Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Infected by Trojan Win32/Fynloski.AA :(


  • This topic is locked This topic is locked
26 replies to this topic

#1 0_shark_0

0_shark_0

  • Members
  • 70 posts
  • OFFLINE
  •  
  • Local time:06:31 PM

Posted 21 September 2012 - 09:24 PM

Hello

I have eset smart security, and it detect that my laptop is infected by Trojan Win32/Fynloski.AA and impossible to delete it :(

Can anyone help me please

thanks a lot

BC AdBot (Login to Remove)

 


#2 0_shark_0

0_shark_0
  • Topic Starter

  • Members
  • 70 posts
  • OFFLINE
  •  
  • Local time:06:31 PM

Posted 21 September 2012 - 09:27 PM

Hello

Pls find below and attached dds report:


DDS (Ver_2011-08-26.01) - NTFSAMD64
Internet Explorer: 9.0.8112.16421 BrowserJavaVersion: 10.5.1
Run by Hicham at 3:22:32 on 2012-09-22
Microsoft Windows 7 Édition Intégrale 6.1.7601.1.1252.33.1036.18.8073.3437 [GMT 0:00]
.
AV: ESET Smart Security 5.2 *Enabled/Updated* {77DEAFED-8149-104B-25A1-21771CA47CD1}
SP: ESET Smart Security 5.2 *Enabled/Updated* {CCBF4E09-A773-1FC5-1F11-1A056723366C}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
FW: Pare-feu personnel d'ESET *Enabled* {4FE52EC8-CB26-1113-0EFE-8842E2773BAA}
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\nvvsvc.exe
C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Program Files\IDT\WDM\STacSV64.exe
C:\Windows\system32\svchost.exe -k LocalService
C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
C:\Windows\system32\nvvsvc.exe
C:\Windows\system32\WUDFHost.exe
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\WLANExt.exe
C:\Windows\system32\conhost.exe
C:\Windows\System32\spoolsv.exe
C:\Program Files\Broadcom Corporation\Broadcom USH Host Components\CV\bin\HostControlService.exe
C:\Program Files\Broadcom Corporation\Broadcom USH Host Components\CV\bin\HostStorageService.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE
C:\Program Files\IDT\WDM\AESTSr64.exe
C:\Program Files (x86)\BlueStacks\HD-LogRotatorService.exe
C:\Program Files\ESET\ESET Smart Security\x86\ekrn.exe
C:\Program Files\Intel\WiFi\bin\EvtEng.exe
c:\Program Files\Intel\iCLS Client\HeciServer.exe
C:\Windows\system32\IProsetMonitor.exe
C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe
C:\Windows\System32\svchost.exe -k HPZ12
C:\Windows\system32\DRIVERS\o2flash.exe
C:\Windows\SysWOW64\srvany.exe
C:\Windows\sysWOW64\SDIOAssist.exe
C:\Program Files\OO Software\Defrag\oodag.exe
C:\Windows\System32\svchost.exe -k HPZ12
C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files (x86)\TeamViewer\Version7\TeamViewer_Service.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Program Files (x86)\BlueStacks\HD-Service.exe
C:\Program Files\Dell\Feature Enhancement Pack\DFEPService.exe
C:\Program Files (x86)\BlueStacks\HD-Network.exe
C:\Windows\system32\conhost.exe
C:\Program Files (x86)\BlueStacks\HD-BlockDevice.exe
C:\Windows\system32\conhost.exe
C:\Program Files (x86)\BlueStacks\HD-FileSystem.exe
C:\Windows\system32\conhost.exe
C:\Windows\System32\alg.exe
C:\Windows\system32\svchost.exe -k bthsvcs
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\system32\taskhost.exe
C:\Windows\system32\Dwm.exe
C:\Windows\system32\taskeng.exe
C:\Windows\Explorer.EXE
C:\Windows\System32\rundll32.exe
C:\Users\Hicham\AppData\Local\Temp\Rar$EXa0.099\Core Temp.exe
C:\Windows\System32\igfxtray.exe
C:\Windows\System32\hkcmd.exe
C:\Windows\System32\igfxpers.exe
C:\Program Files\IDT\WDM\sttray64.exe
C:\Program Files\Dell\Feature Enhancement Pack\DFEPApplication.exe
C:\Program Files\DellTPad\Apoint.exe
C:\Program Files\ESET\ESET Smart Security\egui.exe
C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe
C:\Program Files\OO Software\Defrag\oodtray.exe
C:\Program Files\DellTPad\ApMsgFwd.exe
C:\Windows\System32\StikyNot.exe
C:\Program Files (x86)\Samsung\Kies\Kies.exe
C:\Program Files\DellTPad\HidFind.exe
C:\Program Files\SUPERAntiSpyware\SUPERANTISPYWARE.EXE
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\DellTPad\Apntex.exe
C:\Windows\system32\conhost.exe
C:\Program Files (x86)\ManyCam\Bin\ManyCam.exe
C:\Windows\system32\SearchIndexer.exe
C:\Program Files (x86)\PowerISO\PWRISOVM.EXE
C:\Users\Hicham\AppData\Local\Facebook\Messenger\2.1.4631.0\FacebookMessenger.exe
C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\acrotray.exe
C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe
C:\Program Files (x86)\HP\Digital Imaging\bin\HpqSRmon.exe
C:\Program Files (x86)\MSN Toolbar\Platform\5.0.1449.0\mswinext.exe
C:\Program Files (x86)\BlueStacks\HD-Agent.exe
C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe
C:\Windows\system32\wbem\unsecapp.exe
"C:\Users\Hicham\AppData\Roaming\svchost.exe"
C:\Program Files (x86)\Paltalk Messenger\paltalk.exe
C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Program Files\Dell\Feature Enhancement Pack\SmartSettings.exe
C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exe
C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe
C:\Program Files\Intel\BluetoothHS\BTHSAmpPalService.exe
C:\Program Files\Intel\BluetoothHS\BTHSSecurityMgr.exe
C:\Windows\system32\svchost.exe -k HPService
C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe
C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
C:\Windows\System32\svchost.exe -k secsvcs
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Users\Hicham\AppData\Local\Google\Google Talk Plugin\googletalkplugin.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Windows\servicing\TrustedInstaller.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\conhost.exe
C:\Windows\SysWOW64\cscript.exe
C:\Windows\system32\wbem\wmiprvse.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = www.wana.ma
mStart Page = about:blank
mWinlogon: Userinit=userinit.exe,
BHO: HP Print Enhancer: {0347c33e-8762-4905-bf09-768834316c61} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - C:\PROGRA~2\MICROS~1\Office14\GROOVEEX.DLL
BHO: Java™ Plug-In SSV Helper: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\ssv.dll
BHO: Programme d’aide de l’Assistant de connexion au compte Microsoft: {9030d464-4c02-4abf-8ecc-5164760863c6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO: Adobe PDF Conversion Toolbar Helper: {ae7cd045-e861-484f-8273-0445ee161910} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
BHO: Skype Browser Helper: {ae805869-2e5c-4ed4-8f7b-f1f7851a4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
BHO: Office Document Cache Handler: {b4f3a835-0e21-4959-ba22-42b3008e02ff} - C:\PROGRA~2\MICROS~1\Office14\URLREDIR.DLL
BHO: Bing Bar BHO: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files (x86)\MSN Toolbar\Platform\5.0.1449.0\npwinext.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\jp2ssv.dll
BHO: SmartSelect Class: {f4971ee7-daa0-4053-9964-665d8ee6a077} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
BHO: HP Smart BHO Class: {ffffffff-cf4e-4f2b-bdc2-0e72e116a856} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
TB: Adobe PDF: {47833539-d0c5-4125-9fa8-0819e2eaac93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
TB: @C:\Program Files (x86)\MSN Toolbar\Platform\5.0.1449.0\npwinext.dll,-100: {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files (x86)\MSN Toolbar\Platform\5.0.1449.0\npwinext.dll
EB: HP Smart Web Printing: {555d4d79-4bd2-4094-a395-cfc534424a05} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_bho.dll
uRun: [AdobeBridge]
uRun: [Facebook Update] "C:\Users\Hicham\AppData\Local\Facebook\Update\FacebookUpdate.exe" /c /nocrashserver
uRun: [Google Update] "C:\Users\Hicham\AppData\Local\Google\Update\GoogleUpdate.exe" /c
uRun: [RESTART_STICKY_NOTES] C:\Windows\System32\StikyNot.exe
uRun: [KiesPreload] C:\Program Files (x86)\Samsung\Kies\Kies.exe /preload
uRun: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
uRun: [SkyDrive] "C:\Users\Hicham\AppData\Local\Microsoft\SkyDrive\SkyDrive.exe" /background
uRun: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
uRun: [ManyCam] "C:\Program Files (x86)\ManyCam\Bin\ManyCam.exe" /silent
uRun: [Skype] "C:\Program Files (x86)\Skype\Phone\Skype.exe" /minimized /regrun
mRun: [PWRISOVM.EXE] C:\Program Files (x86)\PowerISO\PWRISOVM.EXE -startup
mRun: [IAStorIcon] C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIconLaunch.exe "C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe" 60
mRun: [BCSSync] "C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe" /DelayServices
mRun: [SwitchBoard] C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
mRun: [AdobeCS6ServiceManager] "C:\Program Files (x86)\Common Files\Adobe\CS6ServiceManager\CS6ServiceManager.exe" -launchedbylogin
mRun: [Adobe Acrobat Speed Launcher] "C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Acrobat_sl.exe"
mRun: [Acrobat Assistant 8.0] "C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Acrotray.exe"
mRun: [KiesTrayAgent] C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe
mRun: [hpqSRMon] C:\Program Files (x86)\HP\Digital Imaging\bin\hpqSRMon.exe
mRun: [Bing Bar] "C:\Program Files (x86)\MSN Toolbar\Platform\5.0.1449.0\mswinext.exe"
mRun: [BlueStacks Agent] C:\Program Files (x86)\BlueStacks\HD-Agent.exe
mRun: [HP Software Update] C:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exe
mRun: [<NO NAME>]
mRun: [WinLogon] C:\Users\Hicham\AppData\Roaming\svchost.exe
StartupFolder: C:\Users\Hicham\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\FACEBO~1.LNK - C:\Users\Hicham\AppData\Local\Facebook\Messenger\2.1.4631.0\FacebookMessenger.exe
StartupFolder: C:\Users\Hicham\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\PalTalk.lnk - C:\Program Files (x86)\Paltalk Messenger\paltalk.exe
StartupFolder: C:\Users\Hicham\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\SMARTS~1.LNK - C:\Program Files (x86)\Dell\Feature Enhancement Pack\SmartSettings.exe
mPolicies-explorer: NoActiveDesktop = 1 (0x1)
mPolicies-explorer: NoActiveDesktopChanges = 1 (0x1)
mPolicies-system: ConsentPromptBehaviorAdmin = 0 (0x0)
mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
mPolicies-system: EnableLUA = 0 (0x0)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
mPolicies-system: PromptOnSecureDesktop = 0 (0x0)
IE: &Envoyer à OneNote - C:\PROGRA~2\MICROS~1\Office14\ONBttnIE.dll/105
IE: Ajouter la cible du lien à un fichier PDF existant - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Ajouter à un fichier PDF existant - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convertir au format Adobe PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECapture.html
IE: Convertir la cible du lien au format Adobe PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: E&xporter vers Microsoft Excel - C:\PROGRA~2\MICROS~1\Office14\EXCEL.EXE/3000
IE: Envoyer au périphérique &Bluetooth... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
IE: Envoyer l'&image au périphérique Bluetooth... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
IE: {4EAFEF58-EEFA-4116-983D-03B49BCBFFFE} - C:\Program Files (x86)\Paltalk Messenger\Paltalk.exe
IE: {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll
IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
IE: {DDE87865-83C5-48c4-8357-2F5B1AA84522} - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
DPF: {682C59F5-478C-4421-9070-AD170D143B77} - hxxp://www.dell.com/support/troubleshooting/Content/Ode/pcd86.cab
DPF: {8CFCF42C-1C64-47D6-AEEC-F9D001832ED3} - hxxp://xserv.dell.com/DellDriverScanner/DellSystem.CAB
DPF: {C1F8FC10-E5DB-4112-9DBF-6C3FF728D4E3} - hxxp://support.dell.com/systemprofiler/DellSystemLite.CAB
DPF: {CF84DAC5-A4F5-419E-A0BA-C01FFD71112F} - hxxp://content.systemrequirementslab.com.s3.amazonaws.com/global/bin/srldetect_intel_4.5.9.0.cab
TCP: Interfaces\{17FE5814-DF3E-439E-9419-61D452396F81} : NameServer = 192.168.2.1
TCP: Interfaces\{4FC4490B-3728-4AC0-9C4C-C4568222543B} : NameServer = 192.168.1.1
TCP: Interfaces\{4FC4490B-3728-4AC0-9C4C-C4568222543B}\2656E6D616B686C6F65766 : DhcpNameServer = 192.168.1.1
TCP: Interfaces\{4FC4490B-3728-4AC0-9C4C-C4568222543B}\C496E6B63797370284F6D656 : DhcpNameServer = 62.251.229.237
Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\microsoft shared\OFFICE14\MSOXMLMF.DLL
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL
Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
AppInit_DLLs: C:\Windows\SysWOW64\nvinit.dll
SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - C:\PROGRA~2\MICROS~1\Office14\GROOVEEX.DLL
{0347C33E-8762-4905-BF09-768834316C61}
{18DF081C-E8AD-4283-A596-FA578C2EBDC3}
{72853161-30C5-4D22-B7F9-0BBC1D38A37E}
{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}
{9030D464-4C02-4ABF-8ECC-5164760863C6}
{AE7CD045-E861-484f-8273-0445EE161910}
{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}
{B4F3A835-0E21-4959-BA22-42B3008E02FF}
{d2ce3e00-f94a-4740-988e-03dc2f38c34f}
{DBC80044-A445-435b-BC74-9C25C1C588A9}
{F4971EE7-DAA0-4053-9964-665D8EE6A077}
{FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856}
{47833539-D0C5-4125-9FA8-0819E2EAAC93}
{8dcb7100-df86-4384-8842-8fa844297b3f}
EB-X64: {555D4D79-4BD2-4094-A395-CFC534424A05} - No File
mRun-x64: [PWRISOVM.EXE] C:\Program Files (x86)\PowerISO\PWRISOVM.EXE -startup
mRun-x64: [IAStorIcon] C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIconLaunch.exe "C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe" 60
mRun-x64: [BCSSync] "C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe" /DelayServices
mRun-x64: [SwitchBoard] C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
mRun-x64: [AdobeCS6ServiceManager] "C:\Program Files (x86)\Common Files\Adobe\CS6ServiceManager\CS6ServiceManager.exe" -launchedbylogin
mRun-x64: [Adobe Acrobat Speed Launcher] "C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Acrobat_sl.exe"
mRun-x64: [Acrobat Assistant 8.0] "C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Acrotray.exe"
mRun-x64: [KiesTrayAgent] C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe
mRun-x64: [hpqSRMon] C:\Program Files (x86)\HP\Digital Imaging\bin\hpqSRMon.exe
mRun-x64: [Bing Bar] "C:\Program Files (x86)\MSN Toolbar\Platform\5.0.1449.0\mswinext.exe"
mRun-x64: [BlueStacks Agent] C:\Program Files (x86)\BlueStacks\HD-Agent.exe
mRun-x64: [HP Software Update] C:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exe
mRun-x64: [(par d‚faut)]
mRun-x64: [WinLogon] C:\Users\Hicham\AppData\Roaming\svchost.exe
IE-X64: {4EAFEF58-EEFA-4116-983D-03B49BCBFFFE} - C:\Program Files (x86)\Paltalk Messenger\Paltalk.exe
IE-X64: {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
AppInit_DLLs-X64: C:\Windows\SysWOW64\nvinit.dll
SEH-X64: {B5A7F190-DDA6-4420-B3BA-52453494E6CD}: Groove GFS Stub Execution Hook
.
================= FIREFOX ===================
.
FF - ProfilePath - C:\Users\Hicham\AppData\Roaming\Mozilla\Firefox\Profiles\ixkcmcc3.default\
FF - prefs.js: browser.startup.homepage - about:home
FF - plugin: C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL
FF - plugin: C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL
FF - plugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll
FF - plugin: C:\Program Files (x86)\Google\Update\1.3.21.115\npGoogleUpdate3.dll
FF - plugin: C:\Program Files (x86)\Google\Update\1.3.21.123\npGoogleUpdate3.dll
FF - plugin: C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIIPT.dll
FF - plugin: C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIUpdater.dll
FF - plugin: C:\Program Files (x86)\Microsoft Silverlight\5.1.10411.0\npctrlui.dll
FF - plugin: C:\Program Files (x86)\MSN Toolbar\Platform\5.0.1449.0\npwinext.dll
FF - plugin: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll
FF - plugin: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll
FF - plugin: C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\plugin2\npjp2.dll
FF - plugin: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
FF - plugin: C:\Program Files\ma-config.com\nphardwaredetection.dll
FF - plugin: C:\Users\Hicham\AppData\Local\Facebook\Messenger\2.1.4631.0\npFbDesktopPlugin.dll
FF - plugin: C:\Users\Hicham\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll
FF - plugin: C:\Users\Hicham\AppData\Local\Google\Update\1.3.21.123\npGoogleUpdate3.dll
FF - plugin: C:\Users\Hicham\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll
FF - plugin: C:\Users\Hicham\AppData\Roaming\Mozilla\plugins\npgtpo3dautoplugin.dll
FF - plugin: C:\Windows\SysWOW64\Adobe\Director\np32dsw_1165635.dll
FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_4_402_278.dll
FF - plugin: C:\Windows\SysWOW64\npDeployJava1.dll
FF - plugin: C:\Windows\SysWOW64\npmproxy.dll
.
---- FIREFOX POLICIES ----
FF - user.js: extensions.funmoods.hmpg - true
FF - user.js: extensions.funmoods.hmpgUrl - hxxp://start.funmoods.com/?f=1&a=iron2&chnl=iron2&cd=2XzuyEtN2Y1L1Qzu0DtD0D0Fzy0A0ByEtBtCtD0FyByBtD0AtN0D0Tzu0StBtDyBtN1L2XzutBtFtCtFtCtFtAtCtB&cr=102119856
FF - user.js: extensions.funmoods.dfltSrch - true
FF - user.js: extensions.funmoods.srchPrvdr - Search
FF - user.js: extensions.funmoods.dnsErr - true
FF - user.js: extensions.funmoods_i.newTab - true
FF - user.js: extensions.funmoods.newTabUrl - hxxp://start.funmoods.com/?f=2&a=iron2&chnl=iron2&cd=2XzuyEtN2Y1L1Qzu0DtD0D0Fzy0A0ByEtBtCtD0FyByBtD0AtN0D0Tzu0StBtDyBtN1L2XzutBtFtCtFtCtFtAtCtB&cr=102119856
FF - user.js: extensions.funmoods.tlbrSrchUrl - hxxp://start.funmoods.com/?f=3&a=iron2&chnl=iron2&cd=2XzuyEtN2Y1L1Qzu0DtD0D0Fzy0A0ByEtBtCtD0FyByBtD0AtN0D0Tzu0StBtDyBtN1L2XzutBtFtCtFtCtFtAtCtB&cr=102119856&q=
FF - user.js: extensions.funmoods.id - D0DF9AB4210F770A
FF - user.js: extensions.funmoods.instlDay - 15547
FF - user.js: extensions.funmoods.vrsn - 1.5.23.22
FF - user.js: extensions.funmoods.vrsni - 1.5.23.22
FF - user.js: extensions.funmoods_i.vrsnTs - 1.5.23.2218:7:1
FF - user.js: extensions.funmoods.prtnrId - funmoods
FF - user.js: extensions.funmoods.prdct - funmoods
FF - user.js: extensions.funmoods.aflt - iron2
FF - user.js: extensions.funmoods_i.smplGrp - none
FF - user.js: extensions.funmoods.tlbrId - base
FF - user.js: extensions.funmoods.instlRef - iron2
FF - user.js: extensions.funmoods.dfltLng -
FF - user.js: extensions.funmoods.excTlbr - false
FF - user.js: extensions.funmoods.autoRvrt - false
FF - user.js: extensions.funmoods.envrmnt - production
FF - user.js: extensions.funmoods.isdcmntcmplt - true
FF - user.js: extensions.funmoods.mntrvrsn - 1.3.0
.
============= SERVICES / DRIVERS ===============
.
R0 epfwwfp;epfwwfp;C:\Windows\system32\DRIVERS\epfwwfp.sys --> C:\Windows\system32\DRIVERS\epfwwfp.sys [?]
R0 iaStorA;iaStorA;C:\Windows\system32\DRIVERS\iaStorA.sys --> C:\Windows\system32\DRIVERS\iaStorA.sys [?]
R0 iaStorF;iaStorF;C:\Windows\system32\DRIVERS\iaStorF.sys --> C:\Windows\system32\DRIVERS\iaStorF.sys [?]
R0 nvpciflt;nvpciflt;C:\Windows\system32\DRIVERS\nvpciflt.sys --> C:\Windows\system32\DRIVERS\nvpciflt.sys [?]
R0 PxHlpa64;PxHlpa64;C:\Windows\system32\Drivers\PxHlpa64.sys --> C:\Windows\system32\Drivers\PxHlpa64.sys [?]
R1 eamonm;eamonm;C:\Windows\system32\DRIVERS\eamonm.sys --> C:\Windows\system32\DRIVERS\eamonm.sys [?]
R1 ElRawDisk;ElRawDisk;\??\C:\Windows\system32\drivers\ElRawDsk.sys --> C:\Windows\system32\drivers\ElRawDsk.sys [?]
R1 EpfwLWF;Epfw NDIS LightWeight Filter;C:\Windows\system32\DRIVERS\EpfwLWF.sys --> C:\Windows\system32\DRIVERS\EpfwLWF.sys [?]
R1 nvkflt;nvkflt;C:\Windows\system32\DRIVERS\nvkflt.sys --> C:\Windows\system32\DRIVERS\nvkflt.sys [?]
R1 SASDIFSV;SASDIFSV;C:\Program Files\SUPERAntiSpyware\sasdifsv64.sys [2011-7-22 14928]
R1 SASKUTIL;SASKUTIL;C:\Program Files\SUPERAntiSpyware\saskutil64.sys [2011-7-12 12368]
R1 vwififlt;Virtual WiFi Filter Driver;C:\Windows\system32\DRIVERS\vwififlt.sys --> C:\Windows\system32\DRIVERS\vwififlt.sys [?]
R2 !SASCORE;SAS Core Service;C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE [2011-8-11 140672]
R2 AESTFilters;Andrea ST Filters Service;C:\Program Files\IDT\WDM\AESTSr64.exe [2012-7-22 89600]
R2 AMPPALR3;Intel® Centrino® Wireless Bluetooth® + High Speed Service;C:\Program Files\Intel\BluetoothHS\BTHSAmpPalService.exe [2012-3-15 659976]
R2 BstHdAndroidSvc;BlueStacks Android Service;C:\Program Files (x86)\BlueStacks\HD-Service.exe [2012-8-29 397176]
R2 BstHdDrv;BlueStacks Hypervisor;C:\Program Files (x86)\BlueStacks\HD-Hypervisor-amd64.sys [2012-8-29 74616]
R2 BstHdLogRotatorSvc;BlueStacks Log Rotator Service;C:\Program Files (x86)\BlueStacks\HD-LogRotatorService.exe [2012-8-29 384888]
R2 BTHSSecurityMgr;Intel® Centrino® Wireless Bluetooth® + High Speed Security Service;C:\Program Files\Intel\BluetoothHS\BTHSSecurityMgr.exe [2012-4-23 135952]
R2 Credential Vault Host Control Service;Credential Vault Host Control Service;C:\Program Files\Broadcom Corporation\Broadcom USH Host Components\CV\bin\HostControlService.exe [2011-12-2 1043872]
R2 Credential Vault Host Storage;Credential Vault Host Storage;C:\Program Files\Broadcom Corporation\Broadcom USH Host Components\CV\bin\HostStorageService.exe [2011-12-2 36768]
R2 DFEPService;Dell Feature Enhancement Pack Service;C:\Program Files\Dell\Feature Enhancement Pack\DFEPService.exe [2012-5-8 2279960]
R2 ekrn;ESET Service;C:\Program Files\ESET\ESET Smart Security\x86\ekrn.exe [2012-3-7 913144]
R2 IAStorDataMgrSvc;Technologie de stockage Intel® Rapid;C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe [2012-7-22 14904]
R2 Intel® Capability Licensing Service Interface;Intel® Capability Licensing Service Interface;C:\Program Files\Intel\iCLS Client\HeciServer.exe [2012-4-20 635104]
R2 Intel® PROSet Monitoring Service;Intel® PROSet Monitoring Service;C:\Windows\system32\IProsetMonitor.exe --> C:\Windows\system32\IProsetMonitor.exe [?]
R2 jhi_service;Intel® Dynamic Application Loader Host Interface Service;C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\Jhi_service.exe [2012-7-22 165144]
R2 nvUpdatusService;NVIDIA Update Service Daemon;C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe [2012-7-22 1258856]
R2 O2SDIOAssist;O2SDIOAssist;C:\Windows\SysWOW64\srvany.exe [2012-7-22 8192]
R2 OODefragAgent;O&O Defrag;C:\Program Files\OO Software\Defrag\oodag.exe [2012-6-6 3293552]
R2 Skype C2C Service;Skype C2C Service;C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe [2012-8-13 3064000]
R2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2012-8-30 382312]
R2 TeamViewer7;TeamViewer 7;C:\Program Files (x86)\TeamViewer\Version7\TeamViewer_Service.exe [2012-8-22 2673064]
R2 ZeroConfigService;Intel® PROSet/Wireless Zero Configuration Service;C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe [2012-6-25 3325232]
R3 AMPPAL;Carte réseau virtuelle Intel® Centrino® Wireless Bluetooth® + High Speed;C:\Windows\system32\DRIVERS\AMPPAL.sys --> C:\Windows\system32\DRIVERS\AMPPAL.sys [?]
R3 cvusbdrv;Dell ControlVault;C:\Windows\system32\Drivers\cvusbdrv.sys --> C:\Windows\system32\Drivers\cvusbdrv.sys [?]
R3 driverhardwarev2x64;driverhardwarev2x64;C:\Program Files\ma-config.com\Drivers\driverhardwarev2x64.sys [2011-7-21 16640]
R3 e1cexpress;Intel® PRO/1000 PCI Express Network Connection Driver C;C:\Windows\system32\DRIVERS\e1c62x64.sys --> C:\Windows\system32\DRIVERS\e1c62x64.sys [?]
R3 ManyCam;ManyCam Virtual Webcam;C:\Windows\system32\DRIVERS\mcvidrv_x64.sys --> C:\Windows\system32\DRIVERS\mcvidrv_x64.sys [?]
R3 mcaudrv_simple;ManyCam Virtual Microphone;C:\Windows\system32\drivers\mcaudrv_x64.sys --> C:\Windows\system32\drivers\mcaudrv_x64.sys [?]
R3 MEIx64;Intel® Management Engine Interface ;C:\Windows\system32\DRIVERS\HECIx64.sys --> C:\Windows\system32\DRIVERS\HECIx64.sys [?]
R3 NETwNs64;___ Pilote de carte de la série Intel® Wireless WiFi Link 5000 pour Windows 7 64 bits ;C:\Windows\system32\DRIVERS\Netwsw00.sys --> C:\Windows\system32\DRIVERS\Netwsw00.sys [?]
R3 O2MDRRDR;O2MDRRDR;C:\Windows\system32\DRIVERS\O2MDRw7x64.sys --> C:\Windows\system32\DRIVERS\O2MDRw7x64.sys [?]
R3 O2SDJRDR;O2SDJRDR;C:\Windows\system32\DRIVERS\o2sdjw7x64.sys --> C:\Windows\system32\DRIVERS\o2sdjw7x64.sys [?]
R3 osppsvc;Office Software Protection Platform;C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-1-9 4925184]
R3 vwifimp;Microsoft Virtual WiFi Miniport Service;C:\Windows\system32\DRIVERS\vwifimp.sys --> C:\Windows\system32\DRIVERS\vwifimp.sys [?]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
S2 gupdate;Service Google Update (gupdate);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2012-8-8 136176]
S2 SkypeUpdate;Skype Updater;C:\Program Files (x86)\Skype\Updater\Updater.exe [2012-7-13 160944]
S3 Acceler;Accelerometer Service;C:\Windows\system32\DRIVERS\accelern.sys --> C:\Windows\system32\DRIVERS\accelern.sys [?]
S3 AMPPALP;Protocole Intel® Centrino® Wireless Bluetooth® + High Speed;C:\Windows\system32\DRIVERS\amppal.sys --> C:\Windows\system32\DRIVERS\amppal.sys [?]
S3 androidusb;SAMSUNG Android Composite ADB Interface Driver;C:\Windows\system32\Drivers\ssadadb.sys --> C:\Windows\system32\Drivers\ssadadb.sys [?]
S3 BTWAMPFL;BTWAMPFL;C:\Windows\system32\DRIVERS\btwampfl.sys --> C:\Windows\system32\DRIVERS\btwampfl.sys [?]
S3 cphs;Intel® Content Protection HECI Service;C:\Windows\SysWOW64\IntelCpHeciSvc.exe [2012-7-11 276288]
S3 cpudrv64;cpudrv64;C:\Program Files (x86)\SystemRequirementsLab\cpudrv64.sys [2011-6-2 17864]
S3 dg_ssudbus;SAMSUNG Mobile USB Composite Device Driver (DEVGURU Ver.);C:\Windows\system32\DRIVERS\ssudbus.sys --> C:\Windows\system32\DRIVERS\ssudbus.sys [?]
S3 dmvsc;dmvsc;C:\Windows\system32\drivers\dmvsc.sys --> C:\Windows\system32\drivers\dmvsc.sys [?]
S3 gupdatem;Service Google Update (gupdatem);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2012-8-8 136176]
S3 hwusbdev;Huawei DataCard USB PNP Device;C:\Windows\system32\DRIVERS\ewusbdev.sys --> C:\Windows\system32\DRIVERS\ewusbdev.sys [?]
S3 maconfservice;Ma-Config Service;C:\Program Files\ma-config.com\x64\maconfservice.exe [2012-9-20 427976]
S3 Microsoft SharePoint Workspace Audit Service;Microsoft SharePoint Workspace Audit Service;C:\Program Files (x86)\Microsoft Office\Office14\GROOVE.EXE [2011-6-12 31125880]
S3 MozillaMaintenance;Mozilla Maintenance Service;C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe [2012-7-22 113120]
S3 MyWiFiDHCPDNS;Wireless PAN DHCP Server;C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe [2012-6-25 272688]
S3 NVHDA;Service for NVIDIA High Definition Audio Driver;C:\Windows\system32\drivers\nvhda64v.sys --> C:\Windows\system32\drivers\nvhda64v.sys [?]
S3 pwdrvio;pwdrvio;\??\C:\Windows\system32\pwdrvio.sys --> C:\Windows\system32\pwdrvio.sys [?]
S3 pwdspio;pwdspio;\??\C:\Windows\system32\pwdspio.sys --> C:\Windows\system32\pwdspio.sys [?]
S3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;C:\Windows\system32\drivers\rdpvideominiport.sys --> C:\Windows\system32\drivers\rdpvideominiport.sys [?]
S3 ssadbus;SAMSUNG Android USB Composite Device driver (WDM);C:\Windows\system32\DRIVERS\ssadbus.sys --> C:\Windows\system32\DRIVERS\ssadbus.sys [?]
S3 ssadmdfl;SAMSUNG Android USB Modem (Filter);C:\Windows\system32\DRIVERS\ssadmdfl.sys --> C:\Windows\system32\DRIVERS\ssadmdfl.sys [?]
S3 ssadmdm;SAMSUNG Android USB Modem Drivers;C:\Windows\system32\DRIVERS\ssadmdm.sys --> C:\Windows\system32\DRIVERS\ssadmdm.sys [?]
S3 ssadserd;SAMSUNG Android USB Diagnostic Serial Port (WDM);C:\Windows\system32\DRIVERS\ssadserd.sys --> C:\Windows\system32\DRIVERS\ssadserd.sys [?]
S3 ssudmdm;SAMSUNG Mobile USB Modem Drivers (DEVGURU Ver.);C:\Windows\system32\DRIVERS\ssudmdm.sys --> C:\Windows\system32\DRIVERS\ssudmdm.sys [?]
S3 SwitchBoard;SwitchBoard;C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2010-2-19 517096]
S3 Synth3dVsc;Synth3dVsc;C:\Windows\system32\drivers\synth3dvsc.sys --> C:\Windows\system32\drivers\synth3dvsc.sys [?]
S3 terminpt;Microsoft Remote Desktop Input Driver;C:\Windows\system32\drivers\terminpt.sys --> C:\Windows\system32\drivers\terminpt.sys [?]
S3 TsUsbFlt;TsUsbFlt;C:\Windows\system32\drivers\tsusbflt.sys --> C:\Windows\system32\drivers\tsusbflt.sys [?]
S3 TsUsbGD;Remote Desktop Generic USB Device;C:\Windows\system32\drivers\TsUsbGD.sys --> C:\Windows\system32\drivers\TsUsbGD.sys [?]
S3 tsusbhub;tsusbhub;C:\Windows\system32\drivers\tsusbhub.sys --> C:\Windows\system32\drivers\tsusbhub.sys [?]
S3 WatAdminSvc;Service Windows Activation Technologies;C:\Windows\system32\Wat\WatAdminSvc.exe --> C:\Windows\system32\Wat\WatAdminSvc.exe [?]
S3 wbfcvusbdrv;WBF Control Vault;C:\Windows\system32\Drivers\wbfcvusbdrv.sys --> C:\Windows\system32\Drivers\wbfcvusbdrv.sys [?]
S4 RelevantKnowledge;RelevantKnowledge;C:\Program Files (x86)\RelevantKnowledge\rlservice.exe [2012-8-20 111632]
.
=============== Created Last 30 ================
.
2012-09-22 02:27:49 7168 ----a-w- C:\Users\Hicham\AppData\Roaming\327236.exe
2012-09-22 02:26:37 7168 ----a-w- C:\Users\Hicham\AppData\Roaming\888177.exe
2012-09-22 02:23:28 7168 ----a-w- C:\Users\Hicham\AppData\Roaming\872685.exe
2012-09-22 01:47:14 -------- d-----w- C:\temp
2012-09-22 01:06:30 647736 ----a-w- C:\Windows\System32\drivers\iaStorA.sys
2012-09-22 01:06:30 28216 ----a-w- C:\Windows\System32\drivers\iaStorF.sys
2012-09-21 13:09:31 217088 ----a-w- C:\Users\Hicham\AppData\Roaming\svchost.exe
2012-09-21 12:23:36 9308616 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{31047474-F653-431B-B9F6-1C2561CDAE91}\mpengine.dll
2012-09-21 01:18:34 -------- d-----w- C:\Users\Hicham\AppData\Local\SKIDROW
2012-09-21 01:15:58 508264 ----a-w- C:\Windows\System32\d3dx10_35.dll
2012-09-21 01:09:26 -------- d-----w- C:\Program Files (x86)\Activision
2012-09-21 01:09:17 7168 ----a-w- C:\Users\Hicham\AppData\Roaming\904413.exe
2012-09-21 01:09:17 1157777 ----a-w- C:\Users\Hicham\AppData\Roaming\Setup.exe
2012-09-18 19:46:44 -------- d-----w- C:\Program Files (x86)\Tunatic
2012-09-11 23:08:59 950128 ----a-w- C:\Windows\System32\drivers\ndis.sys
2012-09-11 23:08:59 41472 ----a-w- C:\Windows\System32\drivers\RNDISMP.sys
2012-09-11 23:08:58 574464 ----a-w- C:\Windows\System32\d3d10level9.dll
2012-09-11 23:08:58 490496 ----a-w- C:\Windows\SysWow64\d3d10level9.dll
2012-09-11 23:08:57 376688 ----a-w- C:\Windows\System32\drivers\netio.sys
2012-09-11 23:08:57 288624 ----a-w- C:\Windows\System32\drivers\FWPKCLNT.SYS
2012-09-11 23:08:57 1913200 ----a-w- C:\Windows\System32\drivers\tcpip.sys
2012-09-06 01:24:39 -------- d-----w- C:\Windows\System32\oodag
2012-09-06 01:22:35 -------- d-----w- C:\Users\Hicham\AppData\Local\O&O
2012-09-05 22:34:18 -------- d-----r- C:\Program Files (x86)\Skype
2012-09-05 21:27:36 -------- d-----w- C:\Windows\Hewlett-Packard
2012-09-04 22:48:30 -------- d-----w- C:\ProgramData\BlueStacksSetup
2012-09-04 22:48:30 -------- d-----w- C:\ProgramData\BlueStacks
2012-09-04 22:42:39 -------- d-----w- C:\Users\Hicham\AppData\Local\ManyCam
2012-09-04 22:42:39 -------- d-----w- C:\ProgramData\ManyCam
2012-09-04 22:42:38 -------- d-----w- C:\Users\Hicham\AppData\Roaming\ManyCam
2012-09-04 22:41:30 -------- d-----w- C:\Program Files (x86)\ManyCam
2012-09-04 22:40:33 -------- d-----w- C:\ProgramData\Ask
2012-09-04 22:12:38 69715 ----a-w- C:\Program Files (x86)\Common Files\InstallShield\Professional\RunTime\09\01\Intel32\ctor.dll
2012-09-04 22:12:38 32768 ----a-w- C:\Program Files (x86)\Common Files\InstallShield\Professional\RunTime\Objectps.dll
2012-09-04 22:12:38 266240 ----a-w- C:\Program Files (x86)\Common Files\InstallShield\Professional\RunTime\09\01\Intel32\iscript.dll
2012-09-04 22:12:38 192512 ----a-w- C:\Program Files (x86)\Common Files\InstallShield\Professional\RunTime\09\01\Intel32\iuser.dll
2012-09-04 22:12:37 729088 ----a-w- C:\Program Files (x86)\Common Files\InstallShield\Professional\RunTime\09\01\Intel32\iKernel.dll
2012-09-04 22:12:37 5632 ----a-w- C:\Program Files (x86)\Common Files\InstallShield\Professional\RunTime\09\01\Intel32\DotNetInstaller.exe
2012-09-04 22:12:37 311428 ----a-w- C:\Program Files (x86)\Common Files\InstallShield\Professional\RunTime\09\01\Intel32\setup.dll
2012-09-04 22:12:37 188548 ----a-w- C:\Program Files (x86)\Common Files\InstallShield\Professional\RunTime\09\01\Intel32\iGdi.dll
2012-08-31 15:40:51 -------- d-----w- C:\Program Files (x86)\Cisco
2012-08-31 15:40:47 -------- d-----w- C:\ProgramData\Intel.sav
2012-08-31 15:31:11 -------- d-----w- C:\Program Files (x86)\SystemRequirementsLab
2012-08-30 10:40:14 429416 ----a-w- C:\Windows\SysWow64\nvStreaming.exe
2012-08-30 00:08:16 -------- d-----w- C:\Users\Hicham\AppData\Roaming\ImTOO
2012-08-30 00:07:32 -------- d-----w- C:\ProgramData\ImTOO
2012-08-30 00:07:32 -------- d-----w- C:\Program Files (x86)\ImTOO
2012-08-23 22:49:59 101224 ----a-w- C:\Windows\System32\NicInstC.dll
2012-08-23 22:49:58 73032 ----a-w- C:\Windows\System32\e1cmsg.dll
2012-08-23 22:49:58 482128 ----a-w- C:\Windows\System32\drivers\e1c62x64.sys
2012-08-23 17:50:54 418128 ----a-w- C:\Windows\System32\drivers\Apfiltr.sys
2012-08-23 17:50:54 112504 ----a-w- C:\Windows\System32\Vxdif.dll
2012-08-23 17:46:25 440208 ----a-w- C:\Windows\System32\brcmbsp.dll
2012-08-23 17:46:25 241544 ----a-w- C:\Windows\System32\bipbsp.dll
2012-08-23 17:46:15 -------- d-----w- C:\Program Files\Broadcom Corporation
2012-08-23 17:36:01 -------- d-----w- C:\Driver_allOS1
2012-08-23 17:22:56 0 ----a-w- C:\Windows\invcol.tmp
2012-08-23 11:48:26 -------- d-----w- C:\MyS2GApp
2012-08-23 11:48:19 -------- d-----w- C:\Program Files (x86)\Tapess-team
.
==================== Find3M ====================
.
2012-09-18 17:09:58 73136 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
2012-09-18 17:09:58 696240 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe
2012-08-30 16:18:05 891240 ----a-w- C:\Windows\System32\nvvsvc.exe
2012-08-30 16:18:05 865640 ----a-w- C:\Windows\System32\nv3dappshext.dll
2012-08-30 16:18:05 63336 ----a-w- C:\Windows\System32\nvshext.dll
2012-08-30 16:18:05 2557800 ----a-w- C:\Windows\System32\nvsvcr.dll
2012-08-30 16:18:05 118120 ----a-w- C:\Windows\System32\nvmctray.dll
2012-08-30 16:18:04 55144 ----a-w- C:\Windows\System32\nv3dappshextr.dll
2012-08-30 16:18:04 3487434 ----a-w- C:\Windows\System32\nvcoproc.bin
2012-08-30 16:18:01 3266920 ----a-w- C:\Windows\System32\nvsvc64.dll
2012-08-30 16:17:59 6198120 ----a-w- C:\Windows\System32\nvcpl.dll
2012-08-24 10:31:32 2312704 ----a-w- C:\Windows\System32\jscript9.dll
2012-08-24 10:21:18 1392128 ----a-w- C:\Windows\System32\wininet.dll
2012-08-24 10:20:11 1494528 ----a-w- C:\Windows\System32\inetcpl.cpl
2012-08-24 10:14:45 173056 ----a-w- C:\Windows\System32\ieUnatt.exe
2012-08-24 10:13:29 599040 ----a-w- C:\Windows\System32\vbscript.dll
2012-08-24 10:09:42 2382848 ----a-w- C:\Windows\System32\mshtml.tlb
2012-08-24 06:59:17 1800704 ----a-w- C:\Windows\SysWow64\jscript9.dll
2012-08-24 06:51:27 1129472 ----a-w- C:\Windows\SysWow64\wininet.dll
2012-08-24 06:51:02 1427968 ----a-w- C:\Windows\SysWow64\inetcpl.cpl
2012-08-24 06:47:26 142848 ----a-w- C:\Windows\SysWow64\ieUnatt.exe
2012-08-24 06:47:12 420864 ----a-w- C:\Windows\SysWow64\vbscript.dll
2012-08-24 06:43:58 2382848 ----a-w- C:\Windows\SysWow64\mshtml.tlb
2012-08-20 21:45:02 74703 ----a-w- C:\Windows\SysWow64\mfc45.dll
2012-08-20 06:16:41 74703 ----a-w- C:\Windows\SysWow64\mfc45.dat
2012-08-20 06:04:22 74703 ----a-w- C:\Windows\SysWOW64mfc45.dll
2012-08-18 03:48:32 830976 ----a-w- C:\Windows\System32\ncs2dmix.dll
2012-08-18 03:27:36 788992 ----a-w- C:\Windows\System32\accesor.dll
2012-08-18 03:15:22 211968 ----a-w- C:\Windows\System32\ncs2instutility.dll
2012-08-18 03:09:08 3154432 ----a-w- C:\Windows\System32\ncscolib.dll
2012-08-15 10:57:12 33616 ----a-w- C:\Windows\System32\drivers\iqvw64e.sys
2012-08-10 09:00:33 316736 ----a-w- C:\Windows\System32\PRONtObj.dll
2012-08-09 07:42:40 204288 ----a-w- C:\Windows\System32\Ncs2Setp.dll
2012-08-04 23:10:51 31344 ----a-w- C:\Windows\System32\drivers\cnnctfy2.sys
2012-08-01 10:02:10 162960 ----a-w- C:\Windows\System32\drivers\iANSW60e.sys
2012-07-28 03:09:02 57792 ----a-w- C:\Windows\SysWow64\sirenacm.dll
2012-07-28 02:54:00 321472 ----a-w- C:\Windows\WLXPGSS.SCR
2012-07-27 02:30:58 170824 ----a-w- C:\Windows\System32\IPROSetMonitor.exe
2012-07-26 19:08:06 862664 ----a-w- C:\Windows\SysWow64\msvcr110.dll
2012-07-26 19:08:06 534480 ----a-w- C:\Windows\SysWow64\msvcp110.dll
2012-07-26 19:08:06 251864 ----a-w- C:\Windows\SysWow64\vccorlib110.dll
2012-07-26 19:08:06 153536 ----a-w- C:\Windows\SysWow64\atl110.dll
2012-07-26 19:08:06 115656 ----a-w- C:\Windows\SysWow64\vcomp110.dll
2012-07-26 15:22:10 828872 ----a-w- C:\Windows\System32\msvcr110.dll
2012-07-26 15:22:10 661448 ----a-w- C:\Windows\System32\msvcp110.dll
2012-07-26 15:22:10 354264 ----a-w- C:\Windows\System32\vccorlib110.dll
2012-07-26 15:22:10 177096 ----a-w- C:\Windows\System32\atl110.dll
2012-07-26 15:22:10 124360 ----a-w- C:\Windows\System32\vcomp110.dll
2012-07-26 01:45:34 95 ----a-w- C:\Windows\SysWow64\InstallGAC.bat
2012-07-25 15:54:33 538496 ----a-w- C:\Windows\System32\PROUnstl.exe
2012-07-22 22:39:55 348712 ----a-w- C:\Windows\System32\drivers\btwampfl.sys
2012-07-22 05:58:21 22056 ----a-w- C:\Windows\System32\btwcoins.dll
2012-07-20 18:00:00 112640 ----a-w- C:\Windows\SysWow64\ff_vfw.dll
2012-07-19 09:38:50 126944 ----a-w- C:\Windows\System32\drivers\scdemu.sys
2012-07-18 18:15:06 3148800 ----a-w- C:\Windows\System32\win32k.sys
2012-07-17 15:14:44 253184 ----a-w- C:\Windows\System32\LIVESSP.DLL
2012-07-17 14:49:00 209648 ----a-w- C:\Windows\SysWow64\LIVESSP.DLL
2012-07-11 10:25:38 276288 ----a-w- C:\Windows\SysWow64\IntelCpHeciSvc.exe
2012-07-11 10:25:32 170304 ----a-w- C:\Windows\System32\igfxtray.exe
2012-07-11 10:25:28 509248 ----a-w- C:\Windows\System32\igfxsrvc.exe
2012-07-11 10:25:26 440640 ----a-w- C:\Windows\System32\igfxpers.exe
2012-07-11 10:25:22 250176 ----a-w- C:\Windows\System32\igfxext.exe
2012-07-11 10:25:20 398656 ----a-w- C:\Windows\System32\hkcmd.exe
2012-07-11 10:25:18 5898560 ----a-w- C:\Windows\System32\GfxUI.exe
2012-07-11 10:25:14 184640 ----a-w- C:\Windows\System32\difx64.exe
2012-07-06 20:07:42 552960 ----a-w- C:\Windows\System32\drivers\bthport.sys
2012-07-05 22:06:30 772544 ----a-w- C:\Windows\SysWow64\npDeployJava1.dll
2012-07-05 22:06:20 687544 ----a-w- C:\Windows\SysWow64\deployJava1.dll
2012-07-05 00:10:46 91136 ----a-w- C:\Windows\System32\igfxCoIn_v2792.dll
2012-07-05 00:04:30 8262144 ----a-w- C:\Windows\System32\igdumd64.dll
2012-07-05 00:04:24 8934976 ----a-w- C:\Windows\System32\drivers\igdkmd64.sys
2012-07-05 00:02:32 80896 ----a-w- C:\Windows\System32\igdde64.dll
2012-07-04 23:59:54 6703616 ----a-w- C:\Windows\SysWow64\igdumd32.dll
2012-07-04 23:58:02 64512 ----a-w- C:\Windows\SysWow64\igdde32.dll
2012-07-04 23:55:58 8490496 ----a-w- C:\Windows\System32\igd10umd64.dll
2012-07-04 23:37:50 6819328 ----a-w- C:\Windows\SysWow64\igd10umd32.dll
2012-07-04 22:58:38 12876288 ----a-w- C:\Windows\System32\ig4icd64.dll
2012-07-04 22:52:42 10664960 ----a-w- C:\Windows\SysWow64\ig4icd32.dll
2012-07-04 22:49:46 110592 ----a-w- C:\Windows\System32\hccutils.dll
2012-07-04 22:49:40 9216 ----a-w- C:\Windows\System32\IGFXDEVLib.dll
2012-07-04 22:49:40 439296 ----a-w- C:\Windows\System32\igfxdev.dll
2012-07-04 22:49:40 172544 ----a-w- C:\Windows\System32\gfxSrvc.dll
2012-07-04 22:49:14 286208 ----a-w- C:\Windows\System32\igfxrenu.lrc
2012-07-04 22:49:12 9007616 ----a-w- C:\Windows\System32\igfxress.dll
2012-07-04 22:49:12 142336 ----a-w- C:\Windows\System32\igfxdo.dll
2012-07-04 22:48:24 25088 ----a-w- C:\Windows\SysWow64\igfxexps32.dll
2012-07-04 22:47:52 327680 ----a-w- C:\Windows\SysWow64\igfxdv32.dll
2012-07-04 22:46:18 604160 ----a-w- C:\Windows\SysWow64\igfxcmrt32.dll
2012-07-04 22:46:18 501760 ----a-w- C:\Windows\System32\igfxcmrt64.dll
2012-07-04 22:46:18 482304 ----a-w- C:\Windows\System32\igfx11cmrt64.dll
2012-07-04 22:46:18 4571136 ----a-w- C:\Windows\System32\igfxcmjit64.dll
2012-07-04 22:46:18 3776512 ----a-w- C:\Windows\SysWow64\igfxcmjit32.dll
2012-07-04 22:46:18 216064 ----a-w- C:\Windows\System32\iglhcp64.dll
2012-07-04 22:46:18 180224 ----a-w- C:\Windows\SysWow64\iglhcp32.dll
2012-07-04 22:46:16 448512 ----a-w- C:\Windows\SysWow64\igfx11cmrt32.dll
2012-07-04 22:46:14 272928 ----a-w- C:\Windows\SysWow64\igvpkrng600.bin
2012-07-04 22:46:14 272928 ----a-w- C:\Windows\System32\igvpkrng600.bin
2012-07-04 22:46:12 963388 ----a-w- C:\Windows\SysWow64\igcodeckrng600.bin
2012-07-04 22:46:12 963388 ----a-w- C:\Windows\System32\igcodeckrng600.bin
2012-07-04 22:13:27 59392 ----a-w- C:\Windows\System32\browcli.dll
.
============= FINISH: 3:23:07,69 ===============


Edited by 0_shark_0, 21 September 2012 - 09:28 PM.


#3 0_shark_0

0_shark_0
  • Topic Starter

  • Members
  • 70 posts
  • OFFLINE
  •  
  • Local time:06:31 PM

Posted 22 September 2012 - 09:18 PM

no answer :(

#4 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,773 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:02:31 PM

Posted 23 September 2012 - 07:27 AM

Greetings and Welcome to The Forums!!

My name is Gringo and I'll be glad to help you with your computer problems.

I have put together somethings for you to keep in mind while I am helping you to make things go easier and faster for both of us

  • Please do not run any tools unless instructed to do so.
    • We ask you to run different tools in a specific order to ensure the malware is completely removed from your machine, and running any additional tools may detect false positives, interfere with our tools, or cause unforeseen damage or system instability.
  • Please do not attach logs or use code boxes, just copy and paste the text.
    • Due to the high volume of logs we receive it helps to receive everything in the same format, and code boxes make the logs very difficult to read. Also, attachments require us to download and open the reports when it is easier to just read the reports in your post.
  • Please read every post completely before doing anything.
    • Pay special attention to the NOTE: lines, these entries identify an individual issue or important step in the cleanup process.
  • Please provide feedback about your experience as we go.
    • A short statement describing how the computer is working helps us understand where to go next, for example: I am still getting redirected, the computer is running normally, etc. Please do not describe the computer as "the same", this requires the extra step of looking back at your previous post.
NOTE: At the top of your post, click on the Watch Topic Button, select Immediate Notification, and click on Proceed. This will send you an e-mail as soon as I reply to your topic, allowing us to resolve the issue faster.

NOTE: Backup any files that cannot be replaced. Removing malware can be unpredictable and this step can save a lot of hartaches if things don't go as planed. You can put them on a CD/DVD, external drive or a pen drive, anywhere except on the computer.

NOTE: It is good practice to copy and paste the instructions into notepad and print them in case it is necessary for you to go offline during the cleanup process. To open notepad, navigate to Start Menu > All Programs > Accessories > Notepad. Please remember to copy the entire post so you do not miss any instructions.

Security Check

  • Download Security Check by screen317 from here.
  • Save it to your Desktop.
  • Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
  • A Notepad document should open automatically called checkup.txt; please post the contents of that document.

-AdwCleaner-

  • Please download AdwCleaner by Xplode onto your desktop.
  • Close all open programs and internet browsers.
  • Double click on AdwCleaner.exe to run the tool.
  • Click on Delete.
  • Confirm each time with Ok.
  • Your computer will be rebooted automatically. A text file will open after the restart.
  • Please post the content of that logfile with your next answer.
  • You can find the logfile at C:\AdwCleaner[S1].txt as well.

--RogueKiller--

  • Download & SAVE to your Desktop RogueKiller or from here
  • Quit all programs that you may have started.
  • Please disconnect any USB or external drives from the computer before you run this scan!
  • For Vista or Windows 7, right-click and select "Run as Administrator to start"
  • For Windows XP, double-click to start.
  • Wait until Prescan has finished ...
  • Then Click on "Scan" button
  • Wait until the Status box shows "Scan Finished"
  • click on "delete"
  • Wait until the Status box shows "Deleting Finished"
  • Click on "Report" and copy/paste the content of the Notepad into your next reply.
  • The log should be found in RKreport[1].txt on your Desktop
  • Exit/Close RogueKiller+

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#5 0_shark_0

0_shark_0
  • Topic Starter

  • Members
  • 70 posts
  • OFFLINE
  •  
  • Local time:06:31 PM

Posted 23 September 2012 - 04:23 PM

Hello

Thanks for your help

Below Security Check report

Results of screen317's Security Check version 0.99.51
Windows 7 Service Pack 1 x64 (UAC is disabled!)
Internet Explorer 9
``````````````Antivirus/Firewall Check:``````````````
ESET Smart Security 5.2
Antivirus up to date!
`````````Anti-malware/Other Utilities Check:`````````
Malwarebytes Anti-Malware version 1.65.0.1400
JavaFX 2.1.1
Java™ 7 Update 5
Java version out of Date!
Adobe Flash Player 11.4.402.278
Mozilla Firefox 14.0.1 Firefox out of Date!
Google Chrome 21.0.1180.83
Google Chrome 21.0.1180.89
````````Process Check: objlist.exe by Laurent````````
`````````````````System Health check`````````````````
Total Fragmentation on Drive C: =
````````````````````End of Log``````````````````````



#6 0_shark_0

0_shark_0
  • Topic Starter

  • Members
  • 70 posts
  • OFFLINE
  •  
  • Local time:06:31 PM

Posted 23 September 2012 - 04:36 PM

Please find below logfile of AdwCleaner


# AdwCleaner v2.003 - Rapport créé le 23/09/2012 à 22:30:40
# Mis à jour le 23/09/2012 par Xplode
# Système d'exploitation : Windows 7 Ultimate Service Pack 1 (64 bits)
# Nom d'utilisateur : Hicham - HICHAM-PC
# Mode de démarrage : Normal
# Exécuté depuis : C:\Users\Hicham\Desktop\adwcleaner.exe
# Option [Suppression]


***** [Services] *****

Arrêté & Supprimé : RelevantKnowledge

***** [Fichiers / Dossiers] *****

Dossier Supprimé : C:\ProgramData\Ask
Dossier Supprimé : C:\Users\Hicham\AppData\Local\Google\Chrome\User Data\Default\Extensions\cjpglkicenollcignonpgiafdgfeehoj
Dossier Supprimé : C:\Users\Hicham\AppData\Local\Ilivid Player
Fichier Supprimé : C:\Users\Hicham\AppData\Local\funmoods-speeddial.crx

***** [Registre] *****

Clé Supprimée : HKCU\Software\Google\Chrome\Extensions\cjpglkicenollcignonpgiafdgfeehoj
Clé Supprimée : HKCU\Software\Softonic
Clé Supprimée : HKLM\SOFTWARE\Classes\AppID\{09C554C3-109B-483C-A06B-F14172F1A947}
Clé Supprimée : HKLM\SOFTWARE\Classes\AppID\{4E1E9D45-8BF9-4139-915C-9F83CC3D5921}
Clé Supprimée : HKLM\SOFTWARE\Classes\AppID\{B12E99ED-69BD-437C-86BE-C862B9E5444D}
Clé Supprimée : HKLM\SOFTWARE\Classes\AppID\{D7EE8177-D51E-4F89-92B6-83EA2EC40800}
Clé Supprimée : HKLM\SOFTWARE\Classes\AppID\{EA28B360-05E0-4F93-8150-02891F1D8D3C}
Clé Supprimée : HKLM\SOFTWARE\Classes\AppID\escort.DLL
Clé Supprimée : HKLM\SOFTWARE\Classes\AppID\escortApp.DLL
Clé Supprimée : HKLM\SOFTWARE\Classes\AppID\escortEng.DLL
Clé Supprimée : HKLM\SOFTWARE\Classes\AppID\escorTlbr.DLL
Clé Supprimée : HKLM\SOFTWARE\Classes\TypeLib\{11549FE4-7C5A-4C17-9FC3-56FC5162A994}
Clé Supprimée : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{66EEF543-A9AC-4A9D-AA3C-1ED148AC8EEE}
Clé Supprimée : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{826D7151-8D99-434B-8540-082B8C2AE556}
Clé Supprimée : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{23C70BCA-6E23-4A65-AD2E-1389062074F1}
Clé Supprimée : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{23D8EEF7-0E13-4000-B9C4-6603C1E912D1}
Clé Supprimée : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{295CACB4-51F5-46FD-914E-C72BAAE1B672}
Clé Supprimée : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{2CE5C4B9-6DBE-4528-96FA-C9FF38EF1762}
Clé Supprimée : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{34C1FDF7-02C1-4F23-B393-F48B16E071D1}
Clé Supprimée : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{54291324-7A3D-4F11-B707-3FB6A2C97BD9}
Clé Supprimée : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{59C63F11-D4E5-46E7-9B8A-EE158DCA83A8}
Clé Supprimée : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{5DA22CBD-0029-4A09-B757-CF0FAFC488ED}
Clé Supprimée : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{66EEF543-A9AC-4A9D-AA3C-1ED148AC8EEE}
Clé Supprimée : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{77A6E7D4-4A83-4A9B-A2A0-EF3B125DC29D}
Clé Supprimée : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{79FB5FC8-44B9-4AF5-BADD-CCE547F953E5}
Clé Supprimée : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{C0585B2F-74D7-4734-88DE-6C150C5D4036}
Clé Supprimée : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{D8242E89-2F81-484A-AE5B-BA8CAD5B7347}
Clé Supprimée : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{EF0588D6-1621-4A75-B8BE-F4BC34794136}
Clé Supprimée : HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\cjpglkicenollcignonpgiafdgfeehoj
Clé Supprimée : HKLM\SOFTWARE\Classes\Interface\{0D80F1C5-D17B-4177-AC68-955F3EF9F191}
Clé Supprimée : HKLM\SOFTWARE\Classes\Interface\{23C70BCA-6E23-4A65-AD2E-1389062074F1}
Clé Supprimée : HKLM\SOFTWARE\Classes\Interface\{23D8EEF7-0E13-4000-B9C4-6603C1E912D1}
Clé Supprimée : HKLM\SOFTWARE\Classes\Interface\{295CACB4-51F5-46FD-914E-C72BAAE1B672}
Clé Supprimée : HKLM\SOFTWARE\Classes\Interface\{2CE5C4B9-6DBE-4528-96FA-C9FF38EF1762}
Clé Supprimée : HKLM\SOFTWARE\Classes\Interface\{34C1FDF7-02C1-4F23-B393-F48B16E071D1}
Clé Supprimée : HKLM\SOFTWARE\Classes\Interface\{54291324-7A3D-4F11-B707-3FB6A2C97BD9}
Clé Supprimée : HKLM\SOFTWARE\Classes\Interface\{59C63F11-D4E5-46E7-9B8A-EE158DCA83A8}
Clé Supprimée : HKLM\SOFTWARE\Classes\Interface\{5DA22CBD-0029-4A09-B757-CF0FAFC488ED}
Clé Supprimée : HKLM\SOFTWARE\Classes\Interface\{66EEF543-A9AC-4A9D-AA3C-1ED148AC8EEE}
Clé Supprimée : HKLM\SOFTWARE\Classes\Interface\{77A6E7D4-4A83-4A9B-A2A0-EF3B125DC29D}
Clé Supprimée : HKLM\SOFTWARE\Classes\Interface\{C0585B2F-74D7-4734-88DE-6C150C5D4036}
Clé Supprimée : HKLM\SOFTWARE\Classes\Interface\{D8242E89-2F81-484A-AE5B-BA8CAD5B7347}
Clé Supprimée : HKLM\SOFTWARE\Classes\Interface\{EF0588D6-1621-4A75-B8BE-F4BC34794136}
Clé Supprimée : HKLM\SOFTWARE\Google\Chrome\Extensions\bbjciahceamgodcoidkjpchnokgfpphh
Clé Supprimée : HKLM\SOFTWARE\Google\Chrome\Extensions\cjpglkicenollcignonpgiafdgfeehoj

***** [Navigateurs] *****

-\\ Internet Explorer v9.0.8112.16421

Restauré : [HKCU\Software\Wow6432Node\Microsoft\Internet Explorer\SearchScopes - DefaultScope]
Restauré : [HKU\S-1-5-18\Software\Microsoft\Internet Explorer\SearchScopes - DefaultScope]
Restauré : [HKU\S-1-5-19\Software\Microsoft\Internet Explorer\SearchScopes - DefaultScope]
Restauré : [HKU\S-1-5-20\Software\Microsoft\Internet Explorer\SearchScopes - DefaultScope]
Restauré : [HKU\S-1-5-21-1206943589-1187741213-3406341401-1001\Software\Microsoft\Internet Explorer\SearchScopes - DefaultScope]

-\\ Mozilla Firefox v14.0.1 (fr)

Nom du profil : default
Fichier : C:\Users\Hicham\AppData\Roaming\Mozilla\Firefox\Profiles\ixkcmcc3.default\prefs.js

C:\Users\Hicham\AppData\Roaming\Mozilla\Firefox\Profiles\ixkcmcc3.default\user.js ... Supprimé !

Supprimée : user_pref("extensions.funmoods.aflt", "iron2");
Supprimée : user_pref("extensions.funmoods.autoRvrt", false);
Supprimée : user_pref("extensions.funmoods.brwsrsrc", "ietlbr");
Supprimée : user_pref("extensions.funmoods.cntry", "MA");
Supprimée : user_pref("extensions.funmoods.cv", "cv5");
Supprimée : user_pref("extensions.funmoods.dfltLng", "");
Supprimée : user_pref("extensions.funmoods.dfltSrch", true);
Supprimée : user_pref("extensions.funmoods.dfltlng", "en");
Supprimée : user_pref("extensions.funmoods.dfltsrch", true);
Supprimée : user_pref("extensions.funmoods.dnsErr", true);
Supprimée : user_pref("extensions.funmoods.envrmnt", "production");
Supprimée : user_pref("extensions.funmoods.excTlbr", false);
Supprimée : user_pref("extensions.funmoods.hdrMd5", "5A62B7A3686E6DA041F3BD690D95780E");
Supprimée : user_pref("extensions.funmoods.hmpg", true);
Supprimée : user_pref("extensions.funmoods.hmpgUrl", "hxxp://start.funmoods.com/?f=1&a=iron2&chnl=iron2&cd=2Xzuy[...]
Supprimée : user_pref("extensions.funmoods.hrdid", "D0DF9AB4210F770A");
Supprimée : user_pref("extensions.funmoods.id", "D0DF9AB4210F770A");
Supprimée : user_pref("extensions.funmoods.instlDay", "15547");
Supprimée : user_pref("extensions.funmoods.instlRef", "iron2");
Supprimée : user_pref("extensions.funmoods.instlday", "15547");
Supprimée : user_pref("extensions.funmoods.instlref", "iron2");
Supprimée : user_pref("extensions.funmoods.isdcmntcmplt", true);
Supprimée : user_pref("extensions.funmoods.keywordurl", "");
Supprimée : user_pref("extensions.funmoods.lastVrsnTs", "1.5.23.2218:7:1");
Supprimée : user_pref("extensions.funmoods.mntrvrsn", "1.3.0");
Supprimée : user_pref("extensions.funmoods.newTab", true);
Supprimée : user_pref("extensions.funmoods.newTabUrl", "hxxp://start.funmoods.com/?f=2&a=iron2&chnl=iron2&cd=2Xz[...]
Supprimée : user_pref("extensions.funmoods.newtab", true);
Supprimée : user_pref("extensions.funmoods.newtaburl", "hxxp://start.funmoods.com/?f=2&a=iron2&chnl=iron2&cd=2Xz[...]
Supprimée : user_pref("extensions.funmoods.prdct", "funmoods");
Supprimée : user_pref("extensions.funmoods.prtnrId", "funmoods");
Supprimée : user_pref("extensions.funmoods.prtnrid", "funmoods");
Supprimée : user_pref("extensions.funmoods.savedVrsnTs", "1");
Supprimée : user_pref("extensions.funmoods.sg", "none");
Supprimée : user_pref("extensions.funmoods.smplGrp", "none");
Supprimée : user_pref("extensions.funmoods.smplgrp", "none");
Supprimée : user_pref("extensions.funmoods.srch", "");
Supprimée : user_pref("extensions.funmoods.srchPrvdr", "Search");
Supprimée : user_pref("extensions.funmoods.srchprvdr", "Search");
Supprimée : user_pref("extensions.funmoods.tlbrId", "base");
Supprimée : user_pref("extensions.funmoods.tlbrSrchUrl", "hxxp://start.funmoods.com/?f=3&a=iron2&chnl=iron2&cd=2[...]
Supprimée : user_pref("extensions.funmoods.tlbrid", "base");
Supprimée : user_pref("extensions.funmoods.tlbrsrchurl", "hxxp://start.funmoods.com/?f=3&a=iron2&chnl=iron2&cd=2[...]
Supprimée : user_pref("extensions.funmoods.vrsn", "1.5.23.22");
Supprimée : user_pref("extensions.funmoods.vrsnTs", "1.5.23.2218:7:1");
Supprimée : user_pref("extensions.funmoods.vrsni", "1.5.23.22");
Supprimée : user_pref("extensions.funmoods.vrsnts", "1.5.23.2218:7:1");
Supprimée : user_pref("extensions.funmoods_i.newTab", true);
Supprimée : user_pref("extensions.funmoods_i.smplGrp", "none");
Supprimée : user_pref("extensions.funmoods_i.vrsnTs", "1.5.23.2218:7:1");

-\\ Google Chrome v [Impossible d'obtenir la version]

Fichier : C:\Users\Hicham\AppData\Local\Google\Chrome\User Data\Default\Preferences

[OK] Le fichier ne contient aucune entrée illégitime.

*************************

AdwCleaner[S1].txt - [9351 octets] - [23/09/2012 22:30:40]

########## EOF - C:\AdwCleaner[S1].txt - [9411 octets] ##########



#7 0_shark_0

0_shark_0
  • Topic Starter

  • Members
  • 70 posts
  • OFFLINE
  •  
  • Local time:06:31 PM

Posted 23 September 2012 - 05:00 PM

Report of RogueKiller


RogueKiller V8.0.5 [23/09/2012] par Tigzy
mail: tigzyRK<at>gmail<dot>com
Remontees: http://www.sur-la-toile.com/discussion-193725-1-BRogueKillerD-Remontees.html
Blog: http://tigzyrk.blogspot.com

Systeme d'exploitation: Windows 7 (6.1.7601 Service Pack 1) 64 bits version
Demarrage : Mode normal
Utilisateur : Hicham [Droits d'admin]
Mode : Suppression -- Date : 23/09/2012 22:57:47

¤¤¤ Processus malicieux : 1 ¤¤¤
[SUSP PATH] FacebookMessenger.exe -- C:\Users\Hicham\AppData\Local\Facebook\Messenger\2.1.4631.0\FacebookMessenger.exe -> TUÉ [TermProc]

¤¤¤ Entrees de registre : 6 ¤¤¤
[TASK][SUSP PATH] Core Temp Autostart Hicham : "C:\Users\Hicham\AppData\Local\Temp\Rar$EXa0.099\Core Temp.exe" -> SUPPRIMÉ
[STARTUP][SUSP PATH] Facebook Messenger.lnk @Hicham : C:\Users\Hicham\AppData\Local\Facebook\Messenger\2.1.4631.0\FacebookMessenger.exe -> SUPPRIMÉ
[HJ] HKLM\[...]\System : ConsentPromptBehaviorAdmin (0) -> REMPLACÉ (2)
[HJ] HKLM\[...]\System : EnableLUA (0) -> REMPLACÉ (1)
[HJ DESK] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> REMPLACÉ (0)
[HJ DESK] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> REMPLACÉ (0)

¤¤¤ Fichiers / Dossiers particuliers: ¤¤¤

¤¤¤ Driver : [NON CHARGE] ¤¤¤

¤¤¤ Ruches Externes: ¤¤¤

¤¤¤ Infection : ¤¤¤

¤¤¤ Fichier HOSTS: ¤¤¤
--> C:\Windows\system32\drivers\etc\hosts

127.0.0.1 localhost
127.0.0.1 activate.adobe.com
127.0.0.1 hl2rcv.adobe.com
127.0.0.1 adobeereg.com
127.0.0.1 activate.adobe.com
127.0.0.1 practivate.adobe.com
127.0.0.1 ereg.adobe.com
127.0.0.1 activate.wip3.adobe.com
127.0.0.1 ereg.wip3.adobe.com
127.0.0.1 wip3.adobe.com
127.0.0.1 activate-sea.adobe.com
127.0.0.1 wwis-dubc1-vip60.adobe.com
127.0.0.1 activate-sjc0.adobe.com
127.0.0.1 3dns.adobe.com
127.0.0.1 3dns-1.adobe.com
127.0.0.1 3dns-2.adobe.com
127.0.0.1 3dns-3.adobe.com
127.0.0.1 3dns-4.adobe.com
127.0.0.1 adobe-dns.adobe.com
127.0.0.1 adobe-dns-1.adobe.com
[...]


¤¤¤ MBR Verif: ¤¤¤

+++++ PhysicalDrive0: ATA ST9500420AS SCSI Disk Device +++++
--- User ---
[MBR] 68f2761fe49daf7ee87501755b222b48
[BSP] 4c84975d376cdc24829fc0992f91adaf : Windows 7 MBR Code
Partition table:
0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 2048 | Size: 100 Mo
1 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 206848 | Size: 150838 Mo
2 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 309123072 | Size: 150000 Mo
3 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 616323072 | Size: 176000 Mo
User = LL1 ... OK!
User = LL2 ... OK!

Termine : << RKreport[2].txt >>
RKreport[1].txt ; RKreport[2].txt



#8 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,773 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:02:31 PM

Posted 23 September 2012 - 08:47 PM

Greetings

I want you to run these next,

tdsskiller:

Please read carefully and follow these steps.
  • Download TDSSKiller and save it to your Desktop.
  • doubleclick on TDSSKiller.exe to run the application, then on Start Scan.
  • If an infected file is detected, the default action will be Cure, click on Continue.
  • If a suspicious file is detected, the default action will be Skip, click on Continue.
  • It may ask you to reboot the computer to complete the process. Click on Reboot Now.
  • If no reboot is require, click on Report. A log file should appear. Please copy and paste the contents of that file here.
  • If a reboot is required, the report can also be found in your root directory, (usually C:\ folder) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt". Please copy and paste the contents of that file here.

Please download aswMBR to your desktop.
  • Double click the aswMBR.exe icon to run it
  • it will ask to download extra definitions - ALLOW IT
  • Click the Scan button to start the scan
  • On completion of the scan, click the save log button, save it to your desktop and post it in your next reply.

If you have any problems running either one come back and let me know

please reply with the reports from TDSSKiller and aswMBR

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#9 0_shark_0

0_shark_0
  • Topic Starter

  • Members
  • 70 posts
  • OFFLINE
  •  
  • Local time:06:31 PM

Posted 23 September 2012 - 09:16 PM

Hello

Thanks for your help

Below Tdsskiller log


03:00:17.0025 2336 TDSS rootkit removing tool 2.8.10.0 Sep 17 2012 19:23:24
03:00:17.0261 2336 ============================================================
03:00:17.0261 2336 Current date / time: 2012/09/24 03:00:17.0261
03:00:17.0261 2336 SystemInfo:
03:00:17.0261 2336
03:00:17.0262 2336 OS Version: 6.1.7601 ServicePack: 1.0
03:00:17.0262 2336 Product type: Workstation
03:00:17.0262 2336 ComputerName: HICHAM-PC
03:00:17.0262 2336 UserName: Hicham
03:00:17.0262 2336 Windows directory: C:\Windows
03:00:17.0262 2336 System windows directory: C:\Windows
03:00:17.0262 2336 Running under WOW64
03:00:17.0262 2336 Processor architecture: Intel x64
03:00:17.0262 2336 Number of processors: 8
03:00:17.0262 2336 Page size: 0x1000
03:00:17.0262 2336 Boot type: Normal boot
03:00:17.0262 2336 ============================================================
03:00:18.0319 2336 Drive \Device\Harddisk0\DR0 - Size: 0x7470C06000 (465.76 Gb), SectorSize: 0x200, Cylinders: 0xED81, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
03:00:18.0333 2336 ============================================================
03:00:18.0333 2336 \Device\Harddisk0\DR0:
03:00:18.0334 2336 MBR partitions:
03:00:18.0334 2336 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x32000
03:00:18.0334 2336 \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x32800, BlocksNum 0x1269B000
03:00:18.0334 2336 \Device\Harddisk0\DR0\Partition3: MBR, Type 0x7, StartLBA 0x126CD800, BlocksNum 0x124F8000
03:00:18.0334 2336 \Device\Harddisk0\DR0\Partition4: MBR, Type 0x7, StartLBA 0x24BC5800, BlocksNum 0x157C0000
03:00:18.0334 2336 ============================================================
03:00:18.0450 2336 C: <-> \Device\Harddisk0\DR0\Partition2
03:00:18.0537 2336 D: <-> \Device\Harddisk0\DR0\Partition3
03:00:18.0636 2336 E: <-> \Device\Harddisk0\DR0\Partition4
03:00:18.0636 2336 ============================================================
03:00:18.0636 2336 Initialize success
03:00:18.0636 2336 ============================================================
03:14:21.0153 5600 ============================================================
03:14:21.0153 5600 Scan started
03:14:21.0153 5600 Mode: Manual;
03:14:21.0153 5600 ============================================================
03:14:28.0686 5600 ================ Scan system memory ========================
03:14:28.0686 5600 System memory - ok
03:14:28.0688 5600 ================ Scan services =============================
03:14:28.0810 5600 [ 581D88B25C4D4121824FED2CA38E562F ] !SASCORE C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE
03:14:28.0813 5600 !SASCORE - ok
03:14:28.0967 5600 [ A87D604AEA360176311474C87A63BB88 ] 1394ohci C:\Windows\system32\DRIVERS\1394ohci.sys
03:14:28.0974 5600 1394ohci - ok
03:14:29.0001 5600 [ 1575A815C27789061F34B4F55AE0B5C3 ] Acceler C:\Windows\system32\DRIVERS\accelern.sys
03:14:29.0003 5600 Acceler - ok
03:14:29.0023 5600 [ D81D9E70B8A6DD14D42D7B4EFA65D5F2 ] ACPI C:\Windows\system32\drivers\ACPI.sys
03:14:29.0030 5600 ACPI - ok
03:14:29.0049 5600 [ 99F8E788246D495CE3794D7E7821D2CA ] AcpiPmi C:\Windows\system32\drivers\acpipmi.sys
03:14:29.0051 5600 AcpiPmi - ok
03:14:29.0077 5600 [ 2F6B34B83843F0C5118B63AC634F5BF4 ] adp94xx C:\Windows\system32\drivers\adp94xx.sys
03:14:29.0094 5600 adp94xx - ok
03:14:29.0107 5600 [ 597F78224EE9224EA1A13D6350CED962 ] adpahci C:\Windows\system32\drivers\adpahci.sys
03:14:29.0121 5600 adpahci - ok
03:14:29.0133 5600 [ E109549C90F62FB570B9540C4B148E54 ] adpu320 C:\Windows\system32\drivers\adpu320.sys
03:14:29.0138 5600 adpu320 - ok
03:14:29.0167 5600 [ 4B78B431F225FD8624C5655CB1DE7B61 ] AeLookupSvc C:\Windows\System32\aelupsvc.dll
03:14:29.0170 5600 AeLookupSvc - ok
03:14:29.0214 5600 [ A6FB9DB8F1A86861D955FD6975977AE0 ] AESTFilters C:\Program Files\IDT\WDM\AESTSr64.exe
03:14:29.0217 5600 AESTFilters - ok
03:14:29.0259 5600 [ 1C7857B62DE5994A75B054A9FD4C3825 ] AFD C:\Windows\system32\drivers\afd.sys
03:14:29.0267 5600 AFD - ok
03:14:29.0284 5600 [ 608C14DBA7299D8CB6ED035A68A15799 ] agp440 C:\Windows\system32\drivers\agp440.sys
03:14:29.0286 5600 agp440 - ok
03:14:29.0303 5600 [ 3290D6946B5E30E70414990574883DDB ] ALG C:\Windows\System32\alg.exe
03:14:29.0306 5600 ALG - ok
03:14:29.0317 5600 [ 5812713A477A3AD7363C7438CA2EE038 ] aliide C:\Windows\system32\drivers\aliide.sys
03:14:29.0319 5600 aliide - ok
03:14:29.0368 5600 ALSysIO - ok
03:14:29.0374 5600 [ 1FF8B4431C353CE385C875F194924C0C ] amdide C:\Windows\system32\drivers\amdide.sys
03:14:29.0375 5600 amdide - ok
03:14:29.0390 5600 [ 7024F087CFF1833A806193EF9D22CDA9 ] AmdK8 C:\Windows\system32\drivers\amdk8.sys
03:14:29.0393 5600 AmdK8 - ok
03:14:29.0411 5600 [ 1E56388B3FE0D031C44144EB8C4D6217 ] AmdPPM C:\Windows\system32\drivers\amdppm.sys
03:14:29.0414 5600 AmdPPM - ok
03:14:29.0442 5600 [ D4121AE6D0C0E7E13AA221AA57EF2D49 ] amdsata C:\Windows\system32\drivers\amdsata.sys
03:14:29.0446 5600 amdsata - ok
03:14:29.0455 5600 [ F67F933E79241ED32FF46A4F29B5120B ] amdsbs C:\Windows\system32\drivers\amdsbs.sys
03:14:29.0460 5600 amdsbs - ok
03:14:29.0474 5600 [ 540DAF1CEA6094886D72126FD7C33048 ] amdxata C:\Windows\system32\drivers\amdxata.sys
03:14:29.0476 5600 amdxata - ok
03:14:29.0516 5600 [ D46391F209DE0A98A97D1D1765F53438 ] AMPPAL C:\Windows\system32\DRIVERS\AMPPAL.sys
03:14:29.0520 5600 AMPPAL - ok
03:14:29.0536 5600 [ D46391F209DE0A98A97D1D1765F53438 ] AMPPALP C:\Windows\system32\DRIVERS\amppal.sys
03:14:29.0538 5600 AMPPALP - ok
03:14:29.0613 5600 [ EDFB061F7D553B84731B8263077FD520 ] AMPPALR3 C:\Program Files\Intel\BluetoothHS\BTHSAmpPalService.exe
03:14:29.0638 5600 AMPPALR3 - ok
03:14:29.0674 5600 [ 4DE0D5D747A73797C95A97DCCE5018B5 ] androidusb C:\Windows\system32\Drivers\ssadadb.sys
03:14:29.0762 5600 androidusb - ok
03:14:29.0828 5600 [ 32F05F53341C75427906B661084E9826 ] ApfiltrService C:\Windows\system32\DRIVERS\Apfiltr.sys
03:14:29.0836 5600 ApfiltrService - ok
03:14:29.0869 5600 [ 89A69C3F2F319B43379399547526D952 ] AppID C:\Windows\system32\drivers\appid.sys
03:14:29.0872 5600 AppID - ok
03:14:29.0895 5600 [ 0BC381A15355A3982216F7172F545DE1 ] AppIDSvc C:\Windows\System32\appidsvc.dll
03:14:29.0898 5600 AppIDSvc - ok
03:14:29.0914 5600 [ 3977D4A871CA0D4F2ED1E7DB46829731 ] Appinfo C:\Windows\System32\appinfo.dll
03:14:29.0916 5600 Appinfo - ok
03:14:29.0949 5600 [ 4ABA3E75A76195A3E38ED2766C962899 ] AppMgmt C:\Windows\System32\appmgmts.dll
03:14:29.0953 5600 AppMgmt - ok
03:14:29.0972 5600 [ C484F8CEB1717C540242531DB7845C4E ] arc C:\Windows\system32\drivers\arc.sys
03:14:29.0974 5600 arc - ok
03:14:29.0979 5600 [ 019AF6924AEFE7839F61C830227FE79C ] arcsas C:\Windows\system32\drivers\arcsas.sys
03:14:29.0981 5600 arcsas - ok
03:14:30.0061 5600 [ 9217D874131AE6FF8F642F124F00A555 ] aspnet_state C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_state.exe
03:14:30.0070 5600 aspnet_state - ok
03:14:30.0098 5600 [ 769765CE2CC62867468CEA93969B2242 ] AsyncMac C:\Windows\system32\DRIVERS\asyncmac.sys
03:14:30.0099 5600 AsyncMac - ok
03:14:30.0127 5600 [ 02062C0B390B7729EDC9E69C680A6F3C ] atapi C:\Windows\system32\drivers\atapi.sys
03:14:30.0131 5600 atapi - ok
03:14:30.0162 5600 [ F23FEF6D569FCE88671949894A8BECF1 ] AudioEndpointBuilder C:\Windows\System32\Audiosrv.dll
03:14:30.0187 5600 AudioEndpointBuilder - ok
03:14:30.0214 5600 [ F23FEF6D569FCE88671949894A8BECF1 ] AudioSrv C:\Windows\System32\Audiosrv.dll
03:14:30.0223 5600 AudioSrv - ok
03:14:30.0234 5600 [ A6BF31A71B409DFA8CAC83159E1E2AFF ] AxInstSV C:\Windows\System32\AxInstSV.dll
03:14:30.0237 5600 AxInstSV - ok
03:14:30.0261 5600 [ 3E5B191307609F7514148C6832BB0842 ] b06bdrv C:\Windows\system32\drivers\bxvbda.sys
03:14:30.0278 5600 b06bdrv - ok
03:14:30.0300 5600 [ B5ACE6968304A3900EEB1EBFD9622DF2 ] b57nd60a C:\Windows\system32\DRIVERS\b57nd60a.sys
03:14:30.0306 5600 b57nd60a - ok
03:14:30.0317 5600 [ FDE360167101B4E45A96F939F388AEB0 ] BDESVC C:\Windows\System32\bdesvc.dll
03:14:30.0320 5600 BDESVC - ok
03:14:30.0337 5600 [ 16A47CE2DECC9B099349A5F840654746 ] Beep C:\Windows\system32\drivers\Beep.sys
03:14:30.0339 5600 Beep - ok
03:14:30.0378 5600 [ 82974D6A2FD19445CC5171FC378668A4 ] BFE C:\Windows\System32\bfe.dll
03:14:30.0404 5600 BFE - ok
03:14:30.0429 5600 [ 1EA7969E3271CBC59E1730697DC74682 ] BITS C:\Windows\System32\qmgr.dll
03:14:30.0442 5600 BITS - ok
03:14:30.0468 5600 [ 61583EE3C3A17003C4ACD0475646B4D3 ] blbdrive C:\Windows\system32\DRIVERS\blbdrive.sys
03:14:30.0470 5600 blbdrive - ok
03:14:30.0491 5600 [ 6C02A83164F5CC0A262F4199F0871CF5 ] bowser C:\Windows\system32\DRIVERS\bowser.sys
03:14:30.0493 5600 bowser - ok
03:14:30.0504 5600 [ F09EEE9EDC320B5E1501F749FDE686C8 ] BrFiltLo C:\Windows\system32\drivers\BrFiltLo.sys
03:14:30.0505 5600 BrFiltLo - ok
03:14:30.0516 5600 [ B114D3098E9BDB8BEA8B053685831BE6 ] BrFiltUp C:\Windows\system32\drivers\BrFiltUp.sys
03:14:30.0518 5600 BrFiltUp - ok
03:14:30.0538 5600 [ 05F5A0D14A2EE1D8255C2AA0E9E8E694 ] Browser C:\Windows\System32\browser.dll
03:14:30.0540 5600 Browser - ok
03:14:30.0559 5600 [ 43BEA8D483BF1870F018E2D02E06A5BD ] Brserid C:\Windows\System32\Drivers\Brserid.sys
03:14:30.0564 5600 Brserid - ok
03:14:30.0579 5600 [ A6ECA2151B08A09CACECA35C07F05B42 ] BrSerWdm C:\Windows\System32\Drivers\BrSerWdm.sys
03:14:30.0583 5600 BrSerWdm - ok
03:14:30.0602 5600 [ B79968002C277E869CF38BD22CD61524 ] BrUsbMdm C:\Windows\System32\Drivers\BrUsbMdm.sys
03:14:30.0605 5600 BrUsbMdm - ok
03:14:30.0619 5600 [ A87528880231C54E75EA7A44943B38BF ] BrUsbSer C:\Windows\System32\Drivers\BrUsbSer.sys
03:14:30.0620 5600 BrUsbSer - ok
03:14:30.0693 5600 [ 10FD4012F46014FA9A32AB3B7EB9B6F8 ] BstHdAndroidSvc C:\Program Files (x86)\BlueStacks\HD-Service.exe
03:14:30.0710 5600 BstHdAndroidSvc - ok
03:14:30.0743 5600 [ 10B5DCD39CD974DF1388378198F13E14 ] BstHdDrv C:\Program Files (x86)\BlueStacks\HD-Hypervisor-amd64.sys
03:14:30.0747 5600 BstHdDrv - ok
03:14:30.0770 5600 [ 51406DFA8A41E0740389CE710F7174A6 ] BstHdLogRotatorSvc C:\Program Files (x86)\BlueStacks\HD-LogRotatorService.exe
03:14:30.0779 5600 BstHdLogRotatorSvc - ok
03:14:30.0817 5600 [ CF98190A94F62E405C8CB255018B2315 ] BthEnum C:\Windows\system32\drivers\BthEnum.sys
03:14:30.0818 5600 BthEnum - ok
03:14:30.0837 5600 [ 9DA669F11D1F894AB4EB69BF546A42E8 ] BTHMODEM C:\Windows\system32\drivers\bthmodem.sys
03:14:30.0840 5600 BTHMODEM - ok
03:14:30.0867 5600 [ 02DD601B708DD0667E1331FA8518E9FF ] BthPan C:\Windows\system32\DRIVERS\bthpan.sys
03:14:30.0869 5600 BthPan - ok
03:14:30.0884 5600 [ 738D0E9272F59EB7A1449C3EC118E6C4 ] BTHPORT C:\Windows\System32\Drivers\BTHport.sys
03:14:30.0902 5600 BTHPORT - ok
03:14:30.0931 5600 [ 95F9C2976059462CBBF227F7AAB10DE9 ] bthserv C:\Windows\system32\bthserv.dll
03:14:30.0933 5600 bthserv - ok
03:14:30.0969 5600 [ A3BC030FC526643DFDCA27299F75544B ] BTHSSecurityMgr C:\Program Files\Intel\BluetoothHS\BTHSSecurityMgr.exe
03:14:30.0974 5600 BTHSSecurityMgr - ok
03:14:30.0990 5600 [ F188B7394D81010767B6DF3178519A37 ] BTHUSB C:\Windows\System32\Drivers\BTHUSB.sys
03:14:30.0992 5600 BTHUSB - ok
03:14:31.0046 5600 [ 72CC5DCC4E67E7927F94801166CFDCDA ] BTWAMPFL C:\Windows\system32\DRIVERS\btwampfl.sys
03:14:31.0063 5600 BTWAMPFL - ok
03:14:31.0070 5600 btwaudio - ok
03:14:31.0087 5600 btwavdt - ok
03:14:31.0095 5600 btwl2cap - ok
03:14:31.0102 5600 btwrchid - ok
03:14:31.0131 5600 [ B8BD2BB284668C84865658C77574381A ] cdfs C:\Windows\system32\DRIVERS\cdfs.sys
03:14:31.0138 5600 cdfs - ok
03:14:31.0163 5600 [ F036CE71586E93D94DAB220D7BDF4416 ] cdrom C:\Windows\system32\DRIVERS\cdrom.sys
03:14:31.0166 5600 cdrom - ok
03:14:31.0200 5600 [ F17D1D393BBC69C5322FBFAFACA28C7F ] CertPropSvc C:\Windows\System32\certprop.dll
03:14:31.0201 5600 CertPropSvc - ok
03:14:31.0210 5600 [ D7CD5C4E1B71FA62050515314CFB52CF ] circlass C:\Windows\system32\drivers\circlass.sys
03:14:31.0211 5600 circlass - ok
03:14:31.0231 5600 [ FE1EC06F2253F691FE36217C592A0206 ] CLFS C:\Windows\system32\CLFS.sys
03:14:31.0236 5600 CLFS - ok
03:14:31.0290 5600 [ D88040F816FDA31C3B466F0FA0918F29 ] clr_optimization_v2.0.50727_32 C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
03:14:31.0299 5600 clr_optimization_v2.0.50727_32 - ok
03:14:31.0341 5600 [ D1CEEA2B47CB998321C579651CE3E4F8 ] clr_optimization_v2.0.50727_64 C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe
03:14:31.0342 5600 clr_optimization_v2.0.50727_64 - ok
03:14:31.0396 5600 [ C5A75EB48E2344ABDC162BDA79E16841 ] clr_optimization_v4.0.30319_32 C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
03:14:31.0465 5600 clr_optimization_v4.0.30319_32 - ok
03:14:31.0486 5600 [ C6F9AF94DCD58122A4D7E89DB6BED29D ] clr_optimization_v4.0.30319_64 C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
03:14:31.0493 5600 clr_optimization_v4.0.30319_64 - ok
03:14:31.0509 5600 [ 0840155D0BDDF1190F84A663C284BD33 ] CmBatt C:\Windows\system32\DRIVERS\CmBatt.sys
03:14:31.0511 5600 CmBatt - ok
03:14:31.0537 5600 [ E19D3F095812725D88F9001985B94EDD ] cmdide C:\Windows\system32\drivers\cmdide.sys
03:14:31.0538 5600 cmdide - ok
03:14:31.0577 5600 [ 9AC4F97C2D3E93367E2148EA940CD2CD ] CNG C:\Windows\system32\Drivers\cng.sys
03:14:31.0584 5600 CNG - ok
03:14:31.0591 5600 [ 102DE219C3F61415F964C88E9085AD14 ] Compbatt C:\Windows\system32\DRIVERS\compbatt.sys
03:14:31.0592 5600 Compbatt - ok
03:14:31.0610 5600 [ 03EDB043586CCEBA243D689BDDA370A8 ] CompositeBus C:\Windows\system32\DRIVERS\CompositeBus.sys
03:14:31.0612 5600 CompositeBus - ok
03:14:31.0615 5600 COMSysApp - ok
03:14:31.0704 5600 [ C018B548183363E4E22C234EAF992779 ] cphs C:\Windows\SysWow64\IntelCpHeciSvc.exe
03:14:31.0710 5600 cphs - ok
03:14:31.0750 5600 [ 3CA734CE373E5675FBC15CA2C45228E5 ] cpudrv64 C:\Program Files (x86)\SystemRequirementsLab\cpudrv64.sys
03:14:31.0752 5600 cpudrv64 - ok
03:14:31.0768 5600 [ 1C827878A998C18847245FE1F34EE597 ] crcdisk C:\Windows\system32\drivers\crcdisk.sys
03:14:31.0770 5600 crcdisk - ok
03:14:31.0837 5600 [ 61168605E246EF720836EF002B41DB76 ] Credential Vault Host Control Service C:\Program Files\Broadcom Corporation\Broadcom USH Host Components\CV\bin\HostControlService.exe
03:14:31.0863 5600 Credential Vault Host Control Service - ok
03:14:31.0873 5600 [ 3FF36748890EFF5FDF716EAFBF299A4A ] Credential Vault Host Storage C:\Program Files\Broadcom Corporation\Broadcom USH Host Components\CV\bin\HostStorageService.exe
03:14:31.0874 5600 Credential Vault Host Storage - ok
03:14:31.0916 5600 [ 4F5414602E2544A4554D95517948B705 ] CryptSvc C:\Windows\system32\cryptsvc.dll
03:14:31.0921 5600 CryptSvc - ok
03:14:31.0957 5600 [ 54DA3DFD29ED9F1619B6F53F3CE55E49 ] CSC C:\Windows\system32\drivers\csc.sys
03:14:31.0966 5600 CSC - ok
03:14:31.0990 5600 [ 3AB183AB4D2C79DCF459CD2C1266B043 ] CscService C:\Windows\System32\cscsvc.dll
03:14:32.0015 5600 CscService - ok
03:14:32.0037 5600 [ 691C449ED4A7B6EF71F7F1F25EA434BD ] cvusbdrv C:\Windows\system32\Drivers\cvusbdrv.sys
03:14:32.0038 5600 cvusbdrv - ok
03:14:32.0076 5600 [ 5C627D1B1138676C0A7AB2C2C190D123 ] DcomLaunch C:\Windows\system32\rpcss.dll
03:14:32.0102 5600 DcomLaunch - ok
03:14:32.0133 5600 [ 3CEC7631A84943677AA8FA8EE5B6B43D ] defragsvc C:\Windows\System32\defragsvc.dll
03:14:32.0140 5600 defragsvc - ok
03:14:32.0215 5600 [ C358F3933B228915F8A65D54ED2A8A23 ] DFEPService C:\Program Files\Dell\Feature Enhancement Pack\DFEPService.exe
03:14:32.0274 5600 DFEPService - ok
03:14:32.0294 5600 [ 9BB2EF44EAA163B29C4A4587887A0FE4 ] DfsC C:\Windows\system32\Drivers\dfsc.sys
03:14:32.0296 5600 DfsC - ok
03:14:32.0326 5600 [ 6060106CE00F32F63F1A73160E46E9D2 ] dg_ssudbus C:\Windows\system32\DRIVERS\ssudbus.sys
03:14:32.0329 5600 dg_ssudbus - ok
03:14:32.0359 5600 [ 43D808F5D9E1A18E5EEB5EBC83969E4E ] Dhcp C:\Windows\system32\dhcpcore.dll
03:14:32.0382 5600 Dhcp - ok
03:14:32.0398 5600 [ 13096B05847EC78F0977F2C0F79E9AB3 ] discache C:\Windows\system32\drivers\discache.sys
03:14:32.0401 5600 discache - ok
03:14:32.0424 5600 [ 9819EEE8B5EA3784EC4AF3B137A5244C ] Disk C:\Windows\system32\drivers\disk.sys
03:14:32.0426 5600 Disk - ok
03:14:32.0449 5600 [ 5DB085A8A6600BE6401F2B24EECB5415 ] dmvsc C:\Windows\system32\drivers\dmvsc.sys
03:14:32.0453 5600 dmvsc - ok
03:14:32.0479 5600 [ 16835866AAA693C7D7FCEBA8FFF706E4 ] Dnscache C:\Windows\System32\dnsrslvr.dll
03:14:32.0485 5600 Dnscache - ok
03:14:32.0496 5600 [ B1FB3DDCA0FDF408750D5843591AFBC6 ] dot3svc C:\Windows\System32\dot3svc.dll
03:14:32.0502 5600 dot3svc - ok
03:14:32.0515 5600 [ B26F4F737E8F9DF4F31AF6CF31D05820 ] DPS C:\Windows\system32\dps.dll
03:14:32.0521 5600 DPS - ok
03:14:32.0570 5600 [ B28C853770C995552B9F5760D8245F44 ] driverhardwarev2x64 C:\Program Files\ma-config.com\Drivers\driverhardwarev2x64.sys
03:14:32.0573 5600 driverhardwarev2x64 - ok
03:14:32.0602 5600 [ 9B19F34400D24DF84C858A421C205754 ] drmkaud C:\Windows\system32\drivers\drmkaud.sys
03:14:32.0603 5600 drmkaud - ok
03:14:32.0641 5600 [ F5BEE30450E18E6B83A5012C100616FD ] DXGKrnl C:\Windows\System32\drivers\dxgkrnl.sys
03:14:32.0666 5600 DXGKrnl - ok
03:14:32.0699 5600 [ 1BEF2C2E229452EC49FFE5A27283341D ] e1cexpress C:\Windows\system32\DRIVERS\e1c62x64.sys
03:14:32.0708 5600 e1cexpress - ok
03:14:32.0717 5600 [ E2DDA8726DA9CB5B2C4000C9018A9633 ] EapHost C:\Windows\System32\eapsvc.dll
03:14:32.0720 5600 EapHost - ok
03:14:32.0806 5600 [ DC5D737F51BE844D8C82C695EB17372F ] ebdrv C:\Windows\system32\drivers\evbda.sys
03:14:32.0873 5600 ebdrv - ok
03:14:32.0898 5600 [ C118A82CD78818C29AB228366EBF81C3 ] EFS C:\Windows\System32\lsass.exe
03:14:32.0901 5600 EFS - ok
03:14:32.0954 5600 [ C4002B6B41975F057D98C439030CEA07 ] ehRecvr C:\Windows\ehome\ehRecvr.exe
03:14:32.0971 5600 ehRecvr - ok
03:14:32.0976 5600 [ 4705E8EF9934482C5BB488CE28AFC681 ] ehSched C:\Windows\ehome\ehsched.exe
03:14:32.0985 5600 ehSched - ok
03:14:33.0030 5600 [ F21A07780BBD64ADEF872F50E8CE2E75 ] ElRawDisk C:\Windows\system32\drivers\ElRawDsk.sys
03:14:33.0033 5600 ElRawDisk - ok
03:14:33.0069 5600 [ 0E5DA5369A0FCAEA12456DD852545184 ] elxstor C:\Windows\system32\drivers\elxstor.sys
03:14:33.0090 5600 elxstor - ok
03:14:33.0100 5600 [ 34A3C54752046E79A126E15C51DB409B ] ErrDev C:\Windows\system32\drivers\errdev.sys
03:14:33.0102 5600 ErrDev - ok
03:14:33.0128 5600 [ 4166F82BE4D24938977DD1746BE9B8A0 ] EventSystem C:\Windows\system32\es.dll
03:14:33.0151 5600 EventSystem - ok
03:14:33.0237 5600 [ 6EB16C7286FBCD3AB206743BA813EC48 ] EvtEng C:\Program Files\Intel\WiFi\bin\EvtEng.exe
03:14:33.0263 5600 EvtEng - ok
03:14:33.0300 5600 [ A510C654EC00C1E9BDD91EEB3A59823B ] exfat C:\Windows\system32\drivers\exfat.sys
03:14:33.0305 5600 exfat - ok
03:14:33.0325 5600 [ 0ADC83218B66A6DB380C330836F3E36D ] fastfat C:\Windows\system32\drivers\fastfat.sys
03:14:33.0329 5600 fastfat - ok
03:14:33.0457 5600 [ DBEFD454F8318A0EF691FDD2EAAB44EB ] Fax C:\Windows\system32\fxssvc.exe
03:14:33.0509 5600 Fax - ok
03:14:33.0544 5600 [ D765D19CD8EF61F650C384F62FAC00AB ] fdc C:\Windows\system32\drivers\fdc.sys
03:14:33.0546 5600 fdc - ok
03:14:33.0557 5600 [ 0438CAB2E03F4FB61455A7956026FE86 ] fdPHost C:\Windows\system32\fdPHost.dll
03:14:33.0560 5600 fdPHost - ok
03:14:33.0564 5600 [ 802496CB59A30349F9A6DD22D6947644 ] FDResPub C:\Windows\system32\fdrespub.dll
03:14:33.0566 5600 FDResPub - ok
03:14:33.0570 5600 [ 655661BE46B5F5F3FD454E2C3095B930 ] FileInfo C:\Windows\system32\drivers\fileinfo.sys
03:14:33.0572 5600 FileInfo - ok
03:14:33.0576 5600 [ 5F671AB5BC87EEA04EC38A6CD5962A47 ] Filetrace C:\Windows\system32\drivers\filetrace.sys
03:14:33.0578 5600 Filetrace - ok
03:14:33.0581 5600 [ C172A0F53008EAEB8EA33FE10E177AF5 ] flpydisk C:\Windows\system32\drivers\flpydisk.sys
03:14:33.0582 5600 flpydisk - ok
03:14:33.0595 5600 [ DA6B67270FD9DB3697B20FCE94950741 ] FltMgr C:\Windows\system32\drivers\fltmgr.sys
03:14:33.0600 5600 FltMgr - ok
03:14:33.0643 5600 [ 5C4CB4086FB83115B153E47ADD961A0C ] FontCache C:\Windows\system32\FntCache.dll
03:14:33.0670 5600 FontCache - ok
03:14:33.0715 5600 [ A8B7F3818AB65695E3A0BB3279F6DCE6 ] FontCache3.0.0.0 C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
03:14:33.0717 5600 FontCache3.0.0.0 - ok
03:14:33.0721 5600 [ D43703496149971890703B4B1B723EAC ] FsDepends C:\Windows\system32\drivers\FsDepends.sys
03:14:33.0723 5600 FsDepends - ok
03:14:33.0750 5600 [ 6BD9295CC032DD3077C671FCCF579A7B ] Fs_Rec C:\Windows\system32\drivers\Fs_Rec.sys
03:14:33.0752 5600 Fs_Rec - ok
03:14:33.0766 5600 [ 1F7B25B858FA27015169FE95E54108ED ] fvevol C:\Windows\system32\DRIVERS\fvevol.sys
03:14:33.0770 5600 fvevol - ok
03:14:33.0791 5600 [ 8C778D335C9D272CFD3298AB02ABE3B6 ] gagp30kx C:\Windows\system32\drivers\gagp30kx.sys
03:14:33.0793 5600 gagp30kx - ok
03:14:33.0818 5600 [ 277BBC7E1AA1EE957F573A10ECA7EF3A ] gpsvc C:\Windows\System32\gpsvc.dll
03:14:33.0840 5600 gpsvc - ok
03:14:33.0913 5600 [ F02A533F517EB38333CB12A9E8963773 ] gupdate C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
03:14:33.0917 5600 gupdate - ok
03:14:33.0936 5600 [ F02A533F517EB38333CB12A9E8963773 ] gupdatem C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
03:14:33.0938 5600 gupdatem - ok
03:14:33.0949 5600 [ F2523EF6460FC42405B12248338AB2F0 ] hcw85cir C:\Windows\system32\drivers\hcw85cir.sys
03:14:33.0951 5600 hcw85cir - ok
03:14:33.0991 5600 [ 975761C778E33CD22498059B91E7373A ] HdAudAddService C:\Windows\system32\drivers\HdAudio.sys
03:14:33.0998 5600 HdAudAddService - ok
03:14:34.0019 5600 [ 97BFED39B6B79EB12CDDBFEED51F56BB ] HDAudBus C:\Windows\system32\DRIVERS\HDAudBus.sys
03:14:34.0022 5600 HDAudBus - ok
03:14:34.0028 5600 [ 78E86380454A7B10A5EB255DC44A355F ] HidBatt C:\Windows\system32\drivers\HidBatt.sys
03:14:34.0029 5600 HidBatt - ok
03:14:34.0046 5600 [ 7FD2A313F7AFE5C4DAB14798C48DD104 ] HidBth C:\Windows\system32\DRIVERS\hidbth.sys
03:14:34.0049 5600 HidBth - ok
03:14:34.0066 5600 [ 0A77D29F311B88CFAE3B13F9C1A73825 ] HidIr C:\Windows\system32\drivers\hidir.sys
03:14:34.0068 5600 HidIr - ok
03:14:34.0078 5600 [ BD9EB3958F213F96B97B1D897DEE006D ] hidserv C:\Windows\system32\hidserv.dll
03:14:34.0080 5600 hidserv - ok
03:14:34.0091 5600 [ 9592090A7E2B61CD582B612B6DF70536 ] HidUsb C:\Windows\system32\DRIVERS\hidusb.sys
03:14:34.0092 5600 HidUsb - ok
03:14:34.0096 5600 [ 387E72E739E15E3D37907A86D9FF98E2 ] hkmsvc C:\Windows\system32\kmsvc.dll
03:14:34.0098 5600 hkmsvc - ok
03:14:34.0115 5600 [ EFDFB3DD38A4376F93E7985173813ABD ] HomeGroupListener C:\Windows\system32\ListSvc.dll
03:14:34.0120 5600 HomeGroupListener - ok
03:14:34.0130 5600 [ 908ACB1F594274965A53926B10C81E89 ] HomeGroupProvider C:\Windows\system32\provsvc.dll
03:14:34.0135 5600 HomeGroupProvider - ok
03:14:34.0224 5600 [ 97AAC45A375168C6A2297BEEB9692E31 ] hpqcxs08 C:\Program Files (x86)\HP\Digital Imaging\bin\hpqcxs08.dll
03:14:34.0230 5600 hpqcxs08 - ok
03:14:34.0241 5600 [ 39D2ABCD392F3D8A6DCE7B60AE7B8EFC ] HpSAMD C:\Windows\system32\drivers\HpSAMD.sys
03:14:34.0243 5600 HpSAMD - ok
03:14:34.0280 5600 [ F37882F128EFACEFE353E0BAE2766909 ] HPSLPSVC C:\Program Files (x86)\HP\Digital Imaging\bin\HPSLPSVC64.DLL
03:14:34.0305 5600 HPSLPSVC - ok
03:14:34.0326 5600 [ 0EA7DE1ACB728DD5A369FD742D6EEE28 ] HTTP C:\Windows\system32\drivers\HTTP.sys
03:14:34.0343 5600 HTTP - ok
03:14:34.0385 5600 [ D969D0E26C5B1E813B17066A8318D5D4 ] hwdatacard C:\Windows\system32\DRIVERS\ewusbmdm.sys
03:14:34.0390 5600 hwdatacard - ok
03:14:34.0408 5600 [ A5462BD6884960C9DC85ED49D34FF392 ] hwpolicy C:\Windows\system32\drivers\hwpolicy.sys
03:14:34.0410 5600 hwpolicy - ok
03:14:34.0440 5600 [ B45B3647BA32749B94FA689175EC8C26 ] hwusbdev C:\Windows\system32\DRIVERS\ewusbdev.sys
03:14:34.0444 5600 hwusbdev - ok
03:14:34.0474 5600 [ FA55C73D4AFFA7EE23AC4BE53B4592D3 ] i8042prt C:\Windows\system32\DRIVERS\i8042prt.sys
03:14:34.0477 5600 i8042prt - ok
03:14:34.0534 5600 [ CCFA835960E35F30D28A868E0B3B8722 ] iaStor C:\Windows\system32\DRIVERS\iaStor.sys
03:14:34.0554 5600 iaStor - ok
03:14:34.0595 5600 [ 6C91E425ACE29594BD574DE38AC9B76D ] iaStorA C:\Windows\system32\DRIVERS\iaStorA.sys
03:14:34.0601 5600 iaStorA - ok
03:14:34.0676 5600 [ 0AB254994A460550258446950BB58311 ] IAStorDataMgrSvc C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe
03:14:34.0678 5600 IAStorDataMgrSvc - ok
03:14:34.0710 5600 [ 2B38F13E18E272459CD2CE83E6722C12 ] iaStorF C:\Windows\system32\DRIVERS\iaStorF.sys
03:14:34.0712 5600 iaStorF - ok
03:14:34.0749 5600 [ AAAF44DB3BD0B9D1FB6969B23ECC8366 ] iaStorV C:\Windows\system32\drivers\iaStorV.sys
03:14:34.0758 5600 iaStorV - ok
03:14:34.0808 5600 [ 1CF03C69B49ACB70C722DF92755C0C8C ] IDriverT C:\Program Files (x86)\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
03:14:34.0812 5600 IDriverT - ok
03:14:34.0864 5600 [ 5988FC40F8DB5B0739CD1E3A5D0D78BD ] idsvc C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe
03:14:34.0890 5600 idsvc - ok
03:14:35.0081 5600 [ 9A2A5417366DFAC11FBA73E436D6D6B1 ] igfx C:\Windows\system32\DRIVERS\igdkmd64.sys
03:14:35.0262 5600 igfx - ok
03:14:35.0292 5600 [ 5C18831C61933628F5BB0EA2675B9D21 ] iirsp C:\Windows\system32\drivers\iirsp.sys
03:14:35.0294 5600 iirsp - ok
03:14:35.0331 5600 [ FCD84C381E0140AF901E58D48882D26B ] IKEEXT C:\Windows\System32\ikeext.dll
03:14:35.0359 5600 IKEEXT - ok
03:14:35.0428 5600 [ C99F8E90DE4B8F0C7FE15BB1CBCD29DC ] Intel® Capability Licensing Service Interface c:\Program Files\Intel\iCLS Client\HeciServer.exe
03:14:35.0443 5600 Intel® Capability Licensing Service Interface - ok
03:14:35.0479 5600 [ 42CEE1BA152FA267AE8587B4DE3B7B28 ] Intel® PROSet Monitoring Service C:\Windows\system32\IProsetMonitor.exe
03:14:35.0485 5600 Intel® PROSet Monitoring Service - ok
03:14:35.0504 5600 [ F00F20E70C6EC3AA366910083A0518AA ] intelide C:\Windows\system32\drivers\intelide.sys
03:14:35.0506 5600 intelide - ok
03:14:35.0527 5600 [ ADA036632C664CAA754079041CF1F8C1 ] intelppm C:\Windows\system32\DRIVERS\intelppm.sys
03:14:35.0529 5600 intelppm - ok
03:14:35.0535 5600 [ 098A91C54546A3B878DAD6A7E90A455B ] IPBusEnum C:\Windows\system32\ipbusenum.dll
03:14:35.0538 5600 IPBusEnum - ok
03:14:35.0555 5600 [ C9F0E1BD74365A8771590E9008D22AB6 ] IpFilterDriver C:\Windows\system32\DRIVERS\ipfltdrv.sys
03:14:35.0556 5600 IpFilterDriver - ok
03:14:35.0570 5600 [ A34A587FFFD45FA649FBA6D03784D257 ] iphlpsvc C:\Windows\System32\iphlpsvc.dll
03:14:35.0579 5600 iphlpsvc - ok
03:14:35.0591 5600 [ 0FC1AEA580957AA8817B8F305D18CA3A ] IPMIDRV C:\Windows\system32\drivers\IPMIDrv.sys
03:14:35.0593 5600 IPMIDRV - ok
03:14:35.0612 5600 [ AF9B39A7E7B6CAA203B3862582E9F2D0 ] IPNAT C:\Windows\system32\drivers\ipnat.sys
03:14:35.0615 5600 IPNAT - ok
03:14:35.0626 5600 [ 3ABF5E7213EB28966D55D58B515D5CE9 ] IRENUM C:\Windows\system32\drivers\irenum.sys
03:14:35.0628 5600 IRENUM - ok
03:14:35.0643 5600 [ 2F7B28DC3E1183E5EB418DF55C204F38 ] isapnp C:\Windows\system32\drivers\isapnp.sys
03:14:35.0644 5600 isapnp - ok
03:14:35.0665 5600 [ D931D7309DEB2317035B07C9F9E6B0BD ] iScsiPrt C:\Windows\system32\drivers\msiscsi.sys
03:14:35.0670 5600 iScsiPrt - ok
03:14:35.0701 5600 [ FA92AFD59F7A16D8F4BB94CBA8061F47 ] jhi_service C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe
03:14:35.0704 5600 jhi_service - ok
03:14:35.0728 5600 [ BC02336F1CBA7DCC7D1213BB588A68A5 ] kbdclass C:\Windows\system32\DRIVERS\kbdclass.sys
03:14:35.0731 5600 kbdclass - ok
03:14:35.0749 5600 [ 0705EFF5B42A9DB58548EEC3B26BB484 ] kbdhid C:\Windows\system32\drivers\kbdhid.sys
03:14:35.0752 5600 kbdhid - ok
03:14:35.0769 5600 [ C118A82CD78818C29AB228366EBF81C3 ] KeyIso C:\Windows\system32\lsass.exe
03:14:35.0770 5600 KeyIso - ok
03:14:35.0786 5600 [ 97A7070AEA4C058B6418519E869A63B4 ] KSecDD C:\Windows\system32\Drivers\ksecdd.sys
03:14:35.0789 5600 KSecDD - ok
03:14:35.0798 5600 [ 26C43A7C2862447EC59DEDA188D1DA07 ] KSecPkg C:\Windows\system32\Drivers\ksecpkg.sys
03:14:35.0802 5600 KSecPkg - ok
03:14:35.0815 5600 [ 6869281E78CB31A43E969F06B57347C4 ] ksthunk C:\Windows\system32\drivers\ksthunk.sys
03:14:35.0817 5600 ksthunk - ok
03:14:35.0848 5600 [ 6AB66E16AA859232F64DEB66887A8C9C ] KtmRm C:\Windows\system32\msdtckrm.dll
03:14:35.0856 5600 KtmRm - ok
03:14:35.0875 5600 [ D9F42719019740BAA6D1C6D536CBDAA6 ] LanmanServer C:\Windows\system32\srvsvc.dll
03:14:35.0881 5600 LanmanServer - ok
03:14:35.0893 5600 [ 851A1382EED3E3A7476DB004F4EE3E1A ] LanmanWorkstation C:\Windows\System32\wkssvc.dll
03:14:35.0896 5600 LanmanWorkstation - ok
03:14:35.0914 5600 [ 1538831CF8AD2979A04C423779465827 ] lltdio C:\Windows\system32\DRIVERS\lltdio.sys
03:14:35.0917 5600 lltdio - ok
03:14:35.0937 5600 [ C1185803384AB3FEED115F79F109427F ] lltdsvc C:\Windows\System32\lltdsvc.dll
03:14:35.0944 5600 lltdsvc - ok
03:14:35.0949 5600 [ F993A32249B66C9D622EA5592A8B76B8 ] lmhosts C:\Windows\System32\lmhsvc.dll
03:14:35.0951 5600 lmhosts - ok
03:14:35.0996 5600 [ 4269D44BB47A6DA5D80B11F4C8536458 ] LMS C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
03:14:36.0002 5600 LMS - ok
03:14:36.0028 5600 [ 1A93E54EB0ECE102495A51266DCDB6A6 ] LSI_FC C:\Windows\system32\drivers\lsi_fc.sys
03:14:36.0031 5600 LSI_FC - ok
03:14:36.0044 5600 [ 1047184A9FDC8BDBFF857175875EE810 ] LSI_SAS C:\Windows\system32\drivers\lsi_sas.sys
03:14:36.0047 5600 LSI_SAS - ok
03:14:36.0055 5600 [ 30F5C0DE1EE8B5BC9306C1F0E4A75F93 ] LSI_SAS2 C:\Windows\system32\drivers\lsi_sas2.sys
03:14:36.0057 5600 LSI_SAS2 - ok
03:14:36.0063 5600 [ 0504EACAFF0D3C8AED161C4B0D369D4A ] LSI_SCSI C:\Windows\system32\drivers\lsi_scsi.sys
03:14:36.0066 5600 LSI_SCSI - ok
03:14:36.0079 5600 [ 43D0F98E1D56CCDDB0D5254CFF7B356E ] luafv C:\Windows\system32\drivers\luafv.sys
03:14:36.0082 5600 luafv - ok
03:14:36.0137 5600 [ A4E2AA91FB8AE15ACB97F3AF66834F1B ] maconfservice C:\Program Files\ma-config.com\x64\maconfservice.exe
03:14:36.0147 5600 maconfservice - ok
03:14:36.0192 5600 [ 922CBAC7B992B9614CAB7122F4BF9406 ] ManyCam C:\Windows\system32\DRIVERS\mcvidrv_x64.sys
03:14:36.0193 5600 ManyCam - ok
03:14:36.0225 5600 [ B9FC4CCE5758B816F27DD4D1EED11841 ] MBAMProtector C:\Windows\system32\drivers\mbam.sys
03:14:36.0226 5600 MBAMProtector - ok
03:14:36.0259 5600 [ 0DCF16B1449811EFA47AB52CAC84093C ] MBAMScheduler C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe
03:14:36.0264 5600 MBAMScheduler - ok
03:14:36.0310 5600 [ 9EAABA4D601004BEA4DAA6E146E19A96 ] MBAMService C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
03:14:36.0318 5600 MBAMService - ok
03:14:36.0335 5600 [ 34A42DD7CF525D0D2C5232916496E4B8 ] mcaudrv_simple C:\Windows\system32\drivers\mcaudrv_x64.sys
03:14:36.0337 5600 mcaudrv_simple - ok
03:14:36.0356 5600 [ 0BE09CD858ABF9DF6ED259D57A1A1663 ] Mcx2Svc C:\Windows\system32\Mcx2Svc.dll
03:14:36.0358 5600 Mcx2Svc - ok
03:14:36.0361 5600 [ A55805F747C6EDB6A9080D7C633BD0F4 ] megasas C:\Windows\system32\drivers\megasas.sys
03:14:36.0362 5600 megasas - ok
03:14:36.0382 5600 [ BAF74CE0072480C3B6B7C13B2A94D6B3 ] MegaSR C:\Windows\system32\drivers\MegaSR.sys
03:14:36.0386 5600 MegaSR - ok
03:14:36.0409 5600 [ 772A1DEEDFDBC244183B5C805D1B7D85 ] MEIx64 C:\Windows\system32\DRIVERS\HECIx64.sys
03:14:36.0413 5600 MEIx64 - ok
03:14:36.0450 5600 Microsoft SharePoint Workspace Audit Service - ok
03:14:36.0476 5600 [ E40E80D0304A73E8D269F7141D77250B ] MMCSS C:\Windows\system32\mmcss.dll
03:14:36.0480 5600 MMCSS - ok
03:14:36.0495 5600 [ 800BA92F7010378B09F9ED9270F07137 ] Modem C:\Windows\system32\drivers\modem.sys
03:14:36.0496 5600 Modem - ok
03:14:36.0516 5600 [ B03D591DC7DA45ECE20B3B467E6AADAA ] monitor C:\Windows\system32\DRIVERS\monitor.sys
03:14:36.0518 5600 monitor - ok
03:14:36.0550 5600 [ 7D27EA49F3C1F687D357E77A470AEA99 ] mouclass C:\Windows\system32\DRIVERS\mouclass.sys
03:14:36.0552 5600 mouclass - ok
03:14:36.0573 5600 [ D3BF052C40B0C4166D9FD86A4288C1E6 ] mouhid C:\Windows\system32\DRIVERS\mouhid.sys
03:14:36.0574 5600 mouhid - ok
03:14:36.0608 5600 [ 32E7A3D591D671A6DF2DB515A5CBE0FA ] mountmgr C:\Windows\system32\drivers\mountmgr.sys
03:14:36.0611 5600 mountmgr - ok
03:14:36.0653 5600 [ 46297FA8E30A6007F14118FC2B942FBC ] MozillaMaintenance C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
03:14:36.0657 5600 MozillaMaintenance - ok
03:14:36.0677 5600 [ A44B420D30BD56E145D6A2BC8768EC58 ] mpio C:\Windows\system32\drivers\mpio.sys
03:14:36.0682 5600 mpio - ok
03:14:36.0694 5600 [ 6C38C9E45AE0EA2FA5E551F2ED5E978F ] mpsdrv C:\Windows\system32\drivers\mpsdrv.sys
03:14:36.0696 5600 mpsdrv - ok
03:14:36.0714 5600 [ 54FFC9C8898113ACE189D4AA7199D2C1 ] MpsSvc C:\Windows\system32\mpssvc.dll
03:14:36.0741 5600 MpsSvc - ok
03:14:36.0756 5600 [ DC722758B8261E1ABAFD31A3C0A66380 ] MRxDAV C:\Windows\system32\drivers\mrxdav.sys
03:14:36.0758 5600 MRxDAV - ok
03:14:36.0777 5600 [ A5D9106A73DC88564C825D317CAC68AC ] mrxsmb C:\Windows\system32\DRIVERS\mrxsmb.sys
03:14:36.0780 5600 mrxsmb - ok
03:14:36.0799 5600 [ D711B3C1D5F42C0C2415687BE09FC163 ] mrxsmb10 C:\Windows\system32\DRIVERS\mrxsmb10.sys
03:14:36.0805 5600 mrxsmb10 - ok
03:14:36.0817 5600 [ 9423E9D355C8D303E76B8CFBD8A5C30C ] mrxsmb20 C:\Windows\system32\DRIVERS\mrxsmb20.sys
03:14:36.0818 5600 mrxsmb20 - ok
03:14:36.0827 5600 [ C25F0BAFA182CBCA2DD3C851C2E75796 ] msahci C:\Windows\system32\drivers\msahci.sys
03:14:36.0828 5600 msahci - ok
03:14:36.0839 5600 [ DB801A638D011B9633829EB6F663C900 ] msdsm C:\Windows\system32\drivers\msdsm.sys
03:14:36.0841 5600 msdsm - ok
03:14:36.0858 5600 [ DE0ECE52236CFA3ED2DBFC03F28253A8 ] MSDTC C:\Windows\System32\msdtc.exe
03:14:36.0861 5600 MSDTC - ok
03:14:36.0866 5600 [ AA3FB40E17CE1388FA1BEDAB50EA8F96 ] Msfs C:\Windows\system32\drivers\Msfs.sys
03:14:36.0867 5600 Msfs - ok
03:14:36.0883 5600 [ F9D215A46A8B9753F61767FA72A20326 ] mshidkmdf C:\Windows\System32\drivers\mshidkmdf.sys
03:14:36.0884 5600 mshidkmdf - ok
03:14:36.0887 5600 [ D916874BBD4F8B07BFB7FA9B3CCAE29D ] msisadrv C:\Windows\system32\drivers\msisadrv.sys
03:14:36.0888 5600 msisadrv - ok
03:14:36.0902 5600 [ 808E98FF49B155C522E6400953177B08 ] MSiSCSI C:\Windows\system32\iscsiexe.dll
03:14:36.0905 5600 MSiSCSI - ok
03:14:36.0907 5600 msiserver - ok
03:14:36.0924 5600 [ 49CCF2C4FEA34FFAD8B1B59D49439366 ] MSKSSRV C:\Windows\system32\drivers\MSKSSRV.sys
03:14:36.0925 5600 MSKSSRV - ok
03:14:36.0932 5600 [ BDD71ACE35A232104DDD349EE70E1AB3 ] MSPCLOCK C:\Windows\system32\drivers\MSPCLOCK.sys
03:14:36.0933 5600 MSPCLOCK - ok
03:14:36.0942 5600 [ 4ED981241DB27C3383D72092B618A1D0 ] MSPQM C:\Windows\system32\drivers\MSPQM.sys
03:14:36.0943 5600 MSPQM - ok
03:14:36.0962 5600 [ 759A9EEB0FA9ED79DA1FB7D4EF78866D ] MsRPC C:\Windows\system32\drivers\MsRPC.sys
03:14:36.0965 5600 MsRPC - ok
03:14:36.0977 5600 [ 0EED230E37515A0EAEE3C2E1BC97B288 ] mssmbios C:\Windows\system32\DRIVERS\mssmbios.sys
03:14:36.0979 5600 mssmbios - ok
03:14:36.0993 5600 [ 2E66F9ECB30B4221A318C92AC2250779 ] MSTEE C:\Windows\system32\drivers\MSTEE.sys
03:14:36.0994 5600 MSTEE - ok
03:14:37.0006 5600 [ 7EA404308934E675BFFDE8EDF0757BCD ] MTConfig C:\Windows\system32\drivers\MTConfig.sys
03:14:37.0007 5600 MTConfig - ok
03:14:37.0010 5600 [ F9A18612FD3526FE473C1BDA678D61C8 ] Mup C:\Windows\system32\Drivers\mup.sys
03:14:37.0011 5600 Mup - ok
03:14:37.0054 5600 [ 7E11D1788F5B531D49EF0AF97202437B ] MyWiFiDHCPDNS C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe
03:14:37.0058 5600 MyWiFiDHCPDNS - ok
03:14:37.0089 5600 [ 582AC6D9873E31DFA28A4547270862DD ] napagent C:\Windows\system32\qagentRT.dll
03:14:37.0095 5600 napagent - ok
03:14:37.0124 5600 [ 1EA3749C4114DB3E3161156FFFFA6B33 ] NativeWifiP C:\Windows\system32\DRIVERS\nwifi.sys
03:14:37.0128 5600 NativeWifiP - ok
03:14:37.0162 5600 [ 760E38053BF56E501D562B70AD796B88 ] NDIS C:\Windows\system32\drivers\ndis.sys
03:14:37.0193 5600 NDIS - ok
03:14:37.0210 5600 [ 9F9A1F53AAD7DA4D6FEF5BB73AB811AC ] NdisCap C:\Windows\system32\DRIVERS\ndiscap.sys
03:14:37.0213 5600 NdisCap - ok
03:14:37.0241 5600 [ 30639C932D9FEF22B31268FE25A1B6E5 ] NdisTapi C:\Windows\system32\DRIVERS\ndistapi.sys
03:14:37.0243 5600 NdisTapi - ok
03:14:37.0251 5600 [ 136185F9FB2CC61E573E676AA5402356 ] Ndisuio C:\Windows\system32\DRIVERS\ndisuio.sys
03:14:37.0254 5600 Ndisuio - ok
03:14:37.0266 5600 [ 53F7305169863F0A2BDDC49E116C2E11 ] NdisWan C:\Windows\system32\DRIVERS\ndiswan.sys
03:14:37.0268 5600 NdisWan - ok
03:14:37.0291 5600 [ 015C0D8E0E0421B4CFD48CFFE2825879 ] NDProxy C:\Windows\system32\drivers\NDProxy.sys
03:14:37.0292 5600 NDProxy - ok
03:14:37.0321 5600 [ 2334DC48997BA203B794DF3EE70521DB ] Net Driver HPZ12 C:\Windows\system32\HPZinw12.dll
03:14:37.0324 5600 Net Driver HPZ12 - ok
03:14:37.0335 5600 [ 86743D9F5D2B1048062B14B1D84501C4 ] NetBIOS C:\Windows\system32\DRIVERS\netbios.sys
03:14:37.0337 5600 NetBIOS - ok
03:14:37.0354 5600 [ 09594D1089C523423B32A4229263F068 ] NetBT C:\Windows\system32\DRIVERS\netbt.sys
03:14:37.0359 5600 NetBT - ok
03:14:37.0377 5600 [ C118A82CD78818C29AB228366EBF81C3 ] Netlogon C:\Windows\system32\lsass.exe
03:14:37.0379 5600 Netlogon - ok
03:14:37.0423 5600 [ 847D3AE376C0817161A14A82C8922A9E ] Netman C:\Windows\System32\netman.dll
03:14:37.0432 5600 Netman - ok
03:14:37.0484 5600 [ D22CD77D4F0D63D1169BB35911BFF12D ] NetMsmqActivator C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
03:14:37.0488 5600 NetMsmqActivator - ok
03:14:37.0493 5600 [ D22CD77D4F0D63D1169BB35911BFF12D ] NetPipeActivator C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
03:14:37.0495 5600 NetPipeActivator - ok
03:14:37.0520 5600 [ 5F28111C648F1E24F7DBC87CDEB091B8 ] netprofm C:\Windows\System32\netprofm.dll
03:14:37.0544 5600 netprofm - ok
03:14:37.0549 5600 [ D22CD77D4F0D63D1169BB35911BFF12D ] NetTcpActivator C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
03:14:37.0550 5600 NetTcpActivator - ok
03:14:37.0554 5600 [ D22CD77D4F0D63D1169BB35911BFF12D ] NetTcpPortSharing C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
03:14:37.0555 5600 NetTcpPortSharing - ok
03:14:37.0784 5600 [ 219A40EEEA50D638BA9D08680C354A0C ] NETwNs64 C:\Windows\system32\DRIVERS\Netwsw00.sys
03:14:37.0986 5600 NETwNs64 - ok
03:14:38.0007 5600 [ 77889813BE4D166CDAB78DDBA990DA92 ] nfrd960 C:\Windows\system32\drivers\nfrd960.sys
03:14:38.0009 5600 nfrd960 - ok
03:14:38.0014 5600 [ 1EE99A89CC788ADA662441D1E9830529 ] NlaSvc C:\Windows\System32\nlasvc.dll
03:14:38.0018 5600 NlaSvc - ok
03:14:38.0021 5600 [ 1E4C4AB5C9B8DD13179BBDC75A2A01F7 ] Npfs C:\Windows\system32\drivers\Npfs.sys
03:14:38.0022 5600 Npfs - ok
03:14:38.0025 5600 [ D54BFDF3E0C953F823B3D0BFE4732528 ] nsi C:\Windows\system32\nsisvc.dll
03:14:38.0026 5600 nsi - ok
03:14:38.0033 5600 [ E7F5AE18AF4168178A642A9247C63001 ] nsiproxy C:\Windows\system32\drivers\nsiproxy.sys
03:14:38.0033 5600 nsiproxy - ok
03:14:38.0075 5600 [ A2F74975097F52A00745F9637451FDD8 ] Ntfs C:\Windows\system32\drivers\Ntfs.sys
03:14:38.0109 5600 Ntfs - ok
03:14:38.0117 5600 [ 9899284589F75FA8724FF3D16AED75C1 ] Null C:\Windows\system32\drivers\Null.sys
03:14:38.0118 5600 Null - ok
03:14:38.0144 5600 [ 5F1FF880ADACF7E0FF7C27BA188B05DA ] NVHDA C:\Windows\system32\drivers\nvhda64v.sys
03:14:38.0147 5600 NVHDA - ok
03:14:38.0198 5600 [ 566F0CFD371304F17000B67DD585E34A ] nvkflt C:\Windows\system32\DRIVERS\nvkflt.sys
03:14:38.0202 5600 nvkflt - ok
03:14:38.0460 5600 [ BF7A24A71E1932200D864BC1CE15E596 ] nvlddmkm C:\Windows\system32\DRIVERS\nvlddmkm.sys
03:14:38.0706 5600 nvlddmkm - ok
03:14:38.0723 5600 [ 1891184D09E8C16042E57D5373E4268E ] nvpciflt C:\Windows\system32\DRIVERS\nvpciflt.sys
03:14:38.0725 5600 nvpciflt - ok
03:14:38.0754 5600 [ 0A92CB65770442ED0DC44834632F66AD ] nvraid C:\Windows\system32\drivers\nvraid.sys
03:14:38.0757 5600 nvraid - ok
03:14:38.0777 5600 [ DAB0E87525C10052BF65F06152F37E4A ] nvstor C:\Windows\system32\drivers\nvstor.sys
03:14:38.0780 5600 nvstor - ok
03:14:38.0890 5600 [ 43F91595049DE14C4B61D1E76436164F ] nvsvc C:\Windows\system32\nvvsvc.exe
03:14:38.0977 5600 nvsvc - ok
03:14:39.0055 5600 [ 322B69422836F97B76F4AA59B47507BA ] nvUpdatusService C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
03:14:39.0091 5600 nvUpdatusService - ok
03:14:39.0104 5600 [ 270D7CD42D6E3979F6DD0146650F0E05 ] nv_agp C:\Windows\system32\drivers\nv_agp.sys
03:14:39.0107 5600 nv_agp - ok
03:14:39.0158 5600 [ 4E37455DB16AEC75862B1D0BC35B589E ] O2FLASH C:\Windows\system32\DRIVERS\o2flash.exe
03:14:39.0161 5600 O2FLASH - ok
03:14:39.0182 5600 [ 8ED738ABA394BBF6D7802698BE453112 ] O2MDRRDR C:\Windows\system32\DRIVERS\O2MDRw7x64.sys
03:14:39.0185 5600 O2MDRRDR - ok
03:14:39.0316 5600 [ 4635935FC972C582632BF45C26BFCB0E ] O2SDIOAssist C:\Windows\SysWOW64\srvany.exe
03:14:39.0319 5600 O2SDIOAssist - ok
03:14:39.0354 5600 [ A9C1E6B7C134FAD124338B7944FA996D ] O2SDJRDR C:\Windows\system32\DRIVERS\o2sdjw7x64.sys
03:14:39.0358 5600 O2SDJRDR - ok
03:14:39.0387 5600 [ 3589478E4B22CE21B41FA1BFC0B8B8A0 ] ohci1394 C:\Windows\system32\drivers\ohci1394.sys
03:14:39.0390 5600 ohci1394 - ok
03:14:39.0515 5600 [ 17B5D3C6E063729BFA725CAF78BC4710 ] OODefragAgent C:\Program Files\OO Software\Defrag\oodag.exe
03:14:39.0604 5600 OODefragAgent - ok
03:14:39.0651 5600 [ 9D10F99A6712E28F8ACD5641E3A7EA6B ] ose C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE
03:14:39.0655 5600 ose - ok
03:14:39.0776 5600 [ 61BFFB5F57AD12F83AB64B7181829B34 ] osppsvc C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
03:14:39.0882 5600 osppsvc - ok
03:14:39.0908 5600 [ 3EAC4455472CC2C97107B5291E0DCAFE ] p2pimsvc C:\Windows\system32\pnrpsvc.dll
03:14:39.0912 5600 p2pimsvc - ok
03:14:39.0930 5600 [ 927463ECB02179F88E4B9A17568C63C3 ] p2psvc C:\Windows\system32\p2psvc.dll
03:14:39.0946 5600 p2psvc - ok
03:14:39.0961 5600 [ 0086431C29C35BE1DBC43F52CC273887 ] Parport C:\Windows\system32\DRIVERS\parport.sys
03:14:39.0963 5600 Parport - ok
03:14:39.0985 5600 [ E9766131EEADE40A27DC27D2D68FBA9C ] partmgr C:\Windows\system32\drivers\partmgr.sys
03:14:39.0985 5600 partmgr - ok
03:14:39.0990 5600 [ 3AEAA8B561E63452C655DC0584922257 ] PcaSvc C:\Windows\System32\pcasvc.dll
03:14:39.0993 5600 PcaSvc - ok
03:14:39.0998 5600 [ 94575C0571D1462A0F70BDE6BD6EE6B3 ] pci C:\Windows\system32\drivers\pci.sys
03:14:40.0001 5600 pci - ok
03:14:40.0015 5600 [ B5B8B5EF2E5CB34DF8DCF8831E3534FA ] pciide C:\Windows\system32\drivers\pciide.sys
03:14:40.0017 5600 pciide - ok
03:14:40.0032 5600 [ B2E81D4E87CE48589F98CB8C05B01F2F ] pcmcia C:\Windows\system32\drivers\pcmcia.sys
03:14:40.0035 5600 pcmcia - ok
03:14:40.0038 5600 [ D6B9C2E1A11A3A4B26A182FFEF18F603 ] pcw C:\Windows\system32\drivers\pcw.sys
03:14:40.0039 5600 pcw - ok
03:14:40.0062 5600 [ 68769C3356B3BE5D1C732C97B9A80D6E ] PEAUTH C:\Windows\system32\drivers\peauth.sys
03:14:40.0065 5600 PEAUTH - ok
03:14:40.0104 5600 [ B9B0A4299DD2D76A4243F75FD54DC680 ] PeerDistSvc C:\Windows\system32\peerdistsvc.dll
03:14:40.0119 5600 PeerDistSvc - ok
03:14:40.0131 5600 [ E495E408C93141E8FC72DC0C6046DDFA ] PerfHost C:\Windows\SysWow64\perfhost.exe
03:14:40.0132 5600 PerfHost - ok
03:14:40.0169 5600 [ C7CF6A6E137463219E1259E3F0F0DD6C ] pla C:\Windows\system32\pla.dll
03:14:40.0201 5600 pla - ok
03:14:40.0229 5600 [ 25FBDEF06C4D92815B353F6E792C8129 ] PlugPlay C:\Windows\system32\umpnpmgr.dll
03:14:40.0236 5600 PlugPlay - ok
03:14:40.0247 5600 [ AC78DF349F0E4CFB8B667C0CFFF83CCE ] Pml Driver HPZ12 C:\Windows\system32\HPZipm12.dll
03:14:40.0249 5600 Pml Driver HPZ12 - ok
03:14:40.0252 5600 [ 7195581CEC9BB7D12ABE54036ACC2E38 ] PNRPAutoReg C:\Windows\system32\pnrpauto.dll
03:14:40.0253 5600 PNRPAutoReg - ok
03:14:40.0279 5600 [ 3EAC4455472CC2C97107B5291E0DCAFE ] PNRPsvc C:\Windows\system32\pnrpsvc.dll
03:14:40.0281 5600 PNRPsvc - ok
03:14:40.0307 5600 [ 4F15D75ADF6156BF56ECED6D4A55C389 ] PolicyAgent C:\Windows\System32\ipsecsvc.dll
03:14:40.0313 5600 PolicyAgent - ok
03:14:40.0331 5600 [ 6BA9D927DDED70BD1A9CADED45F8B184 ] Power C:\Windows\system32\umpo.dll
03:14:40.0334 5600 Power - ok
03:14:40.0371 5600 [ F92A2C41117A11A00BE01CA01A7FCDE9 ] PptpMiniport C:\Windows\system32\DRIVERS\raspptp.sys
03:14:40.0371 5600 PptpMiniport - ok
03:14:40.0387 5600 [ 0D922E23C041EFB1C3FAC2A6F943C9BF ] Processor C:\Windows\system32\drivers\processr.sys
03:14:40.0391 5600 Processor - ok
03:14:40.0417 5600 [ 53E83F1F6CF9D62F32801CF66D8352A8 ] ProfSvc C:\Windows\system32\profsvc.dll
03:14:40.0424 5600 ProfSvc - ok
03:14:40.0438 5600 [ C118A82CD78818C29AB228366EBF81C3 ] ProtectedStorage C:\Windows\system32\lsass.exe
03:14:40.0442 5600 ProtectedStorage - ok
03:14:40.0459 5600 [ 0557CF5A2556BD58E26384169D72438D ] Psched C:\Windows\system32\DRIVERS\pacer.sys
03:14:40.0461 5600 Psched - ok
03:14:40.0485 5600 [ D8589A43B352E7F2317194C98447149F ] pwdrvio C:\Windows\system32\pwdrvio.sys
03:14:40.0487 5600 pwdrvio - ok
03:14:40.0510 5600 [ 4B8FDA635F4D2E7D638B2B3817B5AFC8 ] pwdspio C:\Windows\system32\pwdspio.sys
03:14:40.0515 5600 pwdspio - ok
03:14:40.0557 5600 [ BC08F7F3C53CBEE68670ED1314E290FD ] PxHlpa64 C:\Windows\system32\Drivers\PxHlpa64.sys
03:14:40.0559 5600 PxHlpa64 - ok
03:14:40.0616 5600 [ A53A15A11EBFD21077463EE2C7AFEEF0 ] ql2300 C:\Windows\system32\drivers\ql2300.sys
03:14:40.0659 5600 ql2300 - ok
03:14:40.0668 5600 [ 4F6D12B51DE1AAEFF7DC58C4D75423C8 ] ql40xx C:\Windows\system32\drivers\ql40xx.sys
03:14:40.0672 5600 ql40xx - ok
03:14:40.0691 5600 [ 906191634E99AEA92C4816150BDA3732 ] QWAVE C:\Windows\system32\qwave.dll
03:14:40.0696 5600 QWAVE - ok
03:14:40.0701 5600 [ 76707BB36430888D9CE9D705398ADB6C ] QWAVEdrv C:\Windows\system32\drivers\qwavedrv.sys
03:14:40.0702 5600 QWAVEdrv - ok
03:14:40.0728 5600 [ 5A0DA8AD5762FA2D91678A8A01311704 ] RasAcd C:\Windows\system32\DRIVERS\rasacd.sys
03:14:40.0729 5600 RasAcd - ok
03:14:40.0771 5600 [ 7ECFF9B22276B73F43A99A15A6094E90 ] RasAgileVpn C:\Windows\system32\DRIVERS\AgileVpn.sys
03:14:40.0772 5600 RasAgileVpn - ok
03:14:40.0781 5600 [ 8F26510C5383B8DBE976DE1CD00FC8C7 ] RasAuto C:\Windows\System32\rasauto.dll
03:14:40.0785 5600 RasAuto - ok
03:14:40.0794 5600 [ 471815800AE33E6F1C32FB1B97C490CA ] Rasl2tp C:\Windows\system32\DRIVERS\rasl2tp.sys
03:14:40.0796 5600 Rasl2tp - ok
03:14:40.0806 5600 [ EE867A0870FC9E4972BA9EAAD35651E2 ] RasMan C:\Windows\System32\rasmans.dll
03:14:40.0811 5600 RasMan - ok
03:14:40.0816 5600 [ 855C9B1CD4756C5E9A2AA58A15F58C25 ] RasPppoe C:\Windows\system32\DRIVERS\raspppoe.sys
03:14:40.0817 5600 RasPppoe - ok
03:14:40.0821 5600 [ E8B1E447B008D07FF47D016C2B0EEECB ] RasSstp C:\Windows\system32\DRIVERS\rassstp.sys
03:14:40.0822 5600 RasSstp - ok
03:14:40.0838 5600 [ 77F665941019A1594D887A74F301FA2F ] rdbss C:\Windows\system32\DRIVERS\rdbss.sys
03:14:40.0842 5600 rdbss - ok
03:14:40.0846 5600 [ 302DA2A0539F2CF54D7C6CC30C1F2D8D ] rdpbus C:\Windows\system32\DRIVERS\rdpbus.sys
03:14:40.0847 5600 rdpbus - ok
03:14:40.0853 5600 [ CEA6CC257FC9B7715F1C2B4849286D24 ] RDPCDD C:\Windows\system32\DRIVERS\RDPCDD.sys
03:14:40.0853 5600 RDPCDD - ok
03:14:40.0883 5600 [ 1B6163C503398B23FF8B939C67747683 ] RDPDR C:\Windows\system32\drivers\rdpdr.sys
03:14:40.0885 5600 RDPDR - ok
03:14:40.0898 5600 [ BB5971A4F00659529A5C44831AF22365 ] RDPENCDD C:\Windows\system32\drivers\rdpencdd.sys
03:14:40.0899 5600 RDPENCDD - ok
03:14:40.0903 5600 [ 216F3FA57533D98E1F74DED70113177A ] RDPREFMP C:\Windows\system32\drivers\rdprefmp.sys
03:14:40.0904 5600 RDPREFMP - ok
03:14:40.0936 5600 [ 70CBA1A0C98600A2AA1863479B35CB90 ] RdpVideoMiniport C:\Windows\system32\drivers\rdpvideominiport.sys
03:14:40.0937 5600 RdpVideoMiniport - ok
03:14:40.0954 5600 [ E61608AA35E98999AF9AAEEEA6114B0A ] RDPWD C:\Windows\system32\drivers\RDPWD.sys
03:14:40.0958 5600 RDPWD - ok
03:14:40.0973 5600 [ 34ED295FA0121C241BFEF24764FC4520 ] rdyboost C:\Windows\system32\drivers\rdyboost.sys
03:14:40.0976 5600 rdyboost - ok
03:14:41.0048 5600 [ F09087C51C6AE42AE7DABE1EB3E44C17 ] RegSrvc C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
03:14:41.0052 5600 RegSrvc - ok
03:14:41.0077 5600 [ 254FB7A22D74E5511C73A3F6D802F192 ] RemoteAccess C:\Windows\System32\mprdim.dll
03:14:41.0081 5600 RemoteAccess - ok
03:14:41.0104 5600 [ E4D94F24081440B5FC5AA556C7C62702 ] RemoteRegistry C:\Windows\system32\regsvc.dll
03:14:41.0111 5600 RemoteRegistry - ok
03:14:41.0156 5600 [ 3DD798846E2C28102B922C56E71B7932 ] RFCOMM C:\Windows\system32\DRIVERS\rfcomm.sys
03:14:41.0161 5600 RFCOMM - ok
03:14:41.0170 5600 [ E4DC58CF7B3EA515AE917FF0D402A7BB ] RpcEptMapper C:\Windows\System32\RpcEpMap.dll
03:14:41.0175 5600 RpcEptMapper - ok
03:14:41.0183 5600 [ D5BA242D4CF8E384DB90E6A8ED850B8C ] RpcLocator C:\Windows\system32\locator.exe
03:14:41.0186 5600 RpcLocator - ok
03:14:41.0223 5600 [ 5C627D1B1138676C0A7AB2C2C190D123 ] RpcSs C:\Windows\system32\rpcss.dll
03:14:41.0230 5600 RpcSs - ok
03:14:41.0249 5600 [ DDC86E4F8E7456261E637E3552E804FF ] rspndr C:\Windows\system32\DRIVERS\rspndr.sys
03:14:41.0252 5600 rspndr - ok
03:14:41.0275 5600 [ E60C0A09F997826C7627B244195AB581 ] s3cap C:\Windows\system32\drivers\vms3cap.sys
03:14:41.0277 5600 s3cap - ok
03:14:41.0288 5600 [ C118A82CD78818C29AB228366EBF81C3 ] SamSs C:\Windows\system32\lsass.exe
03:14:41.0290 5600 SamSs - ok
03:14:41.0316 5600 [ 3289766038DB2CB14D07DC84392138D5 ] SASDIFSV C:\Program Files\SUPERAntiSpyware\SASDIFSV64.SYS
03:14:41.0318 5600 SASDIFSV - ok
03:14:41.0403 5600 [ 58A38E75F3316A83C23DF6173D41F2B5 ] SASKUTIL C:\Program Files\SUPERAntiSpyware\SASKUTIL64.SYS
03:14:41.0405 5600 SASKUTIL - ok
03:14:41.0423 5600 [ AC03AF3329579FFFB455AA2DAABBE22B ] sbp2port C:\Windows\system32\drivers\sbp2port.sys
03:14:41.0428 5600 sbp2port - ok
03:14:41.0438 5600 [ 9B7395789E3791A3B6D000FE6F8B131E ] SCardSvr C:\Windows\System32\SCardSvr.dll
03:14:41.0443 5600 SCardSvr - ok
03:14:41.0465 5600 [ 8356DD6C4F1744701B94FE85743A6A78 ] SCDEmu C:\Windows\system32\drivers\SCDEmu.sys
03:14:41.0468 5600 SCDEmu - ok
03:14:41.0474 5600 [ 253F38D0D7074C02FF8DEB9836C97D2B ] scfilter C:\Windows\system32\DRIVERS\scfilter.sys
03:14:41.0476 5600 scfilter - ok
03:14:41.0499 5600 [ 262F6592C3299C005FD6BEC90FC4463A ] Schedule C:\Windows\system32\schedsvc.dll
03:14:41.0525 5600 Schedule - ok
03:14:41.0545 5600 [ F17D1D393BBC69C5322FBFAFACA28C7F ] SCPolicySvc C:\Windows\System32\certprop.dll
03:14:41.0546 5600 SCPolicySvc - ok
03:14:41.0566 5600 [ 111E0EBC0AD79CB0FA014B907B231CF0 ] sdbus C:\Windows\system32\DRIVERS\sdbus.sys
03:14:41.0568 5600 sdbus - ok
03:14:41.0573 5600 [ 6EA4234DC55346E0709560FE7C2C1972 ] SDRSVC C:\Windows\System32\SDRSVC.dll
03:14:41.0576 5600 SDRSVC - ok
03:14:41.0602 5600 [ 3EA8A16169C26AFBEB544E0E48421186 ] secdrv C:\Windows\system32\drivers\secdrv.sys
03:14:41.0603 5600 secdrv - ok
03:14:41.0606 5600 [ BC617A4E1B4FA8DF523A061739A0BD87 ] seclogon C:\Windows\system32\seclogon.dll
03:14:41.0608 5600 seclogon - ok
03:14:41.0611 5600 [ C32AB8FA018EF34C0F113BD501436D21 ] SENS C:\Windows\System32\sens.dll
03:14:41.0612 5600 SENS - ok
03:14:41.0615 5600 [ 0336CFFAFAAB87A11541F1CF1594B2B2 ] SensrSvc C:\Windows\system32\sensrsvc.dll
03:14:41.0617 5600 SensrSvc - ok
03:14:41.0631 5600 [ CB624C0035412AF0DEBEC78C41F5CA1B ] Serenum C:\Windows\system32\DRIVERS\serenum.sys
03:14:41.0633 5600 Serenum - ok
03:14:41.0650 5600 [ C1D8E28B2C2ADFAEC4BA89E9FDA69BD6 ] Serial C:\Windows\system32\DRIVERS\serial.sys
03:14:41.0652 5600 Serial - ok
03:14:41.0676 5600 [ 1C545A7D0691CC4A027396535691C3E3 ] sermouse C:\Windows\system32\drivers\sermouse.sys
03:14:41.0678 5600 sermouse - ok
03:14:41.0685 5600 [ 0B6231BF38174A1628C4AC812CC75804 ] SessionEnv C:\Windows\system32\sessenv.dll
03:14:41.0687 5600 SessionEnv - ok
03:14:41.0690 5600 [ A554811BCD09279536440C964AE35BBF ] sffdisk C:\Windows\system32\drivers\sffdisk.sys
03:14:41.0691 5600 sffdisk - ok
03:14:41.0693 5600 [ FF414F0BAEFEBA59BC6C04B3DB0B87BF ] sffp_mmc C:\Windows\system32\drivers\sffp_mmc.sys
03:14:41.0694 5600 sffp_mmc - ok
03:14:41.0702 5600 [ DD85B78243A19B59F0637DCF284DA63C ] sffp_sd C:\Windows\system32\drivers\sffp_sd.sys
03:14:41.0704 5600 sffp_sd - ok
03:14:41.0712 5600 [ A9D601643A1647211A1EE2EC4E433FF4 ] sfloppy C:\Windows\system32\drivers\sfloppy.sys
03:14:41.0713 5600 sfloppy - ok
03:14:41.0737 5600 [ B95F6501A2F8B2E78C697FEC401970CE ] SharedAccess C:\Windows\System32\ipnathlp.dll
03:14:41.0742 5600 SharedAccess - ok
03:14:41.0756 5600 [ AAF932B4011D14052955D4B212A4DA8D ] ShellHWDetection C:\Windows\System32\shsvcs.dll
03:14:41.0781 5600 ShellHWDetection - ok
03:14:41.0805 5600 [ 843CAF1E5FDE1FFD5FF768F23A51E2E1 ] SiSRaid2 C:\Windows\system32\drivers\SiSRaid2.sys
03:14:41.0808 5600 SiSRaid2 - ok
03:14:41.0816 5600 [ 6A6C106D42E9FFFF8B9FCB4F754F6DA4 ] SiSRaid4 C:\Windows\system32\drivers\sisraid4.sys
03:14:41.0819 5600 SiSRaid4 - ok
03:14:41.0947 5600 [ 753D254205E0A62100A050BD8B458D06 ] Skype C2C Service C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe
03:14:42.0015 5600 Skype C2C Service - ok
03:14:42.0040 5600 [ F07AF60B152221472FBDB2FECEC4896D ] SkypeUpdate C:\Program Files (x86)\Skype\Updater\Updater.exe
03:14:42.0043 5600 SkypeUpdate - ok
03:14:42.0063 5600 [ 548260A7B8654E024DC30BF8A7C5BAA4 ] Smb C:\Windows\system32\DRIVERS\smb.sys
03:14:42.0065 5600 Smb - ok
03:14:42.0085 5600 [ 6313F223E817CC09AA41811DAA7F541D ] SNMPTRAP C:\Windows\System32\snmptrap.exe
03:14:42.0088 5600 SNMPTRAP - ok
03:14:42.0102 5600 [ B9E31E5CACDFE584F34F730A677803F9 ] spldr C:\Windows\system32\drivers\spldr.sys
03:14:42.0104 5600 spldr - ok
03:14:42.0138 5600 [ 85DAA09A98C9286D4EA2BA8D0E644377 ] Spooler C:\Windows\System32\spoolsv.exe
03:14:42.0153 5600 Spooler - ok
03:14:42.0215 5600 [ E17E0188BB90FAE42D83E98707EFA59C ] sppsvc C:\Windows\system32\sppsvc.exe
03:14:42.0280 5600 sppsvc - ok
03:14:42.0284 5600 [ 93D7D61317F3D4BC4F4E9F8A96A7DE45 ] sppuinotify C:\Windows\system32\sppuinotify.dll
03:14:42.0286 5600 sppuinotify - ok
03:14:42.0306 5600 [ 441FBA48BFF01FDB9D5969EBC1838F0B ] srv C:\Windows\system32\DRIVERS\srv.sys
03:14:42.0311 5600 srv - ok
03:14:42.0329 5600 [ B4ADEBBF5E3677CCE9651E0F01F7CC28 ] srv2 C:\Windows\system32\DRIVERS\srv2.sys
03:14:42.0357 5600 srv2 - ok
03:14:42.0374 5600 [ 27E461F0BE5BFF5FC737328F749538C3 ] srvnet C:\Windows\system32\DRIVERS\srvnet.sys
03:14:42.0379 5600 srvnet - ok
03:14:42.0414 5600 [ 8F8324ED1DE63FFC7B1A02CD2D963C72 ] ssadbus C:\Windows\system32\DRIVERS\ssadbus.sys
03:14:42.0419 5600 ssadbus - ok
03:14:42.0433 5600 [ 58221EFCB74167B73667F0024C661CE0 ] ssadmdfl C:\Windows\system32\DRIVERS\ssadmdfl.sys
03:14:42.0435 5600 ssadmdfl - ok
03:14:42.0456 5600 [ 4DA7C71BFAC5AD71255B7E4CAB980163 ] ssadmdm C:\Windows\system32\DRIVERS\ssadmdm.sys
03:14:42.0461 5600 ssadmdm - ok
03:14:42.0493 5600 [ D33D1BD3EC0E766211A234F56A12726D ] ssadserd C:\Windows\system32\DRIVERS\ssadserd.sys
03:14:42.0497 5600 ssadserd - ok
03:14:42.0528 5600 [ ED161B91FDF7EAA39469D72D463D5F4E ] sscdbus C:\Windows\system32\DRIVERS\sscdbus.sys
03:14:42.0533 5600 sscdbus - ok
03:14:42.0548 5600 [ 4CB09E77593DBD8D7AF33B37375CA715 ] sscdmdfl C:\Windows\system32\DRIVERS\sscdmdfl.sys
03:14:42.0551 5600 sscdmdfl - ok
03:14:42.0569 5600 [ C7B4CF53497A6E5363F3439427663882 ] sscdmdm C:\Windows\system32\DRIVERS\sscdmdm.sys
03:14:42.0574 5600 sscdmdm - ok
03:14:42.0603 5600 [ 51B52FBD583CDE8AA9BA62B8B4298F33 ] SSDPSRV C:\Windows\System32\ssdpsrv.dll
03:14:42.0608 5600 SSDPSRV - ok
03:14:42.0618 5600 [ AB7AEBF58DAD8DAAB7A6C45E6A8885CB ] SstpSvc C:\Windows\system32\sstpsvc.dll
03:14:42.0622 5600 SstpSvc - ok
03:14:42.0658 5600 [ 855335BF5792E56164F98C012E3D92DD ] ssudmdm C:\Windows\system32\DRIVERS\ssudmdm.sys
03:14:42.0663 5600 ssudmdm - ok
03:14:42.0718 5600 [ B2D8B364A831427A5741F6C408FA8AE3 ] STacSV C:\Program Files\IDT\WDM\STacSV64.exe
03:14:42.0724 5600 STacSV - ok
03:14:42.0807 5600 [ A766CCAD980235FF34E7F8089D3175A3 ] Stereo Service C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
03:14:42.0815 5600 Stereo Service - ok
03:14:42.0845 5600 [ F3817967ED533D08327DC73BC4D5542A ] stexstor C:\Windows\system32\drivers\stexstor.sys
03:14:42.0846 5600 stexstor - ok
03:14:42.0875 5600 [ EF5ACDE92BA3F691BBFEF781CB063501 ] STHDA C:\Windows\system32\DRIVERS\stwrt64.sys
03:14:42.0883 5600 STHDA - ok
03:14:42.0911 5600 [ DECACB6921DED1A38642642685D77DAC ] StillCam C:\Windows\system32\DRIVERS\serscan.sys
03:14:42.0912 5600 StillCam - ok
03:14:42.0960 5600 [ 8DD52E8E6128F4B2DA92CE27402871C1 ] stisvc C:\Windows\System32\wiaservc.dll
03:14:42.0968 5600 stisvc - ok
03:14:42.0988 5600 [ 7785DC213270D2FC066538DAF94087E7 ] storflt C:\Windows\system32\drivers\vmstorfl.sys
03:14:42.0990 5600 storflt - ok
03:14:43.0003 5600 [ D34E4943D5AC096C8EDEEBFD80D76E23 ] storvsc C:\Windows\system32\drivers\storvsc.sys
03:14:43.0005 5600 storvsc - ok
03:14:43.0020 5600 [ D01EC09B6711A5F8E7E6564A4D0FBC90 ] swenum C:\Windows\system32\DRIVERS\swenum.sys
03:14:43.0022 5600 swenum - ok
03:14:43.0087 5600 [ F577910A133A592234EBAAD3F3AFA258 ] SwitchBoard C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
03:14:43.0113 5600 SwitchBoard - ok
03:14:43.0136 5600 [ E08E46FDD841B7184194011CA1955A0B ] swprv C:\Windows\System32\swprv.dll
03:14:43.0145 5600 swprv - ok
03:14:43.0157 5600 [ C3A39C4079305480972D29C44B868C78 ] Synth3dVsc C:\Windows\system32\drivers\synth3dvsc.sys
03:14:43.0159 5600 Synth3dVsc - ok
03:14:43.0203 5600 [ BF9CCC0BF39B418C8D0AE8B05CF95B7D ] SysMain C:\Windows\system32\sysmain.dll
03:14:43.0266 5600 SysMain - ok
03:14:43.0276 5600 [ E3C61FD7B7C2557E1F1B0B4CEC713585 ] TabletInputService C:\Windows\System32\TabSvc.dll
03:14:43.0281 5600 TabletInputService - ok
03:14:43.0293 5600 [ 40F0849F65D13EE87B9A9AE3C1DD6823 ] TapiSrv C:\Windows\System32\tapisrv.dll
03:14:43.0301 5600 TapiSrv - ok
03:14:43.0307 5600 [ 1BE03AC720F4D302EA01D40F588162F6 ] TBS C:\Windows\System32\tbssvc.dll
03:14:43.0311 5600 TBS - ok
03:14:43.0386 5600 [ F782CAD3CEDBB3F9FFE3BF2775D92DDC ] Tcpip C:\Windows\system32\drivers\tcpip.sys
03:14:43.0429 5600 Tcpip - ok
03:14:43.0480 5600 [ F782CAD3CEDBB3F9FFE3BF2775D92DDC ] TCPIP6 C:\Windows\system32\DRIVERS\tcpip.sys
03:14:43.0492 5600 TCPIP6 - ok
03:14:43.0508 5600 [ DF687E3D8836BFB04FCC0615BF15A519 ] tcpipreg C:\Windows\system32\drivers\tcpipreg.sys
03:14:43.0509 5600 tcpipreg - ok
03:14:43.0522 5600 [ 3371D21011695B16333A3934340C4E7C ] TDPIPE C:\Windows\system32\drivers\tdpipe.sys
03:14:43.0524 5600 TDPIPE - ok
03:14:43.0550 5600 [ 51C5ECEB1CDEE2468A1748BE550CFBC8 ] TDTCP C:\Windows\system32\drivers\tdtcp.sys
03:14:43.0552 5600 TDTCP - ok
03:14:43.0570 5600 [ DDAD5A7AB24D8B65F8D724F5C20FD806 ] tdx C:\Windows\system32\DRIVERS\tdx.sys
03:14:43.0571 5600 tdx - ok
03:14:43.0665 5600 [ 2BBB318EA9F34FDC508CEA4AAB98D770 ] TeamViewer7 C:\Program Files (x86)\TeamViewer\Version7\TeamViewer_Service.exe
03:14:43.0717 5600 TeamViewer7 - ok
03:14:43.0731 5600 [ 561E7E1F06895D78DE991E01DD0FB6E5 ] TermDD C:\Windows\system32\DRIVERS\termdd.sys
03:14:43.0733 5600 TermDD - ok
03:14:43.0761 5600 [ 2B5BDFF688EC9871D7EC5837833374E9 ] terminpt C:\Windows\system32\drivers\terminpt.sys
03:14:43.0763 5600 terminpt - ok
03:14:43.0794 5600 [ 2E648163254233755035B46DD7B89123 ] TermService C:\Windows\System32\termsrv.dll
03:14:43.0815 5600 TermService - ok
03:14:43.0820 5600 [ F0344071948D1A1FA732231785A0664C ] Themes C:\Windows\system32\themeservice.dll
03:14:43.0823 5600 Themes - ok
03:14:43.0843 5600 [ E40E80D0304A73E8D269F7141D77250B ] THREADORDER C:\Windows\system32\mmcss.dll
03:14:43.0845 5600 THREADORDER - ok
03:14:43.0851 5600 [ 7E7AFD841694F6AC397E99D75CEAD49D ] TrkWks C:\Windows\System32\trkwks.dll
03:14:43.0854 5600 TrkWks - ok
03:14:43.0890 5600 [ 773212B2AAA24C1E31F10246B15B276C ] TrustedInstaller C:\Windows\servicing\TrustedInstaller.exe
03:14:43.0892 5600 TrustedInstaller - ok
03:14:43.0899 5600 [ CE18B2CDFC837C99E5FAE9CA6CBA5D30 ] tssecsrv C:\Windows\system32\DRIVERS\tssecsrv.sys
03:14:43.0900 5600 tssecsrv - ok
03:14:43.0923 5600 [ D11C783E3EF9A3C52C0EBE83CC5000E9 ] TsUsbFlt C:\Windows\system32\drivers\tsusbflt.sys
03:14:43.0924 5600 TsUsbFlt - ok
03:14:43.0929 5600 [ 9CC2CCAE8A84820EAECB886D477CBCB8 ] TsUsbGD C:\Windows\system32\drivers\TsUsbGD.sys
03:14:43.0931 5600 TsUsbGD - ok
03:14:43.0936 5600 [ E1748D04AE40118B62BC18AC86032192 ] tsusbhub C:\Windows\system32\drivers\tsusbhub.sys
03:14:43.0938 5600 tsusbhub - ok
03:14:43.0961 5600 [ 3566A8DAAFA27AF944F5D705EAA64894 ] tunnel C:\Windows\system32\DRIVERS\tunnel.sys
03:14:43.0963 5600 tunnel - ok
03:14:43.0968 5600 [ B4DD609BD7E282BFC683CEC7EAAAAD67 ] uagp35 C:\Windows\system32\drivers\uagp35.sys
03:14:43.0969 5600 uagp35 - ok
03:14:43.0985 5600 [ FF4232A1A64012BAA1FD97C7B67DF593 ] udfs C:\Windows\system32\DRIVERS\udfs.sys
03:14:43.0989 5600 udfs - ok
03:14:43.0997 5600 [ 3CBDEC8D06B9968ABA702EBA076364A1 ] UI0Detect C:\Windows\system32\UI0Detect.exe
03:14:44.0000 5600 UI0Detect - ok
03:14:44.0019 5600 [ 4BFE1BC28391222894CBF1E7D0E42320 ] uliagpkx C:\Windows\system32\drivers\uliagpkx.sys
03:14:44.0022 5600 uliagpkx - ok
03:14:44.0045 5600 [ DC54A574663A895C8763AF0FA1FF7561 ] umbus C:\Windows\system32\DRIVERS\umbus.sys
03:14:44.0047 5600 umbus - ok
03:14:44.0051 5600 [ B2E8E8CB557B156DA5493BBDDCC1474D ] UmPass C:\Windows\system32\drivers\umpass.sys
03:14:44.0052 5600 UmPass - ok
03:14:44.0071 5600 [ A293DCD756D04D8492A750D03B9A297C ] UmRdpService C:\Windows\System32\umrdp.dll
03:14:44.0076 5600 UmRdpService - ok
03:14:44.0093 5600 [ D47EC6A8E81633DD18D2436B19BAF6DE ] upnphost C:\Windows\System32\upnphost.dll
03:14:44.0113 5600 upnphost - ok
03:14:44.0153 5600 [ 82E8F44688E6FAC57B5B7C6FC7ADBC2A ] usbaudio C:\Windows\system32\drivers\usbaudio.sys
03:14:44.0155 5600 usbaudio - ok
03:14:44.0184 5600 [ 6F1A3157A1C89435352CEB543CDB359C ] usbccgp C:\Windows\system32\DRIVERS\usbccgp.sys
03:14:44.0186 5600 usbccgp - ok
03:14:44.0198 5600 [ AF0892A803FDDA7492F595368E3B68E7 ] usbcir C:\Windows\system32\drivers\usbcir.sys
03:14:44.0202 5600 usbcir - ok
03:14:44.0220 5600 [ C025055FE7B87701EB042095DF1A2D7B ] usbehci C:\Windows\system32\drivers\usbehci.sys
03:14:44.0222 5600 usbehci - ok
03:14:44.0240 5600 [ 287C6C9410B111B68B52CA298F7B8C24 ] usbhub C:\Windows\system32\DRIVERS\usbhub.sys
03:14:44.0246 5600 usbhub - ok
03:14:44.0261 5600 [ 9840FC418B4CBD632D3D0A667A725C31 ] usbohci C:\Windows\system32\drivers\usbohci.sys
03:14:44.0263 5600 usbohci - ok
03:14:44.0283 5600 [ 73188F58FB384E75C4063D29413CEE3D ] usbprint C:\Windows\system32\drivers\usbprint.sys
03:14:44.0285 5600 usbprint - ok
03:14:44.0303 5600 [ FED648B01349A3C8395A5169DB5FB7D6 ] USBSTOR C:\Windows\system32\DRIVERS\USBSTOR.SYS
03:14:44.0305 5600 USBSTOR - ok
03:14:44.0318 5600 [ 62069A34518BCF9C1FD9E74B3F6DB7CD ] usbuhci C:\Windows\system32\drivers\usbuhci.sys
03:14:44.0320 5600 usbuhci - ok
03:14:44.0380 5600 [ 454800C2BC7F3927CE030141EE4F4C50 ] usbvideo C:\Windows\system32\Drivers\usbvideo.sys
03:14:44.0403 5600 usbvideo - ok
03:14:44.0470 5600 [ EDBB23CBCF2CDF727D64FF9B51A6070E ] UxSms C:\Windows\System32\uxsms.dll
03:14:44.0492 5600 UxSms - ok
03:14:44.0506 5600 [ C118A82CD78818C29AB228366EBF81C3 ] VaultSvc C:\Windows\system32\lsass.exe
03:14:44.0509 5600 VaultSvc - ok
03:14:44.0533 5600 [ C5C876CCFC083FF3B128F933823E87BD ] vdrvroot C:\Windows\system32\drivers\vdrvroot.sys
03:14:44.0536 5600 vdrvroot - ok
03:14:44.0570 5600 [ 8D6B481601D01A456E75C3210F1830BE ] vds C:\Windows\System32\vds.exe
03:14:44.0593 5600 vds - ok
03:14:44.0608 5600 [ DA4DA3F5E02943C2DC8C6ED875DE68DD ] vga C:\Windows\system32\DRIVERS\vgapnp.sys
03:14:44.0611 5600 vga - ok
03:14:44.0630 5600 [ 53E92A310193CB3C03BEA963DE7D9CFC ] VgaSave C:\Windows\System32\drivers\vga.sys
03:14:44.0633 5600 VgaSave - ok
03:14:44.0640 5600 VGPU - ok
03:14:44.0666 5600 [ 2CE2DF28C83AEAF30084E1B1EB253CBB ] vhdmp C:\Windows\system32\drivers\vhdmp.sys
03:14:44.0673 5600 vhdmp - ok
03:14:44.0693 5600 [ E5689D93FFE4E5D66C0178761240DD54 ] viaide C:\Windows\system32\drivers\viaide.sys
03:14:44.0696 5600 viaide - ok
03:14:44.0719 5600 [ 86EA3E79AE350FEA5331A1303054005F ] vmbus C:\Windows\system32\drivers\vmbus.sys
03:14:44.0725 5600 vmbus - ok
03:14:44.0739 5600 [ 7DE90B48F210D29649380545DB45A187 ] VMBusHID C:\Windows\system32\drivers\VMBusHID.sys
03:14:44.0742 5600 VMBusHID - ok
03:14:44.0757 5600 [ D2AAFD421940F640B407AEFAAEBD91B0 ] volmgr C:\Windows\system32\drivers\volmgr.sys
03:14:44.0760 5600 volmgr - ok
03:14:44.0780 5600 [ A255814907C89BE58B79EF2F189B843B ] volmgrx C:\Windows\system32\drivers\volmgrx.sys
03:14:44.0790 5600 volmgrx - ok
03:14:44.0811 5600 [ 0D08D2F3B3FF84E433346669B5E0F639 ] volsnap C:\Windows\system32\drivers\volsnap.sys
03:14:44.0819 5600 volsnap - ok
03:14:44.0844 5600 [ 5E2016EA6EBACA03C04FEAC5F330D997 ] vsmraid C:\Windows\system32\drivers\vsmraid.sys
03:14:44.0848 5600 vsmraid - ok
03:14:44.0884 5600 [ B60BA0BC31B0CB414593E169F6F21CC2 ] VSS C:\Windows\system32\vssvc.exe
03:14:44.0915 5600 VSS - ok
03:14:44.0923 5600 [ 36D4720B72B5C5D9CB2B9C29E9DF67A1 ] vwifibus C:\Windows\system32\DRIVERS\vwifibus.sys
03:14:44.0924 5600 vwifibus - ok
03:14:44.0941 5600 [ 6A3D66263414FF0D6FA754C646612F3F ] vwififlt C:\Windows\system32\DRIVERS\vwififlt.sys
03:14:44.0942 5600 vwififlt - ok
03:14:44.0958 5600 [ 6A638FC4BFDDC4D9B186C28C91BD1A01 ] vwifimp C:\Windows\system32\DRIVERS\vwifimp.sys
03:14:44.0959 5600 vwifimp - ok
03:14:44.0973 5600 [ 1C9D80CC3849B3788048078C26486E1A ] W32Time C:\Windows\system32\w32time.dll
03:14:44.0978 5600 W32Time - ok
03:14:44.0989 5600 [ 4E9440F4F152A7B944CB1663D3935A3E ] WacomPen C:\Windows\system32\drivers\wacompen.sys
03:14:44.0991 5600 WacomPen - ok
03:14:45.0039 5600 [ 5D81DFEDC21830764B02F12415AFAE2B ] wampapache c:\wamp\bin\apache\apache2.2.22\bin\httpd.exe
03:14:45.0042 5600 wampapache - ok
03:14:45.0095 5600 wampmysqld - ok
03:14:45.0118 5600 [ 356AFD78A6ED4457169241AC3965230C ] WANARP C:\Windows\system32\DRIVERS\wanarp.sys
03:14:45.0121 5600 WANARP - ok
03:14:45.0136 5600 [ 356AFD78A6ED4457169241AC3965230C ] Wanarpv6 C:\Windows\system32\DRIVERS\wanarp.sys
03:14:45.0138 5600 Wanarpv6 - ok
03:14:45.0213 5600 [ 3CEC96DE223E49EAAE3651FCF8FAEA6C ] WatAdminSvc C:\Windows\system32\Wat\WatAdminSvc.exe
03:14:45.0272 5600 WatAdminSvc - ok
03:14:45.0328 5600 [ 78F4E7F5C56CB9716238EB57DA4B6A75 ] wbengine C:\Windows\system32\wbengine.exe
03:14:45.0370 5600 wbengine - ok
03:14:45.0401 5600 [ A12EE9C999BC2330D4CCEFD48169454B ] wbfcvusbdrv C:\Windows\system32\Drivers\wbfcvusbdrv.sys
03:14:45.0404 5600 wbfcvusbdrv - ok
03:14:45.0413 5600 [ 3AA101E8EDAB2DB4131333F4325C76A3 ] WbioSrvc C:\Windows\System32\wbiosrvc.dll
03:14:45.0419 5600 WbioSrvc - ok
03:14:45.0431 5600 [ 7368A2AFD46E5A4481D1DE9D14848EDD ] wcncsvc C:\Windows\System32\wcncsvc.dll
03:14:45.0436 5600 wcncsvc - ok
03:14:45.0441 5600 [ 20F7441334B18CEE52027661DF4A6129 ] WcsPlugInService C:\Windows\System32\WcsPlugInService.dll
03:14:45.0444 5600 WcsPlugInService - ok
03:14:45.0464 5600 [ 72889E16FF12BA0F235467D6091B17DC ] Wd C:\Windows\system32\drivers\wd.sys
03:14:45.0466 5600 Wd - ok
03:14:45.0490 5600 [ 441BD2D7B4F98134C3A4F9FA570FD250 ] Wdf01000 C:\Windows\system32\drivers\Wdf01000.sys
03:14:45.0494 5600 Wdf01000 - ok
03:14:45.0497 5600 [ BF1FC3F79B863C914687A737C2F3D681 ] WdiServiceHost C:\Windows\system32\wdi.dll
03:14:45.0499 5600 WdiServiceHost - ok
03:14:45.0502 5600 [ BF1FC3F79B863C914687A737C2F3D681 ] WdiSystemHost C:\Windows\system32\wdi.dll
03:14:45.0504 5600 WdiSystemHost - ok
03:14:45.0514 5600 [ 3DB6D04E1C64272F8B14EB8BC4616280 ] WebClient C:\Windows\System32\webclnt.dll
03:14:45.0518 5600 WebClient - ok
03:14:45.0523 5600 [ C749025A679C5103E575E3B48E092C43 ] Wecsvc C:\Windows\system32\wecsvc.dll
03:14:45.0527 5600 Wecsvc - ok
03:14:45.0535 5600 [ 7E591867422DC788B9E5BD337A669A08 ] wercplsupport C:\Windows\System32\wercplsupport.dll
03:14:45.0552 5600 wercplsupport - ok
03:14:45.0568 5600 [ 6D137963730144698CBD10F202E9F251 ] WerSvc C:\Windows\System32\WerSvc.dll
03:14:45.0570 5600 WerSvc - ok
03:14:45.0578 5600 [ 611B23304BF067451A9FDEE01FBDD725 ] WfpLwf C:\Windows\system32\DRIVERS\wfplwf.sys
03:14:45.0578 5600 WfpLwf - ok
03:14:45.0594 5600 [ 05ECAEC3E4529A7153B3136CEB49F0EC ] WIMMount C:\Windows\system32\drivers\wimmount.sys
03:14:45.0594 5600 WIMMount - ok
03:14:45.0619 5600 WinDefend - ok
03:14:45.0622 5600 WinHttpAutoProxySvc - ok
03:14:45.0674 5600 [ 19B07E7E8915D701225DA41CB3877306 ] Winmgmt C:\Windows\system32\wbem\WMIsvc.dll
03:14:45.0679 5600 Winmgmt - ok
03:14:45.0748 5600 [ BCB1310604AA415C4508708975B3931E ] WinRM C:\Windows\system32\WsmSvc.dll
03:14:45.0807 5600 WinRM - ok
03:14:45.0839 5600 [ FE88B288356E7B47B74B13372ADD906D ] WinUsb C:\Windows\system32\DRIVERS\WinUSB.sys
03:14:45.0841 5600 WinUsb - ok
03:14:45.0871 5600 [ 4FADA86E62F18A1B2F42BA18AE24E6AA ] Wlansvc C:\Windows\System32\wlansvc.dll
03:14:45.0878 5600 Wlansvc - ok
03:14:45.0975 5600 [ 357CABBF155AFD1D3926E62539D2A3A7 ] wlidsvc C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
03:14:46.0027 5600 wlidsvc - ok
03:14:46.0042 5600 [ F6FF8944478594D0E414D3F048F0D778 ] WmiAcpi C:\Windows\system32\DRIVERS\wmiacpi.sys
03:14:46.0050 5600 WmiAcpi - ok
03:14:46.0059 5600 [ 38B84C94C5A8AF291ADFEA478AE54F93 ] wmiApSrv C:\Windows\system32\wbem\WmiApSrv.exe
03:14:46.0061 5600 wmiApSrv - ok
03:14:46.0067 5600 WMPNetworkSvc - ok
03:14:46.0087 5600 [ 96C6E7100D724C69FCF9E7BF590D1DCA ] WPCSvc C:\Windows\System32\wpcsvc.dll
03:14:46.0089 5600 WPCSvc - ok
03:14:46.0094 5600 [ 93221146D4EBBF314C29B23CD6CC391D ] WPDBusEnum C:\Windows\system32\wpdbusenum.dll
03:14:46.0097 5600 WPDBusEnum - ok
03:14:46.0109 5600 [ 6BCC1D7D2FD2453957C5479A32364E52 ] ws2ifsl C:\Windows\system32\drivers\ws2ifsl.sys
03:14:46.0110 5600 ws2ifsl - ok
03:14:46.0124 5600 [ E8B1FE6669397D1772D8196DF0E57A9E ] wscsvc C:\Windows\System32\wscsvc.dll
03:14:46.0128 5600 wscsvc - ok
03:14:46.0131 5600 WSearch - ok
03:14:46.0199 5600 [ D9EF901DCA379CFE914E9FA13B73B4C4 ] wuauserv C:\Windows\system32\wuaueng.dll
03:14:46.0250 5600 wuauserv - ok
03:14:46.0263 5600 [ D3381DC54C34D79B22CEE0D65BA91B7C ] WudfPf C:\Windows\system32\drivers\WudfPf.sys
03:14:46.0266 5600 WudfPf - ok
03:14:46.0284 5600 [ CF8D590BE3373029D57AF80914190682 ] WUDFRd C:\Windows\system32\DRIVERS\WUDFRd.sys
03:14:46.0288 5600 WUDFRd - ok
03:14:46.0291 5600 [ 7A95C95B6C4CF292D689106BCAE49543 ] wudfsvc C:\Windows\System32\WUDFSvc.dll
03:14:46.0293 5600 wudfsvc - ok
03:14:46.0298 5600 [ 9A3452B3C2A46C073166C5CF49FAD1AE ] WwanSvc C:\Windows\System32\wwansvc.dll
03:14:46.0301 5600 WwanSvc - ok
03:14:46.0382 5600 [ 5BCB1F6CB749B6826BE1C0F16FF2F600 ] ZeroConfigService C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe
03:14:46.0451 5600 ZeroConfigService - ok
03:14:46.0477 5600 ================ Scan global ===============================
03:14:46.0493 5600 [ BA0CD8C393E8C9F83354106093832C7B ] C:\Windows\system32\basesrv.dll
03:14:46.0512 5600 [ EB6A48CC998E1090E44E8E7F1009A640 ] C:\Windows\system32\winsrv.dll
03:14:46.0519 5600 [ EB6A48CC998E1090E44E8E7F1009A640 ] C:\Windows\system32\winsrv.dll
03:14:46.0540 5600 [ D6160F9D869BA3AF0B787F971DB56368 ] C:\Windows\system32\sxssrv.dll
03:14:46.0551 5600 [ 24ACB7E5BE595468E3B9AA488B9B4FCB ] C:\Windows\system32\services.exe
03:14:46.0557 5600 [Global] - ok
03:14:46.0558 5600 ================ Scan MBR ==================================
03:14:46.0566 5600 [ A36C5E4F47E84449FF07ED3517B43A31 ] \Device\Harddisk0\DR0
03:14:46.0911 5600 \Device\Harddisk0\DR0 - ok
03:14:46.0911 5600 ================ Scan VBR ==================================
03:14:46.0913 5600 [ B9CE83E8ADD13AA7CDB72DD570129AAC ] \Device\Harddisk0\DR0\Partition1
03:14:46.0915 5600 \Device\Harddisk0\DR0\Partition1 - ok
03:14:46.0921 5600 [ 36CDE2065EC45ED17389DE053E3E0D2B ] \Device\Harddisk0\DR0\Partition2
03:14:46.0923 5600 \Device\Harddisk0\DR0\Partition2 - ok
03:14:46.0943 5600 [ 3EB3061F203FA0DF1EF85279F5CDA335 ] \Device\Harddisk0\DR0\Partition3
03:14:46.0945 5600 \Device\Harddisk0\DR0\Partition3 - ok
03:14:46.0964 5600 [ B09BE8E6445B204690C64D591B25B216 ] \Device\Harddisk0\DR0\Partition4
03:14:46.0966 5600 \Device\Harddisk0\DR0\Partition4 - ok
03:14:46.0966 5600 ============================================================
03:14:46.0966 5600 Scan finished
03:14:46.0966 5600 ============================================================
03:14:46.0973 5116 Detected object count: 0
03:14:46.0973 5116 Actual detected object count: 0



#10 0_shark_0

0_shark_0
  • Topic Starter

  • Members
  • 70 posts
  • OFFLINE
  •  
  • Local time:06:31 PM

Posted 23 September 2012 - 09:46 PM

Hello

For Avast, the scan prompt with a message from windows that this application has been stoped

Thanks

#11 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,773 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:02:31 PM

Posted 23 September 2012 - 09:47 PM

OK I will be waiting for the aswMBR report when it is done


gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#12 0_shark_0

0_shark_0
  • Topic Starter

  • Members
  • 70 posts
  • OFFLINE
  •  
  • Local time:06:31 PM

Posted 23 September 2012 - 09:54 PM

OK I will be waiting for the aswMBR report when it is done


gringo


Nothing, Avast closed without report :(

#13 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,773 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:02:31 PM

Posted 23 September 2012 - 10:12 PM

Hello

I Would like you to do the following.

Please print out or make a copy in notpad of any instructions given, as sometimes it is necessary to go offline and you will lose access to them.

Run Combofix:

You may be asked to install or update the Recovery Console (Win XP Only) if this happens please allow it to do so (you will need to be connected to the internet for this)

Before you run Combofix I will need you to turn off any security software you have running, If you do not know how to do this you can find out >here< or >here<

Combofix may need to reboot your computer more than once to do its job this is normal.

You can download Combofix from one of these links. I want you to save it to the desktop and run it from there.
Link 1
Link 2
Link 3
1. Close any open browsers or any other programs that are open.
2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

Double click on combofix.exe & follow the prompts.
When finished, it will produce a report for you.

Note 1: Do not mouseclick combofix's window while it's running. That may cause it to stall

Note 2: If you recieve an error "Illegal operation attempted on a registery key that has been marked for deletion." Please restart the computer

"information and logs"

  • In your next post I need the following
  • Log from Combofix
  • let me know of any problems you may have had
  • How is the computer doing now?

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#14 0_shark_0

0_shark_0
  • Topic Starter

  • Members
  • 70 posts
  • OFFLINE
  •  
  • Local time:06:31 PM

Posted 23 September 2012 - 10:37 PM

Thanks

Bellow the log of Combofix



ComboFix 12-09-23.03 - Hicham 24/09/2012 4:20.1.8 - x64
Microsoft Windows 7 Édition Intégrale 6.1.7601.1.1252.33.1036.18.8073.5363 [GMT 0:00]
Lancé depuis: c:\users\Hicham\Desktop\ComboFix.exe
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
* Un nouveau point de restauration a été créé
.
.
(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\programdata\Roaming
c:\users\Hicham\AppData\Local\Temp\XTMP1MC3VE\DEMA18B.tmp
c:\users\Hicham\AppData\Local\Temp\XTMP1MC3VE\DEMA1AD.tmp
c:\users\Hicham\AppData\Local\Temp\XTMP1MC3VE\DEMA1CE.tmp
c:\users\Hicham\AppData\Local\Temp\XTMP1MC3VE\DEMA1EF.tmp
c:\users\Hicham\AppData\Local\Temp\XTMP1MC3VE\DEMA201.tmp
c:\users\Hicham\AppData\Local\Temp\XTMP1MC3VE\DEMA222.tmp
c:\users\Hicham\AppData\Local\Temp\XTMP1MC3VE\DEMA233.tmp
c:\users\Hicham\AppData\Local\Temp\XTMP1MC3VE\DEMA245.tmp
c:\users\Hicham\AppData\Local\Temp\XTMP1MC3VE\DEMA257.tmp
c:\users\Hicham\AppData\Local\Temp\XTMP1MC3VE\DEMA268.tmp
c:\users\Hicham\AppData\Local\Temp\XTMP1MC3VE\DEMA27A.tmp
c:\users\Hicham\AppData\Local\Temp\XTMP1MC3VE\DEMA28B.tmp
c:\users\Hicham\AppData\Local\Temp\XTMP1MC3VE\DEMA29D.tmp
c:\users\Hicham\AppData\Local\Temp\XTMP1MC3VE\DEMA2AF.tmp
c:\users\Hicham\AppData\Local\Temp\XTMP1MC3VE\DEMA56F.tmp
c:\users\Hicham\AppData\Local\Temp\XTMP1MC3VE\DEMA59F.tmp
c:\users\Hicham\AppData\Local\Temp\XTMP1MC3VE\DEMA66C.tmp
c:\users\Hicham\AppData\Local\Temp\XTMP1MC3VE\DEMA69D.tmp
c:\users\Hicham\AppData\Local\Temp\XTMP1MC3VE\DEMA9DA.tmp
c:\users\Hicham\AppData\Local\Temp\XTMP1MC3VE\DEMAA59.tmp
c:\users\Hicham\AppData\Local\Temp\XTMP1MC3VE\DEMAD09.tmp
c:\users\Hicham\AppData\Local\Temp\XTMP1MC3VE\DEMADA7.tmp
c:\users\Hicham\AppData\Local\Temp\XTMP1MC3VE\DEMAEF1.tmp
c:\users\Hicham\AppData\Local\Temp\XTMP1MC3VE\DEMB25D.tmp
c:\users\Hicham\AppData\Local\Temp\XTMP1MC3VE\DEMB3B6.tmp
c:\users\Hicham\AppData\Local\Temp\XTMP1MC3VE\DEMB56D.tmp
c:\users\Hicham\AppData\Local\Temp\XTMP1MC3VE\DEMB734.tmp
c:\users\Hicham\AppData\Local\Temp\XTMP1MC3VE\DEMB8FA.tmp
c:\users\Hicham\AppData\Local\Temp\XTMP1MC3VE\DEMB988.tmp
c:\users\Hicham\AppData\Local\Temp\XTMP1MC3VE\DEMBA65.tmp
c:\users\Hicham\AppData\Local\Temp\XTMP1MC3VE\DEMBAF3.tmp
c:\users\Hicham\AppData\Local\Temp\XTMP1MC3VE\DEMBC5C.tmp
c:\users\Hicham\AppData\Local\Temp\XTMP1MC3VE\DEMBCBC.tmp
c:\users\Hicham\AppData\Local\Temp\XTMP1MC3VE\DEMBD88.tmp
c:\users\Hicham\AppData\Local\Temp\XTMP1MC3VE\DEMBE26.tmp
c:\users\Hicham\AppData\Local\Temp\XTMP1MC3VE\DEMBEF3.tmp
c:\users\Hicham\AppData\Local\Temp\XTMP1MC3VE\DEMC02D.tmp
c:\users\Hicham\AppData\Local\Temp\XTMP1MC3VE\DEMC08D.tmp
c:\users\Hicham\AppData\Local\Temp\XTMP1MC3VE\DEMC14A.tmp
c:\users\Hicham\AppData\Local\Temp\XTMP1MC3VE\DEMC226.tmp
c:\users\Hicham\AppData\Local\Temp\XTMP1MC3VE\DEMC322.tmp
c:\users\Hicham\AppData\Local\Temp\XTMP1MC3VE\DEMC3C0.tmp
c:\users\Hicham\AppData\Local\Temp\XTMP1MC3VE\DEMC44F.tmp
c:\users\Hicham\AppData\Local\Temp\XTMP1MC3VE\DEMC461.tmp
c:\users\Hicham\AppData\Local\Temp\XTMP1MC3VE\DEMC675.tmp
c:\users\Hicham\AppData\Local\Temp\XTMP1MC3VE\DEMC6A6.tmp
c:\users\Hicham\AppData\Local\Temp\YTMP7MC8AA\TAAD5EE.tmp
c:\users\Hicham\AppData\Roaming\Microsoft\1eaadjc.dll
c:\users\Hicham\AppData\Roaming\Microsoft\bass.dll
c:\users\Hicham\AppData\Roaming\Microsoft\kfgresk.dll
c:\users\Hicham\AppData\Roaming\Microsoft\mjcriu.dll
c:\users\Hicham\AppData\Roaming\Microsoft\peaadje.dll
c:\users\Hicham\AppData\Roaming\Microsoft\qwadjb.dll
c:\users\Hicham\AppData\Roaming\Microsoft\rsaadjd.dll
c:\users\Hicham\AppData\Roaming\Setup.exe
c:\windows\SysWow64\DEBUG.log
c:\windows\SysWow64\instsrv.exe
c:\windows\SysWow64\muzapp.exe
c:\windows\SysWow64\regobj.dll
c:\windows\SysWow64\test.dll
c:\windows\SysWOW64mfc45.dll
.
.
((((((((((((((((((((((((((((( Fichiers créés du 2012-08-24 au 2012-09-24 ))))))))))))))))))))))))))))))))))))
.
.
2012-09-22 03:32 . 2012-09-22 03:35 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware
2012-09-22 03:32 . 2012-09-07 17:04 25928 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-09-22 01:47 . 2012-09-22 01:47 -------- d-----w- C:\temp
2012-09-22 01:06 . 2012-09-01 18:01 647736 ----a-w- c:\windows\system32\drivers\iaStorA.sys
2012-09-22 01:06 . 2012-09-01 18:01 28216 ----a-w- c:\windows\system32\drivers\iaStorF.sys
2012-09-21 12:23 . 2012-08-30 07:27 9308616 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{31047474-F653-431B-B9F6-1C2561CDAE91}\mpengine.dll
2012-09-21 01:18 . 2012-09-21 01:18 -------- d-----w- c:\users\Hicham\AppData\Local\SKIDROW
2012-09-21 01:15 . 2007-07-20 00:57 411496 ----a-w- c:\windows\system32\xactengine2_9.dll
2012-09-21 01:09 . 2012-09-21 01:09 -------- d-----w- c:\program files (x86)\Activision
2012-09-18 19:46 . 2012-09-18 19:46 -------- d-----w- c:\program files (x86)\Tunatic
2012-09-11 23:08 . 2012-08-22 18:12 950128 ----a-w- c:\windows\system32\drivers\ndis.sys
2012-09-11 23:08 . 2012-07-04 20:26 41472 ----a-w- c:\windows\system32\drivers\RNDISMP.sys
2012-09-11 23:08 . 2012-08-02 17:58 574464 ----a-w- c:\windows\system32\d3d10level9.dll
2012-09-11 23:08 . 2012-08-02 16:57 490496 ----a-w- c:\windows\SysWow64\d3d10level9.dll
2012-09-11 23:08 . 2012-08-22 18:12 1913200 ----a-w- c:\windows\system32\drivers\tcpip.sys
2012-09-11 23:08 . 2012-08-22 18:12 376688 ----a-w- c:\windows\system32\drivers\netio.sys
2012-09-11 23:08 . 2012-08-22 18:12 288624 ----a-w- c:\windows\system32\drivers\FWPKCLNT.SYS
2012-09-06 01:24 . 2012-09-06 01:24 -------- d-----w- c:\windows\system32\oodag
2012-09-06 01:22 . 2012-09-06 01:22 -------- d-----w- c:\users\Hicham\AppData\Local\O&O
2012-09-05 22:34 . 2012-09-24 04:29 -------- d-----w- c:\users\Hicham\AppData\Roaming\Skype
2012-09-05 22:34 . 2012-09-05 22:34 -------- d-----w- c:\program files (x86)\Common Files\Skype
2012-09-05 22:34 . 2012-09-05 22:37 -------- d-----r- c:\program files (x86)\Skype
2012-09-05 22:34 . 2012-09-05 22:37 -------- d-----w- c:\programdata\Skype
2012-09-05 21:27 . 2012-09-05 21:27 -------- d-----w- c:\windows\Hewlett-Packard
2012-09-04 22:48 . 2012-09-04 22:51 -------- d-----w- c:\programdata\BlueStacks
2012-09-04 22:42 . 2012-09-04 22:48 -------- d-----w- c:\users\Hicham\AppData\Local\ManyCam
2012-09-04 22:42 . 2012-09-04 22:42 -------- d-----w- c:\programdata\ManyCam
2012-09-04 22:42 . 2012-09-04 22:52 -------- d-----w- c:\users\Hicham\AppData\Roaming\ManyCam
2012-09-04 22:41 . 2012-09-04 22:42 -------- d-----w- c:\program files (x86)\ManyCam
2012-09-04 22:12 . 2003-11-10 18:13 69715 ----a-w- c:\program files (x86)\Common Files\InstallShield\Professional\RunTime\09\01\Intel32\ctor.dll
2012-09-04 22:12 . 2003-11-10 18:12 266240 ----a-w- c:\program files (x86)\Common Files\InstallShield\Professional\RunTime\09\01\Intel32\iscript.dll
2012-09-04 22:12 . 2003-11-10 18:12 192512 ----a-w- c:\program files (x86)\Common Files\InstallShield\Professional\RunTime\09\01\Intel32\iuser.dll
2012-09-04 22:12 . 2003-11-10 18:10 32768 ----a-w- c:\program files (x86)\Common Files\InstallShield\Professional\RunTime\Objectps.dll
2012-09-04 22:12 . 2012-09-04 22:12 311428 ----a-w- c:\program files (x86)\Common Files\InstallShield\Professional\RunTime\09\01\Intel32\setup.dll
2012-09-04 22:12 . 2012-09-04 22:12 188548 ----a-w- c:\program files (x86)\Common Files\InstallShield\Professional\RunTime\09\01\Intel32\iGdi.dll
2012-09-04 22:12 . 2003-11-10 18:14 729088 ----a-w- c:\program files (x86)\Common Files\InstallShield\Professional\RunTime\09\01\Intel32\iKernel.dll
2012-09-04 22:12 . 2003-11-10 18:11 5632 ----a-w- c:\program files (x86)\Common Files\InstallShield\Professional\RunTime\09\01\Intel32\DotNetInstaller.exe
2012-08-31 15:40 . 2012-08-31 15:40 -------- d-----w- c:\program files (x86)\Cisco
2012-08-31 15:40 . 2012-08-31 15:40 -------- d-----w- c:\programdata\Intel.sav
2012-08-31 15:31 . 2012-08-31 15:31 -------- d-----w- c:\program files (x86)\SystemRequirementsLab
2012-08-30 10:40 . 2012-08-30 10:40 429416 ----a-w- c:\windows\SysWow64\nvStreaming.exe
2012-08-30 00:08 . 2012-08-30 00:08 -------- d-----w- c:\users\Hicham\AppData\Roaming\ImTOO
2012-08-30 00:07 . 2012-08-30 00:07 -------- d-----w- c:\programdata\ImTOO
2012-08-30 00:07 . 2012-08-30 00:07 -------- d-----w- c:\program files (x86)\ImTOO
.
.
.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-09-18 17:09 . 2012-07-22 19:08 73136 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2012-09-18 17:09 . 2012-07-22 19:08 696240 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2012-09-12 00:56 . 2012-07-22 05:07 64462936 ----a-w- c:\windows\system32\MRT.exe
2012-08-30 19:14 . 2012-07-22 05:30 971624 ----a-w- c:\windows\system32\nvumdshimx.dll
2012-08-30 19:14 . 2012-07-22 05:30 830312 ----a-w- c:\windows\SysWow64\nvumdshim.dll
2012-08-30 19:14 . 2012-07-22 05:30 2725224 ----a-w- c:\windows\system32\nvapi64.dll
2012-08-30 19:14 . 2012-07-22 05:30 247144 ----a-w- c:\windows\system32\nvinitx.dll
2012-08-30 19:14 . 2012-07-22 05:30 2422120 ----a-w- c:\windows\SysWow64\nvapi.dll
2012-08-30 19:14 . 2012-07-22 05:30 202600 ----a-w- c:\windows\SysWow64\nvinit.dll
2012-08-30 19:14 . 2012-07-22 05:30 18229096 ----a-w- c:\windows\system32\nvd3dumx.dll
2012-08-30 19:14 . 2012-07-22 05:30 1760104 ----a-w- c:\windows\system32\nvdispco64.dll
2012-08-30 19:14 . 2012-07-22 05:30 15291752 ----a-w- c:\windows\SysWow64\nvd3dum.dll
2012-08-30 19:14 . 2012-07-22 05:30 1482600 ----a-w- c:\windows\system32\nvdispgenco64.dll
2012-08-30 16:18 . 2012-07-22 05:33 891240 ----a-w- c:\windows\system32\nvvsvc.exe
2012-08-30 16:18 . 2012-07-22 05:33 865640 ----a-w- c:\windows\system32\nv3dappshext.dll
2012-08-30 16:18 . 2012-07-22 05:33 63336 ----a-w- c:\windows\system32\nvshext.dll
2012-08-30 16:18 . 2012-07-22 05:33 2557800 ----a-w- c:\windows\system32\nvsvcr.dll
2012-08-30 16:18 . 2012-07-22 05:33 118120 ----a-w- c:\windows\system32\nvmctray.dll
2012-08-30 16:18 . 2012-07-22 05:33 55144 ----a-w- c:\windows\system32\nv3dappshextr.dll
2012-08-30 16:18 . 2012-07-22 05:33 3487434 ----a-w- c:\windows\system32\nvcoproc.bin
2012-08-30 16:18 . 2012-07-22 05:33 3266920 ----a-w- c:\windows\system32\nvsvc64.dll
2012-08-30 16:17 . 2012-07-22 05:33 6198120 ----a-w- c:\windows\system32\nvcpl.dll
2012-08-23 17:22 . 2012-08-23 17:22 0 ----a-w- c:\windows\invcol.tmp
2012-08-20 21:45 . 2012-08-20 21:45 74703 ----a-w- c:\windows\SysWow64\mfc45.dll
2012-08-20 06:16 . 2012-08-20 06:16 74703 ----a-w- c:\windows\SysWow64\mfc45.dat
2012-08-18 03:48 . 2012-08-18 03:48 830976 ----a-w- c:\windows\system32\ncs2dmix.dll
2012-08-18 03:27 . 2012-08-18 03:27 788992 ----a-w- c:\windows\system32\accesor.dll
2012-08-18 03:15 . 2012-08-18 03:15 211968 ----a-w- c:\windows\system32\ncs2instutility.dll
2012-08-18 03:09 . 2012-08-18 03:09 3154432 ----a-w- c:\windows\system32\ncscolib.dll
2012-08-15 10:57 . 2012-08-15 10:57 33616 ----a-w- c:\windows\system32\drivers\iqvw64e.sys
2012-08-14 09:58 . 2012-08-14 09:58 19720 ----a-w- c:\programdata\Microsoft\IdentityCRL\production\ppcrlconfig600.dll
2012-08-10 22:44 . 2012-08-23 22:49 482128 ----a-w- c:\windows\system32\drivers\e1c62x64.sys
2012-08-10 09:00 . 2012-08-10 09:00 316736 ----a-w- c:\windows\system32\PRONtObj.dll
2012-08-09 20:56 . 2012-08-23 22:49 101224 ----a-w- c:\windows\system32\NicInstC.dll
2012-08-09 16:54 . 2012-08-23 22:49 73032 ----a-w- c:\windows\system32\e1cmsg.dll
2012-08-09 07:42 . 2012-08-09 07:42 204288 ----a-w- c:\windows\system32\Ncs2Setp.dll
2012-08-04 23:10 . 2012-08-04 23:10 31344 ----a-w- c:\windows\system32\drivers\cnnctfy2.sys
2012-08-01 10:02 . 2012-08-01 10:02 162960 ----a-w- c:\windows\system32\drivers\iANSW60e.sys
2012-07-28 03:09 . 2012-07-28 03:09 57792 ----a-w- c:\windows\SysWow64\sirenacm.dll
2012-07-28 02:54 . 2012-07-28 02:54 321472 ----a-w- c:\windows\WLXPGSS.SCR
2012-07-27 02:30 . 2012-07-27 02:30 170824 ----a-w- c:\windows\system32\IPROSetMonitor.exe
2012-07-26 19:08 . 2012-07-26 19:08 862664 ----a-w- c:\windows\SysWow64\msvcr110.dll
2012-07-26 19:08 . 2012-07-26 19:08 534480 ----a-w- c:\windows\SysWow64\msvcp110.dll
2012-07-26 19:08 . 2012-07-26 19:08 251864 ----a-w- c:\windows\SysWow64\vccorlib110.dll
2012-07-26 19:08 . 2012-07-26 19:08 153536 ----a-w- c:\windows\SysWow64\atl110.dll
2012-07-26 19:08 . 2012-07-26 19:08 115656 ----a-w- c:\windows\SysWow64\vcomp110.dll
2012-07-26 15:22 . 2012-07-26 15:22 828872 ----a-w- c:\windows\system32\msvcr110.dll
2012-07-26 15:22 . 2012-07-26 15:22 661448 ----a-w- c:\windows\system32\msvcp110.dll
2012-07-26 15:22 . 2012-07-26 15:22 354264 ----a-w- c:\windows\system32\vccorlib110.dll
2012-07-26 15:22 . 2012-07-26 15:22 177096 ----a-w- c:\windows\system32\atl110.dll
2012-07-26 15:22 . 2012-07-26 15:22 124360 ----a-w- c:\windows\system32\vcomp110.dll
2012-07-26 01:45 . 2012-07-26 01:45 95 ----a-w- c:\windows\SysWow64\InstallGAC.bat
2012-07-25 15:54 . 2012-07-22 05:14 538496 ----a-w- c:\windows\system32\PROUnstl.exe
2012-07-22 22:39 . 2012-07-22 22:41 348712 ----a-w- c:\windows\system32\drivers\btwampfl.sys
2012-07-22 05:58 . 2012-07-22 06:01 22056 ----a-w- c:\windows\system32\btwcoins.dll
2012-07-22 05:16 . 2012-07-22 05:16 91648 ----a-w- c:\windows\system32\SetIEInstalledDate.exe
2012-07-22 05:16 . 2012-07-22 05:16 89088 ----a-w- c:\windows\system32\RegisterIEPKEYs.exe
2012-07-22 05:16 . 2012-07-22 05:16 89088 ----a-w- c:\windows\system32\ie4uinit.exe
2012-07-22 05:16 . 2012-07-22 05:16 86528 ----a-w- c:\windows\SysWow64\iesysprep.dll
2012-07-22 05:16 . 2012-07-22 05:16 85504 ----a-w- c:\windows\system32\iesetup.dll
2012-07-22 05:16 . 2012-07-22 05:16 82432 ----a-w- c:\windows\system32\icardie.dll
2012-07-22 05:16 . 2012-07-22 05:16 76800 ----a-w- c:\windows\SysWow64\SetIEInstalledDate.exe
2012-07-22 05:16 . 2012-07-22 05:16 76800 ----a-w- c:\windows\system32\tdc.ocx
2012-07-22 05:16 . 2012-07-22 05:16 74752 ----a-w- c:\windows\SysWow64\RegisterIEPKEYs.exe
2012-07-22 05:16 . 2012-07-22 05:16 74752 ----a-w- c:\windows\SysWow64\iesetup.dll
2012-07-22 05:16 . 2012-07-22 05:16 65024 ----a-w- c:\windows\system32\pngfilt.dll
2012-07-22 05:16 . 2012-07-22 05:16 63488 ----a-w- c:\windows\SysWow64\tdc.ocx
2012-07-22 05:16 . 2012-07-22 05:16 55296 ----a-w- c:\windows\system32\msfeedsbs.dll
2012-07-22 05:16 . 2012-07-22 05:16 534528 ----a-w- c:\windows\system32\ieapfltr.dll
2012-07-22 05:16 . 2012-07-22 05:16 49664 ----a-w- c:\windows\system32\imgutil.dll
2012-07-22 05:16 . 2012-07-22 05:16 48640 ----a-w- c:\windows\SysWow64\mshtmler.dll
2012-07-22 05:16 . 2012-07-22 05:16 48640 ----a-w- c:\windows\system32\mshtmler.dll
2012-07-22 05:16 . 2012-07-22 05:16 452608 ----a-w- c:\windows\system32\dxtmsft.dll
2012-07-22 05:16 . 2012-07-22 05:16 448512 ----a-w- c:\windows\system32\html.iec
2012-07-22 05:16 . 2012-07-22 05:16 403248 ----a-w- c:\windows\system32\iedkcs32.dll
2012-07-22 05:16 . 2012-07-22 05:16 39936 ----a-w- c:\windows\system32\iernonce.dll
2012-07-22 05:16 . 2012-07-22 05:16 3695416 ----a-w- c:\windows\system32\ieapfltr.dat
2012-07-22 05:16 . 2012-07-22 05:16 367104 ----a-w- c:\windows\SysWow64\html.iec
2012-07-22 05:16 . 2012-07-22 05:16 35840 ----a-w- c:\windows\SysWow64\imgutil.dll
2012-07-22 05:16 . 2012-07-22 05:16 30720 ----a-w- c:\windows\system32\licmgr10.dll
2012-07-22 05:16 . 2012-07-22 05:16 282112 ----a-w- c:\windows\system32\dxtrans.dll
2012-07-22 05:16 . 2012-07-22 05:16 267776 ----a-w- c:\windows\system32\ieaksie.dll
2012-07-22 05:16 . 2012-07-22 05:16 249344 ----a-w- c:\windows\system32\webcheck.dll
2012-07-22 05:16 . 2012-07-22 05:16 23552 ----a-w- c:\windows\SysWow64\licmgr10.dll
2012-07-22 05:16 . 2012-07-22 05:16 222208 ----a-w- c:\windows\system32\msls31.dll
2012-07-22 05:16 . 2012-07-22 05:16 197120 ----a-w- c:\windows\system32\msrating.dll
2012-07-22 05:16 . 2012-07-22 05:16 165888 ----a-w- c:\windows\system32\iexpress.exe
2012-07-22 05:16 . 2012-07-22 05:16 163840 ----a-w- c:\windows\system32\ieakui.dll
2012-07-22 05:16 . 2012-07-22 05:16 161792 ----a-w- c:\windows\SysWow64\msls31.dll
2012-07-22 05:16 . 2012-07-22 05:16 160256 ----a-w- c:\windows\system32\wextract.exe
2012-07-22 05:16 . 2012-07-22 05:16 160256 ----a-w- c:\windows\system32\ieakeng.dll
2012-07-22 05:16 . 2012-07-22 05:16 152064 ----a-w- c:\windows\SysWow64\wextract.exe
2012-07-22 05:16 . 2012-07-22 05:16 150528 ----a-w- c:\windows\SysWow64\iexpress.exe
2012-07-22 05:16 . 2012-07-22 05:16 149504 ----a-w- c:\windows\system32\occache.dll
2012-07-22 05:16 . 2012-07-22 05:16 145920 ----a-w- c:\windows\system32\iepeers.dll
2012-07-22 05:16 . 2012-07-22 05:16 135168 ----a-w- c:\windows\system32\IEAdvpack.dll
2012-07-22 05:16 . 2012-07-22 05:16 12288 ----a-w- c:\windows\system32\mshta.exe
2012-07-22 05:16 . 2012-07-22 05:16 11776 ----a-w- c:\windows\SysWow64\mshta.exe
2012-07-22 05:16 . 2012-07-22 05:16 114176 ----a-w- c:\windows\system32\admparse.dll
2012-07-22 05:16 . 2012-07-22 05:16 111616 ----a-w- c:\windows\system32\iesysprep.dll
.
.
((((((((((((((((((((((((((((((((( Points de chargement Reg ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrive1]
@="{F241C880-6982-4CE5-8CF7-7085BA96DA5A}"
[HKEY_CLASSES_ROOT\CLSID\{F241C880-6982-4CE5-8CF7-7085BA96DA5A}]
2012-08-14 09:54 220608 ----a-w- c:\users\Hicham\AppData\Local\Microsoft\SkyDrive\16.4.6010.0727\SkyDriveShell.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrive2]
@="{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E}"
[HKEY_CLASSES_ROOT\CLSID\{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E}]
2012-08-14 09:54 220608 ----a-w- c:\users\Hicham\AppData\Local\Microsoft\SkyDrive\16.4.6010.0727\SkyDriveShell.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrive3]
@="{BBACC218-34EA-4666-9D7A-C78F2274A524}"
[HKEY_CLASSES_ROOT\CLSID\{BBACC218-34EA-4666-9D7A-C78F2274A524}]
2012-08-14 09:54 220608 ----a-w- c:\users\Hicham\AppData\Local\Microsoft\SkyDrive\16.4.6010.0727\SkyDriveShell.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Facebook Update"="c:\users\Hicham\AppData\Local\Facebook\Update\FacebookUpdate.exe" [2012-09-10 138096]
"KiesPreload"="c:\program files (x86)\Samsung\Kies\Kies.exe" [2012-07-16 975800]
"SUPERAntiSpyware"="c:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2012-09-10 5663616]
"SkyDrive"="c:\users\Hicham\AppData\Local\Microsoft\SkyDrive\SkyDrive.exe" [2012-08-14 238528]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2010-11-21 1475584]
"ManyCam"="c:\program files (x86)\ManyCam\Bin\ManyCam.exe" [2012-06-28 2160024]
"Skype"="c:\program files (x86)\Skype\Phone\Skype.exe" [2012-07-13 17418928]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"PWRISOVM.EXE"="c:\program files (x86)\PowerISO\PWRISOVM.EXE" [2012-07-19 336992]
"IAStorIcon"="c:\program files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIconLaunch.exe" [2012-09-12 56128]
"BCSSync"="c:\program files (x86)\Microsoft Office\Office14\BCSSync.exe" [2010-03-13 91520]
"SwitchBoard"="c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe" [2010-02-19 517096]
"AdobeCS6ServiceManager"="c:\program files (x86)\Common Files\Adobe\CS6ServiceManager\CS6ServiceManager.exe" [2012-03-09 1073312]
"Adobe Acrobat Speed Launcher"="c:\program files (x86)\Adobe\Acrobat 10.0\Acrobat\Acrobat_sl.exe" [2010-10-25 36760]
"Acrobat Assistant 8.0"="c:\program files (x86)\Adobe\Acrobat 10.0\Acrobat\Acrotray.exe" [2010-10-25 821144]
"KiesTrayAgent"="c:\program files (x86)\Samsung\Kies\KiesTrayAgent.exe" [2012-07-16 3524536]
"hpqSRMon"="c:\program files (x86)\HP\Digital Imaging\bin\hpqSRMon.exe" [2008-07-22 150528]
"Bing Bar"="c:\program files (x86)\MSN Toolbar\Platform\5.0.1449.0\mswinext.exe" [2010-04-27 243544]
"BlueStacks Agent"="c:\program files (x86)\BlueStacks\HD-Agent.exe" [2012-08-29 577400]
"HP Software Update"="c:\program files (x86)\HP\HP Software Update\HPWuSchd2.exe" [2011-05-10 49208]
.
c:\users\Hicham\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
PalTalk.lnk - c:\program files (x86)\Paltalk Messenger\paltalk.exe [2012-6-22 8135336]
Smart Settings.lnk - c:\program files\Dell\Feature Enhancement Pack\SmartSettings.exe [2012-5-8 506904]
.
c:\users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Smart Settings.lnk - c:\program files\Dell\Feature Enhancement Pack\SmartSettings.exe [2012-5-8 506904]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 0 (0x0)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=c:\windows\SysWOW64\nvinit.dll
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk *\0OODBS
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\!SASCORE]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
.
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 gupdate;Service Google Update (gupdate);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-08-08 136176]
R2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2012-09-07 676936]
R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe [2012-07-13 160944]
R3 Acceler;Accelerometer Service;c:\windows\system32\DRIVERS\accelern.sys [2011-07-22 27760]
R3 ALSysIO;ALSysIO;c:\users\Hicham\AppData\Local\Temp\ALSysIO64.sys [x]
R3 AMPPALP;Protocole Intel® Centrino® Wireless Bluetooth® + High Speed;c:\windows\system32\DRIVERS\amppal.sys [2012-03-15 198144]
R3 androidusb;SAMSUNG Android Composite ADB Interface Driver;c:\windows\system32\Drivers\ssadadb.sys [2010-12-21 36328]
R3 BTWAMPFL;BTWAMPFL;c:\windows\system32\DRIVERS\btwampfl.sys [2012-07-22 348712]
R3 btwl2cap;Bluetooth L2CAP Service;c:\windows\system32\DRIVERS\btwl2cap.sys [x]
R3 cphs;Intel® Content Protection HECI Service;c:\windows\SysWow64\IntelCpHeciSvc.exe [2012-07-11 276288]
R3 cpudrv64;cpudrv64;c:\program files (x86)\SystemRequirementsLab\cpudrv64.sys [2011-06-02 17864]
R3 dg_ssudbus;SAMSUNG Mobile USB Composite Device Driver (DEVGURU Ver.);c:\windows\system32\DRIVERS\ssudbus.sys [2012-06-04 99384]
R3 dmvsc;dmvsc;c:\windows\system32\drivers\dmvsc.sys [2010-11-21 71168]
R3 driverhardwarev2x64;driverhardwarev2x64;c:\program files\ma-config.com\Drivers\driverhardwarev2x64.sys [2011-07-21 16640]
R3 gupdatem;Service Google Update (gupdatem);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-08-08 136176]
R3 hwusbdev;Huawei DataCard USB PNP Device;c:\windows\system32\DRIVERS\ewusbdev.sys [2009-10-12 114304]
R3 maconfservice;Ma-Config Service;c:\program files\ma-config.com\x64\maconfservice.exe [2012-09-20 427976]
R3 Microsoft SharePoint Workspace Audit Service;Microsoft SharePoint Workspace Audit Service;c:\program files (x86)\Microsoft Office\Office14\GROOVE.EXE [2011-06-12 31125880]
R3 MozillaMaintenance;Mozilla Maintenance Service;c:\program files (x86)\Mozilla Maintenance Service\maintenanceservice.exe [2012-07-14 113120]
R3 MyWiFiDHCPDNS;Wireless PAN DHCP Server;c:\program files\Intel\WiFi\bin\PanDhcpDns.exe [2012-06-25 272688]
R3 NVHDA;Service for NVIDIA High Definition Audio Driver;c:\windows\system32\drivers\nvhda64v.sys [2012-05-21 188776]
R3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-09 4925184]
R3 pwdrvio;pwdrvio;c:\windows\system32\pwdrvio.sys [2012-06-18 19032]
R3 pwdspio;pwdspio;c:\windows\system32\pwdspio.sys [2012-06-18 12384]
R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys [2010-11-21 20992]
R3 ssadbus;SAMSUNG Android USB Composite Device driver (WDM);c:\windows\system32\DRIVERS\ssadbus.sys [2011-06-02 157672]
R3 ssadmdfl;SAMSUNG Android USB Modem (Filter);c:\windows\system32\DRIVERS\ssadmdfl.sys [2011-06-02 16872]
R3 ssadmdm;SAMSUNG Android USB Modem Drivers;c:\windows\system32\DRIVERS\ssadmdm.sys [2011-06-02 177640]
R3 ssadserd;SAMSUNG Android USB Diagnostic Serial Port (WDM);c:\windows\system32\DRIVERS\ssadserd.sys [2011-06-02 146920]
R3 ssudmdm;SAMSUNG Mobile USB Modem Drivers (DEVGURU Ver.);c:\windows\system32\DRIVERS\ssudmdm.sys [2012-06-04 203320]
R3 SwitchBoard;SwitchBoard;c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2010-02-19 517096]
R3 Synth3dVsc;Synth3dVsc;c:\windows\system32\drivers\synth3dvsc.sys [2010-11-21 88960]
R3 terminpt;Microsoft Remote Desktop Input Driver;c:\windows\system32\drivers\terminpt.sys [2010-11-21 34816]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-21 59392]
R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys [2010-11-21 31232]
R3 tsusbhub;tsusbhub;c:\windows\system32\drivers\tsusbhub.sys [2010-11-21 117248]
R3 VGPU;VGPU;c:\windows\system32\drivers\rdvgkmd.sys [x]
R3 WatAdminSvc;Service Windows Activation Technologies;c:\windows\system32\Wat\WatAdminSvc.exe [2012-07-22 1255736]
R3 wbfcvusbdrv;WBF Control Vault;c:\windows\system32\Drivers\wbfcvusbdrv.sys [2011-06-22 15976]
S0 iaStorA;iaStorA;c:\windows\system32\DRIVERS\iaStorA.sys [2012-09-01 647736]
S0 iaStorF;iaStorF;c:\windows\system32\DRIVERS\iaStorF.sys [2012-09-01 28216]
S0 nvpciflt;nvpciflt;c:\windows\system32\DRIVERS\nvpciflt.sys [2012-08-30 30056]
S0 PxHlpa64;PxHlpa64;c:\windows\System32\Drivers\PxHlpa64.sys [2011-11-03 56208]
S1 ElRawDisk;ElRawDisk;c:\windows\system32\drivers\ElRawDsk.sys [2012-04-17 31432]
S1 nvkflt;nvkflt;c:\windows\system32\DRIVERS\nvkflt.sys [2012-08-30 284008]
S1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\SASDIFSV64.SYS [2011-07-22 14928]
S1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL64.SYS [2011-07-12 12368]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [2009-07-14 59904]
S2 !SASCORE;SAS Core Service;c:\program files\SUPERAntiSpyware\SASCORE64.EXE [2012-09-10 140672]
S2 AESTFilters;Andrea ST Filters Service;c:\program files\IDT\WDM\AESTSr64.exe [2009-03-03 89600]
S2 AMPPALR3;Intel® Centrino® Wireless Bluetooth® + High Speed Service;c:\program files\Intel\BluetoothHS\BTHSAmpPalService.exe [2012-03-15 659976]
S2 BstHdAndroidSvc;BlueStacks Android Service;c:\program files (x86)\BlueStacks\HD-Service.exe BstHdAndroidSvc Android [x]
S2 BstHdDrv;BlueStacks Hypervisor;c:\program files (x86)\BlueStacks\HD-Hypervisor-amd64.sys [2012-08-29 74616]
S2 BstHdLogRotatorSvc;BlueStacks Log Rotator Service;c:\program files (x86)\BlueStacks\HD-LogRotatorService.exe [2012-08-29 384888]
S2 BTHSSecurityMgr;Intel® Centrino® Wireless Bluetooth® + High Speed Security Service;c:\program files\Intel\BluetoothHS\BTHSSecurityMgr.exe [2012-04-23 135952]
S2 Credential Vault Host Control Service;Credential Vault Host Control Service;c:\program files\Broadcom Corporation\Broadcom USH Host Components\CV\bin\HostControlService.exe [2011-12-02 1043872]
S2 Credential Vault Host Storage;Credential Vault Host Storage;c:\program files\Broadcom Corporation\Broadcom USH Host Components\CV\bin\HostStorageService.exe [2011-12-02 36768]
S2 DFEPService;Dell Feature Enhancement Pack Service;c:\program files\Dell\Feature Enhancement Pack\DFEPService.exe [2012-05-08 2279960]
S2 IAStorDataMgrSvc;Technologie de stockage Intel® Rapid;c:\program files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe [2012-09-01 14904]
S2 Intel® Capability Licensing Service Interface;Intel® Capability Licensing Service Interface;c:\program files\Intel\iCLS Client\HeciServer.exe [2012-04-20 635104]
S2 Intel® PROSet Monitoring Service;Intel® PROSet Monitoring Service;c:\windows\system32\IProsetMonitor.exe [2012-07-27 170824]
S2 jhi_service;Intel® Dynamic Application Loader Host Interface Service;c:\program files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe [2012-05-15 165144]
S2 MBAMScheduler;MBAMScheduler;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [2012-09-07 399432]
S2 nvUpdatusService;NVIDIA Update Service Daemon;c:\program files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe [2012-08-30 1258856]
S2 O2SDIOAssist;O2SDIOAssist;c:\windows\SysWOW64\srvany.exe [2003-04-18 8192]
S2 OODefragAgent;O&O Defrag;c:\program files\OO Software\Defrag\oodag.exe [2012-06-06 3293552]
S2 Skype C2C Service;Skype C2C Service;c:\programdata\Skype\Toolbars\Skype C2C Service\c2c_service.exe [2012-08-13 3064000]
S2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2012-08-30 382312]
S2 TeamViewer7;TeamViewer 7;c:\program files (x86)\TeamViewer\Version7\TeamViewer_Service.exe [2012-07-16 2673064]
S2 ZeroConfigService;Intel® PROSet/Wireless Zero Configuration Service;c:\program files\Intel\WiFi\bin\ZeroConfigService.exe [2012-06-25 3325232]
S3 AMPPAL;Carte réseau virtuelle Intel® Centrino® Wireless Bluetooth® + High Speed;c:\windows\system32\DRIVERS\AMPPAL.sys [2012-03-15 198144]
S3 cvusbdrv;Dell ControlVault;c:\windows\system32\Drivers\cvusbdrv.sys [2011-12-02 45672]
S3 e1cexpress;Intel® PRO/1000 PCI Express Network Connection Driver C;c:\windows\system32\DRIVERS\e1c62x64.sys [2012-08-10 482128]
S3 ManyCam;ManyCam Virtual Webcam;c:\windows\system32\DRIVERS\mcvidrv_x64.sys [2012-01-11 34304]
S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2012-09-07 25928]
S3 mcaudrv_simple;ManyCam Virtual Microphone;c:\windows\system32\drivers\mcaudrv_x64.sys [2012-02-22 28160]
S3 MEIx64;Intel® Management Engine Interface ;c:\windows\system32\DRIVERS\HECIx64.sys [2012-07-02 62784]
S3 NETwNs64;___ Pilote de carte de la série Intel® Wireless WiFi Link 5000 pour Windows 7 64 bits ;c:\windows\system32\DRIVERS\Netwsw00.sys [2012-06-03 11499008]
S3 O2MDRRDR;O2MDRRDR;c:\windows\system32\DRIVERS\O2MDRw7x64.sys [2011-01-03 74984]
S3 O2SDJRDR;O2SDJRDR;c:\windows\system32\DRIVERS\o2sdjw7x64.sys [2011-03-23 83560]
S3 vwifimp;Microsoft Virtual WiFi Miniport Service;c:\windows\system32\DRIVERS\vwifimp.sys [2009-07-14 17920]
.
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\svchost]
hpdevmgmt REG_MULTI_SZ hpqcxs08
.
Contenu du dossier 'Tâches planifiées'
.
2012-09-23 c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-1206943589-1187741213-3406341401-1000Core.job
- c:\users\Hicham\AppData\Local\Facebook\Update\FacebookUpdate.exe [2012-07-23 08:04]
.
2012-09-24 c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-1206943589-1187741213-3406341401-1000UA.job
- c:\users\Hicham\AppData\Local\Facebook\Update\FacebookUpdate.exe [2012-07-23 08:04]
.
2012-09-24 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-08-08 00:30]
.
2012-09-24 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-08-08 00:30]
.
2012-09-23 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1206943589-1187741213-3406341401-1000Core.job
- c:\users\Hicham\AppData\Local\Google\Update\GoogleUpdate.exe [2012-07-24 05:49]
.
2012-09-24 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1206943589-1187741213-3406341401-1000UA.job
- c:\users\Hicham\AppData\Local\Google\Update\GoogleUpdate.exe [2012-07-24 05:49]
.
2012-09-21 c:\windows\Tasks\Quark Updater.job
- c:\program files (x86)\Quark\Quark Update\AutoUpdate.exe [2011-08-23 14:58]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrive1]
@="{F241C880-6982-4CE5-8CF7-7085BA96DA5A}"
[HKEY_CLASSES_ROOT\CLSID\{F241C880-6982-4CE5-8CF7-7085BA96DA5A}]
2012-08-14 09:54 244672 ----a-w- c:\users\Hicham\AppData\Local\Microsoft\SkyDrive\16.4.6010.0727\amd64\SkyDriveShell64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrive2]
@="{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E}"
[HKEY_CLASSES_ROOT\CLSID\{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E}]
2012-08-14 09:54 244672 ----a-w- c:\users\Hicham\AppData\Local\Microsoft\SkyDrive\16.4.6010.0727\amd64\SkyDriveShell64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrive3]
@="{BBACC218-34EA-4666-9D7A-C78F2274A524}"
[HKEY_CLASSES_ROOT\CLSID\{BBACC218-34EA-4666-9D7A-C78F2274A524}]
2012-08-14 09:54 244672 ----a-w- c:\users\Hicham\AppData\Local\Microsoft\SkyDrive\16.4.6010.0727\amd64\SkyDriveShell64.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2012-07-11 170304]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2012-07-11 398656]
"Persistence"="c:\windows\system32\igfxpers.exe" [2012-07-11 440640]
"SysTrayApp"="c:\program files\IDT\WDM\sttray64.exe" [2011-01-25 525312]
"DFEPApplication"="c:\program files\Dell\Feature Enhancement Pack\DFEPApplication.exe" [2012-05-08 7078424]
"AdobeAAMUpdater-1.0"="c:\program files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe" [2012-04-04 446392]
"Apoint"="c:\program files\DellTPad\Apoint.exe" [2012-03-21 626552]
"IntelPROSet"="c:\program files\Common Files\Intel\WirelessCommon\iFrmewrk.exe" [2012-06-25 4802864]
"OODefragTray"="c:\program files\OO Software\Defrag\oodtray.exe" [2012-06-06 3998064]
"nwiz"="c:\program files\NVIDIA Corporation\nview\nwiz.exe" [2012-08-30 1694016]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"LoadAppInit_DLLs"=0x1
"AppInit_DLLs"=c:\windows\System32\nvinitx.dll
.
------- Examen supplémentaire -------
.
uStart Page = www.wana.ma
mStart Page = about:blank
IE: &Envoyer à OneNote - c:\progra~2\MICROS~1\Office14\ONBttnIE.dll/105
IE: Ajouter la cible du lien à un fichier PDF existant - c:\program files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Ajouter à un fichier PDF existant - c:\program files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convertir au format Adobe PDF - c:\program files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECapture.html
IE: Convertir la cible du lien au format Adobe PDF - c:\program files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: E&xporter vers Microsoft Excel - c:\progra~2\MICROS~1\Office14\EXCEL.EXE/3000
IE: Envoyer au périphérique &Bluetooth... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
IE: Envoyer l'&image au périphérique Bluetooth... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
TCP: Interfaces\{17FE5814-DF3E-439E-9419-61D452396F81}: NameServer = 192.168.2.1
TCP: Interfaces\{4FC4490B-3728-4AC0-9C4C-C4568222543B}: NameServer = 192.168.1.1
DPF: {682C59F5-478C-4421-9070-AD170D143B77} - hxxp://www.dell.com/support/troubleshooting/Content/Ode/pcd86.cab
FF - ProfilePath - c:\users\Hicham\AppData\Roaming\Mozilla\Firefox\Profiles\ixkcmcc3.default\
FF - prefs.js: browser.startup.homepage - about:home
.
- - - - ORPHELINS SUPPRIMES - - - -
.
Wow6432Node-HKCU-Run-AdobeBridge - (no file)
Wow6432Node-HKCU-Run-RESTART_STICKY_NOTES - c:\windows\System32\StikyNot.exe
.
.
.
--------------------- CLES DE REGISTRE BLOQUEES ---------------------
.
[HKEY_USERS\S-1-5-21-1206943589-1187741213-3406341401-1000_Classes\Wow6432Node\CLSID\{5ED60779-4DE2-4E07-B862-974CA4FF2E9C}]
@Denied: (Full) (Everyone)
@Allowed: (Read) (RestrictedCode)
"scansk"=hex(0):07,8f,ea,ba,38,c4,4a,41,70,d3,a3,d3,4b,5b,85,b2,cf,2c,f4,ea,79,
be,ba,dd,5c,a9,9a,01,be,2b,1d,aa,03,bc,55,29,ad,d2,b4,fe,00,00,00,00,00,00,\
.
[HKEY_USERS\S-1-5-21-1206943589-1187741213-3406341401-1000_Classes\Wow6432Node\CLSID\{85c45ef4-fef3-4a33-a109-91869c3ad36d}]
@Denied: (Full) (Everyone)
@Allowed: (Read) (RestrictedCode)
"Model"=dword:000000e8
"Therad"=dword:0000001e
"MData"=hex(0):2b,8f,78,29,5a,0c,ce,ec,48,d4,68,e5,9f,6a,96,3e,ab,de,c5,81,26,
38,95,44,ba,ac,94,6a,0d,94,ac,3a,00,47,f5,ee,ad,b8,28,79,fb,85,ab,f5,76,4e,\
.
[HKEY_LOCAL_MACHINE\SOFTWARE\BlueStacks]
"SymbolicLinkValue"=hex(6):5c,00,52,00,65,00,67,00,69,00,73,00,74,00,72,00,79,
00,5c,00,4d,00,61,00,63,00,68,00,69,00,6e,00,65,00,5c,00,53,00,6f,00,66,00,\
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_3_300_271_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_3_300_271_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_271.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.11"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_271.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_271.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_271.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\System*]
"OODEFRAG15.00.00.01PROFESSIONAL"="9F5DD032DE109831FE7D8F2A3651F44B5E1F07C384A973E7D1C6F8E2BCDD5116CF9DC16183FC06077A1BE768178BB73237377ADC16C000011AB43ADB1059801A9CF79BBDE170C62B23E78A3A677181D45B6D0E8B00998314607235AA5A7C984AB579CB1E97ADAD4D8DC770CFB9EA410C6298EB75675727C0E1E45C92F7CEA02F1F3A367DD7BF3F7D231E0CFA37A118133C0CAF680AE8CA0BB1F21B775A9BD4B631CF2FF7E8F333B31F563DB299035C09A9A468D238F981DAB6884D6109F52333175901D02559F54A135DDC13B0411770C03F1BCA5601117E2C15C4FE99AF3058D1766AECF9FEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74C5D575E7D6A3B9808A6171C11EC38DE3DFEBC9E127BECC74C9DB7CE019D40AA5CCBA0B0E31EBC654DDFBEB360466AED8C0B2E1F63AACC28099879766A38531CB9F264EBF43402DE7AB2B96577C82CE3A53A740E28B3864F88E5AEF713797FE6A14BEDD2882B6C88360631264E3E8837AB17D72EAD723C333CD1D6B4CCC941A977DE3B8ACF0C86E591C58086DADE7325048DB31851EFF06CFE6AE76C772348F3A9FD7F1DD3E04B20B0233675E968D790A950914543399CB3C1818C40CA8339793E3A20F4EC3A2E05CE1118491A1B147EAAD3B314885FA7E9062C213ACE70AC12CC6AB862CB2B9384B7489A3B61BAF8192A518EC679F8F390E347B6C3626EAD3A022B181C72CCD233CDC5EC6885104EAE5D454A04C2A0D34E07ED93AD3687BD921EDBBEB8B6B83BCB85486BD2A3E8CC318FF1C256E6F18CEFAD85B029D14C4E5C741E65B3C5110D2A6854AB5FAA95A3B51D5B8AABB790DAE22CB1BCD08D4DC9816E5AF5EF9CF6FBCD1332F3585F6A7277F9CBE3D760216DB9685C191E18230C8E88BA0FB00E13B25EB76EBFE9D7BFD1D22CD0480F5D4DE7ACDEB559F072E7E2B1512F821EC112CE239BD840A502734B4BCDB9646C7EC160169E2E490C73B994BFEEE9574432225E091806D6029BE45B848C9D98EFE832E1F4CA7D6597C33C59B019634894AC7769211ACD9C57B978F54BACD3797995536C6B1A1CDF1E61145B1F1BD6C262D6CA672022CB5CE3C318008B02FACF52D1DDF041594A9C101E6EBB4D56C16BE625D5465FC76016C7F43054D7F7F217A2BC1159E066073840A0F88E1D3FE8963EE2D8655BB1307C0ADEB040648DE181784DAD7ED9B49B7C66E1655C975D525068AF979B359EA37893E20F850ED331F0C8CA7930DD4C11ED1DAF6A20E7CC4A56CA7CDA32315FE524313AC2DB51F00D02E752BEB1C5483440E5AB44C95E3F5E1BAD13ECE4BA5968CF94F04A6ACF2067FC11D44AB80AD6195D21CBB0BD6E7763463C0B1EE4DA865DFDD2E52551D02F7465E1166D724B3C16E319DA72D4B04EEFB0885542D64572BEE7E5"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Office\Common\Smart Tag\Actions\{B7EFF951-E52F-45CC-9EF7-57124F2177CC}]
@Denied: (A) (Everyone)
"Solution"="{15727DE6-F92D-4E46-ACB4-0E2C58B31A18}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3]
@Denied: (A) (Everyone)
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3\0]
"Key"="ActionsPane3"
"Location"="c:\\Program Files (x86)\\Common Files\\Microsoft Shared\\VSTO\\ActionsPane3.xsd"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0003\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0004\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0005\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0006\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0007\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Autres processus actifs ------------------------
.
c:\windows\system32\DRIVERS\o2flash.exe
c:\windows\sysWOW64\SDIOAssist.exe
c:\program files (x86)\BlueStacks\HD-Service.exe
c:\program files (x86)\BlueStacks\HD-Network.exe
c:\program files (x86)\BlueStacks\HD-BlockDevice.exe
c:\program files (x86)\BlueStacks\HD-FileSystem.exe
c:\program files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
c:\program files (x86)\Google\Chrome\Application\chrome.exe
c:\program files (x86)\Google\Chrome\Application\chrome.exe
c:\program files (x86)\Google\Chrome\Application\chrome.exe
c:\program files (x86)\Google\Chrome\Application\chrome.exe
c:\program files (x86)\Google\Chrome\Application\chrome.exe
.
**************************************************************************
.
Heure de fin: 2012-09-24 04:34:02 - La machine a redémarré
ComboFix-quarantined-files.txt 2012-09-24 04:34
.
Avant-CF: 35 104 595 968 octets libres
Après-CF: 37 097 328 640 octets libres
.
- - End Of File - - B171217AB9180BFF417F51E79F57877D



#15 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,773 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:02:31 PM

Posted 23 September 2012 - 10:52 PM

Greetings

At this time I would like you to run this script for me and it is a good time to check out the computer to see if there is anything else that needs to be addressed.

:Run CFScript:

Open Notepad and copy/paste the text in the box into the window:

ClearJavaCache::

Save it to your desktop as CFScript.txt

Refering to the picture above, drag CFScript.txt into ComboFix.exe
Posted Image
This will let ComboFix run again.
Restart if you have to.
Save the produced logfile to your desktop.

Note: Do not mouseclick combofix's window whilst it's running. That may cause it to stall

Note 2: If you recieve an error "Illegal operation attempted on a registery key that has been marked for deletion." Please restart the computer

"information and logs"

  • In your next post I need the following

  • report from Combofix
  • let me know of any problems you may have had
  • How is the computer doing now after running the script?

Gringo

I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users