Jump to content

Helo for remove malware


wiwilol

Recommended Posts

Hello,

 

I recently installed some software which contains virus i think.

My computer goes slow, very slow.

 

I installed malwarebytes and did a full scan, but there are informations that i dont understand.

 

Can you help me please.

 

This is the log generated by malwarebytes after scan :

 

Malwarebytes Anti-Malware (Trial) 1.75.0.1300
www.malwarebytes.org

Database version: v2014.02.24.08

Windows 8 x64 NTFS
Internet Explorer 11.0.9600.16518
wiwi :: SPARKLAND [administrator]

Protection: Enabled

24/02/2014 20:39:31
MBAM-log-2014-02-24 (21-09-48).txt

Scan type: Full scan (C:\|D:\|E:\|F:\|)
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 602644
Time elapsed: 24 minute(s),

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 16
HKCR\AppID\{1DD31B76-C57E-49ba-94BC-BF53F0C82CD4} (PUP.Optional.Funshion) -> No action taken.
HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{1DD31B76-C57E-49ba-94BC-BF53F0C82CD4} (PUP.Optional.Funshion) -> No action taken.
HKCR\CLSID\{67BD9EEB-AA06-4329-A940-D250019300C9} (PUP.Optional.SoftwareUpdater) -> No action taken.
HKCR\TypeLib\{A0EE0278-2986-4E5A-884E-A3BF0357E476} (PUP.Optional.SoftwareUpdater) -> No action taken.
HKCR\Interface\{9EDC0C90-2B5B-4512-953E-35767BAD5C67} (PUP.Optional.SoftwareUpdater) -> No action taken.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{99C91FC5-DB5B-4AA0-BB70-5D89C5A4DF96} (PUP.Optional.SoftwareUpdater) -> No action taken.
HKCR\Updater.AmiUpd.1 (PUP.Optional.SoftwareUpdater) -> No action taken.
HKCR\Updater.AmiUpd (PUP.Optional.SoftwareUpdater) -> No action taken.
HKCR\CLSID\{91878E42-FC03-4785-B513-1F9E613D1027} (PUP.Optional.Funshion) -> No action taken.
HKCR\ASBarBroker.BDBroker.1 (PUP.Optional.Funshion) -> No action taken.
HKCR\ASBarBroker.BDBroker (PUP.Optional.Funshion) -> No action taken.
HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{68B81CCD-A80C-4060-8947-5AE69ED01199} (PUP.Optional.Iminent.A) -> No action taken.
HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{E6B969FB-6D33-48d2-9061-8BBD4899EB08} (PUP.Optional.Iminent.A) -> No action taken.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{11CC93E4-0BE6-4f8f-82AA-D577FB955B05} (PUP.Optional.Funshion) -> No action taken.
HKCR\Iminent (PUP.Optional.Iminent.A) -> No action taken.
HKLM\Software\Iminent (PUP.Optional.Iminent.A) -> No action taken.

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 8
C:\Users\wiwi\AppData\Local\Google\Chrome\User Data\Default\Extensions\igdhbblpcellaljokkpfhcjlagemhgjl (PUP.Optional.Conduit) -> No action taken.
C:\Users\wiwi\AppData\Local\Google\Chrome\User Data\Default\Extensions\igdhbblpcellaljokkpfhcjlagemhgjl\7.51.3.1_0 (PUP.Optional.Conduit) -> No action taken.
C:\Users\wiwi\AppData\Local\Google\Chrome\User Data\Default\Extensions\igdhbblpcellaljokkpfhcjlagemhgjl\7.51.3.1_0\scripts (PUP.Optional.Conduit) -> No action taken.
C:\Users\wiwi\AppData\Local\Google\Chrome\User Data\Default\Extensions\igdhbblpcellaljokkpfhcjlagemhgjl\7.51.3.1_0\scripts\jquery (PUP.Optional.Conduit) -> No action taken.
C:\Users\wiwi\AppData\Local\Google\Chrome\User Data\Default\Extensions\igdhbblpcellaljokkpfhcjlagemhgjl\7.51.3.1_0\scripts\lib (PUP.Optional.Conduit) -> No action taken.
C:\Users\wiwi\AppData\Local\Google\Chrome\User Data\Default\Extensions\igdhbblpcellaljokkpfhcjlagemhgjl\7.51.3.1_0\scripts\minibar (PUP.Optional.Conduit) -> No action taken.
C:\Users\wiwi\AppData\Local\Google\Chrome\User Data\Default\Extensions\igdhbblpcellaljokkpfhcjlagemhgjl\7.51.3.1_0\scripts\minibar\adapters (PUP.Optional.Conduit) -> No action taken.
C:\Users\wiwi\AppData\Local\Google\Chrome\User Data\Default\Extensions\igdhbblpcellaljokkpfhcjlagemhgjl\7.51.3.1_0\scripts\minibar\services (PUP.Optional.Conduit) -> No action taken.

Files Detected: 105
C:\Users\wiwi\AppData\Local\SwvUpdater\Updater.exe (PUP.Optional.SoftwareUpdater) -> No action taken.
C:\AdwCleaner\Quarantine\C\Users\wiwi\AppData\Local\SwvUpdater\Updater.exe.vir (PUP.Optional.Amonetize.A) -> No action taken.
C:\Program Files\Adobe\Adobe Photoshop CS6 (64 Bit)\amtlib.dll (PUP.RiskwareTool.CK) -> No action taken.
C:\Users\wiwi\AppData\Local\Temp\nsr9C1E.tmp\aminsis.dll (PUP.Optional.Amonetize.A) -> No action taken.
E:\logiciel\flash builder\CORE10k.EXE (PUP.Keygen.Intro) -> No action taken.
E:\logiciel\flash builder\keygen.exe (Trojan.Agent) -> No action taken.
C:\Windows\Tasks\AmiUpdXp.job (PUP.Software.Updater) -> No action taken.
C:\Users\wiwi\AppData\Local\Google\Chrome\User Data\Default\Extensions\igdhbblpcellaljokkpfhcjlagemhgjl\7.51.3.1_0\scripts\background.js (PUP.Optional.Conduit) -> No action taken.
C:\Users\wiwi\AppData\Local\Google\Chrome\User Data\Default\Extensions\igdhbblpcellaljokkpfhcjlagemhgjl\7.51.3.1_0\scripts\background.unit.js (PUP.Optional.Conduit) -> No action taken.
C:\Users\wiwi\AppData\Local\Google\Chrome\User Data\Default\Extensions\igdhbblpcellaljokkpfhcjlagemhgjl\7.51.3.1_0\scripts\contentScript.js (PUP.Optional.Conduit) -> No action taken.
C:\Users\wiwi\AppData\Local\Google\Chrome\User Data\Default\Extensions\igdhbblpcellaljokkpfhcjlagemhgjl\7.51.3.1_0\scripts\SOAP.js (PUP.Optional.Conduit) -> No action taken.
C:\Users\wiwi\AppData\Local\Google\Chrome\User Data\Default\Extensions\igdhbblpcellaljokkpfhcjlagemhgjl\7.51.3.1_0\scripts\jquery\jquery.min.js (PUP.Optional.Conduit) -> No action taken.
C:\Users\wiwi\AppData\Local\Google\Chrome\User Data\Default\Extensions\igdhbblpcellaljokkpfhcjlagemhgjl\7.51.3.1_0\scripts\lib\base64.js (PUP.Optional.Conduit) -> No action taken.
C:\Users\wiwi\AppData\Local\Google\Chrome\User Data\Default\Extensions\igdhbblpcellaljokkpfhcjlagemhgjl\7.51.3.1_0\scripts\lib\config.js (PUP.Optional.Conduit) -> No action taken.
C:\Users\wiwi\AppData\Local\Google\Chrome\User Data\Default\Extensions\igdhbblpcellaljokkpfhcjlagemhgjl\7.51.3.1_0\scripts\lib\context.js (PUP.Optional.Conduit) -> No action taken.
C:\Users\wiwi\AppData\Local\Google\Chrome\User Data\Default\Extensions\igdhbblpcellaljokkpfhcjlagemhgjl\7.51.3.1_0\scripts\lib\newtabredirect.js (PUP.Optional.Conduit) -> No action taken.
C:\Users\wiwi\AppData\Local\Google\Chrome\User Data\Default\Extensions\igdhbblpcellaljokkpfhcjlagemhgjl\7.51.3.1_0\scripts\lib\tinifying.js (PUP.Optional.Conduit) -> No action taken.
C:\Users\wiwi\AppData\Local\Google\Chrome\User Data\Default\Extensions\igdhbblpcellaljokkpfhcjlagemhgjl\7.51.3.1_0\scripts\minibar\minibar.min.js (PUP.Optional.Conduit) -> No action taken.
C:\Users\wiwi\AppData\Local\Google\Chrome\User Data\Default\Extensions\igdhbblpcellaljokkpfhcjlagemhgjl\7.51.3.1_0\scripts\minibar\minibar.translations.js (PUP.Optional.Conduit) -> No action taken.
C:\Users\wiwi\AppData\Local\Google\Chrome\User Data\Default\Extensions\igdhbblpcellaljokkpfhcjlagemhgjl\7.51.3.1_0\scripts\minibar\minibar.unit.js (PUP.Optional.Conduit) -> No action taken.
C:\Users\wiwi\AppData\Local\Google\Chrome\User Data\Default\Extensions\igdhbblpcellaljokkpfhcjlagemhgjl\7.51.3.1_0\scripts\minibar\minibar.vars.js (PUP.Optional.Conduit) -> No action taken.
C:\Users\wiwi\AppData\Local\Google\Chrome\User Data\Default\Extensions\igdhbblpcellaljokkpfhcjlagemhgjl\7.51.3.1_0\scripts\minibar\adapters\abril.js (PUP.Optional.Conduit) -> No action taken.
C:\Users\wiwi\AppData\Local\Google\Chrome\User Data\Default\Extensions\igdhbblpcellaljokkpfhcjlagemhgjl\7.51.3.1_0\scripts\minibar\adapters\amazon.js (PUP.Optional.Conduit) -> No action taken.
C:\Users\wiwi\AppData\Local\Google\Chrome\User Data\Default\Extensions\igdhbblpcellaljokkpfhcjlagemhgjl\7.51.3.1_0\scripts\minibar\adapters\aol.js (PUP.Optional.Conduit) -> No action taken.
C:\Users\wiwi\AppData\Local\Google\Chrome\User Data\Default\Extensions\igdhbblpcellaljokkpfhcjlagemhgjl\7.51.3.1_0\scripts\minibar\adapters\ask.js (PUP.Optional.Conduit) -> No action taken.
C:\Users\wiwi\AppData\Local\Google\Chrome\User Data\Default\Extensions\igdhbblpcellaljokkpfhcjlagemhgjl\7.51.3.1_0\scripts\minibar\adapters\autoscout24.js (PUP.Optional.Conduit) -> No action taken.
C:\Users\wiwi\AppData\Local\Google\Chrome\User Data\Default\Extensions\igdhbblpcellaljokkpfhcjlagemhgjl\7.51.3.1_0\scripts\minibar\adapters\autosottocosto.js (PUP.Optional.Conduit) -> No action taken.
C:\Users\wiwi\AppData\Local\Google\Chrome\User Data\Default\Extensions\igdhbblpcellaljokkpfhcjlagemhgjl\7.51.3.1_0\scripts\minibar\adapters\baixaki.js (PUP.Optional.Conduit) -> No action taken.
C:\Users\wiwi\AppData\Local\Google\Chrome\User Data\Default\Extensions\igdhbblpcellaljokkpfhcjlagemhgjl\7.51.3.1_0\scripts\minibar\adapters\bomnegocio.js (PUP.Optional.Conduit) -> No action taken.
C:\Users\wiwi\AppData\Local\Google\Chrome\User Data\Default\Extensions\igdhbblpcellaljokkpfhcjlagemhgjl\7.51.3.1_0\scripts\minibar\adapters\chip.js (PUP.Optional.Conduit) -> No action taken.
C:\Users\wiwi\AppData\Local\Google\Chrome\User Data\Default\Extensions\igdhbblpcellaljokkpfhcjlagemhgjl\7.51.3.1_0\scripts\minibar\adapters\ciao.js (PUP.Optional.Conduit) -> No action taken.
C:\Users\wiwi\AppData\Local\Google\Chrome\User Data\Default\Extensions\igdhbblpcellaljokkpfhcjlagemhgjl\7.51.3.1_0\scripts\minibar\adapters\conduit.js (PUP.Optional.Conduit) -> No action taken.
C:\Users\wiwi\AppData\Local\Google\Chrome\User Data\Default\Extensions\igdhbblpcellaljokkpfhcjlagemhgjl\7.51.3.1_0\scripts\minibar\adapters\corriere.js (PUP.Optional.Conduit) -> No action taken.
C:\Users\wiwi\AppData\Local\Google\Chrome\User Data\Default\Extensions\igdhbblpcellaljokkpfhcjlagemhgjl\7.51.3.1_0\scripts\minibar\adapters\craigslist.js (PUP.Optional.Conduit) -> No action taken.
C:\Users\wiwi\AppData\Local\Google\Chrome\User Data\Default\Extensions\igdhbblpcellaljokkpfhcjlagemhgjl\7.51.3.1_0\scripts\minibar\adapters\dailymotion.js (PUP.Optional.Conduit) -> No action taken.
C:\Users\wiwi\AppData\Local\Google\Chrome\User Data\Default\Extensions\igdhbblpcellaljokkpfhcjlagemhgjl\7.51.3.1_0\scripts\minibar\adapters\default_adapter.js (PUP.Optional.Conduit) -> No action taken.
C:\Users\wiwi\AppData\Local\Google\Chrome\User Data\Default\Extensions\igdhbblpcellaljokkpfhcjlagemhgjl\7.51.3.1_0\scripts\minibar\adapters\delta-search.js (PUP.Optional.Conduit) -> No action taken.
C:\Users\wiwi\AppData\Local\Google\Chrome\User Data\Default\Extensions\igdhbblpcellaljokkpfhcjlagemhgjl\7.51.3.1_0\scripts\minibar\adapters\diretta.js (PUP.Optional.Conduit) -> No action taken.
C:\Users\wiwi\AppData\Local\Google\Chrome\User Data\Default\Extensions\igdhbblpcellaljokkpfhcjlagemhgjl\7.51.3.1_0\scripts\minibar\adapters\ebay.js (PUP.Optional.Conduit) -> No action taken.
C:\Users\wiwi\AppData\Local\Google\Chrome\User Data\Default\Extensions\igdhbblpcellaljokkpfhcjlagemhgjl\7.51.3.1_0\scripts\minibar\adapters\ehow.js (PUP.Optional.Conduit) -> No action taken.
C:\Users\wiwi\AppData\Local\Google\Chrome\User Data\Default\Extensions\igdhbblpcellaljokkpfhcjlagemhgjl\7.51.3.1_0\scripts\minibar\adapters\elmundo.js (PUP.Optional.Conduit) -> No action taken.
C:\Users\wiwi\AppData\Local\Google\Chrome\User Data\Default\Extensions\igdhbblpcellaljokkpfhcjlagemhgjl\7.51.3.1_0\scripts\minibar\adapters\elpais.js (PUP.Optional.Conduit) -> No action taken.
C:\Users\wiwi\AppData\Local\Google\Chrome\User Data\Default\Extensions\igdhbblpcellaljokkpfhcjlagemhgjl\7.51.3.1_0\scripts\minibar\adapters\facebook.IL.js (PUP.Optional.Conduit) -> No action taken.
C:\Users\wiwi\AppData\Local\Google\Chrome\User Data\Default\Extensions\igdhbblpcellaljokkpfhcjlagemhgjl\7.51.3.1_0\scripts\minibar\adapters\facebook.js (PUP.Optional.Conduit) -> No action taken.
C:\Users\wiwi\AppData\Local\Google\Chrome\User Data\Default\Extensions\igdhbblpcellaljokkpfhcjlagemhgjl\7.51.3.1_0\scripts\minibar\adapters\facebook.US.js (PUP.Optional.Conduit) -> No action taken.
C:\Users\wiwi\AppData\Local\Google\Chrome\User Data\Default\Extensions\igdhbblpcellaljokkpfhcjlagemhgjl\7.51.3.1_0\scripts\minibar\adapters\foxsports.js (PUP.Optional.Conduit) -> No action taken.
C:\Users\wiwi\AppData\Local\Google\Chrome\User Data\Default\Extensions\igdhbblpcellaljokkpfhcjlagemhgjl\7.51.3.1_0\scripts\minibar\adapters\friv.js (PUP.Optional.Conduit) -> No action taken.
C:\Users\wiwi\AppData\Local\Google\Chrome\User Data\Default\Extensions\igdhbblpcellaljokkpfhcjlagemhgjl\7.51.3.1_0\scripts\minibar\adapters\funutilities.js (PUP.Optional.Conduit) -> No action taken.
C:\Users\wiwi\AppData\Local\Google\Chrome\User Data\Default\Extensions\igdhbblpcellaljokkpfhcjlagemhgjl\7.51.3.1_0\scripts\minibar\adapters\globo.js (PUP.Optional.Conduit) -> No action taken.
C:\Users\wiwi\AppData\Local\Google\Chrome\User Data\Default\Extensions\igdhbblpcellaljokkpfhcjlagemhgjl\7.51.3.1_0\scripts\minibar\adapters\gmx.js (PUP.Optional.Conduit) -> No action taken.
C:\Users\wiwi\AppData\Local\Google\Chrome\User Data\Default\Extensions\igdhbblpcellaljokkpfhcjlagemhgjl\7.51.3.1_0\scripts\minibar\adapters\go.js (PUP.Optional.Conduit) -> No action taken.
C:\Users\wiwi\AppData\Local\Google\Chrome\User Data\Default\Extensions\igdhbblpcellaljokkpfhcjlagemhgjl\7.51.3.1_0\scripts\minibar\adapters\google.js (PUP.Optional.Conduit) -> No action taken.
C:\Users\wiwi\AppData\Local\Google\Chrome\User Data\Default\Extensions\igdhbblpcellaljokkpfhcjlagemhgjl\7.51.3.1_0\scripts\minibar\adapters\gumtree.js (PUP.Optional.Conduit) -> No action taken.
C:\Users\wiwi\AppData\Local\Google\Chrome\User Data\Default\Extensions\igdhbblpcellaljokkpfhcjlagemhgjl\7.51.3.1_0\scripts\minibar\adapters\huffingtonpost.js (PUP.Optional.Conduit) -> No action taken.
C:\Users\wiwi\AppData\Local\Google\Chrome\User Data\Default\Extensions\igdhbblpcellaljokkpfhcjlagemhgjl\7.51.3.1_0\scripts\minibar\adapters\ilmeteo.js (PUP.Optional.Conduit) -> No action taken.
C:\Users\wiwi\AppData\Local\Google\Chrome\User Data\Default\Extensions\igdhbblpcellaljokkpfhcjlagemhgjl\7.51.3.1_0\scripts\minibar\adapters\imdb.js (PUP.Optional.Conduit) -> No action taken.
C:\Users\wiwi\AppData\Local\Google\Chrome\User Data\Default\Extensions\igdhbblpcellaljokkpfhcjlagemhgjl\7.51.3.1_0\scripts\minibar\adapters\inbox.js (PUP.Optional.Conduit) -> No action taken.
C:\Users\wiwi\AppData\Local\Google\Chrome\User Data\Default\Extensions\igdhbblpcellaljokkpfhcjlagemhgjl\7.51.3.1_0\scripts\minibar\adapters\indeed.js (PUP.Optional.Conduit) -> No action taken.
C:\Users\wiwi\AppData\Local\Google\Chrome\User Data\Default\Extensions\igdhbblpcellaljokkpfhcjlagemhgjl\7.51.3.1_0\scripts\minibar\adapters\instagram.js (PUP.Optional.Conduit) -> No action taken.
C:\Users\wiwi\AppData\Local\Google\Chrome\User Data\Default\Extensions\igdhbblpcellaljokkpfhcjlagemhgjl\7.51.3.1_0\scripts\minibar\adapters\jappy.js (PUP.Optional.Conduit) -> No action taken.
C:\Users\wiwi\AppData\Local\Google\Chrome\User Data\Default\Extensions\igdhbblpcellaljokkpfhcjlagemhgjl\7.51.3.1_0\scripts\minibar\adapters\leboncoin.js (PUP.Optional.Conduit) -> No action taken.
C:\Users\wiwi\AppData\Local\Google\Chrome\User Data\Default\Extensions\igdhbblpcellaljokkpfhcjlagemhgjl\7.51.3.1_0\scripts\minibar\adapters\libero.js (PUP.Optional.Conduit) -> No action taken.
C:\Users\wiwi\AppData\Local\Google\Chrome\User Data\Default\Extensions\igdhbblpcellaljokkpfhcjlagemhgjl\7.51.3.1_0\scripts\minibar\adapters\live.js (PUP.Optional.Conduit) -> No action taken.
C:\Users\wiwi\AppData\Local\Google\Chrome\User Data\Default\Extensions\igdhbblpcellaljokkpfhcjlagemhgjl\7.51.3.1_0\scripts\minibar\adapters\marca.js (PUP.Optional.Conduit) -> No action taken.
C:\Users\wiwi\AppData\Local\Google\Chrome\User Data\Default\Extensions\igdhbblpcellaljokkpfhcjlagemhgjl\7.51.3.1_0\scripts\minibar\adapters\mediaset.js (PUP.Optional.Conduit) -> No action taken.
C:\Users\wiwi\AppData\Local\Google\Chrome\User Data\Default\Extensions\igdhbblpcellaljokkpfhcjlagemhgjl\7.51.3.1_0\scripts\minibar\adapters\mercadolivre.js (PUP.Optional.Conduit) -> No action taken.
C:\Users\wiwi\AppData\Local\Google\Chrome\User Data\Default\Extensions\igdhbblpcellaljokkpfhcjlagemhgjl\7.51.3.1_0\scripts\minibar\adapters\milanuncios.js (PUP.Optional.Conduit) -> No action taken.
C:\Users\wiwi\AppData\Local\Google\Chrome\User Data\Default\Extensions\igdhbblpcellaljokkpfhcjlagemhgjl\7.51.3.1_0\scripts\minibar\adapters\msn.js (PUP.Optional.Conduit) -> No action taken.
C:\Users\wiwi\AppData\Local\Google\Chrome\User Data\Default\Extensions\igdhbblpcellaljokkpfhcjlagemhgjl\7.51.3.1_0\scripts\minibar\adapters\mundoanuncio.js (PUP.Optional.Conduit) -> No action taken.
C:\Users\wiwi\AppData\Local\Google\Chrome\User Data\Default\Extensions\igdhbblpcellaljokkpfhcjlagemhgjl\7.51.3.1_0\scripts\minibar\adapters\netlog.js (PUP.Optional.Conduit) -> No action taken.
C:\Users\wiwi\AppData\Local\Google\Chrome\User Data\Default\Extensions\igdhbblpcellaljokkpfhcjlagemhgjl\7.51.3.1_0\scripts\minibar\adapters\nirvam.js (PUP.Optional.Conduit) -> No action taken.
C:\Users\wiwi\AppData\Local\Google\Chrome\User Data\Default\Extensions\igdhbblpcellaljokkpfhcjlagemhgjl\7.51.3.1_0\scripts\minibar\adapters\okcupid.js (PUP.Optional.Conduit) -> No action taken.
C:\Users\wiwi\AppData\Local\Google\Chrome\User Data\Default\Extensions\igdhbblpcellaljokkpfhcjlagemhgjl\7.51.3.1_0\scripts\minibar\adapters\olx.js (PUP.Optional.Conduit) -> No action taken.
C:\Users\wiwi\AppData\Local\Google\Chrome\User Data\Default\Extensions\igdhbblpcellaljokkpfhcjlagemhgjl\7.51.3.1_0\scripts\minibar\adapters\orange.js (PUP.Optional.Conduit) -> No action taken.
C:\Users\wiwi\AppData\Local\Google\Chrome\User Data\Default\Extensions\igdhbblpcellaljokkpfhcjlagemhgjl\7.51.3.1_0\scripts\minibar\adapters\pagesjaunes.js (PUP.Optional.Conduit) -> No action taken.
C:\Users\wiwi\AppData\Local\Google\Chrome\User Data\Default\Extensions\igdhbblpcellaljokkpfhcjlagemhgjl\7.51.3.1_0\scripts\minibar\adapters\photobucket.js (PUP.Optional.Conduit) -> No action taken.
C:\Users\wiwi\AppData\Local\Google\Chrome\User Data\Default\Extensions\igdhbblpcellaljokkpfhcjlagemhgjl\7.51.3.1_0\scripts\minibar\adapters\pinterest.js (PUP.Optional.Conduit) -> No action taken.
C:\Users\wiwi\AppData\Local\Google\Chrome\User Data\Default\Extensions\igdhbblpcellaljokkpfhcjlagemhgjl\7.51.3.1_0\scripts\minibar\adapters\pof.js (PUP.Optional.Conduit) -> No action taken.
C:\Users\wiwi\AppData\Local\Google\Chrome\User Data\Default\Extensions\igdhbblpcellaljokkpfhcjlagemhgjl\7.51.3.1_0\scripts\minibar\adapters\repubblica.js (PUP.Optional.Conduit) -> No action taken.
C:\Users\wiwi\AppData\Local\Google\Chrome\User Data\Default\Extensions\igdhbblpcellaljokkpfhcjlagemhgjl\7.51.3.1_0\scripts\minibar\adapters\roblox.js (PUP.Optional.Conduit) -> No action taken.
C:\Users\wiwi\AppData\Local\Google\Chrome\User Data\Default\Extensions\igdhbblpcellaljokkpfhcjlagemhgjl\7.51.3.1_0\scripts\minibar\adapters\segundamano.js (PUP.Optional.Conduit) -> No action taken.
C:\Users\wiwi\AppData\Local\Google\Chrome\User Data\Default\Extensions\igdhbblpcellaljokkpfhcjlagemhgjl\7.51.3.1_0\scripts\minibar\adapters\sfr.js (PUP.Optional.Conduit) -> No action taken.
C:\Users\wiwi\AppData\Local\Google\Chrome\User Data\Default\Extensions\igdhbblpcellaljokkpfhcjlagemhgjl\7.51.3.1_0\scripts\minibar\adapters\shopping.js (PUP.Optional.Conduit) -> No action taken.
C:\Users\wiwi\AppData\Local\Google\Chrome\User Data\Default\Extensions\igdhbblpcellaljokkpfhcjlagemhgjl\7.51.3.1_0\scripts\minibar\adapters\skyrock.js (PUP.Optional.Conduit) -> No action taken.
C:\Users\wiwi\AppData\Local\Google\Chrome\User Data\Default\Extensions\igdhbblpcellaljokkpfhcjlagemhgjl\7.51.3.1_0\scripts\minibar\adapters\spiegel.js (PUP.Optional.Conduit) -> No action taken.
C:\Users\wiwi\AppData\Local\Google\Chrome\User Data\Default\Extensions\igdhbblpcellaljokkpfhcjlagemhgjl\7.51.3.1_0\scripts\minibar\adapters\subito.js (PUP.Optional.Conduit) -> No action taken.
C:\Users\wiwi\AppData\Local\Google\Chrome\User Data\Default\Extensions\igdhbblpcellaljokkpfhcjlagemhgjl\7.51.3.1_0\scripts\minibar\adapters\t-online.js (PUP.Optional.Conduit) -> No action taken.
C:\Users\wiwi\AppData\Local\Google\Chrome\User Data\Default\Extensions\igdhbblpcellaljokkpfhcjlagemhgjl\7.51.3.1_0\scripts\minibar\adapters\tagged.js (PUP.Optional.Conduit) -> No action taken.
C:\Users\wiwi\AppData\Local\Google\Chrome\User Data\Default\Extensions\igdhbblpcellaljokkpfhcjlagemhgjl\7.51.3.1_0\scripts\minibar\adapters\terra.js (PUP.Optional.Conduit) -> No action taken.
C:\Users\wiwi\AppData\Local\Google\Chrome\User Data\Default\Extensions\igdhbblpcellaljokkpfhcjlagemhgjl\7.51.3.1_0\scripts\minibar\adapters\tiscali.js (PUP.Optional.Conduit) -> No action taken.
C:\Users\wiwi\AppData\Local\Google\Chrome\User Data\Default\Extensions\igdhbblpcellaljokkpfhcjlagemhgjl\7.51.3.1_0\scripts\minibar\adapters\tripadvisor.js (PUP.Optional.Conduit) -> No action taken.
C:\Users\wiwi\AppData\Local\Google\Chrome\User Data\Default\Extensions\igdhbblpcellaljokkpfhcjlagemhgjl\7.51.3.1_0\scripts\minibar\adapters\twitpic.js (PUP.Optional.Conduit) -> No action taken.
C:\Users\wiwi\AppData\Local\Google\Chrome\User Data\Default\Extensions\igdhbblpcellaljokkpfhcjlagemhgjl\7.51.3.1_0\scripts\minibar\adapters\twitter.js (PUP.Optional.Conduit) -> No action taken.
C:\Users\wiwi\AppData\Local\Google\Chrome\User Data\Default\Extensions\igdhbblpcellaljokkpfhcjlagemhgjl\7.51.3.1_0\scripts\minibar\adapters\uol.js (PUP.Optional.Conduit) -> No action taken.
C:\Users\wiwi\AppData\Local\Google\Chrome\User Data\Default\Extensions\igdhbblpcellaljokkpfhcjlagemhgjl\7.51.3.1_0\scripts\minibar\adapters\v9.js (PUP.Optional.Conduit) -> No action taken.
C:\Users\wiwi\AppData\Local\Google\Chrome\User Data\Default\Extensions\igdhbblpcellaljokkpfhcjlagemhgjl\7.51.3.1_0\scripts\minibar\adapters\virgilio.js (PUP.Optional.Conduit) -> No action taken.
C:\Users\wiwi\AppData\Local\Google\Chrome\User Data\Default\Extensions\igdhbblpcellaljokkpfhcjlagemhgjl\7.51.3.1_0\scripts\minibar\adapters\voila.js (PUP.Optional.Conduit) -> No action taken.
C:\Users\wiwi\AppData\Local\Google\Chrome\User Data\Default\Extensions\igdhbblpcellaljokkpfhcjlagemhgjl\7.51.3.1_0\scripts\minibar\adapters\walmart.js (PUP.Optional.Conduit) -> No action taken.
C:\Users\wiwi\AppData\Local\Google\Chrome\User Data\Default\Extensions\igdhbblpcellaljokkpfhcjlagemhgjl\7.51.3.1_0\scripts\minibar\adapters\weather.js (PUP.Optional.Conduit) -> No action taken.
C:\Users\wiwi\AppData\Local\Google\Chrome\User Data\Default\Extensions\igdhbblpcellaljokkpfhcjlagemhgjl\7.51.3.1_0\scripts\minibar\adapters\web.js (PUP.Optional.Conduit) -> No action taken.
C:\Users\wiwi\AppData\Local\Google\Chrome\User Data\Default\Extensions\igdhbblpcellaljokkpfhcjlagemhgjl\7.51.3.1_0\scripts\minibar\adapters\yahoo.js (PUP.Optional.Conduit) -> No action taken.
C:\Users\wiwi\AppData\Local\Google\Chrome\User Data\Default\Extensions\igdhbblpcellaljokkpfhcjlagemhgjl\7.51.3.1_0\scripts\minibar\adapters\yelp.js (PUP.Optional.Conduit) -> No action taken.
C:\Users\wiwi\AppData\Local\Google\Chrome\User Data\Default\Extensions\igdhbblpcellaljokkpfhcjlagemhgjl\7.51.3.1_0\scripts\minibar\adapters\youtube.js (PUP.Optional.Conduit) -> No action taken.
C:\Users\wiwi\AppData\Local\Google\Chrome\User Data\Default\Extensions\igdhbblpcellaljokkpfhcjlagemhgjl\7.51.3.1_0\scripts\minibar\services\bhp.js (PUP.Optional.Conduit) -> No action taken.
C:\Users\wiwi\AppData\Local\Google\Chrome\User Data\Default\Extensions\igdhbblpcellaljokkpfhcjlagemhgjl\7.51.3.1_0\scripts\minibar\services\favlinks.js (PUP.Optional.Conduit) -> No action taken.

(end)
 

Link to post
Share on other sites

Welcome to the forum.

Please download and run RogueKiller 32 Bit to your desktop.

RogueKiller 64 Bit <---use this one for 64 bit systems

Which system am I using?

Quit all running programs.

For Windows XP, double-click to start.

For Vista or Windows 7-8, do a right-click on the program, select Run as Administrator to start, & when prompted Allow to run.

Click Scan to scan the system.

When the scan completes > Close out the program > Don't Fix anything!

Don't run any other options, they're not all bad!!!!!!!

Post back the report which should be located on your desktop.

(please don't put logs in code or quotes and use the default font)

General Forum P2P/Piracy Warning:

1. If you're using Peer 2 Peer software such uTorrent, BitTorrent or similar you must either fully uninstall it or completely disable it from running while being assisted here.

Failure to remove or disable such software will result in your topic being closed and no further assistance being provided.

2. If you have illegal/cracked software, cracks, keygens, custom (Adobe) host file, etc. on the system, please remove or uninstall them now and read the policy on Piracy.

Failure to remove such software will result in your topic being closed and no further assistance being provided.

MrC

Note:

Please read all of my instructions completely including these.

Make sure system restore is turned on and running, please create a new restore point

Make sure you're subscribed to this topic: Click on the Follow This Topic Button (at the top right of this page), make sure that the Receive notification box is checked and that it is set to Instantly

Removing malware can be unpredictable...unlikely but things can go very wrong! Backup any files that cannot be replaced. You can copy them to a CD/DVD, external drive or a pen drive

<+>Please don't run any other scans, download, install or uninstall any programs while I'm working with you.

<+>The removal of malware isn't instantaneous, please be patient.

<+>When we are done, I'll give to instructions on how to cleanup all the tools and logs

<+>Please stick with me until I give you the "all clear" and Please don't waste my time by leaving before that.

------->Your topic will be closed if you haven't replied within 3 days!<--------

(If I don't respond within 24 hours, please send me a PM)

Link to post
Share on other sites

Thanks for your fast response. :)

 

Here is the logs of Roguekiller :

 

RogueKiller V8.8.9 _x64_ [Feb 24 2014] by Tigzy
mail : tigzyRK<at>gmail<dot>com
Feedback : http://forum.adlice.com
Website : http://www.adlice.com/softwares/roguekiller/
Blog : http://www.adlice.com

Operating System : Windows 8.1 (6.3.9200 ) 64 bits version
Started in : Normal mode
User : wiwi [Admin rights]
Mode : Scan -- Date : 02/24/2014 22:29:35
| ARK || FAK || MBR |

¤¤¤ Bad processes : 0 ¤¤¤

¤¤¤ Registry Entries : 6 ¤¤¤
[RUN][sUSP PATH] HKCU\[...]\Run : 360WallPaper ("C:\Users\wiwi\AppData\Roaming\360bizhi\360wpsrv.exe" [7]) -> FOUND
[RUN][sUSP PATH] HKUS\S-1-5-21-2034558399-3691735088-876375644-1001\[...]\Run : 360WallPaper ("C:\Users\wiwi\AppData\Roaming\360bizhi\360wpsrv.exe" [7]) -> FOUND
[HJ POL][PUM] HKLM\[...]\System : ConsentPromptBehaviorAdmin (0) -> FOUND
[HJ POL][PUM] HKLM\[...]\Wow6432Node\[...]\System : ConsentPromptBehaviorAdmin (0) -> FOUND
[HJ DESK][PUM] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> FOUND
[HJ DESK][PUM] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FOUND

¤¤¤ Scheduled tasks : 0 ¤¤¤

¤¤¤ Startup Entries : 0 ¤¤¤

¤¤¤ Web browsers : 0 ¤¤¤

¤¤¤ Browser Addons : 0 ¤¤¤

¤¤¤ Particular Files / Folders: ¤¤¤

¤¤¤ Driver : [NOT LOADED 0x0] ¤¤¤

¤¤¤ External Hives: ¤¤¤

¤¤¤ Infection :  ¤¤¤

¤¤¤ HOSTS File: ¤¤¤
--> %SystemRoot%\System32\drivers\etc\hosts




¤¤¤ MBR Check: ¤¤¤

+++++ PhysicalDrive0: (\\.\PHYSICALDRIVE0 @ IDE) HGST HTS721010A9E630 ATA Device +++++
--- User ---
[MBR] cbde8be2d16632a1b7796a42a1c4699d
[bSP] c0f4f392bb005834ae222b1efeb5628e : Empty MBR Code
Partition table:
0 - [XXXXXX] UNKNOWN (0x00) [VISIBLE] Offset (sectors): 1 | Size: 2097152 Mo
User = LL1 ... OK!
User = LL2 ... OK!

+++++ PhysicalDrive1: (\\.\PHYSICALDRIVE1 @ IDE) SAMSUNG SSD 830 Series ATA Device +++++
--- User ---
[MBR] 894d9e5ca2ae2e666ffad6c0fbe4a56b
[bSP] 3ad2ad148798eafb11205192336a14c4 : Empty MBR Code
Partition table:
0 - [XXXXXX] UNKNOWN (0x00) [VISIBLE] Offset (sectors): 1 | Size: 2097152 Mo
User = LL1 ... OK!
User = LL2 ... OK!

Finished : << RKreport[0]_S_02242014_222935.txt >>



 

Link to post
Share on other sites

OK...run this scan and we'll see what's on the system.......

Please download Farbar Recovery Scan Tool (FRST) and save it to a folder.

(use correct version for your system.....Which system am I using?)

FRST <----for 32 bit systems

FRST64 <----for 64 bit systems

  • Double-click to run it. When the tool opens click Yes to disclaimer.
  • Press Scan button.
  • It will make a log (FRST.txt) in the same directory the tool is run. Please copy and paste it to your reply.
  • The first time the tool is run, it makes also another log (Addition.txt). Please attach it to your reply.
If the logs are large, you can attach them:

To attach a log:

Bottom right corner of this page.

reply1.jpg

New window that comes up.

replyer1.jpg

MrC

Link to post
Share on other sites

So he is the log of FRST.txt :

 

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 24-02-2014 01
Ran by wiwi (administrator) on SPARKLAND on 24-02-2014 23:38:09
Running from C:\Users\wiwi\Downloads
Windows 8.1 Pro (X64) OS Language: English(US)
Internet Explorer Version 11
Boot Mode: Normal

The only official download link for FRST:
Download link for 32-Bit version: http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/81/
Download link for 64-Bit Version: http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/82/
Download link from any site other than Bleeping Computer is unpermitted or outdated.
See tutorial for FRST: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(NVIDIA Corporation) C:\Windows\system32\nvvsvc.exe
(360.cn) C:\Program Files (x86)\360\360safe\deepscan\zhudongfangyu.exe
(Windows ® Win 7 DDK provider) C:\Program Files (x86)\Bluetooth Suite\adminservice.exe
(Intel® Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe
(Microsoft Corporation) C:\Windows\system32\dashost.exe
() C:\Windows\KMS\KMS.exe
(Micro-Star International Co., Ltd.) C:\Program Files (x86)\SCM\MSIService.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
(Qualcomm Atheros) C:\Program Files\Qualcomm Atheros\Network Manager\KillerService.exe
(Microsoft Corporation) C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
(Atheros) C:\Program Files (x86)\Bluetooth Suite\Ath_CoexAgent.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\FWService\IntelMeFWService.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\Windows\system32\nvvsvc.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe
(Microsoft Corporation) C:\Windows\System32\skydrive.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(http://tortoisesvn.net) C:\Program Files\TortoiseSVN\bin\TSVNCache.exe
(Synaptics Incorporated) C:\PROGRAM FILES\SYNAPTICS\SYNTP\SYNTPHELPER.EXE
(Qualcomm®Atheros®) C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe
() C:\Program Files (x86)\Bluetooth Suite\ActivateDesktop.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(MSI) C:\Program Files (x86)\SCM\Radio Manager.exe
(MSI) C:\Program Files (x86)\SCM\SCM.exe
(Intel Corporation) C:\Windows\System32\igfxtray.exe
(Intel Corporation) C:\Windows\system32\igfxsrvc.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
() C:\Program Files\Qualcomm Atheros\Network Manager\NetworkManager.exe
(Micro-Star International Co., Ltd.) C:\Program Files (x86)\MSI\KLM\KLM.exe
(360.cn) C:\Program Files (x86)\360\360safe\SoftMgr\SML\SoftMgrLite.exe
() C:\Program Files (x86)\QvodPlayer\QvodWebBase\1.0.0.47\QvodWebService.exe
(Microsoft Corporation) C:\Windows\System32\SettingSyncHost.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe
(http://tortoisesvn.net) C:\Program Files\TortoiseSVN\bin\TSVNCache.exe
(Microsoft Corporation) C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_17.5.9600.20315_x64__8wekyb3d8bbwe\LiveComm.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Daum Communications) C:\Program Files (x86)\Pure Codec\PotPlayerMini.exe


==================== Registry (Whitelisted) ==================

HKLM\...\Run: [RTHDVCPL] - C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [13513288 2013-03-29] (Realtek Semiconductor)
HKLM\...\Run: [Radio Manager] - C:\Program Files (x86)\SCM\Radio Manager.exe [406920 2013-04-18] (MSI)
HKLM\...\Run: [sCM] - C:\Program Files (x86)\SCM\SCM.exe [407968 2013-04-18] (MSI)
HKLM\...\Run: [NvBackend] - C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe [2234144 2014-01-21] (NVIDIA Corporation)
HKLM-x32\...\Run: [KLM] - C:\Program Files (x86)\MSI\KLM\KLM.exe [1564040 2013-04-22] (Micro-Star International Co., Ltd.)
HKLM-x32\...\Run: [360Safetray] - C:\Program Files (x86)\360\360safe\safemon\360tray.exe [894896 2014-01-16] (360.cn)
HKLM-x32\...\RunOnce: [Malwarebytes Anti-Malware] - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe /install /silent [532040 2013-04-04] (Malwarebytes Corporation)
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
HKLM\...\Policies\Explorer\Run: [btvStack] - C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe [132736 2013-11-28] ( (Qualcomm®Atheros®))
HKU\S-1-5-21-2034558399-3691735088-876375644-1001\...\Run: [360sd] - C:\Program Files (x86)\360\360sd\360sdrun.exe [847800 2013-10-11] (360.cn)
HKU\S-1-5-21-2034558399-3691735088-876375644-1001\...\Run: [360WallPaper] - C:\Users\wiwi\AppData\Roaming\360bizhi\360wpsrv.exe [970680 2013-10-09] (360.cn)
HKU\S-1-5-21-2034558399-3691735088-876375644-1001\...\Policies\Explorer: [NoLowDiskSpaceChecks] 1
HKU\S-1-5-21-2034558399-3691735088-876375644-1001\...\MountPoints2: {41ff9d75-73b1-11e3-826c-8c89a50e14a9} - "I:\bootstrap.exe"
AppInit_DLLs: C:\Windows\system32\nvinitx.dll => C:\Windows\system32\nvinitx.dll [168616 2013-12-19] (NVIDIA Corporation)
AppInit_DLLs-x32: C:\Windows\SysWOW64\nvinit.dll => C:\Windows\SysWOW64\nvinit.dll [141336 2013-12-19] (NVIDIA Corporation)

==================== Internet (Whitelisted) ====================

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://t.fr.msn.com/
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 0x4471D4DC2924CF01
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = fr-FR,fr;q=0.8,zh-Hans-CN;q=0.5,zh-Hans;q=0.3
SearchScopes: HKCU - {B8E20CD7-BAC2-4820-9AA6-1060B3AF25E2} URL = http://www.baidu.com/s?wd={searchTerms}&ie={inputEncoding}&oe={outputEncoding}&abar=2&tn=20041099_oem_dg&ch=33
BHO: QQDownload IE Left Helper - {00000000-12C9-4305-82F9-43058F20E8D2} - C:\Program Files (x86)\Tencent\QQDownload\QQIEHelper64.dll (Tencent Technology (Shenzhen) Company Limited)
BHO: Lync Browser Helper - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files\Microsoft Office\Office15\OCHelper.dll (Microsoft Corporation)
BHO: QvodExtend - {A8502600-B272-4F68-A67B-A0305D46D298} - C:\Program Files (x86)\QvodPlayer\QvodExtend\5.0.97.0\QvodExtend_x64.dll (Shenzhen QVOD Technology Co.,Ltd)
BHO: SafeMon Class - {B69F34DD-F0F9-42DC-9EDD-957187DA688D} - C:\Program Files (x86)\360\360safe\safemon\safemon64.dll (360.cn)
BHO: Microsoft SkyDrive Pro Browser Helper - {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} - C:\Program Files\Microsoft Office\Office15\GROOVEEX.DLL (Microsoft Corporation)
BHO-x32: QQDownload IE Left Helper - {00000000-12C9-4305-82F9-43058F20E8D2} - C:\Program Files (x86)\Tencent\QQDownload\QQIEHelper01.dll (Tencent Technology (Shenzhen) Company Limited)
BHO-x32: Lync Browser Helper - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files (x86)\Microsoft Office\Office15\OCHelper.dll (Microsoft Corporation)
BHO-x32: Media Viewer - {3d62bda6-fe86-45b5-b41a-7828a93dd62a} - C:\Program Files (x86)\MediaViewerV1\MediaViewerV1alpha453\ie\MediaViewerV1alpha453.dll No File
BHO-x32: Java Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO-x32: QvodExtend - {A8502600-B272-4F68-A67B-A0305D46D297} - C:\Program Files (x86)\QvodPlayer\QvodExtend\5.0.97.0\QvodExtend.dll (Shenzhen QVOD Technology Co.,Ltd)
BHO-x32: SafeMon Class - {B69F34DD-F0F9-42DC-9EDD-957187DA688D} - C:\Program Files (x86)\360\360safe\safemon\safemon.dll (360.cn)
BHO-x32: Microsoft SkyDrive Pro Browser Helper - {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} - C:\Program Files (x86)\Microsoft Office\Office15\GROOVEEX.DLL (Microsoft Corporation)
BHO-x32: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
Handler: KuGoo - {6AC4FBC7-AA38-45EC-9634-D6D20B679EFC} -  No File
Handler: KuGoo3 - {6AC4FBC7-AA38-45EC-9634-D6D20B679EFC} -  No File
Handler: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office\Office15\MSOSB.DLL (Microsoft Corporation)
Handler-x32: KuGoo - {6AC4FBC7-AA38-45EC-9634-D6D20B679EFC} - C:\Program Files (x86)\KuGou2012\KuGoo3DownXControl.ocx (广州酷狗计算机科技有限公司)
Handler-x32: KuGoo3 - {6AC4FBC7-AA38-45EC-9634-D6D20B679EFC} - C:\Program Files (x86)\KuGou2012\KuGoo3DownXControl.ocx (广州酷狗计算机科技有限公司)
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
Tcpip\Parameters: [DhcpNameServer] 192.168.1.254

FireFox:
========
FF ProfilePath: C:\Users\wiwi\AppData\Roaming\Mozilla\Firefox\Profiles\n9s6s2rv.default-1391471225261
FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF64_11_9_900_170.dll ()
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - C:\Program Files\Microsoft Silverlight\5.1.20913.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @microsoft.com/SharePoint,version=14.0 - C:\PROGRA~1\MICROS~1\Office15\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin: @qvod.com/QvodShare - C:\Program Files (x86)\QvodPlayer\npShareModule_x64.dll (Shenzhen QVOD Technology Co.,Ltd)
FF Plugin-x32: @360.cn/npaxlogin - C:\Program Files (x86)\360\360safe\Utils\npaxlogin.dll (360.cn)
FF Plugin-x32: @adobe.com/FlashPlayer - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_9_900_170.dll ()
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=4.0.5 - C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIIPT.dll (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater - C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIUpdater.dll (Intel Corporation)
FF Plugin-x32: @java.com/DTPlugin,version=10.45.2 - C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.45.2 - C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @microsoft.com/Lync,version=15.0 - C:\Program Files (x86)\Mozilla Firefox\plugins\npmeetingjoinpluginoc.dll (Microsoft Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 - C:\Program Files (x86)\Microsoft Silverlight\5.1.20913.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 - C:\PROGRA~2\MICROS~1\Office15\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin-x32: @pandonetworks.com/PandoWebPlugin - C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
FF Plugin-x32: @pps.tv/nppps - C:\Program Files (x86)\PPStream\nppps.dll ()
FF Plugin-x32: @qq.com/npqscall - C:\Program Files (x86)\Common Files\Tencent\Npchrome\npactivex.dll (Tencent)
FF Plugin-x32: @qq.com/QQDownloadPlugin - C:\Program Files (x86)\Tencent\QQDownload\Browser\760\npXFPlugin.dll (Tencent Technology (Shenzhen) Company Limited)
FF Plugin-x32: @qq.com/QQPhotoDrawEx - C:\Program Files (x86)\Tencent\Qzone\npQQPhotoDrawEx.dll ()
FF Plugin-x32: @qq.com/QzoneMusic - C:\Program Files (x86)\Tencent\QQMusic\QzoneMusic\npQzoneMusic.dll (Tencent)
FF Plugin-x32: @qq.com/TXSSO - C:\Program Files (x86)\Common Files\Tencent\TXSSO\1.2.2.23\Bin\npSSOAxCtrlForPTLogin.dll (Tencent)
FF Plugin-x32: @qvod.com/QvodInsert - C:\Program Files (x86)\QvodPlayer\npQvodInsert.dll (Shenzhen QVOD Technology Co.,Ltd)
FF Plugin-x32: @qvod.com/QvodShare - C:\Program Files (x86)\QvodPlayer\npShareModule.dll (Shenzhen QVOD Technology Co.,Ltd)
FF Plugin-x32: @real.com/nppl3260;version=6.0.12.448 - C:\Program Files (x86)\Pure Codec\Real Player\browser\plugins\nppl3260.dll (RealNetworks, Inc.)
FF Plugin-x32: @real.com/nprpjplug;version=6.0.12.448 - C:\Program Files (x86)\Pure Codec\Real Player\browser\plugins\nprpjplug.dll (RealNetworks, Inc.)
FF Plugin-x32: @tencent.com/npQQMailWebKit,version=1.0.0.1 - C:\Program Files (x86)\QQMailPlugin\npQQMailWebKit.dll No File
FF Plugin-x32: @tencent.com/nptxftnWebKit,version=1.0.0.1 - C:\Program Files (x86)\QQMailPlugin\nptxftnWebKit.dll No File
FF Plugin-x32: @tools.google.com/Google Update;version=3 - C:\Program Files (x86)\Google\Update\1.3.22.3\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 - C:\Program Files (x86)\Google\Update\1.3.22.3\npGoogleUpdate3.dll (Google Inc.)
FF Plugin HKCU: @360.cn/360MMPlugin - C:\Program Files (x86)\360\360safe\MobileMgr\np360MMPlugIn.dll (360.cn)
FF Plugin HKCU: duowan.com/Checker - C:\Program Files (x86)\Common Files\duowan\yy\YYSSO\1.0.0.3\npChecker.dll (广州多玩信息技术有限公司)
FF Plugin HKCU: KuaiWanInsert - C:\Program Files (x86)\QvodPlayer\AddIn\KWWebgame\npKWWebGame.dll (Shenzhen QVOD Technology Co.,Ltd)
FF Plugin HKCU: pandonetworks.com/PandoWebPlugin - C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npMeetingJoinPluginOC.dll (Microsoft Corporation)
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\amazon-france.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\cnrtl-tlfi-fr.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\eBay-france.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\yahoo-france.xml
FF HKLM-x32\...\Firefox\Extensions: [ext@MediaViewerV1alpha453.net] - C:\Program Files (x86)\MediaViewerV1\MediaViewerV1alpha453\ff

Chrome:
=======
CHR HomePage: https://www.google.fr/
CHR RestoreOnStartup: ""
CHR Extension: (Google Docs) - C:\Users\wiwi\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2013-12-25]
CHR Extension: (Google Drive) - C:\Users\wiwi\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2013-12-25]
CHR Extension: (Web Developer) - C:\Users\wiwi\AppData\Local\Google\Chrome\User Data\Default\Extensions\bfbameneiokkgbdmiekhjnmfkcnldhhm [2013-12-25]
CHR Extension: (YouTube) - C:\Users\wiwi\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2013-12-25]
CHR Extension: (Google Search) - C:\Users\wiwi\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2013-12-25]
CHR Extension: (Emmet LiveStyle) - C:\Users\wiwi\AppData\Local\Google\Chrome\User Data\Default\Extensions\diebikgmpmeppiilkaijjbdgciafajmg [2013-12-25]
CHR Extension: (AdBlock) - C:\Users\wiwi\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom [2013-12-25]
CHR Extension: (No Name) - C:\Users\wiwi\AppData\Local\Google\Chrome\User Data\Default\Extensions\igdhbblpcellaljokkpfhcjlagemhgjl [2013-12-25]
CHR Extension: (Media Viewer) - C:\Users\wiwi\AppData\Local\Google\Chrome\User Data\Default\Extensions\kijaapfnaijlidiojjcnlnoaknhfmgnd [2014-02-24]
CHR Extension: (Google Maps) - C:\Users\wiwi\AppData\Local\Google\Chrome\User Data\Default\Extensions\lneaknkopdijkpnocmklfnjbeapigfbh [2013-12-25]
CHR Extension: (AllDebrid Chrome Extension) - C:\Users\wiwi\AppData\Local\Google\Chrome\User Data\Default\Extensions\mdjbgnpehbhpibonmjjjbjaoechnlcaf [2013-12-25]
CHR Extension: (Google Wallet) - C:\Users\wiwi\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-12-25]
CHR Extension: (Chrome Logger) - C:\Users\wiwi\AppData\Local\Google\Chrome\User Data\Default\Extensions\noaneddfkdjfnfdakjjmocngnfkfehhd [2013-12-25]
CHR Extension: (ColorPick Eyedropper) - C:\Users\wiwi\AppData\Local\Google\Chrome\User Data\Default\Extensions\ohcpnigalekghcmgcdcenkpelffpdolg [2013-12-25]
CHR Extension: (Gmail) - C:\Users\wiwi\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2013-12-25]
CHR HKLM-x32\...\Chrome\Extension: [kijaapfnaijlidiojjcnlnoaknhfmgnd] - C:\Program Files (x86)\MediaViewerV1\MediaViewerV1alpha453\ch\MediaViewerV1alpha453.crx [2013-12-25]

==================== Services (Whitelisted) =================

S2 360rp; C:\Program Files (x86)\360\360sd\360rps.exe [371376 2014-01-15] (360.cn)
R2 AtherosSvc; C:\Program Files (x86)\Bluetooth Suite\adminservice.exe [318592 2013-11-28] (Windows ® Win 7 DDK provider)
S3 c2wts; C:\Program Files\Windows Identity Foundation\v3.5\c2wtshost.exe [5632 2014-01-02] (Microsoft Corporation)
S3 fussvc; C:\Program Files (x86)\Windows Kits\8.1\App Certification Kit\fussvc.exe [142336 2013-08-22] (Microsoft Corporation)
S3 HiPatchService; D:\Games\Hi-Rez Studios\HiPatchService.exe [9216 2014-01-30] (Hi-Rez Studios)
S3 Intel® Capability Licensing Service TCP IP Interface; C:\Program Files\Intel\iCLS Client\SocketHeciServer.exe [828376 2013-08-27] (Intel® Corporation)
R2 Intel® ME Service; C:\Program Files (x86)\Intel\Intel® Management Engine Components\FWService\IntelMeFWService.exe [131544 2013-09-16] (Intel Corporation)
R2 jhi_service; C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe [169432 2013-09-16] (Intel Corporation)
R2 KMS; C:\Windows\KMS\KMS.exe [64000 2013-12-07] ()
S3 MaConfigAgent; C:\Program Files\ma-config.com\MaConfigAgent.exe [2818896 2014-01-20] (CybelSoft)
R2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [418376 2013-04-04] (Malwarebytes Corporation)
R2 MBAMService; C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [701512 2013-04-04] (Malwarebytes Corporation)
R2 Micro Star SCM; C:\Program Files (x86)\SCM\MSIService.exe [160768 2013-04-18] (Micro-Star International Co., Ltd.)
R2 NvNetworkService; C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe [1593632 2014-01-21] (NVIDIA Corporation)
R2 NvStreamSvc; C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe [16939296 2014-01-21] (NVIDIA Corporation)
R2 Qualcomm Atheros Killer Service V2; C:\Program Files\Qualcomm Atheros\Network Manager\KillerService.exe [344576 2013-12-09] (Qualcomm Atheros)
S3 Te.Service; C:\Program Files (x86)\Windows Kits\8.1\Testing\Runtimes\TAEF\Wex.Services.exe [119808 2013-08-22] (Microsoft Corporation)
S3 VsEtwService120; C:\Program Files\Microsoft Visual Studio 12.0\Common7\Packages\Debugger\Services\VsEtwService.exe [87728 2013-10-04] (Microsoft Corporation)
S3 wampapache; c:\wamp\bin\apache\apache2.4.4\bin\httpd.exe [24576 2013-06-23] (Apache Software Foundation)
S3 wampmysqld; c:\wamp\bin\mysql\mysql5.6.12\bin\mysqld.exe [12867584 2013-06-23] ()
S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [346872 2013-08-22] (Microsoft Corporation)
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [23840 2013-08-22] (Microsoft Corporation)
R2 ZAtheros Bt and Wlan Coex Agent; C:\Program Files (x86)\Bluetooth Suite\Ath_CoexAgent.exe [323584 2013-11-28] (Atheros)
R2 ZhuDongFangYu; C:\Program Files (x86)\360\360safe\deepscan\zhudongfangyu.exe [224192 2013-09-23] (360.cn)

==================== Drivers (Whitelisted) ====================

R1 360AntiHacker; C:\Windows\System32\Drivers\360AntiHacker64.sys [96960 2013-10-25] (360.cn)
R3 360AvFlt; C:\Windows\System32\DRIVERS\360AvFlt.sys [77504 2013-10-31] (360.cn)
R1 360Box64; C:\Windows\System32\DRIVERS\360Box64.sys [305336 2013-10-14] (360.cn)
S3 360Camera; C:\Windows\System32\Drivers\360Camera64.sys [40120 2013-07-11] (360.cn)
R1 360FsFlt; C:\Windows\System32\DRIVERS\360FsFlt.sys [285880 2013-12-17] (360.cn)
R1 360netmon; C:\Windows\System32\DRIVERS\360netmon.sys [62152 2013-05-23] (360.cn)
S0 ADP80XX; C:\Windows\System32\drivers\ADP80XX.SYS [782176 2013-08-22] (PMC-Sierra)
R3 athr; C:\Windows\system32\DRIVERS\athwbx.sys [3880448 2013-11-13] (Qualcomm Atheros Communications, Inc.)
R1 BAPIDRV; C:\Windows\System32\Drivers\BAPIDRV64.SYS [179896 2013-12-02] (360.cn)
S3 bcmfn2; C:\Windows\System32\drivers\bcmfn2.sys [17624 2013-08-13] (Windows ® Win 7 DDK provider)
R1 BfLwf; C:\Windows\system32\DRIVERS\bwcW8x64.sys [80592 2013-11-08] (Qualcomm Atheros, Inc.)
S3 BTATH_LWFLT; C:\Windows\system32\DRIVERS\btath_lwflt.sys [77464 2013-11-28] (Qualcomm Atheros)
S3 BthLEEnum; C:\Windows\system32\DRIVERS\BthLEEnum.sys [224768 2013-08-22] (Microsoft Corporation)
R3 DAdderFltr; C:\Windows\system32\drivers\dadder.sys [12672 2007-08-02] (Razer (Asia-Pacific) Pte Ltd)
U3 dtscsidrv; C:\Windows\System32\Drivers\dtscsidrv.sys [309248 2013-12-25] (Disc Soft Ltd)
S3 iaLPSSi_GPIO; C:\Windows\System32\drivers\iaLPSSi_GPIO.sys [24568 2013-07-30] (Intel Corporation)
S3 iaLPSSi_I2C; C:\Windows\System32\drivers\iaLPSSi_I2C.sys [99320 2013-07-25] (Intel Corporation)
S0 iaStorAV; C:\Windows\System32\drivers\iaStorAV.sys [651248 2013-08-10] (Intel Corporation)
R0 intelpep; C:\Windows\System32\drivers\intelpep.sys [39768 2013-12-11] (Microsoft Corporation)
S3 kbldfltr; C:\Windows\System32\drivers\kbldfltr.sys [22272 2013-08-22] (Microsoft Corporation)
R3 Ke2200; C:\Windows\system32\DRIVERS\e22w8x64.sys [163536 2013-03-20] (Qualcomm Atheros, Inc.)
S0 LSI_SAS3; C:\Windows\System32\drivers\lsi_sas3.sys [81760 2013-08-22] (LSI Corporation)
S3 ma-config_amd64; C:\Program Files\ma-config.com\Drivers\ma-config_amd64.sys [17568 2013-10-23] (CybelSoft)
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25928 2013-04-04] (Malwarebytes Corporation)
R3 MEIx64; C:\Windows\system32\DRIVERS\TeeDriverx64.sys [99288 2013-09-16] (Intel Corporation)
S3 NdisImPlatformMp; C:\Windows\system32\DRIVERS\NdisImPlatform.sys [124928 2013-08-22] (Microsoft Corporation)
R3 NdisVirtualBus; C:\Windows\System32\drivers\NdisVirtualBus.sys [16384 2013-08-22] (Microsoft Corporation)
S3 netvsc; C:\Windows\system32\DRIVERS\netvsc63.sys [87040 2013-08-22] (Microsoft Corporation)
R1 nvkflt; C:\Windows\system32\DRIVERS\nvkflt.sys [300320 2013-12-19] (NVIDIA Corporation)
R3 nvvad_WaveExtensible; C:\Windows\system32\drivers\nvvad64v.sys [39200 2013-12-27] (NVIDIA Corporation)
S3 ReFS; C:\Windows\System32\Drivers\ReFS.sys [924512 2013-08-22] (Microsoft Corporation)
R3 RTSPER; C:\Windows\System32\DRIVERS\RtsPer.sys [448072 2013-02-01] (RTS Corporation)
R3 SensorsSimulatorDriver; C:\Windows\system32\DRIVERS\WUDFRd.sys [230912 2013-08-22] (Microsoft Corporation)
S3 SerCx2; C:\Windows\System32\drivers\SerCx2.sys [146776 2013-12-11] (Microsoft Corporation)
R0 sptd; C:\Windows\System32\Drivers\sptd.sys [381440 2013-12-25] (Duplex Secure Ltd.)
S0 stornvme; C:\Windows\System32\drivers\stornvme.sys [57176 2013-12-11] (Microsoft Corporation)
R3 UEFI; C:\Windows\System32\drivers\UEFI.sys [26976 2013-08-22] (Microsoft Corporation)
S3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [124256 2013-08-22] (Microsoft Corporation)
R3 WinDivert1.1; C:\Windows\KMS\WinDivert.sys [35376 2013-12-03] (Basil Projects)

==================== NetSvcs (Whitelisted) ===================


==================== One Month Created Files and Folders ========

2014-02-24 23:38 - 2014-02-24 23:38 - 00023942 _____ () C:\Users\wiwi\Downloads\FRST.txt
2014-02-24 23:38 - 2014-02-24 23:38 - 00000000 ____D () C:\FRST
2014-02-24 23:37 - 2014-02-24 23:37 - 02156032 _____ (Farbar) C:\Users\wiwi\Downloads\FRST64.exe
2014-02-24 22:29 - 2014-02-24 22:29 - 00002241 _____ () C:\Users\wiwi\Desktop\RKreport[0]_S_02242014_222935.txt
2014-02-24 22:26 - 2014-02-24 22:29 - 00000000 ____D () C:\Users\wiwi\Desktop\RK_Quarantine
2014-02-24 22:25 - 2014-02-24 22:25 - 04413952 _____ () C:\Users\wiwi\Downloads\RogueKillerX64.exe
2014-02-24 21:08 - 2014-02-24 21:08 - 01241834 _____ () C:\Users\wiwi\Downloads\adwcleaner.exe
2014-02-24 20:38 - 2014-02-24 20:38 - 00001121 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2014-02-24 20:38 - 2014-02-24 20:38 - 00000000 ____D () C:\Users\wiwi\AppData\Roaming\Malwarebytes
2014-02-24 20:38 - 2014-02-24 20:38 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-02-24 20:38 - 2014-02-24 20:38 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes' Anti-Malware
2014-02-24 20:38 - 2013-04-04 14:50 - 00025928 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2014-02-24 20:36 - 2014-02-24 20:37 - 10285040 _____ (Malwarebytes Corporation ) C:\Users\wiwi\Downloads\mbam-setup-1.75.0.1300.exe
2014-02-22 15:12 - 2014-02-22 15:12 - 00000000 ____D () C:\Program Files (x86)\KuGou2012
2014-02-22 12:56 - 2014-02-22 12:56 - 00000000 ____D () C:\Users\wiwi\AppData\Local\Blizzard
2014-02-22 12:52 - 2014-02-22 12:56 - 00000000 ____D () C:\Program Files (x86)\Hearthstone
2014-02-22 12:52 - 2014-02-22 12:52 - 00001201 _____ () C:\Users\Public\Desktop\Hearthstone.lnk
2014-02-22 12:41 - 2014-02-22 12:41 - 00000000 ____D () C:\Users\wiwi\AppData\Local\Blizzard Entertainment
2014-02-22 12:40 - 2014-02-23 13:13 - 00000000 ____D () C:\Users\wiwi\AppData\Local\Battle.net
2014-02-22 12:40 - 2014-02-22 12:51 - 00000000 ____D () C:\Users\wiwi\AppData\Roaming\Battle.net
2014-02-22 12:40 - 2014-02-22 12:40 - 00001158 _____ () C:\Users\Public\Desktop\Battle.net.lnk
2014-02-22 12:40 - 2014-02-22 12:40 - 00000000 ____D () C:\ProgramData\Blizzard Entertainment
2014-02-22 12:40 - 2014-02-22 12:40 - 00000000 ____D () C:\Program Files (x86)\Battle.net
2014-02-22 12:39 - 2014-02-22 12:39 - 05946048 _____ (Blizzard Entertainment) C:\Users\wiwi\Downloads\Hearthstone-Beta-Setup-frFR.exe
2014-02-22 08:26 - 2014-02-22 08:26 - 00000000 ____D () C:\Program Files\Microsoft Silverlight
2014-02-22 08:26 - 2014-02-22 08:26 - 00000000 ____D () C:\Program Files (x86)\Microsoft Silverlight
2014-02-22 01:48 - 2014-02-22 01:50 - 10703427 _____ () C:\Users\wiwi\Downloads\333.mp4
2014-02-22 00:58 - 2014-02-22 02:01 - 00000000 ____D () C:\Program Files (x86)\Youtube Movie Maker
2014-02-22 00:48 - 2014-02-22 00:49 - 41164006 _____ () C:\Users\wiwi\Downloads\videodemo.zip
2014-02-21 23:22 - 2014-02-21 23:19 - 04585620 _____ () C:\Users\wiwi\Desktop\test.mp4
2014-02-21 23:18 - 2014-02-22 02:01 - 00000000 ____D () C:\Windows\fr
2014-02-21 23:18 - 2014-02-22 02:01 - 00000000 ____D () C:\Windows\en
2014-02-21 23:17 - 2014-02-21 23:17 - 00000359 _____ () C:\Windows\DirectX.log
2014-02-21 23:16 - 2014-02-21 23:13 - 09955782 _____ () C:\Users\wiwi\Desktop\temps2.mp4
2014-02-21 23:06 - 2014-02-21 23:06 - 00000141 _____ () C:\hwsig.log
2014-02-21 22:28 - 2014-02-21 22:28 - 00000000 _____ () C:\Windows\setuperr.log
2014-02-21 22:28 - 2014-02-21 22:28 - 00000000 _____ () C:\Windows\setupact.log
2014-02-21 22:25 - 2014-02-21 22:25 - 00000000 ____D () C:\Users\Default\AppData\Local\Microsoft Help
2014-02-21 22:25 - 2014-02-21 22:25 - 00000000 ____D () C:\Users\Default User\AppData\Local\Microsoft Help
2014-02-21 21:35 - 2014-02-22 21:06 - 00010480 _____ () C:\Windows\PFRO.log
2014-02-21 21:32 - 2014-02-21 21:40 - 00000000 ____D () C:\AdwCleaner
2014-02-21 21:13 - 2014-02-21 22:56 - 00000000 ____D () C:\Program Files (x86)\CamStudio 2.7
2014-02-21 20:18 - 2014-02-21 20:19 - 00000000 ____D () C:\Users\wiwi\Documents\My CamStudio Temp Files
2014-02-21 20:18 - 2014-02-21 20:18 - 00000096 _____ () C:\Users\wiwi\AppData\Roaming\version2.xml
2014-02-21 20:11 - 2014-02-21 20:11 - 00000000 ____D () C:\Users\wiwi\AppData\Roaming\DivX
2014-02-21 20:09 - 2014-02-21 20:11 - 00000000 ____D () C:\Users\wiwi\Documents\ezvid
2014-02-21 18:59 - 2014-02-22 02:01 - 00000000 ____D () C:\Program Files (x86)\Windows Live
2014-02-21 18:57 - 2014-02-21 19:08 - 00000000 ____D () C:\Users\wiwi\AppData\Local\Windows Live
2014-02-20 23:32 - 2014-02-20 23:35 - 144811528 _____ () C:\Users\wiwi\Downloads\themeforest-4021469-metronic-responsive-admin-dashboard-template.zip
2014-02-20 18:10 - 2014-02-20 18:10 - 00000434 _____ () C:\Users\wiwi\Desktop\info entretien klee.txt
2014-02-19 21:38 - 2014-02-19 21:38 - 00001561 _____ () C:\Users\wiwi\Desktop\Visual Studio 2013.lnk
2014-02-18 22:33 - 2014-02-18 22:33 - 00001169 _____ () C:\Users\wiwi\Desktop\SourceTree.lnk
2014-02-18 22:23 - 2014-02-18 22:23 - 00000000 ____D () C:\Users\wiwi\AppData\Local\Atlassian
2014-02-18 22:22 - 2014-02-18 22:24 - 00000000 ____D () C:\ProgramData\Atlassian
2014-02-18 22:22 - 2014-02-18 22:22 - 00000000 ____D () C:\ProgramData\Caphyon
2014-02-18 22:22 - 2014-02-18 22:22 - 00000000 ____D () C:\Program Files (x86)\Atlassian
2014-02-18 22:21 - 2014-02-18 22:21 - 09597136 _____ (Atlassian) C:\Users\wiwi\Downloads\SourceTreeSetup_1.4.1.exe
2014-02-18 21:48 - 2014-02-18 22:26 - 00001784 ____H () C:\Users\wiwi\.gitk
2014-02-18 21:26 - 2014-02-18 22:43 - 00000000 ____D () C:\Users\wiwi\Desktop\Git
2014-02-16 09:13 - 2013-12-09 01:34 - 01227264 _____ (Microsoft Corporation) C:\Windows\system32\mispace.dll
2014-02-16 09:13 - 2013-12-09 01:04 - 00980480 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mispace.dll
2014-02-16 09:13 - 2013-11-27 16:34 - 03210528 _____ (Microsoft Corporation) C:\Windows\system32\msmpeg2vdec.dll
2014-02-16 09:13 - 2013-11-27 16:27 - 00809872 _____ (Microsoft Corporation) C:\Windows\system32\mfmp4srcsnk.dll
2014-02-16 09:13 - 2013-11-27 15:00 - 00663680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mfmp4srcsnk.dll
2014-02-16 09:13 - 2013-11-27 14:47 - 02804528 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msmpeg2vdec.dll
2014-02-16 09:13 - 2013-11-27 13:02 - 00142848 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ipnat.sys
2014-02-16 09:13 - 2013-11-27 11:54 - 00461824 _____ (Microsoft Corporation) C:\Windows\system32\XpsGdiConverter.dll
2014-02-16 09:13 - 2013-11-27 11:24 - 00306688 _____ (Microsoft Corporation) C:\Windows\system32\msieftp.dll
2014-02-16 09:13 - 2013-11-27 11:08 - 00336384 _____ (Microsoft Corporation) C:\Windows\SysWOW64\XpsGdiConverter.dll
2014-02-16 09:13 - 2013-11-27 10:46 - 00273920 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msieftp.dll
2014-02-16 09:13 - 2013-11-27 10:41 - 00136704 _____ (Microsoft Corporation) C:\Windows\system32\psmsrv.dll
2014-02-16 09:13 - 2013-11-27 10:17 - 00263168 _____ (Microsoft Corporation) C:\Windows\system32\bisrv.dll
2014-02-16 09:13 - 2013-11-27 10:10 - 00273408 _____ (Microsoft Corporation) C:\Windows\system32\Windows.Graphics.dll
2014-02-16 09:13 - 2013-11-27 09:58 - 01503232 _____ (Microsoft Corporation) C:\Windows\system32\wlansvc.dll
2014-02-16 09:13 - 2013-11-27 09:56 - 00218112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Windows.Graphics.dll
2014-02-16 09:13 - 2013-11-27 05:01 - 00385614 _____ () C:\Windows\system32\ApnDatabase.xml
2014-02-16 09:13 - 2013-11-26 14:22 - 01928144 _____ (Microsoft Corporation) C:\Windows\system32\combase.dll
2014-02-16 09:13 - 2013-11-26 14:20 - 02131120 _____ (Microsoft Corporation) C:\Windows\system32\mfcore.dll
2014-02-16 09:13 - 2013-11-26 14:20 - 01399176 _____ (Microsoft Corporation) C:\Windows\system32\winmde.dll
2014-02-16 09:13 - 2013-11-26 14:20 - 01374384 _____ (Microsoft Corporation) C:\Windows\system32\wmpmde.dll
2014-02-16 09:13 - 2013-11-26 12:50 - 01371312 _____ (Microsoft Corporation) C:\Windows\SysWOW64\combase.dll
2014-02-16 09:13 - 2013-11-26 12:44 - 02142936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mfcore.dll
2014-02-16 09:13 - 2013-11-26 12:44 - 01204968 _____ (Microsoft Corporation) C:\Windows\SysWOW64\winmde.dll
2014-02-16 09:13 - 2013-11-26 11:13 - 04191232 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2014-02-16 09:13 - 2013-11-26 10:21 - 18577920 _____ (Microsoft Corporation) C:\Windows\system32\Windows.UI.Xaml.dll
2014-02-16 09:13 - 2013-11-26 09:28 - 13925888 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Windows.UI.Xaml.dll
2014-02-16 09:13 - 2013-11-25 02:45 - 00142680 ____C (Microsoft Corporation) C:\Windows\system32\Drivers\USBSTOR.SYS
2014-02-16 09:13 - 2013-11-25 02:32 - 01119064 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ndis.sys
2014-02-16 09:13 - 2013-11-25 00:30 - 00513536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rastls.dll
2014-02-16 09:13 - 2013-11-25 00:28 - 00589824 _____ (Microsoft Corporation) C:\Windows\system32\rastls.dll
2014-02-16 09:13 - 2013-11-23 13:47 - 00032088 _____ (Microsoft Corporation) C:\Windows\system32\ploptin.dll
2014-02-16 09:13 - 2013-11-23 12:49 - 21196664 _____ (Microsoft Corporation) C:\Windows\system32\shell32.dll
2014-02-16 09:13 - 2013-11-23 09:19 - 18642504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\shell32.dll
2014-02-16 09:13 - 2013-11-23 08:13 - 00024064 _____ (Microsoft Corporation) C:\Windows\system32\bi.dll
2014-02-16 09:13 - 2013-11-23 08:13 - 00019456 ____C (Microsoft Corporation) C:\Windows\system32\Drivers\BtaMPM.sys
2014-02-16 09:13 - 2013-11-23 08:08 - 00403456 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb.sys
2014-02-16 09:13 - 2013-11-23 05:50 - 00282112 _____ (Microsoft Corporation) C:\Windows\system32\SystemEventsBrokerServer.dll
2014-02-16 09:13 - 2013-11-23 04:57 - 00637952 _____ (Microsoft Corporation) C:\Windows\system32\SettingSyncHost.exe
2014-02-16 09:13 - 2013-11-23 04:48 - 00479744 _____ (Microsoft Corporation) C:\Windows\SysWOW64\SettingSyncHost.exe
2014-02-16 09:13 - 2013-11-23 04:25 - 00744448 _____ (Microsoft Corporation) C:\Windows\system32\SettingSyncCore.dll
2014-02-16 09:13 - 2013-11-23 04:25 - 00584192 _____ (Microsoft Corporation) C:\Windows\SysWOW64\SettingSyncCore.dll
2014-02-16 09:13 - 2013-11-23 04:19 - 02617344 _____ (Microsoft Corporation) C:\Windows\system32\authui.dll
2014-02-16 09:13 - 2013-11-23 04:15 - 02295808 _____ (Microsoft Corporation) C:\Windows\SysWOW64\authui.dll
2014-02-16 09:13 - 2013-11-21 07:58 - 00207872 _____ (Microsoft Corporation) C:\Windows\system32\deviceregistration.dll
2014-02-16 09:13 - 2013-11-21 07:26 - 01415680 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2014-02-16 09:13 - 2013-11-16 06:11 - 00764856 _____ (Microsoft Corporation) C:\Windows\system32\mfmpeg2srcsnk.dll
2014-02-16 09:13 - 2013-11-15 19:19 - 00669344 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mfmpeg2srcsnk.dll
2014-02-16 09:13 - 2013-11-15 15:59 - 00470016 _____ (Microsoft Corporation) C:\Windows\system32\mfds.dll
2014-02-16 09:13 - 2013-11-15 15:25 - 00433664 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mfds.dll
2014-02-16 09:13 - 2013-11-15 15:08 - 00202240 _____ (Microsoft Corporation) C:\Windows\system32\ubpm.dll
2014-02-16 09:13 - 2013-11-15 14:24 - 00834048 _____ (Microsoft Corporation) C:\Windows\system32\audiosrv.dll
2014-02-16 09:13 - 2013-11-05 21:12 - 02551128 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tcpip.sys
2014-02-16 09:13 - 2013-10-31 01:29 - 00745336 _____ (Microsoft Corporation) C:\Windows\system32\oleaut32.dll
2014-02-16 09:13 - 2013-10-31 00:41 - 00552624 _____ (Microsoft Corporation) C:\Windows\SysWOW64\oleaut32.dll
2014-02-12 22:30 - 2014-02-12 22:30 - 00001076 _____ () C:\Users\wiwi\Desktop\WoTLauncher.exe - Shortcut.lnk
2014-02-11 20:52 - 2014-02-11 20:52 - 00000000 ____D () C:\Users\wiwi\Downloads\Code de la route 26
2014-02-11 20:51 - 2014-02-11 20:51 - 803840595 _____ () C:\Users\wiwi\Downloads\Code de la route 26.rar
2014-02-11 20:32 - 2014-02-11 20:32 - 00305664 _____ (Inekman) C:\Users\wiwi\Downloads\Xtremsplit.exe
2014-02-11 20:29 - 2014-01-07 06:00 - 02397184 _____ (Microsoft Corporation) C:\Windows\system32\d3d10warp.dll
2014-02-11 20:29 - 2014-01-07 05:30 - 02071552 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3d10warp.dll
2014-02-11 20:29 - 2013-12-09 01:27 - 02152448 _____ (Microsoft Corporation) C:\Windows\system32\msxml3.dll
2014-02-11 20:29 - 2013-12-09 01:19 - 00570880 _____ (Microsoft Corporation) C:\Windows\system32\msdrm.dll
2014-02-11 20:29 - 2013-12-09 00:55 - 00444928 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msdrm.dll
2014-02-11 20:29 - 2013-12-09 00:54 - 01317376 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml3.dll
2014-02-11 20:29 - 2013-11-21 07:42 - 04604416 _____ (Microsoft Corporation) C:\Windows\system32\d2d1.dll
2014-02-11 20:29 - 2013-11-21 06:44 - 03936256 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d2d1.dll
2014-02-11 20:28 - 2014-02-06 13:16 - 23170048 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-02-11 20:28 - 2014-02-06 12:30 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-02-11 20:28 - 2014-02-06 12:30 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2014-02-11 20:28 - 2014-02-06 12:12 - 02765824 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2014-02-11 20:28 - 2014-02-06 12:07 - 00066048 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2014-02-11 20:28 - 2014-02-06 12:06 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2014-02-11 20:28 - 2014-02-06 11:57 - 00053760 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2014-02-11 20:28 - 2014-02-06 11:56 - 00033792 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2014-02-11 20:28 - 2014-02-06 11:49 - 00139264 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2014-02-11 20:28 - 2014-02-06 11:48 - 00708608 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2014-02-11 20:28 - 2014-02-06 11:48 - 00111616 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2014-02-11 20:28 - 2014-02-06 11:38 - 17103872 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2014-02-11 20:28 - 2014-02-06 11:32 - 00218624 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2014-02-11 20:28 - 2014-02-06 11:20 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2014-02-11 20:28 - 2014-02-06 11:17 - 00195584 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2014-02-11 20:28 - 2014-02-06 11:11 - 05768704 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2014-02-11 20:28 - 2014-02-06 11:01 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2014-02-11 20:28 - 2014-02-06 11:00 - 00051200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2014-02-11 20:28 - 2014-02-06 10:57 - 02168320 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2014-02-11 20:28 - 2014-02-06 10:57 - 00627200 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2014-02-11 20:28 - 2014-02-06 10:52 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2014-02-11 20:28 - 2014-02-06 10:52 - 00032768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2014-02-11 20:28 - 2014-02-06 10:50 - 02041856 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2014-02-11 20:28 - 2014-02-06 10:47 - 00112128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2014-02-11 20:28 - 2014-02-06 10:46 - 00553472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2014-02-11 20:28 - 2014-02-06 10:25 - 04244480 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2014-02-11 20:28 - 2014-02-06 10:25 - 00164864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2014-02-11 20:28 - 2014-02-06 10:24 - 02334208 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2014-02-11 20:28 - 2014-02-06 10:22 - 13051392 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2014-02-11 20:28 - 2014-02-06 10:13 - 00524288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2014-02-11 20:28 - 2014-02-06 10:09 - 01964032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2014-02-11 20:28 - 2014-02-06 10:03 - 11266048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2014-02-11 20:28 - 2014-02-06 09:55 - 01393664 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2014-02-11 20:28 - 2014-02-06 09:41 - 01820160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2014-02-11 20:28 - 2014-02-06 09:40 - 00817664 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2014-02-11 20:28 - 2014-02-06 09:36 - 01156096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2014-02-11 20:28 - 2014-02-06 09:34 - 00703488 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2014-02-11 20:27 - 2014-01-07 08:03 - 00018944 _____ (Microsoft Corporation) C:\Windows\system32\pcaui.exe
2014-02-11 20:27 - 2014-01-07 06:59 - 00017408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\pcaui.exe
2014-02-11 20:27 - 2014-01-04 21:50 - 01462216 _____ (Microsoft Corporation) C:\Windows\system32\propsys.dll
2014-02-11 20:27 - 2014-01-04 20:22 - 01202888 _____ (Microsoft Corporation) C:\Windows\SysWOW64\propsys.dll
2014-02-11 20:27 - 2014-01-04 15:30 - 13209088 _____ (Microsoft Corporation) C:\Windows\system32\twinui.dll
2014-02-11 20:27 - 2014-01-04 15:23 - 11702272 _____ (Microsoft Corporation) C:\Windows\SysWOW64\twinui.dll
2014-02-11 20:27 - 2014-01-04 14:42 - 01105408 _____ (Microsoft Corporation) C:\Windows\system32\SearchFolder.dll
2014-02-11 20:27 - 2014-01-04 14:40 - 07416832 _____ (Microsoft Corporation) C:\Windows\system32\Windows.UI.Search.dll
2014-02-11 20:27 - 2014-01-04 14:36 - 00830976 _____ (Microsoft Corporation) C:\Windows\SysWOW64\SearchFolder.dll
2014-02-11 20:27 - 2014-01-04 14:28 - 04961792 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Windows.UI.Search.dll
2014-02-11 20:27 - 2013-12-21 03:10 - 00009701 _____ () C:\Windows\SysWOW64\connectedsearch-results.searchconnector-ms
2014-02-11 20:27 - 2013-12-21 03:10 - 00009701 _____ () C:\Windows\system32\connectedsearch-results.searchconnector-ms
2014-02-11 20:27 - 2013-12-20 11:10 - 01113040 _____ (Microsoft Corporation) C:\Windows\system32\KernelBase.dll
2014-02-11 20:27 - 2013-12-20 07:13 - 00835584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KernelBase.dll
2014-02-11 20:27 - 2013-12-09 03:57 - 00548864 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2014-02-11 20:27 - 2013-12-09 02:51 - 00454656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2014-02-11 20:26 - 2014-01-09 09:25 - 02804224 _____ (Microsoft Corporation) C:\Windows\system32\actxprxy.dll
2014-02-11 20:26 - 2014-01-09 08:59 - 01020928 _____ (Microsoft Corporation) C:\Windows\SysWOW64\actxprxy.dll
2014-02-11 20:26 - 2014-01-09 08:59 - 00115712 _____ (Microsoft Corporation) C:\Windows\system32\winbici.dll
2014-02-11 20:26 - 2014-01-09 08:49 - 00919040 _____ (Microsoft Corporation) C:\Windows\system32\MrmCoreR.dll
2014-02-11 20:26 - 2014-01-09 08:44 - 00720384 _____ (Microsoft Corporation) C:\Windows\system32\SkyDriveTelemetry.dll
2014-02-11 20:26 - 2014-01-09 08:43 - 00121344 _____ (Microsoft Corporation) C:\Windows\system32\SkyDriveShell.dll
2014-02-11 20:26 - 2014-01-09 08:29 - 00105984 _____ (Microsoft Corporation) C:\Windows\SysWOW64\SkyDriveShell.dll
2014-02-11 20:26 - 2014-01-09 08:28 - 04217344 _____ (Microsoft Corporation) C:\Windows\system32\SyncEngine.dll
2014-02-11 20:26 - 2014-01-09 08:28 - 00628736 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MrmCoreR.dll
2014-02-11 20:26 - 2014-01-09 08:18 - 00870912 _____ (Microsoft Corporation) C:\Windows\system32\SkyDrive.exe
2014-02-07 22:01 - 2014-02-07 22:01 - 00000000 ____D () C:\Users\Public\Documents\DAEMON Tools Images
2014-02-02 21:29 - 2014-02-02 21:29 - 00000000 ____D () C:\Users\wiwi\Downloads\Activation_windows_8.1_-_KMSmicro_v5.0.1
2014-02-02 18:36 - 2014-02-02 18:36 - 02305259 _____ () C:\Users\wiwi\Downloads\CodeIgniter_2.1.4.zip
2014-02-02 12:04 - 2014-02-18 21:14 - 05100600 _____ () C:\Windows\system32\FNTCACHE.DAT
2014-02-02 11:45 - 2013-11-04 02:32 - 132844435 _____ () C:\Users\wiwi\Downloads\Activation_windows_8.1_-_KMSmicro_v5.0.1.zip
2014-02-02 11:31 - 2014-02-24 23:24 - 01673767 _____ () C:\Windows\WindowsUpdate.log
2014-02-02 01:35 - 2014-02-21 20:28 - 00000000 __SHD () C:\360Rec
2014-02-02 01:32 - 2014-02-24 20:23 - 00000352 _____ () C:\Windows\Tasks\AmiUpdXp.job
2014-02-02 01:32 - 2014-02-22 02:02 - 00000000 ____D () C:\Users\wiwi\AppData\Local\SwvUpdater
2014-02-02 01:32 - 2014-02-02 01:32 - 00003342 _____ () C:\Windows\System32\Tasks\AmiUpdXp
2014-02-01 02:01 - 2014-02-01 02:02 - 00019534 _____ () C:\Users\wiwi\Downloads\Simple expense budget1.xlsx
2014-01-31 10:11 - 2014-01-31 10:11 - 00000000 ____D () C:\Users\wiwi\AppData\Roaming\Awesomium
2014-01-31 10:09 - 2014-01-31 10:09 - 00000003 _____ () C:\Windows\system32\HRUPPROG.TXT
2014-01-31 10:09 - 2014-01-31 10:09 - 00000003 _____ () C:\Windows\system32\HRUPPROG.DIE.NOW
2014-01-31 10:08 - 2014-01-31 10:08 - 00000842 _____ () C:\Users\Public\Desktop\Hi-Rez Diagnostics and Support.lnk
2014-01-31 10:08 - 2014-01-31 10:08 - 00000841 _____ () C:\Users\Public\Desktop\Smite.lnk
2014-01-31 10:08 - 2014-01-31 10:08 - 00000000 ____D () C:\ProgramData\Hi-Rez Studios
2014-01-30 10:50 - 2014-01-30 10:51 - 37463825 _____ (Hi-Rez Studios) C:\Users\wiwi\Downloads\InstallHiRezGamesEnglish.exe
2014-01-27 00:26 - 2014-01-27 00:26 - 00000000 ____D () C:\Users\wiwi\Documents\Gaslamp Games
2014-01-27 00:18 - 2014-01-27 00:18 - 00000000 ____D () C:\Users\wiwi\Documents\TecmoKoei
2014-01-26 17:59 - 2014-01-26 17:59 - 00000000 ____D () C:\Windows\SysWOW64\NV
2014-01-26 17:59 - 2014-01-26 17:59 - 00000000 ____D () C:\Windows\system32\NV
2014-01-26 17:58 - 2013-12-19 21:33 - 30372640 _____ (NVIDIA Corporation) C:\Windows\system32\nvoglv64.dll
2014-01-26 17:58 - 2013-12-19 21:33 - 25257248 _____ (NVIDIA Corporation) C:\Windows\system32\nvcompiler.dll
2014-01-26 17:58 - 2013-12-19 21:33 - 22960416 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvoglv32.dll
2014-01-26 17:58 - 2013-12-19 21:33 - 18310112 _____ (NVIDIA Corporation) C:\Windows\system32\nvwgf2umx.dll
2014-01-26 17:58 - 2013-12-19 21:33 - 18222008 _____ (NVIDIA Corporation) C:\Windows\system32\nvd3dumx.dll
2014-01-26 17:58 - 2013-12-19 21:33 - 17560352 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvcompiler.dll
2014-01-26 17:58 - 2013-12-19 21:33 - 15877216 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvwgf2um.dll
2014-01-26 17:58 - 2013-12-19 21:33 - 12645664 _____ (NVIDIA Corporation) C:\Windows\system32\Drivers\nvlddmkm.sys
2014-01-26 17:58 - 2013-12-19 21:33 - 11605752 _____ (NVIDIA Corporation) C:\Windows\system32\nvcuda.dll
2014-01-26 17:58 - 2013-12-19 21:33 - 11554264 _____ (NVIDIA Corporation) C:\Windows\system32\nvopencl.dll
2014-01-26 17:58 - 2013-12-19 21:33 - 09700224 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvcuda.dll
2014-01-26 17:58 - 2013-12-19 21:33 - 09657464 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvopencl.dll
2014-01-26 17:58 - 2013-12-19 21:33 - 03132704 _____ (NVIDIA Corporation) C:\Windows\system32\nvcuvid.dll
2014-01-26 17:58 - 2013-12-19 21:33 - 03125024 _____ (NVIDIA Corporation) C:\Windows\system32\nvcuvenc.dll
2014-01-26 17:58 - 2013-12-19 21:33 - 02947872 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvcuvid.dll
2014-01-26 17:58 - 2013-12-19 21:33 - 02747680 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvcuvenc.dll
2014-01-26 17:58 - 2013-12-19 21:33 - 01884448 _____ (NVIDIA Corporation) C:\Windows\system32\nvdispco6433221.dll
2014-01-26 17:58 - 2013-12-19 21:33 - 01511712 _____ (NVIDIA Corporation) C:\Windows\system32\nvdispgenco6433221.dll
2014-01-26 17:58 - 2013-12-19 21:33 - 00882464 _____ (NVIDIA Corporation) C:\Windows\system32\NvIFR64.dll
2014-01-26 17:58 - 2013-12-19 21:33 - 00879392 _____ (NVIDIA Corporation) C:\Windows\system32\NvFBC64.dll
2014-01-26 17:58 - 2013-12-19 21:33 - 00852768 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\NvIFR.dll
2014-01-26 17:58 - 2013-12-19 21:33 - 00847648 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\NvFBC.dll
2014-01-26 17:58 - 2013-12-19 21:33 - 00479520 _____ (NVIDIA Corporation) C:\Windows\system32\nvEncodeAPI64.dll
2014-01-26 17:58 - 2013-12-19 21:33 - 00405280 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvEncodeAPI.dll
2014-01-26 17:58 - 2013-12-19 21:33 - 00357152 _____ () C:\Windows\system32\NvIFROpenGL.dll
2014-01-26 17:58 - 2013-12-19 21:33 - 00317472 _____ (NVIDIA Corporation) C:\Windows\system32\nvoglshim64.dll
2014-01-26 17:58 - 2013-12-19 21:33 - 00314656 _____ () C:\Windows\SysWOW64\NvIFROpenGL.dll
2014-01-26 17:58 - 2013-12-19 21:33 - 00300320 _____ (NVIDIA Corporation) C:\Windows\system32\Drivers\nvkflt.sys
2014-01-26 17:58 - 2013-12-19 21:33 - 00266984 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvoglshim32.dll
2014-01-26 17:58 - 2013-12-19 21:33 - 00032544 _____ (NVIDIA Corporation) C:\Windows\system32\Drivers\nvpciflt.sys
2014-01-26 17:58 - 2013-11-28 14:38 - 00197408 _____ (NVIDIA Corporation) C:\Windows\system32\Drivers\nvhda64v.sys
2014-01-26 17:58 - 2013-11-28 14:38 - 00031520 _____ (NVIDIA Corporation) C:\Windows\system32\nvhdap64.dll
2014-01-26 17:58 - 2013-11-22 09:36 - 01515296 _____ (NVIDIA Corporation) C:\Windows\system32\nvhdagenco6420103.dll
2014-01-26 17:42 - 2014-01-26 17:42 - 00000000 ____D () C:\Users\wiwi\AppData\Local\NVIDIA Corporation
2014-01-26 17:42 - 2013-12-27 19:42 - 00039200 _____ (NVIDIA Corporation) C:\Windows\system32\Drivers\nvvad64v.sys
2014-01-26 17:42 - 2013-12-27 19:42 - 00033056 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvaudcap32v.dll
2014-01-26 12:02 - 2014-02-08 20:35 - 00000000 ____D () C:\Users\wiwi\Downloads\SITE
2014-01-26 12:01 - 2014-01-26 12:01 - 00300033 _____ () C:\Users\wiwi\Downloads\SITE.rar
2014-01-26 00:32 - 2014-01-26 00:32 - 00032660 _____ () C:\Users\wiwi\Downloads\World.War.Z.1080p.JYK.noRel._www.ENGSUB.NET.zip
2014-01-25 13:13 - 2014-02-18 23:10 - 00000000 ____D () C:\Users\wiwi\AppData\Roaming\TeamViewer
2014-01-25 13:10 - 2014-02-18 23:11 - 00001178 _____ () C:\Users\Public\Desktop\TeamViewer 9.lnk
2014-01-25 13:10 - 2014-01-25 13:10 - 00000000 ____D () C:\Program Files (x86)\TeamViewer
2014-01-25 13:08 - 2014-01-25 13:08 - 06079336 _____ (TeamViewer GmbH) C:\Users\wiwi\Downloads\TeamViewer_Setup_fr-cka.exe

==================== One Month Modified Files and Folders =======

2014-02-24 23:38 - 2014-02-24 23:38 - 00023942 _____ () C:\Users\wiwi\Downloads\FRST.txt
2014-02-24 23:38 - 2014-02-24 23:38 - 00000000 ____D () C:\FRST
2014-02-24 23:37 - 2014-02-24 23:37 - 02156032 _____ (Farbar) C:\Users\wiwi\Downloads\FRST64.exe
2014-02-24 23:28 - 2013-12-25 00:08 - 00913650 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-02-24 23:24 - 2014-02-02 11:31 - 01673767 _____ () C:\Windows\WindowsUpdate.log
2014-02-24 23:02 - 2013-08-22 16:36 - 00000000 ____D () C:\Windows\system32\sru
2014-02-24 22:29 - 2014-02-24 22:29 - 00002241 _____ () C:\Users\wiwi\Desktop\RKreport[0]_S_02242014_222935.txt
2014-02-24 22:29 - 2014-02-24 22:26 - 00000000 ____D () C:\Users\wiwi\Desktop\RK_Quarantine
2014-02-24 22:27 - 2013-12-25 01:06 - 00000000 ____D () C:\Users\wiwi\AppData\Local\CrashDumps
2014-02-24 22:26 - 2013-12-26 15:18 - 00000000 ____D () C:\Users\wiwi\AppData\Roaming\Skype
2014-02-24 22:25 - 2014-02-24 22:25 - 04413952 _____ () C:\Users\wiwi\Downloads\RogueKillerX64.exe
2014-02-24 21:08 - 2014-02-24 21:08 - 01241834 _____ () C:\Users\wiwi\Downloads\adwcleaner.exe
2014-02-24 20:52 - 2013-12-25 01:13 - 00002193 _____ () C:\Users\wiwi\Desktop\360软件管家.lnk
2014-02-24 20:49 - 2013-12-25 00:10 - 00003598 _____ () C:\Windows\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-2034558399-3691735088-876375644-1001
2014-02-24 20:38 - 2014-02-24 20:38 - 00001121 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2014-02-24 20:38 - 2014-02-24 20:38 - 00000000 ____D () C:\Users\wiwi\AppData\Roaming\Malwarebytes
2014-02-24 20:38 - 2014-02-24 20:38 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-02-24 20:38 - 2014-02-24 20:38 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes' Anti-Malware
2014-02-24 20:37 - 2014-02-24 20:36 - 10285040 _____ (Malwarebytes Corporation ) C:\Users\wiwi\Downloads\mbam-setup-1.75.0.1300.exe
2014-02-24 20:33 - 2013-12-25 01:12 - 00000000 ____D () C:\Users\wiwi\AppData\Roaming\360Safe
2014-02-24 20:24 - 2013-12-30 23:58 - 00000000 __SHD () C:\Users\wiwi\AppData\Roaming\360Quarant
2014-02-24 20:24 - 2013-12-30 23:58 - 00000000 __SHD () C:\$360Section
2014-02-24 20:23 - 2014-02-02 01:32 - 00000352 _____ () C:\Windows\Tasks\AmiUpdXp.job
2014-02-24 20:21 - 2014-01-20 21:53 - 00000000 __RDO () C:\Users\wiwi\SkyDrive
2014-02-24 20:21 - 2013-12-26 15:50 - 00000000 ____D () C:\Users\wiwi\AppData\Local\TSVNCache
2014-02-24 00:29 - 2013-12-27 23:13 - 00000000 ____D () C:\Users\wiwi\Downloads\cv
2014-02-23 15:24 - 2013-12-25 00:04 - 00000000 ____D () C:\Users\wiwi
2014-02-23 14:48 - 2013-12-25 08:35 - 00000000 ____D () C:\Users\wiwi\AppData\Roaming\KuGou8
2014-02-23 13:13 - 2014-02-22 12:40 - 00000000 ____D () C:\Users\wiwi\AppData\Local\Battle.net
2014-02-22 21:44 - 2013-12-25 00:05 - 00000000 ____D () C:\Users\wiwi\AppData\Local\Packages
2014-02-22 21:07 - 2013-08-22 15:45 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-02-22 21:06 - 2014-02-21 21:35 - 00010480 _____ () C:\Windows\PFRO.log
2014-02-22 21:06 - 2013-12-25 01:13 - 00000000 _RSHD () C:\360SANDBOX
2014-02-22 15:12 - 2014-02-22 15:12 - 00000000 ____D () C:\Program Files (x86)\KuGou2012
2014-02-22 15:12 - 2013-12-25 08:35 - 00000000 ____D () C:\Users\wiwi\AppData\Roaming\KGDataBak
2014-02-22 15:02 - 2013-12-26 10:49 - 00000000 ____D () C:\Program Files (x86)\Steam
2014-02-22 12:56 - 2014-02-22 12:56 - 00000000 ____D () C:\Users\wiwi\AppData\Local\Blizzard
2014-02-22 12:56 - 2014-02-22 12:52 - 00000000 ____D () C:\Program Files (x86)\Hearthstone
2014-02-22 12:52 - 2014-02-22 12:52 - 00001201 _____ () C:\Users\Public\Desktop\Hearthstone.lnk
2014-02-22 12:51 - 2014-02-22 12:40 - 00000000 ____D () C:\Users\wiwi\AppData\Roaming\Battle.net
2014-02-22 12:50 - 2013-08-22 14:25 - 00262144 ___SH () C:\Windows\system32\config\BBI
2014-02-22 12:49 - 2013-12-27 22:54 - 00000000 ____D () C:\ProgramData\Microsoft Help
2014-02-22 12:49 - 2013-08-22 14:25 - 00000167 _____ () C:\Windows\win.ini
2014-02-22 12:41 - 2014-02-22 12:41 - 00000000 ____D () C:\Users\wiwi\AppData\Local\Blizzard Entertainment
2014-02-22 12:40 - 2014-02-22 12:40 - 00001158 _____ () C:\Users\Public\Desktop\Battle.net.lnk
2014-02-22 12:40 - 2014-02-22 12:40 - 00000000 ____D () C:\ProgramData\Blizzard Entertainment
2014-02-22 12:40 - 2014-02-22 12:40 - 00000000 ____D () C:\Program Files (x86)\Battle.net
2014-02-22 12:39 - 2014-02-22 12:39 - 05946048 _____ (Blizzard Entertainment) C:\Users\wiwi\Downloads\Hearthstone-Beta-Setup-frFR.exe
2014-02-22 08:49 - 2013-12-26 13:12 - 00000000 ____D () C:\Users\wiwi\AppData\Roaming\Tencent
2014-02-22 08:28 - 2013-12-27 15:08 - 00000000 ____D () C:\Users\wiwi\Desktop\Eip
2014-02-22 08:26 - 2014-02-22 08:26 - 00000000 ____D () C:\Program Files\Microsoft Silverlight
2014-02-22 08:26 - 2014-02-22 08:26 - 00000000 ____D () C:\Program Files (x86)\Microsoft Silverlight
2014-02-22 02:02 - 2014-02-02 01:32 - 00000000 ____D () C:\Users\wiwi\AppData\Local\SwvUpdater
2014-02-22 02:01 - 2014-02-22 00:58 - 00000000 ____D () C:\Program Files (x86)\Youtube Movie Maker
2014-02-22 02:01 - 2014-02-21 23:18 - 00000000 ____D () C:\Windows\fr
2014-02-22 02:01 - 2014-02-21 23:18 - 00000000 ____D () C:\Windows\en
2014-02-22 02:01 - 2014-02-21 18:59 - 00000000 ____D () C:\Program Files (x86)\Windows Live
2014-02-22 02:01 - 2014-01-04 15:36 - 00000000 ____D () C:\Fraps
2014-02-22 02:01 - 2014-01-04 13:47 - 00000000 ____D () C:\ProgramData\QvodPlayer
2014-02-22 02:01 - 2013-12-28 22:41 - 00000000 ____D () C:\ProgramData\Atheros
2014-02-22 02:01 - 2013-12-27 10:29 - 00000000 ____D () C:\Users\wiwi\AppData\Local\Flash Builder
2014-02-22 02:01 - 2013-12-27 10:24 - 00000000 ____D () C:\ProgramData\Adobe
2014-02-22 02:01 - 2013-12-26 16:31 - 00000000 ____D () C:\wamp
2014-02-22 02:01 - 2013-12-26 13:12 - 00000000 ____D () C:\Program Files (x86)\Tencent
2014-02-22 02:01 - 2013-12-25 17:46 - 00000000 ____D () C:\Users\wiwi\AppData\Local\Mobogenie
2014-02-22 02:01 - 2013-12-25 17:43 - 00000000 ____D () C:\Program Files (x86)\FileZilla FTP Client
2014-02-22 02:01 - 2013-12-25 08:41 - 00000000 ____D () C:\Program Files (x86)\坦克世界盒子
2014-02-22 02:01 - 2013-12-25 03:40 - 00000000 ____D () C:\Users\wiwi\AppData\Roaming\PPStream
2014-02-22 02:01 - 2013-12-25 03:40 - 00000000 ____D () C:\Users\wiwi\AppData\Roaming\360zip
2014-02-22 02:01 - 2013-12-25 01:43 - 00000000 ____D () C:\Program Files (x86)\jisupdf
2014-02-22 02:01 - 2013-12-25 01:13 - 00000000 ____D () C:\Users\wiwi\AppData\Roaming\360Login
2014-02-22 02:01 - 2013-12-25 00:42 - 00000000 ____D () C:\Users\wiwi\AppData\Local\Micro-Star_International_
2014-02-22 02:01 - 2013-12-25 00:26 - 00000000 ____D () C:\Users\wiwi\AppData\Local\MSI
2014-02-22 02:01 - 2013-08-22 16:36 - 00000000 ____D () C:\Windows\SysWOW64\GroupPolicy
2014-02-22 02:01 - 2013-08-22 16:36 - 00000000 ____D () C:\Windows\registration
2014-02-22 02:01 - 2013-08-22 16:36 - 00000000 ____D () C:\Program Files\Common Files\microsoft shared
2014-02-22 02:01 - 2013-08-22 14:36 - 00000000 ____D () C:\Windows\system32\Sysprep
2014-02-22 02:00 - 2014-01-04 15:05 - 00000000 __RHD () C:\MSOCache
2014-02-22 02:00 - 2013-12-27 22:54 - 00000000 ____D () C:\Program Files\Microsoft Office
2014-02-22 01:50 - 2014-02-22 01:48 - 10703427 _____ () C:\Users\wiwi\Downloads\333.mp4
2014-02-22 00:49 - 2014-02-22 00:48 - 41164006 _____ () C:\Users\wiwi\Downloads\videodemo.zip
2014-02-21 23:19 - 2014-02-21 23:22 - 04585620 _____ () C:\Users\wiwi\Desktop\test.mp4
2014-02-21 23:17 - 2014-02-21 23:17 - 00000359 _____ () C:\Windows\DirectX.log
2014-02-21 23:13 - 2014-02-21 23:16 - 09955782 _____ () C:\Users\wiwi\Desktop\temps2.mp4
2014-02-21 23:06 - 2014-02-21 23:06 - 00000141 _____ () C:\hwsig.log
2014-02-21 22:56 - 2014-02-21 21:13 - 00000000 ____D () C:\Program Files (x86)\CamStudio 2.7
2014-02-21 22:28 - 2014-02-21 22:28 - 00000000 _____ () C:\Windows\setuperr.log
2014-02-21 22:28 - 2014-02-21 22:28 - 00000000 _____ () C:\Windows\setupact.log
2014-02-21 22:25 - 2014-02-21 22:25 - 00000000 ____D () C:\Users\Default\AppData\Local\Microsoft Help
2014-02-21 22:25 - 2014-02-21 22:25 - 00000000 ____D () C:\Users\Default User\AppData\Local\Microsoft Help
2014-02-21 21:40 - 2014-02-21 21:32 - 00000000 ____D () C:\AdwCleaner
2014-02-21 21:22 - 2013-12-25 17:44 - 00000000 ____D () C:\Users\wiwi\AppData\Roaming\FileZilla
2014-02-21 20:34 - 2013-12-25 08:23 - 00000000 ____D () C:\ProgramData\360SD
2014-02-21 20:28 - 2014-02-02 01:35 - 00000000 __SHD () C:\360Rec
2014-02-21 20:19 - 2014-02-21 20:18 - 00000000 ____D () C:\Users\wiwi\Documents\My CamStudio Temp Files
2014-02-21 20:18 - 2014-02-21 20:18 - 00000096 _____ () C:\Users\wiwi\AppData\Roaming\version2.xml
2014-02-21 20:11 - 2014-02-21 20:11 - 00000000 ____D () C:\Users\wiwi\AppData\Roaming\DivX
2014-02-21 20:11 - 2014-02-21 20:09 - 00000000 ____D () C:\Users\wiwi\Documents\ezvid
2014-02-21 19:08 - 2014-02-21 18:57 - 00000000 ____D () C:\Users\wiwi\AppData\Local\Windows Live
2014-02-20 23:35 - 2014-02-20 23:32 - 144811528 _____ () C:\Users\wiwi\Downloads\themeforest-4021469-metronic-responsive-admin-dashboard-template.zip
2014-02-20 18:10 - 2014-02-20 18:10 - 00000434 _____ () C:\Users\wiwi\Desktop\info entretien klee.txt
2014-02-20 11:22 - 2013-12-25 03:27 - 00000000 ____D () C:\Users\wiwi\AppData\Local\PMB Files
2014-02-20 11:02 - 2013-08-22 16:36 - 00000000 ____D () C:\Windows\rescache
2014-02-19 21:38 - 2014-02-19 21:38 - 00001561 _____ () C:\Users\wiwi\Desktop\Visual Studio 2013.lnk
2014-02-18 23:11 - 2014-01-25 13:10 - 00001178 _____ () C:\Users\Public\Desktop\TeamViewer 9.lnk
2014-02-18 23:10 - 2014-01-25 13:13 - 00000000 ____D () C:\Users\wiwi\AppData\Roaming\TeamViewer
2014-02-18 22:43 - 2014-02-18 21:26 - 00000000 ____D () C:\Users\wiwi\Desktop\Git
2014-02-18 22:33 - 2014-02-18 22:33 - 00001169 _____ () C:\Users\wiwi\Desktop\SourceTree.lnk
2014-02-18 22:26 - 2014-02-18 21:48 - 00001784 ____H () C:\Users\wiwi\.gitk
2014-02-18 22:24 - 2014-02-18 22:22 - 00000000 ____D () C:\ProgramData\Atlassian
2014-02-18 22:23 - 2014-02-18 22:23 - 00000000 ____D () C:\Users\wiwi\AppData\Local\Atlassian
2014-02-18 22:22 - 2014-02-18 22:22 - 00000000 ____D () C:\ProgramData\Caphyon
2014-02-18 22:22 - 2014-02-18 22:22 - 00000000 ____D () C:\Program Files (x86)\Atlassian
2014-02-18 22:21 - 2014-02-18 22:21 - 09597136 _____ (Atlassian) C:\Users\wiwi\Downloads\SourceTreeSetup_1.4.1.exe
2014-02-18 21:38 - 2014-01-02 16:02 - 00000000 ____D () C:\Users\wiwi\Documents\Visual Studio 2013
2014-02-18 21:19 - 2013-12-31 10:25 - 00000000 ____D () C:\Users\wiwi\AppData\Roaming\GitHub
2014-02-18 21:19 - 2013-12-31 10:25 - 00000000 ____D () C:\Users\wiwi\AppData\Local\GitHub
2014-02-18 21:19 - 2013-12-31 10:19 - 00000000 ____D () C:\Users\wiwi\AppData\Local\Deployment
2014-02-18 21:15 - 2013-12-25 00:05 - 00000000 ___RD () C:\Users\wiwi\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
2014-02-18 21:15 - 2013-12-25 00:05 - 00000000 ___RD () C:\Users\wiwi\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Administrative Tools
2014-02-18 21:14 - 2014-02-02 12:04 - 05100600 _____ () C:\Windows\system32\FNTCACHE.DAT
2014-02-18 21:14 - 2013-08-22 16:36 - 00000000 ___RD () C:\Windows\ToastData
2014-02-18 21:14 - 2013-08-22 14:36 - 00000000 ____D () C:\Windows\SysWOW64\Dism
2014-02-18 21:14 - 2013-08-22 14:36 - 00000000 ____D () C:\Windows\system32\Dism
2014-02-18 20:31 - 2013-08-22 16:36 - 00000000 ____D () C:\Windows\AppReadiness
2014-02-17 22:00 - 2013-08-22 16:38 - 00693240 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2014-02-17 22:00 - 2013-08-22 16:38 - 00105464 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2014-02-15 22:25 - 2011-10-26 18:14 - 00000954 _____ () C:\Users\wiwi\AppData\Roaming\coreavc.ini
2014-02-15 22:13 - 2013-12-25 01:13 - 00000000 ____D () C:\Users\wiwi\AppData\Roaming\360mobilemgr
2014-02-15 21:42 - 2013-12-26 14:39 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service
2014-02-15 16:59 - 2013-12-26 14:39 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2014-02-12 22:30 - 2014-02-12 22:30 - 00001076 _____ () C:\Users\wiwi\Desktop\WoTLauncher.exe - Shortcut.lnk
2014-02-12 00:44 - 2013-08-22 16:36 - 00000000 ____D () C:\Windows\MediaViewer
2014-02-12 00:44 - 2013-08-22 16:36 - 00000000 ____D () C:\Windows\FileManager
2014-02-12 00:44 - 2013-08-22 16:36 - 00000000 ____D () C:\Windows\Camera
2014-02-11 20:55 - 2013-12-25 17:49 - 00000000 ____D () C:\Users\wiwi\AppData\Roaming\PotPlayerMini
2014-02-11 20:52 - 2014-02-11 20:52 - 00000000 ____D () C:\Users\wiwi\Downloads\Code de la route 26
2014-02-11 20:51 - 2014-02-11 20:51 - 803840595 _____ () C:\Users\wiwi\Downloads\Code de la route 26.rar
2014-02-11 20:32 - 2014-02-11 20:32 - 00305664 _____ (Inekman) C:\Users\wiwi\Downloads\Xtremsplit.exe
2014-02-09 17:52 - 2013-12-25 03:43 - 00000000 ____D () C:\ProgramData\LocalStorage
2014-02-08 20:35 - 2014-01-26 12:02 - 00000000 ____D () C:\Users\wiwi\Downloads\SITE
2014-02-07 22:01 - 2014-02-07 22:01 - 00000000 ____D () C:\Users\Public\Documents\DAEMON Tools Images
2014-02-06 20:20 - 2013-12-25 01:00 - 00000000 ____D () C:\Users\wiwi\Documents\Bluetooth Folder
2014-02-06 13:16 - 2014-02-11 20:28 - 23170048 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-02-06 12:30 - 2014-02-11 20:28 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-02-06 12:30 - 2014-02-11 20:28 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2014-02-06 12:12 - 2014-02-11 20:28 - 02765824 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2014-02-06 12:07 - 2014-02-11 20:28 - 00066048 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2014-02-06 12:06 - 2014-02-11 20:28 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2014-02-06 11:57 - 2014-02-11 20:28 - 00053760 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2014-02-06 11:56 - 2014-02-11 20:28 - 00033792 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2014-02-06 11:49 - 2014-02-11 20:28 - 00139264 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2014-02-06 11:48 - 2014-02-11 20:28 - 00708608 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2014-02-06 11:48 - 2014-02-11 20:28 - 00111616 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2014-02-06 11:38 - 2014-02-11 20:28 - 17103872 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2014-02-06 11:32 - 2014-02-11 20:28 - 00218624 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2014-02-06 11:20 - 2014-02-11 20:28 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2014-02-06 11:17 - 2014-02-11 20:28 - 00195584 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2014-02-06 11:11 - 2014-02-11 20:28 - 05768704 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2014-02-06 11:01 - 2014-02-11 20:28 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2014-02-06 11:00 - 2014-02-11 20:28 - 00051200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2014-02-06 10:57 - 2014-02-11 20:28 - 02168320 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2014-02-06 10:57 - 2014-02-11 20:28 - 00627200 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2014-02-06 10:52 - 2014-02-11 20:28 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2014-02-06 10:52 - 2014-02-11 20:28 - 00032768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2014-02-06 10:50 - 2014-02-11 20:28 - 02041856 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2014-02-06 10:47 - 2014-02-11 20:28 - 00112128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2014-02-06 10:46 - 2014-02-11 20:28 - 00553472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2014-02-06 10:25 - 2014-02-11 20:28 - 04244480 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2014-02-06 10:25 - 2014-02-11 20:28 - 00164864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2014-02-06 10:24 - 2014-02-11 20:28 - 02334208 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2014-02-06 10:22 - 2014-02-11 20:28 - 13051392 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2014-02-06 10:13 - 2014-02-11 20:28 - 00524288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2014-02-06 10:09 - 2014-02-11 20:28 - 01964032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2014-02-06 10:03 - 2014-02-11 20:28 - 11266048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2014-02-06 09:55 - 2014-02-11 20:28 - 01393664 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2014-02-06 09:41 - 2014-02-11 20:28 - 01820160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2014-02-06 09:40 - 2014-02-11 20:28 - 00817664 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2014-02-06 09:36 - 2014-02-11 20:28 - 01156096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2014-02-06 09:34 - 2014-02-11 20:28 - 00703488 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2014-02-04 19:09 - 2013-12-25 22:16 - 88567024 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2014-02-02 21:29 - 2014-02-02 21:29 - 00000000 ____D () C:\Users\wiwi\Downloads\Activation_windows_8.1_-_KMSmicro_v5.0.1
2014-02-02 18:36 - 2014-02-02 18:36 - 02305259 _____ () C:\Users\wiwi\Downloads\CodeIgniter_2.1.4.zip
2014-02-02 12:07 - 2013-12-28 11:45 - 00000000 ____D () C:\ProgramData\Microsoft Toolkit
2014-02-02 01:32 - 2014-02-02 01:32 - 00003342 _____ () C:\Windows\System32\Tasks\AmiUpdXp
2014-02-01 07:26 - 2013-12-26 13:12 - 00001169 _____ () C:\Users\wiwi\Desktop\QQ旋风.lnk
2014-02-01 02:02 - 2014-02-01 02:01 - 00019534 _____ () C:\Users\wiwi\Downloads\Simple expense budget1.xlsx
2014-01-31 21:29 - 2013-10-25 18:15 - 00000000 ____D () C:\Users\wiwi\Desktop\master
2014-01-31 10:11 - 2014-01-31 10:11 - 00000000 ____D () C:\Users\wiwi\AppData\Roaming\Awesomium
2014-01-31 10:09 - 2014-01-31 10:09 - 00000003 _____ () C:\Windows\system32\HRUPPROG.TXT
2014-01-31 10:09 - 2014-01-31 10:09 - 00000003 _____ () C:\Windows\system32\HRUPPROG.DIE.NOW
2014-01-31 10:08 - 2014-01-31 10:08 - 00000842 _____ () C:\Users\Public\Desktop\Hi-Rez Diagnostics and Support.lnk
2014-01-31 10:08 - 2014-01-31 10:08 - 00000841 _____ () C:\Users\Public\Desktop\Smite.lnk
2014-01-31 10:08 - 2014-01-31 10:08 - 00000000 ____D () C:\ProgramData\Hi-Rez Studios
2014-01-31 10:08 - 2013-12-25 00:12 - 00000000 ___HD () C:\Program Files (x86)\InstallShield Installation Information
2014-01-30 10:51 - 2014-01-30 10:50 - 37463825 _____ (Hi-Rez Studios) C:\Users\wiwi\Downloads\InstallHiRezGamesEnglish.exe
2014-01-27 00:26 - 2014-01-27 00:26 - 00000000 ____D () C:\Users\wiwi\Documents\Gaslamp Games
2014-01-27 00:18 - 2014-01-27 00:18 - 00000000 ____D () C:\Users\wiwi\Documents\TecmoKoei
2014-01-26 17:59 - 2014-01-26 17:59 - 00000000 ____D () C:\Windows\SysWOW64\NV
2014-01-26 17:59 - 2014-01-26 17:59 - 00000000 ____D () C:\Windows\system32\NV
2014-01-26 17:59 - 2013-12-25 01:30 - 00000000 ____D () C:\ProgramData\NVIDIA
2014-01-26 17:43 - 2013-12-25 01:33 - 00000000 ____D () C:\Users\wiwi\AppData\Local\NVIDIA
2014-01-26 17:42 - 2014-01-26 17:42 - 00000000 ____D () C:\Users\wiwi\AppData\Local\NVIDIA Corporation
2014-01-26 17:42 - 2013-12-25 01:30 - 00000000 ____D () C:\ProgramData\NVIDIA Corporation
2014-01-26 17:42 - 2013-12-25 01:30 - 00000000 ____D () C:\Program Files (x86)\NVIDIA Corporation
2014-01-26 17:42 - 2013-12-25 01:29 - 00000000 ____D () C:\Program Files\NVIDIA Corporation
2014-01-26 12:20 - 2014-01-18 15:13 - 00000961 _____ () C:\Users\Public\Desktop\Ma-Config.com - Start the detection.lnk
2014-01-26 12:20 - 2013-12-25 04:17 - 00000000 ____D () C:\ProgramData\ma-config.com
2014-01-26 12:20 - 2013-12-25 04:17 - 00000000 ____D () C:\Program Files\ma-config.com
2014-01-26 12:02 - 2014-01-21 21:05 - 00000132 _____ () C:\Users\wiwi\AppData\Roaming\Préfs Format PNG Adobe CS6
2014-01-26 12:01 - 2014-01-26 12:01 - 00300033 _____ () C:\Users\wiwi\Downloads\SITE.rar
2014-01-26 00:32 - 2014-01-26 00:32 - 00032660 _____ () C:\Users\wiwi\Downloads\World.War.Z.1080p.JYK.noRel._www.ENGSUB.NET.zip
2014-01-25 13:10 - 2014-01-25 13:10 - 00000000 ____D () C:\Program Files (x86)\TeamViewer
2014-01-25 13:08 - 2014-01-25 13:08 - 06079336 _____ (TeamViewer GmbH) C:\Users\wiwi\Downloads\TeamViewer_Setup_fr-cka.exe

Some content of TEMP:
====================
C:\Users\wiwi\AppData\Local\Temp\KGUpdater.exe
C:\Users\wiwi\AppData\Local\Temp\ntdll_dump.dll
C:\Users\wiwi\AppData\Local\Temp\PidGenX.dll


==================== Bamital & volsnap Check =================

C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\rpcss.dll => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit


LastRegBack: 2014-02-21 22:23

==================== End Of Log ============================

Addition.txt

Link to post
Share on other sites

Make sure you have created a new system restore point as I mentioned in my first post to you before you continue!

 

----------------------------

Please uninstall this from your add/remove programs: (if possible)
Software Version Updater

----------------------------------

Then...............

Lets clean out any adware/spyware now: (this will require a reboot so save all your work)

Please download AdwCleaner from HERE or HERE to your desktop.

  • Double click on AdwCleaner.exe to run the tool.
    Vista/Windows 7/8 users right-click and select Run As Administrator
  • Click on the Scan button.
  • AdwCleaner will begin...be patient as the scan may take some time to complete.
  • When it's done you'll see: Pending: Please uncheck elements you don't want removed.
  • Now click on the Report button...a logfile (AdwCleaner[R0].txt) will open in Notepad for review.
  • Look over the log especially under Files/Folders for any program you want to save.
  • If there's a program you may want to save, just uncheck it from AdwCleaner.
  • If you're not sure, post the log for review. (all items found are adware/spyware/foistware)
  • If you're ready to clean it all up.....click the Clean button.
  • After rebooting, a logfile report (AdwCleaner[s0].txt) will open automatically.
  • Copy and paste the contents of that logfile in your next reply.
  • A copy of that logfile will also be saved in the C:\AdwCleaner folder.
  • Items that are deleted are moved to the Quarantine Folder: C:\AdwCleaner\Quarantine
  • To restore an item that has been deleted:
  • Go to Tools > Quarantine Manager > check what you want restored > now click on Restore.

Last..................

Open up Malwarebytes > Settings Tab > Scanner Settings > Under action for PUP > Select: Show in Results List and Check for removal.

Please Update and run a Quick Scan with Malwarebytes Anti-Malware, post the report.

Make sure that everything is checked, and click Remove Selected.

Please let me know how computer is running now, MrC

Link to post
Share on other sites

Hello,

 

I did the clean and thanks again for your help. :)

My computer looks like better.

 

Here is the logs :

For Adwcleaner :

 

# AdwCleaner v3.019 - Report created 21/02/2014 at 21:40:29
# Updated 17/02/2014 by Xplode
# Operating System : Windows 8.1 Pro  (64 bits)
# Username : wiwi - SPARKLAND
# Running from : C:\Users\wiwi\Downloads\adwcleaner.exe
# Option : Clean

***** [ Services ] *****


***** [ Files / Folders ] *****

Folder Deleted : C:\ProgramData\Tencent
Folder Deleted : C:\Program Files (x86)\baidu
Folder Deleted : C:\Program Files (x86)\Tencent
Folder Deleted : C:\Program Files (x86)\Common Files\Tencent
Folder Deleted : C:\Windows\SysWOW64\AI_RecycleBin
Folder Deleted : C:\Users\wiwi\AppData\Local\Mobogenie
Folder Deleted : C:\Users\wiwi\AppData\Local\SwvUpdater
Folder Deleted : C:\Users\wiwi\AppData\Roaming\Mysearchdial
Folder Deleted : C:\Users\wiwi\AppData\Roaming\Tencent
Folder Deleted : C:\Users\wiwi\Documents\Mobogenie
Folder Deleted : C:\Users\wiwi\AppData\Local\Google\Chrome\User Data\Default\Extensions\igdhbblpcellaljokkpfhcjlagemhgjl
File Deleted : C:\Users\wiwi\AppData\Roaming\Mozilla\Firefox\Profiles\n9s6s2rv.default-1391471225261\user.js
File Deleted : C:\Users\wiwi\AppData\Local\Google\Chrome\User Data\Default\Local Storage\chrome-extension_igdhbblpcellaljokkpfhcjlagemhgjl_0.localstorage
File Deleted : C:\Windows\Tasks\AmiUpdXp.job
File Deleted : C:\Windows\System32\Tasks\AmiUpdXp

***** [ Shortcuts ] *****

Shortcut Disinfected : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Ëѹ·Æ´ÒôÊäÈë·¨\Ƥ·ôСºÐ×Ó.lnk

***** [ Registry ] *****

Key Deleted : HKLM\SOFTWARE\Classes\AppID\escortApp.DLL
Key Deleted : HKLM\SOFTWARE\Classes\AppID\escortEng.DLL
Key Deleted : HKLM\SOFTWARE\Classes\AppID\escorTlbr.DLL
Key Deleted : HKLM\SOFTWARE\Classes\AppID\esrv.EXE
Key Deleted : HKLM\SOFTWARE\Classes\esrv.mysearchdialesrvc
Key Deleted : HKLM\SOFTWARE\Classes\esrv.mysearchdialesrvc.1
Key Deleted : HKLM\SOFTWARE\Classes\Iminent
Key Deleted : HKLM\SOFTWARE\Classes\mysearchdial.mysearchdialappCore
Key Deleted : HKLM\SOFTWARE\Classes\mysearchdial.mysearchdialappCore.1
Key Deleted : HKLM\SOFTWARE\Classes\mysearchdial.mysearchdialdskBnd
Key Deleted : HKLM\SOFTWARE\Classes\mysearchdial.mysearchdialdskBnd.1
Key Deleted : HKLM\SOFTWARE\Classes\Updater.AmiUpd
Key Deleted : HKLM\SOFTWARE\Classes\Updater.AmiUpd.1
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{0A18A436-2A7A-49F3-A488-30538A2F6323}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{4E1E9D45-8BF9-4139-915C-9F83CC3D5921}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{B12E99ED-69BD-437C-86BE-C862B9E5444D}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{C292AD0A-C11F-479B-B8DB-743E72D283B0}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{CA5CAA63-B27C-4963-9BEC-CB16A36D56F8}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{D7EE8177-D51E-4F89-92B6-83EA2EC40800}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{00000001-4FEF-40D3-B3FA-E0531B897F98}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{007EFBDF-8A5D-4930-97CC-A4B437CBA777}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{3004627E-F8E9-4E8B-909D-316753CBA923}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{31D09BA0-12F5-4CCE-BE8A-2923E76605DA}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{4ED063C9-4A0B-4B44-A9DC-23AFF424A0D3}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{64697678-0000-0010-8000-00AA00389B71}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{67BD9EEB-AA06-4329-A940-D250019300C9}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{C358B3D0-B911-41E3-A276-E7D43A6BA56D}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{D40753C7-8A59-4C1F-BE88-C300F4624D5B}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{9EDC0C90-2B5B-4512-953E-35767BAD5C67}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{4E1E9D45-8BF9-4139-915C-9F83CC3D5921}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{A0EE0278-2986-4E5A-884E-A3BF0357E476}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{D7EE8177-D51E-4F89-92B6-83EA2EC40800}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{31D09BA0-12F5-4CCE-BE8A-2923E76605DA}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{31D09BA0-12F5-4CCE-BE8A-2923E76605DA}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{31D09BA0-12F5-4CCE-BE8A-2923E76605DA}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Extensions\{31D09BA0-12F5-4CCE-BE8A-2923E76605DA}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{219046AE-358F-4CF1-B1FD-2B4DE83642A8}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{68B81CCD-A80C-4060-8947-5AE69ED01199}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{E6B969FB-6D33-48D2-9061-8BBD4899EB08}
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{77AA745B-F4F8-45DA-9B14-61D2D95054C8}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\CLSID\{31D09BA0-12F5-4CCE-BE8A-2923E76605DA}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{9EDC0C90-2B5B-4512-953E-35767BAD5C67}
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{31D09BA0-12F5-4CCE-BE8A-2923E76605DA}
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{77AA745B-F4F8-45DA-9B14-61D2D95054C8}
Key Deleted : HKCU\Software\caphyon
Key Deleted : HKCU\Software\InstallCore
Key Deleted : HKCU\Software\mysearchdial
Key Deleted : HKCU\Software\mysearchdial.com
Key Deleted : HKCU\Software\TENCENT
Key Deleted : HKLM\Software\caphyon
Key Deleted : HKLM\Software\Iminent
Key Deleted : HKLM\Software\TENCENT
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{99C91FC5-DB5B-4AA0-BB70-5D89C5A4DF96}
Key Deleted : [x64] HKLM\SOFTWARE\Iminent

***** [ Browsers ] *****

-\\ Internet Explorer v11.0.9600.16518


-\\ Mozilla Firefox v27.0.1 (fr)

[ File : C:\Users\wiwi\AppData\Roaming\Mozilla\Firefox\Profiles\n9s6s2rv.default-1391471225261\prefs.js ]

Line Deleted : user_pref("extensions.mysearchdial.AL", 2);
Line Deleted : user_pref("extensions.mysearchdial.aflt", "irmsd0202ff");
Line Deleted : user_pref("extensions.mysearchdial.appId", "{CA5CAA63-B27C-4963-9BEC-CB16A36D56F8}");
Line Deleted : user_pref("extensions.mysearchdial.cd", "2XzuyEtN2Y1L1Qzuzz0Czzzy0AyDtD0EtCyE0AzyyC0C0DyEtN0D0Tzu0SyBzztAtN1L2XzutCtFtCtFtCtFtCtN1L1CzutDzytDtCtG1TtN1L1G1B1V1N2Y1L1Qzu2StB0CyB0C0B0F0AyDtG0ByE0DzytGtDz[...]
Line Deleted : user_pref("extensions.mysearchdial.cr", "77227645");
Line Deleted : user_pref("extensions.mysearchdial.dfltLng", "");
Line Deleted : user_pref("extensions.mysearchdial.dfltSrch", true);
Line Deleted : user_pref("extensions.mysearchdial.dnsErr", true);
Line Deleted : user_pref("extensions.mysearchdial.excTlbr", false);
Line Deleted : user_pref("extensions.mysearchdial.hmpg", true);

Line Deleted : user_pref("extensions.mysearchdial.id", "8C89A50E14A96CD4");
Line Deleted : user_pref("extensions.mysearchdial.instlDay", "16122");
Line Deleted : user_pref("extensions.mysearchdial.instlRef", "0901-a");

Line Deleted : user_pref("extensions.mysearchdial.prdct", "mysearchdial");
Line Deleted : user_pref("extensions.mysearchdial.prtnrId", "mysearchdial");
Line Deleted : user_pref("extensions.mysearchdial.srchPrvdr", "Mysearchdial");
Line Deleted : user_pref("extensions.mysearchdial.tlbrId", "base");

Line Deleted : user_pref("extensions.mysearchdial.vrsn", "1.8.29.0");
Line Deleted : user_pref("extensions.mysearchdial.vrsni", "1.8.29.0");
Line Deleted : user_pref("extensions.mysearchdial_i.hmpg", true);
Line Deleted : user_pref("extensions.mysearchdial_i.newTab", false);
Line Deleted : user_pref("extensions.mysearchdial_i.smplGrp", "none");
Line Deleted : user_pref("extensions.mysearchdial_i.vrsnTs", "1.8.29.020:17:32");

-\\ Google Chrome v31.0.1650.63

[ File : C:\Users\wiwi\AppData\Local\Google\Chrome\User Data\Default\preferences ]


*************************

AdwCleaner[R0].txt - [10572 octets] - [21/02/2014 21:33:03]
AdwCleaner[s0].txt - [9311 octets] - [21/02/2014 21:34:26]

########## EOF - C:\AdwCleaner\AdwCleaner[s0].txt - [4173 octets] ##########
# AdwCleaner v3.019 - Report created 25/02/2014 at 00:17:31
# Updated 17/02/2014 by Xplode
# Operating System : Windows 8.1 Pro  (64 bits)
# Username : wiwi - SPARKLAND
# Running from : C:\Users\wiwi\Downloads\adwcleaner(1).exe
# Option : Clean

***** [ Services ] *****


***** [ Files / Folders ] *****

[x] Not Deleted : C:\Program Files (x86)\Tencent
[x] Not Deleted : C:\Program Files (x86)\Common Files\Tencent
[x] Not Deleted : C:\Users\wiwi\AppData\Roaming\Tencent
Folder Deleted : C:\Users\wiwi\AppData\Local\Google\Chrome\User Data\Default\Extensions\igdhbblpcellaljokkpfhcjlagemhgjl

***** [ Shortcuts ] *****


***** [ Registry ] *****


***** [ Browsers ] *****

-\\ Internet Explorer v11.0.9600.16518


-\\ Mozilla Firefox v27.0.1 (fr)

[ File : C:\Users\wiwi\AppData\Roaming\Mozilla\Firefox\Profiles\n9s6s2rv.default-1391471225261\prefs.js ]


-\\ Google Chrome v31.0.1650.63

[ File : C:\Users\wiwi\AppData\Local\Google\Chrome\User Data\Default\preferences ]


*************************

AdwCleaner[R0].txt - [14327 octets] - [21/02/2014 21:33:03]
AdwCleaner[s0].txt - [12843 octets] - [21/02/2014 21:34:26]

########## EOF - C:\AdwCleaner\AdwCleaner[s0].txt - [5539 octets] ##########
 

 

 

And the log for malwarebytes :

 

Malwarebytes Anti-Malware (Trial) 1.75.0.1300
www.malwarebytes.org

Database version: v2014.02.24.10

Windows 8 x64 NTFS
Internet Explorer 11.0.9600.16518
wiwi :: SPARKLAND [administrator]

Protection: Enabled

25/02/2014 00:20:02
mbam-log-2014-02-25 (00-20-02).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 220767
Time elapsed: 2 minute(s), 6 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 6
HKCR\AppID\{1DD31B76-C57E-49ba-94BC-BF53F0C82CD4} (PUP.Optional.Funshion) -> Quarantined and deleted successfully.
HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{1DD31B76-C57E-49ba-94BC-BF53F0C82CD4} (PUP.Optional.Funshion) -> Quarantined and deleted successfully.
HKCR\CLSID\{91878E42-FC03-4785-B513-1F9E613D1027} (PUP.Optional.Funshion) -> Quarantined and deleted successfully.
HKCR\ASBarBroker.BDBroker.1 (PUP.Optional.Funshion) -> Quarantined and deleted successfully.
HKCR\ASBarBroker.BDBroker (PUP.Optional.Funshion) -> Quarantined and deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{11CC93E4-0BE6-4f8f-82AA-D577FB955B05} (PUP.Optional.Funshion) -> Quarantined and deleted successfully.

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 1
C:\Users\wiwi\AppData\Local\Google\Chrome\User Data\Default\Extensions\igdhbblpcellaljokkpfhcjlagemhgjl (PUP.Optional.Conduit) -> Quarantined and deleted successfully.

Files Detected: 0
(No malicious items detected)

(end)
 

Link to post
Share on other sites

Good.....

Run another scan with FRST, make sure the addition box is checked.
Post or attach the 2 logs.

Also I suggest you download and install CCleaner to clean out temp files.

Download, install and run CCleaner free to clean out temp files.
The default settings should be good for now, you might want to uncheck cookies for your browsers.
Here's a Tutorial if needed.
Please stay away from the registry cleaner.

MrC

Link to post
Share on other sites

Guest
This topic is now closed to further replies.
  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.