Quick Scan.
  • Copy and paste the contents of the log that it produces into your next post.
Step 2: JavaRa

javaicon.gif Your Java is out of date. Older versions have vulnerabilities that malware can use to infect your system. Please follow these steps to remove older versions of Java components and upgrade the application.

Upgrading Java :
Please download JavaRa to your desktop and unzip it to its own folder
  • Run JavaRa.exe, then click on Remove Java Runtime.
  • Select the Java version you have from the drop down list, and then click on Run Uninstaller
  • Press Yes if it asks to uninstall the product.
  • Allow the uninstaller to remove the installed version.
  • When its finished, go back to JavaRa, and click Back
  • Click on Update Java Runtime and then select Download and install latest version.
  • Press Next
  • Press Java Manual Download.
  • A browser window will open with the Java download page.
  • Click the Windows offline link to download Java.
  • Run the installer.
  • Close JavaRa
Step 3: Question

How is your PC running?

~Machiavelli

If I don't reply within 24 hours please PM me!

  • Every topic with no replies within 5 days will be closed.
  • If you like my help here please give me feedback.

unite_blue.png
 
 


#9 Nacuto

Nacuto
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:08:41 AM

Posted 10 May 2014 - 06:51 AM

Step 1: OTL Fix

:
Commandes
[ CREATERESTOREPOINT ]

: OTL
IE
: 64bit : - HKLM\. . \SearchScopes , DefaultScope = { 33BB0A4E-99AF - 4226 - BDF6 - 49120163DE86 }
FF - user . js - File not found
O1364bit
: - Gopher Prefix : manquant
O33
- MountPoints2 \{ 932eb6ae - 69c6 - 11e3 - bc18 - 08606ed76f8d } \Shell - "" = AutoRun
O33 - MountPoints2 \{ 932eb6ae - 69c6 - 11e3 - bc18 - 08606ed76f8d } \Shell\AutoRun\command - "" = D : \setup . exe -- [ 2013 / 09 / 05 13 : 09 : 49 | 000 , 450 , 904 | R --- | M ] ( )
: Files
C : \Jeux\Saints Row IV\steam_api . dll
C
: \ Users \ Nacuto \ Téléchargements \ ccleaner_4 - 13 _fr_14492 . exe
C
: \ Users \ Nacuto \ Téléchargements \ FreeYouTubeToMP3Converter . exe
C
: \ Users \ \ Nacuto Vidéos \ Outlast . zone - telechargement . com . iso
C
: \ Windows \ System32 \ Adobe \ Shockwave 12 \ gt . exe
C
: \ Windows \ SysWOW64 \ Adobe \ Shockwave 12 \ gt . exe
E
: \ Documents et Settings \ Administrateur \ Bureau \ T é l é Chargements \ kag_win . zip
E
: \ Documents et Settings \ Administrateur \ Bureau \ T é l é Chargements \ kag_win
E
: \ Documents et Settings \ Administrateur \ Local Settings \ Temp \ freezefrogsa . exe
E
: \ Documents et Settings \ Administrateur \ Local Settings \ Temp \ F REEzeFrogUpgrade . exe
E
: \ Documents et Settings \ Administrateur \ Local Settings \ Temp \ C DBurnerXP - mises à jour
E
: \ Documents et Settings \ All Utilisateurs \ Application données \ QuestScan
E
: \ Documents et Settings \ Default User \ Local Settings \ Temporary Internet Files \ Content . IE5 \ 8SBC22RP
E
: \Documents and Settings \Default User \Local Settings \Temporary Internet Files \Content . IE5\J 2T0QF8H
E : \Documents and Settings \Default User \Local Settings \Temporary Internet Files \Content . IE5\L 3RDS2OT
E : \Documents and Settings \Default User \Local Settings \Temporary Internet Files \Content . IE5\URU3F2HL
E
: \ jeux \ Trine 2
E : \ Program Files \ e mule \ serveur web \ Emule \ Yuusha \ yuusha_color_trainer . exe
E
: \Program Files \F REEzeFrog
E : \Program Files \Mozilla Firefox \extensions\{F0E1168A - B4B5 - 484C - B77E - 0D28E6B64096 } \chrome\questscan . jar
E
: \ Program Files \ QuestScan
E
: \ Program Files \ ShopperReports3
E
: \ Program Files \ Windows iLivid Toolbar
E : \ Program Files \ W TInstaller

: Reg
[- HKEY_USERS\S - 1 - 5 - 18 -{ ED1FC765 - E35E - 4C3D - BF15 - 2C2B11260CE4 }- 0 \SOFTWARE\APPDATALOW\SOFTWARE\Plus - HD - 1.3 ]

[- HKEY_USERS\S - 1 - 5 - 21 - 3818266227 - 1873465231 - 1212256919 - 501 -{ ED1FC765 - E35E - 4C3D - BF15 - 2C2B11260CE4 }- 0 \SOFTWARE\WAJAM ]

: Commandes
[ EMPTYTEMP ]

Step 3: Question
How is your PC running?

Normal :)


Edited by Nacuto, 10 May 2014 - 06:51 AM.


#10 Machiavelli

Machiavelli

    Agent 007


  • Malware Response Instructor
  • 4,133 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Germany
  • Local time:01:41 AM

Posted 10 May 2014 - 06:53 AM

Hey,
could you please post this Logfile (the newest one): C:\_OTL\MovedFiles\date_number.log

~Machiavelli

If I don't reply within 24 hours please PM me!

  • Every topic with no replies within 5 days will be closed.
  • If you like my help here please give me feedback.

unite_blue.png
 
 


#11 Nacuto

Nacuto
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:08:41 AM

Posted 10 May 2014 - 08:43 AM

Error: Unable to interpret <: Commandes > in the current context!
Error: Unable to interpret <[ CREATERESTOREPOINT ]> in the current context!
Error: Unable to interpret <: OTL> in the current context!
Error: Unable to interpret <IE : 64bit :  - HKLM\. . \SearchScopes , DefaultScope  =  { 33BB0A4E-99AF - 4226 - BDF6 - 49120163DE86 } > in the current context!
Error: Unable to interpret <FF - user . js -  File  not found> in the current context!
Error: Unable to interpret <O1364bit :  - Gopher Prefix : manquant> in the current context!
Error: Unable to interpret <O33 -  MountPoints2 \{ 932eb6ae - 69c6 - 11e3 - bc18 - 08606ed76f8d } \Shell -  ""  =  AutoRun > in the current context!
Error: Unable to interpret <O33 -  MountPoints2 \{ 932eb6ae - 69c6 - 11e3 - bc18 - 08606ed76f8d } \Shell\AutoRun\command -  ""  = D : \setup . exe --  [ 2013 / 09 / 05  13 : 09 : 49  |  000 , 450 , 904  | R ---  | M ]  (                                                             ) > in the current context!
Error: Unable to interpret <: Files > in the current context!
Error: Unable to interpret <C : \Jeux\Saints Row IV\steam_api . dll> in the current context!
Error: Unable to interpret <C : \ Users \ Nacuto \ Téléchargements \ ccleaner_4 - 13 _fr_14492 . exe> in the current context!
Error: Unable to interpret <C : \ Users \ Nacuto \ Téléchargements \ FreeYouTubeToMP3Converter . exe> in the current context!
Error: Unable to interpret <C : \ Users \ \ Nacuto Vidéos \ Outlast . zone - telechargement . com . iso> in the current context!
Error: Unable to interpret <C : \ Windows \ System32 \ Adobe \ Shockwave 12 \ gt . exe> in the current context!
Error: Unable to interpret <C : \ Windows \ SysWOW64 \ Adobe \ Shockwave 12 \ gt . exe> in the current context!
Error: Unable to interpret <E : \ Documents et  Settings \ Administrateur \ Bureau \ T é l é Chargements \ kag_win . zip> in the current context!
Error: Unable to interpret <E : \ Documents et  Settings \ Administrateur \ Bureau \ T é l é Chargements \ kag_win> in the current context!
Error: Unable to interpret <E : \ Documents et  Settings \ Administrateur \ Local Settings \ Temp \ freezefrogsa . exe> in the current context!
Error: Unable to interpret <E : \ Documents et  Settings \ Administrateur \ Local Settings \ Temp \ F REEzeFrogUpgrade . exe> in the current context!
Error: Unable to interpret <E : \ Documents et  Settings \ Administrateur \ Local Settings \ Temp \ C DBurnerXP - mises à jour> in the current context!
Error: Unable to interpret <E : \ Documents et  Settings \ All Utilisateurs \ Application données \ QuestScan> in the current context!
Error: Unable to interpret <E : \ Documents et  Settings \ Default User \ Local Settings \ Temporary Internet  Files \ Content . IE5 \ 8SBC22RP> in the current context!
Error: Unable to interpret <E : \Documents and  Settings \Default User \Local Settings \Temporary Internet  Files \Content . IE5\J 2T0QF8H > in the current context!
Error: Unable to interpret <E : \Documents and  Settings \Default User \Local Settings \Temporary Internet  Files \Content . IE5\L 3RDS2OT > in the current context!
Error: Unable to interpret <E : \Documents and  Settings \Default User \Local Settings \Temporary Internet  Files \Content . IE5\URU3F2HL> in the current context!
Error: Unable to interpret <E : \ jeux \ Trine 2 > in the current context!
Error: Unable to interpret <E : \ Program Files \ e mule \ serveur web \ Emule \ Yuusha \ yuusha_color_trainer . exe> in the current context!
Error: Unable to interpret <E : \Program Files \F REEzeFrog > in the current context!
Error: Unable to interpret <E : \Program Files \Mozilla Firefox \extensions\{F0E1168A - B4B5 - 484C - B77E - 0D28E6B64096 } \chrome\questscan . jar> in the current context!
Error: Unable to interpret <E : \ Program Files \ QuestScan> in the current context!
Error: Unable to interpret <E : \ Program Files \ ShopperReports3> in the current context!
Error: Unable to interpret <E : \ Program Files \ Windows iLivid Toolbar > in the current context!
Error: Unable to interpret <E : \ Program Files \ W TInstaller> in the current context!
Error: Unable to interpret <: Reg > in the current context!
Error: Unable to interpret <[- HKEY_USERS\S - 1 - 5 - 18 -{ ED1FC765 - E35E - 4C3D - BF15 - 2C2B11260CE4 }- 0 \SOFTWARE\APPDATALOW\SOFTWARE\Plus - HD - 1.3 ]> in the current context!
Error: Unable to interpret <[- HKEY_USERS\S - 1 - 5 - 21 - 3818266227 - 1873465231 - 1212256919 - 501 -{ ED1FC765 - E35E - 4C3D - BF15 - 2C2B11260CE4 }- 0 \SOFTWARE\WAJAM ]> in the current context!
Error: Unable to interpret <: Commandes > in the current context!
Error: Unable to interpret <[ EMPTYTEMP ]> in the current context!
 
OTL by OldTimer - Version 3.2.69.0 log created on 05102014_134150


#12 Machiavelli

Machiavelli

    Agent 007


  • Malware Response Instructor
  • 4,133 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Germany
  • Local time:01:41 AM

Posted 10 May 2014 - 09:19 AM

Something wrent wong.
  • Run OTL (If you have Windows Vista / Windows 7 / Windows 8 please do a Right click on the OTL icon and select Run as Administrator).
  • Copy (Ctrl+C) and Paste (Ctrl+V) all of the following bolded text into the Custom Scans/Fixes box:

    :Commands
    [CREATERESTOREPOINT]

    :OTL
    IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {33BB0A4E-99AF-4226-BDF6-49120163DE86}
    FF - user.js - File not found
    O1364bit: - gopher Prefix: missing
    O33 - MountPoints2\{932eb6ae-69c6-11e3-bc18-08606ed76f8d}\Shell - "" = AutoRun
    O33 - MountPoints2\{932eb6ae-69c6-11e3-bc18-08606ed76f8d}\Shell\AutoRun\command - "" = D:\setup.exe -- [2013/09/05 13:09:49 | 000,450,904 | R--- | M] ( )
    :Files
    C:\Jeux\Saints Row IV\steam_api.dll
    C:\Users\Nacuto\Downloads\ccleaner_4-13_fr_14492.exe
    C:\Users\Nacuto\Downloads\FreeYouTubeToMP3Converter.exe
    C:\Users\Nacuto\Videos\Outlast.zone-telechargement.com.iso
    C:\Windows\System32\Adobe\Shockwave 12\gt.exe
    C:\Windows\SysWOW64\Adobe\Shockwave 12\gt.exe
    E:\Documents and Settings\Administrateur\Bureau\Téléchargements\kag_win.zip
    E:\Documents and Settings\Administrateur\Bureau\Téléchargements\kag_win
    E:\Documents and Settings\Administrateur\Local Settings\Temp\freezefrogsa.exe
    E:\Documents and Settings\Administrateur\Local Settings\Temp\FREEzeFrogUpgrade.exe
    E:\Documents and Settings\Administrateur\Local Settings\Temp\CDBurnerXP-updates
    E:\Documents and Settings\All Users\Application Data\QuestScan
    E:\Documents and Settings\Default User\Local Settings\Temporary Internet Files\Content.IE5\8SBC22RP
    E:\Documents and Settings\Default User\Local Settings\Temporary Internet Files\Content.IE5\J2T0QF8H
    E:\Documents and Settings\Default User\Local Settings\Temporary Internet Files\Content.IE5\L3RDS2OT
    E:\Documents and Settings\Default User\Local Settings\Temporary Internet Files\Content.IE5\URU3F2HL
    E:\jeux\Trine 2
    E:\Program Files\eMule\webserver\Emule\Yuusha\yuusha_color_trainer.exe
    E:\Program Files\FREEzeFrog
    E:\Program Files\Mozilla Firefox\extensions\{F0E1168A-B4B5-484C-B77E-0D28E6B64096}\chrome\questscan.jar
    E:\Program Files\QuestScan
    E:\Program Files\ShopperReports3
    E:\Program Files\Windows iLivid Toolbar
    E:\Program Files\WTInstaller

    :Reg
    [-HKEY_USERS\S-1-5-18-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\APPDATALOW\SOFTWARE\Plus-HD-1.3]

    [-HKEY_USERS\S-1-5-21-3818266227-1873465231-1212256919-501-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\WAJAM]

    :Commands
    [EMPTYTEMP]
  • Click the Run Fix button.
  • After your computer has rebooted, post the Fixlog into your next reply

~Machiavelli

If I don't reply within 24 hours please PM me!

  • Every topic with no replies within 5 days will be closed.
  • If you like my help here please give me feedback.

unite_blue.png
 
 


#13 Nacuto

Nacuto
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:08:41 AM

Posted 11 May 2014 - 07:33 AM

Hey,
 

All processes killed
========== COMMANDS ==========
Restore point Set: OTL Restore Point
========== OTL ==========
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope| /E : value set successfully!
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{932eb6ae-69c6-11e3-bc18-08606ed76f8d}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{932eb6ae-69c6-11e3-bc18-08606ed76f8d}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{932eb6ae-69c6-11e3-bc18-08606ed76f8d}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{932eb6ae-69c6-11e3-bc18-08606ed76f8d}\ not found.
File move failed. D:\setup.exe scheduled to be moved on reboot.
========== FILES ==========
C:\Jeux\Saints Row IV\steam_api.dll moved successfully.
C:\Users\Nacuto\Downloads\ccleaner_4-13_fr_14492.exe moved successfully.
C:\Users\Nacuto\Downloads\FreeYouTubeToMP3Converter.exe moved successfully.
File move failed. C:\Users\Nacuto\Videos\Outlast.zone-telechargement.com.iso scheduled to be moved on reboot.
C:\Windows\System32\Adobe\Shockwave 12\gt.exe moved successfully.
File\Folder C:\Windows\SysWOW64\Adobe\Shockwave 12\gt.exe not found.
File\Folder E:\Documents and Settings\Administrateur\Bureau\Téléchargements\kag_win.zip not found.
File\Folder E:\Documents and Settings\Administrateur\Bureau\Téléchargements\kag_win not found.
File\Folder E:\Documents and Settings\Administrateur\Local Settings\Temp\freezefrogsa.exe not found.
File\Folder E:\Documents and Settings\Administrateur\Local Settings\Temp\FREEzeFrogUpgrade.exe not found.
File\Folder E:\Documents and Settings\Administrateur\Local Settings\Temp\CDBurnerXP-updates not found.
File\Folder E:\Documents and Settings\All Users\Application Data\QuestScan not found.
File\Folder E:\Documents and Settings\Default User\Local Settings\Temporary Internet Files\Content.IE5\8SBC22RP not found.
File\Folder E:\Documents and Settings\Default User\Local Settings\Temporary Internet Files\Content.IE5\J2T0QF8H not found.
File\Folder E:\Documents and Settings\Default User\Local Settings\Temporary Internet Files\Content.IE5\L3RDS2OT not found.
File\Folder E:\Documents and Settings\Default User\Local Settings\Temporary Internet Files\Content.IE5\URU3F2HL not found.
File\Folder E:\jeux\Trine 2 not found.
File\Folder E:\Program Files\eMule\webserver\Emule\Yuusha\yuusha_color_trainer.exe not found.
File\Folder E:\Program Files\FREEzeFrog not found.
File\Folder E:\Program Files\Mozilla Firefox\extensions\{F0E1168A-B4B5-484C-B77E-0D28E6B64096}\chrome\questscan.jar not found.
File\Folder E:\Program Files\QuestScan not found.
File\Folder E:\Program Files\ShopperReports3 not found.
File\Folder E:\Program Files\Windows iLivid Toolbar not found.
File\Folder E:\Program Files\WTInstaller not found.
========== REGISTRY ==========
Registry key HKEY_USERS\S-1-5-18-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\APPDATALOW\SOFTWARE\Plus-HD-1.3\ not found.
Registry key HKEY_USERS\S-1-5-21-3818266227-1873465231-1212256919-501-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\WAJAM\ not found.
========== COMMANDS ==========
 
[EMPTYTEMP]
 
User: All Users
 
User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes
 
User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes
 
User: Invité
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Google Chrome cache emptied: 0 bytes
->Flash cache emptied: 0 bytes
 
User: Nacuto
->Temp folder emptied: 796718661 bytes
->Temporary Internet Files folder emptied: 769235 bytes
->Java cache emptied: 0 bytes
->FireFox cache emptied: 0 bytes
->Google Chrome cache emptied: 354576069 bytes
->Flash cache emptied: 841 bytes
 
User: Public
 
%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32 (64bit) .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 16562 bytes
%systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 128 bytes
RecycleBin emptied: 0 bytes
 
Total Files Cleaned = 1 099,00 mb
 
 
OTL by OldTimer - Version 3.2.69.0 log created on 05112014_142417
 
Files\Folders moved on Reboot...
File\Folder D:\setup.exe not found!
C:\Users\Nacuto\Videos\Outlast.zone-telechargement.com.iso moved successfully.
C:\Users\Nacuto\AppData\Local\Temp\FXSAPIDebugLogFile.txt moved successfully.
C:\Users\Nacuto\AppData\Local\Microsoft\Windows\Temporary Internet Files\counters.dat moved successfully.
 
PendingFileRenameOperations files...
 
Registry entries deleted on Reboot...


#14 Machiavelli

Machiavelli

    Agent 007


  • Malware Response Instructor
  • 4,133 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Germany
  • Local time:01:41 AM

Posted 11 May 2014 - 07:56 AM

Well done. What's with Step 2?

~Machiavelli

If I don't reply within 24 hours please PM me!

  • Every topic with no replies within 5 days will be closed.
  • If you like my help here please give me feedback.

unite_blue.png
 
 


#15 Nacuto

Nacuto
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:08:41 AM

Posted 11 May 2014 - 12:14 PM

For Java ?






0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users