Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

My Laptop is maybe infected


  • This topic is locked This topic is locked
16 replies to this topic

#1 0_shark_0

0_shark_0

  • Members
  • 70 posts
  • OFFLINE
  •  
  • Local time:05:48 PM

Posted 26 June 2012 - 04:00 PM

Hello,

can anyone help me to check if my laptop is infected because 2 process of svchost take a lot of memory

Thanks a lot

BC AdBot (Login to Remove)

 


#2 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:01:48 PM

Posted 27 June 2012 - 01:16 AM

Greetings and Welcome to The Forums!!

My name is Gringo and I'll be glad to help you with your computer problems.

I have put together somethings for you to keep in mind while I am helping you to make things go easier and faster for both of us

  • Please do not run any tools unless instructed to do so.
    • We ask you to run different tools in a specific order to ensure the malware is completely removed from your machine, and running any additional tools may detect false positives, interfere with our tools, or cause unforeseen damage or system instability.
  • Please do not attach logs or use code boxes, just copy and paste the text.
    • Due to the high volume of logs we receive it helps to receive everything in the same format, and code boxes make the logs very difficult to read. Also, attachments require us to download and open the reports when it is easier to just read the reports in your post.
  • Please read every post completely before doing anything.
    • Pay special attention to the NOTE: lines, these entries identify an individual issue or important step in the cleanup process.
  • Please provide feedback about your experience as we go.
    • A short statement describing how the computer is working helps us understand where to go next, for example: I am still getting redirected, the computer is running normally, etc. Please do not describe the computer as "the same", this requires the extra step of looking back at your previous post.
NOTE: At the top of your post, click on the Watch Topic Button, select Immediate Notification, and click on Proceed. This will send you an e-mail as soon as I reply to your topic, allowing us to resolve the issue faster.

NOTE: Backup any files that cannot be replaced. Removing malware can be unpredictable and this step can save a lot of hartaches if things don't go as planed. You can put them on a CD/DVD, external drive or a pen drive, anywhere except on the computer.

NOTE: It is good practice to copy and paste the instructions into notepad and print them in case it is necessary for you to go offline during the cleanup process. To open notepad, navigate to Start Menu > All Programs > Accessories > Notepad. Please remember to copy the entire post so you do not miss any instructions.


DeFogger:

  • Please download DeFogger to your desktop.

    Double click DeFogger to run the tool.
  • The application window will appear
  • Click the Disable button to disable your CD Emulation drivers
  • Click Yes to continue
  • A 'Finished!' message will appear
  • Click OK
  • DeFogger may ask you to reboot the machine, if it does - click OK
Do not re-enable these drivers until otherwise instructed.


Security Check

  • Download Security Check by screen317 from here.
  • Save it to your Desktop.
  • Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
  • A Notepad document should open automatically called checkup.txt; please post the contents of that document.


Download DDS:

  • Please download DDS by sUBs from one of the links below and save it to your desktop:

    Posted Image
    Download DDS and save it to your desktop

    Link1
    Link2
    Link3

    Please disable any anti-malware program that will block scripts from running before running DDS.

    • Double-Click on dds.scr and a command window will appear. This is normal.
    • Shortly after two logs will appear:
    • DDS.txt
    • Attach.txt
  • A window will open instructing you save & post the logs
  • Save the logs to a convenient place such as your desktop
  • Copy the contents of both logs & post in your next reply

information and logs:

  • In your next post I need the following

  • .logs from DDS
  • let me know of any problems you may have had

Gringo

I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#3 0_shark_0

0_shark_0
  • Topic Starter

  • Members
  • 70 posts
  • OFFLINE
  •  
  • Local time:05:48 PM

Posted 27 June 2012 - 04:17 PM

Hello

Thanks for your reply and your help

For Security Check, it doesn't run correctly and no logs created, pls find below the logs from DDS:

.
DDS (Ver_2011-08-26.01) - NTFSAMD64
Internet Explorer: 9.0.8112.16421 BrowserJavaVersion: 1.6.0_31
Run by Hicham at 22:12:24 on 2012-06-27
Microsoft Windows 7 Professionnel 6.1.7601.1.1252.33.1036.18.8073.4220 [GMT 0:00]
.
AV: Bitdefender Antivirus *Enabled/Updated* {50909708-FF80-02AF-F814-B28405891E92}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: Bitdefender Antispyware *Enabled/Updated* {EBF176EC-D9BA-0D21-C2A4-89F67E0E542F}
FW: Bitdefender Pare-feu *Disabled* {68AB162D-B5EF-03F7-D34B-1BB1FB5A59E9}
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Program Files\Bitdefender\Bitdefender 2012\vsserv.exe
C:\Windows\system32\nvvsvc.exe
C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Program Files\IDT\WDM\STacSV64.exe
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\spoolsv.exe
C:\Program Files\Broadcom Corporation\Broadcom USH Host Components\CV\bin\HostControlService.exe
C:\Program Files\Broadcom Corporation\Broadcom USH Host Components\CV\bin\HostStorageService.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\Program Files\IDT\WDM\AESTSr64.exe
C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe
C:\Windows\SysWow64\IntelCpHeciSvc.exe
C:\Program Files\Dell\SysMgt\dataeng\bin\dsm_sa_eventmgr64.exe
C:\Program Files\Intel\WiFi\bin\EvtEng.exe
C:\Windows\SysWOW64\svchost.exe -k hpdevmgmt
C:\Program Files\Intel\iCLS Client\HeciServer.exe
C:\Windows\system32\IProsetMonitor.exe
C:\Program Files (x86)\Intel\Services\IPT\jhi_service.exe
C:\Program Files (x86)\Power Translator 15\LogoMedia TranslateDotNet Server.exe
C:\Windows\system32\DRIVERS\o2flash.exe
C:\Windows\SysWOW64\srvany.exe
C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
C:\Windows\sysWOW64\SDIOAssist.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files\Bitdefender\Bitdefender 2012\updatesrv.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Program Files\Dell\Dell System Manager\DCPSysMgrSvc.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
C:\Windows\system32\svchost.exe -k HPService
C:\Windows\System32\alg.exe
C:\Windows\system32\svchost.exe -k bthsvcs
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\system32\SearchIndexer.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Intel\BluetoothHS\BTHSAmpPalService.exe
C:\Program Files\Intel\BluetoothHS\BTHSSecurityMgr.exe
C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe
C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\WUDFHost.exe
C:\Windows\system32\WUDFHost.exe
C:\Windows\system32\nvvsvc.exe
C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
C:\Windows\system32\taskhost.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Bitdefender\Bitdefender 2012\bdagent.exe
C:\Program Files (x86)\STMicroelectronics\AccelerometerP11\FF_Protection.exe
C:\Program Files\DellTPad\Apoint.exe
C:\Program Files\IDT\WDM\sttray64.exe
C:\Program Files\DellTPad\ApMsgFwd.exe
C:\Windows\System32\igfxtray.exe
C:\Windows\System32\hkcmd.exe
C:\Program Files\DellTPad\Apntex.exe
C:\Windows\system32\conhost.exe
C:\Windows\System32\igfxpers.exe
C:\Program Files\DellTPad\HidFind.exe
C:\Windows\System32\StikyNot.exe
C:\Users\Hicham\AppData\Local\Google\Update\GoogleUpdate.exe
C:\Users\Hicham\AppData\Local\Facebook\Update\FacebookUpdate.exe
C:\Program Files (x86)\Internet Download Manager\IDMan.exe
C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
C:\Program Files\Dell\Dell System Manager\DCPSysMgr.exe
C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe
C:\Program Files (x86)\PowerISO\PWRISOVM.EXE
C:\Windows\system32\igfxext.exe
C:\Windows\system32\igfxsrvc.exe
C:\Windows\SysWOW64\RunDll32.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\acrotray.exe
C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe
C:\Program Files (x86)\Internet Download Manager\IEMonitor.exe
C:\Program Files\WIDCOMM\Bluetooth Software\BtStackServer.exe
C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\Program Files (x86)\iTunes\iTunesHelper.exe
C:\Program Files\WIDCOMM\Bluetooth Software\BluetoothHeadsetProxy.exe
C:\Program Files (x86)\HP\Digital Imaging\bin\hpqSTE08.exe
C:\Program Files (x86)\HP\Digital Imaging\bin\hpqbam08.exe
C:\Program Files (x86)\HP\Digital Imaging\bin\hpqgpc01.exe
C:\Program Files (x86)\Microsoft Office\Office14\OUTLOOK.EXE
C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\AAM Updates Notifier.exe
C:\Windows\system32\WLANExt.exe
C:\Windows\system32\conhost.exe
C:\Windows\system32\notepad.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\conhost.exe
C:\Windows\SysWOW64\cscript.exe
C:\Windows\system32\wbem\wmiprvse.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = about:blank
mStart Page = about:blank
uInternet Settings,ProxyOverride = *.local
BHO: IDM integration (IDMIEHlprObj Class): {0055c089-8582-441b-a0bf-17b458c2a3a8} - C:\Program Files (x86)\Internet Download Manager\IDMIECC.dll
BHO: {02478D38-C3F9-4efb-9B51-7695ECA05670} - No File
BHO: HP Print Enhancer: {0347c33e-8762-4905-bf09-768834316c61} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll
BHO: ContributeBHO Class: {074c1dc5-9320-4a9a-947d-c042949c6216} - C:\Program Files (x86)\Adobe\Adobe Contribute CS5.1\Plugins\IEPlugin\contributeieplugin.dll
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO: LEC: {4a241d35-f7eb-401b-8c5b-a904a50f280e} - C:\Program Files (x86)\Power Translator 15\Applications\LEC IE Translation Extension.dll
BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - C:\PROGRA~2\MICROS~1\Office14\GROOVEEX.DLL
BHO: Java™ Plug-In SSV Helper: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll
BHO: Programme d'aide de l'Assistant de connexion Windows Live ID: {9030d464-4c02-4abf-8ecc-5164760863c6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO: Windows Live Messenger Companion Helper: {9fdde16b-836f-4806-ab1f-1455cbeff289} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll
BHO: Adobe PDF Conversion Toolbar Helper: {ae7cd045-e861-484f-8273-0445ee161910} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
BHO: Office Document Cache Handler: {b4f3a835-0e21-4959-ba22-42b3008e02ff} - C:\PROGRA~2\MICROS~1\Office14\URLREDIR.DLL
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
BHO: SmartSelect Class: {f4971ee7-daa0-4053-9964-665d8ee6a077} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
BHO: HP Smart BHO Class: {ffffffff-cf4e-4f2b-bdc2-0e72e116a856} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
TB: Contribute Toolbar: {517bdde4-e3a7-4570-b21e-2b52b6139fc7} - C:\Program Files (x86)\Adobe\Adobe Contribute CS5.1\Plugins\IEPlugin\contributeieplugin.dll
TB: Adobe PDF: {47833539-d0c5-4125-9fa8-0819e2eaac93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
TB: LEC: {1dbab667-a486-421e-afe4-cf07dd0088e5} - C:\Program Files (x86)\Power Translator 15\Applications\LEC IE Translation Extension.dll
EB: HP Smart Web Printing: {555d4d79-4bd2-4094-a395-cfc534424a05} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_bho.dll
uRun: [KiesPDLR] C:\Program Files (x86)\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe
uRun: [RESTART_STICKY_NOTES] C:\Windows\System32\StikyNot.exe
uRun: [Google Update] "C:\Users\Hicham\AppData\Local\Google\Update\GoogleUpdate.exe" /c
uRun: [msnmsgr] "C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe" /background
uRun: [Facebook Update] "C:\Users\Hicham\AppData\Local\Facebook\Update\FacebookUpdate.exe" /c /nocrashserver
uRun: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
uRun: [IDMan] C:\Program Files (x86)\Internet Download Manager\IDMan.exe /onboot
mRun: [IMSS] "C:\Program Files (x86)\Intel\Intel® Management Engine Components\IMSS\PIconStartup.exe"
mRun: [IAStorIcon] C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe
mRun: [PWRISOVM.EXE] C:\Program Files (x86)\PowerISO\PWRISOVM.EXE -startup
mRun: [SwitchBoard] C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
mRun: [AdobeCS5.5ServiceManager] "C:\Program Files (x86)\Common Files\Adobe\CS5.5ServiceManager\CS5.5ServiceManager.exe" -launchedbylogin
mRun: [BCSSync] "C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe" /DelayServices
mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun: [Adobe Acrobat Speed Launcher] "C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Acrobat_sl.exe"
mRun: [Acrobat Assistant 8.0] "C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Acrotray.exe"
mRun: [KiesTrayAgent] C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe
mRun: [hpqSRMon] C:\Program Files (x86)\HP\Digital Imaging\bin\hpqSRMon.exe
mRun: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
mRun: [HP Software Update] C:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exe
mRun: [<NO NAME>]
mRun: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
mRun: [LiveZilla] "C:\Program Files (x86)\LiveZilla\LiveZilla.exe" -minimize
mRun: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
mRun: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
mRun: [AndroidSync] C:\Program Files (x86)\Android-Sync\AndroidSync.exe -m
StartupFolder: C:\Users\Hicham\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\PalTalk.lnk - C:\Program Files (x86)\Paltalk Messenger\paltalk.exe
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\BLUETO~1.LNK - C:\Program Files (x86)\WIDCOMM\Bluetooth Software\BTTray.exe
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\DELLSY~1.LNK - C:\Program Files (x86)\Dell\Dell System Manager\DCPSysMgr.exe
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\HPDIGI~1.LNK - C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe
mPolicies-explorer: NoActiveDesktop = 1 (0x1)
mPolicies-explorer: NoActiveDesktopChanges = 1 (0x1)
mPolicies-system: ConsentPromptBehaviorAdmin = 0 (0x0)
mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
mPolicies-system: EnableLUA = 0 (0x0)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
mPolicies-system: PromptOnSecureDesktop = 0 (0x0)
IE: &Envoyer à OneNote - C:\PROGRA~2\MICROS~1\Office14\ONBttnIE.dll/105
IE: Ajouter la cible du lien à un fichier PDF existant - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Ajouter à un fichier PDF existant - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convertir au format Adobe PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECapture.html
IE: Convertir la cible du lien au format Adobe PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: E&xporter vers Microsoft Excel - C:\PROGRA~2\MICROS~1\Office14\EXCEL.EXE/3000
IE: Envoyer au périphérique &Bluetooth... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
IE: Envoyer l'&image au périphérique Bluetooth... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
IE: Télécharger avec IDM - C:\Program Files (x86)\Internet Download Manager\IEExt.htm
IE: Télécharger tous les liens avec IDM - C:\Program Files (x86)\Internet Download Manager\IEGetAll.htm
IE: {4EAFEF58-EEFA-4116-983D-03B49BCBFFFE} - C:\Program Files (x86)\Paltalk Messenger\Paltalk.exe
IE: {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
IE: {0000036B-C524-4050-81A0-243669A86B9F} - {B63DBA5F-523F-4B9C-A43D-65DF1977EAD3} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll
IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
IE: {DDE87865-83C5-48c4-8357-2F5B1AA84522} - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab
DPF: {C1F8FC10-E5DB-4112-9DBF-6C3FF728D4E3} - hxxp://support.dell.com/systemprofiler/DellSystemLite.CAB
DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab
TCP: Interfaces\{179F9849-EB19-4380-B44D-1B025781C19D} : DhcpNameServer = 62.251.229.237
TCP: Interfaces\{A8E25707-DC7F-489B-AAD1-CA556CDE4455} : NameServer = 192.168.1.1
Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\microsoft shared\OFFICE14\MSOXMLMF.DLL
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL
Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
AppInit_DLLs: C:\Windows\SysWOW64\nvinit.dll
SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - C:\PROGRA~2\MICROS~1\Office14\GROOVEEX.DLL
{0055C089-8582-441B-A0BF-17B458C2A3A8}
BHO-X64: {02478D38-C3F9-4efb-9B51-7695ECA05670} - No File
{0347C33E-8762-4905-BF09-768834316C61}
{074C1DC5-9320-4A9A-947D-C042949C6216}
{18DF081C-E8AD-4283-A596-FA578C2EBDC3}
{4A241D35-F7EB-401b-8C5B-A904A50F280E}
{72853161-30C5-4D22-B7F9-0BBC1D38A37E}
{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}
{9030D464-4C02-4ABF-8ECC-5164760863C6}
{9FDDE16B-836F-4806-AB1F-1455CBEFF289}
{AE7CD045-E861-484f-8273-0445EE161910}
{B4F3A835-0E21-4959-BA22-42B3008E02FF}
{DBC80044-A445-435b-BC74-9C25C1C588A9}
{F4971EE7-DAA0-4053-9964-665D8EE6A077}
{FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856}
{517BDDE4-E3A7-4570-B21E-2B52B6139FC7}
{47833539-D0C5-4125-9FA8-0819E2EAAC93}
{1DBAB667-A486-421e-AFE4-CF07DD0088E5}
EB-X64: {555D4D79-4BD2-4094-A395-CFC534424A05} - No File
mRun-x64: [IMSS] "C:\Program Files (x86)\Intel\Intel® Management Engine Components\IMSS\PIconStartup.exe"
mRun-x64: [IAStorIcon] C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe
mRun-x64: [PWRISOVM.EXE] C:\Program Files (x86)\PowerISO\PWRISOVM.EXE -startup
mRun-x64: [SwitchBoard] C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
mRun-x64: [AdobeCS5.5ServiceManager] "C:\Program Files (x86)\Common Files\Adobe\CS5.5ServiceManager\CS5.5ServiceManager.exe" -launchedbylogin
mRun-x64: [BCSSync] "C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe" /DelayServices
mRun-x64: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun-x64: [Adobe Acrobat Speed Launcher] "C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Acrobat_sl.exe"
mRun-x64: [Acrobat Assistant 8.0] "C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Acrotray.exe"
mRun-x64: [KiesTrayAgent] C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe
mRun-x64: [hpqSRMon] C:\Program Files (x86)\HP\Digital Imaging\bin\hpqSRMon.exe
mRun-x64: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
mRun-x64: [HP Software Update] C:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exe
mRun-x64: [(par d‚faut)]
mRun-x64: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
mRun-x64: [LiveZilla] "C:\Program Files (x86)\LiveZilla\LiveZilla.exe" -minimize
mRun-x64: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
mRun-x64: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
mRun-x64: [AndroidSync] C:\Program Files (x86)\Android-Sync\AndroidSync.exe -m
IE-X64: {4EAFEF58-EEFA-4116-983D-03B49BCBFFFE} - C:\Program Files (x86)\Paltalk Messenger\Paltalk.exe
IE-X64: {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
AppInit_DLLs-X64: C:\Windows\SysWOW64\nvinit.dll
SEH-X64: {B5A7F190-DDA6-4420-B3BA-52453494E6CD}: Groove GFS Stub Execution Hook
.
================= FIREFOX ===================
.
FF - ProfilePath - C:\Users\Hicham\AppData\Roaming\Mozilla\Firefox\Profiles\z7lbjrf2.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2098232&SearchSource=3&q={searchTerms}
FF - prefs.js: browser.startup.homepage - about:home
FF - prefs.js: keyword.URL - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2098232&SearchSource=2&q=
FF - prefs.js: network.proxy.type - 0
FF - plugin: C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL
FF - plugin: C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL
FF - plugin: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll
FF - plugin: C:\Program Files (x86)\Java\jre6\bin\plugin2\npdeployJava1.dll
FF - plugin: C:\Program Files (x86)\Java\jre6\bin\plugin2\npjp2.dll
FF - plugin: C:\Program Files (x86)\Microsoft Silverlight\4.1.10329.0\npctrlui.dll
FF - plugin: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll
FF - plugin: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll
FF - plugin: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
FF - plugin: C:\Program Files\ma-config.com\nphardwaredetection.dll
FF - plugin: C:\Users\Hicham\AppData\Local\Facebook\Messenger\2.1.4554.0\npFbDesktopPlugin.dll
FF - plugin: C:\Users\Hicham\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll
FF - plugin: C:\Users\Hicham\AppData\Local\Google\Update\1.3.21.111\npGoogleUpdate3.dll
FF - plugin: C:\Users\Hicham\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll
FF - plugin: C:\Users\Hicham\AppData\Roaming\Mozilla\Firefox\Profiles\z7lbjrf2.default\extensions\{09a85665-f8f2-440c-a0a3-db770ca93139}\plugins\np-mswmp.dll
FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_3_300_257.dll
.
============= SERVICES / DRIVERS ===============
.
R0 avc3;avc3;C:\Windows\system32\DRIVERS\avc3.sys --> C:\Windows\system32\DRIVERS\avc3.sys [?]
R0 nvpciflt;nvpciflt;C:\Windows\system32\DRIVERS\nvpciflt.sys --> C:\Windows\system32\DRIVERS\nvpciflt.sys [?]
R0 PxHlpa64;PxHlpa64;C:\Windows\system32\Drivers\PxHlpa64.sys --> C:\Windows\system32\Drivers\PxHlpa64.sys [?]
R0 stdcfltn;Disk Class Filter Driver for Accelerometer;C:\Windows\system32\DRIVERS\stdcfltn.sys --> C:\Windows\system32\DRIVERS\stdcfltn.sys [?]
R1 BdfNdisf;BitDefender Firewall NDIS 6 Filter Driver;C:\Program Files\Common Files\Bitdefender\Bitdefender Firewall\bdfndisf6.sys [2011-11-14 90192]
R1 bdfwfpf;bdfwfpf;C:\Program Files\Common Files\Bitdefender\Bitdefender Firewall\bdfwfpf.sys [2011-11-14 103504]
R1 BDVEDISK;BDVEDISK;C:\Windows\system32\DRIVERS\bdvedisk.sys --> C:\Windows\system32\DRIVERS\bdvedisk.sys [?]
R1 nvkflt;nvkflt;C:\Windows\system32\DRIVERS\nvkflt.sys --> C:\Windows\system32\DRIVERS\nvkflt.sys [?]
R1 SASDIFSV;SASDIFSV;C:\Program Files\SUPERAntiSpyware\sasdifsv64.sys [2011-7-22 14928]
R1 SASKUTIL;SASKUTIL;C:\Program Files\SUPERAntiSpyware\saskutil64.sys [2011-7-12 12368]
R1 vwififlt;Virtual WiFi Filter Driver;C:\Windows\system32\DRIVERS\vwififlt.sys --> C:\Windows\system32\DRIVERS\vwififlt.sys [?]
R2 !SASCORE;SAS Core Service;C:\Program Files\SUPERAntiSpyware\SASCore64.exe [2011-8-11 140672]
R2 AdobeARMservice;Adobe Acrobat Update Service;C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2012-1-3 63928]
R2 AESTFilters;Andrea ST Filters Service;C:\Program Files\IDT\WDM\AESTSr64.exe [2012-3-8 89600]
R2 AMPPALR3;Intel® Centrino® Wireless Bluetooth® + High Speed Service;C:\Program Files\Intel\BluetoothHS\BTHSAmpPalService.exe [2012-3-1 659976]
R2 BTHSSecurityMgr;Intel® Centrino® Wireless Bluetooth® + High Speed Security Service;C:\Program Files\Intel\BluetoothHS\BTHSSecurityMgr.exe [2012-3-8 135952]
R2 Credential Vault Host Control Service;Credential Vault Host Control Service;C:\Program Files\Broadcom Corporation\Broadcom USH Host Components\CV\bin\HostControlService.exe [2011-6-22 1043872]
R2 Credential Vault Host Storage;Credential Vault Host Storage;C:\Program Files\Broadcom Corporation\Broadcom USH Host Components\CV\bin\HostStorageService.exe [2011-6-22 36768]
R2 dcevt64;DSM SA Event Manager;C:\Program Files\Dell\SysMgt\dataeng\bin\dsm_sa_eventmgr64.exe [2012-1-16 222144]
R2 dcpsysmgrsvc;Dell System Manager Service;C:\Program Files\Dell\Dell System Manager\DCPSysMgrSvc.exe [2011-7-28 519536]
R2 IAStorDataMgrSvc;Intel® Rapid Storage Technology;C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe [2012-3-8 13336]
R2 IDMWFP;IDMWFP;C:\Windows\system32\DRIVERS\idmwfp.sys --> C:\Windows\system32\DRIVERS\idmwfp.sys [?]
R2 Intel® Capability Licensing Service Interface;Intel® Capability Licensing Service Interface;C:\Program Files\Intel\iCLS Client\HeciServer.exe [2012-2-2 628448]
R2 Intel® PROSet Monitoring Service;Intel® PROSet Monitoring Service;C:\Windows\system32\IProsetMonitor.exe --> C:\Windows\system32\IProsetMonitor.exe [?]
R2 jhi_service;Intel® Identity Protection Technology Host Interface Service;C:\Program Files (x86)\Intel\Services\IPT\jhi_service.exe [2011-2-24 212944]
R2 O2SDIOAssist;O2SDIOAssist;C:\Windows\SysWOW64\srvany.exe [2012-3-8 8192]
R2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2012-4-3 382272]
R2 UNS;Intel® Management and Security Application User Notification Service;C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe [2012-3-8 363800]
R2 UPDATESRV;BitDefender Desktop Update Service;C:\Program Files\Bitdefender\Bitdefender 2012\updatesrv.exe [2012-3-13 66096]
R2 ZeroConfigService;Intel® PROSet/Wireless Zero Configuration Service;C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe [2012-4-17 2671376]
R3 Acceler;Accelerometer Service;C:\Windows\system32\DRIVERS\accelern.sys --> C:\Windows\system32\DRIVERS\accelern.sys [?]
R3 AMPPAL;Carte réseau virtuelle Intel® Centrino® Wireless Bluetooth® + High Speed;C:\Windows\system32\DRIVERS\AMPPAL.sys --> C:\Windows\system32\DRIVERS\AMPPAL.sys [?]
R3 avchv;avchv Function Driver;C:\Windows\system32\DRIVERS\avchv.sys --> C:\Windows\system32\DRIVERS\avchv.sys [?]
R3 avckf;avckf;C:\Windows\system32\DRIVERS\avckf.sys --> C:\Windows\system32\DRIVERS\avckf.sys [?]
R3 BTWAMPFL;BTWAMPFL;C:\Windows\system32\DRIVERS\btwampfl.sys --> C:\Windows\system32\DRIVERS\btwampfl.sys [?]
R3 btwl2cap;Bluetooth L2CAP Service;C:\Windows\system32\DRIVERS\btwl2cap.sys --> C:\Windows\system32\DRIVERS\btwl2cap.sys [?]
R3 cphs;Intel® Content Protection HECI Service;C:\Windows\SysWOW64\IntelCpHeciSvc.exe [2012-3-19 276248]
R3 cvusbdrv;Dell ControlVault;C:\Windows\system32\Drivers\cvusbdrv.sys --> C:\Windows\system32\Drivers\cvusbdrv.sys [?]
R3 dcdbas;System Management Driver;C:\Windows\system32\DRIVERS\dcdbas64.sys --> C:\Windows\system32\DRIVERS\dcdbas64.sys [?]
R3 e1cexpress;Intel® PRO/1000 PCI Express Network Connection Driver C;C:\Windows\system32\DRIVERS\e1c62x64.sys --> C:\Windows\system32\DRIVERS\e1c62x64.sys [?]
R3 MEIx64;Intel® Management Engine Interface ;C:\Windows\system32\DRIVERS\HECIx64.sys --> C:\Windows\system32\DRIVERS\HECIx64.sys [?]
R3 NETwNs64;___ Pilote de carte de la série Intel® Wireless WiFi Link 5000 pour Windows 7 64 bits ;C:\Windows\system32\DRIVERS\Netwsw00.sys --> C:\Windows\system32\DRIVERS\Netwsw00.sys [?]
R3 O2MDRRDR;O2MDRRDR;C:\Windows\system32\DRIVERS\O2MDRw7x64.sys --> C:\Windows\system32\DRIVERS\O2MDRw7x64.sys [?]
R3 O2SDJRDR;O2SDJRDR;C:\Windows\system32\DRIVERS\o2sdjw7x64.sys --> C:\Windows\system32\DRIVERS\o2sdjw7x64.sys [?]
R3 osppsvc;Office Software Protection Platform;C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-1-9 4925184]
R3 SWNC8U12;Sierra Wireless MUX NDIS Driver (UMTS12);C:\Windows\system32\DRIVERS\swnc8u12.sys --> C:\Windows\system32\DRIVERS\swnc8u12.sys [?]
R3 swumx12;Sierra Wireless USB MUX Driver (UMTS12);C:\Windows\system32\DRIVERS\swumx12.sys --> C:\Windows\system32\DRIVERS\swumx12.sys [?]
R3 vwifimp;Microsoft Virtual WiFi Miniport Service;C:\Windows\system32\DRIVERS\vwifimp.sys --> C:\Windows\system32\DRIVERS\vwifimp.sys [?]
R3 wbfcvusbdrv;WBF Control Vault;C:\Windows\system32\Drivers\wbfcvusbdrv.sys --> C:\Windows\system32\Drivers\wbfcvusbdrv.sys [?]
S1 fanio;FanIO driver;\??\C:\Windows\system32\drivers\fanio.sys --> C:\Windows\system32\drivers\fanio.sys [?]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
S2 dcstor64;DSM SA Data Manager;C:\Program Files\Dell\SysMgt\dataeng\bin\dsm_sa_datamgr64.exe [2012-1-16 293824]
S2 DirMngr;DirMngr;C:\Program Files (x86)\GNU\GnuPG\dirmngr.exe [2009-2-17 231936]
S2 nvUpdatusService;NVIDIA Update Service Daemon;C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe [2012-3-8 1262912]
S2 SkypeUpdate;Skype Updater;C:\Program Files (x86)\Skype\Updater\Updater.exe [2012-6-5 160944]
S3 AMPPALP;Protocole Intel® Centrino® Wireless Bluetooth® + High Speed;C:\Windows\system32\DRIVERS\amppal.sys --> C:\Windows\system32\DRIVERS\amppal.sys [?]
S3 androidusb;SAMSUNG Android Composite ADB Interface Driver;C:\Windows\system32\Drivers\ssadadb.sys --> C:\Windows\system32\Drivers\ssadadb.sys [?]
S3 bdsandbox;bdsandbox;\??\C:\Windows\system32\drivers\bdsandbox.sys --> C:\Windows\system32\drivers\bdsandbox.sys [?]
S3 dmvsc;dmvsc;C:\Windows\system32\drivers\dmvsc.sys --> C:\Windows\system32\drivers\dmvsc.sys [?]
S3 driverhardwarev2x64;driverhardwarev2x64;C:\Program Files\ma-config.com\Drivers\driverhardwarev2x64.sys [2011-7-21 16640]
S3 fssfltr;fssfltr;C:\Windows\system32\DRIVERS\fssfltr.sys --> C:\Windows\system32\DRIVERS\fssfltr.sys [?]
S3 fsssvc;Windows Live Family Safety Service;C:\Program Files (x86)\Windows Live\Family Safety\fsssvc.exe [2012-3-8 1492840]
S3 hwusbdev;Huawei DataCard USB PNP Device;C:\Windows\system32\DRIVERS\ewusbdev.sys --> C:\Windows\system32\DRIVERS\ewusbdev.sys [?]
S3 maconfservice;Ma-Config Service;C:\Program Files\ma-config.com\x64\maconfservice.exe [2011-11-14 427640]
S3 Microsoft SharePoint Workspace Audit Service;Microsoft SharePoint Workspace Audit Service;C:\Program Files (x86)\Microsoft Office\Office14\GROOVE.EXE [2011-6-12 31125880]
S3 MozillaMaintenance;Mozilla Maintenance Service;C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe [2012-5-3 113120]
S3 MyWiFiDHCPDNS;Wireless PAN DHCP Server;C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe [2012-4-17 273168]
S3 nusb3hub;Renesas Electronics USB 3.0 Hub Driver;C:\Windows\system32\drivers\nusb3hub.sys --> C:\Windows\system32\drivers\nusb3hub.sys [?]
S3 nusb3xhc;Renesas Electronics USB 3.0 Host Controller Driver;C:\Windows\system32\drivers\nusb3xhc.sys --> C:\Windows\system32\drivers\nusb3xhc.sys [?]
S3 NVHDA;Service for NVIDIA High Definition Audio Driver;C:\Windows\system32\drivers\nvhda64v.sys --> C:\Windows\system32\drivers\nvhda64v.sys [?]
S3 SafeBox;SafeBox;C:\Program Files\Bitdefender\Bitdefender Safebox\safeboxservice.exe [2012-2-21 75384]
S3 ssadbus;SAMSUNG Android USB Composite Device driver (WDM);C:\Windows\system32\DRIVERS\ssadbus.sys --> C:\Windows\system32\DRIVERS\ssadbus.sys [?]
S3 ssadmdfl;SAMSUNG Android USB Modem (Filter);C:\Windows\system32\DRIVERS\ssadmdfl.sys --> C:\Windows\system32\DRIVERS\ssadmdfl.sys [?]
S3 ssadmdm;SAMSUNG Android USB Modem Drivers;C:\Windows\system32\DRIVERS\ssadmdm.sys --> C:\Windows\system32\DRIVERS\ssadmdm.sys [?]
S3 ssadserd;SAMSUNG Android USB Diagnostic Serial Port (WDM);C:\Windows\system32\DRIVERS\ssadserd.sys --> C:\Windows\system32\DRIVERS\ssadserd.sys [?]
S3 StorSvc;Service de stockage;C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted [2009-7-13 20992]
S3 SwitchBoard;SwitchBoard;C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2010-2-19 517096]
S3 TsUsbFlt;TsUsbFlt;C:\Windows\system32\drivers\tsusbflt.sys --> C:\Windows\system32\drivers\tsusbflt.sys [?]
S3 TsUsbGD;Remote Desktop Generic USB Device;C:\Windows\system32\drivers\TsUsbGD.sys --> C:\Windows\system32\drivers\TsUsbGD.sys [?]
S3 Update Server;BitDefender Update Server v2;C:\Program Files\Common Files\Bitdefender\Bitdefender Arrakis Server\bin\arrakis3.exe [2011-10-14 466736]
S3 USBAAPL64;Apple Mobile USB Driver;C:\Windows\system32\Drivers\usbaapl64.sys --> C:\Windows\system32\Drivers\usbaapl64.sys [?]
S3 UsblgwmAtc;LGE Wireless USB Serial02 Device;C:\Windows\system32\DRIVERS\lgwusb64ser02.sys --> C:\Windows\system32\DRIVERS\lgwusb64ser02.sys [?]
S3 UsblgwmDiag;LGE Wireless USB Serial01 Device;C:\Windows\system32\DRIVERS\lgwusb64ser01.sys --> C:\Windows\system32\DRIVERS\lgwusb64ser01.sys [?]
S3 USBlgwmModem;LGE Wireless USB Modem;C:\Windows\system32\DRIVERS\lgwusb64modem.sys --> C:\Windows\system32\DRIVERS\lgwusb64modem.sys [?]
S3 usblgwubus;LGE Wireless Composite USB Device;C:\Windows\system32\DRIVERS\lgwusb64bus.sys --> C:\Windows\system32\DRIVERS\lgwusb64bus.sys [?]
S3 WatAdminSvc;Service Windows Activation Technologies;C:\Windows\system32\Wat\WatAdminSvc.exe --> C:\Windows\system32\Wat\WatAdminSvc.exe [?]
S4 wlcrasvc;Windows Live Mesh remote connections service;C:\Program Files\Windows Live\Mesh\wlcrasvc.exe [2010-9-22 57184]
.
=============== Created Last 30 ================
.
2012-06-26 22:15:25 -------- d-----w- C:\Program Files\CCleaner
2012-06-24 19:08:09 -------- d-----w- C:\Users\Hicham\AppData\Local\{508F5649-2E03-4FA1-8AF8-9B87C9972875}
2012-06-24 19:07:58 -------- d-----w- C:\Users\Hicham\AppData\Local\{FFE6A290-BE84-4240-81CF-3C5F52934D6A}
2012-06-23 00:41:26 -------- d-----w- C:\Users\Hicham\AppData\Roaming\MyPhoneExplorer
2012-06-23 00:39:19 -------- d-----w- C:\Program Files (x86)\MyPhoneExplorer
2012-06-23 00:30:55 -------- d-----w- C:\Users\Hicham\AppData\Local\Android-Sync
2012-06-23 00:30:53 -------- d-----w- C:\Program Files (x86)\Android-Sync
2012-06-22 23:33:10 36328 ----a-w- C:\Windows\System32\drivers\ssadadb.sys
2012-06-22 23:33:10 177640 ----a-w- C:\Windows\System32\drivers\ssadmdm.sys
2012-06-22 23:33:10 16872 ----a-w- C:\Windows\System32\drivers\ssadmdfl.sys
2012-06-22 23:33:10 157672 ----a-w- C:\Windows\System32\drivers\ssadbus.sys
2012-06-22 23:33:10 13800 ----a-w- C:\Windows\System32\drivers\ssadwhnt.sys
2012-06-22 23:33:10 13288 ----a-w- C:\Windows\System32\drivers\ssadcmnt.sys
2012-06-22 23:33:09 146920 ----a-w- C:\Windows\System32\drivers\ssadserd.sys
2012-06-22 22:56:55 -------- d-----w- C:\Windows\SysWow64\System32
2012-06-22 20:50:01 -------- d-----w- C:\Users\Hicham\AppData\Local\{4A26E0EA-4C8F-44D4-8B1F-264F7833AF2E}
2012-06-22 20:49:50 -------- d-----w- C:\Users\Hicham\AppData\Local\{AEE49F93-6E1B-4AAA-9D3E-939B4D8CAC90}
2012-06-22 20:49:39 -------- d-----w- C:\Users\Hicham\AppData\Local\{B276C1FE-34FA-4A00-9BA9-E7BDD9475246}
2012-06-22 01:05:57 -------- d-----w- C:\Users\Hicham\AppData\Local\SecondLife
2012-06-22 01:05:38 -------- d-----w- C:\Program Files (x86)\SecondLifeViewer
2012-06-21 20:54:39 -------- d-----w- C:\Users\Hicham\AppData\Local\{C2485D5E-9F1C-4682-AC0C-982F39F34F9C}
2012-06-21 20:54:20 -------- d-----w- C:\Users\Hicham\AppData\Local\{24A06341-9A0E-4232-802A-15C858BE386B}
2012-06-21 20:54:08 -------- d-----w- C:\Users\Hicham\AppData\Local\{E6E25197-74BD-4A9E-933E-A5E8521F0E33}
2012-06-21 01:07:15 514560 ----a-w- C:\Windows\SysWow64\qdvd.dll
2012-06-21 01:07:15 366592 ----a-w- C:\Windows\System32\qdvd.dll
2012-06-21 00:14:54 -------- d-----w- C:\Users\Hicham\AppData\Local\{3580B96A-D555-415B-B60D-51540F14B963}
2012-06-21 00:14:42 -------- d-----w- C:\Users\Hicham\AppData\Local\{DBAE3ECA-0C7E-4E6B-A439-EFA162221802}
2012-06-21 00:14:26 -------- d-----w- C:\Users\Hicham\AppData\Local\{13A52B5D-3CC6-4463-9326-B50B4B304CC2}
2012-06-21 00:14:08 -------- d-----w- C:\Users\Hicham\AppData\Local\{C970CD05-A1F4-4815-B7CC-2F2A0379C532}
2012-06-20 03:37:01 225342 ----a-w- C:\ProgramData\1340162857.bdinstall.bin
2012-06-20 03:32:27 -------- d-----w- C:\ProgramData\BDLogging
2012-06-20 03:32:01 -------- d-----w- C:\Users\Hicham\AppData\Roaming\Bitdefender
2012-06-20 03:31:58 -------- d-----w- C:\ProgramData\Bitdefender
2012-06-20 03:27:51 -------- d-----w- C:\Users\Hicham\AppData\Local\{93682A95-5378-4450-935F-877504DA5313}
2012-06-20 03:27:49 442088 ----a-w- C:\Windows\System32\drivers\bdfsfltr.sys
2012-06-20 03:27:45 329800 ----a-w- C:\Windows\System32\drivers\trufos.sys
2012-06-20 03:27:36 -------- d-----w- C:\Users\Hicham\AppData\Local\{68130CB7-B230-4179-B8D8-D83359BC559D}
2012-06-20 03:21:48 403235 ----a-w- C:\ProgramData\1340153587.bdinstall.bin
2012-06-20 03:21:48 -------- d-----w- C:\Program Files\Bitdefender
2012-06-20 00:55:28 -------- d-----w- C:\Users\Hicham\AppData\Roaming\QuickScan
2012-06-20 00:52:26 -------- d-----w- C:\Program Files\Common Files\Bitdefender
2012-06-20 00:50:57 -------- d-----w- C:\Program Files (x86)\Common Files\Bitdefender
2012-06-20 00:17:32 -------- d-----w- C:\Users\Hicham\AppData\Local\Macromedia
2012-06-19 23:00:29 -------- d-----w- C:\Users\Hicham\AppData\Roaming\Malwarebytes
2012-06-19 23:00:24 -------- d-----w- C:\ProgramData\Malwarebytes
2012-06-19 22:59:35 -------- d-----w- C:\Program Files (x86)\ESET
2012-06-19 20:34:26 -------- d-----w- C:\Program Files\iTunes
2012-06-19 20:34:26 -------- d-----w- C:\Program Files\iPod
2012-06-19 20:34:26 -------- d-----w- C:\Program Files (x86)\iTunes
2012-06-19 13:16:24 -------- d-----w- C:\Users\Hicham\AppData\Local\{7066B30F-A1AC-4D29-9A96-3F398B1E5A10}
2012-06-19 13:16:10 -------- d-----w- C:\Users\Hicham\AppData\Local\{3ED68FEE-33AD-4FEA-A50A-8D52E63F884F}
2012-06-19 12:34:52 9013136 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{2A2096C7-79A0-4C04-B77E-BB0A44A4D131}\mpengine.dll
2012-06-19 12:22:19 2622464 ----a-w- C:\Windows\System32\wucltux.dll
2012-06-19 12:22:09 99840 ----a-w- C:\Windows\System32\wudriver.dll
2012-06-19 12:22:00 36864 ----a-w- C:\Windows\System32\wuapp.exe
2012-06-19 12:22:00 186752 ----a-w- C:\Windows\System32\wuwebv.dll
2012-06-19 01:15:43 -------- d-----w- C:\Users\Hicham\AppData\Local\{9767340A-5E53-4DDA-B077-C4F520292691}
2012-06-19 01:15:20 -------- d-----w- C:\Users\Hicham\AppData\Local\{CB4F392F-D053-44FD-A088-68122F02DDFE}
2012-06-18 13:14:14 -------- d-----w- C:\Users\Hicham\AppData\Local\{4C3CAA60-B50B-4B38-BAA3-24F76B57D25C}
2012-06-17 16:28:20 -------- d-----w- C:\Users\Hicham\AppData\Local\{D39D451B-9D85-4370-8E24-FC54DE0EE73B}
2012-06-17 04:28:05 -------- d-----w- C:\Users\Hicham\AppData\Local\{E32954A8-675E-46D4-B0D5-C7B3D7FC2BB9}
2012-06-16 16:27:53 -------- d-----w- C:\Users\Hicham\AppData\Local\{6DAF3662-8FD8-4895-B42A-119D6B3D72E9}
2012-06-14 22:43:59 -------- d-----w- C:\Program Files (x86)\Attractel
2012-06-14 20:19:11 -------- d-----w- C:\Program Files (x86)\Cisco
2012-06-14 20:19:04 -------- d-----w- C:\ProgramData\Intel.sav
2012-06-14 20:15:05 -------- d-----w- C:\Users\Hicham\AppData\Local\{98BBEF9F-3F21-41EC-ACB9-B0EF7FAE8D78}
2012-06-14 20:14:53 -------- d-----w- C:\Users\Hicham\AppData\Local\{C0677CA7-B94A-4E55-B81E-754516CFD5E4}
2012-06-13 23:45:27 -------- d-----w- C:\Users\Hicham\AppData\Local\{A6C4ABDF-D821-45D9-B371-3FF1EFC62219}
2012-06-13 23:45:14 -------- d-----w- C:\Users\Hicham\AppData\Local\{FEF851E7-7FAB-46FC-A438-7CAD2C5D4494}
2012-06-13 16:24:49 -------- d-----w- C:\Users\Hicham\AppData\Local\{0BCAA4DF-8575-4379-BE56-33789693D82C}
2012-06-13 01:06:16 770384 ----a-w- C:\Program Files (x86)\Mozilla Firefox\msvcr100.dll
2012-06-13 01:06:16 421200 ----a-w- C:\Program Files (x86)\Mozilla Firefox\msvcp100.dll
2012-06-12 19:38:01 -------- d-----w- C:\Users\Hicham\AppData\Local\{22100FDC-3130-4296-B953-A50FFE77C6AF}
2012-06-12 19:37:49 -------- d-----w- C:\Users\Hicham\AppData\Local\{E568AEB4-0004-4BE0-9596-71A8C9BC0603}
2012-06-12 19:25:40 184320 ----a-w- C:\Windows\System32\cryptsvc.dll
2012-06-12 19:25:40 1462272 ----a-w- C:\Windows\System32\crypt32.dll
2012-06-12 19:25:40 140288 ----a-w- C:\Windows\SysWow64\cryptsvc.dll
2012-06-12 19:25:40 140288 ----a-w- C:\Windows\System32\cryptnet.dll
2012-06-12 19:25:40 1158656 ----a-w- C:\Windows\SysWow64\crypt32.dll
2012-06-12 19:25:40 103936 ----a-w- C:\Windows\SysWow64\cryptnet.dll
2012-06-12 19:25:01 9216 ----a-w- C:\Windows\System32\rdrmemptylst.exe
2012-06-12 19:25:01 77312 ----a-w- C:\Windows\System32\rdpwsx.dll
2012-06-12 19:25:01 149504 ----a-w- C:\Windows\System32\rdpcorekmts.dll
2012-06-12 19:24:46 209920 ----a-w- C:\Windows\System32\profsvc.dll
2012-06-12 19:24:39 5559664 ----a-w- C:\Windows\System32\ntoskrnl.exe
2012-06-12 19:24:39 3913072 ----a-w- C:\Windows\SysWow64\ntoskrnl.exe
2012-06-12 19:24:38 3968368 ----a-w- C:\Windows\SysWow64\ntkrnlpa.exe
2012-06-12 19:24:38 3146752 ----a-w- C:\Windows\System32\win32k.sys
2012-06-12 19:24:36 210944 ----a-w- C:\Windows\System32\drivers\rdpwd.sys
2012-06-12 19:24:35 3216384 ----a-w- C:\Windows\System32\msi.dll
2012-06-12 19:24:34 2342400 ----a-w- C:\Windows\SysWow64\msi.dll
2012-06-12 18:21:50 159744 ----a-w- C:\Program Files (x86)\Internet Explorer\Plugins\npqtplugin7.dll
2012-06-12 18:21:50 159744 ----a-w- C:\Program Files (x86)\Internet Explorer\Plugins\npqtplugin6.dll
2012-06-12 18:21:50 159744 ----a-w- C:\Program Files (x86)\Internet Explorer\Plugins\npqtplugin5.dll
2012-06-12 18:21:50 159744 ----a-w- C:\Program Files (x86)\Internet Explorer\Plugins\npqtplugin4.dll
2012-06-12 18:21:50 159744 ----a-w- C:\Program Files (x86)\Internet Explorer\Plugins\npqtplugin3.dll
2012-06-12 18:21:50 159744 ----a-w- C:\Program Files (x86)\Internet Explorer\Plugins\npqtplugin2.dll
2012-06-12 18:21:50 159744 ----a-w- C:\Program Files (x86)\Internet Explorer\Plugins\npqtplugin.dll
2012-06-10 18:05:09 -------- d-----w- C:\Users\Hicham\AppData\Local\{B7145CF1-F70C-412F-8B45-0F5FDFA0B895}
2012-06-10 18:04:58 -------- d-----w- C:\Users\Hicham\AppData\Local\{84D777B0-5BD0-4930-AA79-963B91BEDF2B}
2012-06-10 18:04:47 -------- d-----w- C:\Users\Hicham\AppData\Local\{51889B71-9267-4099-9028-EB09EEC32526}
2012-06-08 21:33:53 -------- d-----w- C:\Users\Hicham\AppData\Local\{EF5D7509-956E-43D6-88BC-14ADBCD3371B}
2012-06-08 21:33:43 -------- d-----w- C:\Users\Hicham\AppData\Local\{1DCBED3E-65D9-42D6-B861-C4A935687152}
2012-06-08 21:33:29 -------- d-----w- C:\Users\Hicham\AppData\Local\{EEF63761-7D8D-4116-B60E-52AA79D0C2F7}
2012-06-06 23:43:13 -------- d-----w- C:\Users\Hicham\AppData\Local\APN
2012-06-06 23:43:08 -------- d-----w- C:\Users\Hicham\AppData\Roaming\Paltalk
2012-06-06 23:43:06 -------- d-----w- C:\Program Files (x86)\Paltalk Messenger
2012-06-06 23:40:27 -------- d-----w- C:\Program Files (x86)\Internet Download Manager
2012-06-01 00:34:44 -------- d-----w- C:\Users\Hicham\AppData\Roaming\Xilisoft
2012-05-31 23:59:46 -------- d-----w- C:\ProgramData\Xilisoft
2012-05-31 23:59:46 -------- d-----w- C:\Program Files (x86)\Xilisoft
2012-05-31 23:33:14 -------- d-----w- C:\Users\Hicham\AppData\Roaming\AnvSoft
2012-05-31 23:32:52 -------- d-----w- C:\Program Files (x86)\AnvSoft
2012-05-31 16:34:01 -------- d-----w- C:\ProgramData\eTarget
2012-05-31 16:31:48 -------- d-----w- C:\ProgramData\SL2o
2012-05-31 16:31:48 -------- d-----w- C:\Program Files (x86)\eTarget
2012-05-31 16:28:34 991232 ----a-w- C:\Windows\SysWow64\imageviewer2.ocx
2012-05-31 16:28:34 224016 ----a-w- C:\Windows\SysWow64\tabctl32.ocx
2012-05-31 16:28:34 200704 ----a-w- C:\Windows\SysWow64\threed32.ocx
2012-05-31 16:28:34 164144 ----a-w- C:\Windows\SysWow64\comct232.ocx
2012-05-31 16:28:34 151552 ----a-w- C:\Windows\SysWow64\ccrpfd6.ocx
2012-05-31 16:28:34 110592 ----a-w- C:\Windows\SysWow64\ccrpbds6.dll
2012-05-31 16:28:34 106496 ----a-w- C:\Windows\SysWow64\mbprgbar.ocx
2012-05-31 16:28:34 -------- d-----w- C:\Program Files (x86)\PIXresizer
2012-05-30 21:42:55 0 ----a-w- C:\Windows\invcol.tmp
2012-05-30 21:39:55 351680 ----a-w- C:\Windows\System32\dchcfl64.dll
2012-05-30 21:38:46 475584 ----a-w- C:\Windows\hapint.exe
2012-05-30 21:38:46 426432 ----a-w- C:\Windows\dchcfg64.exe
2012-05-30 21:38:46 108992 ----a-w- C:\Windows\dcmdev64.exe
2012-05-30 21:38:44 575936 ----a-w- C:\Windows\System32\dchbas64.dll
2012-05-30 21:38:44 413632 ----a-w- C:\Windows\System32\dchapi64.dll
2012-05-30 21:37:36 -------- d-----w- C:\Windows\{8D66B53E-07E4-45E0-B29F-D3285859C9EF}
2012-05-30 16:49:41 -------- dc-h--w- C:\ProgramData\{890149B8-7A39-411D-BB6D-E59DBF903EB5}
2012-05-30 16:49:39 -------- d-----w- C:\Program Files (x86)\LiveZilla
2012-05-30 16:49:27 -------- d-----w- C:\Users\Hicham\AppData\Local\PackageAware
.
==================== Find3M ====================
.
2012-06-20 03:54:05 70344 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
2012-06-20 03:54:05 426184 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe
2012-05-29 07:38:50 330240 ----a-w- C:\Windows\MASetupCaller.dll
2012-05-18 02:06:48 2311680 ----a-w- C:\Windows\System32\jscript9.dll
2012-05-18 01:59:14 1392128 ----a-w- C:\Windows\System32\wininet.dll
2012-05-18 01:58:39 1494528 ----a-w- C:\Windows\System32\inetcpl.cpl
2012-05-18 01:55:22 173056 ----a-w- C:\Windows\System32\ieUnatt.exe
2012-05-18 01:51:30 2382848 ----a-w- C:\Windows\System32\mshtml.tlb
2012-05-17 22:45:37 1800192 ----a-w- C:\Windows\SysWow64\jscript9.dll
2012-05-17 22:35:47 1129472 ----a-w- C:\Windows\SysWow64\wininet.dll
2012-05-17 22:35:39 1427968 ----a-w- C:\Windows\SysWow64\inetcpl.cpl
2012-05-17 22:29:45 142848 ----a-w- C:\Windows\SysWow64\ieUnatt.exe
2012-05-17 22:24:45 2382848 ----a-w- C:\Windows\SysWow64\mshtml.tlb
2012-04-18 20:56:30 94208 ----a-w- C:\Windows\SysWow64\QuickTimeVR.qtx
2012-04-18 20:56:30 69632 ----a-w- C:\Windows\SysWow64\QuickTime.qts
2012-04-17 18:49:26 4246016 ----a-w- C:\Windows\System32\wlihvui.dll
2012-04-17 18:45:22 2463744 ----a-w- C:\Windows\System32\iwmssvc.dll
2012-04-14 18:08:28 8741536 ----a-w- C:\Windows\SysWow64\FlashPlayerInstaller.exe
2012-04-08 00:58:21 472808 ----a-w- C:\Windows\SysWow64\deployJava1.dll
2012-04-03 13:19:14 858432 ----a-w- C:\Windows\System32\nv3dappshext.dll
2012-04-03 13:19:14 118080 ----a-w- C:\Windows\System32\nvmctray.dll
2012-04-03 13:19:13 2561856 ----a-w- C:\Windows\System32\nvsvcr.dll
2012-04-03 13:19:12 889664 ----a-w- C:\Windows\System32\nvvsvc.exe
2012-04-03 13:19:12 63296 ----a-w- C:\Windows\System32\nvshext.dll
2012-04-03 13:19:12 55616 ----a-w- C:\Windows\System32\nv3dappshextr.dll
2012-04-03 13:19:12 2553991 ----a-w- C:\Windows\System32\nvcoproc.bin
2012-04-03 13:19:00 3149632 ----a-w- C:\Windows\System32\nvsvc64.dll
2012-04-03 13:15:00 6122816 ----a-w- C:\Windows\System32\nvcpl.dll
2012-04-03 07:16:04 423744 ----a-w- C:\Windows\SysWow64\nvStreaming.exe
2012-03-30 11:35:47 1918320 ----a-w- C:\Windows\System32\drivers\tcpip.sys
2010-01-15 10:36:46 75040 ----a-w- C:\Program Files (x86)\Common Files\SpeechUninstall.exe
.
============= FINISH: 22:13:30,85 ===============

.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2011-08-26.01)
.
Microsoft Windows 7 Professionnel
Boot Device: \Device\HarddiskVolume1
Install Date: 08/03/2012 14:11:17
System Uptime: 25/06/2012 02:36:16 (68 hours ago)
.
Motherboard: Dell Inc. | |
Processor: Intel® Core™ i7-2720QM CPU @ 2.20GHz | CPU 1 | 792/100mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 147 GiB total, 19,542 GiB free.
D: is FIXED (NTFS) - 146 GiB total, 112,582 GiB free.
E: is FIXED (NTFS) - 172 GiB total, 67,123 GiB free.
F: is CDROM (UDF)
G: is CDROM ()
.
==== Disabled Device Manager Items =============
.
Class GUID: {6bdd1fc6-810f-11d0-bec7-08002be2092f}
Description: Officejet 6500 E709n
Device ID: ROOT\IMAGE\0000
Manufacturer: HP
Name: Officejet 6500 E709n
PNP Device ID: ROOT\IMAGE\0000
Service: StillCam
.
Class GUID: {4d36e971-e325-11ce-bfc1-08002be10318}
Description: Officejet 6500 E709n
Device ID: ROOT\MULTIFUNCTION\0000
Manufacturer: HP
Name: Officejet 6500 E709n
PNP Device ID: ROOT\MULTIFUNCTION\0000
Service:
.
Class GUID: {4d36e97d-e325-11ce-bfc1-08002be10318}
Description: BitDefender AVC HV
Device ID: ROOT\SYSTEM\0003
Manufacturer: (Standard system devices)
Name: BitDefender AVC HV
PNP Device ID: ROOT\SYSTEM\0003
Service: avchv
.
Class GUID: {4d36e97d-e325-11ce-bfc1-08002be10318}
Description: Contrôleur audio haute définition
Device ID: PCI\VEN_10DE&DEV_0E08&SUBSYS_14941028&REV_A1\4&143E46F0&0&0108
Manufacturer: Microsoft
Name: Contrôleur audio haute définition
PNP Device ID: PCI\VEN_10DE&DEV_0E08&SUBSYS_14941028&REV_A1\4&143E46F0&0&0108
Service: HDAudBus
.
==== System Restore Points ===================
.
No restore point in system.
.
==== Installed Programs ======================
.
6500_E709_eDocs
6500_E709_Help
6500_E709n
AccelerometerP11
Adobe Acrobat X Pro - English, Français, Deutsch
Adobe AIR
Adobe Community Help
Adobe Flash Player 11 Plugin
Adobe Reader X (10.1.2) - Français
Android-Sync v0.396
Any Video Converter Professional 3.3.0
Apple Application Support
Apple Software Update
µTorrent
bpd_scan
BPDSoftware
BPDSoftware_Ini
BufferChm
Complément Messenger
D3DX10
Definition Update for Microsoft Office 2010 (KB982726) 32-Bit Edition
Dell Client Configuration Toolkit
Dell Client System Update
Dell Driver Download Manager
Destinations
DeviceDiscovery
DocMgr
DocProc
eMule
ESET Online Scanner v3
eTarget V5
Facebook Messenger 2.1.4554.0
Facebook Video Calling 1.2.0.159
Fax
FileZilla Client 3.5.3
FotoWorks XL 2012
Galerie de photos Windows Live
GnuPG For Windows
Google Chrome
GPBaseService2
HDM Connection Manager
Hewlett-Packard ACLM.NET v1.1.0.0
Hotfix for Microsoft .NET Framework 4 Client Profile (KB2461678)
HP Photo Creations
HP Product Detection
HP Update
HPPhotoSmartDiscLabelContent1
HPPhotosmartEssential
HPProductAssistant
HPSSupply
IDT Audio
Intel® Control Center
Intel® Identity Protection Technology 1.1.2.0
Intel® Management Engine Components
Intel® Processor Graphics
Intel® Rapid Storage Technology
Internet Download Manager
Java Auto Updater
Java™ 6 Update 31
JDownloader 0.9
Junk Mail filter update
Kies Air Discovery Service
LEC Translate
LG Connection Manager
LG Wireless USB Modem Driver
LiveZilla
MarketResearch
Mesh Runtime
Microsoft Office 2010 Service Pack 1 (SP1)
Microsoft Office Access MUI (French) 2010
Microsoft Office Excel MUI (French) 2010
Microsoft Office Groove MUI (French) 2010
Microsoft Office InfoPath MUI (French) 2010
Microsoft Office OneNote MUI (French) 2010
Microsoft Office Outlook Connector
Microsoft Office Outlook MUI (French) 2010
Microsoft Office PowerPoint MUI (French) 2010
Microsoft Office Professional Plus 2010
Microsoft Office Professionnel Plus 2010
Microsoft Office Proof (Arabic) 2010
Microsoft Office Proof (Dutch) 2010
Microsoft Office Proof (English) 2010
Microsoft Office Proof (French) 2010
Microsoft Office Proof (German) 2010
Microsoft Office Proof (Spanish) 2010
Microsoft Office Proofing (French) 2010
Microsoft Office Publisher MUI (French) 2010
Microsoft Office Shared MUI (French) 2010
Microsoft Office Word MUI (French) 2010
Microsoft Outlook Social Connector Provider for Windows Live Messenger 32-bit
Microsoft Silverlight
Microsoft SQL Server 2005 Compact Edition [ENU]
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
Microsoft_VC80_ATL_x86
Microsoft_VC80_CRT_x86
Microsoft_VC80_MFC_x86
Microsoft_VC80_MFCLOC_x86
Microsoft_VC90_ATL_x86
Microsoft_VC90_CRT_x86
Microsoft_VC90_MFC_x86
Microsoft_VC90_MFCLOC_x86
Mozilla Firefox 13.0.1 (x86 fr)
Mozilla Maintenance Service
MSVCRT
MSVCRT_amd64
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
MyPhoneExplorer
Notepad++
NVIDIA PhysX
NVIDIA Stereoscopic 3D Driver
O2Micro Flash Memory Card Windows Driver
Paltalk Messenger 10.2
PDF Password Remover v3.1
PDF Settings CS5
PIXresizer
Post in top
PowerISO
ProductContext
PxMergeModule
QuickTime
RapidShare Manager 2
RetroShare
Safari
Samsung Kies
Scan
SecondLifeViewer (remove only)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2604121)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2633870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368v2)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656405)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2686827)
Security Update for Microsoft .NET Framework 4 Extended (KB2487367)
Security Update for Microsoft .NET Framework 4 Extended (KB2656351)
Security Update for Microsoft Excel 2010 (KB2597166) 32-Bit Edition
Security Update for Microsoft Office 2010 (KB2553091)
Security Update for Microsoft Office 2010 (KB2553096)
Security Update for Microsoft Office 2010 (KB2553371) 32-Bit Edition
Security Update for Microsoft Office 2010 (KB2589320) 32-Bit Edition
Security Update for Microsoft Office 2010 (KB2598039) 32-Bit Edition
Security Update for Microsoft PowerPoint 2010 (KB2553185) 32-Bit Edition
Security Update for Microsoft SharePoint Workspace 2010 (KB2566445)
Security Update for Microsoft Visio Viewer 2010 (KB2597981) 32-Bit Edition
Skype™ 5.9
SmartWebPrinting
SolutionCenter
Sony RAW Driver
Speech Support
SpeedFan (remove only)
Status
swMSM
Toolbox
TranslateDotNetClients
TrayApp
Unity Web Player
UnLock Root 2.30
Update for Microsoft .NET Framework 4 Client Profile (KB2468871)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523)
Update for Microsoft .NET Framework 4 Client Profile (KB2600217)
Update for Microsoft .NET Framework 4 Extended (KB2468871)
Update for Microsoft .NET Framework 4 Extended (KB2533523)
Update for Microsoft .NET Framework 4 Extended (KB2600217)
Update for Microsoft Office 2010 (KB2494150)
Update for Microsoft Office 2010 (KB2553065)
Update for Microsoft Office 2010 (KB2553092)
Update for Microsoft Office 2010 (KB2553181) 32-Bit Edition
Update for Microsoft Office 2010 (KB2553267) 32-Bit Edition
Update for Microsoft Office 2010 (KB2553270) 32-Bit Edition
Update for Microsoft Office 2010 (KB2553310) 32-Bit Edition
Update for Microsoft Office 2010 (KB2553385) 32-Bit Edition
Update for Microsoft Office 2010 (KB2566458)
Update for Microsoft Office 2010 (KB2596964) 32-Bit Edition
Update for Microsoft Office 2010 (KB2597091) 32-Bit Edition
Update for Microsoft OneNote 2010 (KB2553290) 32-Bit Edition
Update for Microsoft OneNote 2010 (KB2589345) 32-Bit Edition
Update for Microsoft Outlook 2010 (KB2553248) 32-Bit Edition
Update for Microsoft Outlook Social Connector 2010 (KB2553406) 32-Bit Edition
VC90_CRT_x64
VLC media player 2.0.1
WampServer 2.2
WebReg
Windows Live
Windows Live Communications Platform
Windows Live Installer
Windows Live Mail
Windows Live Mesh
Windows Live Messenger
Windows Live Messenger Companion Core
Windows Live Movie Maker
Windows Live Photo Common
Windows Live Photo Gallery
Windows Live PIMT Platform
Windows Live SOXE
Windows Live SOXE Definitions
Windows Live UX Platform
Windows Live UX Platform Language Pack
Windows Live Writer
Windows Live Writer Resources
WinRAR 4.11 (32-bit)
Xilisoft Convertisseur Vidéo Ultimate 6
Zoiper
.
==== End Of File ===========================


Thanks a lot

#4 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:01:48 PM

Posted 27 June 2012 - 05:15 PM

Hello

I Would like you to do the following.

Please print out or make a copy in notpad of any instructions given, as sometimes it is necessary to go offline and you will lose access to them.

Run Combofix:

You may be asked to install or update the Recovery Console (Win XP Only) if this happens please allow it to do so (you will need to be connected to the internet for this)

Before you run Combofix I will need you to turn off any security software you have running, If you do not know how to do this you can find out >here< or >here<

Combofix may need to reboot your computer more than once to do its job this is normal.

You can download Combofix from one of these links. I want you to save it to the desktop and run it from there.
Link 1
Link 2
Link 3
1. Close any open browsers or any other programs that are open.
2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

Double click on combofix.exe & follow the prompts.
When finished, it will produce a report for you.

Note 1: Do not mouseclick combofix's window while it's running. That may cause it to stall

Note 2: If you recieve an error "Illegal operation attempted on a registery key that has been marked for deletion." Please restart the computer

"information and logs"

  • In your next post I need the following
  • Log from Combofix
  • let me know of any problems you may have had
  • How is the computer doing now?

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#5 0_shark_0

0_shark_0
  • Topic Starter

  • Members
  • 70 posts
  • OFFLINE
  •  
  • Local time:05:48 PM

Posted 27 June 2012 - 07:09 PM

Hello

Pls find below combofix log

ComboFix 12-06-27.01 - Hicham 28/06/2012 0:52.1.8 - x64
Microsoft Windows 7 Professionnel 6.1.7601.1.1252.33.1036.18.8074.5710 [GMT 0:00]
Lancé depuis: c:\users\Hicham\Desktop\ComboFix.exe
AV: Bitdefender Antivirus *Disabled/Updated* {50909708-FF80-02AF-F814-B28405891E92}
FW: Bitdefender Pare-feu *Disabled* {68AB162D-B5EF-03F7-D34B-1BB1FB5A59E9}
SP: Bitdefender Antispyware *Disabled/Updated* {EBF176EC-D9BA-0D21-C2A4-89F67E0E542F}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\programdata\1340153587.bdinstall.bin
c:\programdata\1340162857.bdinstall.bin
c:\programdata\Roaming
c:\users\Hicham\AppData\Local\Temp\26b4a1dd-e07b-48af-be4e-9642b273284b\CliSecureRT.dll
c:\users\Hicham\AppData\Local\Temp\INS_491e44ea.TMP
c:\windows\system32\drivers\etc\hosts.ics
c:\windows\SysWow64\DEBUG.log
c:\windows\SysWow64\instsrv.exe
c:\windows\SysWow64\muzapp.exe
c:\windows\SysWow64\settings.ini
.
.
((((((((((((((((((((((((((((( Fichiers créés du 2012-05-28 au 2012-06-28 ))))))))))))))))))))))))))))))))))))
.
.
2012-06-28 00:58 . 2012-06-28 00:58 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-06-28 00:15 . 2012-06-28 00:15 -------- d-----w- c:\users\UpdatusUser
2012-06-28 00:13 . 2012-06-28 00:13 -------- d-----w- c:\windows\LastGood.Tmp
2012-06-28 00:06 . 2012-06-28 01:00 -------- d-----w- c:\windows\SysWow64\NV
2012-06-28 00:06 . 2012-06-28 01:00 -------- d-----w- c:\windows\system32\NV
2012-06-28 00:06 . 2012-06-28 01:00 -------- d-----w- c:\programdata\NVIDIA
2012-06-28 00:01 . 2012-03-21 23:39 121344 ----a-w- c:\windows\system32\IntelOpenCL64.dll
2012-06-28 00:01 . 2012-03-21 23:33 86528 ----a-w- c:\windows\SysWow64\IntelOpenCL32.dll
2012-06-27 23:53 . 2012-06-27 23:53 -------- d-----w- c:\program files (x86)\Cisco
2012-06-27 23:46 . 2012-06-27 23:46 -------- d-----w- c:\users\Hicham\Nouveau dossier
2012-06-27 23:36 . 2012-06-12 02:30 2653573 ----a-w- c:\windows\system32\nvcoproc.bin
2012-06-27 23:36 . 2012-06-12 02:29 3264360 ----a-w- c:\windows\system32\nvsvc64.dll
2012-06-27 23:36 . 2012-06-12 02:29 6189928 ----a-w- c:\windows\system32\nvcpl.dll
2012-06-27 23:36 . 2012-06-12 02:28 891240 ----a-w- c:\windows\system32\nvvsvc.exe
2012-06-27 23:36 . 2012-06-12 02:28 864104 ----a-w- c:\windows\system32\nv3dappshext.dll
2012-06-27 23:36 . 2012-06-12 02:28 63336 ----a-w- c:\windows\system32\nvshext.dll
2012-06-27 23:36 . 2012-06-12 02:28 55144 ----a-w- c:\windows\system32\nv3dappshextr.dll
2012-06-27 23:36 . 2012-06-12 02:28 2557800 ----a-w- c:\windows\system32\nvsvcr.dll
2012-06-27 23:36 . 2012-06-12 02:28 118120 ----a-w- c:\windows\system32\nvmctray.dll
2012-06-27 23:35 . 2012-03-21 23:39 20992 ----a-w- c:\windows\system32\OpenCL.dll
2012-06-27 23:35 . 2012-03-21 23:32 17920 ----a-w- c:\windows\SysWow64\OpenCL.dll
2012-06-27 23:33 . 2012-06-27 23:33 -------- d-----w- c:\program files (x86)\Common Files\Intel Corporation
2012-06-27 23:23 . 2012-05-30 13:42 569152 ----a-w- c:\windows\system32\drivers\iaStor.sys
2012-06-27 23:22 . 2012-03-16 03:57 514736 ----a-w- c:\windows\system32\drivers\e1c62x64.sys
2012-06-27 23:22 . 2012-02-17 09:52 72360 ----a-w- c:\windows\system32\e1cmsg.dll
2012-06-27 23:22 . 2012-02-03 10:07 99520 ----a-w- c:\windows\system32\NicInstC.dll
2012-06-26 22:15 . 2012-06-26 22:15 -------- d-----w- c:\program files\CCleaner
2012-06-23 00:41 . 2012-06-23 00:48 -------- d-----w- c:\users\Hicham\AppData\Roaming\MyPhoneExplorer
2012-06-23 00:39 . 2012-06-23 00:41 -------- d-----w- c:\program files (x86)\MyPhoneExplorer
2012-06-23 00:30 . 2012-06-23 00:30 -------- d-----w- c:\users\Hicham\AppData\Local\Android-Sync
2012-06-23 00:30 . 2012-06-23 00:30 -------- d-----w- c:\program files (x86)\Android-Sync
2012-06-22 23:33 . 2011-06-02 05:47 177640 ----a-w- c:\windows\system32\drivers\ssadmdm.sys
2012-06-22 23:33 . 2011-06-02 05:47 16872 ----a-w- c:\windows\system32\drivers\ssadmdfl.sys
2012-06-22 23:33 . 2011-06-02 05:47 157672 ----a-w- c:\windows\system32\drivers\ssadbus.sys
2012-06-22 23:33 . 2011-06-02 05:47 13800 ----a-w- c:\windows\system32\drivers\ssadwhnt.sys
2012-06-22 23:33 . 2011-06-02 05:47 13288 ----a-w- c:\windows\system32\drivers\ssadcmnt.sys
2012-06-22 23:33 . 2010-12-21 05:55 36328 ----a-w- c:\windows\system32\drivers\ssadadb.sys
2012-06-22 23:33 . 2011-06-02 05:47 146920 ----a-w- c:\windows\system32\drivers\ssadserd.sys
2012-06-22 22:56 . 2012-06-22 22:56 -------- d-----w- c:\windows\SysWow64\System32
2012-06-22 01:05 . 2012-06-22 01:06 -------- d-----w- c:\users\Hicham\AppData\Roaming\SecondLife
2012-06-22 01:05 . 2012-06-22 01:15 -------- d-----w- c:\users\Hicham\AppData\Local\SecondLife
2012-06-22 01:05 . 2012-06-22 01:05 -------- d-----w- c:\program files (x86)\SecondLifeViewer
2012-06-21 01:07 . 2012-05-04 11:00 366592 ----a-w- c:\windows\system32\qdvd.dll
2012-06-21 01:07 . 2012-05-04 09:59 514560 ----a-w- c:\windows\SysWow64\qdvd.dll
2012-06-20 03:32 . 2012-06-20 03:32 -------- d-----w- c:\programdata\BDLogging
2012-06-20 03:32 . 2012-06-20 03:32 -------- d-----w- c:\users\Hicham\AppData\Roaming\Bitdefender
2012-06-20 03:31 . 2012-06-20 03:32 -------- d-----w- c:\programdata\Bitdefender
2012-06-20 03:27 . 2011-08-16 14:59 442088 ----a-w- c:\windows\system32\drivers\bdfsfltr.sys
2012-06-20 03:27 . 2011-10-27 15:07 329800 ----a-w- c:\windows\system32\drivers\trufos.sys
2012-06-20 03:21 . 2012-06-20 03:30 -------- d-----w- c:\program files\Bitdefender
2012-06-20 00:55 . 2012-06-20 00:55 -------- d-----w- c:\users\Hicham\AppData\Roaming\QuickScan
2012-06-20 00:52 . 2012-06-20 03:27 -------- d-----w- c:\program files\Common Files\Bitdefender
2012-06-20 00:50 . 2012-06-20 00:50 -------- d-----w- c:\program files (x86)\Common Files\Bitdefender
2012-06-20 00:17 . 2012-06-20 00:17 -------- d-----w- c:\users\Hicham\AppData\Local\Macromedia
2012-06-19 23:00 . 2012-06-19 23:00 -------- d-----w- c:\users\Hicham\AppData\Roaming\Malwarebytes
2012-06-19 23:00 . 2012-06-19 23:00 -------- d-----w- c:\programdata\Malwarebytes
2012-06-19 22:59 . 2012-06-19 22:59 -------- d-----w- c:\program files (x86)\ESET
2012-06-19 20:34 . 2012-06-19 20:35 -------- d-----w- c:\program files\iTunes
2012-06-19 20:34 . 2012-06-19 20:34 -------- d-----w- c:\program files (x86)\iTunes
2012-06-19 20:34 . 2012-06-19 20:34 -------- d-----w- c:\program files\iPod
2012-06-19 12:34 . 2012-05-31 04:04 9013136 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{2A2096C7-79A0-4C04-B77E-BB0A44A4D131}\mpengine.dll
2012-06-19 12:22 . 2012-06-02 22:19 2428952 ----a-w- c:\windows\system32\wuaueng.dll
2012-06-19 12:22 . 2012-06-02 22:19 57880 ----a-w- c:\windows\system32\wuauclt.exe
2012-06-19 12:22 . 2012-06-02 22:19 44056 ----a-w- c:\windows\system32\wups2.dll
2012-06-19 12:22 . 2012-06-02 22:15 2622464 ----a-w- c:\windows\system32\wucltux.dll
2012-06-19 12:22 . 2012-06-02 22:19 38424 ----a-w- c:\windows\system32\wups.dll
2012-06-19 12:22 . 2012-06-02 22:19 701976 ----a-w- c:\windows\system32\wuapi.dll
2012-06-19 12:22 . 2012-06-02 22:15 99840 ----a-w- c:\windows\system32\wudriver.dll
2012-06-19 12:22 . 2012-06-02 15:19 186752 ----a-w- c:\windows\system32\wuwebv.dll
2012-06-19 12:22 . 2012-06-02 15:15 36864 ----a-w- c:\windows\system32\wuapp.exe
2012-06-14 22:43 . 2012-06-14 22:43 -------- d-----w- c:\program files (x86)\Attractel
2012-06-14 20:19 . 2012-06-14 20:19 -------- d-----w- c:\programdata\Intel.sav
2012-06-13 01:06 . 2012-06-13 01:06 770384 ----a-w- c:\program files (x86)\Mozilla Firefox\msvcr100.dll
2012-06-13 01:06 . 2012-06-13 01:06 421200 ----a-w- c:\program files (x86)\Mozilla Firefox\msvcp100.dll
2012-06-12 19:25 . 2012-04-24 05:37 184320 ----a-w- c:\windows\system32\cryptsvc.dll
2012-06-12 19:25 . 2012-04-24 05:37 140288 ----a-w- c:\windows\system32\cryptnet.dll
2012-06-12 19:25 . 2012-04-24 05:37 1462272 ----a-w- c:\windows\system32\crypt32.dll
2012-06-12 19:25 . 2012-04-24 04:36 140288 ----a-w- c:\windows\SysWow64\cryptsvc.dll
2012-06-12 19:25 . 2012-04-24 04:36 1158656 ----a-w- c:\windows\SysWow64\crypt32.dll
2012-06-12 19:25 . 2012-04-24 04:36 103936 ----a-w- c:\windows\SysWow64\cryptnet.dll
2012-06-12 19:25 . 2012-04-26 05:41 77312 ----a-w- c:\windows\system32\rdpwsx.dll
2012-06-12 19:25 . 2012-04-26 05:41 149504 ----a-w- c:\windows\system32\rdpcorekmts.dll
2012-06-12 19:25 . 2012-04-26 05:34 9216 ----a-w- c:\windows\system32\rdrmemptylst.exe
2012-06-12 19:24 . 2012-05-01 05:40 209920 ----a-w- c:\windows\system32\profsvc.dll
2012-06-12 19:24 . 2012-05-04 11:06 5559664 ----a-w- c:\windows\system32\ntoskrnl.exe
2012-06-12 19:24 . 2012-05-04 10:03 3913072 ----a-w- c:\windows\SysWow64\ntoskrnl.exe
2012-06-12 19:24 . 2012-05-15 01:32 3146752 ----a-w- c:\windows\system32\win32k.sys
2012-06-12 19:24 . 2012-05-04 10:03 3968368 ----a-w- c:\windows\SysWow64\ntkrnlpa.exe
2012-06-12 19:24 . 2012-04-28 03:55 210944 ----a-w- c:\windows\system32\drivers\rdpwd.sys
2012-06-12 19:24 . 2012-04-07 12:31 3216384 ----a-w- c:\windows\system32\msi.dll
2012-06-12 19:24 . 2012-04-07 11:26 2342400 ----a-w- c:\windows\SysWow64\msi.dll
2012-06-12 18:21 . 2012-06-12 18:21 159744 ----a-w- c:\program files (x86)\Internet Explorer\Plugins\npqtplugin7.dll
2012-06-12 18:21 . 2012-06-12 18:21 159744 ----a-w- c:\program files (x86)\Internet Explorer\Plugins\npqtplugin6.dll
2012-06-12 18:21 . 2012-06-12 18:21 159744 ----a-w- c:\program files (x86)\Internet Explorer\Plugins\npqtplugin5.dll
2012-06-12 18:21 . 2012-06-12 18:21 159744 ----a-w- c:\program files (x86)\Internet Explorer\Plugins\npqtplugin4.dll
2012-06-12 18:21 . 2012-06-12 18:21 159744 ----a-w- c:\program files (x86)\Internet Explorer\Plugins\npqtplugin3.dll
2012-06-12 18:21 . 2012-06-12 18:21 159744 ----a-w- c:\program files (x86)\Internet Explorer\Plugins\npqtplugin2.dll
2012-06-12 18:21 . 2012-06-12 18:21 159744 ----a-w- c:\program files (x86)\Internet Explorer\Plugins\npqtplugin.dll
2012-06-12 18:21 . 2012-06-12 18:21 -------- d-----w- c:\program files (x86)\QuickTime
2012-06-11 20:51 . 2012-06-11 20:51 428392 ----a-w- c:\windows\SysWow64\nvStreaming.exe
2012-06-06 23:43 . 2012-06-06 23:43 -------- d-----w- c:\users\Hicham\AppData\Local\APN
2012-06-06 23:43 . 2012-06-06 23:43 -------- d-----w- c:\users\Hicham\AppData\Roaming\Paltalk
2012-06-06 23:43 . 2012-06-06 23:43 -------- d-----w- c:\program files (x86)\Paltalk Messenger
2012-06-06 23:40 . 2012-06-06 23:41 -------- d-----w- c:\program files (x86)\Internet Download Manager
2012-06-01 00:34 . 2012-06-01 00:34 -------- d-----w- c:\users\Hicham\AppData\Roaming\Xilisoft
2012-05-31 23:59 . 2012-05-31 23:59 -------- d-----w- c:\programdata\Xilisoft
2012-05-31 23:59 . 2012-05-31 23:59 -------- d-----w- c:\program files (x86)\Xilisoft
2012-05-31 23:33 . 2012-05-31 23:33 -------- d-----w- c:\users\Hicham\AppData\Roaming\AnvSoft
2012-05-31 23:32 . 2012-05-31 23:32 -------- d-----w- c:\program files (x86)\AnvSoft
2012-05-31 16:34 . 2012-05-31 16:34 -------- d-----w- c:\programdata\eTarget
2012-05-31 16:31 . 2012-05-31 16:31 -------- d-----w- c:\program files (x86)\eTarget
2012-05-31 16:31 . 2012-05-31 16:31 -------- d-----w- c:\programdata\SL2o
2012-05-31 16:28 . 2012-05-31 16:28 -------- d-----w- c:\program files (x86)\PIXresizer
2012-05-31 16:28 . 2007-04-15 01:05 991232 ----a-w- c:\windows\SysWow64\imageviewer2.ocx
2012-05-31 16:28 . 2004-03-09 00:00 224016 ----a-w- c:\windows\SysWow64\tabctl32.ocx
2012-05-31 16:28 . 2000-07-09 19:15 106496 ----a-w- c:\windows\SysWow64\mbprgbar.ocx
2012-05-31 16:28 . 2000-05-02 00:02 110592 ----a-w- c:\windows\SysWow64\ccrpbds6.dll
2012-05-31 16:28 . 1999-09-16 10:04 151552 ----a-w- c:\windows\SysWow64\ccrpfd6.ocx
2012-05-31 16:28 . 1998-06-24 01:00 164144 ----a-w- c:\windows\SysWow64\comct232.ocx
2012-05-31 16:28 . 1996-01-12 01:00 200704 ----a-w- c:\windows\SysWow64\threed32.ocx
2012-05-30 21:42 . 2012-05-30 21:42 0 ----a-w- c:\windows\invcol.tmp
2012-05-30 21:39 . 2012-01-16 15:20 351680 ----a-w- c:\windows\system32\dchcfl64.dll
2012-05-30 21:38 . 2012-01-16 15:22 475584 ----a-w- c:\windows\hapint.exe
2012-05-30 21:38 . 2012-01-16 15:19 426432 ----a-w- c:\windows\dchcfg64.exe
2012-05-30 21:38 . 2012-01-16 15:17 108992 ----a-w- c:\windows\dcmdev64.exe
.
.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-06-20 03:54 . 2012-03-29 23:02 426184 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2012-06-20 03:54 . 2012-03-08 16:41 70344 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2012-05-29 07:38 . 2011-12-23 20:58 330240 ----a-w- c:\windows\MASetupCaller.dll
2012-05-21 12:17 . 2012-05-21 12:17 276288 ----a-w- c:\windows\SysWow64\IntelCpHeciSvc.exe
2012-05-21 12:17 . 2012-05-21 12:17 5890880 ----a-w- c:\windows\system32\GfxUI.exe
2012-05-21 12:17 . 2012-05-21 12:17 509248 ----a-w- c:\windows\system32\igfxsrvc.exe
2012-05-21 12:17 . 2012-05-21 12:17 440128 ----a-w- c:\windows\system32\igfxpers.exe
2012-05-21 12:17 . 2012-05-21 12:17 398656 ----a-w- c:\windows\system32\hkcmd.exe
2012-05-21 12:17 . 2012-05-21 12:17 249664 ----a-w- c:\windows\system32\igfxext.exe
2012-05-21 12:17 . 2012-05-21 12:17 184640 ----a-w- c:\windows\system32\difx64.exe
2012-05-21 12:17 . 2012-05-21 12:17 170304 ----a-w- c:\windows\system32\igfxtray.exe
2012-05-21 12:13 . 2012-05-21 12:13 90112 ----a-w- c:\windows\system32\igfxCoIn_v2761.dll
2012-05-21 12:04 . 2012-05-21 12:04 8089088 ----a-w- c:\windows\system32\igdumd64.dll
2012-05-21 12:04 . 2012-05-21 12:04 14759520 ----a-w- c:\windows\system32\drivers\igdkmd64.sys
2012-05-21 12:03 . 2012-05-21 12:03 79360 ----a-w- c:\windows\system32\igdde64.dll
2012-05-21 11:59 . 2012-01-10 14:18 6122496 ----a-w- c:\windows\SysWow64\igdumd32.dll
2012-05-21 11:57 . 2012-05-21 11:57 58880 ----a-w- c:\windows\SysWow64\igdde32.dll
2012-05-21 11:55 . 2012-01-10 14:06 9606144 ----a-w- c:\windows\system32\igd10umd64.dll
2012-05-21 11:43 . 2012-03-19 23:11 7795712 ----a-w- c:\windows\SysWow64\igd10umd32.dll
2012-05-21 10:58 . 2012-05-21 10:58 18138624 ----a-w- c:\windows\system32\ig4icd64.dll
2012-05-21 10:47 . 2012-05-21 10:47 13214720 ----a-w- c:\windows\SysWow64\ig4icd32.dll
2012-05-21 10:44 . 2012-05-21 10:44 439296 ----a-w- c:\windows\system32\igfxrrom.lrc
2012-05-21 10:44 . 2012-05-21 10:44 438784 ----a-w- c:\windows\system32\igfxrhrv.lrc
2012-05-21 10:44 . 2012-05-21 10:44 438272 ----a-w- c:\windows\system32\igfxrsky.lrc
2012-05-21 10:44 . 2012-05-21 10:44 437760 ----a-w- c:\windows\system32\igfxrtrk.lrc
2012-05-21 10:44 . 2012-05-21 10:44 437760 ----a-w- c:\windows\system32\igfxrsve.lrc
2012-05-21 10:44 . 2012-05-21 10:44 437760 ----a-w- c:\windows\system32\igfxrslv.lrc
2012-05-21 10:44 . 2012-05-21 10:44 437248 ----a-w- c:\windows\system32\igfxrtha.lrc
2012-05-21 10:44 . 2012-05-21 10:44 439808 ----a-w- c:\windows\system32\igfxresn.lrc
2012-05-21 10:44 . 2012-05-21 10:44 439296 ----a-w- c:\windows\system32\igfxrrus.lrc
2012-05-21 10:44 . 2012-05-21 10:44 438784 ----a-w- c:\windows\system32\igfxrptg.lrc
2012-05-21 10:44 . 2012-05-21 10:44 438784 ----a-w- c:\windows\system32\igfxrplk.lrc
2012-05-21 10:44 . 2012-05-21 10:44 437760 ----a-w- c:\windows\system32\igfxrptb.lrc
2012-05-21 10:44 . 2012-05-21 10:44 438784 ----a-w- c:\windows\system32\igfxrita.lrc
2012-05-21 10:44 . 2012-05-21 10:44 437760 ----a-w- c:\windows\system32\igfxrnor.lrc
2012-05-21 10:44 . 2012-05-21 10:44 432128 ----a-w- c:\windows\system32\igfxrjpn.lrc
2012-05-21 10:44 . 2012-05-21 10:44 430592 ----a-w- c:\windows\system32\igfxrkor.lrc
2012-05-21 10:44 . 2012-05-21 10:44 440320 ----a-w- c:\windows\system32\igfxrell.lrc
2012-05-21 10:44 . 2012-05-21 10:44 438784 ----a-w- c:\windows\system32\igfxrdeu.lrc
2012-05-21 10:44 . 2012-05-21 10:44 438272 ----a-w- c:\windows\system32\igfxrhun.lrc
2012-05-21 10:44 . 2012-05-21 10:44 435712 ----a-w- c:\windows\system32\igfxrheb.lrc
2012-05-21 10:44 . 2012-05-21 10:44 439808 ----a-w- c:\windows\system32\igfxrfra.lrc
2012-05-21 10:44 . 2012-05-21 10:44 438784 ----a-w- c:\windows\system32\igfxrnld.lrc
2012-05-21 10:44 . 2012-05-21 10:44 438272 ----a-w- c:\windows\system32\igfxrfin.lrc
2012-05-21 10:44 . 2012-05-21 10:44 438272 ----a-w- c:\windows\system32\igfxrcsy.lrc
2012-05-21 10:44 . 2012-05-21 10:44 437248 ----a-w- c:\windows\system32\igfxrdan.lrc
2012-05-21 10:44 . 2012-05-21 10:44 435712 ----a-w- c:\windows\system32\igfxrara.lrc
2012-05-21 10:44 . 2012-05-21 10:44 429056 ----a-w- c:\windows\system32\igfxrcht.lrc
2012-05-21 10:44 . 2012-05-21 10:44 428544 ----a-w- c:\windows\system32\igfxrchs.lrc
2012-05-21 10:44 . 2012-05-21 10:44 126976 ----a-w- c:\windows\system32\igfxcpl.cpl
2012-05-21 10:44 . 2012-05-21 10:44 410624 ----a-w- c:\windows\system32\igfxTMM.dll
2012-05-21 10:43 . 2012-05-21 10:43 388608 ----a-w- c:\windows\system32\igfxpph.dll
2012-05-21 10:43 . 2012-01-10 13:19 28672 ----a-w- c:\windows\system32\igfxexps.dll
2012-05-21 10:43 . 2012-01-10 13:19 62976 ----a-w- c:\windows\system32\igfxsrvc.dll
2012-05-21 10:43 . 2012-01-10 13:19 110592 ----a-w- c:\windows\system32\hccutils.dll
2012-05-21 10:42 . 2012-05-21 10:42 172032 ----a-w- c:\windows\system32\gfxSrvc.dll
2012-05-21 10:42 . 2012-05-21 10:42 9216 ----a-w- c:\windows\system32\IGFXDEVLib.dll
2012-05-21 10:42 . 2012-02-14 17:56 436224 ----a-w- c:\windows\system32\igfxdev.dll
2012-05-21 10:42 . 2012-05-21 10:42 286208 ----a-w- c:\windows\system32\igfxrenu.lrc
2012-05-21 10:42 . 2012-05-21 10:42 142336 ----a-w- c:\windows\system32\igfxdo.dll
2012-05-21 10:42 . 2012-01-10 13:18 9007616 ----a-w- c:\windows\system32\igfxress.dll
2012-05-21 10:40 . 2012-05-21 10:40 25088 ----a-w- c:\windows\SysWow64\igfxexps32.dll
2012-05-21 10:39 . 2012-05-21 10:39 325632 ----a-w- c:\windows\SysWow64\igfxdv32.dll
2012-04-27 21:09 . 2011-03-28 18:36 19352 ----a-w- c:\programdata\Microsoft\IdentityCRL\production\ppcrlconfig600.dll
2012-04-18 20:56 . 2012-04-18 20:56 94208 ----a-w- c:\windows\SysWow64\QuickTimeVR.qtx
2012-04-18 20:56 . 2012-04-18 20:56 69632 ----a-w- c:\windows\SysWow64\QuickTime.qts
2012-04-14 18:08 . 2012-04-14 17:08 8741536 ----a-w- c:\windows\SysWow64\FlashPlayerInstaller.exe
2012-04-11 10:21 . 2012-04-11 10:21 203264 ----a-w- c:\windows\system32\Ncs2Setp.dll
2012-04-11 10:05 . 2012-04-11 10:05 839800 ----a-w- c:\windows\system32\ncs2dmix.dll
2012-04-11 10:05 . 2012-04-11 10:05 788600 ----a-w- c:\windows\system32\accesor.dll
2012-04-11 09:53 . 2012-04-11 09:53 217208 ----a-w- c:\windows\system32\ncs2instutility.dll
2012-04-11 09:49 . 2012-04-11 09:49 3031160 ----a-w- c:\windows\system32\ncscolib.dll
2012-04-08 00:58 . 2012-04-08 00:58 472808 ----a-w- c:\windows\SysWow64\deployJava1.dll
2012-03-30 11:35 . 2012-05-10 01:26 1918320 ----a-w- c:\windows\system32\drivers\tcpip.sys
2010-01-15 10:36 . 2012-03-19 00:03 75040 ----a-w- c:\program files (x86)\Common Files\SpeechUninstall.exe
.
.
((((((((((((((((((((((((((((((((( Points de chargement Reg ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"KiesPDLR"="c:\program files (x86)\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe" [2012-06-08 21432]
"Facebook Update"="c:\users\Hicham\AppData\Local\Facebook\Update\FacebookUpdate.exe" [2012-05-02 137536]
"SUPERAntiSpyware"="c:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2012-06-21 4786048]
"IDMan"="c:\program files (x86)\Internet Download Manager\IDMan.exe" [2011-11-14 3437976]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"IMSS"="c:\program files (x86)\Intel\Intel® Management Engine Components\IMSS\PIconStartup.exe" [2011-08-08 112408]
"IAStorIcon"="c:\program files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIconLaunch.exe" [2012-06-07 56128]
"PWRISOVM.EXE"="c:\program files (x86)\PowerISO\PWRISOVM.EXE" [2012-02-09 312376]
"SwitchBoard"="c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe" [2010-02-19 517096]
"AdobeCS5.5ServiceManager"="c:\program files (x86)\Common Files\Adobe\CS5.5ServiceManager\CS5.5ServiceManager.exe" [2011-01-12 1523360]
"BCSSync"="c:\program files (x86)\Microsoft Office\Office14\BCSSync.exe" [2010-03-13 91520]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-01-03 843712]
"Adobe Acrobat Speed Launcher"="c:\program files (x86)\Adobe\Acrobat 10.0\Acrobat\Acrobat_sl.exe" [2010-10-25 36760]
"Acrobat Assistant 8.0"="c:\program files (x86)\Adobe\Acrobat 10.0\Acrobat\Acrotray.exe" [2010-10-25 821144]
"KiesTrayAgent"="c:\program files (x86)\Samsung\Kies\KiesTrayAgent.exe" [2012-06-08 3521464]
"hpqSRMon"="c:\program files (x86)\HP\Digital Imaging\bin\hpqSRMon.exe" [2008-07-22 150528]
"APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-05-30 59280]
"HP Software Update"="c:\program files (x86)\HP\HP Software Update\HPWuSchd2.exe" [2011-05-10 49208]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2012-01-18 254696]
"LiveZilla"="c:\program files (x86)\LiveZilla\LiveZilla.exe" [2012-05-02 8069568]
"QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2012-04-18 421888]
"iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2012-06-07 421776]
"AndroidSync"="c:\program files (x86)\Android-Sync\AndroidSync.exe" [2012-06-20 6512184]
.
c:\users\Hicham\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
PalTalk.lnk - c:\program files (x86)\Paltalk Messenger\paltalk.exe [2012-5-27 8097960]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Bluetooth.lnk - c:\program files\WIDCOMM\Bluetooth Software\BTTray.exe [2010-10-15 1133856]
Dell System Manager.lnk - c:\program files\Dell\Dell System Manager\DCPSysMgr.exe [2011-7-28 1552240]
HP Digital Imaging Monitor.lnk - c:\program files (x86)\HP\Digital Imaging\bin\hpqtra08.exe [2010-5-28 276328]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 0 (0x0)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=c:\windows\SysWOW64\nvinit.dll
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\!SASCORE]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
.
R1 fanio;FanIO driver;c:\windows\system32\drivers\fanio.sys [2007-02-16 22528]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 DirMngr;DirMngr;c:\program files (x86)\GNU\GnuPG\dirmngr.exe [2009-02-17 231936]
R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe [2012-06-05 160944]
R3 AMPPALP;Protocole Intel® Centrino® Wireless Bluetooth® + High Speed;c:\windows\system32\DRIVERS\amppal.sys [2012-01-09 195584]
R3 androidusb;SAMSUNG Android Composite ADB Interface Driver;c:\windows\system32\Drivers\ssadadb.sys [2010-12-21 36328]
R3 avckf;avckf;c:\windows\system32\DRIVERS\avckf.sys [2012-02-17 545064]
R3 bdsandbox;bdsandbox;c:\windows\system32\drivers\bdsandbox.sys [2011-11-17 79952]
R3 cphs;Intel® Content Protection HECI Service;c:\windows\SysWow64\IntelCpHeciSvc.exe [2012-05-21 276288]
R3 dgderdrv;dgderdrv;c:\windows\system32\drivers\dgderdrv.sys [x]
R3 dmvsc;dmvsc;c:\windows\system32\drivers\dmvsc.sys [2010-11-21 71168]
R3 driverhardwarev2x64;driverhardwarev2x64;c:\program files\ma-config.com\Drivers\driverhardwarev2x64.sys [2011-07-21 16640]
R3 hwusbdev;Huawei DataCard USB PNP Device;c:\windows\system32\DRIVERS\ewusbdev.sys [2009-10-12 114304]
R3 maconfservice;Ma-Config Service;c:\program files\ma-config.com\x64\maconfservice.exe [2011-11-14 427640]
R3 Microsoft SharePoint Workspace Audit Service;Microsoft SharePoint Workspace Audit Service;c:\program files (x86)\Microsoft Office\Office14\GROOVE.EXE [2011-06-12 31125880]
R3 MozillaMaintenance;Mozilla Maintenance Service;c:\program files (x86)\Mozilla Maintenance Service\maintenanceservice.exe [2012-06-17 113120]
R3 MyWiFiDHCPDNS;Wireless PAN DHCP Server;c:\program files\Intel\WiFi\bin\PanDhcpDns.exe [2012-03-29 273168]
R3 nusb3hub;Renesas Electronics USB 3.0 Hub Driver;c:\windows\system32\drivers\nusb3hub.sys [2010-09-30 80384]
R3 nusb3xhc;Renesas Electronics USB 3.0 Host Controller Driver;c:\windows\system32\drivers\nusb3xhc.sys [2010-09-30 180736]
R3 NVHDA;Service for NVIDIA High Definition Audio Driver;c:\windows\system32\drivers\nvhda64v.sys [2012-01-17 188224]
R3 SafeBox;SafeBox;c:\program files\Bitdefender\Bitdefender SafeBox\safeboxservice.exe [2012-02-21 75384]
R3 ssadbus;SAMSUNG Android USB Composite Device driver (WDM);c:\windows\system32\DRIVERS\ssadbus.sys [2011-06-02 157672]
R3 ssadmdfl;SAMSUNG Android USB Modem (Filter);c:\windows\system32\DRIVERS\ssadmdfl.sys [2011-06-02 16872]
R3 ssadmdm;SAMSUNG Android USB Modem Drivers;c:\windows\system32\DRIVERS\ssadmdm.sys [2011-06-02 177640]
R3 ssadserd;SAMSUNG Android USB Diagnostic Serial Port (WDM);c:\windows\system32\DRIVERS\ssadserd.sys [2011-06-02 146920]
R3 SwitchBoard;SwitchBoard;c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2010-02-19 517096]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-21 59392]
R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys [2010-11-21 31232]
R3 Update Server;BitDefender Update Server v2;c:\program files\Common Files\Bitdefender\Bitdefender Arrakis Server\bin\arrakis3.exe [2011-10-14 466736]
R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys [2012-02-15 52736]
R3 UsblgwmAtc;LGE Wireless USB Serial02 Device;c:\windows\system32\DRIVERS\lgwusb64ser02.sys [2009-09-23 28160]
R3 UsblgwmDiag;LGE Wireless USB Serial01 Device;c:\windows\system32\DRIVERS\lgwusb64ser01.sys [2009-09-23 28160]
R3 USBlgwmModem;LGE Wireless USB Modem;c:\windows\system32\DRIVERS\lgwusb64modem.sys [2009-09-23 33792]
R3 usblgwubus;LGE Wireless Composite USB Device;c:\windows\system32\DRIVERS\lgwusb64bus.sys [2009-09-23 18944]
R3 WatAdminSvc;Service Windows Activation Technologies;c:\windows\system32\Wat\WatAdminSvc.exe [2012-03-10 1255736]
R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe [2010-09-22 57184]
S0 avc3;avc3;c:\windows\system32\DRIVERS\avc3.sys [2012-03-20 691896]
S0 nvpciflt;nvpciflt;c:\windows\system32\DRIVERS\nvpciflt.sys [2012-06-12 30056]
S0 PxHlpa64;PxHlpa64;c:\windows\System32\Drivers\PxHlpa64.sys [2009-07-09 55280]
S0 stdcfltn;Disk Class Filter Driver for Accelerometer;c:\windows\system32\DRIVERS\stdcfltn.sys [2011-07-15 22128]
S1 BdfNdisf;BitDefender Firewall NDIS 6 Filter Driver;c:\program files\common files\bitdefender\bitdefender firewall\bdfndisf6.sys [2011-11-14 90192]
S1 bdfwfpf;bdfwfpf;c:\program files\Common Files\Bitdefender\Bitdefender Firewall\bdfwfpf.sys [2011-11-14 103504]
S1 BDVEDISK;BDVEDISK;c:\windows\system32\DRIVERS\bdvedisk.sys [2010-01-19 103944]
S1 nvkflt;nvkflt;c:\windows\system32\DRIVERS\nvkflt.sys [2012-06-12 284008]
S1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\SASDIFSV64.SYS [2011-07-22 14928]
S1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL64.SYS [2011-07-12 12368]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [2009-07-14 59904]
S2 !SASCORE;SAS Core Service;c:\program files\SUPERAntiSpyware\SASCORE64.EXE [2011-08-11 140672]
S2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2012-01-03 63928]
S2 AESTFilters;Andrea ST Filters Service;c:\program files\IDT\WDM\AESTSr64.exe [2009-03-03 89600]
S2 AMPPALR3;Intel® Centrino® Wireless Bluetooth® + High Speed Service;c:\program files\Intel\BluetoothHS\BTHSAmpPalService.exe [2012-01-09 659968]
S2 BTHSSecurityMgr;Intel® Centrino® Wireless Bluetooth® + High Speed Security Service;c:\program files\Intel\BluetoothHS\BTHSSecurityMgr.exe [2012-01-17 135952]
S2 Credential Vault Host Control Service;Credential Vault Host Control Service;c:\program files\Broadcom Corporation\Broadcom USH Host Components\CV\bin\HostControlService.exe [2011-06-22 1043872]
S2 Credential Vault Host Storage;Credential Vault Host Storage;c:\program files\Broadcom Corporation\Broadcom USH Host Components\CV\bin\HostStorageService.exe [2011-06-22 36768]
S2 dcevt64;DSM SA Event Manager;c:\program files\Dell\SysMgt\dataeng\bin\dsm_sa_eventmgr64.exe [2012-01-16 222144]
S2 dcpsysmgrsvc;Dell System Manager Service;c:\program files\Dell\Dell System Manager\DCPSysMgrSvc.exe [2011-07-28 519536]
S2 dcstor64;DSM SA Data Manager;c:\program files\Dell\SysMgt\dataeng\bin\dsm_sa_datamgr64.exe [2012-01-16 293824]
S2 IAStorDataMgrSvc;Intel® Rapid Storage Technology;c:\program files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe [2012-05-30 13632]
S2 IDMWFP;IDMWFP;c:\windows\system32\DRIVERS\idmwfp.sys [2011-07-06 145008]
S2 Intel® Capability Licensing Service Interface;Intel® Capability Licensing Service Interface;c:\program files\Intel\iCLS Client\HeciServer.exe [2012-02-02 628448]
S2 Intel® PROSet Monitoring Service;Intel® PROSet Monitoring Service;c:\windows\system32\IProsetMonitor.exe [2012-03-12 190120]
S2 jhi_service;Intel® Identity Protection Technology Host Interface Service;c:\program files (x86)\Intel\Services\IPT\jhi_service.exe [2011-02-24 212944]
S2 nvUpdatusService;NVIDIA Update Service Daemon;c:\program files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe [2012-06-12 1258856]
S2 O2SDIOAssist;O2SDIOAssist;c:\windows\SysWOW64\srvany.exe [2003-04-18 8192]
S2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2012-06-11 382312]
S2 UNS;Intel® Management and Security Application User Notification Service;c:\program files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe [2012-02-07 363800]
S2 UPDATESRV;BitDefender Desktop Update Service;c:\program files\Bitdefender\Bitdefender 2012\updatesrv.exe [2012-03-13 66096]
S2 ZeroConfigService;Intel® PROSet/Wireless Zero Configuration Service;c:\program files\Intel\WiFi\bin\ZeroConfigService.exe [2012-03-29 2669840]
S3 Acceler;Accelerometer Service;c:\windows\system32\DRIVERS\accelern.sys [2011-07-22 27760]
S3 AMPPAL;Carte réseau virtuelle Intel® Centrino® Wireless Bluetooth® + High Speed;c:\windows\system32\DRIVERS\AMPPAL.sys [2012-01-09 195584]
S3 avchv;avchv Function Driver;c:\windows\system32\DRIVERS\avchv.sys [2011-11-25 258736]
S3 BTWAMPFL;BTWAMPFL;c:\windows\system32\DRIVERS\btwampfl.sys [2012-03-08 348712]
S3 btwl2cap;Bluetooth L2CAP Service;c:\windows\system32\DRIVERS\btwl2cap.sys [2012-03-08 39464]
S3 cvusbdrv;Dell ControlVault;c:\windows\system32\Drivers\cvusbdrv.sys [2011-06-22 45672]
S3 dcdbas;System Management Driver;c:\windows\system32\DRIVERS\dcdbas64.sys [2012-03-03 38472]
S3 e1cexpress;Intel® PRO/1000 PCI Express Network Connection Driver C;c:\windows\system32\DRIVERS\e1c62x64.sys [2012-03-16 514736]
S3 MEIx64;Intel® Management Engine Interface ;c:\windows\system32\DRIVERS\HECIx64.sys [2011-11-10 60184]
S3 NETwNs64;___ Pilote de carte de la série Intel® Wireless WiFi Link 5000 pour Windows 7 64 bits ;c:\windows\system32\DRIVERS\Netwsw00.sys [2012-03-12 11471872]
S3 O2MDRRDR;O2MDRRDR;c:\windows\system32\DRIVERS\O2MDRw7x64.sys [2011-01-03 74984]
S3 O2SDJRDR;O2SDJRDR;c:\windows\system32\DRIVERS\o2sdjw7x64.sys [2011-03-23 83560]
S3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-09 4925184]
S3 SWNC8U12;Sierra Wireless MUX NDIS Driver (UMTS12);c:\windows\system32\DRIVERS\swnc8u12.sys [2007-09-21 195584]
S3 swumx12;Sierra Wireless USB MUX Driver (UMTS12);c:\windows\system32\DRIVERS\swumx12.sys [2007-09-21 189056]
S3 vwifimp;Microsoft Virtual WiFi Miniport Service;c:\windows\system32\DRIVERS\vwifimp.sys [2009-07-14 17920]
S3 wbfcvusbdrv;WBF Control Vault;c:\windows\system32\Drivers\wbfcvusbdrv.sys [2011-06-22 15976]
.
.
--- Autres Services/Pilotes en mémoire ---
.
*NewlyCreated* - WS2IFSL
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\svchost]
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc
.
Contenu du dossier 'Tâches planifiées'
.
2012-06-28 c:\windows\Tasks\AutoKMS.job
- c:\windows\AutoKMS\AutoKMS.exe [2012-03-08 17:44]
.
2012-06-19 c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-3245385906-3479983345-2242931313-1000Core.job
- c:\users\Hicham\AppData\Local\Facebook\Update\FacebookUpdate.exe [2012-04-11 22:09]
.
2012-06-21 c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-3245385906-3479983345-2242931313-1000UA.job
- c:\users\Hicham\AppData\Local\Facebook\Update\FacebookUpdate.exe [2012-04-11 22:09]
.
2012-06-19 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3245385906-3479983345-2242931313-1000Core.job
- c:\users\Hicham\AppData\Local\Google\Update\GoogleUpdate.exe [2012-03-14 17:45]
.
2012-06-28 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3245385906-3479983345-2242931313-1000UA.job
- c:\users\Hicham\AppData\Local\Google\Update\GoogleUpdate.exe [2012-03-14 17:45]
.
2012-06-28 c:\windows\Tasks\HP Photo Creations Communicator.job
- c:\programdata\HP Photo Creations\MessageCheck.exe [2011-03-02 10:11]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\IDM Shell Extension]
@="{CDC95B92-E27C-4745-A8C5-64A52A78855D}"
[HKEY_CLASSES_ROOT\CLSID\{CDC95B92-E27C-4745-A8C5-64A52A78855D}]
2011-05-30 14:50 22408 ----a-w- c:\program files (x86)\Internet Download Manager\IDMShellExt64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\__SafeBox1]
@="{152C96EB-288E-4EDC-B7C6-D21F8250ADF3}"
[HKEY_CLASSES_ROOT\CLSID\{152C96EB-288E-4EDC-B7C6-D21F8250ADF3}]
2012-02-22 13:55 266952 ----a-w- c:\program files\Bitdefender\Bitdefender Safebox\safeboxshell.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\__SafeBox2]
@="{342DAA0B-D796-460D-8566-901E08A1CCAD}"
[HKEY_CLASSES_ROOT\CLSID\{342DAA0B-D796-460D-8566-901E08A1CCAD}]
2012-02-22 13:55 266952 ----a-w- c:\program files\Bitdefender\Bitdefender Safebox\safeboxshell.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\__SafeBox3]
@="{57595DAE-1AE1-4D97-A49E-67CBB53B52DF}"
[HKEY_CLASSES_ROOT\CLSID\{57595DAE-1AE1-4D97-A49E-67CBB53B52DF}]
2012-02-22 13:55 266952 ----a-w- c:\program files\Bitdefender\Bitdefender Safebox\safeboxshell.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\__SafeBox4]
@="{33816773-98AE-4723-ADE0-EBE54C8B5A67}"
[HKEY_CLASSES_ROOT\CLSID\{33816773-98AE-4723-ADE0-EBE54C8B5A67}]
2012-02-22 13:55 266952 ----a-w- c:\program files\Bitdefender\Bitdefender Safebox\safeboxshell.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"FreeFallProtection"="c:\program files (x86)\STMicroelectronics\AccelerometerP11\FF_Protection.exe" [2011-07-25 686704]
"Apoint"="c:\program files\DellTPad\Apoint.exe" [2011-07-20 611192]
"SysTrayApp"="c:\program files\IDT\WDM\sttray64.exe" [2011-01-25 525312]
"AdobeAAMUpdater-1.0"="c:\program files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe" [2011-03-30 499608]
"BDAgent"="c:\program files\Bitdefender\Bitdefender 2012\bdagent.exe" [2012-06-06 1091200]
"IntelMyWiFiDashboard"="c:\program files\Intel\WiFi\bin\CCDashServer.exe" [2012-03-29 4966912]
"IntelPROSet"="c:\program files\Common Files\Intel\WirelessCommon\iFrmewrk.exe" [2012-03-29 4756240]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2012-05-21 170304]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2012-05-21 398656]
"Persistence"="c:\windows\system32\igfxpers.exe" [2012-05-21 440128]
"nwiz"="c:\program files\NVIDIA Corporation\nview\nwiz.exe" [2012-06-12 1694016]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"LoadAppInit_DLLs"=0x1
"AppInit_DLLs"=c:\windows\System32\nvinitx.dll
.
------- Examen supplémentaire -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = about:blank
mStart Page = about:blank
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = *.local
IE: &Envoyer à OneNote - c:\progra~2\MICROS~1\Office14\ONBttnIE.dll/105
IE: Ajouter la cible du lien à un fichier PDF existant - c:\program files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Ajouter à un fichier PDF existant - c:\program files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convertir au format Adobe PDF - c:\program files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECapture.html
IE: Convertir la cible du lien au format Adobe PDF - c:\program files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: E&xporter vers Microsoft Excel - c:\progra~2\MICROS~1\Office14\EXCEL.EXE/3000
IE: Envoyer au périphérique &Bluetooth... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
IE: Envoyer l'&image au périphérique Bluetooth... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
IE: Télécharger avec IDM - c:\program files (x86)\Internet Download Manager\IEExt.htm
IE: Télécharger tous les liens avec IDM - c:\program files (x86)\Internet Download Manager\IEGetAll.htm
TCP: Interfaces\{A8E25707-DC7F-489B-AAD1-CA556CDE4455}: NameServer = 192.168.1.1
FF - ProfilePath - c:\users\Hicham\AppData\Roaming\Mozilla\Firefox\Profiles\z7lbjrf2.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2098232&SearchSource=3&q={searchTerms}
FF - prefs.js: browser.startup.homepage - about:home
FF - prefs.js: network.proxy.type - 0
.
- - - - ORPHELINS SUPPRIMES - - - -
.
Wow6432Node-HKCU-Run-RESTART_STICKY_NOTES - c:\windows\System32\StikyNot.exe
AddRemove-Kies Air Discovery Service - c:\windows\system32\javaws.exe
AddRemove-UnityWebPlayer - c:\users\Hicham\AppData\Local\Unity\WebPlayer\Uninstall.exe
.
.
.
--------------------- CLES DE REGISTRE BLOQUEES ---------------------
.
[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.htm\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="FirefoxHTML"
.
[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.html\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="FirefoxHTML"
.
[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.shtml\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="FirefoxHTML"
.
[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.xht\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="FirefoxHTML"
.
[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.xhtml\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="FirefoxHTML"
.
[HKEY_USERS\S-1-5-21-3245385906-3479983345-2242931313-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.download\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="SafariDownload"
.
[HKEY_USERS\S-1-5-21-3245385906-3479983345-2242931313-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.htm\UserChoice]
@Denied: (2) (S-1-5-21-3245385906-3479983345-2242931313-1000)
@Denied: (2) (LocalSystem)
"Progid"="FirefoxHTML"
.
[HKEY_USERS\S-1-5-21-3245385906-3479983345-2242931313-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.html\UserChoice]
@Denied: (2) (S-1-5-21-3245385906-3479983345-2242931313-1000)
@Denied: (2) (LocalSystem)
"Progid"="FirefoxHTML"
.
[HKEY_USERS\S-1-5-21-3245385906-3479983345-2242931313-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.safariextz\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="SafariExtension"
.
[HKEY_USERS\S-1-5-21-3245385906-3479983345-2242931313-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.shtml\UserChoice]
@Denied: (2) (S-1-5-21-3245385906-3479983345-2242931313-1000)
@Denied: (2) (LocalSystem)
"Progid"="FirefoxHTML"
.
[HKEY_USERS\S-1-5-21-3245385906-3479983345-2242931313-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.svg\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="SafariHTML"
.
[HKEY_USERS\S-1-5-21-3245385906-3479983345-2242931313-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.webarchive\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="SafariHTML"
.
[HKEY_USERS\S-1-5-21-3245385906-3479983345-2242931313-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.xht\UserChoice]
@Denied: (2) (S-1-5-21-3245385906-3479983345-2242931313-1000)
@Denied: (2) (LocalSystem)
"Progid"="FirefoxHTML"
.
[HKEY_USERS\S-1-5-21-3245385906-3479983345-2242931313-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.xhtml\UserChoice]
@Denied: (2) (S-1-5-21-3245385906-3479983345-2242931313-1000)
@Denied: (2) (LocalSystem)
"Progid"="FirefoxHTML"
.
[HKEY_USERS\S-1-5-21-3245385906-3479983345-2242931313-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.xml\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="SafariHTML"
.
[HKEY_USERS\S-1-5-21-3245385906-3479983345-2242931313-1000_Classes\Wow6432Node\CLSID\{373cc752-5d54-4e5b-9866-0a3afba09ab9}]
@Denied: (Full) (Everyone)
@Allowed: (Read) (RestrictedCode)
"Model"=dword:00000066
"Therad"=dword:00000024
"MData"=hex(0):2b,8f,78,29,5a,0c,ce,ec,48,d4,68,e5,9f,6a,96,3e,ab,de,c5,81,26,
38,95,44,9b,7f,44,e6,2d,cd,de,65,98,a4,40,ae,92,32,56,ca,df,f8,83,9b,76,7f,\
.
[HKEY_USERS\S-1-5-21-3245385906-3479983345-2242931313-1000_Classes\Wow6432Node\CLSID\{5ED60779-4DE2-4E07-B862-974CA4FF2E9C}]
@Denied: (Full) (Everyone)
@Allowed: (Read) (RestrictedCode)
"scansk"=hex(0):a9,63,b2,38,33,b6,d1,16,a6,19,38,c4,1e,f1,f2,a9,fe,90,bd,38,d9,
d9,dc,99,4f,9d,99,75,f4,ea,09,8e,3a,65,0b,92,bf,4d,a3,25,00,00,00,00,00,00,\
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_2_202_233_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_2_202_233_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_2_202_233.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.11"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_2_202_233.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_2_202_233.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_2_202_233.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Office\Common\Smart Tag\Actions\{B7EFF951-E52F-45CC-9EF7-57124F2177CC}]
@Denied: (A) (Everyone)
"Solution"="{15727DE6-F92D-4E46-ACB4-0E2C58B31A18}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3]
@Denied: (A) (Everyone)
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3\0]
"Key"="ActionsPane3"
"Location"="c:\\Program Files (x86)\\Common Files\\Microsoft Shared\\VSTO\\ActionsPane3.xsd"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0003\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0004\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0006\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Autres processus actifs ------------------------
.
c:\program files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\program files (x86)\Power Translator 15\LogoMedia TranslateDotNet Server.exe
c:\windows\system32\DRIVERS\o2flash.exe
c:\windows\sysWOW64\SDIOAssist.exe
c:\windows\SysWOW64\RunDll32.exe
c:\program files (x86)\Internet Download Manager\IEMonitor.exe
c:\program files\WIDCOMM\Bluetooth Software\BluetoothHeadsetProxy.exe
c:\program files (x86)\Android-Sync\bin\adb.exe
c:\program files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe
c:\program files (x86)\HP\Digital Imaging\bin\hpqSTE08.exe
c:\program files (x86)\HP\Digital Imaging\bin\hpqbam08.exe
c:\program files (x86)\HP\Digital Imaging\bin\hpqgpc01.exe
c:\program files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
.
**************************************************************************
.
Heure de fin: 2012-06-28 01:07:40 - La machine a redémarré
ComboFix-quarantined-files.txt 2012-06-28 01:07
.
Avant-CF: 16 526 503 936 octets libres
Après-CF: 16 127 311 872 octets libres
.
- - End Of File - - 532CA5A821744C06CD456E0E0500B362



#6 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:01:48 PM

Posted 27 June 2012 - 08:27 PM

Greetings

I want you to run these next,

tdsskiller:

Please read carefully and follow these steps.
  • Download TDSSKiller and save it to your Desktop.
  • doubleclick on TDSSKiller.exe to run the application, then on Start Scan.
  • If an infected file is detected, the default action will be Cure, click on Continue.
  • If a suspicious file is detected, the default action will be Skip, click on Continue.
  • It may ask you to reboot the computer to complete the process. Click on Reboot Now.
  • If no reboot is require, click on Report. A log file should appear. Please copy and paste the contents of that file here.
  • If a reboot is required, the report can also be found in your root directory, (usually C:\ folder) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt". Please copy and paste the contents of that file here.

Please download aswMBR to your desktop.
  • Double click the aswMBR.exe icon to run it
  • it will ask to download extra definitions - ALLOW IT
  • Click the Scan button to start the scan
  • On completion of the scan, click the save log button, save it to your desktop and post it in your next reply.

If you have any problems running either one come back and let me know

please reply with the reports from TDSSKiller and aswMBR

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#7 0_shark_0

0_shark_0
  • Topic Starter

  • Members
  • 70 posts
  • OFFLINE
  •  
  • Local time:05:48 PM

Posted 27 June 2012 - 09:00 PM

Hi,

Thanks for your help

Aswbr, don't work properly and prompt, please find below the error msg:

Posted Image

And below the report of TDSSKiller

02:31:39.0627 7684 TDSS rootkit removing tool 2.7.42.0 Jun 25 2012 21:18:44
02:31:39.0927 7684 ============================================================
02:31:39.0927 7684 Current date / time: 2012/06/28 02:31:39.0927
02:31:39.0927 7684 SystemInfo:
02:31:39.0927 7684
02:31:39.0927 7684 OS Version: 6.1.7601 ServicePack: 1.0
02:31:39.0927 7684 Product type: Workstation
02:31:39.0927 7684 ComputerName: HICHAM-PC
02:31:39.0927 7684 UserName: Hicham
02:31:39.0927 7684 Windows directory: C:\Windows
02:31:39.0927 7684 System windows directory: C:\Windows
02:31:39.0927 7684 Running under WOW64
02:31:39.0927 7684 Processor architecture: Intel x64
02:31:39.0927 7684 Number of processors: 8
02:31:39.0927 7684 Page size: 0x1000
02:31:39.0927 7684 Boot type: Normal boot
02:31:39.0927 7684 ============================================================
02:31:40.0287 7684 Drive \Device\Harddisk0\DR0 - Size: 0x7470C06000 (465.76 Gb), SectorSize: 0x200, Cylinders: 0xED81, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
02:31:40.0287 7684 ============================================================
02:31:40.0287 7684 \Device\Harddisk0\DR0:
02:31:40.0287 7684 MBR partitions:
02:31:40.0287 7684 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x32000
02:31:40.0287 7684 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x32800, BlocksNum 0x1269B000
02:31:40.0287 7684 \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x126CD800, BlocksNum 0x124F8000
02:31:40.0287 7684 \Device\Harddisk0\DR0\Partition3: MBR, Type 0x7, StartLBA 0x24BC5800, BlocksNum 0x157C0000
02:31:40.0287 7684 ============================================================
02:31:40.0307 7684 C: <-> \Device\Harddisk0\DR0\Partition1
02:31:40.0337 7684 D: <-> \Device\Harddisk0\DR0\Partition2
02:31:40.0377 7684 E: <-> \Device\Harddisk0\DR0\Partition3
02:31:40.0377 7684 ============================================================
02:31:40.0377 7684 Initialize success
02:31:40.0377 7684 ============================================================
02:31:50.0028 8368 ============================================================
02:31:50.0028 8368 Scan started
02:31:50.0028 8368 Mode: Manual;
02:31:50.0028 8368 ============================================================
02:31:50.0508 8368 !SASCORE (7d9d615201a483d6fa99491c2e655a5a) C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE
02:31:50.0518 8368 !SASCORE - ok
02:31:50.0678 8368 1394ohci (a87d604aea360176311474c87a63bb88) C:\Windows\system32\DRIVERS\1394ohci.sys
02:31:50.0698 8368 1394ohci - ok
02:31:50.0738 8368 Acceler (1575a815c27789061f34b4f55ae0b5c3) C:\Windows\system32\DRIVERS\accelern.sys
02:31:50.0738 8368 Acceler - ok
02:31:50.0768 8368 ACPI (d81d9e70b8a6dd14d42d7b4efa65d5f2) C:\Windows\system32\drivers\ACPI.sys
02:31:50.0788 8368 ACPI - ok
02:31:50.0808 8368 AcpiPmi (99f8e788246d495ce3794d7e7821d2ca) C:\Windows\system32\drivers\acpipmi.sys
02:31:50.0808 8368 AcpiPmi - ok
02:31:50.0859 8368 AdobeARMservice (62b7936f9036dd6ed36e6a7efa805dc0) C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
02:31:50.0859 8368 AdobeARMservice - ok
02:31:50.0909 8368 adp94xx (2f6b34b83843f0c5118b63ac634f5bf4) C:\Windows\system32\drivers\adp94xx.sys
02:31:50.0949 8368 adp94xx - ok
02:31:50.0999 8368 adpahci (597f78224ee9224ea1a13d6350ced962) C:\Windows\system32\drivers\adpahci.sys
02:31:51.0019 8368 adpahci - ok
02:31:51.0049 8368 adpu320 (e109549c90f62fb570b9540c4b148e54) C:\Windows\system32\drivers\adpu320.sys
02:31:51.0059 8368 adpu320 - ok
02:31:51.0099 8368 AeLookupSvc (4b78b431f225fd8624c5655cb1de7b61) C:\Windows\System32\aelupsvc.dll
02:31:51.0099 8368 AeLookupSvc - ok
02:31:51.0199 8368 AESTFilters (a6fb9db8f1a86861d955fd6975977ae0) C:\Program Files\IDT\WDM\AESTSr64.exe
02:31:51.0209 8368 AESTFilters - ok
02:31:51.0269 8368 AFD (1c7857b62de5994a75b054a9fd4c3825) C:\Windows\system32\drivers\afd.sys
02:31:51.0309 8368 AFD - ok
02:31:51.0339 8368 agp440 (608c14dba7299d8cb6ed035a68a15799) C:\Windows\system32\drivers\agp440.sys
02:31:51.0339 8368 agp440 - ok
02:31:51.0349 8368 ALG (3290d6946b5e30e70414990574883ddb) C:\Windows\System32\alg.exe
02:31:51.0349 8368 ALG - ok
02:31:51.0379 8368 aliide (5812713a477a3ad7363c7438ca2ee038) C:\Windows\system32\drivers\aliide.sys
02:31:51.0379 8368 aliide - ok
02:31:51.0399 8368 amdide (1ff8b4431c353ce385c875f194924c0c) C:\Windows\system32\drivers\amdide.sys
02:31:51.0409 8368 amdide - ok
02:31:51.0419 8368 AmdK8 (7024f087cff1833a806193ef9d22cda9) C:\Windows\system32\drivers\amdk8.sys
02:31:51.0419 8368 AmdK8 - ok
02:31:51.0429 8368 AmdPPM (1e56388b3fe0d031c44144eb8c4d6217) C:\Windows\system32\drivers\amdppm.sys
02:31:51.0429 8368 AmdPPM - ok
02:31:51.0469 8368 amdsata (d4121ae6d0c0e7e13aa221aa57ef2d49) C:\Windows\system32\drivers\amdsata.sys
02:31:51.0479 8368 amdsata - ok
02:31:51.0499 8368 amdsbs (f67f933e79241ed32ff46a4f29b5120b) C:\Windows\system32\drivers\amdsbs.sys
02:31:51.0499 8368 amdsbs - ok
02:31:51.0519 8368 amdxata (540daf1cea6094886d72126fd7c33048) C:\Windows\system32\drivers\amdxata.sys
02:31:51.0519 8368 amdxata - ok
02:31:51.0559 8368 AMPPAL (157b1c973637919dcd0d0464167c86ba) C:\Windows\system32\DRIVERS\AMPPAL.sys
02:31:51.0569 8368 AMPPAL - ok
02:31:51.0589 8368 AMPPALP (157b1c973637919dcd0d0464167c86ba) C:\Windows\system32\DRIVERS\amppal.sys
02:31:51.0589 8368 AMPPALP - ok
02:31:51.0719 8368 AMPPALR3 (fb70f8c1283c8cc6bfaa6f9971107e68) C:\Program Files\Intel\BluetoothHS\BTHSAmpPalService.exe
02:31:51.0729 8368 AMPPALR3 - ok
02:31:51.0789 8368 androidusb (4de0d5d747a73797c95a97dcce5018b5) C:\Windows\system32\Drivers\ssadadb.sys
02:31:51.0799 8368 androidusb - ok
02:31:51.0859 8368 ApfiltrService (6d4cb1f46a0ac05326f834fd6b822479) C:\Windows\system32\DRIVERS\Apfiltr.sys
02:31:51.0869 8368 ApfiltrService - ok
02:31:51.0909 8368 AppID (89a69c3f2f319b43379399547526d952) C:\Windows\system32\drivers\appid.sys
02:31:51.0909 8368 AppID - ok
02:31:51.0929 8368 AppIDSvc (0bc381a15355a3982216f7172f545de1) C:\Windows\System32\appidsvc.dll
02:31:51.0929 8368 AppIDSvc - ok
02:31:51.0949 8368 Appinfo (3977d4a871ca0d4f2ed1e7db46829731) C:\Windows\System32\appinfo.dll
02:31:51.0949 8368 Appinfo - ok
02:31:52.0069 8368 Apple Mobile Device (f401929ee0cc92bfe7f15161ca535383) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
02:31:52.0069 8368 Apple Mobile Device - ok
02:31:52.0129 8368 AppMgmt (4aba3e75a76195a3e38ed2766c962899) C:\Windows\System32\appmgmts.dll
02:31:52.0149 8368 AppMgmt - ok
02:31:52.0169 8368 arc (c484f8ceb1717c540242531db7845c4e) C:\Windows\system32\drivers\arc.sys
02:31:52.0179 8368 arc - ok
02:31:52.0229 8368 arcsas (019af6924aefe7839f61c830227fe79c) C:\Windows\system32\drivers\arcsas.sys
02:31:52.0239 8368 arcsas - ok
02:31:52.0349 8368 aspnet_state (9217d874131ae6ff8f642f124f00a555) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_state.exe
02:31:52.0359 8368 aspnet_state - ok
02:31:52.0389 8368 AsyncMac (769765ce2cc62867468cea93969b2242) C:\Windows\system32\DRIVERS\asyncmac.sys
02:31:52.0389 8368 AsyncMac - ok
02:31:52.0419 8368 atapi (02062c0b390b7729edc9e69c680a6f3c) C:\Windows\system32\drivers\atapi.sys
02:31:52.0429 8368 atapi - ok
02:31:52.0489 8368 AudioEndpointBuilder (f23fef6d569fce88671949894a8becf1) C:\Windows\System32\Audiosrv.dll
02:31:52.0529 8368 AudioEndpointBuilder - ok
02:31:52.0539 8368 AudioSrv (f23fef6d569fce88671949894a8becf1) C:\Windows\System32\Audiosrv.dll
02:31:52.0549 8368 AudioSrv - ok
02:31:52.0599 8368 avc3 (f57de310bf3bd9df0f7d301c1d7f5432) C:\Windows\system32\DRIVERS\avc3.sys
02:31:52.0629 8368 avc3 - ok
02:31:52.0659 8368 avchv (4c6bcc638798abe1f70afca70d889c3f) C:\Windows\system32\DRIVERS\avchv.sys
02:31:52.0669 8368 avchv - ok
02:31:52.0709 8368 avckf (6dc4cca415bbf2fc629beb532aa0e6cd) C:\Windows\system32\DRIVERS\avckf.sys
02:31:52.0749 8368 avckf - ok
02:31:52.0779 8368 AxInstSV (a6bf31a71b409dfa8cac83159e1e2aff) C:\Windows\System32\AxInstSV.dll
02:31:52.0789 8368 AxInstSV - ok
02:31:52.0859 8368 b06bdrv (3e5b191307609f7514148c6832bb0842) C:\Windows\system32\drivers\bxvbda.sys
02:31:52.0889 8368 b06bdrv - ok
02:31:52.0939 8368 b57nd60a (b5ace6968304a3900eeb1ebfd9622df2) C:\Windows\system32\DRIVERS\b57nd60a.sys
02:31:52.0949 8368 b57nd60a - ok
02:31:52.0969 8368 BDESVC (fde360167101b4e45a96f939f388aeb0) C:\Windows\System32\bdesvc.dll
02:31:52.0979 8368 BDESVC - ok
02:31:53.0059 8368 BdfNdisf (707ac68f86f97c17c30498aaf3c7e27e) c:\program files\common files\bitdefender\bitdefender firewall\bdfndisf6.sys
02:31:53.0069 8368 BdfNdisf - ok
02:31:53.0129 8368 bdfsfltr (ea195950fa5dd4a8f7bc00822213a363) C:\Windows\system32\DRIVERS\bdfsfltr.sys
02:31:53.0149 8368 bdfsfltr - ok
02:31:53.0249 8368 bdfwfpf (4ce4b0098fc315c237fa8867f07886c4) C:\Program Files\Common Files\Bitdefender\Bitdefender Firewall\bdfwfpf.sys
02:31:53.0259 8368 bdfwfpf - ok
02:31:53.0299 8368 bdsandbox (31571d77c6186ad228f52ee4ebdf8ee9) C:\Windows\system32\drivers\bdsandbox.sys
02:31:53.0299 8368 bdsandbox - ok
02:31:53.0339 8368 BDVEDISK (b89deff4817b4cc6fc2bcd8f83b4e75d) C:\Windows\system32\DRIVERS\bdvedisk.sys
02:31:53.0339 8368 BDVEDISK - ok
02:31:53.0369 8368 Beep (16a47ce2decc9b099349a5f840654746) C:\Windows\system32\drivers\Beep.sys
02:31:53.0379 8368 Beep - ok
02:31:53.0439 8368 BFE (82974d6a2fd19445cc5171fc378668a4) C:\Windows\System32\bfe.dll
02:31:53.0489 8368 BFE - ok
02:31:53.0559 8368 BITS (1ea7969e3271cbc59e1730697dc74682) C:\Windows\system32\qmgr.dll
02:31:53.0579 8368 BITS - ok
02:31:53.0659 8368 blbdrive (61583ee3c3a17003c4acd0475646b4d3) C:\Windows\system32\DRIVERS\blbdrive.sys
02:31:53.0659 8368 blbdrive - ok
02:31:53.0749 8368 Bonjour Service (ebbcd5dfbb1de70e8f4af8fa59e401fd) C:\Program Files\Bonjour\mDNSResponder.exe
02:31:53.0759 8368 Bonjour Service - ok
02:31:53.0809 8368 bowser (6c02a83164f5cc0a262f4199f0871cf5) C:\Windows\system32\DRIVERS\bowser.sys
02:31:53.0809 8368 bowser - ok
02:31:53.0839 8368 BrFiltLo (f09eee9edc320b5e1501f749fde686c8) C:\Windows\system32\drivers\BrFiltLo.sys
02:31:53.0839 8368 BrFiltLo - ok
02:31:53.0839 8368 BrFiltUp (b114d3098e9bdb8bea8b053685831be6) C:\Windows\system32\drivers\BrFiltUp.sys
02:31:53.0839 8368 BrFiltUp - ok
02:31:53.0889 8368 BridgeMP (5c2f352a4e961d72518261257aae204b) C:\Windows\system32\DRIVERS\bridge.sys
02:31:53.0889 8368 BridgeMP - ok
02:31:53.0939 8368 Browser (8ef0d5c41ec907751b8429162b1239ed) C:\Windows\System32\browser.dll
02:31:53.0949 8368 Browser - ok
02:31:53.0979 8368 Brserid (43bea8d483bf1870f018e2d02e06a5bd) C:\Windows\System32\Drivers\Brserid.sys
02:31:53.0989 8368 Brserid - ok
02:31:53.0999 8368 BrSerWdm (a6eca2151b08a09caceca35c07f05b42) C:\Windows\System32\Drivers\BrSerWdm.sys
02:31:54.0019 8368 BrSerWdm - ok
02:31:54.0019 8368 BrUsbMdm (b79968002c277e869cf38bd22cd61524) C:\Windows\System32\Drivers\BrUsbMdm.sys
02:31:54.0029 8368 BrUsbMdm - ok
02:31:54.0029 8368 BrUsbSer (a87528880231c54e75ea7a44943b38bf) C:\Windows\System32\Drivers\BrUsbSer.sys
02:31:54.0029 8368 BrUsbSer - ok
02:31:54.0069 8368 BthEnum (cf98190a94f62e405c8cb255018b2315) C:\Windows\system32\drivers\BthEnum.sys
02:31:54.0069 8368 BthEnum - ok
02:31:54.0079 8368 BTHMODEM (9da669f11d1f894ab4eb69bf546a42e8) C:\Windows\system32\drivers\bthmodem.sys
02:31:54.0089 8368 BTHMODEM - ok
02:31:54.0169 8368 BthPan (02dd601b708dd0667e1331fa8518e9ff) C:\Windows\system32\DRIVERS\bthpan.sys
02:31:54.0169 8368 BthPan - ok
02:31:54.0209 8368 BTHPORT (64c198198501f7560ee41d8d1efa7952) C:\Windows\System32\Drivers\BTHport.sys
02:31:54.0219 8368 BTHPORT - ok
02:31:54.0269 8368 bthserv (95f9c2976059462cbbf227f7aab10de9) C:\Windows\system32\bthserv.dll
02:31:54.0269 8368 bthserv - ok
02:31:54.0389 8368 BTHSSecurityMgr (fa2d081709a764f6bee16b7ffe03e36c) C:\Program Files\Intel\BluetoothHS\BTHSSecurityMgr.exe
02:31:54.0389 8368 BTHSSecurityMgr - ok
02:31:54.0419 8368 BTHUSB (f188b7394d81010767b6df3178519a37) C:\Windows\System32\Drivers\BTHUSB.sys
02:31:54.0419 8368 BTHUSB - ok
02:31:54.0489 8368 BTWAMPFL (72cc5dcc4e67e7927f94801166cfdcda) C:\Windows\system32\DRIVERS\btwampfl.sys
02:31:54.0489 8368 BTWAMPFL - ok
02:31:54.0549 8368 btwaudio (f6135859a582a7294ba7a3336e08baa1) C:\Windows\system32\drivers\btwaudio.sys
02:31:54.0549 8368 btwaudio - ok
02:31:54.0579 8368 btwavdt (3def2370e414b4e299673558ba171a51) C:\Windows\system32\DRIVERS\btwavdt.sys
02:31:54.0579 8368 btwavdt - ok
02:31:54.0709 8368 btwdins (36e3016bedc45274e00e2943b591aeef) C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe
02:31:54.0749 8368 btwdins - ok
02:31:54.0779 8368 btwl2cap (07096d2bc22ccb6cea5a532df0be8a75) C:\Windows\system32\DRIVERS\btwl2cap.sys
02:31:54.0779 8368 btwl2cap - ok
02:31:54.0799 8368 btwrchid (9937e0e4dfc0030560a6dfe9d3a94b39) C:\Windows\system32\DRIVERS\btwrchid.sys
02:31:54.0799 8368 btwrchid - ok
02:31:54.0829 8368 catchme - ok
02:31:54.0859 8368 cdfs (b8bd2bb284668c84865658c77574381a) C:\Windows\system32\DRIVERS\cdfs.sys
02:31:54.0859 8368 cdfs - ok
02:31:54.0889 8368 cdrom (f036ce71586e93d94dab220d7bdf4416) C:\Windows\system32\DRIVERS\cdrom.sys
02:31:54.0899 8368 cdrom - ok
02:31:54.0929 8368 CertPropSvc (f17d1d393bbc69c5322fbfafaca28c7f) C:\Windows\System32\certprop.dll
02:31:54.0939 8368 CertPropSvc - ok
02:31:54.0959 8368 circlass (d7cd5c4e1b71fa62050515314cfb52cf) C:\Windows\system32\drivers\circlass.sys
02:31:54.0959 8368 circlass - ok
02:31:54.0989 8368 CLFS (fe1ec06f2253f691fe36217c592a0206) C:\Windows\system32\CLFS.sys
02:31:55.0009 8368 CLFS - ok
02:31:55.0059 8368 clr_optimization_v2.0.50727_32 (d88040f816fda31c3b466f0fa0918f29) C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
02:31:55.0059 8368 clr_optimization_v2.0.50727_32 - ok
02:31:55.0109 8368 clr_optimization_v2.0.50727_64 (d1ceea2b47cb998321c579651ce3e4f8) C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe
02:31:55.0109 8368 clr_optimization_v2.0.50727_64 - ok
02:31:55.0189 8368 clr_optimization_v4.0.30319_32 (c5a75eb48e2344abdc162bda79e16841) C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
02:31:55.0189 8368 clr_optimization_v4.0.30319_32 - ok
02:31:55.0219 8368 clr_optimization_v4.0.30319_64 (c6f9af94dcd58122a4d7e89db6bed29d) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
02:31:55.0219 8368 clr_optimization_v4.0.30319_64 - ok
02:31:55.0239 8368 CmBatt (0840155d0bddf1190f84a663c284bd33) C:\Windows\system32\DRIVERS\CmBatt.sys
02:31:55.0249 8368 CmBatt - ok
02:31:55.0269 8368 cmdide (e19d3f095812725d88f9001985b94edd) C:\Windows\system32\drivers\cmdide.sys
02:31:55.0269 8368 cmdide - ok
02:31:55.0329 8368 CNG (c4943b6c962e4b82197542447ad599f4) C:\Windows\system32\Drivers\cng.sys
02:31:55.0359 8368 CNG - ok
02:31:55.0389 8368 Compbatt (102de219c3f61415f964c88e9085ad14) C:\Windows\system32\DRIVERS\compbatt.sys
02:31:55.0389 8368 Compbatt - ok
02:31:55.0419 8368 CompositeBus (03edb043586cceba243d689bdda370a8) C:\Windows\system32\DRIVERS\CompositeBus.sys
02:31:55.0419 8368 CompositeBus - ok
02:31:55.0429 8368 COMSysApp - ok
02:31:55.0539 8368 cphs (474425a857cd259222f649922db45870) C:\Windows\SysWow64\IntelCpHeciSvc.exe
02:31:55.0539 8368 cphs - ok
02:31:55.0569 8368 crcdisk (1c827878a998c18847245fe1f34ee597) C:\Windows\system32\drivers\crcdisk.sys
02:31:55.0569 8368 crcdisk - ok
02:31:55.0719 8368 Credential Vault Host Control Service (57c5eb1ba321af92c68fcf601f771667) C:\Program Files\Broadcom Corporation\Broadcom USH Host Components\CV\bin\HostControlService.exe
02:31:55.0769 8368 Credential Vault Host Control Service - ok
02:31:55.0779 8368 Credential Vault Host Storage (37b0537072545231c8ca1e5d29632aa9) C:\Program Files\Broadcom Corporation\Broadcom USH Host Components\CV\bin\HostStorageService.exe
02:31:55.0779 8368 Credential Vault Host Storage - ok
02:31:55.0829 8368 CryptSvc (4f5414602e2544a4554d95517948b705) C:\Windows\system32\cryptsvc.dll
02:31:55.0829 8368 CryptSvc - ok
02:31:55.0899 8368 CSC (54da3dfd29ed9f1619b6f53f3ce55e49) C:\Windows\system32\drivers\csc.sys
02:31:55.0919 8368 CSC - ok
02:31:55.0959 8368 CscService (3ab183ab4d2c79dcf459cd2c1266b043) C:\Windows\System32\cscsvc.dll
02:31:55.0999 8368 CscService - ok
02:31:56.0039 8368 cvusbdrv (8d23b1f950cf285957feaf8833dbd2c7) C:\Windows\system32\Drivers\cvusbdrv.sys
02:31:56.0039 8368 cvusbdrv - ok
02:31:56.0089 8368 dcdbas (ce4577325cbc0be6692eb09c0d778b2d) C:\Windows\system32\DRIVERS\dcdbas64.sys
02:31:56.0089 8368 dcdbas - ok
02:31:56.0209 8368 dcevt64 (a3ddd00a41da96c1bec89ee2cb230e9e) C:\Program Files\Dell\SysMgt\dataeng\bin\dsm_sa_eventmgr64.exe
02:31:56.0219 8368 dcevt64 - ok
02:31:56.0289 8368 DcomLaunch (5c627d1b1138676c0a7ab2c2c190d123) C:\Windows\system32\rpcss.dll
02:31:56.0299 8368 DcomLaunch - ok
02:31:56.0359 8368 dcpsysmgrsvc (a90d2a2d55d0b4499934271927bc7c09) C:\Program Files\Dell\Dell System Manager\DCPSysMgrSvc.exe
02:31:56.0389 8368 dcpsysmgrsvc - ok
02:31:56.0429 8368 dcstor64 (28dbc13ad01deb069c8a19c5a7080cc1) C:\Program Files\Dell\SysMgt\dataeng\bin\dsm_sa_datamgr64.exe
02:31:56.0439 8368 dcstor64 - ok
02:31:56.0479 8368 defragsvc (3cec7631a84943677aa8fa8ee5b6b43d) C:\Windows\System32\defragsvc.dll
02:31:56.0499 8368 defragsvc - ok
02:31:56.0569 8368 DfsC (9bb2ef44eaa163b29c4a4587887a0fe4) C:\Windows\system32\Drivers\dfsc.sys
02:31:56.0569 8368 DfsC - ok
02:31:56.0599 8368 dgderdrv - ok
02:31:56.0659 8368 Dhcp (43d808f5d9e1a18e5eeb5ebc83969e4e) C:\Windows\system32\dhcpcore.dll
02:31:56.0669 8368 Dhcp - ok
02:31:56.0789 8368 DirMngr (1b2666c8c0d71d2b63fc0125abeff295) C:\Program Files (x86)\GNU\GnuPG\dirmngr.exe
02:31:56.0799 8368 DirMngr - ok
02:31:56.0819 8368 discache (13096b05847ec78f0977f2c0f79e9ab3) C:\Windows\system32\drivers\discache.sys
02:31:56.0819 8368 discache - ok
02:31:56.0869 8368 Disk (9819eee8b5ea3784ec4af3b137a5244c) C:\Windows\system32\drivers\disk.sys
02:31:56.0879 8368 Disk - ok
02:31:56.0899 8368 dmvsc (5db085a8a6600be6401f2b24eecb5415) C:\Windows\system32\drivers\dmvsc.sys
02:31:56.0909 8368 dmvsc - ok
02:31:56.0949 8368 Dnscache (16835866aaa693c7d7fceba8fff706e4) C:\Windows\System32\dnsrslvr.dll
02:31:56.0959 8368 Dnscache - ok
02:31:56.0999 8368 dot3svc (b1fb3ddca0fdf408750d5843591afbc6) C:\Windows\System32\dot3svc.dll
02:31:57.0019 8368 dot3svc - ok
02:31:57.0069 8368 Dot4 (b42ed0320c6e41102fde0005154849bb) C:\Windows\system32\DRIVERS\Dot4.sys
02:31:57.0069 8368 Dot4 - ok
02:31:57.0089 8368 Dot4Print (e9f5969233c5d89f3c35e3a66a52a361) C:\Windows\system32\DRIVERS\Dot4Prt.sys
02:31:57.0089 8368 Dot4Print - ok
02:31:57.0129 8368 dot4usb (fd05a02b0370bc3000f402e543ca5814) C:\Windows\system32\DRIVERS\dot4usb.sys
02:31:57.0129 8368 dot4usb - ok
02:31:57.0149 8368 DPS (b26f4f737e8f9df4f31af6cf31d05820) C:\Windows\system32\dps.dll
02:31:57.0159 8368 DPS - ok
02:31:57.0229 8368 driverhardwarev2x64 (b28c853770c995552b9f5760d8245f44) C:\Program Files\ma-config.com\Drivers\driverhardwarev2x64.sys
02:31:57.0229 8368 driverhardwarev2x64 - ok
02:31:57.0259 8368 drmkaud (9b19f34400d24df84c858a421c205754) C:\Windows\system32\drivers\drmkaud.sys
02:31:57.0259 8368 drmkaud - ok
02:31:57.0329 8368 DXGKrnl (f5bee30450e18e6b83a5012c100616fd) C:\Windows\System32\drivers\dxgkrnl.sys
02:31:57.0339 8368 DXGKrnl - ok
02:31:57.0409 8368 e1cexpress (e53d32044f4a03d64d6c91cf0a22a77e) C:\Windows\system32\DRIVERS\e1c62x64.sys
02:31:57.0419 8368 e1cexpress - ok
02:31:57.0459 8368 EapHost (e2dda8726da9cb5b2c4000c9018a9633) C:\Windows\System32\eapsvc.dll
02:31:57.0459 8368 EapHost - ok
02:31:57.0789 8368 ebdrv (dc5d737f51be844d8c82c695eb17372f) C:\Windows\system32\drivers\evbda.sys
02:31:57.0889 8368 ebdrv - ok
02:31:58.0019 8368 EFS (c118a82cd78818c29ab228366ebf81c3) C:\Windows\System32\lsass.exe
02:31:58.0029 8368 EFS - ok
02:31:58.0109 8368 ehRecvr (c4002b6b41975f057d98c439030cea07) C:\Windows\ehome\ehRecvr.exe
02:31:58.0139 8368 ehRecvr - ok
02:31:58.0169 8368 ehSched (4705e8ef9934482c5bb488ce28afc681) C:\Windows\ehome\ehsched.exe
02:31:58.0179 8368 ehSched - ok
02:31:58.0259 8368 elxstor (0e5da5369a0fcaea12456dd852545184) C:\Windows\system32\drivers\elxstor.sys
02:31:58.0279 8368 elxstor - ok
02:31:58.0289 8368 ErrDev (34a3c54752046e79a126e15c51db409b) C:\Windows\system32\drivers\errdev.sys
02:31:58.0289 8368 ErrDev - ok
02:31:58.0329 8368 EventSystem (4166f82be4d24938977dd1746be9b8a0) C:\Windows\system32\es.dll
02:31:58.0329 8368 EventSystem - ok
02:31:58.0529 8368 EvtEng (52ae29a233832e0c704fd7fc534af9fb) C:\Program Files\Intel\WiFi\bin\EvtEng.exe
02:31:58.0539 8368 EvtEng - ok
02:31:58.0579 8368 exfat (a510c654ec00c1e9bdd91eeb3a59823b) C:\Windows\system32\drivers\exfat.sys
02:31:58.0589 8368 exfat - ok
02:31:58.0629 8368 fanio (e80421eaf15298955eadb850293fd6b1) C:\Windows\system32\drivers\fanio.sys
02:31:58.0629 8368 fanio - ok
02:31:58.0649 8368 fastfat (0adc83218b66a6db380c330836f3e36d) C:\Windows\system32\drivers\fastfat.sys
02:31:58.0669 8368 fastfat - ok
02:31:58.0729 8368 Fax (dbefd454f8318a0ef691fdd2eaab44eb) C:\Windows\system32\fxssvc.exe
02:31:58.0769 8368 Fax - ok
02:31:58.0779 8368 fdc (d765d19cd8ef61f650c384f62fac00ab) C:\Windows\system32\drivers\fdc.sys
02:31:58.0779 8368 fdc - ok
02:31:58.0809 8368 fdPHost (0438cab2e03f4fb61455a7956026fe86) C:\Windows\system32\fdPHost.dll
02:31:58.0809 8368 fdPHost - ok
02:31:58.0830 8368 FDResPub (802496cb59a30349f9a6dd22d6947644) C:\Windows\system32\fdrespub.dll
02:31:58.0830 8368 FDResPub - ok
02:31:58.0860 8368 FileInfo (655661be46b5f5f3fd454e2c3095b930) C:\Windows\system32\drivers\fileinfo.sys
02:31:58.0860 8368 FileInfo - ok
02:31:58.0870 8368 Filetrace (5f671ab5bc87eea04ec38a6cd5962a47) C:\Windows\system32\drivers\filetrace.sys
02:31:58.0870 8368 Filetrace - ok
02:31:58.0880 8368 flpydisk (c172a0f53008eaeb8ea33fe10e177af5) C:\Windows\system32\drivers\flpydisk.sys
02:31:58.0880 8368 flpydisk - ok
02:31:58.0910 8368 FltMgr (da6b67270fd9db3697b20fce94950741) C:\Windows\system32\drivers\fltmgr.sys
02:31:58.0930 8368 FltMgr - ok
02:31:59.0010 8368 FontCache (5c4cb4086fb83115b153e47add961a0c) C:\Windows\system32\FntCache.dll
02:31:59.0050 8368 FontCache - ok
02:31:59.0120 8368 FontCache3.0.0.0 (a8b7f3818ab65695e3a0bb3279f6dce6) C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
02:31:59.0130 8368 FontCache3.0.0.0 - ok
02:31:59.0160 8368 FsDepends (d43703496149971890703b4b1b723eac) C:\Windows\system32\drivers\FsDepends.sys
02:31:59.0170 8368 FsDepends - ok
02:31:59.0220 8368 fssfltr (07da62c960ddccc2d35836aeab4fc578) C:\Windows\system32\DRIVERS\fssfltr.sys
02:31:59.0220 8368 fssfltr - ok
02:31:59.0380 8368 fsssvc (28ddeeec44e988657b732cf404d504cb) C:\Program Files (x86)\Windows Live\Family Safety\fsssvc.exe
02:31:59.0440 8368 fsssvc - ok
02:31:59.0570 8368 Fs_Rec (6bd9295cc032dd3077c671fccf579a7b) C:\Windows\system32\drivers\Fs_Rec.sys
02:31:59.0570 8368 Fs_Rec - ok
02:31:59.0610 8368 fvevol (1f7b25b858fa27015169fe95e54108ed) C:\Windows\system32\DRIVERS\fvevol.sys
02:31:59.0630 8368 fvevol - ok
02:31:59.0660 8368 gagp30kx (8c778d335c9d272cfd3298ab02abe3b6) C:\Windows\system32\drivers\gagp30kx.sys
02:31:59.0660 8368 gagp30kx - ok
02:31:59.0700 8368 GEARAspiWDM (e403aacf8c7bb11375122d2464560311) C:\Windows\system32\DRIVERS\GEARAspiWDM.sys
02:31:59.0700 8368 GEARAspiWDM - ok
02:31:59.0760 8368 gpsvc (277bbc7e1aa1ee957f573a10eca7ef3a) C:\Windows\System32\gpsvc.dll
02:31:59.0800 8368 gpsvc - ok
02:31:59.0820 8368 hcw85cir (f2523ef6460fc42405b12248338ab2f0) C:\Windows\system32\drivers\hcw85cir.sys
02:31:59.0820 8368 hcw85cir - ok
02:31:59.0870 8368 HdAudAddService (975761c778e33cd22498059b91e7373a) C:\Windows\system32\drivers\HdAudio.sys
02:31:59.0880 8368 HdAudAddService - ok
02:31:59.0910 8368 HDAudBus (97bfed39b6b79eb12cddbfeed51f56bb) C:\Windows\system32\DRIVERS\HDAudBus.sys
02:31:59.0910 8368 HDAudBus - ok
02:31:59.0910 8368 HidBatt (78e86380454a7b10a5eb255dc44a355f) C:\Windows\system32\drivers\HidBatt.sys
02:31:59.0920 8368 HidBatt - ok
02:31:59.0940 8368 HidBth (7fd2a313f7afe5c4dab14798c48dd104) C:\Windows\system32\DRIVERS\hidbth.sys
02:31:59.0940 8368 HidBth - ok
02:31:59.0970 8368 HidIr (0a77d29f311b88cfae3b13f9c1a73825) C:\Windows\system32\drivers\hidir.sys
02:31:59.0970 8368 HidIr - ok
02:31:59.0980 8368 hidserv (bd9eb3958f213f96b97b1d897dee006d) C:\Windows\System32\hidserv.dll
02:31:59.0990 8368 hidserv - ok
02:31:59.0990 8368 HidUsb (9592090a7e2b61cd582b612b6df70536) C:\Windows\system32\DRIVERS\hidusb.sys
02:31:59.0990 8368 HidUsb - ok
02:32:00.0020 8368 hkmsvc (387e72e739e15e3d37907a86d9ff98e2) C:\Windows\system32\kmsvc.dll
02:32:00.0030 8368 hkmsvc - ok
02:32:00.0050 8368 HomeGroupListener (efdfb3dd38a4376f93e7985173813abd) C:\Windows\system32\ListSvc.dll
02:32:00.0070 8368 HomeGroupListener - ok
02:32:00.0090 8368 HomeGroupProvider (908acb1f594274965a53926b10c81e89) C:\Windows\system32\provsvc.dll
02:32:00.0110 8368 HomeGroupProvider - ok
02:32:00.0270 8368 hpqcxs08 (97aac45a375168c6a2297beeb9692e31) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqcxs08.dll
02:32:00.0280 8368 hpqcxs08 - ok
02:32:00.0320 8368 hpqddsvc (19a4fb67b1c97ea18edff44340973cd9) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqddsvc.dll
02:32:00.0320 8368 hpqddsvc - ok
02:32:00.0350 8368 HpSAMD (39d2abcd392f3d8a6dce7b60ae7b8efc) C:\Windows\system32\drivers\HpSAMD.sys
02:32:00.0350 8368 HpSAMD - ok
02:32:00.0430 8368 HPSLPSVC (f37882f128efacefe353e0bae2766909) C:\Program Files (x86)\HP\Digital Imaging\bin\HPSLPSVC64.DLL
02:32:00.0460 8368 HPSLPSVC - ok
02:32:00.0540 8368 HTTP (0ea7de1acb728dd5a369fd742d6eee28) C:\Windows\system32\drivers\HTTP.sys
02:32:00.0570 8368 HTTP - ok
02:32:00.0630 8368 hwdatacard (d969d0e26c5b1e813b17066a8318d5d4) C:\Windows\system32\DRIVERS\ewusbmdm.sys
02:32:00.0630 8368 hwdatacard - ok
02:32:00.0660 8368 hwpolicy (a5462bd6884960c9dc85ed49d34ff392) C:\Windows\system32\drivers\hwpolicy.sys
02:32:00.0660 8368 hwpolicy - ok
02:32:00.0710 8368 hwusbdev (b45b3647ba32749b94fa689175ec8c26) C:\Windows\system32\DRIVERS\ewusbdev.sys
02:32:00.0710 8368 hwusbdev - ok
02:32:00.0750 8368 i8042prt (fa55c73d4affa7ee23ac4be53b4592d3) C:\Windows\system32\DRIVERS\i8042prt.sys
02:32:00.0750 8368 i8042prt - ok
02:32:00.0810 8368 iaStor (ccfa835960e35f30d28a868e0b3b8722) C:\Windows\system32\DRIVERS\iaStor.sys
02:32:00.0820 8368 iaStor - ok
02:32:00.0930 8368 IAStorDataMgrSvc (1f35efec56cd1bf62435eaf97eabc3b3) C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe
02:32:00.0930 8368 IAStorDataMgrSvc - ok
02:32:00.0990 8368 iaStorV (aaaf44db3bd0b9d1fb6969b23ecc8366) C:\Windows\system32\drivers\iaStorV.sys
02:32:01.0010 8368 iaStorV - ok
02:32:01.0060 8368 IDMWFP (71359fc89451bf54fa06f049d3a87adf) C:\Windows\system32\DRIVERS\idmwfp.sys
02:32:01.0070 8368 IDMWFP - ok
02:32:01.0160 8368 idsvc (5988fc40f8db5b0739cd1e3a5d0d78bd) C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe
02:32:01.0210 8368 idsvc - ok
02:32:02.0100 8368 igfx (72a89ffab63239771dee03c15ae7cafd) C:\Windows\system32\DRIVERS\igdkmd64.sys
02:32:02.0380 8368 igfx - ok
02:32:02.0510 8368 iirsp (5c18831c61933628f5bb0ea2675b9d21) C:\Windows\system32\drivers\iirsp.sys
02:32:02.0520 8368 iirsp - ok
02:32:02.0580 8368 IKEEXT (fcd84c381e0140af901e58d48882d26b) C:\Windows\System32\ikeext.dll
02:32:02.0640 8368 IKEEXT - ok
02:32:02.0740 8368 Intel® Capability Licensing Service Interface (832ce330dd987227b7dea8c03f22aefa) C:\Program Files\Intel\iCLS Client\HeciServer.exe
02:32:02.0760 8368 Intel® Capability Licensing Service Interface - ok
02:32:02.0870 8368 Intel® PROSet Monitoring Service (fe098ef3db8e8064cf6be4ca6dd1fdf0) C:\Windows\system32\IProsetMonitor.exe
02:32:02.0890 8368 Intel® PROSet Monitoring Service - ok
02:32:02.0930 8368 intelide (f00f20e70c6ec3aa366910083a0518aa) C:\Windows\system32\drivers\intelide.sys
02:32:02.0940 8368 intelide - ok
02:32:02.0970 8368 intelppm (ada036632c664caa754079041cf1f8c1) C:\Windows\system32\DRIVERS\intelppm.sys
02:32:02.0970 8368 intelppm - ok
02:32:03.0010 8368 IPBusEnum (098a91c54546a3b878dad6a7e90a455b) C:\Windows\system32\ipbusenum.dll
02:32:03.0010 8368 IPBusEnum - ok
02:32:03.0030 8368 IpFilterDriver (c9f0e1bd74365a8771590e9008d22ab6) C:\Windows\system32\DRIVERS\ipfltdrv.sys
02:32:03.0030 8368 IpFilterDriver - ok
02:32:03.0080 8368 iphlpsvc (a34a587fffd45fa649fba6d03784d257) C:\Windows\System32\iphlpsvc.dll
02:32:03.0100 8368 iphlpsvc - ok
02:32:03.0110 8368 IPMIDRV (0fc1aea580957aa8817b8f305d18ca3a) C:\Windows\system32\drivers\IPMIDrv.sys
02:32:03.0110 8368 IPMIDRV - ok
02:32:03.0130 8368 IPNAT (af9b39a7e7b6caa203b3862582e9f2d0) C:\Windows\system32\drivers\ipnat.sys
02:32:03.0140 8368 IPNAT - ok
02:32:03.0260 8368 iPod Service (a9ab99ee7d39725eafec82732d2b3271) C:\Program Files\iPod\bin\iPodService.exe
02:32:03.0300 8368 iPod Service - ok
02:32:03.0320 8368 IRENUM (3abf5e7213eb28966d55d58b515d5ce9) C:\Windows\system32\drivers\irenum.sys
02:32:03.0320 8368 IRENUM - ok
02:32:03.0340 8368 isapnp (2f7b28dc3e1183e5eb418df55c204f38) C:\Windows\system32\drivers\isapnp.sys
02:32:03.0340 8368 isapnp - ok
02:32:03.0370 8368 iScsiPrt (d931d7309deb2317035b07c9f9e6b0bd) C:\Windows\system32\drivers\msiscsi.sys
02:32:03.0390 8368 iScsiPrt - ok
02:32:03.0470 8368 jhi_service (6c85719a21b3f62c2c76280f4bd36c7b) C:\Program Files (x86)\Intel\Services\IPT\jhi_service.exe
02:32:03.0480 8368 jhi_service - ok
02:32:03.0500 8368 kbdclass (bc02336f1cba7dcc7d1213bb588a68a5) C:\Windows\system32\DRIVERS\kbdclass.sys
02:32:03.0500 8368 kbdclass - ok
02:32:03.0520 8368 kbdhid (0705eff5b42a9db58548eec3b26bb484) C:\Windows\system32\drivers\kbdhid.sys
02:32:03.0520 8368 kbdhid - ok
02:32:03.0560 8368 KeyIso (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
02:32:03.0560 8368 KeyIso - ok
02:32:03.0580 8368 KSecDD (da1e991a61cfdd755a589e206b97644b) C:\Windows\system32\Drivers\ksecdd.sys
02:32:03.0590 8368 KSecDD - ok
02:32:03.0610 8368 KSecPkg (7e33198d956943a4f11a5474c1e9106f) C:\Windows\system32\Drivers\ksecpkg.sys
02:32:03.0610 8368 KSecPkg - ok
02:32:03.0630 8368 ksthunk (6869281e78cb31a43e969f06b57347c4) C:\Windows\system32\drivers\ksthunk.sys
02:32:03.0630 8368 ksthunk - ok
02:32:03.0670 8368 KtmRm (6ab66e16aa859232f64deb66887a8c9c) C:\Windows\system32\msdtckrm.dll
02:32:03.0690 8368 KtmRm - ok
02:32:03.0740 8368 LanmanServer (d9f42719019740baa6d1c6d536cbdaa6) C:\Windows\System32\srvsvc.dll
02:32:03.0770 8368 LanmanServer - ok
02:32:03.0790 8368 LanmanWorkstation (851a1382eed3e3a7476db004f4ee3e1a) C:\Windows\System32\wkssvc.dll
02:32:03.0800 8368 LanmanWorkstation - ok
02:32:03.0980 8368 LEC TranslateDotNet Server (c5a28c73804571bf6966ca6b834175c1) C:\Program Files (x86)\Power Translator 15\LogoMedia TranslateDotNet Server.exe
02:32:04.0010 8368 LEC TranslateDotNet Server - ok
02:32:04.0100 8368 lltdio (1538831cf8ad2979a04c423779465827) C:\Windows\system32\DRIVERS\lltdio.sys
02:32:04.0100 8368 lltdio - ok
02:32:04.0150 8368 lltdsvc (c1185803384ab3feed115f79f109427f) C:\Windows\System32\lltdsvc.dll
02:32:04.0170 8368 lltdsvc - ok
02:32:04.0190 8368 lmhosts (f993a32249b66c9d622ea5592a8b76b8) C:\Windows\System32\lmhsvc.dll
02:32:04.0200 8368 lmhosts - ok
02:32:04.0280 8368 LMS (86e4cc39c953d11ef57cf54c4dc78238) C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
02:32:04.0290 8368 LMS - ok
02:32:04.0340 8368 LSI_FC (1a93e54eb0ece102495a51266dcdb6a6) C:\Windows\system32\drivers\lsi_fc.sys
02:32:04.0350 8368 LSI_FC - ok
02:32:04.0370 8368 LSI_SAS (1047184a9fdc8bdbff857175875ee810) C:\Windows\system32\drivers\lsi_sas.sys
02:32:04.0380 8368 LSI_SAS - ok
02:32:04.0400 8368 LSI_SAS2 (30f5c0de1ee8b5bc9306c1f0e4a75f93) C:\Windows\system32\drivers\lsi_sas2.sys
02:32:04.0410 8368 LSI_SAS2 - ok
02:32:04.0430 8368 LSI_SCSI (0504eacaff0d3c8aed161c4b0d369d4a) C:\Windows\system32\drivers\lsi_scsi.sys
02:32:04.0440 8368 LSI_SCSI - ok
02:32:04.0460 8368 luafv (43d0f98e1d56ccddb0d5254cff7b356e) C:\Windows\system32\drivers\luafv.sys
02:32:04.0460 8368 luafv - ok
02:32:04.0560 8368 maconfservice (7dfc86aba91d5fcbf414866db39e05ea) C:\Program Files\ma-config.com\x64\maconfservice.exe
02:32:04.0580 8368 maconfservice - ok
02:32:04.0610 8368 Mcx2Svc (0be09cd858abf9df6ed259d57a1a1663) C:\Windows\system32\Mcx2Svc.dll
02:32:04.0610 8368 Mcx2Svc - ok
02:32:04.0630 8368 megasas (a55805f747c6edb6a9080d7c633bd0f4) C:\Windows\system32\drivers\megasas.sys
02:32:04.0630 8368 megasas - ok
02:32:04.0660 8368 MegaSR (baf74ce0072480c3b6b7c13b2a94d6b3) C:\Windows\system32\drivers\MegaSR.sys
02:32:04.0670 8368 MegaSR - ok
02:32:04.0700 8368 MEIx64 (6b01b7414a105b9e51652089a03027cf) C:\Windows\system32\DRIVERS\HECIx64.sys
02:32:04.0700 8368 MEIx64 - ok
02:32:04.0760 8368 Microsoft SharePoint Workspace Audit Service - ok
02:32:04.0780 8368 MMCSS (e40e80d0304a73e8d269f7141d77250b) C:\Windows\system32\mmcss.dll
02:32:04.0790 8368 MMCSS - ok
02:32:04.0800 8368 Modem (800ba92f7010378b09f9ed9270f07137) C:\Windows\system32\drivers\modem.sys
02:32:04.0810 8368 Modem - ok
02:32:04.0820 8368 monitor (b03d591dc7da45ece20b3b467e6aadaa) C:\Windows\system32\DRIVERS\monitor.sys
02:32:04.0820 8368 monitor - ok
02:32:04.0850 8368 mouclass (7d27ea49f3c1f687d357e77a470aea99) C:\Windows\system32\DRIVERS\mouclass.sys
02:32:04.0850 8368 mouclass - ok
02:32:04.0870 8368 mouhid (d3bf052c40b0c4166d9fd86a4288c1e6) C:\Windows\system32\DRIVERS\mouhid.sys
02:32:04.0870 8368 mouhid - ok
02:32:04.0880 8368 mountmgr (32e7a3d591d671a6df2db515a5cbe0fa) C:\Windows\system32\drivers\mountmgr.sys
02:32:04.0890 8368 mountmgr - ok
02:32:04.0930 8368 MozillaMaintenance (15d5398eed42c2504bb3d4fc875c15d1) C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
02:32:04.0930 8368 MozillaMaintenance - ok
02:32:04.0950 8368 mpio (a44b420d30bd56e145d6a2bc8768ec58) C:\Windows\system32\drivers\mpio.sys
02:32:04.0960 8368 mpio - ok
02:32:04.0970 8368 mpsdrv (6c38c9e45ae0ea2fa5e551f2ed5e978f) C:\Windows\system32\drivers\mpsdrv.sys
02:32:04.0980 8368 mpsdrv - ok
02:32:05.0030 8368 MpsSvc (54ffc9c8898113ace189d4aa7199d2c1) C:\Windows\system32\mpssvc.dll
02:32:05.0070 8368 MpsSvc - ok
02:32:05.0090 8368 MRxDAV (dc722758b8261e1abafd31a3c0a66380) C:\Windows\system32\drivers\mrxdav.sys
02:32:05.0100 8368 MRxDAV - ok
02:32:05.0140 8368 mrxsmb (a5d9106a73dc88564c825d317cac68ac) C:\Windows\system32\DRIVERS\mrxsmb.sys
02:32:05.0140 8368 mrxsmb - ok
02:32:05.0160 8368 mrxsmb10 (d711b3c1d5f42c0c2415687be09fc163) C:\Windows\system32\DRIVERS\mrxsmb10.sys
02:32:05.0180 8368 mrxsmb10 - ok
02:32:05.0200 8368 mrxsmb20 (9423e9d355c8d303e76b8cfbd8a5c30c) C:\Windows\system32\DRIVERS\mrxsmb20.sys
02:32:05.0200 8368 mrxsmb20 - ok
02:32:05.0220 8368 msahci (c25f0bafa182cbca2dd3c851c2e75796) C:\Windows\system32\drivers\msahci.sys
02:32:05.0220 8368 msahci - ok
02:32:05.0240 8368 msdsm (db801a638d011b9633829eb6f663c900) C:\Windows\system32\drivers\msdsm.sys
02:32:05.0240 8368 msdsm - ok
02:32:05.0260 8368 MSDTC (de0ece52236cfa3ed2dbfc03f28253a8) C:\Windows\System32\msdtc.exe
02:32:05.0270 8368 MSDTC - ok
02:32:05.0290 8368 Msfs (aa3fb40e17ce1388fa1bedab50ea8f96) C:\Windows\system32\drivers\Msfs.sys
02:32:05.0290 8368 Msfs - ok
02:32:05.0320 8368 mshidkmdf (f9d215a46a8b9753f61767fa72a20326) C:\Windows\System32\drivers\mshidkmdf.sys
02:32:05.0320 8368 mshidkmdf - ok
02:32:05.0330 8368 msisadrv (d916874bbd4f8b07bfb7fa9b3ccae29d) C:\Windows\system32\drivers\msisadrv.sys
02:32:05.0330 8368 msisadrv - ok
02:32:05.0360 8368 MSiSCSI (808e98ff49b155c522e6400953177b08) C:\Windows\system32\iscsiexe.dll
02:32:05.0380 8368 MSiSCSI - ok
02:32:05.0380 8368 msiserver - ok
02:32:05.0410 8368 MSKSSRV (49ccf2c4fea34ffad8b1b59d49439366) C:\Windows\system32\drivers\MSKSSRV.sys
02:32:05.0420 8368 MSKSSRV - ok
02:32:05.0430 8368 MSPCLOCK (bdd71ace35a232104ddd349ee70e1ab3) C:\Windows\system32\drivers\MSPCLOCK.sys
02:32:05.0430 8368 MSPCLOCK - ok
02:32:05.0440 8368 MSPQM (4ed981241db27c3383d72092b618a1d0) C:\Windows\system32\drivers\MSPQM.sys
02:32:05.0440 8368 MSPQM - ok
02:32:05.0470 8368 MsRPC (759a9eeb0fa9ed79da1fb7d4ef78866d) C:\Windows\system32\drivers\MsRPC.sys
02:32:05.0490 8368 MsRPC - ok
02:32:05.0510 8368 mssmbios (0eed230e37515a0eaee3c2e1bc97b288) C:\Windows\system32\DRIVERS\mssmbios.sys
02:32:05.0510 8368 mssmbios - ok
02:32:05.0520 8368 MSTEE (2e66f9ecb30b4221a318c92ac2250779) C:\Windows\system32\drivers\MSTEE.sys
02:32:05.0520 8368 MSTEE - ok
02:32:05.0530 8368 MTConfig (7ea404308934e675bffde8edf0757bcd) C:\Windows\system32\drivers\MTConfig.sys
02:32:05.0530 8368 MTConfig - ok
02:32:05.0550 8368 Mup (f9a18612fd3526fe473c1bda678d61c8) C:\Windows\system32\Drivers\mup.sys
02:32:05.0550 8368 Mup - ok
02:32:05.0730 8368 MyWiFiDHCPDNS (4d02a9a4aae43280d8631f232aad79bc) C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe
02:32:05.0750 8368 MyWiFiDHCPDNS - ok
02:32:05.0800 8368 napagent (582ac6d9873e31dfa28a4547270862dd) C:\Windows\system32\qagentRT.dll
02:32:05.0830 8368 napagent - ok
02:32:05.0870 8368 NativeWifiP (1ea3749c4114db3e3161156ffffa6b33) C:\Windows\system32\DRIVERS\nwifi.sys
02:32:05.0880 8368 NativeWifiP - ok
02:32:05.0940 8368 NDIS (79b47fd40d9a817e932f9d26fac0a81c) C:\Windows\system32\drivers\ndis.sys
02:32:05.0950 8368 NDIS - ok
02:32:05.0990 8368 NdisCap (9f9a1f53aad7da4d6fef5bb73ab811ac) C:\Windows\system32\DRIVERS\ndiscap.sys
02:32:05.0990 8368 NdisCap - ok
02:32:06.0020 8368 NdisTapi (30639c932d9fef22b31268fe25a1b6e5) C:\Windows\system32\DRIVERS\ndistapi.sys
02:32:06.0030 8368 NdisTapi - ok
02:32:06.0050 8368 Ndisuio (136185f9fb2cc61e573e676aa5402356) C:\Windows\system32\DRIVERS\ndisuio.sys
02:32:06.0060 8368 Ndisuio - ok
02:32:06.0080 8368 NdisWan (53f7305169863f0a2bddc49e116c2e11) C:\Windows\system32\DRIVERS\ndiswan.sys
02:32:06.0090 8368 NdisWan - ok
02:32:06.0110 8368 NDProxy (015c0d8e0e0421b4cfd48cffe2825879) C:\Windows\system32\drivers\NDProxy.sys
02:32:06.0120 8368 NDProxy - ok
02:32:06.0170 8368 Net Driver HPZ12 (2334dc48997ba203b794df3ee70521db) C:\Windows\system32\HPZinw12.dll
02:32:06.0170 8368 Net Driver HPZ12 - ok
02:32:06.0190 8368 NetBIOS (86743d9f5d2b1048062b14b1d84501c4) C:\Windows\system32\DRIVERS\netbios.sys
02:32:06.0190 8368 NetBIOS - ok
02:32:06.0210 8368 NetBT (09594d1089c523423b32a4229263f068) C:\Windows\system32\DRIVERS\netbt.sys
02:32:06.0230 8368 NetBT - ok
02:32:06.0260 8368 Netlogon (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
02:32:06.0270 8368 Netlogon - ok
02:32:06.0320 8368 Netman (847d3ae376c0817161a14a82c8922a9e) C:\Windows\System32\netman.dll
02:32:06.0320 8368 Netman - ok
02:32:06.0420 8368 NetMsmqActivator (d22cd77d4f0d63d1169bb35911bff12d) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
02:32:06.0430 8368 NetMsmqActivator - ok
02:32:06.0440 8368 NetPipeActivator (d22cd77d4f0d63d1169bb35911bff12d) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
02:32:06.0440 8368 NetPipeActivator - ok
02:32:06.0540 8368 netprofm (5f28111c648f1e24f7dbc87cdeb091b8) C:\Windows\System32\netprofm.dll
02:32:06.0550 8368 netprofm - ok
02:32:06.0560 8368 NetTcpActivator (d22cd77d4f0d63d1169bb35911bff12d) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
02:32:06.0560 8368 NetTcpActivator - ok
02:32:06.0570 8368 NetTcpPortSharing (d22cd77d4f0d63d1169bb35911bff12d) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
02:32:06.0570 8368 NetTcpPortSharing - ok
02:32:07.0120 8368 NETwNs64 (262225f08b891fd7f16b3b93a3177c1f) C:\Windows\system32\DRIVERS\Netwsw00.sys
02:32:07.0330 8368 NETwNs64 - ok
02:32:07.0430 8368 nfrd960 (77889813be4d166cdab78ddba990da92) C:\Windows\system32\drivers\nfrd960.sys
02:32:07.0440 8368 nfrd960 - ok
02:32:07.0490 8368 NlaSvc (1ee99a89cc788ada662441d1e9830529) C:\Windows\System32\nlasvc.dll
02:32:07.0510 8368 NlaSvc - ok
02:32:07.0530 8368 Npfs (1e4c4ab5c9b8dd13179bbdc75a2a01f7) C:\Windows\system32\drivers\Npfs.sys
02:32:07.0550 8368 Npfs - ok
02:32:07.0560 8368 nsi (d54bfdf3e0c953f823b3d0bfe4732528) C:\Windows\system32\nsisvc.dll
02:32:07.0570 8368 nsi - ok
02:32:07.0580 8368 nsiproxy (e7f5ae18af4168178a642a9247c63001) C:\Windows\system32\drivers\nsiproxy.sys
02:32:07.0580 8368 nsiproxy - ok
02:32:07.0680 8368 Ntfs (a2f74975097f52a00745f9637451fdd8) C:\Windows\system32\drivers\Ntfs.sys
02:32:07.0700 8368 Ntfs - ok
02:32:07.0770 8368 Null (9899284589f75fa8724ff3d16aed75c1) C:\Windows\system32\drivers\Null.sys
02:32:07.0770 8368 Null - ok
02:32:07.0800 8368 nusb3hub (786db821bfd57c0551dbbe4f75384a7d) C:\Windows\system32\drivers\nusb3hub.sys
02:32:07.0810 8368 nusb3hub - ok
02:32:07.0830 8368 nusb3xhc (daa8005caf745042bb427a1ed7433354) C:\Windows\system32\drivers\nusb3xhc.sys
02:32:07.0840 8368 nusb3xhc - ok
02:32:07.0880 8368 NVHDA (8d4aac74b571fc356560e5b308955e93) C:\Windows\system32\drivers\nvhda64v.sys
02:32:07.0890 8368 NVHDA - ok
02:32:07.0930 8368 nvkflt (fac096dae4a924f5c24864bb1d0c43b6) C:\Windows\system32\DRIVERS\nvkflt.sys
02:32:07.0940 8368 nvkflt - ok
02:32:08.0540 8368 nvlddmkm (8917336c07fa25d37d460fe49195a7ea) C:\Windows\system32\DRIVERS\nvlddmkm.sys
02:32:08.0600 8368 nvlddmkm - ok
02:32:08.0740 8368 nvpciflt (8f867ab663be6ba194c45ed4a4310bad) C:\Windows\system32\DRIVERS\nvpciflt.sys
02:32:08.0740 8368 nvpciflt - ok
02:32:08.0780 8368 nvraid (0a92cb65770442ed0dc44834632f66ad) C:\Windows\system32\drivers\nvraid.sys
02:32:08.0790 8368 nvraid - ok
02:32:08.0841 8368 nvstor (dab0e87525c10052bf65f06152f37e4a) C:\Windows\system32\drivers\nvstor.sys
02:32:08.0861 8368 nvstor - ok
02:32:08.0941 8368 nvsvc (37d1f21763ff1b40ae8715aa793b1a33) C:\Windows\system32\nvvsvc.exe
02:32:08.0971 8368 nvsvc - ok
02:32:09.0121 8368 nvUpdatusService (16775fc73ac10da31cf61382b1927fa4) C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
02:32:09.0141 8368 nvUpdatusService - ok
02:32:09.0231 8368 nv_agp (270d7cd42d6e3979f6dd0146650f0e05) C:\Windows\system32\drivers\nv_agp.sys
02:32:09.0231 8368 nv_agp - ok
02:32:09.0271 8368 O2FLASH (4e37455db16aec75862b1d0bc35b589e) C:\Windows\system32\DRIVERS\o2flash.exe
02:32:09.0271 8368 O2FLASH - ok
02:32:09.0291 8368 O2MDRRDR (8ed738aba394bbf6d7802698be453112) C:\Windows\system32\DRIVERS\O2MDRw7x64.sys
02:32:09.0291 8368 O2MDRRDR - ok
02:32:09.0381 8368 O2SDIOAssist (4635935fc972c582632bf45c26bfcb0e) C:\Windows\SysWOW64\srvany.exe
02:32:09.0381 8368 O2SDIOAssist - ok
02:32:09.0421 8368 O2SDJRDR (a9c1e6b7c134fad124338b7944fa996d) C:\Windows\system32\DRIVERS\o2sdjw7x64.sys
02:32:09.0421 8368 O2SDJRDR - ok
02:32:09.0441 8368 ohci1394 (3589478e4b22ce21b41fa1bfc0b8b8a0) C:\Windows\system32\drivers\ohci1394.sys
02:32:09.0451 8368 ohci1394 - ok
02:32:09.0511 8368 ose (9d10f99a6712e28f8acd5641e3a7ea6b) C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE
02:32:09.0521 8368 ose - ok
02:32:09.0771 8368 osppsvc (61bffb5f57ad12f83ab64b7181829b34) C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
02:32:09.0811 8368 osppsvc - ok
02:32:09.0881 8368 p2pimsvc (3eac4455472cc2c97107b5291e0dcafe) C:\Windows\system32\pnrpsvc.dll
02:32:09.0901 8368 p2pimsvc - ok
02:32:09.0921 8368 p2psvc (927463ecb02179f88e4b9a17568c63c3) C:\Windows\system32\p2psvc.dll
02:32:09.0941 8368 p2psvc - ok
02:32:09.0981 8368 Parport (0086431c29c35be1dbc43f52cc273887) C:\Windows\system32\DRIVERS\parport.sys
02:32:09.0981 8368 Parport - ok
02:32:10.0021 8368 partmgr (e9766131eeade40a27dc27d2d68fba9c) C:\Windows\system32\drivers\partmgr.sys
02:32:10.0021 8368 partmgr - ok
02:32:10.0051 8368 PcaSvc (3aeaa8b561e63452c655dc0584922257) C:\Windows\System32\pcasvc.dll
02:32:10.0051 8368 PcaSvc - ok
02:32:10.0081 8368 pci (94575c0571d1462a0f70bde6bd6ee6b3) C:\Windows\system32\drivers\pci.sys
02:32:10.0091 8368 pci - ok
02:32:10.0111 8368 pciide (b5b8b5ef2e5cb34df8dcf8831e3534fa) C:\Windows\system32\drivers\pciide.sys
02:32:10.0121 8368 pciide - ok
02:32:10.0141 8368 pcmcia (b2e81d4e87ce48589f98cb8c05b01f2f) C:\Windows\system32\drivers\pcmcia.sys
02:32:10.0151 8368 pcmcia - ok
02:32:10.0171 8368 pcw (d6b9c2e1a11a3a4b26a182ffef18f603) C:\Windows\system32\drivers\pcw.sys
02:32:10.0181 8368 pcw - ok
02:32:10.0221 8368 PEAUTH (68769c3356b3be5d1c732c97b9a80d6e) C:\Windows\system32\drivers\peauth.sys
02:32:10.0241 8368 PEAUTH - ok
02:32:10.0321 8368 PeerDistSvc (b9b0a4299dd2d76a4243f75fd54dc680) C:\Windows\system32\peerdistsvc.dll
02:32:10.0371 8368 PeerDistSvc - ok
02:32:10.0431 8368 PerfHost (e495e408c93141e8fc72dc0c6046ddfa) C:\Windows\SysWow64\perfhost.exe
02:32:10.0431 8368 PerfHost - ok
02:32:10.0571 8368 pla (c7cf6a6e137463219e1259e3f0f0dd6c) C:\Windows\system32\pla.dll
02:32:10.0631 8368 pla - ok
02:32:10.0711 8368 PlugPlay (25fbdef06c4d92815b353f6e792c8129) C:\Windows\system32\umpnpmgr.dll
02:32:10.0751 8368 PlugPlay - ok
02:32:10.0801 8368 Pml Driver HPZ12 (ac78df349f0e4cfb8b667c0cfff83cce) C:\Windows\system32\HPZipm12.dll
02:32:10.0811 8368 Pml Driver HPZ12 - ok
02:32:10.0821 8368 PNRPAutoReg (7195581cec9bb7d12abe54036acc2e38) C:\Windows\system32\pnrpauto.dll
02:32:10.0831 8368 PNRPAutoReg - ok
02:32:10.0861 8368 PNRPsvc (3eac4455472cc2c97107b5291e0dcafe) C:\Windows\system32\pnrpsvc.dll
02:32:10.0861 8368 PNRPsvc - ok
02:32:10.0911 8368 PolicyAgent (4f15d75adf6156bf56eced6d4a55c389) C:\Windows\System32\ipsecsvc.dll
02:32:10.0941 8368 PolicyAgent - ok
02:32:10.0981 8368 Power (6ba9d927dded70bd1a9caded45f8b184) C:\Windows\system32\umpo.dll
02:32:10.0991 8368 Power - ok
02:32:11.0051 8368 PptpMiniport (f92a2c41117a11a00be01ca01a7fcde9) C:\Windows\system32\DRIVERS\raspptp.sys
02:32:11.0061 8368 PptpMiniport - ok
02:32:11.0091 8368 Processor (0d922e23c041efb1c3fac2a6f943c9bf) C:\Windows\system32\drivers\processr.sys
02:32:11.0091 8368 Processor - ok
02:32:11.0141 8368 ProfSvc (53e83f1f6cf9d62f32801cf66d8352a8) C:\Windows\system32\profsvc.dll
02:32:11.0151 8368 ProfSvc - ok
02:32:11.0191 8368 ProtectedStorage (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
02:32:11.0191 8368 ProtectedStorage - ok
02:32:11.0221 8368 Psched (0557cf5a2556bd58e26384169d72438d) C:\Windows\system32\DRIVERS\pacer.sys
02:32:11.0231 8368 Psched - ok
02:32:11.0261 8368 PxHlpa64 (4712cc14e720ecccc0aa16949d18aaf1) C:\Windows\system32\Drivers\PxHlpa64.sys
02:32:11.0261 8368 PxHlpa64 - ok
02:32:11.0361 8368 ql2300 (a53a15a11ebfd21077463ee2c7afeef0) C:\Windows\system32\drivers\ql2300.sys
02:32:11.0421 8368 ql2300 - ok
02:32:11.0521 8368 ql40xx (4f6d12b51de1aaeff7dc58c4d75423c8) C:\Windows\system32\drivers\ql40xx.sys
02:32:11.0521 8368 ql40xx - ok
02:32:11.0551 8368 QWAVE (906191634e99aea92c4816150bda3732) C:\Windows\system32\qwave.dll
02:32:11.0571 8368 QWAVE - ok
02:32:11.0591 8368 QWAVEdrv (76707bb36430888d9ce9d705398adb6c) C:\Windows\system32\drivers\qwavedrv.sys
02:32:11.0591 8368 QWAVEdrv - ok
02:32:11.0611 8368 RasAcd (5a0da8ad5762fa2d91678a8a01311704) C:\Windows\system32\DRIVERS\rasacd.sys
02:32:11.0611 8368 RasAcd - ok
02:32:11.0631 8368 RasAgileVpn (7ecff9b22276b73f43a99a15a6094e90) C:\Windows\system32\DRIVERS\AgileVpn.sys
02:32:11.0641 8368 RasAgileVpn - ok
02:32:11.0661 8368 RasAuto (8f26510c5383b8dbe976de1cd00fc8c7) C:\Windows\System32\rasauto.dll
02:32:11.0671 8368 RasAuto - ok
02:32:11.0681 8368 Rasl2tp (471815800ae33e6f1c32fb1b97c490ca) C:\Windows\system32\DRIVERS\rasl2tp.sys
02:32:11.0691 8368 Rasl2tp - ok
02:32:11.0721 8368 RasMan (ee867a0870fc9e4972ba9eaad35651e2) C:\Windows\System32\rasmans.dll
02:32:11.0741 8368 RasMan - ok
02:32:11.0761 8368 RasPppoe (855c9b1cd4756c5e9a2aa58a15f58c25) C:\Windows\system32\DRIVERS\raspppoe.sys
02:32:11.0761 8368 RasPppoe - ok
02:32:11.0781 8368 RasSstp (e8b1e447b008d07ff47d016c2b0eeecb) C:\Windows\system32\DRIVERS\rassstp.sys
02:32:11.0781 8368 RasSstp - ok
02:32:11.0811 8368 rdbss (77f665941019a1594d887a74f301fa2f) C:\Windows\system32\DRIVERS\rdbss.sys
02:32:11.0831 8368 rdbss - ok
02:32:11.0851 8368 rdpbus (302da2a0539f2cf54d7c6cc30c1f2d8d) C:\Windows\system32\DRIVERS\rdpbus.sys
02:32:11.0851 8368 rdpbus - ok
02:32:11.0861 8368 RDPCDD (cea6cc257fc9b7715f1c2b4849286d24) C:\Windows\system32\DRIVERS\RDPCDD.sys
02:32:11.0861 8368 RDPCDD - ok
02:32:11.0901 8368 RDPDR (1b6163c503398b23ff8b939c67747683) C:\Windows\system32\drivers\rdpdr.sys
02:32:11.0911 8368 RDPDR - ok
02:32:11.0951 8368 RDPENCDD (bb5971a4f00659529a5c44831af22365) C:\Windows\system32\drivers\rdpencdd.sys
02:32:11.0951 8368 RDPENCDD - ok
02:32:11.0971 8368 RDPREFMP (216f3fa57533d98e1f74ded70113177a) C:\Windows\system32\drivers\rdprefmp.sys
02:32:11.0971 8368 RDPREFMP - ok
02:32:12.0011 8368 RDPWD (e61608aa35e98999af9aaeeea6114b0a) C:\Windows\system32\drivers\RDPWD.sys
02:32:12.0021 8368 RDPWD - ok
02:32:12.0061 8368 rdyboost (34ed295fa0121c241bfef24764fc4520) C:\Windows\system32\drivers\rdyboost.sys
02:32:12.0071 8368 rdyboost - ok
02:32:12.0161 8368 RegSrvc (c480d028012881e0136962a49379688d) C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
02:32:12.0171 8368 RegSrvc - ok
02:32:12.0201 8368 RemoteAccess (254fb7a22d74e5511c73a3f6d802f192) C:\Windows\System32\mprdim.dll
02:32:12.0211 8368 RemoteAccess - ok
02:32:12.0261 8368 RemoteRegistry (e4d94f24081440b5fc5aa556c7c62702) C:\Windows\system32\regsvc.dll
02:32:12.0261 8368 RemoteRegistry - ok
02:32:12.0311 8368 RFCOMM (3dd798846e2c28102b922c56e71b7932) C:\Windows\system32\DRIVERS\rfcomm.sys
02:32:12.0321 8368 RFCOMM - ok
02:32:12.0341 8368 RpcEptMapper (e4dc58cf7b3ea515ae917ff0d402a7bb) C:\Windows\System32\RpcEpMap.dll
02:32:12.0341 8368 RpcEptMapper - ok
02:32:12.0361 8368 RpcLocator (d5ba242d4cf8e384db90e6a8ed850b8c) C:\Windows\system32\locator.exe
02:32:12.0371 8368 RpcLocator - ok
02:32:12.0411 8368 RpcSs (5c627d1b1138676c0a7ab2c2c190d123) C:\Windows\system32\rpcss.dll
02:32:12.0411 8368 RpcSs - ok
02:32:12.0441 8368 rspndr (ddc86e4f8e7456261e637e3552e804ff) C:\Windows\system32\DRIVERS\rspndr.sys
02:32:12.0441 8368 rspndr - ok
02:32:12.0461 8368 s3cap (e60c0a09f997826c7627b244195ab581) C:\Windows\system32\drivers\vms3cap.sys
02:32:12.0461 8368 s3cap - ok
02:32:12.0541 8368 SafeBox (4d5b987b73f7c5826d1c97c04e6f7029) C:\Program Files\Bitdefender\Bitdefender SafeBox\safeboxservice.exe
02:32:12.0541 8368 SafeBox - ok
02:32:12.0571 8368 SamSs (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
02:32:12.0581 8368 SamSs - ok
02:32:12.0621 8368 SASDIFSV (3289766038db2cb14d07dc84392138d5) C:\Program Files\SUPERAntiSpyware\SASDIFSV64.SYS
02:32:12.0631 8368 SASDIFSV - ok
02:32:12.0631 8368 SASKUTIL (58a38e75f3316a83c23df6173d41f2b5) C:\Program Files\SUPERAntiSpyware\SASKUTIL64.SYS
02:32:12.0631 8368 SASKUTIL - ok
02:32:12.0661 8368 sbp2port (ac03af3329579fffb455aa2daabbe22b) C:\Windows\system32\drivers\sbp2port.sys
02:32:12.0661 8368 sbp2port - ok
02:32:12.0691 8368 SCardSvr (9b7395789e3791a3b6d000fe6f8b131e) C:\Windows\System32\SCardSvr.dll
02:32:12.0711 8368 SCardSvr - ok
02:32:12.0751 8368 SCDEmu (c81eb41e9ffc35560e5025891dc01a6e) C:\Windows\system32\drivers\SCDEmu.sys
02:32:12.0751 8368 SCDEmu - ok
02:32:12.0771 8368 scfilter (253f38d0d7074c02ff8deb9836c97d2b) C:\Windows\system32\DRIVERS\scfilter.sys
02:32:12.0771 8368 scfilter - ok
02:32:12.0841 8368 Schedule (262f6592c3299c005fd6bec90fc4463a) C:\Windows\system32\schedsvc.dll
02:32:12.0861 8368 Schedule - ok
02:32:12.0881 8368 SCPolicySvc (f17d1d393bbc69c5322fbfafaca28c7f) C:\Windows\System32\certprop.dll
02:32:12.0891 8368 SCPolicySvc - ok
02:32:12.0931 8368 sdbus (111e0ebc0ad79cb0fa014b907b231cf0) C:\Windows\system32\DRIVERS\sdbus.sys
02:32:12.0931 8368 sdbus - ok
02:32:12.0961 8368 SDRSVC (6ea4234dc55346e0709560fe7c2c1972) C:\Windows\System32\SDRSVC.dll
02:32:12.0971 8368 SDRSVC - ok
02:32:13.0011 8368 secdrv (3ea8a16169c26afbeb544e0e48421186) C:\Windows\system32\drivers\secdrv.sys
02:32:13.0011 8368 secdrv - ok
02:32:13.0021 8368 seclogon (bc617a4e1b4fa8df523a061739a0bd87) C:\Windows\system32\seclogon.dll
02:32:13.0031 8368 seclogon - ok
02:32:13.0051 8368 SENS (c32ab8fa018ef34c0f113bd501436d21) C:\Windows\system32\sens.dll
02:32:13.0061 8368 SENS - ok
02:32:13.0071 8368 SensrSvc (0336cffafaab87a11541f1cf1594b2b2) C:\Windows\system32\sensrsvc.dll
02:32:13.0081 8368 SensrSvc - ok
02:32:13.0101 8368 Serenum (cb624c0035412af0debec78c41f5ca1b) C:\Windows\system32\DRIVERS\serenum.sys
02:32:13.0111 8368 Serenum - ok
02:32:13.0131 8368 Serial (c1d8e28b2c2adfaec4ba89e9fda69bd6) C:\Windows\system32\DRIVERS\serial.sys
02:32:13.0131 8368 Serial - ok
02:32:13.0161 8368 sermouse (1c545a7d0691cc4a027396535691c3e3) C:\Windows\system32\drivers\sermouse.sys
02:32:13.0161 8368 sermouse - ok
02:32:13.0191 8368 SessionEnv (0b6231bf38174a1628c4ac812cc75804) C:\Windows\system32\sessenv.dll
02:32:13.0191 8368 SessionEnv - ok
02:32:13.0201 8368 sffdisk (a554811bcd09279536440c964ae35bbf) C:\Windows\system32\drivers\sffdisk.sys
02:32:13.0201 8368 sffdisk - ok
02:32:13.0201 8368 sffp_mmc (ff414f0baefeba59bc6c04b3db0b87bf) C:\Windows\system32\drivers\sffp_mmc.sys
02:32:13.0201 8368 sffp_mmc - ok
02:32:13.0211 8368 sffp_sd (dd85b78243a19b59f0637dcf284da63c) C:\Windows\system32\drivers\sffp_sd.sys
02:32:13.0211 8368 sffp_sd - ok
02:32:13.0221 8368 sfloppy (a9d601643a1647211a1ee2ec4e433ff4) C:\Windows\system32\drivers\sfloppy.sys
02:32:13.0231 8368 sfloppy - ok
02:32:13.0271 8368 SharedAccess (b95f6501a2f8b2e78c697fec401970ce) C:\Windows\System32\ipnathlp.dll
02:32:13.0291 8368 SharedAccess - ok
02:32:13.0321 8368 ShellHWDetection (aaf932b4011d14052955d4b212a4da8d) C:\Windows\System32\shsvcs.dll
02:32:13.0321 8368 ShellHWDetection - ok
02:32:13.0351 8368 SiSRaid2 (843caf1e5fde1ffd5ff768f23a51e2e1) C:\Windows\system32\drivers\SiSRaid2.sys
02:32:13.0351 8368 SiSRaid2 - ok
02:32:13.0361 8368 SiSRaid4 (6a6c106d42e9ffff8b9fcb4f754f6da4) C:\Windows\system32\drivers\sisraid4.sys
02:32:13.0371 8368 SiSRaid4 - ok
02:32:13.0451 8368 SkypeUpdate (c70aebd3608ed9fcea2a1bae83567ffc) C:\Program Files (x86)\Skype\Updater\Updater.exe
02:32:13.0461 8368 SkypeUpdate - ok
02:32:13.0481 8368 Smb (548260a7b8654e024dc30bf8a7c5baa4) C:\Windows\system32\DRIVERS\smb.sys
02:32:13.0481 8368 Smb - ok
02:32:13.0541 8368 SNMPTRAP (6313f223e817cc09aa41811daa7f541d) C:\Windows\System32\snmptrap.exe
02:32:13.0541 8368 SNMPTRAP - ok
02:32:13.0601 8368 speedfan (12583af6cbe0050651eaf2723b3ad7b3) C:\Windows\syswow64\speedfan.sys
02:32:13.0601 8368 speedfan - ok
02:32:13.0631 8368 spldr (b9e31e5cacdfe584f34f730a677803f9) C:\Windows\system32\drivers\spldr.sys
02:32:13.0631 8368 spldr - ok
02:32:13.0661 8368 Spooler (b96c17b5dc1424d56eea3a99e97428cd) C:\Windows\System32\spoolsv.exe
02:32:13.0671 8368 Spooler - ok
02:32:13.0852 8368 sppsvc (e17e0188bb90fae42d83e98707efa59c) C:\Windows\system32\sppsvc.exe
02:32:13.0952 8368 sppsvc - ok
02:32:14.0072 8368 sppuinotify (93d7d61317f3d4bc4f4e9f8a96a7de45) C:\Windows\system32\sppuinotify.dll
02:32:14.0072 8368 sppuinotify - ok
02:32:14.0192 8368 srv (441fba48bff01fdb9d5969ebc1838f0b) C:\Windows\system32\DRIVERS\srv.sys
02:32:14.0212 8368 srv - ok
02:32:14.0242 8368 srv2 (b4adebbf5e3677cce9651e0f01f7cc28) C:\Windows\system32\DRIVERS\srv2.sys
02:32:14.0262 8368 srv2 - ok
02:32:14.0282 8368 srvnet (27e461f0be5bff5fc737328f749538c3) C:\Windows\system32\DRIVERS\srvnet.sys
02:32:14.0292 8368 srvnet - ok
02:32:14.0342 8368 ssadbus (8f8324ed1de63ffc7b1a02cd2d963c72) C:\Windows\system32\DRIVERS\ssadbus.sys
02:32:14.0342 8368 ssadbus - ok
02:32:14.0372 8368 ssadmdfl (58221efcb74167b73667f0024c661ce0) C:\Windows\system32\DRIVERS\ssadmdfl.sys
02:32:14.0382 8368 ssadmdfl - ok
02:32:14.0402 8368 ssadmdm (4da7c71bfac5ad71255b7e4cab980163) C:\Windows\system32\DRIVERS\ssadmdm.sys
02:32:14.0412 8368 ssadmdm - ok
02:32:14.0442 8368 ssadserd (d33d1bd3ec0e766211a234f56a12726d) C:\Windows\system32\DRIVERS\ssadserd.sys
02:32:14.0452 8368 ssadserd - ok
02:32:14.0492 8368 SSDPSRV (51b52fbd583cde8aa9ba62b8b4298f33) C:\Windows\System32\ssdpsrv.dll
02:32:14.0502 8368 SSDPSRV - ok
02:32:14.0522 8368 SstpSvc (ab7aebf58dad8daab7a6c45e6a8885cb) C:\Windows\system32\sstpsvc.dll
02:32:14.0522 8368 SstpSvc - ok
02:32:14.0602 8368 STacSV (b2d8b364a831427a5741f6c408fa8ae3) C:\Program Files\IDT\WDM\STacSV64.exe
02:32:14.0622 8368 STacSV - ok
02:32:14.0642 8368 stdcfltn (e4ea2412fb1b8aee33667a9cc6d456a4) C:\Windows\system32\DRIVERS\stdcfltn.sys
02:32:14.0642 8368 stdcfltn - ok
02:32:14.0762 8368 Stereo Service (faf7bf30b496e839a87c024e309b2a3f) C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
02:32:14.0772 8368 Stereo Service - ok
02:32:14.0802 8368 stexstor (f3817967ed533d08327dc73bc4d5542a) C:\Windows\system32\drivers\stexstor.sys
02:32:14.0812 8368 stexstor - ok
02:32:14.0842 8368 STHDA (ef5acde92ba3f691bbfef781cb063501) C:\Windows\system32\DRIVERS\stwrt64.sys
02:32:14.0862 8368 STHDA - ok
02:32:14.0882 8368 StillCam (decacb6921ded1a38642642685d77dac) C:\Windows\system32\DRIVERS\serscan.sys
02:32:14.0882 8368 StillCam - ok
02:32:14.0942 8368 stisvc (8dd52e8e6128f4b2da92ce27402871c1) C:\Windows\System32\wiaservc.dll
02:32:14.0992 8368 stisvc - ok
02:32:15.0022 8368 storflt (7785dc213270d2fc066538daf94087e7) C:\Windows\system32\drivers\vmstorfl.sys
02:32:15.0022 8368 storflt - ok
02:32:15.0052 8368 StorSvc (c40841817ef57d491f22eb103da587cc) C:\Windows\system32\storsvc.dll
02:32:15.0062 8368 StorSvc - ok
02:32:15.0092 8368 storvsc (d34e4943d5ac096c8edeebfd80d76e23) C:\Windows\system32\drivers\storvsc.sys
02:32:15.0092 8368 storvsc - ok
02:32:15.0112 8368 swenum (d01ec09b6711a5f8e7e6564a4d0fbc90) C:\Windows\system32\DRIVERS\swenum.sys
02:32:15.0112 8368 swenum - ok
02:32:15.0222 8368 SwitchBoard (f577910a133a592234ebaad3f3afa258) C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
02:32:15.0232 8368 SwitchBoard - ok
02:32:15.0272 8368 SWNC8U12 (1be0e8623979108996bafebeaf14977a) C:\Windows\system32\DRIVERS\swnc8u12.sys
02:32:15.0282 8368 SWNC8U12 - ok
02:32:15.0332 8368 swprv (e08e46fdd841b7184194011ca1955a0b) C:\Windows\System32\swprv.dll
02:32:15.0362 8368 swprv - ok
02:32:15.0402 8368 swumx12 (8c0dc74bac305b896dca129b8a6251d9) C:\Windows\system32\DRIVERS\swumx12.sys
02:32:15.0412 8368 swumx12 - ok
02:32:15.0512 8368 SysMain (bf9ccc0bf39b418c8d0ae8b05cf95b7d) C:\Windows\system32\sysmain.dll
02:32:15.0572 8368 SysMain - ok
02:32:15.0672 8368 TabletInputService (e3c61fd7b7c2557e1f1b0b4cec713585) C:\Windows\System32\TabSvc.dll
02:32:15.0682 8368 TabletInputService - ok
02:32:15.0742 8368 TapiSrv (40f0849f65d13ee87b9a9ae3c1dd6823) C:\Windows\System32\tapisrv.dll
02:32:15.0752 8368 TapiSrv - ok
02:32:15.0772 8368 TBS (1be03ac720f4d302ea01d40f588162f6) C:\Windows\System32\tbssvc.dll
02:32:15.0772 8368 TBS - ok
02:32:15.0912 8368 Tcpip (acb82bda8f46c84f465c1afa517dc4b9) C:\Windows\system32\drivers\tcpip.sys
02:32:15.0922 8368 Tcpip - ok
02:32:16.0102 8368 TCPIP6 (acb82bda8f46c84f465c1afa517dc4b9) C:\Windows\system32\DRIVERS\tcpip.sys
02:32:16.0112 8368 TCPIP6 - ok
02:32:16.0212 8368 tcpipreg (df687e3d8836bfb04fcc0615bf15a519) C:\Windows\system32\drivers\tcpipreg.sys
02:32:16.0212 8368 tcpipreg - ok
02:32:16.0232 8368 TDPIPE (3371d21011695b16333a3934340c4e7c) C:\Windows\system32\drivers\tdpipe.sys
02:32:16.0232 8368 TDPIPE - ok
02:32:16.0262 8368 TDTCP (51c5eceb1cdee2468a1748be550cfbc8) C:\Windows\system32\drivers\tdtcp.sys
02:32:16.0262 8368 TDTCP - ok
02:32:16.0282 8368 tdx (ddad5a7ab24d8b65f8d724f5c20fd806) C:\Windows\system32\DRIVERS\tdx.sys
02:32:16.0282 8368 tdx - ok
02:32:16.0302 8368 TermDD (561e7e1f06895d78de991e01dd0fb6e5) C:\Windows\system32\DRIVERS\termdd.sys
02:32:16.0302 8368 TermDD - ok
02:32:16.0362 8368 TermService (2e648163254233755035b46dd7b89123) C:\Windows\System32\termsrv.dll
02:32:16.0372 8368 TermService - ok
02:32:16.0402 8368 Themes (f0344071948d1a1fa732231785a0664c) C:\Windows\system32\themeservice.dll
02:32:16.0402 8368 Themes - ok
02:32:16.0432 8368 THREADORDER (e40e80d0304a73e8d269f7141d77250b) C:\Windows\system32\mmcss.dll
02:32:16.0432 8368 THREADORDER - ok
02:32:16.0452 8368 TrkWks (7e7afd841694f6ac397e99d75cead49d) C:\Windows\System32\trkwks.dll
02:32:16.0462 8368 TrkWks - ok
02:32:16.0512 8368 trufos (df219721ddffcbe03aa894b6b6742ba1) C:\Windows\system32\DRIVERS\trufos.sys
02:32:16.0522 8368 trufos - ok
02:32:16.0572 8368 TrustedInstaller (773212b2aaa24c1e31f10246b15b276c) C:\Windows\servicing\TrustedInstaller.exe
02:32:16.0582 8368 TrustedInstaller - ok
02:32:16.0622 8368 tssecsrv (ce18b2cdfc837c99e5fae9ca6cba5d30) C:\Windows\system32\DRIVERS\tssecsrv.sys
02:32:16.0622 8368 tssecsrv - ok
02:32:16.0642 8368 TsUsbFlt (d11c783e3ef9a3c52c0ebe83cc5000e9) C:\Windows\system32\drivers\tsusbflt.sys
02:32:16.0642 8368 TsUsbFlt - ok
02:32:16.0652 8368 TsUsbGD (9cc2ccae8a84820eaecb886d477cbcb8) C:\Windows\system32\drivers\TsUsbGD.sys
02:32:16.0652 8368 TsUsbGD - ok
02:32:16.0682 8368 tunnel (3566a8daafa27af944f5d705eaa64894) C:\Windows\system32\DRIVERS\tunnel.sys
02:32:16.0692 8368 tunnel - ok
02:32:16.0702 8368 uagp35 (b4dd609bd7e282bfc683cec7eaaaad67) C:\Windows\system32\drivers\uagp35.sys
02:32:16.0702 8368 uagp35 - ok
02:32:16.0732 8368 udfs (ff4232a1a64012baa1fd97c7b67df593) C:\Windows\system32\DRIVERS\udfs.sys
02:32:16.0742 8368 udfs - ok
02:32:16.0772 8368 UI0Detect (3cbdec8d06b9968aba702eba076364a1) C:\Windows\system32\UI0Detect.exe
02:32:16.0772 8368 UI0Detect - ok
02:32:16.0802 8368 uliagpkx (4bfe1bc28391222894cbf1e7d0e42320) C:\Windows\system32\drivers\uliagpkx.sys
02:32:16.0802 8368 uliagpkx - ok
02:32:16.0832 8368 umbus (dc54a574663a895c8763af0fa1ff7561) C:\Windows\system32\DRIVERS\umbus.sys
02:32:16.0832 8368 umbus - ok
02:32:16.0852 8368 UmPass (b2e8e8cb557b156da5493bbddcc1474d) C:\Windows\system32\drivers\umpass.sys
02:32:16.0852 8368 UmPass - ok
02:32:16.0882 8368 UmRdpService (a293dcd756d04d8492a750d03b9a297c) C:\Windows\System32\umrdp.dll
02:32:16.0902 8368 UmRdpService - ok
02:32:16.0992 8368 UNS (d80b1075b69b57a3ab78f750ce463ece) C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
02:32:17.0002 8368 UNS - ok
02:32:17.0102 8368 Update Server (7de3f30967cf77bd1fc440c2b847629a) C:\Program Files\Common Files\Bitdefender\Bitdefender Arrakis Server\bin\arrakis3.exe
02:32:17.0122 8368 Update Server - ok
02:32:17.0182 8368 UPDATESRV (6fa5ffc3765c9c444d82faf1d46c1cae) C:\Program Files\Bitdefender\Bitdefender 2012\updatesrv.exe
02:32:17.0182 8368 UPDATESRV - ok
02:32:17.0232 8368 upnphost (d47ec6a8e81633dd18d2436b19baf6de) C:\Windows\System32\upnphost.dll
02:32:17.0252 8368 upnphost - ok
02:32:17.0312 8368 USBAAPL64 (fb251567f41bc61988b26731dec19e4b) C:\Windows\system32\Drivers\usbaapl64.sys
02:32:17.0312 8368 USBAAPL64 - ok
02:32:17.0372 8368 usbaudio (82e8f44688e6fac57b5b7c6fc7adbc2a) C:\Windows\system32\drivers\usbaudio.sys
02:32:17.0372 8368 usbaudio - ok
02:32:17.0412 8368 usbccgp (6f1a3157a1c89435352ceb543cdb359c) C:\Windows\system32\DRIVERS\usbccgp.sys
02:32:17.0422 8368 usbccgp - ok
02:32:17.0452 8368 usbcir (af0892a803fdda7492f595368e3b68e7) C:\Windows\system32\drivers\usbcir.sys
02:32:17.0462 8368 usbcir - ok
02:32:17.0482 8368 usbehci (c025055fe7b87701eb042095df1a2d7b) C:\Windows\system32\drivers\usbehci.sys
02:32:17.0492 8368 usbehci - ok
02:32:17.0532 8368 usbhub (287c6c9410b111b68b52ca298f7b8c24) C:\Windows\system32\DRIVERS\usbhub.sys
02:32:17.0542 8368 usbhub - ok
02:32:17.0582 8368 UsblgwmAtc (cb8206fb42f3e2bcae71fdeedc031c8a) C:\Windows\system32\DRIVERS\lgwusb64ser02.sys
02:32:17.0582 8368 UsblgwmAtc - ok
02:32:17.0612 8368 UsblgwmDiag (dc00e9b92142582c09e8637a6da4a023) C:\Windows\system32\DRIVERS\lgwusb64ser01.sys
02:32:17.0622 8368 UsblgwmDiag - ok
02:32:17.0632 8368 USBlgwmModem (e42d4a6e33032da253c4fe1a53ed8365) C:\Windows\system32\DRIVERS\lgwusb64modem.sys
02:32:17.0632 8368 USBlgwmModem - ok
02:32:17.0662 8368 usblgwubus (4011b3e404cbf36acf8f48aa36df5493) C:\Windows\system32\DRIVERS\lgwusb64bus.sys
02:32:17.0662 8368 usblgwubus - ok
02:32:17.0692 8368 usbohci (9840fc418b4cbd632d3d0a667a725c31) C:\Windows\system32\drivers\usbohci.sys
02:32:17.0692 8368 usbohci - ok
02:32:17.0702 8368 usbprint (73188f58fb384e75c4063d29413cee3d) C:\Windows\system32\DRIVERS\usbprint.sys
02:32:17.0712 8368 usbprint - ok
02:32:17.0752 8368 usbscan (aaa2513c8aed8b54b189fd0c6b1634c0) C:\Windows\system32\DRIVERS\usbscan.sys
02:32:17.0752 8368 usbscan - ok
02:32:17.0782 8368 USBSTOR (fed648b01349a3c8395a5169db5fb7d6) C:\Windows\system32\DRIVERS\USBSTOR.SYS
02:32:17.0782 8368 USBSTOR - ok
02:32:17.0812 8368 usbuhci (62069a34518bcf9c1fd9e74b3f6db7cd) C:\Windows\system32\drivers\usbuhci.sys
02:32:17.0812 8368 usbuhci - ok
02:32:17.0862 8368 usbvideo (454800c2bc7f3927ce030141ee4f4c50) C:\Windows\system32\Drivers\usbvideo.sys
02:32:17.0882 8368 usbvideo - ok
02:32:17.0912 8368 UxSms (edbb23cbcf2cdf727d64ff9b51a6070e) C:\Windows\System32\uxsms.dll
02:32:17.0912 8368 UxSms - ok
02:32:17.0942 8368 VaultSvc (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
02:32:17.0952 8368 VaultSvc - ok
02:32:17.0962 8368 vdrvroot (c5c876ccfc083ff3b128f933823e87bd) C:\Windows\system32\drivers\vdrvroot.sys
02:32:17.0962 8368 vdrvroot - ok
02:32:18.0002 8368 vds (8d6b481601d01a456e75c3210f1830be) C:\Windows\System32\vds.exe
02:32:18.0022 8368 vds - ok
02:32:18.0052 8368 vga (da4da3f5e02943c2dc8c6ed875de68dd) C:\Windows\system32\DRIVERS\vgapnp.sys
02:32:18.0052 8368 vga - ok
02:32:18.0072 8368 VgaSave (53e92a310193cb3c03bea963de7d9cfc) C:\Windows\System32\drivers\vga.sys
02:32:18.0072 8368 VgaSave - ok
02:32:18.0102 8368 vhdmp (2ce2df28c83aeaf30084e1b1eb253cbb) C:\Windows\system32\drivers\vhdmp.sys
02:32:18.0122 8368 vhdmp - ok
02:32:18.0142 8368 viaide (e5689d93ffe4e5d66c0178761240dd54) C:\Windows\system32\drivers\viaide.sys
02:32:18.0152 8368 viaide - ok
02:32:18.0182 8368 vmbus (86ea3e79ae350fea5331a1303054005f) C:\Windows\system32\drivers\vmbus.sys
02:32:18.0192 8368 vmbus - ok
02:32:18.0212 8368 VMBusHID (7de90b48f210d29649380545db45a187) C:\Windows\system32\drivers\VMBusHID.sys
02:32:18.0212 8368 VMBusHID - ok
02:32:18.0242 8368 volmgr (d2aafd421940f640b407aefaaebd91b0) C:\Windows\system32\drivers\volmgr.sys
02:32:18.0252 8368 volmgr - ok
02:32:18.0272 8368 volmgrx (a255814907c89be58b79ef2f189b843b) C:\Windows\system32\drivers\volmgrx.sys
02:32:18.0282 8368 volmgrx - ok
02:32:18.0312 8368 volsnap (0d08d2f3b3ff84e433346669b5e0f639) C:\Windows\system32\drivers\volsnap.sys
02:32:18.0332 8368 volsnap - ok
02:32:18.0352 8368 vsmraid (5e2016ea6ebaca03c04feac5f330d997) C:\Windows\system32\drivers\vsmraid.sys
02:32:18.0362 8368 vsmraid - ok
02:32:18.0452 8368 VSS (b60ba0bc31b0cb414593e169f6f21cc2) C:\Windows\system32\vssvc.exe
02:32:18.0492 8368 VSS - ok
02:32:18.0552 8368 vsserv - ok
02:32:18.0622 8368 vwifibus (36d4720b72b5c5d9cb2b9c29e9df67a1) C:\Windows\system32\DRIVERS\vwifibus.sys
02:32:18.0632 8368 vwifibus - ok
02:32:18.0642 8368 vwififlt (6a3d66263414ff0d6fa754c646612f3f) C:\Windows\system32\DRIVERS\vwififlt.sys
02:32:18.0642 8368 vwififlt - ok
02:32:18.0652 8368 vwifimp (6a638fc4bfddc4d9b186c28c91bd1a01) C:\Windows\system32\DRIVERS\vwifimp.sys
02:32:18.0652 8368 vwifimp - ok
02:32:18.0722 8368 W32Time (1c9d80cc3849b3788048078c26486e1a) C:\Windows\system32\w32time.dll
02:32:18.0732 8368 W32Time - ok
02:32:18.0762 8368 WacomPen (4e9440f4f152a7b944cb1663d3935a3e) C:\Windows\system32\drivers\wacompen.sys
02:32:18.0772 8368 WacomPen - ok
02:32:18.0862 8368 wampapache (5cf6e9a685199445fee02fe8c191c9ba) c:\wamp\bin\apache\apache2.2.21\bin\httpd.exe
02:32:18.0862 8368 wampapache - ok
02:32:18.0902 8368 wampmysqld - ok
02:32:18.0952 8368 WANARP (356afd78a6ed4457169241ac3965230c) C:\Windows\system32\DRIVERS\wanarp.sys
02:32:18.0952 8368 WANARP - ok
02:32:18.0962 8368 Wanarpv6 (356afd78a6ed4457169241ac3965230c) C:\Windows\system32\DRIVERS\wanarp.sys
02:32:18.0972 8368 Wanarpv6 - ok
02:32:19.0072 8368 WatAdminSvc (3cec96de223e49eaae3651fcf8faea6c) C:\Windows\system32\Wat\WatAdminSvc.exe
02:32:19.0122 8368 WatAdminSvc - ok
02:32:19.0212 8368 wbengine (78f4e7f5c56cb9716238eb57da4b6a75) C:\Windows\system32\wbengine.exe
02:32:19.0272 8368 wbengine - ok
02:32:19.0402 8368 wbfcvusbdrv (a12ee9c999bc2330d4ccefd48169454b) C:\Windows\system32\Drivers\wbfcvusbdrv.sys
02:32:19.0402 8368 wbfcvusbdrv - ok
02:32:19.0432 8368 WbioSrvc (3aa101e8edab2db4131333f4325c76a3) C:\Windows\System32\wbiosrvc.dll
02:32:19.0442 8368 WbioSrvc - ok
02:32:19.0492 8368 wcncsvc (7368a2afd46e5a4481d1de9d14848edd) C:\Windows\System32\wcncsvc.dll
02:32:19.0512 8368 wcncsvc - ok
02:32:19.0522 8368 WcsPlugInService (20f7441334b18cee52027661df4a6129) C:\Windows\System32\WcsPlugInService.dll
02:32:19.0532 8368 WcsPlugInService - ok
02:32:19.0542 8368 Wd (72889e16ff12ba0f235467d6091b17dc) C:\Windows\system32\drivers\wd.sys
02:32:19.0552 8368 Wd - ok
02:32:19.0592 8368 Wdf01000 (441bd2d7b4f98134c3a4f9fa570fd250) C:\Windows\system32\drivers\Wdf01000.sys
02:32:19.0612 8368 Wdf01000 - ok
02:32:19.0632 8368 WdiServiceHost (bf1fc3f79b863c914687a737c2f3d681) C:\Windows\system32\wdi.dll
02:32:19.0632 8368 WdiServiceHost - ok
02:32:19.0642 8368 WdiSystemHost (bf1fc3f79b863c914687a737c2f3d681) C:\Windows\system32\wdi.dll
02:32:19.0642 8368 WdiSystemHost - ok
02:32:19.0662 8368 WebClient (3db6d04e1c64272f8b14eb8bc4616280) C:\Windows\System32\webclnt.dll
02:32:19.0682 8368 WebClient - ok
02:32:19.0712 8368 Wecsvc (c749025a679c5103e575e3b48e092c43) C:\Windows\system32\wecsvc.dll
02:32:19.0722 8368 Wecsvc - ok
02:32:19.0742 8368 wercplsupport (7e591867422dc788b9e5bd337a669a08) C:\Windows\System32\wercplsupport.dll
02:32:19.0742 8368 wercplsupport - ok
02:32:19.0762 8368 WerSvc (6d137963730144698cbd10f202e9f251) C:\Windows\System32\WerSvc.dll
02:32:19.0772 8368 WerSvc - ok
02:32:19.0822 8368 WfpLwf (611b23304bf067451a9fdee01fbdd725) C:\Windows\system32\DRIVERS\wfplwf.sys
02:32:19.0822 8368 WfpLwf - ok
02:32:19.0842 8368 WIMMount (05ecaec3e4529a7153b3136ceb49f0ec) C:\Windows\system32\drivers\wimmount.sys
02:32:19.0852 8368 WIMMount - ok
02:32:19.0872 8368 WinDefend - ok
02:32:19.0882 8368 WinHttpAutoProxySvc - ok
02:32:19.0942 8368 Winmgmt (19b07e7e8915d701225da41cb3877306) C:\Windows\system32\wbem\WMIsvc.dll
02:32:19.0952 8368 Winmgmt - ok
02:32:20.0062 8368 WinRM (bcb1310604aa415c4508708975b3931e) C:\Windows\system32\WsmSvc.dll
02:32:20.0112 8368 WinRM - ok
02:32:20.0222 8368 WinUsb (fe88b288356e7b47b74b13372add906d) C:\Windows\system32\DRIVERS\WinUSB.sys
02:32:20.0222 8368 WinUsb - ok
02:32:20.0272 8368 Wlansvc (4fada86e62f18a1b2f42ba18ae24e6aa) C:\Windows\System32\wlansvc.dll
02:32:20.0322 8368 Wlansvc - ok
02:32:20.0392 8368 wlcrasvc (06c8fa1cf39de6a735b54d906ba791c6) C:\Program Files\Windows Live\Mesh\wlcrasvc.exe
02:32:20.0402 8368 wlcrasvc - ok
02:32:20.0552 8368 wlidsvc (2bacd71123f42cea603f4e205e1ae337) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
02:32:20.0572 8368 wlidsvc - ok
02:32:20.0682 8368 WmiAcpi (f6ff8944478594d0e414d3f048f0d778) C:\Windows\system32\DRIVERS\wmiacpi.sys
02:32:20.0682 8368 WmiAcpi - ok
02:32:20.0752 8368 wmiApSrv (38b84c94c5a8af291adfea478ae54f93) C:\Windows\system32\wbem\WmiApSrv.exe
02:32:20.0762 8368 wmiApSrv - ok
02:32:20.0772 8368 WMPNetworkSvc - ok
02:32:20.0812 8368 WPCSvc (96c6e7100d724c69fcf9e7bf590d1dca) C:\Windows\System32\wpcsvc.dll
02:32:20.0812 8368 WPCSvc - ok
02:32:20.0832 8368 WPDBusEnum (93221146d4ebbf314c29b23cd6cc391d) C:\Windows\system32\wpdbusenum.dll
02:32:20.0832 8368 WPDBusEnum - ok
02:32:20.0852 8368 ws2ifsl (6bcc1d7d2fd2453957c5479a32364e52) C:\Windows\system32\drivers\ws2ifsl.sys
02:32:20.0852 8368 ws2ifsl - ok
02:32:20.0883 8368 wscsvc (e8b1fe6669397d1772d8196df0e57a9e) C:\Windows\system32\wscsvc.dll
02:32:20.0883 8368 wscsvc - ok
02:32:20.0883 8368 WSearch - ok
02:32:21.0023 8368 wuauserv (d9ef901dca379cfe914e9fa13b73b4c4) C:\Windows\system32\wuaueng.dll
02:32:21.0073 8368 wuauserv - ok
02:32:21.0153 8368 WudfPf (d3381dc54c34d79b22cee0d65ba91b7c) C:\Windows\system32\drivers\WudfPf.sys
02:32:21.0153 8368 WudfPf - ok
02:32:21.0173 8368 WUDFRd (cf8d590be3373029d57af80914190682) C:\Windows\system32\DRIVERS\WUDFRd.sys
02:32:21.0193 8368 WUDFRd - ok
02:32:21.0213 8368 wudfsvc (7a95c95b6c4cf292d689106bcae49543) C:\Windows\System32\WUDFSvc.dll
02:32:21.0213 8368 wudfsvc - ok
02:32:21.0233 8368 WwanSvc (9a3452b3c2a46c073166c5cf49fad1ae) C:\Windows\System32\wwansvc.dll
02:32:21.0253 8368 WwanSvc - ok
02:32:21.0523 8368 ZeroConfigService (118c018df1c53b94f8c06d2cabbbda52) C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe
02:32:21.0543 8368 ZeroConfigService - ok
02:32:21.0573 8368 MBR (0x1B8) (a36c5e4f47e84449ff07ed3517b43a31) \Device\Harddisk0\DR0
02:32:21.0803 8368 \Device\Harddisk0\DR0 - ok
02:32:21.0813 8368 Boot (0x1200) (38efe9a9fc0d3b9daa0fd6ad0a0273b2) \Device\Harddisk0\DR0\Partition0
02:32:21.0813 8368 \Device\Harddisk0\DR0\Partition0 - ok
02:32:21.0813 8368 Boot (0x1200) (189ece01fc4c085a613452eca370a164) \Device\Harddisk0\DR0\Partition1
02:32:21.0823 8368 \Device\Harddisk0\DR0\Partition1 - ok
02:32:21.0843 8368 Boot (0x1200) (3eb3061f203fa0df1ef85279f5cda335) \Device\Harddisk0\DR0\Partition2
02:32:21.0843 8368 \Device\Harddisk0\DR0\Partition2 - ok
02:32:21.0863 8368 Boot (0x1200) (b09be8e6445b204690c64d591b25b216) \Device\Harddisk0\DR0\Partition3
02:32:21.0863 8368 \Device\Harddisk0\DR0\Partition3 - ok
02:32:21.0863 8368 ============================================================
02:32:21.0863 8368 Scan finished
02:32:21.0863 8368 ============================================================
02:32:21.0883 7044 Detected object count: 0
02:32:21.0883 7044 Actual detected object count: 0
02:33:00.0568 3136 Deinitialize success



#8 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:01:48 PM

Posted 27 June 2012 - 09:22 PM

Greetings

At this time I would like you to run this script for me and it is a good time to check out the computer to see if there is anything else that needs to be addressed.

:Run CFScript:

Open Notepad and copy/paste the text in the box into the window:

ClearJavaCache::

FireFox::
FF - ProfilePath - c:\users\Hicham\AppData\Roaming\Mozilla\Firefox\Profiles\z7lbjrf2.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2098232&SearchSource=3&q={searchTerms}

Save it to your desktop as CFScript.txt

Refering to the picture above, drag CFScript.txt into ComboFix.exe
Posted Image
This will let ComboFix run again.
Restart if you have to.
Save the produced logfile to your desktop.

Note: Do not mouseclick combofix's window whilst it's running. That may cause it to stall

Note 2: If you recieve an error "Illegal operation attempted on a registery key that has been marked for deletion." Please restart the computer

"information and logs"

  • In your next post I need the following

  • report from Combofix
  • let me know of any problems you may have had
  • How is the computer doing now after running the script?

Gringo

I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#9 0_shark_0

0_shark_0
  • Topic Starter

  • Members
  • 70 posts
  • OFFLINE
  •  
  • Local time:05:48 PM

Posted 27 June 2012 - 09:45 PM

Hello,

It's done

Below the report

ComboFix 12-06-27.01 - Hicham 28/06/2012 3:27.2.8 - x64
Microsoft Windows 7 Professionnel 6.1.7601.1.1252.33.1036.18.8074.5536 [GMT 0:00]
Lancé depuis: c:\users\Hicham\Desktop\ComboFix.exe
Commutateurs utilisés :: c:\users\Hicham\Desktop\CFScript.txt
AV: Bitdefender Antivirus *Disabled/Updated* {50909708-FF80-02AF-F814-B28405891E92}
FW: Bitdefender Pare-feu *Disabled* {68AB162D-B5EF-03F7-D34B-1BB1FB5A59E9}
SP: Bitdefender Antispyware *Disabled/Updated* {EBF176EC-D9BA-0D21-C2A4-89F67E0E542F}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\users\Hicham\AppData\Local\Temp\26b4a1dd-e07b-48af-be4e-9642b273284b\CliSecureRT.dll
c:\windows\system32\drivers\etc\hosts.ics
.
.
((((((((((((((((((((((((((((( Fichiers créés du 2012-05-28 au 2012-06-28 ))))))))))))))))))))))))))))))))))))
.
.
2012-06-28 03:32 . 2012-06-28 03:32 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-06-28 00:15 . 2012-06-28 00:15 -------- d-----w- c:\users\UpdatusUser
2012-06-28 00:06 . 2012-06-28 01:00 -------- d-----w- c:\windows\SysWow64\NV
2012-06-28 00:06 . 2012-06-28 01:00 -------- d-----w- c:\windows\system32\NV
2012-06-28 00:06 . 2012-06-28 03:35 -------- d-----w- c:\programdata\NVIDIA
2012-06-28 00:01 . 2012-03-21 23:39 121344 ----a-w- c:\windows\system32\IntelOpenCL64.dll
2012-06-28 00:01 . 2012-03-21 23:33 86528 ----a-w- c:\windows\SysWow64\IntelOpenCL32.dll
2012-06-27 23:53 . 2012-06-27 23:53 -------- d-----w- c:\program files (x86)\Cisco
2012-06-27 23:46 . 2012-06-27 23:46 -------- d-----w- c:\users\Hicham\Nouveau dossier
2012-06-27 23:36 . 2012-06-12 02:30 2653573 ----a-w- c:\windows\system32\nvcoproc.bin
2012-06-27 23:36 . 2012-06-12 02:29 3264360 ----a-w- c:\windows\system32\nvsvc64.dll
2012-06-27 23:36 . 2012-06-12 02:29 6189928 ----a-w- c:\windows\system32\nvcpl.dll
2012-06-27 23:36 . 2012-06-12 02:28 891240 ----a-w- c:\windows\system32\nvvsvc.exe
2012-06-27 23:36 . 2012-06-12 02:28 864104 ----a-w- c:\windows\system32\nv3dappshext.dll
2012-06-27 23:36 . 2012-06-12 02:28 63336 ----a-w- c:\windows\system32\nvshext.dll
2012-06-27 23:36 . 2012-06-12 02:28 55144 ----a-w- c:\windows\system32\nv3dappshextr.dll
2012-06-27 23:36 . 2012-06-12 02:28 2557800 ----a-w- c:\windows\system32\nvsvcr.dll
2012-06-27 23:36 . 2012-06-12 02:28 118120 ----a-w- c:\windows\system32\nvmctray.dll
2012-06-27 23:35 . 2012-03-21 23:39 20992 ----a-w- c:\windows\system32\OpenCL.dll
2012-06-27 23:35 . 2012-03-21 23:32 17920 ----a-w- c:\windows\SysWow64\OpenCL.dll
2012-06-27 23:33 . 2012-06-27 23:33 -------- d-----w- c:\program files (x86)\Common Files\Intel Corporation
2012-06-27 23:23 . 2012-05-30 13:42 569152 ----a-w- c:\windows\system32\drivers\iaStor.sys
2012-06-27 23:22 . 2012-03-16 03:57 514736 ----a-w- c:\windows\system32\drivers\e1c62x64.sys
2012-06-27 23:22 . 2012-02-17 09:52 72360 ----a-w- c:\windows\system32\e1cmsg.dll
2012-06-27 23:22 . 2012-02-03 10:07 99520 ----a-w- c:\windows\system32\NicInstC.dll
2012-06-26 22:15 . 2012-06-26 22:15 -------- d-----w- c:\program files\CCleaner
2012-06-23 00:41 . 2012-06-23 00:48 -------- d-----w- c:\users\Hicham\AppData\Roaming\MyPhoneExplorer
2012-06-23 00:39 . 2012-06-23 00:41 -------- d-----w- c:\program files (x86)\MyPhoneExplorer
2012-06-23 00:30 . 2012-06-23 00:30 -------- d-----w- c:\users\Hicham\AppData\Local\Android-Sync
2012-06-23 00:30 . 2012-06-23 00:30 -------- d-----w- c:\program files (x86)\Android-Sync
2012-06-22 23:33 . 2011-06-02 05:47 177640 ----a-w- c:\windows\system32\drivers\ssadmdm.sys
2012-06-22 23:33 . 2011-06-02 05:47 16872 ----a-w- c:\windows\system32\drivers\ssadmdfl.sys
2012-06-22 23:33 . 2011-06-02 05:47 157672 ----a-w- c:\windows\system32\drivers\ssadbus.sys
2012-06-22 23:33 . 2011-06-02 05:47 13800 ----a-w- c:\windows\system32\drivers\ssadwhnt.sys
2012-06-22 23:33 . 2011-06-02 05:47 13288 ----a-w- c:\windows\system32\drivers\ssadcmnt.sys
2012-06-22 23:33 . 2010-12-21 05:55 36328 ----a-w- c:\windows\system32\drivers\ssadadb.sys
2012-06-22 23:33 . 2011-06-02 05:47 146920 ----a-w- c:\windows\system32\drivers\ssadserd.sys
2012-06-22 22:56 . 2012-06-22 22:56 -------- d-----w- c:\windows\SysWow64\System32
2012-06-22 01:05 . 2012-06-22 01:06 -------- d-----w- c:\users\Hicham\AppData\Roaming\SecondLife
2012-06-22 01:05 . 2012-06-22 01:15 -------- d-----w- c:\users\Hicham\AppData\Local\SecondLife
2012-06-22 01:05 . 2012-06-22 01:05 -------- d-----w- c:\program files (x86)\SecondLifeViewer
2012-06-21 01:07 . 2012-05-04 11:00 366592 ----a-w- c:\windows\system32\qdvd.dll
2012-06-21 01:07 . 2012-05-04 09:59 514560 ----a-w- c:\windows\SysWow64\qdvd.dll
2012-06-20 03:32 . 2012-06-20 03:32 -------- d-----w- c:\programdata\BDLogging
2012-06-20 03:32 . 2012-06-20 03:32 -------- d-----w- c:\users\Hicham\AppData\Roaming\Bitdefender
2012-06-20 03:31 . 2012-06-20 03:32 -------- d-----w- c:\programdata\Bitdefender
2012-06-20 03:27 . 2011-08-16 14:59 442088 ----a-w- c:\windows\system32\drivers\bdfsfltr.sys
2012-06-20 03:27 . 2011-10-27 15:07 329800 ----a-w- c:\windows\system32\drivers\trufos.sys
2012-06-20 03:21 . 2012-06-20 03:30 -------- d-----w- c:\program files\Bitdefender
2012-06-20 00:55 . 2012-06-20 00:55 -------- d-----w- c:\users\Hicham\AppData\Roaming\QuickScan
2012-06-20 00:52 . 2012-06-20 03:27 -------- d-----w- c:\program files\Common Files\Bitdefender
2012-06-20 00:50 . 2012-06-20 00:50 -------- d-----w- c:\program files (x86)\Common Files\Bitdefender
2012-06-20 00:17 . 2012-06-20 00:17 -------- d-----w- c:\users\Hicham\AppData\Local\Macromedia
2012-06-19 23:00 . 2012-06-19 23:00 -------- d-----w- c:\users\Hicham\AppData\Roaming\Malwarebytes
2012-06-19 23:00 . 2012-06-19 23:00 -------- d-----w- c:\programdata\Malwarebytes
2012-06-19 22:59 . 2012-06-19 22:59 -------- d-----w- c:\program files (x86)\ESET
2012-06-19 20:34 . 2012-06-19 20:35 -------- d-----w- c:\program files\iTunes
2012-06-19 20:34 . 2012-06-19 20:34 -------- d-----w- c:\program files (x86)\iTunes
2012-06-19 20:34 . 2012-06-19 20:34 -------- d-----w- c:\program files\iPod
2012-06-19 12:34 . 2012-05-31 04:04 9013136 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{2A2096C7-79A0-4C04-B77E-BB0A44A4D131}\mpengine.dll
2012-06-19 12:22 . 2012-06-02 22:19 2428952 ----a-w- c:\windows\system32\wuaueng.dll
2012-06-19 12:22 . 2012-06-02 22:19 57880 ----a-w- c:\windows\system32\wuauclt.exe
2012-06-19 12:22 . 2012-06-02 22:19 44056 ----a-w- c:\windows\system32\wups2.dll
2012-06-19 12:22 . 2012-06-02 22:15 2622464 ----a-w- c:\windows\system32\wucltux.dll
2012-06-19 12:22 . 2012-06-02 22:19 38424 ----a-w- c:\windows\system32\wups.dll
2012-06-19 12:22 . 2012-06-02 22:19 701976 ----a-w- c:\windows\system32\wuapi.dll
2012-06-19 12:22 . 2012-06-02 22:15 99840 ----a-w- c:\windows\system32\wudriver.dll
2012-06-19 12:22 . 2012-06-02 15:19 186752 ----a-w- c:\windows\system32\wuwebv.dll
2012-06-19 12:22 . 2012-06-02 15:15 36864 ----a-w- c:\windows\system32\wuapp.exe
2012-06-14 22:43 . 2012-06-14 22:43 -------- d-----w- c:\program files (x86)\Attractel
2012-06-14 20:19 . 2012-06-14 20:19 -------- d-----w- c:\programdata\Intel.sav
2012-06-13 01:06 . 2012-06-13 01:06 770384 ----a-w- c:\program files (x86)\Mozilla Firefox\msvcr100.dll
2012-06-13 01:06 . 2012-06-13 01:06 421200 ----a-w- c:\program files (x86)\Mozilla Firefox\msvcp100.dll
2012-06-12 19:25 . 2012-04-24 05:37 184320 ----a-w- c:\windows\system32\cryptsvc.dll
2012-06-12 19:25 . 2012-04-24 05:37 140288 ----a-w- c:\windows\system32\cryptnet.dll
2012-06-12 19:25 . 2012-04-24 05:37 1462272 ----a-w- c:\windows\system32\crypt32.dll
2012-06-12 19:25 . 2012-04-24 04:36 140288 ----a-w- c:\windows\SysWow64\cryptsvc.dll
2012-06-12 19:25 . 2012-04-24 04:36 1158656 ----a-w- c:\windows\SysWow64\crypt32.dll
2012-06-12 19:25 . 2012-04-24 04:36 103936 ----a-w- c:\windows\SysWow64\cryptnet.dll
2012-06-12 19:25 . 2012-04-26 05:41 77312 ----a-w- c:\windows\system32\rdpwsx.dll
2012-06-12 19:25 . 2012-04-26 05:41 149504 ----a-w- c:\windows\system32\rdpcorekmts.dll
2012-06-12 19:25 . 2012-04-26 05:34 9216 ----a-w- c:\windows\system32\rdrmemptylst.exe
2012-06-12 19:24 . 2012-05-01 05:40 209920 ----a-w- c:\windows\system32\profsvc.dll
2012-06-12 19:24 . 2012-05-04 11:06 5559664 ----a-w- c:\windows\system32\ntoskrnl.exe
2012-06-12 19:24 . 2012-05-04 10:03 3913072 ----a-w- c:\windows\SysWow64\ntoskrnl.exe
2012-06-12 19:24 . 2012-05-15 01:32 3146752 ----a-w- c:\windows\system32\win32k.sys
2012-06-12 19:24 . 2012-05-04 10:03 3968368 ----a-w- c:\windows\SysWow64\ntkrnlpa.exe
2012-06-12 19:24 . 2012-04-28 03:55 210944 ----a-w- c:\windows\system32\drivers\rdpwd.sys
2012-06-12 19:24 . 2012-04-07 12:31 3216384 ----a-w- c:\windows\system32\msi.dll
2012-06-12 19:24 . 2012-04-07 11:26 2342400 ----a-w- c:\windows\SysWow64\msi.dll
2012-06-12 18:21 . 2012-06-12 18:21 159744 ----a-w- c:\program files (x86)\Internet Explorer\Plugins\npqtplugin7.dll
2012-06-12 18:21 . 2012-06-12 18:21 159744 ----a-w- c:\program files (x86)\Internet Explorer\Plugins\npqtplugin6.dll
2012-06-12 18:21 . 2012-06-12 18:21 159744 ----a-w- c:\program files (x86)\Internet Explorer\Plugins\npqtplugin5.dll
2012-06-12 18:21 . 2012-06-12 18:21 159744 ----a-w- c:\program files (x86)\Internet Explorer\Plugins\npqtplugin4.dll
2012-06-12 18:21 . 2012-06-12 18:21 159744 ----a-w- c:\program files (x86)\Internet Explorer\Plugins\npqtplugin3.dll
2012-06-12 18:21 . 2012-06-12 18:21 159744 ----a-w- c:\program files (x86)\Internet Explorer\Plugins\npqtplugin2.dll
2012-06-12 18:21 . 2012-06-12 18:21 159744 ----a-w- c:\program files (x86)\Internet Explorer\Plugins\npqtplugin.dll
2012-06-12 18:21 . 2012-06-12 18:21 -------- d-----w- c:\program files (x86)\QuickTime
2012-06-11 20:51 . 2012-06-11 20:51 428392 ----a-w- c:\windows\SysWow64\nvStreaming.exe
2012-06-06 23:43 . 2012-06-06 23:43 -------- d-----w- c:\users\Hicham\AppData\Local\APN
2012-06-06 23:43 . 2012-06-06 23:43 -------- d-----w- c:\users\Hicham\AppData\Roaming\Paltalk
2012-06-06 23:43 . 2012-06-06 23:43 -------- d-----w- c:\program files (x86)\Paltalk Messenger
2012-06-06 23:40 . 2012-06-06 23:41 -------- d-----w- c:\program files (x86)\Internet Download Manager
2012-06-01 00:34 . 2012-06-01 00:34 -------- d-----w- c:\users\Hicham\AppData\Roaming\Xilisoft
2012-05-31 23:59 . 2012-05-31 23:59 -------- d-----w- c:\programdata\Xilisoft
2012-05-31 23:59 . 2012-05-31 23:59 -------- d-----w- c:\program files (x86)\Xilisoft
2012-05-31 23:33 . 2012-05-31 23:33 -------- d-----w- c:\users\Hicham\AppData\Roaming\AnvSoft
2012-05-31 23:32 . 2012-05-31 23:32 -------- d-----w- c:\program files (x86)\AnvSoft
2012-05-31 16:34 . 2012-05-31 16:34 -------- d-----w- c:\programdata\eTarget
2012-05-31 16:31 . 2012-05-31 16:31 -------- d-----w- c:\program files (x86)\eTarget
2012-05-31 16:31 . 2012-05-31 16:31 -------- d-----w- c:\programdata\SL2o
2012-05-31 16:28 . 2012-05-31 16:28 -------- d-----w- c:\program files (x86)\PIXresizer
2012-05-31 16:28 . 2007-04-15 01:05 991232 ----a-w- c:\windows\SysWow64\imageviewer2.ocx
2012-05-31 16:28 . 2004-03-09 00:00 224016 ----a-w- c:\windows\SysWow64\tabctl32.ocx
2012-05-31 16:28 . 2000-07-09 19:15 106496 ----a-w- c:\windows\SysWow64\mbprgbar.ocx
2012-05-31 16:28 . 2000-05-02 00:02 110592 ----a-w- c:\windows\SysWow64\ccrpbds6.dll
2012-05-31 16:28 . 1999-09-16 10:04 151552 ----a-w- c:\windows\SysWow64\ccrpfd6.ocx
2012-05-31 16:28 . 1998-06-24 01:00 164144 ----a-w- c:\windows\SysWow64\comct232.ocx
2012-05-31 16:28 . 1996-01-12 01:00 200704 ----a-w- c:\windows\SysWow64\threed32.ocx
2012-05-30 21:42 . 2012-05-30 21:42 0 ----a-w- c:\windows\invcol.tmp
2012-05-30 21:39 . 2012-01-16 15:20 351680 ----a-w- c:\windows\system32\dchcfl64.dll
2012-05-30 21:38 . 2012-01-16 15:22 475584 ----a-w- c:\windows\hapint.exe
2012-05-30 21:38 . 2012-01-16 15:19 426432 ----a-w- c:\windows\dchcfg64.exe
2012-05-30 21:38 . 2012-01-16 15:17 108992 ----a-w- c:\windows\dcmdev64.exe
2012-05-30 21:38 . 2012-01-16 15:19 575936 ----a-w- c:\windows\system32\dchbas64.dll
.
.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-06-20 03:54 . 2012-03-29 23:02 426184 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2012-06-20 03:54 . 2012-03-08 16:41 70344 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2012-05-29 07:38 . 2011-12-23 20:58 330240 ----a-w- c:\windows\MASetupCaller.dll
2012-05-21 12:17 . 2012-05-21 12:17 276288 ----a-w- c:\windows\SysWow64\IntelCpHeciSvc.exe
2012-05-21 12:17 . 2012-05-21 12:17 5890880 ----a-w- c:\windows\system32\GfxUI.exe
2012-05-21 12:17 . 2012-05-21 12:17 509248 ----a-w- c:\windows\system32\igfxsrvc.exe
2012-05-21 12:17 . 2012-05-21 12:17 440128 ----a-w- c:\windows\system32\igfxpers.exe
2012-05-21 12:17 . 2012-05-21 12:17 398656 ----a-w- c:\windows\system32\hkcmd.exe
2012-05-21 12:17 . 2012-05-21 12:17 249664 ----a-w- c:\windows\system32\igfxext.exe
2012-05-21 12:17 . 2012-05-21 12:17 184640 ----a-w- c:\windows\system32\difx64.exe
2012-05-21 12:17 . 2012-05-21 12:17 170304 ----a-w- c:\windows\system32\igfxtray.exe
2012-05-21 12:13 . 2012-05-21 12:13 90112 ----a-w- c:\windows\system32\igfxCoIn_v2761.dll
2012-05-21 12:04 . 2012-05-21 12:04 8089088 ----a-w- c:\windows\system32\igdumd64.dll
2012-05-21 12:04 . 2012-05-21 12:04 14759520 ----a-w- c:\windows\system32\drivers\igdkmd64.sys
2012-05-21 12:03 . 2012-05-21 12:03 79360 ----a-w- c:\windows\system32\igdde64.dll
2012-05-21 11:59 . 2012-01-10 14:18 6122496 ----a-w- c:\windows\SysWow64\igdumd32.dll
2012-05-21 11:57 . 2012-05-21 11:57 58880 ----a-w- c:\windows\SysWow64\igdde32.dll
2012-05-21 11:55 . 2012-01-10 14:06 9606144 ----a-w- c:\windows\system32\igd10umd64.dll
2012-05-21 11:43 . 2012-03-19 23:11 7795712 ----a-w- c:\windows\SysWow64\igd10umd32.dll
2012-05-21 10:58 . 2012-05-21 10:58 18138624 ----a-w- c:\windows\system32\ig4icd64.dll
2012-05-21 10:47 . 2012-05-21 10:47 13214720 ----a-w- c:\windows\SysWow64\ig4icd32.dll
2012-05-21 10:44 . 2012-05-21 10:44 439296 ----a-w- c:\windows\system32\igfxrrom.lrc
2012-05-21 10:44 . 2012-05-21 10:44 438784 ----a-w- c:\windows\system32\igfxrhrv.lrc
2012-05-21 10:44 . 2012-05-21 10:44 438272 ----a-w- c:\windows\system32\igfxrsky.lrc
2012-05-21 10:44 . 2012-05-21 10:44 437760 ----a-w- c:\windows\system32\igfxrtrk.lrc
2012-05-21 10:44 . 2012-05-21 10:44 437760 ----a-w- c:\windows\system32\igfxrsve.lrc
2012-05-21 10:44 . 2012-05-21 10:44 437760 ----a-w- c:\windows\system32\igfxrslv.lrc
2012-05-21 10:44 . 2012-05-21 10:44 437248 ----a-w- c:\windows\system32\igfxrtha.lrc
2012-05-21 10:44 . 2012-05-21 10:44 439808 ----a-w- c:\windows\system32\igfxresn.lrc
2012-05-21 10:44 . 2012-05-21 10:44 439296 ----a-w- c:\windows\system32\igfxrrus.lrc
2012-05-21 10:44 . 2012-05-21 10:44 438784 ----a-w- c:\windows\system32\igfxrptg.lrc
2012-05-21 10:44 . 2012-05-21 10:44 438784 ----a-w- c:\windows\system32\igfxrplk.lrc
2012-05-21 10:44 . 2012-05-21 10:44 437760 ----a-w- c:\windows\system32\igfxrptb.lrc
2012-05-21 10:44 . 2012-05-21 10:44 438784 ----a-w- c:\windows\system32\igfxrita.lrc
2012-05-21 10:44 . 2012-05-21 10:44 437760 ----a-w- c:\windows\system32\igfxrnor.lrc
2012-05-21 10:44 . 2012-05-21 10:44 432128 ----a-w- c:\windows\system32\igfxrjpn.lrc
2012-05-21 10:44 . 2012-05-21 10:44 430592 ----a-w- c:\windows\system32\igfxrkor.lrc
2012-05-21 10:44 . 2012-05-21 10:44 440320 ----a-w- c:\windows\system32\igfxrell.lrc
2012-05-21 10:44 . 2012-05-21 10:44 438784 ----a-w- c:\windows\system32\igfxrdeu.lrc
2012-05-21 10:44 . 2012-05-21 10:44 438272 ----a-w- c:\windows\system32\igfxrhun.lrc
2012-05-21 10:44 . 2012-05-21 10:44 435712 ----a-w- c:\windows\system32\igfxrheb.lrc
2012-05-21 10:44 . 2012-05-21 10:44 439808 ----a-w- c:\windows\system32\igfxrfra.lrc
2012-05-21 10:44 . 2012-05-21 10:44 438784 ----a-w- c:\windows\system32\igfxrnld.lrc
2012-05-21 10:44 . 2012-05-21 10:44 438272 ----a-w- c:\windows\system32\igfxrfin.lrc
2012-05-21 10:44 . 2012-05-21 10:44 438272 ----a-w- c:\windows\system32\igfxrcsy.lrc
2012-05-21 10:44 . 2012-05-21 10:44 437248 ----a-w- c:\windows\system32\igfxrdan.lrc
2012-05-21 10:44 . 2012-05-21 10:44 435712 ----a-w- c:\windows\system32\igfxrara.lrc
2012-05-21 10:44 . 2012-05-21 10:44 429056 ----a-w- c:\windows\system32\igfxrcht.lrc
2012-05-21 10:44 . 2012-05-21 10:44 428544 ----a-w- c:\windows\system32\igfxrchs.lrc
2012-05-21 10:44 . 2012-05-21 10:44 126976 ----a-w- c:\windows\system32\igfxcpl.cpl
2012-05-21 10:44 . 2012-05-21 10:44 410624 ----a-w- c:\windows\system32\igfxTMM.dll
2012-05-21 10:43 . 2012-05-21 10:43 388608 ----a-w- c:\windows\system32\igfxpph.dll
2012-05-21 10:43 . 2012-01-10 13:19 28672 ----a-w- c:\windows\system32\igfxexps.dll
2012-05-21 10:43 . 2012-01-10 13:19 62976 ----a-w- c:\windows\system32\igfxsrvc.dll
2012-05-21 10:43 . 2012-01-10 13:19 110592 ----a-w- c:\windows\system32\hccutils.dll
2012-05-21 10:42 . 2012-05-21 10:42 172032 ----a-w- c:\windows\system32\gfxSrvc.dll
2012-05-21 10:42 . 2012-05-21 10:42 9216 ----a-w- c:\windows\system32\IGFXDEVLib.dll
2012-05-21 10:42 . 2012-02-14 17:56 436224 ----a-w- c:\windows\system32\igfxdev.dll
2012-05-21 10:42 . 2012-05-21 10:42 286208 ----a-w- c:\windows\system32\igfxrenu.lrc
2012-05-21 10:42 . 2012-05-21 10:42 142336 ----a-w- c:\windows\system32\igfxdo.dll
2012-05-21 10:42 . 2012-01-10 13:18 9007616 ----a-w- c:\windows\system32\igfxress.dll
2012-05-21 10:40 . 2012-05-21 10:40 25088 ----a-w- c:\windows\SysWow64\igfxexps32.dll
2012-05-21 10:39 . 2012-05-21 10:39 325632 ----a-w- c:\windows\SysWow64\igfxdv32.dll
2012-04-27 21:09 . 2011-03-28 18:36 19352 ----a-w- c:\programdata\Microsoft\IdentityCRL\production\ppcrlconfig600.dll
2012-04-18 20:56 . 2012-04-18 20:56 94208 ----a-w- c:\windows\SysWow64\QuickTimeVR.qtx
2012-04-18 20:56 . 2012-04-18 20:56 69632 ----a-w- c:\windows\SysWow64\QuickTime.qts
2012-04-14 18:08 . 2012-04-14 17:08 8741536 ----a-w- c:\windows\SysWow64\FlashPlayerInstaller.exe
2012-04-11 10:21 . 2012-04-11 10:21 203264 ----a-w- c:\windows\system32\Ncs2Setp.dll
2012-04-11 10:05 . 2012-04-11 10:05 839800 ----a-w- c:\windows\system32\ncs2dmix.dll
2012-04-11 10:05 . 2012-04-11 10:05 788600 ----a-w- c:\windows\system32\accesor.dll
2012-04-11 09:53 . 2012-04-11 09:53 217208 ----a-w- c:\windows\system32\ncs2instutility.dll
2012-04-11 09:49 . 2012-04-11 09:49 3031160 ----a-w- c:\windows\system32\ncscolib.dll
2012-04-08 00:58 . 2012-04-08 00:58 472808 ----a-w- c:\windows\SysWow64\deployJava1.dll
2012-03-30 11:35 . 2012-05-10 01:26 1918320 ----a-w- c:\windows\system32\drivers\tcpip.sys
2010-01-15 10:36 . 2012-03-19 00:03 75040 ----a-w- c:\program files (x86)\Common Files\SpeechUninstall.exe
.
.
((((((((((((((((((((((((((((( SnapShot@2012-06-28_01.01.41 )))))))))))))))))))))))))))))))))))))))))
.
+ 2010-11-21 03:09 . 2012-06-28 03:39 41530 c:\windows\system32\wdi\ShutdownPerformanceDiagnostics_SystemData.bin
+ 2009-07-14 05:10 . 2012-06-28 03:39 34336 c:\windows\system32\wdi\BootPerformanceDiagnostics_SystemData.bin
+ 2012-03-08 17:13 . 2012-06-28 03:39 5744 c:\windows\system32\wdi\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-3245385906-3479983345-2242931313-1000_UserData.bin
- 2012-03-08 13:00 . 2012-06-28 00:59 3820 c:\windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\Bluetooth\bthservsdp.dat
+ 2012-03-08 13:00 . 2012-06-28 03:34 3820 c:\windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\Bluetooth\bthservsdp.dat
+ 2012-06-28 03:35 . 2012-06-28 03:35 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
- 2012-06-28 01:00 . 2012-06-28 01:00 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
- 2012-06-28 01:00 . 2012-06-28 01:00 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
+ 2012-06-28 03:35 . 2012-06-28 03:35 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
+ 2010-11-21 06:19 . 2012-06-28 01:05 748274 c:\windows\system32\perfh00C.dat
- 2010-11-21 06:19 . 2012-06-28 00:11 748274 c:\windows\system32\perfh00C.dat
- 2009-07-14 02:36 . 2012-06-28 00:11 655264 c:\windows\system32\perfh009.dat
+ 2009-07-14 02:36 . 2012-06-28 01:05 655264 c:\windows\system32\perfh009.dat
+ 2010-11-21 06:19 . 2012-06-28 01:05 149882 c:\windows\system32\perfc00C.dat
- 2010-11-21 06:19 . 2012-06-28 00:11 149882 c:\windows\system32\perfc00C.dat
+ 2009-07-14 02:36 . 2012-06-28 01:05 122136 c:\windows\system32\perfc009.dat
- 2009-07-14 02:36 . 2012-06-28 00:11 122136 c:\windows\system32\perfc009.dat
+ 2009-07-14 04:46 . 2012-06-28 01:07 173992 c:\windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\SoftwareProtectionPlatform\Cache\cache.dat
- 2009-07-14 05:01 . 2012-06-28 00:59 472316 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat
+ 2009-07-14 05:01 . 2012-06-28 03:34 472316 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat
+ 2012-03-10 03:50 . 2012-06-28 03:34 8580983 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-3245385906-3479983345-2242931313-1000-12288.dat
.
((((((((((((((((((((((((((((((((( Points de chargement Reg ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"KiesPDLR"="c:\program files (x86)\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe" [2012-06-08 21432]
"Facebook Update"="c:\users\Hicham\AppData\Local\Facebook\Update\FacebookUpdate.exe" [2012-05-02 137536]
"SUPERAntiSpyware"="c:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2012-06-21 4786048]
"IDMan"="c:\program files (x86)\Internet Download Manager\IDMan.exe" [2011-11-14 3437976]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"IMSS"="c:\program files (x86)\Intel\Intel® Management Engine Components\IMSS\PIconStartup.exe" [2011-08-08 112408]
"IAStorIcon"="c:\program files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIconLaunch.exe" [2012-06-07 56128]
"PWRISOVM.EXE"="c:\program files (x86)\PowerISO\PWRISOVM.EXE" [2012-02-09 312376]
"SwitchBoard"="c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe" [2010-02-19 517096]
"AdobeCS5.5ServiceManager"="c:\program files (x86)\Common Files\Adobe\CS5.5ServiceManager\CS5.5ServiceManager.exe" [2011-01-12 1523360]
"BCSSync"="c:\program files (x86)\Microsoft Office\Office14\BCSSync.exe" [2010-03-13 91520]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-01-03 843712]
"Adobe Acrobat Speed Launcher"="c:\program files (x86)\Adobe\Acrobat 10.0\Acrobat\Acrobat_sl.exe" [2010-10-25 36760]
"Acrobat Assistant 8.0"="c:\program files (x86)\Adobe\Acrobat 10.0\Acrobat\Acrotray.exe" [2010-10-25 821144]
"KiesTrayAgent"="c:\program files (x86)\Samsung\Kies\KiesTrayAgent.exe" [2012-06-08 3521464]
"hpqSRMon"="c:\program files (x86)\HP\Digital Imaging\bin\hpqSRMon.exe" [2008-07-22 150528]
"APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-05-30 59280]
"HP Software Update"="c:\program files (x86)\HP\HP Software Update\HPWuSchd2.exe" [2011-05-10 49208]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2012-01-18 254696]
"LiveZilla"="c:\program files (x86)\LiveZilla\LiveZilla.exe" [2012-05-02 8069568]
"QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2012-04-18 421888]
"iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2012-06-07 421776]
"AndroidSync"="c:\program files (x86)\Android-Sync\AndroidSync.exe" [2012-06-20 6512184]
.
c:\users\Hicham\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
PalTalk.lnk - c:\program files (x86)\Paltalk Messenger\paltalk.exe [2012-5-27 8097960]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Bluetooth.lnk - c:\program files\WIDCOMM\Bluetooth Software\BTTray.exe [2010-10-15 1133856]
Dell System Manager.lnk - c:\program files\Dell\Dell System Manager\DCPSysMgr.exe [2011-7-28 1552240]
HP Digital Imaging Monitor.lnk - c:\program files (x86)\HP\Digital Imaging\bin\hpqtra08.exe [2010-5-28 276328]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 0 (0x0)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=c:\windows\SysWOW64\nvinit.dll
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\!SASCORE]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
.
R1 fanio;FanIO driver;c:\windows\system32\drivers\fanio.sys [2007-02-16 22528]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 DirMngr;DirMngr;c:\program files (x86)\GNU\GnuPG\dirmngr.exe [2009-02-17 231936]
R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe [2012-06-05 160944]
R3 AMPPALP;Protocole Intel® Centrino® Wireless Bluetooth® + High Speed;c:\windows\system32\DRIVERS\amppal.sys [2012-01-09 195584]
R3 androidusb;SAMSUNG Android Composite ADB Interface Driver;c:\windows\system32\Drivers\ssadadb.sys [2010-12-21 36328]
R3 avckf;avckf;c:\windows\system32\DRIVERS\avckf.sys [2012-02-17 545064]
R3 bdsandbox;bdsandbox;c:\windows\system32\drivers\bdsandbox.sys [2011-11-17 79952]
R3 cphs;Intel® Content Protection HECI Service;c:\windows\SysWow64\IntelCpHeciSvc.exe [2012-05-21 276288]
R3 dgderdrv;dgderdrv;c:\windows\system32\drivers\dgderdrv.sys [x]
R3 dmvsc;dmvsc;c:\windows\system32\drivers\dmvsc.sys [2010-11-21 71168]
R3 driverhardwarev2x64;driverhardwarev2x64;c:\program files\ma-config.com\Drivers\driverhardwarev2x64.sys [2011-07-21 16640]
R3 hwusbdev;Huawei DataCard USB PNP Device;c:\windows\system32\DRIVERS\ewusbdev.sys [2009-10-12 114304]
R3 maconfservice;Ma-Config Service;c:\program files\ma-config.com\x64\maconfservice.exe [2011-11-14 427640]
R3 Microsoft SharePoint Workspace Audit Service;Microsoft SharePoint Workspace Audit Service;c:\program files (x86)\Microsoft Office\Office14\GROOVE.EXE [2011-06-12 31125880]
R3 MozillaMaintenance;Mozilla Maintenance Service;c:\program files (x86)\Mozilla Maintenance Service\maintenanceservice.exe [2012-06-17 113120]
R3 MyWiFiDHCPDNS;Wireless PAN DHCP Server;c:\program files\Intel\WiFi\bin\PanDhcpDns.exe [2012-03-29 273168]
R3 nusb3hub;Renesas Electronics USB 3.0 Hub Driver;c:\windows\system32\drivers\nusb3hub.sys [2010-09-30 80384]
R3 nusb3xhc;Renesas Electronics USB 3.0 Host Controller Driver;c:\windows\system32\drivers\nusb3xhc.sys [2010-09-30 180736]
R3 NVHDA;Service for NVIDIA High Definition Audio Driver;c:\windows\system32\drivers\nvhda64v.sys [2012-01-17 188224]
R3 SafeBox;SafeBox;c:\program files\Bitdefender\Bitdefender SafeBox\safeboxservice.exe [2012-02-21 75384]
R3 ssadbus;SAMSUNG Android USB Composite Device driver (WDM);c:\windows\system32\DRIVERS\ssadbus.sys [2011-06-02 157672]
R3 ssadmdfl;SAMSUNG Android USB Modem (Filter);c:\windows\system32\DRIVERS\ssadmdfl.sys [2011-06-02 16872]
R3 ssadmdm;SAMSUNG Android USB Modem Drivers;c:\windows\system32\DRIVERS\ssadmdm.sys [2011-06-02 177640]
R3 ssadserd;SAMSUNG Android USB Diagnostic Serial Port (WDM);c:\windows\system32\DRIVERS\ssadserd.sys [2011-06-02 146920]
R3 SwitchBoard;SwitchBoard;c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2010-02-19 517096]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-21 59392]
R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys [2010-11-21 31232]
R3 Update Server;BitDefender Update Server v2;c:\program files\Common Files\Bitdefender\Bitdefender Arrakis Server\bin\arrakis3.exe [2011-10-14 466736]
R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys [2012-02-15 52736]
R3 UsblgwmAtc;LGE Wireless USB Serial02 Device;c:\windows\system32\DRIVERS\lgwusb64ser02.sys [2009-09-23 28160]
R3 UsblgwmDiag;LGE Wireless USB Serial01 Device;c:\windows\system32\DRIVERS\lgwusb64ser01.sys [2009-09-23 28160]
R3 USBlgwmModem;LGE Wireless USB Modem;c:\windows\system32\DRIVERS\lgwusb64modem.sys [2009-09-23 33792]
R3 usblgwubus;LGE Wireless Composite USB Device;c:\windows\system32\DRIVERS\lgwusb64bus.sys [2009-09-23 18944]
R3 WatAdminSvc;Service Windows Activation Technologies;c:\windows\system32\Wat\WatAdminSvc.exe [2012-03-10 1255736]
R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe [2010-09-22 57184]
S0 avc3;avc3;c:\windows\system32\DRIVERS\avc3.sys [2012-03-20 691896]
S0 nvpciflt;nvpciflt;c:\windows\system32\DRIVERS\nvpciflt.sys [2012-06-12 30056]
S0 PxHlpa64;PxHlpa64;c:\windows\System32\Drivers\PxHlpa64.sys [2009-07-09 55280]
S0 stdcfltn;Disk Class Filter Driver for Accelerometer;c:\windows\system32\DRIVERS\stdcfltn.sys [2011-07-15 22128]
S1 BdfNdisf;BitDefender Firewall NDIS 6 Filter Driver;c:\program files\common files\bitdefender\bitdefender firewall\bdfndisf6.sys [2011-11-14 90192]
S1 bdfwfpf;bdfwfpf;c:\program files\Common Files\Bitdefender\Bitdefender Firewall\bdfwfpf.sys [2011-11-14 103504]
S1 BDVEDISK;BDVEDISK;c:\windows\system32\DRIVERS\bdvedisk.sys [2010-01-19 103944]
S1 nvkflt;nvkflt;c:\windows\system32\DRIVERS\nvkflt.sys [2012-06-12 284008]
S1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\SASDIFSV64.SYS [2011-07-22 14928]
S1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL64.SYS [2011-07-12 12368]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [2009-07-14 59904]
S2 !SASCORE;SAS Core Service;c:\program files\SUPERAntiSpyware\SASCORE64.EXE [2011-08-11 140672]
S2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2012-01-03 63928]
S2 AESTFilters;Andrea ST Filters Service;c:\program files\IDT\WDM\AESTSr64.exe [2009-03-03 89600]
S2 AMPPALR3;Intel® Centrino® Wireless Bluetooth® + High Speed Service;c:\program files\Intel\BluetoothHS\BTHSAmpPalService.exe [2012-01-09 659968]
S2 BTHSSecurityMgr;Intel® Centrino® Wireless Bluetooth® + High Speed Security Service;c:\program files\Intel\BluetoothHS\BTHSSecurityMgr.exe [2012-01-17 135952]
S2 Credential Vault Host Control Service;Credential Vault Host Control Service;c:\program files\Broadcom Corporation\Broadcom USH Host Components\CV\bin\HostControlService.exe [2011-06-22 1043872]
S2 Credential Vault Host Storage;Credential Vault Host Storage;c:\program files\Broadcom Corporation\Broadcom USH Host Components\CV\bin\HostStorageService.exe [2011-06-22 36768]
S2 dcevt64;DSM SA Event Manager;c:\program files\Dell\SysMgt\dataeng\bin\dsm_sa_eventmgr64.exe [2012-01-16 222144]
S2 dcpsysmgrsvc;Dell System Manager Service;c:\program files\Dell\Dell System Manager\DCPSysMgrSvc.exe [2011-07-28 519536]
S2 dcstor64;DSM SA Data Manager;c:\program files\Dell\SysMgt\dataeng\bin\dsm_sa_datamgr64.exe [2012-01-16 293824]
S2 IAStorDataMgrSvc;Intel® Rapid Storage Technology;c:\program files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe [2012-05-30 13632]
S2 IDMWFP;IDMWFP;c:\windows\system32\DRIVERS\idmwfp.sys [2011-07-06 145008]
S2 Intel® Capability Licensing Service Interface;Intel® Capability Licensing Service Interface;c:\program files\Intel\iCLS Client\HeciServer.exe [2012-02-02 628448]
S2 Intel® PROSet Monitoring Service;Intel® PROSet Monitoring Service;c:\windows\system32\IProsetMonitor.exe [2012-03-12 190120]
S2 jhi_service;Intel® Identity Protection Technology Host Interface Service;c:\program files (x86)\Intel\Services\IPT\jhi_service.exe [2011-02-24 212944]
S2 nvUpdatusService;NVIDIA Update Service Daemon;c:\program files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe [2012-06-12 1258856]
S2 O2SDIOAssist;O2SDIOAssist;c:\windows\SysWOW64\srvany.exe [2003-04-18 8192]
S2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2012-06-11 382312]
S2 UNS;Intel® Management and Security Application User Notification Service;c:\program files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe [2012-02-07 363800]
S2 UPDATESRV;BitDefender Desktop Update Service;c:\program files\Bitdefender\Bitdefender 2012\updatesrv.exe [2012-03-13 66096]
S2 ZeroConfigService;Intel® PROSet/Wireless Zero Configuration Service;c:\program files\Intel\WiFi\bin\ZeroConfigService.exe [2012-03-29 2669840]
S3 Acceler;Accelerometer Service;c:\windows\system32\DRIVERS\accelern.sys [2011-07-22 27760]
S3 AMPPAL;Carte réseau virtuelle Intel® Centrino® Wireless Bluetooth® + High Speed;c:\windows\system32\DRIVERS\AMPPAL.sys [2012-01-09 195584]
S3 avchv;avchv Function Driver;c:\windows\system32\DRIVERS\avchv.sys [2011-11-25 258736]
S3 BTWAMPFL;BTWAMPFL;c:\windows\system32\DRIVERS\btwampfl.sys [2012-03-08 348712]
S3 btwl2cap;Bluetooth L2CAP Service;c:\windows\system32\DRIVERS\btwl2cap.sys [2012-03-08 39464]
S3 cvusbdrv;Dell ControlVault;c:\windows\system32\Drivers\cvusbdrv.sys [2011-06-22 45672]
S3 dcdbas;System Management Driver;c:\windows\system32\DRIVERS\dcdbas64.sys [2012-03-03 38472]
S3 e1cexpress;Intel® PRO/1000 PCI Express Network Connection Driver C;c:\windows\system32\DRIVERS\e1c62x64.sys [2012-03-16 514736]
S3 MEIx64;Intel® Management Engine Interface ;c:\windows\system32\DRIVERS\HECIx64.sys [2011-11-10 60184]
S3 NETwNs64;___ Pilote de carte de la série Intel® Wireless WiFi Link 5000 pour Windows 7 64 bits ;c:\windows\system32\DRIVERS\Netwsw00.sys [2012-03-12 11471872]
S3 O2MDRRDR;O2MDRRDR;c:\windows\system32\DRIVERS\O2MDRw7x64.sys [2011-01-03 74984]
S3 O2SDJRDR;O2SDJRDR;c:\windows\system32\DRIVERS\o2sdjw7x64.sys [2011-03-23 83560]
S3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-09 4925184]
S3 SWNC8U12;Sierra Wireless MUX NDIS Driver (UMTS12);c:\windows\system32\DRIVERS\swnc8u12.sys [2007-09-21 195584]
S3 swumx12;Sierra Wireless USB MUX Driver (UMTS12);c:\windows\system32\DRIVERS\swumx12.sys [2007-09-21 189056]
S3 vwifimp;Microsoft Virtual WiFi Miniport Service;c:\windows\system32\DRIVERS\vwifimp.sys [2009-07-14 17920]
S3 wbfcvusbdrv;WBF Control Vault;c:\windows\system32\Drivers\wbfcvusbdrv.sys [2011-06-22 15976]
.
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\svchost]
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc
.
Contenu du dossier 'Tâches planifiées'
.
2012-06-28 c:\windows\Tasks\AutoKMS.job
- c:\windows\AutoKMS\AutoKMS.exe [2012-03-08 17:44]
.
2012-06-19 c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-3245385906-3479983345-2242931313-1000Core.job
- c:\users\Hicham\AppData\Local\Facebook\Update\FacebookUpdate.exe [2012-04-11 22:09]
.
2012-06-28 c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-3245385906-3479983345-2242931313-1000UA.job
- c:\users\Hicham\AppData\Local\Facebook\Update\FacebookUpdate.exe [2012-04-11 22:09]
.
2012-06-19 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3245385906-3479983345-2242931313-1000Core.job
- c:\users\Hicham\AppData\Local\Google\Update\GoogleUpdate.exe [2012-03-14 17:45]
.
2012-06-28 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3245385906-3479983345-2242931313-1000UA.job
- c:\users\Hicham\AppData\Local\Google\Update\GoogleUpdate.exe [2012-03-14 17:45]
.
2012-06-28 c:\windows\Tasks\HP Photo Creations Communicator.job
- c:\programdata\HP Photo Creations\MessageCheck.exe [2011-03-02 10:11]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\IDM Shell Extension]
@="{CDC95B92-E27C-4745-A8C5-64A52A78855D}"
[HKEY_CLASSES_ROOT\CLSID\{CDC95B92-E27C-4745-A8C5-64A52A78855D}]
2011-05-30 14:50 22408 ----a-w- c:\program files (x86)\Internet Download Manager\IDMShellExt64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\__SafeBox1]
@="{152C96EB-288E-4EDC-B7C6-D21F8250ADF3}"
[HKEY_CLASSES_ROOT\CLSID\{152C96EB-288E-4EDC-B7C6-D21F8250ADF3}]
2012-02-22 13:55 266952 ----a-w- c:\program files\Bitdefender\Bitdefender Safebox\safeboxshell.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\__SafeBox2]
@="{342DAA0B-D796-460D-8566-901E08A1CCAD}"
[HKEY_CLASSES_ROOT\CLSID\{342DAA0B-D796-460D-8566-901E08A1CCAD}]
2012-02-22 13:55 266952 ----a-w- c:\program files\Bitdefender\Bitdefender Safebox\safeboxshell.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\__SafeBox3]
@="{57595DAE-1AE1-4D97-A49E-67CBB53B52DF}"
[HKEY_CLASSES_ROOT\CLSID\{57595DAE-1AE1-4D97-A49E-67CBB53B52DF}]
2012-02-22 13:55 266952 ----a-w- c:\program files\Bitdefender\Bitdefender Safebox\safeboxshell.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\__SafeBox4]
@="{33816773-98AE-4723-ADE0-EBE54C8B5A67}"
[HKEY_CLASSES_ROOT\CLSID\{33816773-98AE-4723-ADE0-EBE54C8B5A67}]
2012-02-22 13:55 266952 ----a-w- c:\program files\Bitdefender\Bitdefender Safebox\safeboxshell.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"FreeFallProtection"="c:\program files (x86)\STMicroelectronics\AccelerometerP11\FF_Protection.exe" [2011-07-25 686704]
"Apoint"="c:\program files\DellTPad\Apoint.exe" [2011-07-20 611192]
"SysTrayApp"="c:\program files\IDT\WDM\sttray64.exe" [2011-01-25 525312]
"AdobeAAMUpdater-1.0"="c:\program files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe" [2011-03-30 499608]
"BDAgent"="c:\program files\Bitdefender\Bitdefender 2012\bdagent.exe" [2012-06-06 1091200]
"IntelMyWiFiDashboard"="c:\program files\Intel\WiFi\bin\CCDashServer.exe" [2012-03-29 4966912]
"IntelPROSet"="c:\program files\Common Files\Intel\WirelessCommon\iFrmewrk.exe" [2012-03-29 4756240]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2012-05-21 170304]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2012-05-21 398656]
"Persistence"="c:\windows\system32\igfxpers.exe" [2012-05-21 440128]
"nwiz"="c:\program files\NVIDIA Corporation\nview\nwiz.exe" [2012-06-12 1694016]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_DLLs"=c:\windows\System32\nvinitx.dll
.
------- Examen supplémentaire -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = about:blank
mStart Page = about:blank
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = *.local
IE: &Envoyer à OneNote - c:\progra~2\MICROS~1\Office14\ONBttnIE.dll/105
IE: Ajouter la cible du lien à un fichier PDF existant - c:\program files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Ajouter à un fichier PDF existant - c:\program files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convertir au format Adobe PDF - c:\program files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECapture.html
IE: Convertir la cible du lien au format Adobe PDF - c:\program files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: E&xporter vers Microsoft Excel - c:\progra~2\MICROS~1\Office14\EXCEL.EXE/3000
IE: Envoyer au périphérique &Bluetooth... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
IE: Envoyer l'&image au périphérique Bluetooth... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
IE: Télécharger avec IDM - c:\program files (x86)\Internet Download Manager\IEExt.htm
IE: Télécharger tous les liens avec IDM - c:\program files (x86)\Internet Download Manager\IEGetAll.htm
TCP: Interfaces\{A8E25707-DC7F-489B-AAD1-CA556CDE4455}: NameServer = 192.168.1.1
FF - ProfilePath - c:\users\Hicham\AppData\Roaming\Mozilla\Firefox\Profiles\z7lbjrf2.default\
FF - prefs.js: browser.startup.homepage - about:home
FF - prefs.js: network.proxy.type - 0
.
.
--------------------- CLES DE REGISTRE BLOQUEES ---------------------
.
[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.htm\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="FirefoxHTML"
.
[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.html\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="FirefoxHTML"
.
[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.shtml\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="FirefoxHTML"
.
[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.xht\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="FirefoxHTML"
.
[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.xhtml\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="FirefoxHTML"
.
[HKEY_USERS\S-1-5-21-3245385906-3479983345-2242931313-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.download\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="SafariDownload"
.
[HKEY_USERS\S-1-5-21-3245385906-3479983345-2242931313-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.htm\UserChoice]
@Denied: (2) (S-1-5-21-3245385906-3479983345-2242931313-1000)
@Denied: (2) (LocalSystem)
"Progid"="FirefoxHTML"
.
[HKEY_USERS\S-1-5-21-3245385906-3479983345-2242931313-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.html\UserChoice]
@Denied: (2) (S-1-5-21-3245385906-3479983345-2242931313-1000)
@Denied: (2) (LocalSystem)
"Progid"="FirefoxHTML"
.
[HKEY_USERS\S-1-5-21-3245385906-3479983345-2242931313-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.safariextz\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="SafariExtension"
.
[HKEY_USERS\S-1-5-21-3245385906-3479983345-2242931313-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.shtml\UserChoice]
@Denied: (2) (S-1-5-21-3245385906-3479983345-2242931313-1000)
@Denied: (2) (LocalSystem)
"Progid"="FirefoxHTML"
.
[HKEY_USERS\S-1-5-21-3245385906-3479983345-2242931313-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.svg\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="SafariHTML"
.
[HKEY_USERS\S-1-5-21-3245385906-3479983345-2242931313-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.webarchive\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="SafariHTML"
.
[HKEY_USERS\S-1-5-21-3245385906-3479983345-2242931313-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.xht\UserChoice]
@Denied: (2) (S-1-5-21-3245385906-3479983345-2242931313-1000)
@Denied: (2) (LocalSystem)
"Progid"="FirefoxHTML"
.
[HKEY_USERS\S-1-5-21-3245385906-3479983345-2242931313-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.xhtml\UserChoice]
@Denied: (2) (S-1-5-21-3245385906-3479983345-2242931313-1000)
@Denied: (2) (LocalSystem)
"Progid"="FirefoxHTML"
.
[HKEY_USERS\S-1-5-21-3245385906-3479983345-2242931313-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.xml\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="SafariHTML"
.
[HKEY_USERS\S-1-5-21-3245385906-3479983345-2242931313-1000_Classes\Wow6432Node\CLSID\{373cc752-5d54-4e5b-9866-0a3afba09ab9}]
@Denied: (Full) (Everyone)
@Allowed: (Read) (RestrictedCode)
"Model"=dword:00000066
"Therad"=dword:00000024
"MData"=hex(0):2b,8f,78,29,5a,0c,ce,ec,48,d4,68,e5,9f,6a,96,3e,ab,de,c5,81,26,
38,95,44,9b,7f,44,e6,2d,cd,de,65,98,a4,40,ae,92,32,56,ca,df,f8,83,9b,76,7f,\
.
[HKEY_USERS\S-1-5-21-3245385906-3479983345-2242931313-1000_Classes\Wow6432Node\CLSID\{5ED60779-4DE2-4E07-B862-974CA4FF2E9C}]
@Denied: (Full) (Everyone)
@Allowed: (Read) (RestrictedCode)
"scansk"=hex(0):a9,63,b2,38,33,b6,d1,16,a6,19,38,c4,1e,f1,f2,a9,fe,90,bd,38,d9,
d9,dc,99,4f,9d,99,75,f4,ea,09,8e,3a,65,0b,92,bf,4d,a3,25,00,00,00,00,00,00,\
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_2_202_233_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_2_202_233_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_2_202_233.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.11"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_2_202_233.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_2_202_233.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_2_202_233.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Office\Common\Smart Tag\Actions\{B7EFF951-E52F-45CC-9EF7-57124F2177CC}]
@Denied: (A) (Everyone)
"Solution"="{15727DE6-F92D-4E46-ACB4-0E2C58B31A18}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3]
@Denied: (A) (Everyone)
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3\0]
"Key"="ActionsPane3"
"Location"="c:\\Program Files (x86)\\Common Files\\Microsoft Shared\\VSTO\\ActionsPane3.xsd"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0003\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0004\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0006\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Autres processus actifs ------------------------
.
c:\program files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\program files (x86)\Power Translator 15\LogoMedia TranslateDotNet Server.exe
c:\windows\system32\DRIVERS\o2flash.exe
c:\windows\sysWOW64\SDIOAssist.exe
c:\windows\SysWOW64\RunDll32.exe
c:\program files (x86)\Internet Download Manager\IEMonitor.exe
c:\program files (x86)\Android-Sync\bin\adb.exe
c:\program files\WIDCOMM\Bluetooth Software\BluetoothHeadsetProxy.exe
c:\program files (x86)\HP\Digital Imaging\bin\hpqSTE08.exe
c:\program files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe
c:\program files (x86)\HP\Digital Imaging\bin\hpqbam08.exe
c:\program files (x86)\HP\Digital Imaging\bin\hpqgpc01.exe
c:\program files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
.
**************************************************************************
.
Heure de fin: 2012-06-28 03:42:11 - La machine a redémarré
ComboFix-quarantined-files.txt 2012-06-28 03:42
ComboFix2.txt 2012-06-28 01:07
.
Avant-CF: 14 894 514 176 octets libres
Après-CF: 14 730 391 552 octets libres
.
- - End Of File - - 05ECBBF0EE36FF05A02AFA6DAC4882DE



#10 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:01:48 PM

Posted 27 June 2012 - 09:49 PM

Hello

:P2P Warning!:

IMPORTANT I notice there are signs of one or more P2P (Person to Person) File Sharing Programs on your computer.

Please note that as long as you are using any form of Peer-to-Peer networking and downloading files from non-documented sources, you can expect infestations of malware to occur
Once upon a time, P2P file sharing was fairly safe. That is no longer true. P2P programs form a direct conduit on to your computer, their security measures are easily circumvented and malware writers are increasingly exploiting them to spread their wares on to your computer. Further to that, if your P2P program is not configured correctly, your computer may be sharing more files than you realize. There have been cases where people's passwords, address books and other personal, private, and financial details have been exposed to a file sharing network by a badly configured program.

Please read these short reports on the dangers of peer-2-peer programs and file sharing.

FBI Cyber Education Letter
File sharing infects 500,000 computers
USAToday
infoworld


These logs are looking allot better. But we still have some work to do.

Please print out these instructions, or copy them to a Notepad file. It will make it easier for you to follow the instructions and complete all of the necessary steps..

uninstall some programs

NOTE** Because of the cleanup process some of the programs I have listed may not be in add/remove anymore this is fine just move to the next item on the list.

You can remove these programs using add/remove or you can use the free uninstaller from Revo (it does allot better of a job

Programs to remove

µTorrent
eMule
Java™ 6 Update 31
[/list]


  • Please download and install Revo Uninstaller Free
  • Double click Revo Uninstaller to run it.
  • From the list of programs double click on The Program to remove
  • When prompted if you want to uninstall click Yes.
  • Be sure the Moderate option is selected then click Next.
  • The program will run, If prompted again click Yes
  • when the built-in uninstaller is finished click on Next.
  • Once the program has searched for leftovers click Next.
  • Check/tick the bolded items only on the list then click Delete
  • when prompted click on Yes and then on next.
  • put a check on any folders that are found and select delete
  • when prompted select yes then on next
  • Once done click Finish.
.


Install Java:

Please go here to install Java

  • click on the Free Java Download Button
  • click on Agree and start Free download
  • click on Run
  • click on run again
  • click on install
  • when install is complete click on close

Clean Out Temp Files

  • This small application you may want to keep and use once a week to keep the computer clean.

    Download CCleaner from here http://www.ccleaner.com/

  • Run the installer to install the application.
  • When it gives you the option to install Yahoo toolbar uncheck the box next to it.
  • Run CCleaner. (make sure under Windows tab all the boxes of Internet Explorer and Windows explorer are checked. Under System check Empty Recycle Bin and Temporary Files. Under Application tab all the boxes should be checked).
  • Click Run Cleaner.
  • Close CCleaner.

: Malwarebytes' Anti-Malware :

  • Please download Malwarebytes' Anti-Malware to your desktop.
  • Double-click mbam-setup.exe and follow the prompts to install the program.
  • At the end, be sure a checkmark is placed next to
    • Update Malwarebytes' Anti-Malware
    • and Launch Malwarebytes' Anti-Malware
  • then click Finish.
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select Perform quick scan, then click Scan.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Be sure that everything is Checked (ticked) except items in the C:\System Volume Information folder and click on Remove Selected.
  • When completed, a log will open in Notepad. please copy and paste the log into your next reply
    • If you accidently close it, the log file is saved here and will be named like this:
    • C:\Documents and Settings\Username\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Logs\mbam-log-date (time).txt

Note: If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts.
Click OK to either and let MBAM proceed with the disinfection process.
If asked to restart the computer, please do so immediately. Failure to reboot will prevent MBAM from removing all the malware.


Download HijackThis

If you have any problems running Hijackthis see NOTE** below (Host file not read, blank notepad ...)

  • Go Here to download HijackThis Installer
  • Save HijackThis Installer to your desktop.
  • Double-click on the HijackThis Installer icon on your desktop. (Vista and Win 7 right click and run as admin)
  • By default it will install to C:\Program Files\Trend Micro\HijackThis .
  • Click on Install.
  • It will create a HijackThis icon on the desktop.
  • Once installed it will launch Hijackthis.
  • Click on the Do a system scan and save a logfile button. It will scan and the log should open in notepad.
  • Click on Edit > Select All then click on Edit > Copy to copy the entire contents of the log.
  • Come back here to this thread and Paste the log in your next reply.
  • DO NOT use the AnalyseThis button its findings are dangerous if misinterpreted.
  • DO NOT have Hijackthis fix anything yet. Most of what it finds will be harmless or even required.


NOTE**
sometimes we have to run it like this To run HijackThis as an administrator, right-click HijackThis.exe
(located: C:\Program Files\Trend Micro\HiJackThis\HiJackThis.exe)<--32bit
(located: C:\Program Files(86)\Trend Micro\HiJackThis\HiJackThis.exe)<--64bit
and select to run as administrator

"information and logs"

  • In your next post I need the following

  • Log From MBAM
  • report from Hijackthis
  • let me know of any problems you may have had
  • How is the computer doing now?

Gringo

I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#11 0_shark_0

0_shark_0
  • Topic Starter

  • Members
  • 70 posts
  • OFFLINE
  •  
  • Local time:05:48 PM

Posted 27 June 2012 - 10:12 PM

Thanks Gringo for your help

All the steps of cleaning is done

below reports for MBAM an Hijack

Malwarebytes Anti-Malware (Essai) 1.61.0.1400
www.malwarebytes.org

Version de la base de données: v2012.06.28.02

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 9.0.8112.16421
Hicham :: HICHAM-PC [administrateur]

Protection: Désactivé

28/06/2012 04:08:36
mbam-log-2012-06-28 (04-08-36).txt

Type d'examen: Examen rapide
Options d'examen activées: Mémoire | Démarrage | Registre | Système de fichiers | Heuristique/Extra | Heuristique/Shuriken | PUP | PUM
Options d'examen désactivées: P2P
Elément(s) analysé(s): 232245
Temps écoulé: 2 minute(s), 14 seconde(s)

Processus mémoire détecté(s): 0
(Aucun élément nuisible détecté)

Module(s) mémoire détecté(s): 0
(Aucun élément nuisible détecté)

Clé(s) du Registre détectée(s): 0
(Aucun élément nuisible détecté)

Valeur(s) du Registre détectée(s): 0
(Aucun élément nuisible détecté)

Elément(s) de données du Registre détecté(s): 0
(Aucun élément nuisible détecté)

Dossier(s) détecté(s): 0
(Aucun élément nuisible détecté)

Fichier(s) détecté(s): 0
(Aucun élément nuisible détecté)

(fin)

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 04:12:42, on 28/06/2012
Platform: Windows 7 SP1 (WinNT 6.00.3505)
MSIE: Internet Explorer v9.00 (9.00.8112.16446)
Boot mode: Normal

Running processes:
C:\Program Files (x86)\STMicroelectronics\AccelerometerP11\FF_Protection.exe
C:\Program Files (x86)\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe
C:\Program Files (x86)\Internet Download Manager\IDMan.exe
C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files (x86)\PowerISO\PWRISOVM.EXE
C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\acrotray.exe
C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe
C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe
C:\Program Files (x86)\iTunes\iTunesHelper.exe
C:\Windows\SysWOW64\RunDll32.exe
C:\Program Files (x86)\Internet Download Manager\IEMonitor.exe
C:\Program Files\WIDCOMM\Bluetooth Software\BluetoothHeadsetProxy.exe
C:\Program Files (x86)\HP\Digital Imaging\bin\hpqSTE08.exe
C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe
C:\Program Files (x86)\HP\Digital Imaging\bin\hpqbam08.exe
C:\Program Files (x86)\HP\Digital Imaging\bin\hpqgpc01.exe
C:\Program Files (x86)\Mozilla Firefox\firefox.exe
C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe
C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe
C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_3_300_257.exe
C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_3_300_257.exe
C:\Program Files (x86)\Microsoft Office\Office14\OUTLOOK.EXE
C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbam.exe
C:\Users\Hicham\Downloads\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O2 - BHO: IDM Helper - {0055C089-8582-441B-A0BF-17B458C2A3A8} - C:\Program Files (x86)\Internet Download Manager\IDMIECC.dll
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file)
O2 - BHO: HP Print Enhancer - {0347C33E-8762-4905-BF09-768834316C61} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll
O2 - BHO: ContributeBHO Class - {074C1DC5-9320-4A9A-947D-C042949C6216} - C:\Program Files (x86)\Adobe\Adobe Contribute CS5.1\Plugins\IEPlugin\contributeieplugin.dll
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: LEC - {4A241D35-F7EB-401b-8C5B-A904A50F280E} - C:\Program Files (x86)\Power Translator 15\Applications\LEC IE Translation Extension.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~2\MICROS~1\Office14\GROOVEEX.DLL
O2 - BHO: Java™ Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\ssv.dll
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live ID - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Windows Live Messenger Companion Helper - {9FDDE16B-836F-4806-AB1F-1455CBEFF289} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll
O2 - BHO: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
O2 - BHO: URLRedirectionBHO - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\MICROS~1\Office14\URLREDIR.DLL
O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\jp2ssv.dll
O2 - BHO: SmartSelect - {F4971EE7-DAA0-4053-9964-665D8EE6A077} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
O2 - BHO: HP Smart BHO Class - {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
O3 - Toolbar: Contribute Toolbar - {517BDDE4-E3A7-4570-B21E-2B52B6139FC7} - C:\Program Files (x86)\Adobe\Adobe Contribute CS5.1\Plugins\IEPlugin\contributeieplugin.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
O3 - Toolbar: LEC - {1DBAB667-A486-421e-AFE4-CF07DD0088E5} - C:\Program Files (x86)\Power Translator 15\Applications\LEC IE Translation Extension.dll
O4 - HKLM\..\Run: [IMSS] "C:\Program Files (x86)\Intel\Intel® Management Engine Components\IMSS\PIconStartup.exe"
O4 - HKLM\..\Run: [IAStorIcon] C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIconLaunch.exe "C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe" 60
O4 - HKLM\..\Run: [PWRISOVM.EXE] C:\Program Files (x86)\PowerISO\PWRISOVM.EXE -startup
O4 - HKLM\..\Run: [SwitchBoard] C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
O4 - HKLM\..\Run: [AdobeCS5.5ServiceManager] "C:\Program Files (x86)\Common Files\Adobe\CS5.5ServiceManager\CS5.5ServiceManager.exe" -launchedbylogin
O4 - HKLM\..\Run: [BCSSync] "C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe" /DelayServices
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [Adobe Acrobat Speed Launcher] "C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Acrobat_sl.exe"
O4 - HKLM\..\Run: [Acrobat Assistant 8.0] "C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Acrotray.exe"
O4 - HKLM\..\Run: [KiesTrayAgent] C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe
O4 - HKLM\..\Run: [hpqSRMon] C:\Program Files (x86)\HP\Digital Imaging\bin\hpqSRMon.exe
O4 - HKLM\..\Run: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [LiveZilla] "C:\Program Files (x86)\LiveZilla\LiveZilla.exe" -minimize
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [AndroidSync] C:\Program Files (x86)\Android-Sync\AndroidSync.exe -m
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
O4 - HKLM\..\RunOnce: [Malwarebytes Anti-Malware] C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe /install /silent
O4 - HKCU\..\Run: [KiesPDLR] C:\Program Files (x86)\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe
O4 - HKCU\..\Run: [Facebook Update] "C:\Users\Hicham\AppData\Local\Facebook\Update\FacebookUpdate.exe" /c /nocrashserver
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - HKCU\..\Run: [IDMan] C:\Program Files (x86)\Internet Download Manager\IDMan.exe /onboot
O4 - HKUS\S-1-5-21-3245385906-3479983345-2242931313-1004\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'UpdatusUser')
O4 - HKUS\S-1-5-21-3245385906-3479983345-2242931313-1004\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'UpdatusUser')
O4 - Startup: PalTalk.lnk = C:\Program Files (x86)\Paltalk Messenger\paltalk.exe
O4 - Global Startup: Bluetooth.lnk = ?
O4 - Global Startup: Dell System Manager.lnk = C:\Program Files\Dell\Dell System Manager\DCPSysMgr.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe
O8 - Extra context menu item: &Envoyer à OneNote - res://C:\PROGRA~2\MICROS~1\Office14\ONBttnIE.dll/105
O8 - Extra context menu item: Ajouter la cible du lien à un fichier PDF existant - res://C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 - Extra context menu item: Ajouter à un fichier PDF existant - res://C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convertir au format Adobe PDF - res://C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convertir la cible du lien au format Adobe PDF - res://C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~2\MICROS~1\Office14\EXCEL.EXE/3000
O8 - Extra context menu item: Envoyer au périphérique &Bluetooth... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O8 - Extra context menu item: Envoyer l'&image au périphérique Bluetooth... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
O8 - Extra context menu item: Télécharger avec IDM - C:\Program Files (x86)\Internet Download Manager\IEExt.htm
O8 - Extra context menu item: Télécharger tous les liens avec IDM - C:\Program Files (x86)\Internet Download Manager\IEGetAll.htm
O9 - Extra button: @C:\Program Files (x86)\Windows Live\Companion\companionlang.dll,-600 - {0000036B-C524-4050-81A0-243669A86B9F} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll
O9 - Extra button: @C:\Program Files (x86)\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1004 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: @C:\Program Files (x86)\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1003 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Envoyer à OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: &Envoyer à OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll
O9 - Extra button: PalTalk - {4EAFEF58-EEFA-4116-983D-03B49BCBFFFE} - C:\Program Files (x86)\Paltalk Messenger\Paltalk.exe
O9 - Extra button: Notes &liées OneNote - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
O9 - Extra 'Tools' menuitem: Notes &liées OneNote - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
O9 - Extra button: Envoyer à Bluetooth - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra 'Tools' menuitem: Envoyer au périphérique &Bluetooth... - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra button: Afficher ou masquer l'HP Smart Web Printing - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll
O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O16 - DPF: {8CFCF42C-1C64-47D6-AEEC-F9D001832ED3} (DellSystem.Scanner) - http://xserv.dell.com/DellDriverScanner/DellSystem.CAB
O16 - DPF: {C1F8FC10-E5DB-4112-9DBF-6C3FF728D4E3} (DellSystemLite.Scanner) - http://support.dell.com/systemprofiler/DellSystemLite.CAB
O17 - HKLM\System\CCS\Services\Tcpip\..\{A8E25707-DC7F-489B-AAD1-CA556CDE4455}: NameServer = 192.168.1.1
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL
O18 - Protocol: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
O18 - Filter hijack: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
O20 - AppInit_DLLs: C:\Windows\SysWOW64\nvinit.dll
O23 - Service: SAS Core Service (!SASCORE) - SUPERAntiSpyware.com - C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE
O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
O23 - Service: @%SystemRoot%\system32\aelupsvc.dll,-1 (AeLookupSvc) - Unknown owner - C:\Windows\system32\svchost.exe
O23 - Service: Andrea ST Filters Service (AESTFilters) - Andrea Electronics Corporation - C:\Program Files\IDT\WDM\AESTSr64.exe
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
O23 - Service: Intel® Centrino® Wireless Bluetooth® + High Speed Service (AMPPALR3) - Intel Corporation - C:\Program Files\Intel\BluetoothHS\BTHSAmpPalService.exe
O23 - Service: @%systemroot%\system32\appidsvc.dll,-100 (AppIDSvc) - Unknown owner - C:\Windows\system32\svchost.exe
O23 - Service: @%systemroot%\system32\appinfo.dll,-100 (Appinfo) - Unknown owner - C:\Windows\system32\svchost.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
O23 - Service: @appmgmts.dll,-3250 (AppMgmt) - Unknown owner - C:\Windows\system32\svchost.exe
O23 - Service: @%SystemRoot%\system32\audiosrv.dll,-204 (AudioEndpointBuilder) - Unknown owner - C:\Windows\System32\svchost.exe
O23 - Service: @%SystemRoot%\system32\audiosrv.dll,-200 (AudioSrv) - Unknown owner - C:\Windows\System32\svchost.exe
O23 - Service: @%SystemRoot%\system32\AxInstSV.dll,-103 (AxInstSV) - Unknown owner - C:\Windows\system32\svchost.exe
O23 - Service: @%SystemRoot%\system32\bdesvc.dll,-100 (BDESVC) - Unknown owner - C:\Windows\System32\svchost.exe
O23 - Service: @%SystemRoot%\system32\bfe.dll,-1001 (BFE) - Unknown owner - C:\Windows\system32\svchost.exe
O23 - Service: @%SystemRoot%\system32\qmgr.dll,-1000 (BITS) - Unknown owner - C:\Windows\system32\svchost.exe
O23 - Service: Service Bonjour (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: @%systemroot%\system32\browser.dll,-100 (Browser) - Unknown owner - C:\Windows\system32\svchost.exe
O23 - Service: @%SystemRoot%\System32\bthserv.dll,-101 (bthserv) - Unknown owner - C:\Windows\system32\svchost.exe
O23 - Service: Intel® Centrino® Wireless Bluetooth® + High Speed Security Service (BTHSSecurityMgr) - Intel® Corporation - C:\Program Files\Intel\BluetoothHS\BTHSSecurityMgr.exe
O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe
O23 - Service: @%SystemRoot%\System32\certprop.dll,-11 (CertPropSvc) - Unknown owner - C:\Windows\system32\svchost.exe
O23 - Service: Intel® Content Protection HECI Service (cphs) - Intel Corporation - C:\Windows\SysWow64\IntelCpHeciSvc.exe
O23 - Service: Credential Vault Host Control Service - Broadcom Corporation - C:\Program Files\Broadcom Corporation\Broadcom USH Host Components\CV\bin\HostControlService.exe
O23 - Service: Credential Vault Host Storage - Broadcom Corporation - C:\Program Files\Broadcom Corporation\Broadcom USH Host Components\CV\bin\HostStorageService.exe
O23 - Service: @%SystemRoot%\system32\cryptsvc.dll,-1001 (CryptSvc) - Unknown owner - C:\Windows\system32\svchost.exe
O23 - Service: @%systemroot%\system32\cscsvc.dll,-200 (CscService) - Unknown owner - C:\Windows\System32\svchost.exe
O23 - Service: DSM SA Event Manager (dcevt64) - Dell Inc. - C:\Program Files\Dell\SysMgt\dataeng\bin\dsm_sa_eventmgr64.exe
O23 - Service: @oleres.dll,-5012 (DcomLaunch) - Unknown owner - C:\Windows\system32\svchost.exe
O23 - Service: Dell System Manager Service (dcpsysmgrsvc) - Dell Inc. - C:\Program Files\Dell\Dell System Manager\DCPSysMgrSvc.exe
O23 - Service: DSM SA Data Manager (dcstor64) - Dell Inc. - C:\Program Files\Dell\SysMgt\dataeng\bin\dsm_sa_datamgr64.exe
O23 - Service: @%SystemRoot%\system32\defragsvc.dll,-101 (defragsvc) - Unknown owner - C:\Windows\system32\svchost.exe
O23 - Service: @%SystemRoot%\system32\dhcpcore.dll,-100 (Dhcp) - Unknown owner - C:\Windows\system32\svchost.exe
O23 - Service: DirMngr - Unknown owner - C:\Program Files (x86)\GNU\GnuPG\dirmngr.exe
O23 - Service: @%SystemRoot%\System32\dnsapi.dll,-101 (Dnscache) - Unknown owner - C:\Windows\system32\svchost.exe
O23 - Service: @%systemroot%\system32\dot3svc.dll,-1102 (dot3svc) - Unknown owner - C:\Windows\system32\svchost.exe
O23 - Service: @%systemroot%\system32\dps.dll,-500 (DPS) - Unknown owner - C:\Windows\System32\svchost.exe
O23 - Service: @%systemroot%\system32\eapsvc.dll,-1 (EapHost) - Unknown owner - C:\Windows\System32\svchost.exe
O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\ehome\ehrecvr.exe,-101 (ehRecvr) - Unknown owner - C:\Windows\ehome\ehRecvr.exe
O23 - Service: @%SystemRoot%\ehome\ehsched.exe,-101 (ehSched) - Unknown owner - C:\Windows\ehome\ehsched.exe
O23 - Service: @%SystemRoot%\system32\wevtsvc.dll,-200 (eventlog) - Unknown owner - C:\Windows\System32\svchost.exe
O23 - Service: @comres.dll,-2450 (EventSystem) - Unknown owner - C:\Windows\system32\svchost.exe
O23 - Service: Intel® PROSet/Wireless Event Log (EvtEng) - Intel® Corporation - C:\Program Files\Intel\WiFi\bin\EvtEng.exe
O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing)
O23 - Service: @%systemroot%\system32\fdPHost.dll,-100 (fdPHost) - Unknown owner - C:\Windows\system32\svchost.exe
O23 - Service: @%systemroot%\system32\fdrespub.dll,-100 (FDResPub) - Unknown owner - C:\Windows\system32\svchost.exe
O23 - Service: @%systemroot%\system32\FntCache.dll,-100 (FontCache) - Unknown owner - C:\Windows\system32\svchost.exe
O23 - Service: @gpapi.dll,-112 (gpsvc) - Unknown owner - C:\Windows\system32\svchost.exe
O23 - Service: @%SystemRoot%\System32\hidserv.dll,-101 (hidserv) - Unknown owner - C:\Windows\system32\svchost.exe
O23 - Service: @%SystemRoot%\system32\kmsvc.dll,-6 (hkmsvc) - Unknown owner - C:\Windows\System32\svchost.exe
O23 - Service: @%SystemRoot%\System32\ListSvc.dll,-100 (HomeGroupListener) - Unknown owner - C:\Windows\System32\svchost.exe
O23 - Service: @%SystemRoot%\System32\provsvc.dll,-100 (HomeGroupProvider) - Unknown owner - C:\Windows\System32\svchost.exe
O23 - Service: hpqcxs08 - Unknown owner - C:\Windows\system32\svchost.exe
O23 - Service: Service HP CUE DeviceDiscovery (hpqddsvc) - Unknown owner - C:\Windows\system32\svchost.exe
O23 - Service: HP Network Devices Support (HPSLPSVC) - Unknown owner - C:\Windows\system32\svchost.exe
O23 - Service: Intel® Rapid Storage Technology (IAStorDataMgrSvc) - Intel Corporation - C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe
O23 - Service: @%SystemRoot%\system32\ikeext.dll,-501 (IKEEXT) - Unknown owner - C:\Windows\system32\svchost.exe
O23 - Service: Intel® Capability Licensing Service Interface - Intel® Corporation - C:\Program Files\Intel\iCLS Client\HeciServer.exe
O23 - Service: Intel® PROSet Monitoring Service - Unknown owner - C:\Windows\system32\IProsetMonitor.exe (file missing)
O23 - Service: @%systemroot%\system32\IPBusEnum.dll,-102 (IPBusEnum) - Unknown owner - C:\Windows\system32\svchost.exe
O23 - Service: @%SystemRoot%\system32\iphlpsvc.dll,-500 (iphlpsvc) - Unknown owner - C:\Windows\System32\svchost.exe
O23 - Service: Service de l’iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Intel® Identity Protection Technology Host Interface Service (jhi_service) - Intel Corporation - C:\Program Files (x86)\Intel\Services\IPT\jhi_service.exe
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @comres.dll,-2946 (KtmRm) - Unknown owner - C:\Windows\System32\svchost.exe
O23 - Service: @%systemroot%\system32\srvsvc.dll,-100 (LanmanServer) - Unknown owner - C:\Windows\system32\svchost.exe
O23 - Service: @%systemroot%\system32\wkssvc.dll,-100 (LanmanWorkstation) - Unknown owner - C:\Windows\System32\svchost.exe
O23 - Service: LEC TranslateDotNet Server - Language Engineering Corporation, LLC - C:\Program Files (x86)\Power Translator 15\LogoMedia TranslateDotNet Server.exe
O23 - Service: @%SystemRoot%\system32\lltdres.dll,-1 (lltdsvc) - Unknown owner - C:\Windows\System32\svchost.exe
O23 - Service: @%SystemRoot%\system32\lmhsvc.dll,-101 (lmhosts) - Unknown owner - C:\Windows\system32\svchost.exe
O23 - Service: Intel® Management and Security Application Local Management Service (LMS) - Intel Corporation - C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
O23 - Service: Ma-Config Service (maconfservice) - Unknown owner - C:\Program Files\ma-config.com\x64\maconfservice.exe
O23 - Service: @%systemroot%\system32\mmcss.dll,-100 (MMCSS) - Unknown owner - C:\Windows\system32\svchost.exe
O23 - Service: Mozilla Maintenance Service (MozillaMaintenance) - Mozilla Foundation - C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
O23 - Service: @%SystemRoot%\system32\FirewallAPI.dll,-23090 (MpsSvc) - Unknown owner - C:\Windows\system32\svchost.exe
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\iscsidsc.dll,-5000 (MSiSCSI) - Unknown owner - C:\Windows\system32\svchost.exe
O23 - Service: @%SystemRoot%\system32\msimsg.dll,-27 (msiserver) - Unknown owner - C:\Windows\system32\msiexec.exe
O23 - Service: Wireless PAN DHCP Server (MyWiFiDHCPDNS) - Unknown owner - C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe
O23 - Service: @%SystemRoot%\system32\qagentrt.dll,-6 (napagent) - Unknown owner - C:\Windows\System32\svchost.exe
O23 - Service: Net Driver HPZ12 - Unknown owner - C:\Windows\System32\svchost.exe
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\netman.dll,-109 (Netman) - Unknown owner - C:\Windows\System32\svchost.exe
O23 - Service: @%SystemRoot%\system32\netprofm.dll,-202 (netprofm) - Unknown owner - C:\Windows\System32\svchost.exe
O23 - Service: @%SystemRoot%\System32\nlasvc.dll,-1 (NlaSvc) - Unknown owner - C:\Windows\System32\svchost.exe
O23 - Service: @%SystemRoot%\system32\nsisvc.dll,-200 (nsi) - Unknown owner - C:\Windows\system32\svchost.exe
O23 - Service: NVIDIA Display Driver Service (nvsvc) - Unknown owner - C:\Windows\system32\nvvsvc.exe (file missing)
O23 - Service: NVIDIA Update Service Daemon (nvUpdatusService) - NVIDIA Corporation - C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
O23 - Service: O2FLASH - Unknown owner - C:\Windows\system32\DRIVERS\o2flash.exe (file missing)
O23 - Service: O2SDIOAssist - Unknown owner - C:\Windows\SysWOW64\srvany.exe
O23 - Service: @%SystemRoot%\system32\pnrpsvc.dll,-8004 (p2pimsvc) - Unknown owner - C:\Windows\System32\svchost.exe
O23 - Service: @%SystemRoot%\system32\p2psvc.dll,-8006 (p2psvc) - Unknown owner - C:\Windows\System32\svchost.exe
O23 - Service: @%SystemRoot%\system32\pcasvc.dll,-1 (PcaSvc) - Unknown owner - C:\Windows\system32\svchost.exe
O23 - Service: @%SystemRoot%\system32\peerdistsvc.dll,-9000 (PeerDistSvc) - Unknown owner - C:\Windows\System32\svchost.exe
O23 - Service: @%systemroot%\sysWow64\perfhost.exe,-2 (PerfHost) - Unknown owner - C:\Windows\SysWow64\perfhost.exe
O23 - Service: @%systemroot%\system32\pla.dll,-500 (pla) - Unknown owner - C:\Windows\System32\svchost.exe
O23 - Service: @%SystemRoot%\system32\umpnpmgr.dll,-100 (PlugPlay) - Unknown owner - C:\Windows\system32\svchost.exe
O23 - Service: Pml Driver HPZ12 - Unknown owner - C:\Windows\System32\svchost.exe
O23 - Service: @%SystemRoot%\system32\pnrpauto.dll,-8002 (PNRPAutoReg) - Unknown owner - C:\Windows\System32\svchost.exe
O23 - Service: @%SystemRoot%\system32\pnrpsvc.dll,-8000 (PNRPsvc) - Unknown owner - C:\Windows\System32\svchost.exe
O23 - Service: @%SystemRoot%\System32\polstore.dll,-5010 (PolicyAgent) - Unknown owner - C:\Windows\system32\svchost.exe
O23 - Service: @%SystemRoot%\system32\umpo.dll,-100 (Power) - Unknown owner - C:\Windows\system32\svchost.exe
O23 - Service: @%systemroot%\system32\profsvc.dll,-300 (ProfSvc) - Unknown owner - C:\Windows\system32\svchost.exe
O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\qwave.dll,-1 (QWAVE) - Unknown owner - C:\Windows\system32\svchost.exe
O23 - Service: @%Systemroot%\system32\rasauto.dll,-200 (RasAuto) - Unknown owner - C:\Windows\System32\svchost.exe
O23 - Service: @%Systemroot%\system32\rasmans.dll,-200 (RasMan) - Unknown owner - C:\Windows\System32\svchost.exe
O23 - Service: Intel® PROSet/Wireless Registry Service (RegSrvc) - Intel® Corporation - C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
O23 - Service: @regsvc.dll,-1 (RemoteRegistry) - Unknown owner - C:\Windows\system32\svchost.exe
O23 - Service: @%windir%\system32\RpcEpMap.dll,-1001 (RpcEptMapper) - Unknown owner - C:\Windows\system32\svchost.exe
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
O23 - Service: @oleres.dll,-5010 (RpcSs) - Unknown owner - C:\Windows\system32\svchost.exe
O23 - Service: SafeBox - Bitdefender - C:\Program Files\Bitdefender\Bitdefender SafeBox\safeboxservice.exe
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\System32\SCardSvr.dll,-1 (SCardSvr) - Unknown owner - C:\Windows\system32\svchost.exe
O23 - Service: @%SystemRoot%\system32\schedsvc.dll,-100 (Schedule) - Unknown owner - C:\Windows\System32\svchost.exe
O23 - Service: @%SystemRoot%\System32\certprop.dll,-13 (SCPolicySvc) - Unknown owner - C:\Windows\system32\svchost.exe
O23 - Service: @%SystemRoot%\system32\sdrsvc.dll,-107 (SDRSVC) - Unknown owner - C:\Windows\system32\svchost.exe
O23 - Service: @%SystemRoot%\system32\seclogon.dll,-7001 (seclogon) - Unknown owner - C:\Windows\system32\svchost.exe
O23 - Service: @%SystemRoot%\system32\Sens.dll,-200 (SENS) - Unknown owner - C:\Windows\system32\svchost.exe
O23 - Service: @%SystemRoot%\System32\sensrsvc.dll,-1000 (SensrSvc) - Unknown owner - C:\Windows\system32\svchost.exe
O23 - Service: @%SystemRoot%\System32\SessEnv.dll,-1026 (SessionEnv) - Unknown owner - C:\Windows\System32\svchost.exe
O23 - Service: @%SystemRoot%\system32\ipnathlp.dll,-106 (SharedAccess) - Unknown owner - C:\Windows\System32\svchost.exe
O23 - Service: @%SystemRoot%\System32\shsvcs.dll,-12288 (ShellHWDetection) - Unknown owner - C:\Windows\System32\svchost.exe
O23 - Service: Skype Updater (SkypeUpdate) - Skype Technologies - C:\Program Files (x86)\Skype\Updater\Updater.exe
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\sppuinotify.dll,-103 (sppuinotify) - Unknown owner - C:\Windows\system32\svchost.exe
O23 - Service: @%systemroot%\system32\ssdpsrv.dll,-100 (SSDPSRV) - Unknown owner - C:\Windows\system32\svchost.exe
O23 - Service: @%SystemRoot%\system32\sstpsvc.dll,-200 (SstpSvc) - Unknown owner - C:\Windows\system32\svchost.exe
O23 - Service: @%SystemRoot%\system32\stlang64.dll,-10101 (STacSV) - IDT, Inc. - C:\Program Files\IDT\WDM\STacSV64.exe
O23 - Service: NVIDIA Stereoscopic 3D Driver Service (Stereo Service) - NVIDIA Corporation - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
O23 - Service: @%SystemRoot%\system32\wiaservc.dll,-9 (stisvc) - Unknown owner - C:\Windows\system32\svchost.exe
O23 - Service: @%SystemRoot%\System32\StorSvc.dll,-100 (StorSvc) - Unknown owner - C:\Windows\System32\svchost.exe
O23 - Service: SwitchBoard - Adobe Systems Incorporated - C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
O23 - Service: @%SystemRoot%\System32\swprv.dll,-103 (swprv) - Unknown owner - C:\Windows\System32\svchost.exe
O23 - Service: @%SystemRoot%\system32\sysmain.dll,-1000 (SysMain) - Unknown owner - C:\Windows\system32\svchost.exe
O23 - Service: @%SystemRoot%\system32\TabSvc.dll,-100 (TabletInputService) - Unknown owner - C:\Windows\System32\svchost.exe
O23 - Service: @%SystemRoot%\system32\tapisrv.dll,-10100 (TapiSrv) - Unknown owner - C:\Windows\System32\svchost.exe
O23 - Service: @%SystemRoot%\system32\tbssvc.dll,-100 (TBS) - Unknown owner - C:\Windows\System32\svchost.exe
O23 - Service: @%SystemRoot%\System32\termsrv.dll,-268 (TermService) - Unknown owner - C:\Windows\System32\svchost.exe
O23 - Service: @%SystemRoot%\System32\themeservice.dll,-8192 (Themes) - Unknown owner - C:\Windows\System32\svchost.exe
O23 - Service: @%systemroot%\system32\mmcss.dll,-102 (THREADORDER) - Unknown owner - C:\Windows\system32\svchost.exe
O23 - Service: @%SystemRoot%\system32\trkwks.dll,-1 (TrkWks) - Unknown owner - C:\Windows\System32\svchost.exe
O23 - Service: @%SystemRoot%\servicing\TrustedInstaller.exe,-100 (TrustedInstaller) - Unknown owner - C:\Windows\servicing\TrustedInstaller.exe
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
O23 - Service: @%SystemRoot%\system32\umrdp.dll,-1000 (UmRdpService) - Unknown owner - C:\Windows\System32\svchost.exe
O23 - Service: Intel® Management and Security Application User Notification Service (UNS) - Intel Corporation - C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
O23 - Service: BitDefender Update Server v2 (Update Server) - BitDefender - C:\Program Files\Common Files\Bitdefender\Bitdefender Arrakis Server\bin\arrakis3.exe
O23 - Service: BitDefender Desktop Update Service (UPDATESRV) - Bitdefender - C:\Program Files\Bitdefender\Bitdefender 2012\updatesrv.exe
O23 - Service: @%systemroot%\system32\upnphost.dll,-213 (upnphost) - Unknown owner - C:\Windows\system32\svchost.exe
O23 - Service: @%SystemRoot%\system32\dwm.exe,-2000 (UxSms) - Unknown owner - C:\Windows\System32\svchost.exe
O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
O23 - Service: BitDefender Virus Shield (vsserv) - Bitdefender - C:\Program Files\Bitdefender\Bitdefender 2012\vsserv.exe
O23 - Service: wampapache - Apache Software Foundation - c:\wamp\bin\apache\apache2.2.21\bin\httpd.exe
O23 - Service: wampmysqld - Unknown owner - c:\wamp\bin\mysql\mysql5.5.20\bin\mysqld.exe
O23 - Service: @%SystemRoot%\system32\Wat\WatUX.exe,-601 (WatAdminSvc) - Unknown owner - C:\Windows\system32\Wat\WatAdminSvc.exe (file missing)
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)
O23 - Service: @%systemroot%\system32\wbiosrvc.dll,-100 (WbioSrvc) - Unknown owner - C:\Windows\system32\svchost.exe
O23 - Service: @%SystemRoot%\system32\wcncsvc.dll,-3 (wcncsvc) - Unknown owner - C:\Windows\System32\svchost.exe
O23 - Service: @%SystemRoot%\system32\WcsPlugInService.dll,-200 (WcsPlugInService) - Unknown owner - C:\Windows\system32\svchost.exe
O23 - Service: @%systemroot%\system32\wdi.dll,-502 (WdiServiceHost) - Unknown owner - C:\Windows\System32\svchost.exe
O23 - Service: @%systemroot%\system32\wdi.dll,-500 (WdiSystemHost) - Unknown owner - C:\Windows\System32\svchost.exe
O23 - Service: @%systemroot%\system32\webclnt.dll,-100 (WebClient) - Unknown owner - C:\Windows\system32\svchost.exe
O23 - Service: @%SystemRoot%\system32\wecsvc.dll,-200 (Wecsvc) - Unknown owner - C:\Windows\system32\svchost.exe
O23 - Service: @%SystemRoot%\System32\wercplsupport.dll,-101 (wercplsupport) - Unknown owner - C:\Windows\System32\svchost.exe
O23 - Service: @%SystemRoot%\System32\wersvc.dll,-100 (WerSvc) - Unknown owner - C:\Windows\System32\svchost.exe
O23 - Service: @%ProgramFiles%\Windows Defender\MsMpRes.dll,-103 (WinDefend) - Unknown owner - C:\Windows\System32\svchost.exe
O23 - Service: @%SystemRoot%\system32\winhttp.dll,-100 (WinHttpAutoProxySvc) - Unknown owner - C:\Windows\system32\svchost.exe
O23 - Service: @%Systemroot%\system32\wbem\wmisvc.dll,-205 (Winmgmt) - Unknown owner - C:\Windows\system32\svchost.exe
O23 - Service: @%Systemroot%\system32\wsmsvc.dll,-101 (WinRM) - Unknown owner - C:\Windows\System32\svchost.exe
O23 - Service: @%SystemRoot%\System32\wlansvc.dll,-257 (Wlansvc) - Unknown owner - C:\Windows\system32\svchost.exe
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)
O23 - Service: @%SystemRoot%\system32\wpcsvc.dll,-100 (WPCSvc) - Unknown owner - C:\Windows\system32\svchost.exe
O23 - Service: @%SystemRoot%\system32\wpdbusenum.dll,-100 (WPDBusEnum) - Unknown owner - C:\Windows\system32\svchost.exe
O23 - Service: @%SystemRoot%\System32\wscsvc.dll,-200 (wscsvc) - Unknown owner - C:\Windows\System32\svchost.exe
O23 - Service: @%systemroot%\system32\SearchIndexer.exe,-103 (WSearch) - Unknown owner - C:\Windows\system32\SearchIndexer.exe
O23 - Service: @%systemroot%\system32\wuaueng.dll,-105 (wuauserv) - Unknown owner - C:\Windows\system32\svchost.exe
O23 - Service: @%SystemRoot%\system32\wudfsvc.dll,-1000 (wudfsvc) - Unknown owner - C:\Windows\system32\svchost.exe
O23 - Service: @%SystemRoot%\System32\wwansvc.dll,-257 (WwanSvc) - Unknown owner - C:\Windows\system32\svchost.exe
O23 - Service: Intel® PROSet/Wireless Zero Configuration Service (ZeroConfigService) - Intel® Corporation - C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe

--
End of file - 35335 bytes


Edited by 0_shark_0, 27 June 2012 - 10:14 PM.


#12 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:01:48 PM

Posted 27 June 2012 - 10:17 PM

Greetings

These logs are looking very good, we are almost done!!! Just one more scan to go.

:Remove unneeded start-up entries:

This part of the fix is purely optional
These are programs that start up when you turn on your computer but don't need to be, any of these programs you can click on their icons (or start from the control panel) and start the program when you need it. By stopping these programs you will boot up faster and your computer will work faster.

If you have any problems running Hijackthis see NOTE** below (Host file not read, blank notepad ...)

  • Run HijackThis
  • Click on the Scan button
  • Put a check beside all of the items listed below (if present):

    • O4 - HKLM\..\Run: [PWRISOVM.EXE] C:\Program Files (x86)\PowerISO\PWRISOVM.EXE -startup
      O4 - HKLM\..\Run: [SwitchBoard] C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
      O4 - HKLM\..\Run: [AdobeCS5.5ServiceManager] "C:\Program Files (x86)\Common Files\Adobe\CS5.5ServiceManager\CS5.5ServiceManager.exe" -launchedbylogin
      O4 - HKLM\..\Run: [BCSSync] "C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe" /DelayServices
      O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
      O4 - HKLM\..\Run: [Adobe Acrobat Speed Launcher] "C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Acrobat_sl.exe"
      O4 - HKLM\..\Run: [Acrobat Assistant 8.0] "C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Acrotray.exe"
      O4 - HKLM\..\Run: [KiesTrayAgent] C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe
      O4 - HKLM\..\Run: [hpqSRMon] C:\Program Files (x86)\HP\Digital Imaging\bin\hpqSRMon.exe
      O4 - HKLM\..\Run: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
      O4 - HKLM\..\Run: [HP Software Update] C:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exe
      O4 - HKLM\..\Run: [LiveZilla] "C:\Program Files (x86)\LiveZilla\LiveZilla.exe" -minimize
      O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
      O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
      O4 - HKLM\..\Run: [AndroidSync] C:\Program Files (x86)\Android-Sync\AndroidSync.exe -m
      O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
      O4 - HKCU\..\Run: [KiesPDLR] C:\Program Files (x86)\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe
      O4 - HKCU\..\Run: [Facebook Update] "C:\Users\Hicham\AppData\Local\Facebook\Update\FacebookUpdate.exe" /c /nocrashserver
      O4 - HKCU\..\Run: [IDMan] C:\Program Files (x86)\Internet Download Manager\IDMan.exe /onboot
      O4 - HKUS\S-1-5-21-3245385906-3479983345-2242931313-1004\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'UpdatusUser')
      O4 - HKUS\S-1-5-21-3245385906-3479983345-2242931313-1004\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'UpdatusUser')
      O4 - Startup: PalTalk.lnk = C:\Program Files (x86)\Paltalk Messenger\paltalk.exe
      O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe
  • Close all open windows and browsers/email, etc...
  • Click on the "Fix Checked" button
  • When completed, close the application.

    NOTE**You can research each of those lines >here< and see if you want to keep them or not
    just copy the name between the brackets and paste into the search space
    O4 - HKLM\..\Run: [IntelliPoint]


NOTE**
sometimes we have to run it like this To run HijackThis as an administrator, right-click HijackThis.exe
(located: C:\Program Files\Trend Micro\HiJackThis\HiJackThis.exe)<--32bit
(located: C:\Program Files(86)\Trend Micro\HiJackThis\HiJackThis.exe)<--64bit
and select to run as administrator

Eset Online Scanner

**Note** You will need to use Internet explorer for this scan - Vista and win 7 right click on IE shortcut and run as admin

Go Eset web page to run an online scanner from ESET.

  • Turn off the real time scanner of any existing antivirus program while performing the online scan
  • click on the ESET Online Scanner button
  • Tick the box next to YES, I accept the Terms of Use.
    • Click Start
  • When asked, allow the ActiveX control to install
    • Click Start
  • Make sure that the option Remove found threats is unticked and the Scan Archives option is ticked.
  • Click on Advanced Settings, ensure the options
    Scan for potentially unwanted applications, Scan for potentially unsafe applications, and Enable Anti-Stealth Technology are ticked.
  • Click Scan
  • Wait for the scan to finish
  • Click on copy to clipboard or copy and paste the results here in this topic

Copy and paste that log as a reply to this topic

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#13 0_shark_0

0_shark_0
  • Topic Starter

  • Members
  • 70 posts
  • OFFLINE
  •  
  • Local time:05:48 PM

Posted 28 June 2012 - 05:13 PM

Hello

All the steps is done

pls find below the Eset log

C:\Program Files (x86)\PDF Password Remover v3.1\winDecrypt.exe probably a variant of Win32/PSWTool.PdfCracker.A application
C:\Program Files (x86)\PDF Password Remover v3.1\winDecrypt.exe.BAK probably a variant of Win32/PSWTool.PdfCracker.A application
C:\Program Files (x86)\Unlockroot\unlockroot.exe a variant of Win32/Packed.VProtect.C application
C:\Program Files (x86)\Unlockroot\tools\Superusers.apk a variant of Android/Adware.Leadbolt.B application
C:\Users\Hicham\Downloads\eMule\Incoming\[valid till 2012 )] modules prestashop(1).rar Win32/TrojanDownloader.Agent.QQD trojan
C:\Users\Hicham\Downloads\Programs\JDownloaderSetup_3IC.exe a variant of Win32/InstallCore.H application
C:\Users\Hicham\Downloads\Programs\unlockroot23-eng.exe a variant of Win32/Packed.VProtect.C application
C:\Windows\AutoKMS\AutoKMS.exe probably a variant of Win32/HackKMS.B application
D:\Recup e\Compressed\Andalouse.rar a variant of Win32/HackKMS.A application
E:\Logiciels\CS5.5 Master Collection Fonctionne\Adobe CS5_5\ADOBE CS5.5 MASTER COLLECTION KEYGEN UPDATE WIN&OSX -XFORCE\WIN\disable_activation.cmd BAT/HostsChanger.A application



#14 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:01:48 PM

Posted 29 June 2012 - 09:05 PM

Hello

There are some minor things in your online scan that should be removed.


delete files

  • Copy all text in the quote box (below)...to Notepad.

    @echo off
    del /f /s /q "C:\Program Files (x86)\PDF Password Remover v3.1\winDecrypt.exe"
    del /f /s /q "C:\Program Files (x86)\PDF Password Remover v3.1\winDecrypt.exe.BAK"
    del /f /s /q "C:\Program Files (x86)\Unlockroot\unlockroot.exe"
    del /f /s /q "C:\Program Files (x86)\Unlockroot\tools\Superusers.apk"
    del /f /s /q "C:\Users\Hicham\Downloads\eMule\Incoming\[valid till 2012 )] modules prestashop(1).rar"
    del /f /s /q "C:\Users\Hicham\Downloads\Programs\JDownloaderSetup_3IC.exe"
    del /f /s /q "C:\Users\Hicham\Downloads\Programs\unlockroot23-eng.exe"
    del /f /s /q "C:\Windows\AutoKMS\AutoKMS.exe"
    del /f /s /q "D:\Recup e\Compressed\Andalouse.rar"
    del /f /s /q "E:\Logiciels\CS5.5 Master Collection Fonctionne\Adobe CS5_5\ADOBE CS5.5 MASTER COLLECTION KEYGEN UPDATE WIN&OSX -XFORCE\WIN\disable_activation.cmd"
    del %0

  • Save the Notepad file on your desktop...as delfile.bat... save type as "All Files"
    It should look like this: Posted Image<--XPPosted Image<--vista
  • Double click on delfile.bat to execute it.
    A black CMD window will flash, then disappear...this is normal.
  • The files and folders, if found...will have been deleted and the "delfile.bat" file will also be deleted.


The rest of the Online scan is only reporting backups created during the course of this fix C:\Qoobox\Quarantine\, and/or items located in System Restore's cache C:\System Volume Information\, Whatever is in these folders can't harm you unless you choose to perform a manual restore. the following steps will remove these backups.




Very well done!! This is my general post for when your logs show no more signs of malware - Please let me know if you still are having problems with your computer and what these problems are.


:Why we need to remove some of our tools:

Some of the tools we have used to clean your computer were made by fellow malware fighters and are very powerful and if used incorrectly or at the wronge time can make the computer an expensive paper weight.
They are updated all the time and some of them more than once a day so by the time you are ready to use them again they will already be outdated.

The following procedures will implement some cleanup procedures to remove these tools. It will also reset your System Restore by flushing out previous restore points and create a new restore point. It will also remove all the backups our tools may have made.
:DeFogger:

Note** Defogger only needs to be run if it was run when we first started. If you have not already run it then skip this.

  • To re-enable your Emulation drivers, double click DeFogger to run the tool.
  • The application window will appear
  • Click the Re-enable button to re-enable your CD Emulation drivers
  • Click Yes to continue
  • A 'Finished!' message will appear
  • Click OK
  • DeFogger will now ask to reboot the machine - click OK.
Your Emulation drivers are now re-enabled.

:Uninstall ComboFix:

  • turn off all active protection software
  • push the "windows key" + "R" (between the "Ctrl" button and "Alt" Button)
  • please copy and past the following into the box ComboFix /Uninstall and click OK.
  • Note the space between the X and the /Uninstall, it needs to be there.
  • Posted Image

:Remove the rest of our tools:

Please download OTCleanIt and save it to desktop. This tool will remove all the tools we used to clean your pc.
  • Double-click OTCleanIt.exe.
  • Click the CleanUp! button.
  • Select Yes when the "Begin cleanup Process?" prompt appears.
  • If you are prompted to Reboot during the cleanup, select Yes.
  • The tool will delete itself once it finishes, if not delete it by yourself.
  • If asked to restart the computer, please do so
Note: If you receive a warning from your firewall or other security programs regarding OTCleanIt attempting to contact the internet, please allow it to do so.

:The programs you can keep:

Some of the programs that we have used would be a good idea to keep and used often in helping to keep the computer clean. I use these programs on my computer.

Revo Uninstaller Free - this is the uninstaller that I had you download and works allot better than add/remove in windows and has saved me more than once from corrupted installs and uninstalls

CCleaner - This is a good program to clean out temp files, I would use this once a week or before any malware scan to remove unwanted temp files - It has a built in registry cleaner but I would leave that alone and not use any registry cleaner

Malwarebytes' Anti-Malware The Gold standerd today in antimalware scanners

:Security programs:

One of the questions I am asked all the time is "What programs do you use" I have at this time 4 computers in my home and I have this setup on all 4 of them.

  • Microsoft Security Essentials - provides real-time protection for your home PC that guards against viruses, spyware, and other malicious software.
  • WinPatrol As a robust security monitor, WinPatrol will alert you to hijackings, malware attacks and critical changes made to your computer without your permission. WinPatrol takes snapshot of your critical system resources and alerts you to any changes that may occur without your knowledge.
  • Malwarebytes' Anti-Malware Malwarebytes' Anti-Malware is a new and powerful anti-malware tool. It is
    totally free but for real-time protection you will have to pay a small one-time fee. We used this to help clean your computer and recomend keeping it and using often. (I have upgraded to the paid version of MBAM and I am glad I did)


    Note** If you decide to install MSE you will need to uninstall your present Antivirus

:Security awareness:

The other question I am asked all the time is "How can I prevent this from happening again." and the short answer to that is to be aware of what is out there and how to start spotting dangers.

Here are some articles that are must reads and should be read by everybody in your household that uses the internet

internetsafety

Internet Safety for Kids

Here is some more reading for you from some of my colleges

PC Safety and Security - What Do I Need? from my friends at Tech Support Forum

COMPUTER SECURITY - a short guide to staying safer online from my friends at Malware Removal

quoted from Tech Support Forum

Conclusion

There is no such thing as ‘perfect security’. This applies to many things, not just computer systems. Using the above guide you should be able to take all the reasonable steps you can to prevent infection. However, the most important part of all this is you, the user. Surf sensibly and think before you download a file or click on a link. Take a few moments to assess the possible risks and you should be able to enjoy all the internet has to offer.


I'd be grateful if you could reply to this post so that I know you have read it and, if you've no other questions, the thread can then be closed.

I Will Keep This Open For About Three Days, If Anything Comes Up - Just Come Back And Let Me Know, after that time you will have to send me a PM

My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->Posted Image<-- Don't worry every little bit helps.

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#15 0_shark_0

0_shark_0
  • Topic Starter

  • Members
  • 70 posts
  • OFFLINE
  •  
  • Local time:05:48 PM

Posted 30 June 2012 - 04:50 PM

Hello Gringo

Thanks a lot for your help, all the steps was done and my pc is faster now.

Thanks for your prompt replies and thanks for all the team

Best regards




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users