Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

BSOD After Using FixTDSS


  • This topic is locked This topic is locked
14 replies to this topic

#1 zakdo

zakdo

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:09:34 AM

Posted 31 March 2012 - 07:11 AM

Hi, I'm having the exact same problem as here: http://www.bleepingcomputer.com/forums/topic428407.html

I was infected by some viruses, I run MBAM and combofix it erase some of them but I still have some google's redirection problem. TDSSKiller doesn't wanr to work, foolishly I ran FixTDSS after reading some of the posts elsewhere (i was aware of bsods from using this tool but i used it anyways) this resolve my redirection's problem but after a reboot im in the same pickle jar as everyone else. Goes straight to BSOD after it loads CLASSPNP driver.

Im using Win7'32 bits), I saw that on the other posts one of the users asked for a scan using FRST. So here is my scan :

Scan result of Farbar Recovery Scan Tool (FRST written by farbar) Version: 14-03-2012
Ran by Système at 31-03-2012 02:53:43
Running from F:\
Windows 7 Professional Service Pack 1 (X86) OS Language: French Standard
The current controlset is ControlSet001

========================== Registry (Whitelisted) =============

HKLM\...\Run: [Apoint] C:\Program Files\DellTPad\Apoint.exe [501104 2011-04-05] (Alps Electric Co., Ltd.)
HKLM\...\Run: [SysTrayApp] C:\Program Files\IDT\WDM\sttray.exe [536668 2011-01-25] (IDT, Inc.)
HKLM\...\Run: [IntelPROSet] "C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe" /tf Intel PROSet/Wireless [1210640 2010-12-23] (Intel® Corporation)
HKLM\...\Run: [TdmNotify] C:\Program Files\Dell\Dell Data Protection\Access\Advanced\Wave\Trusted Drive Manager\TdmNotify.exe [214384 2011-05-27] (Wave Systems Corp.)
HKLM\...\Run: [Dell Webcam Central] "C:\Program Files\Dell Webcam\Dell Webcam Central\WebcamDell2.exe" /mode2 [462993 2010-03-12] (Creative Technology Ltd)
HKLM\...\Run: [RemoteControl9] "C:\Program Files\CyberLink\PowerDVD9\PDVD9Serv.exe" [87336 2009-07-06] (CyberLink Corp.)
HKLM\...\Run: [PDVD9LanguageShortcut] "C:\Program Files\CyberLink\PowerDVD9\Language\Language.exe" [50472 2010-04-29] (CyberLink Corp.)
HKLM\...\Run: [RoxWatchTray] "C:\Program Files\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxWatchTray12OEM.exe" [240112 2010-11-25] (Sonic Solutions)
HKLM\...\Run: [Desktop Disc Tool] "C:\Program Files\Roxio\OEM\Roxio Burn\RoxioBurnLauncher.exe" [514544 2010-11-17] ()
HKLM\...\Run: [BCSSync] "C:\Program Files\Microsoft Office\Office14\BCSSync.exe" /DelayServices [91520 2010-03-13] (Microsoft Corporation)
HKLM\...\Run: [APSDaemon] "C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe" [59240 2011-11-01] (Apple Inc.)
HKLM\...\Run: [Everything] "C:\Program Files\Everything\Everything.exe" -startup [602624 2009-03-13] ()
HKLM\...\Run: [IgfxTray] C:\Windows\system32\igfxtray.exe [142616 2011-06-28] (Intel Corporation)
HKLM\...\Run: [HotKeysCmds] C:\Windows\system32\hkcmd.exe [177432 2011-06-28] (Intel Corporation)
HKLM\...\Run: [Persistence] C:\Windows\system32\igfxpers.exe [176408 2011-06-28] (Intel Corporation)
HKLM\...\Run: [ConnectionCenter] "C:\Program Files\Citrix\ICA Client\concentr.exe" /startup [362432 2011-12-22] (Citrix Systems, Inc.)
HKLM\...\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe" [421736 2012-01-16] (Apple Inc.)
HKLM\...\Run: [F-Secure Manager] "C:\Program Files\F-Secure\Common\FSM32.EXE" /splash [303808 2012-02-06] (F-Secure Corporation)
HKLM\...\Run: [F-Secure TNB] "C:\Program Files\F-Secure\FSGUI\TNBUtil.exe" /CHECKALL /WAITFORSW [1655488 2012-02-06] (F-Secure Corporation)
HKU\ZAK\...\Run: [IDMan] C:\Program Files\Internet Download Manager\IDMan.exe /onboot [3462552 2012-02-15] (Tonec Inc.)
HKU\ZAK\...\Run: [RocketDock] "C:\Program Files\RocketDock\RocketDock.exe" [495616 2007-09-02] ()
HKU\ZAK\...\Policies\system: [disableregistrytools] 0
Winlogon\Notify\igfxcui: igfxdev.dll (Intel Corporation)
Winlogon\Notify\spba: C:\Program Files\Common Files\SPBA\homefus2.dll [X]
Tcpip\Parameters: [DhcpNameServer] 192.168.100.11 192.168.100.10 192.168.100.26
Tcpip\..\Interfaces\{CBFF9378-4F5B-4661-9EB9-50650DACCC7F}: [NameServer]172.18.25.200
Lsa: [Authentication Packages] msv1_0
wvauth

================================ Services (Whitelisted) ==================

3 AdobeFlashPlayerUpdateSvc; C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [253600 2012-03-29] (Adobe Systems Incorporated)
2 AESTFilters; C:\Program Files\IDT\WDM\aestsrv.exe [81920 2009-03-03] (Andrea Electronics Corporation)
2 ATService; C:\Program Files\Fingerprint Sensor\AtService.exe [1803584 2010-05-10] (AuthenTec, Inc.)
2 BrcmMgmtAgent; "C:\Program Files\Broadcom\MgmtAgent\BrcmMgmtAgent.exe" -service [127488 2010-06-29] (Broadcom Corporation)
2 btwdins; C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe [660768 2011-02-08] (Broadcom Corporation.)
2 DeviceMonitorService; "C:\Program Files\Motorola Media Link\Lite\NServiceEntry.exe" [87368 2011-09-19] (Nero AG)
2 EvtEng; C:\Program Files\Intel\WiFi\bin\EvtEng.exe [936208 2010-12-23] (Intel® Corporation)
2 F-Secure Gatekeeper Handler Starter; "C:\Program Files\F-Secure\Anti-Virus\fsgk32st.exe" [221888 2012-02-06] (F-Secure Corporation)
3 F-Secure Network Request Broker; "C:\Program Files\F-Secure\Common\FNRB32.EXE" [189120 2012-02-06] (F-Secure Corporation)
2 fsdevcon; "C:\Program Files\F-Secure\Device Control\\fsdevcon32.exe" [404160 2012-02-06] (F-Secure Corporation)
3 FSDFWD; "C:\Program Files\F-Secure\FWES\Program\fsdfwd.exe" [557760 2012-02-06] (F-Secure Corporation)
2 FSMA; "C:\Program Files\F-Secure\Common\FSMA32.EXE" [189120 2012-02-06] (F-Secure Corporation)
3 FSORSPClient; "C:\Program Files\F-Secure\ORSP Client\fsorsp.exe" [62144 2012-02-06] (F-Secure Corporation)
2 HsfXAudioService; C:\Windows\system32\XAudio32.dll [410624 2009-04-29] (Conexant Systems, Inc.)
2 jhi_service; C:\Program Files\Intel\Services\IPT\jhi_service.exe [212944 2011-02-24] (Intel Corporation)
2 MBAMService; "C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe" [652360 2012-01-13] (Malwarebytes Corporation)
3 Microsoft SharePoint Workspace Audit Service; "C:\Program Files\Microsoft Office\Office14\GROOVE.EXE" /auditservice [31125880 2011-06-12] (Microsoft Corporation)
2 MotoHelper; C:\Program Files\Motorola\MotoHelper\MotoHelperService.exe [214896 2011-12-06] ()
4 NetMsmqActivator; "C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe" -NetMsmqActivator [124240 2010-03-18] (Microsoft Corporation)
4 NetPipeActivator; C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe [124240 2010-03-18] (Microsoft Corporation)
4 NetTcpActivator; C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe [124240 2010-03-18] (Microsoft Corporation)
4 NetTcpPortSharing; C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe [124240 2010-03-18] (Microsoft Corporation)
2 O2FLASH; C:\Windows\System32\DRIVERS\o2flash.exe [72296 2010-02-11] (O2Micro International)
2 RegSrvc; C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe [481552 2010-12-23] (Intel® Corporation)
3 RoxMediaDB12OEM; "C:\Program Files\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxMediaDB12OEM.exe" [1116656 2010-11-25] (Sonic Solutions)
2 RoxWatch12; "C:\Program Files\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxWatch12OEM.exe" [219632 2010-11-25] (Sonic Solutions)
3 SecureStorageService; "C:\Program Files\Dell\Dell Data Protection\Access\Advanced\Wave\Secure Storage Manager\SecureStorageService.exe" [1508232 2011-05-24] (Wave Systems Corp.)
2 SensticPocketService; C:\Program Files\Senstic\PocketControl\SensticPocketServiceWin.exe [141848 2011-08-23] (Senstic)
2 SSUService; C:\Program Files\Splashtop\Splashtop Software Updater\SSUService.exe [370504 2012-03-15] (Splashtop Inc.)
2 STacSV; C:\Program Files\IDT\WDM\STacSV.exe [274514 2011-01-25] (IDT, Inc.)
3 StorSvc; C:\Windows\System32\storsvc.dll [16384 2009-07-14] (Microsoft Corporation)
2 tcsd_win32.exe; "C:\Program Files\NTRU Cryptosystems\NTRU TCG Software Stack\bin\tcsd_win32.exe" [1633280 2011-02-17] ()
2 TdmService; "C:\Program Files\Dell\Dell Data Protection\Access\Advanced\Wave\Trusted Drive Manager\TdmService.exe" [2605424 2011-05-27] (Wave Systems Corp.)
2 Wave Authentication Manager Service; C:\Program Files\Dell\Dell Data Protection\Access\Advanced\Wave\Authentication Manager\WaveAMService.exe [1131520 2011-07-01] (Wave Systems Corp.)
2 ZcfgSvc7; C:\Program Files\Intel\WiFi\bin\ZCfgSvc7.exe [577536 2010-12-23] (Intel® Corporation)
2 dcpsysmgrsvc; "c:\Program Files\Dell\Dell System Manager\DCPSysMgrSvc.exe" [x]
2 O2SDIOAssist; c:\Windows\system32\srvany.exe [x]

========================== Drivers (Whitelisted) =============

3 Acceler; C:\Windows\System32\DRIVERS\Accelern.sys [44144 2011-07-22] (ST Microelectronics)
3 ApfiltrService; C:\Windows\System32\DRIVERS\Apfiltr.sys [295032 2011-04-05] (Alps Electric Co., Ltd.)
3 avshws; C:\Windows\System32\DRIVERS\camsource.sys [29000 2010-07-05] (Senstic)
3 Blfp; C:\Windows\System32\DRIVERS\basp.sys [88064 2010-09-03] (Broadcom Corporation)
3 BridgeMP; C:\Windows\System32\DRIVERS\bridge.sys [78336 2009-07-14] (Microsoft Corporation)
3 BTWAMPFL; C:\Windows\System32\DRIVERS\btwampfl.sys [302120 2011-09-30] (Broadcom Corporation.)
3 btwl2cap; C:\Windows\System32\DRIVERS\btwl2cap.sys [33832 2011-09-30] (Broadcom Corporation.)
1 ctxusbm; C:\Windows\System32\DRIVERS\ctxusbm.sys [66776 2011-06-29] (Citrix Systems, Inc.)
3 dmvsc; C:\Windows\System32\drivers\dmvsc.sys [62464 2010-11-20] (Microsoft Corporation)
1 dtsoftbus01; C:\Windows\System32\DRIVERS\dtsoftbus01.sys [239168 2011-11-21] (DT Soft Ltd)
4 F-Secure Filter; \??\C:\Program Files\F-Secure\Anti-Virus\Win2K\FSfilter.sys [42048 2012-02-06] ()
3 F-Secure Gatekeeper; \??\C:\Program Files\F-Secure\Anti-Virus\minifilter\fsgk.sys [149696 2012-02-06] ()
1 F-Secure HIPS; \??\C:\Program Files\F-Secure\HIPS\drivers\fshs.sys [72576 2012-02-06] (F-Secure Corporation)
4 F-Secure Recognizer; \??\C:\Program Files\F-Secure\Anti-Virus\Win2K\FSrec.sys [27328 2012-02-06] ()
0 fsbts; C:\Windows\System32\Drivers\fsbts.sys [42672 2012-03-27] ()
1 FSES; C:\Windows\System32\drivers\fses.sys [37952 2012-02-06] (F-Secure Corporation)
1 FSFW; C:\Windows\System32\drivers\fsdfw.sys [73664 2012-02-06] (F-Secure Corporation)
1 fsvista; \??\C:\Program Files\F-Secure\Anti-Virus\minifilter\fsvista.sys [14528 2012-02-06] ()
2 IDMWFP; C:\Windows\System32\DRIVERS\idmwfp.sys [91936 2012-02-08] (Tonec Inc.)
3 MEI; C:\Windows\System32\DRIVERS\HECI.sys [41088 2010-10-20] (Intel Corporation)
3 motandroidusb; C:\Windows\System32\Drivers\motoandroid.sys [25856 2009-07-10] (Motorola)
3 motccgp; C:\Windows\System32\DRIVERS\motccgp.sys [20480 2011-04-04] (Motorola)
3 motccgpfl; C:\Windows\System32\DRIVERS\motccgpfl.sys [8320 2009-01-29] (Motorola)
3 MotDev; C:\Windows\System32\DRIVERS\motodrv.sys [42752 2009-05-08] (Motorola Inc)
3 motmodem; C:\Windows\System32\DRIVERS\motmodem.sys [24064 2011-03-31] (Motorola)
3 MotoSwitchService; C:\Windows\System32\DRIVERS\motswch.sys [6400 2007-11-02] (Motorola)
3 Motousbnet; C:\Windows\System32\DRIVERS\Motousbnet.sys [23424 2010-04-01] (Motorola)
3 Netaapl; C:\Windows\System32\DRIVERS\netaapl.sys [18432 2011-08-02] (Apple Inc.)
3 netvsc; C:\Windows\System32\DRIVERS\netvsc60.sys [126464 2010-11-20] (Microsoft Corporation)
3 NETwNs32; C:\Windows\System32\DRIVERS\NETwNs32.sys [7434240 2010-12-21] (Intel Corporation)
3 O2MDFRDR; C:\Windows\System32\drivers\O2MDFw7.sys [60904 2011-01-04] (O2Micro )
3 O2MDRRDR; C:\Windows\System32\DRIVERS\O2MDRw7.sys [62440 2011-01-04] (O2Micro )
3 O2SDJRDR; C:\Windows\System32\DRIVERS\o2sdjw7.sys [63976 2011-03-23] (O2Micro )
0 PBADRV; C:\Windows\System32\DRIVERS\PBADRV.sys [26608 2010-07-21] (Dell Inc)
3 PocketAudio; C:\Windows\System32\drivers\senaudio.sys [31304 2010-03-02] (Windows ® Win 7 DDK provider)
3 Ser2pl; C:\Windows\System32\DRIVERS\ser2pl.sys [80384 2009-07-17] (Prolific Technology Inc.)
3 SynthVid; C:\Windows\System32\DRIVERS\VMBusVideoM.sys [19456 2010-11-20] (Microsoft Corporation)
3 TsUsbGD; C:\Windows\System32\drivers\TsUsbGD.sys [27264 2010-11-20] (Microsoft Corporation)
2 XAudio; C:\Windows\System32\DRIVERS\XAudio32.sys [8704 2009-04-29] (Conexant Systems, Inc.)
3 catchme; \??\C:\Users\ZAK\AppData\Local\Temp\catchme.sys [x]
3 MBAMProtector; \??\C:\Windows\system32\drivers\mbam.sys [x]
1 MpKsl14a6173d; \??\c:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{8FD493E0-2F15-467D-9F19-F0B78AD6EF75}\MpKsl14a6173d.sys [x]
1 MpKslb8545cbe; \??\c:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{7E9CF239-FC85-416C-86A6-7A527A52E528}\MpKslb8545cbe.sys [x]
1 MpKslce322d54; \??\c:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{C7CC0E3F-6494-4312-90C4-7C5C20D44005}\MpKslce322d54.sys [x]

========================== NetSvcs (Whitelisted) ===========

============ One Month Created Files and Folders ==============

2012-03-31 02:53 - 2012-03-31 02:54 - 0000000 ____D C:\FRST
2012-03-30 15:15 - 2012-03-30 15:16 - 0146642 ____A C:\TDSSKiller.2.7.23.0_30.03.2012_16.15.08_log.txt
2012-03-30 12:36 - 2012-03-30 12:37 - 0000000 ____D C:\Users\ZAK\Desktop\v3
2012-03-30 12:13 - 2012-03-30 12:13 - 0003429 ____A C:\Users\ZAK\.recently-used.xbel
2012-03-30 11:51 - 2012-03-30 13:38 - 0002343 ____A C:\Users\ZAK\Desktop\redirection.txt
2012-03-29 19:45 - 2012-03-29 19:45 - 4125344 ____A (Adobe Systems Incorporated) C:\Windows\System32\FlashPlayerInstaller.exe
2012-03-29 19:33 - 2012-03-29 21:57 - 0000000 ____D C:\Users\ZAK\AppData\Roaming\GetRightToGo
2012-03-29 19:25 - 2012-03-29 19:27 - 0000000 ___SD C:\ComboFix
2012-03-29 18:59 - 2012-03-29 18:59 - 0027015 ____A C:\ComboFix.txt
2012-03-29 18:55 - 2012-03-29 18:55 - 0000000 __SHD C:\$RECYCLE.BIN
2012-03-29 18:38 - 2012-03-30 12:15 - 0003078 ____A C:\Windows\PFRO.log
2012-03-29 18:36 - 2009-07-14 02:14 - 0016384 ____A (Microsoft Corporation) C:\Windows\System32\grpconv.exe
2012-03-29 17:45 - 2009-04-20 05:56 - 0060416 ____A (NirSoft) C:\Windows\NIRCMD.exe
2012-03-29 17:44 - 2012-03-29 19:25 - 0000000 ____D C:\Windows\ERDNT
2012-03-29 17:16 - 2012-03-29 17:17 - 0264476 ____A C:\Windows\FSISU.log
2012-03-29 17:16 - 2012-03-29 17:17 - 0046328 ____A C:\Windows\FSUNINST.log
2012-03-29 17:16 - 2012-03-29 17:17 - 0034844 ____A C:\Windows\FSDEPH.log
2012-03-29 17:16 - 2012-03-29 17:17 - 0001549 ____A C:\Windows\FSPSUNI.LOG
2012-03-29 17:12 - 2012-03-31 10:12 - 0000000 ____D C:\Program Files\RocketDock
2012-03-29 17:12 - 2012-03-29 17:12 - 6463660 ____A (Punk Software ) C:\Users\ZAK\Desktop\RocketDock-v1.3.5.exe
2012-03-29 17:08 - 2012-03-30 12:16 - 0001002 ____A C:\Windows\Tasks\Adobe Flash Player Updater.job
2012-03-29 17:08 - 2012-03-29 19:45 - 0418464 ____A (Adobe Systems Incorporated) C:\Windows\System32\FlashPlayerApp.exe
2012-03-29 17:07 - 2012-03-30 12:16 - 0000616 ____A C:\Windows\setupact.log
2012-03-29 17:07 - 2012-03-29 17:07 - 0391560 ____A C:\Windows\System32\FNTCACHE.DAT
2012-03-29 17:07 - 2012-03-29 17:07 - 0100960 ____A C:\Users\ZAK\AppData\Local\GDIPFONTCACHEV1.DAT
2012-03-29 17:07 - 2012-03-29 17:07 - 0000000 ____A C:\Windows\setuperr.log
2012-03-29 16:59 - 2012-03-29 16:59 - 0318672 ____A C:\Users\ZAK\Documents\cc_20120329_175859.reg
2012-03-29 16:46 - 2012-03-29 16:46 - 0000000 ____D C:\Program Files\CCleaner
2012-03-28 23:58 - 2012-03-28 23:58 - 3785056 ____A (BlueStack Systems, Inc.) C:\Users\ZAK\Desktop\BlueStacks-ThinInstaller_0.6.3.0686.exe
2012-03-27 21:39 - 2012-03-30 11:44 - 0001070 ____A C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-469794345-1138598025-1328498218-1000UA.job
2012-03-27 21:39 - 2012-03-29 21:44 - 0001018 ____A C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-469794345-1138598025-1328498218-1000Core.job
2012-03-27 21:39 - 2012-03-27 21:39 - 0000000 ____D C:\Users\ZAK\AppData\Local\Google
2012-03-27 21:22 - 2012-03-30 12:16 - 0000518 ____A C:\Windows\Tasks\Scheduled scanning task.job
2012-03-27 16:34 - 2012-03-27 16:40 - 0042672 ____A C:\Windows\System32\Drivers\fsbts.sys
2012-03-27 16:33 - 2012-02-06 16:36 - 0073664 ____A (F-Secure Corporation) C:\Windows\System32\Drivers\fsdfw.sys
2012-03-27 16:33 - 2012-02-06 16:36 - 0037952 ____A (F-Secure Corporation) C:\Windows\System32\Drivers\fses.sys
2012-03-27 16:23 - 2012-03-27 16:23 - 0065536 __ASH C:\Windows\System32\config\COMPONENTS{cd5e4798-eb5e-11e0-a0c2-60d819f85226}.TxR.blf
2012-03-27 15:47 - 2011-09-30 13:14 - 0002026 ____A C:\Users\All Users\Start Menu\Programs\Startup\Dell System Manager.lnk
2012-03-27 15:47 - 2011-09-30 13:08 - 0000834 ____A C:\Users\All Users\Start Menu\Programs\Startup\Bluetooth.lnk
2012-03-27 15:47 - 2011-09-30 13:07 - 0001909 ____A C:\Users\All Users\Start Menu\Programs\Startup\Digital Line Detect.lnk
2012-03-27 15:47 - 2009-07-14 05:41 - 0000174 __ASH C:\Users\All Users\Start Menu\Programs\Startup\desktop.ini
2012-03-26 22:17 - 2012-03-26 22:17 - 0000165 ____A C:\Users\ZAK\Downloads\~$CR NUIT.xlsx
2012-03-25 23:29 - 2012-03-25 23:29 - 0000000 ____D C:\Users\ZAK\AppData\Roaming\Malwarebytes
2012-03-25 23:29 - 2012-03-25 23:29 - 0000000 ____D C:\Users\All Users\Malwarebytes
2012-03-25 23:29 - 2012-03-25 23:29 - 0000000 ____D C:\ProgramData\Malwarebytes
2012-03-25 23:29 - 2012-03-25 23:29 - 0000000 ____D C:\Program Files\Malwarebytes' Anti-Malware
2012-03-25 22:46 - 2012-03-25 22:46 - 0000000 ____D C:\Program Files\Common Files\Wise Installation Wizard
2012-03-22 21:20 - 2012-03-30 12:16 - 0000000 ___RD C:\Users\ZAK\Dropbox
2012-03-22 20:52 - 2012-03-22 20:52 - 0001019 ____A C:\Users\ZAK\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk
2012-03-22 20:51 - 2012-03-30 12:16 - 0000000 ____D C:\Users\ZAK\AppData\Roaming\Dropbox
2012-03-22 00:14 - 2012-03-22 00:14 - 0241664 ____A C:\Users\ZAK\Downloads\PlanningVSI juin 2012(2).xls
2012-03-18 22:35 - 2012-03-18 22:35 - 0030051 ____A C:\Users\ZAK\Documents\FRItinerary.aspx.htm
2012-03-18 22:35 - 2012-03-18 22:35 - 0000000 ____D C:\Users\ZAK\Documents\FRItinerary.aspx_fichiers
2012-03-14 03:01 - 2011-11-19 15:50 - 3968368 ____A (Microsoft Corporation) C:\Windows\System32\ntkrnlpa.exe
2012-03-14 03:01 - 2011-11-19 15:50 - 3913584 ____A (Microsoft Corporation) C:\Windows\System32\ntoskrnl.exe
2012-03-13 20:48 - 2012-02-10 06:38 - 1077248 ____A (Microsoft Corporation) C:\Windows\System32\DWrite.dll
2012-03-13 20:48 - 2012-02-03 04:54 - 2343424 ____A (Microsoft Corporation) C:\Windows\System32\win32k.sys
2012-03-13 20:47 - 2012-01-25 06:32 - 0129536 ____A (Microsoft Corporation) C:\Windows\System32\rdpcorekmts.dll
2012-03-13 20:47 - 2012-01-25 06:32 - 0058880 ____A (Microsoft Corporation) C:\Windows\System32\rdpwsx.dll
2012-03-13 20:47 - 2012-01-25 06:27 - 0008192 ____A (Microsoft Corporation) C:\Windows\System32\rdrmemptylst.exe
2012-03-13 20:46 - 2012-02-17 06:34 - 0826880 ____A (Microsoft Corporation) C:\Windows\System32\rdpcore.dll
2012-03-13 20:46 - 2012-02-17 05:14 - 0183808 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\rdpwd.sys
2012-03-13 20:46 - 2012-02-17 05:13 - 0024576 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\tdtcp.sys
2012-03-09 01:02 - 2012-03-09 01:02 - 0027648 ____A C:\Users\ZAK\Downloads\NDF_Zakaria_Bouchfar_81_2012-03-10.xls
2012-03-09 00:58 - 2012-03-09 00:58 - 0074443 ____A C:\Users\ZAK\Downloads\20120309005157578.tif
2012-03-07 11:51 - 2009-07-17 16:53 - 0080384 ____A (Prolific Technology Inc.) C:\Windows\System32\Drivers\ser2pl.sys
2012-03-07 11:51 - 2005-08-03 16:05 - 0035892 ____A (Prolific Technology Inc.) C:\Windows\System32\SER9PL.sys
2012-03-07 11:51 - 2005-08-03 16:04 - 0026719 ____A C:\Windows\System32\SERSPL.VXD
2012-03-05 11:59 - 2012-01-23 10:46 - 0000000 ____D C:\Users\ZAK\Desktop\Al Jazeera Channels Package + HD Channels
2012-03-05 10:38 - 2012-03-05 10:40 - 0000000 ____D C:\Users\ZAK\Desktop\NAVIGON 1.6
2012-03-05 09:57 - 2009-09-02 06:13 - 0131072 ____A (Dell, Inc.) C:\Windows\System32\DellSPMsg.dll
2012-03-02 11:41 - 2012-03-29 16:56 - 0000000 ____D C:\Users\ZAK\Downloads\Apk
2012-03-01 22:46 - 2012-03-01 22:46 - 0000000 ____D C:\Users\ZAK\Documents\MotorolaMediaLink
2012-03-01 18:22 - 2012-03-01 18:22 - 0000000 ____D C:\Users\ZAK\AppData\Roaming\Roxio Burn
2012-03-01 03:41 - 2012-03-01 03:41 - 0000000 ____A C:\Windows\System32\Drivers\Msft_Kernel_motoandroid_01007.Wdf

============ 3 Months Modified Files and Folders ===============

2012-03-31 10:12 - 2012-03-29 17:12 - 0000000 ____D C:\Program Files\RocketDock
2012-03-31 10:12 - 2012-02-15 20:02 - 0000000 ____D C:\Program Files\Internet Download Manager
2012-03-31 10:12 - 2011-10-26 10:34 - 0000000 ____D C:\users\ZAK
2012-03-31 10:12 - 2011-09-30 13:10 - 0000000 ___HD C:\Windows\System32\WLANProfiles
2012-03-31 10:12 - 2009-07-14 03:37 - 0000000 ____D C:\Windows\System32\wfp
2012-03-31 10:12 - 2009-07-14 03:37 - 0000000 ____D C:\Windows\System32\DriverStore
2012-03-31 10:12 - 2009-07-14 03:37 - 0000000 ____D C:\Windows\registration
2012-03-31 10:11 - 2011-09-30 13:06 - 0000000 ____D C:\Program Files\Common Files\Java
2012-03-31 02:54 - 2012-03-31 02:53 - 0000000 ____D C:\FRST
2012-03-30 21:09 - 2009-07-14 03:37 - 0000000 ____D C:\Windows\System32\LogFiles
2012-03-30 15:16 - 2012-03-30 15:15 - 0146642 ____A C:\TDSSKiller.2.7.23.0_30.03.2012_16.15.08_log.txt
2012-03-30 15:12 - 2012-02-12 13:54 - 0000000 ____D C:\Users\ZAK\AppData\Roaming\DMCache
2012-03-30 15:12 - 2011-09-30 05:54 - 2548772864 __ASH C:\hiberfil.sys
2012-03-30 15:10 - 2011-10-26 15:27 - 0000000 ____D C:\Windows\Minidump
2012-03-30 13:38 - 2012-03-30 11:51 - 0002343 ____A C:\Users\ZAK\Desktop\redirection.txt
2012-03-30 12:37 - 2012-03-30 12:36 - 0000000 ____D C:\Users\ZAK\Desktop\v3
2012-03-30 12:23 - 2009-07-14 05:34 - 0021312 ____A C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2012-03-30 12:23 - 2009-07-14 05:34 - 0021312 ____A C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2012-03-30 12:20 - 2010-11-20 22:01 - 1720566 ____A C:\Windows\System32\PerfStringBackup.INI
2012-03-30 12:19 - 2011-09-30 13:00 - 1784696 ____A C:\Windows\WindowsUpdate.log
2012-03-30 12:16 - 2012-03-29 17:08 - 0001002 ____A C:\Windows\Tasks\Adobe Flash Player Updater.job
2012-03-30 12:16 - 2012-03-29 17:07 - 0000616 ____A C:\Windows\setupact.log
2012-03-30 12:16 - 2012-03-27 21:22 - 0000518 ____A C:\Windows\Tasks\Scheduled scanning task.job
2012-03-30 12:16 - 2012-03-22 21:20 - 0000000 ___RD C:\Users\ZAK\Dropbox
2012-03-30 12:16 - 2012-03-22 20:51 - 0000000 ____D C:\Users\ZAK\AppData\Roaming\Dropbox
2012-03-30 12:16 - 2011-09-30 13:31 - 0000000 ____D C:\Users\All Users\Sonic
2012-03-30 12:16 - 2011-09-30 13:31 - 0000000 ____D C:\ProgramData\Sonic
2012-03-30 12:16 - 2009-07-14 05:53 - 0000006 ___AH C:\Windows\Tasks\SA.DAT
2012-03-30 12:15 - 2012-03-29 18:38 - 0003078 ____A C:\Windows\PFRO.log
2012-03-30 12:14 - 2011-11-21 14:57 - 0000000 ____D C:\Users\ZAK\.gimp-2.6
2012-03-30 12:13 - 2012-03-30 12:13 - 0003429 ____A C:\Users\ZAK\.recently-used.xbel
2012-03-30 11:44 - 2012-03-27 21:39 - 0001070 ____A C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-469794345-1138598025-1328498218-1000UA.job
2012-03-30 09:42 - 2011-11-21 14:44 - 0000000 ____D C:\Program Files\Everything
2012-03-29 22:57 - 2012-02-12 13:54 - 0000000 ____D C:\Users\ZAK\Downloads\Video
2012-03-29 21:57 - 2012-03-29 19:33 - 0000000 ____D C:\Users\ZAK\AppData\Roaming\GetRightToGo
2012-03-29 21:44 - 2012-03-27 21:39 - 0001018 ____A C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-469794345-1138598025-1328498218-1000Core.job
2012-03-29 19:45 - 2012-03-29 19:45 - 4125344 ____A (Adobe Systems Incorporated) C:\Windows\System32\FlashPlayerInstaller.exe
2012-03-29 19:45 - 2012-03-29 17:08 - 0418464 ____A (Adobe Systems Incorporated) C:\Windows\System32\FlashPlayerApp.exe
2012-03-29 19:45 - 2011-09-30 13:01 - 0070304 ____A (Adobe Systems Incorporated) C:\Windows\System32\FlashPlayerCPLApp.cpl
2012-03-29 19:27 - 2012-03-29 19:25 - 0000000 ___SD C:\ComboFix
2012-03-29 19:25 - 2012-03-29 17:44 - 0000000 ____D C:\Windows\ERDNT
2012-03-29 18:59 - 2012-03-29 18:59 - 0027015 ____A C:\ComboFix.txt
2012-03-29 18:59 - 2012-01-25 14:32 - 0000000 ____D C:\users\Administrator
2012-03-29 18:59 - 2011-12-14 09:45 - 0000000 ____D C:\users\KnownHosts
2012-03-29 18:59 - 2009-07-14 03:37 - 0000000 ____D C:\users\Public
2012-03-29 18:55 - 2012-03-29 18:55 - 0000000 __SHD C:\$RECYCLE.BIN
2012-03-29 18:40 - 2009-07-14 03:04 - 0000215 ____A C:\Windows\system.ini
2012-03-29 18:39 - 2009-07-14 03:04 - 0000027 ____A C:\Windows\System32\Drivers\etc\hosts
2012-03-29 18:38 - 2011-11-21 12:30 - 0000000 ____D C:\Program Files\F-Secure
2012-03-29 18:31 - 2012-01-19 12:42 - 0000000 ____D C:\Users\ZAK\ncftp
2012-03-29 17:17 - 2012-03-29 17:16 - 0264476 ____A C:\Windows\FSISU.log
2012-03-29 17:17 - 2012-03-29 17:16 - 0046328 ____A C:\Windows\FSUNINST.log
2012-03-29 17:17 - 2012-03-29 17:16 - 0034844 ____A C:\Windows\FSDEPH.log
2012-03-29 17:17 - 2012-03-29 17:16 - 0001549 ____A C:\Windows\FSPSUNI.LOG
2012-03-29 17:12 - 2012-03-29 17:12 - 6463660 ____A (Punk Software ) C:\Users\ZAK\Desktop\RocketDock-v1.3.5.exe
2012-03-29 17:07 - 2012-03-29 17:07 - 0391560 ____A C:\Windows\System32\FNTCACHE.DAT
2012-03-29 17:07 - 2012-03-29 17:07 - 0100960 ____A C:\Users\ZAK\AppData\Local\GDIPFONTCACHEV1.DAT
2012-03-29 17:07 - 2012-03-29 17:07 - 0000000 ____A C:\Windows\setuperr.log
2012-03-29 16:59 - 2012-03-29 16:59 - 0318672 ____A C:\Users\ZAK\Documents\cc_20120329_175859.reg
2012-03-29 16:56 - 2012-03-02 11:41 - 0000000 ____D C:\Users\ZAK\Downloads\Apk
2012-03-29 16:56 - 2012-02-12 13:54 - 0000000 ____D C:\Users\ZAK\Downloads\Compressed
2012-03-29 16:53 - 2011-12-12 16:35 - 0000000 ____D C:\Users\ZAK\AppData\Roaming\FileZilla
2012-03-29 16:53 - 2011-11-28 23:15 - 0000000 ____D C:\Users\ZAK\Tracing
2012-03-29 16:53 - 2011-11-21 15:00 - 0000000 ____D C:\Users\ZAK\AppData\Roaming\uTorrent
2012-03-29 16:53 - 2011-02-12 01:52 - 0000000 ____D C:\Windows\panther
2012-03-29 16:53 - 2009-07-14 03:37 - 0000000 ____D C:\Windows\ModemLogs
2012-03-29 16:46 - 2012-03-29 16:46 - 0000000 ____D C:\Program Files\CCleaner
2012-03-29 04:34 - 2012-02-25 15:57 - 0000000 ____D C:\Users\ZAK\AppData\Local\Motorola
2012-03-28 23:58 - 2012-03-28 23:58 - 3785056 ____A (BlueStack Systems, Inc.) C:\Users\ZAK\Desktop\BlueStacks-ThinInstaller_0.6.3.0686.exe
2012-03-28 00:17 - 2011-09-30 13:14 - 0002377 ____A C:\freefallprotection.log
2012-03-28 00:17 - 2011-09-30 13:06 - 0000000 ____D C:\Program Files\InstallShield Installation Information
2012-03-27 21:39 - 2012-03-27 21:39 - 0000000 ____D C:\Users\ZAK\AppData\Local\Google
2012-03-27 16:40 - 2012-03-27 16:34 - 0042672 ____A C:\Windows\System32\Drivers\fsbts.sys
2012-03-27 16:33 - 2011-11-21 12:40 - 0000000 ____D C:\Users\All Users\fssg
2012-03-27 16:33 - 2011-11-21 12:40 - 0000000 ____D C:\ProgramData\fssg
2012-03-27 16:33 - 2011-11-21 12:30 - 0000000 ____D C:\Users\All Users\F-Secure
2012-03-27 16:33 - 2011-11-21 12:30 - 0000000 ____D C:\ProgramData\F-Secure
2012-03-27 16:23 - 2012-03-27 16:23 - 0065536 __ASH C:\Windows\System32\config\COMPONENTS{cd5e4798-eb5e-11e0-a0c2-60d819f85226}.TxR.blf
2012-03-27 16:09 - 2011-10-26 14:22 - 0000000 ____D C:\Program Files\Mozilla Firefox
2012-03-27 15:06 - 2011-09-30 13:15 - 0000422 _RASH C:\Users\All Users\ntuser.pol
2012-03-27 15:06 - 2011-09-30 13:15 - 0000422 _RASH C:\ProgramData\ntuser.pol
2012-03-26 22:17 - 2012-03-26 22:17 - 0000165 ____A C:\Users\ZAK\Downloads\~$CR NUIT.xlsx
2012-03-26 13:13 - 2009-07-14 03:37 - 0000000 ____D C:\Windows\Help
2012-03-25 23:38 - 2011-10-26 10:35 - 0000000 ____D C:\Users\ZAK\AppData\Local\VirtualStore
2012-03-25 23:29 - 2012-03-25 23:29 - 0000000 ____D C:\Users\ZAK\AppData\Roaming\Malwarebytes
2012-03-25 23:29 - 2012-03-25 23:29 - 0000000 ____D C:\Users\All Users\Malwarebytes
2012-03-25 23:29 - 2012-03-25 23:29 - 0000000 ____D C:\ProgramData\Malwarebytes
2012-03-25 23:29 - 2012-03-25 23:29 - 0000000 ____D C:\Program Files\Malwarebytes' Anti-Malware
2012-03-25 22:46 - 2012-03-25 22:46 - 0000000 ____D C:\Program Files\Common Files\Wise Installation Wizard
2012-03-22 22:42 - 2012-01-03 00:12 - 0000000 ____D C:\Users\ZAK\AppData\Roaming\Splashtop Remote Client
2012-03-22 20:52 - 2012-03-22 20:52 - 0001019 ____A C:\Users\ZAK\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk
2012-03-22 00:14 - 2012-03-22 00:14 - 0241664 ____A C:\Users\ZAK\Downloads\PlanningVSI juin 2012(2).xls
2012-03-20 23:48 - 2012-01-24 23:24 - 0011569 ____A C:\Users\ZAK\Downloads\CR NUIT.xlsx
2012-03-20 20:55 - 2011-11-24 06:27 - 0000000 ____D C:\Users\ZAK\AppData\Roaming\DiskAid
2012-03-19 09:11 - 2011-12-12 08:13 - 0000000 ____D C:\Users\ZAK\AppData\Local\Zimbra
2012-03-18 23:41 - 2012-02-16 09:59 - 0002492 ____A C:\Users\ZAK\Desktop\trip.txt
2012-03-18 22:35 - 2012-03-18 22:35 - 0030051 ____A C:\Users\ZAK\Documents\FRItinerary.aspx.htm
2012-03-18 22:35 - 2012-03-18 22:35 - 0000000 ____D C:\Users\ZAK\Documents\FRItinerary.aspx_fichiers
2012-03-15 08:43 - 2011-10-27 21:03 - 0000000 ____D C:\Users\ZAK\AppData\Roaming\vlc
2012-03-14 21:32 - 2012-02-28 12:01 - 0002123 ____A C:\Users\ZAK\Desktop\doc.txt
2012-03-14 16:46 - 2011-11-21 14:59 - 0000000 ____D C:\Users\ZAK\AppData\Roaming\Audacity
2012-03-14 03:02 - 2011-11-11 13:05 - 54215544 ____A (Microsoft Corporation) C:\Windows\System32\MRT.exe
2012-03-14 03:02 - 2011-11-03 11:44 - 0000000 ____D C:\Users\All Users\Microsoft Help
2012-03-14 03:02 - 2011-11-03 11:44 - 0000000 ____D C:\ProgramData\Microsoft Help
2012-03-09 01:02 - 2012-03-09 01:02 - 0027648 ____A C:\Users\ZAK\Downloads\NDF_Zakaria_Bouchfar_81_2012-03-10.xls
2012-03-09 00:58 - 2012-03-09 00:58 - 0074443 ____A C:\Users\ZAK\Downloads\20120309005157578.tif
2012-03-06 10:36 - 2011-10-26 16:00 - 0000000 ____D C:\Program Files\JDownloader
2012-03-05 15:56 - 2012-01-10 12:43 - 0000000 ____D C:\Program Files\Mozilla Thunderbird
2012-03-05 10:40 - 2012-03-05 10:38 - 0000000 ____D C:\Users\ZAK\Desktop\NAVIGON 1.6
2012-03-05 09:57 - 2011-02-12 01:52 - 0000000 ____D C:\dell
2012-03-01 22:46 - 2012-03-01 22:46 - 0000000 ____D C:\Users\ZAK\Documents\MotorolaMediaLink
2012-03-01 22:46 - 2012-02-25 15:56 - 0000000 ____D C:\Users\All Users\Motorola
2012-03-01 22:46 - 2012-02-25 15:56 - 0000000 ____D C:\ProgramData\Motorola
2012-03-01 22:46 - 2012-02-23 16:02 - 0000000 ____D C:\Users\ZAK\AppData\Roaming\Motorola
2012-03-01 18:22 - 2012-03-01 18:22 - 0000000 ____D C:\Users\ZAK\AppData\Roaming\Roxio Burn
2012-03-01 13:59 - 2012-02-25 15:57 - 0000069 ____A C:\Windows\NeroDigital.ini
2012-03-01 04:43 - 2012-02-23 16:00 - 0000000 ____D C:\Program Files\Motorola
2012-03-01 03:41 - 2012-03-01 03:41 - 0000000 ____A C:\Windows\System32\Drivers\Msft_Kernel_motoandroid_01007.Wdf
2012-02-29 23:47 - 2012-02-29 23:47 - 0248320 ____A C:\Users\ZAK\Downloads\PlanningVSI juin 2012(1).xls
2012-02-28 09:15 - 2011-10-26 15:23 - 0000000 ____D C:\Program Files\The KMPlayer FR
2012-02-27 16:54 - 2012-01-01 22:09 - 0001835 ____A C:\Users\ZAK\.swfinfo
2012-02-27 15:13 - 2012-02-27 15:08 - 50035048 ____A C:\Users\ZAK\Downloads\Towers_N%27_Trolls_HD_%28v1.0_3GS_os40%29-most_uniQue.ipa
2012-02-27 15:07 - 2012-02-27 15:06 - 18780787 ____A C:\Users\ZAK\Downloads\munch_time_hd_v1.0_BrownCrowe.ipa
2012-02-27 15:06 - 2012-02-27 15:05 - 9246873 ____A C:\Users\ZAK\Downloads\Tapped.Out-v1.0.0-WYSE.ipa
2012-02-27 15:04 - 2012-02-27 15:04 - 4159271 ____A C:\Users\ZAK\Downloads\Evi-v1.1.0.56111-cupcini.ipa
2012-02-27 14:34 - 2012-02-14 02:37 - 0244224 ____A C:\Users\ZAK\Downloads\PlanningVSI juin 2012.xls
2012-02-27 14:08 - 2012-02-27 14:08 - 0000000 ____D C:\Users\ZAK\Documents\WCDMA BTS Site Manager Data
2012-02-25 20:37 - 2012-02-25 20:32 - 0000000 ____D C:\Users\ZAK\Desktop\Nouveau dossier
2012-02-25 17:05 - 2012-01-25 14:14 - 0000000 ____D C:\Users\ZAK\Desktop\photos asma
2012-02-25 15:57 - 2012-02-25 15:57 - 0000000 ____D C:\Users\ZAK\Documents\Podcast
2012-02-25 15:57 - 2012-02-25 15:57 - 0000000 ____D C:\Users\All Users\Motorola Media Link
2012-02-25 15:57 - 2012-02-25 15:57 - 0000000 ____D C:\ProgramData\Motorola Media Link
2012-02-25 15:57 - 2012-02-25 15:57 - 0000000 ____D C:\Program Files\Common Files\Nero
2012-02-25 15:57 - 2012-02-25 15:57 - 0000000 ____D C:\Program Files\Common Files\MSSoap
2012-02-25 15:57 - 2012-02-25 15:57 - 0000000 ____D C:\Binaries
2012-02-25 15:57 - 2012-02-25 15:56 - 0000000 ____D C:\Users\All Users\Nero
2012-02-25 15:57 - 2012-02-25 15:56 - 0000000 ____D C:\ProgramData\Nero
2012-02-25 15:56 - 2012-02-25 15:56 - 0000000 ____D C:\Program Files\Motorola Media Link
2012-02-25 15:55 - 2011-12-13 13:26 - 0000000 ____D C:\Users\ZAK\AppData\Local\Downloaded Installations
2012-02-24 15:21 - 2011-12-12 10:39 - 0000000 ____D C:\Users\ZAK\Desktop\Bureau
2012-02-24 13:13 - 2012-02-24 10:39 - 0002248 ____A C:\Users\ZAK\Desktop\netact.txt
2012-02-23 23:24 - 2012-02-23 23:24 - 0018889 ____A C:\Users\ZAK\Documents\contact zak.csv
2012-02-23 23:17 - 2012-02-23 23:17 - 0000000 ____A C:\Windows\System32\Drivers\Msft_Kernel_Motousbnet_01007.Wdf
2012-02-23 23:17 - 2012-02-23 23:17 - 0000000 ____A C:\Windows\System32\Drivers\Msft_Kernel_motmodem_01007.Wdf
2012-02-23 23:17 - 2012-02-23 23:17 - 0000000 ____A C:\Windows\System32\Drivers\Msft_Kernel_motfilt_01007.Wdf
2012-02-23 23:16 - 2012-02-23 23:16 - 0000000 ____A C:\Windows\System32\Drivers\Msft_Kernel_motusbdevice_01007.Wdf
2012-02-23 23:16 - 2012-02-23 23:16 - 0000000 ____A C:\Windows\System32\Drivers\Msft_Kernel_motccgpfl_01007.Wdf
2012-02-23 23:16 - 2012-02-23 23:16 - 0000000 ____A C:\Windows\System32\Drivers\Msft_Kernel_motccgp_01007.Wdf
2012-02-23 16:01 - 2012-02-23 16:01 - 0000000 ____D C:\Program Files\Common Files\Motorola Shared
2012-02-23 14:11 - 2012-01-26 12:24 - 0000000 ____D C:\Users\ZAK\Desktop\contact asma
2012-02-23 09:18 - 2011-10-26 14:28 - 0237072 ____N (Microsoft Corporation) C:\Windows\System32\MpSigStub.exe
2012-02-21 23:12 - 2012-02-21 23:12 - 0000000 ____D C:\Users\ZAK\Documents\BTS Site Manager Data
2012-02-21 22:55 - 2011-06-29 13:32 - 0001722 ____A C:\yubikey.bat
2012-02-21 22:53 - 2012-02-21 22:53 - 0000000 ____D C:\Users\ZAK\InstallAnywhere
2012-02-21 22:53 - 2012-02-21 22:53 - 0000000 ____D C:\Program Files\Zero G Registry
2012-02-21 22:53 - 2012-02-21 22:53 - 0000000 ____D C:\Program Files\Nokia Siemens Networks
2012-02-21 22:53 - 2011-09-30 13:21 - 0000000 ____D C:\Program Files\Common Files\InstallShield
2012-02-20 14:52 - 2012-02-20 14:47 - 0232377 ____A C:\Users\ZAK\Documents\Constits_lignes_FM_06012012.csv
2012-02-20 14:21 - 2012-02-20 14:02 - 160069599 ____A C:\Users\ZAK\Downloads\Mexico-v1.9-Yeudiel.ipa
2012-02-20 14:10 - 2012-02-20 14:02 - 5012618 ____A C:\Users\ZAK\Downloads\Metro_Mexico_city-v1.1-y.ipa
2012-02-20 14:06 - 2012-02-20 14:02 - 36362660 ____A C:\Users\ZAK\Downloads\MEXICO-v2.0.1-xxxkofmaster.ipa
2012-02-20 14:06 - 2012-02-20 14:02 - 1728534 ____A C:\Users\ZAK\Downloads\MetroMexico-2.2-MrFiggs.ipa
2012-02-20 14:01 - 2012-02-20 14:00 - 4310042 ____A C:\Users\ZAK\Downloads\Mexico_Metro-v1.0-y.ipa
2012-02-20 11:33 - 2011-11-21 15:52 - 0000000 ____D C:\Users\ZAK\AppData\Roaming\Foxit Software
2012-02-17 13:11 - 2009-07-14 03:37 - 0000000 ____D C:\Windows\Microsoft.NET
2012-02-17 12:25 - 2012-02-17 12:25 - 0068855 ____A C:\Users\ZAK\Documents\20120217121533914.tif
2012-02-17 10:27 - 2012-02-17 10:27 - 0000000 ____D C:\Program Files\iTunes
2012-02-17 10:27 - 2012-02-17 10:27 - 0000000 ____D C:\Program Files\iPod
2012-02-17 10:27 - 2011-11-09 23:21 - 0000000 ____D C:\Program Files\Common Files\Apple
2012-02-17 06:34 - 2012-03-13 20:46 - 0826880 ____A (Microsoft Corporation) C:\Windows\System32\rdpcore.dll
2012-02-17 05:14 - 2012-03-13 20:46 - 0183808 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\rdpwd.sys
2012-02-17 05:13 - 2012-03-13 20:46 - 0024576 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\tdtcp.sys
2012-02-16 16:36 - 2012-01-10 12:43 - 0000000 ____D C:\Users\ZAK\AppData\Local\Thunderbird
2012-02-16 09:28 - 2011-09-30 13:24 - 0000000 ____D C:\Program Files\Microsoft Silverlight
2012-02-15 21:20 - 2012-02-15 20:02 - 0000000 ____D C:\Users\ZAK\AppData\Roaming\IDM
2012-02-15 17:44 - 2012-02-15 17:43 - 0001058 ____A C:\Users\ZAK\Desktop\route.txt
2012-02-15 13:42 - 2011-11-02 18:46 - 0030963 ____A C:\Users\ZAK\Desktop\demande acces.docx
2012-02-15 10:43 - 2011-10-26 10:35 - 0000890 ____A C:\Users\ZAK\Documents\Downloads.lnk
2012-02-15 10:43 - 2011-10-26 10:35 - 0000174 ___SH C:\Users\ZAK\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\desktop.ini
2012-02-14 23:25 - 2012-02-14 23:25 - 0000000 ____D C:\Program Files\Logitech Touch Mouse Server
2012-02-14 05:25 - 2012-01-31 10:05 - 2152763 ____A C:\jane_ok.txt
2012-02-12 15:53 - 2012-02-12 15:53 - 0000000 ____D C:\Users\ZAK\AppData\Local\Miro
2012-02-12 15:52 - 2012-02-12 15:52 - 0000000 ____D C:\Program Files\Participatory Culture Foundation
2012-02-12 15:39 - 2012-02-11 23:54 - 0000000 ____D C:\Perl
2012-02-12 14:54 - 2011-11-03 12:09 - 0000000 ____D C:\Windows\System32\appmgmt
2012-02-12 14:01 - 2012-02-12 14:01 - 0000000 ____D C:\Users\ZAK\AppData\Roaming\Hensense.com
2012-02-12 13:17 - 2012-02-10 23:08 - 0000000 ____D C:\Users\ZAK\AppData\Roaming\Orbit
2012-02-12 13:14 - 2012-02-12 13:11 - 0000000 ____D C:\Users\ZAK\AppData\Local\Jaksta_Technologies_Pty_L
2012-02-12 13:09 - 2012-02-12 13:09 - 0000000 ____D C:\Users\All Users\Applian
2012-02-12 13:09 - 2012-02-12 13:09 - 0000000 ____D C:\ProgramData\Applian
2012-02-12 00:04 - 2012-02-12 00:04 - 0000000 ____D C:\Users\ZAK\AppData\Local\ActiveState
2012-02-11 23:58 - 2012-02-11 23:58 - 0000000 ____D C:\Users\ZAK\.streamCapture
2012-02-10 23:27 - 2012-02-10 23:25 - 0000000 ____D C:\Users\ZAK\AppData\Local\Conduit
2012-02-10 23:27 - 2011-10-26 10:34 - 0000000 ____D C:\Users\ZAK\AppData\LocalLow
2012-02-10 23:24 - 2012-02-10 23:24 - 0000000 ____D C:\Users\ZAK\Documents\Freecorder
2012-02-10 23:24 - 2012-02-10 23:24 - 0000000 ____D C:\Users\ZAK\AppData\Local\FLVService
2012-02-10 23:08 - 2012-02-10 23:08 - 0000000 ____D C:\Users\ZAK\AppData\Roaming\ProgSense
2012-02-10 06:38 - 2012-03-13 20:48 - 1077248 ____A (Microsoft Corporation) C:\Windows\System32\DWrite.dll
2012-02-09 23:08 - 2012-02-09 23:07 - 0027648 ____A C:\Users\ZAK\Downloads\NDF_Zakaria_Bouchfar_77_2012-02-10.xls
2012-02-09 23:04 - 2012-02-09 23:04 - 0040115 ____A C:\Users\ZAK\Documents\20120209225617240.tif
2012-02-09 23:03 - 2012-02-09 23:03 - 0106013 ____A C:\Users\ZAK\Documents\20120209225604490.tif
2012-02-08 09:09 - 2011-11-03 11:39 - 0000000 ____D C:\Users\ZAK\Desktop\Office Professionnel Plus Finale FR 32 BITS + Activation à vie
2012-02-08 09:07 - 2012-01-06 22:07 - 0000000 ____D C:\Users\ZAK\Desktop\photos s.a.m
2012-02-08 03:13 - 2012-02-07 16:42 - 0091936 ____A (Tonec Inc.) C:\Windows\System32\Drivers\idmwfp.sys
2012-02-07 19:25 - 2009-07-14 03:37 - 0000000 ____D C:\Windows\System32\NDF
2012-02-07 15:55 - 2012-02-07 15:46 - 0000000 ____D C:\Users\ZAK\AppData\Roaming\ICAClient
2012-02-07 15:53 - 2012-02-07 15:53 - 0000000 ____D C:\devcon
2012-02-07 15:47 - 2012-02-07 15:46 - 0000000 ____D C:\Users\ZAK\AppData\Local\Citrix
2012-02-07 15:47 - 2012-02-07 15:46 - 0000000 ____D C:\Users\All Users\Citrix
2012-02-07 15:47 - 2012-02-07 15:46 - 0000000 ____D C:\ProgramData\Citrix
2012-02-07 15:47 - 2012-02-07 15:46 - 0000000 ____D C:\Program Files\Citrix
2012-02-07 15:46 - 2012-02-07 15:46 - 0000000 ____D C:\Program Files\Common Files\Citrix
2012-02-07 15:45 - 2012-02-07 15:45 - 31319992 ____A (Citrix Systems, Inc.) C:\Users\ZAK\Documents\CitrixReceiver.exe
2012-02-07 15:45 - 2012-02-07 15:45 - 0000000 ____D C:\Users\ZAK\AppData\Roaming\Download Manager
2012-02-07 14:46 - 2012-02-07 14:46 - 0644496 ____A C:\Users\ZAK\Documents\NetAct_presentation_Supervision.pptx
2012-02-06 16:36 - 2012-03-27 16:33 - 0073664 ____A (F-Secure Corporation) C:\Windows\System32\Drivers\fsdfw.sys
2012-02-06 16:36 - 2012-03-27 16:33 - 0037952 ____A (F-Secure Corporation) C:\Windows\System32\Drivers\fses.sys
2012-02-06 12:24 - 2012-02-06 08:43 - 0243712 ____A C:\Users\ZAK\Downloads\PlanningVSI-01-03-2012(2).xls
2012-02-06 10:39 - 2012-02-06 10:39 - 0165888 ____A C:\Users\ZAK\Downloads\PlanningVSI-01-03-2012(3).xls
2012-02-06 10:14 - 2012-02-06 10:14 - 0000000 ____D C:\Users\ZAK\Desktop\planning vsi
2012-02-06 10:08 - 2012-02-06 10:08 - 0081837 ____A C:\Users\ZAK\Documents\Note de service sur les congés payés 2012-01-25.pdf
2012-02-05 12:55 - 2012-02-05 12:55 - 0662415 ____A C:\Users\ZAK\Downloads\fiche_deco_customise2_fr.pdf
2012-02-05 00:17 - 2012-02-05 00:17 - 0000000 ____D C:\Users\ZAK\Documents\Dell WebCam Central
2012-02-05 00:17 - 2012-02-05 00:17 - 0000000 ____D C:\Users\All Users\Creative
2012-02-05 00:17 - 2012-02-05 00:17 - 0000000 ____D C:\ProgramData\Creative
2012-02-04 23:23 - 2012-02-04 23:23 - 0000213 ____N C:\Users\ZAK\Downloads\error.log
2012-02-03 13:12 - 2011-12-15 19:52 - 0000000 ____D C:\Users\ZAK\binloadapp
2012-02-03 13:12 - 2011-12-15 19:52 - 0000000 ____D C:\Users\ZAK\binload
2012-02-03 11:51 - 2012-02-03 10:03 - 0007943 ____A C:\Users\ZAK\Desktop\gintama.txt
2012-02-03 04:54 - 2012-03-13 20:48 - 2343424 ____A (Microsoft Corporation) C:\Windows\System32\win32k.sys
2012-02-02 00:50 - 2012-02-02 00:50 - 5945585 ____A C:\Users\ZAK\Downloads\fo-completel.pdf
2012-02-02 00:35 - 2012-02-02 00:35 - 0081731 ____A C:\Users\ZAK\Downloads\budget-optique110611.pdf
2012-02-01 19:53 - 2012-02-01 19:53 - 0232703 ____A C:\Users\ZAK\Downloads\5-3.pdf
2012-01-31 18:37 - 2011-12-21 15:45 - 0000000 ____D C:\Users\ZAK\AppData\Roaming\redsn0w
2012-01-31 10:36 - 2011-11-21 14:30 - 0000000 ____D C:\Users\ZAK\AppData\Roaming\DAEMON Tools Lite
2012-01-31 09:57 - 2012-01-31 09:57 - 0000000 ____D C:\Users\ZAK\AppData\Local\Apps\2.0
2012-01-31 09:56 - 2012-01-31 09:56 - 0681984 ____A (Neil Hodgson neilh@scintilla.org) C:\Sc303.exe
2012-01-30 23:09 - 2012-01-30 23:09 - 0447274 ____A C:\Users\ZAK\Downloads\plaquette_regulations.pdf
2012-01-30 15:23 - 2012-01-30 15:23 - 0935122 ____A C:\Users\ZAK\Downloads\infos_cmd_fm_20120130-134001.csv
2012-01-30 12:34 - 2012-01-30 12:34 - 0159232 ____A C:\Users\ZAK\Downloads\PlanningVSI-01-03-2012(1).xls
2012-01-28 00:09 - 2009-07-14 03:37 - 0000000 ____D C:\Windows\LiveKernelReports
2012-01-27 23:24 - 2011-02-17 00:25 - 0018528 ____A C:\Users\ZAK\Documents\SALAIRE.xlsx
2012-01-26 12:24 - 2012-01-26 12:24 - 0483363 ____A C:\Users\ZAK\Downloads\factures.zip
2012-01-26 12:20 - 2012-01-26 12:20 - 0177407 ____A C:\Users\ZAK\Downloads\facture018918472340.pdf
2012-01-25 14:33 - 2012-01-25 14:18 - 0000000 ____D C:\Users\ZAK\Desktop\data asma
2012-01-25 06:32 - 2012-03-13 20:47 - 0129536 ____A (Microsoft Corporation) C:\Windows\System32\rdpcorekmts.dll
2012-01-25 06:32 - 2012-03-13 20:47 - 0058880 ____A (Microsoft Corporation) C:\Windows\System32\rdpwsx.dll
2012-01-25 06:27 - 2012-03-13 20:47 - 0008192 ____A (Microsoft Corporation) C:\Windows\System32\rdrmemptylst.exe
2012-01-25 03:33 - 2012-01-25 03:32 - 0046080 ____A C:\Users\ZAK\Downloads\R%e9servations%20Free%20Bourges%20URA%20Perrieres_URA%20Laudier.xls
2012-01-23 23:12 - 2012-01-23 22:25 - 0000000 ____D C:\Users\ZAK\Documents\Mes fichiers reçus
2012-01-23 14:58 - 2012-01-23 14:58 - 0000059 ____A C:\Users\ZAK\Downloads\lien_dl_6139.txt
2012-01-23 14:58 - 2012-01-19 12:42 - 0002207 ____A C:\Users\ZAK\Downloads\dl_log.txt
2012-01-23 13:10 - 2012-01-23 13:10 - 4206080 ____A C:\Users\ZAK\Downloads\Planning S04.xls
2012-01-23 12:59 - 2012-01-23 12:59 - 1291024 ____A C:\sjs.2
2012-01-23 12:59 - 2012-01-23 12:59 - 0698089 ____A C:\sjs.3
2012-01-23 12:55 - 2012-01-23 12:55 - 0000000 ____D C:\Users\ZAK\Desktop\absinthe
2012-01-23 12:55 - 2012-01-23 12:55 - 0000000 ____D C:\Users\ZAK\AppData\Local\libimobiledevice
2012-01-23 11:11 - 2012-01-23 11:11 - 0004674 ____A C:\Users\ZAK\Downloads\echo__10)_al_jazeera_sport_hd1_.bat
2012-01-23 10:46 - 2012-03-05 11:59 - 0000000 ____D C:\Users\ZAK\Desktop\Al Jazeera Channels Package + HD Channels
2012-01-22 22:24 - 2012-01-22 22:24 - 0207731 ____A C:\Users\ZAK\Downloads\ce 91337.pdf
2012-01-20 10:13 - 2012-01-20 10:13 - 0000000 ____D C:\Users\ZAK\AppData\Roaming\Azuon
2012-01-19 15:21 - 2012-01-19 15:21 - 0013641 ____A C:\Users\ZAK\Downloads\lls39-2.txt
2012-01-19 12:45 - 2012-01-19 12:45 - 0000074 ____A C:\Users\ZAK\Downloads\lien_dl_31362.txt
2012-01-18 13:55 - 2012-01-10 13:59 - 0000303 ____A C:\Users\ZAK\Desktop\iphone.txt
2012-01-17 06:53 - 2012-01-16 23:34 - 0011808 ____A C:\Users\ZAK\Downloads\4-5012012.xlsx
2012-01-16 23:31 - 2012-01-16 09:45 - 4212224 ____A C:\Users\ZAK\Downloads\Planning S03.xls
2012-01-14 19:39 - 2012-01-14 19:39 - 5304422 ____A C:\Users\ZAK\Downloads\NT_acleis_amelia.pdf
2012-01-13 05:30 - 2012-01-13 05:30 - 0001706 ____A C:\Users\ZAK\Downloads\flash mini10G.txt
2012-01-10 20:58 - 2012-01-10 20:58 - 0140415 ____A C:\Users\ZAK\Downloads\Fiche_information_standardisée_10_01_12.pdf
2012-01-10 19:52 - 2012-01-10 19:52 - 0499722 ____A C:\Users\ZAK\Downloads\tarifs.pdf
2012-01-10 19:47 - 2012-01-10 19:47 - 0161009 ____A C:\Users\ZAK\Downloads\Conditions_generales_d'abonnement_au_10_01_12.pdf
2012-01-10 19:44 - 2012-01-10 19:44 - 0189005 ____A C:\Users\ZAK\Downloads\Conditions_generales_de_vente_au_10_01_12.pdf
2012-01-10 13:45 - 2012-01-10 13:45 - 0031712 ____A C:\Users\ZAK\Documents\Note d'information congés exceptionnels 2012-01-04.docx
2012-01-10 13:43 - 2012-01-10 13:43 - 0022290 ____A C:\Users\ZAK\Documents\Congés Exceptionnels 2011-01-06.docx
2012-01-10 13:40 - 2012-01-10 13:40 - 0095759 ____A C:\Users\ZAK\Documents\(Note d'information mutuelle et prévoyance 2011-12-21).pdf
2012-01-10 13:39 - 2012-01-10 13:39 - 0494510 ____A C:\Users\ZAK\Documents\Note Interne réorganisation 010112.pdf
2012-01-10 13:37 - 2012-01-10 13:37 - 0088356 ____A C:\Users\ZAK\Documents\Note de service sur la procédure en cas d'absences 2011-11-25.pdf
2012-01-10 13:09 - 2012-01-10 13:07 - 0006144 __ASH C:\Users\ZAK\AppData\Roaming\Thumbs.db
2012-01-10 12:43 - 2012-01-10 12:43 - 0000000 ____D C:\Users\ZAK\AppData\Roaming\Thunderbird
2012-01-10 11:00 - 2012-01-10 10:46 - 0028672 ____A C:\Users\ZAK\Downloads\NDF_Zakaria_Bouchfar_73_2012-01-10.xls
2012-01-10 10:40 - 2012-01-10 10:40 - 4782021 ____A C:\Users\ZAK\Downloads\CP_D_DAY_100112.pdf
2012-01-10 10:40 - 2012-01-10 10:40 - 0143893 ____A C:\Users\ZAK\Downloads\CP_Free_Iphone_100112.pdf
2012-01-10 10:24 - 2012-01-10 10:24 - 0097673 ____A C:\Users\ZAK\Downloads\20120110101755441.tif
2012-01-10 10:24 - 2012-01-10 10:24 - 0091038 ____A C:\Users\ZAK\Downloads\20120110101807795.tif
2012-01-10 10:24 - 2012-01-10 10:24 - 0071503 ____A C:\Users\ZAK\Downloads\20120110101819690.tif
2012-01-05 14:10 - 2012-01-05 14:10 - 0015840 ____A C:\Windows\System32\results.xml
2012-01-05 14:10 - 2011-09-30 13:16 - 0000000 ____D C:\Program Files\DIFX
2012-01-05 14:10 - 2011-09-30 13:09 - 0000000 ____D C:\Users\All Users\Intel
2012-01-05 14:10 - 2011-09-30 13:09 - 0000000 ____D C:\ProgramData\Intel
2012-01-05 03:20 - 2011-09-30 05:55 - 0000000 ____D C:\Program Files\Intel
2012-01-05 03:19 - 2011-09-30 05:55 - 0000000 ____D C:\Intel
2012-01-05 03:17 - 2011-10-26 10:35 - 0000000 ____D C:\Users\ZAK\AppData\Local\Dell
2012-01-05 03:08 - 2012-01-05 03:08 - 0000000 ____A C:\Windows\invcol.tmp
2012-01-04 09:59 - 2012-02-15 01:04 - 12872704 ____A (Microsoft Corporation) C:\Windows\System32\shell32.dll
2012-01-04 09:58 - 2012-02-15 01:04 - 0442880 ____A (Microsoft Corporation) C:\Windows\System32\ntshrui.dll
2012-01-03 00:21 - 2012-01-03 00:21 - 0000000 ____D C:\Users\ZAK\AppData\Local\{144B42D3-144F-466A-BA16-79245A51069E}
2012-01-03 00:12 - 2012-01-03 00:12 - 0000000 ____D C:\Users\All Users\Splashtop
2012-01-03 00:12 - 2012-01-03 00:12 - 0000000 ____D C:\Users\All Users\Downloaded Installations
2012-01-03 00:12 - 2012-01-03 00:12 - 0000000 ____D C:\ProgramData\Splashtop
2012-01-03 00:12 - 2012-01-03 00:12 - 0000000 ____D C:\ProgramData\Downloaded Installations
2012-01-03 00:12 - 2012-01-03 00:12 - 0000000 ____D C:\Program Files\Splashtop

========================= Known DLLs (Whitelisted) ============


========================= Bamital & volsnap Check ============

C:\Windows\explorer.exe => MD5 is legit

C:\Windows\System32\winlogon.exe => MD5 is legit

C:\Windows\System32\wininit.exe => MD5 is legit

C:\Windows\System32\svchost.exe => MD5 is legit

C:\Windows\System32\User32.dll => MD5 is legit

C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit

========================= Memory info ======================

Percentage of memory in use: 12%
Total physical RAM: 3992.93 MB
Available physical RAM: 3477.99 MB
Total Pagefile: 3991.22 MB
Available Pagefile: 3477.55 MB
Total Virtual: 2047.88 MB
Available Virtual: 1970.29 MB

======================= Partitions =========================

1 Drive c: (OS) (Fixed) (Total:232.1 GB) (Free:8.3 GB) NTFS
3 Drive f: (298G) (Fixed) (Total:298.02 GB) (Free:15.31 GB) FAT32
4 Drive x: (Boot) (Fixed) (Total:0.03 GB) (Free:0.03 GB) NTFS
5 Drive y: (RECOVERY) (Fixed) (Total:0.73 GB) (Free:0.53 GB) NTFS ==>[System with boot components (obtained from reading drive)]

Nّ disque Statut Taille Libre Dyn GPT
--------- ------------- ------- ------- --- ---
Disque 0 En ligne 232 G octets 8 M octets
Disque 1 En ligne 298 G octets 1024 K octets

Partitions of Disk 0:
===============

Nّ partition Type Taille D‚calage
------------- ---------------- ------- --------
Partition 1 OEM 39 M 31 K
Partition 2 Principale 752 M 40 M
Partition 3 Principale 232 G 792 M

======================================================================================================

Disk: 0
Partition 1
Type : DE
Masqu‚ : Oui
Active : Non
D‚calage en octets : 32256

Nّ volume Ltr Nom Fs Type Taille Statut Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 4 FAT Partition 39 M Sain Masqu‚

======================================================================================================

Disk: 0
Partition 2
Type : 07
Masqu‚ : Non
Active : Oui
D‚calage en octets : 41943040

Nّ volume Ltr Nom Fs Type Taille Statut Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 1 Y RECOVERY NTFS Partition 752 M Sain

======================================================================================================

Disk: 0
Partition 3
Type : 07
Masqu‚ : Non
Active : Non
D‚calage en octets : 830472192

Nّ volume Ltr Nom Fs Type Taille Statut Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 2 C OS NTFS Partition 232 G Sain

======================================================================================================

Partitions of Disk 1:
===============

Nّ partition Type Taille D‚calage
------------- ---------------- ------- --------
Partition 1 Principale 298 G 31 K

======================================================================================================

Disk: 1
Partition 1
Type : 0C
Masqu‚ : Non
Active : Oui
D‚calage en octets : 32256

Nّ volume Ltr Nom Fs Type Taille Statut Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 3 F 298G FAT32 Partition 298 G Sain

======================================================================================================
==========================================================
TDL4: custom:26000022


==========================================================

Last Boot: 2012-03-29 23:40

======================= End Of Log ==========================




Sorry for my mistake in English, it's because im French
Please can you help me.
Thank you in advance.

Attached Files

  • Attached File  FRST.txt   50.68KB   0 downloads


BC AdBot (Login to Remove)

 


#2 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:04:34 AM

Posted 01 April 2012 - 12:54 AM

Hello and Welcome to Bleeping Computer!!

My name is Gringo and I'll be glad to help you with your malware problems.

I have put together somethings for you to keep in mind while I am helping you to make things go easier and faster for both of us

  • Please do not run any tools unless instructed to do so.
    • We ask you to run different tools in a specific order to ensure the malware is completely removed from your machine, and running any additional tools may detect false positives, interfere with our tools, or cause unforeseen damage or system instability.
  • Please do not attach logs or use code boxes, just copy and paste the text.
    • Due to the high volume of logs we receive it helps to receive everything in the same format, and code boxes make the logs very difficult to read. Also, attachments require us to download and open the reports when it is easier to just read the reports in your post.
  • Please read every post completely before doing anything.
    • Pay special attention to the NOTE: lines, these entries identify an individual issue or important step in the cleanup process.
  • Please provide feedback about your experience as we go.
    • A short statement describing how the computer is working helps us understand where to go next, for example: I am still getting redirected, the computer is running normally, etc. Please do not describe the computer as "the same", this requires the extra step of looking back at your previous post.
NOTE: At the top of your post, click on the Watch Topic Button, select Immediate Notification, and click on Proceed. This will send you an e-mail as soon as I reply to your topic, allowing us to resolve the issue faster.

NOTE: Backup any files that cannot be replaced. Removing malware can be unpredictable and this step can save a lot of hartaches if things don't go as planed. You can put them on a CD/DVD, external drive or a pen drive, anywhere except on the computer.

NOTE: It is good practice to copy and paste the instructions into notepad and print them in case it is necessary for you to go offline during the cleanup process. To open notepad, navigate to Start Menu > All Programs > Accessories > Notepad. Please remember to copy the entire post so you do not miss any instructions.



Open notepad. Please copy the contents of the code box below. To do this highlight the contents of the box and right click on it. Paste this into the open notepad. Save it on the flashdrive as fixlist.txt

TDL4: custom:26000022
CMD: bootrec /FixMbr


 


NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system

On Vista or Windows 7: Now please enter System Recovery Options.
On Windows XP: Now please boot into the BartPE CD.
Run FRST64 and press the Fix button just once and wait.
The tool will make a log on the flashdrive (Fixlog.txt) please post it to your reply.

Gringo[/b]
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#3 zakdo

zakdo
  • Topic Starter

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:09:34 AM

Posted 01 April 2012 - 05:28 AM

Thank you for all your advices.
I ran FRST.exe with your fixlist.tx and my Laptop can boot again.
Oh yeah thank you very much !

Here my fixlog.txt :

Fix result of Farbar Recovery Tool (FRST written by farbar) Version: 14-03-2012
Ran by Système at 2012-04-01 13:13:21 R:1
Running from F:\

==============================================


The operation was successful.
The operation was successful.

========= bootrec /FixMbr =========

The operation was successful.
========= End of CMD: =========


==== End of Fixlog ====

#4 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:04:34 AM

Posted 01 April 2012 - 11:43 AM

Hello zakdo

Now lets make sure there is nothing left on the computer.

I Would like you to do the following.

Please print out or make a copy in notpad of any instructions given, as sometimes it is necessary to go offline and you will lose access to them.

Run Combofix:

You may be asked to install or update the Recovery Console (Win XP Only) if this happens please allow it to do so (you will need to be connected to the internet for this)

Before you run Combofix I will need you to turn off any security software you have running, If you do not know how to do this you can find out >here< or >here<

Combofix may need to reboot your computer more than once to do its job this is normal.

You can download Combofix from one of these links. I want you to save it to the desktop and run it from there.
Link 1
Link 2
Link 3
1. Close any open browsers or any other programs that are open.
2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

Double click on combofix.exe & follow the prompts.
When finished, it will produce a report for you.

Note 1: Do not mouseclick combofix's window while it's running. That may cause it to stall

Note 2: If you recieve an error "Illegal operation attempted on a registery key that has been marked for deletion." Please restart the computer

"information and logs"

  • In your next post I need the following
  • Log from Combofix
  • let me know of any problems you may have had
  • How is the computer doing now?

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#5 zakdo

zakdo
  • Topic Starter

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:09:34 AM

Posted 02 April 2012 - 01:40 PM

I don't remenber the name of the virus, but it looks like a windows program who tell me that I have a problem with my HDD and my RAM,
and hide all programs on my start menu, my desktop and Hard drives.
I remove it with roguekiller and malwarebytes and to get back my icons I use unhide.exe
Later I note that i still have redirection problem with google.
I ran combofix it does nothing, tdsskiller doesn't want to open so i used fixtdss who cause my mbr problem but solve my redirection problem.
Now i think everything is alright. I have removed f-secure and disabled windows firewall and install instead of them Malwarebytes, Avast, and Comodo Firewall.
Once Again Thank you !


Here is My Log from Combofix

ComboFix 12-04-01.03 - ZAK 02/04/2012 20:05:42.2.4 - x86
Microsoft Windows 7 Professionnel 6.1.7601.1.1252.33.1036.18.3241.2144 [GMT 2:00]
Lancé depuis: c:\users\ZAK\Downloads\Programs\ComboFix.exe
AV: avast! Antivirus *Disabled/Updated* {2B2D1395-420B-D5C9-657E-930FE358FC3C}
FW: COMODO Firewall *Disabled* {7DB03214-694B-060B-1600-BD4715C36DBB}
SP: avast! Antivirus *Disabled/Updated* {904CF271-6431-DA47-5FCE-A87D98DFB681}
SP: COMODO Defense+ *Disabled/Updated* {FEEA52D5-051E-08DD-07EF-2F009097607D}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
* Un nouveau point de restauration a été créé
.
.
(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\windows\system32\chmod.exe
c:\windows\system32\dc.exe
c:\windows\system32\dd.exe
c:\windows\system32\gunzip.exe
c:\windows\system32\head.exe
c:\windows\system32\install.exe
c:\windows\system32\kill.exe
c:\windows\system32\ln.exe
c:\windows\system32\pr.exe
c:\windows\system32\ps.exe
c:\windows\system32\tar.exe
c:\windows\system32\test.exe
c:\windows\system32\time.exe
c:\windows\system32\uptime.exe
.
.
((((((((((((((((((((((((((((( Fichiers créés du 2012-03-02 au 2012-04-02 ))))))))))))))))))))))))))))))))))))
.
.
2012-04-02 18:13 . 2012-04-02 18:14 -------- d-----w- c:\users\ZAK\AppData\Local\temp
2012-04-02 18:13 . 2012-04-02 18:13 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-04-02 07:57 . 2012-04-02 07:57 -------- d-----w- c:\program files\Common Files\Java
2012-04-01 21:33 . 2012-04-02 13:12 -------- d-----w- c:\users\ZAK\AppData\Local\BlueStacks
2012-04-01 21:33 . 2012-04-01 21:33 -------- d-----w- c:\program files\BlueStacks
2012-04-01 21:33 . 2012-04-01 21:33 -------- d-----w- c:\programdata\BlueStacks
2012-04-01 20:29 . 2012-04-01 20:48 -------- d-----w- c:\users\ZAK\AppData\Local\Comodo
2012-04-01 20:21 . 2012-04-01 20:29 -------- d-----w- c:\programdata\CPA_VA
2012-04-01 19:55 . 2012-04-01 20:44 -------- d-----w- c:\programdata\Comodo
2012-04-01 19:55 . 2012-04-01 20:48 -------- d-----w- c:\program files\Comodo
2012-04-01 19:55 . 2012-04-01 19:55 1700352 ----a-w- c:\windows\system32\gdiplus.dll
2012-04-01 19:51 . 2012-04-02 09:22 56200 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{6B9F0421-FB44-4F95-A09E-B202AA25CECD}\offreg.dll
2012-04-01 19:50 . 2012-03-06 23:01 20696 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys
2012-04-01 19:50 . 2012-03-06 23:03 337880 ----a-w- c:\windows\system32\drivers\aswSP.sys
2012-04-01 19:50 . 2012-03-06 23:02 44376 ----a-w- c:\windows\system32\drivers\aswRdr2.sys
2012-04-01 19:50 . 2012-03-06 23:01 53848 ----a-w- c:\windows\system32\drivers\aswTdi.sys
2012-04-01 19:50 . 2012-03-06 23:03 612184 ----a-w- c:\windows\system32\drivers\aswSnx.sys
2012-04-01 19:50 . 2012-03-06 23:01 57688 ----a-w- c:\windows\system32\drivers\aswMonFlt.sys
2012-04-01 19:49 . 2012-03-06 23:15 41184 ----a-w- c:\windows\avastSS.scr
2012-04-01 19:49 . 2012-03-06 23:15 201352 ----a-w- c:\windows\system32\aswBoot.exe
2012-04-01 19:49 . 2012-04-01 19:49 -------- d-----w- c:\programdata\AVAST Software
2012-04-01 19:49 . 2012-04-01 19:49 -------- d-----w- c:\program files\AVAST Software
2012-04-01 19:31 . 2012-04-02 13:27 -------- d-----w- c:\program files\MyDefrag v4.3.1
2012-04-01 19:31 . 2010-05-21 10:11 475648 ----a-w- c:\windows\system32\MyDefragScreenSaver_v4.3.1.scr
2012-04-01 19:31 . 2010-05-21 10:11 1061888 ----a-w- c:\windows\system32\MyDefragScreenSaver_v4.3.1.exe
2012-04-01 16:27 . 2012-03-14 02:15 6582328 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{6B9F0421-FB44-4F95-A09E-B202AA25CECD}\mpengine.dll
2012-04-01 12:34 . 2012-04-01 12:34 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2012-04-01 12:34 . 2011-12-10 13:24 20464 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-03-31 01:53 . 2012-03-31 01:55 -------- d-----w- C:\FRST
2012-03-29 18:45 . 2012-03-29 18:45 4125344 ----a-w- c:\windows\system32\FlashPlayerInstaller.exe
2012-03-29 18:33 . 2012-03-29 20:57 -------- d-----w- c:\users\ZAK\AppData\Roaming\GetRightToGo
2012-03-29 17:36 . 2009-07-14 01:14 16384 ----a-w- c:\windows\system32\grpconv.exe
2012-03-29 16:12 . 2012-03-31 09:12 -------- d-----w- c:\program files\RocketDock
2012-03-29 16:08 . 2012-03-29 18:45 418464 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2012-03-29 15:46 . 2012-03-29 15:46 -------- d-----w- c:\program files\CCleaner
2012-03-27 20:39 . 2012-03-27 20:39 -------- d-----w- c:\users\ZAK\AppData\Local\Google
2012-03-25 22:29 . 2012-03-25 22:29 -------- d-----w- c:\users\ZAK\AppData\Roaming\Malwarebytes
2012-03-25 22:29 . 2012-03-25 22:29 -------- d-----w- c:\programdata\Malwarebytes
2012-03-25 21:46 . 2012-03-25 21:46 -------- d-----w- c:\program files\Common Files\Wise Installation Wizard
2012-03-22 20:20 . 2012-04-02 09:09 -------- d-----r- c:\users\ZAK\Dropbox
2012-03-22 19:51 . 2012-04-02 09:09 -------- d-----w- c:\users\ZAK\AppData\Roaming\Dropbox
2012-03-14 02:01 . 2011-11-19 14:50 3968368 ----a-w- c:\windows\system32\ntkrnlpa.exe
2012-03-14 02:01 . 2011-11-19 14:50 3913584 ----a-w- c:\windows\system32\ntoskrnl.exe
2012-03-13 19:48 . 2012-02-03 03:54 2343424 ----a-w- c:\windows\system32\win32k.sys
2012-03-13 19:48 . 2012-02-10 05:38 1077248 ----a-w- c:\windows\system32\DWrite.dll
2012-03-13 19:47 . 2012-01-25 05:27 8192 ----a-w- c:\windows\system32\rdrmemptylst.exe
2012-03-13 19:47 . 2012-01-25 05:32 129536 ----a-w- c:\windows\system32\rdpcorekmts.dll
2012-03-13 19:47 . 2012-01-25 05:32 58880 ----a-w- c:\windows\system32\rdpwsx.dll
2012-03-13 19:46 . 2012-02-17 05:34 826880 ----a-w- c:\windows\system32\rdpcore.dll
2012-03-13 19:46 . 2012-02-17 04:14 183808 ----a-w- c:\windows\system32\drivers\rdpwd.sys
2012-03-13 19:46 . 2012-02-17 04:13 24576 ----a-w- c:\windows\system32\drivers\tdtcp.sys
2012-03-11 19:13 . 2012-03-11 19:13 39640 ----a-w- c:\windows\system32\drivers\cmdhlp.sys
2012-03-11 19:13 . 2012-03-11 19:13 491816 ----a-w- c:\windows\system32\drivers\cmdGuard.sys
2012-03-11 19:13 . 2012-03-11 19:13 19600 ----a-w- c:\windows\system32\drivers\cmderd.sys
2012-03-11 19:13 . 2012-03-11 19:13 33984 ----a-w- c:\windows\system32\cmdcsr.dll
2012-03-11 19:13 . 2012-03-11 19:13 301224 ----a-w- c:\windows\system32\guard32.dll
2012-03-07 10:51 . 2009-07-17 15:53 80384 ----a-w- c:\windows\system32\drivers\ser2pl.sys
2012-03-07 10:51 . 2005-08-03 15:04 26719 ----a-w- c:\windows\system32\SERSPL.VXD
2012-03-07 10:51 . 2005-08-03 15:05 35892 ----a-w- c:\windows\system32\SER9PL.sys
2012-03-05 08:57 . 2009-09-02 05:13 131072 ----a-w- c:\windows\system32\DellSPMsg.dll
.
.
.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-04-02 09:20 . 2011-06-29 12:32 1746 ----a-w- C:\yubikey.bat
2012-04-02 07:56 . 2011-09-30 12:06 472808 ----a-w- c:\windows\system32\deployJava1.dll
2012-03-29 18:45 . 2011-09-30 12:01 70304 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2012-02-23 08:18 . 2011-10-26 13:28 237072 ------w- c:\windows\system32\MpSigStub.exe
2012-02-08 02:13 . 2012-02-07 15:42 91936 ----a-w- c:\windows\system32\drivers\idmwfp.sys
2012-02-03 17:27 . 2012-02-03 17:27 82400 ----a-w- c:\windows\system32\drivers\inspect.sys
2012-01-31 08:56 . 2012-01-31 08:56 681984 ----a-w- C:\Sc303.exe
2012-01-05 02:08 . 2012-01-05 02:08 0 ----a-w- c:\windows\invcol.tmp
2012-01-04 08:58 . 2012-02-15 00:04 442880 ----a-w- c:\windows\system32\ntshrui.dll
2012-03-13 04:38 . 2012-03-27 15:09 97208 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
.
.
((((((((((((((((((((((((((((((((( Points de chargement Reg ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
@="{472083B0-C522-11CF-8763-00608CC02F24}"
[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
2012-03-06 23:15 123536 ----a-w- c:\program files\AVAST Software\Avast\ashShell.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2012-02-14 22:58 94208 ----a-w- c:\users\ZAK\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2012-02-14 22:58 94208 ----a-w- c:\users\ZAK\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2012-02-14 22:58 94208 ----a-w- c:\users\ZAK\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4]
@="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]
2012-02-14 22:58 94208 ----a-w- c:\users\ZAK\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\EnabledUnlockedFDEIconOverlay]
@="{30D3C2AF-9709-4D05-9CF4-13335F3C1E4A}"
[HKEY_CLASSES_ROOT\CLSID\{30D3C2AF-9709-4D05-9CF4-13335F3C1E4A}]
2011-05-27 22:38 120184 ----a-w- c:\program files\Dell\Dell Data Protection\Access\Advanced\Wave\Trusted Drive Manager\TdmIconOverlay.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\IDM Shell Extension]
@="{CDC95B92-E27C-4745-A8C5-64A52A78855D}"
[HKEY_CLASSES_ROOT\CLSID\{CDC95B92-E27C-4745-A8C5-64A52A78855D}]
2012-02-08 01:49 22376 ----a-w- c:\program files\Internet Download Manager\IDMShellExt.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\UninitializedFdeIconOverlay]
@="{CF08DA3E-C97D-4891-A66B-E39B28DD270F}"
[HKEY_CLASSES_ROOT\CLSID\{CF08DA3E-C97D-4891-A66B-E39B28DD270F}]
2011-05-27 22:38 120184 ----a-w- c:\program files\Dell\Dell Data Protection\Access\Advanced\Wave\Trusted Drive Manager\TdmIconOverlay.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IDMan"="c:\program files\Internet Download Manager\IDMan.exe" [2012-02-15 3462552]
"RocketDock"="c:\program files\RocketDock\RocketDock.exe" [2007-09-02 495616]
"BlueStacks Agent"="c:\program files\BlueStacks\HD-Agent.exe" [2012-03-30 549216]
"BlueStacks App Player"="c:\program files\BlueStacks\HD-FrontEnd.exe" [2012-03-30 569696]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Apoint"="c:\program files\DellTPad\Apoint.exe" [2011-04-05 501104]
"SysTrayApp"="c:\program files\IDT\WDM\sttray.exe" [2011-01-25 536668]
"IntelPROSet"="c:\program files\Common Files\Intel\WirelessCommon\iFrmewrk.exe" [2010-12-23 1210640]
"TdmNotify"="c:\program files\Dell\Dell Data Protection\Access\Advanced\Wave\Trusted Drive Manager\TdmNotify.exe" [2011-05-27 214384]
"Dell Webcam Central"="c:\program files\Dell Webcam\Dell Webcam Central\WebcamDell2.exe" [2010-03-12 462993]
"RemoteControl9"="c:\program files\CyberLink\PowerDVD9\PDVD9Serv.exe" [2009-07-06 87336]
"PDVD9LanguageShortcut"="c:\program files\CyberLink\PowerDVD9\Language\Language.exe" [2010-04-29 50472]
"RoxWatchTray"="c:\program files\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxWatchTray12OEM.exe" [2010-11-25 240112]
"Desktop Disc Tool"="c:\program files\Roxio\OEM\Roxio Burn\RoxioBurnLauncher.exe" [2010-11-17 514544]
"BCSSync"="c:\program files\Microsoft Office\Office14\BCSSync.exe" [2010-03-13 91520]
"APSDaemon"="c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2011-11-01 59240]
"Everything"="c:\program files\Everything\Everything.exe" [2009-03-13 602624]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2011-06-28 142616]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2011-06-28 177432]
"Persistence"="c:\windows\system32\igfxpers.exe" [2011-06-28 176408]
"ConnectionCenter"="c:\program files\Citrix\ICA Client\concentr.exe" [2011-12-22 362432]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2012-01-16 421736]
"Malwarebytes' Anti-Malware"="c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe" [2012-01-13 460872]
"avast"="c:\program files\AVAST Software\Avast\avastUI.exe" [2012-03-06 4241512]
"COMODO Internet Security"="c:\program files\COMODO\COMODO Internet Security\cfp.exe" [2012-03-11 6749512]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2012-01-18 254696]
.
c:\users\ZAK\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Dropbox.lnk - c:\users\ZAK\AppData\Roaming\Dropbox\bin\Dropbox.exe [2012-2-15 24246216]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Bluetooth.lnk - c:\program files\WIDCOMM\Bluetooth Software\BTTray.exe [2011-2-8 840992]
Dell System Manager.lnk - c:\program files\Dell\Dell System Manager\DCPSysMgr.exe [2011-1-20 1459056]
Digital Line Detect.lnk - c:\program files\Digital Line Detect\DLG.exe [2011-9-30 50688]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 0 (0x0)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)
"DisableCAD"= 1 (0x1)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\spba]
2010-09-15 16:11 1971536 ----a-w- c:\program files\Common Files\SPBA\homefus2.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=c:\windows\System32\guard32.dll
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Authentication Packages REG_MULTI_SZ msv1_0 wvauth
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\msnmsgr]
2010-04-16 21:12 3872080 ----a-w- c:\program files\Windows Live\Messenger\msnmsgr.exe
.
R1 MpKsl14a6173d;MpKsl14a6173d;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{8FD493E0-2F15-467D-9F19-F0B78AD6EF75}\MpKsl14a6173d.sys [x]
R1 MpKslb8545cbe;MpKslb8545cbe;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{7E9CF239-FC85-416C-86A6-7A527A52E528}\MpKslb8545cbe.sys [x]
R1 MpKslce322d54;MpKslce322d54;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{C7CC0E3F-6494-4312-90C4-7C5C20D44005}\MpKslce322d54.sys [x]
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 O2SDIOAssist;O2SDIOAssist;c:\windows\system32\srvany.exe [2003-04-19 8192]
R2 RoxWatch12;Roxio Hard Drive Watcher 12;c:\program files\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxWatch12OEM.exe [2010-11-25 219632]
R3 Acceler;Accelerometer Service;c:\windows\system32\DRIVERS\Accelern.sys [2011-07-22 44144]
R3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-03-29 253600]
R3 avshws;Senstic PocketCam;c:\windows\system32\DRIVERS\camsource.sys [2010-07-05 29000]
R3 BstHdAndroidSvc;BlueStacks Android Service;c:\program files\BlueStacks\HD-Service.exe BstHdAndroidSvc Android [x]
R3 BTCFilterService;USB Networking Driver Filter Service;c:\windows\system32\DRIVERS\motfilt.sys [2009-01-29 6016]
R3 BTWAMPFL;BTWAMPFL;c:\windows\system32\DRIVERS\btwampfl.sys [2011-09-30 302120]
R3 btwl2cap;Bluetooth L2CAP Service;c:\windows\system32\DRIVERS\btwl2cap.sys [2011-09-30 33832]
R3 CtAudDrv;Provides advanced audio effects for audio devices.;c:\windows\system32\Drivers\CtAudDrv.sys [2009-05-28 134144]
R3 dmvsc;dmvsc;c:\windows\system32\drivers\dmvsc.sys [2010-11-20 62464]
R3 Impcd;Impcd;c:\windows\system32\drivers\Impcd.sys [2010-02-27 132480]
R3 Microsoft SharePoint Workspace Audit Service;Microsoft SharePoint Workspace Audit Service;c:\program files\Microsoft Office\Office14\GROOVE.EXE [2011-06-12 31125880]
R3 motandroidusb;Mot ADB Interface Driver;c:\windows\system32\Drivers\motoandroid.sys [2009-07-10 25856]
R3 motccgp;Motorola USB Composite Device Driver;c:\windows\system32\DRIVERS\motccgp.sys [2011-04-04 20480]
R3 motccgpfl;MotCcgpFlService;c:\windows\system32\DRIVERS\motccgpfl.sys [2009-01-29 8320]
R3 MotDev;Motorola Inc. USB Device;c:\windows\system32\DRIVERS\motodrv.sys [2009-05-08 42752]
R3 Motousbnet;Motorola USB Networking Driver Service;c:\windows\system32\DRIVERS\Motousbnet.sys [2010-04-01 23424]
R3 motusbdevice;Motorola USB Dev Driver;c:\windows\system32\DRIVERS\motusbdevice.sys [2011-11-08 11008]
R3 Netaapl;Apple Mobile Device Ethernet Service;c:\windows\system32\DRIVERS\netaapl.sys [2011-08-02 18432]
R3 netvsc;netvsc;c:\windows\system32\DRIVERS\netvsc60.sys [2010-11-20 126464]
R3 O2MDFRDR;O2MDFRDR;c:\windows\system32\drivers\O2MDFw7.sys [2011-01-04 60904]
R3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-09 4640000]
R3 PocketAudio;Senstic PocketAudio (WDM);c:\windows\system32\drivers\senaudio.sys [2010-03-02 31304]
R3 RoxMediaDB12OEM;RoxMediaDB12OEM;c:\program files\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxMediaDB12OEM.exe [2010-11-25 1116656]
R3 SynthVid;SynthVid;c:\windows\system32\DRIVERS\VMBusVideoM.sys [2010-11-20 19456]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-20 52224]
R3 TsUsbGD;%TsUsbGD.DeviceDesc.Generic%;c:\windows\system32\drivers\TsUsbGD.sys [2010-11-20 27264]
R3 WatAdminSvc;Service Windows Activation Technologies;c:\windows\system32\Wat\WatAdminSvc.exe [2011-10-29 1343400]
S1 aswSnx;aswSnx; [x]
S1 aswSP;aswSP; [x]
S1 cmdGuard;COMODO Internet Security Sandbox Driver;c:\windows\system32\DRIVERS\cmdguard.sys [2012-03-11 491816]
S1 cmdHlp;COMODO Internet Security Helper Driver;c:\windows\system32\DRIVERS\cmdhlp.sys [2012-03-11 39640]
S1 ctxusbm;Citrix USB Monitor Driver;c:\windows\system32\DRIVERS\ctxusbm.sys [2011-06-29 66776]
S1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;c:\windows\system32\DRIVERS\dtsoftbus01.sys [2011-11-21 239168]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [2009-07-13 48128]
S2 AESTFilters;Andrea ST Filters Service;c:\program files\IDT\WDM\aestsrv.exe [2009-03-03 81920]
S2 aswFsBlk;aswFsBlk; [x]
S2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [2012-03-06 57688]
S2 ATService;AuthenTec Fingerprint Service;c:\program files\Fingerprint Sensor\AtService.exe [2010-05-10 1803584]
S2 BrcmMgmtAgent;Broadcom Management Agent;c:\program files\Broadcom\MgmtAgent\BrcmMgmtAgent.exe [2010-06-29 127488]
S2 BstHdDrv;BlueStacks Hypervisor;c:\program files\BlueStacks\HD-Hypervisor-x86.sys [2012-03-30 66912]
S2 BstHdLogRotatorSvc;BlueStacks Log Rotator Service;c:\program files\BlueStacks\HD-LogRotatorService.exe [2012-03-30 385376]
S2 dcpsysmgrsvc;Dell System Manager Service;c:\program files\Dell\Dell System Manager\DCPSysMgrSvc.exe [2011-01-20 388464]
S2 DeviceMonitorService;DeviceMonitorService;c:\program files\Motorola Media Link\Lite\NServiceEntry.exe [2011-09-19 87368]
S2 HsfXAudioService;HsfXAudioService;c:\windows\system32\svchost.exe [2009-07-14 20992]
S2 IDMWFP;IDMWFP;c:\windows\system32\DRIVERS\idmwfp.sys [2012-02-08 91936]
S2 jhi_service;Intel® Identity Protection Technology Host Interface Service;c:\program files\Intel\Services\IPT\jhi_service.exe [2011-02-24 212944]
S2 MBAMService;MBAMService;c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [2012-01-13 652360]
S2 MotoHelper;MotoHelper Service;c:\program files\Motorola\MotoHelper\MotoHelperService.exe [2011-12-06 214896]
S2 SSUService;Splashtop Software Updater Service;c:\program files\Splashtop\Splashtop Software Updater\SSUService.exe [2012-03-15 370504]
S2 UNS;Intel® Management and Security Application User Notification Service;c:\program files\Intel\Intel® Management Engine Components\UNS\UNS.exe [2010-12-03 2656280]
S2 Wave Authentication Manager Service;Wave Authentication Manager Service;c:\program files\Dell\Dell Data Protection\Access\Advanced\Wave\Authentication Manager\WaveAMService.exe [2011-07-01 1131520]
S2 ZcfgSvc7;Intel® PROSet/Wireless ZeroConfig Service;c:\program files\Intel\WiFi\bin\ZCfgSvc7.exe [2010-12-23 577536]
S3 CtClsFlt;Creative Camera Class Upper Filter Driver;c:\windows\system32\DRIVERS\CtClsFlt.sys [2009-09-16 144576]
S3 IntcDAud;Son Intel® pour écrans;c:\windows\system32\DRIVERS\IntcDAud.sys [2010-10-15 269824]
S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2011-12-10 20464]
S3 MEI;Intel® Management Engine Interface;c:\windows\system32\DRIVERS\HECI.sys [2010-10-20 41088]
S3 NETwNs32;___ Pilote de carte de la série Intel® Wireless WiFi Link 5000 pour Windows 7 32 bits ;c:\windows\system32\DRIVERS\NETwNs32.sys [2010-12-21 7434240]
S3 O2MDRRDR;O2MDRRDR;c:\windows\system32\DRIVERS\O2MDRw7.sys [2011-01-04 62440]
S3 O2SDJRDR;O2SDJRDR;c:\windows\system32\DRIVERS\o2sdjw7.sys [2011-03-23 63976]
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HsfXAudioService REG_MULTI_SZ HsfXAudioService
.
Contenu du dossier 'Tâches planifiées'
.
2012-04-02 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-03-29 18:45]
.
2012-04-01 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-469794345-1138598025-1328498218-1000Core.job
- c:\users\ZAK\AppData\Local\Google\Update\GoogleUpdate.exe [2012-03-27 20:39]
.
2012-04-02 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-469794345-1138598025-1328498218-1000UA.job
- c:\users\ZAK\AppData\Local\Google\Update\GoogleUpdate.exe [2012-03-27 20:39]
.
.
------- Examen supplémentaire -------
.
uStart Page = hxxp://www.google.fr/
uInternet Settings,ProxyOverride = *.local;192.168.*.*
IE: E&xporter vers Microsoft Excel - c:\progra~1\MIF5BA~1\Office14\EXCEL.EXE/3000
IE: Envoyer au périphérique &Bluetooth... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
IE: Envoyer l'&image au périphérique Bluetooth... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
IE: Télécharger avec IDM - c:\program files\Internet Download Manager\IEExt.htm
IE: Télécharger tous les liens avec IDM - c:\program files\Internet Download Manager\IEGetAll.htm
TCP: DhcpNameServer = 192.168.120.254
TCP: Interfaces\{00A44AB7-7949-4A13-B0CC-C559B702D174}: NameServer = 8.26.56.26,156.154.70.22
FF - ProfilePath - c:\users\ZAK\AppData\Roaming\Mozilla\Firefox\Profiles\2uzt2r24.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/ig
FF - prefs.js: keyword.URL - hxxp://www.google.com/search?sourceid=navclient&gfns=1&q=
FF - user.js: network.http.max-persistent-connections-per-server - 4
FF - user.js: content.max.tokenizing.time - 200000
FF - user.js: content.notify.interval - 100000
FF - user.js: content.switch.threshold - 650000
FF - user.js: nglayout.initialpaint.delay - 300
FF - user.js: extensions.funmoods_i.hmpg - true
FF - user.js: extensions.funmoods_i.hmpgUrl - hxxp://start.funmoods.com/?f=1&a=ddrnw
FF - user.js: extensions.funmoods_i.dfltSrch - true
FF - user.js: extensions.funmoods_i.srchPrvdr - Search
FF - user.js: extensions.funmoods_i.dnsErr - true
FF - user.js: extensions.funmoods_i.newTab - true
FF - user.js: extensions.funmoods_i.newTabUrl - hxxp://start.funmoods.com/?f=2&a=ddrnw
FF - user.js: extensions.funmoods_i.tlbrSrchUrl - hxxp://start.funmoods.com/results.php?f=3&a=ddrnw&q=
FF - user.js: extensions.funmoods_i.id - 3cf1f3aa00000000000008119637f198
FF - user.js: extensions.funmoods_i.instlDay - 15374
FF - user.js: extensions.funmoods_i.vrsn - 1.5.11.16
FF - user.js: extensions.funmoods_i.vrsni - 1.5.11.16
FF - user.js: extensions.funmoods_i.vrsnTs - 1.5.11.1623:28
FF - user.js: extensions.funmoods_i.prtnrId - funmoods
FF - user.js: extensions.funmoods_i.prdct - funmoods
FF - user.js: extensions.funmoods_i.aflt - ddrnw
FF - user.js: extensions.funmoods_i.smplGrp - none
FF - user.js: extensions.funmoods_i.tlbrId - base
FF - user.js: extensions.funmoods_i.instlRef -
FF - user.js: extensions.funmoods_i.dfltLng -
FF - user.js: extensions.funmoods_i.excTlbr - false
.
.
--------------------- CLES DE REGISTRE BLOQUEES ---------------------
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0003\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
--------------------- DLLs chargées dans les processus actifs ---------------------
.
- - - - - - - > 'winlogon.exe'(944)
c:\windows\system32\guard32.dll
.
- - - - - - - > 'lsass.exe'(664)
c:\windows\system32\guard32.dll
c:\windows\system32\wvauth.DLL
.
Heure de fin: 2012-04-02 20:15:41
ComboFix-quarantined-files.txt 2012-04-02 18:15
ComboFix2.txt 2012-03-29 17:59
.
Avant-CF: 7 570 710 528 octets libres
Après-CF: 7 541 022 720 octets libres
.
- - End Of File - - 8B7FF1E8244EA442AF79FE89FFA92502

Edited by zakdo, 02 April 2012 - 01:53 PM.


#6 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:04:34 AM

Posted 02 April 2012 - 02:00 PM

Greetings

I still see some issues that need to be addressed in the combofix report

:Run CFScript:

Open Notepad and copy/paste the text in the box into the window:

ClearJavaCache::

Firefox::
FF - ProfilePath - c:\users\ZAK\AppData\Roaming\Mozilla\Firefox\Profiles\2uzt2r24.default\
FF - user.js: extensions.funmoods_i.hmpg - true
FF - user.js: extensions.funmoods_i.hmpgUrl - hxxp://start.funmoods.com/?f=1&a=ddrnw
FF - user.js: extensions.funmoods_i.dfltSrch - true
FF - user.js: extensions.funmoods_i.srchPrvdr - Search
FF - user.js: extensions.funmoods_i.dnsErr - true
FF - user.js: extensions.funmoods_i.newTab - true
FF - user.js: extensions.funmoods_i.newTabUrl - hxxp://start.funmoods.com/?f=2&a=ddrnw
FF - user.js: extensions.funmoods_i.tlbrSrchUrl - hxxp://start.funmoods.com/results.php?f=3&a=ddrnw&q=
FF - user.js: extensions.funmoods_i.id - 3cf1f3aa00000000000008119637f198
FF - user.js: extensions.funmoods_i.instlDay - 15374
FF - user.js: extensions.funmoods_i.vrsn - 1.5.11.16
FF - user.js: extensions.funmoods_i.vrsni - 1.5.11.16
FF - user.js: extensions.funmoods_i.vrsnTs - 1.5.11.1623:28
FF - user.js: extensions.funmoods_i.prtnrId - funmoods
FF - user.js: extensions.funmoods_i.prdct - funmoods
FF - user.js: extensions.funmoods_i.aflt - ddrnw
FF - user.js: extensions.funmoods_i.smplGrp - none
FF - user.js: extensions.funmoods_i.tlbrId - base
FF - user.js: extensions.funmoods_i.instlRef -
FF - user.js: extensions.funmoods_i.dfltLng -
FF - user.js: extensions.funmoods_i.excTlbr - false

Save it to your desktop as CFScript.txt

Refering to the picture above, drag CFScript.txt into ComboFix.exe
Posted Image
This will let ComboFix run again.
Restart if you have to.
Save the produced logfile to your desktop.

Note: Do not mouseclick combofix's window whilst it's running. That may cause it to stall

Note 2: If you recieve an error "Illegal operation attempted on a registery key that has been marked for deletion." Please restart the computer

"information and logs"

  • In your next post I need the following

  • report from Combofix
  • let me know of any problems you may have had
  • How is the computer doing now after running the script?

Gringo

I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#7 zakdo

zakdo
  • Topic Starter

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:09:34 AM

Posted 02 April 2012 - 03:57 PM

After running combofix all my shorcut doesn't work and I have a message about the register key unavailable.
After restarting my laptop it's ok.
The computer seems to have no problem.

Here are My Log from Combofix

ComboFix 12-04-01.03 - ZAK 02/04/2012 22:32:52.3.4 - x86
Microsoft Windows 7 Professionnel 6.1.7601.1.1252.33.1036.18.3241.2218 [GMT 2:00]
Lancé depuis: c:\users\ZAK\Desktop\ComboFix.exe
Commutateurs utilisés :: c:\users\ZAK\Desktop\CFScript.txt
AV: avast! Antivirus *Disabled/Updated* {2B2D1395-420B-D5C9-657E-930FE358FC3C}
FW: COMODO Firewall *Disabled* {7DB03214-694B-060B-1600-BD4715C36DBB}
SP: avast! Antivirus *Disabled/Updated* {904CF271-6431-DA47-5FCE-A87D98DFB681}
SP: COMODO Defense+ *Disabled/Updated* {FEEA52D5-051E-08DD-07EF-2F009097607D}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((( Fichiers créés du 2012-03-02 au 2012-04-02 ))))))))))))))))))))))))))))))))))))
.
.
2012-04-02 20:41 . 2012-04-02 20:41 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-04-02 18:15 . 2012-04-02 20:41 -------- d-----w- c:\users\ZAK\AppData\Local\temp
2012-04-02 07:57 . 2012-04-02 07:57 -------- d-----w- c:\program files\Common Files\Java
2012-04-01 21:33 . 2012-04-02 19:50 -------- d-----w- c:\users\ZAK\AppData\Local\BlueStacks
2012-04-01 21:33 . 2012-04-01 21:33 -------- d-----w- c:\program files\BlueStacks
2012-04-01 21:33 . 2012-04-01 21:33 -------- d-----w- c:\programdata\BlueStacks
2012-04-01 20:29 . 2012-04-01 20:48 -------- d-----w- c:\users\ZAK\AppData\Local\Comodo
2012-04-01 20:21 . 2012-04-01 20:29 -------- d-----w- c:\programdata\CPA_VA
2012-04-01 19:55 . 2012-04-01 20:44 -------- d-----w- c:\programdata\Comodo
2012-04-01 19:55 . 2012-04-01 20:48 -------- d-----w- c:\program files\Comodo
2012-04-01 19:55 . 2012-04-01 19:55 1700352 ----a-w- c:\windows\system32\gdiplus.dll
2012-04-01 19:50 . 2012-03-06 23:01 20696 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys
2012-04-01 19:50 . 2012-03-06 23:03 337880 ----a-w- c:\windows\system32\drivers\aswSP.sys
2012-04-01 19:50 . 2012-03-06 23:02 44376 ----a-w- c:\windows\system32\drivers\aswRdr2.sys
2012-04-01 19:50 . 2012-03-06 23:01 53848 ----a-w- c:\windows\system32\drivers\aswTdi.sys
2012-04-01 19:50 . 2012-03-06 23:03 612184 ----a-w- c:\windows\system32\drivers\aswSnx.sys
2012-04-01 19:50 . 2012-03-06 23:01 57688 ----a-w- c:\windows\system32\drivers\aswMonFlt.sys
2012-04-01 19:49 . 2012-03-06 23:15 41184 ----a-w- c:\windows\avastSS.scr
2012-04-01 19:49 . 2012-03-06 23:15 201352 ----a-w- c:\windows\system32\aswBoot.exe
2012-04-01 19:49 . 2012-04-01 19:49 -------- d-----w- c:\programdata\AVAST Software
2012-04-01 19:49 . 2012-04-01 19:49 -------- d-----w- c:\program files\AVAST Software
2012-04-01 19:31 . 2012-04-02 13:27 -------- d-----w- c:\program files\MyDefrag v4.3.1
2012-04-01 19:31 . 2010-05-21 10:11 475648 ----a-w- c:\windows\system32\MyDefragScreenSaver_v4.3.1.scr
2012-04-01 19:31 . 2010-05-21 10:11 1061888 ----a-w- c:\windows\system32\MyDefragScreenSaver_v4.3.1.exe
2012-04-01 16:27 . 2012-03-14 02:15 6582328 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{6B9F0421-FB44-4F95-A09E-B202AA25CECD}\mpengine.dll
2012-04-01 12:34 . 2012-04-01 12:34 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2012-04-01 12:34 . 2011-12-10 13:24 20464 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-03-31 01:53 . 2012-03-31 01:55 -------- d-----w- C:\FRST
2012-03-29 18:45 . 2012-03-29 18:45 4125344 ----a-w- c:\windows\system32\FlashPlayerInstaller.exe
2012-03-29 18:33 . 2012-03-29 20:57 -------- d-----w- c:\users\ZAK\AppData\Roaming\GetRightToGo
2012-03-29 17:36 . 2009-07-14 01:14 16384 ----a-w- c:\windows\system32\grpconv.exe
2012-03-29 16:12 . 2012-03-31 09:12 -------- d-----w- c:\program files\RocketDock
2012-03-29 16:08 . 2012-03-29 18:45 418464 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2012-03-29 15:46 . 2012-03-29 15:46 -------- d-----w- c:\program files\CCleaner
2012-03-27 20:39 . 2012-03-27 20:39 -------- d-----w- c:\users\ZAK\AppData\Local\Google
2012-03-25 22:29 . 2012-03-25 22:29 -------- d-----w- c:\users\ZAK\AppData\Roaming\Malwarebytes
2012-03-25 22:29 . 2012-03-25 22:29 -------- d-----w- c:\programdata\Malwarebytes
2012-03-25 21:46 . 2012-03-25 21:46 -------- d-----w- c:\program files\Common Files\Wise Installation Wizard
2012-03-22 20:20 . 2012-04-02 18:51 -------- d-----r- c:\users\ZAK\Dropbox
2012-03-22 19:51 . 2012-04-02 18:51 -------- d-----w- c:\users\ZAK\AppData\Roaming\Dropbox
2012-03-14 02:01 . 2011-11-19 14:50 3968368 ----a-w- c:\windows\system32\ntkrnlpa.exe
2012-03-14 02:01 . 2011-11-19 14:50 3913584 ----a-w- c:\windows\system32\ntoskrnl.exe
2012-03-13 19:48 . 2012-02-03 03:54 2343424 ----a-w- c:\windows\system32\win32k.sys
2012-03-13 19:48 . 2012-02-10 05:38 1077248 ----a-w- c:\windows\system32\DWrite.dll
2012-03-13 19:47 . 2012-01-25 05:27 8192 ----a-w- c:\windows\system32\rdrmemptylst.exe
2012-03-13 19:47 . 2012-01-25 05:32 129536 ----a-w- c:\windows\system32\rdpcorekmts.dll
2012-03-13 19:47 . 2012-01-25 05:32 58880 ----a-w- c:\windows\system32\rdpwsx.dll
2012-03-13 19:46 . 2012-02-17 05:34 826880 ----a-w- c:\windows\system32\rdpcore.dll
2012-03-13 19:46 . 2012-02-17 04:14 183808 ----a-w- c:\windows\system32\drivers\rdpwd.sys
2012-03-13 19:46 . 2012-02-17 04:13 24576 ----a-w- c:\windows\system32\drivers\tdtcp.sys
2012-03-11 19:13 . 2012-03-11 19:13 39640 ----a-w- c:\windows\system32\drivers\cmdhlp.sys
2012-03-11 19:13 . 2012-03-11 19:13 491816 ----a-w- c:\windows\system32\drivers\cmdGuard.sys
2012-03-11 19:13 . 2012-03-11 19:13 19600 ----a-w- c:\windows\system32\drivers\cmderd.sys
2012-03-11 19:13 . 2012-03-11 19:13 33984 ----a-w- c:\windows\system32\cmdcsr.dll
2012-03-11 19:13 . 2012-03-11 19:13 301224 ----a-w- c:\windows\system32\guard32.dll
2012-03-07 10:51 . 2009-07-17 15:53 80384 ----a-w- c:\windows\system32\drivers\ser2pl.sys
2012-03-07 10:51 . 2005-08-03 15:04 26719 ----a-w- c:\windows\system32\SERSPL.VXD
2012-03-07 10:51 . 2005-08-03 15:05 35892 ----a-w- c:\windows\system32\SER9PL.sys
2012-03-05 08:57 . 2009-09-02 05:13 131072 ----a-w- c:\windows\system32\DellSPMsg.dll
.
.
.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-04-02 09:20 . 2011-06-29 12:32 1746 ----a-w- C:\yubikey.bat
2012-04-02 07:56 . 2011-09-30 12:06 472808 ----a-w- c:\windows\system32\deployJava1.dll
2012-03-29 18:45 . 2011-09-30 12:01 70304 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2012-02-23 08:18 . 2011-10-26 13:28 237072 ------w- c:\windows\system32\MpSigStub.exe
2012-02-08 02:13 . 2012-02-07 15:42 91936 ----a-w- c:\windows\system32\drivers\idmwfp.sys
2012-02-03 17:27 . 2012-02-03 17:27 82400 ----a-w- c:\windows\system32\drivers\inspect.sys
2012-01-31 08:56 . 2012-01-31 08:56 681984 ----a-w- C:\Sc303.exe
2012-01-05 02:08 . 2012-01-05 02:08 0 ----a-w- c:\windows\invcol.tmp
2012-01-04 08:58 . 2012-02-15 00:04 442880 ----a-w- c:\windows\system32\ntshrui.dll
2012-03-13 04:38 . 2012-03-27 15:09 97208 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
.
.
((((((((((((((((((((((((((((((((( Points de chargement Reg ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
@="{472083B0-C522-11CF-8763-00608CC02F24}"
[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
2012-03-06 23:15 123536 ----a-w- c:\program files\AVAST Software\Avast\ashShell.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2012-02-14 22:58 94208 ----a-w- c:\users\ZAK\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2012-02-14 22:58 94208 ----a-w- c:\users\ZAK\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2012-02-14 22:58 94208 ----a-w- c:\users\ZAK\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4]
@="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]
2012-02-14 22:58 94208 ----a-w- c:\users\ZAK\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\EnabledUnlockedFDEIconOverlay]
@="{30D3C2AF-9709-4D05-9CF4-13335F3C1E4A}"
[HKEY_CLASSES_ROOT\CLSID\{30D3C2AF-9709-4D05-9CF4-13335F3C1E4A}]
2011-05-27 22:38 120184 ----a-w- c:\program files\Dell\Dell Data Protection\Access\Advanced\Wave\Trusted Drive Manager\TdmIconOverlay.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\IDM Shell Extension]
@="{CDC95B92-E27C-4745-A8C5-64A52A78855D}"
[HKEY_CLASSES_ROOT\CLSID\{CDC95B92-E27C-4745-A8C5-64A52A78855D}]
2012-02-08 01:49 22376 ----a-w- c:\program files\Internet Download Manager\IDMShellExt.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\UninitializedFdeIconOverlay]
@="{CF08DA3E-C97D-4891-A66B-E39B28DD270F}"
[HKEY_CLASSES_ROOT\CLSID\{CF08DA3E-C97D-4891-A66B-E39B28DD270F}]
2011-05-27 22:38 120184 ----a-w- c:\program files\Dell\Dell Data Protection\Access\Advanced\Wave\Trusted Drive Manager\TdmIconOverlay.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IDMan"="c:\program files\Internet Download Manager\IDMan.exe" [2012-02-15 3462552]
"RocketDock"="c:\program files\RocketDock\RocketDock.exe" [2007-09-02 495616]
"BlueStacks Agent"="c:\program files\BlueStacks\HD-Agent.exe" [2012-03-30 549216]
"BlueStacks App Player"="c:\program files\BlueStacks\HD-FrontEnd.exe" [2012-03-30 569696]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Apoint"="c:\program files\DellTPad\Apoint.exe" [2011-04-05 501104]
"SysTrayApp"="c:\program files\IDT\WDM\sttray.exe" [2011-01-25 536668]
"IntelPROSet"="c:\program files\Common Files\Intel\WirelessCommon\iFrmewrk.exe" [2010-12-23 1210640]
"TdmNotify"="c:\program files\Dell\Dell Data Protection\Access\Advanced\Wave\Trusted Drive Manager\TdmNotify.exe" [2011-05-27 214384]
"Dell Webcam Central"="c:\program files\Dell Webcam\Dell Webcam Central\WebcamDell2.exe" [2010-03-12 462993]
"RemoteControl9"="c:\program files\CyberLink\PowerDVD9\PDVD9Serv.exe" [2009-07-06 87336]
"PDVD9LanguageShortcut"="c:\program files\CyberLink\PowerDVD9\Language\Language.exe" [2010-04-29 50472]
"RoxWatchTray"="c:\program files\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxWatchTray12OEM.exe" [2010-11-25 240112]
"Desktop Disc Tool"="c:\program files\Roxio\OEM\Roxio Burn\RoxioBurnLauncher.exe" [2010-11-17 514544]
"BCSSync"="c:\program files\Microsoft Office\Office14\BCSSync.exe" [2010-03-13 91520]
"APSDaemon"="c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2011-11-01 59240]
"Everything"="c:\program files\Everything\Everything.exe" [2009-03-13 602624]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2011-06-28 142616]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2011-06-28 177432]
"Persistence"="c:\windows\system32\igfxpers.exe" [2011-06-28 176408]
"ConnectionCenter"="c:\program files\Citrix\ICA Client\concentr.exe" [2011-12-22 362432]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2012-01-16 421736]
"Malwarebytes' Anti-Malware"="c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe" [2012-01-13 460872]
"avast"="c:\program files\AVAST Software\Avast\avastUI.exe" [2012-03-06 4241512]
"COMODO Internet Security"="c:\program files\COMODO\COMODO Internet Security\cfp.exe" [2012-03-11 6749512]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2012-01-18 254696]
.
c:\users\ZAK\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Dropbox.lnk - c:\users\ZAK\AppData\Roaming\Dropbox\bin\Dropbox.exe [2012-2-15 24246216]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Bluetooth.lnk - c:\program files\WIDCOMM\Bluetooth Software\BTTray.exe [2011-2-8 840992]
Dell System Manager.lnk - c:\program files\Dell\Dell System Manager\DCPSysMgr.exe [2011-1-20 1459056]
Digital Line Detect.lnk - c:\program files\Digital Line Detect\DLG.exe [2011-9-30 50688]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 0 (0x0)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)
"DisableCAD"= 1 (0x1)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\spba]
2010-09-15 16:11 1971536 ----a-w- c:\program files\Common Files\SPBA\homefus2.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=c:\windows\System32\guard32.dll
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Authentication Packages REG_MULTI_SZ msv1_0 wvauth
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\msnmsgr]
2010-04-16 21:12 3872080 ----a-w- c:\program files\Windows Live\Messenger\msnmsgr.exe
.
R1 MpKsl14a6173d;MpKsl14a6173d;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{8FD493E0-2F15-467D-9F19-F0B78AD6EF75}\MpKsl14a6173d.sys [x]
R1 MpKslb8545cbe;MpKslb8545cbe;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{7E9CF239-FC85-416C-86A6-7A527A52E528}\MpKslb8545cbe.sys [x]
R1 MpKslce322d54;MpKslce322d54;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{C7CC0E3F-6494-4312-90C4-7C5C20D44005}\MpKslce322d54.sys [x]
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 O2SDIOAssist;O2SDIOAssist;c:\windows\system32\srvany.exe [2003-04-19 8192]
R2 RoxWatch12;Roxio Hard Drive Watcher 12;c:\program files\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxWatch12OEM.exe [2010-11-25 219632]
R3 Acceler;Accelerometer Service;c:\windows\system32\DRIVERS\Accelern.sys [2011-07-22 44144]
R3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-03-29 253600]
R3 avshws;Senstic PocketCam;c:\windows\system32\DRIVERS\camsource.sys [2010-07-05 29000]
R3 BstHdAndroidSvc;BlueStacks Android Service;c:\program files\BlueStacks\HD-Service.exe BstHdAndroidSvc Android [x]
R3 BTCFilterService;USB Networking Driver Filter Service;c:\windows\system32\DRIVERS\motfilt.sys [2009-01-29 6016]
R3 BTWAMPFL;BTWAMPFL;c:\windows\system32\DRIVERS\btwampfl.sys [2011-09-30 302120]
R3 btwl2cap;Bluetooth L2CAP Service;c:\windows\system32\DRIVERS\btwl2cap.sys [2011-09-30 33832]
R3 CtAudDrv;Provides advanced audio effects for audio devices.;c:\windows\system32\Drivers\CtAudDrv.sys [2009-05-28 134144]
R3 dmvsc;dmvsc;c:\windows\system32\drivers\dmvsc.sys [2010-11-20 62464]
R3 Impcd;Impcd;c:\windows\system32\drivers\Impcd.sys [2010-02-27 132480]
R3 Microsoft SharePoint Workspace Audit Service;Microsoft SharePoint Workspace Audit Service;c:\program files\Microsoft Office\Office14\GROOVE.EXE [2011-06-12 31125880]
R3 motandroidusb;Mot ADB Interface Driver;c:\windows\system32\Drivers\motoandroid.sys [2009-07-10 25856]
R3 motccgp;Motorola USB Composite Device Driver;c:\windows\system32\DRIVERS\motccgp.sys [2011-04-04 20480]
R3 motccgpfl;MotCcgpFlService;c:\windows\system32\DRIVERS\motccgpfl.sys [2009-01-29 8320]
R3 MotDev;Motorola Inc. USB Device;c:\windows\system32\DRIVERS\motodrv.sys [2009-05-08 42752]
R3 Motousbnet;Motorola USB Networking Driver Service;c:\windows\system32\DRIVERS\Motousbnet.sys [2010-04-01 23424]
R3 motusbdevice;Motorola USB Dev Driver;c:\windows\system32\DRIVERS\motusbdevice.sys [2011-11-08 11008]
R3 Netaapl;Apple Mobile Device Ethernet Service;c:\windows\system32\DRIVERS\netaapl.sys [2011-08-02 18432]
R3 netvsc;netvsc;c:\windows\system32\DRIVERS\netvsc60.sys [2010-11-20 126464]
R3 O2MDFRDR;O2MDFRDR;c:\windows\system32\drivers\O2MDFw7.sys [2011-01-04 60904]
R3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-09 4640000]
R3 PocketAudio;Senstic PocketAudio (WDM);c:\windows\system32\drivers\senaudio.sys [2010-03-02 31304]
R3 RoxMediaDB12OEM;RoxMediaDB12OEM;c:\program files\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxMediaDB12OEM.exe [2010-11-25 1116656]
R3 SynthVid;SynthVid;c:\windows\system32\DRIVERS\VMBusVideoM.sys [2010-11-20 19456]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-20 52224]
R3 TsUsbGD;%TsUsbGD.DeviceDesc.Generic%;c:\windows\system32\drivers\TsUsbGD.sys [2010-11-20 27264]
R3 WatAdminSvc;Service Windows Activation Technologies;c:\windows\system32\Wat\WatAdminSvc.exe [2011-10-29 1343400]
S1 aswSnx;aswSnx; [x]
S1 aswSP;aswSP; [x]
S1 cmdGuard;COMODO Internet Security Sandbox Driver;c:\windows\system32\DRIVERS\cmdguard.sys [2012-03-11 491816]
S1 cmdHlp;COMODO Internet Security Helper Driver;c:\windows\system32\DRIVERS\cmdhlp.sys [2012-03-11 39640]
S1 ctxusbm;Citrix USB Monitor Driver;c:\windows\system32\DRIVERS\ctxusbm.sys [2011-06-29 66776]
S1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;c:\windows\system32\DRIVERS\dtsoftbus01.sys [2011-11-21 239168]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [2009-07-13 48128]
S2 AESTFilters;Andrea ST Filters Service;c:\program files\IDT\WDM\aestsrv.exe [2009-03-03 81920]
S2 aswFsBlk;aswFsBlk; [x]
S2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [2012-03-06 57688]
S2 ATService;AuthenTec Fingerprint Service;c:\program files\Fingerprint Sensor\AtService.exe [2010-05-10 1803584]
S2 BrcmMgmtAgent;Broadcom Management Agent;c:\program files\Broadcom\MgmtAgent\BrcmMgmtAgent.exe [2010-06-29 127488]
S2 BstHdDrv;BlueStacks Hypervisor;c:\program files\BlueStacks\HD-Hypervisor-x86.sys [2012-03-30 66912]
S2 BstHdLogRotatorSvc;BlueStacks Log Rotator Service;c:\program files\BlueStacks\HD-LogRotatorService.exe [2012-03-30 385376]
S2 dcpsysmgrsvc;Dell System Manager Service;c:\program files\Dell\Dell System Manager\DCPSysMgrSvc.exe [2011-01-20 388464]
S2 DeviceMonitorService;DeviceMonitorService;c:\program files\Motorola Media Link\Lite\NServiceEntry.exe [2011-09-19 87368]
S2 HsfXAudioService;HsfXAudioService;c:\windows\system32\svchost.exe [2009-07-14 20992]
S2 IDMWFP;IDMWFP;c:\windows\system32\DRIVERS\idmwfp.sys [2012-02-08 91936]
S2 jhi_service;Intel® Identity Protection Technology Host Interface Service;c:\program files\Intel\Services\IPT\jhi_service.exe [2011-02-24 212944]
S2 MBAMService;MBAMService;c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [2012-01-13 652360]
S2 MotoHelper;MotoHelper Service;c:\program files\Motorola\MotoHelper\MotoHelperService.exe [2011-12-06 214896]
S2 SSUService;Splashtop Software Updater Service;c:\program files\Splashtop\Splashtop Software Updater\SSUService.exe [2012-03-15 370504]
S2 UNS;Intel® Management and Security Application User Notification Service;c:\program files\Intel\Intel® Management Engine Components\UNS\UNS.exe [2010-12-03 2656280]
S2 Wave Authentication Manager Service;Wave Authentication Manager Service;c:\program files\Dell\Dell Data Protection\Access\Advanced\Wave\Authentication Manager\WaveAMService.exe [2011-07-01 1131520]
S2 ZcfgSvc7;Intel® PROSet/Wireless ZeroConfig Service;c:\program files\Intel\WiFi\bin\ZCfgSvc7.exe [2010-12-23 577536]
S3 CtClsFlt;Creative Camera Class Upper Filter Driver;c:\windows\system32\DRIVERS\CtClsFlt.sys [2009-09-16 144576]
S3 IntcDAud;Son Intel® pour écrans;c:\windows\system32\DRIVERS\IntcDAud.sys [2010-10-15 269824]
S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2011-12-10 20464]
S3 MEI;Intel® Management Engine Interface;c:\windows\system32\DRIVERS\HECI.sys [2010-10-20 41088]
S3 NETwNs32;___ Pilote de carte de la série Intel® Wireless WiFi Link 5000 pour Windows 7 32 bits ;c:\windows\system32\DRIVERS\NETwNs32.sys [2010-12-21 7434240]
S3 O2MDRRDR;O2MDRRDR;c:\windows\system32\DRIVERS\O2MDRw7.sys [2011-01-04 62440]
S3 O2SDJRDR;O2SDJRDR;c:\windows\system32\DRIVERS\o2sdjw7.sys [2011-03-23 63976]
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HsfXAudioService REG_MULTI_SZ HsfXAudioService
.
Contenu du dossier 'Tâches planifiées'
.
2012-04-02 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-03-29 18:45]
.
2012-04-01 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-469794345-1138598025-1328498218-1000Core.job
- c:\users\ZAK\AppData\Local\Google\Update\GoogleUpdate.exe [2012-03-27 20:39]
.
2012-04-02 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-469794345-1138598025-1328498218-1000UA.job
- c:\users\ZAK\AppData\Local\Google\Update\GoogleUpdate.exe [2012-03-27 20:39]
.
.
------- Examen supplémentaire -------
.
uStart Page = hxxp://www.google.fr/
uInternet Settings,ProxyOverride = *.local;192.168.*.*
IE: E&xporter vers Microsoft Excel - c:\progra~1\MIF5BA~1\Office14\EXCEL.EXE/3000
IE: Envoyer au périphérique &Bluetooth... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
IE: Envoyer l'&image au périphérique Bluetooth... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
IE: Télécharger avec IDM - c:\program files\Internet Download Manager\IEExt.htm
IE: Télécharger tous les liens avec IDM - c:\program files\Internet Download Manager\IEGetAll.htm
TCP: DhcpNameServer = 192.168.120.254
TCP: Interfaces\{00A44AB7-7949-4A13-B0CC-C559B702D174}: NameServer = 8.26.56.26,156.154.70.22
FF - ProfilePath - c:\users\ZAK\AppData\Roaming\Mozilla\Firefox\Profiles\2uzt2r24.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/ig
FF - prefs.js: keyword.URL - hxxp://www.google.com/search?sourceid=navclient&gfns=1&q=
FF - user.js: network.http.max-persistent-connections-per-server - 4
FF - user.js: content.max.tokenizing.time - 200000
FF - user.js: content.notify.interval - 100000
FF - user.js: content.switch.threshold - 650000
FF - user.js: nglayout.initialpaint.delay - 300
.
.
--------------------- CLES DE REGISTRE BLOQUEES ---------------------
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0003\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
--------------------- DLLs chargées dans les processus actifs ---------------------
.
- - - - - - - > 'lsass.exe'(672)
c:\windows\system32\guard32.dll
c:\windows\system32\wvauth.DLL
.
- - - - - - - > 'Explorer.exe'(1580)
c:\windows\system32\guard32.dll
c:\users\ZAK\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
c:\program files\Dell\Dell Data Protection\Access\Advanced\Wave\Trusted Drive Manager\TdmIconOverlay.dll
c:\program files\WIDCOMM\Bluetooth Software\btmmhook.dll
.
Heure de fin: 2012-04-02 22:42:46
ComboFix-quarantined-files.txt 2012-04-02 20:42
ComboFix2.txt 2012-04-02 18:15
ComboFix3.txt 2012-03-29 17:59
.
Avant-CF: 7 367 327 744 octets libres
Après-CF: 7 311 024 128 octets libres
.
- - End Of File - - E6A12C63D701AC7BE6CB9B9988800644

#8 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:04:34 AM

Posted 02 April 2012 - 04:18 PM

Hello

I would like to see a report that combofix makes.

extra combofix report

  • push the "windows key" + "R" (between the "Ctrl" button and "Alt" Button)
  • please copy and past the following into the box
C:\Qoobox\Add-Remove Programs.txt
  • click ok

copy and paste the report into this topic for me to review

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#9 zakdo

zakdo
  • Topic Starter

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:09:34 AM

Posted 02 April 2012 - 05:53 PM

Hello,
here is the content of Add-Remove Programs.txt :

Adobe Flash Player 11 ActiveX
Adobe Flash Player 11 Plugin
Ant Renamer
Apple Application Support
Apple Mobile Device Support
Apple Software Update
µTorrent
Audacity 1.3.13
AuthenTec Fingerprint Software
avast! Free Antivirus
Binload v1.0.5
BioAPI Framework
BlueStacks (beta-1)
Bonjour
Broadcom NetXtreme-I Netlink Driver and Management Installer
BTS Site Manager
CCleaner
CDisplay 1.8
Citrix Authentication Manager
Citrix Receiver
Citrix Receiver (DV)
Citrix Receiver (Redirection Flash HDX)
Citrix Receiver (USB)
Citrix Receiver Inside
Citrix Receiver(Aero)
COMODO Internet Security
Conexant HDA D330 MDC V.92 Modem
Contrôle ActiveX Windows Live Mesh pour connexions à distance
Custom
CyberLink PowerDVD 9.5
DAEMON Tools Lite
Definition Update for Microsoft Office 2010 (KB982726) 32-Bit Edition
Dell Client System Update
Dell Data Protection | Access
Dell Data Protection | Access | Drivers
Dell Data Protection | Access | Middleware
Dell Edoc Viewer
Dell System Manager
Dell Touchpad
Dell Webcam Central
DellAccess
Digital Line Detect
DirectX 9 Runtime
DiskAid 5.06
Driver Magician 3.62
Dropbox
EMBASSY Security Center
Everything 1.2.1.371
ffdshow [rev 3154] [2009-12-09]
FileZilla Client 3.5.2
Foxit Reader 5.1
FreeMi UPnP Media Server
Gemalto
GIMP 2.6.11
Google Chrome
HandBrake 0.9.5
im360Player_1.1.0
Installation Windows Live
Intel PROSet Wireless
Intel® Control Center
Intel® Identity Protection Technology 1.1.2.0
Intel® Management Engine Components
Intel® Processor Graphics
Internet Download Manager
iTunes
Java Auto Updater
Java™ 6 Update 31
JDownloader 0.9
Logiciel Intel® PROSet/Wireless WiFi
Logitech Touch Mouse Server 1.0
Malwarebytes Anti-Malware version 1.60.1.1000
Microsoft .NET Framework 4 Client Profile
Microsoft .NET Framework 4 Extended
Microsoft Application Error Reporting
Microsoft Choice Guard
Microsoft Office 2010 Service Pack 1 (SP1)
Microsoft Office Access MUI (French) 2010
Microsoft Office Excel MUI (French) 2010
Microsoft Office Groove MUI (French) 2010
Microsoft Office InfoPath MUI (French) 2010
Microsoft Office OneNote MUI (French) 2010
Microsoft Office Outlook MUI (French) 2010
Microsoft Office PowerPoint MUI (French) 2010
Microsoft Office Professional Plus 2010
Microsoft Office Professionnel Plus 2010
Microsoft Office Proof (Arabic) 2010
Microsoft Office Proof (Dutch) 2010
Microsoft Office Proof (English) 2010
Microsoft Office Proof (French) 2010
Microsoft Office Proof (German) 2010
Microsoft Office Proof (Spanish) 2010
Microsoft Office Proofing (French) 2010
Microsoft Office Publisher MUI (French) 2010
Microsoft Office Shared MUI (French) 2010
Microsoft Office Word MUI (French) 2010
Microsoft Silverlight
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
Modem Diagnostic Tool
MotoHelper 2.1.32 Driver 5.4.0
MotoHelper MergeModules
MOTOROLA MEDIA LINK
Motorola Mobile Drivers Installation 5.4.0
Mozilla Firefox 11.0 (x86 fr)
Mozilla Thunderbird 9.0.1 (x86 fr)
MSVCRT
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
MyDefrag v4.3.1
Netwaiting
NTRU TCG Software Stack
O2Micro Flash Memory Card Windows Driver
O2Micro OZ776 SCR Driver
Online Plug-in
Outil de téléchargement Windows Live
Package de pilotes Windows - AuthenTec Inc. (ATSwpWDF) Biometric (05/13/2009 8.4.2.0)
Package de pilotes Windows - Dell Inc. PBADRV System (09/11/2009 1.0.1.6)
PC-CCID
PhotoShowExpress
PL-2303 USB-to-Serial
Preboot Manager
Private Information Manager
RocketDock 1.3.5
Roxio Activation Module
Roxio BackOnTrack
Roxio Burn
Roxio Creator Starter
Roxio Express Labeler 3
Roxio File Backup
RSDLite
Security Update for Microsoft .NET Framework 4 Client Profile (KB2478663)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2633870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)
Security Update for Microsoft .NET Framework 4 Extended (KB2416472)
Security Update for Microsoft .NET Framework 4 Extended (KB2487367)
Security Update for Microsoft .NET Framework 4 Extended (KB2656351)
Security Update for Microsoft Office 2010 (KB2553091)
Security Update for Microsoft Office 2010 (KB2553096)
Security Update for Microsoft Office 2010 (KB2589320) 32-Bit Edition
Security Update for Microsoft PowerPoint 2010 (KB2553185) 32-Bit Edition
Security Update for Microsoft SharePoint Workspace 2010 (KB2566445)
Security Update for Microsoft Visio Viewer 2010 (KB2597170) 32-Bit Edition
Self-Service Plug-in
Sonic CinePlayer Decoder Pack
SPBA 5.9
Splashtop Remote Client
The KMPlayer v3.0.0.1442 R2 Beta FR
Trusted Drive Manager
Update for Microsoft .NET Framework 4 Client Profile (KB2468871)
Update for Microsoft .NET Framework 4 Client Profile (KB2473228)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523)
Update for Microsoft .NET Framework 4 Client Profile (KB2600217)
Update for Microsoft .NET Framework 4 Extended (KB2468871)
Update for Microsoft .NET Framework 4 Extended (KB2533523)
Update for Microsoft .NET Framework 4 Extended (KB2600217)
Update for Microsoft Excel 2010 (KB2553439) 32-Bit Edition
Update for Microsoft Office 2010 (KB2494150)
Update for Microsoft Office 2010 (KB2553065)
Update for Microsoft Office 2010 (KB2553092)
Update for Microsoft Office 2010 (KB2553181) 32-Bit Edition
Update for Microsoft Office 2010 (KB2553270) 32-Bit Edition
Update for Microsoft Office 2010 (KB2553310) 32-Bit Edition
Update for Microsoft Office 2010 (KB2553385) 32-Bit Edition
Update for Microsoft Office 2010 (KB2566458)
Update for Microsoft Office 2010 (KB2596964) 32-Bit Edition
Update for Microsoft Office 2010 (KB2597091) 32-Bit Edition
Update for Microsoft OneNote 2010 (KB2553290) 32-Bit Edition
Update for Microsoft Outlook 2010 (KB2553323) 32-Bit Edition
Update for Microsoft Outlook Social Connector (KB2583935)
Upek Touchchip Fingerprint Reader
VanDyke Software SecureCRT 6.6
VLC media player 1.1.11
Wave Infrastructure Installer
Wave Support Software Installer
WebM Project Directshow Filters
WIDCOMM Bluetooth Software
Windows Live Call
Windows Live Communications Platform
Windows Live Messenger
WinRAR 4.00 (32 bits)
Zimbra Desktop

#10 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:04:34 AM

Posted 03 April 2012 - 05:38 AM

Hello

:P2P Warning!:

IMPORTANT I notice there are signs of one or more P2P (Person to Person) File Sharing Programs on your computer.

Please note that as long as you are using any form of Peer-to-Peer networking and downloading files from non-documented sources, you can expect infestations of malware to occur
Once upon a time, P2P file sharing was fairly safe. That is no longer true. P2P programs form a direct conduit on to your computer, their security measures are easily circumvented and malware writers are increasingly exploiting them to spread their wares on to your computer. Further to that, if your P2P program is not configured correctly, your computer may be sharing more files than you realise. There have been cases where people's passwords, address books and other personal, private, and financial details have been exposed to a file sharing network by a badly configured program.

Please read these short reports on the dangers of peer-2-peer programs and file sharing.

FBI Cyber Education Letter
File sharing infects 500,000 computers
USAToday
infoworld


These logs are looking allot better. But we still have some work to do.

Please print out these instructions, or copy them to a Notepad file. It will make it easier for you to follow the instructions and complete all of the necessary steps..

uninstall some programs

NOTE** Because of the cleanup process some of the programs I have listed may not be in add/remove anymore this is fine just move to the next item on the list.

You can remove these programs using add/remove or you can use the free uninstaller from Revo (Revo does allot better of a job)

Programs to remove

µTorrent [/list]


  • Please download and install Revo Uninstaller Free
  • Double click Revo Uninstaller to run it.
  • From the list of programs double click on The Program to remove
  • When prompted if you want to uninstall click Yes.
  • Be sure the Moderate option is selected then click Next.
  • The program will run, If prompted again click Yes
  • when the built-in uninstaller is finished click on Next.
  • Once the program has searched for leftovers click Next.
  • Check/tick the bolded items only on the list then click Delete
  • when prompted click on Yes and then on next.
  • put a check on any folders that are found and select delete
  • when prompted select yes then on next
  • Once done click Finish.
.


Clean Out Temp Files

  • This small application you may want to keep and use once a week to keep the computer clean.

    Download CCleaner from here http://www.ccleaner.com/

  • Run the installer to install the application.
  • When it gives you the option to install Yahoo toolbar uncheck the box next to it.
  • Run CCleaner. (make sure under Windows tab all the boxes of Internet Explorer and Windows explorer are checked. Under System check Empty Recycle Bin and Temporary Files. Under Application tab all the boxes should be checked).
  • Click Run Cleaner.
  • Close CCleaner.

: Malwarebytes' Anti-Malware :

  • I would like you to rerun MBAM
  • Double-click mbam icon
  • go to the update tab at the top
  • click on check for updates
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select Perform quick scan, then click Scan.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Be sure that everything is Checked (ticked) except items in the C:\System Volume Information folder and click on Remove Selected.
  • When completed, a log will open in Notepad. please copy and paste the log into your next reply
  • If you accidentally close it, the log file is saved here and will be named like this:
  • C:\Documents and Settings\Username\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Logs\mbam-log-date (time).txt

Note: If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts.
Click OK to either and let MBAM proceed with the disinfection process.
If asked to restart the computer, please do so immediately. Failure to reboot will prevent MBAM from removing all the malware.


Download HijackThis

If you have any problems running Hijackthis see NOTE** below (Host file not read, blank notepad ...)

  • Go Here to download HijackThis Installer
  • Save HijackThis Installer to your desktop.
  • Double-click on the HijackThis Installer icon on your desktop. (Vista and Win 7 right click and run as admin)
  • By default it will install to C:\Program Files\Trend Micro\HijackThis .
  • Click on Install.
  • It will create a HijackThis icon on the desktop.
  • Once installed it will launch Hijackthis.
  • Click on the Do a system scan and save a log file button. It will scan and the log should open in notepad.
  • Click on Edit > Select All then click on Edit > Copy to copy the entire contents of the log.
  • Come back here to this thread and Paste the log in your next reply.
  • DO NOT use the Analyze This button its findings are dangerous if misinterpreted.
  • DO NOT have Hijackthis fix anything yet. Most of what it finds will be harmless or even required.

NOTE**
sometimes we have to run it like this To run HijackThis as an administrator, right-click HijackThis.exe
(located: C:\Program Files\Trend Micro\HiJackThis\HiJackThis.exe)<--32bit
(located: C:\Program Files(86)\Trend Micro\HiJackThis\HiJackThis.exe)<--64bit
and select to run as administrator

"information and logs"

  • In your next post I need the following

  • Log From MBAM
  • report from Hijackthis
  • let me know of any problems you may have had
  • How is the computer doing now?

Gringo

I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#11 zakdo

zakdo
  • Topic Starter

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:09:34 AM

Posted 03 April 2012 - 08:18 AM

Hello, nothing to report.
Below my logs :

Log From MBAM :

Malwarebytes Anti-Malware (PRO) 1.60.1.1000
www.malwarebytes.org

Version de la base de données: v2012.04.03.06

Windows 7 Service Pack 1 x86 NTFS
Internet Explorer 9.0.8112.16421
ZAK :: ZAK-PC [administrateur]

Protection: Activé

03/04/2012 14:35:52
mbam-log-2012-04-03 (14-35-52).txt

Type d'examen: Examen rapide
Options d'examen activées: Mémoire | Démarrage | Registre | Système de fichiers | Heuristique/Extra | Heuristique/Shuriken | PUP | PUM | P2P
Options d'examen désactivées:
Elément(s) analysé(s): 208897
Temps écoulé: 6 minute(s), 39 seconde(s)

Processus mémoire détecté(s): 0
(Aucun élément nuisible détecté)

Module(s) mémoire détecté(s): 0
(Aucun élément nuisible détecté)

Clé(s) du Registre détectée(s): 0
(Aucun élément nuisible détecté)

Valeur(s) du Registre détectée(s): 0
(Aucun élément nuisible détecté)

Elément(s) de données du Registre détecté(s): 0
(Aucun élément nuisible détecté)

Dossier(s) détecté(s): 0
(Aucun élément nuisible détecté)

Fichier(s) détecté(s): 0
(Aucun élément nuisible détecté)

(fin)

Report from Hijackthis :

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 14:49:07, on 03/04/2012
Platform: Windows 7 SP1 (WinNT 6.00.3505)
MSIE: Internet Explorer v9.00 (9.00.8112.16421)
Boot mode: Normal

Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Motorola\MotoHelper\MotoHelperAgent.exe
C:\Windows\system32\taskhost.exe
C:\Program Files\DellTPad\Apoint.exe
C:\Program Files\IDT\WDM\sttray.exe
C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe
C:\Program Files\Dell\Dell Data Protection\Access\Advanced\Wave\Trusted Drive Manager\TdmNotify.exe
C:\Program Files\Dell Webcam\Dell Webcam Central\WebcamDell2.exe
C:\Program Files\CyberLink\PowerDVD9\PDVD9Serv.exe
C:\Program Files\Roxio\OEM\Roxio Burn\RoxioBurnLauncher.exe
C:\Program Files\DellTPad\ApMsgFwd.exe
C:\Program Files\Everything\Everything.exe
C:\Windows\System32\igfxtray.exe
C:\Windows\System32\hkcmd.exe
C:\Program Files\DellTPad\HidFind.exe
C:\Windows\System32\igfxpers.exe
C:\Program Files\DellTPad\Apntex.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Windows\system32\conhost.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe
C:\Program Files\AVAST Software\Avast\AvastUI.exe
C:\Program Files\Comodo\COMODO Internet Security\cfp.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Program Files\RocketDock\RocketDock.exe
C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
C:\Program Files\Dell\Dell System Manager\DCPSysMgr.exe
C:\Program Files\Digital Line Detect\DLG.exe
C:\Windows\system32\igfxext.exe
C:\Program Files\Internet Download Manager\IEMonitor.exe
C:\Program Files\Internet Download Manager\IDMan.exe
C:\Program Files\Zimbra\Zimbra Desktop\win32\prism\zdclient.exe
C:\Program Files\Zimbra\Zimbra Desktop\win32\zdesktop.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Trend Micro\HiJackThis\HiJackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.fr/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O2 - BHO: IDM Helper - {0055C089-8582-441B-A0BF-17B458C2A3A8} - C:\Program Files\Internet Download Manager\IDMIECC.dll
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MIF5BA~1\Office14\GROOVEEX.DLL
O2 - BHO: Java™ Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: avast! WebRep - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll
O2 - BHO: URLRedirectionBHO - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~1\MIF5BA~1\Office14\URLREDIR.DLL
O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O3 - Toolbar: avast! WebRep - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll
O4 - HKLM\..\Run: [Apoint] C:\Program Files\DellTPad\Apoint.exe
O4 - HKLM\..\Run: [SysTrayApp] C:\Program Files\IDT\WDM\sttray.exe
O4 - HKLM\..\Run: [IntelPROSet] "C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe" /tf Intel PROSet/Wireless
O4 - HKLM\..\Run: [TdmNotify] C:\Program Files\Dell\Dell Data Protection\Access\Advanced\Wave\Trusted Drive Manager\TdmNotify.exe
O4 - HKLM\..\Run: [Dell Webcam Central] "C:\Program Files\Dell Webcam\Dell Webcam Central\WebcamDell2.exe" /mode2
O4 - HKLM\..\Run: [RemoteControl9] "C:\Program Files\CyberLink\PowerDVD9\PDVD9Serv.exe"
O4 - HKLM\..\Run: [PDVD9LanguageShortcut] "C:\Program Files\CyberLink\PowerDVD9\Language\Language.exe"
O4 - HKLM\..\Run: [RoxWatchTray] "C:\Program Files\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxWatchTray12OEM.exe"
O4 - HKLM\..\Run: [Desktop Disc Tool] "C:\Program Files\Roxio\OEM\Roxio Burn\RoxioBurnLauncher.exe"
O4 - HKLM\..\Run: [BCSSync] "C:\Program Files\Microsoft Office\Office14\BCSSync.exe" /DelayServices
O4 - HKLM\..\Run: [APSDaemon] "C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe"
O4 - HKLM\..\Run: [Everything] "C:\Program Files\Everything\Everything.exe" -startup
O4 - HKLM\..\Run: [IgfxTray] C:\Windows\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\Windows\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] C:\Windows\system32\igfxpers.exe
O4 - HKLM\..\Run: [ConnectionCenter] "C:\Program Files\Citrix\ICA Client\concentr.exe" /startup
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [Malwarebytes' Anti-Malware] "C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray
O4 - HKLM\..\Run: [avast] "C:\Program Files\AVAST Software\Avast\avastUI.exe" /nogui
O4 - HKLM\..\Run: [COMODO Internet Security] "C:\Program Files\COMODO\COMODO Internet Security\cfp.exe" -h
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
O4 - HKCU\..\Run: [IDMan] C:\Program Files\Internet Download Manager\IDMan.exe /onboot
O4 - HKCU\..\Run: [RocketDock] "C:\Program Files\RocketDock\RocketDock.exe"
O4 - HKCU\..\Run: [BlueStacks Agent] C:\Program Files\BlueStacks\HD-Agent.exe
O4 - HKCU\..\Run: [BlueStacks App Player] C:\Program Files\BlueStacks\HD-FrontEnd.exe Android hidemode
O4 - Startup: Dropbox.lnk = ZAK\AppData\Roaming\Dropbox\bin\Dropbox.exe
O4 - Global Startup: Bluetooth.lnk = ?
O4 - Global Startup: Dell System Manager.lnk = C:\Program Files\Dell\Dell System Manager\DCPSysMgr.exe
O4 - Global Startup: Digital Line Detect.lnk = C:\Program Files\Digital Line Detect\DLG.exe
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MIF5BA~1\Office14\EXCEL.EXE/3000
O8 - Extra context menu item: Envoyer au périphérique &Bluetooth... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O8 - Extra context menu item: Envoyer l'&image au périphérique Bluetooth... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
O8 - Extra context menu item: Télécharger avec IDM - C:\Program Files\Internet Download Manager\IEExt.htm
O8 - Extra context menu item: Télécharger tous les liens avec IDM - C:\Program Files\Internet Download Manager\IEGetAll.htm
O9 - Extra button: @C:\Program Files\WIDCOMM\Bluetooth Software\btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra 'Tools' menuitem: @C:\Program Files\WIDCOMM\Bluetooth Software\btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O17 - HKLM\System\CCS\Services\Tcpip\..\{00A44AB7-7949-4A13-B0CC-C559B702D174}: NameServer = 8.26.56.26,156.154.70.22
O17 - HKLM\System\CCS\Services\Tcpip\..\{5BA61609-16ED-4FC1-B080-6D6BA08407F5}: NameServer = 10.127.1.200
O17 - HKLM\System\CCS\Services\Tcpip\..\{CBFF9378-4F5B-4661-9EB9-50650DACCC7F}: NameServer = 172.18.25.200
O17 - HKLM\System\CS1\Services\Tcpip\..\{00A44AB7-7949-4A13-B0CC-C559B702D174}: NameServer = 8.26.56.26,156.154.70.22
O17 - HKLM\System\CS2\Services\Tcpip\..\{00A44AB7-7949-4A13-B0CC-C559B702D174}: NameServer = 8.26.56.26,156.154.70.22
O18 - Filter: application/x-ica - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll
O18 - Filter: application/x-ica; charset=euc-jp - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll
O18 - Filter: application/x-ica; charset=ISO-8859-1 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll
O18 - Filter: application/x-ica; charset=MS936 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll
O18 - Filter: application/x-ica; charset=MS949 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll
O18 - Filter: application/x-ica; charset=MS950 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll
O18 - Filter: application/x-ica; charset=UTF-8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll
O18 - Filter: application/x-ica; charset=UTF8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll
O18 - Filter: application/x-ica;charset=euc-jp - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll
O18 - Filter: application/x-ica;charset=ISO-8859-1 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll
O18 - Filter: application/x-ica;charset=MS936 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll
O18 - Filter: application/x-ica;charset=MS949 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll
O18 - Filter: application/x-ica;charset=MS950 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll
O18 - Filter: application/x-ica;charset=UTF-8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll
O18 - Filter: application/x-ica;charset=UTF8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll
O18 - Filter hijack: ica - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll
O18 - Filter hijack: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
O20 - AppInit_DLLs: C:\Windows\System32\guard32.dll
O20 - Winlogon Notify: spba - C:\Program Files\Common Files\SPBA\homefus2.dll
O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
O23 - Service: @%SystemRoot%\system32\aelupsvc.dll,-1 (AeLookupSvc) - Unknown owner - C:\Windows\system32\svchost.exe
O23 - Service: Andrea ST Filters Service (AESTFilters) - Andrea Electronics Corporation - C:\Program Files\IDT\WDM\aestsrv.exe
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe
O23 - Service: @%systemroot%\system32\appidsvc.dll,-100 (AppIDSvc) - Unknown owner - C:\Windows\system32\svchost.exe
O23 - Service: @%systemroot%\system32\appinfo.dll,-100 (Appinfo) - Unknown owner - C:\Windows\system32\svchost.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
O23 - Service: @appmgmts.dll,-3250 (AppMgmt) - Unknown owner - C:\Windows\system32\svchost.exe
O23 - Service: AuthenTec Fingerprint Service (ATService) - AuthenTec, Inc. - C:\Program Files\Fingerprint Sensor\AtService.exe
O23 - Service: @%SystemRoot%\system32\audiosrv.dll,-204 (AudioEndpointBuilder) - Unknown owner - C:\Windows\System32\svchost.exe
O23 - Service: @%SystemRoot%\system32\audiosrv.dll,-200 (Audiosrv) - Unknown owner - C:\Windows\System32\svchost.exe
O23 - Service: avast! Antivirus - AVAST Software - C:\Program Files\AVAST Software\Avast\AvastSvc.exe
O23 - Service: @%SystemRoot%\system32\AxInstSV.dll,-103 (AxInstSV) - Unknown owner - C:\Windows\system32\svchost.exe
O23 - Service: @%SystemRoot%\system32\bdesvc.dll,-100 (BDESVC) - Unknown owner - C:\Windows\System32\svchost.exe
O23 - Service: @%SystemRoot%\system32\bfe.dll,-1001 (BFE) - Unknown owner - C:\Windows\system32\svchost.exe
O23 - Service: @%SystemRoot%\system32\qmgr.dll,-1000 (BITS) - Unknown owner - C:\Windows\system32\svchost.exe
O23 - Service: Service Bonjour (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Broadcom Management Agent (BrcmMgmtAgent) - Broadcom Corporation - C:\Program Files\Broadcom\MgmtAgent\BrcmMgmtAgent.exe
O23 - Service: @%systemroot%\system32\browser.dll,-100 (Browser) - Unknown owner - C:\Windows\system32\svchost.exe
O23 - Service: BlueStacks Android Service (BstHdAndroidSvc) - BlueStack Systems, Inc. - C:\Program Files\BlueStacks\HD-Service.exe
O23 - Service: BlueStacks Log Rotator Service (BstHdLogRotatorSvc) - BlueStack Systems, Inc. - C:\Program Files\BlueStacks\HD-LogRotatorService.exe
O23 - Service: @%SystemRoot%\System32\bthserv.dll,-101 (bthserv) - Unknown owner - C:\Windows\system32\svchost.exe
O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe
O23 - Service: @%SystemRoot%\System32\certprop.dll,-11 (CertPropSvc) - Unknown owner - C:\Windows\system32\svchost.exe
O23 - Service: COMODO Internet Security Helper Service (cmdAgent) - COMODO - C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe
O23 - Service: @%SystemRoot%\system32\cryptsvc.dll,-1001 (CryptSvc) - Unknown owner - C:\Windows\system32\svchost.exe
O23 - Service: @%systemroot%\system32\cscsvc.dll,-200 (CscService) - Unknown owner - C:\Windows\System32\svchost.exe
O23 - Service: @oleres.dll,-5012 (DcomLaunch) - Unknown owner - C:\Windows\system32\svchost.exe
O23 - Service: Dell System Manager Service (dcpsysmgrsvc) - Dell Inc. - c:\Program Files\Dell\Dell System Manager\DCPSysMgrSvc.exe
O23 - Service: @%SystemRoot%\system32\defragsvc.dll,-101 (defragsvc) - Unknown owner - C:\Windows\system32\svchost.exe
O23 - Service: DeviceMonitorService - Nero AG - C:\Program Files\Motorola Media Link\Lite\NServiceEntry.exe
O23 - Service: @%SystemRoot%\system32\dhcpcore.dll,-100 (Dhcp) - Unknown owner - C:\Windows\system32\svchost.exe
O23 - Service: @%SystemRoot%\System32\dnsapi.dll,-101 (Dnscache) - Unknown owner - C:\Windows\system32\svchost.exe
O23 - Service: @%systemroot%\system32\dot3svc.dll,-1102 (dot3svc) - Unknown owner - C:\Windows\system32\svchost.exe
O23 - Service: @%systemroot%\system32\dps.dll,-500 (DPS) - Unknown owner - C:\Windows\System32\svchost.exe
O23 - Service: @%systemroot%\system32\eapsvc.dll,-1 (EapHost) - Unknown owner - C:\Windows\System32\svchost.exe
O23 - Service: @%SystemRoot%\ehome\ehrecvr.exe,-101 (ehRecvr) - Unknown owner - C:\Windows\ehome\ehRecvr.exe
O23 - Service: @%SystemRoot%\ehome\ehsched.exe,-101 (ehSched) - Unknown owner - C:\Windows\ehome\ehsched.exe
O23 - Service: @%SystemRoot%\system32\wevtsvc.dll,-200 (eventlog) - Unknown owner - C:\Windows\System32\svchost.exe
O23 - Service: @comres.dll,-2450 (EventSystem) - Unknown owner - C:\Windows\system32\svchost.exe
O23 - Service: Intel® PROSet/Wireless Event Log (EvtEng) - Intel® Corporation - C:\Program Files\Intel\WiFi\bin\EvtEng.exe
O23 - Service: @%systemroot%\system32\fdPHost.dll,-100 (fdPHost) - Unknown owner - C:\Windows\system32\svchost.exe
O23 - Service: @%systemroot%\system32\fdrespub.dll,-100 (FDResPub) - Unknown owner - C:\Windows\system32\svchost.exe
O23 - Service: @%systemroot%\system32\FntCache.dll,-100 (FontCache) - Unknown owner - C:\Windows\system32\svchost.exe
O23 - Service: @gpapi.dll,-112 (gpsvc) - Unknown owner - C:\Windows\system32\svchost.exe
O23 - Service: @%SystemRoot%\System32\hidserv.dll,-101 (hidserv) - Unknown owner - C:\Windows\system32\svchost.exe
O23 - Service: @%SystemRoot%\system32\kmsvc.dll,-6 (hkmsvc) - Unknown owner - C:\Windows\System32\svchost.exe
O23 - Service: @%SystemRoot%\System32\ListSvc.dll,-100 (HomeGroupListener) - Unknown owner - C:\Windows\System32\svchost.exe
O23 - Service: @%SystemRoot%\System32\provsvc.dll,-100 (HomeGroupProvider) - Unknown owner - C:\Windows\System32\svchost.exe
O23 - Service: HsfXAudioService - Unknown owner - C:\Windows\system32\svchost.exe
O23 - Service: @%SystemRoot%\system32\ikeext.dll,-501 (IKEEXT) - Unknown owner - C:\Windows\system32\svchost.exe
O23 - Service: @%systemroot%\system32\IPBusEnum.dll,-102 (IPBusEnum) - Unknown owner - C:\Windows\system32\svchost.exe
O23 - Service: @%SystemRoot%\system32\iphlpsvc.dll,-500 (iphlpsvc) - Unknown owner - C:\Windows\System32\svchost.exe
O23 - Service: Service de l’iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Intel® Identity Protection Technology Host Interface Service (jhi_service) - Intel Corporation - C:\Program Files\Intel\Services\IPT\jhi_service.exe
O23 - Service: @comres.dll,-2946 (KtmRm) - Unknown owner - C:\Windows\System32\svchost.exe
O23 - Service: @%systemroot%\system32\srvsvc.dll,-100 (LanmanServer) - Unknown owner - C:\Windows\system32\svchost.exe
O23 - Service: @%systemroot%\system32\wkssvc.dll,-100 (LanmanWorkstation) - Unknown owner - C:\Windows\System32\svchost.exe
O23 - Service: @%SystemRoot%\system32\lltdres.dll,-1 (lltdsvc) - Unknown owner - C:\Windows\System32\svchost.exe
O23 - Service: @%SystemRoot%\system32\lmhsvc.dll,-101 (lmhosts) - Unknown owner - C:\Windows\system32\svchost.exe
O23 - Service: Intel® Management and Security Application Local Management Service (LMS) - Intel Corporation - C:\Program Files\Intel\Intel® Management Engine Components\LMS\LMS.exe
O23 - Service: MBAMService - Malwarebytes Corporation - C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
O23 - Service: @%systemroot%\system32\mmcss.dll,-100 (MMCSS) - Unknown owner - C:\Windows\system32\svchost.exe
O23 - Service: MotoHelper Service (MotoHelper) - Unknown owner - C:\Program Files\Motorola\MotoHelper\MotoHelperService.exe
O23 - Service: @%SystemRoot%\system32\FirewallAPI.dll,-23090 (MpsSvc) - Unknown owner - C:\Windows\system32\svchost.exe
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe
O23 - Service: @%SystemRoot%\system32\iscsidsc.dll,-5000 (MSiSCSI) - Unknown owner - C:\Windows\system32\svchost.exe
O23 - Service: @%SystemRoot%\system32\msimsg.dll,-27 (msiserver) - Unknown owner - C:\Windows\system32\msiexec.exe
O23 - Service: @%SystemRoot%\system32\qagentrt.dll,-6 (napagent) - Unknown owner - C:\Windows\System32\svchost.exe
O23 - Service: @%SystemRoot%\system32\netman.dll,-109 (Netman) - Unknown owner - C:\Windows\System32\svchost.exe
O23 - Service: @%SystemRoot%\system32\netprofm.dll,-202 (netprofm) - Unknown owner - C:\Windows\System32\svchost.exe
O23 - Service: @%SystemRoot%\System32\nlasvc.dll,-1 (NlaSvc) - Unknown owner - C:\Windows\System32\svchost.exe
O23 - Service: @%SystemRoot%\system32\nsisvc.dll,-200 (nsi) - Unknown owner - C:\Windows\system32\svchost.exe
O23 - Service: O2FLASH - O2Micro International - C:\Windows\system32\DRIVERS\o2flash.exe
O23 - Service: O2SDIOAssist - Unknown owner - c:\Windows\system32\srvany.exe
O23 - Service: @%SystemRoot%\system32\pnrpsvc.dll,-8004 (p2pimsvc) - Unknown owner - C:\Windows\System32\svchost.exe
O23 - Service: @%SystemRoot%\system32\p2psvc.dll,-8006 (p2psvc) - Unknown owner - C:\Windows\System32\svchost.exe
O23 - Service: @%SystemRoot%\system32\pcasvc.dll,-1 (PcaSvc) - Unknown owner - C:\Windows\system32\svchost.exe
O23 - Service: @%SystemRoot%\system32\peerdistsvc.dll,-9000 (PeerDistSvc) - Unknown owner - C:\Windows\System32\svchost.exe
O23 - Service: @%systemroot%\system32\pla.dll,-500 (pla) - Unknown owner - C:\Windows\System32\svchost.exe
O23 - Service: @%SystemRoot%\system32\umpnpmgr.dll,-100 (PlugPlay) - Unknown owner - C:\Windows\system32\svchost.exe
O23 - Service: @%SystemRoot%\system32\pnrpauto.dll,-8002 (PNRPAutoReg) - Unknown owner - C:\Windows\System32\svchost.exe
O23 - Service: @%SystemRoot%\system32\pnrpsvc.dll,-8000 (PNRPsvc) - Unknown owner - C:\Windows\System32\svchost.exe
O23 - Service: @%SystemRoot%\System32\polstore.dll,-5010 (PolicyAgent) - Unknown owner - C:\Windows\system32\svchost.exe
O23 - Service: @%SystemRoot%\system32\umpo.dll,-100 (Power) - Unknown owner - C:\Windows\system32\svchost.exe
O23 - Service: @%systemroot%\system32\profsvc.dll,-300 (ProfSvc) - Unknown owner - C:\Windows\system32\svchost.exe
O23 - Service: @%SystemRoot%\system32\qwave.dll,-1 (QWAVE) - Unknown owner - C:\Windows\system32\svchost.exe
O23 - Service: @%Systemroot%\system32\rasauto.dll,-200 (RasAuto) - Unknown owner - C:\Windows\System32\svchost.exe
O23 - Service: @%Systemroot%\system32\rasmans.dll,-200 (RasMan) - Unknown owner - C:\Windows\System32\svchost.exe
O23 - Service: Intel® PROSet/Wireless Registry Service (RegSrvc) - Intel® Corporation - C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
O23 - Service: @regsvc.dll,-1 (RemoteRegistry) - Unknown owner - C:\Windows\system32\svchost.exe
O23 - Service: RoxMediaDB12OEM - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxMediaDB12OEM.exe
O23 - Service: Roxio Hard Drive Watcher 12 (RoxWatch12) - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxWatch12OEM.exe
O23 - Service: @%windir%\system32\RpcEpMap.dll,-1001 (RpcEptMapper) - Unknown owner - C:\Windows\system32\svchost.exe
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe
O23 - Service: @oleres.dll,-5010 (RpcSs) - Unknown owner - C:\Windows\system32\svchost.exe
O23 - Service: @%SystemRoot%\System32\SCardSvr.dll,-1 (SCardSvr) - Unknown owner - C:\Windows\system32\svchost.exe
O23 - Service: @%SystemRoot%\system32\schedsvc.dll,-100 (Schedule) - Unknown owner - C:\Windows\System32\svchost.exe
O23 - Service: @%SystemRoot%\System32\certprop.dll,-13 (SCPolicySvc) - Unknown owner - C:\Windows\system32\svchost.exe
O23 - Service: @%SystemRoot%\system32\sdrsvc.dll,-107 (SDRSVC) - Unknown owner - C:\Windows\system32\svchost.exe
O23 - Service: @%SystemRoot%\system32\seclogon.dll,-7001 (seclogon) - Unknown owner - C:\Windows\system32\svchost.exe
O23 - Service: SecureStorageService - Wave Systems Corp. - C:\Program Files\Dell\Dell Data Protection\Access\Advanced\Wave\Secure Storage Manager\SecureStorageService.exe
O23 - Service: @%SystemRoot%\system32\Sens.dll,-200 (SENS) - Unknown owner - C:\Windows\system32\svchost.exe
O23 - Service: @%SystemRoot%\System32\sensrsvc.dll,-1000 (SensrSvc) - Unknown owner - C:\Windows\system32\svchost.exe
O23 - Service: @%SystemRoot%\System32\SessEnv.dll,-1026 (SessionEnv) - Unknown owner - C:\Windows\System32\svchost.exe
O23 - Service: @%SystemRoot%\system32\ipnathlp.dll,-106 (SharedAccess) - Unknown owner - C:\Windows\System32\svchost.exe
O23 - Service: @%SystemRoot%\System32\shsvcs.dll,-12288 (ShellHWDetection) - Unknown owner - C:\Windows\System32\svchost.exe
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe
O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe
O23 - Service: @%SystemRoot%\system32\sppuinotify.dll,-103 (sppuinotify) - Unknown owner - C:\Windows\system32\svchost.exe
O23 - Service: @%systemroot%\system32\ssdpsrv.dll,-100 (SSDPSRV) - Unknown owner - C:\Windows\system32\svchost.exe
O23 - Service: @%SystemRoot%\system32\sstpsvc.dll,-200 (SstpSvc) - Unknown owner - C:\Windows\system32\svchost.exe
O23 - Service: Splashtop Software Updater Service (SSUService) - Splashtop Inc. - C:\Program Files\Splashtop\Splashtop Software Updater\SSUService.exe
O23 - Service: @%SystemRoot%\system32\stlang.dll,-10101 (STacSV) - IDT, Inc. - C:\Program Files\IDT\WDM\STacSV.exe
O23 - Service: @%SystemRoot%\system32\wiaservc.dll,-9 (StiSvc) - Unknown owner - C:\Windows\system32\svchost.exe
O23 - Service: stllssvr - MicroVision Development, Inc. - C:\Program Files\Common Files\SureThing Shared\stllssvr.exe
O23 - Service: @%SystemRoot%\System32\StorSvc.dll,-100 (StorSvc) - Unknown owner - C:\Windows\System32\svchost.exe
O23 - Service: @%SystemRoot%\System32\swprv.dll,-103 (swprv) - Unknown owner - C:\Windows\System32\svchost.exe
O23 - Service: @%SystemRoot%\system32\sysmain.dll,-1000 (SysMain) - Unknown owner - C:\Windows\system32\svchost.exe
O23 - Service: @%SystemRoot%\system32\TabSvc.dll,-100 (TabletInputService) - Unknown owner - C:\Windows\System32\svchost.exe
O23 - Service: @%SystemRoot%\system32\tapisrv.dll,-10100 (TapiSrv) - Unknown owner - C:\Windows\System32\svchost.exe
O23 - Service: @%SystemRoot%\system32\tbssvc.dll,-100 (TBS) - Unknown owner - C:\Windows\System32\svchost.exe
O23 - Service: NTRU TSS v1.2.1.36 TCS (tcsd_win32.exe) - Unknown owner - C:\Program Files\NTRU Cryptosystems\NTRU TCG Software Stack\bin\tcsd_win32.exe
O23 - Service: TdmService - Wave Systems Corp. - C:\Program Files\Dell\Dell Data Protection\Access\Advanced\Wave\Trusted Drive Manager\TdmService.exe
O23 - Service: @%SystemRoot%\System32\termsrv.dll,-268 (TermService) - Unknown owner - C:\Windows\System32\svchost.exe
O23 - Service: @%SystemRoot%\System32\themeservice.dll,-8192 (Themes) - Unknown owner - C:\Windows\System32\svchost.exe
O23 - Service: @%systemroot%\system32\mmcss.dll,-102 (THREADORDER) - Unknown owner - C:\Windows\system32\svchost.exe
O23 - Service: @%SystemRoot%\system32\trkwks.dll,-1 (TrkWks) - Unknown owner - C:\Windows\System32\svchost.exe
O23 - Service: @%SystemRoot%\servicing\TrustedInstaller.exe,-100 (TrustedInstaller) - Unknown owner - C:\Windows\servicing\TrustedInstaller.exe
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe
O23 - Service: @%SystemRoot%\system32\umrdp.dll,-1000 (UmRdpService) - Unknown owner - C:\Windows\System32\svchost.exe
O23 - Service: Intel® Management and Security Application User Notification Service (UNS) - Intel Corporation - C:\Program Files\Intel\Intel® Management Engine Components\UNS\UNS.exe
O23 - Service: @%systemroot%\system32\upnphost.dll,-213 (upnphost) - Unknown owner - C:\Windows\system32\svchost.exe
O23 - Service: @%SystemRoot%\system32\dwm.exe,-2000 (UxSms) - Unknown owner - C:\Windows\System32\svchost.exe
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe
O23 - Service: @%SystemRoot%\system32\w32time.dll,-200 (W32Time) - Unknown owner - C:\Windows\system32\svchost.exe
O23 - Service: Wave Authentication Manager Service - Wave Systems Corp. - C:\Program Files\Dell\Dell Data Protection\Access\Advanced\Wave\Authentication Manager\WaveAMService.exe
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe
O23 - Service: @%systemroot%\system32\wbiosrvc.dll,-100 (WbioSrvc) - Unknown owner - C:\Windows\system32\svchost.exe
O23 - Service: @%SystemRoot%\system32\wcncsvc.dll,-3 (wcncsvc) - Unknown owner - C:\Windows\System32\svchost.exe
O23 - Service: @%SystemRoot%\system32\WcsPlugInService.dll,-200 (WcsPlugInService) - Unknown owner - C:\Windows\system32\svchost.exe
O23 - Service: @%systemroot%\system32\wdi.dll,-502 (WdiServiceHost) - Unknown owner - C:\Windows\System32\svchost.exe
O23 - Service: @%systemroot%\system32\wdi.dll,-500 (WdiSystemHost) - Unknown owner - C:\Windows\System32\svchost.exe
O23 - Service: @%systemroot%\system32\webclnt.dll,-100 (WebClient) - Unknown owner - C:\Windows\system32\svchost.exe
O23 - Service: @%SystemRoot%\system32\wecsvc.dll,-200 (Wecsvc) - Unknown owner - C:\Windows\system32\svchost.exe
O23 - Service: @%SystemRoot%\System32\wercplsupport.dll,-101 (wercplsupport) - Unknown owner - C:\Windows\System32\svchost.exe
O23 - Service: @%SystemRoot%\System32\wersvc.dll,-100 (WerSvc) - Unknown owner - C:\Windows\System32\svchost.exe
O23 - Service: @%ProgramFiles%\Windows Defender\MsMpRes.dll,-103 (WinDefend) - Unknown owner - C:\Windows\System32\svchost.exe
O23 - Service: @%SystemRoot%\system32\winhttp.dll,-100 (WinHttpAutoProxySvc) - Unknown owner - C:\Windows\system32\svchost.exe
O23 - Service: @%Systemroot%\system32\wbem\wmisvc.dll,-205 (Winmgmt) - Unknown owner - C:\Windows\system32\svchost.exe
O23 - Service: @%Systemroot%\system32\wsmsvc.dll,-101 (WinRM) - Unknown owner - C:\Windows\System32\svchost.exe
O23 - Service: @%SystemRoot%\System32\wlansvc.dll,-257 (Wlansvc) - Unknown owner - C:\Windows\system32\svchost.exe
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe
O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files\Windows Media Player\wmpnetwk.exe
O23 - Service: @%SystemRoot%\system32\wpcsvc.dll,-100 (WPCSvc) - Unknown owner - C:\Windows\system32\svchost.exe
O23 - Service: @%SystemRoot%\system32\wpdbusenum.dll,-100 (WPDBusEnum) - Unknown owner - C:\Windows\system32\svchost.exe
O23 - Service: @%SystemRoot%\System32\wscsvc.dll,-200 (wscsvc) - Unknown owner - C:\Windows\System32\svchost.exe
O23 - Service: @%systemroot%\system32\SearchIndexer.exe,-103 (WSearch) - Unknown owner - C:\Windows\system32\SearchIndexer.exe
O23 - Service: @%systemroot%\system32\wuaueng.dll,-105 (wuauserv) - Unknown owner - C:\Windows\system32\svchost.exe
O23 - Service: @%SystemRoot%\system32\wudfsvc.dll,-1000 (wudfsvc) - Unknown owner - C:\Windows\system32\svchost.exe
O23 - Service: @%SystemRoot%\System32\wwansvc.dll,-257 (WwanSvc) - Unknown owner - C:\Windows\system32\svchost.exe
O23 - Service: Intel® PROSet/Wireless ZeroConfig Service (ZcfgSvc7) - Intel® Corporation - C:\Program Files\Intel\WiFi\bin\ZCfgSvc7.exe

--
End of file - 30080 bytes

#12 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:04:34 AM

Posted 03 April 2012 - 10:29 PM

Greetings

These logs are looking very good, we are almost done!!! Just one more scan to go.

:Remove unneeded start-up entries:

This part of the fix is purely optional
These are programs that start up when you turn on your computer but don't need to be, any of these programs you can click on their icons (or start from the control panel) and start the program when you need it. By stopping these programs you will boot up faster and your computer will work faster.

If you have any problems running Hijackthis see NOTE** below (Host file not read, blank notepad ...)

  • Run HijackThis
  • Click on the Scan button
  • Put a check beside all of the items listed below (if present):

    • O4 - HKLM\..\Run: [SysTrayApp] C:\Program Files\IDT\WDM\sttray.exe
      O4 - HKLM\..\Run: [Dell Webcam Central] "C:\Program Files\Dell Webcam\Dell Webcam Central\WebcamDell2.exe" /mode2
      O4 - HKLM\..\Run: [RemoteControl9] "C:\Program Files\CyberLink\PowerDVD9\PDVD9Serv.exe"
      O4 - HKLM\..\Run: [PDVD9LanguageShortcut] "C:\Program Files\CyberLink\PowerDVD9\Language\Language.exe"
      O4 - HKLM\..\Run: [RoxWatchTray] "C:\Program Files\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxWatchTray12OEM.exe"
      O4 - HKLM\..\Run: [Desktop Disc Tool] "C:\Program Files\Roxio\OEM\Roxio Burn\RoxioBurnLauncher.exe"
      O4 - HKLM\..\Run: [APSDaemon] "C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe"
      O4 - HKLM\..\Run: [Everything] "C:\Program Files\Everything\Everything.exe" -startup
      O4 - HKLM\..\Run: [IgfxTray] C:\Windows\system32\igfxtray.exe
      O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
      O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
      O4 - HKCU\..\Run: [IDMan] C:\Program Files\Internet Download Manager\IDMan.exe /onboot
      O4 - HKCU\..\Run: [RocketDock] "C:\Program Files\RocketDock\RocketDock.exe"
      O4 - Startup: Dropbox.lnk = ZAK\AppData\Roaming\Dropbox\bin\Dropbox.exe
  • Close all open windows and browsers/email, etc...
  • Click on the "Fix Checked" button
  • When completed, close the application.

    NOTE**You can research each of those lines >here< and see if you want to keep them or not
    just copy the name between the brackets and paste into the search space
    O4 - HKLM\..\Run: [IntelliPoint]


NOTE**
sometimes we have to run it like this To run HijackThis as an administrator, right-click HijackThis.exe
(located: C:\Program Files\Trend Micro\HiJackThis\HiJackThis.exe)<--32bit
(located: C:\Program Files(86)\Trend Micro\HiJackThis\HiJackThis.exe)<--64bit
and select to run as administrator

Eset Online Scanner

**Note** You will need to use Internet explorer for this scan - Vista and win 7 right click on IE shortcut and run as admin

Go Eset web page to run an online scanner from ESET.

  • Turn off the real time scanner of any existing antivirus program while performing the online scan
  • click on the ESET Online Scanner button
  • Tick the box next to YES, I accept the Terms of Use.
    • Click Start
  • When asked, allow the ActiveX control to install
    • Click Start
  • Make sure that the option Remove found threats is unticked and the Scan Archives option is ticked.
  • Click on Advanced Settings, ensure the options
    Scan for potentially unwanted applications, Scan for potentially unsafe applications, and Enable Anti-Stealth Technology are ticked.
  • Click Scan
  • Wait for the scan to finish
  • Click on copy to clipboard or copy and paste the results here in this topic

Copy and paste that log as a reply to this topic

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#13 zakdo

zakdo
  • Topic Starter

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:09:34 AM

Posted 04 April 2012 - 08:20 AM

Hello,
For the startup programs i removed some of them, but not everything I need some of them.

ESET found lot of things, but I don't know If they are real viruses or false positive ?

C:\Users\ZAK\AppData\Roaming\IDM\DwnlData\ZAK\rs475tl5_rapidshare_com_194\rs475tl5_rapidshare_com multiple threats
C:\Users\ZAK\Desktop\Bureau\wifilog.rar probably a variant of Win32/Agent.MIKRQPL trojan
C:\Users\ZAK\Desktop\PCRemoteServer\PCRemoteServer.exe probably unknown NewHeur_PE virus
C:\Users\ZAK\Documents\FLV.Converter.Plus.v6.98.Incl.Serial.only-BBB.rar a variant of Win32/Toolbar.Widgi application
C:\Users\ZAK\Documents\SecureCRT_Portable.7z a variant of Win32/HackTool.Patcher.A application
C:\Users\ZAK\Documents\super_super_v2011_build_49_anglais_19891.exe Win32/OpenCandy application
C:\Users\ZAK\Documents\VeohWebPlayerSetup_eng.exe multiple threats
C:\Users\ZAK\Documents\Windows 7 Loader eXtreme Edition v3.503-NAPALUM~DiBYA.rar a variant of Win32/HackKMS.A application
C:\Users\ZAK\Documents\off20pro_fr&Tuto\Crack Office 2010.exe a variant of Win32/HackKMS.A application
C:\Users\ZAK\Documents\SITES Apps\proxyclicker.com_script.0ip multiple threats
C:\Users\ZAK\Downloads\Apk\GingerBreak-v1.20.apk Android/Exploit.Lotoor.AH trojan
C:\Users\ZAK\Downloads\Apk\SuperOneClickv1.7.rar multiple threats
C:\Users\ZAK\Downloads\Compressed\PCRemoteServer_1_16.zip probably unknown NewHeur_PE virus
C:\Users\ZAK\Downloads\Compressed\Tonec.Inc.Internet.Download.Manager.v6.09.BETA.Incl.Keygen.and.Patch-P2P.rar multiple threats
C:\Users\ZAK\Downloads\Compressed\Microsoft Office Professional Plus 2010 x86\mini-KMS_Activator_v1.052.exe Win32/HackKMS.A application
C:\Users\ZAK\Downloads\Programs\miro-video-converter_miro_video_converter_2.5_anglais_371816.exe Win32/Toolbar.Zugo application

Thx

#14 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:04:34 AM

Posted 04 April 2012 - 08:39 AM

Hello


I don't see anything in there important so it would be safer just to remove them




delete files

  • Copy all text in the quote box (below)...to Notepad.

    @echo off
    del /f /s /q "C:\Users\ZAK\AppData\Roaming\IDM\DwnlData\ZAK\rs475tl5_rapidshare_com_194\rs475tl5_rapidshare_com"
    del /f /s /q "C:\Users\ZAK\Desktop\Bureau\wifilog.rar"
    del /f /s /q "C:\Users\ZAK\Desktop\PCRemoteServer\PCRemoteServer.exe"
    del /f /s /q "C:\Users\ZAK\Documents\FLV.Converter.Plus.v6.98.Incl.Serial.only-BBB.ra"
    del /f /s /q "C:\Users\ZAK\Documents\SecureCRT_Portable.7z"
    del /f /s /q "C:\Users\ZAK\Documents\super_super_v2011_build_49_anglais_19891.exe"
    del /f /s /q "C:\Users\ZAK\Documents\VeohWebPlayerSetup_eng.exe'
    del /f /s /q "C:\Users\ZAK\Documents\Windows 7 Loader eXtreme Edition v3.503-NAPALUM~DiBYA.rar"
    del /f /s /q "C:\Users\ZAK\Documents\off20pro_fr&Tuto\Crack Office 2010.exe"
    del /f /s /q "C:\Users\ZAK\Documents\SITES Apps\proxyclicker.com_script.0ip"
    del /f /s /q "C:\Users\ZAK\Downloads\Apk\GingerBreak-v1.20.apk"
    del /f /s /q "C:\Users\ZAK\Downloads\Apk\SuperOneClickv1.7.rar"
    del /f /s /q "C:\Users\ZAK\Downloads\Compressed\PCRemoteServer_1_16.zip"
    del /f /s /q "C:\Users\ZAK\Downloads\Compressed\Tonec.Inc.Internet.Download.Manager.v6.09.BETA.Incl.Keygen.and.Patch-P2P.rar"
    del /f /s /q "C:\Users\ZAK\Downloads\Compressed\Microsoft Office Professional Plus 2010 x86\mini-KMS_Activator_v1.052.exe"
    del /f /s /q "C:\Users\ZAK\Downloads\Programs\miro-video-converter_miro_video_converter_2.5_anglais_371816.exe"
    del %0

  • Save the Notepad file on your desktop...as delfile.bat... save type as "All Files"
    It should look like this: Posted Image<--XPPosted Image<--vista
  • Double click on delfile.bat to execute it.
    A black CMD window will flash, then disappear...this is normal.
  • The files and folders, if found...will have been deleted and the "delfile.bat" file will also be deleted.


The rest of the Online scan is only reporting backups created during the course of this fix C:\Qoobox\Quarantine\, and/or items located in System Restore's cache C:\System Volume Information\, Whatever is in these folders can't harm you unless you choose to perform a manual restore. the following steps will remove these backups.




Very well done!! This is my general post for when your logs show no more signs of malware - Please let me know if you still are having problems with your computer and what these problems are.


:Why we need to remove some of our tools:

Some of the tools we have used to clean your computer were made by fellow malware fighters and are very powerful and if used incorrectly or at the wronge time can make the computer an expensive paper weight.
They are updated all the time and some of them more than once a day so by the time you are ready to use them again they will already be outdated.

The following procedures will implement some cleanup procedures to remove these tools. It will also reset your System Restore by flushing out previous restore points and create a new restore point. It will also remove all the backups our tools may have made.
:DeFogger:

Note** Defogger only needs to be run if it was run when we first started. If you have not already run it then skip this.

  • To re-enable your Emulation drivers, double click DeFogger to run the tool.
  • The application window will appear
  • Click the Re-enable button to re-enable your CD Emulation drivers
  • Click Yes to continue
  • A 'Finished!' message will appear
  • Click OK
  • DeFogger will now ask to reboot the machine - click OK.
Your Emulation drivers are now re-enabled.

:Uninstall ComboFix:

  • turn off all active protection software
  • push the "windows key" + "R" (between the "Ctrl" button and "Alt" Button)
  • please copy and past the following into the box ComboFix /Uninstall and click OK.
  • Note the space between the X and the /Uninstall, it needs to be there.
  • Posted Image

:Remove the rest of our tools:

Please download OTCleanIt and save it to desktop. This tool will remove all the tools we used to clean your pc.
  • Double-click OTCleanIt.exe.
  • Click the CleanUp! button.
  • Select Yes when the "Begin cleanup Process?" prompt appears.
  • If you are prompted to Reboot during the cleanup, select Yes.
  • The tool will delete itself once it finishes, if not delete it by yourself.
  • If asked to restart the computer, please do so
Note: If you receive a warning from your firewall or other security programs regarding OTCleanIt attempting to contact the internet, please allow it to do so.

:The programs you can keep:

Some of the programs that we have used would be a good idea to keep and used often in helping to keep the computer clean. I use these programs on my computer.

Revo Uninstaller Free - this is the uninstaller that I had you download and works allot better than add/remove in windows and has saved me more than once from corrupted installs and uninstalls

CCleaner - This is a good program to clean out temp files, I would use this once a week or before any malware scan to remove unwanted temp files - It has a built in registry cleaner but I would leave that alone and not use any registry cleaner

Malwarebytes' Anti-Malware The Gold standerd today in antimalware scanners

:Security programs:

One of the questions I am asked all the time is "What programs do you use" I have at this time 4 computers in my home and I have this setup on all 4 of them.

  • Microsoft Security Essentials - provides real-time protection for your home PC that guards against viruses, spyware, and other malicious software.
  • WinPatrol As a robust security monitor, WinPatrol will alert you to hijackings, malware attacks and critical changes made to your computer without your permission. WinPatrol takes snapshot of your critical system resources and alerts you to any changes that may occur without your knowledge.
  • Malwarebytes' Anti-Malware Malwarebytes' Anti-Malware is a new and powerful anti-malware tool. It is
    totally free but for real-time protection you will have to pay a small one-time fee. We used this to help clean your computer and recomend keeping it and using often. (I have upgraded to the paid version of MBAM and I am glad I did)

:Security awareness:

The other question I am asked all the time is "How can I prevent this from happening again." and the short answer to that is to be aware of what is out there and how to start spotting dangers.

Here are some articles that are must reads and should be read by everybody in your household that uses the internet

internetsafety

Internet Safety for Kids

Here is some more reading for you from some of my colleges

PC Safety and Security - What Do I Need? from my friends at Tech Support Forum

COMPUTER SECURITY - a short guide to staying safer online from my friends at Malware Removal

quoted from Tech Support Forum

Conclusion

There is no such thing as ‘perfect security’. This applies to many things, not just computer systems. Using the above guide you should be able to take all the reasonable steps you can to prevent infection. However, the most important part of all this is you, the user. Surf sensibly and think before you download a file or click on a link. Take a few moments to assess the possible risks and you should be able to enjoy all the internet has to offer.


I'd be grateful if you could reply to this post so that I know you have read it and, if you've no other questions, the thread can then be closed.

I Will Keep This Open For About Three Days, If Anything Comes Up - Just Come Back And Let Me Know, after that time you will have to send me a PM

My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->Posted Image<-- Don't worry every little bit helps.

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#15 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:04:34 AM

Posted 07 April 2012 - 12:58 AM

It appears that this issue is resolved, therefore I am closing the topic. If that is not the case and you need or wish to continue with this topic, please send me or any Moderator a Personal Message (PM) that you would like this topic re-opened.
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users