Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

bsod and freezes, recently infected by cpu miner


  • Please log in to reply
4 replies to this topic

#1 LeGeorgettier

LeGeorgettier

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Local time:09:52 AM

Posted 30 September 2015 - 10:23 PM

Hi, 

I posted my problem in the BSOD section and they helped me with some advice and told me to post in this specific section.

If anything needs to be done just ask me and I will be please to do it.

 

I had many issues with my PC freezing lately and I also have been infected by a Miner malware. I think I removed the infection but I'm not quite 100% sure. I still have suspicious files in the Regedit. When freeze happen, most of the time the Event Viewer says it is related to Driver Booster files that does not exist anymore (Could this be a spyware)

 

error in file configuration defenition NT TASK\Driver Booster SkipUAC (olivi

C:\Program Files (x86)\IObit\Driver Booster\DriverBooster.exe.

 

I installed iObit crap trying to solve my problems, but obviously this didn'T helped... As more problems resulted. It is now all removed

 

 I just want to be sure I am free of viruses. What are the normal steps to makes sure my computer is now safe?

I think it could be a driver issues but the moderator asked me to get help here to make sure my computer was clean.

Today I updated my motherboard BIOS, PCI/e, PCI drivers and aven't crashed yet.

 

Link to other post Here

 

Original post Here :


I am using Windows 10 64bits, I made the upgrade this summer and had a lot of issues since. I did restored the system but still the same problems...
I have an almost brand new computer (October 2014 built)

 

AMD FX 8320 8-core Black Edition

ASUS M5A97 R2.0

16gb RAM DDR3 Hyper X

EVGA GTX 970 4GB SSC ACX 2.0

Cooler Master 725w

Obviously Desktop Computer

 

 

What I have done :

 

RAM Test 

System Restore after Windows 10 Update (2 months ago)

Drivers reinstall from original CDs, (Asus drivers + EVGA drivers)

Many Anti Viruses and Malware

Many research on blue screens and different tries to remove unsuccesfully

I've had BSOD saying

IRQL NOT LESS OR EQUAL

KMODE EXEPTION NOT HANDLED

ntoskrnl.exe

 

The following seems to come back around alot  in the Windows Event Viewer : 

error in file configuration defenition NT TASK\Driver Booster SkipUAC (olivi

C:\Program Files (x86)\IObit\Driver Booster\DriverBooster.exe.

 

I looked for these without results, I installed this program and removed it but it seems to have stayed somewhere in the computer.

I don't know where to check,anymore I need professional help.



BC AdBot (Login to Remove)

 


#2 LeGeorgettier

LeGeorgettier
  • Topic Starter

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Local time:09:52 AM

Posted 30 September 2015 - 10:24 PM

**Scan Informations comming in minutes in this post**



#3 LeGeorgettier

LeGeorgettier
  • Topic Starter

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Local time:09:52 AM

Posted 30 September 2015 - 11:02 PM

I can't seem to be able to attach my files to my posts? 
 

MTB LOG :
 
MiniToolBox by Farbar  Version: 25-07-2015 01
Ran by Ollie (administrator) on 30-09-2015 at 23:27:22
Running from "C:\Users\olivi\Downloads"
Microsoft Windows 10 Professionnel  (X64)
Model: To be filled by O.E.M. Manufacturer: To be filled by O.E.M.
Boot Mode: Normal
***************************************************************************
 
========================= IE Proxy Settings: ============================== 
 
Proxy is not enabled.
No Proxy Server is set.
 
========================= FF Proxy Settings: ============================== 
 
========================= Hosts content: =================================
 
 
 
========================= IP Configuration: ================================
 
Realtek PCIe GBE Family Controller = Ethernet (Connected)
 
 
# ----------------------------------
# Configuration du protocole IPv4
# ----------------------------------
pushd interface ipv4
 
reset
set global defaultcurhoplimit=64
set interface interface="Wi-Fi" forwarding=disabled advertise=disabled mtu=1492 metric=0 siteprefixlength=0 nud=disabled routerdiscovery=disabled managedaddress=disabled otherstateful=disabled weakhostsend=disabled weakhostreceive=disabled ignoredefaultroutes=disabled advertisedrouterlifetime=0 advertisedefaultroute=disabled currenthoplimit=0 forcearpndwolpattern=disabled enabledirectedmacwolpattern=disabled ecncapability=ecndisabled
set interface interface="Ethernet" forwarding=disabled advertise=disabled mtu=1492 metric=0 siteprefixlength=0 nud=disabled routerdiscovery=disabled managedaddress=disabled otherstateful=disabled weakhostsend=disabled weakhostreceive=disabled ignoredefaultroutes=disabled advertisedrouterlifetime=0 advertisedefaultroute=disabled currenthoplimit=0 forcearpndwolpattern=disabled enabledirectedmacwolpattern=disabled ecncapability=ecndisabled
 
 
popd
# Fin de la configuration du protocole IPv4
 
 
 
Configuration IP de Windows
 
   Nom de l'h�te . . . . . . . . . . : OlliePc
   Suffixe DNS principal . . . . . . : 
   Type de noeud. . . . . . . . . .  : Hybride
   Routage IP activ� . . . . . . . . : Non
   Proxy WINS activ� . . . . . . . . : Non
 
Carte Ethernet Ethernet :
 
   Suffixe DNS propre � la connexion. . . : 
   Description. . . . . . . . . . . . . . : Realtek PCIe GBE Family Controller
   Adresse physique . . . . . . . . . . . : 10-C3-7B-92-A3-FE
   DHCP activ�. . . . . . . . . . . . . . : Oui
   Configuration automatique activ�e. . . : Oui
   Adresse IPv6 de liaison locale. . . . .: fe80::f0ab:29f6:eba:4ca9%3(pr�f�r�) 
   Adresse IPv4. . . . . . . . . . . . . .: 192.168.0.6(pr�f�r�) 
   Masque de sous-r�seau. . . .�. . . . . : 255.255.255.0
   Bail obtenu. . . . . . . . .�. . . . . : September 30, 2015 9:40:07 PM
   Bail expirant. . . . . . . . .�. . . . : October 3, 2015 9:40:06 PM
   Passerelle par d�faut. . . .�. . . . . : 192.168.0.1
   Serveur DHCP . . . . . . . . . . . . . : 192.168.0.1
   IAID DHCPv6 . . . . . . . . . . . : 118539131
   DUID de client DHCPv6. . . . . . . . : 00-01-00-01-1D-70-26-40-00-18-39-06-AA-10
   Serveurs DNS. . .  . . . . . . . . . . : 24.201.245.77
                              24.200.241.37
                              24.200.243.189
   NetBIOS sur Tcpip. . . . . . . . . . . : Activ�
 
Carte Tunnel Teredo Tunneling Pseudo-Interface :
 
   Suffixe DNS propre � la connexion. . . : 
   Description. . . . . . . . . . . . . . : Microsoft Teredo Tunneling Adapter
   Adresse physique . . . . . . . . . . . : 00-00-00-00-00-00-00-E0
   DHCP activ�. . . . . . . . . . . . . . : Non
   Configuration automatique activ�e. . . : Oui
   Adresse IPv6. . . . . . . . . . .�. . .: 2001:0:5ef5:79fb:1c8b:3ff4:b9af:8d73(pr�f�r�) 
   Adresse IPv6 de liaison locale. . . . .: fe80::1c8b:3ff4:b9af:8d73%4(pr�f�r�) 
   Passerelle par d�faut. . . .�. . . . . : ::
   IAID DHCPv6 . . . . . . . . . . . : 234881024
   DUID de client DHCPv6. . . . . . . . : 00-01-00-01-1D-70-26-40-00-18-39-06-AA-10
   NetBIOS sur TCPIP. . . . . . . . . . . : D�sactiv�
 
Carte Tunnel isatap.{48FEF1AF-BCCF-408A-9F80-E4F5B07B3A7D} :
 
   Statut du m�dia. . . . . . . . . . . . : M�dia d�connect�
   Suffixe DNS propre � la connexion. . . : 
   Description. . . . . . . . . . . . . . : Microsoft ISATAP Adapter #2
   Adresse physique . . . . . . . . . . . : 00-00-00-00-00-00-00-E0
   DHCP activ�. . . . . . . . . . . . . . : Non
   Configuration automatique activ�e. . . : Oui
Serveur :   dns2.videotron.ca
Address:  24.201.245.77
 
Nom :    google.com
Addresses:  2a00:1450:400c:c05::8a
 173.194.67.101
 173.194.67.102
 173.194.67.139
 173.194.67.100
 173.194.67.113
 173.194.67.138
 
 
Envoi d'une requ�te 'ping' sur google.com [173.194.67.101] avec 32 octets de donn�es�:
R�ponse de 173.194.67.101�: octets=32 temps=103 ms TTL=48
R�ponse de 173.194.67.101�: octets=32 temps=105 ms TTL=48
 
Statistiques Ping pour 173.194.67.101:
    Paquets�: envoy�s = 2, re�us = 2, perdus = 0 (perte 0%),
Dur�e approximative des boucles en millisecondes :
    Minimum = 103ms, Maximum = 105ms, Moyenne = 104ms
Serveur :   dns2.videotron.ca
Address:  24.201.245.77
 
Nom :    yahoo.com
Addresses:  2001:4998:58:c02::a9
 2001:4998:44:204::a7
 2001:4998:c:a06::2:4008
 98.138.253.109
 206.190.36.45
 98.139.183.24
 
 
Envoi d'une requ�te 'ping' sur yahoo.com [98.138.253.109] avec 32 octets de donn�es�:
R�ponse de 98.138.253.109�: octets=32 temps=42 ms TTL=55
R�ponse de 98.138.253.109�: octets=32 temps=50 ms TTL=55
 
Statistiques Ping pour 98.138.253.109:
    Paquets�: envoy�s = 2, re�us = 2, perdus = 0 (perte 0%),
Dur�e approximative des boucles en millisecondes :
    Minimum = 42ms, Maximum = 50ms, Moyenne = 46ms
 
Envoi d'une requ�te 'Ping'  127.0.0.1 avec 32 octets de donn�es�:
R�ponse de 127.0.0.1�: octets=32 temps<1ms TTL=64
R�ponse de 127.0.0.1�: octets=32 temps<1ms TTL=64
 
Statistiques Ping pour 127.0.0.1:
    Paquets�: envoy�s = 2, re�us = 2, perdus = 0 (perte 0%),
Dur�e approximative des boucles en millisecondes :
    Minimum = 0ms, Maximum = 0ms, Moyenne = 0ms
===========================================================================
Liste d'Interfaces
  3...10 c3 7b 92 a3 fe ......Realtek PCIe GBE Family Controller
  1...........................Software Loopback Interface 1
  4...00 00 00 00 00 00 00 e0 Microsoft Teredo Tunneling Adapter
  7...00 00 00 00 00 00 00 e0 Microsoft ISATAP Adapter #2
===========================================================================
 
IPv4 Table de routage
===========================================================================
Itin�raires actifs�:
Destination r�seau    Masque r�seau  Adr. passerelle   Adr. interface M�trique
          0.0.0.0          0.0.0.0      192.168.0.1      192.168.0.6     20
        127.0.0.0        255.0.0.0         On-link         127.0.0.1    306
        127.0.0.1  255.255.255.255         On-link         127.0.0.1    306
  127.255.255.255  255.255.255.255         On-link         127.0.0.1    306
      192.168.0.0    255.255.255.0         On-link       192.168.0.6    276
      192.168.0.6  255.255.255.255         On-link       192.168.0.6    276
    192.168.0.255  255.255.255.255         On-link       192.168.0.6    276
        224.0.0.0        240.0.0.0         On-link         127.0.0.1    306
        224.0.0.0        240.0.0.0         On-link       192.168.0.6    276
  255.255.255.255  255.255.255.255         On-link         127.0.0.1    306
  255.255.255.255  255.255.255.255         On-link       192.168.0.6    276
===========================================================================
Itin�raires persistants�:
  Aucun
 
IPv6 Table de routage
===========================================================================
Itin�raires actifs�:
 If Metric Network Destination      Gateway
  4    306 ::/0                     On-link
  1    306 ::1/128                  On-link
  4    306 2001::/32                On-link
  4    306 2001:0:5ef5:79fb:1c8b:3ff4:b9af:8d73/128
                                    On-link
  3    276 fe80::/64                On-link
  4    306 fe80::/64                On-link
  4    306 fe80::1c8b:3ff4:b9af:8d73/128
                                    On-link
  3    276 fe80::f0ab:29f6:eba:4ca9/128
                                    On-link
  1    306 ff00::/8                 On-link
  3    276 ff00::/8                 On-link
  4    306 ff00::/8                 On-link
===========================================================================
Itin�raires persistants�:
  Aucun
========================= Winsock entries =====================================
 
Catalog5 01 C:\WINDOWS\SysWOW64\napinsp.dll [54784] (Microsoft Corporation)
Catalog5 02 C:\WINDOWS\SysWOW64\pnrpnsp.dll [70144] (Microsoft Corporation)
Catalog5 03 C:\WINDOWS\SysWOW64\pnrpnsp.dll [70144] (Microsoft Corporation)
Catalog5 04 C:\WINDOWS\SysWOW64\NLAapi.dll [64000] (Microsoft Corporation)
Catalog5 05 C:\WINDOWS\SysWOW64\mswsock.dll [306528] (Microsoft Corporation)
Catalog5 06 C:\WINDOWS\SysWOW64\winrnr.dll [23552] (Microsoft Corporation)
Catalog9 01 C:\WINDOWS\SysWOW64\mswsock.dll [306528] (Microsoft Corporation)
Catalog9 02 C:\WINDOWS\SysWOW64\mswsock.dll [306528] (Microsoft Corporation)
Catalog9 03 C:\WINDOWS\SysWOW64\mswsock.dll [306528] (Microsoft Corporation)
Catalog9 04 C:\WINDOWS\SysWOW64\mswsock.dll [306528] (Microsoft Corporation)
Catalog9 05 C:\WINDOWS\SysWOW64\mswsock.dll [306528] (Microsoft Corporation)
Catalog9 06 C:\WINDOWS\SysWOW64\mswsock.dll [306528] (Microsoft Corporation)
Catalog9 07 C:\WINDOWS\SysWOW64\mswsock.dll [306528] (Microsoft Corporation)
Catalog9 08 C:\WINDOWS\SysWOW64\mswsock.dll [306528] (Microsoft Corporation)
Catalog9 09 C:\WINDOWS\SysWOW64\mswsock.dll [306528] (Microsoft Corporation)
Catalog9 10 C:\WINDOWS\SysWOW64\mswsock.dll [306528] (Microsoft Corporation)
Catalog9 11 C:\WINDOWS\SysWOW64\mswsock.dll [306528] (Microsoft Corporation)
x64-Catalog5 01 C:\Windows\System32\napinsp.dll [67072] (Microsoft Corporation)
x64-Catalog5 02 C:\Windows\System32\pnrpnsp.dll [87040] (Microsoft Corporation)
x64-Catalog5 03 C:\Windows\System32\pnrpnsp.dll [87040] (Microsoft Corporation)
x64-Catalog5 04 C:\Windows\System32\NLAapi.dll [79872] (Microsoft Corporation)
x64-Catalog5 05 C:\Windows\System32\mswsock.dll [364384] (Microsoft Corporation)
x64-Catalog5 06 C:\Windows\System32\winrnr.dll [31744] (Microsoft Corporation)
x64-Catalog9 01 C:\Windows\System32\mswsock.dll [364384] (Microsoft Corporation)
x64-Catalog9 02 C:\Windows\System32\mswsock.dll [364384] (Microsoft Corporation)
x64-Catalog9 03 C:\Windows\System32\mswsock.dll [364384] (Microsoft Corporation)
x64-Catalog9 04 C:\Windows\System32\mswsock.dll [364384] (Microsoft Corporation)
x64-Catalog9 05 C:\Windows\System32\mswsock.dll [364384] (Microsoft Corporation)
x64-Catalog9 06 C:\Windows\System32\mswsock.dll [364384] (Microsoft Corporation)
x64-Catalog9 07 C:\Windows\System32\mswsock.dll [364384] (Microsoft Corporation)
x64-Catalog9 08 C:\Windows\System32\mswsock.dll [364384] (Microsoft Corporation)
x64-Catalog9 09 C:\Windows\System32\mswsock.dll [364384] (Microsoft Corporation)
x64-Catalog9 10 C:\Windows\System32\mswsock.dll [364384] (Microsoft Corporation)
x64-Catalog9 11 C:\Windows\System32\mswsock.dll [364384] (Microsoft Corporation)
 
========================= Event log errors: ===============================
 
Application errors:
==================
Error: (09/30/2015 10:59:55 PM) (Source: Application Hang) (User: )
Description: Le programme GTA5.exe version 1.0.463.1 a cessé d'interagir avec Windows et a été fermé. Pour déterminer si des informations supplémentaires sont disponibles, consultez l'historique du problème dans le panneau de configuration Sécurité et maintenance.
 
ID de processus : 60c
 
Heure de début : 01d0fbeb39540cbf
 
Heure de fin : 4294967295
 
Chemin d'accès de l'application : D:\SteamLibrary\steamapps\common\Grand Theft Auto V\GTA5.exe
 
ID de rapport : 7d10f721-67e8-11e5-aa30-10c37b92a3fe
 
Nom complet du package défaillant : 
 
ID de l'application relative au package défaillant :
 
Error: (09/30/2015 10:58:30 PM) (Source: Application Error) (User: )
Description: Nom de l’application défaillante dwm.exe, version : 10.0.10240.16384, horodatage : 0x559f3907
Nom du module défaillant : dwmcore.dll, version : 10.0.10240.16461, horodatage : 0x55d2d629
Code d’exception : 0xc0000602
Décalage d’erreur : 0x00000000000aca77
ID du processus défaillant : 0x354
Heure de début de l’application défaillante : 0xdwm.exe0
Chemin d’accès de l’application défaillante : dwm.exe1
Chemin d’accès du module défaillant: dwm.exe2
ID de rapport : dwm.exe3
Nom complet du package défaillant : dwm.exe4
ID de l’application relative au package défaillant : dwm.exe5
 
Error: (09/30/2015 08:36:33 PM) (Source: Microsoft-Windows-Immersive-Shell) (User: OLLIEPC)
Description: Échec de l’activation de l’application Microsoft.Windows.Cortana_cw5n1h2txyewy!CortanaUI avec l’erreur : -2144927141 Pour plus d’informations, voir le journal Microsoft-Windows-TWinUI/Opérationnel.
 
Error: (09/30/2015 08:10:49 PM) (Source: Microsoft-Windows-Immersive-Shell) (User: OLLIEPC)
Description: Échec de l’activation de l’application Microsoft.Windows.Cortana_cw5n1h2txyewy!CortanaUI avec l’erreur : -2144927141 Pour plus d’informations, voir le journal Microsoft-Windows-TWinUI/Opérationnel.
 
Error: (09/30/2015 07:57:03 PM) (Source: Microsoft-Windows-CAPI2) (User: )
Description: Les services de chiffrement ont échoué lors du traitement de l’appel OnIdentity() dans l’objet System Writer.
 
 
Details:
AddLegacyDriverFiles: Unable to back up image of binary Protocole LLDP (Link Layer Discovery Protocol) Microsoft.
 
System Error:
Accès refusé.
.
 
Error: (09/30/2015 12:47:49 AM) (Source: Microsoft-Windows-Immersive-Shell) (User: OLLIEPC)
Description: Échec de l’activation de l’application Microsoft.Windows.Cortana_cw5n1h2txyewy!CortanaUI avec l’erreur : -2144927141 Pour plus d’informations, voir le journal Microsoft-Windows-TWinUI/Opérationnel.
 
Error: (09/29/2015 07:19:57 PM) (Source: Microsoft-Windows-Immersive-Shell) (User: OLLIEPC)
Description: Échec de l’activation de l’application Microsoft.Windows.Cortana_cw5n1h2txyewy!CortanaUI avec l’erreur : -2144927141 Pour plus d’informations, voir le journal Microsoft-Windows-TWinUI/Opérationnel.
 
Error: (09/29/2015 05:23:17 PM) (Source: Application Hang) (User: )
Description: Le programme RevoUninPro.exe version 3.1.4.0 a cessé d'interagir avec Windows et a été fermé. Pour déterminer si des informations supplémentaires sont disponibles, consultez l'historique du problème dans le panneau de configuration Sécurité et maintenance.
 
ID de processus : f04
 
Heure de début : 01d0fafc4ecc3ee0
 
Heure de fin : 6
 
Chemin d'accès de l'application : C:\Program Files\VS Revo Group\Revo Uninstaller Pro\RevoUninPro.exe
 
ID de rapport : 4976f14e-66f0-11e5-aa28-10c37b92a3fe
 
Nom complet du package défaillant : 
 
ID de l'application relative au package défaillant :
 
Error: (09/29/2015 05:18:20 PM) (Source: Microsoft-Windows-CAPI2) (User: )
Description: Les services de chiffrement ont échoué lors du traitement de l’appel OnIdentity() dans l’objet System Writer.
 
 
Details:
AddLegacyDriverFiles: Unable to back up image of binary Protocole LLDP (Link Layer Discovery Protocol) Microsoft.
 
System Error:
Accès refusé.
.
 
Error: (09/29/2015 05:18:18 PM) (Source: VSS) (User: )
Description: Erreur du service de cliché instantané des volumes : erreur lors de l’interrogation de l’interface IVssWriterCallback. hr = 0x80070005, Accès refusé.
.
Cette erreur est souvent due à des paramètres de sécurité incorrects dans le processus du rédacteur ou du demandeur.
 
 
Opération :
   Données du rédacteur en cours de collecte
 
Contexte :
   ID de classe du rédacteur: {e8132975-6f93-4464-a53e-1050253ae220}
   Nom du rédacteur: System Writer
   ID d’instance du rédacteur: {1a2de6cc-9e4b-4cac-abbe-0bdd0b5f2679}
 
 
System errors:
=============
Error: (09/30/2015 09:31:58 PM) (Source: Service Control Manager) (User: )
Description: Le service NVIDIA Streamer Service s’est terminé de façon inattendue pour la 1ème fois.
 
Error: (09/30/2015 09:11:37 PM) (Source: EventLog) (User: )
Description: L’arrêt système précédant à 9:08:09 PM le ‎2015-‎09-‎30 n’était pas prévu.
 
Error: (09/30/2015 09:11:21 PM) (Source: Microsoft-Windows-Kernel-Boot) (User: AUTORITE NT)
Description: 32212256844708899065215480
 
Error: (09/30/2015 09:01:42 PM) (Source: Service Control Manager) (User: )
Description: Le service Accès aux données utilisateur_Session1 s’est terminé de manière inattendue. Ceci s’est produit 1 fois. L’action corrective suivante va être effectuée dans 10000 millisecondes : Redémarrer le service.
 
Error: (09/30/2015 09:01:42 PM) (Source: Service Control Manager) (User: )
Description: Le service Stockage des données utilisateur_Session1 s’est terminé de manière inattendue. Ceci s’est produit 1 fois. L’action corrective suivante va être effectuée dans 10000 millisecondes : Redémarrer le service.
 
Error: (09/30/2015 09:01:42 PM) (Source: Service Control Manager) (User: )
Description: Le service Données de contacts_Session1 s’est terminé de manière inattendue. Ceci s’est produit 1 fois. L’action corrective suivante va être effectuée dans 10000 millisecondes : Redémarrer le service.
 
Error: (09/30/2015 09:01:42 PM) (Source: Service Control Manager) (User: )
Description: Le service Hôte de synchronisation_Session1 s’est terminé de manière inattendue. Ceci s’est produit 1 fois. L’action corrective suivante va être effectuée dans 10000 millisecondes : Redémarrer le service.
 
Error: (09/30/2015 08:56:41 PM) (Source: Service Control Manager) (User: )
Description: Le service Accès aux données utilisateur_Session1 s’est terminé de manière inattendue. Ceci s’est produit 1 fois. L’action corrective suivante va être effectuée dans 10000 millisecondes : Redémarrer le service.
 
Error: (09/30/2015 08:56:41 PM) (Source: Service Control Manager) (User: )
Description: Le service Stockage des données utilisateur_Session1 s’est terminé de manière inattendue. Ceci s’est produit 1 fois. L’action corrective suivante va être effectuée dans 10000 millisecondes : Redémarrer le service.
 
Error: (09/30/2015 08:56:41 PM) (Source: Service Control Manager) (User: )
Description: Le service Données de contacts_Session1 s’est terminé de manière inattendue. Ceci s’est produit 1 fois. L’action corrective suivante va être effectuée dans 10000 millisecondes : Redémarrer le service.
 
 
Microsoft Office Sessions:
=========================
Error: (09/30/2015 10:59:55 PM) (Source: Application Hang)(User: )
Description: GTA5.exe1.0.463.160c01d0fbeb39540cbf4294967295D:\SteamLibrary\steamapps\common\Grand Theft Auto V\GTA5.exe7d10f721-67e8-11e5-aa30-10c37b92a3fe
 
Error: (09/30/2015 10:58:30 PM) (Source: Application Error)(User: )
Description: dwm.exe10.0.10240.16384559f3907dwmcore.dll10.0.10240.1646155d2d629c000060200000000000aca7735401d0fbe61e810596C:\WINDOWS\system32\dwm.exeC:\WINDOWS\system32\dwmcore.dll88ccf800-4ca1-4062-b5d5-a3dca461995c
 
Error: (09/30/2015 08:36:33 PM) (Source: Microsoft-Windows-Immersive-Shell)(User: OLLIEPC)
Description: Microsoft.Windows.Cortana_cw5n1h2txyewy!CortanaUI-2144927141
 
Error: (09/30/2015 08:10:49 PM) (Source: Microsoft-Windows-Immersive-Shell)(User: OLLIEPC)
Description: Microsoft.Windows.Cortana_cw5n1h2txyewy!CortanaUI-2144927141
 
Error: (09/30/2015 07:57:03 PM) (Source: Microsoft-Windows-CAPI2)(User: )
Description: 
Details:
AddLegacyDriverFiles: Unable to back up image of binary Protocole LLDP (Link Layer Discovery Protocol) Microsoft.
 
System Error:
Accès refusé.
 
Error: (09/30/2015 12:47:49 AM) (Source: Microsoft-Windows-Immersive-Shell)(User: OLLIEPC)
Description: Microsoft.Windows.Cortana_cw5n1h2txyewy!CortanaUI-2144927141
 
Error: (09/29/2015 07:19:57 PM) (Source: Microsoft-Windows-Immersive-Shell)(User: OLLIEPC)
Description: Microsoft.Windows.Cortana_cw5n1h2txyewy!CortanaUI-2144927141
 
Error: (09/29/2015 05:23:17 PM) (Source: Application Hang)(User: )
Description: RevoUninPro.exe3.1.4.0f0401d0fafc4ecc3ee06C:\Program Files\VS Revo Group\Revo Uninstaller Pro\RevoUninPro.exe4976f14e-66f0-11e5-aa28-10c37b92a3fe
 
Error: (09/29/2015 05:18:20 PM) (Source: Microsoft-Windows-CAPI2)(User: )
Description: 
Details:
AddLegacyDriverFiles: Unable to back up image of binary Protocole LLDP (Link Layer Discovery Protocol) Microsoft.
 
System Error:
Accès refusé.
 
Error: (09/29/2015 05:18:18 PM) (Source: VSS)(User: )
Description: 0x80070005, Accès refusé.
 
 
Opération :
   Données du rédacteur en cours de collecte
 
Contexte :
   ID de classe du rédacteur: {e8132975-6f93-4464-a53e-1050253ae220}
   Nom du rédacteur: System Writer
   ID d’instance du rédacteur: {1a2de6cc-9e4b-4cac-abbe-0bdd0b5f2679}
 
 
=========================== Installed Programs ============================
 
µTorrent (HKCU\...\uTorrent) (Version: 3.4.5.41162 - BitTorrent Inc.)
ACE COMBAT™ ASSAULT HORIZON Enhanced Edition (HKLM-x32\...\Steam App 228400) (Version:  - NAMCO)
Adobe Flash Player 19 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 19.0.0.185 - Adobe Systems Incorporated)
Asmedia ASM104x USB 3.0 Host Controller Driver (HKLM-x32\...\{E4FB0B39-C991-4EE7-95DD-1A1A7857D33D}) (Version: 1.16.12.0 - Asmedia Technology)
ASUS Boot Setting (HKLM-x32\...\{7AAE9187-C24F-4073-A951-36C370E7A3A5}) (Version: 1.00.17 - ASUSTeK Computer Inc.)
Avast Pro Antivirus (HKLM-x32\...\Avast) (Version: 10.4.2233 - AVAST Software)
CCleaner (HKLM\...\CCleaner) (Version: 5.09 - Piriform)
CEVO CS:GO Client Beta version 1.0 (HKLM-x32\...\CEVO CS:GO Client Beta_is1) (Version: 1.0 - )
Counter-Strike: Global Offensive (HKLM-x32\...\Steam App 730) (Version:  - Valve)
Euro Truck Simulator 2 (HKLM-x32\...\Steam App 227300) (Version:  - SCS Software)
EVGA OC Scanner X 3.6.1.2 (64-bit) (HKLM\...\{CC520CF6-B02E-49AA-8192-C1DDC159E0AA}}_is1) (Version:  - EVGA)
EVGA PrecisionX 16 (HKLM-x32\...\{5DE6FF54-FBEE-48D7-BD6C-86DA8B72BAF4}) (Version: 5.3.8 - EVGA Corporation)
FileZilla Client 3.13.0 (HKLM-x32\...\FileZilla Client) (Version: 3.13.0 - Tim Kosse)
Fishing Planet (HKLM-x32\...\Steam App 380600) (Version:  - Fishing Planet LLC)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 45.0.2454.101 - Google Inc.)
Google Update Helper (HKLM-x32\...\{60EC980A-BDA2-4CB6-A427-B07A5498B4CA}) (Version: 1.3.28.15 - Google Inc.) Hidden
Grand Theft Auto IV (HKLM-x32\...\Steam App 12210) (Version:  - Rockstar North)
Grand Theft Auto V (HKLM-x32\...\Steam App 271590) (Version:  - Rockstar North)
HWiNFO32 Version 5.04 (HKLM-x32\...\HWiNFO32_is1) (Version: 5.04 - Martin Malík - REALiX)
Java 8 Update 60 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83218060F0}) (Version: 8.0.600.27 - Oracle Corporation)
LCPD First Response (HKLM-x32\...\LCPD First Response) (Version: 1.0.0.0d - G17 Media)
Logitech Gaming Software 5.10 (HKLM\...\{1444D2EE-C7AD-44A8-844F-2634B49353D1}) (Version: 5.10.127 - Logitech)
Malwarebytes Anti-Malware version 2.1.8.1057 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.1.8.1057 - Malwarebytes Corporation)
Microsoft Games for Windows - LIVE Redistributable (HKLM-x32\...\{832D9DE0-8AFC-4689-9819-4DBBDEBD3E4F}) (Version: 3.5.92.0 - Microsoft Corporation)
Microsoft Games for Windows Marketplace (HKLM-x32\...\{67F42018-F647-4D3C-BE62-F8CB4FE2FCD5}) (Version: 3.5.67.0 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{6ce5bae9-d3ca-4b99-891a-1dc6c118a5fc}) (Version: 8.0.59192 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{6E8E85E8-CE4B-4FF5-91F7-04999C9FAE6A}) (Version: 8.0.50727.42 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 (HKLM-x32\...\{050d4fc8-5d48-4b8f-8972-47c82c46020f}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (HKLM-x32\...\{f65db027-aff3-4070-886a-0d87064aabb1}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2015 Redistributable (x64) - 14.0.23026 (HKLM-x32\...\{e46eca4f-393b-40df-9f49-076faf788d83}) (Version: 14.0.23026.0 - Microsoft Corporation)
Microsoft Visual C++ 2015 Redistributable (x86) - 14.0.23026 (HKLM-x32\...\{74d0e5db-b326-4dae-a6b2-445b9de1836e}) (Version: 14.0.23026.0 - Microsoft Corporation)
Microsoft Xbox 360 Accessories 1.2 (HKLM\...\{D9C50188-12D5-4D3E-8F00-682346C2AA5F}) (Version: 1.20.146.0 - Microsoft)
Microsoft XNA Framework Redistributable 4.0 Refresh (HKLM-x32\...\{D69C8EDE-BBC5-436B-8E0E-C5A6D311CF4F}) (Version: 4.0.30901.0 - Microsoft Corporation)
Mises à jour NVIDIA 2.5.14.5 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Update) (Version: 2.5.14.5 - NVIDIA Corporation) Hidden
Mount Your Friends (HKLM-x32\...\Steam App 296470) (Version:  - Stegersaurus Software Inc.)
Mozilla Firefox 40.0.3 (x86 fr) (HKLM-x32\...\Mozilla Firefox 40.0.3 (x86 fr)) (Version: 40.0.3 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 40.0.3.5716 - Mozilla)
Notepad++ (HKLM-x32\...\Notepad++) (Version: 6.8.1 - Notepad++ Team)
NVIDIA GeForce Experience 2.5.14.5 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.GFExperience) (Version: 2.5.14.5 - NVIDIA Corporation)
NVIDIA Logiciel système PhysX 9.15.0428 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.15.0428 - NVIDIA Corporation)
NVIDIA Pilote 3D Vision 355.98 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision) (Version: 355.98 - NVIDIA Corporation)
NVIDIA Pilote audio HD : 1.3.34.3 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver) (Version: 1.3.34.3 - NVIDIA Corporation)
NVIDIA Pilote du contrôleur 3D Vision 352.65 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NVIRUSB) (Version: 352.65 - NVIDIA Corporation)
NVIDIA Pilote graphique 355.98 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 355.98 - NVIDIA Corporation)
NVIDIA Son virtuel Miracast 347.25 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Miracast.VirtualAudio) (Version: 347.25 - NVIDIA Corporation)
Panneau de configuration NVIDIA 355.98 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.ControlPanel) (Version: 355.98 - NVIDIA Corporation) Hidden
Project CARS (HKLM-x32\...\Steam App 234630) (Version:  - Slightly Mad Studios)
Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 10.3.723.2015 - Realtek)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.7023 - Realtek Semiconductor Corp.)
Revo Uninstaller Pro 3.1.4 (HKLM\...\{67579783-0FB7-4F7B-B881-E5BE47C9DBE0}_is1) (Version: 3.1.4 - VS Revo Group, Ltd.)
Rockstar Games Social Club (HKLM-x32\...\Rockstar Games Social Club) (Version: 1.1.6.5 - Rockstar Games)
SHIELD Streaming (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_GFExperience.NvStreamSrv) (Version: 4.1.3000 - NVIDIA Corporation) Hidden
SHIELD Wireless Controller Driver (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_ShieldWirelessController) (Version: 2.5.14.5 - NVIDIA Corporation) Hidden
Steam (HKLM-x32\...\Steam) (Version: 2.10.91.91 - Valve Corporation)
Unigine Valley Benchmark version 1.0 (HKLM-x32\...\Unigine Valley Benchmark_is1) (Version: 1.0 - Unigine Corp.)
WinRAR 5.21 (32-bit) (HKLM-x32\...\WinRAR archiver) (Version: 5.21.0 - win.rar GmbH)
World of Warships (HKCU\...\{1EAC1D02-C6AC-4FA6-9A44-96258C37C814na}_is1) (Version:  - Wargaming.net)
 
========================= Devices: ================================
 
 
========================= Memory info: ===================================
 
Percentage of memory in use: 14%
Total physical RAM: 16283.77 MB
Available physical RAM: 13923.57 MB
Total Virtual: 18715.77 MB
Available Virtual: 16115.47 MB
 
========================= Partitions: =====================================
 
1 Drive c: () (Fixed) (Total:99.67 GB) (Free:23.51 GB) NTFS
2 Drive d: (Jeux) (Fixed) (Total:931.51 GB) (Free:497.06 GB) NTFS
4 Drive f: (Vidéos) (Fixed) (Total:465.76 GB) (Free:408.64 GB) NTFS
 
========================= Users: ========================================
 
comptes d'utilisateurs de \\OLLIEPC
 
Administrateur           DefaultAccount           Invit‚                   
Ollie                    
La commande s'est termin‚e correctement.
 
========================= Restore Points ==================================
 
28-09-2015 07:38:14 Point de contrôle planifié
29-09-2015 21:18:18 Revo Uninstaller Pro's restore point - Aslain's WoWs Modpack version 0.6.2
30-09-2015 23:56:58 Removed Corsair Utility Engine
 
**** End of log ****
 
 
 
 
FSS LOG :
 
Farbar Service Scanner Version: 26-07-2015
Ran by Ollie (administrator) on 30-09-2015 at 23:34:17
Running from "C:\Users\olivi\Downloads"
Microsoft Windows 10 Professionnel  (X64)
Boot Mode: Normal
****************************************************************
 
Internet Services:
============
 
Connection Status:
==============
Localhost is accessible.
LAN connected.
Google IP is accessible.
Google.com is accessible.
Yahoo.com is accessible.
 
 
Windows Firewall:
=============
 
Firewall Disabled Policy: 
==================
 
 
System Restore:
============
 
System Restore Policy: 
========================
 
 
Action Center:
============
 
 
Windows Update:
============
 
Windows Autoupdate Disabled Policy: 
============================
 
 
Windows Defender:
==============
WinDefend Service is not running. Checking service configuration:
The start type of WinDefend service is set to Demand. The default start type is Auto.
The ImagePath of WinDefend: ""%ProgramFiles%\Windows Defender\MsMpEng.exe"".
 
 
Windows Defender Disabled Policy: 
==========================
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows Defender]
"DisableAntiSpyware"=DWORD:1
 
 
Other Services:
==============
 
 
File Check:
========
C:\Windows\System32\nsisvc.dll => File is digitally signed
C:\Windows\System32\drivers\nsiproxy.sys => File is digitally signed
C:\Windows\System32\dhcpcore.dll => File is digitally signed
C:\Windows\System32\drivers\afd.sys => File is digitally signed
C:\Windows\System32\drivers\tdx.sys => File is digitally signed
C:\Windows\System32\Drivers\tcpip.sys => File is digitally signed
C:\Windows\System32\dnsrslvr.dll => File is digitally signed
C:\Windows\System32\mpssvc.dll => File is digitally signed
C:\Windows\System32\bfe.dll => File is digitally signed
C:\Windows\System32\drivers\mpsdrv.sys => File is digitally signed
C:\Windows\System32\wscsvc.dll => File is digitally signed
C:\Windows\System32\wbem\WMIsvc.dll => File is digitally signed
C:\Windows\System32\wuaueng.dll => File is digitally signed
C:\Windows\System32\qmgr.dll => File is digitally signed
C:\Windows\System32\es.dll => File is digitally signed
C:\Windows\System32\cryptsvc.dll => File is digitally signed
C:\Program Files\Windows Defender\MpSvc.dll => File is digitally signed
C:\Program Files\Windows Defender\MsMpEng.exe => File is digitally signed
C:\Windows\System32\ipnathlp.dll => File is digitally signed
C:\Windows\System32\iphlpsvc.dll => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
 
 
**** End of log ****
 
 
 
 
SECURITY CHECK LOG :
 
 Results of screen317's Security Check version 1.009  
   x64 (UAC is enabled)  
 Internet Explorer 11  
``````````````Antivirus/Firewall Check:``````````````
Windows Defender   
avast! Antivirus   
 Antivirus up to date!   
`````````Anti-malware/Other Utilities Check:`````````
 Java 8 Update 60  
 Adobe Flash Player 19.0.0.185  
 Mozilla Firefox (40.0.3) 
 Google Chrome (45.0.2454.101) 
 Google Chrome (45.0.2454.99) 
````````Process Check: objlist.exe by Laurent````````
 AVAST Software Avast AvastSvc.exe  
 AVAST Software Avast AvastUI.exe  
`````````````````System Health check`````````````````
 Total Fragmentation on Drive C:  % 
````````````````````End of Log``````````````````````
 
 

 

 

MALWAREBITES LOG1 :

 

Malwarebytes Anti-Malware
www.malwarebytes.org
 
Scan Date: 2015-09-30
Scan Time: 11:36 PM
Logfile: MBScan.txt
Administrator: Yes
 
Version: 2.1.8.1057
Malware Database: v2015.10.01.01
Rootkit Database: v2015.09.22.01
License: Free
Malware Protection: Disabled
Malicious Website Protection: Disabled
Self-protection: Disabled
 
OS: Windows 10
CPU: x64
File System: NTFS
User: Ollie
 
Scan Type: Threat Scan
Result: Completed
Objects Scanned: 345127
Time Elapsed: 4 min, 4 sec
 
Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Disabled
Heuristics: Enabled
PUP: Enabled
PUM: Enabled
 
Processes: 0
(No malicious items detected)
 
Modules: 0
(No malicious items detected)
 
Registry Keys: 19
PUP.Optional.OpenCandy, HKLM\SOFTWARE\WOW6432NODE\CLASSES\CLSID\{47A1DF02-BCE4-40C3-AE47-E3EA09A65E4A}, , [6f56e36ee5a6d6605e00664c1be7f907], 
PUP.Optional.OpenCandy, HKLM\SOFTWARE\CLASSES\INTERFACE\{47A1DF02-BCE4-40C3-AE47-E3EA09A65E4A}, , [6f56e36ee5a6d6605e00664c1be7f907], 
PUP.Optional.OpenCandy, HKLM\SOFTWARE\WOW6432NODE\CLASSES\INTERFACE\{47A1DF02-BCE4-40C3-AE47-E3EA09A65E4A}, , [6f56e36ee5a6d6605e00664c1be7f907], 
PUP.Optional.OpenCandy, HKLM\SOFTWARE\CLASSES\WOW6432NODE\INTERFACE\{47A1DF02-BCE4-40C3-AE47-E3EA09A65E4A}, , [6f56e36ee5a6d6605e00664c1be7f907], 
PUP.Optional.OpenCandy, HKLM\SOFTWARE\CLASSES\WOW6432NODE\CLSID\{47A1DF02-BCE4-40C3-AE47-E3EA09A65E4A}, , [6f56e36ee5a6d6605e00664c1be7f907], 
PUP.Optional.OpenCandy, HKLM\SOFTWARE\WOW6432NODE\CLASSES\CLSID\{B9D64D3B-BE75-4FA2-B94A-C4AE772A0146}, , [6f56e36ee5a6d6605e00664c1be7f907], 
PUP.Optional.OpenCandy, HKLM\SOFTWARE\CLASSES\TYPELIB\{1112F282-7099-4624-A439-DB29D6551552}, , [6f56e36ee5a6d6605e00664c1be7f907], 
PUP.Optional.OpenCandy, HKLM\SOFTWARE\CLASSES\INTERFACE\{FA7B2795-C0C8-4A58-8672-3F8D80CC0270}, , [6f56e36ee5a6d6605e00664c1be7f907], 
PUP.Optional.OpenCandy, HKLM\SOFTWARE\WOW6432NODE\CLASSES\INTERFACE\{FA7B2795-C0C8-4A58-8672-3F8D80CC0270}, , [6f56e36ee5a6d6605e00664c1be7f907], 
PUP.Optional.OpenCandy, HKLM\SOFTWARE\CLASSES\WOW6432NODE\INTERFACE\{FA7B2795-C0C8-4A58-8672-3F8D80CC0270}, , [6f56e36ee5a6d6605e00664c1be7f907], 
PUP.Optional.OpenCandy, HKLM\SOFTWARE\WOW6432NODE\CLASSES\TYPELIB\{1112F282-7099-4624-A439-DB29D6551552}, , [6f56e36ee5a6d6605e00664c1be7f907], 
PUP.Optional.OpenCandy, HKLM\SOFTWARE\CLASSES\WOW6432NODE\TYPELIB\{1112F282-7099-4624-A439-DB29D6551552}, , [6f56e36ee5a6d6605e00664c1be7f907], 
PUP.Optional.OpenCandy, HKLM\SOFTWARE\CLASSES\OCComSDK.ComSDK.1, , [6f56e36ee5a6d6605e00664c1be7f907], 
PUP.Optional.OpenCandy, HKLM\SOFTWARE\CLASSES\OCComSDK.ComSDK, , [6f56e36ee5a6d6605e00664c1be7f907], 
PUP.Optional.OpenCandy, HKLM\SOFTWARE\WOW6432NODE\CLASSES\OCComSDK.ComSDK, , [6f56e36ee5a6d6605e00664c1be7f907], 
PUP.Optional.OpenCandy, HKLM\SOFTWARE\CLASSES\WOW6432NODE\OCComSDK.ComSDK, , [6f56e36ee5a6d6605e00664c1be7f907], 
PUP.Optional.OpenCandy, HKLM\SOFTWARE\WOW6432NODE\CLASSES\OCComSDK.ComSDK.1, , [6f56e36ee5a6d6605e00664c1be7f907], 
PUP.Optional.OpenCandy, HKLM\SOFTWARE\CLASSES\WOW6432NODE\OCComSDK.ComSDK.1, , [6f56e36ee5a6d6605e00664c1be7f907], 
PUP.Optional.OpenCandy, HKLM\SOFTWARE\CLASSES\WOW6432NODE\CLSID\{B9D64D3B-BE75-4FA2-B94A-C4AE772A0146}, , [6f56e36ee5a6d6605e00664c1be7f907], 
 
Registry Values: 0
(No malicious items detected)
 
Registry Data: 0
(No malicious items detected)
 
Folders: 0
(No malicious items detected)
 
Files: 2
PUP.Optional.OpenCandy, C:\Users\olivi\AppData\Local\Temp\HYDEBF1.tmp.1443412655\HTA\install.1443412655.zip, , [596cf35eec9f6ec8d9851c9614ee04fc], 
PUP.Optional.OpenCandy, C:\Users\olivi\AppData\Local\Temp\HYDEBF1.tmp.1443412655\HTA\3rdparty\OCComSDK.dll, , [6f56e36ee5a6d6605e00664c1be7f907], 
 
Physical Sectors: 0
(No malicious items detected)
 
 
(end)
 
 
 
MALWAREBITES LOG2 :
 
Malwarebytes Anti-Malware
www.malwarebytes.org
 
Scan Date: 2015-09-30
Scan Time: 11:36 PM
Logfile: MBScan2.txt
Administrator: Yes
 
Version: 2.1.8.1057
Malware Database: v2015.10.01.01
Rootkit Database: v2015.09.22.01
License: Free
Malware Protection: Disabled
Malicious Website Protection: Disabled
Self-protection: Disabled
 
OS: Windows 10
CPU: x64
File System: NTFS
User: Ollie
 
Scan Type: Threat Scan
Result: Completed
Objects Scanned: 345127
Time Elapsed: 4 min, 4 sec
 
Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Disabled
Heuristics: Enabled
PUP: Enabled
PUM: Enabled
 
Processes: 0
(No malicious items detected)
 
Modules: 0
(No malicious items detected)
 
Registry Keys: 19
PUP.Optional.OpenCandy, HKLM\SOFTWARE\WOW6432NODE\CLASSES\CLSID\{47A1DF02-BCE4-40C3-AE47-E3EA09A65E4A}, Quarantined, [6f56e36ee5a6d6605e00664c1be7f907], 
PUP.Optional.OpenCandy, HKLM\SOFTWARE\CLASSES\INTERFACE\{47A1DF02-BCE4-40C3-AE47-E3EA09A65E4A}, Quarantined, [6f56e36ee5a6d6605e00664c1be7f907], 
PUP.Optional.OpenCandy, HKLM\SOFTWARE\WOW6432NODE\CLASSES\INTERFACE\{47A1DF02-BCE4-40C3-AE47-E3EA09A65E4A}, Quarantined, [6f56e36ee5a6d6605e00664c1be7f907], 
PUP.Optional.OpenCandy, HKLM\SOFTWARE\CLASSES\WOW6432NODE\INTERFACE\{47A1DF02-BCE4-40C3-AE47-E3EA09A65E4A}, Quarantined, [6f56e36ee5a6d6605e00664c1be7f907], 
PUP.Optional.OpenCandy, HKLM\SOFTWARE\CLASSES\WOW6432NODE\CLSID\{47A1DF02-BCE4-40C3-AE47-E3EA09A65E4A}, Quarantined, [6f56e36ee5a6d6605e00664c1be7f907], 
PUP.Optional.OpenCandy, HKLM\SOFTWARE\WOW6432NODE\CLASSES\CLSID\{B9D64D3B-BE75-4FA2-B94A-C4AE772A0146}, Quarantined, [6f56e36ee5a6d6605e00664c1be7f907], 
PUP.Optional.OpenCandy, HKLM\SOFTWARE\CLASSES\TYPELIB\{1112F282-7099-4624-A439-DB29D6551552}, Quarantined, [6f56e36ee5a6d6605e00664c1be7f907], 
PUP.Optional.OpenCandy, HKLM\SOFTWARE\CLASSES\INTERFACE\{FA7B2795-C0C8-4A58-8672-3F8D80CC0270}, Quarantined, [6f56e36ee5a6d6605e00664c1be7f907], 
PUP.Optional.OpenCandy, HKLM\SOFTWARE\WOW6432NODE\CLASSES\INTERFACE\{FA7B2795-C0C8-4A58-8672-3F8D80CC0270}, Quarantined, [6f56e36ee5a6d6605e00664c1be7f907], 
PUP.Optional.OpenCandy, HKLM\SOFTWARE\CLASSES\WOW6432NODE\INTERFACE\{FA7B2795-C0C8-4A58-8672-3F8D80CC0270}, Quarantined, [6f56e36ee5a6d6605e00664c1be7f907], 
PUP.Optional.OpenCandy, HKLM\SOFTWARE\WOW6432NODE\CLASSES\TYPELIB\{1112F282-7099-4624-A439-DB29D6551552}, Quarantined, [6f56e36ee5a6d6605e00664c1be7f907], 
PUP.Optional.OpenCandy, HKLM\SOFTWARE\CLASSES\WOW6432NODE\TYPELIB\{1112F282-7099-4624-A439-DB29D6551552}, Quarantined, [6f56e36ee5a6d6605e00664c1be7f907], 
PUP.Optional.OpenCandy, HKLM\SOFTWARE\CLASSES\OCComSDK.ComSDK.1, Quarantined, [6f56e36ee5a6d6605e00664c1be7f907], 
PUP.Optional.OpenCandy, HKLM\SOFTWARE\CLASSES\OCComSDK.ComSDK, Quarantined, [6f56e36ee5a6d6605e00664c1be7f907], 
PUP.Optional.OpenCandy, HKLM\SOFTWARE\WOW6432NODE\CLASSES\OCComSDK.ComSDK, Quarantined, [6f56e36ee5a6d6605e00664c1be7f907], 
PUP.Optional.OpenCandy, HKLM\SOFTWARE\CLASSES\WOW6432NODE\OCComSDK.ComSDK, Quarantined, [6f56e36ee5a6d6605e00664c1be7f907], 
PUP.Optional.OpenCandy, HKLM\SOFTWARE\WOW6432NODE\CLASSES\OCComSDK.ComSDK.1, Quarantined, [6f56e36ee5a6d6605e00664c1be7f907], 
PUP.Optional.OpenCandy, HKLM\SOFTWARE\CLASSES\WOW6432NODE\OCComSDK.ComSDK.1, Quarantined, [6f56e36ee5a6d6605e00664c1be7f907], 
PUP.Optional.OpenCandy, HKLM\SOFTWARE\CLASSES\WOW6432NODE\CLSID\{B9D64D3B-BE75-4FA2-B94A-C4AE772A0146}, Quarantined, [6f56e36ee5a6d6605e00664c1be7f907], 
 
Registry Values: 0
(No malicious items detected)
 
Registry Data: 0
(No malicious items detected)
 
Folders: 0
(No malicious items detected)
 
Files: 2
PUP.Optional.OpenCandy, C:\Users\olivi\AppData\Local\Temp\HYDEBF1.tmp.1443412655\HTA\install.1443412655.zip, Quarantined, [596cf35eec9f6ec8d9851c9614ee04fc], 
PUP.Optional.OpenCandy, C:\Users\olivi\AppData\Local\Temp\HYDEBF1.tmp.1443412655\HTA\3rdparty\OCComSDK.dll, Quarantined, [6f56e36ee5a6d6605e00664c1be7f907], 
 
Physical Sectors: 0
(No malicious items detected)
 
 
(end)

 

 

MB ANTI ROOTKIT : 

 

Congratulations, no cleanup is required!

Scan FinishedL No malware found!

 

 

 

RKILL LOG : 

 

Rkill 2.8.2 by Lawrence Abrams (Grinler)
Copyright 2008-2015 BleepingComputer.com
More Information about Rkill can be found at this link:
 
Program started at: 10/01/2015 12:01:56 AM in x64 mode.
Windows Version: Windows 10 Pro 
 
Checking for Windows services to stop:
 
 * No malware services found to stop.
 
Checking for processes to terminate:
 
 * C:\Windows\DAODx.exe (PID: 3704) [WD-HEUR]
 
1 proccess terminated!
 
Checking Registry for malware related settings:
 
 * No issues found in the Registry.
 
Resetting .EXE, .COM, & .BAT associations in the Windows Registry.
 
Performing miscellaneous checks:
 
 * Windows Defender Disabled
 
   [HKLM\SOFTWARE\Microsoft\Windows Defender]
   "DisableAntiSpyware" = dword:00000001
 
Checking Windows Service Integrity: 
 
 * HyperVideo [Missing Service]
 * netvsc [Missing Service]
 
Searching for Missing Digital Signatures: 
 
 * No issues found.
 
Checking HOSTS File: 
 
 * No issues found.
 
Program finished at: 10/01/2015 12:02:10 AM
Execution time: 0 hours(s), 0 minute(s), and 13 seconds(s)
 
 
 
 
 
 
**Sorry for french content I never been able to figure how to upgrade Windows 10 in english I also prefer english regarding computer stuff**

Edited by LeGeorgettier, 30 September 2015 - 11:04 PM.


#4 LeGeorgettier

LeGeorgettier
  • Topic Starter

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Local time:09:52 AM

Posted 05 October 2015 - 04:23 PM

Bump



#5 LeGeorgettier

LeGeorgettier
  • Topic Starter

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Local time:09:52 AM

Posted 11 October 2015 - 01:12 PM

Anyone?






0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users