Netbook is relatively slow

Solved/Closed
bcn101 Posts 113 Registration date Friday November 9, 2012 Status Member Last seen July 28, 2014 - Dec 4, 2013 at 03:15 PM
2011N2 Posts 13352 Registration date Saturday January 29, 2011 Status Security contributor Last seen December 24, 2016 - Feb 2, 2014 at 08:58 AM
Hello,






My netbook is very slow, perhaps it acquired some virus again. Also when I play a video it always lag followed by a squeeky noise. Please somebody help me. :(

34 responses

2011N2 Posts 13352 Registration date Saturday January 29, 2011 Status Security contributor Last seen December 24, 2016 39
Dec 4, 2013 at 05:29 PM
Hello,

To help you and prescribe the remedy, I must make a diagnostic and to do so, I require a log.

1. Open this link and download ZHPDiag2 :

https://www.zebulon.fr/telechargements/securite/systeme/zhpdiag.html

(Don't be alarmed is the site is in French, it sometimes happens, the tool will take your system language and allow the download if you get a warning message.)

2. Save the file on your Desktop.

3. Double click on ZHPDiag.exe and follow the installation instructions.

(For Vista and Win 7 users, click right to ensure you execute with admin right)

The tool creates three icons ZHPDiag, MRB, and ZHPFix (If necessary,we will use ZHPFix after log analysis).

4. Double click on the short cut ZHPDiag on your Destktop.

5. If you need to change the language, click on the little house, (bottom right) and change to English

6. Click on the "Configure" button.

7. Click on the Magnifying glass "diagnosis with legitimates".

8. Click on "Search" and answer yes if a message appears.

Wait for the tool to finished (maybe a long time)

9. Close ZHPDiag.

10. To transmit the report, click on this link :

https://authentification.site

9. Search the directory where you installed ZHPDiag (usually C:\desktop\zhpdiag.txt).

10. Select the file ZHPDiag.txt.

11. Click on "upload »

12. Copy the URL and post it here.

Gabriel.
bcn101 Posts 113 Registration date Friday November 9, 2012 Status Member Last seen July 28, 2014
Dec 24, 2013 at 10:25 AM
Hi Gabriel,

Thank you very much and I do apologize for a very late reply.

I have done what you've told me to do, please check the links below.

http://speedy.sh/KzNKW/ZHPDiag.txt
[code]http://speedy.sh/KzNKW/ZHPDiag.txt/code
<a href="http://speedy.sh/KzNKW/ZHPDiag.txt">Download at SpeedyShare</a>


Thanks :)
0
2011N2 Posts 13352 Registration date Saturday January 29, 2011 Status Security contributor Last seen December 24, 2016 39
Dec 24, 2013 at 12:28 PM
Hi,

No problem. :)

Download the following Adwcleaner created by Xplode
https://ccm.net/downloads/security-and-maintenance/6911-adwcleaner/
Launch it (for Windows 7 and 8, click right to run as administrator)
Click on delete
Post the log C:\Adwcleaner[Sx].txt on this thread.

Merry christmas,

Gabriel.
Hi Gabriel,

Happy Holidays!

Please see the log below, thanks a lot!

# AdwCleaner v3.016 - Reporte Creado 25/12/2013 en 20:53:41
# Actualizado 23/12/2013 por Xplode
# Sistema Operativo : Windows 7 Starter Service Pack 1 (32 bits)
# Nombre de usuario : Usuario - USUARIO-PC
# Ejecutado desde : C:\Users\Usuario\Downloads\adwcleaner (1).exe
# Opción : Limpiar

***** [ Servicios ] *****


***** [ Archivos / Carpetas ] *****

Carpeta Borrar : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\myfree codec
Carpeta Borrar : C:\Program Files\myfree codec
Carpeta Borrar : C:\Users\Usuario\AppData\Roaming\Systweak

***** [ Accesos directos ] *****


***** [ Registro ] *****

Clave Borrar : HKLM\SOFTWARE\Classes\protector_dll.protectorbho
Clave Borrar : HKLM\SOFTWARE\Classes\protector_dll.protectorbho.1
Clave Borrar : HKLM\SOFTWARE\Classes\secman.OutlookSecurityManager
Clave Borrar : HKLM\SOFTWARE\Classes\secman.OutlookSecurityManager.1
Clave Borrar : HKLM\SOFTWARE\Microsoft\Tracing\au__rasapi32
Clave Borrar : HKLM\SOFTWARE\Microsoft\Tracing\au__rasmancs
Clave Borrar : HKLM\SOFTWARE\Microsoft\Tracing\systweakasp_rasapi32
Clave Borrar : HKLM\SOFTWARE\Microsoft\Tracing\systweakasp_rasmancs
Clave Borrar : HKLM\SOFTWARE\Microsoft\Tracing\SoftonicDownloader_for_wifi-auditor_RASAPI32
Clave Borrar : HKLM\SOFTWARE\Microsoft\Tracing\SoftonicDownloader_for_wifi-auditor_RASMANCS
Clave Borrar : HKLM\SOFTWARE\Classes\AppID\{0A18A436-2A7A-49F3-A488-30538A2F6323}
Clave Borrar : HKLM\SOFTWARE\Classes\AppID\{38495740-0035-4471-851E-F5BBB86AB085}
Clave Borrar : HKLM\SOFTWARE\Classes\AppID\{72D89EBF-0C5D-4190-91FD-398E45F1D007}
Clave Borrar : HKLM\SOFTWARE\Classes\CLSID\{00000001-4FEF-40D3-B3FA-E0531B897F98}
Clave Borrar : HKLM\SOFTWARE\Classes\CLSID\{007EFBDF-8A5D-4930-97CC-A4B437CBA777}
Clave Borrar : HKLM\SOFTWARE\Classes\CLSID\{5C3B5DAA-0AFF-4808-90FB-0F2F2D760E36}
Clave Borrar : HKLM\SOFTWARE\Classes\CLSID\{64697678-0000-0010-8000-00AA00389B71}
Clave Borrar : HKLM\SOFTWARE\Classes\CLSID\{A1E28287-1A31-4B0F-8D05-AA8C465D3C5A}
Clave Borrar : HKLM\SOFTWARE\Classes\CLSID\{FD501041-8EBE-11CE-8183-00AA00577DA2}
Clave Borrar : HKLM\SOFTWARE\Classes\Interface\{1F8EDE97-36D5-422A-B8F0-9406E2D87C60}
Clave Borrar : HKLM\SOFTWARE\Classes\TypeLib\{FEB62B15-CC00-4736-AAEC-BA046C9DFF73}
Clave Borrar : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{A1E28287-1A31-4B0F-8D05-AA8C465D3C5A}
Clave Borrar : HKCU\Software\distromatic
Clave Borrar : HKCU\Software\Myfree Codec
Clave Borrar : HKCU\Software\Pokki
Clave Borrar : HKCU\Software\systweak
Clave Borrar : HKCU\Software\AppDataLow\Software\Crossrider
Clave Borrar : HKLM\Software\Myfree Codec
Clave Borrar : HKLM\Software\systweak
Clave Borrar : HKCU\Software\Microsoft\Windows\CurrentVersion\Uninstall\MyFreeCodec
Clave Borrar : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\08121C32A9C319F4CB0C11FF059552A4
Clave Borrar : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\0FF2AEFF45EEA0A48A4B33C1973B6094

***** [ Navegadores ] *****

-\\ Internet Explorer v11.0.9600.16428


-\\ Mozilla Firefox v20.0.1 (en-US)

[ Archivo : C:\Users\Usuario\AppData\Roaming\Mozilla\Firefox\Profiles\9roayojh.default\prefs.js ]


-\\ Google Chrome v31.0.1650.63

[ Archivo : C:\Users\Usuario\AppData\Local\Google\Chrome\User Data\Default\preferences ]


*************************

AdwCleaner[R0].txt - [3690 octets] - [25/12/2013 20:49:07]
AdwCleaner[S0].txt - [3475 octets] - [25/12/2013 20:53:41]

########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [3535 octets] ##########
0
2011N2 Posts 13352 Registration date Saturday January 29, 2011 Status Security contributor Last seen December 24, 2016 39
Dec 26, 2013 at 06:43 AM
Hi,

Thanks you too.

Please make a new report ZHPDiag.

Gabriel.
bcn101 Posts 113 Registration date Friday November 9, 2012 Status Member Last seen July 28, 2014
Dec 26, 2013 at 03:00 PM
Hi Gabriel,

You mean I need to run ZHP diag again?
0
bcn101 Posts 113 Registration date Friday November 9, 2012 Status Member Last seen July 28, 2014
Dec 26, 2013 at 03:30 PM
Gabriel,

Hi again, please see the log below. Thanks! :)

++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++


~ Report of ZHPDiag v2013.12.14.22 - Nicolas Coolman (12/14/2013)
~ Launched by Usuario (12/26/2013 9:05:13 PM)
~ Web site address : https://nicolascoolman.webs.com/
~ Free support forums for disinfection : https://nicolascoolman.webs.com/
~ Translated by
~ Version State :
~ White List : Activate by program
~ Elevation of privilege : OK
~ User Account Control : Deactivate by program


---\\ Internet browsers
MSIE: Internet Explorer v11.0.9600.16476
MFIE: Mozilla Firefox 20.0.1
GCIE: Google Chrome v31.0.1650.63 (Defaut)

---\\ Windows product information
~ Langage: Anglais
Windows 7 Starter, 32-bit Service Pack 1 (Build 7601)
Windows Server License Manager Script : OK
Software Protection Service (Protection logicielle) : OK
Windows Automatic Updates : OK
Windows Activation Technologies : OK

---\\ System protection software
avast! Free Antivirus v8.0.1489.0
Windows Defender W7

---\\ System optimization software
CCleaner v3.24 =>Piriform Ltd

---\\ Sharing software PeerToPeer

---\\ Surveillance software
Adobe Flash Player 11 Plugin
Adobe Reader 9.1 MUI
Java 7 Update 25

---\\ Information on the system
~ Processor: x86 Family 6 Model 28 Stepping 2, GenuineIntel
~ Operating System: 32 Bits
Boot mode: Normal (Normal boot)
Total RAM: 1013.9 MB (9% free)
System Restore: Activé (Enable)
System drive C: has 95 GB (71%) free of 133 GB

---\\ Connection to the system mode
~ Computer Name: USUARIO-PC
~ User Name: Usuario
~ All Users Names: Usuario, Invitado, Administrador,
~ Unselected Option: O45,O61,O62,O65,O66,O80,O82,O89
Logged in as Administrator

---\\ Environment variables
~ System Unit : C:\
~ %AppZHP% : C:\Users\Usuario\AppData\Roaming\ZHP\
~ %AppData% : C:\Users\Usuario\AppData\Roaming\
~ %Desktop% : C:\Users\Usuario\Desktop\
~ %Favorites% : C:\Users\Usuario\Favorites\
~ %LocalAppData% : C:\Users\Usuario\AppData\Local\
~ %StartMenu% : C:\Users\Usuario\AppData\Roaming\Microsoft\Windows\Start Menu\
~ %Windir% : C:\Windows\
~ %System% : C:\Windows\System32\

---\\ Enumeration of the disk units
C: Hard drive, Flash drive, Thumb drive (Free 95 Go of 133 Go)
D: Hard drive, Flash drive, Thumb drive (Free 3 Go of 4 Go)



---\\ State of the Windows Security Center
~ Security Center: 47 Legitimates Filtered in 00mn AMs



---\\ Search Generic System Files
[MD5.8B88EBBB05A0E56B7DCC708498C02B3E] - (.Microsoft Corporation - Explorador de Windows.) (.2/25/2011 - 6:30:54 AM.) -- C:\Windows\Explorer.exe [2616320]
[MD5.B5C5DCAD3899512020D135600129D665] - (.Microsoft Corporation - Aplicación de inicio de Windows.) (.7/14/2009 - 2:14:45 AM.) -- C:\Windows\System32\Wininit.exe [96256]
[MD5.927FA6456AD6D7630F6854828D2FD16B] - (.Microsoft Corporation - Extensiones de Internet para Win32.) (.11/26/2013 - 7:33:33 AM.) -- C:\Windows\System32\wininet.dll [1820160]
[MD5.6D13E1406F50C66E2A95D97F22C47560] - (.Microsoft Corporation - Aplicación de inicio de sesión de Windows.) (.11/20/2010 - 1:17:54 PM.) -- C:\Windows\System32\Winlogon.exe [286720]
[MD5.E3AE23569749DE12D45BA3B489A036AE] - (.Microsoft Corporation - Biblioteca de licencias de software.) (.11/20/2010 - 1:21:24 PM.) -- C:\Windows\System32\sppcomapi.dll [193536]
[MD5.F81BB7E487EDCEAB630A7EE66CF23913] - (.Microsoft Corporation - Ancillary Function Driver for WinSock.) (.9/14/2013 - 1:48:58 AM.) -- C:\Windows\system32\Drivers\AFD.sys [338944]
[MD5.338C86357871C167A96AB976519BF59E] - (.Microsoft Corporation - ATAPI IDE Miniport Driver.) (.7/14/2009 - 2:26:15 AM.) -- C:\Windows\system32\Drivers\atapi.sys [21584]
[MD5.77EA11B065E0A8AB902D78145CA51E10] - (.Microsoft Corporation - CD-ROM File System Driver.) (.7/14/2009 - 12:11:15 AM.) -- C:\Windows\system32\Drivers\Cdfs.sys [70656]
[MD5.BE167ED0FDB9C1FA1133953C18D5A6C9] - (.Microsoft Corporation - SCSI CD-ROM Driver.) (.11/20/2010 - 9:38:10 AM.) -- C:\Windows\system32\Drivers\Cdrom.sys [108544]
[MD5.F024449C97EC1E464AAFFDA18593DB88] - (.Microsoft Corporation - DFS Namespace Client Driver.) (.11/20/2010 - 9:42:32 AM.) -- C:\Windows\system32\Drivers\DfsC.sys [78336]
[MD5.9036377B8A6C15DC2EEC53E489D159B5] - (.Microsoft Corporation - High Definition Audio Bus Driver.) (.11/20/2010 - 10:59:29 AM.) -- C:\Windows\system32\Drivers\HDAudBus.sys [108544]
[MD5.F151F0BDC47F4A28B1B20A0818EA36D6] - (.Microsoft Corporation - Controlador de puerto de i8042.) (.7/14/2009 - 12:11:24 AM.) -- C:\Windows\system32\Drivers\i8042prt.sys [80896]
[MD5.A5FA468D67ABCDAA36264E463A7BB0CD] - (.Microsoft Corporation - IP Network Address Translator.) (.7/14/2009 - 12:54:29 AM.) -- C:\Windows\system32\Drivers\IpNat.sys [101888]
[MD5.5D16C921E3671636C0EBA3BBAAC5FD25] - (.Microsoft Corporation - Windows NT SMB Minirdr.) (.4/27/2011 - 3:17:22 AM.) -- C:\Windows\system32\Drivers\MRxSmb.sys [123904]
[MD5.280122DDCF04B378EDD1AD54D71C1E54] - (.Microsoft Corporation - MBT Transport driver.) (.11/20/2010 - 9:39:44 AM.) -- C:\Windows\system32\Drivers\netBT.sys [187904]
[MD5.5E43D2B0EE64123D4880DFA6626DEFDE] - (.Microsoft Corporation - Controlador del sistema de archivos NTFS.) (.4/12/2013 - 2:45:29 PM.) -- C:\Windows\system32\Drivers\ntfs.sys [1211752]
[MD5.2EA877ED5DD9713C5AC74E8EA7348D14] - (.Microsoft Corporation - Controlador de puerto paralelo.) (.7/14/2009 - 12:45:35 AM.) -- C:\Windows\system32\Drivers\Parport.sys [79360]
[MD5.D9F91EAFEC2815365CBE6D167E4E332A] - (.Microsoft Corporation - RAS L2TP mini-port/call-manager driver.) (.7/14/2009 - 12:54:34 AM.) -- C:\Windows\system32\Drivers\Rasl2tp.sys [78848]
[MD5.3E21C083B8A01CB70BA1F09303010FCE] - (.Microsoft Corporation - SMB Transport driver.) (.7/14/2009 - 12:53:41 AM.) -- C:\Windows\system32\Drivers\smb.sys [71168]
[MD5.B459575348C20E8121D6039DA063C704] - (.Microsoft Corporation - TDI Translation Driver.) (.11/20/2010 - 9:39:17 AM.) -- C:\Windows\system32\Drivers\tdx.sys [74752]
[MD5.F497F67932C6FA693D7DE2780631CFE7] - (.Microsoft Corporation - Controlador de instantánea de volumen.) (.11/20/2010 - 1:30:16 PM.) -- C:\Windows\system32\Drivers\volsnap.sys [245632]
~ Generic Processes: Scanned in 02mn AMs



---\\ Hidden files state (Hidden/Total)
~ Mes images (My Pictures) : 1/12
~ Mes Favoris (My Favorites) : 1/34
~ Mes Documents (My Documents) : 2/5552
~ Mon Bureau (My Desktop) : 1/8
~ Menu demarrer (Programs) : 1/28
~ Hidden Files: Scanned in 45mn AMs



---\\ Process running
[MD5.5AF1E9600E3FF841E522703A4993ED0C] - (.Intel Corporation - Event Monitor User Notification Tool.) -- C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe [186904] [PID.2200]
[MD5.38D514C7CB292F274FBD34B8AE0C2140] - (.Dritek System Inc. - Launch Manager.) -- C:\Program Files\Launch Manager\LManager.exe [1130504] [PID.3372]
[MD5.E3F058D8721EA53BEAB9079A8FB53FD7] - (.Realtek Semiconductor - HD Audio Control Panel.) -- C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe [7600672] [PID.3496]
[MD5.B68A9FFF95D5305F598B28A75F7FBA4F] - (.Acer Incorporated - ePowerTray.) -- C:\Program Files\Acer\Acer ePower Management\ePowerTray.exe [707104] [PID.3676]
[MD5.EF533F9D1E4F51C783D4349A7C3F518F] - (.Egis Technology Inc. - EgisUpdate Release Application.) -- C:\Program Files\EgisTec Egis Software Update\EgisUpdate.exe [199464] [PID.3752]
[MD5.B181B99000E2E00C391F93353C72ABA5] - (.Intel Corporation - igfxext Module.) -- C:\Windows\system32\igfxext.exe [173080] [PID.3796]
[MD5.EAEB34D06AC35097031B0F11595012D7] - (.Egis Technology Inc. - MyWinLocker.) -- C:\Program Files\EgisTec\MyWinLocker 3\x86\mwlDaemon.exe [349480] [PID.3836]
[MD5.D9C51528488EA0D98D3C4D02ABD16759] - (.Intel Corporation - igfxsrvc Module.) -- C:\Windows\system32\igfxsrvc.exe [252952] [PID.3844]
[MD5.7D76D318991A81591BD8A0AE63A3907B] - (.Synaptics Incorporated - Synaptics TouchPad Enhancements.) -- C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [1537320] [PID.4016]
[MD5.4C4D8DE31E840EC339A43FA3C24BE611] - (.Insyde Software Corp. - Sync Data.) -- C:\Program Files\Acer\Android Manager\iSync.exe [393320] [PID.1152]
[MD5.9CACBFFA01B0CB2CB36111E274ADF4D1] - (.Synaptics Incorporated - Synaptics Pointing Device Helper.) -- C:\Program Files\Synaptics\SynTP\SynTPHelper.exe [103720] [PID.2416]
[MD5.132881D0B6A4091BF77E570AEC0809F2] - (.Insyde Software Corp. - Acer Updater for Android(TM).) -- C:\Program Files\Acer\Updater\iUpdate.exe [487016] [PID.3380]
[MD5.68239842340DDFF8993DFD9127553EDA] - (.Intel Corporation - igfxTray Module.) -- C:\Windows\System32\igfxtray.exe [141848] [PID.3456]
[MD5.004763BDF8E48244DBB9FDFDE3065EBC] - (.Intel Corporation - hkcmd Module.) -- C:\Windows\System32\hkcmd.exe [173592] [PID.3516]
[MD5.CD1102E5D340216138C7F56FA8D26998] - (.Intel Corporation - persistence Module.) -- C:\Windows\System32\igfxpers.exe [150552] [PID.3608]
[MD5.6407D56278190B304212464DFDCD0B8B] - (.Samsung Electronics Co., Ltd. - Kies TrayAgent Application.) -- C:\Program Files\Samsung\Kies\KiesTrayAgent.exe [311152] [PID.3076]
[MD5.3F11B20D12D89365D7721BDC860CE5F0] - (.AVAST Software - avast! Antivirus.) -- C:\Program Files\AVAST Software\Avast\AvastUI.exe [4858968] [PID.4088]
[MD5.D63797E8E7781EE1500A810CB6194FA6] - (.Oracle Corporation - Java(TM) Update Scheduler.) -- C:\Program Files\Common Files\Java\Java Update\jusched.exe [253816] [PID.2740]
[MD5.131E6FE09470F057000B0CC01C14D8B7] - (.Acer Incorporated - Acer VCM.) -- C:\Program Files\Acer\Acer VCM\AcerVCM.exe [708608] [PID.3968]
[MD5.376A9B411BF8B77D5BF84B24D0C7DACD] - (.Google Inc. - Google Chrome.) -- C:\Program Files\Google\Chrome\Application\chrome.exe [863184] [PID.5380]
[MD5.DF552350CDC2AA39C01CE40612DF82A8] - (.Samsung - Kies.) -- C:\Program Files\Samsung\Kies\Kies.exe [1564528] [PID.2504]
[MD5.8FA785BB7E8D9C4F30ED95EB8CAAAF51] - (.Mobileleader Co., Ltd. - DeviceManager.exe.) -- C:\Program Files\Samsung\Kies\External\DeviceModules\DeviceManager.exe [693760] [PID.5072]
[MD5.222A73292EE99D4D3E7237BB4CE0DE15] - (.Mobileleader Co., Ltd. - DeviceServiceConnectionManager.exe.) -- C:\Program Files\Samsung\Kies\External\DeviceModules\ConnectionManager.exe [173568] [PID.4192]
[MD5.F937848E0B6173E2607E7021E6F4DC57] - (.Mobileleader Co., Ltd. - DeviceDataService.exe.) -- C:\Program Files\Samsung\Kies\External\DeviceModules\DeviceDataService.exe [351232] [PID.2960]
[MD5.2330B5A4A3824F042DC96D524893A6B5] - (.Nicolas Coolman - ZHPDiag.) -- C:\Program Files\ZHPDiag\ZHPDiag.exe [8295936] [PID.2908]
~ Processes Running: Scanned in 16mn AMs



---\\ Google Chrome, Start,Search,Extensions (G0,G1,G2)
C:\Users\Usuario\AppData\Local\Google\Chrome\User Data\Default\Preferences
~ Google Browser: 8 Legitimates Filtered in 25mn AMs



---\\ Mozilla Firefox,Plugins,Start,Search,Extensions (P2,M0,M1,M2,M3)
C:\Users\Usuario\AppData\Roaming\Mozilla\Firefox\Profiles\9roayojh.default\prefs.js
~ Firefox Browser: 16 Legitimates Filtered in 02mn AMs



---\\ Internet Explorer, Proxy Management (R5)
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = no key
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyEnable = 0
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,MigrateProxy = 1
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,EnableHttp1_1 = 1
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,AutoConfigProxy = wininet.dll
~ Proxy management: Scanned in 00mn AMs



---\\ Line Analysis F0, F1, F2, F3 - IniFiles, Auto loading programs
F2 - REG:system.ini: USERINIT=C:\Windows\system32\Userinit.exe,
F2 - REG:system.ini: Shell=C:\Windows\explorer.exe
F2 - REG:system.ini: VMApplet=C:\Windows\System32\SystemPropertiesPerformance.exe
~ Keys: Scanned in 00mn AMs



---\\ Hosts file redirection (O1)
~ Le fichier hosts est sain (The hosts file is clean).
~ Hosts File: Scanned in 00mn AMs
~ Nombre de lignes (Lines number): 21



---\\ Internet Explorer toolbars (O3)
O3 - Toolbar: avast! Online Security - [HKLM]{8E5E2654-AD2D-48bf-AC2D-D17F00898D06} . (.AVAST Software - IE Webrep plugin.) -- C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll
O3 - Toolbar: Google Toolbar - [HKLM]{2318C2B1-4965-11d4-9B18-009027A5CD4F} . (.Google Inc. - Google Toolbar.) -- C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll =>Toolbar.Google
~ Toolbar: Scanned in 00mn AMs



---\\ Other User Links (O4)
O4 - GS\Desktop [Public]: Acer Accessorios.lnk . (...) -- C:\Program Files\Acer Accessory Store\StartUrl.exe
O4 - GS\Desktop [Public]: Acer Configuration Manager for Android(TM).lnk . (.Macrovision Corporation - InstallShield.) -- C:\Windows\Installer\{523281E5-91DD-49F5-9D85-954148F7596A}\AndroidManager.exe_EDE5AF10CF5B4DA1B61C039E5CAD3FA5.exe
O4 - GS\Desktop [Public]: Google Chrome.lnk . (.Google Inc. - Google Chrome.) -- C:\Program Files\Google\Chrome\Application\chrome.exe
O4 - GS\Desktop [Public]: LINE.lnk . (.NHN Japan - LINE.) -- C:\Program Files\Naver\LINE\Line.exe
O4 - GS\Desktop [Public]: Mozilla Firefox.lnk . (.Mozilla Corporation - Firefox.) -- C:\Program Files\Mozilla Firefox\firefox.exe
O4 - GS\Program [Public]: Mozilla Firefox.lnk . (.Mozilla Corporation - Firefox.) -- C:\Program Files\Mozilla Firefox\firefox.exe
O4 - GS\QuickLaunch [Usuario]: Google Chrome.lnk . (.Google Inc. - Google Chrome.) -- C:\Program Files\Google\Chrome\Application\chrome.exe
O4 - GS\QuickLaunch [Usuario]: Launch Internet Explorer Browser.lnk . (.Microsoft Corporation - Internet Explorer.) -- C:\Program Files\Internet Explorer\iexplore.exe
O4 - GS\QuickLaunch [Usuario]: Viber.lnk . (...) -- C:\Users\Usuario\AppData\Local\Viber\Viber.exe
O4 - GS\TaskBar [Usuario]: Google Chrome.lnk . (.Google Inc. - Google Chrome.) -- C:\Program Files\Google\Chrome\Application\chrome.exe
O4 - GS\TaskBar [Usuario]: Internet Explorer.lnk . (.Microsoft Corporation - Internet Explorer.) -- C:\Program Files\Internet Explorer\iexplore.exe
O4 - GS\TaskBar [Usuario]: Viber.lnk . (...) -- C:\Users\Usuario\AppData\Local\Viber\Viber.exe
O4 - GS\Program [Usuario]: Badoo Desktop.lnk . (.Badoo - Badoo Desktop.) -- C:\ProgramData\Badoo\Badoo desktop\1.6.58.1220\Badoo.desktop.exe
O4 - GS\Program [Usuario]: Internet Explorer.lnk . (.Microsoft Corporation - Internet Explorer.) -- C:\Program Files\Internet Explorer\iexplore.exe
O4 - GS\Program [Usuario]: Viber.lnk . (...) -- C:\Users\Usuario\AppData\Local\Viber\Viber.exe
O4 - GS\SystemTools [Usuario]: Internet Explorer (No Add-ons).lnk . (.Microsoft Corporation - Internet Explorer.) -- C:\Program Files\Internet Explorer\iexplore.exe
O4 - GS\Desktop [Usuario]: Badoo.Desktop.lnk . (.Badoo - Badoo Desktop.) -- C:\ProgramData\Badoo\Badoo desktop\1.6.58.1220\Badoo.desktop.exe
O4 - GS\Desktop [Usuario]: Viber.lnk . (...) -- C:\Users\Usuario\AppData\Local\Viber\Viber.exe
~ Global Startup: 73 Legitimates Filtered in 13mn AMs



---\\ Auto loading programs from Registry and folders (O4)
O4 - GS\Startup [Public]: Acer VCM.lnk . (.Acer Incorporated - Acer VCM.) -- C:\Program Files\Acer\Acer VCM\AcerVCM.exe
O4 - HKLM\..\Run: [IAAnotif] . (.Intel Corporation - Event Monitor User Notification Tool.) -- C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe
O4 - HKLM\..\Run: [LManager] . (.Dritek System Inc. - Launch Manager.) -- C:\Program Files\Launch Manager\LManager.exe
O4 - HKLM\..\Run: [RtHDVCpl] . (.Realtek Semiconductor - HD Audio Control Panel.) -- C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe =>.Realtek Semiconductor Corp
O4 - HKLM\..\Run: [Acer ePower Management] . (.Acer Incorporated - ePowerTray.) -- C:\Program Files\Acer\Acer ePower Management\ePowerTray.exe
O4 - HKLM\..\Run: [EgisTecLiveUpdate] . (.Egis Technology Inc. - EgisUpdate Release Application.) -- C:\Program Files\EgisTec Egis Software Update\EgisUpdate.exe
O4 - HKLM\..\Run: [mwlDaemon] . (.Egis Technology Inc. - MyWinLocker.) -- C:\Program Files\EgisTec\MyWinLocker 3\x86\mwlDaemon.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] . (.Adobe Systems Incorporated - Adobe Acrobat SpeedLauncher.) -- C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe
O4 - HKLM\..\Run: [SynTPEnh] . (.Synaptics Incorporated - Synaptics TouchPad Enhancements.) -- C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [iSyncData] . (.Insyde Software Corp. - Sync Data.) -- C:\Program Files\Acer\Android Manager\iSync.exe
O4 - HKLM\..\Run: [AndroidManager] . (.No owner - Acer Configuration Manager for Android(TM) lau.) -- C:\Program Files\Acer\Android Manager\AML.exe
O4 - HKLM\..\Run: [iPatchData] . (.Insyde Software Corp. - Acer Updater for Android(TM).) -- C:\Program Files\Acer\Updater\iUpdate.exe
O4 - HKLM\..\Run: [IgfxTray] . (.Intel Corporation - igfxTray Module.) -- C:\Windows\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] . (.Intel Corporation - hkcmd Module.) -- C:\Windows\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] . (.Intel Corporation - persistence Module.) -- C:\Windows\system32\igfxpers.exe
O4 - HKLM\..\Run: [KiesTrayAgent] . (.Samsung Electronics Co., Ltd. - Kies TrayAgent Application.) -- C:\Program Files\Samsung\Kies\KiesTrayAgent.exe =>.Samsung Electronics Co
O4 - HKLM\..\Run: [avast] . (.AVAST Software - avast! Antivirus.) -- C:\Program Files\AVAST Software\Avast\avastUI.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] . (.Oracle Corporation - Java(TM) Update Scheduler.) -- C:\Program Files\Common Files\Java\Java Update\jusched.exe =>.Oracle Corporation
O4 - HKLM\..\Run: [20131121] . (.AVAST Software - avast! Emergency Update.) -- C:\Program Files\AVAST Software\Avast\setup\emupdate\f630d193-63cd-417f-860e-12eace3cb047.exe
O4 - HKCU\..\Run: [msnmsgr] . (.Microsoft Corporation - Windows Live Messenger.) -- C:\Program Files\Windows Live\Messenger\msnmsgr.exe
O4 - HKCU\..\Run: [KiesAirMessage] . (.Samsung Electronics - No Comment.) -- C:\Program Files\Samsung\Kies\KiesAirMessage.exe
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] . (.Microsoft Corporation - Gadgets de escritorio de Windows.) -- C:\Program Files\Windows Sidebar\Sidebar.exe
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] . (.Microsoft Corporation - Gadgets de escritorio de Windows.) -- C:\Program Files\Windows Sidebar\Sidebar.exe
O4 - HKUS\S-1-5-18\..\RunOnce: [SPReview] . (.Microsoft Corporation - SP Reviewer.) -- C:\Windows\System32\SPReview\SPReview.exe =>.Microsoft Corporation
O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] . (.Microsoft Corporation - MCTAdmin.) -- C:\Windows\System32\mctadmin.exe =>.Microsoft Corporation
O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] . (.Microsoft Corporation - MCTAdmin.) -- C:\Windows\System32\mctadmin.exe =>.Microsoft Corporation
O4 - HKUS\S-1-5-21-3095367477-2772566876-4048981669-1000\..\Run: [msnmsgr] . (.Microsoft Corporation - Windows Live Messenger.) -- C:\Program Files\Windows Live\Messenger\msnmsgr.exe
O4 - HKUS\S-1-5-21-3095367477-2772566876-4048981669-1000\..\Run: [KiesAirMessage] . (.Samsung Electronics - No Comment.) -- C:\Program Files\Samsung\Kies\KiesAirMessage.exe
~ Application: Scanned in 03mn AMs



---\\ Extra buttons on main IE button toolbar, or extra items in IE 'Tools' menu (O9)
O9 - Extra button: @C:\Program Files\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1003 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} . (.Microsoft Corporation - Windows Live Writer Blog This Extension.) -- C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} . (.Microsoft Corporation - Microsoft Office OneNote Internet Explorer Add-in.) -- C:\Program Files\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} . (...) -- C:\Program Files\Microsoft Office\Office12\REFBARH.ICO
~ IE Extra Buttons: Scanned in 00mn AMs



---\\ Lop.com/Domain Hijackers (O17)
O17 - HKLM\System\CCS\Services\Tcpip\..\{A2EB0EA9-8DE6-42FA-AFDC-5F755FD70A3C}: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\..\{E1D1366E-035D-4E53-81A1-B77285C9AC87}: DhcpNameServer = 168.95.1.1
O17 - HKLM\System\CCS\Services\Tcpip\..\{E1D1366E-035D-4E53-81A1-B77285C9AC87}: DhcpDomain = ACERGAIA
O17 - HKLM\System\CS1\Services\Tcpip\..\{A2EB0EA9-8DE6-42FA-AFDC-5F755FD70A3C}: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CS1\Services\Tcpip\..\{E1D1366E-035D-4E53-81A1-B77285C9AC87}: DhcpNameServer = 168.95.1.1
O17 - HKLM\System\CS1\Services\Tcpip\..\{E1D1366E-035D-4E53-81A1-B77285C9AC87}: DhcpDomain = ACERGAIA
O17 - HKLM\System\CS2\Services\Tcpip\..\{A2EB0EA9-8DE6-42FA-AFDC-5F755FD70A3C}: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CS2\Services\Tcpip\..\{E1D1366E-035D-4E53-81A1-B77285C9AC87}: DhcpNameServer = 168.95.1.1
O17 - HKLM\System\CS2\Services\Tcpip\..\{E1D1366E-035D-4E53-81A1-B77285C9AC87}: DhcpDomain = ACERGAIA
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
~ Domain: Scanned in 00mn AMs



---\\ Extra protocols (O18)
O18 - Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} . (.Microsoft Corporation - Windows Live Album Download Protocol Handle.) -- C:\Program Files\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
O18 - Filter: text/xml - {807563E5-5146-11D5-A672-00B0D022E945} . (.Microsoft Corporation - Microsoft Office XML MIME Filter.) -- C:\Program Files\Common Files\microsoft shared\OFFICE12\MSOXMLMF.dll =>.Microsoft Corporation
~ Protocole Additionnel: Scanned in 00mn AMs



---\\ AppInit_DLLs Registry value Autorun (O20)
O20 - Winlogon Notify: igfxcui . (.Intel Corporation - igfxdev Module.) -- C:\Windows\System32\igfxdev.dll
~ Winlogon: Scanned in 00mn AMs



---\\ Task Planned Automatically (039)
[MD5.00000000000000000000000000000000] [APT] [{2618FF3F-07DD-42F6-9992-64FB3825BBB9}] (...) -- C:\Users\Usuario\Downloads\unetbootin-windows-584.exe (.not file.) [0]
[MD5.00000000000000000000000000000000] [APT] [{6B0ADC77-7E47-4C2A-A960-BA589A9BC5B3}] (...) -- C:\Users\Usuario\Downloads\Nokia_PC_Suite_ALL.exe (.not file.) [0]
~ Scheduled Task: 21 Legitimates Filtered in 23mn AMs



---\\ HKCU & HKLM Software Keys
[HKCU\Software\Goobzo]
[HKLM\Software\DCE]
[HKLM\Software\Goobzo]
~ Key Software: 190 Legitimates Filtered in 04mn AMs



---\\ Contents of the Common Files folders (O43)
O43 - CFD: 10/12/2013 - 4:19:17 PM - [48.475] ----D C:\Program Files\GUM30F3.tmp
O43 - CFD: 12/24/2013 - 1:58:48 PM - [0.018] ----D C:\Program Files\ShopperPro
O43 - CFD: 12/24/2013 - 4:51:07 PM - [2.116] ----D C:\Program Files\YouTube Accelerator
O43 - CFD: 3/16/2013 - 12:15:28 PM - [0] -SH-D C:\Users\Usuario\AppData\Local\Archivos temporales de Internet
O43 - CFD: 12/24/2013 - 1:38:52 PM - [5.746] ----D C:\Users\Usuario\AppData\Local\Installer
O43 - CFD: 4/13/2013 - 3:18:21 PM - [0] ----D C:\Users\Usuario\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Free Registry Cleaner
~ Program Folder: 155 Legitimates Filtered in 46mn AMs



---\\ Last modified or created files under Windows and System32 (O44)
O44 - LFC:[MD5.6D8852110F0017C15F52D268822EAB58] - 12/24/2013 - 1:57:28 PM ---A- . (...) -- C:\Windows\wininit.ini [226]
O44 - LFC:[MD5.24CC619E3F2516BBB4CB6D819913A525] - 12/24/2013 - 1:58:45 PM ---A- . (...) -- C:\Windows\System32\Config.json [197]
O44 - LFC:[MD5.8F0F6BA863CC45A3919DB8D83E69BC8D] - 12/24/2013 - 2:40:03 PM ---A- . (...) -- C:\Use [1903]
O44 - LFC:[MD5.B84997209B6C90A73CAC185804EE840F] - 12/26/2013 - 9:10:39 PM --HA- . (...) -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 [16160]
O44 - LFC:[MD5.B84997209B6C90A73CAC185804EE840F] - 12/26/2013 - 9:10:39 PM --HA- . (...) -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 [16160]
~ Files: 39 Legitimates Filtered in 58mn AMs



---\\ Microsoft Windows Policies System (MWPS) (O55)
O55 - MWPS:[HKLM\...\Policies\System] - "EnableUIADesktopToggle"=0
O55 - MWPS:[HKLM\...\Policies\System] - "FilterAdministratorToken"=0
~ MWPS: 16 Legitimates Filtered in 00mn AMs



---\\ System Drivers List (SDL) (O58)
O58 - SDL:[MD5.B680134BA1813B78B47FDD1DFF223CA5] - 5/9/2013 - 9:59:10 AM ---A- . (...) -- C:\Windows\System32\Drivers\aswRvrt.sys [49376]
O58 - SDL:[MD5.FAF091AA45A6A6CF3CF94FE065950956] - 6/27/2013 - 11:46:29 PM ---A- . (...) -- C:\Windows\System32\Drivers\aswSnx.sys.sum [175]
O58 - SDL:[MD5.3FFBEE694566CADB0A64D8A1ACD7DBCE] - 6/27/2013 - 11:46:29 PM ---A- . (...) -- C:\Windows\System32\Drivers\aswSP.sys.sum [175]
O58 - SDL:[MD5.8CFAA2B965773A653F48F1207A9CB9C4] - 6/27/2013 - 11:46:29 PM ---A- . (...) -- C:\Windows\System32\Drivers\aswVmm.sys [175176]
O58 - SDL:[MD5.22EA82FFE8CA4965C1994F24C35DC202] - 6/27/2013 - 11:46:29 PM ---A- . (...) -- C:\Windows\System32\Drivers\aswVmm.sys.sum [175]
O58 - SDL:[MD5.0ED67910C8C326796FAA00B2BF6D9D3C] - 7/14/2009 - 2:20:28 AM ---A- . (.Emulex - Storport Miniport Driver for LightPulse HBAs.) -- C:\Windows\System32\Drivers\elxstor.sys [453712]
O58 - SDL:[MD5.C44E3C2BAB6837DB337DDEE7544736DB] - 7/13/2009 - 11:54:14 PM ---A- . (.Hauppauge Computer Works, Inc. - Hauppauge WinTV 885 Consumer IR Driver for eHome.) -- C:\Windows\System32\Drivers\hcw85cir.sys [26624]
O58 - SDL:[MD5.EDF7F8387C2072205ABCF105F14B13B4] - 10/28/2013 - 1:12:12 AM ---A- . (.DEVGURU Co., LTD.(www.devguru.co.kr) - SAMSUNG USB Composite Device Driver (MSS Ver.3).) -- C:\Windows\System32\Drivers\ssudbus.sys [87064]
O58 - SDL:[MD5.24F5F92263E3B461A1105FE370D53D1C] - 10/28/2013 - 1:12:12 AM ---A- . (.DEVGURU Co., LTD.(www.devguru.co.kr) - SAMSUNG Android Modem Device Driver (MSS Ver.3).) -- C:\Windows\System32\Drivers\ssudmdm.sys [182680]
O58 - SDL:[MD5.DB32D325C192B801DF274BFD12A7E72B] - 7/14/2009 - 2:19:04 AM ---A- . (.Promise Technology - Promise SuperTrak EX Series Driver for Windows.) -- C:\Windows\System32\Drivers\stexstor.sys [21072]
O58 - SDL:[MD5.8AAD333C876590293F72B315E162BCC7] - 7/13/2009 - 10:40:41 PM ---A- . (...) -- C:\Windows\System32\ANSI.SYS [9029]
O58 - SDL:[MD5.0FE9F16075C9ACB941C957B7C649176E] - 7/13/2009 - 10:40:44 PM ---A- . (...) -- C:\Windows\System32\country.sys [27097]
O58 - SDL:[MD5.E6BC0F98FECEF245A0010D350C1A0B9B] - 7/13/2009 - 10:40:40 PM ---A- . (...) -- C:\Windows\System32\HIMEM.SYS [4768]
O58 - SDL:[MD5.492090267B9608C62B956CD29BE3AFB7] - 7/13/2009 - 10:40:43 PM ---A- . (...) -- C:\Windows\System32\KEY01.SYS [42809]
O58 - SDL:[MD5.FBBCFEC1379C5C02D88A361993EDF1B8] - 7/13/2009 - 10:40:43 PM ---A- . (...) -- C:\Windows\System32\KEYBOARD.SYS [42537]
O58 - SDL:[MD5.FFFF296A08DBF2AC0126C62E3778AC0D] - 7/13/2009 - 10:40:23 PM ---A- . (...) -- C:\Windows\System32\NTDOS.SYS [27866]
O58 - SDL:[MD5.CF9ED169FF86D935E47999E82359E898] - 7/13/2009 - 10:40:31 PM ---A- . (...) -- C:\Windows\System32\NTDOS404.SYS [29146]
O58 - SDL:[MD5.03B945AC0481CD8BB161C3569D8ED1C3] - 7/13/2009 - 10:40:35 PM ---A- . (...) -- C:\Windows\System32\NTDOS411.SYS [29370]
O58 - SDL:[MD5.BBC957DC18C17CC027EB80B7C77F2AEA] - 7/13/2009 - 10:40:39 PM ---A- . (...) -- C:\Windows\System32\NTDOS412.SYS [29274]
O58 - SDL:[MD5.3CFFAEFFF23B0D208214A6D3061A5B1B] - 7/13/2009 - 10:40:27 PM ---A- . (...) -- C:\Windows\System32\NTDOS804.SYS [29146]
O58 - SDL:[MD5.2E4112FB7D1B76E11ADFD7487B5D0E95] - 7/13/2009 - 10:40:11 PM ---A- . (...) -- C:\Windows\System32\NTIO.SYS [33952]
O58 - SDL:[MD5.A98EBD4C2DF983665BF2D1AF49949974] - 7/13/2009 - 10:40:15 PM ---A- . (...) -- C:\Windows\System32\NTIO404.SYS [34672]
O58 - SDL:[MD5.3F7E6406EDEF197C5CAAB2240EEF6F48] - 7/13/2009 - 10:40:17 PM ---A- . (...) -- C:\Windows\System32\NTIO411.SYS [35776]
O58 - SDL:[MD5.3E64D681B776CC57BDC38A46D881F85B] - 7/13/2009 - 10:40:19 PM ---A- . (...) -- C:\Windows\System32\NTIO412.SYS [35536]
O58 - SDL:[MD5.D86B6435729231C171432B4E77801BDB] - 7/13/2009 - 10:40:13 PM ---A- . (...) -- C:\Windows\System32\NTIO804.SYS [34672]
~ Drivers: 16 Legitimates Filtered in 10mn AMs



---\\ List all tools cleaner (LATC) (O63)
O63 - Logiciel: UsbFix By El Desaparecido - (.El Desaparecido - SosVirus.net.) [HKLM] -- Usbfix
O63 - Logiciel: ZHPDiag 2013 - (.Nicolas Coolman.) [HKLM] -- ZHPDiag_is1 =>.Nicolas Coolman
~ ADS: Scanned in 00mn AMs



---\\ File Associations Shell Spawning (O67)
O67 - Shell Spawning: <.html> <ChromeHTML>[HKCU\..\open\Command] (.Not Key.)
~ FASS Keys: 11 Legitimates Filtered in 00mn AMs



---\\ Start Menu Internet (SMI) (O68)
O68 - StartMenuInternet: <FIREFOX.EXE> <Mozilla Firefox>[HKLM\..\Shell\open\Command] (.Mozilla Corporation - Firefox.) -- C:\Program Files\Mozilla Firefox\firefox.exe
O68 - StartMenuInternet: <Google Chrome> <Google Chrome>[HKLM\..\Shell\open\Command] (.Google Inc. - Google Chrome.) -- C:\Program Files\Google\Chrome\Application\chrome.exe
O68 - StartMenuInternet: <IEXPLORE.EXE> <Internet Explorer>[HKLM\..\Shell\open\Command] (.Microsoft Corporation - Internet Explorer.) -- C:\Program Files\Internet Explorer\iexplore.exe
~ Keys: Scanned in 00mn AMs



---\\ Search Browser Infection (SBI) (O69)
O69 - SBI: SearchScopes [HKCU] ${searchCLSID} - (@ieframe.dll,-12512) - https://www.bing.com/?fdr=lc&toHttps=1&redig=636E85BA310741769F6F7203285A1529
O69 - SBI: SearchScopes [HKCU] {0633EE93-D776-472f-A0FF-E1416B8B2E3A} - (@ieframe.dll,-12512) - https://www.bing.com/?toHttps=1&redig=A285299509A549C698CB8C1DF7646608
O69 - SBI: SearchScopes [HKCU] {44F062C3-3C18-4812-BCE0-D3BEC5F88BD0} - (Google) - https://www.google.com/?gws_rd=ssl
O69 - SBI: SearchScopes [HKCU] {67A2568C-7A0A-4EED-AECC-B5405DE63B64} - (Google) - https://www.google.com/?gws_rd=ssl
O69 - SBI: SearchScopes [HKCU] {6A1806CD-94D4-4689-BA73-E35EA1EA9990} - (@ieframe.dll,-12512) - https://www.bing.com/?toHttps=1&redig=A285299509A549C698CB8C1DF7646608
O69 - SBI: SearchScopes [HKCU] {B3103817-5053-4237-AC10-BB08FA69AF0E} - (Yahoo! Search) - https://es.search.yahoo.com/
~ Keys: Scanned in 00mn AMs



---\\ Search Particular Root Folder (SPRF) (O84)
[MD5.F6F5D504563819093487CC6572FFD493] [SPRF][12/19/2013] (...) -- C:\Users\Usuario\AppData\Local\Temp\cabex.dll [98304]
[MD5.0D26EF8C01E3E1C77877C303A9317F69] [SPRF][12/10/2013] (...) -- C:\Users\Usuario\AppData\Local\Temp\Quarantine.exe [360051]
[MD5.62E405D69FEB3CFE01B0A311CBAA8F0A] [SPRF][12/24/2013] (...) -- C:\Users\Usuario\AppData\Local\Temp\tu17p84.exe [179560]
[MD5.B6D496484B3DCC75670AF650C7D32112] [SPRF][12/19/2013] (...) -- C:\Users\Usuario\AppData\Local\Temp\unelevate.exe [95592]
[MD5.82FD58331B9511DDCF6E94F848401ABC] [SPRF][12/24/2013] (...) -- C:\Users\Usuario\AppData\Local\Temp\utt30A1.tmp.bat [103]
[MD5.5EA2896E382EE2F6FA6EFA29C5739B72] [SPRF][12/24/2013] (...) -- C:\Users\Usuario\AppData\Local\Temp\utt598.tmp.exe [378912]
[MD5.6DC136588CE40C8C3E5EFDF5EBA6FDBC] [SPRF][12/24/2013] (...) -- C:\Users\Usuario\AppData\Local\Temp\yta_bu12_setup.exe [704200]
[MD5.347644B235F2D5C0EF587B7910A7A6C7] [SPRF][7/10/2013] (...) -- C:\Users\Usuario\Desktop\advisorinstaller.exe [3215536]
~ Files: 8 Legitimates Filtered in 01mn AMs



---\\ Product Upgrade Codes (PUC) (O90)
O90 - PUC: "5E182325DD195F94D9585914847F95A6" . (.AndroidInstaller.) -- C:\Windows\Installer\{523281E5-91DD-49F5-9D85-954148F7596A}\ARPPRODUCTICON.exe
~ Update Products: 86 Legitimates Filtered in 00mn AMs



---\\ Windows Installer Scan (WIS) (O93) (NTFS)
[MD5.D86E644F526BE0C225756B44F0A40AD9] [WIS][12/5/2013] (.Skype Technologies S.A. - Skype.) -- C:\Windows\Installer\54dd73.msi [24997888]
[MD5.DF35689F44BE07AF19293BAEC2365822] [WIS][10/1/2009] (.Insyde - MSI Database.) -- C:\Windows\Installer\6786b.msi [618800]
~ WIS: 88 Legitimates Filtered in 00mn AMs



---\\ General States of Services not Microsoft (EGS) (SR=Running, SS=Stopped)
SS - | Demand 12/11/2013 257416 | (AdobeFlashPlayerUpdateSvc) . (.Adobe Systems Incorporated.) - C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
SS - | Auto 3/19/2013 135664 | (gupdate) . (.Google Inc..) - C:\Program Files\Google\Update\GoogleUpdate.exe
SS - | Demand 3/19/2013 135664 | (gupdatem) . (.Google Inc..) - C:\Program Files\Google\Update\GoogleUpdate.exe
SS - | Demand 3/19/2013 194032 | (gusvc) . (.Google.) - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
SS - | Demand 4/10/2013 115608 | (MozillaMaintenance) . (.Mozilla Foundation.) - C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe
SS - | Auto 9/5/2013 171680 | (SkypeUpdate) . (.Skype Technologies.) - C:\Program Files\Skype\Updater\Updater.exe

SR - | Auto 5/9/2013 46808 | (avast! Antivirus) . (.AVAST Software.) - C:\Program Files\AVAST Software\Avast\AvastSvc.exe
SR - | Auto 8/6/2009 727584 | (ePowerSvc) . (.Acer Incorporated.) - C:\Program Files\Acer\Acer ePower Management\ePowerSvc.exe
SR - | Auto 6/4/2009 1150496 | (Greg_Service) . (.Acer Incorporated.) - C:\Program Files\Acer\Registration\GregHSRW.exe
SR - | Auto 6/5/2009 354840 | (IAANTMON) . (.Intel Corporation.) - C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe
SR - | Auto 8/6/2009 311592 | (MWLService) . (.Egis Technology Inc..) - C:\Program Files\EgisTec\MyWinLocker 3\x86\MWLService.exe
SR - | Auto 7/10/2009 253952 | (RS_Service) . (.Acer Incorporated.) - C:\Program Files\Acer\Acer VCM\RS_Service.exe
SR - | Auto 7/4/2009 240160 | (Updater Service) . (.Acer.) - C:\Program Files\Acer\Acer Updater\UpdaterService.exe
SR - | Auto 7/14/2009 20992 | C:\Program Files\Windows Defender\mpsvc.dll (WinDefend) . (.Microsoft Corporation.) - C:\Windows\System32\svchost.exe
SR - | Auto 7/14/2009 20992 | C:\Windows\System32\wuaueng.dll (wuauserv) . (.Microsoft Corporation.) - C:\Windows\System32\svchost.exe

~ Services: Scanned in 23mn AMs



---\\ Scan Additionnel (O88)
Database Version : 13013 - (12/14/2013)
Clés trouvées (Keys found) : 0
Valeurs trouvées (Values found) : 1
Dossiers trouvés (Folders found) : 1
Fichiers trouvés (Files found) : 0

[HKLM\Software\Microsoft\Internet Explorer\Toolbar]:{2318C2B1-4965-11d4-9B18-009027A5CD4F} =>Toolbar.Google^
C:\Users\Usuario\AppData\Local\Installer =>Adware.InstallPedia
~ Additionnel Scan: 314590 Items scanned in 22mn AMs



---\\ Summary of the detections found on your workstation
~ http://nicolascoolman.webs.com/apps/blog/show/26967630-adware-installpedia =>Adware.InstallPedia
~ MSI: 1 link(s) detected in 22mn AMs



~ 966 Legitimates filtered by white list
End of the scan (451 lines in 46mn AMs)(0)
0
2011N2 Posts 13352 Registration date Saturday January 29, 2011 Status Security contributor Last seen December 24, 2016 39
Dec 27, 2013 at 05:44 AM
Hello,

OK.
Delete the folder : C:\Users\Usuario\AppData\Local\Installer

Is your netbook always slow ?

Download, install and run Malwarebyte which you can find on this site:

https://ccm.net/downloads/security-and-maintenance/4621-malwarebytes-anti-malware/ es-anti-malware

Ensure you make an update.

Please request a FULL system scan, which may take from 20 minutes to hours. Do not interfere no matter how long in takes. The creators of Malwarebyte recommend that while the tool is running that you go do something else, such as watching a rerun of Gone with the Wind or read Tolstoy's War and Peace.

If Malwarebyte restarts your system, launch it again to finish the Full scan.

When the scan is completed, delete all items found.

Once your computer is clean and working normally just to be on the safe side
*Turn off system restore and wait 30 seconds,
*Turn it back on and create a new restore point.

This way it gets rid of anything bad that might have gotten saved in a restore point and you have a clean restore point to use in the near future if needed.
Do not turn it off until your computer is clean and working normally because you might need to use it if something goes wrong during the clean-up process.
It is better to go back to an infected restore point if something goes wrong then to not be able to undo changes that were damaging.

Gabriel.
bcn101 Posts 113 Registration date Friday November 9, 2012 Status Member Last seen July 28, 2014
Dec 28, 2013 at 02:57 PM
Hi Gabby,

Thanks, I have done all your instructions. Just wondering how can I know that my netbook is already clean?
0

Didn't find the answer you are looking for?

Ask a question
2011N2 Posts 13352 Registration date Saturday January 29, 2011 Status Security contributor Last seen December 24, 2016 39
Dec 28, 2013 at 03:05 PM
Hi,

Have you got Malwarebytes's report ?

Currently, your netbook is clean. You have to be prudent on the web... :)

Gabriel.
bcn101 Posts 113 Registration date Friday November 9, 2012 Status Member Last seen July 28, 2014
Dec 28, 2013 at 03:22 PM
Hi Gab,

It didn't give me any reports. I am running the anti-malware again :/
0
2011N2 Posts 13352 Registration date Saturday January 29, 2011 Status Security contributor Last seen December 24, 2016 39
Dec 28, 2013 at 03:25 PM
No report in the tab Reports/logs ?

Gabriel.
bcn101 Posts 113 Registration date Friday November 9, 2012 Status Member Last seen July 28, 2014
Dec 28, 2013 at 03:30 PM
Where can I see it?
0
2011N2 Posts 13352 Registration date Saturday January 29, 2011 Status Security contributor Last seen December 24, 2016 39
Dec 28, 2013 at 03:32 PM
Open Malwarebytes and you can see the tab normally.

Gabriel.
bcn101 Posts 113 Registration date Friday November 9, 2012 Status Member Last seen July 28, 2014
Dec 28, 2013 at 10:40 PM
Okay, thanks :)

FIRST LOG :

Malwarebytes Anti-Malware 1.75.0.1300
www.malwarebytes.org

Database version: v2013.12.28.04

Windows 7 Service Pack 1 x86 NTFS
Internet Explorer 11.0.9600.16476
Usuario :: USUARIO-PC [administrator]

12/28/2013 1:35:43 PM
mbam-log-2013-12-28 (13-35-43).txt

Scan type: Full scan (C:\|D:\|)
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 339183
Time elapsed: 3 hour(s), 25 minute(s), 49 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 2
HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{B2D33ED6-EBBD-467C-BF6F-F175D9B51363} (PUP.Optional.DefaultTab.A) -> Quarantined and deleted successfully.
HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{BAD84EE2-624D-4e7c-A8BB-41EFD720FD77} (PUP.Optional.DefaultTab.A) -> Quarantined and deleted successfully.

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 7
C:\$Recycle.Bin\S-1-5-21-3095367477-2772566876-4048981669-1000\$RAOTO2V.exe (PUP.Optional.InstalleRex) -> Quarantined and deleted successfully.
C:\$Recycle.Bin\S-1-5-21-3095367477-2772566876-4048981669-1000\$RTM18OS.exe (PUP.Optional.InstalleRex) -> Quarantined and deleted successfully.
C:\$Recycle.Bin\S-1-5-21-3095367477-2772566876-4048981669-1000\$R6DAJ22\sense.exe (PUP.Optional.Bundler) -> Quarantined and deleted successfully.
C:\Users\Usuario\AppData\Local\Google\Chrome\User Data\Default\File System\000\t\00\00000000 (PUP.Optional.OneClickDownloader.A) -> Quarantined and deleted successfully.
C:\Users\Usuario\AppData\Local\Temp\utt598.tmp.exe (PUP.Optional.SearchProtection.A) -> Quarantined and deleted successfully.
C:\Users\Usuario\AppData\Local\Temp\Install_29745\sense.exe (PUP.Optional.Bundler) -> Quarantined and deleted successfully.
C:\Users\Usuario\Documents\samsung\Kies\Backup\GT-I9070\GT-I9070_20130418041012\Others\Download\The_Hobbit_2012___XviD-.avi.exe (PUP.Optional.InstallerEX.A) -> Quarantined and deleted successfully.

(end)



SECOND LOG :

Malwarebytes Anti-Malware 1.75.0.1300
www.malwarebytes.org

Database version: v2013.12.28.05

Windows 7 Service Pack 1 x86 NTFS
Internet Explorer 11.0.9600.16476
Usuario :: USUARIO-PC [administrator]

12/28/2013 9:16:11 PM
mbam-log-2013-12-28 (21-16-11).txt

Scan type: Full scan (C:\|D:\|)
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 339475
Time elapsed: 3 hour(s), 19 minute(s), 1 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 2
HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{B2D33ED6-EBBD-467C-BF6F-F175D9B51363} (PUP.Optional.DefaultTab.A) -> Quarantined and deleted successfully.
HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{BAD84EE2-624D-4e7c-A8BB-41EFD720FD77} (PUP.Optional.DefaultTab.A) -> Quarantined and deleted successfully.

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 2
C:\$Recycle.Bin\S-1-5-21-3095367477-2772566876-4048981669-1000\$RAOTO2V.exe (PUP.Optional.InstalleRex) -> Quarantined and deleted successfully.
C:\Users\Usuario\AppData\Local\Temp\Install_29745\sense.exe (PUP.Optional.Bundler) -> Quarantined and deleted successfully.

(end)
0
2011N2 Posts 13352 Registration date Saturday January 29, 2011 Status Security contributor Last seen December 24, 2016 39
Dec 29, 2013 at 03:07 PM
Hello,

Ok it's good.

Is there still problems ?

Gabriel.
Hi Gab, it's better now but yeah there's still a prob. When I play videos, like youtube for example there are times that the voice doesnt synchronized with the images :(

I really have prob with the vids even before.... :(
2011N2 Posts 13352 Registration date Saturday January 29, 2011 Status Security contributor Last seen December 24, 2016 39
Dec 30, 2013 at 07:26 AM
Hello,

Can you try to write your message a new time ? Because it's empty, but i can read your answer in my email.

Thanks.

Gabriel.
bcn101 Posts 113 Registration date Friday November 9, 2012 Status Member Last seen July 28, 2014
Dec 30, 2013 at 10:55 AM
Hi Gab, it's better now but yeah there's still a prob. When I play videos, like youtube for example there are times that the voice doesnt synchronized with the images :(

I really have prob with the vids even before.... :(


p.s. it also freezes a lot
0
2011N2 Posts 13352 Registration date Saturday January 29, 2011 Status Security contributor Last seen December 24, 2016 39
Dec 30, 2013 at 11:05 AM
Hi,

Ok, on which browser(s) ?

Gabriel.
bcn101 Posts 113 Registration date Friday November 9, 2012 Status Member Last seen July 28, 2014
Dec 31, 2013 at 11:48 AM
i am using google chrome, and it lags a lot :(
0
2011N2 Posts 13352 Registration date Saturday January 29, 2011 Status Security contributor Last seen December 24, 2016 39
Dec 31, 2013 at 08:17 PM
Hello,

Try to reset Chrome as this : http://www.forum-entraide-informatique.com/t10771-how-to-reset-google-chrome

Then tell me.

And... Happy new year. :)

Gabriel.
bcn101 Posts 113 Registration date Friday November 9, 2012 Status Member Last seen July 28, 2014
Jan 1, 2014 at 07:36 AM
Hi Gab,

A happy new year too.

I tried resetting chrome but when I enter this code in the search bar (windows + r)
"%userprofile%\Local Settings\Application Data\Google\Chrome\User Data\"

says file cannot be found :(
0
2011N2 Posts 13352 Registration date Saturday January 29, 2011 Status Security contributor Last seen December 24, 2016 39
Jan 1, 2014 at 07:38 AM
Hello,

Thanks. :)

For Windows 7 you must enter this :
%LOCALAPPDATA%\Google\Chrome\User Data

Gabriel.
bcn101 Posts 113 Registration date Friday November 9, 2012 Status Member Last seen July 28, 2014
Jan 5, 2014 at 11:06 AM
Hi Gab,

I already did the reset to my google chrome browser. Now what's next? :)
0
2011N2 Posts 13352 Registration date Saturday January 29, 2011 Status Security contributor Last seen December 24, 2016 39
Jan 5, 2014 at 11:07 AM
Hi,

Your netbook is always slow ? :)

Gabriel.
bcn101 Posts 113 Registration date Friday November 9, 2012 Status Member Last seen July 28, 2014
Jan 7, 2014 at 06:29 PM
It wasn't when it was new. I still have problem with videos and when opening a page it is really taking time. :(
0
2011N2 Posts 13352 Registration date Saturday January 29, 2011 Status Security contributor Last seen December 24, 2016 39
Jan 8, 2014 at 05:14 PM
Hello,

Your computer is always slow or only on internet ?

Do a speed test here and tell me results : https://www.speedtest.net/

Gabriel.
bcn101 Posts 113 Registration date Friday November 9, 2012 Status Member Last seen July 28, 2014
Jan 8, 2014 at 07:56 PM
Hi, yeah it is slow most especially when playing some videos, like youtube for example. Sometimes the action and the sounds are not synchronized...actually most of the time. Also there's this annoying squeeking noise and the video will freeze. :(

Please see the result of the speedtest below :

PING : 61 ms
Download Speed : 10.18 mbps
Upload Speed : 0.72 mbps

Thanks Gab! :)
0
2011N2 Posts 13352 Registration date Saturday January 29, 2011 Status Security contributor Last seen December 24, 2016 39
Jan 9, 2014 at 01:05 AM
Hello,

OK. Can you try with another browser to see if it's the same ?

Gabriel.
bcn101 Posts 113 Registration date Friday November 9, 2012 Status Member Last seen July 28, 2014
Jan 9, 2014 at 05:33 PM
The same thing happened :(
I played a video and, it was not really that good. :(
0
2011N2 Posts 13352 Registration date Saturday January 29, 2011 Status Security contributor Last seen December 24, 2016 39
Jan 10, 2014 at 04:20 PM
Hello,

OK, we will try to optimize your PC.
Run MyDefrag : http://ccm.net/download/download-6404-mydefrag (defragment only)
Then Ccleaner : https://ccm.net/downloads/security-and-maintenance/4555-ccleaner/
And disable programs at startup : http://ccm.net/faq/4438-disable-launching-of-programs-at-startup

Gabriel.
bcn101 Posts 113 Registration date Friday November 9, 2012 Status Member Last seen July 28, 2014
Jan 11, 2014 at 01:32 PM
done.... with the disabling programs I have disabled only a few. Is that right or I need to disable all of it?
0
2011N2 Posts 13352 Registration date Saturday January 29, 2011 Status Security contributor Last seen December 24, 2016 39
Jan 11, 2014 at 01:36 PM
Hi,

You can disable all except wich correspond at your computer / antivirus.

Gabriel.
bcn101 Posts 113 Registration date Friday November 9, 2012 Status Member Last seen July 28, 2014
Jan 11, 2014 at 01:39 PM
ok then, i'll do it again :)
0
2011N2 Posts 13352 Registration date Saturday January 29, 2011 Status Security contributor Last seen December 24, 2016 39
Jan 11, 2014 at 01:42 PM
Good, and after, tell me if it's always slow when you try to watch videos.

Gabriel.
bcn101 Posts 113 Registration date Friday November 9, 2012 Status Member Last seen July 28, 2014
Jan 13, 2014 at 04:17 PM
Hi Gab,

There's a very little improvment, when playing a vid the squeeking noise, the lagging and buffering are still present even though I have a very good wifi connection :(
0
2011N2 Posts 13352 Registration date Saturday January 29, 2011 Status Security contributor Last seen December 24, 2016 39
Jan 15, 2014 at 05:09 AM
Hi,

Try to uninstall / reinstall Adobe Flash Player.

Gabriel.
bcn101 Posts 113 Registration date Friday November 9, 2012 Status Member Last seen July 28, 2014
Jan 15, 2014 at 05:12 PM
no difference at all :(
when i pause the vid and play it again, there was no sounds, though the vid is playing.. idk what to do now really. :(
0
  • 1
  • 2