My programs wont open Closed

Question

Hello, 



When ever i click to open a program it justs ignores it as if nothing happened.
I have tried to download MalwareBytes in safe mode and have done multiple scans and deleted everything found, I have been to  http://www.sevenforums.com/tutorials/19449-default-file-type-associations-restore.html and downloaded the .EXE file in safe mode and Merged it, but still no successful outcome and as seen on many other similar problems right clicking and entering open will open the program for them, but it doesn't for me nothing works, please help.

Ambucias · Answer

Hello,

When I read that you went sevenforums I could not help but to say: "Oh boy! What a way to get in trouble!"

Your issue just may be caused by a virus.

To help you and precribe a remedy, I must make a diagnostic and to do so, I require a system log. 

1. Boot in safemode with networking.

2. Open this link and download ZHPDiag2 : 

https://www.zebulon.fr/telechargements/securite/systeme/zhpdiag.html 

(Don't be alarmed is the site is in French, it sometimes happens, the tool will take your system language and allow the download if you get a warning message. Also clicking on the "hardhat" icon allows to change the language.)

3. Save the file on your Desktop. 

4. Double click on ZHPDiag.exe and follow the installation instructions. 

the tool creates three icons ZHPDiag, MRB, and ZHPFix (If necessary,we will use ZHPFix at the next step). 

5. Double click on the short cut ZHPDiag on your Destktop. 

6. Click on the eyedropper icon and ensure all of the items are checked.

7. Click on the Magnifying glass and run the analysys. 

Wait for the tool to finished (maybe a long time) 

8. Close ZHPDiag. 

9. To transmit the report, click on this link : 

https://authentification.site 

10. Usually on your desktop or C:\Program Files\ZHPDiag). 

11. Select the file ZHPDiag.txt. 

12. Click on "upload » 

13. Copy the url and post it here

Best regards

Ambucias
Moderator, Security Contributor

Ambucias · Answer

Hi again Daniel,

Yes, your machine is infected by all kinds of viruses.

Here are the first two steps:

1. Download the following Adwcleaner from Xplode

https://toolslib.net

Launch it (for Windows 7 and 8, click right to run as administrator)

Click on delete

Post the log C:\Adwcleaner[Sx].txt on this thread.

2. Go to your control panel, add/remove programmes.  Delete all the toolbar application that you see.

Catch you later

Ambucias · Answer

Okay Daniel,

Most if not all of the 116 malware that you got came from Pando Media Booster.

I strongly suggest that you totally uninstall it and never use it again.

When you installed ZHP Diag, it created an icon called ZHP Fix. It looks like a seringe.

1. Launch the application

2. Copy the items below

3. Click on the clipboad icon in ZHP Fix (Top left)  The items which you copied should get pasted.

4. Click on "Go", bottom button.

5. Paste the report here.

[HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings] WarnOnHTTPSToHTTPRedirect: Modified    => INTERNET EXPLORER : Supprime message de connexion sécurisée
M3 - MFPP: Plugins - [Daniel] -- C:\Users\Daniel\AppData\Roaming\Mozilla\Firefox\Profiles\bbgdqpkv.default\searchplugins\Searchab.xml    => Infection Hijack (Hijacker.Searchab)
M0 - MFSP: prefs.js [Daniel - bbgdqpkv.default] https://www.hugedomains.com/domain_profile.cfm?d=searchab&e=com    => Infection Hijack (Hijacker.Searchab)
M2 - MFEP: prefs.js [Daniel - bbgdqpkv.default\5110b3035a065@5110b3035a09e.com] [] MagniPic v1.5 (.MagniPic.)    => Infection PUP (Adware.MagniPic)*
M2 - MFEP: prefs.js [Daniel - bbgdqpkv.default\plugin@yontoo.com] [] Yontoo v1.20.00 (.Yontoo LLC.)    => Infection PUP (Adware.Yontoo)*
R0 - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = https://www.hugedomains.com/domain_profile.cfm?d=searchab&e=com    => Infection Hijack (Hijacker.Searchab)
O2 - BHO: DefaultTabBHO - {7F6AFBF1-E065-4627-A2FD-810366367D01} . (.Search Results LLC. - Search Results.) -- C:\Users\Daniel\AppData\Roaming\DefaultTab\DefaultTab\DefaultTabBHO.dll    => Infection PUP (Adware.IMBooster)*
O2 - BHO: Wincore Mediabar - {c2d64ff7-0ab8-4263-89c9-ea3b0f8f050c} . (...) -- C:\PROGRA~1\BEARSH~1\MediaBar\Datamngr\ToolBar\wincorebsdtx.dll (.not file.)    => Infection PUP (PUP.BearShare)*
O2 - BHO: Yontoo Layers - {FD72061E-9FDE-484D-A58A-0BAB4151CAD8} . (.Yontoo LLC - Yontoo Runtime.) -- C:\Program Files\Yontoo\YontooIEClient.dll    => Infection PUP (Adware.Yontoo)*
O3 - Toolbar: Wincore Mediabar - [HKLM]{c2d64ff7-0ab8-4263-89c9-ea3b0f8f050c} . (...) -- C:\Program Files\BEARSH~1\MediaBar\Datamngr\ToolBar\wincorebsdtx.dll    => Infection PUP (PUP.BearShare)*
O20 - AppInit_DLLs: . (...) - C:\Program Files\MagniPic\sprotector.dll    => Infection PUP (Adware.MagniPic)*
O23 - Service: DefaultTabUpdate (DefaultTabUpdate) . (...) - C:\Users\Daniel\AppData\Roaming\DefaultTab\DefaultTab\DTUpdate.exe    => Infection PUP (Adware.IMBooster)
O39 - APT:Automatic Planified Task  - C:\Windows\Tasks\MagniPicUpdaterTask{66E7334E-7227-4F6F-B357-B3D0E3EA5BF7}.job   [376]    => Infection PUP (Adware.MagniPic)*
O42 - Logiciel: DefaultTab - (.Search Results, LLC.) [HKLM] -- DefaultTab    => Infection PUP (Adware.IMBooster)*
O42 - Logiciel: MagniPic - (.Unknown owner.) [HKLM] -- {94865A53-9825-425F-A0B4-D0074F6578A5}    => Infection PUP (Adware.MagniPic)*
O42 - Logiciel: Yontoo 1.10.03 - (.Yontoo LLC.) [HKLM] -- {889DF117-14D1-44EE-9F31-C5FB5D47F68B}    => Infection PUP (Adware.Yontoo)*
[HKCU\Software\AppDataLow\SProtector]    => Infection PUP (PUP.Mocaflix)
[HKCU\Software\AppDataLow\Software\Crossrider]    => Infection PUP (PUP.CrossRider)*
[HKCU\Software\AppDataLow\Software\DefaultTab]    => Infection PUP (Adware.IMBooster)
[HKCU\Software\AppDataLow\Software\PriceGong]    => Infection PUP (Adware.PriceGong)*
[HKCU\Software\AppDataLow\Software\Smartbar]    => Infection PUP (Hijacker.SmartBar)*
[HKCU\Software\AppDataLow\Software\mediabarbs]    => Infection PUP (PUP.BearShare)
[HKCU\Software\BearShare]    => Infection PUP (PUP.BearShare)*
[HKCU\Software\Cr_Installer]    => Infection PUP (Adware.VidSaver)
[HKCU\Software\Datamngr]    => Infection PUP (PUP.BearShare)*
[HKCU\Software\Default Tab]    => Infection PUP (Adware.IMBooster)
[HKCU\Software\DefaultTab]    => Infection PUP (Adware.IMBooster)
[HKCU\Software\InstallCore]    => Infection PUP (Adware.InstallCore)
[HKCU\Software\StartSearch]    => Infection PUP (PUP.StartSearch)
[HKLM\Software\Default Tab]    => Infection PUP (Adware.IMBooster)
[HKLM\Software\SP Global]    => Infection PUP (PUP.AdvancedSystemProtector)
[HKLM\Software\SProtector]    => Infection PUP (PUP.Mocaflix)
O43 - CFD: 17/09/2012 - 7:56:28 PM - [0] ----D C:\Program Files\alotappbar    => Infection BT (AdWare.Comet)
O43 - CFD: 17/12/2012 - 3:11:43 PM - [0] ----D C:\Program Files\BearShare Applications    => Infection PUP (PUP.BearShare)*
O43 - CFD: 14/02/2013 - 3:21:12 AM - [1.491] ----D C:\Program Files\MagniPic    => Infection PUP (Adware.MagniPic)*
O43 - CFD: 19/12/2012 - 12:56:58 AM - [0.319] ----D C:\Program Files\Yontoo    => Infection PUP (Adware.Yontoo)*
O43 - CFD: 13/02/2013 - 7:47:52 PM - [2.285] ----D C:\Users\Daniel\AppData\Roaming\DefaultTab    => Infection PUP (Adware.IMBooster)
O43 - CFD: 12/03/2013 - 8:51:54 PM - [0.001] ----D C:\Users\Daniel\AppData\Local\SwvUpdater    => Infection PUP (PUP.Software.Updater)
O45 - LFCP:[MD5.7D26A952AEA4DB50A77FED8B7EA6AA48] - 12/03/2013 - 7:36:26 PM ---A- - C:\Windows\Prefetch\MAGNIPIC.EXE-170A4970.pf    => Infection PUP (Adware.MagniPic)*
O61 - LFC: 12/03/2013 - 7:30:21 PM ---A- C:\Users\Daniel\AppData\Local\SwvUpdater\Updater.xml   [1092]    => Infection PUP (PUP.Software.Updater)
O69 - SBI: prefs.js [Daniel - bbgdqpkv.default] user_pref("extensions.BabylonToolbar.prtkDS", 0);    => Infection PUP (Toolbar.Babylon)*
O69 - SBI: prefs.js [Daniel - bbgdqpkv.default] user_pref("extensions.BabylonToolbar.prtkHmpg", 0);    => Infection PUP (Toolbar.Babylon)*
O69 - SBI: prefs.js [Daniel - bbgdqpkv.default] user_pref("extensions.crossrider.bic", "13a0759dd4a13a05887b3e747eb28d48");    => Infection PUP (PUP.CrossRider)*
O69 - SBI: prefs.js [Daniel - bbgdqpkv.default] user_pref("sweetim.toolbar.previous.browser.search.defaultenginename", "");    => Infection PUP (PUP.SweetIM)*
O69 - SBI: prefs.js [Daniel - bbgdqpkv.default] user_pref("sweetim.toolbar.previous.browser.search.selectedEngine", "");    => Infection PUP (PUP.SweetIM)*
O69 - SBI: prefs.js [Daniel - bbgdqpkv.default] user_pref("sweetim.toolbar.previous.browser.startup.homepage", "");    => Infection PUP (PUP.SweetIM)*
O69 - SBI: prefs.js [Daniel - bbgdqpkv.default] user_pref("sweetim.toolbar.previous.keyword.URL", "");    => Infection PUP (PUP.SweetIM)*
O69 - SBI: prefs.js [Daniel - bbgdqpkv.default] user_pref("sweetim.toolbar.scripts.1.domain-blacklist", "");    => Infection PUP (PUP.SweetIM)*
O69 - SBI: prefs.js [Daniel - bbgdqpkv.default] user_pref("sweetim.toolbar.searchguard.UserRejectedGuard_DS", "");    => Infection PUP (PUP.SweetIM)*
O69 - SBI: prefs.js [Daniel - bbgdqpkv.default] user_pref("sweetim.toolbar.searchguard.UserRejectedGuard_HP", "");    => Infection PUP (PUP.SweetIM)*
O69 - SBI: prefs.js [Daniel - bbgdqpkv.default] user_pref("sweetim.toolbar.searchguard.enable", "");    => Infection PUP (PUP.SweetIM)*
O69 - SBI: SearchScopes [HKCU] {BC80D062-D7C9-4276-B187-C53C02BB56D3} - (Search Here) - http://www.mysearchresults.com    => Infection BT (Adware.MyWebSearch)*
[MD5.C2151C5814D13001D351EEB9980BA382] [SPRF][6/04/2012] (.Musiclab, LLC - BearShare.) -- C:\Users\Daniel\AppData\Local\Temp\BearShare_setup.exe   [2367592]    => Infection PUP (PUP.BearShare)*
[MD5.AE7E0C99C5BC7D28325C0CD7885C851F] [SPRF][24/10/2012] (.Yontoo LLC - Installer.) -- C:\Users\Daniel\AppData\Local\Temp\YontooSetup-S.exe   [1062504]    => Infection PUP (Adware.Yontoo)*
O87 - FAEL: "{11259090-0CA8-42D6-B160-F4EB92685463}" |In - Public - P6 - TRUE | .(...) -- C:\Program Files\BearShare Applications\BearShare\BearShare.exe (.not file.)    => Infection PUP (PUP.BearShare)*
O87 - FAEL: "{7E3D9E02-5AE2-4C6B-A7D1-25600113C435}" |In - Public - P17 - TRUE | .(...) -- C:\Program Files\BearShare Applications\BearShare\BearShare.exe (.not file.)    => Infection PUP (PUP.BearShare)*
O87 - FAEL: "{B2BC450E-8FB7-4763-B115-7CAF31E02E52}" |In - Domain - P6 - TRUE | .(...) -- C:\Program Files\BearShare Applications\BearShare\BearShare.exe (.not file.)    => Infection PUP (PUP.BearShare)*
O87 - FAEL: "{5877B1CB-D9AD-458A-84E0-26EEEAFE0A37}" |In - Domain - P17 - TRUE | .(...) -- C:\Program Files\BearShare Applications\BearShare\BearShare.exe (.not file.)    => Infection PUP (PUP.BearShare)*
O87 - FAEL: "{6DB7C0E1-7F7D-4F17-AFE3-1689724066DB}" |In - Private - P6 - TRUE | .(...) -- C:\Program Files\BearShare Applications\BearShare\BearShare.exe (.not file.)    => Infection PUP (PUP.BearShare)*
O87 - FAEL: "{4A758C44-8292-4D52-9518-56F369A0A9CD}" |In - Private - P17 - TRUE | .(...) -- C:\Program Files\BearShare Applications\BearShare\BearShare.exe (.not file.)    => Infection PUP (PUP.BearShare)*
[HKLM\Software\Classes\CLSID\{10DE7085-6A1E-4D41-A7BF-9AF93E351401}]    => Infection BT (Adware.Yontoo)
[HKLM\Software\Classes\Interface\{10DE7085-6A1E-4D41-A7BF-9AF93E351401}]    => Infection BT (Adware.Yontoo)
[HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{1631550F-191D-4826-B069-D9439253D926}]    => Infection BT (Adware.PriceGong)
[HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{1631550F-191D-4826-B069-D9439253D926}]    => Infection BT (Adware.PriceGong)
[HKLM\Software\Classes\Interface\{1AD27395-1659-4DFF-A319-2CFA243861A5}]    => Infection BT (Adware.Yontoo)
[HKLM\Software\Classes\CLSID\{7E84186E-B5DE-4226-8A66-6E49C6B511B4}]    => Infection BT (Adware.Yontoo)
[HKLM\Software\Classes\CLSID\{80922ee0-8a76-46ae-95d5-bd3c3fe0708d}]    => Infection BT (Adware.Yontoo)
[HKLM\Software\Classes\CLSID\{80922EE0-8A76-46AE-95D5-BD3C3FE0708D}]    => Infection BT (Adware.Yontoo)
[HKLM\Software\Microsoft\Windows\CurrentVersion\Uninstall\{889DF117-14D1-44EE-9F31-C5FB5D47F68B}]    => Infection BT (Adware.Yontoo)
[HKLM\Software\Classes\CLSID\{99066096-8989-4612-841F-621A01D54AD7}]    => Infection BT (Adware.Agent)
[HKLM\Software\Classes\AppID\{CFDAFE39-20CE-451D-BD45-A37452F39CF0}]    => Infection BT (Adware.Yontoo)
[HKLM\Software\Classes\TypeLib\{D372567D-67C1-4B29-B3F0-159B52B3E967}]    => Infection BT (Adware.Yontoo)
[HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{DF7770F7-832F-4BDF-B144-100EDDD0C3AE}]    => Infection BT (Adware.Yontoo)
[HKLM\Software\Classes\CLSID\{DF7770F7-832F-4BDF-B144-100EDDD0C3AE}]    => Infection BT (Adware.Yontoo)
[HKLM\Software\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{DF7770F7-832F-4BDF-B144-100EDDD0C3AE}]    => Infection BT (Adware.Yontoo)
[HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{FD72061E-9FDE-484D-A58A-0BAB4151CAD8}]    => Infection BT (Adware.Yontoo)
[HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{FD72061E-9FDE-484D-A58A-0BAB4151CAD8}]    => Infection BT (Adware.Yontoo)
[HKLM\Software\Classes\CLSID\{FD72061E-9FDE-484D-A58A-0BAB4151CAD8}]    => Infection BT (Adware.Yontoo)
[HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{FD72061E-9FDE-484D-A58A-0BAB4151CAD8}]    => Infection BT (Adware.Yontoo)
[HKLM\Software\Classes\CLSID\{FE9271F2-6EFD-44B0-A826-84C829536E93}]    => Infection BT (Adware.Yontoo)
[HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UpgradeCodes\F928123A039649549966D4C29D35B1C9]    => Infection BT (Adware.MyWebSearch)
[HKCU\Software\DataMngr]    => Infection PUP (PUP.BearShare)*
[HKCU\Software\default tab]    => Infection PUP (Adware.IMBooster)
[HKLM\Software\default tab]    => Infection PUP (Adware.IMBooster)
[HKCU\Software\defaulttab]    => Infection PUP (Adware.IMBooster)
[HKCU\Software\AppDataLow\Software\defaulttab]    => Infection PUP (Adware.IMBooster)
[HKLM\Software\Microsoft\Windows\CurrentVersion\Uninstall\DefaultTab]    => Infection PUP (Adware.IMBooster)
[HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{C2D64FF7-0AB8-4263-89C9-EA3B0F8F050C}]    => Infection PUP (PUP.BearShare)
[HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{C2D64FF7-0AB8-4263-89C9-EA3B0F8F050C}]    => Infection PUP (PUP.BearShare)
[HKLM\Software\Classes\CLSID\{C2D64FF7-0AB8-4263-89C9-EA3B0F8F050C}]    => Infection PUP (PUP.BearShare)
[HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{C2D64FF7-0AB8-4263-89C9-EA3B0F8F050C}]    => Infection PUP (PUP.BearShare)
[HKLM\Software\Classes\YontooIEClient.Api]    => Infection PUP (Adware.Yontoo)*
[HKLM\Software\Classes\YontooIEClient.Api.1]    => Infection PUP (Adware.Yontoo)*
[HKLM\Software\Classes\YontooIEClient.Layers]    => Infection PUP (Adware.Yontoo)*
[HKLM\Software\Classes\YontooIEClient.Layers.1]    => Infection PUP (Adware.Yontoo)*
[HKLM\Software\Classes\AppID\YontooIEClient.DLL]    => Infection PUP (Adware.Yontoo)*
C:\Program Files\yontoo    => Infection PUP (Adware.Yontoo)*
C:\Program Files\alotappbar    => Infection BT (AdWare.Comet)
C:\Program Files\BearShare Applications    => Infection PUP (PUP.BearShare)*
C:\Users\Daniel\AppData\Roaming\defaulttab    => Infection PUP (Adware.IMBooster)
C:\Users\Daniel\AppData\Local\SwvUpdater    => Infection PUP (PUP.Software.Updater)
C:\Users\Daniel\AppData\LocalLow\PriceGong    => Infection PUP (Adware.PriceGong)*
C:\Users\Daniel\AppData\LocalLow\wincorebsband    => Infection PUP (PUP.iMesh)
C:\Users\Daniel\AppData\Local\Google\Chrome\User Data\Default\Extensions
iapdbllcanepiiimjjndipklodoedlc    => Infection PUP (Adware.Yontoo)
C:\Users\Daniel\AppData\Roaming\Mozilla\Firefox\Profiles\bbgdqpkv.default\Extensions\plugin@yontoo.com    => Infection PUP (Adware.Yontoo)*
C:\Users\Daniel\AppData\Local\Temp\YontooSetup-S.exe    => Infection PUP (Adware.Yontoo)*
C:\Users\Daniel\AppData\Local\Temp\GoogleToolbarInstaller1.log    => Infection PUP (Toolbar.Babylon)
C:\Users\Daniel\AppData\Local\Temp\GoogleToolbarInstaller2.log    => Infection PUP (Toolbar.Babylon)
SS - | Auto  107520 |  (DefaultTabUpdate) . (...) - C:\Users\Daniel\AppData\Roaming\DefaultTab\DefaultTab\DTUpdate.exe    => Infection PUP (Adware.IMBooster)

6. Delete the ZHP Diag log
7. Boot in normal mode and see if you can open your programmes
8. Produce a new one and upload it.

I am getting typer's cramps so I may reply to you only in 10 hours.

Good luck

Ambucias · Answer

Greetings Daniel

Because you appreciate the help, it's a pleasure helping you.

ZHP Fix did a wonderful job !

Sorry, I meant produce a new ZHP Diag log.

I would like to see another ZHP Diag log.

I would also like to know if you have further difficulties opening your programmes (I spell programmes and not programs because of my origins)

Once I have look at the latest ZHP Diag log, I shall give you directions for a post desinfection clean-up which is necessary.

If you can open your programmes, we should be able to get the rest done in a jeffy, in any event, I require the log.

Realizing the time it is where you live, don't let the bed bugs bite.:-)

Ambucias · Answer

You should now be able to open your programmes correct ? You machine is now virus free.

There is some junk and some essential clean-up to do to ensure your system's stability.

1. Go to your control panel, click on start, click on control panel and open the add/remove programme utility.

2. Wait for the list to populate.

3. Malwarebyte may create conflicts with McAfee, select it and delete it.

4. Delete ZHP Diag

5. Close the control panel, click right on start and left to open Explorer.

6. Delete Adwcleaner

7. In the left pane, navigate, find and delete the following files:

- C:/program files/Malwarebyte
- C:/program files/ZHP Diag

C:\Users\Daniel\AppData\Local\Temp\conduitinstaller.exe   
 C:\Users\Daniel\AppData\Local\Temp\wajam_install.exe   [417384]    
C:\Users\Daniel\AppData\Local\Temp\wajam_install.exe    
C:\Users\Daniel\AppData\Local\Temp\conduitinstaller.exe    

8. Download and install CCleaner:

https://ccm.net/downloads/security-and-maintenance/4555-ccleaner/

9. Run Cleaner for both scrap files and also for the registry.

10. Remember that your peer-to-peer application is a vector for infection.

We are done, cherio and Bob's your uncle.

Ambucias · Answer

Now you tell me.  I ask you the question yesterday.

I warned you about peer-to-peer applications. Pango Media Booster and U-Torrent.

Please delete them all and all files related to them and give me some feedback.  Use CCleaner tool to delete.

See you in 10 hours.

Regards

Ambucias · Answer

Please, when I issue instructions it is important for us to have quality communications or we may have to repeat ourselves and waste valuable time.

Have you removed Pando ?

Have you done the clean-up as instructed ?

Open explorer, see if you find these files and delete them : 

c:\programs\utorrent\utorrent.exe and delete it.
C:\Users\Daniel\AppData\Local\Temp\wajam_install.exe
C:\Users\Daniel\AppData\Local\Temp\conduitinstaller.exe

Run CCleaner make sure that prefetch is checked.

Finally, boot in normal mode and produce a new ZHP Diag log to upload on speedyshare.

Regards

Ambucias · Answer

You got infected again !

I did ask for a normal boot log but you are still booting in safe mode.  Is there a reason.

I see that you have Bit Torrent !

1. Launch ZHP Fix, copy the lines below, click on clipboard and click on "go"

[HKLM\Software\Classes\CLSID\{67BD9EEB-AA06-4329-A940-D250019300C9}]   
[HKLM\Software\Classes\CLSID\{C2D64FF7-0AB8-4263-89C9-EA3B0F8F050C}]    
P2 - FPN: [HKLM] [@pandonetworks.com/PandoWebPlugin] - (...) -- C:\Program Files\Pando Networks\Media Booster
pPandoWebPlugin.dll (.not file.)    => Pando Networks Media Booster
O4 - HKCU\..\Run: [PC_GIZMOS] C:\Users\Daniel\AppData\Roaming\PC-Gizmos\PC_136519.en_74.exe (.not file.)    => Fichier absent
O4 - HKUS\S-1-5-21-235623114-1153122893-1807144250-1000\..\Run: [PC_GIZMOS] C:\Users\Daniel\AppData\Roaming\PC-Gizmos\PC_136519.en_74.exe (.not file.)    => Fichier absent
O4 - GS\QuickLaunch: Launch BoutCheetah.lnk . (...)  -- C:\Users\Daniel\Desktop\bout.exe (.not file.)    => Fichier absent
O4 - GS\QuickLaunch: µTorrent.lnk . (...)  -- C:\Users\Daniel\Desktop\uTorrent.exe (.not file.)    => P2P.µTorrent*
O4 - GS\Desktop: Computer - Shortcut.lnk - Orphean Key    => Orphean Key not necessary
[HKCU\Software\BitTorrent]    => P2P.BitTorrent*
O43 - CFD: 22/07/2012 - 8:15:09 PM - [4.470] ----D C:\Program Files\GUM271A.tmp    => Google Inc - Google Update Manager
O43 - CFD: 22/07/2012 - 8:17:36 PM - [4.470] ----D C:\Program Files\GUM6689.tmp    => Google Inc - Google Update Manager
O43 - CFD: 22/07/2012 - 8:29:49 PM - [4.470] ----D C:\Program Files\GUM9778.tmp    => Google Inc - Google Update Manager
O43 - CFD: 22/07/2012 - 8:14:44 PM - [0] ----D C:\Program Files\GUMC9FD.tmp    => Google Inc - Google Update Manager
O43 - CFD: 12/02/2013 - 8:04:58 AM - [11.341] ----D C:\Program Files\McAfee Security Scan    => McAfee, Inc.
O43 - CFD: 9/03/2013 - 12:05:19 AM - [0.001] ----D C:\ProgramData\McAfee Security Scan    => McAfee, Inc.
O43 - CFD: 14/03/2013 - 10:00:33 PM - [0.623] ----D C:\Users\Daniel\AppData\Roaming\uTorrent    => P2P.µTorrent*
O43 - CFD: 14/02/2013 - 3:58:58 AM - [0] ----D C:\Users\Daniel\AppData\Local\ElevatedDiagnostics    => Microsoft Windows Elevated Diagnostics*
O44 - LFC:[MD5.C03C45B6675EA03A76AA26CAF843F0C5] - 8/03/2013 - 8:49:44 PM ----- . (...) -- C:\bootsqm.dat   [3432]    => Microsoft Corporation - CHKDSK Log
O45 - LFCP:[MD5.5A8DD2AED16CDA8E3EF68A80CFCB18C6] - 1/03/2013 - 8:58:17 PM ---A- - C:\Windows\Prefetch\LOLCLIENT.EXE-E9E7B3FC.pf    => Fichier du dossier Prefetcher
O45 - LFCP:[MD5.0434629DE6878A50C3D4A302CCEB044A] - 12/03/2013 - 6:39:05 PM ---A- - C:\Windows\Prefetch\NTOSBOOT-B00DFAAD.pf    => Fichier du dossier Prefetcher
O45 - LFCP:[MD5.986234637A9F6C7FBB70AD4B8342F780] - 12/03/2013 - 6:39:10 PM ---A- - C:\Windows\Prefetch\NVTRAY.EXE-DB83881B.pf    => Fichier du dossier Prefetcher
O45 - LFCP:[MD5.C939609F90CBE186492345410EC65DA6] - 12/03/2013 - 6:47:36 PM ---A- - C:\Windows\Prefetch\ONENOTEM.EXE-0E0A1110.pf    => Fichier du dossier Prefetcher
O45 - LFCP:[MD5.EAB4C8F6169229996251DAC031C8B483] - 12/03/2013 - 6:47:36 PM ---A- - C:\Windows\Prefetch\SSSCHEDULER.EXE-E9FA8200.pf    => Fichier du dossier Prefetcher
O45 - LFCP:[MD5.74EE0909839E88F8B6757AEFD130A401] - 12/03/2013 - 7:05:34 PM ---A- - C:\Windows\Prefetch\REGEDIT.EXE-90FEEA06.pf    => Fichier du dossier Prefetcher
O45 - LFCP:[MD5.5BD1AF672B6C9B4AEAC104844D547C93] - 12/03/2013 - 7:30:11 PM ---A- - C:\Windows\Prefetch\CMD.EXE-4A81B364.pf    => Fichier du dossier Prefetcher
O45 - LFCP:[MD5.E3357571A08E8554783E9CA457CE24DA] - 12/03/2013 - 7:58:39 PM ---A- - C:\Windows\Prefetch\JUCHECK.EXE-C527D46E.pf    => Fichier du dossier Prefetcher
O45 - LFCP:[MD5.83FB16D93074CE2FDCCCB760B3971352] - 12/03/2013 - 8:00:45 PM ---A- - C:\Windows\Prefetch\SAUPD.EXE-3FB74199.pf    => Fichier du dossier Prefetcher
O45 - LFCP:[MD5.DCA2EF4A677E392A09C599332CB5EF98] - 13/03/2013 - 8:54:43 PM ---A- - C:\Windows\Prefetch\WUDFHOST.EXE-AFFEF87C.pf    => Fichier du dossier Prefetcher
O45 - LFCP:[MD5.7EC6BA0D8B91777FE9FC3E8581B976D8] - 13/03/2013 - 8:55:12 PM ---A- - C:\Windows\Prefetch\NOTEPAD.EXE-D8414F97.pf    => Fichier du dossier Prefetcher
O45 - LFCP:[MD5.EDAF05DDDBFE3E36D2A408CC45A42BA4] - 13/03/2013 - 8:55:26 PM ---A- - C:\Windows\Prefetch\ZHPHEP.EXE-C625291D.pf    => Fichier du dossier Prefetcher
O45 - LFCP:[MD5.11A14470D8923E6E6AD464D8EB9FBE38] - 13/03/2013 - 8:55:44 PM ---A- - C:\Windows\Prefetch\MBAMSERVICE.EXE-447DC311.pf    => Fichier du dossier Prefetcher
O45 - LFCP:[MD5.A5D5452F1DF1196A4F283286011685DD] - 14/03/2013 - 10:02:30 PM ---A- - C:\Windows\Prefetch\TASKHOST.EXE-7238F31D.pf    => Fichier du dossier Prefetcher
O45 - LFCP:[MD5.4F82FD362473A57AFB8F10BB5C0B41D3] - 14/03/2013 - 10:25:00 PM ---A- - C:\Windows\Prefetch\STEAMERRORREPORTER.EXE-A6331F2B.pf    => Fichier du dossier Prefetcher
O45 - LFCP:[MD5.130A7B21A7477AD24E1279EDE925D0E9] - 14/03/2013 - 10:25:30 PM ---A- - C:\Windows\Prefetch\VSSVC.EXE-B8AFC319.pf    => Fichier du dossier Prefetcher
O45 - LFCP:[MD5.BE728BDCF3B3F21046CF724763CCE118] - 14/03/2013 - 10:31:15 PM ---A- - C:\Windows\Prefetch\SAUPD.EXE-529AB0F8.pf    => Fichier du dossier Prefetcher
O45 - LFCP:[MD5.71E1F1F3EE7E6BC5CA05D20B2FA59AE8] - 14/03/2013 - 10:36:32 PM ---A- - C:\Windows\Prefetch\WERMGR.EXE-0F2AC88C.pf    => Fichier du dossier Prefetcher
O45 - LFCP:[MD5.9B22519865C15159772626E3EDC5DBE9] - 14/03/2013 - 9:05:23 PM ---A- - C:\Windows\Prefetch\NETSH.EXE-F1B6DA12.pf    => Fichier du dossier Prefetcher
O45 - LFCP:[MD5.D80A9E2A4BDF3482425EDE2C24704D72] - 14/03/2013 - 9:05:24 PM ---A- - C:\Windows\Prefetch\IPODSERVICE.EXE-37C43D64.pf    => Fichier du dossier Prefetcher
O45 - LFCP:[MD5.B6AA58EC847310E0A80E757BBD82C286] - 14/03/2013 - 9:05:24 PM ---A- - C:\Windows\Prefetch\WMPNETWK.EXE-D9F2A96F.pf    => Fichier du dossier Prefetcher
O45 - LFCP:[MD5.7F128A5B2F6ACF7650CC410510CFD337] - 14/03/2013 - 9:05:24 PM ---A- - C:\Windows\Prefetch\WMPNSCFG.EXE-FC0D39BF.pf    => Fichier du dossier Prefetcher
O45 - LFCP:[MD5.8241D03F2DDDA9299ABFA6E72328F07E] - 14/03/2013 - 9:10:20 PM ---A- - C:\Windows\Prefetch\SDCLT.EXE-E10B972A.pf    => Fichier du dossier Prefetcher
O45 - LFCP:[MD5.19AE85A519D5425EE6D735AF0321BF56] - 14/03/2013 - 9:10:58 PM ---A- - C:\Windows\Prefetch\IEXPLORE.EXE-908C99F8.pf    => Fichier du dossier Prefetcher
O45 - LFCP:[MD5.1B74032D3CD083F242C80B5D4C4224AC] - 14/03/2013 - 9:12:24 PM ---A- - C:\Windows\Prefetch\CCLEANER.EXE-D4D76A60.pf    => Fichier du dossier Prefetcher
O45 - LFCP:[MD5.B10CBEB1CB5F30F8050CDFF58D4F7740] - 14/03/2013 - 9:44:47 PM ---A- - C:\Windows\Prefetch\MOBSYNC.EXE-C5E2284F.pf    => Fichier du dossier Prefetcher
O45 - LFCP:[MD5.933D49AC63AAC01BE6294B25AE86A6CA] - 15/03/2013 - 2:54:21 PM ---A- - C:\Windows\Prefetch\CHROME.EXE-DE64FDCD.pf    => Fichier du dossier Prefetcher
O45 - LFCP:[MD5.64E26F984A26D954539671F012E0A980] - 15/03/2013 - 2:55:10 PM ---A- - C:\Windows\Prefetch\MSCORSVW.EXE-C3C515BD.pf    => Fichier du dossier Prefetcher
O45 - LFCP:[MD5.4BCCAC94D78D8B3EF0B1B796661F344F] - 15/03/2013 - 2:55:27 PM ---A- - C:\Windows\Prefetch\GOOGLEUPDATE.EXE-FE771DDA.pf    => Fichier du dossier Prefetcher
O45 - LFCP:[MD5.78570936E5DC7ED1A6DB90A141628AB9] - 15/03/2013 - 2:55:55 PM ---A- - C:\Windows\Prefetch\MINECRAFT.EXE-EA549C85.pf    => Fichier du dossier Prefetcher
O45 - LFCP:[MD5.9DFB22FFA5425020E30A9665C15E1456] - 2/03/2013 - 12:21:27 PM ---A- - C:\Windows\Prefetch\WMPLAYER.EXE-BAD6BD53.pf    => Fichier du dossier Prefetcher
O45 - LFCP:[MD5.77D786EAFF8A52C74816B1E8D9DBA314] - 2/03/2013 - 5:13:24 PM ---A- - C:\Windows\Prefetch\HAMACHI-2-UI.EXE-18AF8A25.pf    => Fichier du dossier Prefetcher
O45 - LFCP:[MD5.13FAF869DB0370E098400C7575BBD9BB] - 28/02/2013 - 12:30:27 AM ---A- - C:\Windows\Prefetch\FLASHPLAYERINSTALLER.EXE-7A827B6D.pf    => Fichier du dossier Prefetcher
O45 - LFCP:[MD5.C1946D257E5F3CECE0EAF1CD75CBDCA7] - 28/02/2013 - 2:18:16 AM ---A- - C:\Windows\Prefetch\POQEXEC.EXE-69592829.pf    => Fichier du dossier Prefetcher
O45 - LFCP:[MD5.6E03AA3A1432A9D5031A36B92868BF3C] - 28/02/2013 - 2:25:50 AM ---A- - C:\Windows\Prefetch\STEAM.EXE-8B1DBB8A.pf    => Fichier du dossier Prefetcher
O45 - LFCP:[MD5.63E6C229C8806A8817950C950E6CB4C3] - 28/02/2013 - 2:56:56 AM ---A- - C:\Windows\Prefetch\MAKECAB.EXE-0F1704A4.pf    => Fichier du dossier Prefetcher
O45 - LFCP:[MD5.DE4647EA7D386A25C902828B0CCA87B2] - 28/02/2013 - 3:41:03 PM ---A- - C:\Windows\Prefetch\LEAGUE OF LEGENDS.EXE-5EDA9C6E.pf    => Fichier du dossier Prefetcher
O45 - LFCP:[MD5.512B17E249310DF7EC4D3FEDC2404F9B] - 3/03/2013 - 2:15:56 PM ---A- - C:\Windows\Prefetch\PREVHOST.EXE-4F1C4E0F.pf    => Fichier du dossier Prefetcher
O45 - LFCP:[MD5.A500F43EF2703697878C16CB3F6A6C42] - 3/03/2013 - 2:16:02 PM ---A- - C:\Windows\Prefetch\WMPRPH.EXE-D438CDC4.pf    => Fichier du dossier Prefetcher
O45 - LFCP:[MD5.7624D19C9D35DB93747ABBCF86901775] - 3/03/2013 - 4:24:57 PM ---A- - C:\Windows\Prefetch\RUNDLL32.EXE-230FC512.pf    => Fichier du dossier Prefetcher
O45 - LFCP:[MD5.01D35427BB95037E55CE691262B75CB7] - 4/03/2013 - 10:22:12 PM ---A- - C:\Windows\Prefetch\MCUICNT.EXE-9B22BF7E.pf    => Fichier du dossier Prefetcher
O45 - LFCP:[MD5.CB9CFDA54B728C1B49D218FAB1AA7863] - 4/03/2013 - 7:15:06 PM ---A- - C:\Windows\Prefetch\LOLLAUNCHER.EXE-7EBD835B.pf    => Fichier du dossier Prefetcher
O45 - LFCP:[MD5.E7F4F91A7524584F591934301B41C2B5] - 5/03/2013 - 11:30:03 PM ---A- - C:\Windows\Prefetch\RUNDLL32.EXE-411A328D.pf    => Fichier du dossier Prefetcher
O45 - LFCP:[MD5.EDD4FF9BFE05A476C2287DAEC32EE77C] - 5/03/2013 - 3:32:05 PM ---A- - C:\Windows\Prefetch\SETUP.EXE-55A7CDBD.pf    => Fichier du dossier Prefetcher
O45 - LFCP:[MD5.19F4F0A54532E48DE233F3BD866FE606] - 5/03/2013 - 3:32:06 PM ---A- - C:\Windows\Prefetch\SETUP.EXE-4D8381EE.pf    => Fichier du dossier Prefetcher
O45 - LFCP:[MD5.4CCFF8E420C0AE46E4E64F367B8EC1FE] - 5/03/2013 - 3:32:26 PM ---A- - C:\Windows\Prefetch\25.0.1364.152_25.0.1364.97_CH-F91BB978.pf    => Fichier du dossier Prefetcher
O45 - LFCP:[MD5.4E2A870F7578BCB23CC8D849218F64E9] - 5/03/2013 - 6:30:48 PM ---A- - C:\Windows\Prefetch\CSC.EXE-A3B8D95D.pf    => Fichier du dossier Prefetcher
O45 - LFCP:[MD5.FFAD85BBD90B5745E1D316E0CF3443FE] - 5/03/2013 - 6:30:48 PM ---A- - C:\Windows\Prefetch\CVTRES.EXE-069169FB.pf    => Fichier du dossier Prefetcher
O45 - LFCP:[MD5.17510B5D613D1C975F6399C329B91B34] - 5/03/2013 - 6:30:54 PM ---A- - C:\Windows\Prefetch\SDIAGNHOST.EXE-8D72177C.pf    => Fichier du dossier Prefetcher
O45 - LFCP:[MD5.DF24E9E6B467B605BF71243B2818F92C] - 5/03/2013 - 6:30:55 PM ---A- - C:\Windows\Prefetch\W32TM.EXE-1101AF41.pf    => Fichier du dossier Prefetcher
O45 - LFCP:[MD5.293A1BE39E6D3347809FFB9C6E5CD7CB] - 5/03/2013 - 6:31:04 PM ---A- - C:\Windows\Prefetch\PING.EXE-7E94E73E.pf    => Fichier du dossier Prefetcher
O45 - LFCP:[MD5.BB356F826196CFA4CD9CF515FFA831E7] - 5/03/2013 - 7:19:24 AM ---A- - C:\Windows\Prefetch\MCCHSVC.EXE-91F1E75A.pf    => Fichier du dossier Prefetcher
O45 - LFCP:[MD5.526166F6E1C1AEBB6E81326EAE66DBD8] - 5/03/2013 - 7:39:16 PM ---A- - C:\Windows\Prefetch\LOL.LAUNCHER.EXE-4C860503.pf    => Fichier du dossier Prefetcher
O45 - LFCP:[MD5.29A69415C18CCFF7D603EE6256126EC5] - 5/03/2013 - 7:39:24 PM ---A- - C:\Windows\Prefetch\LOLCLIENT.EXE-FD0A9C6A.pf    => Fichier du dossier Prefetcher
O45 - LFCP:[MD5.7222D6D1698123FB1C8B5948C533D6FC] - 5/03/2013 - 7:39:26 PM ---A- - C:\Windows\Prefetch\RADS_USER_KERNEL.EXE-9DAAF573.pf    => Fichier du dossier Prefetcher
O45 - LFCP:[MD5.9ADA8DF48EE8BB00BF11F3D51BE46BEF] - 5/03/2013 - 7:39:27 PM ---A- - C:\Windows\Prefetch\LOLLAUNCHER.EXE-8CB4E335.pf    => Fichier du dossier Prefetcher
O45 - LFCP:[MD5.E2240517DC4E20E9862408CB3C29C6BC] - 5/03/2013 - 7:50:03 PM ---A- - C:\Windows\Prefetch\LEAGUE OF LEGENDS.EXE-00973BDF.pf    => Fichier du dossier Prefetcher
O45 - LFCP:[MD5.7C9F73B1FC1CA9740E764AEEDC8CB345] - 5/03/2013 - 8:04:03 PM ---A- - C:\Windows\Prefetch\PMB.EXE-BFCEBC66.pf    => Fichier du dossier Prefetcher
O45 - LFCP:[MD5.1FF7AAC5D2188AEFE093D319FD827F7C] - 6/03/2013 - 2:02:58 PM ---A- - C:\Windows\Prefetch\AGCP.EXE-5E44A663.pf    => Fichier du dossier Prefetcher
O45 - LFCP:[MD5.0DD27E4C80783F6D8E2F92B0C0B0CD70] - 6/03/2013 - 2:02:59 PM ---A- - C:\Windows\Prefetch\SILVERLIGHT.CONFIGURATION.EXE-AC2C4AE3.pf    => Fichier du dossier Prefetcher
O45 - LFCP:[MD5.0E5099B0ED4C313419E88517F2CEE94A] - 6/03/2013 - 3:01:01 PM ---A- - C:\Windows\Prefetch\PORTAL.EXE-37C2B5D8.pf    => Fichier du dossier Prefetcher
O45 - LFCP:[MD5.F42F4263C1FA79FAE3331552B42731DF] - 6/03/2013 - 3:01:02 PM ---A- - C:\Windows\Prefetch\HL2.EXE-CC065CA4.pf    => Fichier du dossier Prefetcher
O45 - LFCP:[MD5.5DEAB147288C4EDB3B57ED30CB230031] - 6/03/2013 - 4:02:05 PM ---A- - C:\Windows\Prefetch\DAEMONU.EXE-BB669599.pf    => Fichier du dossier Prefetcher
O45 - LFCP:[MD5.D284343929651EB1D6009E417ABEEB4E] - 6/03/2013 - 4:02:20 PM ---A- - C:\Windows\Prefetch\SPPSVC.EXE-B0F8131B.pf    => Fichier du dossier Prefetcher
O45 - LFCP:[MD5.93DC15A3826B56663DE9BD5A3DD0DF46] - 6/03/2013 - 4:03:40 PM ---A- - C:\Windows\Prefetch\WMIADAP.EXE-F8DFDFA2.pf    => Fichier du dossier Prefetcher
O45 - LFCP:[MD5.53CDC06B91291408E1A81F8E69058273] - 6/03/2013 - 4:03:44 PM ---A- - C:\Windows\Prefetch\WUAUCLT.EXE-70318591.pf    => Fichier du dossier Prefetcher
O45 - LFCP:[MD5.A0D5541C5DFF424C6421485A1D882794] - 6/03/2013 - 4:13:46 PM ---A- - C:\Windows\Prefetch\RUNDLL32.EXE-A3E35360.pf    => Fichier du dossier Prefetcher
O45 - LFCP:[MD5.BB850D57CB53B11A41E1DB1DCD5CFE70] - 7/03/2013 - 10:19:06 PM ---A- - C:\Windows\Prefetch\TRUSTEDINSTALLER.EXE-3CC531E5.pf    => Fichier du dossier Prefetcher
O45 - LFCP:[MD5.232C20C9F7DB91C5E2B420E1071CFEC4] - 7/03/2013 - 2:01:10 PM ---A- - C:\Windows\Prefetch\WINZIPRO.EXE-B6787379.pf    => Fichier du dossier Prefetcher
O45 - LFCP:[MD5.2C873EF69F28D751807F3E38DDD7BDA9] - 7/03/2013 - 4:11:45 PM ---A- - C:\Windows\Prefetch\SAUI.EXE-9B504921.pf    => Fichier du dossier Prefetcher
O45 - LFCP:[MD5.925FB7672E8A4ED02809047B67FD63A9] - 7/03/2013 - 7:52:13 PM ---A- - C:\Windows\Prefetch\DEFAULTTABSTART.EXE-7BA89D94.pf    => Fichier du dossier Prefetcher
O45 - LFCP:[MD5.7F6E784A84900CD91D258383EA5D9B0E] - 7/03/2013 - 7:52:33 PM ---A- - C:\Windows\Prefetch\GOOGLETOOLBARNOTIFIER.EXE-EB3F2433.pf    => Fichier du dossier Prefetcher
O45 - LFCP:[MD5.D4C6C008010EDACCF1B18E60E4A0D29B] - 7/03/2013 - 7:52:59 PM ---A- - C:\Windows\Prefetch\RUNDLL32.EXE-54A2EBEF.pf    => Fichier du dossier Prefetcher
O45 - LFCP:[MD5.2C122784B58CE944E16C74661CFD6E5B] - 7/03/2013 - 7:53:02 PM ---A- - C:\Windows\Prefetch\UTORRENTCONTROL_V2TOOLBARHELP-E532C173.pf    => P2P.µTorrent*
O45 - LFCP:[MD5.20B4592EB3EA30F9060D29D805E43137] - 7/03/2013 - 8:01:16 PM ---A- - C:\Windows\Prefetch\RUNDLL32.EXE-1304AE86.pf    => Fichier du dossier Prefetcher
O45 - LFCP:[MD5.21EFB5E6F4EE72546894E49F2FA69A8E] - 7/03/2013 - 8:09:57 AM ---A- - C:\Windows\Prefetch\SAUI.EXE-F7DD1DAA.pf    => Fichier du dossier Prefetcher
O45 - LFCP:[MD5.934813D2C8505090689E523A2DB3AF88] - 7/03/2013 - 8:13:25 PM ---A- - C:\Windows\Prefetch\COMUPDATUS.EXE-FEED2F65.pf    => Fichier du dossier Prefetcher
O45 - LFCP:[MD5.B11014EA9B52E0092676D46278D16E90] - 7/03/2013 - 9:28:00 PM ---A- - C:\Windows\Prefetch\FLASHPLAYERUPDATESERVICE.EXE-ECAD9571.pf    => Fichier du dossier Prefetcher
O45 - LFCP:[MD5.A9BFA98A8F5516DA03047C49720B8C92] - 7/03/2013 - 9:58:10 PM ---A- - C:\Windows\Prefetch\UPDATER.EXE-D6EA286E.pf    => Fichier du dossier Prefetcher
O45 - LFCP:[MD5.FB23459C46111CEB25D79A870C7AF25D] - 8/03/2013 - 11:16:16 PM ---A- - C:\Windows\Prefetch\UPDATETASK.EXE-7C757890.pf    => Fichier du dossier Prefetcher
O45 - LFCP:[MD5.AD5BB2992E1F83773F7FEF355DF64424] - 8/03/2013 - 11:18:26 PM ---A- - C:\Windows\Prefetch\MBAM.EXE-305FF92C.pf    => Fichier du dossier Prefetcher
O45 - LFCP:[MD5.0EDF2E24C27614B70C08E2385E3056F2] - 8/03/2013 - 5:05:53 PM ---A- - C:\Windows\Prefetch\AgGlUAD_P_S-1-5-21-235623114-1153122893-1807144250-1000.db    => Fichier du dossier Prefetcher
O45 - LFCP:[MD5.8C36CA66E13D8B8DF53C1BF98D175F31] - 8/03/2013 - 5:05:53 PM ---A- - C:\Windows\Prefetch\AgGlUAD_S-1-5-21-235623114-1153122893-1807144250-1000.db    => Fichier du dossier Prefetcher
O45 - LFCP:[MD5.1505329FAA1BD06A37E98EE21B91E5DB] - 8/03/2013 - 5:08:11 PM ---A- - C:\Windows\Prefetch\MSPAINT.EXE-76E10B24.pf    => Fichier du dossier Prefetcher
O45 - LFCP:[MD5.EBD4AC341E1834E045C7E0917DC3BDCD] - 8/03/2013 - 6:59:22 PM ---A- - C:\Windows\Prefetch\AgGlGlobalHistory.db    => Fichier du dossier Prefetcher
O45 - LFCP:[MD5.B83FC06F400A8BE914CAFAD0FC81FE7D] - 8/03/2013 - 6:59:22 PM ---A- - C:\Windows\Prefetch\AgRobust.db    => Fichier du dossier Prefetcher
O45 - LFCP:[MD5.871C20E6F525049A30CEE1E798E4AD57] - 8/03/2013 - 6:59:23 PM ---A- - C:\Windows\Prefetch\AgGlFaultHistory.db    => Fichier du dossier Prefetcher
O45 - LFCP:[MD5.B41B773369E6D9139EA94819234A6DDB] - 8/03/2013 - 6:59:23 PM ---A- - C:\Windows\Prefetch\AgGlFgAppHistory.db    => Fichier du dossier Prefetcher
O45 - LFCP:[MD5.D5FCBAEB7C2F01D1FC96156A02DB5A90] - 8/03/2013 - 7:32:31 PM ---A- - C:\Windows\Prefetch\GOOGLEUPDATE.EXE-4683A698.pf    => Fichier du dossier Prefetcher
O51 - MPSK:{60d59bbd-073a-11e0-a729-806e6f6e6963}\AutoRun\command - Orphean Key    => Orphean Key not necessary
O61 - LFC: 14/03/2013 - 1:27:50 PM ---A- C:\Users\Daniel\AppData\Local\Temp\CRX_75DAF8CB7768\crl-set   [968]    => Temporary file not necessary
O61 - LFC: 14/03/2013 - 1:27:50 PM ---A- C:\Users\Daniel\AppData\Local\Temp\CRX_75DAF8CB7768\manifest.json   [34]    => Temporary file not necessary
O61 - LFC: 15/03/2013 - 2:53:46 PM ---A- C:\Users\Daniel\AppData\Local\Temp\hsperfdata_Daniel\3940   [65536]    => Temporary file not necessary
O61 - LFC: 15/03/2013 - 2:55:55 PM ---A- C:\Users\Daniel\AppData\Local\Temp\hsperfdata_Daniel\7140   [65536]    => Temporary file not necessary
M2 - MFEP: prefs.js [Daniel - bbgdqpkv.default\appbar@alot.com] [] ALOT Appbar v1.0.19000 (.alot.com.)    => Toolbar.Alot
O42 - Logiciel: Google Toolbar for Internet Explorer - (.Google Inc..) [HKLM] -- {2318C2B1-4965-11d4-9B18-009027A5CD4F}    => Toolbar.Google
[HKLM\Software\Microsoft\Windows\CurrentVersion\Uninstall\{86D4B82A-ABED-442A-BE86-96357B70F4FE}]    => Toolbar.Ask
[HKLM\Software\Classes\Installer\Products\A28B4D68DEBAA244EB686953B7074FEF]    => Toolbar.AVGSearch
[HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}]    => Toolbar.Bing
[HKLM\Software\Classes\Toolbar.CT2438727]    => Toolbar.Conduit*
[HKLM\Software\Classes\Toolbar.CT3220468]    => Toolbar.Conduit

2. Delete the following software, it will create conflicts with McAfee.

Arovax AntiSpyware

3. Download and run the following free but efficient registry clean-up utility, delete (repair) all items that are found:

https://ccm.net/download/download-13339-eusing-free-registry-cleaner

Let me know

Regards

Ambucias · Answer

Sticky wicket !

What do you get when you try in normal mode ?

1. Open explorer, navigate and delete the following item:

C:\Users\Daniel\AppData\Local\Temp\GoogleToolbarInstaller1.log

2. Navigate to: c:/windows/prefetch

Click on prefetch.

Select the files in the right pane except the file called "Layout" and delete them

3. Click on start, run, type cmd a black window will open.

4. Type chkdsk /r press enter

5. Repeat the above but now type sfc/scannow

6. Report with results.

Ambucias · Answer

So I take it that you have performed both chkdsk and sfc scannow ?

I also presume that you have deleted the prefetch files as indicated ?

You have also deleted the Babylon files.

Correct me if I'm wrong, all of your programmes launch in safe mode but your computer does not boot in normal mode.

Do you get a message or does it just hang there in normal mode ?

I can certify upon my honour and glorious reputation that your machine is virus free. 

However, the 116 infected items may have caused some collateral damage., before I investigate further in consultation with a colleague, please confirm the above.

Regards

Ambucias · Answer

Hi,

I can tell you anything unless I have a ZHP Diag log in normal mode.

Please boot in normal mode, open ZHP Diag.  Click on the arrow button for an update. Generate a new ZHP Diag log and upload it on Speedyshare.

Ambucias · Answer

1) Try clean boot. This will make sure that only Microsoft services are running 

in the normal mode and disable the startup items. 

Boot into Safe Mode --> In search bar, type msconfig and press Enter --> 

"System Configuration" will be opened --> Click on "Services" tab --> Select the 

option "Hide all Microsoft services" (You can find this option at bottom) --> Then 

click on "Disable All" button. Click on "Startup" tab and click on "Disable All" 

button -->Click on OK. Now try to boot in normal mode. 

Now check if you can launch the applications.

My programs wont open

12 responses

Similar discussions

Subscribe To Our Newsletter!