Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

mywebsearch myplaycity removal


  • This topic is locked This topic is locked
27 replies to this topic

#1 Zakko

Zakko

  • Members
  • 14 posts
  • OFFLINE
  •  
  • Local time:01:45 AM

Posted 29 April 2016 - 01:26 PM

Hello, I removed my mywebsearch  and myplaycity from my computer but i want to know if it's really clean, is there anything left or didn't remove, i attached frst and hijackthis reports, thank you

Attached Files



BC AdBot (Login to Remove)

 


#2 Aura

Aura

    Bleepin' Special Ops


  • Malware Response Team
  • 19,586 posts
  • ONLINE
  •  
  • Gender:Male
  • Local time:08:45 PM

Posted 29 April 2016 - 01:47 PM

Hi Zakko :)

My name is Aura and I'll be assisting you with your malware issue. Since we'll be working together, you can call me Aura or Yoan, which is my real name, it's up to you! Now that we've broke the ice, I'll just ask you a few things during the time we'll be working together to clean your system and get it back to an operational state.
  • As you'll notice, the logs we are asking for here are quite lenghty, so it's normal for me to not reply exactly after you post them. This is because I need some time to analyse them and then act accordingly. However, I'll always reply within 24 hours, 48 hours at most if something unexpected happens;
  • As long as I'm assisting you on BleepingComputer, in this thread, I'll ask you to not seek assistance anywhere else for any issue related to the system we are working on. If you have an issue, question, etc. about your computer, please ask it in this thread and I'll assist you;
  • The same principle applies to any modifications you make to your system, I would like you to ask me before you do any manipulations that aren't in the instructions I posted. This is to ensure that we are operating in sync and I know exactly what's happening on your system;
  • If you aren't sure about an instruction I'm giving you, ask me about it. This is to ensure that the clean-up process goes without any issue. I'll answer you and even give you more precise instructions/explanations if you need. There's no shame in asking questions here, better be safe than sorry!;
  • If you don't reply to your thread within 3 days, I'll bump this thread to let you know that I'm waiting for you. If you don't reply after 5 days, it'll be closed. If you return after that period, you can send me a PM to get it unlocked and we'll continue where we left off;
  • Since malware can work quickly, we want to get rid of them as fast as we can, before they make unknown changes to the system. This being said, I would appreciate if you could reply to this thread within 24 hours of me posting. This way, we'll have a good clean-up rhythm and the chances of complications will be reduced;
  • I'm against any form of pirated, illegal and counterfeit software and material. So if you have any installed on your system, I'll ask you to uninstall them right now. You don't have to tell me if you indeed had some or not, I'll give you the benefit of the doubt. Plus, this would be against BleepingComputer's rules;
  • In the end, you are the one asking for assistance here. So if you wish to go a different way during the clean-up, like format and reinstall Windows, you are free to do so. I would appreciate you to let me know about it first, and if you need, I can also assist you in the process;
  • I would appreciate if you were to stay with me until the end, which means, until I declare your system clean. Just because your system isn't behaving weirdly anymore, or is running better than before, it doesn't mean that the infection is completely gone;
  • Since I'm still a trainee, all my posts have to be reviewed by an instructor prior to be posted to make sure that you receive the best assistance possible. Sorry for the inconvenience. This being said, I have a full time job, and I also have night classes on Mondays and Wednesdays, which means that if you reply during these two days, it'll take longer for me to reply to you. Don't worry, you'll be my first priority as soon as I get home and have time to look at your thread;
This being said, it's time to clean-up some malware, so let's get started, shall we? :)

Please give me a few hours to review your logs and prepare a reply.

Thank you!

unite_blue.png
Security Administrator | Sysnative Windows Update Senior Analyst | Malware Hunter | @SecurityAura
My timezone UTC-05:00 (East. Coast). If I didn't reply to you within 48 hours, please send me a PM.


#3 Aura

Aura

    Bleepin' Special Ops


  • Malware Response Team
  • 19,586 posts
  • ONLINE
  •  
  • Gender:Male
  • Local time:08:45 PM

Posted 30 April 2016 - 02:47 PM

Thank you for the waiting :)

It seems that you managed to get rid of pretty much everything related to mywebsearch and myplaycity, but there's still a lot of remnants left from these two infections and also other ones (Adware, PUP, Browser Hijacker, etc) so we'll take care of them.

warning.gifMalicious Programs Warning!

I noticed that you have malicious programs installed on your system. I'll ask you to uninstall them since uninstalling such programs before running malware removal tools will ensure a better clean-up.
  • DriverPack Solution Updater
  • Final Uninstaller
  • Internet Explorer Toolbar 4.6 by SweetPacks
If you have an issue when uninstalling a program, please let me know.

warning.gifOutdated Programs Warning!

I noticed that you have outdated vulnerable programs installed on your system. I'll ask you to uninstall them since keeping outdated software installed on a system puts it more at risk of being infected. Otherwise, you can update them right now, and make sure that their outdated version is uninstalled after. We will reinstall these programs at the end of the clean-up if you decide to uninstall them now, and need them after.
  • Adobe Shockwave Player 11.6
  • Visual Studio 2012 x86 Redistributables
If you have an issue when uninstalling a program, please let me know.

Once you've uninstalled the programs above, we'll run a first fix with FRST, followed by a quick sweep using JRT and AdwCleaner.

iO3R662.pngFarbar Recovery Scan Tool (FRST) - Fix mode
Follow the instructions below to execute a fix on your system using FRST, and provide the log in your next reply.
  • Download the attached fixlist.txt file, and save it on your Desktop (or wherever your FRST.exe/FRST64.exe executable is located);
  • Right-click on the FRST executable and select Rename, and rename it to EnglishFRST.exe (.exe being the extension);
  • Right-click on the FRST executable and select Spcusrh.pngRun as Administrator (for Windows Vista, 7, 8, 8.1 and 10 users);
  • Click on the Fix button;
    NYA5Cbr.png
  • On completion, a message will come up saying that the fix has been completed and it'll open a log in Notepad;
  • Copy and paste that log in your next reply;


lv0mVRW.pngJunkware Removal Tool (JRT)
  • Download Junkware Removal Tool (JRT) and move it to your Desktop;
  • Right-click on JRT.exe and select Spcusrh.pngRun as Administrator (for Windows Vista, 7, 8, 8.1 and 10 users);
  • Press on any key to launch the scan and let it complete;
    tLsXbWy.png
    Credits : BleepingComputer.com
  • Once the scan is complete, a log will open. Please copy/paste the content of the output log in your next reply;
zcMPezJ.pngAdwCleaner - Fix Mode
  • Download AdwCleaner and move it to your Desktop;
  • Right-click on AdwCleaner.exe and select Spcusrh.pngRun as Administrator (for Windows Vista, 7, 8, 8.1 and 10 users);
  • Accept the EULA (I accept), let the database update, then click on Scan;
  • Let the scan complete. Once it's done, make sure that every item listed in the different tabs is checked and click on the Cleaning button. This will kill all the active processes;
    CfdTLN1.png
  • Once the cleaning process is complete, AdwCleaner will ask to restart your computer, do it;
  • After the restart, a log will open when logging in. Please copy/paste the content of that log in your next reply;
Your next reply(ies) should include:
  • Confirmation that the programs listed above were indeed uninstalled (if not, please let me know);
  • Copy/pasted content of the FRST fixlog;
  • Copy/pasted content of the JRT clean log;
  • Copy/pasted content of the AdwCleaner clean log;

unite_blue.png
Security Administrator | Sysnative Windows Update Senior Analyst | Malware Hunter | @SecurityAura
My timezone UTC-05:00 (East. Coast). If I didn't reply to you within 48 hours, please send me a PM.


#4 Zakko

Zakko
  • Topic Starter

  • Members
  • 14 posts
  • OFFLINE
  •  
  • Local time:01:45 AM

Posted 01 May 2016 - 05:53 AM

Hello and thank you very much  for your help Aura, I have actually uninstalled the malicious and outdated software, I launched the FRST (EnglishFRST) tool from the desktop with the fixlist file being there, but it seems to take very long, is it normal? it's been like 12 hours

Edit:
I stopped FRST and ran JRT and AdwCleaner, the logs are attached, I ran a FRST scan and attached the log, I also attached FRST's fixlog file, maybe it'll help, the fixing is still taking too long

Attached Files


Edited by Zakko, 02 May 2016 - 04:48 AM.


#5 Aura

Aura

    Bleepin' Special Ops


  • Malware Response Team
  • 19,586 posts
  • ONLINE
  •  
  • Gender:Male
  • Local time:08:45 PM

Posted 02 May 2016 - 11:46 AM

It isn't normal for FRST to take that much time to run a fix, no. You did good by ending FRST, moving with the other tools and providing me the logs :) I can see that AdwCleaner and JRT deleted a lot of stuff, and I can see where FRST started to hang. Now we'll run Malwarebytes and Emsisoft Emergency Kit, and get a fresh pair of FRST logs after to see if there's anything else to address (like the items that weren't removed in the previous FRST fix because of the hang, if they are still there). Follow the instructions below please.

aOpBoaQ.pngMalwarebytes Anti-Malware - Clean Mode
  • Download and install the free version of Malwarebytes Anti-Malware
    Note: It's your choice if you want to enable the free trial of Malwarebytes Premium or not. Enabling it will give you real-time protection from the program, as well as access to all the Premium features.
    Note: If you have Malwarebytes already installed, you don't need to install it again. Simply start from the next bullet point;
  • Once Malwarebytes is installed, launch it and let it update his database. You might have to click on the Update Now button;
  • Once the database update is complete, click on the Scan tab, then select the Threat Scan button and click on Start Scan;
  • Let the scan run, the time required to complete the scan depends of your system and computer specs;
  • Once the scan is complete, make sure that the checkbox by Threat is checked (it means that every item detected is checked), then click on the Remove Selected button;
    L9PN4j1.png
  • Click on Save Results after the deletion (in the bottom-right corner) and select Copy to clipboard. Paste the content in your next reply;
0Wrv6UC.pngEmsisoft Emergency Kit
Follow the instructions below to run a scan using the Emsisoft Emergency Kit.
  • Download the Emsisoft Emergency Kit and execute it. From there, click on the Extract button to extract the program in the EEK folder;
  • Once the extraction is complete, Emsisoft Emergency Kit will open, and suggest you to run an online update before using the program. Click on Yes to launch it.
  • After the update, click on Malware Scan under 2. Scan and accept to let Emsisoft Emergency Kit detect PUPs (click on Yes).
  • Once the scan is complete, make sure that every item in the list is checked, and click on Quarantine selected;
    Egla2gt.png
  • If it asks you for a reboot to delete some items, click on Ok to reboot automatically;
  • After the restart, click on the Start Emsisoft Emergency Kit icon again on your desktop to open it;
  • This time, click on Logs;
  • From there, go under the Quarantine Log tab, and click on the Export button;
    IgfWDr3.png
  • Save the log on your desktop, then open it, and copy/paste its content in your next reply;
iO3R662.pngFarbar Recovery Scan Tool (FRST) - Scan mode
Follow the instructions below to download and execute a scan on your system with FRST, and provide the logs in your next reply.
  • Right-click on the executable and select Spcusrh.pngRun as Administrator (for Windows Vista, 7, 8, 8.1 and 10 users);
  • Accept the disclaimer by clicking on Yes, and FRST will then do a back-up of your Registry which should take a few seconds;
  • Check the Addition.txt option;
  • Click on the Scan button;
  • On completion, two message box will open, saying that the results were saved to FRST.txt and Addition.txt, then open two Notepad files;
  • Copy and paste the content of FRST.txt in your next reply, and attach Addition.txt to it;
Your next reply(ies) should include:
  • Copy/pasted content of the Malwarebytes clean log;
  • Copy/pasted content of the Emsisoft Emergency Kit log;
  • Copy/pasted content of the FRST.txt log;
  • Copy/pasted content of the Addition.txt log;

unite_blue.png
Security Administrator | Sysnative Windows Update Senior Analyst | Malware Hunter | @SecurityAura
My timezone UTC-05:00 (East. Coast). If I didn't reply to you within 48 hours, please send me a PM.


#6 Zakko

Zakko
  • Topic Starter

  • Members
  • 14 posts
  • OFFLINE
  •  
  • Local time:01:45 AM

Posted 02 May 2016 - 05:12 PM

Thank you, here are the logs:

Malwarebytes Anti-Malware
www.malwarebytes.org

Date de l'analyse: 02-05-2016
Heure de l'analyse: 18:58:38
Fichier journal: MBAM.txt
Administrateur: Oui

Version: 2.02.1.1043
Base de données de programmes malveillants: v2016.05.02.03
Base de données de rootkits: v2016.04.17.01
Licence: Premium
Protection contre les programmes malveillants: Activé
Protection contre les sites Web malveillants: Activé
Autoprotection: Désactivé

Système d'exploitation: Windows 7 Service Pack 1
Processeur: x86
Système de fichiers: NTFS
Utilisateur: krimoking@hotmail.fr

Type d'analyse: Analyse des menaces
Résultat: Terminé
Objets analysés: 341192
Temps écoulé: 14 min, 20 s

Mémoire: Activé
Démarrage: Activé
Système de fichiers: Activé
Archives: Activé
Rootkits: Désactivé
Heuristique: Activé
PUP: Activé
PUM: Activé

Processus: 0
(Aucun élément malveillant détecté)

Modules: 0
(Aucun élément malveillant détecté)

Clés du Registre: 0
(Aucun élément malveillant détecté)

Valeurs du Registre: 0
(Aucun élément malveillant détecté)

Données du Registre: 0
(Aucun élément malveillant détecté)

Dossiers: 0
(Aucun élément malveillant détecté)

Fichiers: 0
(Aucun élément malveillant détecté)

Secteurs physiques: 0
(Aucun élément malveillant détecté)


(end)

Emsisoft Emergency Kit - Version 11.0
Quarantine log

Date    Source    Event    Detection    
02-05-2016 22:03:03    C:\Users\krimoking@hotmail.fr\AppData\Roaming\Mozilla\Firefox\Profiles\olumwl30.default\Extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1}    Moved to quarantine    Application.Win32.InstallExt (A)    
02-05-2016 22:03:03    Key: HKEY_USERS\S-1-5-21-345240317-591405930-4051440267-1000\SOFTWARE\TBSB00808    Moved to quarantine    Adware.Win32.BHO (A)    
02-05-2016 22:03:03    Value: HKEY_USERS\S-1-5-21-345240317-591405930-4051440267-1000\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\POLICIES\SYSTEM -> DISABLEREGISTRYTOOLS    Moved to quarantine    Setting.DisableRegistryTools (A)    
02-05-2016 22:03:02    Key: HKEY_USERS\S-1-5-21-345240317-591405930-4051440267-501\SOFTWARE\CONDUIT    Moved to quarantine    Application.InstallAd (A)    
02-05-2016 22:03:02    Key: HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\SDP    Moved to quarantine    Application.Win32.InstallAd (A)    
02-05-2016 22:03:02    Key: HKEY_USERS\S-1-5-21-345240317-591405930-4051440267-501\SOFTWARE\MYWEBSEARCH    Moved to quarantine    Application.InstallAd (A)    
02-05-2016 22:03:02    C:\Nouveau dossier.lnk    Moved to quarantine    Worm.VBS.Agent.T (B)    
02-05-2016 22:03:02    C:\Dossier.lnk    Moved to quarantine    Worm.VBS.Agent.T (B)    



Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version:27-04-2016
Ran by krimoking@hotmail.fr (administrator) on HSHOME (02-05-2016 22:13:42)
Running from C:\Users\krimoking@hotmail.fr\Desktop
Loaded Profiles: krimoking@hotmail.fr & Invité (Available Profiles: krimoking@hotmail.fr & Invité)
Platform: Microsoft Windows 7 Édition Intégrale  Service Pack 1 (X86) Language: Français (France)
Internet Explorer Version 9 (Default browser: Opera)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Microsoft Corporation) C:\Windows\System32\wlanext.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\afwServ.exe
() C:\ProgramData\DatacardService\HWDeviceService.exe
(Huawei Technologies Co., Ltd.) C:\ProgramData\DatacardService\DCSHelper.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastUI.exe
() D:\RocketDock\RocketDock.exe
(Microsoft Corporation) C:\Program Files\Windows Sidebar\sidebar.exe
(Intel Corporation) C:\Windows\System32\igfxsrvc.exe
(Malwarebytes Corporation) C:\Program Files\Malwarebytes Anti-Malware\mbam.exe
(Malwarebytes Corporation) C:\Program Files\Malwarebytes Anti-Malware\mbamservice.exe
(Malwarebytes Corporation) C:\Program Files\Malwarebytes Anti-Malware\mbamscheduler.exe
(Farbar) C:\Users\krimoking@hotmail.fr\Desktop\EnglishFRST.exe


==================== Registry (Whitelisted) ===========================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [avast] => C:\Program Files\AVAST Software\Avast\avastUI.exe [4237368 2012-03-01] (AVAST Software)
HKU\S-1-5-21-345240317-591405930-4051440267-1000\...\Run: [RocketDock] => D:\RocketDock\RocketDock.exe [495616 2007-09-02] ()
HKU\S-1-5-21-345240317-591405930-4051440267-1000\...\Run: [GUDelayStartup] => C:\Program Files\Glary Utilities 5\StartupManager.exe [43984 2016-03-20] (Glarysoft Ltd)
BootExecute: autocheck autochk *  

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Winsock: Catalog5 06 C:\Program Files\Bonjour\mdnsNSP.dll [94208 2006-02-28] (Apple Computer, Inc.)
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{29E170C2-1CC9-4F13-8413-7BBA00D74652}: [DhcpNameServer] 192.168.1.1

Internet Explorer:
==================
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.msn.com/
HKU\S-1-5-21-345240317-591405930-4051440267-1000\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKU\S-1-5-21-345240317-591405930-4051440267-501\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://home.myplaycity.us/
SearchScopes: HKU\S-1-5-21-345240317-591405930-4051440267-501 -> DefaultScope {9BB47C17-9C68-4BB3-B188-DD9AF0FD2406} URL =
Toolbar: HKU\S-1-5-21-345240317-591405930-4051440267-501 -> No Name - {07B18EA9-A523-4961-B6BB-170DE4475CCA} -  No File
Toolbar: HKU\S-1-5-21-345240317-591405930-4051440267-501 -> No Name - {2318C2B1-4965-11D4-9B18-009027A5CD4F} -  No File
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxps://fpdownload.macromedia.com/get/shockwave/cabs/flash/swflash.cab
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll [2014-05-02] (Skype Technologies)

FireFox:
========
FF ProfilePath: C:\Users\krimoking@hotmail.fr\AppData\Roaming\Mozilla\Firefox\Profiles\lp7wjgda.default
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF32_21_0_0_182.dll [2016-03-26] ()
FF Plugin: @Google.com/GoogleEarthPlugin -> C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll [2013-07-12] (Google)
FF Plugin: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files\Microsoft Silverlight\5.1.20125.0\npctrl.dll [2013-01-24] ( Microsoft Corporation)
FF Plugin: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll [No File]
FF Plugin: @tools.google.com/Google Update;version=3 -> C:\Program Files\Google\Update\1.3.29.5\npGoogleUpdate3.dll [2016-03-04] (Google Inc.)
FF Plugin: @tools.google.com/Google Update;version=9 -> C:\Program Files\Google\Update\1.3.29.5\npGoogleUpdate3.dll [2016-03-04] (Google Inc.)
FF Plugin: @videolan.org/vlc,version=2.0.1 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2012-12-13] (VideoLAN)
FF Plugin: @videolan.org/vlc,version=2.0.5 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2012-12-13] (VideoLAN)
FF Plugin: Adobe Reader -> C:\Program Files\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2015-12-18] (Adobe Systems Inc.)
FF Plugin: yaxmpb@yahoo.com/YahooActiveXPluginBridge;version=1.0.0.1 -> C:\Program Files\Yahoo!\Common\npyaxmpb.dll [2006-11-03] (Yahoo! Inc.)
FF Plugin HKU\S-1-5-21-345240317-591405930-4051440267-1000: @Skype Limited.com/Facebook Video Calling Plugin -> C:\Users\krimoking@hotmail.fr\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll [No File]
FF Plugin HKU\S-1-5-21-345240317-591405930-4051440267-1000: @tools.google.com/Google Update;version=3 -> C:\Users\krimoking@hotmail.fr\AppData\Local\Google\Update\1.3.29.5\npGoogleUpdate3.dll [No File]
FF Plugin HKU\S-1-5-21-345240317-591405930-4051440267-1000: @tools.google.com/Google Update;version=9 -> C:\Users\krimoking@hotmail.fr\AppData\Local\Google\Update\1.3.29.5\npGoogleUpdate3.dll [No File]
FF HKLM\...\Firefox\Extensions: [wrc@avast.com] - C:\Program Files\AVAST Software\Avast\WebRep\FF
FF Extension: avast! WebRep - C:\Program Files\AVAST Software\Avast\WebRep\FF [2014-01-20] [not signed]
FF HKU\S-1-5-21-345240317-591405930-4051440267-1000\...\Firefox\Extensions: [{F17C1572-C9EC-4e5c-A542-D05CBB5C5A08}] - C:\Program Files\DAP\DAPFireFox => not found
FF HKU\S-1-5-21-345240317-591405930-4051440267-1000\...\SeaMonkey\Extensions: [mozilla_cc2@internetdownloadmanager.com] - C:\Program Files\Internet Download Manager\idmmzcc2.xpi => not found

Chrome:
=======
CHR Profile: C:\Users\krimoking@hotmail.fr\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Docs) - C:\Users\krimoking@hotmail.fr\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2016-04-29]
CHR Extension: (Google Drive) - C:\Users\krimoking@hotmail.fr\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2016-04-29]
CHR Extension: (YouTube) - C:\Users\krimoking@hotmail.fr\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2016-04-29]
CHR Extension: (Google Docs hors connexion) - C:\Users\krimoking@hotmail.fr\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2016-04-29]
CHR Extension: (avast! WebRep) - C:\Users\krimoking@hotmail.fr\AppData\Local\Google\Chrome\User Data\Default\Extensions\icmlaeflemplmjndnaapfdbbnpncnbda [2016-04-29]
CHR Extension: (Paiements via le Chrome Web Store) - C:\Users\krimoking@hotmail.fr\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2016-04-29]
CHR Extension: (Gmail) - C:\Users\krimoking@hotmail.fr\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2016-04-29]
CHR HKLM\...\Chrome\Extension: [icmlaeflemplmjndnaapfdbbnpncnbda] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx [2012-03-01]

==================== Services (Whitelisted) ========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

S3 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [44768 2012-03-01] (AVAST Software)
R2 avast! Firewall; C:\Program Files\AVAST Software\Avast\afwServ.exe [131288 2012-03-01] (AVAST Software)
S4 Bonjour Service; C:\Program Files\Bonjour\mDNSResponder.exe [229376 2006-02-28] (Apple Computer, Inc.) [File not signed]
S4 FLEXnet Licensing Service; C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe [654848 2012-08-24] (Macrovision Europe Ltd.) [File not signed]
R2 HWDeviceService.exe; C:\ProgramData\DatacardService\HWDeviceService.exe [271712 2011-03-14] ()
S4 Intel® PROSet Monitoring Service; C:\Windows\system32\IProsetMonitor.exe [132768 2011-11-09] (Intel Corporation)
R2 MBAMScheduler; C:\Program Files\Malwarebytes Anti-Malware\mbamscheduler.exe [1871160 2015-03-17] (Malwarebytes Corporation)
R2 MBAMService; C:\Program Files\Malwarebytes Anti-Malware\mbamservice.exe [1080120 2015-03-17] (Malwarebytes Corporation)
S3 MobiConnect. RunOuc; C:\Program Files\MobiConnect\UpdateDog\ouc.exe [656976 2013-05-21] ()
S3 ShareItSvc; C:\Program Files\SHAREit\SHAREit\Shareit.Service.exe [31192 2016-02-02] (SHAREit Technologies Co.Ltd)
S4 Skype C2C Service; C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe [3064000 2012-08-13] (Skype Technologies S.A.)
S3 WatAdminSvc; C:\Windows\system32\Wat\WatAdminSvc.exe [1343400 2012-05-02] () [File not signed]
R2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [680960 2009-07-14] (Microsoft Corporation)

===================== Drivers (Whitelisted) ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 aswFsBlk; C:\Windows\system32\Drivers\aswFsBlk.sys [20696 2012-03-01] (AVAST Software)
R1 aswFW; C:\Windows\system32\Drivers\aswFW.sys [112984 2012-03-01] (AVAST Software)
R1 aswKbd; C:\Windows\system32\Drivers\aswKbd.sys [24408 2012-03-01] (AVAST Software)
R2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [57688 2012-03-01] (AVAST Software)
R0 aswNdis; C:\Windows\System32\DRIVERS\aswNdis.sys [12112 2012-03-01] (ALWIL Software)
R0 aswNdis2; C:\Windows\system32\Drivers\aswNdis2.sys [196440 2012-03-01] (AVAST Software)
R1 aswRdr; C:\Windows\System32\Drivers\aswrdr2.sys [44376 2012-03-01] (AVAST Software)
R1 aswSnx; C:\Windows\system32\Drivers\aswSnx.sys [611672 2012-03-01] (AVAST Software)
R1 aswSP; C:\Windows\system32\Drivers\aswSP.sys [337240 2012-03-01] (AVAST Software)
R1 aswTdi; C:\Windows\system32\Drivers\aswTdi.sys [53848 2012-03-01] (AVAST Software)
S3 AVEO; C:\Windows\System32\DRIVERS\AVEOdcnt.sys [278528 2011-10-24] (AVEO)
R0 BtHidBus; C:\Windows\System32\Drivers\BtHidBus.sys [20744 2009-01-08] (IVT Corporation.)
S3 btnetBUs; C:\Windows\System32\Drivers\btnetBus.sys [30088 2008-12-07] ()
S3 cmusbser; C:\Windows\System32\DRIVERS\cmusbser.sys [103552 2008-08-29] (Mobile Connector)
R3 e1express; C:\Windows\System32\DRIVERS\e1e6232.sys [219352 2009-06-05] (Intel Corporation)
R1 GUBootStartup; C:\Windows\System32\drivers\GUBootStartup.sys [17472 2016-03-24] (Glarysoft Ltd)
S3 huawei_cdcacm; C:\Windows\System32\DRIVERS\ew_jucdcacm.sys [101248 2013-03-04] (Huawei Technologies Co., Ltd.)
S3 huawei_ext_ctrl; C:\Windows\System32\DRIVERS\ew_juextctrl.sys [27776 2013-03-04] (Huawei Technologies Co., Ltd.)
S3 huawei_wwanecm; C:\Windows\System32\DRIVERS\ew_juwwanecm.sys [207872 2013-04-10] (Huawei Technologies Co., Ltd.)
S3 IvtBtBUs; C:\Windows\System32\Drivers\IvtBtBus.sys [26248 2008-07-02] (IVT Corporation.)
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [24448 2016-03-10] (Malwarebytes)
R3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [119512 2016-05-02] (Malwarebytes Corporation)
R3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [53120 2016-03-10] (Malwarebytes Corporation)
S3 taphss6; C:\Windows\System32\DRIVERS\taphss6.sys [37064 2013-02-12] (Anchorfree Inc.)
S3 Btcsrusb; System32\Drivers\btcusb.sys [X]
S3 driverhardwarev2; no ImagePath
U4 eabfiltr; no ImagePath
S3 flpydisk; \SystemRoot\system32\DRIVERS\flpydisk.sys [X]
S3 Synth3dVsc; System32\drivers\synth3dvsc.sys [X]
S3 tsusbhub; system32\drivers\tsusbhub.sys [X]
S3 VComm; system32\DRIVERS\VComm.sys [X]
S3 VcommMgr; System32\Drivers\VcommMgr.sys [X]
S3 VGPU; System32\drivers\rdvgkmd.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2016-05-02 22:13 - 2016-05-02 22:13 - 00020588 _____ C:\Users\krimoking@hotmail.fr\Desktop\FRST3.txt
2016-05-02 22:04 - 2016-05-02 22:04 - 00002482 _____ C:\Users\krimoking@hotmail.fr\Desktop\Quarantine_160502-220428.txt
2016-05-02 20:43 - 2016-05-02 22:05 - 00000000 ____D C:\EEK
2016-05-02 20:42 - 2016-05-02 20:42 - 00000000 ____D C:\Users\krimoking@hotmail.fr\Desktop\EmsisoftEmergencyKit
2016-05-02 20:38 - 2016-05-02 19:22 - 231286872 _____ C:\Users\krimoking@hotmail.fr\Desktop\EmsisoftEmergencyKit.exe
2016-05-02 19:13 - 2016-05-02 19:13 - 00001303 _____ C:\Users\krimoking@hotmail.fr\Desktop\MBAM.txt
2016-05-02 10:36 - 2016-05-02 10:36 - 00018705 _____ C:\Users\krimoking@hotmail.fr\Desktop\FRST2.txt
2016-05-02 00:12 - 2016-05-02 00:12 - 00021089 _____ C:\Users\krimoking@hotmail.fr\Desktop\AdwCleaner[C1].txt
2016-05-02 00:04 - 2016-05-02 00:09 - 00000000 ____D C:\AdwCleaner
2016-05-02 00:04 - 2016-05-02 00:04 - 00007803 _____ C:\Users\krimoking@hotmail.fr\Desktop\JRT2.txt
2016-05-02 00:03 - 2016-05-02 00:03 - 00007803 _____ C:\Users\krimoking@hotmail.fr\Desktop\JRT.txt
2016-05-01 09:03 - 2016-05-02 08:18 - 00018248 _____ C:\Users\krimoking@hotmail.fr\Desktop\Fixlog.txt
2016-05-01 09:02 - 2016-05-01 07:59 - 01610816 _____ (Malwarebytes) C:\Users\krimoking@hotmail.fr\Desktop\JRT.exe
2016-05-01 09:02 - 2016-05-01 07:59 - 00016988 _____ C:\Users\krimoking@hotmail.fr\Desktop\fixlist.txt
2016-05-01 09:02 - 2016-05-01 06:40 - 03581504 _____ C:\Users\krimoking@hotmail.fr\Desktop\adwcleaner_5.114.exe
2016-05-01 07:05 - 2016-05-02 20:32 - 00119512 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2016-05-01 07:04 - 2016-05-01 07:05 - 00001020 _____ C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2016-05-01 07:04 - 2016-05-01 07:05 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2016-05-01 07:03 - 2016-05-01 07:12 - 00000000 ____D C:\Program Files\Malwarebytes Anti-Malware
2016-05-01 07:03 - 2016-03-10 14:09 - 00053120 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2016-05-01 07:03 - 2016-03-10 14:08 - 00126336 _____ (Malwarebytes) C:\Windows\system32\Drivers\mbamchameleon.sys
2016-05-01 07:03 - 2016-03-10 14:08 - 00024448 _____ (Malwarebytes) C:\Windows\system32\Drivers\mbam.sys
2016-05-01 06:17 - 2016-05-01 06:17 - 00000362 _____ C:\Windows\Tasks\Health-Check-deep.job
2016-05-01 06:17 - 2016-05-01 06:17 - 00000360 _____ C:\Windows\Tasks\Health-Check-auto.job
2016-05-01 06:17 - 2016-05-01 06:17 - 00000354 _____ C:\Windows\Tasks\Health-Check.job
2016-05-01 06:17 - 2016-05-01 06:17 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Advanced Uninstaller PRO
2016-05-01 06:17 - 2014-03-07 09:25 - 00042496 _____ C:\Windows\system32\AdvUninstCPL.cpl
2016-04-29 19:04 - 2016-04-29 19:05 - 00034097 _____ C:\Users\krimoking@hotmail.fr\Desktop\Addition.txt
2016-04-29 19:03 - 2016-05-02 22:13 - 00012726 _____ C:\Users\krimoking@hotmail.fr\Desktop\FRST.txt
2016-04-29 19:03 - 2016-05-02 22:13 - 00000000 ____D C:\FRST
2016-04-29 19:02 - 2016-04-29 19:02 - 01728000 _____ (Farbar) C:\Users\krimoking@hotmail.fr\Desktop\EnglishFRST.exe
2016-04-29 18:59 - 2016-04-29 18:59 - 00153600 _____ C:\Users\krimoking@hotmail.fr\Desktop\Thumbs.db
2016-04-29 18:33 - 2016-04-29 18:33 - 00020589 _____ C:\Users\krimoking@hotmail.fr\Desktop\hijackthis2.txt

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2016-05-02 22:02 - 2012-05-02 21:38 - 00001058 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2016-05-02 21:57 - 2012-05-31 16:45 - 00001002 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
2016-05-02 20:39 - 2012-05-02 23:23 - 01557414 _____ C:\Windows\system32\PerfStringBackup.INI
2016-05-02 20:39 - 2009-07-14 09:39 - 00707236 _____ C:\Windows\system32\perfh00C.dat
2016-05-02 20:39 - 2009-07-14 09:39 - 00131632 _____ C:\Windows\system32\perfc00C.dat
2016-05-02 20:39 - 2009-07-14 03:37 - 00000000 ____D C:\Windows\inf
2016-05-02 19:41 - 2009-07-14 03:37 - 00000000 ____D C:\Windows\rescache
2016-05-02 19:38 - 2012-05-03 23:04 - 00000000 ____D C:\Users\krimoking@hotmail.fr\AppData\Local\ElevatedDiagnostics
2016-05-02 18:55 - 2012-07-23 15:39 - 00065536 _____ C:\Windows\system32\Ikeext.etl
2016-05-02 18:55 - 2009-07-14 05:53 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2016-05-01 22:05 - 2009-07-14 03:37 - 00000000 ____D C:\Windows\tracing
2016-05-01 11:40 - 2009-07-14 05:34 - 00010096 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2016-05-01 11:40 - 2009-07-14 05:34 - 00010096 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2016-05-01 08:39 - 2012-08-27 03:07 - 00000000 ____D C:\Windows\CheckSur
2016-05-01 07:11 - 2012-05-02 21:42 - 00000000 ____D C:\Users\krimoking@hotmail.fr\AppData\Roaming\WinRAR
2016-05-01 06:09 - 2013-03-02 15:57 - 00000000 ____D C:\Users\krimoking@hotmail.fr\AppData\LocalLow\Macromedia
2016-05-01 06:09 - 2012-05-02 21:42 - 00000000 ____D C:\Windows\system32\Macromed
2016-05-01 06:07 - 2014-08-06 19:56 - 00000000 ____D C:\Program Files\FinalUninstaller
2016-05-01 06:06 - 2013-07-29 09:35 - 00000000 ____D C:\Users\krimoking@hotmail.fr\AppData\Roaming\DRPSu
2016-04-29 18:56 - 2016-03-26 02:37 - 00002099 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2016-04-29 18:56 - 2016-03-26 02:37 - 00002087 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2016-04-29 18:55 - 2016-03-29 19:27 - 00000000 ____D C:\Program Files\Opera

==================== Files in the root of some directories =======

2012-09-15 00:51 - 2012-11-09 21:27 - 0000006 _____ () C:\Program Files\Common Files\WPVersion.txt
2012-08-26 11:44 - 2014-04-05 14:56 - 0001495 _____ () C:\ProgramData\aaron_desu.log
2012-08-24 16:17 - 2012-08-29 18:50 - 0003879 _____ () C:\ProgramData\dorrcrane_save.log
2012-08-30 23:06 - 2014-04-03 20:06 - 0003393 _____ () C:\ProgramData\dscrane_save.log
2012-11-09 21:33 - 2013-03-02 16:00 - 0000187 _____ () C:\ProgramData\Microsoft.SqlServer.Compact.351.32.bc

Files to move or delete:
====================
C:\Users\krimoking@hotmail.fr\Firefox-Setup-22-0.exe
C:\Users\krimoking@hotmail.fr\wlsetup-web.exe


Some files in TEMP:
====================
C:\Users\Invité\AppData\Local\Temp\avgnt.exe
C:\Users\krimoking@hotmail.fr\AppData\Local\Temp\libeay32.dll
C:\Users\krimoking@hotmail.fr\AppData\Local\Temp\msvcr120.dll
C:\Users\krimoking@hotmail.fr\AppData\Local\Temp\sqlite3.dll
C:\Users\krimoking@hotmail.fr\AppData\Local\Temp\{2790BD55-48E6-4EB7-966F-05E2D9B3D8B5}-49.0.2623.112_49.0.2623.108_chrome_updater.exe
C:\Users\krimoking@hotmail.fr\AppData\Local\Temp\{8735DA0C-0C2A-45E9-A24E-C236109271E0}-49.0.2623.110_49.0.2623.108_chrome_updater.exe


==================== Bamital & volsnap =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\explorer.exe => File is digitally signed
C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\dnsapi.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2016-05-01 08:58

==================== End of FRST.txt ============================

Attached Files



#7 Aura

Aura

    Bleepin' Special Ops


  • Malware Response Team
  • 19,586 posts
  • ONLINE
  •  
  • Gender:Male
  • Local time:08:45 PM

Posted 03 May 2016 - 04:18 PM

Thank you for the logs :) We're almost done. Please uninstall the programs listed below.
  • Ask Toolbar Updater - PUP
  • Download Accelerator Plus (DAP) - The installation was damaged by AdwCleaner and JRT removing part of its component, so it might not uninstall properly. If it does, let me know
Once done, we'll run a fix with FRST to take care of the leftovers, and grab a fresh set of logs to make sure there's nothing left behind after running.

iO3R662.pngFarbar Recovery Scan Tool (FRST) - Fix mode
Follow the instructions below to execute a fix on your system using FRST, and provide the log in your next reply.
  • Download the attached fixlist.txt file, and save it on your Desktop (or wherever your FRST.exe/FRST64.exe executable is located);
  • Right-click on the FRST executable and select Spcusrh.pngRun as Administrator (for Windows Vista, 7, 8, 8.1 and 10 users);
  • Click on the Fix button;
    NYA5Cbr.png
  • On completion, a message will come up saying that the fix has been completed and it'll open a log in Notepad;
  • Copy and paste that log in your next reply;


iO3R662.pngFarbar Recovery Scan Tool (FRST) - Scan mode
Follow the instructions below to download and execute a scan on your system with FRST, and provide the logs in your next reply.
  • Right-click on the executable and select Spcusrh.pngRun as Administrator (for Windows Vista, 7, 8, 8.1 and 10 users);
  • Accept the disclaimer by clicking on Yes, and FRST will then do a back-up of your Registry which should take a few seconds;
  • Check the Addition.txt option;
  • Click on the Scan button;
  • On completion, two message box will open, saying that the results were saved to FRST.txt and Addition.txt, then open two Notepad files;
  • Copy and paste the content of FRST.txt in your next reply, and attach Addition.txt to it;
Your next reply(ies) should include:
  • Copy/pasted content of the FRST fixlog;
  • Copy/pasted content of FRST.txt log;
  • Copy/pasted content of Addition.txt log;

unite_blue.png
Security Administrator | Sysnative Windows Update Senior Analyst | Malware Hunter | @SecurityAura
My timezone UTC-05:00 (East. Coast). If I didn't reply to you within 48 hours, please send me a PM.


#8 Zakko

Zakko
  • Topic Starter

  • Members
  • 14 posts
  • OFFLINE
  •  
  • Local time:01:45 AM

Posted 04 May 2016 - 12:45 PM

Thank you, but the FRST fix is still n taking too long, I've noticed that maybe some reg keys in the fixlist.txt are missing from the registry, I made a scan and the logs will follow

FRST fix log:
Fix result of Farbar Recovery Scan Tool (x86) Version:27-04-2016
Ran by krimoking@hotmail.fr (2016-05-04 18:29:37) Run:11
Running from C:\Users\krimoking@hotmail.fr\Desktop
Loaded Profiles: krimoking@hotmail.fr (Available Profiles: krimoking@hotmail.fr & Invité)
Boot Mode: Normal

==============================================

fixlist content:
*****************
CreateRestorePoint:
CloseProcesses:

HKU\S-1-5-21-345240317-591405930-4051440267-501\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://home.myplaycity.us/
SearchScopes: HKU\S-1-5-21-345240317-591405930-4051440267-501 -> DefaultScope {9BB47C17-9C68-4BB3-B188-DD9AF0FD2406} URL =
Toolbar: HKU\S-1-5-21-345240317-591405930-4051440267-501 -> No Name - {07B18EA9-A523-4961-B6BB-170DE4475CCA} -  No File
Toolbar: HKU\S-1-5-21-345240317-591405930-4051440267-501 -> No Name - {2318C2B1-4965-11D4-9B18-009027A5CD4F} -  No File

FF HKU\S-1-5-21-345240317-591405930-4051440267-1000\...\Firefox\Extensions: [{F17C1572-C9EC-4e5c-A542-D05CBB5C5A08}] - C:\Program Files\DAP\DAPFireFox => not found
FF HKU\S-1-5-21-345240317-591405930-4051440267-1000\...\SeaMonkey\Extensions: [mozilla_cc2@internetdownloadmanager.com] - C:\Program Files\Internet Download Manager\idmmzcc2.xpi => not found

Task: {A1AEE3C4-2B02-4F27-8EDC-D28EB83E39C9} - System32\Tasks\{3789DAB4-179C-47C8-9363-BEB2C790A3AB} => pcalua.exe -a "F:\UTILITAIRES 2009\Applications\Adobe Reader 8.1.2\Adobe Reader 8.1.2.exe" -d "F:\UTILITAIRES 2009\Applications\Adobe Reader 8.1.2"

FirewallRules: [{063D1F1F-DC2C-4273-87F9-B8BFC9025486}] => (Allow) C:\Program Files\AVG\Av\avgmfapx.exe
FirewallRules: [{44D93AB4-EFFB-4F4D-935D-0AC406815455}] => (Allow) C:\Program Files\AVG\Av\avgmfapx.exe

REG: REG DELETE "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg" /v "SunJavaUpdateSched"
REG: REG DELETE "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\Services\MyWebSearchService"

EmptyTemp:
*****************

Restore point was successfully created.
Processes closed successfully.
HKU\S-1-5-21-345240317-591405930-4051440267-501\Software\Microsoft\Internet Explorer\Main\\Start Page => Error setting value.
HKU\S-1-5-21-345240317-591405930-4051440267-501\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value not found.
HKU\S-1-5-21-345240317-591405930-4051440267-501\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{07B18EA9-A523-4961-B6BB-170DE4475CCA} => value not found.
HKCR\CLSID\{07B18EA9-A523-4961-B6BB-170DE4475CCA} => key not found.
HKU\S-1-5-21-345240317-591405930-4051440267-501\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{2318C2B1-4965-11D4-9B18-009027A5CD4F} => value not found.
HKCR\CLSID\{2318C2B1-4965-11D4-9B18-009027A5CD4F} => key not found.
HKU\S-1-5-21-345240317-591405930-4051440267-1000\Software\Mozilla\Firefox\Extensions\\{F17C1572-C9EC-4e5c-A542-D05CBB5C5A08} => value not found.
HKU\S-1-5-21-345240317-591405930-4051440267-1000\Software\Mozilla\SeaMonkey\Extensions\\mozilla_cc2@internetdownloadmanager.com => value not found.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{A1AEE3C4-2B02-4F27-8EDC-D28EB83E39C9} => key not found.
C:\Windows\System32\Tasks\{3789DAB4-179C-47C8-9363-BEB2C790A3AB} => not found.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{3789DAB4-179C-47C8-9363-BEB2C790A3AB} => key not found.
HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{063D1F1F-DC2C-4273-87F9-B8BFC9025486} => value not found.
HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{44D93AB4-EFFB-4F4D-935D-0AC406815455} => value not found.

========= REG DELETE "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg" /v "SunJavaUpdateSched" =========


FRST SCan Log:
Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version:27-04-2016
Ran by krimoking@hotmail.fr (administrator) on HSHOME (04-05-2016 18:35:45)
Running from C:\Users\krimoking@hotmail.fr\Desktop
Loaded Profiles: krimoking@hotmail.fr (Available Profiles: krimoking@hotmail.fr & Invité)
Platform: Microsoft Windows 7 Édition Intégrale  Service Pack 1 (X86) Language: Français (France)
Internet Explorer Version 9 (Default browser: Opera)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Microsoft Corporation) C:\Windows\System32\cmd.exe
(Microsoft Corporation) C:\Windows\System32\reg.exe
(Farbar) C:\Users\krimoking@hotmail.fr\Desktop\EnglishFRST.exe


==================== Registry (Whitelisted) ===========================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [avast] => C:\Program Files\AVAST Software\Avast\avastUI.exe [4237368 2012-03-01] (AVAST Software)
HKU\S-1-5-21-345240317-591405930-4051440267-1000\...\Run: [RocketDock] => D:\RocketDock\RocketDock.exe [495616 2007-09-02] ()
HKU\S-1-5-21-345240317-591405930-4051440267-1000\...\Run: [GUDelayStartup] => C:\Program Files\Glary Utilities 5\StartupManager.exe [43984 2016-03-20] (Glarysoft Ltd)
BootExecute: autocheck autochk *  

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Winsock: Catalog5 06 C:\Program Files\Bonjour\mdnsNSP.dll [94208 2006-02-28] (Apple Computer, Inc.)

Internet Explorer:
==================
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.msn.com/
HKU\S-1-5-21-345240317-591405930-4051440267-1000\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxps://fpdownload.macromedia.com/get/shockwave/cabs/flash/swflash.cab
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll [2014-05-02] (Skype Technologies)

FireFox:
========
FF ProfilePath: C:\Users\krimoking@hotmail.fr\AppData\Roaming\Mozilla\Firefox\Profiles\lp7wjgda.default
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF32_21_0_0_182.dll [2016-03-26] ()
FF Plugin: @Google.com/GoogleEarthPlugin -> C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll [2013-07-12] (Google)
FF Plugin: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files\Microsoft Silverlight\5.1.20125.0\npctrl.dll [2013-01-24] ( Microsoft Corporation)
FF Plugin: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll [No File]
FF Plugin: @tools.google.com/Google Update;version=3 -> C:\Program Files\Google\Update\1.3.29.5\npGoogleUpdate3.dll [2016-03-04] (Google Inc.)
FF Plugin: @tools.google.com/Google Update;version=9 -> C:\Program Files\Google\Update\1.3.29.5\npGoogleUpdate3.dll [2016-03-04] (Google Inc.)
FF Plugin: @videolan.org/vlc,version=2.0.1 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2012-12-13] (VideoLAN)
FF Plugin: @videolan.org/vlc,version=2.0.5 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2012-12-13] (VideoLAN)
FF Plugin: Adobe Reader -> C:\Program Files\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2015-12-18] (Adobe Systems Inc.)
FF Plugin: yaxmpb@yahoo.com/YahooActiveXPluginBridge;version=1.0.0.1 -> C:\Program Files\Yahoo!\Common\npyaxmpb.dll [2006-11-03] (Yahoo! Inc.)
FF Plugin HKU\S-1-5-21-345240317-591405930-4051440267-1000: @Skype Limited.com/Facebook Video Calling Plugin -> C:\Users\krimoking@hotmail.fr\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll [No File]
FF Plugin HKU\S-1-5-21-345240317-591405930-4051440267-1000: @tools.google.com/Google Update;version=3 -> C:\Users\krimoking@hotmail.fr\AppData\Local\Google\Update\1.3.29.5\npGoogleUpdate3.dll [No File]
FF Plugin HKU\S-1-5-21-345240317-591405930-4051440267-1000: @tools.google.com/Google Update;version=9 -> C:\Users\krimoking@hotmail.fr\AppData\Local\Google\Update\1.3.29.5\npGoogleUpdate3.dll [No File]
FF HKLM\...\Firefox\Extensions: [wrc@avast.com] - C:\Program Files\AVAST Software\Avast\WebRep\FF
FF Extension: avast! WebRep - C:\Program Files\AVAST Software\Avast\WebRep\FF [2014-01-20] [not signed]

Chrome:
=======
CHR Profile: C:\Users\krimoking@hotmail.fr\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Docs) - C:\Users\krimoking@hotmail.fr\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2016-04-29]
CHR Extension: (Google Drive) - C:\Users\krimoking@hotmail.fr\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2016-04-29]
CHR Extension: (YouTube) - C:\Users\krimoking@hotmail.fr\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2016-04-29]
CHR Extension: (Google Docs hors connexion) - C:\Users\krimoking@hotmail.fr\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2016-04-29]
CHR Extension: (avast! WebRep) - C:\Users\krimoking@hotmail.fr\AppData\Local\Google\Chrome\User Data\Default\Extensions\icmlaeflemplmjndnaapfdbbnpncnbda [2016-04-29]
CHR Extension: (Paiements via le Chrome Web Store) - C:\Users\krimoking@hotmail.fr\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2016-04-29]
CHR Extension: (Gmail) - C:\Users\krimoking@hotmail.fr\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2016-04-29]
CHR HKLM\...\Chrome\Extension: [icmlaeflemplmjndnaapfdbbnpncnbda] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx [2012-03-01]

==================== Services (Whitelisted) ========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

S3 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [44768 2012-03-01] (AVAST Software)
S2 avast! Firewall; C:\Program Files\AVAST Software\Avast\afwServ.exe [131288 2012-03-01] (AVAST Software)
S4 Bonjour Service; C:\Program Files\Bonjour\mDNSResponder.exe [229376 2006-02-28] (Apple Computer, Inc.) [File not signed]
S4 FLEXnet Licensing Service; C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe [654848 2012-08-24] (Macrovision Europe Ltd.) [File not signed]
S2 HWDeviceService.exe; C:\ProgramData\DatacardService\HWDeviceService.exe [271712 2011-03-14] ()
S4 Intel® PROSet Monitoring Service; C:\Windows\system32\IProsetMonitor.exe [132768 2011-11-09] (Intel Corporation)
S4 MBAMScheduler; C:\Program Files\Malwarebytes Anti-Malware\mbamscheduler.exe [1871160 2015-03-17] (Malwarebytes Corporation)
S2 MBAMService; C:\Program Files\Malwarebytes Anti-Malware\mbamservice.exe [1080120 2015-03-17] (Malwarebytes Corporation)
S3 MobiConnect. RunOuc; C:\Program Files\MobiConnect\UpdateDog\ouc.exe [656976 2013-05-21] ()
S3 ShareItSvc; C:\Program Files\SHAREit\SHAREit\Shareit.Service.exe [31192 2016-02-02] (SHAREit Technologies Co.Ltd)
S4 Skype C2C Service; C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe [3064000 2012-08-13] (Skype Technologies S.A.)
S3 WatAdminSvc; C:\Windows\system32\Wat\WatAdminSvc.exe [1343400 2012-05-02] () [File not signed]
R2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [680960 2009-07-14] (Microsoft Corporation)

===================== Drivers (Whitelisted) ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 aswFsBlk; C:\Windows\system32\Drivers\aswFsBlk.sys [20696 2012-03-01] (AVAST Software)
R1 aswFW; C:\Windows\system32\Drivers\aswFW.sys [112984 2012-03-01] (AVAST Software)
R1 aswKbd; C:\Windows\system32\Drivers\aswKbd.sys [24408 2012-03-01] (AVAST Software)
R2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [57688 2012-03-01] (AVAST Software)
R0 aswNdis; C:\Windows\System32\DRIVERS\aswNdis.sys [12112 2012-03-01] (ALWIL Software)
R0 aswNdis2; C:\Windows\system32\Drivers\aswNdis2.sys [196440 2012-03-01] (AVAST Software)
R1 aswRdr; C:\Windows\System32\Drivers\aswrdr2.sys [44376 2012-03-01] (AVAST Software)
R1 aswSnx; C:\Windows\system32\Drivers\aswSnx.sys [611672 2012-03-01] (AVAST Software)
R1 aswSP; C:\Windows\system32\Drivers\aswSP.sys [337240 2012-03-01] (AVAST Software)
R1 aswTdi; C:\Windows\system32\Drivers\aswTdi.sys [53848 2012-03-01] (AVAST Software)
S3 AVEO; C:\Windows\System32\DRIVERS\AVEOdcnt.sys [278528 2011-10-24] (AVEO)
R0 BtHidBus; C:\Windows\System32\Drivers\BtHidBus.sys [20744 2009-01-08] (IVT Corporation.)
S3 btnetBUs; C:\Windows\System32\Drivers\btnetBus.sys [30088 2008-12-07] ()
S3 cmusbser; C:\Windows\System32\DRIVERS\cmusbser.sys [103552 2008-08-29] (Mobile Connector)
R3 e1express; C:\Windows\System32\DRIVERS\e1e6232.sys [219352 2009-06-05] (Intel Corporation)
R1 GUBootStartup; C:\Windows\System32\drivers\GUBootStartup.sys [17472 2016-03-24] (Glarysoft Ltd)
S3 huawei_cdcacm; C:\Windows\System32\DRIVERS\ew_jucdcacm.sys [101248 2013-03-04] (Huawei Technologies Co., Ltd.)
S3 huawei_ext_ctrl; C:\Windows\System32\DRIVERS\ew_juextctrl.sys [27776 2013-03-04] (Huawei Technologies Co., Ltd.)
S3 huawei_wwanecm; C:\Windows\System32\DRIVERS\ew_juwwanecm.sys [207872 2013-04-10] (Huawei Technologies Co., Ltd.)
S3 IvtBtBUs; C:\Windows\System32\Drivers\IvtBtBus.sys [26248 2008-07-02] (IVT Corporation.)
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [24448 2016-03-10] (Malwarebytes)
S3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [119512 2016-05-02] (Malwarebytes Corporation)
S3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [53120 2016-03-10] (Malwarebytes Corporation)
S3 taphss6; C:\Windows\System32\DRIVERS\taphss6.sys [37064 2013-02-12] (Anchorfree Inc.)
S3 Btcsrusb; System32\Drivers\btcusb.sys [X]
S3 driverhardwarev2; no ImagePath
U4 eabfiltr; no ImagePath
S3 flpydisk; \SystemRoot\system32\DRIVERS\flpydisk.sys [X]
S3 Synth3dVsc; System32\drivers\synth3dvsc.sys [X]
S3 tsusbhub; system32\drivers\tsusbhub.sys [X]
S3 VComm; system32\DRIVERS\VComm.sys [X]
S3 VcommMgr; System32\Drivers\VcommMgr.sys [X]
S3 VGPU; System32\drivers\rdvgkmd.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2016-05-04 00:25 - 2016-04-29 19:02 - 01728000 _____ (Farbar) C:\Users\krimoking@hotmail.fr\Desktop\FRST.exe
2016-05-04 00:00 - 2016-05-04 00:00 - 00000000 ____D C:\Users\krimoking@hotmail.fr\AppData\Local\Innovative Solutions
2016-05-04 00:00 - 2016-05-04 00:00 - 00000000 ____D C:\ProgramData\Innovative Solutions
2016-05-04 00:00 - 2016-05-04 00:00 - 00000000 ____D C:\Program Files\Common Files\Innovative Solutions
2016-05-03 23:59 - 2015-01-28 09:56 - 18181336 _____ (Innovative Solutions ) C:\Users\krimoking@hotmail.fr\Desktop\Advanced_Uninstaller11_57_CNet.exe
2016-05-02 22:15 - 2016-05-02 22:15 - 00033528 _____ C:\Users\krimoking@hotmail.fr\Desktop\Addition2.txt
2016-05-02 22:13 - 2016-05-02 22:15 - 00020690 _____ C:\Users\krimoking@hotmail.fr\Desktop\FRST3.txt
2016-05-02 22:04 - 2016-05-02 22:04 - 00002482 _____ C:\Users\krimoking@hotmail.fr\Desktop\Quarantine_160502-220428.txt
2016-05-02 20:43 - 2016-05-02 22:05 - 00000000 ____D C:\EEK
2016-05-02 20:42 - 2016-05-02 20:42 - 00000000 ____D C:\Users\krimoking@hotmail.fr\Desktop\EmsisoftEmergencyKit
2016-05-02 20:38 - 2016-05-02 19:22 - 231286872 _____ C:\Users\krimoking@hotmail.fr\Desktop\EmsisoftEmergencyKit.exe
2016-05-02 19:13 - 2016-05-02 19:13 - 00001303 _____ C:\Users\krimoking@hotmail.fr\Desktop\MBAM.txt
2016-05-02 10:36 - 2016-05-02 10:36 - 00018705 _____ C:\Users\krimoking@hotmail.fr\Desktop\FRST2.txt
2016-05-02 00:12 - 2016-05-02 00:12 - 00021089 _____ C:\Users\krimoking@hotmail.fr\Desktop\AdwCleaner[C1].txt
2016-05-02 00:04 - 2016-05-02 00:09 - 00000000 ____D C:\AdwCleaner
2016-05-02 00:04 - 2016-05-02 00:04 - 00007803 _____ C:\Users\krimoking@hotmail.fr\Desktop\JRT2.txt
2016-05-02 00:03 - 2016-05-02 00:03 - 00007803 _____ C:\Users\krimoking@hotmail.fr\Desktop\JRT.txt
2016-05-01 09:03 - 2016-05-04 18:29 - 00003895 _____ C:\Users\krimoking@hotmail.fr\Desktop\Fixlog.txt
2016-05-01 09:02 - 2016-05-03 23:56 - 00001609 _____ C:\Users\krimoking@hotmail.fr\Desktop\fixlist.txt
2016-05-01 09:02 - 2016-05-01 07:59 - 01610816 _____ (Malwarebytes) C:\Users\krimoking@hotmail.fr\Desktop\JRT.exe
2016-05-01 09:02 - 2016-05-01 06:40 - 03581504 _____ C:\Users\krimoking@hotmail.fr\Desktop\adwcleaner_5.114.exe
2016-05-01 07:05 - 2016-05-02 22:42 - 00119512 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2016-05-01 07:04 - 2016-05-01 07:05 - 00001020 _____ C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2016-05-01 07:04 - 2016-05-01 07:05 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2016-05-01 07:03 - 2016-05-01 07:12 - 00000000 ____D C:\Program Files\Malwarebytes Anti-Malware
2016-05-01 07:03 - 2016-03-10 14:09 - 00053120 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2016-05-01 07:03 - 2016-03-10 14:08 - 00126336 _____ (Malwarebytes) C:\Windows\system32\Drivers\mbamchameleon.sys
2016-05-01 07:03 - 2016-03-10 14:08 - 00024448 _____ (Malwarebytes) C:\Windows\system32\Drivers\mbam.sys
2016-04-29 19:04 - 2016-05-02 22:14 - 00033528 _____ C:\Users\krimoking@hotmail.fr\Desktop\Addition.txt
2016-04-29 19:03 - 2016-05-04 18:35 - 00010985 _____ C:\Users\krimoking@hotmail.fr\Desktop\FRST.txt
2016-04-29 19:03 - 2016-05-04 18:29 - 00000000 ____D C:\FRST
2016-04-29 19:02 - 2016-04-29 19:02 - 01728000 _____ (Farbar) C:\Users\krimoking@hotmail.fr\Desktop\EnglishFRST.exe
2016-04-29 18:59 - 2016-04-29 18:59 - 00153600 _____ C:\Users\krimoking@hotmail.fr\Desktop\Thumbs.db
2016-04-29 18:33 - 2016-04-29 18:33 - 00020589 _____ C:\Users\krimoking@hotmail.fr\Desktop\hijackthis2.txt

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2016-05-04 18:21 - 2012-05-02 21:38 - 00001058 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2016-05-04 18:19 - 2012-05-31 16:45 - 00001002 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
2016-05-04 07:22 - 2012-05-02 23:23 - 01557414 _____ C:\Windows\system32\PerfStringBackup.INI
2016-05-04 07:22 - 2009-07-14 09:39 - 00707236 _____ C:\Windows\system32\perfh00C.dat
2016-05-04 07:22 - 2009-07-14 09:39 - 00131632 _____ C:\Windows\system32\perfc00C.dat
2016-05-04 07:22 - 2009-07-14 03:37 - 00000000 ____D C:\Windows\inf
2016-05-04 07:15 - 2012-07-23 15:39 - 00065536 _____ C:\Windows\system32\Ikeext.etl
2016-05-04 07:15 - 2009-07-14 05:53 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2016-05-04 00:06 - 2014-10-20 13:08 - 00000000 ____D C:\Program Files\McAfee Security Scan
2016-05-02 19:41 - 2009-07-14 03:37 - 00000000 ____D C:\Windows\rescache
2016-05-02 19:38 - 2012-05-03 23:04 - 00000000 ____D C:\Users\krimoking@hotmail.fr\AppData\Local\ElevatedDiagnostics
2016-05-01 22:05 - 2009-07-14 03:37 - 00000000 ____D C:\Windows\tracing
2016-05-01 11:40 - 2009-07-14 05:34 - 00010096 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2016-05-01 11:40 - 2009-07-14 05:34 - 00010096 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2016-05-01 08:39 - 2012-08-27 03:07 - 00000000 ____D C:\Windows\CheckSur
2016-05-01 07:11 - 2012-05-02 21:42 - 00000000 ____D C:\Users\krimoking@hotmail.fr\AppData\Roaming\WinRAR
2016-05-01 06:09 - 2013-03-02 15:57 - 00000000 ____D C:\Users\krimoking@hotmail.fr\AppData\LocalLow\Macromedia
2016-05-01 06:09 - 2012-05-02 21:42 - 00000000 ____D C:\Windows\system32\Macromed
2016-05-01 06:07 - 2014-08-06 19:56 - 00000000 ____D C:\Program Files\FinalUninstaller
2016-05-01 06:06 - 2013-07-29 09:35 - 00000000 ____D C:\Users\krimoking@hotmail.fr\AppData\Roaming\DRPSu
2016-04-29 18:56 - 2016-03-26 02:37 - 00002099 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2016-04-29 18:56 - 2016-03-26 02:37 - 00002087 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2016-04-29 18:55 - 2016-03-29 19:27 - 00000000 ____D C:\Program Files\Opera

==================== Files in the root of some directories =======

2012-09-15 00:51 - 2012-11-09 21:27 - 0000006 _____ () C:\Program Files\Common Files\WPVersion.txt
2012-08-26 11:44 - 2014-04-05 14:56 - 0001495 _____ () C:\ProgramData\aaron_desu.log
2012-08-24 16:17 - 2012-08-29 18:50 - 0003879 _____ () C:\ProgramData\dorrcrane_save.log
2012-08-30 23:06 - 2014-04-03 20:06 - 0003393 _____ () C:\ProgramData\dscrane_save.log
2012-11-09 21:33 - 2013-03-02 16:00 - 0000187 _____ () C:\ProgramData\Microsoft.SqlServer.Compact.351.32.bc

Files to move or delete:
====================
C:\Users\krimoking@hotmail.fr\Firefox-Setup-22-0.exe
C:\Users\krimoking@hotmail.fr\wlsetup-web.exe


Some files in TEMP:
====================
C:\Users\Invité\AppData\Local\Temp\avgnt.exe
C:\Users\krimoking@hotmail.fr\AppData\Local\Temp\libeay32.dll
C:\Users\krimoking@hotmail.fr\AppData\Local\Temp\msvcr120.dll
C:\Users\krimoking@hotmail.fr\AppData\Local\Temp\sqlite3.dll
C:\Users\krimoking@hotmail.fr\AppData\Local\Temp\{2790BD55-48E6-4EB7-966F-05E2D9B3D8B5}-49.0.2623.112_49.0.2623.108_chrome_updater.exe
C:\Users\krimoking@hotmail.fr\AppData\Local\Temp\{8735DA0C-0C2A-45E9-A24E-C236109271E0}-49.0.2623.110_49.0.2623.108_chrome_updater.exe


==================== Bamital & volsnap =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\explorer.exe => File is digitally signed
C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\dnsapi.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2016-05-01 08:58

==================== End of FRST.txt ============================

Addition:

Additional scan result of Farbar Recovery Scan Tool (x86) Version:27-04-2016
Ran by krimoking@hotmail.fr (2016-05-04 18:37:39)
Running from C:\Users\krimoking@hotmail.fr\Desktop
Microsoft Windows 7 Édition Intégrale  Service Pack 1 (X86) (2012-05-02 22:20:16)
Boot Mode: Normal
==========================================================


==================== Accounts: =============================

Administrateur (S-1-5-21-345240317-591405930-4051440267-500 - Administrator - Disabled)
HelpAssistant (S-1-5-21-345240317-591405930-4051440267-1111 - Limited - Enabled)
HomeGroupUser$ (S-1-5-21-345240317-591405930-4051440267-1002 - Limited - Enabled)
Invité (S-1-5-21-345240317-591405930-4051440267-501 - Limited - Enabled) => C:\Users\Invité
krimoking@hotmail.fr (S-1-5-21-345240317-591405930-4051440267-1000 - Administrator - Enabled) => C:\Users\krimoking@hotmail.fr

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: avast! Internet Security (Disabled - Out of date) {2B2D1395-420B-D5C9-657E-930FE358FC3C}
AS: avast! Internet Security (Disabled - Out of date) {904CF271-6431-DA47-5FCE-A87D98DFB681}
AS: Windows Defender (Enabled - Out of date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
FW: avast! Internet Security (Disabled) {131692B0-0864-D491-4E21-3A3A1D8BBB47}

==================== Installed Programs ======================

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

ABBYY PDF Transformer 2.0 (HKLM\...\{FA200000-0001-0000-0000-074957833700}) (Version: 2.0.982.4931 - ABBYY Software Ltd.)
Adobe Acrobat Reader DC - Français (HKLM\...\{AC76BA86-7AD7-1036-7B44-AC0F074E4100}) (Version: 15.010.20060 - Adobe Systems Incorporated)
Adobe Dreamweaver CS3 (HKLM\...\Adobe_435a6af7459cb02a9c1138113a26e93) (Version: 9.0 - Adobe Systems Incorporated)
Adobe Flash Player 21 ActiveX (HKLM\...\Adobe Flash Player ActiveX) (Version: 21.0.0.197 - Adobe Systems Incorporated)
Adobe Flash Player 21 NPAPI (HKLM\...\Adobe Flash Player NPAPI) (Version: 21.0.0.182 - Adobe Systems Incorporated)
Adobe Photoshop CS3 (HKLM\...\Adobe Photoshop CS3) (Version:  - )
Adobe Photoshop CS3 (HKLM\...\Adobe_719d6f144d0c086a0dfa7ff76bb9ac1) (Version: 10.0 - Adobe Systems Incorporated)
Athan Basic 4.2 (HKLM\...\Athan) (Version:  - )
Broadcom 802.11 Network Adapter (HKLM\...\Broadcom 802.11 Network Adapter) (Version: 5.100.249.2 - Broadcom Corporation)
Camtasia Studio 8 (HKLM\...\{DB93E2C2-851F-44B2-B09C-351D2C624AE1}) (Version: 8.0.4.1060 - TechSmith Corporation)
CCleaner (HKLM\...\CCleaner) (Version: 4.13 - Piriform)
Centre Souris et Claviers Microsoft (HKLM\...\Microsoft Mouse and Keyboard Center) (Version: 1.1.500.0 - Microsoft Corporation)
Centre Souris et Claviers Microsoft (Version: 1.1.500.0 - Microsoft Corporation) Hidden
Cisco EAP-FAST Module (HKLM\...\{64BF0187-F3D2-498B-99EA-163AF9AE6EC9}) (Version: 2.2.14 - Cisco Systems, Inc.)
Cisco LEAP Module (HKLM\...\{51C7AD07-C3F6-4635-8E8A-231306D810FE}) (Version: 1.0.19 - Cisco Systems, Inc.)
Cisco PEAP Module (HKLM\...\{ED5776D5-59B4-46B7-AF81-5F2D94D7C640}) (Version: 1.1.6 - Cisco Systems, Inc.)
Facebook Video Calling 3.1.0.521 (HKLM\...\{2091F234-EB58-4B80-8C96-8EB78C808CF7}) (Version: 3.1.521 - Skype Limited)
Free Mp3 Wma Converter V 2.2 (HKLM\...\Free Mp3 Wma Converter_is1) (Version: 2.2.0.0 - Koyote Soft)
Glary Utilities 5.47 (HKLM\...\Glary Utilities 5) (Version: 5.47.0.67 - Glarysoft Ltd)
GOM Player (HKLM\...\GOM Player) (Version: 2.1.50.5145 - Gretech Corporation)
Google Chrome (HKLM\...\Google Chrome) (Version: 49.0.2623.112 - Google Inc.)
Google Chrome (HKU\S-1-5-21-345240317-591405930-4051440267-1000\...\Google Chrome) (Version: 49.0.2623.87 - Google Inc.)
Google Update Helper (Version: 1.3.25.5 - Google Inc.) Hidden
Google Update Helper (Version: 1.3.29.5 - Google Inc.) Hidden
Google Earth (HKLM\...\{96AD3B61-EAE2-11E2-9E72-B8AC6F98CCE3}) (Version: 7.1.1.1888 - Google)
Highlight Viewer (Windows Live Toolbar) (Version: 03.01.0146 - Microsoft Corporation) Hidden
HP Quick Launch Buttons (HKLM\...\{34D2AB40-150D-475D-AE32-BD23FB5EE355}) (Version: 6.50.14.1 - Hewlett-Packard Company)
HSPA USB Modem (HKLM\...\InstallShield_{06ADE2A0-E46A-4A84-A211-64CF50520185}) (Version:  - )
Intel® Graphics Media Accelerator Driver (HKLM\...\HDMI) (Version: 8.15.10.1930 - Intel Corporation)
Intel® Network Connections 17.0.200.2 (HKLM\...\PROSetDX) (Version: 17.0.200.2 - Intel)
Lexmark Pilote TWAIN réseau Programme de désinstallation (HKLM\...\Lexmark Network TWAIN Driver) (Version:  - Lexmark International, Inc.)
LiveUpload to Facebook (HKLM\...\{45FE5100-6C09-4B34-AC2F-92D8B3864546}) (Version: 3.2.3.0 - William Duff)
Malwarebytes Anti-Malware version 2.2.1.1043 (HKLM\...\Malwarebytes Anti-Malware_is1) (Version: 2.2.1.1043 - Malwarebytes)
Map Button (Windows Live Toolbar) (Version: 03.01.0146 - Microsoft Corporation) Hidden
Microsoft .NET Framework 4 Client Profile (HKLM\...\Microsoft .NET Framework 4 Client Profile) (Version: 4.0.30319 - Microsoft Corporation)
Microsoft Office 2007 Service Pack 3 (SP3) (HKLM\...\{90120000-0011-0000-0000-0000000FF1CE}_PROPLUS_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}) (Version:  - Microsoft)
Microsoft Office File Validation Add-In (HKLM\...\{90140000-2005-0000-0000-0000000FF1CE}) (Version: 14.0.5130.5003 - Microsoft Corporation)
Microsoft Office Outlook Connector (HKLM\...\{95140000-007A-0409-0000-0000000FF1CE}) (Version: 14.0.5118.5000 - Microsoft Corporation)
Microsoft Office Outlook Connector (HKLM\...\{95140000-007A-040C-0000-0000000FF1CE}) (Version: 14.0.5118.5000 - Microsoft Corporation)
Microsoft Office PowerPoint Viewer 2007 (English) (HKLM\...\{95120000-00AF-0409-0000-0000000FF1CE}) (Version: 12.0.6425.1000 - Microsoft Corporation)
Microsoft Office Professional Plus 2007 (HKLM\...\PROPLUS) (Version: 12.0.6612.1000 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.20125.0 - Microsoft Corporation)
Microsoft SkyDrive (HKU\S-1-5-21-345240317-591405930-4051440267-1000\...\SkyDriveSetup.exe) (Version: 16.4.6010.0727 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (HKLM\...\{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Mise à jour Microsoft Office Excel 2007 Help  (KB963678) (HKLM\...\{90120000-0016-040C-0000-0000000FF1CE}_PROPLUS_{B761869A-B85C-40E2-994C-A1CE78AC8F2C}) (Version:  - Microsoft)
Mise à jour Microsoft Office Outlook 2007 Help  (KB963677) (HKLM\...\{90120000-001A-040C-0000-0000000FF1CE}_PROPLUS_{51EFB347-1F3D-4BAC-8B79-F056B904FE21}) (Version:  - Microsoft)
Mise à jour Microsoft Office Powerpoint 2007 Help  (KB963669) (HKLM\...\{90120000-0018-040C-0000-0000000FF1CE}_PROPLUS_{C3DCA38E-005E-41BA-A52A-7C3429F351C3}) (Version:  - Microsoft)
Mise à jour Microsoft Office Word 2007 Help  (KB963665) (HKLM\...\{90120000-001B-040C-0000-0000000FF1CE}_PROPLUS_{81536A04-DBFB-4DB3-978F-0F284590C223}) (Version:  - Microsoft)
MobiConnect (HKLM\...\MobiConnect) (Version: 23.009.09.02.216 - Huawei Technologies Co.,Ltd)
Module linguistique Microsoft .NET Framework 4 Client Profile FRA (HKLM\...\Microsoft .NET Framework 4 Client Profile FRA Language Pack) (Version: 4.0.30319 - Microsoft Corporation)
Mozilla Firefox 45.0.1 (x86 fr) (HKLM\...\Mozilla Firefox 45.0.1 (x86 fr)) (Version: 45.0.1 - Mozilla)
Mozilla Maintenance Service (HKLM\...\MozillaMaintenanceService) (Version: 45.0.1.5918 - Mozilla)
Opera Stable 36.0.2130.65 (HKLM\...\Opera 36.0.2130.65) (Version: 36.0.2130.65 - Opera Software)
QLBCASL (Version: 6.40.17.2 - Hewlett-Packard) Hidden
RocketDock 1.3.5 (HKLM\...\RocketDock_is1) (Version:  - Punk Software)
SHAREit (HKLM\...\SHAREit_is1) (Version: 3.3.0.658 - Lenovo)
Skype™ 7.18 (HKLM\...\{FC965A47-4839-40CA-B618-18F486F042C6}) (Version: 7.18.112 - Skype Technologies S.A.)
Smart Menus (Windows Live Toolbar) (Version: 03.01.0146 - Microsoft Corporation) Hidden
swMSM (Version: 12.0.0.1 - Adobe Systems, Inc) Hidden
Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 11.0.7.0 - Synaptics)
Update for 2007 Microsoft Office System (KB967642) (HKLM\...\{90120000-0011-0000-0000-0000000FF1CE}_PROPLUS_{C444285D-5E4F-48A4-91DD-47AAAA68E92D}) (Version:  - Microsoft)
VLC media player 2.0.5 (HKLM\...\VLC media player) (Version: 2.0.5 - VideoLAN)
Winamp (HKLM\...\Winamp) (Version: 5.621  - Nullsoft, Inc)
Windows DVD Maker 5.0.4.0 (HKLM\...\{66712EEE-ECBC-4CA6-A475-windows-dvd-maker}_is1) (Version:  - Windows DVD Maker,Inc.)
WinRAR 4.20 (32-بت) (HKLM\...\WinRAR archiver) (Version: 4.20.0 - win.rar GmbH)
WinZip 17.5 (HKLM\...\{CD95F661-A5C4-44F5-A6AA-ECDD91C240DA}) (Version: 17.5.10480 - WinZip Computing, S.L. )

==================== Custom CLSID (Whitelisted): ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

CustomCLSID: HKU\S-1-5-21-345240317-591405930-4051440267-1000_Classes\CLSID\{3560575F-7C2D-48AE-AB45-DAD430A95EBE}\InprocServer32 -> C:\Program Files\WinZip\adxloader.dll ()

==================== Scheduled Tasks (Whitelisted) =============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {000E4453-16AB-4995-AD1F-D6A47D27B79E} - System32\Tasks\GlaryInitialize 5 => C:\Program Files\Glary Utilities 5\Initialize.exe [2016-03-20] (Glarysoft Ltd)
Task: {0093A791-637B-466C-9694-D75F0B853EB7} - System32\Tasks\{996CAEA6-31B6-4187-9581-44E6EC6DE2C1} => Firefox.exe hxxp://www.skype.com/go/downloading?source=lightinstaller&ver=6.18.0.106&LastError=12002
Task: {19975660-423A-43BD-BB66-E0F3C0165017} - System32\Tasks\{25432E0F-23C0-4966-92A5-A042A49A9213} => C:\Users\krimoking@hotmail.fr\Desktop\LES_JOURNAUX dz.exe
Task: {1D2AFED9-C88F-467B-A7FE-09BD9FE08A1C} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2016-03-26] (Adobe Systems Incorporated)
Task: {1D68C4A8-738D-47B8-93E4-FCD0DC89FB4A} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2015-12-14] (Adobe Systems Incorporated)
Task: {290044F5-1312-432D-A2B7-63D7DCFE848D} - System32\Tasks\{40D668EE-9871-4BD5-9D15-76E2BB5DF2FF} => D:\RocketDock\unins000.exe [2013-02-14] ()
Task: {2F29C82D-5C6A-41C2-9719-6ECAEF68D8C3} - System32\Tasks\{7941F4E3-8AFE-4101-97B9-FED43324FF5D} => C:\Program Files\AVAST Software\Avast\aswRunDll.exe [2011-02-10] ()
Task: {3715FCE2-B1D5-40E9-BBD3-4E09C196D080} - System32\Tasks\{CC432FE6-6D05-43E9-B232-36137284AD79} => pcalua.exe -a "F:\UTILITAIRES 2009\Applications\Acronis True Image 11.8053\Acronis True Image 11 Build 8053 Home.exe" -d "F:\UTILITAIRES 2009\Applications\Acronis True Image 11.8053"
Task: {37FE4437-78F2-4E67-BC91-11A7B75A4581} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files\Google\Update\GoogleUpdate.exe [2016-03-04] (Google Inc.)
Task: {498B0691-C51C-4163-BFA7-3ADC3310AF9E} - System32\Tasks\{F786FFEC-D976-48CB-821C-BC6AAD1254D5} => pcalua.exe -a "C:\Program Files\CCleaner\uninst.exe"
Task: {5833F174-6E50-4CFD-B219-B7AD6847AC18} - System32\Tasks\Microsoft_Hardware_Launch_ipoint_exe => C:\Program Files\Microsoft Device Center\ipoint.exe [2012-06-26] (Microsoft Corporation)
Task: {66ABD3D1-72E2-4C3A-B86D-3DABD28429F5} - System32\Tasks\Opera scheduled Autoupdate 1459276493 => C:\Program Files\Opera\launcher.exe [2016-04-11] (Opera Software)
Task: {67A2C285-5681-4DA7-9196-CA3EBAC6E589} - System32\Tasks\{0017D744-E8B9-43EB-98A3-0BA8F33EA793} => G:\المصحف.exe
Task: {68FD36BC-C754-42ED-9A7C-83695664F445} - System32\Tasks\{C950C835-A8C1-43F3-9BC3-34027CC3DCEC} => C:\Users\krimoking@hotmail.fr\Desktop\المصحف.exe
Task: {7CE19BA2-00ED-425D-9519-A9A6C71C178B} - System32\Tasks\Microsoft\Windows\Windows Activation Technologies\ValidationTask => C:\Windows\system32\Wat\WatAdminSvc.exe [2012-05-02] ()
Task: {9C23C0F5-DC63-4740-9F1F-949A69C88C83} - System32\Tasks\{A6840AE4-6810-4117-93FA-620415C98DE6} => G:\المصحف.exe
Task: {A4B0E4A8-8919-41A3-AF52-5C1672F916F1} - System32\Tasks\Microsoft_Hardware_Launch_devicecenter_exe => C:\Program Files\Microsoft Device Center\devicecenter.exe [2012-06-26] (Microsoft)
Task: {AD54129C-7FA6-45F7-A7B8-4684ABC7509B} - System32\Tasks\{9D937F7D-E1BE-4809-B946-C181469835AF} => Firefox.exe hxxp://www.skype.com/go/downloading?source=lightinstaller&ver=6.18.0.106&LastError=12002
Task: {B695BE16-82FE-43FF-B5F3-47A069B3BDBF} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files\Google\Update\GoogleUpdate.exe [2016-03-04] (Google Inc.)
Task: {BEB77664-4A02-41CF-BA34-DCA75EA23904} - System32\Tasks\{434610AD-723C-4061-84CD-8A1F94CBD97A} => C:\Program Files\Windows Live\Messenger\msnmsgr.exe
Task: {CB2C6440-98B6-44E7-8BB3-1C9F7232BF0A} - System32\Tasks\Microsoft\Windows\Media Center\DispatchRecoveryTasks
Task: {CC969F2D-2660-426F-94A0-449A3F93022A} - System32\Tasks\{01AFA186-C759-4A07-886A-A09C28F58074} => D:\RocketDock\RocketDock.exe [2007-09-02] ()
Task: {E33E603A-85C4-4A15-9A51-E8FE7F2A9EED} - System32\Tasks\{86D86F61-877C-40FE-9C1E-839963649031} => C:\Users\krimoking@hotmail.fr\Desktop\المصحف.exe
Task: {E93E4A42-FBEC-48BA-ADA4-D9B22177CE4E} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2014-04-17] (Piriform Ltd)
Task: {EAF0C8C3-795A-4BD6-993B-A055D35024AD} - System32\Tasks\{2B94EB3A-579D-44BA-9177-25759CD8E86C} => D:\RocketDock\RocketDock.exe [2007-09-02] ()
Task: {F9E799F6-80D1-4088-BE89-A88A668F51D9} - System32\Tasks\Microsoft_Hardware_Launch_itype_exe => C:\Program Files\Microsoft Device Center\itype.exe [2012-06-26] (Microsoft Corporation)
Task: {FAA6138F-5DBF-4B52-9875-8952B4040BEF} - System32\Tasks\{E5A5F506-C349-4B91-81D3-1DAE71A9D084} => C:\Program Files\Windows Live\Messenger\msnmsgr.exe

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-345240317-591405930-4051440267-1000Core1d010c228a89801.job => C:\Users\krimoking@hotmail.fr\AppData\Local\Facebook\Update\FacebookUpdate.exe/c /nocrashserverkrimoking@hotmail.fr
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-345240317-591405930-4051440267-1000Core1cfb0171b158738.job => C:\Users\krimoking@hotmail.fr\AppData\Local\Google\Update\GoogleUpdate.exe/ckrimoking@hotmail.fr
Task: C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-345240317-591405930-4051440267-1000Core1cfedbec997e787.job => C:\Users\krimoking@hotmail.fr\AppData\Local\Google\Update\GoogleUpdate.exe/ckrimoking@hotmail.fr
Task: C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-345240317-591405930-4051440267-1000Core1d1761db157e607.job => C:\Users\krimoking@hotmail.fr\AppData\Local\Google\Update\GoogleUpdate.exe/ckrimoking@hotmail.fr

==================== Shortcuts =============================

(The entries could be listed to be restored or removed.)

==================== Loaded Modules (Whitelisted) ==============


==================== Alternate Data Streams (Whitelisted) =========

(If an entry is included in the fixlist, only the ADS will be removed.)


==================== Safe Mode (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" value will be restored.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Wdf01000.sys => ""="Driver"

==================== EXE Association (Whitelisted) ===============

(If an entry is included in the fixlist, the registry item will be restored to default or removed.)


==================== Internet Explorer trusted/restricted ===============

(If an entry is included in the fixlist, it will be removed from the registry.)


==================== Hosts content: ===============================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2009-07-14 03:04 - 2009-06-10 22:39 - 00000824 ____A C:\Windows\system32\Drivers\etc\hosts


==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-345240317-591405930-4051440267-1000\Control Panel\Desktop\\Wallpaper -> C:\Users\krimoking@hotmail.fr\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg
DNS Servers: Media is not connected to internet.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 0) (ConsentPromptBehaviorUser: 3) (EnableLUA: 0)
Windows Firewall is enabled.

==================== MSCONFIG/TASK MANAGER disabled items ==

(Currently there is no automatic fix for this section.)

MSCONFIG\Services: AdobeARMservice => 2
MSCONFIG\Services: AdobeFlashPlayerUpdateSvc => 3
MSCONFIG\Services: AEADIFilters => 2
MSCONFIG\Services: AgereModemAudio => 2
MSCONFIG\Services: Bonjour Service => 2
MSCONFIG\Services: Com4QLBEx => 3
MSCONFIG\Services: FLEXnet Licensing Service => 3
MSCONFIG\Services: gupdate => 2
MSCONFIG\Services: gupdatem => 3
MSCONFIG\Services: hpqwmiex => 3
MSCONFIG\Services: Intel® PROSet Monitoring Service => 2
MSCONFIG\Services: maconfservice => 3
MSCONFIG\Services: MyWebSearchService => 2
MSCONFIG\Services: Skype C2C Service => 2
MSCONFIG\Services: SkypeUpdate => 2
MSCONFIG\startupfolder: C:^Users^krimoking@hotmail.fr^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^Outil de notification de cadeaux MSN.lnk => C:\Windows\pss\Outil de notification de cadeaux MSN.lnk.Startup
MSCONFIG\startupreg: Adobe ARM => "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
MSCONFIG\startupreg: Athan => C:\Program Files\Athan\Athan.exe
MSCONFIG\startupreg: Google Update => "C:\Users\krimoking@hotmail.fr\AppData\Local\Google\Update\GoogleUpdate.exe" /c
MSCONFIG\startupreg: IDMan => C:\Program Files\Internet Download Manager\idman.exe /onboot
MSCONFIG\startupreg: IntelliPoint => "C:\Program Files\Microsoft Device Center\ipoint.exe"
MSCONFIG\startupreg: IntelliType Pro => "C:\Program Files\Microsoft Device Center\itype.exe"
MSCONFIG\startupreg: MsnMsgr => ~"C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
MSCONFIG\startupreg: QlbCtrl.exe => C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe /Start
MSCONFIG\startupreg: QuickTime Task => "C:\Program Files\QuickTime\QTTask.exe" -atboottime
MSCONFIG\startupreg: RocketDock => "D:\RocketDock\RocketDock.exe"
MSCONFIG\startupreg: Sidebar => C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
MSCONFIG\startupreg: SoundMAXPnP => C:\Program Files\Analog Devices\Core\smax4pnp.exe
MSCONFIG\startupreg: SunJavaUpdateSched => "C:\Program Files\Java\jre1.6.0_04\bin\jusched.exe"
MSCONFIG\startupreg: SynTPEnh => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
MSCONFIG\startupreg: USB Security => C:\Program Files\USB Disk Security\USBGuard.exe
MSCONFIG\startupreg: WinampAgent => "C:\Program Files\Winamp\winampa.exe"

==================== FirewallRules (Whitelisted) ===============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [TCP Query User{CCC02390-422F-4C46-9AAF-8F6FFF1B87F0}C:\program files\winamp\winamp.exe] => (Allow) C:\program files\winamp\winamp.exe
FirewallRules: [UDP Query User{DCFA14BE-6DE5-4823-9C37-7E6C9962A4D1}C:\program files\winamp\winamp.exe] => (Allow) C:\program files\winamp\winamp.exe
FirewallRules: [{20F9F977-2FA3-4BCD-8131-4340A577EFAA}] => (Allow) LPort=48113
FirewallRules: [{8E97334A-6485-4BA1-BA7F-E4258DC7D94A}] => (Allow) LPort=48113
FirewallRules: [{EEEA08EB-7685-488D-AEE4-327C1B44B991}] => (Allow) C:\Windows\System32\msiexec.exe
FirewallRules: [{7EB4E5E8-DDF8-4A2E-9179-0105B686CC79}] => (Allow) C:\Windows\System32\msiexec.exe
FirewallRules: [{21C2E1FC-3559-4DF2-9B1B-FE48E45C853A}] => (Allow) C:\Program Files\Skype\Phone\Skype.exe
FirewallRules: [{16D12E93-EAF3-4AEA-AD8E-91BDEAFC8C37}] => (Allow) C:\Program Files\Lexmark\NetworkTwain\LMZZZ_32__bc.dll
FirewallRules: [{5A0C90C7-8525-4EE6-A306-BF045A2DA147}] => (Allow) C:\Program Files\Lexmark\NetworkTwain\LMZZZ_32__bc.dll
FirewallRules: [{DC53726F-28D6-4608-92BF-FF61837B9B4F}] => (Allow) C:\Program Files\Lexmark\NetworkTwain\LMzzz_32serv.dll
FirewallRules: [{FF79E56F-3702-4FFB-AEB7-2F34D9003619}] => (Allow) C:\Program Files\Lexmark\NetworkTwain\LMzzz_32serv.dll
FirewallRules: [{942B9EB3-11D3-49FE-8C7E-C6F08AC84A27}] => (Allow) C:\Program Files\Lexmark\NetworkTwain\lextwprotocol.dll
FirewallRules: [{E9DF73DC-BF9D-40E3-80BA-4ABCD3D6709E}] => (Allow) C:\Program Files\Lexmark\NetworkTwain\lextwprotocol.dll
FirewallRules: [{4334080E-FF5C-4BDD-A939-B9BB43E843DC}] => (Allow) C:\Windows\twain_32\Lexmark\NetworkTwain\lexnetworkds.ds
FirewallRules: [{E95267A8-78DA-43C6-833B-EAC845481758}] => (Allow) C:\Windows\twain_32\Lexmark\NetworkTwain\lexnetworkds.ds
FirewallRules: [TCP Query User{186E9791-C9A4-4007-B1ED-F6170351C9CA}C:\program files\videolan\vlc\vlc.exe] => (Block) C:\program files\videolan\vlc\vlc.exe
FirewallRules: [UDP Query User{E2E14712-FDE4-49D4-BC30-66DAC40F5ED9}C:\program files\videolan\vlc\vlc.exe] => (Block) C:\program files\videolan\vlc\vlc.exe
FirewallRules: [{391DEB56-644F-4A26-93AD-A8941A22B4BE}] => (Allow) C:\Program Files\SHAREit\SHAREit\SHAREit.exe
FirewallRules: [{44B45085-E1CA-4DE9-ADDF-2239DE12EBD8}] => (Allow) C:\Program Files\SHAREit\SHAREit\SHAREit.exe
FirewallRules: [{49F34C40-06BC-49B9-9F5E-493985737D4F}] => (Allow) C:\Program Files\Mozilla Firefox\firefox.exe
FirewallRules: [{EE1850E7-17A1-4479-B637-01B556E6F05C}] => (Allow) C:\Program Files\Mozilla Firefox\firefox.exe
FirewallRules: [{8191FD75-55F4-447E-BBED-6E45808017CB}] => (Allow) C:\Program Files\Google\Chrome\Application\chrome.exe

==================== Restore Points =========================

04-05-2016 00:00:57 After installing Advanced Uninstaller PRO
04-05-2016 00:10:25 Restore Point Created by FRST
04-05-2016 00:26:05 Restore Point Created by FRST
04-05-2016 00:38:13 Restore Point Created by FRST
04-05-2016 07:17:46 Restore Point Created by FRST
04-05-2016 18:23:35 Restore Point Created by FRST
04-05-2016 18:29:38 Restore Point Created by FRST

==================== Faulty Device Manager Devices =============

Name: Lexmark X422
Description: Lexmark X422
Class Guid: {6bdd1fc6-810f-11d0-bec7-08002be2092f}
Manufacturer: Lexmark
Service: usbscan
Problem: : This device cannot start. (Code10)
Resolution: Device failed to start. Click "Update Driver" to update the drivers for this device.
On the "General Properties" tab of the device, click "Troubleshoot" to start the troubleshooting wizard.


==================== Event log errors: =========================

Application errors:
==================
Error: (05/04/2016 07:17:45 AM) (Source: VSS) (EventID: 8194) (User: )
Description: Erreur du service de cliché instantané des volumes : erreur lors de l’interrogation de l’interface IVssWriterCallback. hr = 0x80070005, Accès refusé.
.
Cette erreur est souvent due à des paramètres de sécurité incorrects dans le processus du rédacteur ou du demandeur.


Opération :
   Données du rédacteur en cours de collecte

Contexte :
   ID de classe du rédacteur: {e8132975-6f93-4464-a53e-1050253ae220}
   Nom du rédacteur: System Writer
   ID d’instance du rédacteur: {ef1e53a1-7e97-4f39-9fcb-16154928232f}

Error: (05/04/2016 07:15:20 AM) (Source: Winlogon) (EventID: 4103) (User: )
Description: Échec de l’activation de la licence Windows. Erreur 0x80070005.

Error: (05/04/2016 12:00:56 AM) (Source: VSS) (EventID: 8194) (User: )
Description: Erreur du service de cliché instantané des volumes : erreur lors de l’interrogation de l’interface IVssWriterCallback. hr = 0x80070005, Accès refusé.
.
Cette erreur est souvent due à des paramètres de sécurité incorrects dans le processus du rédacteur ou du demandeur.


Opération :
   Données du rédacteur en cours de collecte

Contexte :
   ID de classe du rédacteur: {e8132975-6f93-4464-a53e-1050253ae220}
   Nom du rédacteur: System Writer
   ID d’instance du rédacteur: {a6c11a85-de92-49b3-a8e0-dfbc88641493}

Error: (05/03/2016 11:57:25 PM) (Source: Winlogon) (EventID: 4103) (User: )
Description: Échec de l’activation de la licence Windows. Erreur 0x80070005.

Error: (05/02/2016 07:33:18 PM) (Source: SideBySide) (EventID: 33) (User: )
Description: La création du contexte d’activation a échoué pour « Microsoft.Windows.Common-Controls,language="*",processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0"1 ».
Assembly dépendant Microsoft.Windows.Common-Controls,language="*",processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0" introuvable.
Utilisez sxstrace.exe pour un diagnostic détaillé.

Error: (05/02/2016 07:31:23 PM) (Source: SideBySide) (EventID: 9) (User: )
Description: La création du contexte d’activation a échoué pour « 1 ». Erreur dans le fichier de manifeste ou de stratégie « 2 » à la ligne 3.
L’élément racine du fichier manifeste doit être assembly.

Error: (05/02/2016 06:55:17 PM) (Source: Winlogon) (EventID: 4103) (User: )
Description: Échec de l’activation de la licence Windows. Erreur 0x80070005.

Error: (05/02/2016 08:15:14 AM) (Source: VSS) (EventID: 8194) (User: )
Description: Erreur du service de cliché instantané des volumes : erreur lors de l’interrogation de l’interface IVssWriterCallback. hr = 0x80070005, Accès refusé.
.
Cette erreur est souvent due à des paramètres de sécurité incorrects dans le processus du rédacteur ou du demandeur.


Opération :
   Données du rédacteur en cours de collecte

Contexte :
   ID de classe du rédacteur: {e8132975-6f93-4464-a53e-1050253ae220}
   Nom du rédacteur: System Writer
   ID d’instance du rédacteur: {a739a23d-5583-49a1-84f5-9068eabad014}

Error: (05/02/2016 07:44:02 AM) (Source: Winlogon) (EventID: 4103) (User: )
Description: Échec de l’activation de la licence Windows. Erreur 0x80070005.

Error: (05/02/2016 12:14:30 AM) (Source: VSS) (EventID: 8194) (User: )
Description: Erreur du service de cliché instantané des volumes : erreur lors de l’interrogation de l’interface IVssWriterCallback. hr = 0x80070005, Accès refusé.
.
Cette erreur est souvent due à des paramètres de sécurité incorrects dans le processus du rédacteur ou du demandeur.


Opération :
   Données du rédacteur en cours de collecte

Contexte :
   ID de classe du rédacteur: {e8132975-6f93-4464-a53e-1050253ae220}
   Nom du rédacteur: System Writer
   ID d’instance du rédacteur: {c65af383-46e9-4b4d-bf63-fbc98e1452e2}


System errors:
=============
Error: (05/04/2016 06:29:55 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: Le service Windows Search s’est terminé de façon inattendue pour la 3ème fois.

Error: (05/04/2016 06:29:55 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: Le service Service Partage réseau du Lecteur Windows Media s’est terminé de façon inattendue pour la 3ème fois.

Error: (05/04/2016 06:29:55 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: Le service Spouleur d’impression s’est terminé de façon inattendue pour la 3ème fois.

Error: (05/04/2016 06:24:00 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: Le service Service Partage réseau du Lecteur Windows Media s’est terminé de manière inattendue. Ceci s’est produit 2 fois. L’action corrective suivante va être effectuée dans 30000 millisecondes : Redémarrer le service.

Error: (05/04/2016 06:24:00 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: Le service Windows Search s’est terminé de manière inattendue. Ceci s’est produit 2 fois. L’action corrective suivante va être effectuée dans 30000 millisecondes : Redémarrer le service.

Error: (05/04/2016 06:23:59 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: Le service Spouleur d’impression s’est terminé de manière inattendue. Ceci s’est produit 2 fois. L’action corrective suivante va être effectuée dans 60000 millisecondes : Redémarrer le service.

Error: (05/04/2016 06:20:00 PM) (Source: Microsoft-Windows-WLAN-AutoConfig) (EventID: 10003) (User: AUTORITE NT)
Description: Le module d’extensibilité WLAN s’est arrêté de façon inattendue.

Chemin d’accès du module : C:\Windows\System32\bcmihvsrv.dll

Error: (05/04/2016 12:41:40 PM) (Source: Microsoft-Windows-WLAN-AutoConfig) (EventID: 10003) (User: AUTORITE NT)
Description: Le module d’extensibilité WLAN s’est arrêté de façon inattendue.

Chemin d’accès du module : C:\Windows\System32\bcmihvsrv.dll

Error: (05/04/2016 07:18:10 AM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: Le service Windows Search s’est terminé de manière inattendue. Ceci s’est produit 1 fois. L’action corrective suivante va être effectuée dans 30000 millisecondes : Redémarrer le service.

Error: (05/04/2016 07:18:10 AM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: Le service Service Partage réseau du Lecteur Windows Media s’est terminé de manière inattendue. Ceci s’est produit 1 fois. L’action corrective suivante va être effectuée dans 30000 millisecondes : Redémarrer le service.


==================== Memory info ===========================

Processor: Intel® Core™2 Duo CPU T5470 @ 1.60GHz
Percentage of memory in use: 33%
Total physical RAM: 2039.3 MB
Available physical RAM: 1350.87 MB
Total Virtual: 4078.61 MB
Available Virtual: 3334.17 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:77.6 GB) (Free:45.76 GB) NTFS ==>[drive with boot components (obtained from BCD)]
Drive d: (Sauvgarde) (Fixed) (Total:77.6 GB) (Free:68.31 GB) NTFS
Drive e: (sauvgarde) (Fixed) (Total:77.69 GB) (Free:60.11 GB) NTFS
Drive g: (Blue) (Removable) (Total:0.48 GB) (Free:0.2 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 232.9 GB) (Disk ID: C2D3C2D3)
Partition 1: (Not Active) - (Size=77.6 GB) - (Type=07 NTFS)
Partition 2: (Active) - (Size=77.6 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=77.7 GB) - (Type=07 NTFS)

========================================================
Disk: 1 (Size: 497.9 MB) (Disk ID: 0003DC65)
Partition 1: (Not Active) - (Size=495 MB) - (Type=07 NTFS)

==================== End of Addition.txt ============================

thank you



#9 Aura

Aura

    Bleepin' Special Ops


  • Malware Response Team
  • 19,586 posts
  • ONLINE
  •  
  • Gender:Male
  • Local time:08:45 PM

Posted 05 May 2016 - 11:42 AM

Thank you for the logs :)

Even though FRST "hanged", and the fixlog shows incomplete information, according to your latest FRST.txt and Addition.txt logs, the fix went through (since all the files and entries marked for deletion aren't present anymore). Now that we're done with the main part of the clean-up, there's a few issues I would like to address one by one (issues I noticed in your Event Viewer logs).

We'll start by running a test with GSmartControl on your hard drive, following multiple "controller errors" in your Event Viewer, since this often indicates a hard drive failure, and if that's the case here, we'll want to diagnose it as soon as possible. Follow the instructions below please.

S8ANNnz.pngGSmartControl
Follow the instructions below to test your hard drive health with GSmartControl:
  • Download GSmartControl and save it on your Desktop;
  • Extract the content of the GSmartControl .zip archive and execute gsmartcontrol.exe;
  • Identify your drive in the list, and double-click on it to bring up it's window (usually you'll find your drive by it's size or it's brand name);
  • Go in the Perform Tests tab, then select Extended Self-test in the Test type drop-down list and click on Execute (this test can take a few hours to complete);
  • Once the test is over, the results will be displayed at the bottom of the window. Please copy and paste these results in your next reply;
  • Also, go in the Attributes tab and if you have any entries highlighted in red or pink, copy and paste their name in your next reply (or take a screenshot of the GSmartControl window and attach it in your next reply);
    info_failing.png
Also, how is your computer doing now?

Your next reply should contain the results asked from the GSmartControl test and answer to my question about your computer's current state.

unite_blue.png
Security Administrator | Sysnative Windows Update Senior Analyst | Malware Hunter | @SecurityAura
My timezone UTC-05:00 (East. Coast). If I didn't reply to you within 48 hours, please send me a PM.


#10 Zakko

Zakko
  • Topic Starter

  • Members
  • 14 posts
  • OFFLINE
  •  
  • Local time:01:45 AM

Posted 06 May 2016 - 04:06 AM

Thank you very much, the computer looks like working all fine, here's the report:
 

smartctl 5.43 2012-06-30 r3573 [i686-w64-mingw32-win7-sp1] (sf-5.43-1)
Copyright © 2002-12 by Bruce Allen, http://smartmontools.sourceforge.net
 
=== START OF INFORMATION SECTION ===
Model Family:     Fujitsu MHZ BH
Device Model:     FUJITSU MHZ2250BH G2
Serial Number:    K617T8B3CT58
LU WWN Device Id: 5 00000e 04315e230
Firmware Version: 8909
User Capacity:    250,059,350,016 bytes [250 GB]
Sector Size:      512 bytes logical/physical
Device is:        In smartctl database [for details use: -P show]
ATA Version is:   8
ATA Standard is:  ATA-8-ACS revision 3f
Local Time is:    Thu May 05 22:50:45 2016 
SMART support is: Available - device has SMART capability.
SMART support is: Enabled
 
=== START OF READ SMART DATA SECTION ===
SMART overall-health self-assessment test result: PASSED
 
General SMART Values:
Offline data collection status:  (0x00) Offline data collection activity
was never started.
Auto Offline Data Collection: Disabled.
Self-test execution status:      (   0) The previous self-test routine completed
without error or no self-test has ever 
been run.
Total time to complete Offline 
data collection: ( 1009) seconds.
Offline data collection
capabilities: (0x51) SMART execute Offline immediate.
No Auto Offline data collection support.
Suspend Offline collection upon new
command.
No Offline surface scan supported.
Self-test supported.
No Conveyance Self-test supported.
Selective Self-test supported.
SMART capabilities:            (0x0003) Saves SMART data before entering
power-saving mode.
Supports SMART auto save timer.
Error logging capability:        (0x01) Error logging supported.
General Purpose Logging supported.
Short self-test routine 
recommended polling time: (   2) minutes.
Extended self-test routine
recommended polling time: ( 143) minutes.
SCT capabilities:       (0x003f) SCT Status supported.
SCT Error Recovery Control supported.
SCT Feature Control supported.
SCT Data Table supported.
 
SMART Attributes Data Structure revision number: 16
Vendor Specific SMART Attributes with Thresholds:
ID# ATTRIBUTE_NAME          FLAG     VALUE WORST THRESH TYPE      UPDATED  WHEN_FAILED RAW_VALUE
  1 Raw_Read_Error_Rate     0x000f   100   100   046    Pre-fail  Always       -       140788
  2 Throughput_Performance  0x0005   100   100   030    Pre-fail  Offline      -       44367872
  3 Spin_Up_Time            0x0003   100   100   025    Pre-fail  Always       -       1
  4 Start_Stop_Count        0x0032   098   098   000    Old_age   Always       -       8896
  5 Reallocated_Sector_Ct   0x0033   100   100   024    Pre-fail  Always       -       0 (2000 0)
  7 Seek_Error_Rate         0x000f   100   100   047    Pre-fail  Always       -       2780
  8 Seek_Time_Performance   0x0005   100   100   019    Pre-fail  Offline      -       0
  9 Power_On_Hours          0x0032   087   087   000    Old_age   Always       -       6833
 10 Spin_Retry_Count        0x0013   100   100   020    Pre-fail  Always       -       0
 11 Calibration_Retry_Count 0x0032   253   253   000    Old_age   Always       -       0
 12 Power_Cycle_Count       0x0032   099   099   000    Old_age   Always       -       6257
182 Erase_Fail_Count_Total  0x0032   100   100   000    Old_age   Always       -       0
184 End-to-End_Error        0x0033   253   253   097    Pre-fail  Always       -       0
185 Unknown_Attribute       0x0010   100   100   000    Old_age   Offline      -       12
186 Unknown_Attribute       0x0032   253   253   000    Old_age   Always       -       0
187 Reported_Uncorrect      0x0032   100   100   000    Old_age   Always       -       103079215104
188 Command_Timeout         0x0032   100   099   000    Old_age   Always       -       1
189 High_Fly_Writes         0x003a   100   100   000    Old_age   Always       -       0
190 Airflow_Temperature_Cel 0x0022   044   039   000    Old_age   Always       -       56 (0 1 58 26 0)
191 G-Sense_Error_Rate      0x0032   253   099   000    Old_age   Always       -       16580616
192 Power-Off_Retract_Count 0x0032   100   100   000    Old_age   Always       -       14090455
193 Load_Cycle_Count        0x0032   098   098   000    Old_age   Always       -       51265
195 Hardware_ECC_Recovered  0x001a   100   100   000    Old_age   Always       -       1
196 Reallocated_Event_Count 0x0032   100   100   000    Old_age   Always       -       0 (0 7015)
197 Current_Pending_Sector  0x0012   100   100   000    Old_age   Always       -       0
198 Offline_Uncorrectable   0x0010   100   100   000    Old_age   Offline      -       0
199 UDMA_CRC_Error_Count    0x003e   200   253   000    Old_age   Always       -       0
200 Multi_Zone_Error_Rate   0x000f   100   100   060    Pre-fail  Always       -       17800
203 Run_Out_Cancel          0x0002   100   100   000    Old_age   Always       -       1533285301281
240 Head_Flying_Hours       0x003e   200   200   000    Old_age   Always       -       0
 
SMART Error Log Version: 1
No Errors Logged
 
SMART Self-test log structure revision number 1
Num  Test_Description    Status                  Remaining  LifeTime(hours)  LBA_of_first_error
# 1  Extended offline    Completed without error       00%      6833         -
# 2  Extended offline    Aborted by host               90%      1008         -
# 3  Extended offline    Completed without error       00%      1007         -
# 4  Extended offline    Completed without error       00%      1005         -
# 5  Short offline       Completed without error       00%      1003         -
# 6  Extended offline    Aborted by host               60%      1003         -
# 7  Short offline       Completed without error       00%      1002         -
# 8  Short offline       Aborted by host               90%       483         -
# 9  Short offline       Completed without error       00%       164         -
#10  Short offline       Completed without error       00%       163         -
#11  Short offline       Completed without error       00%       163         -
#12  Short offline       Completed without error       00%       162         -
 
SMART Selective self-test log data structure revision number 1
 SPAN  MIN_LBA  MAX_LBA  CURRENT_TEST_STATUS
    1        0        0  Not_testing
    2        0        0  Not_testing
    3        0        0  Not_testing
    4        0        0  Not_testing
    5        0        0  Not_testing
Selective self-test flags (0x0):
  After scanning selected spans, do NOT read-scan remainder of disk.
If Selective self-test is pending on power-up, resume after 0 minute delay.


#11 Aura

Aura

    Bleepin' Special Ops


  • Malware Response Team
  • 19,586 posts
  • ONLINE
  •  
  • Gender:Male
  • Local time:08:45 PM

Posted 08 May 2016 - 09:44 AM

Thank you for the log :)

Your hard drive isn't failing, so that's good. We'll run a CHKDSK /R on the drive to make sure that there's no bad sectors and/or address them if there are.

EndqYRa.pngCheck Disk (chkdsk)
Follow the instructions below to run a CHKDSK scan on your Windows partition;
  • On Windows Vista & 7, click on the Windows Start Menu, then enter cmd in the search box, right-click on the cmd icon and select Run as Administrator
  • On Windows 8, drag your cursor in the bottom-left corner, and right-click on the metro menu preview, then select Command Prompt (Admin);
  • On Windows 8.1, right click on the Windows logo in the bottom-left corner and select Command Prompt (Admin);
  • Enter the command chkdsk /r (there's a space between "chkdsk" and "/r") and press on Enter;
  • A message will be returned, stating that the drive cannot be locked because it's already in use, and you'll be asked if you want to schedule the scan for the next restart. Enter y and press on Enter;
  • Restart your computer, and the chkdsk scan will be launched automatically;
  • Once the chkdsk scan is complete and you're back in Windows, find the log in the Event Viewer and copy/paste it in your next reply;
WARNING: Depending on your hard drive (specs, free space, fragmentation, etc.) this scan can be relatively long to complete. Give it all the time it needs to finish. Do not interrupt it for any reason there is, or you might be damaging your drive in the process and make your Windows unbootable. It's suggested to let this scan run overnight or when you leave the house for a few hours (when you go to work for example). If you are running this scan on a laptop, don't forget to leave it plugged in;

Your next reply should include:
  • Copy/pasted content of the CHKDSK results;

unite_blue.png
Security Administrator | Sysnative Windows Update Senior Analyst | Malware Hunter | @SecurityAura
My timezone UTC-05:00 (East. Coast). If I didn't reply to you within 48 hours, please send me a PM.


#12 Zakko

Zakko
  • Topic Starter

  • Members
  • 14 posts
  • OFFLINE
  •  
  • Local time:01:45 AM

Posted 09 May 2016 - 12:03 PM

Thank you very much, here's the chkdsk log, just to mention that the chkdsk was auto canceling, which seems to be a common issue, i had to google for a solution

 

Checking file system on C:
The type of file system is NTFS.

CHKDSK is verifying files (stage 1 of 5) ...
  201728 file records processed.
File verification is complete.
  383 large file records processed.
 0 bad file records processed.
2 EA records processed.
82 reparse records processed.
CHKDSK is verifying indexes (stage 2 of 5) ...
  245460 index entries processed.
Index verification completed.
  0 unindexed files scanned.
0 unindexed files recovered.
CHKDSK is verifying security descriptors (stage 3 of 5)
  201728 file SDs/SIDs processed.
Cleaning up 1090 unused index entries from index $ SII
of file 0x9.
Cleaning up 1090 unused index entries from index $ SDH
of file 0x9.
Cleaning up 1090 unused security descriptors.
Security descriptor verification completed.
  21867 data files processed.
CHKDSK is verifying Usn Journal...
  34293168 USN bytes processed.
Usn Journal verification completed.
CHKDSK is verifying file data (stage 4 of 5) ...
  201712 files processed.
File data verification completed.
CHKDSK is verifying free space (stage 5 of 5) ...
  11541625 free clusters processed.
Free space verification is complete.
Windows has checked the file system and found no problems.

  81364991 KB total disk space.
  34817496 KB in 102003 file.
     74896 KB in 21868 indexes.
         0 KB in bad sectors.
    306099 KB in use by the system.
     65536 KB occupied by the log file.
  46166500 KB available on disk.

      4096 bytes in each allocation unit.
  20341247 total allocation units on disk.
  11541625 allocation units available on disk.

Internal Info:
00 March 14 00 ea e3 January 00 F 78 03 00 00 00 00 00 ......... ...... x
d6 56 00 00 52 00 00 00 00 00 00 00 00 00 00 00 .V..R ...........
8d 48 39 00 50 01 38 00 50 01 38 00 00 00 38 00 ... 8 H.9.P.8.P.8.

 

Checking file system on D:
The type of file system is NTFS.
 
CHKDSK is verifying files (stage 1 of 5) ...
  7680 file records processed.
File verification is complete.
  0 large file records processed.
 0 bad file records processed.
0 EA records processed.
0 reparse records processed.
CHKDSK is verifying indexes (stage 2 of 5) ...
  8328 index entries processed.
Index verification completed.
  0 unindexed files scanned.
0 unindexed files recovered.
CHKDSK is verifying security descriptors (stage 3 of 5)
  7680 file SDs/SIDs processed.
Cleaning up 51 unused index entries from index $ SII
of file 0x9.
Cleaning up 51 unused index entries from index $ SDH
of file 0x9.
Cleaning up 51 unused security descriptors.
Security descriptor verification completed.
  325 data files processed.
CHKDSK is verifying Usn Journal...
  10521344 USN bytes processed.
Usn Journal verification completed.
CHKDSK is verifying file data (stage 4 of 5) ...
  7664 files processed.
File data verification completed.
CHKDSK is verifying free space (stage 5 of 5) ...
  17929831 free clusters processed.
Free space verification is complete.
Windows has checked the file system and found no problems.
 
  81364991 KB total disk space.
  9555756 KB in 6992 file.
     3032 KB in 326 indexes.
         0 KB in bad sectors.
    86875 KB in use by the system.
     65536 KB occupied by the log file.
  71719328 KB available on disk.
 
      4096 bytes in each allocation unit.
  20341247 total allocation units on disk.
  17929832 allocation units available on disk.
 
Internal Info:
00 1e 00 00 a1 1c 00 00 83 28 00 00 00 00 00 00  .........(......
c0 03 00 00 00 00 00 00 00 00 00 00 00 00 00 00  ................
48 8d 27 00 50 01 26 00 50 01 26 00 00 00 26 00  H.'.P.&.P.&...&.
 
chkdsk was executed in read/write mode
Checking file system on E:
the volume name is sauvgarde.
 
CHKDSK is verifying files (stage 1 of 5) ...
  8192 file records processed.
File verification is complete.
  0 large file records processed.
 0 bad file records processed.
0 EA records processed.
0 reparse records processed.
CHKDSK is verifying indexes (stage 2 of 5) ...
  9258 index entries processed.
Index verification completed.
  0 unindexed files scanned.
0 unindexed files recovered.
CHKDSK is verifying security descriptors (stage 3 of 5)
  8192 file SDs/SIDs processed.
Cleaning up 59 unused index entries from index $ SII
of file 0x9.
Cleaning up 59 unused index entries from index $ SDH
of file 0x9.
Cleaning up 59 unused security descriptors.
Security descriptor verification completed.
  534 data files processed.
CHKDSK is verifying Usn Journal...
  8664624 USN bytes processed.
Usn Journal verification completed.
CHKDSK is verifying file data (stage 4 of 5) ...
  8176 files processed.
File data verification completed.
CHKDSK is verifying free space (stage 5 of 5) ...
  15782094 free clusters processed.
Free space verification is complete.
Windows has checked the file system and found no problems.
 
  81466367 KB total disk space.
  18249136 KB in 6992 file.
     3248 KB in 326 indexes.
         0 KB in bad sectors.
    85603 KB in use by the system.
     65536 KB occupied by the log file.
  63128380 KB available on disk.
 
      4096 bytes in each allocation unit.
  20341247 total allocation units on disk.
  15782095 allocation units available on disk.
 
Windows has finished checking your disk.

 

Please wait while your computer restarts.


#13 Aura

Aura

    Bleepin' Special Ops


  • Malware Response Team
  • 19,586 posts
  • ONLINE
  •  
  • Gender:Male
  • Local time:08:45 PM

Posted 10 May 2016 - 02:28 PM

Thank you for the log :)

Now, we'll address another issue, which is your corrupt catalog index. You'll need to rebuild. Simply follow the instructions in the guide below to proceed.

http://www.sevenforums.com/tutorials/17880-index-rebuild.html

Once the indexation is complete, let me know.

unite_blue.png
Security Administrator | Sysnative Windows Update Senior Analyst | Malware Hunter | @SecurityAura
My timezone UTC-05:00 (East. Coast). If I didn't reply to you within 48 hours, please send me a PM.


#14 Zakko

Zakko
  • Topic Starter

  • Members
  • 14 posts
  • OFFLINE
  •  
  • Local time:01:45 AM

Posted 10 May 2016 - 06:57 PM

Thank you, it's done

#15 Aura

Aura

    Bleepin' Special Ops


  • Malware Response Team
  • 19,586 posts
  • ONLINE
  •  
  • Gender:Male
  • Local time:08:45 PM

Posted 12 May 2016 - 12:17 PM

Good :)

May I ask you if you installed your Windows 7 yourself, or did it come with your laptop/computer? If you installed it yourself, where did you get the installation media from, and the product key?

unite_blue.png
Security Administrator | Sysnative Windows Update Senior Analyst | Malware Hunter | @SecurityAura
My timezone UTC-05:00 (East. Coast). If I didn't reply to you within 48 hours, please send me a PM.





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users