Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Problem removing malware W7


  • This topic is locked This topic is locked
11 replies to this topic

#1 ebouge

ebouge

  • Members
  • 19 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:LFBO
  • Local time:05:38 PM

Posted 23 May 2013 - 05:59 PM

Hello,

 

For a few month now, I am having problem removing malware from one of my friends' computer, which is an Acer Aspire X1430, 500GB HD, 4GB RAM running Windows 7Family Edition Premium en French.

 

I tried downlaoding Malwarebyte but W7 is not letting me install it even as an Administrator. Same behavior happens with Adobe Flash updates and other software updates.

 

Since, you did a fantastic job helping clean out my own laptop (http://www.bleepingcomputer.com/forums/t/474531/problem-removing-rootkit-xp-sp3/#entry2889893), I took the liberty to run TDSSKiller.zip and OTL (Link 1) and i am posting the resulting logs.

 

I wish it will be possible to get your help and advice on this issue?

 

Cheers

Eric

 

21:50:28.0497 8728  TDSS rootkit removing tool 2.8.16.0 Feb 11 2013 18:50:42
21:50:30.0409 8728  ============================================================
21:50:30.0409 8728  Current date / time: 2013/05/21 21:50:30.0409
21:50:30.0409 8728  SystemInfo:
21:50:30.0409 8728  
21:50:30.0410 8728  OS Version: 6.1.7601 ServicePack: 1.0
21:50:30.0410 8728  Product type: Workstation
21:50:30.0410 8728  ComputerName: MECAHIMSELF-PC
21:50:30.0411 8728  UserName: MECAHIMSELF
21:50:30.0411 8728  Windows directory: C:\Windows
21:50:30.0411 8728  System windows directory: C:\Windows
21:50:30.0411 8728  Running under WOW64
21:50:30.0411 8728  Processor architecture: Intel x64
21:50:30.0411 8728  Number of processors: 2
21:50:30.0411 8728  Page size: 0x1000
21:50:30.0411 8728  Boot type: Normal boot
21:50:30.0411 8728  ============================================================
21:50:32.0510 8728  Drive \Device\Harddisk0\DR0 - Size: 0x7470C06000 (465.76 Gb), SectorSize: 0x200, Cylinders: 0xED81, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
21:50:32.0546 8728  ============================================================
21:50:32.0547 8728  \Device\Harddisk0\DR0:
21:50:32.0547 8728  MBR partitions:
21:50:32.0547 8728  \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x2A00800, BlocksNum 0x32000
21:50:32.0547 8728  \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x2A32800, BlocksNum 0x1BBE7000
21:50:32.0547 8728  \Device\Harddisk0\DR0\Partition3: MBR, Type 0x7, StartLBA 0x1E619800, BlocksNum 0x1BD6C000
21:50:32.0547 8728  ============================================================
21:50:32.0549 8728  C: <-> \Device\Harddisk0\DR0\Partition2
21:50:32.0643 8728  D: <-> \Device\Harddisk0\DR0\Partition3
21:50:32.0644 8728  ============================================================
21:50:32.0644 8728  Initialize success
21:50:32.0644 8728  ============================================================
21:50:38.0699 7536  ============================================================
21:50:38.0699 7536  Scan started
21:50:38.0699 7536  Mode: Manual;
21:50:38.0700 7536  ============================================================
21:50:39.0362 7536  ================ Scan system memory ========================
21:50:39.0362 7536  System memory - ok
21:50:39.0364 7536  ================ Scan services =============================
21:50:39.0494 7536  [ A87D604AEA360176311474C87A63BB88 ] 1394ohci        C:\Windows\system32\drivers\1394ohci.sys
21:50:39.0501 7536  1394ohci - ok
21:50:39.0531 7536  [ D81D9E70B8A6DD14D42D7B4EFA65D5F2 ] ACPI            C:\Windows\system32\drivers\ACPI.sys
21:50:39.0538 7536  ACPI - ok
21:50:39.0560 7536  [ 99F8E788246D495CE3794D7E7821D2CA ] AcpiPmi         C:\Windows\system32\drivers\acpipmi.sys
21:50:39.0563 7536  AcpiPmi - ok
21:50:39.0649 7536  [ ADDA5E1951B90D3D23C56D3CF0622ADC ] AdobeARMservice C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
21:50:39.0651 7536  AdobeARMservice - ok
21:50:39.0726 7536  [ F040037B149FD0F5A5044AE563390FA7 ] AdobeFlashPlayerUpdateSvc C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
21:50:39.0731 7536  AdobeFlashPlayerUpdateSvc - ok
21:50:39.0770 7536  [ 2F6B34B83843F0C5118B63AC634F5BF4 ] adp94xx         C:\Windows\system32\drivers\adp94xx.sys
21:50:39.0780 7536  adp94xx - ok
21:50:39.0820 7536  [ 597F78224EE9224EA1A13D6350CED962 ] adpahci         C:\Windows\system32\drivers\adpahci.sys
21:50:39.0827 7536  adpahci - ok
21:50:39.0847 7536  [ E109549C90F62FB570B9540C4B148E54 ] adpu320         C:\Windows\system32\drivers\adpu320.sys
21:50:39.0852 7536  adpu320 - ok
21:50:39.0891 7536  [ 4B78B431F225FD8624C5655CB1DE7B61 ] AeLookupSvc     C:\Windows\System32\aelupsvc.dll
21:50:39.0894 7536  AeLookupSvc - ok
21:50:39.0931 7536  [ 1C7857B62DE5994A75B054A9FD4C3825 ] AFD             C:\Windows\system32\drivers\afd.sys
21:50:39.0940 7536  AFD - ok
21:50:39.0973 7536  [ 608C14DBA7299D8CB6ED035A68A15799 ] agp440          C:\Windows\system32\drivers\agp440.sys
21:50:39.0977 7536  agp440 - ok
21:50:40.0018 7536  [ BC569A6C209D94F6643EE35710AEC1F6 ] aksdf           C:\Windows\system32\DRIVERS\aksdf.sys
21:50:40.0021 7536  aksdf - ok
21:50:40.0055 7536  [ 0B51C78FA897482730F226E833873F7A ] akshasp         C:\Windows\system32\DRIVERS\akshasp.sys
21:50:40.0059 7536  akshasp - ok
21:50:40.0076 7536  [ 884503EAD99E5C16BF99C91EA7F2071D ] aksusb          C:\Windows\system32\DRIVERS\aksusb.sys
21:50:40.0079 7536  aksusb - ok
21:50:40.0101 7536  [ 3290D6946B5E30E70414990574883DDB ] ALG             C:\Windows\System32\alg.exe
21:50:40.0105 7536  ALG - ok
21:50:40.0137 7536  [ 5812713A477A3AD7363C7438CA2EE038 ] aliide          C:\Windows\system32\drivers\aliide.sys
21:50:40.0140 7536  aliide - ok
21:50:40.0194 7536  [ 514089CB4A7DF38DC4DD936ADE4114D3 ] AMD External Events Utility C:\Windows\system32\atiesrxx.exe
21:50:40.0199 7536  AMD External Events Utility - ok
21:50:40.0222 7536  [ 1FF8B4431C353CE385C875F194924C0C ] amdide          C:\Windows\system32\drivers\amdide.sys
21:50:40.0225 7536  amdide - ok
21:50:40.0253 7536  [ 7024F087CFF1833A806193EF9D22CDA9 ] AmdK8           C:\Windows\system32\drivers\amdk8.sys
21:50:40.0257 7536  AmdK8 - ok
21:50:40.0478 7536  [ 9A4B92150A5E259A7159D914CC3A60D7 ] amdkmdag        C:\Windows\system32\DRIVERS\atikmdag.sys
21:50:40.0661 7536  amdkmdag - ok
21:50:40.0697 7536  [ 9DEB889D152F9C9DBA98BE8986084535 ] amdkmdap        C:\Windows\system32\DRIVERS\atikmpag.sys
21:50:40.0707 7536  amdkmdap - ok
21:50:40.0726 7536  [ 1E56388B3FE0D031C44144EB8C4D6217 ] AmdPPM          C:\Windows\system32\DRIVERS\amdppm.sys
21:50:40.0729 7536  AmdPPM - ok
21:50:40.0759 7536  [ D4121AE6D0C0E7E13AA221AA57EF2D49 ] amdsata         C:\Windows\system32\drivers\amdsata.sys
21:50:40.0765 7536  amdsata - ok
21:50:40.0792 7536  [ F67F933E79241ED32FF46A4F29B5120B ] amdsbs          C:\Windows\system32\drivers\amdsbs.sys
21:50:40.0796 7536  amdsbs - ok
21:50:40.0820 7536  [ 540DAF1CEA6094886D72126FD7C33048 ] amdxata         C:\Windows\system32\drivers\amdxata.sys
21:50:40.0821 7536  amdxata - ok
21:50:40.0847 7536  [ 4CCF421E6C4B2A4CBCE000715911F7CC ] anodlwf         C:\Windows\system32\DRIVERS\anodlwfx.sys
21:50:40.0850 7536  anodlwf - ok
21:50:40.0887 7536  [ 89A69C3F2F319B43379399547526D952 ] AppID           C:\Windows\system32\drivers\appid.sys
21:50:40.0890 7536  AppID - ok
21:50:40.0915 7536  [ 0BC381A15355A3982216F7172F545DE1 ] AppIDSvc        C:\Windows\System32\appidsvc.dll
21:50:40.0918 7536  AppIDSvc - ok
21:50:40.0949 7536  [ 9D2A2369AB4B08A4905FE72DB104498F ] Appinfo         C:\Windows\System32\appinfo.dll
21:50:40.0952 7536  Appinfo - ok
21:50:40.0990 7536  [ C484F8CEB1717C540242531DB7845C4E ] arc             C:\Windows\system32\drivers\arc.sys
21:50:40.0994 7536  arc - ok
21:50:41.0017 7536  [ 019AF6924AEFE7839F61C830227FE79C ] arcsas          C:\Windows\system32\drivers\arcsas.sys
21:50:41.0020 7536  arcsas - ok
21:50:41.0044 7536  [ 769765CE2CC62867468CEA93969B2242 ] AsyncMac        C:\Windows\system32\DRIVERS\asyncmac.sys
21:50:41.0049 7536  AsyncMac - ok
21:50:41.0065 7536  [ 02062C0B390B7729EDC9E69C680A6F3C ] atapi           C:\Windows\system32\drivers\atapi.sys
21:50:41.0067 7536  atapi - ok
21:50:41.0117 7536  [ DBB487D09F56C674430AC454FD8BCAB9 ] AtiHDAudioService C:\Windows\system32\drivers\AtihdW76.sys
21:50:41.0123 7536  AtiHDAudioService - ok
21:50:41.0159 7536  [ F23FEF6D569FCE88671949894A8BECF1 ] AudioEndpointBuilder C:\Windows\System32\Audiosrv.dll
21:50:41.0171 7536  AudioEndpointBuilder - ok
21:50:41.0190 7536  [ F23FEF6D569FCE88671949894A8BECF1 ] AudioSrv        C:\Windows\System32\Audiosrv.dll
21:50:41.0197 7536  AudioSrv - ok
21:50:41.0234 7536  [ A6BF31A71B409DFA8CAC83159E1E2AFF ] AxInstSV        C:\Windows\System32\AxInstSV.dll
21:50:41.0238 7536  AxInstSV - ok
21:50:41.0280 7536  [ 3E5B191307609F7514148C6832BB0842 ] b06bdrv         C:\Windows\system32\drivers\bxvbda.sys
21:50:41.0289 7536  b06bdrv - ok
21:50:41.0320 7536  [ B5ACE6968304A3900EEB1EBFD9622DF2 ] b57nd60a        C:\Windows\system32\DRIVERS\b57nd60a.sys
21:50:41.0326 7536  b57nd60a - ok
21:50:41.0359 7536  [ FDE360167101B4E45A96F939F388AEB0 ] BDESVC          C:\Windows\System32\bdesvc.dll
21:50:41.0362 7536  BDESVC - ok
21:50:41.0390 7536  [ 16A47CE2DECC9B099349A5F840654746 ] Beep            C:\Windows\system32\drivers\Beep.sys
21:50:41.0394 7536  Beep - ok
21:50:41.0537 7536  [ 82974D6A2FD19445CC5171FC378668A4 ] BFE             C:\Windows\System32\bfe.dll
21:50:41.0548 7536  BFE - ok
21:50:41.0589 7536  [ 1EA7969E3271CBC59E1730697DC74682 ] BITS            C:\Windows\system32\qmgr.dll
21:50:41.0603 7536  BITS - ok
21:50:41.0632 7536  [ 61583EE3C3A17003C4ACD0475646B4D3 ] blbdrive        C:\Windows\system32\drivers\blbdrive.sys
21:50:41.0635 7536  blbdrive - ok
21:50:41.0655 7536  [ 6C02A83164F5CC0A262F4199F0871CF5 ] bowser          C:\Windows\system32\DRIVERS\bowser.sys
21:50:41.0658 7536  bowser - ok
21:50:41.0682 7536  [ F09EEE9EDC320B5E1501F749FDE686C8 ] BrFiltLo        C:\Windows\system32\drivers\BrFiltLo.sys
21:50:41.0685 7536  BrFiltLo - ok
21:50:41.0702 7536  [ B114D3098E9BDB8BEA8B053685831BE6 ] BrFiltUp        C:\Windows\system32\drivers\BrFiltUp.sys
21:50:41.0740 7536  BrFiltUp - ok
21:50:41.0763 7536  [ 5C2F352A4E961D72518261257AAE204B ] BridgeMP        C:\Windows\system32\DRIVERS\bridge.sys
21:50:41.0767 7536  BridgeMP - ok
21:50:41.0797 7536  [ 05F5A0D14A2EE1D8255C2AA0E9E8E694 ] Browser         C:\Windows\System32\browser.dll
21:50:41.0802 7536  Browser - ok
21:50:41.0954 7536  [ D9C8DC2D7EC28E3FF25C99EF17C8631A ] Browser Manager C:\ProgramData\Browser Manager\2.6.1249.132\{61d8b74e-8d89-46ff-afa6-33382c54ac73}\browsermngr.exe
21:50:42.0006 7536  Browser Manager - ok
21:50:42.0046 7536  [ 43BEA8D483BF1870F018E2D02E06A5BD ] Brserid         C:\Windows\System32\Drivers\Brserid.sys
21:50:42.0052 7536  Brserid - ok
21:50:42.0076 7536  [ A6ECA2151B08A09CACECA35C07F05B42 ] BrSerWdm        C:\Windows\System32\Drivers\BrSerWdm.sys
21:50:42.0079 7536  BrSerWdm - ok
21:50:42.0106 7536  [ B79968002C277E869CF38BD22CD61524 ] BrUsbMdm        C:\Windows\System32\Drivers\BrUsbMdm.sys
21:50:42.0109 7536  BrUsbMdm - ok
21:50:42.0124 7536  [ A87528880231C54E75EA7A44943B38BF ] BrUsbSer        C:\Windows\System32\Drivers\BrUsbSer.sys
21:50:42.0127 7536  BrUsbSer - ok
21:50:42.0159 7536  [ CF98190A94F62E405C8CB255018B2315 ] BthEnum         C:\Windows\system32\DRIVERS\BthEnum.sys
21:50:42.0166 7536  BthEnum - ok
21:50:42.0186 7536  [ 9DA669F11D1F894AB4EB69BF546A42E8 ] BTHMODEM        C:\Windows\system32\DRIVERS\bthmodem.sys
21:50:42.0191 7536  BTHMODEM - ok
21:50:42.0223 7536  [ 02DD601B708DD0667E1331FA8518E9FF ] BthPan          C:\Windows\system32\DRIVERS\bthpan.sys
21:50:42.0227 7536  BthPan - ok
21:50:42.0272 7536  [ 738D0E9272F59EB7A1449C3EC118E6C4 ] BTHPORT         C:\Windows\system32\Drivers\BTHport.sys
21:50:42.0282 7536  BTHPORT - ok
21:50:42.0308 7536  [ 95F9C2976059462CBBF227F7AAB10DE9 ] bthserv         C:\Windows\system32\bthserv.dll
21:50:42.0311 7536  bthserv - ok
21:50:42.0337 7536  [ F188B7394D81010767B6DF3178519A37 ] BTHUSB          C:\Windows\system32\Drivers\BTHUSB.sys
21:50:42.0340 7536  BTHUSB - ok
21:50:42.0348 7536  catchme - ok
21:50:42.0385 7536  [ B8BD2BB284668C84865658C77574381A ] cdfs            C:\Windows\system32\DRIVERS\cdfs.sys
21:50:42.0388 7536  cdfs - ok
21:50:42.0424 7536  [ F036CE71586E93D94DAB220D7BDF4416 ] cdrom           C:\Windows\system32\DRIVERS\cdrom.sys
21:50:42.0428 7536  cdrom - ok
21:50:42.0458 7536  [ F17D1D393BBC69C5322FBFAFACA28C7F ] CertPropSvc     C:\Windows\System32\certprop.dll
21:50:42.0461 7536  CertPropSvc - ok
21:50:42.0483 7536  [ D7CD5C4E1B71FA62050515314CFB52CF ] circlass        C:\Windows\system32\drivers\circlass.sys
21:50:42.0487 7536  circlass - ok
21:50:42.0513 7536  [ FE1EC06F2253F691FE36217C592A0206 ] CLFS            C:\Windows\system32\CLFS.sys
21:50:42.0520 7536  CLFS - ok
21:50:42.0567 7536  [ D88040F816FDA31C3B466F0FA0918F29 ] clr_optimization_v2.0.50727_32 C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
21:50:42.0572 7536  clr_optimization_v2.0.50727_32 - ok
21:50:42.0605 7536  [ D1CEEA2B47CB998321C579651CE3E4F8 ] clr_optimization_v2.0.50727_64 C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe
21:50:42.0609 7536  clr_optimization_v2.0.50727_64 - ok
21:50:42.0672 7536  [ C5A75EB48E2344ABDC162BDA79E16841 ] clr_optimization_v4.0.30319_32 C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
21:50:42.0690 7536  clr_optimization_v4.0.30319_32 - ok
21:50:42.0721 7536  [ C6F9AF94DCD58122A4D7E89DB6BED29D ] clr_optimization_v4.0.30319_64 C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
21:50:42.0725 7536  clr_optimization_v4.0.30319_64 - ok
21:50:42.0756 7536  [ 0840155D0BDDF1190F84A663C284BD33 ] CmBatt          C:\Windows\system32\drivers\CmBatt.sys
21:50:42.0759 7536  CmBatt - ok
21:50:42.0778 7536  [ E19D3F095812725D88F9001985B94EDD ] cmdide          C:\Windows\system32\drivers\cmdide.sys
21:50:42.0780 7536  cmdide - ok
21:50:42.0820 7536  [ AAFCB52FE0037207FB6FBEA070D25EFE ] CNG             C:\Windows\system32\Drivers\cng.sys
21:50:42.0828 7536  CNG - ok
21:50:42.0851 7536  [ 102DE219C3F61415F964C88E9085AD14 ] Compbatt        C:\Windows\system32\drivers\compbatt.sys
21:50:42.0856 7536  Compbatt - ok
21:50:42.0878 7536  [ 03EDB043586CCEBA243D689BDDA370A8 ] CompositeBus    C:\Windows\system32\drivers\CompositeBus.sys
21:50:42.0884 7536  CompositeBus - ok
21:50:42.0905 7536  COMSysApp - ok
21:50:42.0930 7536  [ 1C827878A998C18847245FE1F34EE597 ] crcdisk         C:\Windows\system32\drivers\crcdisk.sys
21:50:42.0933 7536  crcdisk - ok
21:50:42.0949 7536  Crypkey License - ok
21:50:42.0985 7536  [ 9C01375BE382E834CC26D1B7EAF2C4FE ] CryptSvc        C:\Windows\system32\cryptsvc.dll
21:50:42.0990 7536  CryptSvc - ok
21:50:43.0057 7536  [ 72794D112CBAFF3BC0C29BF7350D4741 ] cvhsvc          C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE
21:50:43.0069 7536  cvhsvc - ok
21:50:43.0115 7536  [ 5C627D1B1138676C0A7AB2C2C190D123 ] DcomLaunch      C:\Windows\system32\rpcss.dll
21:50:43.0126 7536  DcomLaunch - ok
21:50:43.0154 7536  [ 3CEC7631A84943677AA8FA8EE5B6B43D ] defragsvc       C:\Windows\System32\defragsvc.dll
21:50:43.0160 7536  defragsvc - ok
21:50:43.0191 7536  [ 9BB2EF44EAA163B29C4A4587887A0FE4 ] DfsC            C:\Windows\system32\Drivers\dfsc.sys
21:50:43.0194 7536  DfsC - ok
21:50:43.0228 7536  [ 43D808F5D9E1A18E5EEB5EBC83969E4E ] Dhcp            C:\Windows\system32\dhcpcore.dll
21:50:43.0234 7536  Dhcp - ok
21:50:43.0254 7536  [ 13096B05847EC78F0977F2C0F79E9AB3 ] discache        C:\Windows\system32\drivers\discache.sys
21:50:43.0257 7536  discache - ok
21:50:43.0286 7536  [ 9819EEE8B5EA3784EC4AF3B137A5244C ] Disk            C:\Windows\system32\drivers\disk.sys
21:50:43.0288 7536  Disk - ok
21:50:43.0305 7536  [ 16835866AAA693C7D7FCEBA8FFF706E4 ] Dnscache        C:\Windows\System32\dnsrslvr.dll
21:50:43.0311 7536  Dnscache - ok
21:50:43.0344 7536  [ B1FB3DDCA0FDF408750D5843591AFBC6 ] dot3svc         C:\Windows\System32\dot3svc.dll
21:50:43.0351 7536  dot3svc - ok
21:50:43.0378 7536  [ B26F4F737E8F9DF4F31AF6CF31D05820 ] DPS             C:\Windows\system32\dps.dll
21:50:43.0383 7536  DPS - ok
21:50:43.0412 7536  [ 9B19F34400D24DF84C858A421C205754 ] drmkaud         C:\Windows\system32\drivers\drmkaud.sys
21:50:43.0414 7536  drmkaud - ok
21:50:43.0457 7536  [ 46571ED73AE84469DCA53081D33CF3C8 ] dtsoftbus01     C:\Windows\system32\DRIVERS\dtsoftbus01.sys
21:50:43.0463 7536  dtsoftbus01 - ok
21:50:43.0516 7536  [ AF2E16242AA723F68F461B6EAE2EAD3D ] DXGKrnl         C:\Windows\System32\drivers\dxgkrnl.sys
21:50:43.0573 7536  DXGKrnl - ok
21:50:43.0609 7536  [ C062A2B158ED9C643D24F8E33A607C9F ] D_Link_DWA-140_WPS C:\Program Files (x86)\D-Link\DWA-140 revB\ANIWConnService.exe
21:50:43.0611 7536  D_Link_DWA-140_WPS - ok
21:50:43.0645 7536  [ E2DDA8726DA9CB5B2C4000C9018A9633 ] EapHost         C:\Windows\System32\eapsvc.dll
21:50:43.0650 7536  EapHost - ok
21:50:43.0737 7536  [ DC5D737F51BE844D8C82C695EB17372F ] ebdrv           C:\Windows\system32\drivers\evbda.sys
21:50:43.0807 7536  ebdrv - ok
21:50:43.0839 7536  [ C118A82CD78818C29AB228366EBF81C3 ] EFS             C:\Windows\System32\lsass.exe
21:50:43.0844 7536  EFS - ok
21:50:43.0911 7536  [ C4002B6B41975F057D98C439030CEA07 ] ehRecvr         C:\Windows\ehome\ehRecvr.exe
21:50:43.0922 7536  ehRecvr - ok
21:50:43.0953 7536  [ 4705E8EF9934482C5BB488CE28AFC681 ] ehSched         C:\Windows\ehome\ehsched.exe
21:50:43.0957 7536  ehSched - ok
21:50:43.0992 7536  [ 0E5DA5369A0FCAEA12456DD852545184 ] elxstor         C:\Windows\system32\drivers\elxstor.sys
21:50:44.0005 7536  elxstor - ok
21:50:44.0038 7536  [ 34A3C54752046E79A126E15C51DB409B ] ErrDev          C:\Windows\system32\drivers\errdev.sys
21:50:44.0041 7536  ErrDev - ok
21:50:44.0089 7536  [ 4166F82BE4D24938977DD1746BE9B8A0 ] EventSystem     C:\Windows\system32\es.dll
21:50:44.0097 7536  EventSystem - ok
21:50:44.0187 7536  [ 76D73A7D1DC9D01D0496912EE68F7C40 ] EWA net DB Core C:\Program Files (x86)\EWA net\database\TransBase EWA\tbmux32.exe
21:50:44.0192 7536  EWA net DB Core - ok
21:50:44.0220 7536  [ 7395E7EFBE8053E5989BC99038A6D3B0 ] EWA net DB EPC  C:\Program Files (x86)\EWA net\database\TransBase EPC\tbmux32.exe
21:50:44.0229 7536  EWA net DB EPC - ok
21:50:44.0279 7536  [ 76D73A7D1DC9D01D0496912EE68F7C40 ] EWA net DB WIS  C:\Program Files (x86)\EWA net\database\TransBase WIS\tbmux32.exe
21:50:44.0285 7536  EWA net DB WIS - ok
21:50:44.0332 7536  [ 4787EA164E01CAFBF5DA384B6EDC9FC5 ] EWA net Server  C:\Program Files (x86)\EWA net\server\bin\tomcat.exe
21:50:44.0335 7536  EWA net Server - ok
21:50:44.0361 7536  [ A510C654EC00C1E9BDD91EEB3A59823B ] exfat           C:\Windows\system32\drivers\exfat.sys
21:50:44.0366 7536  exfat - ok
21:50:44.0395 7536  [ 0ADC83218B66A6DB380C330836F3E36D ] fastfat         C:\Windows\system32\drivers\fastfat.sys
21:50:44.0399 7536  fastfat - ok
21:50:44.0447 7536  [ DBEFD454F8318A0EF691FDD2EAAB44EB ] Fax             C:\Windows\system32\fxssvc.exe
21:50:44.0458 7536  Fax - ok
21:50:44.0473 7536  [ D765D19CD8EF61F650C384F62FAC00AB ] fdc             C:\Windows\system32\drivers\fdc.sys
21:50:44.0479 7536  fdc - ok
21:50:44.0508 7536  [ 0438CAB2E03F4FB61455A7956026FE86 ] fdPHost         C:\Windows\system32\fdPHost.dll
21:50:44.0511 7536  fdPHost - ok
21:50:44.0529 7536  [ 802496CB59A30349F9A6DD22D6947644 ] FDResPub        C:\Windows\system32\fdrespub.dll
21:50:44.0533 7536  FDResPub - ok
21:50:44.0549 7536  [ 655661BE46B5F5F3FD454E2C3095B930 ] FileInfo        C:\Windows\system32\drivers\fileinfo.sys
21:50:44.0552 7536  FileInfo - ok
21:50:44.0578 7536  [ 5F671AB5BC87EEA04EC38A6CD5962A47 ] Filetrace       C:\Windows\system32\drivers\filetrace.sys
21:50:44.0580 7536  Filetrace - ok
21:50:44.0613 7536  [ C172A0F53008EAEB8EA33FE10E177AF5 ] flpydisk        C:\Windows\system32\drivers\flpydisk.sys
21:50:44.0616 7536  flpydisk - ok
21:50:44.0638 7536  [ DA6B67270FD9DB3697B20FCE94950741 ] FltMgr          C:\Windows\system32\drivers\fltmgr.sys
21:50:44.0644 7536  FltMgr - ok
21:50:44.0696 7536  [ C4C183E6551084039EC862DA1C945E3D ] FontCache       C:\Windows\system32\FntCache.dll
21:50:44.0724 7536  FontCache - ok
21:50:44.0765 7536  [ A8B7F3818AB65695E3A0BB3279F6DCE6 ] FontCache3.0.0.0 C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
21:50:44.0768 7536  FontCache3.0.0.0 - ok
21:50:44.0792 7536  [ D43703496149971890703B4B1B723EAC ] FsDepends       C:\Windows\system32\drivers\FsDepends.sys
21:50:44.0795 7536  FsDepends - ok
21:50:44.0824 7536  [ 6BD9295CC032DD3077C671FCCF579A7B ] Fs_Rec          C:\Windows\system32\drivers\Fs_Rec.sys
21:50:44.0827 7536  Fs_Rec - ok
21:50:44.0867 7536  [ 8F6322049018354F45F05A2FD2D4E5E0 ] fvevol          C:\Windows\system32\DRIVERS\fvevol.sys
21:50:44.0871 7536  fvevol - ok
21:50:44.0895 7536  [ 8C778D335C9D272CFD3298AB02ABE3B6 ] gagp30kx        C:\Windows\system32\drivers\gagp30kx.sys
21:50:44.0901 7536  gagp30kx - ok
21:50:44.0956 7536  [ C403C5DB49A0F9AAF4F2128EDC0106D8 ] GamesAppService C:\Program Files (x86)\WildTangent Games\App\GamesAppService.exe
21:50:44.0962 7536  GamesAppService - ok
21:50:45.0002 7536  [ 277BBC7E1AA1EE957F573A10ECA7EF3A ] gpsvc           C:\Windows\System32\gpsvc.dll
21:50:45.0023 7536  gpsvc - ok
21:50:45.0070 7536  [ C9B2D1D3F86FD3673EF847DEF73B6F9E ] GREGService     C:\Program Files (x86)\Acer\Registration\GREGsvc.exe
21:50:45.0072 7536  GREGService - ok
21:50:45.0142 7536  [ 506708142BC63DABA64F2D3AD1DCD5BF ] gupdate         C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
21:50:45.0145 7536  gupdate - ok
21:50:45.0167 7536  [ 506708142BC63DABA64F2D3AD1DCD5BF ] gupdatem        C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
21:50:45.0170 7536  gupdatem - ok
21:50:45.0214 7536  [ 5D4BC124FAAE6730AC002CDB67BF1A1C ] gusvc           C:\Program Files (x86)\Google\Common\Google Updater\GoogleUpdaterService.exe
21:50:45.0220 7536  gusvc - ok
21:50:45.0270 7536  [ D8BF3C594BD17A37960362E6C6739B90 ] Hardlock        C:\Windows\system32\drivers\hardlock.sys
21:50:45.0277 7536  Hardlock - ok
21:50:45.0311 7536  [ BA207B48AA3D9D73FD4856400F852458 ] hcmon           C:\Windows\system32\drivers\hcmon.sys
21:50:45.0314 7536  hcmon - ok
21:50:45.0340 7536  [ F2523EF6460FC42405B12248338AB2F0 ] hcw85cir        C:\Windows\system32\drivers\hcw85cir.sys
21:50:45.0344 7536  hcw85cir - ok
21:50:45.0366 7536  [ 975761C778E33CD22498059B91E7373A ] HdAudAddService C:\Windows\system32\drivers\HdAudio.sys
21:50:45.0374 7536  HdAudAddService - ok
21:50:45.0398 7536  [ 97BFED39B6B79EB12CDDBFEED51F56BB ] HDAudBus        C:\Windows\system32\drivers\HDAudBus.sys
21:50:45.0402 7536  HDAudBus - ok
21:50:45.0421 7536  [ 78E86380454A7B10A5EB255DC44A355F ] HidBatt         C:\Windows\system32\drivers\HidBatt.sys
21:50:45.0423 7536  HidBatt - ok
21:50:45.0445 7536  [ 7FD2A313F7AFE5C4DAB14798C48DD104 ] HidBth          C:\Windows\system32\drivers\hidbth.sys
21:50:45.0450 7536  HidBth - ok
21:50:45.0465 7536  [ 0A77D29F311B88CFAE3B13F9C1A73825 ] HidIr           C:\Windows\system32\drivers\hidir.sys
21:50:45.0469 7536  HidIr - ok
21:50:45.0502 7536  [ BD9EB3958F213F96B97B1D897DEE006D ] hidserv         C:\Windows\System32\hidserv.dll
21:50:45.0505 7536  hidserv - ok
21:50:45.0529 7536  [ 9592090A7E2B61CD582B612B6DF70536 ] HidUsb          C:\Windows\system32\DRIVERS\hidusb.sys
21:50:45.0532 7536  HidUsb - ok
21:50:45.0565 7536  [ 387E72E739E15E3D37907A86D9FF98E2 ] hkmsvc          C:\Windows\system32\kmsvc.dll
21:50:45.0579 7536  hkmsvc - ok
21:50:45.0606 7536  [ EFDFB3DD38A4376F93E7985173813ABD ] HomeGroupListener C:\Windows\system32\ListSvc.dll
21:50:45.0612 7536  HomeGroupListener - ok
21:50:45.0645 7536  [ 908ACB1F594274965A53926B10C81E89 ] HomeGroupProvider C:\Windows\system32\provsvc.dll
21:50:45.0652 7536  HomeGroupProvider - ok
21:50:45.0670 7536  [ 39D2ABCD392F3D8A6DCE7B60AE7B8EFC ] HpSAMD          C:\Windows\system32\drivers\HpSAMD.sys
21:50:45.0673 7536  HpSAMD - ok
21:50:45.0704 7536  [ 0EA7DE1ACB728DD5A369FD742D6EEE28 ] HTTP            C:\Windows\system32\drivers\HTTP.sys
21:50:45.0721 7536  HTTP - ok
21:50:45.0746 7536  [ A5462BD6884960C9DC85ED49D34FF392 ] hwpolicy        C:\Windows\system32\drivers\hwpolicy.sys
21:50:45.0749 7536  hwpolicy - ok
21:50:45.0768 7536  [ FA55C73D4AFFA7EE23AC4BE53B4592D3 ] i8042prt        C:\Windows\system32\DRIVERS\i8042prt.sys
21:50:45.0776 7536  i8042prt - ok
21:50:45.0809 7536  [ AAAF44DB3BD0B9D1FB6969B23ECC8366 ] iaStorV         C:\Windows\system32\drivers\iaStorV.sys
21:50:45.0836 7536  iaStorV - ok
21:50:45.0927 7536  [ DAF66902F08796F9C694901660E5A64A ] IDriverT        C:\Program Files (x86)\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe
21:50:45.0931 7536  IDriverT - ok
21:50:45.0976 7536  [ 5988FC40F8DB5B0739CD1E3A5D0D78BD ] idsvc           C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe
21:50:46.0007 7536  idsvc - ok
21:50:46.0038 7536  [ 5C18831C61933628F5BB0EA2675B9D21 ] iirsp           C:\Windows\system32\drivers\iirsp.sys
21:50:46.0052 7536  iirsp - ok
21:50:46.0092 7536  [ FCD84C381E0140AF901E58D48882D26B ] IKEEXT          C:\Windows\System32\ikeext.dll
21:50:46.0110 7536  IKEEXT - ok
21:50:46.0210 7536  [ 82D0C8C47F6A52B695F405661D1DF50E ] IntcAzAudAddService C:\Windows\system32\drivers\RTKVHD64.sys
21:50:46.0263 7536  IntcAzAudAddService - ok
21:50:46.0289 7536  [ F00F20E70C6EC3AA366910083A0518AA ] intelide        C:\Windows\system32\drivers\intelide.sys
21:50:46.0293 7536  intelide - ok
21:50:46.0320 7536  [ ADA036632C664CAA754079041CF1F8C1 ] intelppm        C:\Windows\system32\drivers\intelppm.sys
21:50:46.0325 7536  intelppm - ok
21:50:46.0356 7536  [ 098A91C54546A3B878DAD6A7E90A455B ] IPBusEnum       C:\Windows\system32\ipbusenum.dll
21:50:46.0361 7536  IPBusEnum - ok
21:50:46.0385 7536  [ C9F0E1BD74365A8771590E9008D22AB6 ] IpFilterDriver  C:\Windows\system32\DRIVERS\ipfltdrv.sys
21:50:46.0388 7536  IpFilterDriver - ok
21:50:46.0429 7536  [ 08C2957BB30058E663720C5606885653 ] iphlpsvc        C:\Windows\System32\iphlpsvc.dll
21:50:46.0439 7536  iphlpsvc - ok
21:50:46.0458 7536  [ 0FC1AEA580957AA8817B8F305D18CA3A ] IPMIDRV         C:\Windows\system32\drivers\IPMIDrv.sys
21:50:46.0462 7536  IPMIDRV - ok
21:50:46.0478 7536  [ AF9B39A7E7B6CAA203B3862582E9F2D0 ] IPNAT           C:\Windows\system32\drivers\ipnat.sys
21:50:46.0482 7536  IPNAT - ok
21:50:46.0513 7536  [ 3ABF5E7213EB28966D55D58B515D5CE9 ] IRENUM          C:\Windows\system32\drivers\irenum.sys
21:50:46.0516 7536  IRENUM - ok
21:50:46.0545 7536  [ 2F7B28DC3E1183E5EB418DF55C204F38 ] isapnp          C:\Windows\system32\drivers\isapnp.sys
21:50:46.0548 7536  isapnp - ok
21:50:46.0569 7536  [ D931D7309DEB2317035B07C9F9E6B0BD ] iScsiPrt        C:\Windows\system32\drivers\msiscsi.sys
21:50:46.0576 7536  iScsiPrt - ok
21:50:46.0606 7536  [ BC02336F1CBA7DCC7D1213BB588A68A5 ] kbdclass        C:\Windows\system32\DRIVERS\kbdclass.sys
21:50:46.0609 7536  kbdclass - ok
21:50:46.0635 7536  [ 0705EFF5B42A9DB58548EEC3B26BB484 ] kbdhid          C:\Windows\system32\DRIVERS\kbdhid.sys
21:50:46.0637 7536  kbdhid - ok
21:50:46.0653 7536  [ C118A82CD78818C29AB228366EBF81C3 ] KeyIso          C:\Windows\system32\lsass.exe
21:50:46.0656 7536  KeyIso - ok
21:50:46.0683 7536  [ 97A7070AEA4C058B6418519E869A63B4 ] KSecDD          C:\Windows\system32\Drivers\ksecdd.sys
21:50:46.0686 7536  KSecDD - ok
21:50:46.0710 7536  [ 7EFB9333E4ECCE6AE4AE9D777D9E553E ] KSecPkg         C:\Windows\system32\Drivers\ksecpkg.sys
21:50:46.0714 7536  KSecPkg - ok
21:50:46.0730 7536  [ 6869281E78CB31A43E969F06B57347C4 ] ksthunk         C:\Windows\system32\drivers\ksthunk.sys
21:50:46.0733 7536  ksthunk - ok
21:50:46.0777 7536  [ 6AB66E16AA859232F64DEB66887A8C9C ] KtmRm           C:\Windows\system32\msdtckrm.dll
21:50:46.0787 7536  KtmRm - ok
21:50:46.0835 7536  [ D9F42719019740BAA6D1C6D536CBDAA6 ] LanmanServer    C:\Windows\System32\srvsvc.dll
21:50:46.0842 7536  LanmanServer - ok
21:50:46.0871 7536  [ 851A1382EED3E3A7476DB004F4EE3E1A ] LanmanWorkstation C:\Windows\System32\wkssvc.dll
21:50:46.0884 7536  LanmanWorkstation - ok
21:50:46.0968 7536  [ 68A6D9B7DF5B7B23546AA6B050CFD7EC ] LcSvrAdm        D:\ElsaWin\bin\LcSvrAdm.exe
21:50:46.0973 7536  LcSvrAdm - ok
21:50:47.0046 7536  [ 12C339E2FEE6A9E9B0B7520014538CD3 ] LcSvrAuf        D:\ElsaWin\bin\LcSvrAuf.exe
21:50:47.0082 7536  LcSvrAuf - ok
21:50:47.0137 7536  [ 2F0D7C44B2326D02CBBFD5A2EF653AF3 ] LcSvrDba        D:\ElsaWin\bin\LcSvrDba.exe
21:50:47.0144 7536  LcSvrDba - ok
21:50:47.0203 7536  [ 0AC1D8B43B809A8DAFCD424716D2C42B ] LcSvrHis        D:\ElsaWin\bin\LcSvrHis.exe
21:50:47.0209 7536  LcSvrHis - ok
21:50:47.0237 7536  [ 954DC6DD3A4E881F14AA9E87FABE7CE9 ] LcSvrPAS        D:\ElsaWin\bin\LcSvrPas.exe
21:50:47.0245 7536  LcSvrPAS - ok
21:50:47.0299 7536  [ 14579ED47C2556B262E4B0E661FB59F7 ] LcSvrSaz        D:\ElsaWin\bin\LcSvrSaz.exe
21:50:47.0306 7536  LcSvrSaz - ok
21:50:47.0407 7536  [ 6BB516A31DE232DAB436FF3A117E1E80 ] Live Updater Service C:\Program Files\Acer\Acer Updater\UpdaterService.exe
21:50:47.0412 7536  Live Updater Service - ok
21:50:47.0442 7536  [ 1538831CF8AD2979A04C423779465827 ] lltdio          C:\Windows\system32\DRIVERS\lltdio.sys
21:50:47.0446 7536  lltdio - ok
21:50:47.0477 7536  [ C1185803384AB3FEED115F79F109427F ] lltdsvc         C:\Windows\System32\lltdsvc.dll
21:50:47.0484 7536  lltdsvc - ok
21:50:47.0512 7536  [ F993A32249B66C9D622EA5592A8B76B8 ] lmhosts         C:\Windows\System32\lmhsvc.dll
21:50:47.0515 7536  lmhosts - ok
21:50:47.0548 7536  [ 1A93E54EB0ECE102495A51266DCDB6A6 ] LSI_FC          C:\Windows\system32\drivers\lsi_fc.sys
21:50:47.0552 7536  LSI_FC - ok
21:50:47.0577 7536  [ 1047184A9FDC8BDBFF857175875EE810 ] LSI_SAS         C:\Windows\system32\drivers\lsi_sas.sys
21:50:47.0581 7536  LSI_SAS - ok
21:50:47.0606 7536  [ 30F5C0DE1EE8B5BC9306C1F0E4A75F93 ] LSI_SAS2        C:\Windows\system32\drivers\lsi_sas2.sys
21:50:47.0609 7536  LSI_SAS2 - ok
21:50:47.0630 7536  [ 0504EACAFF0D3C8AED161C4B0D369D4A ] LSI_SCSI        C:\Windows\system32\drivers\lsi_scsi.sys
21:50:47.0634 7536  LSI_SCSI - ok
21:50:47.0656 7536  [ 43D0F98E1D56CCDDB0D5254CFF7B356E ] luafv           C:\Windows\system32\drivers\luafv.sys
21:50:47.0659 7536  luafv - ok
21:50:47.0700 7536  [ 4A503882318BB2F59218D401614E6AF6 ] lvpepf64        C:\Windows\system32\DRIVERS\lv302a64.sys
21:50:47.0703 7536  lvpepf64 - ok
21:50:47.0733 7536  [ DED333DBDBBCC3555A6E6244522E2F1A ] LVPr2M64        C:\Windows\system32\DRIVERS\LVPr2M64.sys
21:50:47.0736 7536  LVPr2M64 - ok
21:50:47.0747 7536  [ DED333DBDBBCC3555A6E6244522E2F1A ] LVPr2Mon        C:\Windows\system32\DRIVERS\LVPr2M64.sys
21:50:47.0749 7536  LVPr2Mon - ok
21:50:47.0803 7536  [ A35679E56E78091E1042A2D7ADBF2958 ] LVPrcS64        C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
21:50:47.0807 7536  LVPrcS64 - ok
21:50:47.0834 7536  [ 125AE13C293889001B8456CF3EB04A40 ] LVRS64          C:\Windows\system32\DRIVERS\lvrs64.sys
21:50:47.0842 7536  LVRS64 - ok
21:50:47.0888 7536  [ 5C3FF68267A5D242EE79EE01B993D6CE ] LVUSBS64        C:\Windows\system32\DRIVERS\LVUSBS64.sys
21:50:47.0892 7536  LVUSBS64 - ok
21:50:47.0966 7536  [ B6D3B963ADF91EA2F7C5E7C54EC7930B ] lxdvCATSCustConnectService C:\Windows\system32\spool\DRIVERS\x64\3\\lxdvserv.exe
21:50:47.0970 7536  lxdvCATSCustConnectService - ok
21:50:47.0985 7536  lxdv_device - ok
21:50:48.0037 7536  [ 0BB97D43299910CBFBA59C461B99B910 ] MBAMProtector   C:\Windows\system32\drivers\mbam.sys
21:50:48.0039 7536  MBAMProtector - ok
21:50:48.0091 7536  [ 65085456FD9A74D7F1A999520C299ECB ] MBAMScheduler   C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe
21:50:48.0099 7536  MBAMScheduler - ok
21:50:48.0128 7536  [ E0D7732F2D2E24B2DB3F67B6750295B8 ] MBAMService     C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
21:50:48.0140 7536  MBAMService - ok
21:50:48.0187 7536  [ 0BE09CD858ABF9DF6ED259D57A1A1663 ] Mcx2Svc         C:\Windows\system32\Mcx2Svc.dll
21:50:48.0192 7536  Mcx2Svc - ok
21:50:48.0223 7536  [ A55805F747C6EDB6A9080D7C633BD0F4 ] megasas         C:\Windows\system32\drivers\megasas.sys
21:50:48.0227 7536  megasas - ok
21:50:48.0247 7536  [ BAF74CE0072480C3B6B7C13B2A94D6B3 ] MegaSR          C:\Windows\system32\drivers\MegaSR.sys
21:50:48.0253 7536  MegaSR - ok
21:50:48.0274 7536  [ E40E80D0304A73E8D269F7141D77250B ] MMCSS           C:\Windows\system32\mmcss.dll
21:50:48.0279 7536  MMCSS - ok
21:50:48.0311 7536  [ 800BA92F7010378B09F9ED9270F07137 ] Modem           C:\Windows\system32\drivers\modem.sys
21:50:48.0322 7536  Modem - ok
21:50:48.0343 7536  [ B03D591DC7DA45ECE20B3B467E6AADAA ] monitor         C:\Windows\system32\DRIVERS\monitor.sys
21:50:48.0346 7536  monitor - ok
21:50:48.0368 7536  [ 7D27EA49F3C1F687D357E77A470AEA99 ] mouclass        C:\Windows\system32\DRIVERS\mouclass.sys
21:50:48.0373 7536  mouclass - ok
21:50:48.0391 7536  [ D3BF052C40B0C4166D9FD86A4288C1E6 ] mouhid          C:\Windows\system32\DRIVERS\mouhid.sys
21:50:48.0394 7536  mouhid - ok
21:50:48.0419 7536  [ 32E7A3D591D671A6DF2DB515A5CBE0FA ] mountmgr        C:\Windows\system32\drivers\mountmgr.sys
21:50:48.0423 7536  mountmgr - ok
21:50:48.0479 7536  [ F6378F9A90AF1E6FED6C5DA5DB3B508C ] MozillaMaintenance C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
21:50:48.0483 7536  MozillaMaintenance - ok
21:50:48.0525 7536  [ F8A10560B35C66F9DE212F03DAD5BFA7 ] MpFilter        C:\Windows\system32\DRIVERS\MpFilter.sys
21:50:48.0533 7536  MpFilter - ok
21:50:48.0567 7536  [ A44B420D30BD56E145D6A2BC8768EC58 ] mpio            C:\Windows\system32\drivers\mpio.sys
21:50:48.0572 7536  mpio - ok
21:50:48.0603 7536  [ 6C38C9E45AE0EA2FA5E551F2ED5E978F ] mpsdrv          C:\Windows\system32\drivers\mpsdrv.sys
21:50:48.0609 7536  mpsdrv - ok
21:50:48.0646 7536  [ 54FFC9C8898113ACE189D4AA7199D2C1 ] MpsSvc          C:\Windows\system32\mpssvc.dll
21:50:48.0660 7536  MpsSvc - ok
21:50:48.0681 7536  [ DC722758B8261E1ABAFD31A3C0A66380 ] MRxDAV          C:\Windows\system32\drivers\mrxdav.sys
21:50:48.0685 7536  MRxDAV - ok
21:50:48.0721 7536  [ A5D9106A73DC88564C825D317CAC68AC ] mrxsmb          C:\Windows\system32\DRIVERS\mrxsmb.sys
21:50:48.0726 7536  mrxsmb - ok
21:50:48.0748 7536  [ D711B3C1D5F42C0C2415687BE09FC163 ] mrxsmb10        C:\Windows\system32\DRIVERS\mrxsmb10.sys
21:50:48.0756 7536  mrxsmb10 - ok
21:50:48.0771 7536  [ 9423E9D355C8D303E76B8CFBD8A5C30C ] mrxsmb20        C:\Windows\system32\DRIVERS\mrxsmb20.sys
21:50:48.0775 7536  mrxsmb20 - ok
21:50:48.0793 7536  [ C25F0BAFA182CBCA2DD3C851C2E75796 ] msahci          C:\Windows\system32\drivers\msahci.sys
21:50:48.0796 7536  msahci - ok
21:50:48.0822 7536  [ DB801A638D011B9633829EB6F663C900 ] msdsm           C:\Windows\system32\drivers\msdsm.sys
21:50:48.0835 7536  msdsm - ok
21:50:48.0857 7536  [ DE0ECE52236CFA3ED2DBFC03F28253A8 ] MSDTC           C:\Windows\System32\msdtc.exe
21:50:48.0863 7536  MSDTC - ok
21:50:48.0901 7536  [ AA3FB40E17CE1388FA1BEDAB50EA8F96 ] Msfs            C:\Windows\system32\drivers\Msfs.sys
21:50:48.0904 7536  Msfs - ok
21:50:48.0927 7536  [ F9D215A46A8B9753F61767FA72A20326 ] mshidkmdf       C:\Windows\System32\drivers\mshidkmdf.sys
21:50:48.0930 7536  mshidkmdf - ok
21:50:48.0954 7536  [ D916874BBD4F8B07BFB7FA9B3CCAE29D ] msisadrv        C:\Windows\system32\drivers\msisadrv.sys
21:50:48.0957 7536  msisadrv - ok
21:50:48.0996 7536  [ 808E98FF49B155C522E6400953177B08 ] MSiSCSI         C:\Windows\system32\iscsiexe.dll
21:50:49.0002 7536  MSiSCSI - ok
21:50:49.0014 7536  msiserver - ok
21:50:49.0038 7536  [ 49CCF2C4FEA34FFAD8B1B59D49439366 ] MSKSSRV         C:\Windows\system32\drivers\MSKSSRV.sys
21:50:49.0043 7536  MSKSSRV - ok
21:50:49.0102 7536  [ E07DEC52FF801841BA9B6878A60304FB ] MsMpSvc         C:\Program Files\Microsoft Security Client\MsMpEng.exe
21:50:49.0103 7536  MsMpSvc - ok
21:50:49.0134 7536  [ BDD71ACE35A232104DDD349EE70E1AB3 ] MSPCLOCK        C:\Windows\system32\drivers\MSPCLOCK.sys
21:50:49.0137 7536  MSPCLOCK - ok
21:50:49.0155 7536  [ 4ED981241DB27C3383D72092B618A1D0 ] MSPQM           C:\Windows\system32\drivers\MSPQM.sys
21:50:49.0159 7536  MSPQM - ok
21:50:49.0182 7536  [ 759A9EEB0FA9ED79DA1FB7D4EF78866D ] MsRPC           C:\Windows\system32\drivers\MsRPC.sys
21:50:49.0189 7536  MsRPC - ok
21:50:49.0228 7536  [ 0EED230E37515A0EAEE3C2E1BC97B288 ] mssmbios        C:\Windows\system32\drivers\mssmbios.sys
21:50:49.0231 7536  mssmbios - ok
21:50:49.0252 7536  [ 2E66F9ECB30B4221A318C92AC2250779 ] MSTEE           C:\Windows\system32\drivers\MSTEE.sys
21:50:49.0255 7536  MSTEE - ok
21:50:49.0278 7536  [ 7EA404308934E675BFFDE8EDF0757BCD ] MTConfig        C:\Windows\system32\drivers\MTConfig.sys
21:50:49.0283 7536  MTConfig - ok
21:50:49.0313 7536  [ 86FCFE457EA52CDA52AD9EBFC84DD11A ] multikey        C:\Windows\system32\DRIVERS\multikey.sys
21:50:49.0347 7536  multikey - ok
21:50:49.0386 7536  [ F9A18612FD3526FE473C1BDA678D61C8 ] Mup             C:\Windows\system32\Drivers\mup.sys
21:50:49.0389 7536  Mup - ok
21:50:49.0428 7536  [ 582AC6D9873E31DFA28A4547270862DD ] napagent        C:\Windows\system32\qagentRT.dll
21:50:49.0438 7536  napagent - ok
21:50:49.0475 7536  [ 1EA3749C4114DB3E3161156FFFFA6B33 ] NativeWifiP     C:\Windows\system32\DRIVERS\nwifi.sys
21:50:49.0484 7536  NativeWifiP - ok
21:50:49.0539 7536  [ 9D1CCE440552500DED3A62F9D779CDB4 ] NAUpdate        C:\Program Files (x86)\Nero\Update\NASvc.exe
21:50:49.0548 7536  NAUpdate - ok
21:50:49.0598 7536  [ 760E38053BF56E501D562B70AD796B88 ] NDIS            C:\Windows\system32\drivers\ndis.sys
21:50:49.0614 7536  NDIS - ok
21:50:49.0640 7536  [ 9F9A1F53AAD7DA4D6FEF5BB73AB811AC ] NdisCap         C:\Windows\system32\DRIVERS\ndiscap.sys
21:50:49.0643 7536  NdisCap - ok
21:50:49.0665 7536  [ 30639C932D9FEF22B31268FE25A1B6E5 ] NdisTapi        C:\Windows\system32\DRIVERS\ndistapi.sys
21:50:49.0668 7536  NdisTapi - ok
21:50:49.0695 7536  [ 136185F9FB2CC61E573E676AA5402356 ] Ndisuio         C:\Windows\system32\DRIVERS\ndisuio.sys
21:50:49.0699 7536  Ndisuio - ok
21:50:49.0719 7536  [ 53F7305169863F0A2BDDC49E116C2E11 ] NdisWan         C:\Windows\system32\DRIVERS\ndiswan.sys
21:50:49.0724 7536  NdisWan - ok
21:50:49.0741 7536  [ 015C0D8E0E0421B4CFD48CFFE2825879 ] NDProxy         C:\Windows\system32\drivers\NDProxy.sys
21:50:49.0746 7536  NDProxy - ok
21:50:49.0760 7536  [ 86743D9F5D2B1048062B14B1D84501C4 ] NetBIOS         C:\Windows\system32\DRIVERS\netbios.sys
21:50:49.0764 7536  NetBIOS - ok
21:50:49.0782 7536  [ 09594D1089C523423B32A4229263F068 ] NetBT           C:\Windows\system32\DRIVERS\netbt.sys
21:50:49.0788 7536  NetBT - ok
21:50:49.0808 7536  [ C118A82CD78818C29AB228366EBF81C3 ] Netlogon        C:\Windows\system32\lsass.exe
21:50:49.0812 7536  Netlogon - ok
21:50:49.0847 7536  [ 847D3AE376C0817161A14A82C8922A9E ] Netman          C:\Windows\System32\netman.dll
21:50:49.0855 7536  Netman - ok
21:50:49.0879 7536  [ 5F28111C648F1E24F7DBC87CDEB091B8 ] netprofm        C:\Windows\System32\netprofm.dll
21:50:49.0890 7536  netprofm - ok
21:50:49.0965 7536  [ C7D577CB6058454228C7693DA086EF51 ] netr28ux        C:\Windows\system32\DRIVERS\netr28ux.sys
21:50:50.0018 7536  netr28ux - ok
21:50:50.0040 7536  [ 3E5A36127E201DDF663176B66828FAFE ] NetTcpPortSharing C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\SMSvcHost.exe
21:50:50.0044 7536  NetTcpPortSharing - ok
21:50:50.0084 7536  [ 2263727032E9B19231A706046B8C82D3 ] NetworkX        C:\Windows\system32\ckldrv.sys
21:50:50.0110 7536  NetworkX - ok
21:50:50.0145 7536  [ 77889813BE4D166CDAB78DDBA990DA92 ] nfrd960         C:\Windows\system32\drivers\nfrd960.sys
21:50:50.0148 7536  nfrd960 - ok
21:50:50.0175 7536  [ 162100E0BC8377710F9D170631921C03 ] NisDrv          C:\Windows\system32\DRIVERS\NisDrvWFP.sys
21:50:50.0179 7536  NisDrv - ok
21:50:50.0211 7536  [ C6E15F2F95F9C0A6098D43510B604E52 ] NisSrv          C:\Program Files\Microsoft Security Client\NisSrv.exe
21:50:50.0217 7536  NisSrv - ok
21:50:50.0251 7536  [ 8AD77806D336673F270DB31645267293 ] NlaSvc          C:\Windows\System32\nlasvc.dll
21:50:50.0260 7536  NlaSvc - ok
21:50:50.0291 7536  [ 907B5E1E4A592E5EDC5E4CCBDE4863C2 ] nmwcd           C:\Windows\system32\drivers\ccdcmbx64.sys
21:50:50.0294 7536  nmwcd - ok
21:50:50.0383 7536  [ 5839A8027D6D324A7CD494051A96628C ] NOBU            C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe
21:50:50.0438 7536  NOBU - ok
21:50:50.0466 7536  [ 1E4C4AB5C9B8DD13179BBDC75A2A01F7 ] Npfs            C:\Windows\system32\drivers\Npfs.sys
21:50:50.0469 7536  Npfs - ok
21:50:50.0479 7536  NSHE - ok
21:50:50.0510 7536  [ D54BFDF3E0C953F823B3D0BFE4732528 ] nsi             C:\Windows\system32\nsisvc.dll
21:50:50.0515 7536  nsi - ok
21:50:50.0527 7536  [ E7F5AE18AF4168178A642A9247C63001 ] nsiproxy        C:\Windows\system32\drivers\nsiproxy.sys
21:50:50.0529 7536  nsiproxy - ok
21:50:50.0616 7536  [ B98F8C6E31CD07B2E6F71F7F648E38C0 ] Ntfs            C:\Windows\system32\drivers\Ntfs.sys
21:50:50.0655 7536  Ntfs - ok
21:50:50.0674 7536  [ 9899284589F75FA8724FF3D16AED75C1 ] Null            C:\Windows\system32\drivers\Null.sys
21:50:50.0683 7536  Null - ok
21:50:50.0721 7536  [ 0A92CB65770442ED0DC44834632F66AD ] nvraid          C:\Windows\system32\drivers\nvraid.sys
21:50:50.0725 7536  nvraid - ok
21:50:50.0744 7536  [ DAB0E87525C10052BF65F06152F37E4A ] nvstor          C:\Windows\system32\drivers\nvstor.sys
21:50:50.0748 7536  nvstor - ok
21:50:50.0768 7536  [ 270D7CD42D6E3979F6DD0146650F0E05 ] nv_agp          C:\Windows\system32\drivers\nv_agp.sys
21:50:50.0772 7536  nv_agp - ok
21:50:50.0818 7536  [ 785F487A64950F3CB8E9F16253BA3B7B ] odserv          C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE
21:50:50.0827 7536  odserv - ok
21:50:50.0860 7536  [ 3589478E4B22CE21B41FA1BFC0B8B8A0 ] ohci1394        C:\Windows\system32\drivers\ohci1394.sys
21:50:50.0866 7536  ohci1394 - ok
21:50:50.0942 7536  [ 9D10F99A6712E28F8ACD5641E3A7EA6B ] ose             C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE
21:50:50.0946 7536  ose - ok
21:50:51.0219 7536  [ 61BFFB5F57AD12F83AB64B7181829B34 ] osppsvc         C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
21:50:51.0316 7536  osppsvc - ok
21:50:51.0380 7536  [ 3EAC4455472CC2C97107B5291E0DCAFE ] p2pimsvc        C:\Windows\system32\pnrpsvc.dll
21:50:51.0388 7536  p2pimsvc - ok
21:50:51.0417 7536  [ 927463ECB02179F88E4B9A17568C63C3 ] p2psvc          C:\Windows\system32\p2psvc.dll
21:50:51.0426 7536  p2psvc - ok
21:50:51.0456 7536  [ 0086431C29C35BE1DBC43F52CC273887 ] Parport         C:\Windows\system32\drivers\parport.sys
21:50:51.0460 7536  Parport - ok
21:50:51.0483 7536  [ E9766131EEADE40A27DC27D2D68FBA9C ] partmgr         C:\Windows\system32\drivers\partmgr.sys
21:50:51.0489 7536  partmgr - ok
21:50:51.0520 7536  [ 3AEAA8B561E63452C655DC0584922257 ] PcaSvc          C:\Windows\System32\pcasvc.dll
21:50:51.0527 7536  PcaSvc - ok
21:50:51.0552 7536  [ 94575C0571D1462A0F70BDE6BD6EE6B3 ] pci             C:\Windows\system32\drivers\pci.sys
21:50:51.0556 7536  pci - ok
21:50:51.0573 7536  [ B5B8B5EF2E5CB34DF8DCF8831E3534FA ] pciide          C:\Windows\system32\drivers\pciide.sys
21:50:51.0576 7536  pciide - ok
21:50:51.0603 7536  [ B2E81D4E87CE48589F98CB8C05B01F2F ] pcmcia          C:\Windows\system32\drivers\pcmcia.sys
21:50:51.0611 7536  pcmcia - ok
21:50:51.0646 7536  [ D6B9C2E1A11A3A4B26A182FFEF18F603 ] pcw             C:\Windows\system32\drivers\pcw.sys
21:50:51.0649 7536  pcw - ok
21:50:51.0713 7536  [ 68769C3356B3BE5D1C732C97B9A80D6E ] PEAUTH          C:\Windows\system32\drivers\peauth.sys
21:50:51.0729 7536  PEAUTH - ok
21:50:51.0804 7536  [ E495E408C93141E8FC72DC0C6046DDFA ] PerfHost        C:\Windows\SysWow64\perfhost.exe
21:50:51.0808 7536  PerfHost - ok
21:50:51.0923 7536  [ AE0B94363DA0F60D42B9D05B352F61ED ] PID_PEPI        C:\Windows\system32\DRIVERS\LV302V64.SYS
21:50:51.0984 7536  PID_PEPI - ok
21:50:52.0042 7536  [ C7CF6A6E137463219E1259E3F0F0DD6C ] pla             C:\Windows\system32\pla.dll
21:50:52.0077 7536  pla - ok
21:50:52.0111 7536  [ 25FBDEF06C4D92815B353F6E792C8129 ] PlugPlay        C:\Windows\system32\umpnpmgr.dll
21:50:52.0121 7536  PlugPlay - ok
21:50:52.0141 7536  [ 7195581CEC9BB7D12ABE54036ACC2E38 ] PNRPAutoReg     C:\Windows\system32\pnrpauto.dll
21:50:52.0147 7536  PNRPAutoReg - ok
21:50:52.0171 7536  [ 3EAC4455472CC2C97107B5291E0DCAFE ] PNRPsvc         C:\Windows\system32\pnrpsvc.dll
21:50:52.0177 7536  PNRPsvc - ok
21:50:52.0215 7536  [ 4F15D75ADF6156BF56ECED6D4A55C389 ] PolicyAgent     C:\Windows\System32\ipsecsvc.dll
21:50:52.0224 7536  PolicyAgent - ok
21:50:52.0257 7536  [ 6BA9D927DDED70BD1A9CADED45F8B184 ] Power           C:\Windows\system32\umpo.dll
21:50:52.0264 7536  Power - ok
21:50:52.0303 7536  [ F92A2C41117A11A00BE01CA01A7FCDE9 ] PptpMiniport    C:\Windows\system32\DRIVERS\raspptp.sys
21:50:52.0308 7536  PptpMiniport - ok
21:50:52.0324 7536  [ 0D922E23C041EFB1C3FAC2A6F943C9BF ] Processor       C:\Windows\system32\drivers\processr.sys
21:50:52.0327 7536  Processor - ok
21:50:52.0355 7536  [ 53E83F1F6CF9D62F32801CF66D8352A8 ] ProfSvc         C:\Windows\system32\profsvc.dll
21:50:52.0364 7536  ProfSvc - ok
21:50:52.0381 7536  [ C118A82CD78818C29AB228366EBF81C3 ] ProtectedStorage C:\Windows\system32\lsass.exe
21:50:52.0384 7536  ProtectedStorage - ok
21:50:52.0410 7536  [ 0557CF5A2556BD58E26384169D72438D ] Psched          C:\Windows\system32\DRIVERS\pacer.sys
21:50:52.0414 7536  Psched - ok
21:50:52.0457 7536  [ A53A15A11EBFD21077463EE2C7AFEEF0 ] ql2300          C:\Windows\system32\drivers\ql2300.sys
21:50:52.0493 7536  ql2300 - ok
21:50:52.0519 7536  [ 4F6D12B51DE1AAEFF7DC58C4D75423C8 ] ql40xx          C:\Windows\system32\drivers\ql40xx.sys
21:50:52.0524 7536  ql40xx - ok
21:50:52.0555 7536  [ 906191634E99AEA92C4816150BDA3732 ] QWAVE           C:\Windows\system32\qwave.dll
21:50:52.0563 7536  QWAVE - ok
21:50:52.0584 7536  [ 76707BB36430888D9CE9D705398ADB6C ] QWAVEdrv        C:\Windows\system32\drivers\qwavedrv.sys
21:50:52.0588 7536  QWAVEdrv - ok
21:50:52.0605 7536  [ 5A0DA8AD5762FA2D91678A8A01311704 ] RasAcd          C:\Windows\system32\DRIVERS\rasacd.sys
21:50:52.0607 7536  RasAcd - ok
21:50:52.0642 7536  [ 7ECFF9B22276B73F43A99A15A6094E90 ] RasAgileVpn     C:\Windows\system32\DRIVERS\AgileVpn.sys
21:50:52.0646 7536  RasAgileVpn - ok
21:50:52.0663 7536  [ 8F26510C5383B8DBE976DE1CD00FC8C7 ] RasAuto         C:\Windows\System32\rasauto.dll
21:50:52.0670 7536  RasAuto - ok
21:50:52.0691 7536  [ 471815800AE33E6F1C32FB1B97C490CA ] Rasl2tp         C:\Windows\system32\DRIVERS\rasl2tp.sys
21:50:52.0695 7536  Rasl2tp - ok
21:50:52.0719 7536  [ EE867A0870FC9E4972BA9EAAD35651E2 ] RasMan          C:\Windows\System32\rasmans.dll
21:50:52.0728 7536  RasMan - ok
21:50:52.0745 7536  [ 855C9B1CD4756C5E9A2AA58A15F58C25 ] RasPppoe        C:\Windows\system32\DRIVERS\raspppoe.sys
21:50:52.0749 7536  RasPppoe - ok
21:50:52.0765 7536  [ E8B1E447B008D07FF47D016C2B0EEECB ] RasSstp         C:\Windows\system32\DRIVERS\rassstp.sys
21:50:52.0769 7536  RasSstp - ok
21:50:52.0792 7536  [ 77F665941019A1594D887A74F301FA2F ] rdbss           C:\Windows\system32\DRIVERS\rdbss.sys
21:50:52.0800 7536  rdbss - ok
21:50:52.0818 7536  [ 302DA2A0539F2CF54D7C6CC30C1F2D8D ] rdpbus          C:\Windows\system32\drivers\rdpbus.sys
21:50:52.0821 7536  rdpbus - ok
21:50:52.0837 7536  [ CEA6CC257FC9B7715F1C2B4849286D24 ] RDPCDD          C:\Windows\system32\DRIVERS\RDPCDD.sys
21:50:52.0840 7536  RDPCDD - ok
21:50:52.0877 7536  [ BB5971A4F00659529A5C44831AF22365 ] RDPENCDD        C:\Windows\system32\drivers\rdpencdd.sys
21:50:52.0879 7536  RDPENCDD - ok
21:50:52.0900 7536  [ 216F3FA57533D98E1F74DED70113177A ] RDPREFMP        C:\Windows\system32\drivers\rdprefmp.sys
21:50:52.0902 7536  RDPREFMP - ok
21:50:52.0944 7536  [ 313F68E1A3E6345A4F47A36B07062F34 ] RdpVideoMiniport C:\Windows\system32\drivers\rdpvideominiport.sys
21:50:52.0947 7536  RdpVideoMiniport - ok
21:50:52.0976 7536  [ E61608AA35E98999AF9AAEEEA6114B0A ] RDPWD           C:\Windows\system32\drivers\RDPWD.sys
21:50:52.0983 7536  RDPWD - ok
21:50:53.0016 7536  [ 34ED295FA0121C241BFEF24764FC4520 ] rdyboost        C:\Windows\system32\drivers\rdyboost.sys
21:50:53.0021 7536  rdyboost - ok
21:50:53.0051 7536  [ 254FB7A22D74E5511C73A3F6D802F192 ] RemoteAccess    C:\Windows\System32\mprdim.dll
21:50:53.0056 7536  RemoteAccess - ok
21:50:53.0090 7536  [ E4D94F24081440B5FC5AA556C7C62702 ] RemoteRegistry  C:\Windows\system32\regsvc.dll
21:50:53.0097 7536  RemoteRegistry - ok
21:50:53.0135 7536  [ 3DD798846E2C28102B922C56E71B7932 ] RFCOMM          C:\Windows\system32\DRIVERS\rfcomm.sys
21:50:53.0140 7536  RFCOMM - ok
21:50:53.0168 7536  [ E4DC58CF7B3EA515AE917FF0D402A7BB ] RpcEptMapper    C:\Windows\System32\RpcEpMap.dll
21:50:53.0173 7536  RpcEptMapper - ok
21:50:53.0190 7536  [ D5BA242D4CF8E384DB90E6A8ED850B8C ] RpcLocator      C:\Windows\system32\locator.exe
21:50:53.0194 7536  RpcLocator - ok
21:50:53.0222 7536  [ 5C627D1B1138676C0A7AB2C2C190D123 ] RpcSs           C:\Windows\system32\rpcss.dll
21:50:53.0232 7536  RpcSs - ok
21:50:53.0279 7536  [ DDC86E4F8E7456261E637E3552E804FF ] rspndr          C:\Windows\system32\DRIVERS\rspndr.sys
21:50:53.0283 7536  rspndr - ok
21:50:53.0331 7536  [ E50CFB92986DCAB49DE93788FD695813 ] RTL8167         C:\Windows\system32\DRIVERS\Rt64win7.sys
21:50:53.0341 7536  RTL8167 - ok
21:50:53.0359 7536  [ C118A82CD78818C29AB228366EBF81C3 ] SamSs           C:\Windows\system32\lsass.exe
21:50:53.0362 7536  SamSs - ok
21:50:53.0387 7536  [ AC03AF3329579FFFB455AA2DAABBE22B ] sbp2port        C:\Windows\system32\drivers\sbp2port.sys
21:50:53.0391 7536  sbp2port - ok
21:50:53.0416 7536  SBRE - ok
21:50:53.0481 7536  [ 794D4B48DFB6E999537C7C3947863463 ] SBSDWSCService  C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe
21:50:53.0508 7536  SBSDWSCService - ok
21:50:53.0547 7536  [ 9B7395789E3791A3B6D000FE6F8B131E ] SCardSvr        C:\Windows\System32\SCardSvr.dll
21:50:53.0555 7536  SCardSvr - ok
21:50:53.0569 7536  [ 253F38D0D7074C02FF8DEB9836C97D2B ] scfilter        C:\Windows\system32\DRIVERS\scfilter.sys
21:50:53.0572 7536  scfilter - ok
21:50:53.0611 7536  [ 262F6592C3299C005FD6BEC90FC4463A ] Schedule        C:\Windows\system32\schedsvc.dll
21:50:53.0639 7536  Schedule - ok
21:50:53.0664 7536  [ F17D1D393BBC69C5322FBFAFACA28C7F ] SCPolicySvc     C:\Windows\System32\certprop.dll
21:50:53.0666 7536  SCPolicySvc - ok
21:50:53.0687 7536  [ 6EA4234DC55346E0709560FE7C2C1972 ] SDRSVC          C:\Windows\System32\SDRSVC.dll
21:50:53.0695 7536  SDRSVC - ok
21:50:53.0736 7536  [ 3EA8A16169C26AFBEB544E0E48421186 ] secdrv          C:\Windows\system32\drivers\secdrv.sys
21:50:53.0738 7536  secdrv - ok
21:50:53.0759 7536  [ BC617A4E1B4FA8DF523A061739A0BD87 ] seclogon        C:\Windows\system32\seclogon.dll
21:50:53.0764 7536  seclogon - ok
21:50:53.0784 7536  [ C32AB8FA018EF34C0F113BD501436D21 ] SENS            C:\Windows\system32\sens.dll
21:50:53.0789 7536  SENS - ok
21:50:53.0819 7536  [ 0336CFFAFAAB87A11541F1CF1594B2B2 ] SensrSvc        C:\Windows\system32\sensrsvc.dll
21:50:53.0824 7536  SensrSvc - ok
21:50:53.0844 7536  [ CB624C0035412AF0DEBEC78C41F5CA1B ] Serenum         C:\Windows\system32\drivers\serenum.sys
21:50:53.0847 7536  Serenum - ok
21:50:53.0872 7536  [ C1D8E28B2C2ADFAEC4BA89E9FDA69BD6 ] Serial          C:\Windows\system32\drivers\serial.sys
21:50:53.0877 7536  Serial - ok
21:50:53.0894 7536  [ 1C545A7D0691CC4A027396535691C3E3 ] sermouse        C:\Windows\system32\drivers\sermouse.sys
21:50:53.0898 7536  sermouse - ok
21:50:53.0939 7536  [ 0B6231BF38174A1628C4AC812CC75804 ] SessionEnv      C:\Windows\system32\sessenv.dll
21:50:53.0946 7536  SessionEnv - ok
21:50:53.0965 7536  [ A554811BCD09279536440C964AE35BBF ] sffdisk         C:\Windows\system32\drivers\sffdisk.sys
21:50:54.0003 7536  sffdisk - ok
21:50:54.0025 7536  [ FF414F0BAEFEBA59BC6C04B3DB0B87BF ] sffp_mmc        C:\Windows\system32\drivers\sffp_mmc.sys
21:50:54.0029 7536  sffp_mmc - ok
21:50:54.0041 7536  [ DD85B78243A19B59F0637DCF284DA63C ] sffp_sd         C:\Windows\system32\drivers\sffp_sd.sys
21:50:54.0050 7536  sffp_sd - ok
21:50:54.0068 7536  [ A9D601643A1647211A1EE2EC4E433FF4 ] sfloppy         C:\Windows\system32\drivers\sfloppy.sys
21:50:54.0080 7536  sfloppy - ok
21:50:54.0122 7536  [ C6CC9297BD53E5229653303E556AA539 ] Sftfs           C:\Windows\system32\DRIVERS\Sftfslh.sys
21:50:54.0148 7536  Sftfs - ok
21:50:54.0191 7536  [ 13693B6354DD6E72DC5131DA7D764B90 ] sftlist         C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe
21:50:54.0200 7536  sftlist - ok
21:50:54.0220 7536  [ 390AA7BC52CEE43F6790CDEA1E776703 ] Sftplay         C:\Windows\system32\DRIVERS\Sftplaylh.sys
21:50:54.0226 7536  Sftplay - ok
21:50:54.0245 7536  [ 617E29A0B0A2807466560D4C4E338D3E ] Sftredir        C:\Windows\system32\DRIVERS\Sftredirlh.sys
21:50:54.0248 7536  Sftredir - ok
21:50:54.0267 7536  [ 8F571F016FA1976F445147E9E6C8AE9B ] Sftvol          C:\Windows\system32\DRIVERS\Sftvollh.sys
21:50:54.0271 7536  Sftvol - ok
21:50:54.0294 7536  [ C3CDDD18F43D44AB713CF8C4916F7696 ] sftvsa          C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe
21:50:54.0298 7536  sftvsa - ok
21:50:54.0340 7536  [ B95F6501A2F8B2E78C697FEC401970CE ] SharedAccess    C:\Windows\System32\ipnathlp.dll
21:50:54.0348 7536  SharedAccess - ok
21:50:54.0380 7536  [ AAF932B4011D14052955D4B212A4DA8D ] ShellHWDetection C:\Windows\System32\shsvcs.dll
21:50:54.0392 7536  ShellHWDetection - ok
21:50:54.0415 7536  [ 843CAF1E5FDE1FFD5FF768F23A51E2E1 ] SiSRaid2        C:\Windows\system32\drivers\SiSRaid2.sys
21:50:54.0419 7536  SiSRaid2 - ok
21:50:54.0453 7536  [ 6A6C106D42E9FFFF8B9FCB4F754F6DA4 ] SiSRaid4        C:\Windows\system32\drivers\sisraid4.sys
21:50:54.0458 7536  SiSRaid4 - ok
21:50:54.0487 7536  [ 548260A7B8654E024DC30BF8A7C5BAA4 ] Smb             C:\Windows\system32\DRIVERS\smb.sys
21:50:54.0491 7536  Smb - ok
21:50:54.0537 7536  [ 6313F223E817CC09AA41811DAA7F541D ] SNMPTRAP        C:\Windows\System32\snmptrap.exe
21:50:54.0542 7536  SNMPTRAP - ok
21:50:54.0561 7536  [ B9E31E5CACDFE584F34F730A677803F9 ] spldr           C:\Windows\system32\drivers\spldr.sys
21:50:54.0565 7536  spldr - ok
21:50:54.0604 7536  [ 85DAA09A98C9286D4EA2BA8D0E644377 ] Spooler         C:\Windows\System32\spoolsv.exe
21:50:54.0617 7536  Spooler - ok
21:50:54.0715 7536  [ E17E0188BB90FAE42D83E98707EFA59C ] sppsvc          C:\Windows\system32\sppsvc.exe
21:50:54.0787 7536  sppsvc - ok
21:50:54.0807 7536  [ 93D7D61317F3D4BC4F4E9F8A96A7DE45 ] sppuinotify     C:\Windows\system32\sppuinotify.dll
21:50:54.0815 7536  sppuinotify - ok
21:50:54.0849 7536  [ 441FBA48BFF01FDB9D5969EBC1838F0B ] srv             C:\Windows\system32\DRIVERS\srv.sys
21:50:54.0858 7536  srv - ok
21:50:54.0875 7536  [ B4ADEBBF5E3677CCE9651E0F01F7CC28 ] srv2            C:\Windows\system32\DRIVERS\srv2.sys
21:50:54.0883 7536  srv2 - ok
21:50:54.0906 7536  [ 27E461F0BE5BFF5FC737328F749538C3 ] srvnet          C:\Windows\system32\DRIVERS\srvnet.sys
21:50:54.0910 7536  srvnet - ok
21:50:54.0935 7536  [ 51B52FBD583CDE8AA9BA62B8B4298F33 ] SSDPSRV         C:\Windows\System32\ssdpsrv.dll
21:50:54.0942 7536  SSDPSRV - ok
21:50:54.0957 7536  [ AB7AEBF58DAD8DAAB7A6C45E6A8885CB ] SstpSvc         C:\Windows\system32\sstpsvc.dll
21:50:54.0963 7536  SstpSvc - ok
21:50:54.0987 7536  [ F3817967ED533D08327DC73BC4D5542A ] stexstor        C:\Windows\system32\drivers\stexstor.sys
21:50:54.0989 7536  stexstor - ok
21:50:55.0026 7536  [ 8DD52E8E6128F4B2DA92CE27402871C1 ] stisvc          C:\Windows\System32\wiaservc.dll
21:50:55.0039 7536  stisvc - ok
21:50:55.0057 7536  [ D01EC09B6711A5F8E7E6564A4D0FBC90 ] swenum          C:\Windows\system32\drivers\swenum.sys
21:50:55.0060 7536  swenum - ok
21:50:55.0086 7536  [ E08E46FDD841B7184194011CA1955A0B ] swprv           C:\Windows\System32\swprv.dll
21:50:55.0097 7536  swprv - ok
21:50:55.0142 7536  [ BF9CCC0BF39B418C8D0AE8B05CF95B7D ] SysMain         C:\Windows\system32\sysmain.dll
21:50:55.0185 7536  SysMain - ok
21:50:55.0207 7536  [ E3C61FD7B7C2557E1F1B0B4CEC713585 ] TabletInputService C:\Windows\System32\TabSvc.dll
21:50:55.0214 7536  TabletInputService - ok
21:50:55.0242 7536  [ 40F0849F65D13EE87B9A9AE3C1DD6823 ] TapiSrv         C:\Windows\System32\tapisrv.dll
21:50:55.0251 7536  TapiSrv - ok
21:50:55.0268 7536  [ 1BE03AC720F4D302EA01D40F588162F6 ] TBS             C:\Windows\System32\tbssvc.dll
21:50:55.0274 7536  TBS - ok
21:50:55.0332 7536  [ B62A953F2BF3922C8764A29C34A22899 ] Tcpip           C:\Windows\system32\drivers\tcpip.sys
21:50:55.0377 7536  Tcpip - ok
21:50:55.0448 7536  [ B62A953F2BF3922C8764A29C34A22899 ] TCPIP6          C:\Windows\system32\DRIVERS\tcpip.sys
21:50:55.0466 7536  TCPIP6 - ok
21:50:55.0505 7536  [ 1B16D0BD9841794A6E0CDE0CEF744ABC ] tcpipreg        C:\Windows\system32\drivers\tcpipreg.sys
21:50:55.0509 7536  tcpipreg - ok
21:50:55.0536 7536  [ 3371D21011695B16333A3934340C4E7C ] TDPIPE          C:\Windows\system32\drivers\tdpipe.sys
21:50:55.0541 7536  TDPIPE - ok
21:50:55.0558 7536  [ 51C5ECEB1CDEE2468A1748BE550CFBC8 ] TDTCP           C:\Windows\system32\drivers\tdtcp.sys
21:50:55.0562 7536  TDTCP - ok
21:50:55.0588 7536  [ DDAD5A7AB24D8B65F8D724F5C20FD806 ] tdx             C:\Windows\system32\DRIVERS\tdx.sys
21:50:55.0592 7536  tdx - ok
21:50:55.0723 7536  [ 7C8DD5576695B3362202EF09B20C425E ] TeamViewer8     C:\Program Files (x86)\TeamViewer\Version8\TeamViewer_Service.exe
21:50:55.0794 7536  TeamViewer8 - ok
21:50:55.0817 7536  [ 561E7E1F06895D78DE991E01DD0FB6E5 ] TermDD          C:\Windows\system32\drivers\termdd.sys
21:50:55.0820 7536  TermDD - ok
21:50:55.0857 7536  [ 2E648163254233755035B46DD7B89123 ] TermService     C:\Windows\System32\termsrv.dll
21:50:55.0869 7536  TermService - ok
21:50:55.0898 7536  [ 9201BE2BAB8A9FF8E20D8439AE3BB04D ] Themes          C:\Windows\system32\themeservice.dll
21:50:55.0950 7536  Themes - ok
21:50:55.0961 7536  [ E40E80D0304A73E8D269F7141D77250B ] THREADORDER     C:\Windows\system32\mmcss.dll
21:50:55.0965 7536  THREADORDER - ok
21:50:56.0056 7536  [ 79BBCB1D8C674AE8977DFD80689982E9 ] Transbase       D:\BMWgroup\ETKLokal\transbase\tbmux32.exe
21:50:56.0062 7536  Transbase - ok
21:50:56.0103 7536  [ 7E7AFD841694F6AC397E99D75CEAD49D ] TrkWks          C:\Windows\System32\trkwks.dll
21:50:56.0110 7536  TrkWks - ok
21:50:56.0174 7536  [ 773212B2AAA24C1E31F10246B15B276C ] TrustedInstaller C:\Windows\servicing\TrustedInstaller.exe
21:50:56.0179 7536  TrustedInstaller - ok
21:50:56.0204 7536  [ CE18B2CDFC837C99E5FAE9CA6CBA5D30 ] tssecsrv        C:\Windows\system32\DRIVERS\tssecsrv.sys
21:50:56.0207 7536  tssecsrv - ok
21:50:56.0234 7536  [ 17C6B51CBCCDED95B3CC14E22791F85E ] TsUsbFlt        C:\Windows\system32\drivers\tsusbflt.sys
21:50:56.0238 7536  TsUsbFlt - ok
21:50:56.0267 7536  [ AD64450A4ABE076F5CB34CC08EEACB07 ] TsUsbGD         C:\Windows\system32\drivers\TsUsbGD.sys
21:50:56.0271 7536  TsUsbGD - ok
21:50:56.0303 7536  [ 3566A8DAAFA27AF944F5D705EAA64894 ] tunnel          C:\Windows\system32\DRIVERS\tunnel.sys
21:50:56.0307 7536  tunnel - ok
21:50:56.0328 7536  [ B4DD609BD7E282BFC683CEC7EAAAAD67 ] uagp35          C:\Windows\system32\drivers\uagp35.sys
21:50:56.0331 7536  uagp35 - ok
21:50:56.0358 7536  [ FF4232A1A64012BAA1FD97C7B67DF593 ] udfs            C:\Windows\system32\DRIVERS\udfs.sys
21:50:56.0364 7536  udfs - ok
21:50:56.0402 7536  [ 215462AE7E6A897D675E84DD1E3B3B56 ] ufad-ws60       C:\Program Files (x86)\VMware\VMware Player\vmware-ufad.exe
21:50:56.0408 7536  ufad-ws60 - ok
21:50:56.0457 7536  [ 3CBDEC8D06B9968ABA702EBA076364A1 ] UI0Detect       C:\Windows\system32\UI0Detect.exe
21:50:56.0463 7536  UI0Detect - ok
21:50:56.0483 7536  [ 4BFE1BC28391222894CBF1E7D0E42320 ] uliagpkx        C:\Windows\system32\drivers\uliagpkx.sys
21:50:56.0500 7536  uliagpkx - ok
21:50:56.0527 7536  [ DC54A574663A895C8763AF0FA1FF7561 ] umbus           C:\Windows\system32\DRIVERS\umbus.sys
21:50:56.0532 7536  umbus - ok
21:50:56.0555 7536  [ B2E8E8CB557B156DA5493BBDDCC1474D ] UmPass          C:\Windows\system32\drivers\umpass.sys
21:50:56.0557 7536  UmPass - ok
21:50:56.0587 7536  [ D47EC6A8E81633DD18D2436B19BAF6DE ] upnphost        C:\Windows\System32\upnphost.dll
21:50:56.0596 7536  upnphost - ok
21:50:56.0635 7536  [ 82E8F44688E6FAC57B5B7C6FC7ADBC2A ] usbaudio        C:\Windows\system32\drivers\usbaudio.sys
21:50:56.0639 7536  usbaudio - ok
21:50:56.0674 7536  [ 6F1A3157A1C89435352CEB543CDB359C ] usbccgp         C:\Windows\system32\DRIVERS\usbccgp.sys
21:50:56.0678 7536  usbccgp - ok
21:50:56.0698 7536  [ AF0892A803FDDA7492F595368E3B68E7 ] usbcir          C:\Windows\system32\drivers\usbcir.sys
21:50:56.0704 7536  usbcir - ok
21:50:56.0738 7536  [ C025055FE7B87701EB042095DF1A2D7B ] usbehci         C:\Windows\system32\DRIVERS\usbehci.sys
21:50:56.0742 7536  usbehci - ok
21:50:56.0767 7536  [ 287C6C9410B111B68B52CA298F7B8C24 ] usbhub          C:\Windows\system32\DRIVERS\usbhub.sys
21:50:56.0774 7536  usbhub - ok
21:50:56.0792 7536  [ 9840FC418B4CBD632D3D0A667A725C31 ] usbohci         C:\Windows\system32\DRIVERS\usbohci.sys
21:50:56.0795 7536  usbohci - ok
21:50:56.0822 7536  [ 73188F58FB384E75C4063D29413CEE3D ] usbprint        C:\Windows\system32\DRIVERS\usbprint.sys
21:50:56.0825 7536  usbprint - ok
21:50:56.0854 7536  [ AAA2513C8AED8B54B189FD0C6B1634C0 ] usbscan         C:\Windows\system32\DRIVERS\usbscan.sys
21:50:56.0857 7536  usbscan - ok
21:50:56.0880 7536  [ FED648B01349A3C8395A5169DB5FB7D6 ] USBSTOR         C:\Windows\system32\DRIVERS\USBSTOR.SYS
21:50:56.0883 7536  USBSTOR - ok
21:50:56.0905 7536  [ 62069A34518BCF9C1FD9E74B3F6DB7CD ] usbuhci         C:\Windows\system32\drivers\usbuhci.sys
21:50:56.0909 7536  usbuhci - ok
21:50:56.0943 7536  [ 7B28E2FBE75115660FAB31079C0A9F29 ] usb_rndisx      C:\Windows\system32\drivers\usb8023x.sys
21:50:56.0946 7536  usb_rndisx - ok
21:50:56.0971 7536  [ EDBB23CBCF2CDF727D64FF9B51A6070E ] UxSms           C:\Windows\System32\uxsms.dll
21:50:56.0976 7536  UxSms - ok
21:50:56.0994 7536  [ C118A82CD78818C29AB228366EBF81C3 ] VaultSvc        C:\Windows\system32\lsass.exe
21:50:56.0997 7536  VaultSvc - ok
21:50:57.0027 7536  [ C5C876CCFC083FF3B128F933823E87BD ] vdrvroot        C:\Windows\system32\drivers\vdrvroot.sys
21:50:57.0030 7536  vdrvroot - ok
21:50:57.0065 7536  [ 8D6B481601D01A456E75C3210F1830BE ] vds             C:\Windows\System32\vds.exe
21:50:57.0076 7536  vds - ok
21:50:57.0094 7536  [ DA4DA3F5E02943C2DC8C6ED875DE68DD ] vga             C:\Windows\system32\DRIVERS\vgapnp.sys
21:50:57.0098 7536  vga - ok
21:50:57.0121 7536  [ 53E92A310193CB3C03BEA963DE7D9CFC ] VgaSave         C:\Windows\System32\drivers\vga.sys
21:50:57.0124 7536  VgaSave - ok
21:50:57.0151 7536  [ 2CE2DF28C83AEAF30084E1B1EB253CBB ] vhdmp           C:\Windows\system32\drivers\vhdmp.sys
21:50:57.0156 7536  vhdmp - ok
21:50:57.0180 7536  [ E5689D93FFE4E5D66C0178761240DD54 ] viaide          C:\Windows\system32\drivers\viaide.sys
21:50:57.0183 7536  viaide - ok
21:50:57.0211 7536  [ 42F0ECAF36636841A4A006850695507F ] VMAuthdService  C:\Program Files (x86)\VMware\VMware Player\vmware-authd.exe
21:50:57.0215 7536  VMAuthdService - ok
21:50:57.0244 7536  [ 3D810A11C3E7FD4682A8824F54C1A04F ] vmci            C:\Windows\system32\drivers\vmci.sys
21:50:57.0249 7536  vmci - ok
21:50:57.0268 7536  [ 1AF6462718E5AB0ED55014A6EF3790EF ] vmkbd           C:\Windows\system32\drivers\VMkbd.sys
21:50:57.0271 7536  vmkbd - ok
21:50:57.0297 7536  [ 9D54F1339E78C95BF3D9939EBCB66378 ] VMnetAdapter    C:\Windows\system32\DRIVERS\vmnetadapter.sys
21:50:57.0300 7536  VMnetAdapter - ok
21:50:57.0315 7536  [ FB54EF3AA613D2832FD3812E7CB2FC75 ] VMnetBridge     C:\Windows\system32\DRIVERS\vmnetbridge.sys
21:50:57.0319 7536  VMnetBridge - ok
21:50:57.0331 7536  VMnetDHCP - ok
21:50:57.0347 7536  [ DAF5E04EB56CD0ED945FB2FDD94812DB ] VMnetuserif     C:\Windows\system32\drivers\vmnetuserif.sys
21:50:57.0354 7536  VMnetuserif - ok
21:50:57.0394 7536  [ 415B167695C4B5960A13098622EF3D80 ] vmusb           C:\Windows\system32\Drivers\vmusb.sys
21:50:57.0413 7536  vmusb - ok
21:50:57.0448 7536  [ F22098DBDD13C1221C274496B3E18DA7 ] VMUSBArbService C:\Program Files (x86)\Common Files\VMware\USB\vmware-usbarbitrator.exe
21:50:57.0458 7536  VMUSBArbService - ok
21:50:57.0486 7536  VMware NAT Service - ok
21:50:57.0521 7536  [ AE7F667DB83E108E83C86A56B821E9A6 ] vmx86           C:\Windows\system32\drivers\vmx86.sys
21:50:57.0525 7536  vmx86 - ok
21:50:57.0557 7536  [ 93F279A2C172562050700A18FA84BE2E ] vncmirror       C:\Windows\system32\DRIVERS\vncmirror.sys
21:50:57.0560 7536  vncmirror - ok
21:50:57.0690 7536  [ 74B5F5438D0051BE3A6D2FF91E245A64 ] vncserver       C:\Program Files\RealVNC\VNC Server\vncserver.exe
21:50:57.0777 7536  vncserver - ok
21:50:57.0811 7536  [ D2AAFD421940F640B407AEFAAEBD91B0 ] volmgr          C:\Windows\system32\drivers\volmgr.sys
21:50:57.0815 7536  volmgr - ok
21:50:57.0843 7536  [ A255814907C89BE58B79EF2F189B843B ] volmgrx         C:\Windows\system32\drivers\volmgrx.sys
21:50:57.0851 7536  volmgrx - ok
21:50:57.0883 7536  [ 0D08D2F3B3FF84E433346669B5E0F639 ] volsnap         C:\Windows\system32\drivers\volsnap.sys
21:50:57.0890 7536  volsnap - ok
21:50:57.0932 7536  [ 5E2016EA6EBACA03C04FEAC5F330D997 ] vsmraid         C:\Windows\system32\drivers\vsmraid.sys
21:50:57.0937 7536  vsmraid - ok
21:50:57.0990 7536  [ B60BA0BC31B0CB414593E169F6F21CC2 ] VSS             C:\Windows\system32\vssvc.exe
21:50:58.0025 7536  VSS - ok
21:50:58.0064 7536  [ E61C910E2DDF4797C1B1F9239636E894 ] vstor2-ws60     C:\Program Files (x86)\VMware\VMware Player\vstor2-ws60.sys
21:50:58.0067 7536  vstor2-ws60 - ok
21:50:58.0083 7536  [ 36D4720B72B5C5D9CB2B9C29E9DF67A1 ] vwifibus        C:\Windows\system32\DRIVERS\vwifibus.sys
21:50:58.0087 7536  vwifibus - ok
21:50:58.0130 7536  [ 6A3D66263414FF0D6FA754C646612F3F ] vwififlt        C:\Windows\system32\DRIVERS\vwififlt.sys
21:50:58.0144 7536  vwififlt - ok
21:50:58.0169 7536  [ 6A638FC4BFDDC4D9B186C28C91BD1A01 ] vwifimp         C:\Windows\system32\DRIVERS\vwifimp.sys
21:50:58.0173 7536  vwifimp - ok
21:50:58.0206 7536  [ 1C9D80CC3849B3788048078C26486E1A ] W32Time         C:\Windows\system32\w32time.dll
21:50:58.0216 7536  W32Time - ok
21:50:58.0249 7536  [ 4E9440F4F152A7B944CB1663D3935A3E ] WacomPen        C:\Windows\system32\drivers\wacompen.sys
21:50:58.0252 7536  WacomPen - ok
21:50:58.0284 7536  [ 356AFD78A6ED4457169241AC3965230C ] WANARP          C:\Windows\system32\DRIVERS\wanarp.sys
21:50:58.0288 7536  WANARP - ok
21:50:58.0298 7536  [ 356AFD78A6ED4457169241AC3965230C ] Wanarpv6        C:\Windows\system32\DRIVERS\wanarp.sys
21:50:58.0301 7536  Wanarpv6 - ok
21:50:58.0368 7536  [ 3CEC96DE223E49EAAE3651FCF8FAEA6C ] WatAdminSvc     C:\Windows\system32\Wat\WatAdminSvc.exe
21:50:58.0395 7536  WatAdminSvc - ok
21:50:58.0457 7536  [ 78F4E7F5C56CB9716238EB57DA4B6A75 ] wbengine        C:\Windows\system32\wbengine.exe
21:50:58.0490 7536  wbengine - ok
21:50:58.0514 7536  [ 3AA101E8EDAB2DB4131333F4325C76A3 ] WbioSrvc        C:\Windows\System32\wbiosrvc.dll
21:50:58.0525 7536  WbioSrvc - ok
21:50:58.0552 7536  [ 7368A2AFD46E5A4481D1DE9D14848EDD ] wcncsvc         C:\Windows\System32\wcncsvc.dll
21:50:58.0563 7536  wcncsvc - ok
21:50:58.0578 7536  [ 20F7441334B18CEE52027661DF4A6129 ] WcsPlugInService C:\Windows\System32\WcsPlugInService.dll
21:50:58.0593 7536  WcsPlugInService - ok
21:50:58.0622 7536  [ 72889E16FF12BA0F235467D6091B17DC ] Wd              C:\Windows\system32\drivers\wd.sys
21:50:58.0625 7536  Wd - ok
21:50:58.0666 7536  [ 442783E2CB0DA19873B7A63833FF4CB4 ] Wdf01000        C:\Windows\system32\drivers\Wdf01000.sys
21:50:58.0679 7536  Wdf01000 - ok
21:50:58.0705 7536  [ BF1FC3F79B863C914687A737C2F3D681 ] WdiServiceHost  C:\Windows\system32\wdi.dll
21:50:58.0711 7536  WdiServiceHost - ok
21:50:58.0727 7536  [ BF1FC3F79B863C914687A737C2F3D681 ] WdiSystemHost   C:\Windows\system32\wdi.dll
21:50:58.0732 7536  WdiSystemHost - ok
21:50:58.0758 7536  [ 3DB6D04E1C64272F8B14EB8BC4616280 ] WebClient       C:\Windows\System32\webclnt.dll
21:50:58.0767 7536  WebClient - ok
21:50:58.0789 7536  [ C749025A679C5103E575E3B48E092C43 ] Wecsvc          C:\Windows\system32\wecsvc.dll
21:50:58.0797 7536  Wecsvc - ok
21:50:58.0818 7536  [ 7E591867422DC788B9E5BD337A669A08 ] wercplsupport   C:\Windows\System32\wercplsupport.dll
21:50:58.0824 7536  wercplsupport - ok
21:50:58.0852 7536  [ 6D137963730144698CBD10F202E9F251 ] WerSvc          C:\Windows\System32\WerSvc.dll
21:50:58.0858 7536  WerSvc - ok
21:50:58.0887 7536  [ 611B23304BF067451A9FDEE01FBDD725 ] WfpLwf          C:\Windows\system32\DRIVERS\wfplwf.sys
21:50:58.0890 7536  WfpLwf - ok
21:50:58.0921 7536  [ 05ECAEC3E4529A7153B3136CEB49F0EC ] WIMMount        C:\Windows\system32\drivers\wimmount.sys
21:50:58.0924 7536  WIMMount - ok
21:50:58.0949 7536  WinDefend - ok
21:50:58.0964 7536  WinHttpAutoProxySvc - ok
21:50:59.0026 7536  [ 19B07E7E8915D701225DA41CB3877306 ] Winmgmt         C:\Windows\system32\wbem\WMIsvc.dll
21:50:59.0031 7536  Winmgmt - ok
21:50:59.0089 7536  [ BCB1310604AA415C4508708975B3931E ] WinRM           C:\Windows\system32\WsmSvc.dll
21:50:59.0150 7536  WinRM - ok
21:50:59.0224 7536  [ FE88B288356E7B47B74B13372ADD906D ] WinUSB          C:\Windows\system32\DRIVERS\WinUSB.sys
21:50:59.0227 7536  WinUSB - ok
21:50:59.0263 7536  [ 4FADA86E62F18A1B2F42BA18AE24E6AA ] Wlansvc         C:\Windows\System32\wlansvc.dll
21:50:59.0279 7536  Wlansvc - ok
21:50:59.0294 7536  [ F6FF8944478594D0E414D3F048F0D778 ] WmiAcpi         C:\Windows\system32\drivers\wmiacpi.sys
21:50:59.0297 7536  WmiAcpi - ok
21:50:59.0336 7536  [ 38B84C94C5A8AF291ADFEA478AE54F93 ] wmiApSrv        C:\Windows\system32\wbem\WmiApSrv.exe
21:50:59.0343 7536  wmiApSrv - ok
21:50:59.0371 7536  WMPNetworkSvc - ok
21:50:59.0395 7536  WorkshopDBService - ok
21:50:59.0426 7536  [ 96C6E7100D724C69FCF9E7BF590D1DCA ] WPCSvc          C:\Windows\System32\wpcsvc.dll
21:50:59.0431 7536  WPCSvc - ok
21:50:59.0469 7536  [ 93221146D4EBBF314C29B23CD6CC391D ] WPDBusEnum      C:\Windows\system32\wpdbusenum.dll
21:50:59.0476 7536  WPDBusEnum - ok
21:50:59.0502 7536  [ 6BCC1D7D2FD2453957C5479A32364E52 ] ws2ifsl         C:\Windows\system32\drivers\ws2ifsl.sys
21:50:59.0505 7536  ws2ifsl - ok
21:50:59.0522 7536  [ E8B1FE6669397D1772D8196DF0E57A9E ] wscsvc          C:\Windows\system32\wscsvc.dll
21:50:59.0529 7536  wscsvc - ok
21:50:59.0543 7536  WSearch - ok
21:50:59.0624 7536  [ D9EF901DCA379CFE914E9FA13B73B4C4 ] wuauserv        C:\Windows\system32\wuaueng.dll
21:50:59.0679 7536  wuauserv - ok
21:50:59.0711 7536  [ AB886378EEB55C6C75B4F2D14B6C869F ] WudfPf          C:\Windows\system32\drivers\WudfPf.sys
21:50:59.0715 7536  WudfPf - ok
21:50:59.0756 7536  [ DDA4CAF29D8C0A297F886BFE561E6659 ] WUDFRd          C:\Windows\system32\DRIVERS\WUDFRd.sys
21:50:59.0761 7536  WUDFRd - ok
21:50:59.0783 7536  [ B20F051B03A966392364C83F009F7D17 ] wudfsvc         C:\Windows\System32\WUDFSvc.dll
21:50:59.0789 7536  wudfsvc - ok
21:50:59.0844 7536  [ FE90B750AB808FB9DD8FBB428B5FF83B ] WwanSvc         C:\Windows\System32\wwansvc.dll
21:50:59.0852 7536  WwanSvc - ok
21:50:59.0937 7536  ================ Scan global ===============================
21:50:59.0953 7536  [ BA0CD8C393E8C9F83354106093832C7B ] C:\Windows\system32\basesrv.dll
21:50:59.0982 7536  [ 0C27239FEA4DB8A2AAC9E502186B7264 ] C:\Windows\system32\winsrv.dll
21:50:59.0999 7536  [ 0C27239FEA4DB8A2AAC9E502186B7264 ] C:\Windows\system32\winsrv.dll
21:51:00.0022 7536  [ D6160F9D869BA3AF0B787F971DB56368 ] C:\Windows\system32\sxssrv.dll
21:51:00.0050 7536  [ 24ACB7E5BE595468E3B9AA488B9B4FCB ] C:\Windows\system32\services.exe
21:51:00.0059 7536  [Global] - ok
21:51:00.0061 7536  ================ Scan MBR ==================================
21:51:00.0076 7536  [ A36C5E4F47E84449FF07ED3517B43A31 ] \Device\Harddisk0\DR0
21:51:00.0256 7536  \Device\Harddisk0\DR0 - ok
21:51:00.0257 7536  ================ Scan VBR ==================================
21:51:00.0265 7536  [ 1A0B2B48841F25E953C0D2A7D3BA9986 ] \Device\Harddisk0\DR0\Partition1
21:51:00.0269 7536  \Device\Harddisk0\DR0\Partition1 - ok
21:51:00.0297 7536  [ 8946DB9236316E9B324C81D33DBA8D8C ] \Device\Harddisk0\DR0\Partition2
21:51:00.0300 7536  \Device\Harddisk0\DR0\Partition2 - ok
21:51:00.0324 7536  [ CA22C27C1368AB702B4A395F1F7072E4 ] \Device\Harddisk0\DR0\Partition3
21:51:00.0327 7536  \Device\Harddisk0\DR0\Partition3 - ok
21:51:00.0329 7536  ============================================================
21:51:00.0329 7536  Scan finished
21:51:00.0329 7536  ============================================================
21:51:00.0363 6228  Detected object count: 0
21:51:00.0363 6228  Actual detected object count: 0
 

 

 

 

 

 



BC AdBot (Login to Remove)

 


#2 ebouge

ebouge
  • Topic Starter

  • Members
  • 19 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:LFBO
  • Local time:05:38 PM

Posted 23 May 2013 - 06:02 PM

OTL logfile created on: 21/05/2013 21:56:56 - Run 1
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\MECAHIMSELF\Desktop
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 0000040c | Country: France | Language: FRA | Date Format: dd/MM/yyyy
 
3,49 Gb Total Physical Memory | 1,96 Gb Available Physical Memory | 56,17% Memory free
6,98 Gb Paging File | 4,87 Gb Available in Paging File | 69,77% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 221,95 Gb Total Space | 156,56 Gb Free Space | 70,54% Space Free | Partition Type: NTFS
Drive D: | 222,71 Gb Total Space | 101,86 Gb Free Space | 45,74% Space Free | Partition Type: NTFS
Drive E: | 4,37 Gb Total Space | 0,00 Gb Free Space | 0,00% Space Free | Partition Type: CDFS
Drive G: | 4,42 Gb Total Space | 0,00 Gb Free Space | 0,00% Space Free | Partition Type: CDFS
 
Computer Name: MECAHIMSELF-PC | User Name: MECAHIMSELF | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - File not found --
PRC - [2013/05/21 21:44:05 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\MECAHIMSELF\Desktop\OTL.exe
PRC - [2013/05/10 00:57:22 | 000,065,640 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
PRC - [2013/04/23 09:48:17 | 010,244,448 | ---- | M] (TeamViewer GmbH) -- C:\Program Files (x86)\TeamViewer\Version8\TeamViewer.exe
PRC - [2013/04/23 09:48:17 | 004,171,104 | ---- | M] (TeamViewer GmbH) -- c:\Program Files (x86)\TeamViewer\Version8\TeamViewer_Desktop.exe
PRC - [2013/04/23 09:48:17 | 003,574,624 | ---- | M] (TeamViewer GmbH) -- C:\Program Files (x86)\TeamViewer\Version8\TeamViewer_Service.exe
PRC - [2013/04/23 09:40:59 | 000,193,888 | ---- | M] (TeamViewer GmbH) -- C:\Program Files (x86)\TeamViewer\Version8\tv_w32.exe
PRC - [2013/04/04 14:50:32 | 000,701,512 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
PRC - [2013/04/04 14:50:32 | 000,532,040 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe
PRC - [2013/04/04 14:50:32 | 000,418,376 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe
PRC - [2013/03/22 16:09:37 | 002,787,280 | ---- | M] () -- C:\ProgramData\Browser Manager\2.6.1249.132\{61d8b74e-8d89-46ff-afa6-33382c54ac73}\browsermngr.exe
PRC - [2013/03/11 19:40:21 | 000,114,688 | ---- | M] (Acresso) -- C:\Program Files (x86)\Vivid WorkshopData ATI\WorkshopDBServer.exe
PRC - [2013/03/11 19:35:43 | 000,135,168 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files (x86)\Vivid WorkshopData ATI\jre\bin\java.exe
PRC - [2012/02/06 17:54:04 | 000,255,376 | ---- | M] (Acer Incorporated) -- C:\Program Files\Acer\Acer Updater\UpdaterService.exe
PRC - [2011/12/28 04:47:15 | 000,218,408 | ---- | M] (CyberLink Corp.) -- C:\Program Files (x86)\Acer\clear.fi\MVP\clear.fiAgent.exe
PRC - [2011/12/28 04:47:13 | 000,321,832 | ---- | M] () -- C:\Program Files (x86)\Acer\clear.fi\MVP\.\Kernel\DMR\DMREngine.exe
PRC - [2011/12/28 04:47:13 | 000,214,312 | ---- | M] (CyberLink) -- C:\Program Files (x86)\Acer\clear.fi\MVP\Kernel\DMR\CLMSService.exe
PRC - [2011/12/06 17:10:44 | 000,240,640 | ---- | M] (Volkswagen AG) -- D:\ElsaWin\bin\LcSvrAdm.exe
PRC - [2011/12/06 17:08:58 | 000,335,360 | ---- | M] (Volkswagen AG) -- D:\ElsaWin\bin\LcSvrHis.exe
PRC - [2011/12/06 17:08:16 | 000,373,248 | ---- | M] (Volkswagen AG) -- D:\ElsaWin\bin\LcSvrSaz.exe
PRC - [2011/12/06 17:07:28 | 001,321,472 | ---- | M] (Volkswagen AG) -- D:\ElsaWin\bin\LcSvrAuf.exe
PRC - [2011/12/06 17:04:48 | 000,477,696 | ---- | M] (Volkswagen AG) -- D:\ElsaWin\bin\LcSvrPas.exe
PRC - [2011/12/06 17:03:38 | 000,392,704 | ---- | M] (Volkswagen AG) -- D:\ElsaWin\bin\LcSvrDba.exe
PRC - [2011/10/01 08:30:22 | 000,219,496 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe
PRC - [2011/10/01 08:30:18 | 000,508,776 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe
PRC - [2011/08/31 12:35:01 | 000,185,640 | ---- | M] (CyberLink Corp.) -- C:\Program Files (x86)\Acer\clear.fi\Movie\clear.fiMovieService.exe
PRC - [2011/08/11 05:58:26 | 000,627,304 | ---- | M] () -- C:\Program Files (x86)\Acer\Hotkey Utility\HotkeyUtility.exe
PRC - [2011/06/29 10:52:34 | 001,074,496 | ---- | M] (D-Link Corp.) -- C:\Program Files (x86)\D-Link\DWA-140 revB\AirNCFG.exe
PRC - [2011/05/30 04:54:14 | 000,036,456 | ---- | M] (Acer Incorporated) -- C:\Program Files (x86)\Acer\Registration\GREGsvc.exe
PRC - [2011/03/09 12:04:12 | 000,326,616 | ---- | M] (Transaction Software, D 81829 Munich) -- C:\Program Files (x86)\EWA net\database\TransBase WIS\tbmux32.exe
PRC - [2011/03/09 12:04:12 | 000,326,616 | ---- | M] (Transaction Software, D 81829 Munich) -- C:\Program Files (x86)\EWA net\database\TransBase EWA\tbmux32.exe
PRC - [2011/03/09 12:03:32 | 002,497,496 | ---- | M] (Transaction Software, D 81829 Munich) -- C:\Program Files (x86)\EWA net\database\TransBase EWA\tbkern32.exe
PRC - [2010/11/21 05:23:51 | 000,179,712 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\schtasks.exe
PRC - [2010/11/11 13:31:54 | 000,334,448 | ---- | M] (VMware, Inc.) -- C:\Windows\SysWOW64\vmnetdhcp.exe
PRC - [2010/11/11 13:31:50 | 000,404,080 | ---- | M] (VMware, Inc.) -- C:\Windows\SysWOW64\vmnat.exe
PRC - [2010/11/11 13:31:36 | 000,064,112 | ---- | M] (VMware, Inc.) -- C:\Program Files (x86)\VMware\VMware Player\hqtray.exe
PRC - [2010/11/11 13:30:44 | 000,113,264 | ---- | M] (VMware, Inc.) -- C:\Program Files (x86)\VMware\VMware Player\vmware-authd.exe
PRC - [2010/11/11 12:31:44 | 000,539,248 | ---- | M] (VMware, Inc.) -- C:\Program Files (x86)\Common Files\VMware\USB\vmware-usbarbitrator.exe
PRC - [2010/07/12 14:39:24 | 000,053,248 | ---- | M] () -- C:\Program Files (x86)\D-Link\DWA-140 revB\ANIWConnService.exe
PRC - [2010/05/04 21:07:22 | 000,503,080 | ---- | M] (Nero AG) -- C:\Program Files (x86)\Nero\Update\NASvc.exe
PRC - [2009/10/14 13:36:56 | 002,793,304 | ---- | M] () -- C:\Program Files\Logitech\Logitech WebCam Software\LWS.exe
PRC - [2009/10/14 13:34:18 | 000,560,472 | ---- | M] () -- C:\Program Files (x86)\Common Files\LogiShrd\LQCVFX\COCIManager.exe
PRC - [2009/10/07 01:47:22 | 000,125,464 | ---- | M] (Logitech Inc.) -- C:\Program Files (x86)\Common Files\LogiShrd\LVMVFM\LVPrS64H.exe
PRC - [2009/03/05 16:07:20 | 002,260,480 | RHS- | M] (Safer-Networking Ltd.) -- C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe
PRC - [2009/01/26 15:31:10 | 001,153,368 | ---- | M] (Safer Networking Ltd.) -- C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe
PRC - [2007/11/27 13:33:52 | 000,417,792 | ---- | M] (Transaction Software, D 81829 Munich) -- C:\Program Files (x86)\EWA net\database\TransBase EPC\tbmux32.exe
PRC - [2007/11/02 05:38:40 | 000,025,256 | ---- | M] () -- C:\Program Files (x86)\Lexmark X5400 Series\lxdvamon.exe
PRC - [2007/08/11 15:50:00 | 000,331,264 | ---- | M] () -- C:\Program Files (x86)\NetMeter\NetMeter.exe
PRC - [2004/08/05 13:02:30 | 000,385,024 | ---- | M] (Transaction Software, D 81737 Munich) -- D:\BMWgroup\ETKLokal\transbase\tbmux32.exe
PRC - [2003/07/31 19:29:04 | 000,065,536 | ---- | M] (Alexandria Software Consulting) -- C:\Program Files (x86)\EWA net\server\bin\tomcat.exe
 
 
========== Modules (No Company Name) ==========
 
MOD - [2013/05/19 12:47:52 | 012,436,480 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\30e3a21202000677d0a9270572251477\System.Windows.Forms.ni.dll
MOD - [2013/05/19 12:46:50 | 000,971,264 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\764f15e86c82662e977bd418bd6318c1\System.Configuration.ni.dll
MOD - [2013/03/22 16:09:37 | 002,787,280 | ---- | M] () -- C:\ProgramData\Browser Manager\2.6.1249.132\{61d8b74e-8d89-46ff-afa6-33382c54ac73}\browsermngr.exe
MOD - [2013/03/22 16:08:36 | 002,520,016 | ---- | M] () -- c:\ProgramData\Browser Manager\2.6.1249.132\{61d8b74e-8d89-46ff-afa6-33382c54ac73}\browsermngr.dll
MOD - [2013/01/10 09:03:31 | 001,592,832 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\eead6629e384a5b69f9ae35284b7eeed\System.Drawing.ni.dll
MOD - [2013/01/10 09:02:48 | 005,453,312 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\f687c43e9fdec031988b33ae722c4613\System.Xml.ni.dll
MOD - [2013/01/10 09:02:33 | 007,989,760 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System\369f8bdca364e2b4936d18dea582912c\System.ni.dll
MOD - [2013/01/10 09:02:16 | 011,493,376 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\7150b9136fad5b79e88f6c7f9d3d2c39\mscorlib.ni.dll
MOD - [2012/09/24 18:47:35 | 000,315,392 | ---- | M] () -- C:\Program Files (x86)\D-Link\DWA-140 revB\ANPDApi.dll
MOD - [2011/12/28 04:47:13 | 000,370,984 | ---- | M] () -- C:\Program Files (x86)\Acer\clear.fi\MVP\Kernel\DMR\CLNetMediaDMA.dll
MOD - [2011/12/28 04:47:13 | 000,321,832 | ---- | M] () -- C:\Program Files (x86)\Acer\clear.fi\MVP\.\Kernel\DMR\DMREngine.exe
MOD - [2011/08/11 05:58:26 | 000,627,304 | ---- | M] () -- C:\Program Files (x86)\Acer\Hotkey Utility\HotkeyUtility.exe
MOD - [2011/08/11 05:57:22 | 000,151,656 | ---- | M] () -- C:\Program Files (x86)\Acer\Hotkey Utility\HotkeyHook.dll
MOD - [2010/11/13 01:52:13 | 000,311,296 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_fr_b77a5c561934e089\mscorlib.resources.dll
MOD - [2010/11/11 13:31:14 | 000,068,720 | ---- | M] () -- C:\Program Files (x86)\VMware\VMware Player\zlib1.dll
MOD - [2010/11/11 13:31:00 | 000,970,352 | ---- | M] () -- C:\Program Files (x86)\VMware\VMware Player\libxml2.dll
MOD - [2010/05/13 10:58:00 | 000,294,912 | ---- | M] () -- C:\Program Files (x86)\D-Link\DWA-140 revB\wlanapp.dll
MOD - [2009/10/14 13:36:56 | 002,793,304 | ---- | M] () -- C:\Program Files\Logitech\Logitech WebCam Software\LWS.exe
MOD - [2009/10/14 13:34:18 | 000,560,472 | ---- | M] () -- C:\Program Files (x86)\Common Files\LogiShrd\LQCVFX\COCIManager.exe
MOD - [2007/11/02 05:38:40 | 000,025,256 | ---- | M] () -- C:\Program Files (x86)\Lexmark X5400 Series\lxdvamon.exe
MOD - [2007/10/08 06:59:24 | 000,036,864 | ---- | M] () -- C:\Program Files (x86)\Lexmark X5400 Series\app4r.monitor.core.dll
MOD - [2007/10/08 06:59:24 | 000,028,672 | ---- | M] () -- C:\Program Files (x86)\Lexmark X5400 Series\app4r.monitor.common.dll
MOD - [2007/10/08 06:58:32 | 000,057,344 | ---- | M] () -- C:\Program Files (x86)\Lexmark X5400 Series\app4r.devmons.mcmdevmon.dll
MOD - [2007/08/11 15:50:00 | 000,331,264 | ---- | M] () -- C:\Program Files (x86)\NetMeter\NetMeter.exe
MOD - [2007/08/10 04:12:14 | 000,011,776 | ---- | M] () -- C:\Program Files (x86)\Lexmark X5400 Series\app4r.devmons.mcmdevmon.autoplayutil.dll
 
 
========== Services (SafeList) ==========
 
SRV:64bit: - [2013/03/04 13:31:38 | 004,774,208 | ---- | M] (RealVNC Ltd) [On_Demand | Stopped] -- C:\Program Files\RealVNC\VNC Server\vncserver.exe -- (vncserver)
SRV:64bit: - [2013/01/27 12:34:32 | 000,379,360 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Program Files\Microsoft Security Client\NisSrv.exe -- (NisSrv)
SRV:64bit: - [2013/01/27 12:34:32 | 000,022,056 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Microsoft Security Client\MsMpEng.exe -- (MsMpSvc)
SRV:64bit: - [2012/02/06 17:54:04 | 000,255,376 | ---- | M] (Acer Incorporated) [Auto | Running] -- C:\Program Files\Acer\Acer Updater\UpdaterService.exe -- (Live Updater Service)
SRV:64bit: - [2011/05/24 16:03:40 | 000,204,288 | ---- | M] (AMD) [Auto | Running] -- C:\Windows\SysNative\atiesrxx.exe -- (AMD External Events Utility)
SRV:64bit: - [2009/10/07 01:47:10 | 000,191,000 | ---- | M] (Logitech Inc.) [Auto | Running] -- C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe -- (LVPrcS64)
SRV:64bit: - [2009/07/14 03:41:27 | 001,011,712 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\mpsvc.dll -- (WinDefend)
SRV:64bit: - [2008/05/08 01:29:38 | 000,122,880 | ---- | M] (CrypKey (Canada) Ltd.) [Auto | Running] -- C:\Windows\SysNative\Crypserv.exe -- (Crypkey License)
SRV:64bit: - [2007/10/18 18:54:06 | 001,044,136 | ---- | M] ( ) [Auto | Running] -- C:\Windows\SysNative\lxdvcoms.exe -- (lxdv_device)
SRV:64bit: - [2007/10/18 18:53:58 | 000,033,448 | ---- | M] () [Auto | Stopped] -- C:\Windows\SysNative\spool\DRIVERS\x64\3\\lxdvserv.exe -- (lxdvCATSCustConnectService)
SRV - [2013/05/15 11:20:10 | 000,256,904 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2013/05/10 00:57:22 | 000,065,640 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2013/04/23 09:48:17 | 003,574,624 | ---- | M] (TeamViewer GmbH) [Auto | Running] -- C:\Program Files (x86)\TeamViewer\Version8\TeamViewer_Service.exe -- (TeamViewer8)
SRV - [2013/04/04 14:50:32 | 000,701,512 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)
SRV - [2013/04/04 14:50:32 | 000,418,376 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe -- (MBAMScheduler)
SRV - [2013/03/22 16:09:37 | 002,787,280 | ---- | M] () [Auto | Running] -- C:\ProgramData\Browser Manager\2.6.1249.132\{61d8b74e-8d89-46ff-afa6-33382c54ac73}\browsermngr.exe -- (Browser Manager)
SRV - [2013/03/11 19:40:21 | 000,114,688 | ---- | M] (Acresso) [Auto | Running] -- C:\Program Files (x86)\Vivid WorkshopData ATI\WorkshopDBServer.exe -- (WorkshopDBService)
SRV - [2013/03/08 22:46:25 | 000,115,608 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2011/12/06 17:10:44 | 000,240,640 | ---- | M] (Volkswagen AG) [Auto | Running] -- D:\ElsaWin\bin\LcSvrAdm.exe -- (LcSvrAdm)
SRV - [2011/12/06 17:08:58 | 000,335,360 | ---- | M] (Volkswagen AG) [Auto | Running] -- D:\ElsaWin\bin\LcSvrHis.exe -- (LcSvrHis)
SRV - [2011/12/06 17:08:16 | 000,373,248 | ---- | M] (Volkswagen AG) [Auto | Running] -- D:\ElsaWin\bin\LcSvrSaz.exe -- (LcSvrSaz)
SRV - [2011/12/06 17:07:28 | 001,321,472 | ---- | M] (Volkswagen AG) [On_Demand | Running] -- D:\ElsaWin\bin\LcSvrAuf.exe -- (LcSvrAuf)
SRV - [2011/12/06 17:04:48 | 000,477,696 | ---- | M] (Volkswagen AG) [Auto | Running] -- D:\ElsaWin\bin\LcSvrPas.exe -- (LcSvrPAS)
SRV - [2011/12/06 17:03:38 | 000,392,704 | ---- | M] (Volkswagen AG) [Auto | Running] -- D:\ElsaWin\bin\LcSvrDba.exe -- (LcSvrDba)
SRV - [2011/10/01 08:30:22 | 000,219,496 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe -- (sftvsa)
SRV - [2011/10/01 08:30:18 | 000,508,776 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe -- (sftlist)
SRV - [2011/05/30 04:54:14 | 000,036,456 | ---- | M] (Acer Incorporated) [Auto | Running] -- C:\Program Files (x86)\Acer\Registration\GREGsvc.exe -- (GREGService)
SRV - [2011/03/09 12:04:12 | 000,326,616 | ---- | M] (Transaction Software, D 81829 Munich) [Auto | Running] -- C:\Program Files (x86)\EWA net\database\TransBase WIS\tbmux32.exe -- (EWA net DB WIS)
SRV - [2011/03/09 12:04:12 | 000,326,616 | ---- | M] (Transaction Software, D 81829 Munich) [Auto | Running] -- C:\Program Files (x86)\EWA net\database\TransBase EWA\tbmux32.exe -- (EWA net DB Core)
SRV - [2010/11/11 13:31:54 | 000,334,448 | ---- | M] (VMware, Inc.) [Auto | Running] -- C:\Windows\SysWOW64\vmnetdhcp.exe -- (VMnetDHCP)
SRV - [2010/11/11 13:31:50 | 000,404,080 | ---- | M] (VMware, Inc.) [Auto | Running] -- C:\Windows\SysWOW64\vmnat.exe -- (VMware NAT Service)
SRV - [2010/11/11 13:30:44 | 000,113,264 | ---- | M] (VMware, Inc.) [Auto | Running] -- C:\Program Files (x86)\VMware\VMware Player\vmware-authd.exe -- (VMAuthdService)
SRV - [2010/11/11 12:31:44 | 000,539,248 | ---- | M] (VMware, Inc.) [Auto | Running] -- C:\Program Files (x86)\Common Files\VMware\USB\vmware-usbarbitrator.exe -- (VMUSBArbService)
SRV - [2010/10/12 19:59:12 | 000,206,072 | ---- | M] (WildTangent, Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\WildTangent Games\App\GamesAppService.exe -- (GamesAppService)
SRV - [2010/08/19 13:57:14 | 000,191,024 | ---- | M] (VMware, Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\VMware\VMware Player\vmware-ufad.exe -- (ufad-ws60)
SRV - [2010/07/12 14:39:24 | 000,053,248 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\D-Link\DWA-140 revB\ANIWConnService.exe -- (D_Link_DWA-140_WPS)
SRV - [2010/06/02 00:31:28 | 002,804,568 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe -- (NOBU)
SRV - [2010/05/04 21:07:22 | 000,503,080 | ---- | M] (Nero AG) [Auto | Running] -- C:\Program Files (x86)\Nero\Update\NASvc.exe -- (NAUpdate)
SRV - [2010/03/18 13:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2009/06/10 23:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
SRV - [2007/11/27 13:33:52 | 000,417,792 | ---- | M] (Transaction Software, D 81829 Munich) [Auto | Running] -- C:\Program Files (x86)\EWA net\database\TransBase EPC\tbmux32.exe -- (EWA net DB EPC)
SRV - [2007/10/18 18:53:58 | 000,033,448 | ---- | M] () [Auto | Stopped] -- C:\Windows\system32\spool\DRIVERS\x64\3\\lxdvserv.exe -- (lxdvCATSCustConnectService)
SRV - [2007/10/18 18:53:53 | 000,594,600 | ---- | M] ( ) [Auto | Running] -- C:\Windows\SysWOW64\lxdvcoms.exe -- (lxdv_device)
SRV - [2004/08/05 13:02:30 | 000,385,024 | ---- | M] (Transaction Software, D 81737 Munich) [Auto | Running] -- D:\BMWgroup\ETKLokal\transbase\tbmux32.exe -- (Transbase)
SRV - [2003/07/31 19:29:04 | 000,065,536 | ---- | M] (Alexandria Software Consulting) [Auto | Running] -- C:\Program Files (x86)\EWA net\server\bin\tomcat.exe -- (EWA net Server)
 
 
========== Driver Services (SafeList) ==========
 
DRV:64bit: - [2013/05/10 15:29:16 | 000,283,200 | ---- | M] (DT Soft Ltd) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\dtsoftbus01.sys -- (dtsoftbus01)
DRV:64bit: - [2013/04/04 14:50:32 | 000,025,928 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\mbam.sys -- (MBAMProtector)
DRV:64bit: - [2013/02/12 06:12:06 | 000,019,968 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usb8023x.sys -- (usb_rndisx)
DRV:64bit: - [2013/02/07 13:42:52 | 002,201,120 | ---- | M] (Ralink Technology Corp.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\netr28ux.sys -- (netr28ux)
DRV:64bit: - [2013/01/20 16:59:04 | 000,130,008 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\NisDrvWFP.sys -- (NisDrv)
DRV:64bit: - [2012/12/28 07:04:02 | 000,068,608 | ---- | M] (Chingachguk & Denger2k (Elite & SP edition)) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\multikey.sys -- (multikey)
DRV:64bit: - [2012/10/02 17:35:50 | 000,004,608 | ---- | M] (RealVNC Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\vncmirror.sys -- (vncmirror)
DRV:64bit: - [2012/08/23 16:10:20 | 000,019,456 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\rdpvideominiport.sys -- (RdpVideoMiniport)
DRV:64bit: - [2012/08/23 16:08:26 | 000,030,208 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbGD.sys -- (TsUsbGD)
DRV:64bit: - [2012/08/23 16:07:35 | 000,057,856 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2012/03/01 08:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:64bit: - [2011/10/01 08:30:22 | 000,022,376 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Sftvollh.sys -- (Sftvol)
DRV:64bit: - [2011/10/01 08:30:18 | 000,268,648 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Sftplaylh.sys -- (Sftplay)
DRV:64bit: - [2011/10/01 08:30:18 | 000,025,960 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\Sftredirlh.sys -- (Sftredir)
DRV:64bit: - [2011/10/01 08:30:10 | 000,764,264 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Sftfslh.sys -- (Sftfs)
DRV:64bit: - [2011/08/17 10:58:16 | 000,019,968 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ccdcmbx64.sys -- (nmwcd)
DRV:64bit: - [2011/06/06 11:07:00 | 000,231,440 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\AtihdW76.sys -- (AtiHDAudioService)
DRV:64bit: - [2011/05/24 17:26:58 | 009,359,872 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmdag.sys -- (amdkmdag)
DRV:64bit: - [2011/05/24 15:25:44 | 000,309,760 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmpag.sys -- (amdkmdap)
DRV:64bit: - [2011/05/16 16:55:28 | 000,533,096 | ---- | M] (Realtek                                            ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Rt64win7.sys -- (RTL8167)
DRV:64bit: - [2011/03/11 08:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2011/03/11 08:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2011/02/21 10:09:14 | 000,015,872 | ---- | M] () [Kernel | System | Running] -- C:\Windows\SysNative\drivers\anodlwfx.sys -- (anodlwf)
DRV:64bit: - [2010/11/21 05:23:47 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2010/11/11 13:32:32 | 000,081,008 | ---- | M] (VMware, Inc.) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\vmci.sys -- (vmci)
DRV:64bit: - [2010/11/11 13:32:20 | 000,068,720 | ---- | M] (VMware, Inc.) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\vmx86.sys -- (vmx86)
DRV:64bit: - [2010/11/11 13:30:34 | 000,031,856 | ---- | M] (VMware, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\VMkbd.sys -- (vmkbd)
DRV:64bit: - [2010/11/11 13:30:18 | 000,030,320 | ---- | M] (VMware, Inc.) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\vmnetuserif.sys -- (VMnetuserif)
DRV:64bit: - [2010/11/11 12:31:32 | 000,038,512 | ---- | M] (VMware, Inc.) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\hcmon.sys -- (hcmon)
DRV:64bit: - [2010/11/11 10:04:52 | 000,045,104 | ---- | M] (VMware, Inc.) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\vmnetbridge.sys -- (VMnetBridge)
DRV:64bit: - [2010/11/11 10:04:52 | 000,037,680 | ---- | M] (VMware, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\vmusb.sys -- (vmusb)
DRV:64bit: - [2010/11/11 10:04:52 | 000,020,016 | ---- | M] (VMware, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\vmnetadapter.sys -- (VMnetAdapter)
DRV:64bit: - [2009/10/07 01:45:50 | 000,030,232 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\LVPr2M64.sys -- (LVPr2Mon)
DRV:64bit: - [2009/10/07 01:45:50 | 000,030,232 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\LVPr2M64.sys -- (LVPr2M64)
DRV:64bit: - [2009/07/14 03:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009/07/14 03:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009/07/14 03:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009/06/10 22:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009/06/10 22:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009/06/10 22:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009/06/10 22:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV:64bit: - [2009/05/01 01:01:34 | 000,327,576 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lvrs64.sys -- (LVRS64)
DRV:64bit: - [2009/05/01 00:55:56 | 002,755,096 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\LV302V64.SYS -- (PID_PEPI)
DRV:64bit: - [2009/05/01 00:55:46 | 000,015,896 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lv302a64.sys -- (lvpepf64)
DRV:64bit: - [2008/07/26 15:26:34 | 000,050,072 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\LVUSBS64.sys -- (LVUSBS64)
DRV:64bit: - [2008/03/17 19:12:26 | 000,028,664 | ---- | M] () [Kernel | System | Running] -- C:\Windows\SysNative\Ckldrv.sys -- (NetworkX)
DRV:64bit: - [2006/12/13 18:14:14 | 000,065,024 | ---- | M] (Aladdin Knowledge Systems Ltd.) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\aksdf.sys -- (aksdf)
DRV:64bit: - [2006/12/04 10:44:14 | 000,314,368 | ---- | M] (Aladdin Knowledge Systems Ltd.) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\hardlock.sys -- (Hardlock)
DRV:64bit: - [2006/12/04 10:44:14 | 000,090,240 | ---- | M] (Aladdin Knowledge Systems Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\akshasp.sys -- (akshasp)
DRV:64bit: - [2006/12/04 10:44:14 | 000,018,688 | ---- | M] (Aladdin Knowledge Systems Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\aksusb.sys -- (aksusb)
DRV - [2010/08/19 13:56:38 | 000,032,816 | ---- | M] (VMware, Inc.) [Kernel | Auto | Running] -- C:\Program Files (x86)\VMware\VMware Player\vstor2-ws60.sys -- (vstor2-ws60)
DRV - [2009/07/14 03:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)
DRV - [2008/11/23 11:23:06 | 000,097,792 | ---- | M] (T0r0 2008) [Kernel | Auto | Stopped] -- C:\Windows\SysWOW64\drivers\NSHE.SYS -- (NSHE)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://acer.msn.com
IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&form=AARTDF&pc=MAAR&src=IE-SearchBox
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://acer.msn.com
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://acer.msn.com
IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&form=AARTDF&pc=MAAR&src=IE-SearchBox
 
 
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
 
 
IE - HKU\S-1-5-21-3495972118-1920290018-178275041-1000\SOFTWARE\Microsoft\Internet Explorer\Main,bProtector Start Page = http://www.claro-search.com/?affID=114508&tt=4112_1&babsrc=HP_clro&mntrId=0c4a9d73000000000000bcf685ae3d80
IE - HKU\S-1-5-21-3495972118-1920290018-178275041-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = Preserve
IE - HKU\S-1-5-21-3495972118-1920290018-178275041-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.fr/
IE - HKU\S-1-5-21-3495972118-1920290018-178275041-1000\..\SearchScopes,bProtectorDefaultScope = {0ECDF796-C2DC-4D79-A620-CCE0C0A66CC9}
IE - HKU\S-1-5-21-3495972118-1920290018-178275041-1000\..\SearchScopes,DefaultScope = {0ECDF796-C2DC-4D79-A620-CCE0C0A66CC9}
IE - HKU\S-1-5-21-3495972118-1920290018-178275041-1000\..\SearchScopes\{0ECDF796-C2DC-4D79-A620-CCE0C0A66CC9}: "URL" = http://www1.delta-search.com/?q={searchTerms}&affID=119403&tt=gc_&babsrc=SP_ss&mntrId=0C4A0030C20F83D3
IE - HKU\S-1-5-21-3495972118-1920290018-178275041-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
========== FireFox ==========
 
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..extensions.enabledAddons: %7Bb9db16a4-6edc-47ec-a1f4-b86292ed211d%7D:4.9.14
FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:20.0
FF - prefs.js..browser.startup.homepage:
 
 
FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_7_700_202.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.20125.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_7_700_202.dll ()
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.21.2: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\5.1.20125.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MICROS~4\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll File not found
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.145\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.145\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.0.4: C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF - HKLM\Software\MozillaPlugins\@WildTangent.com/GamesAppPresenceDetector,Version=1.0: C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\0\NP_wtapp.dll ()
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\MECAHIMSELF\AppData\Local\Google\Update\1.3.21.145\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\MECAHIMSELF\AppData\Local\Google\Update\1.3.21.145\npGoogleUpdate3.dll (Google Inc.)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 17.0.6\extensions\\Components: C:\Program Files (x86)\Mozilla Thunderbird\components [2013/05/15 14:35:35 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 17.0.6\extensions\\Plugins: C:\Program Files (x86)\Mozilla Thunderbird\plugins
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\autolyrics@man-soft.net: C:\Program Files (x86)\AutoLyrics\FF\ [2013/05/21 17:28:51 | 000,000,000 | ---D | M]
 
[2012/10/12 11:38:07 | 000,000,000 | ---D | M] (No name found) -- C:\Users\MECAHIMSELF\AppData\Roaming\mozilla\Extensions
[2013/05/21 17:42:51 | 000,000,000 | ---D | M] (No name found) -- C:\Users\MECAHIMSELF\AppData\Roaming\mozilla\Firefox\Profiles\7xajsnz3.default\extensions
[2013/02/23 15:29:38 | 000,000,000 | ---D | M] (DownloadHelper) -- C:\Users\MECAHIMSELF\AppData\Roaming\mozilla\Firefox\Profiles\7xajsnz3.default\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}
[2013/02/14 18:28:28 | 000,000,000 | ---D | M] (Adblock Plus) -- C:\Users\MECAHIMSELF\AppData\Roaming\mozilla\Firefox\Profiles\7xajsnz3.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}
[2012/10/12 12:05:38 | 000,000,000 | ---D | M] (Lavasoft Search Plugin) -- C:\Users\MECAHIMSELF\AppData\Roaming\mozilla\Firefox\Profiles\7xajsnz3.default\extensions\jid1-yZwVFzbsyfMrqQ@jetpack
[2013/02/21 11:59:15 | 000,000,000 | ---D | M] (Yontoo) -- C:\Users\MECAHIMSELF\AppData\Roaming\mozilla\Firefox\Profiles\7xajsnz3.default\extensions\plugin@yontoo.com
[2012/11/01 21:45:14 | 000,000,000 | ---D | M] (Test Pilot) -- C:\Users\MECAHIMSELF\AppData\Roaming\mozilla\Firefox\Profiles\7xajsnz3.default\extensions\testpilot@labs.mozilla.com
[2013/02/21 11:59:15 | 000,021,487 | ---- | M] () (No name found) -- C:\Users\MECAHIMSELF\AppData\Roaming\mozilla\firefox\profiles\7xajsnz3.default\extensions\plugin@yontoo.com.xpi
[2012/11/01 21:45:10 | 000,621,521 | ---- | M] () (No name found) -- C:\Users\MECAHIMSELF\AppData\Roaming\mozilla\firefox\profiles\7xajsnz3.default\extensions\testpilot@labs.mozilla.com.xpi
[2013/02/14 18:28:21 | 000,817,280 | ---- | M] () (No name found) -- C:\Users\MECAHIMSELF\AppData\Roaming\mozilla\firefox\profiles\7xajsnz3.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi
[2013/05/21 17:29:40 | 000,006,505 | ---- | M] () -- C:\Users\MECAHIMSELF\AppData\Roaming\mozilla\firefox\profiles\7xajsnz3.default\searchplugins\babylon.xml
[2013/05/21 17:30:41 | 000,001,294 | ---- | M] () -- C:\Users\MECAHIMSELF\AppData\Roaming\mozilla\firefox\profiles\7xajsnz3.default\searchplugins\delta.xml
[2012/10/12 12:05:36 | 000,000,616 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\adawaretb.xml
[2012/09/25 22:04:42 | 000,002,035 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\McSiteAdvisor.xml
 
========== Chrome  ==========
 
CHR - default_search_provider: Delta Search (Enabled)
CHR - default_search_provider: search_url = http://www1.delta-search.com/?q={searchTerms}&affID=119403&tt=gc_&babsrc=SP_ss&mntrId=0C4A0030C20F83D3
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client=chrome&q={searchTerms}&{google:cursorPosition}sugkey={google:suggestAPIKeyParameter},
CHR - homepage: http://www.google.fr/
CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\26.0.1410.64\PepperFlash\pepflashplayer.dll
CHR - plugin: Chrome Remote Desktop Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\26.0.1410.64\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\26.0.1410.64\pdf.dll
CHR - plugin: Application Manager (Enabled) = C:\Users\MECAHIMSELF\AppData\Local\Google\Chrome\User Data\Default\Extensions\pgafcinpmmpklohkojmllohdhomoefph\1.0_0\spext.dll
CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll
CHR - plugin: Microsoft Office 2010 (Enabled) = C:\PROGRA~2\MICROS~4\Office14\NPSPWRAP.DLL
CHR - plugin: Google Earth Plugin (Enabled) = C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll
CHR - plugin: Google Update (Enabled) = C:\Program Files (x86)\Google\Update\1.3.21.124\npGoogleUpdate3.dll
CHR - plugin: Java™ Platform SE 7 U9 (Enabled) = C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll
CHR - plugin: Silverlight Plug-In (Enabled) = C:\Program Files (x86)\Microsoft Silverlight\4.1.10329.0\npctrl.dll
CHR - plugin: VLC Web Plugin (Enabled) = C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_5_502_135.dll
CHR - plugin: Java Deployment Toolkit 7.0.70.11 (Enabled) = C:\Windows\SysWOW64\npDeployJava1.dll
CHR - Extension: GoogleDrive = C:\Users\MECAHIMSELF\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.3_0\
CHR - Extension: YouTube = C:\Users\MECAHIMSELF\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.6_0\
CHR - Extension: Recherche Google = C:\Users\MECAHIMSELF\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.20_0\
CHR - Extension: No name found = C:\Users\MECAHIMSELF\AppData\Local\Google\Chrome\User Data\Default\Extensions\eooncjejnppfjjklapaamhcdmjbilmde\1.4\
CHR - Extension: Gmail = C:\Users\MECAHIMSELF\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\
CHR - Extension: Auto Lyrics = C:\Users\MECAHIMSELF\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkcdkfohdadbjmlfejhncigcbfkiaamf\1.111_0\
 
O1 HOSTS File: ([2012/10/23 20:40:20 | 000,443,614 | R--- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O1 - Hosts: 127.0.0.1       localhost
O1 - Hosts: 127.0.0.1    www.007guard.com
O1 - Hosts: 127.0.0.1    007guard.com
O1 - Hosts: 127.0.0.1    008i.com
O1 - Hosts: 127.0.0.1    www.008k.com
O1 - Hosts: 127.0.0.1    008k.com
O1 - Hosts: 127.0.0.1    www.00hq.com
O1 - Hosts: 127.0.0.1    00hq.com
O1 - Hosts: 127.0.0.1    010402.com
O1 - Hosts: 127.0.0.1    www.032439.com
O1 - Hosts: 127.0.0.1    032439.com
O1 - Hosts: 127.0.0.1    www.0scan.com
O1 - Hosts: 127.0.0.1    0scan.com
O1 - Hosts: 127.0.0.1    www.1000gratisproben.com
O1 - Hosts: 127.0.0.1    1000gratisproben.com
O1 - Hosts: 127.0.0.1    1001namen.com
O1 - Hosts: 127.0.0.1    www.1001namen.com
O1 - Hosts: 127.0.0.1    100888290cs.com
O1 - Hosts: 127.0.0.1    www.100888290cs.com
O1 - Hosts: 127.0.0.1    www.100sexlinks.com
O1 - Hosts: 127.0.0.1    100sexlinks.com
O1 - Hosts: 127.0.0.1    www.10sek.com
O1 - Hosts: 127.0.0.1    10sek.com
O1 - Hosts: 127.0.0.1    www.1-2005-search.com
O1 - Hosts: 127.0.0.1    1-2005-search.com
O1 - Hosts: 15263 more lines...
O2:64bit: - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files (x86)\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O2 - BHO: (Java™ Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (Auto Lyrics) - {DAEB9E85-4694-4F9B-85CB-2F28987872D7} - C:\Program Files (x86)\AutoLyrics\autolrcs.dll (Mansoft Union)
O2 - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O3:64bit: - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O4:64bit: - HKLM..\Run: [lxdvamon] C:\Program Files (x86)\Lexmark X5400 Series\lxdvamon.exe ()
O4:64bit: - HKLM..\Run: [lxdvmon.exe] C:\Program Files (x86)\Lexmark X5400 Series\lxdvmon.exe ()
O4:64bit: - HKLM..\Run: [MSC] c:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation)
O4:64bit: - HKLM..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [ArcadeMovieService] C:\Program Files (x86)\Acer\clear.fi\Movie\clear.fiMovieService.exe (CyberLink Corp.)
O4 - HKLM..\Run: [D-Link D-Link DWA-140] C:\Program Files (x86)\D-Link\DWA-140 revB\AirNCFG.exe (D-Link Corp.)
O4 - HKLM..\Run: [Hotkey Utility] C:\Program Files (x86)\Acer\Hotkey Utility\HotkeyUtility.exe ()
O4 - HKLM..\Run: [Lexmark X5400 Series] C:\Program Files (x86)\Lexmark X5400 Series\fm3032.exe ()
O4 - HKLM..\Run: [LogitechQuickCamRibbon] C:\Program Files\Logitech\Logitech WebCam Software\LWS.exe ()
O4 - HKLM..\Run: [Norton Online Backup] C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuClient.exe (Symantec Corporation)
O4 - HKLM..\Run: [StartCCC] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
O4 - HKLM..\Run: [VMware hqtray] C:\Program Files (x86)\VMware\VMware Player\hqtray.exe (VMware, Inc.)
O4 - HKU\S-1-5-21-3495972118-1920290018-178275041-1000..\Run: [Bubble Dock] "C:\Users\MECAHIMSELF\AppData\Roaming\Nosibay\Bubble Dock\LBubble Dock.exe" /winstartup File not found
O4 - HKU\S-1-5-21-3495972118-1920290018-178275041-1000..\Run: [C:\Program Files (x86)\NetMeter\NetMeter.exe] C:\Program Files (x86)\NetMeter\NetMeter.exe ()
O4 - HKU\S-1-5-21-3495972118-1920290018-178275041-1000..\Run: [DAEMON Tools Lite] C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe (Disc Soft Ltd)
O4 - HKU\S-1-5-21-3495972118-1920290018-178275041-1000..\Run: [SpybotSD TeaTimer] C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe (Safer-Networking Ltd.)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 255
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-3495972118-1920290018-178275041-1000\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-3495972118-1920290018-178275041-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKU\S-1-5-21-3495972118-1920290018-178275041-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O9 - Extra Button: @C:\Program Files (x86)\Evernote\Evernote\Resource.dll,-101 - {A95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\Program Files (x86)\Evernote\Evernote\EvernoteIE.dll (Evernote Corp., 333 W Evelyn Ave. Mountain View, CA 94041)
O9 - Extra 'Tools' menuitem : @C:\Program Files (x86)\Evernote\Evernote\Resource.dll,-101 - {A95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\Program Files (x86)\Evernote\Evernote\EvernoteIE.dll (Evernote Corp., 333 W Evelyn Ave. Mountain View, CA 94041)
O9 - Extra 'Tools' menuitem : Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files (x86)\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000011 - C:\Program Files (x86)\VMware\VMware Player\x64\vsocklib.dll (VMware, Inc.)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000012 - C:\Program Files (x86)\VMware\VMware Player\x64\vsocklib.dll (VMware, Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000011 - C:\Program Files (x86)\VMware\VMware Player\vsocklib.dll (VMware, Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000012 - C:\Program Files (x86)\VMware\VMware Player\vsocklib.dll (VMware, Inc.)
O13 - gopher Prefix: missing
O16 - DPF: {CB927D12-4FF7-4A9E-A169-56E4B8A75598} http://appldnld.apple.com.edgesuite.net/content.info.apple.com/QuickTime/qtactivex/qtplugin.cab (QuickTime Element Behavior)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{F43C7C00-BBEE-4C74-843D-ABCF20B7B7F3}: DhcpNameServer = 192.168.0.1
O18:64bit: - Protocol\Handler\ms-help - No CLSID value found
O18:64bit: - Protocol\Handler\vw-wi - No CLSID value found
O18 - Protocol\Handler\vw-wi {0F3C833F-FB28-40EA-8CB9-6A55B996C3F6} - D:\ElsaWin\bin\wiprot.dll (TODO: <Company name>)
O18:64bit: - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20 - AppInit_DLLs: (c:\progra~3\browse~1\261249~1.132\{61d8b~1\browse~1.dll) - c:\ProgramData\Browser Manager\2.6.1249.132\{61d8b74e-8d89-46ff-afa6-33382c54ac73}\browsermngr.dll ()
O20:64bit: - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysWOW64\userinit.exe (Microsoft Corporation)
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O22:64bit: - SharedTaskScheduler: {1984DD45-52CF-49cd-AB77-18F378FEA264} - FencesShellExt - C:\Program Files (x86)\Stardock\Fences\FencesMenu64.dll (Stardock)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2012/12/14 10:34:24 | 000,000,053 | R--- | M] () - E:\AUTORUN.INF -- [ CDFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = ComFile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)
 
========== Files/Folders - Created Within 30 Days ==========
 
[2013/05/21 21:54:46 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\MECAHIMSELF\Desktop\OTL.exe
[2013/05/21 21:46:04 | 000,000,000 | ---D | C] -- C:\tdsskiller
[2013/05/21 17:32:33 | 000,000,000 | ---D | C] -- C:\Users\MECAHIMSELF\AppData\Roaming\Nosibay
[2013/05/21 17:31:42 | 000,000,000 | ---D | C] -- C:\ProgramData\Software
[2013/05/21 17:31:40 | 000,000,000 | ---D | C] -- C:\Users\MECAHIMSELF\AppData\Roaming\NetMeter
[2013/05/21 17:31:31 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\NetMeter
[2013/05/21 17:31:26 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\NetMeter
[2013/05/21 17:30:15 | 000,000,000 | ---D | C] -- C:\Users\MECAHIMSELF\AppData\Roaming\BabSolution
[2013/05/21 17:29:18 | 000,000,000 | ---D | C] -- C:\Users\MECAHIMSELF\AppData\Local\Software
[2013/05/21 17:29:18 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Software
[2013/05/21 17:28:50 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\AutoLyrics
[2013/05/21 17:28:23 | 000,000,000 | ---D | C] -- C:\ProgramData\Babylon
[2013/05/21 17:28:22 | 000,000,000 | ---D | C] -- C:\Users\MECAHIMSELF\AppData\Roaming\Babylon
[2013/05/21 13:50:03 | 000,000,000 | ---D | C] -- C:\Users\MECAHIMSELF\Desktop\Voiture PELRAS
[2013/05/20 14:48:35 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\TeamViewer
[2013/05/20 08:50:31 | 000,265,064 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\dxgmms1.sys
[2013/05/20 08:50:31 | 000,144,384 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\cdd.dll
[2013/05/15 20:17:15 | 001,796,096 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\authui.dll
[2013/05/15 20:17:08 | 000,197,120 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\shdocvw.dll
[2013/05/15 20:17:07 | 001,930,752 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\authui.dll
[2013/05/15 20:17:07 | 000,111,448 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\consent.exe
[2013/05/15 20:16:26 | 000,048,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wwanprotdim.dll
[2013/05/15 20:16:20 | 000,078,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mcupdate_AuthenticAMD.dll
[2013/05/15 14:35:35 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Thunderbird
[2013/05/10 15:52:01 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\EWA net
[2013/05/10 15:42:38 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\logs
[2013/05/10 15:40:53 | 000,000,000 | ---D | C] -- C:\ProgramData\EWA
[2013/05/10 15:38:25 | 000,208,896 | ---- | C] (Woodbury Associates Ltd.) -- C:\Windows\SysWow64\UniBoxVB12.ocx
[2013/05/10 15:38:22 | 000,987,136 | ---- | C] (Woodbury Associates Ltd.) -- C:\Windows\SysWow64\UniBox210.ocx
[2013/05/10 15:38:20 | 000,438,272 | ---- | C] (Woodbury Associates Ltd.) -- C:\Windows\SysWow64\UniBox10.ocx
[2013/05/10 15:38:18 | 000,140,488 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\comdlg32.ocx
[2013/05/10 15:38:12 | 000,608,448 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\COMCTL32.OCX
[2013/05/10 15:38:10 | 000,192,512 | ---- | C] (Hewlett-Packard) -- C:\Windows\SysWow64\hpnls.dll
[2013/05/10 15:38:08 | 000,147,456 | ---- | C] (Hewlett Packard GmbH) -- C:\Windows\SysWow64\HPLog.dll
[2013/05/10 15:32:32 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\EWA net
[2013/05/10 15:29:59 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\DAEMON Tools Lite
[2013/05/10 15:29:15 | 000,283,200 | ---- | C] (DT Soft Ltd) -- C:\Windows\SysNative\drivers\dtsoftbus01.sys
[2013/05/10 15:29:02 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\DAEMON Tools Lite
[2013/05/09 18:17:18 | 000,000,000 | ---D | C] -- C:\Users\MECAHIMSELF\AppData\Roaming\ImgBurn
[2013/05/09 18:14:33 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ImgBurn
[2013/05/09 18:14:14 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\ImgBurn
[2013/05/09 13:46:32 | 000,097,792 | ---- | C] (T0r0 2008) -- C:\Windows\SysWow64\drivers\NSHE.SYS
[2013/05/09 13:46:05 | 000,191,488 | ---- | C] (Aladdin Knowledge Systems Ltd.) -- C:\Windows\SysWow64\hlvdd.dll
[2013/05/09 13:45:46 | 000,314,368 | ---- | C] (Aladdin Knowledge Systems Ltd.) -- C:\Windows\SysNative\drivers\hardlock.sys
[2013/05/09 13:45:22 | 000,090,240 | ---- | C] (Aladdin Knowledge Systems Ltd.) -- C:\Windows\SysNative\drivers\akshasp.sys
[2013/05/09 13:45:22 | 000,018,688 | ---- | C] (Aladdin Knowledge Systems Ltd.) -- C:\Windows\SysNative\drivers\aksusb.sys
[2013/05/09 13:45:19 | 000,065,024 | ---- | C] (Aladdin Knowledge Systems Ltd.) -- C:\Windows\SysNative\drivers\aksdf.sys
[2013/05/09 13:45:19 | 000,013,952 | ---- | C] (Aladdin Knowledge Systems Ltd.) -- C:\Windows\SysNative\drivers\aksclass.sys
[2013/05/09 13:45:19 | 000,010,752 | ---- | C] (Aladdin Knowledge Systems Ltd.) -- C:\Windows\SysNative\akscoinst.dll
[2013/05/09 13:45:18 | 003,066,968 | ---- | C] (Aladdin Knowledge Systems.) -- C:\Windows\SysWow64\hinstd.dll
[2013/05/09 13:45:18 | 002,511,360 | ---- | C] (Aladdin Knowledge Systems Ltd.) -- C:\Windows\SysWow64\haspds_windows.dll
[2013/05/09 13:45:18 | 000,671,112 | ---- | C] (Aladdin Knowledge Systems Ltd.) -- C:\Windows\SysWow64\hdinst_windows.dll
[2013/05/09 13:45:18 | 000,069,632 | ---- | C] (Aladdin Knowledge Systems) -- C:\Windows\SysWow64\hasp_inst_help1.dll
[2013/05/09 13:29:23 | 000,000,000 | ---D | C] -- C:\Users\MECAHIMSELF\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\ETKA 7.3 International 2011
[2013/05/09 13:15:02 | 000,000,000 | ---D | C] -- C:\Windows\ETKA7.3_International
[2013/05/09 13:03:02 | 000,068,608 | ---- | C] (Chingachguk & Denger2k (Elite & SP edition)) -- C:\Windows\SysNative\drivers\multikey.sys
[2013/05/08 16:37:16 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ETKLokal
[2013/05/07 08:03:44 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Java
[2013/05/07 08:03:29 | 000,174,496 | ---- | C] (Oracle Corporation) -- C:\Windows\SysWow64\javaw.exe
[2013/05/07 08:03:29 | 000,174,496 | ---- | C] (Oracle Corporation) -- C:\Windows\SysWow64\java.exe
[2013/05/07 08:03:29 | 000,095,648 | ---- | C] (Oracle Corporation) -- C:\Windows\SysWow64\WindowsAccessBridge-32.dll
[2013/04/23 19:42:09 | 000,000,000 | ---D | C] -- C:\Program Files\Paint.NET
[2013/04/23 19:41:31 | 000,000,000 | ---D | C] -- C:\Users\MECAHIMSELF\AppData\Local\Paint.NET
[1 C:\ProgramData\*.tmp files -> C:\ProgramData\*.tmp -> ]
[1 C:\ProgramData\*.tmp files -> C:\ProgramData\*.tmp -> ]
 
========== Files - Modified Within 30 Days ==========
 
[2013/05/21 21:44:05 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\MECAHIMSELF\Desktop\OTL.exe
[2013/05/21 21:21:00 | 000,001,102 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-3495972118-1920290018-178275041-1000UA.job
[2013/05/21 21:19:00 | 000,001,002 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2013/05/21 21:15:00 | 000,001,078 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2013/05/21 14:29:58 | 000,001,050 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-3495972118-1920290018-178275041-1000Core.job
[2013/05/21 14:15:00 | 000,001,074 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2013/05/21 08:15:50 | 000,016,976 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2013/05/21 08:15:50 | 000,016,976 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2013/05/21 08:13:03 | 001,559,566 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2013/05/21 08:13:03 | 000,707,592 | ---- | M] () -- C:\Windows\SysNative\perfh00C.dat
[2013/05/21 08:13:03 | 000,619,160 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2013/05/21 08:13:03 | 000,132,166 | ---- | M] () -- C:\Windows\SysNative\perfc00C.dat
[2013/05/21 08:13:03 | 000,107,808 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2013/05/21 08:07:51 | 000,443,080 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2013/05/21 08:07:40 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2013/05/21 08:07:20 | 2812,485,632 | -HS- | M] () -- C:\hiberfil.sys
[2013/05/15 16:48:01 | 000,342,604 | ---- | M] () -- C:\Users\MECAHIMSELF\Desktop\DEVIS SUZUKI SWIFR.pdf
[2013/05/15 15:24:52 | 000,002,114 | ---- | M] () -- C:\Users\MECAHIMSELF\Application Data\Microsoft\Internet Explorer\Quick Launch\Mozilla Thunderbird.lnk
[2013/05/15 11:20:08 | 000,692,104 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerApp.exe
[2013/05/15 11:20:08 | 000,071,048 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
[2013/05/10 15:38:26 | 000,001,606 | ---- | M] () -- C:\Windows\SysWow64\font.ini
[2013/05/10 15:38:25 | 000,208,896 | ---- | M] (Woodbury Associates Ltd.) -- C:\Windows\SysWow64\UniBoxVB12.ocx
[2013/05/10 15:38:22 | 000,987,136 | ---- | M] (Woodbury Associates Ltd.) -- C:\Windows\SysWow64\UniBox210.ocx
[2013/05/10 15:38:20 | 000,438,272 | ---- | M] (Woodbury Associates Ltd.) -- C:\Windows\SysWow64\UniBox10.ocx
[2013/05/10 15:38:18 | 000,140,488 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\comdlg32.ocx
[2013/05/10 15:38:12 | 000,608,448 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\COMCTL32.OCX
[2013/05/10 15:38:10 | 000,192,512 | ---- | M] (Hewlett-Packard) -- C:\Windows\SysWow64\hpnls.dll
[2013/05/10 15:38:08 | 000,147,456 | ---- | M] (Hewlett Packard GmbH) -- C:\Windows\SysWow64\HPLog.dll
[2013/05/10 15:30:14 | 000,001,954 | ---- | M] () -- C:\Users\Public\Desktop\DAEMON Tools Lite.lnk
[2013/05/10 15:29:16 | 000,283,200 | ---- | M] (DT Soft Ltd) -- C:\Windows\SysNative\drivers\dtsoftbus01.sys
[2013/05/09 18:14:33 | 000,001,869 | ---- | M] () -- C:\Users\Public\Desktop\ImgBurn.lnk
[2013/05/09 18:06:06 | 000,000,059 | ---- | M] () -- C:\Windows\ETKINST.INI
[2013/05/09 13:29:24 | 000,000,670 | ---- | M] () -- C:\Users\MECAHIMSELF\Desktop\ETKA-Support.lnk
[2013/05/09 13:29:23 | 000,000,714 | ---- | M] () -- C:\Users\MECAHIMSELF\Desktop\ETKA 7.3.lnk
[2013/05/09 13:29:23 | 000,000,695 | ---- | M] () -- C:\Users\MECAHIMSELF\Desktop\VIN-Creator.lnk
[2013/05/09 13:29:23 | 000,000,690 | ---- | M] () -- C:\Users\MECAHIMSELF\Desktop\ETKA 7.3 Online-Update.lnk
[2013/05/08 16:37:16 | 000,000,868 | ---- | M] () -- C:\Users\Public\Desktop\ETK Admin.lnk
[2013/05/08 16:37:16 | 000,000,859 | ---- | M] () -- C:\Users\Public\Desktop\ETK Accessories (Local).lnk
[2013/05/08 16:37:16 | 000,000,843 | ---- | M] () -- C:\Users\Public\Desktop\ETK (Lokal).lnk
[2013/05/08 09:28:53 | 000,001,113 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2013/04/23 19:42:51 | 000,001,252 | ---- | M] () -- C:\Users\Public\Desktop\Paint.NET.lnk
[1 C:\ProgramData\*.tmp files -> C:\ProgramData\*.tmp -> ]
[1 C:\ProgramData\*.tmp files -> C:\ProgramData\*.tmp -> ]
 
========== Files Created - No Company Name ==========
 
[2013/05/20 14:48:42 | 000,001,178 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TeamViewer 8.lnk
[2013/05/18 21:25:38 | 018,028,052 | ---- | C] () -- C:\FPreis.bin
[2013/05/18 21:25:38 | 012,098,286 | ---- | C] () -- C:\FPreis.pnt
[2013/05/15 16:47:55 | 000,342,604 | ---- | C] () -- C:\Users\MECAHIMSELF\Desktop\DEVIS SUZUKI SWIFR.pdf
[2013/05/10 15:38:26 | 000,001,606 | ---- | C] () -- C:\Windows\SysWow64\font.ini
[2013/05/10 15:30:14 | 000,001,954 | ---- | C] () -- C:\Users\Public\Desktop\DAEMON Tools Lite.lnk
[2013/05/09 18:14:33 | 000,001,881 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ImgBurn.lnk
[2013/05/09 18:14:33 | 000,001,869 | ---- | C] () -- C:\Users\Public\Desktop\ImgBurn.lnk
[2013/05/09 14:26:02 | 000,000,059 | ---- | C] () -- C:\Windows\ETKINST.INI
[2013/05/09 13:45:18 | 000,028,672 | ---- | C] () -- C:\Windows\SysWow64\hlduinst.exe
[2013/05/09 13:45:17 | 000,153,088 | ---- | C] () -- C:\Windows\SysWow64\UNWISE.EXE
[2013/05/09 13:29:24 | 000,000,670 | ---- | C] () -- C:\Users\MECAHIMSELF\Desktop\ETKA-Support.lnk
[2013/05/09 13:29:23 | 000,000,714 | ---- | C] () -- C:\Users\MECAHIMSELF\Desktop\ETKA 7.3.lnk
[2013/05/09 13:29:23 | 000,000,695 | ---- | C] () -- C:\Users\MECAHIMSELF\Desktop\VIN-Creator.lnk
[2013/05/09 13:29:23 | 000,000,690 | ---- | C] () -- C:\Users\MECAHIMSELF\Desktop\ETKA 7.3 Online-Update.lnk
[2013/05/08 16:37:16 | 000,000,868 | ---- | C] () -- C:\Users\Public\Desktop\ETK Admin.lnk
[2013/05/08 16:37:16 | 000,000,859 | ---- | C] () -- C:\Users\Public\Desktop\ETK Accessories (Local).lnk
[2013/05/08 16:37:16 | 000,000,843 | ---- | C] () -- C:\Users\Public\Desktop\ETK (Lokal).lnk
[2013/04/23 19:42:51 | 000,001,264 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Paint.NET.lnk
[2013/04/23 19:42:51 | 000,001,252 | ---- | C] () -- C:\Users\Public\Desktop\Paint.NET.lnk
[2013/03/25 09:04:11 | 000,000,017 | ---- | C] () -- C:\Windows\SysWow64\shortcut_ex.dat
[2013/03/12 11:30:34 | 000,000,004 | ---- | C] () -- C:\Windows\vx86036.dat
[2013/03/11 19:40:07 | 000,000,062 | ---- | C] () -- C:\Windows\Crypkey.ini
[2013/03/11 19:39:49 | 000,018,432 | ---- | C] () -- C:\Windows\Setup_ck.dll
[2013/03/11 19:39:49 | 000,011,776 | ---- | C] () -- C:\Windows\Ckrfresh.exe
[2013/03/11 19:39:48 | 000,027,648 | R--- | C] () -- C:\Windows\Setup_ck.exe
[2012/10/13 08:49:08 | 000,348,160 | ---- | C] () -- C:\Windows\SysWow64\LXDVinst.dll
[2012/10/13 08:49:07 | 000,385,024 | ---- | C] () -- C:\Windows\SysWow64\lxdvcomx.dll
[2012/10/13 08:49:06 | 000,360,448 | ---- | C] ( ) -- C:\Windows\SysWow64\lxdvinpa.dll
[2012/10/13 08:49:06 | 000,339,968 | ---- | C] ( ) -- C:\Windows\SysWow64\lxdviesc.dll
[2012/10/13 08:49:04 | 000,643,072 | ---- | C] ( ) -- C:\Windows\SysWow64\lxdvpmui.dll
[2012/10/13 08:49:03 | 000,954,368 | ---- | C] ( ) -- C:\Windows\SysWow64\lxdvusb1.dll
[2012/10/13 08:49:02 | 001,069,056 | ---- | C] ( ) -- C:\Windows\SysWow64\lxdvserv.dll
[2012/10/13 08:49:01 | 000,569,344 | ---- | C] ( ) -- C:\Windows\SysWow64\lxdvlmpm.dll
[2012/10/13 08:49:01 | 000,053,248 | ---- | C] ( ) -- C:\Windows\SysWow64\lxdvprox.dll
[2012/10/13 08:49:00 | 000,663,552 | ---- | C] ( ) -- C:\Windows\SysWow64\lxdvhbn3.dll
[2012/10/13 08:49:00 | 000,320,168 | ---- | C] ( ) -- C:\Windows\SysWow64\lxdvih.exe
[2012/10/13 08:48:59 | 000,594,600 | ---- | C] ( ) -- C:\Windows\SysWow64\lxdvcoms.exe
[2012/10/13 08:48:58 | 000,851,968 | ---- | C] ( ) -- C:\Windows\SysWow64\lxdvcomc.dll
[2012/10/13 08:48:58 | 000,364,544 | ---- | C] ( ) -- C:\Windows\SysWow64\lxdvcomm.dll
[2012/10/13 08:48:57 | 000,365,224 | ---- | C] ( ) -- C:\Windows\SysWow64\lxdvcfg.exe
[2012/10/11 18:38:55 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe
[2012/10/11 18:38:55 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe
[2012/10/11 18:38:55 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
[2012/10/11 18:38:55 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
[2012/10/11 18:38:55 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
[2012/10/10 13:16:53 | 000,000,010 | ---- | C] () -- C:\Windows\popcinfo.dat
[2012/10/06 20:24:44 | 000,000,056 | ---- | C] () -- C:\Windows\Acroread.ini
[2012/10/06 14:55:25 | 000,000,344 | ---- | C] () -- C:\Windows\ODBC.INI
[2012/09/25 11:35:20 | 001,578,634 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2012/09/24 18:55:27 | 000,000,258 | ---- | C] () -- C:\Users\MECAHIMSELF\AppData\Roaming\ANICONFIG_{F43C7C00-BBEE-4C74-843D-ABCF20B7B7F3}.ini
[2012/09/24 18:47:03 | 000,302,080 | ---- | C] () -- C:\Windows\lwd.exe
[2012/06/02 04:41:29 | 000,000,000 | ---- | C] () -- C:\Windows\ativpsrm.bin
[2011/12/13 05:10:13 | 000,003,929 | ---- | C] () -- C:\Windows\SysWow64\atipblag.dat
[2011/05/24 22:44:26 | 000,059,904 | ---- | C] () -- C:\Windows\SysWow64\OVDecode.dll
 
========== ZeroAccess Check ==========
 
[2009/07/14 06:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
 
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64
 
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"" = C:\Windows\SysNative\shell32.dll -- [2013/02/27 07:52:56 | 014,172,672 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2013/02/27 06:55:05 | 012,872,704 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009/07/14 03:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2010/11/21 05:24:25 | 000,606,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009/07/14 03:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]

< End of report >
 


OTL Extras logfile created on: 21/05/2013 21:56:56 - Run 1
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\MECAHIMSELF\Desktop
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 0000040c | Country: France | Language: FRA | Date Format: dd/MM/yyyy
 
3,49 Gb Total Physical Memory | 1,96 Gb Available Physical Memory | 56,17% Memory free
6,98 Gb Paging File | 4,87 Gb Available in Paging File | 69,77% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 221,95 Gb Total Space | 156,56 Gb Free Space | 70,54% Space Free | Partition Type: NTFS
Drive D: | 222,71 Gb Total Space | 101,86 Gb Free Space | 45,74% Space Free | Partition Type: NTFS
Drive E: | 4,37 Gb Total Space | 0,00 Gb Free Space | 0,00% Space Free | Partition Type: CDFS
Drive G: | 4,42 Gb Total Space | 0,00 Gb Free Space | 0,00% Space Free | Partition Type: CDFS
 
Computer Name: MECAHIMSELF-PC | User Name: MECAHIMSELF | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Extra Registry (SafeList) ==========
 
 
========== File Associations ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)
 
[HKEY_USERS\S-1-5-21-3495972118-1920290018-178275041-1000\SOFTWARE\Classes\<extension>]
.html [@ = ChromeHTML] -- Reg Error: Key error. File not found
 
========== Shell Spawning ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
http [open] -- Reg Error: Key error.
https [open] -- Reg Error: Key error.
inffile [install] -- %SystemRoot%\System32\rundll32.exe setupapi,InstallHinfSection DefaultInstall 132 %1 (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" (VideoLAN)
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" (VideoLAN)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
http [open] -- Reg Error: Key error.
https [open] -- Reg Error: Key error.
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" (VideoLAN)
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" (VideoLAN)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
========== Security Center Settings ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
"FirewallDisableNotify" = 0
"AntiVirusDisableNotify" = 0
"UpdatesDisableNotify" = 0
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01  [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
 
========== System Restore Settings ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0
 
========== Firewall Settings ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
 
========== Authorized Applications List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
 
 
========== Vista Active Open Ports Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{018ECDC4-05FC-4586-ADF9-7DCAB8F61BC8}" = lport=2869 | protocol=6 | dir=in | app=system |
"{0361F946-7D4F-4ACD-8BEB-F5C493C2988A}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{0E7A7754-11C4-4F09-8C02-F8A9A6BA6F4C}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{13F34D17-9E78-4107-BFF2-37BB3ECE16B0}" = lport=139 | protocol=6 | dir=in | app=system |
"{303197C2-C30A-40DC-BD6F-F00E506EFB3F}" = lport=138 | protocol=17 | dir=in | app=system |
"{3F609D27-054C-46FE-A90C-A91BE2F94A62}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{402EFE3A-7799-4FE0-B15E-9BAC47AC5C50}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{45B67CF8-BFB2-4A0B-A7CC-2E918F334E92}" = rport=445 | protocol=6 | dir=out | app=system |
"{5A892FA7-C037-4237-B092-DCBF245D3E71}" = lport=6004 | protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office12\outlook.exe |
"{6536A56C-F358-4D6A-A2C5-2D2359BDD5D6}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 |
"{671A7B8E-470B-4808-9B3C-A7467DEBB0BC}" = lport=3702 | protocol=17 | dir=in | svc=fdphost | app=%systemroot%\system32\svchost.exe |
"{691D2C3E-63E7-4616-BBFD-31D8E22C2BB8}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{6A809363-4FD5-46B5-B38B-F91EE029682B}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{6C4E35BA-FDE6-4C05-971E-E48B73386005}" = rport=139 | protocol=6 | dir=out | app=system |
"{6E83204F-0D30-4FBC-8A81-A63E2E43C14F}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{796FB806-9C94-46C0-818D-3025CE9A29C9}" = rport=3702 | protocol=17 | dir=out | svc=fdrespub | app=%systemroot%\system32\svchost.exe |
"{7A3FFD19-29BA-44D0-824C-E649DDB76BE4}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{7C19D82B-8CC4-48B2-8F1B-93391F2AC610}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{90E85709-DDF4-43C3-87DC-5B3AEA8FAB10}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{93AE2B46-9764-4DCD-85EF-65E7A48BE403}" = lport=10243 | protocol=6 | dir=in | app=system |
"{961516EB-0F0E-4C55-8F65-C8315533563B}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{9623D28E-46F8-4CC2-B5E5-BF576BD27657}" = lport=1900 | protocol=17 | dir=in | name=windows live communications platform (ssdp) |
"{97DD5F4E-0DB1-4462-90AD-AF5ED3234B11}" = rport=137 | protocol=17 | dir=out | app=system |
"{A4FC3DAB-6FCE-4F11-A5FB-146D15DF5841}" = lport=12000 | protocol=6 | dir=in | app=system |
"{B3013022-8A66-47C1-8F59-45972D5E0915}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{B40A0028-D7BD-4365-A7FC-A1E2FA1E18A7}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{B9DC18ED-2FA6-48EE-8F65-9991C4F380F6}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
"{BA14085A-C4E6-44FD-8465-3BEFCE7AA252}" = rport=3702 | protocol=17 | dir=out | svc=fdphost | app=%systemroot%\system32\svchost.exe |
"{CDCC418D-E797-4C15-8568-9E49683FECA5}" = rport=138 | protocol=17 | dir=out | app=system |
"{D7B62E3B-A962-4072-9F32-3641A83B846C}" = lport=2869 | protocol=6 | dir=in | name=windows live communications platform (upnp) |
"{ED3C63ED-032A-48FF-8314-E898F7D97E1E}" = lport=445 | protocol=6 | dir=in | app=system |
"{F18F45CB-BA5F-4251-A622-A287FAFEA8B6}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{F75A701F-913A-4F3B-B258-FA5E6875A353}" = rport=10243 | protocol=6 | dir=out | app=system |
"{FAD5EDC1-BA46-4696-9EBA-314CDC0969B0}" = lport=137 | protocol=17 | dir=in | app=system |
"{FB9916DE-32A5-4153-BF0D-33145DB1A848}" = lport=3702 | protocol=17 | dir=in | svc=fdrespub | app=%systemroot%\system32\svchost.exe |
 
========== Vista Active Application Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0140AC38-1E26-44E3-9EEF-1963CB1E99DB}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{05F68D93-E17F-44ED-8EA4-B1784CD2799A}" = protocol=17 | dir=in | app=c:\program files (x86)\lexmark x5400 series\lxdvamon.exe |
"{0751DF52-785E-42F9-BFB7-A42679764560}" = protocol=17 | dir=in | app=c:\program files (x86)\vmware\vmware player\vmware-authd.exe |
"{12E2A93A-FCE9-428C-BC61-1B6A25087A1B}" = dir=in | app=c:\program files (x86)\acer\clear.fi\movie\playmovie.exe |
"{14A9EDC5-BF97-4FF6-88BB-BB939B310901}" = protocol=6 | dir=in | app=d:\elsawin\bin\elsawin.exe |
"{15B7DAAE-C2C8-4979-8DFE-C1F4159FE221}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{15F348C6-C4F4-41A4-9DD3-806257177776}" = protocol=6 | dir=in | app=c:\program files (x86)\logitech\vid hd\vid.exe |
"{17F9EEDB-5BEA-4071-A066-1B51490117F2}" = dir=in | app=c:\program files (x86)\acer\clear.fi\mvp\kernel\dmr\clmsservice.exe |
"{1BF8F211-906E-4321-AA33-19BFF48F0319}" = protocol=6 | dir=in | app=c:\program files (x86)\vmware\vmware player\vmware-authd.exe |
"{23A4C572-8CE2-4CCA-BB68-589978A2D9AC}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 |
"{2569A382-202D-498D-95B6-A02B3632B44A}" = protocol=6 | dir=out | app=system |
"{2CED2DCA-31F0-417C-B2F7-C5AE72A28C88}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{2CF4EC8D-8A53-4EB3-8059-5623AA66E51E}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{2D81EDCB-0FB5-4818-9426-B1208A363E33}" = protocol=17 | dir=in | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{2FD0AF8F-C131-4365-A4C5-29754F38AD25}" = protocol=6 | dir=in | app=c:\program files (x86)\abbyy finereader 6.0 sprint\scan\scanman6.exe |
"{3059FD5B-0BF4-4B8E-88DD-4135134E3B10}" = protocol=17 | dir=in | app=c:\program files (x86)\teamviewer\version8\teamviewer.exe |
"{33CFBC15-10C5-43F0-881A-33A8AED12B3F}" = protocol=17 | dir=in | app=c:\windows\system32\spool\drivers\x64\3\lxdvtime.exe |
"{3802A1A8-E8FE-4FFF-B629-B81D812DEADD}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{387176A4-B468-4992-8916-6699ABAD937C}" = dir=in | app=c:\program files (x86)\acer\clear.fi\mvp\kernel\clml\clmlsvc.exe |
"{401BAB02-0BC8-4D23-996F-82AF3DD12153}" = protocol=17 | dir=in | app=c:\program files (x86)\logitech\vid hd\vid.exe |
"{42A8C7DA-80C7-4B3A-8AAD-92FF6C3A6433}" = protocol=6 | dir=in | app=c:\program files (x86)\lexmark x5400 series\lxdvamon.exe |
"{444F30C1-7C8F-40C9-9691-70F0F957AF1C}" = protocol=17 | dir=in | app=c:\program files (x86)\lexmark x5400 series\lxdvmon.exe |
"{471B9642-7892-4BFF-90EE-13BC483FE9D4}" = dir=in | app=c:\program files (x86)\windows live\contacts\wlcomm.exe |
"{48310A68-C6D1-4CFF-94B5-5BC61372C82A}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{49F67D9C-F860-4293-8A92-7D1B3BC294E1}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{4BF90F1B-D37D-43B6-8149-9A901592524A}" = protocol=17 | dir=in | app=c:\program files (x86)\lexmark x5400 series\frun.exe |
"{4C6BFC92-56E6-4390-B0F5-C4D4F5F9CEFA}" = protocol=6 | dir=in | app=c:\windows\system32\spool\drivers\x64\3\lxdvpswx.exe |
"{5F8C641C-787B-4697-9BAE-7D8FA3FFACAB}" = dir=in | app=c:\program files (x86)\acer\clear.fi\mvp\kernel\dmr\dmrengine.exe |
"{615FEAF0-C409-464B-B37E-EA45C8DD6F0B}" = protocol=6 | dir=in | app=c:\program files (x86)\lexmark x5400 series\lxdvfax.exe |
"{6A111B52-F3E9-448D-8A06-27D7A179BB00}" = protocol=17 | dir=in | app=d:\elsawin\bin\elsawin.exe |
"{6A2BD0F0-2D34-4334-870C-F3E9BC291F14}" = dir=in | app=c:\program files (x86)\acer\clear.fi\mvp\kernel\dmr\dmrengine.exe |
"{6F4E9FDD-03A1-4B97-B4F5-35C460A0D386}" = protocol=6 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{79031A74-2704-40DC-A41B-8AEE84ED9FA1}" = protocol=6 | dir=in | app=c:\windows\syswow64\lxdvcoms.exe |
"{7A169D6F-E84C-4C8E-953D-36A02204BD7E}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{7E198BEE-5B82-4704-A203-7FC3013BBFF1}" = protocol=6 | dir=in | app=c:\program files (x86)\lexmark x5400 series\lxdvtime.exe |
"{82B96C85-5A04-447C-BA4B-D33021F0B107}" = protocol=6 | dir=in | app=c:\program files\realvnc\vnc server\vncserver.exe |
"{892E39B6-E64D-4434-B41B-83C7A07EA1A2}" = protocol=17 | dir=in | app=c:\windows\syswow64\lxdvcoms.exe |
"{8965357D-1365-4E4B-AC12-1A7DE5DA7B8C}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 |
"{8CAD2C78-25C1-4BC3-9DDD-4F0926CCE864}" = protocol=6 | dir=in | app=c:\program files (x86)\teamviewer\version8\teamviewer.exe |
"{93FFE1F3-B688-4E97-B614-4E69A0671AC1}" = protocol=6 | dir=in | app=c:\windows\system32\lxdvcoms.exe |
"{987C75E7-F01E-4970-BC66-70879F633FC2}" = protocol=17 | dir=in | app=c:\program files (x86)\vmware\vmware player\vmware-authd.exe |
"{99677334-6068-4872-8B25-DADF3118E3DB}" = dir=in | app=c:\program files (x86)\acer\clear.fi\mvp\clear.fiagent.exe |
"{9C7D3862-9486-45D9-B5CE-D62F408C0FEC}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{A06CEE21-9425-47B0-A1A6-740D0D140007}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 |
"{A1C8F70F-20D6-4098-B08C-0E45D0D808A5}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{AE77EBAB-1667-472B-AFA2-E16781E06781}" = protocol=6 | dir=in | app=c:\windows\system32\spool\drivers\x64\3\lxdvtime.exe |
"{AF510AD3-C46B-429A-97B3-DB6AF0B26712}" = protocol=17 | dir=in | app=c:\program files (x86)\vmware\vmware player\vmware-authd.exe |
"{BC4CF77D-3B95-413C-B4BD-D8900EEAEB9C}" = dir=in | app=c:\program files (x86)\acer\clear.fi\mvp\clear.fi.exe |
"{BE4CD8EB-41A6-49E9-B82F-122CC94D758D}" = protocol=17 | dir=in | app=c:\program files (x86)\lexmark x5400 series\lxdvfax.exe |
"{C0C170A0-BCAB-4C25-8BC3-440B1AEB710A}" = protocol=6 | dir=in | app=c:\program files (x86)\lexmark x5400 series\frun.exe |
"{C4D87034-84D6-4708-9F61-CF7B20C9563B}" = protocol=17 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{C8005920-1600-4C7A-B76B-5B5BA4C40D0E}" = protocol=17 | dir=in | app=c:\program files\realvnc\vnc server\vncserver.exe |
"{C9552E9A-4A78-4483-B280-609C03CA51A4}" = dir=in | app=c:\program files (x86)\acer\clear.fi\mvp\clear.fiagent.exe |
"{D3FE7775-AE9D-4639-ACCF-FB96C9DC8269}" = protocol=6 | dir=in | app=c:\program files (x86)\vmware\vmware player\vmware-authd.exe |
"{D5391B7D-86FD-475E-908C-3DA2641C0CDA}" = protocol=6 | dir=in | app=c:\program files (x86)\vmware\vmware player\vmware-authd.exe |
"{D54D803C-05FA-47BE-A6AA-AF44634EE604}" = dir=in | app=c:\program files (x86)\acer\clear.fi\mvp\kernel\dmr\dmrengine.exe |
"{D65B1289-D63A-467C-A0FE-48B4E9109F90}" = protocol=17 | dir=in | app=c:\windows\system32\lxdvcoms.exe |
"{D67E9D7B-BA18-4144-993A-AA8C37664784}" = protocol=17 | dir=in | app=c:\program files (x86)\lexmark x5400 series\lxdvtime.exe |
"{D88998F9-FBB4-4238-95D1-6190B3A699C0}" = protocol=17 | dir=in | app=c:\program files (x86)\teamviewer\version8\teamviewer_service.exe |
"{D89DA637-B3F3-4809-A6EB-AB9DA26E424F}" = protocol=6 | dir=in | app=c:\program files (x86)\lexmark x5400 series\lxdvmon.exe |
"{DCA5281D-A08D-4574-8CD9-B1BB244D411E}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{F35C892D-7A42-4EA0-BA13-C00FBFE07323}" = protocol=6 | dir=in | app=c:\program files (x86)\teamviewer\version8\teamviewer_service.exe |
"{F3C73A3B-D9A1-479A-9D1B-86ED4D761CF0}" = protocol=17 | dir=in | app=c:\program files (x86)\abbyy finereader 6.0 sprint\scan\scanman6.exe |
"{F40C4D5D-69D1-42B3-929D-6F7D59857B70}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 |
"{F4C44E65-ADA6-4459-90D2-C3CAD63D3881}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{FB5128AB-C5AF-499F-84BF-E41DD422779C}" = dir=in | app=c:\program files (x86)\acer\clear.fi\mvp\clear.fiagent.exe |
"{FFED9A7A-074A-4E90-BDAA-96FE43A7DEA3}" = protocol=17 | dir=in | app=c:\windows\system32\spool\drivers\x64\3\lxdvpswx.exe |
"TCP Query User{65A337AE-4B72-498F-9A49-162E3DD080F9}C:\program files (x86)\vivid workshopdata ati\sed.exe" = protocol=6 | dir=in | app=c:\program files (x86)\vivid workshopdata ati\sed.exe |
"TCP Query User{7CAE14D6-B67E-404B-9A61-DED818E910E5}D:\bmwgroup\etklokal\javaclient\jre1.5.0_11\bin\javaw.exe" = protocol=6 | dir=in | app=d:\bmwgroup\etklokal\javaclient\jre1.5.0_11\bin\javaw.exe |
"TCP Query User{7FEDA881-A84F-4FB9-89A1-1905C291C039}D:\bmwgroup\etklokal\javaclient\etk.exe" = protocol=6 | dir=in | app=d:\bmwgroup\etklokal\javaclient\etk.exe |
"TCP Query User{A8264228-ECF6-4136-AD5E-3C45F156A0C0}C:\program files\realvnc\vnc viewer\vncviewer.exe" = protocol=6 | dir=in | app=c:\program files\realvnc\vnc viewer\vncviewer.exe |
"UDP Query User{145AE25D-FB12-453A-A1D5-C5804EA33206}C:\program files\realvnc\vnc viewer\vncviewer.exe" = protocol=17 | dir=in | app=c:\program files\realvnc\vnc viewer\vncviewer.exe |
"UDP Query User{37249110-C467-4BC1-B496-89C136804415}C:\program files (x86)\vivid workshopdata ati\sed.exe" = protocol=17 | dir=in | app=c:\program files (x86)\vivid workshopdata ati\sed.exe |
"UDP Query User{AF8F287A-9AA7-48EE-83FB-2DBC5874C1A6}D:\bmwgroup\etklokal\javaclient\jre1.5.0_11\bin\javaw.exe" = protocol=17 | dir=in | app=d:\bmwgroup\etklokal\javaclient\jre1.5.0_11\bin\javaw.exe |
"UDP Query User{B00875ED-5D00-4433-B5EB-9A248D83E3C2}D:\bmwgroup\etklokal\javaclient\etk.exe" = protocol=17 | dir=in | app=d:\bmwgroup\etklokal\javaclient\etk.exe |
 
========== HKEY_LOCAL_MACHINE Uninstall List ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{071c9b48-7c32-4621-a0ac-3f809523288f}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{10CD364B-FFCC-48BE-B469-B9622A033075}" = Fences
"{40D63515-FF59-9430-BFF0-BF2D26A6AB76}" = ATI AVIVO64 Codecs
"{4B5F58F7-C7D1-3CE3-9B37-B657F0852643}" = Microsoft .NET Framework 4 Client Profile FRA Language Pack
"{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148
"{4EEAE843-530C-05DA-DE42-ED6DF19B2F7B}" = AMD Media Foundation Decoders
"{503F672D-6C84-448A-8F8F-4BC35AC83441}" = AMD APP SDK Runtime
"{529125EF-E3AC-4B74-97E6-F688A7C0F1C0}" = Paint.NET v3.5.10
"{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
"{889DF117-14D1-44EE-9F31-C5FB5D47F68B}" = Yontoo 1.10.03
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{90120000-002A-0000-1000-0000000FF1CE}" = Microsoft Office Office 64-bit Components 2007
"{90120000-002A-040C-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (French) 2007
"{90140000-006D-040C-1000-0000000FF1CE}" = Microsoft Office « Démarrer en un clic » 2010
"{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting
"{987FE247-4E69-4A2E-A961-D14F901FDBF6}" = Logitech Webcam Software
"{A63555F3-DDAE-D6B9-4021-096C29A38EE6}" = AMD Drag and Drop Transcoding
"{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{AE618CAE-B14A-9877-D2E2-5A4556A1B508}" = ccc-utility64
"{BC4AE628-81A4-4FC6-863A-7A9BA2E2531F}" = Nokia Connectivity Cable Driver
"{D954C6C2-544B-4091-A47F-11E77162883E}" = Microsoft Security Client
"{DA5E371C-6333-3D8A-93A4-6FD5B20BCC6E}" = Microsoft Visual C++ 2010  x64 Redistributable - 10.0.30319
"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
"{F7F1A2DA-481A-1B41-8959-4B224C6B20B6}" = ATI Catalyst Install Manager
"CCleaner" = CCleaner
"Lexmark X5400 Series" = Lexmark X5400 Series
"lvdrivers_12.10" = Coffret de pilotes Logitech Webcam Software
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile FRA Language Pack" = Module linguistique Microsoft .NET Framework 4 Client Profile FRA
"Microsoft Security Client" = Microsoft Security Essentials
"RealVNC_is1" = VNC Server 5.0.5
"RealVNCViewer_is1" = VNC Viewer 5.0.5
"VNCMirror_is1" = VNC Mirror Driver 1.8.0
"VNCPrinter_is1" = VNC Printer Driver 1.8.0
"WinRAR archiver" = WinRAR 4.20 (64-bit)
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{00989200-325C-4910-8D7C-708529685D64}" = EWA_net_WIS_CaseOnline_Importer
"{0B0F231F-CE6A-483D-AA23-77B364F75917}" = Windows Live Installer
"{14C4C3B6-F1F4-401F-8C86-03E8E19AAC8C}" =  clear.fi
"{15D2D75C-9CB2-4efd-BAD7-B9B4CB4BC693}" = bProtector for Windows
"{18455581-E099-4BA8-BC6B-F34B2F06600C}" = Google Toolbar for Internet Explorer
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{200FEC62-3C34-4D60-9CE8-EC372E01C08F}" = Windows Live SOXE Definitions
"{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer
"{2436F2A8-4B7E-4B6C-AE4E-604C84AA6A4F}" = Nero Core Components 10
"{26A24AE4-039D-4CA4-87B4-2F83217017FF}" = Java 7 Update 21
"{278DB2A0-512A-4555-8BA0-C5D65E9DDC79}" = EWA_net_Client_Applications
"{28921580-E4BB-11E0-9FD7-1CC1DEF07CBE}" = Evernote v. 4.5.1
"{2E8F3D27-6BB1-61F6-63B5-353C196A1A89}" = CCC Help Czech
"{2FA94A64-C84E-49d1-97DD-7BF06C7BBFB2}.WildTangent Games App" = Update Installer for WildTangent Games App
"{33643918-7957-4839-92C7-EA96CB621A98}" = Nero Express 10 Help (CHM)
"{34490F4E-48D0-492E-8249-B48BECF0537C}" = Nero DiscSpeed 10
"{34B32B70-8081-11E2-89AF-B8AC6F98CCE3}" = Google Earth Plug-in
"{37126D87-E4FD-4614-B908-A0BB7ECE3992}" = clear.fi
"{3C564B1C-9A46-1CBA-7E91-0E31562E99E8}" = CCC Help Italian
"{3D7CA1C7-8E89-2D63-FAE8-29B308EE5E0A}" = CCC Help Portuguese
"{40A66DF6-22D3-44B5-A7D3-83B118A2C0DC}" = Norton Online Backup
"{40C33F45-E45B-F8C5-E8B5-0AB19B254683}" = AMD VISION Engine Control Center
"{42921D90-1419-50A1-9178-2AB5FDA7A6ED}" = CCC Help Korean
"{43AAE145-83CF-4C96-9A5E-756CEFCE879F}" = clear.fi Client
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4C774C35-E0AF-72E1-136A-2BF666702268}" = Fooz Kids
"{523B2B1B-D8DB-4B41-90FF-C4D799E2758A}" = Nero ControlCenter 10 Help (CHM)
"{5513C032-CB59-4D93-AAB8-7A0649388AB3}" = Micro Application - Cartes de visite Edition Classic
"{59548157-0904-C399-B97F-177DA6FA9625}" = CCC Help Hungarian
"{61E4B8A6-8EAB-BE0A-0259-8C86CD118C4E}" = CCC Help Japanese
"{62BF4BD3-B1F6-4FA2-8388-CC0647ACBF86}" = Nero Multimedia Suite 10 Essentials
"{65BB0407-4CC8-4DC7-952E-3EEFDF05602A}" = Nero Update
"{682B3E4F-696A-42DE-A41C-4C07EA1678B4}" = Windows Live SOXE
"{6A837420-0195-4921-5590-C911A30EF872}" = CCC Help Finnish
"{6DFB899F-17A2-48F0-A533-ED8D6866CF38}" = Nero Control Center 10
"{70550193-1C22-445C-8FA4-564E155DB1A7}" = Nero Express 10
"{70B446D1-E03B-4ab0-9B3C-0832142C9AA8}.WildTangent Games App-acer" = WildTangent Games App (Acer Games)
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{7A997C02-81D4-4FEC-9C1C-F916611F8360}" = EWA_net_EPC
"{7F811A54-5A09-4579-90E1-C93498E230D9}" = Acer eRecovery Management
"{83C292B7-38A5-440B-A731-07070E81A64F}" = Windows Live PIMT Platform
"{8833FFB6-5B0C-4764-81AA-06DFEED9A476}" = Realtek Ethernet Controller Driver
"{8D2D742A-59DE-DCFD-6177-50564A4538DB}" = Catalyst Control Center InstallProxy
"{8D68CE08-9A14-4B7B-9857-3C646A2F34C7}" = Fooz Kids Platform
"{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT
"{90120000-0011-0000-0000-0000000FF1CE}" = Microsoft Office Professional Plus 2007
"{90120000-0011-0000-0000-0000000FF1CE}_PROPLUS_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0015-040C-0000-0000000FF1CE}" = Microsoft Office Access MUI (French) 2007
"{90120000-0015-040C-0000-0000000FF1CE}_PROPLUS_{CF3C20A6-47B7-48DA-95C1-6FBB5A439AF8}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0016-040C-0000-0000000FF1CE}" = Microsoft Office Excel MUI (French) 2007
"{90120000-0016-040C-0000-0000000FF1CE}_PROPLUS_{CF3C20A6-47B7-48DA-95C1-6FBB5A439AF8}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0018-040C-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (French) 2007
"{90120000-0018-040C-0000-0000000FF1CE}_PROPLUS_{CF3C20A6-47B7-48DA-95C1-6FBB5A439AF8}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0019-040C-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (French) 2007
"{90120000-0019-040C-0000-0000000FF1CE}_PROPLUS_{CF3C20A6-47B7-48DA-95C1-6FBB5A439AF8}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001A-040C-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (French) 2007
"{90120000-001A-040C-0000-0000000FF1CE}_PROPLUS_{CF3C20A6-47B7-48DA-95C1-6FBB5A439AF8}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001B-040C-0000-0000000FF1CE}" = Microsoft Office Word MUI (French) 2007
"{90120000-001B-040C-0000-0000000FF1CE}_PROPLUS_{CF3C20A6-47B7-48DA-95C1-6FBB5A439AF8}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001F-0401-0000-0000000FF1CE}" = Microsoft Office Proof (Arabic) 2007
"{90120000-001F-0401-0000-0000000FF1CE}_PROPLUS_{3E8EA473-ECCE-405F-A9CA-59446AEADD3A}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2007
"{90120000-001F-0407-0000-0000000FF1CE}_PROPLUS_{928D7B99-2BEA-49F9-83B8-20FA57860643}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_PROPLUS_{1FF96026-A04A-4C3E-B50A-BB7022654D0F}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_PROPLUS_{71F055E8-E2C6-4214-BB3D-BFE03561B89E}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0413-0000-0000000FF1CE}" = Microsoft Office Proof (Dutch) 2007
"{90120000-001F-0413-0000-0000000FF1CE}_PROPLUS_{2C95E7EE-FEA7-4B3A-A6E5-DF90A88B816A}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007
"{90120000-001F-0C0A-0000-0000000FF1CE}_PROPLUS_{2314F9A1-126F-45CC-8A5E-DFAF866F3FBC}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-002A-0000-1000-0000000FF1CE}_PROPLUS_{664655D8-B9BB-455D-8A58-7EAF7B0B2862}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-002A-040C-1000-0000000FF1CE}_PROPLUS_{8283FD64-6A3B-4104-9E12-7CA25EF29A1A}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-002C-040C-0000-0000000FF1CE}" = Microsoft Office Proofing (French) 2007
"{90120000-0044-040C-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (French) 2007
"{90120000-0044-040C-0000-0000000FF1CE}_PROPLUS_{CF3C20A6-47B7-48DA-95C1-6FBB5A439AF8}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-006E-040C-0000-0000000FF1CE}" = Microsoft Office Shared MUI (French) 2007
"{90120000-006E-040C-0000-0000000FF1CE}_PROPLUS_{8283FD64-6A3B-4104-9E12-7CA25EF29A1A}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90140000-2005-0000-0000-0000000FF1CE}" = Microsoft Office File Validation Add-In
"{90140011-0066-040C-0000-0000000FF1CE}" = Microsoft Office Starter 2010 - Français
"{95140000-0070-0000-0000-0000000FF1CE}" = Microsoft Office 2010
"{983A660B-E298-0421-19B5-45897FC8B6E9}" = CCC Help Dutch
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9BE36BA3-1FA4-0D64-44D2-C787C4CEDE85}" = CCC Help Greek
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{A45EA225-8303-611C-D0FA-A1794E938CA5}" = CCC Help English
"{A49F249F-0C91-497F-86DF-B2585E8E76B7}" = Microsoft Visual C++ 2005 Redistributable
"{A53A11EA-0095-493F-86FA-A15E8A86A405}" = VMware Player
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AC76BA86-7AD7-FFFF-7B44-AA0000000001}" = Adobe Reader X (10.1.7) MUI
"{ACD9C758-45E9-48F9-89B1-14761D288014}" = CCC Help Russian
"{ACF60000-22B9-4CE9-98D6-2CCF359BAC07}" = ABBYY FineReader 6.0 Sprint
"{B1F3EDAC-F0A2-4615-A4E1-AAF4358B0157}_is1" = AutoData version 3.38
"{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1" = Spybot - Search & Destroy
"{B659C147-F295-8B3E-33B6-A95E319B428A}" = CCC Help Chinese Traditional
"{BAB9E22B-A2C8-5738-BB10-4881A1AA45EC}" = CCC Help Spanish
"{BE816F03-DFA8-01E2-FE19-99A9DCD8A460}" = CCC Help Swedish
"{C0F1D697-0C8F-4563-A406-830AE52BCE65}" = EWA_net_WIS
"{C1325A6D-E585-3B9E-6262-AE805FF54948}" = Catalyst Control Center Localization All
"{C18A0418-442A-4186-AF98-D08F5054A2FC}" = Nero DiscSpeed 10 Help (CHM)
"{C7888DE5-689C-C8D1-3CF5-70180272083F}" = CCC Help German
"{CB4A1B25-37AF-4050-AFD9-837FBADF7CD7}" = Catalyst Control Center - Branding
"{D3E5A972-9A15-427D-AE78-8181A5FD943C}" = eBay Worldwide
"{D45240D3-B6B3-4FF9-B243-54ECE3E10066}" = Windows Live Communications Platform
"{D78A1468-84FD-4226-BB33-713A7EBE3028}" = Document_Installer
"{D7D2F494-89E3-42ED-8A2B-75BDD9B464CB}" = D-Link DWA-140
"{DF19A8EB-9429-1844-16F7-91A649588C99}" = CCC Help Turkish
"{DFA1C724-02CB-24C3-4283-9C63100C5234}" = CCC Help Chinese Standard
"{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10
"{E24D1CB0-0ECB-0839-778F-C4237F105D68}" = CCC Help Norwegian
"{E68C5783-A1E6-4D4C-83D4-99DD470F3D94}" = EWA_net_Server
"{E8E37C4F-DE01-4286-AFB6-9FBEC8265A1A}" =  clear.fi
"{EC17C160-E2F0-47CC-86D4-140AE22EC38E}" = ETK (Lokal)
"{EE171732-BEB4-4576-887D-CB62727F01CA}" = Acer Updater
"{EF35E6F2-848E-A56A-1080-25861DA79D49}" = CCC Help Danish
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F41852C7-939E-49A3-A5A7-5E3A81C32A8B}" = EWA_net_Core
"{F49AFE1E-A8F1-4764-9138-C82C8E617E2B}" = EWA_net_Admin
"{F5B26951-AE15-F68E-89B0-CE89C7B2F9EA}" = CCC Help Thai
"{F6117F9C-ADB5-4590-9BE4-12C7BEC28702}" = Nero StartSmart 10 Help (CHM)
"{F61D489E-6C44-49AC-AD02-7DA8ACA73A65}" = Nero StartSmart 10
"{FB66215D-0761-EDC1-1446-E1E5286F5A33}" = CCC Help French
"{FDB3B167-F4FA-461D-976F-286304A57B2A}" = Adobe AIR
"{FE14010A-0AFF-88E8-B273-B878D8558195}" = CCC Help Polish
"Acer Registration" = Acer Registration
"Acer Screensaver" = Acer ScreenSaver
"Acer Welcome Center" = Welcome Center
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"Adobe SVG Viewer" = Adobe SVG Viewer 3.0
"Astroburn Lite" = Astroburn Lite
"autolyrics@man-soft.net" = Auto Lyrics
"DAEMON Tools Lite" = DAEMON Tools Lite
"ElsaWin" = ElsaWin
"ETKA7.3_International_2011" = ETKA7.3 International 2011
"EWA net" = EWA net
"Fences" = Fences
"FoozKids" = Fooz Kids
"Google Chrome" = Google Chrome
"Hardlock Device Drivers" = Hardlock Device Drivers
"Hotkey Utility" = Hotkey Utility
"Identity Card" = Identity Card
"ImgBurn" = ImgBurn
"InstallShield_{37126D87-E4FD-4614-B908-A0BB7ECE3992}" = clear.fi
"Logitech Vid" = Logitech Vid HD
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware version 1.75.0.1300
"Mozilla Thunderbird 17.0.6 (x86 fr)" = Mozilla Thunderbird 17.0.6 (x86 fr)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"NetMeter_is1" = NetMeter 1.1.3
"Office14.Click2Run" = Microsoft Office « Démarrer en un clic » 2010
"PROPLUS" = Microsoft Office Professional Plus 2007
"TeamViewer 8" = TeamViewer 8
"Vivid WorkshopData ATI" = Vivid WorkshopData ATI
"VLC media player" = VLC media player 2.0.4
"VMware_Player" = VMware Player
"WildTangent acer Master Uninstall" = Acer Games
"WTA-0a437395-e6df-48fc-8c80-4c446c4b5f4b" = Torchlight
"WTA-247d1b98-6aee-4276-8925-a381113741eb" = Bejeweled 2 Deluxe
"WTA-282baf99-bcb6-43d6-9750-04e4f7b636f4" = Wedding Dash
"WTA-427375d3-7715-4bc2-a67b-f3e19b82309f" = FATE
"WTA-65ff07ea-b4c6-485e-b4d2-fbdb205cf2f8" = Slingo Deluxe
"WTA-72d2b19a-5f1c-4462-a5f9-3b9754c34b74" = Final Drive: Nitro
"WTA-7bd5906f-2007-4fdc-8b67-af52c4554c76" = John Deere Drive Green
"WTA-a1da0066-e67d-46e8-b969-f7503deaa4e7" = Insaniquarium Deluxe
"WTA-b6af2b93-7c82-4284-a4a7-2cb9a564ef6f" = Agatha Christie - Death on the Nile
"WTA-ca995f85-de02-4e40-a360-0d9177515259" = Polar Bowler
"WTA-d01189fd-4ec7-4f0e-a719-f9dae2d313d3" = Mystery of Mortlake Mansion
"WTA-d666f24c-d929-4567-9bbb-b36579f4a10f" = Zuma Deluxe
"WTA-e2910806-af60-4ab9-8a81-4b474c10747f" = Virtual Villagers 4 - The Tree of Life
"WTA-e34fae9f-e5ee-4dfb-b188-0b60ecf0af31" = Plants vs. Zombies - Game of the Year
"WTA-ed4d98a0-010b-4fbe-8bdc-680c546cd8c1" = Penguins!
"WTA-f14af443-face-474c-b679-5afb93b31f98" = Crazy Chicken Kart 2
"WTA-f8d9145a-61d1-4e24-b25d-6bd268f70ed6" = Jewel Match 3
 
========== HKEY_USERS Uninstall List ==========
 
[HKEY_USERS\S-1-5-21-3495972118-1920290018-178275041-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Google Chrome" = Google Chrome
 
========== Last 20 Event Log Errors ==========
 
[ Application Events ]
Error - 03/04/2013 02:29:16 | Computer Name = MECAHIMSELF-PC | Source = SideBySide | ID = 16842815
Description = La création du contexte d’activation a échoué pour « c:\program files
 (x86)\spybot - search & destroy\DelZip179.dll ». Erreur dans le fichier de manifeste
 ou de stratégie « c:\program files (x86)\spybot - search & destroy\DelZip179.dll »
 à la ligne 8.  La valeur « * » de l’attribut « language » de l’élément « assemblyIdentity »
 n’est pas valide.
 
Error - 03/04/2013 03:22:46 | Computer Name = MECAHIMSELF-PC | Source = WinMgmt | ID = 10
Description =
 
Error - 04/04/2013 01:56:37 | Computer Name = MECAHIMSELF-PC | Source = WinMgmt | ID = 10
Description =
 
Error - 04/04/2013 02:20:14 | Computer Name = MECAHIMSELF-PC | Source = SideBySide | ID = 16842815
Description = La création du contexte d’activation a échoué pour « c:\program files
 (x86)\spybot - search & destroy\DelZip179.dll ». Erreur dans le fichier de manifeste
 ou de stratégie « c:\program files (x86)\spybot - search & destroy\DelZip179.dll »
 à la ligne 8.  La valeur « * » de l’attribut « language » de l’élément « assemblyIdentity »
 n’est pas valide.
 
Error - 05/04/2013 01:53:03 | Computer Name = MECAHIMSELF-PC | Source = WinMgmt | ID = 10
Description =
 
Error - 05/04/2013 03:01:50 | Computer Name = MECAHIMSELF-PC | Source = SideBySide | ID = 16842815
Description = La création du contexte d’activation a échoué pour « c:\program files
 (x86)\spybot - search & destroy\DelZip179.dll ». Erreur dans le fichier de manifeste
 ou de stratégie « c:\program files (x86)\spybot - search & destroy\DelZip179.dll »
 à la ligne 8.  La valeur « * » de l’attribut « language » de l’élément « assemblyIdentity »
 n’est pas valide.
 
Error - 06/04/2013 02:05:24 | Computer Name = MECAHIMSELF-PC | Source = WinMgmt | ID = 10
Description =
 
Error - 06/04/2013 02:40:18 | Computer Name = MECAHIMSELF-PC | Source = SideBySide | ID = 16842815
Description = La création du contexte d’activation a échoué pour « c:\program files
 (x86)\spybot - search & destroy\DelZip179.dll ». Erreur dans le fichier de manifeste
 ou de stratégie « c:\program files (x86)\spybot - search & destroy\DelZip179.dll »
 à la ligne 8.  La valeur « * » de l’attribut « language » de l’élément « assemblyIdentity »
 n’est pas valide.
 
Error - 07/04/2013 03:24:16 | Computer Name = MECAHIMSELF-PC | Source = WinMgmt | ID = 10
Description =
 
Error - 07/04/2013 04:58:57 | Computer Name = MECAHIMSELF-PC | Source = SideBySide | ID = 16842815
Description = La création du contexte d’activation a échoué pour « c:\program files
 (x86)\spybot - search & destroy\DelZip179.dll ». Erreur dans le fichier de manifeste
 ou de stratégie « c:\program files (x86)\spybot - search & destroy\DelZip179.dll »
 à la ligne 8.  La valeur « * » de l’attribut « language » de l’élément « assemblyIdentity »
 n’est pas valide.
 
Error - 08/04/2013 01:51:58 | Computer Name = MECAHIMSELF-PC | Source = WinMgmt | ID = 10
Description =
 
[ OSession Events ]
Error - 12/10/2012 11:26:12 | Computer Name = MECAHIMSELF-PC | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 1, Application Name: Microsoft Office Excel, Application Version:
 12.0.6661.5000, Microsoft Office Version: 12.0.6612.1000. This session lasted 113
 seconds with 0 seconds of active time.  This session ended with a crash.
 
Error - 31/10/2012 12:53:36 | Computer Name = MECAHIMSELF-PC | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 1, Application Name: Microsoft Office Excel, Application Version:
 12.0.6661.5000, Microsoft Office Version: 12.0.6612.1000. This session lasted 94
 seconds with 0 seconds of active time.  This session ended with a crash.
 
Error - 15/11/2012 11:34:05 | Computer Name = MECAHIMSELF-PC | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
 12.0.6662.5003, Microsoft Office Version: 12.0.6612.1000. This session lasted 26624
 seconds with 4680 seconds of active time.  This session ended with a crash.
 
[ System Events ]
Error - 21/05/2013 02:08:08 | Computer Name = MECAHIMSELF-PC | Source = Application Popup | ID = 1060
Description = Le chargement de \??\C:\Windows\SysWow64\Drivers\NSHE.SYS a été bloqué
 en raison d’une incompatibilité avec ce système. Contactez l’éditeur de votre logiciel
 pour obtenir une version compatible du pilote.
 
Error - 21/05/2013 02:08:08 | Computer Name = MECAHIMSELF-PC | Source = Service Control Manager | ID = 7000
Description = Le service Guardant Emulator Driver n’a pas pu démarrer en raison
de l’erreur :   %%1275
 
Error - 21/05/2013 02:08:34 | Computer Name = MECAHIMSELF-PC | Source = Service Control Manager | ID = 7026
Description = Le pilote de démarrage système ou d’amorçage suivant n’a pas pu se
 charger :   SBRE
 
Error - 21/05/2013 02:32:42 | Computer Name = MECAHIMSELF-PC | Source = Schannel | ID = 36887
Description = L’alerte fatale suivante a été reçue : 20.
 
Error - 21/05/2013 02:32:42 | Computer Name = MECAHIMSELF-PC | Source = Schannel | ID = 36887
Description = L’alerte fatale suivante a été reçue : 20.
 
Error - 21/05/2013 02:32:42 | Computer Name = MECAHIMSELF-PC | Source = Schannel | ID = 36887
Description = L’alerte fatale suivante a été reçue : 20.
 
Error - 21/05/2013 02:32:42 | Computer Name = MECAHIMSELF-PC | Source = Schannel | ID = 36887
Description = L’alerte fatale suivante a été reçue : 20.
 
Error - 21/05/2013 10:37:12 | Computer Name = MECAHIMSELF-PC | Source = Schannel | ID = 36888
Description = L’alerte fatale suivante a été générée : 42. L’état d’erreur interne
 est 250.
 
Error - 21/05/2013 11:31:20 | Computer Name = MECAHIMSELF-PC | Source = Schannel | ID = 36888
Description = L’alerte fatale suivante a été générée : 42. L’état d’erreur interne
 est 250.
 
Error - 21/05/2013 11:31:20 | Computer Name = MECAHIMSELF-PC | Source = Schannel | ID = 36888
Description = L’alerte fatale suivante a été générée : 42. L’état d’erreur interne
 est 250.
 
 
< End of report >
 



#3 nasdaq

nasdaq

  • Malware Response Team
  • 38,769 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:12:38 PM

Posted 26 May 2013 - 09:32 AM

Hello, Welcome to BleepingComputer.
I'm nasdaq and will be helping you.

If you can please print this topic it will make it easier for you to follow the instructions and complete all of the necessary steps.
===

Search and delete the AdWare, PUP (Potentially Unwanted Program) installed on your computer.

Please download AdwCleaner by Xplode onto your Desktop.
  • Close all open programs and internet browsers.
  • Double click on AdwCleaner.exe to run the tool.
  • Click on Delete tab follow the prompts.
  • A log file will automatically open after the scan has finished.
  • Please post the content of that log file with your next answer.
  • You can find the log file at C:\AdwCleaner[Rn].txt (n is a number).
  • ===

    Please download ComboFix from any of the links below, and save it to your desktop. For information regarding this download, please visit this web page: http://www.bleepingcomputer.com/combofix/how-to-use-combofix
    Link 1
    Link 2

    IMPORTANT !!! Save ComboFix.exe to your Desktop

    1. Close any open browsers.
    2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
    3. Do not install any other programs until this if fixed.


    How to : Disable Anti-virus and Firewall...
    http://www.bleepingcomputer.com/forums/topic114351.html

    Double click on ComboFix.exe and follow the prompts.
  • When finished, it will produce a report for you.
  • Please post the C:\ComboFix.txt
  • Note: Do not mouse click ComboFix's window while it's running. That may cause it to stall

    Note: If you have difficulty properly disabling your protective programs, refer to this link --> http://www.bleepingcomputer.com/forums/topic114351.html

    Note: If after running ComboFix you get this error message "Illegal operation attempted on a registry key that has been marked for deletion." when attempting to run a program all you need to do is restart the computer to reset the registry.
    ===

    Please download and run this DDS Scanning Tool. Nothing will be deleted. It will just give me some additional information about your system.

    Download DDS by sUBs from one of the following links if you no longer have it available. Save it to your desktop.

    1: DDS.scr (Not recommended if you use Chrome to download this .scr file. Use the other options.)
    2: DDS.pif
    3: DDS.COM

    Double click on the DDS icon, allow it to run.
    A small box will open, with an explanation about the tool. No input is needed, the scan is running.
    Notepad will open with the results.
    Follow the instructions that pop up for posting the results.Please note: You may have to disable any script protection running if the scan fails to run.

    dds_scr.gif

    Please just paste the contents of the DDS.txt log in your next post. DO NOT attach the log.


    Third party programs if not up to date can be the cause of infiltration an infection.

    Please run this security check for my review.

    Download Security Check by screen317 from here.
  • Save it to your Desktop.
  • Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
  • A Notepad document should open automatically called checkup.txt; please post the contents of that document.
  • ===

    Please paste the logs in your next reply DO NOT ATTACH THEM.
    Let me know what problem persists.
  • [/list]


#4 ebouge

ebouge
  • Topic Starter

  • Members
  • 19 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:LFBO
  • Local time:05:38 PM

Posted 27 May 2013 - 04:37 AM

Hello nasdaq,

 

Thank you very much for your answer. I ran all the tasks that you requested. You will find below the resulting logs.

 

So far I re-enabled all security tools and evrything seems to be in order. However, I refrained from testing further dowloads or new installations, in case you would request me to run additional tasks and/or reports.

 

Result from AdwCleaner.exe, C:\AdwCleaner[S1].txt:

 


# AdwCleaner v2.301 - Rapport créé le 26/05/2013 à 23:49:30
# Mis à jour le 16/05/2013 par Xplode
# Système d'exploitation : Windows 7 Home Premium Service Pack 1 (64 bits)
# Nom d'utilisateur : MECAHIMSELF - MECAHIMSELF-PC
# Mode de démarrage : Normal
# Exécuté depuis : C:\Users\MECAHIMSELF\Desktop\adwcleaner.exe
# Option [Suppression]


***** [Services] *****

Arrêté & Supprimé : Browser Manager

***** [Fichiers / Dossiers] *****

Dossier Supprimé : C:\Program Files (x86)\AutoLyrics
Dossier Supprimé : C:\Program Files (x86)\Software
Dossier Supprimé : C:\ProgramData\Tarma Installer
Dossier Supprimé : C:\Users\MECAHIMSELF\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkcdkfohdadbjmlfejhncigcbfkiaamf
Dossier Supprimé : C:\Users\MECAHIMSELF\AppData\Local\PackageAware
Dossier Supprimé : C:\Users\MECAHIMSELF\AppData\Roaming\BabSolution
Dossier Supprimé : C:\Users\MECAHIMSELF\AppData\Roaming\Mozilla\Firefox\Profiles\7xajsnz3.default\extensions\plugin@yontoo.com
Dossier Supprimé : C:\Users\MECAHIMSELF\AppData\Roaming\Mozilla\Firefox\Profiles\7xajsnz3.default\jetpack
Dossier Supprimé : C:\Users\MECAHIMSELF\AppData\Roaming\Nosibay
Fichier Supprimé : C:\END
Fichier Supprimé : C:\Program Files (x86)\Mozilla Firefox\searchplugins\adawaretb.xml
Fichier Supprimé : C:\user.js
Fichier Supprimé : C:\Users\MECAHIMSELF\AppData\Local\Google\Chrome\User Data\Default\bprotectorpreferences
Fichier Supprimé : C:\Users\MECAHIMSELF\AppData\Roaming\Mozilla\Firefox\Profiles\7xajsnz3.default\bprotector_extensions.sqlite
Fichier Supprimé : C:\Users\MECAHIMSELF\AppData\Roaming\Mozilla\Firefox\Profiles\7xajsnz3.default\bprotector_prefs.js
Fichier Supprimé : C:\Users\MECAHIMSELF\AppData\Roaming\Mozilla\Firefox\Profiles\7xajsnz3.default\extensions\plugin@yontoo.com.xpi
Fichier Supprimé : C:\Users\MECAHIMSELF\AppData\Roaming\Mozilla\Firefox\Profiles\7xajsnz3.default\searchplugins\Babylon.xml
Fichier Supprimé : C:\Users\MECAHIMSELF\AppData\Roaming\Mozilla\Firefox\Profiles\7xajsnz3.default\searchplugins\delta.xml
Supprimé au redémarrage : C:\ProgramData\Browser Manager

***** [Registre] *****

Clé Supprimée : HKCU\Software\AppDataLow\Software\AutoLyrics
Clé Supprimée : HKCU\Software\AppDataLow\Software\Crossrider
Clé Supprimée : HKCU\Software\AppDataLow\Software\Savings Sidekick
Clé Supprimée : HKCU\Software\DataMngr
Clé Supprimée : HKCU\Software\DataMngr_Toolbar
Clé Supprimée : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\bProtectSettings
Clé Supprimée : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{DAEB9E85-4694-4F9B-85CB-2F28987872D7}
Clé Supprimée : HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\grusskartencenter.com
Clé Supprimée : HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\EscDomains\grusskartencenter.com
Clé Supprimée : HKCU\Software\Nosibay
Clé Supprimée : HKCU\Software\Softonic
Clé Supprimée : HKCU\Software\5b55da88bd68eb42
Clé Supprimée : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{0ECDF796-C2DC-4D79-A620-CCE0C0A66CC9}
Clé Supprimée : HKLM\SOFTWARE\Classes\AppID\{C26644C4-2A12-4CA6-8F2E-0EDE6CF018F3}
Clé Supprimée : HKLM\SOFTWARE\Classes\Prod.cap
Clé Supprimée : HKLM\Software\DataMngr
Clé Supprimée : HKLM\SOFTWARE\Microsoft\Tracing\ConduitInstaller_RASAPI32
Clé Supprimée : HKLM\SOFTWARE\Microsoft\Tracing\ConduitInstaller_RASMANCS
Clé Supprimée : HKLM\SOFTWARE\Microsoft\Tracing\MyBabylontb_RASAPI32
Clé Supprimée : HKLM\SOFTWARE\Microsoft\Tracing\MyBabylontb_RASMANCS
Clé Supprimée : HKLM\SOFTWARE\Microsoft\Tracing\Savings Sidekick_RASAPI32
Clé Supprimée : HKLM\SOFTWARE\Microsoft\Tracing\Savings Sidekick_RASMANCS
Clé Supprimée : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{DF7770F7-832F-4BDF-B144-100EDDD0C3AE}
Clé Supprimée : HKLM\Software\TENCENT
Clé Supprimée : HKLM\SOFTWARE\Wow6432Node\5b55da88bd68eb42
Clé Supprimée : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{DAEB9E85-4694-4F9B-85CB-2F28987872D7}
Clé Supprimée : HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\dhdepfaagokllfmhfbcfmocaeigmoebo
Clé Supprimée : HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\niapdbllcanepiiimjjndipklodoedlc
Clé Supprimée : HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\pgafcinpmmpklohkojmllohdhomoefph
Clé Supprimée : HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\pkcdkfohdadbjmlfejhncigcbfkiaamf
Clé Supprimée : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DAEB9E85-4694-4F9B-85CB-2F28987872D7}
Clé Supprimée : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{15D2D75C-9CB2-4EFD-BAD7-B9B4CB4BC693}
Clé Supprimée : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\autolyrics@man-soft.net
Clé Supprimée : HKLM\SOFTWARE\Classes\Interface\{1231839B-064E-4788-B865-465A1B5266FD}
Clé Supprimée : HKLM\SOFTWARE\Classes\Interface\{2DAC2231-CC35-482B-97C5-CED1D4185080}
Clé Supprimée : HKLM\SOFTWARE\Classes\Interface\{3F1CD84C-04A3-4EA0-9EA1-7D134FD66C82}
Clé Supprimée : HKLM\SOFTWARE\Classes\Interface\{3F83A9CA-B5F0-44EC-9357-35BB3E84B07F}
Clé Supprimée : HKLM\SOFTWARE\Classes\Interface\{47E520EA-CAD2-4F51-8F30-613B3A1C33EB}
Clé Supprimée : HKLM\SOFTWARE\Classes\Interface\{57C91446-8D81-4156-A70E-624551442DE9}
Clé Supprimée : HKLM\SOFTWARE\Classes\Interface\{70AFB7B2-9FB5-4A70-905B-0E9576142E1D}
Clé Supprimée : HKLM\SOFTWARE\Classes\Interface\{7AD65FD1-79E0-406D-B03C-DD7C14726D69}
Clé Supprimée : HKLM\SOFTWARE\Classes\Interface\{97DD820D-2E20-40AD-B01E-6730B2FCE630}
Clé Supprimée : HKLM\SOFTWARE\Classes\Interface\{B177446D-54A4-4869-BABC-8566110B4BE0}
Clé Supprimée : HKLM\SOFTWARE\Classes\Interface\{D9D1DFC5-502D-43E4-B1BB-4D0B7841489A}
Clé Supprimée : HKLM\SOFTWARE\Classes\Interface\{E0B07188-A528-4F9E-B2F7-C7FDE8680AE4}
Clé Supprimée : HKLM\SOFTWARE\Classes\Interface\{F05B12E1-ADE8-4485-B45B-898748B53C37}
Clé Supprimée : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{889DF117-14D1-44EE-9F31-C5FB5D47F68B}
Clé Supprimée : HKLM\SOFTWARE\Tarma Installer
Clé Supprimée : HKU\.DEFAULT\Software\Microsoft\Internet Explorer\SearchScopes\{0ECDF796-C2DC-4D79-A620-CCE0C0A66CC9}
Clé Supprimée : HKU\S-1-5-18\Software\Microsoft\Internet Explorer\SearchScopes\{0ECDF796-C2DC-4D79-A620-CCE0C0A66CC9}
Clé Supprimée : HKU\S-1-5-21-3495972118-1920290018-178275041-1000\Software\Microsoft\Internet Explorer\SearchScopes\{0ECDF796-C2DC-4D79-A620-CCE0C0A66CC9}
Valeur Supprimée : HKCU\Software\Microsoft\Internet Explorer\Main [bprotector start page]
Valeur Supprimée : HKCU\Software\Microsoft\Internet Explorer\SearchScopes [bProtectorDefaultScope]
Valeur Supprimée : HKCU\Software\Microsoft\Windows\CurrentVersion\Run [Bubble Dock]

***** [Navigateurs] *****

-\\ Internet Explorer v9.0.8112.16483

[OK] Le registre ne contient aucune entrée illégitime.

-\\ Mozilla Firefox v [Impossible d'obtenir la version]

Fichier : C:\Users\MECAHIMSELF\AppData\Roaming\Mozilla\Firefox\Profiles\7xajsnz3.default\prefs.js

C:\Users\MECAHIMSELF\AppData\Roaming\Mozilla\Firefox\Profiles\7xajsnz3.default\user.js ... Supprimé !

Supprimée : user_pref("extentions.y2layers.defaultEnableAppsList", "twittube,buzzdock,YontooNewOffers");
Supprimée : user_pref("extentions.y2layers.installId", "e58edf5d-fab0-4b41-b118-6a9ce4ee90ba");

-\\ Google Chrome v27.0.1453.94

Fichier : C:\Users\MECAHIMSELF\AppData\Local\Google\Chrome\User Data\Default\Preferences

[OK] Le fichier ne contient aucune entrée illégitime.

*************************

AdwCleaner[S1].txt - [7636 octets] - [26/05/2013 23:49:30]

########## EOF - C:\AdwCleaner[S1].txt - [7696 octets] ##########

 

Result from ComboFix:

No issue with error message "Illegal operation attempted on a registry key that has been marked for deletion." i.e. that message did not show up.

 

 

 

ComboFix 13-05-25.02 - MECAHIMSELF 27/05/2013   0:10.3.2 - x64
Microsoft Windows 7 Édition Familiale Premium   6.1.7601.1.1252.33.1036.18.3576.1954 [GMT 2:00]
Lancé depuis: c:\users\MECAHIMSELF\Desktop\ComboFix.exe
AV: Microsoft Security Essentials *Disabled/Updated* {3F839487-C7A2-C958-E30C-E2825BA31FB5}
SP: Microsoft Security Essentials *Disabled/Updated* {84E27563-E198-C6D6-D9BC-D9F020245508}
SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
 * Un nouveau point de restauration a été créé
.
.
((((((((((((((((((((((((((((((((((((   Autres suppressions   ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\programdata\SPL1940.tmp
c:\windows\SysWow64\logs
c:\windows\SysWow64\UNWISE.EXE
.
.
(((((((((((((((((((((((((((((   Fichiers créés du 2013-04-27 au 2013-05-27  ))))))))))))))))))))))))))))))))))))
.
.
2013-05-27 01:26 . 2013-05-27 01:26    --------    d-----w-    c:\users\Public\AppData\Local\temp
2013-05-27 01:26 . 2013-05-27 01:26    --------    d-----w-    c:\users\Default\AppData\Local\temp
2013-05-26 22:04 . 2013-05-13 06:37    9460464    ----a-w-    c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{57E4DD2F-ED92-4D64-A757-04E8AEB974F0}\mpengine.dll
2013-05-25 01:30 . 2013-05-13 06:37    9460464    ----a-w-    c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2013-05-22 17:01 . 2013-05-22 17:01    --------    d-----w-    c:\program files (x86)\HooTech Net Meter
2013-05-22 01:34 . 2013-05-22 01:34    964552    ------w-    c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{9BBC18C5-DA93-4987-9DE7-F6C36F734F70}\gapaengine.dll
2013-05-21 19:46 . 2013-05-21 19:46    --------    d-----w-    C:\tdsskiller
2013-05-21 15:31 . 2013-05-21 15:31    --------    d-----w-    c:\programdata\Software
2013-05-21 15:31 . 2013-05-21 15:36    --------    d-----w-    c:\users\MECAHIMSELF\AppData\Roaming\NetMeter
2013-05-21 15:31 . 2013-05-22 17:00    --------    d-----w-    c:\program files (x86)\NetMeter
2013-05-21 15:29 . 2013-05-21 15:29    --------    d-----w-    c:\users\MECAHIMSELF\AppData\Local\Software
2013-05-20 19:31 . 2013-05-05 21:36    17818624    ----a-w-    c:\windows\system32\mshtml.dll
2013-05-20 19:31 . 2013-05-05 21:16    2382848    ----a-w-    c:\windows\system32\mshtml.tlb
2013-05-20 19:31 . 2013-05-05 19:12    2382848    ----a-w-    c:\windows\SysWow64\mshtml.tlb
2013-05-20 12:48 . 2013-05-20 12:48    --------    d-----w-    c:\program files (x86)\TeamViewer
2013-05-20 10:11 . 2013-05-20 10:11    82432    ----a-w-    c:\users\MECAHIMSELF\AppData\Roaming\Microsoft\MSXML2\msxml4r.dll
2013-05-20 10:11 . 2013-05-20 10:11    44544    ----a-w-    c:\users\MECAHIMSELF\AppData\Roaming\Microsoft\MSXML2\msxml4a.dll
2013-05-20 10:11 . 2013-05-20 10:11    1275392    ----a-w-    c:\users\MECAHIMSELF\AppData\Roaming\Microsoft\MSXML2\msxml4.dll
2013-05-20 06:50 . 2013-04-10 06:01    265064    ----a-w-    c:\windows\system32\drivers\dxgmms1.sys
2013-05-20 06:50 . 2013-04-10 06:01    983400    ----a-w-    c:\windows\system32\drivers\dxgkrnl.sys
2013-05-20 06:50 . 2011-02-03 11:25    144384    ----a-w-    c:\windows\system32\cdd.dll
2013-05-18 19:25 . 2013-02-01 07:22    18028052    ----a-w-    C:\FPreis.bin
2013-05-15 18:17 . 2013-04-10 03:30    3153920    ----a-w-    c:\windows\system32\win32k.sys
2013-05-15 18:17 . 2013-02-27 05:52    14172672    ----a-w-    c:\windows\system32\shell32.dll
2013-05-15 18:17 . 2013-02-27 04:49    1796096    ----a-w-    c:\windows\SysWow64\authui.dll
2013-05-15 18:17 . 2013-02-27 05:52    197120    ----a-w-    c:\windows\system32\shdocvw.dll
2013-05-15 18:17 . 2013-02-27 06:02    111448    ----a-w-    c:\windows\system32\consent.exe
2013-05-15 18:17 . 2013-02-27 05:48    1930752    ----a-w-    c:\windows\system32\authui.dll
2013-05-15 18:17 . 2013-02-27 05:47    70144    ----a-w-    c:\windows\system32\appinfo.dll
2013-05-15 18:16 . 2013-03-19 05:53    48640    ----a-w-    c:\windows\system32\wwanprotdim.dll
2013-05-15 18:16 . 2013-03-19 05:53    230400    ----a-w-    c:\windows\system32\wwansvc.dll
2013-05-15 18:16 . 2013-04-01 06:03    78680    ----a-w-    c:\windows\system32\mcupdate_AuthenticAMD.dll
2013-05-15 12:35 . 2013-05-15 13:25    --------    d-----w-    c:\program files (x86)\Mozilla Thunderbird
2013-05-10 13:40 . 2013-05-10 13:40    --------    d-----w-    c:\programdata\EWA
2013-05-10 13:38 . 2013-05-10 13:38    208896    ----a-w-    c:\windows\SysWow64\UniBoxVB12.ocx
2013-05-10 13:38 . 2013-05-10 13:38    987136    ----a-w-    c:\windows\SysWow64\UniBox210.ocx
2013-05-10 13:38 . 2013-05-10 13:38    438272    ----a-w-    c:\windows\SysWow64\UniBox10.ocx
2013-05-10 13:38 . 2013-05-10 13:38    140488    ----a-w-    c:\windows\SysWow64\comdlg32.ocx
2013-05-10 13:38 . 2013-05-10 13:38    608448    ----a-w-    c:\windows\SysWow64\COMCTL32.OCX
2013-05-10 13:38 . 2013-05-10 13:38    192512    ----a-w-    c:\windows\SysWow64\hpnls.dll
2013-05-10 13:38 . 2013-05-10 13:38    147456    ----a-w-    c:\windows\SysWow64\HPLog.dll
2013-05-10 13:32 . 2013-05-10 14:00    --------    d-----w-    c:\program files (x86)\EWA net
2013-05-10 13:29 . 2013-05-10 13:29    283200    ----a-w-    c:\windows\system32\drivers\dtsoftbus01.sys
2013-05-10 13:29 . 2013-05-10 13:29    --------    d-----w-    c:\program files (x86)\DAEMON Tools Lite
2013-05-09 16:17 . 2013-05-14 17:47    --------    d-----w-    c:\users\MECAHIMSELF\AppData\Roaming\ImgBurn
2013-05-09 16:14 . 2013-05-09 16:14    --------    d-----w-    c:\program files (x86)\ImgBurn
2013-05-09 11:46 . 2008-11-23 09:23    97792    ----a-w-    c:\windows\SysWow64\drivers\NSHE.SYS
2013-05-09 11:46 . 2006-10-18 17:12    191488    ----a-w-    c:\windows\SysWow64\hlvdd.dll
2013-05-09 11:45 . 2006-12-04 08:44    314368    ----a-w-    c:\windows\system32\drivers\hardlock.sys
2013-05-09 11:45 . 2006-12-04 08:44    90240    ----a-w-    c:\windows\system32\drivers\akshasp.sys
2013-05-09 11:45 . 2006-12-04 08:44    18688    ----a-w-    c:\windows\system32\drivers\aksusb.sys
2013-05-09 11:45 . 2006-12-13 16:14    65024    ----a-w-    c:\windows\system32\drivers\aksdf.sys
2013-05-09 11:45 . 2006-10-16 17:34    13952    ----a-w-    c:\windows\system32\drivers\aksclass.sys
2013-05-09 11:45 . 2006-10-16 17:34    10752    ----a-w-    c:\windows\system32\akscoinst.dll
2013-05-09 11:45 . 2006-12-20 09:55    3066968    ----a-w-    c:\windows\SysWow64\hinstd.dll
2013-05-09 11:45 . 2006-12-20 08:00    671112    ----a-w-    c:\windows\SysWow64\hdinst_windows.dll
2013-05-09 11:45 . 2006-12-20 08:00    2511360    ----a-w-    c:\windows\SysWow64\haspds_windows.dll
2013-05-09 11:45 . 2006-11-30 09:06    69632    ----a-w-    c:\windows\SysWow64\hasp_inst_help1.dll
2013-05-09 11:45 . 2005-09-06 15:06    28672    ----a-w-    c:\windows\SysWow64\hlduinst.exe
2013-05-09 11:15 . 2013-05-09 11:15    --------    d-----w-    c:\windows\ETKA7.3_International
2013-05-09 11:03 . 2012-12-28 05:04    68608    ----a-w-    c:\windows\system32\drivers\multikey.sys
2013-05-07 06:03 . 2013-05-07 06:03    --------    d-----w-    c:\program files (x86)\Common Files\Java
2013-05-07 06:03 . 2013-04-04 03:35    95648    ----a-w-    c:\windows\SysWow64\WindowsAccessBridge-32.dll
.
.
.
((((((((((((((((((((((((((((((((((   Compte-rendu de Find3M   ))))))))))))))))))))))))))))))))))))))))))))))))
.
2013-05-20 19:32 . 2012-09-27 09:10    75016696    ----a-w-    c:\windows\system32\MRT.exe
2013-05-15 09:20 . 2012-09-25 16:02    692104    ----a-w-    c:\windows\SysWow64\FlashPlayerApp.exe
2013-05-15 09:20 . 2011-07-08 08:29    71048    ----a-w-    c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2013-05-02 15:29 . 2010-11-21 03:27    278800    ------w-    c:\windows\system32\MpSigStub.exe
2013-04-24 05:45 . 2012-10-06 17:06    905296    ------w-    c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\NISBackup\gapaengine.dll
2013-04-13 05:49 . 2013-05-20 06:50    135168    ----a-w-    c:\windows\apppatch\AppPatch64\AcXtrnal.dll
2013-04-13 05:49 . 2013-05-20 06:50    350208    ----a-w-    c:\windows\apppatch\AppPatch64\AcLayers.dll
2013-04-13 05:49 . 2013-05-20 06:50    308736    ----a-w-    c:\windows\apppatch\AppPatch64\AcGenral.dll
2013-04-13 05:49 . 2013-05-20 06:50    111104    ----a-w-    c:\windows\apppatch\AppPatch64\acspecfc.dll
2013-04-13 04:45 . 2013-05-20 06:50    474624    ----a-w-    c:\windows\apppatch\AcSpecfc.dll
2013-04-13 04:45 . 2013-05-20 06:50    2176512    ----a-w-    c:\windows\apppatch\AcGenral.dll
2013-04-12 14:45 . 2013-04-24 05:41    1656680    ----a-w-    c:\windows\system32\drivers\ntfs.sys
2013-04-04 12:50 . 2013-03-05 19:05    25928    ----a-w-    c:\windows\system32\drivers\mbam.sys
2013-03-19 06:04 . 2013-04-10 12:05    5550424    ----a-w-    c:\windows\system32\ntoskrnl.exe
2013-03-19 05:46 . 2013-04-10 12:05    43520    ----a-w-    c:\windows\system32\csrsrv.dll
2013-03-19 05:04 . 2013-04-10 12:05    3968856    ----a-w-    c:\windows\SysWow64\ntkrnlpa.exe
2013-03-19 05:04 . 2013-04-10 12:05    3913560    ----a-w-    c:\windows\SysWow64\ntoskrnl.exe
2013-03-19 04:47 . 2013-04-10 12:05    6656    ----a-w-    c:\windows\SysWow64\apisetschema.dll
2013-03-19 03:06 . 2013-04-10 12:05    112640    ----a-w-    c:\windows\system32\smss.exe
2013-03-07 08:16 . 2012-09-25 16:26    861088    ----a-w-    c:\windows\SysWow64\npDeployJava1.dll
2013-03-07 08:16 . 2012-09-25 16:26    782240    ----a-w-    c:\windows\SysWow64\deployJava1.dll
.
.
(((((((((((((((((((((((((((((((((   Points de chargement Reg   ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SpybotSD TeaTimer"="c:\program files (x86)\Spybot - Search & Destroy\TeaTimer.exe" [2009-03-05 2260480]
"DAEMON Tools Lite"="c:\program files (x86)\DAEMON Tools Lite\DTLite.exe" [2013-03-14 3672640]
"NetMeter"="c:\program files (x86)\HooTech Net Meter\HooNetMeter.exe" [2010-09-02 585728]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"Norton Online Backup"="c:\program files (x86)\Symantec\Norton Online Backup\NOBuClient.exe" [2010-06-01 1155928]
"StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2011-05-24 336384]
"ArcadeMovieService"="c:\program files (x86)\Acer\clear.fi\Movie\clear.fiMovieService.exe" [2011-08-31 185640]
"Hotkey Utility"="c:\program files (x86)\Acer\Hotkey Utility\HotkeyUtility.exe" [2011-08-11 627304]
"D-Link D-Link DWA-140"="c:\program files (x86)\D-Link\DWA-140 revB\AirNCFG.exe" [2011-06-29 1074496]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2013-04-04 958576]
"VMware hqtray"="c:\program files (x86)\VMware\VMware Player\hqtray.exe" [2010-11-11 64112]
"Lexmark X5400 Series"="c:\program files (x86)\Lexmark X5400 Series\fm3032.exe" [2007-11-02 307880]
"LogitechQuickCamRibbon"="c:\program files\Logitech\Logitech WebCam Software\LWS.exe" [2009-10-14 2793304]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2013-03-12 253816]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"IsMyWinLockerReboot"="msiexec.exe" [2010-11-21 73216]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Aura.lnk - c:\windows\8 Skin Pack\Aura\Aura.exe [N/A]
TaskbarUserTile.lnk - c:\windows\8 Skin Pack\TaskbarUserTile\UserTile.exe [N/A]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 0 (0x0)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]
"LoadAppInit_DLLs"=1 (0x1)
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"
.
R1 SBRE;SBRE;c:\windows\system32\drivers\SBREdrv.sys [x]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 lxdvCATSCustConnectService;lxdvCATSCustConnectService;c:\windows\system32\spool\DRIVERS\x64\3\\lxdvserv.exe [2007-10-18 33448]
R2 NSHE;Guardant Emulator Driver;c:\windows\system32\Drivers\NSHE.SYS [x]
R3 GamesAppService;GamesAppService;c:\program files (x86)\WildTangent Games\App\GamesAppService.exe [2010-10-12 206072]
R3 lvpepf64;Volume Adapter;c:\windows\system32\DRIVERS\lv302a64.sys [2009-04-30 15896]
R3 LVRS64;Logitech RightSound Filter Driver;c:\windows\system32\DRIVERS\lvrs64.sys [2009-04-30 327576]
R3 NisDrv;Microsoft Network Inspection System;c:\windows\system32\DRIVERS\NisDrvWFP.sys [2013-01-20 130008]
R3 NisSrv;Inspection du réseau Microsoft;c:\program files\Microsoft Security Client\NisSrv.exe [2013-01-27 379360]
R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys [2012-08-23 19456]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2012-08-23 57856]
R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys [2012-08-23 30208]
R3 WatAdminSvc;Service Windows Activation Technologies;c:\windows\system32\Wat\WatAdminSvc.exe [2012-09-26 1255736]
S1 anodlwf;ANOD Network Security Filter driver;c:\windows\system32\DRIVERS\anodlwfx.sys [2011-02-21 15872]
S1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;c:\windows\system32\DRIVERS\dtsoftbus01.sys [2013-05-10 283200]
S2 aksdf;aksdf;c:\windows\system32\DRIVERS\aksdf.sys [2006-12-13 65024]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [2011-05-24 204288]
S2 cvhsvc;Client Virtualization Handler;c:\program files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE [2012-01-04 822624]
S2 D_Link_DWA-140_WPS;D_Link_DWA-140_WPS Service;c:\program files (x86)\D-Link\DWA-140 revB\ANIWConnService.exe [2010-07-12 53248]
S2 EWA net DB Core;EWA net DB Core;c:\program files (x86)\EWA net\database\TransBase EWA\tbmux32.exe [2011-03-09 326616]
S2 EWA net DB EPC;EWA net DB EPC;c:\program files (x86)\EWA net\database\TransBase EPC\tbmux32.exe [2007-11-27 417792]
S2 EWA net DB WIS;EWA net DB WIS;c:\program files (x86)\EWA net\database\TransBase WIS\tbmux32.exe [2011-03-09 326616]
S2 EWA net Server;EWA net Server;c:\program files (x86)\EWA net\server\bin\tomcat.exe [2003-07-31 65536]
S2 GREGService;GREGService;c:\program files (x86)\Acer\Registration\GREGsvc.exe [2011-05-30 36456]
S2 LcSvrAdm;ELSA Administration Service;d:\elsawin\bin\LcSvrAdm.exe [2011-12-06 240640]
S2 LcSvrDba;ELSA DBA Server;d:\elsawin\bin\LcSvrDba.exe [2011-12-06 392704]
S2 LcSvrHis;ELSA Historie Server;d:\elsawin\bin\LcSvrHis.exe [2011-12-06 335360]
S2 LcSvrPAS;ELSA PASS Server;d:\elsawin\bin\LcSvrPas.exe [2011-12-06 477696]
S2 LcSvrSaz;ELSA APOSpro Server;d:\elsawin\bin\LcSvrSaz.exe [2011-12-06 373248]
S2 Live Updater Service;Live Updater Service;c:\program files\Acer\Acer Updater\UpdaterService.exe [2012-02-06 255376]
S2 LVPrcS64;Process Monitor;c:\program files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe [2009-10-06 191000]
S2 lxdv_device;lxdv_device;c:\windows\system32\lxdvcoms.exe [2007-10-18 1044136]
S2 MBAMScheduler;MBAMScheduler;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [2013-04-04 418376]
S2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2013-04-04 701512]
S2 multikey;Virtual USB MultiKey;c:\windows\system32\DRIVERS\multikey.sys [2012-12-28 68608]
S2 NAUpdate;Nero Update;c:\program files (x86)\Nero\Update\NASvc.exe [2010-05-04 503080]
S2 NOBU;Norton Online Backup;c:\program files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe SERVICE [x]
S2 SBSDWSCService;SBSD Security Center Service;c:\program files (x86)\Spybot - Search & Destroy\SDWinSec.exe [2009-01-26 1153368]
S2 sftlist;Application Virtualization Client;c:\program files (x86)\Microsoft Application Virtualization Client\sftlist.exe [2011-10-01 508776]
S2 TeamViewer8;TeamViewer 8;c:\program files (x86)\TeamViewer\Version8\TeamViewer_Service.exe [2013-04-23 3574624]
S2 Transbase;Transbase;d:\bmwgroup\ETKLokal\transbase\tbmux32.exe [2004-08-05 385024]
S2 vmci;VMware vmci;c:\windows\system32\drivers\vmci.sys [2010-11-11 81008]
S2 VMUSBArbService;VMware USB Arbitration Service;c:\program files (x86)\Common Files\VMware\USB\vmware-usbarbitrator.exe [2010-11-11 539248]
S2 vncserver;VNC Server;c:\program files\RealVNC\VNC Server\vncserver.exe [2013-03-04 4774208]
S3 AtiHDAudioService;AMD Function Driver for HD Audio Service;c:\windows\system32\drivers\AtihdW76.sys [2011-06-06 231440]
S3 LcSvrAuf;ELSA Auftragsverwaltungs Service;d:\elsawin\bin\LcSvrAuf.exe [2011-12-06 1321472]
S3 LVPr2M64;Logitech LVPr2M64 Driver;c:\windows\system32\DRIVERS\LVPr2M64.sys [2009-10-06 30232]
S3 LVUSBS64;Logitech USB Monitor Filter;c:\windows\system32\DRIVERS\LVUSBS64.sys [2008-07-26 50072]
S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2013-04-04 25928]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [2011-05-16 533096]
S3 Sftfs;Sftfs;c:\windows\system32\DRIVERS\Sftfslh.sys [2011-10-01 764264]
S3 Sftplay;Sftplay;c:\windows\system32\DRIVERS\Sftplaylh.sys [2011-10-01 268648]
S3 Sftredir;Sftredir;c:\windows\system32\DRIVERS\Sftredirlh.sys [2011-10-01 25960]
S3 Sftvol;Sftvol;c:\windows\system32\DRIVERS\Sftvollh.sys [2011-10-01 22376]
S3 sftvsa;Application Virtualization Service Agent;c:\program files (x86)\Microsoft Application Virtualization Client\sftvsa.exe [2011-10-01 219496]
.
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
2013-05-24 19:18    1165776    ----a-w-    c:\program files (x86)\Google\Chrome\Application\27.0.1453.94\Installer\chrmstp.exe
.
Contenu du dossier 'Tâches planifiées'
.
2013-05-27 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-09-25 09:20]
.
2013-05-26 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-09-28 06:08]
.
2013-05-27 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-09-28 06:08]
.
2013-05-26 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3495972118-1920290018-178275041-1000Core.job
- c:\users\MECAHIMSELF\AppData\Local\Google\Update\GoogleUpdate.exe [2012-09-26 09:57]
.
2013-05-27 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3495972118-1920290018-178275041-1000UA.job
- c:\users\MECAHIMSELF\AppData\Local\Google\Update\GoogleUpdate.exe [2012-09-26 09:57]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2010-11-11 11580520]
"MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2013-01-27 1281512]
"lxdvmon.exe"="c:\program files (x86)\Lexmark X5400 Series\lxdvmon.exe" [2007-11-02 455336]
"lxdvamon"="c:\program files (x86)\Lexmark X5400 Series\lxdvamon.exe" [2007-11-02 25256]
.
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\SharedTaskScheduler]
"{1984DD45-52CF-49cd-AB77-18F378FEA264}"= "c:\program files (x86)\Stardock\Fences\FencesMenu64.dll" [2010-06-22 253288]
.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost  - LocalService
FontCache
.
------- Examen supplémentaire -------
.
uStart Page = hxxp://www.google.fr/
mDefault_Page_URL = hxxp://acer.msn.com
mStart Page = hxxp://acer.msn.com
LSP: c:\program files (x86)\VMware\VMware Player\vsocklib.dll
TCP: DhcpNameServer = 192.168.0.1
.
- - - - ORPHELINS SUPPRIMES - - - -
.
Toolbar-Locked - (no file)
AddRemove-Hardlock Device Drivers - c:\windows\system32\UNWISE.EXE
.
.
.
--------------------- CLES DE REGISTRE BLOQUEES ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_7_700_202_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_7_700_202_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_7_700_202_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_7_700_202_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_7_700_202.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.11"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_7_700_202.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_7_700_202.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_7_700_202.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\VideoLAN.VLCPlugin.*1*]
@="?????????????????? v1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\VideoLAN.VLCPlugin.*1*\CLSID]
@="{E23FE9C6-778E-49D4-B537-38FCDE4887D8}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\VideoLAN.VLCPlugin.*2*]
@="?????????????????? v2"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\VideoLAN.VLCPlugin.*2*\CLSID]
@="{9BE31822-FDAD-461B-AD51-BE1D1C159921}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\McAfee]
"SymbolicLinkValue"=hex(6):5c,00,72,00,65,00,67,00,69,00,73,00,74,00,72,00,79,
   00,5c,00,6d,00,61,00,63,00,68,00,69,00,6e,00,65,00,5c,00,53,00,6f,00,66,00,\
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Heure de fin: 2013-05-27  03:32:01
ComboFix-quarantined-files.txt  2013-05-27 01:32
ComboFix2.txt  2012-10-16 17:04
ComboFix3.txt  2012-10-11 16:52
.
Avant-CF: 169 780 199 424 octets libres
Après-CF: 169 399 926 784 octets libres
.
- - End Of File - - 82A08DDDA09E705FE949AA06C906DAD4
 

 

 

Result from DDS:

 

 

DDS (Ver_2012-11-20.01) - NTFS_AMD64
Internet Explorer: 9.0.8112.16483  BrowserJavaVersion: 10.21.2
Run by MECAHIMSELF at 9:08:55 on 2013-05-27
Microsoft Windows 7 Édition Familiale Premium   6.1.7601.1.1252.33.1036.18.3576.1852 [GMT 2:00]
.
AV: Microsoft Security Essentials *Disabled/Updated* {3F839487-C7A2-C958-E30C-E2825BA31FB5}
SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: Microsoft Security Essentials *Disabled/Updated* {84E27563-E198-C6D6-D9BC-D9F020245508}
.
============== Running Processes ===============
.
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Program Files\Microsoft Security Client\MsMpEng.exe
C:\Windows\system32\atiesrxx.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k GPSvcGroup
C:\Windows\system32\atieclxx.exe
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\Windows\system32\crypserv.exe
C:\Program Files (x86)\D-Link\DWA-140 revB\ANIWConnService.exe
C:\Program Files (x86)\EWA net\database\TransBase EWA\tbmux32.exe
C:\Program Files (x86)\EWA net\database\TransBase EPC\tbmux32.exe
C:\Program Files (x86)\EWA net\database\TransBase WIS\tbmux32.exe
C:\Program Files (x86)\EWA net\server\bin\tomcat.exe
C:\Program Files (x86)\Acer\Registration\GREGsvc.exe
D:\ElsaWin\bin\LcSvrAdm.exe
D:\ElsaWin\bin\LcSvrDba.exe
D:\ElsaWin\bin\LcSvrHis.exe
D:\ElsaWin\bin\LcSvrPas.exe
D:\ElsaWin\bin\LcSvrSaz.exe
C:\Program Files\Acer\Acer Updater\UpdaterService.exe
C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
C:\Windows\system32\lxdvcoms.exe
C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe
C:\Program Files (x86)\Common Files\LogiShrd\LVMVFM\LVPrS64H.exe
C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe
C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe
C:\Program Files (x86)\TeamViewer\Version8\TeamViewer_Service.exe
D:\BMWgroup\ETKLokal\transbase\tbmux32.exe
C:\Program Files (x86)\Common Files\VMware\USB\vmware-usbarbitrator.exe
C:\Windows\SysWOW64\vmnat.exe
C:\Program Files\RealVNC\VNC Server\vncserver.exe
C:\Program Files\RealVNC\VNC Server\vncserver.exe
C:\Program Files (x86)\EWA net\database\TransBase EWA\tbkern32.exe
C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe
C:\Program Files (x86)\Vivid WorkshopData ATI\jre\bin\java.exe
C:\Program Files (x86)\VMware\VMware Player\vmware-authd.exe
C:\Program Files (x86)\EWA net\database\TransBase EWA\tbkern32.exe
C:\Windows\SysWOW64\vmnetdhcp.exe
C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe
C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE
C:\Windows\system32\SearchIndexer.exe
D:\ElsaWin\bin\LcSvrAuf.exe
C:\Windows\system32\svchost.exe -k bthsvcs
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\System32\WUDFHost.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files (x86)\Nero\Update\NASvc.exe
C:\Program Files (x86)\Google\Update\1.3.21.145\GoogleCrashHandler.exe
C:\Program Files (x86)\Google\Update\1.3.21.145\GoogleCrashHandler64.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Windows\system32\taskhost.exe
C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
c:\program files (x86)\teamviewer\version8\TeamViewer.exe
C:\Program Files (x86)\TeamViewer\Version8\tv_w32.exe
C:\Program Files (x86)\TeamViewer\Version8\tv_x64.exe
C:\Windows\system32\taskeng.exe
C:\Program Files (x86)\Acer\clear.fi\MVP\clear.fiAgent.exe
C:\Program Files (x86)\Acer\clear.fi\MVP\Kernel\DMR\CLMSService.exe
C:\Program Files (x86)\Acer\clear.fi\MVP\.\Kernel\DMR\DMREngine.exe
C:\Program Files\RealVNC\VNC Server\vncserver.exe
C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
C:\Program Files (x86)\Lexmark X5400 Series\lxdvmon.exe
C:\Program Files (x86)\Lexmark X5400 Series\lxdvamon.exe
C:\Program Files (x86)\Acer\clear.fi\Movie\clear.fiMovieService.exe
C:\Program Files (x86)\Acer\Hotkey Utility\HotkeyUtility.exe
C:\Program Files (x86)\D-Link\DWA-140 revB\AirNCFG.exe
C:\Program Files (x86)\VMware\VMware Player\hqtray.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\Windows\System32\svchost.exe -k LocalServicePeerNet
C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
c:\program files (x86)\teamviewer\version8\TeamViewer_Desktop.exe
C:\Windows\system32\NOTEPAD.EXE
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\System32\cscript.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.google.fr/
mStart Page = hxxp://acer.msn.com
mDefault_Page_URL = hxxp://acer.msn.com
BHO: Spybot-S&D IE Protection: {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files (x86)\Spybot - Search & Destroy\SDHelper.dll
BHO: Java™ Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll
BHO: Google Toolbar Helper: {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
BHO: Java™ Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll
TB: Google Toolbar: {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
uRun: [SpybotSD TeaTimer] C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe
uRun: [DAEMON Tools Lite] "C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe" -autorun
uRun: [NetMeter] C:\Program Files (x86)\HooTech Net Meter\HooNetMeter.exe
mRun: [Norton Online Backup] C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuClient.exe
mRun: [StartCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
mRun: [ArcadeMovieService] "C:\Program Files (x86)\Acer\clear.fi\Movie\clear.fiMovieService.exe"
mRun: [Hotkey Utility] C:\Program Files (x86)\Acer\Hotkey Utility\HotkeyUtility.exe
mRun: [D-Link D-Link DWA-140] C:\Program Files (x86)\D-Link\DWA-140 revB\AirNCFG.exe
mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun: [VMware hqtray] "C:\Program Files (x86)\VMware\VMware Player\hqtray.exe"
mRun: [Lexmark X5400 Series] "C:\Program Files (x86)\Lexmark X5400 Series\fm3032.exe" /s
mRun: [LogitechQuickCamRibbon] "C:\Program Files\Logitech\Logitech WebCam Software\LWS.exe" /hide
mRun: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
dRunOnce: [IsMyWinLockerReboot] msiexec.exe /qn /x{voidguid}
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\Aura.lnk - C:\Windows\8 Skin Pack\Aura\Aura.exe
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\TASKBA~1.LNK - C:\Windows\8 Skin Pack\TaskbarUserTile\UserTile.exe
uPolicies-Explorer: NoDrives = dword:0
uPolicies-Explorer: NoDriveTypeAutoRun = dword:145
mPolicies-Explorer: NoDriveTypeAutoRun = dword:255
mPolicies-Explorer: NoDrives = dword:0
mPolicies-System: ConsentPromptBehaviorAdmin = dword:0
mPolicies-System: ConsentPromptBehaviorUser = dword:3
mPolicies-System: EnableLUA = dword:0
mPolicies-System: EnableUIADesktopToggle = dword:0
mPolicies-System: PromptOnSecureDesktop = dword:0
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503}
IE: {A95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\Program Files (x86)\Evernote\Evernote\EvernoteIE.dll/204
IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files (x86)\Spybot - Search & Destroy\SDHelper.dll
LSP: C:\Program Files (x86)\VMware\VMware Player\vsocklib.dll
.
INFO: HKCU has more than 50 listed domains.
If you wish to scan all of them, select the 'Force scan all domains' option.
.
.
INFO: HKLM has more than 50 listed domains.
   If you wish to scan all of them, select the 'Force scan all domains' option.
.
DPF: {CB927D12-4FF7-4A9E-A169-56E4B8A75598} - hxxp://appldnld.apple.com.edgesuite.net/content.info.apple.com/QuickTime/qtactivex/qtplugin.cab
TCP: NameServer = 192.168.0.1
TCP: Interfaces\{F43C7C00-BBEE-4C74-843D-ABCF20B7B7F3} : DHCPNameServer = 192.168.0.1
TCP: Interfaces\{F43C7C00-BBEE-4C74-843D-ABCF20B7B7F3}\05F42545F435 : DHCPNameServer = 192.168.43.1
TCP: Interfaces\{F43C7C00-BBEE-4C74-843D-ABCF20B7B7F3}\14E64627F696461405 : DHCPNameServer = 192.168.43.1
TCP: Interfaces\{F43C7C00-BBEE-4C74-843D-ABCF20B7B7F3}\356425027596649602055726C69636 : DHCPNameServer = 109.0.66.10 109.0.66.20
TCP: Interfaces\{F43C7C00-BBEE-4C74-843D-ABCF20B7B7F3}\F42716E67656D273567343 : DHCPNameServer = 192.168.1.1 192.168.1.1
Handler: vw-wi - {0F3C833F-FB28-40EA-8CB9-6A55B996C3F6} - D:\ElsaWin\bin\wiprot.dll
SSODL: WebCheck - <orphaned>
mASetup: {8A69D345-D564-463c-AFF1-A69D9E530F96} - "C:\Program Files (x86)\Google\Chrome\Application\27.0.1453.94\Installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level --multi-install --chrome
x64-mStart Page = hxxp://acer.msn.com
x64-BHO: Google Toolbar Helper: {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll
x64-TB: Google Toolbar: {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll
x64-Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe -s
x64-Run: [MSC] "c:\Program Files\Microsoft Security Client\msseces.exe" -hide -runkey
x64-Run: [lxdvmon.exe] "C:\Program Files (x86)\Lexmark X5400 Series\lxdvmon.exe"
x64-Run: [lxdvamon] "C:\Program Files (x86)\Lexmark X5400 Series\lxdvamon.exe"
.
INFO: x64-HKLM has more than 50 listed domains.
   If you wish to scan all of them, select the 'Force scan all domains' option.
.
x64-Handler: vw-wi - {0F3C833F-FB28-40EA-8CB9-6A55B996C3F6} - <orphaned>
x64-STS: FencesShlExt Class - {1984DD45-52CF-49cd-AB77-18F378FEA264} - C:\Program Files (x86)\Stardock\Fences\FencesMenu64.dll
.
============= SERVICES / DRIVERS ===============
.
R0 MpFilter;Microsoft Malware Protection Driver;C:\Windows\System32\drivers\MpFilter.sys [2013-1-20 230320]
R1 anodlwf;ANOD Network Security Filter driver;C:\Windows\System32\drivers\anodlwfx.sys [2012-9-24 15872]
R1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;C:\Windows\System32\drivers\dtsoftbus01.sys [2013-5-10 283200]
R2 aksdf;aksdf;C:\Windows\System32\drivers\aksdf.sys [2013-5-9 65024]
R2 AMD External Events Utility;AMD External Events Utility;C:\Windows\System32\atiesrxx.exe [2011-12-13 204288]
R2 cvhsvc;Client Virtualization Handler;C:\Program Files (x86)\Common Files\microsoft shared\Virtualization Handler\CVHSVC.EXE [2012-1-4 822624]
R2 D_Link_DWA-140_WPS;D_Link_DWA-140_WPS Service;C:\Program Files (x86)\D-Link\DWA-140 revB\ANIWConnService.exe [2012-9-24 53248]
R2 EWA net DB Core;EWA net DB Core;C:\Program Files (x86)\EWA net\database\TransBase EWA\tbmux32.exe [2013-5-10 326616]
R2 EWA net DB EPC;EWA net DB EPC;C:\Program Files (x86)\EWA net\database\TransBase EPC\tbmux32.exe [2013-5-10 417792]
R2 EWA net DB WIS;EWA net DB WIS;C:\Program Files (x86)\EWA net\database\TransBase WIS\tbmux32.exe [2013-5-10 326616]
R2 EWA net Server;EWA net Server;C:\Program Files (x86)\EWA net\server\bin\tomcat.exe [2013-5-10 65536]
R2 GREGService;GREGService;C:\Program Files (x86)\Acer\Registration\GREGsvc.exe [2011-5-30 36456]
R2 LcSvrAdm;ELSA Administration Service;D:\ElsaWin\bin\LcSvrAdm.exe [2011-12-6 240640]
R2 LcSvrDba;ELSA DBA Server;D:\ElsaWin\bin\LcSvrDba.exe [2011-12-6 392704]
R2 LcSvrHis;ELSA Historie Server;D:\ElsaWin\bin\LcSvrHis.exe [2011-12-6 335360]
R2 LcSvrPAS;ELSA PASS Server;D:\ElsaWin\bin\LcSvrPas.exe [2011-12-6 477696]
R2 LcSvrSaz;ELSA APOSpro Server;D:\ElsaWin\bin\LcSvrSaz.exe [2011-12-6 373248]
R2 Live Updater Service;Live Updater Service;C:\Program Files\Acer\Acer Updater\UpdaterService.exe [2011-7-8 255376]
R2 LVPrcS64;Process Monitor;C:\Program Files\Common Files\logishrd\LVMVFM\LVPrcSrv.exe [2009-10-7 191000]
R2 lxdv_device;lxdv_device;C:\Windows\System32\lxdvcoms.exe -service --> C:\Windows\System32\lxdvcoms.exe -service [?]
R2 MBAMScheduler;MBAMScheduler;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [2013-5-8 418376]
R2 MBAMService;MBAMService;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2013-5-8 701512]
R2 multikey;Virtual USB MultiKey;C:\Windows\System32\drivers\multikey.sys [2013-5-9 68608]
R2 NAUpdate;Nero Update;C:\Program Files (x86)\Nero\Update\NASvc.exe [2010-5-4 503080]
R2 NOBU;Norton Online Backup;C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe [2010-6-2 2804568]
R2 SBSDWSCService;SBSD Security Center Service;C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe [2012-10-11 1153368]
R2 sftlist;Application Virtualization Client;C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe [2011-10-1 508776]
R2 TeamViewer8;TeamViewer 8;C:\Program Files (x86)\TeamViewer\Version8\TeamViewer_Service.exe [2013-5-20 3574624]
R2 Transbase;Transbase;D:\BMWgroup\ETKLokal\transbase\tbmux32.exe [2013-5-8 385024]
R2 VMUSBArbService;VMware USB Arbitration Service;C:\Program Files (x86)\Common Files\VMware\USB\vmware-usbarbitrator.exe [2010-11-11 539248]
R2 vncserver;VNC Server;C:\Program Files\RealVNC\VNC Server\vncserver.exe [2013-1-19 4774208]
R3 AtiHDAudioService;AMD Function Driver for HD Audio Service;C:\Windows\System32\drivers\AtihdW76.sys [2011-12-13 231440]
R3 LcSvrAuf;ELSA Auftragsverwaltungs Service;D:\ElsaWin\bin\LcSvrAuf.exe [2011-12-6 1321472]
R3 LVPr2M64;Logitech LVPr2M64 Driver;C:\Windows\System32\drivers\LVPr2M64.sys [2009-10-7 30232]
R3 LVUSBS64;Logitech USB Monitor Filter;C:\Windows\System32\drivers\LVUSBS64.sys [2008-7-26 50072]
R3 MBAMProtector;MBAMProtector;C:\Windows\System32\drivers\mbam.sys [2013-3-5 25928]
R3 RTL8167;Realtek 8167 NT Driver;C:\Windows\System32\drivers\Rt64win7.sys [2011-7-8 533096]
R3 Sftfs;Sftfs;C:\Windows\System32\drivers\Sftfslh.sys [2011-10-1 764264]
R3 Sftplay;Sftplay;C:\Windows\System32\drivers\Sftplaylh.sys [2011-10-1 268648]
R3 Sftredir;Sftredir;C:\Windows\System32\drivers\Sftredirlh.sys [2011-10-1 25960]
R3 Sftvol;Sftvol;C:\Windows\System32\drivers\Sftvollh.sys [2011-10-1 22376]
R3 sftvsa;Application Virtualization Service Agent;C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe [2011-10-1 219496]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
S2 lxdvCATSCustConnectService;lxdvCATSCustConnectService;C:\Windows\System32\spool\drivers\x64\3\lxdvserv.exe [2007-10-18 33448]
S2 WorkshopDBService;WorkshopDBService;C:\PROGRA~2\VIVIDW~1\WORKSH~1.EXE -zglaxservice WorkshopDBService --> C:\PROGRA~2\VIVIDW~1\WORKSH~1.EXE -zglaxservice WorkshopDBService [?]
S3 GamesAppService;GamesAppService;C:\Program Files (x86)\WildTangent Games\App\GamesAppService.exe [2010-10-12 206072]
S3 lvpepf64;Volume Adapter;C:\Windows\System32\drivers\lv302a64.sys [2012-10-18 15896]
S3 LVRS64;Logitech RightSound Filter Driver;C:\Windows\System32\drivers\lvrs64.sys [2012-10-18 327576]
S3 NisDrv;Microsoft Network Inspection System;C:\Windows\System32\drivers\NisDrvWFP.sys [2012-8-30 130008]
S3 NisSrv;Inspection du réseau Microsoft;C:\Program Files\Microsoft Security Client\NisSrv.exe [2013-1-27 379360]
S3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;C:\Windows\System32\drivers\rdpvideominiport.sys [2013-3-6 19456]
S3 TsUsbFlt;TsUsbFlt;C:\Windows\System32\drivers\TsUsbFlt.sys [2013-3-6 57856]
S3 TsUsbGD;Remote Desktop Generic USB Device;C:\Windows\System32\drivers\TsUsbGD.sys [2013-3-6 30208]
S3 WatAdminSvc;Service Windows Activation Technologies;C:\Windows\System32\Wat\WatAdminSvc.exe [2012-9-26 1255736]
.
=============== Created Last 30 ================
.
2013-05-26 22:04:36    9460464    ----a-w-    C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{57E4DD2F-ED92-4D64-A757-04E8AEB974F0}\mpengine.dll
2013-05-25 01:30:36    9460464    ----a-w-    C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2013-05-22 17:01:44    --------    d-----w-    C:\Program Files (x86)\HooTech Net Meter
2013-05-22 01:34:42    964552    ------w-    C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{9BBC18C5-DA93-4987-9DE7-F6C36F734F70}\gapaengine.dll
2013-05-21 19:46:04    --------    d-----w-    C:\tdsskiller
2013-05-21 15:31:42    --------    d-----w-    C:\ProgramData\Software
2013-05-21 15:31:40    --------    d-----w-    C:\Users\MECAHIMSELF\AppData\Roaming\NetMeter
2013-05-21 15:31:26    --------    d-----w-    C:\Program Files (x86)\NetMeter
2013-05-21 15:29:18    --------    d-----w-    C:\Users\MECAHIMSELF\AppData\Local\Software
2013-05-20 19:31:41    2382848    ----a-w-    C:\Windows\SysWow64\mshtml.tlb
2013-05-20 19:31:41    2382848    ----a-w-    C:\Windows\System32\mshtml.tlb
2013-05-20 12:48:35    --------    d-----w-    C:\Program Files (x86)\TeamViewer
2013-05-20 10:11:32    82432    ----a-w-    C:\Users\MECAHIMSELF\AppData\Roaming\Microsoft\MSXML2\msxml4r.dll
2013-05-20 10:11:32    44544    ----a-w-    C:\Users\MECAHIMSELF\AppData\Roaming\Microsoft\MSXML2\msxml4a.dll
2013-05-20 10:11:32    1275392    ----a-w-    C:\Users\MECAHIMSELF\AppData\Roaming\Microsoft\MSXML2\msxml4.dll
2013-05-20 06:50:31    983400    ----a-w-    C:\Windows\System32\drivers\dxgkrnl.sys
2013-05-20 06:50:31    265064    ----a-w-    C:\Windows\System32\drivers\dxgmms1.sys
2013-05-20 06:50:31    144384    ----a-w-    C:\Windows\System32\cdd.dll
2013-05-18 19:25:38    18028052    ----a-w-    C:\FPreis.bin
2013-05-15 18:17:23    3153920    ----a-w-    C:\Windows\System32\win32k.sys
2013-05-15 18:17:15    1796096    ----a-w-    C:\Windows\SysWow64\authui.dll
2013-05-15 18:17:07    70144    ----a-w-    C:\Windows\System32\appinfo.dll
2013-05-15 18:17:07    1930752    ----a-w-    C:\Windows\System32\authui.dll
2013-05-15 18:17:07    111448    ----a-w-    C:\Windows\System32\consent.exe
2013-05-15 18:16:26    48640    ----a-w-    C:\Windows\System32\wwanprotdim.dll
2013-05-15 18:16:26    230400    ----a-w-    C:\Windows\System32\wwansvc.dll
2013-05-15 18:16:20    78680    ----a-w-    C:\Windows\System32\mcupdate_AuthenticAMD.dll
2013-05-10 13:40:53    --------    d-----w-    C:\ProgramData\EWA
2013-05-10 13:38:25    208896    ----a-w-    C:\Windows\SysWow64\UniBoxVB12.ocx
2013-05-10 13:38:22    987136    ----a-w-    C:\Windows\SysWow64\UniBox210.ocx
2013-05-10 13:38:20    438272    ----a-w-    C:\Windows\SysWow64\UniBox10.ocx
2013-05-10 13:38:18    140488    ----a-w-    C:\Windows\SysWow64\comdlg32.ocx
2013-05-10 13:38:12    608448    ----a-w-    C:\Windows\SysWow64\COMCTL32.OCX
2013-05-10 13:38:10    192512    ----a-w-    C:\Windows\SysWow64\hpnls.dll
2013-05-10 13:38:08    147456    ----a-w-    C:\Windows\SysWow64\HPLog.dll
2013-05-10 13:32:32    --------    d-----w-    C:\Program Files (x86)\EWA net
2013-05-10 13:29:15    283200    ----a-w-    C:\Windows\System32\drivers\dtsoftbus01.sys
2013-05-10 13:29:02    --------    d-----w-    C:\Program Files (x86)\DAEMON Tools Lite
2013-05-09 11:46:32    97792    ----a-w-    C:\Windows\SysWow64\drivers\NSHE.SYS
2013-05-09 11:46:05    191488    ----a-w-    C:\Windows\SysWow64\hlvdd.dll
2013-05-09 11:45:46    314368    ----a-w-    C:\Windows\System32\drivers\hardlock.sys
2013-05-09 11:45:22    90240    ----a-w-    C:\Windows\System32\drivers\akshasp.sys
2013-05-09 11:45:22    18688    ----a-w-    C:\Windows\System32\drivers\aksusb.sys
2013-05-09 11:45:19    65024    ----a-w-    C:\Windows\System32\drivers\aksdf.sys
2013-05-09 11:45:19    13952    ----a-w-    C:\Windows\System32\drivers\aksclass.sys
2013-05-09 11:45:19    10752    ----a-w-    C:\Windows\System32\akscoinst.dll
2013-05-09 11:45:18    69632    ----a-w-    C:\Windows\SysWow64\hasp_inst_help1.dll
2013-05-09 11:45:18    671112    ----a-w-    C:\Windows\SysWow64\hdinst_windows.dll
2013-05-09 11:45:18    3066968    ----a-w-    C:\Windows\SysWow64\hinstd.dll
2013-05-09 11:45:18    28672    ----a-w-    C:\Windows\SysWow64\hlduinst.exe
2013-05-09 11:45:18    2511360    ----a-w-    C:\Windows\SysWow64\haspds_windows.dll
2013-05-09 11:15:02    --------    d-----w-    C:\Windows\ETKA7.3_International
2013-05-09 11:03:02    68608    ----a-w-    C:\Windows\System32\drivers\multikey.sys
2013-05-07 06:03:29    95648    ----a-w-    C:\Windows\SysWow64\WindowsAccessBridge-32.dll
.
==================== Find3M  ====================
.
2013-05-15 09:20:08    71048    ----a-w-    C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
2013-05-15 09:20:08    692104    ----a-w-    C:\Windows\SysWow64\FlashPlayerApp.exe
2013-05-02 15:29:56    278800    ------w-    C:\Windows\System32\MpSigStub.exe
2013-04-13 05:49:23    135168    ----a-w-    C:\Windows\apppatch\AppPatch64\AcXtrnal.dll
2013-04-13 05:49:19    350208    ----a-w-    C:\Windows\apppatch\AppPatch64\AcLayers.dll
2013-04-13 05:49:19    308736    ----a-w-    C:\Windows\apppatch\AppPatch64\AcGenral.dll
2013-04-13 05:49:19    111104    ----a-w-    C:\Windows\apppatch\AppPatch64\acspecfc.dll
2013-04-13 04:45:16    474624    ----a-w-    C:\Windows\apppatch\AcSpecfc.dll
2013-04-13 04:45:15    2176512    ----a-w-    C:\Windows\apppatch\AcGenral.dll
2013-04-12 14:45:08    1656680    ----a-w-    C:\Windows\System32\drivers\ntfs.sys
2013-04-05 01:08:44    2312704    ----a-w-    C:\Windows\System32\jscript9.dll
2013-04-05 01:00:30    1392128    ----a-w-    C:\Windows\System32\wininet.dll
2013-04-05 00:59:24    1494528    ----a-w-    C:\Windows\System32\inetcpl.cpl
2013-04-05 00:56:16    173056    ----a-w-    C:\Windows\System32\ieUnatt.exe
2013-04-05 00:55:47    599040    ----a-w-    C:\Windows\System32\vbscript.dll
2013-04-04 22:11:34    1800704    ----a-w-    C:\Windows\SysWow64\jscript9.dll
2013-04-04 22:02:59    1427968    ----a-w-    C:\Windows\SysWow64\inetcpl.cpl
2013-04-04 22:02:17    1129472    ----a-w-    C:\Windows\SysWow64\wininet.dll
2013-04-04 21:58:51    142848    ----a-w-    C:\Windows\SysWow64\ieUnatt.exe
2013-04-04 21:57:45    420864    ----a-w-    C:\Windows\SysWow64\vbscript.dll
2013-04-04 12:50:32    25928    ----a-w-    C:\Windows\System32\drivers\mbam.sys
2013-03-19 06:04:06    5550424    ----a-w-    C:\Windows\System32\ntoskrnl.exe
2013-03-19 05:46:56    43520    ----a-w-    C:\Windows\System32\csrsrv.dll
2013-03-19 05:04:13    3968856    ----a-w-    C:\Windows\SysWow64\ntkrnlpa.exe
2013-03-19 05:04:10    3913560    ----a-w-    C:\Windows\SysWow64\ntoskrnl.exe
2013-03-19 04:47:50    6656    ----a-w-    C:\Windows\SysWow64\apisetschema.dll
2013-03-19 03:06:33    112640    ----a-w-    C:\Windows\System32\smss.exe
2013-03-07 08:16:45    861088    ----a-w-    C:\Windows\SysWow64\npDeployJava1.dll
2013-03-07 08:16:45    782240    ----a-w-    C:\Windows\SysWow64\deployJava1.dll
.
============= FINISH:  9:09:30,13 ===============
 

 

 

Result from Security Check with security tools "Disabled"

 

 

Results of screen317's Security Check version 0.99.64  
 Windows 7 Service Pack 1 x64 (UAC is disabled!)  
 Internet Explorer 10  
``````````````Antivirus/Firewall Check:``````````````
Microsoft Security Essentials   
  (On Access scanning disabled!)
 Error obtaining update status for antivirus!  
`````````Anti-malware/Other Utilities Check:`````````
 Spybot - Search & Destroy
 Malwarebytes Anti-Malware version 1.75.0.1300  
 Java 7 Update 21  
 Adobe Flash Player 11.7.700.202  
 Adobe Reader 10.1.7 Adobe Reader out of Date!  
 Mozilla Thunderbird (17.0.6)
 Google Chrome 26.0.1410.64  
 Google Chrome 27.0.1453.94  
````````Process Check: objlist.exe by Laurent````````  
 Microsoft Security Essentials MSMpEng.exe
 Malwarebytes Anti-Malware mbamservice.exe  
 Malwarebytes Anti-Malware mbamgui.exe  
 Spybot Teatimer.exe is disabled!
 Malwarebytes' Anti-Malware mbamscheduler.exe   
 Symantec Norton Online Backup NOBuAgent.exe  
`````````````````System Health check`````````````````
 Total Fragmentation on Drive C: =
````````````````````End of Log``````````````````````
 

 

 

Result from Security Check with security tools "Enabled"

 

 

 

Results of screen317's Security Check version 0.99.64  
 Windows 7 Service Pack 1 x64 (UAC is disabled!)  
 Internet Explorer 10  
``````````````Antivirus/Firewall Check:``````````````
Microsoft Security Essentials   
 Antivirus up to date!  
`````````Anti-malware/Other Utilities Check:`````````
 Spybot - Search & Destroy
 Malwarebytes Anti-Malware version 1.75.0.1300  
 Java 7 Update 21  
 Adobe Flash Player 11.7.700.202  
 Adobe Reader 10.1.7 Adobe Reader out of Date!  
 Mozilla Thunderbird (17.0.6)
 Google Chrome 26.0.1410.64  
 Google Chrome 27.0.1453.94  
````````Process Check: objlist.exe by Laurent````````  
 Microsoft Security Essentials MSMpEng.exe
 Microsoft Security Essentials msseces.exe
 Malwarebytes Anti-Malware mbamservice.exe  
 Malwarebytes Anti-Malware mbamgui.exe  
 Malwarebytes' Anti-Malware mbamscheduler.exe   
 Symantec Norton Online Backup NOBuAgent.exe  
`````````````````System Health check`````````````````
 Total Fragmentation on Drive C: =
````````````````````End of Log``````````````````````
 

 

 

Please let me know if you require me to run any additional checks and / or logs. Otherwise would you tell me what you think was causing those problems?

 

Cheers

 

Eric


Edited by ebouge, 27 May 2013 - 07:37 AM.


#5 nasdaq

nasdaq

  • Malware Response Team
  • 38,769 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:12:38 PM

Posted 27 May 2013 - 07:59 AM

Looking good.

Critical vulnerabilities have been identified in old version of Adobe Flash Player please get the latest version.

Summary: Adobe has released security updates for Adobe Flash Player 11.6.602.180 and earlier versions for Windows and Macintosh, Adobe Flash Player 11.2.202.275 and earlier versions for Linux, Adobe Flash Player 11.1.115.48 and earlier versions for Android 4.x, and Adobe Flash Player 11.1.111.44 and earlier versions for Android 3.x and 2.x. These updates address vulnerabilities that could cause a crash and potentially allow an attacker to take control of the affected system.

Get the latest Flash Player

On the top of the page you will be given an opportunity to download the version for your operating system.
Make sure you select appropriate version.

You will also have an option to install the Free! McAfee Security Scan Plus Un-check the box if you are NOT using McAfee's virus protection software.

For the users of Internet Explorer download version 11.
Flash Player 11 (64 bit)
Flash Player 11 (32 bit)
===

Your problems were most likely caused by the Potentially Unwanted Programs removed by AdwCleaner tool.
These are often installed without your consent when you install new programs.

Any other issues with this computer?

#6 ebouge

ebouge
  • Topic Starter

  • Members
  • 19 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:LFBO
  • Local time:05:38 PM

Posted 27 May 2013 - 08:06 AM

Hi nasdaq,

 

Thank you for your reply. I will update Adobe Flash Player as you advise on that computer. I will check that previous problems are not occuring any more and I will confirm if there are any other issues or not.

 

Many thanks again for your time and support.

 

You guys are doing such a great job!

 

Cheers

 

Eric



#7 nasdaq

nasdaq

  • Malware Response Team
  • 38,769 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:12:38 PM

Posted 27 May 2013 - 08:09 AM

If all is well:

Time for some housekeeping
  • The following will implement some cleanup procedures as well as reset System Restore points:
  • Click Start > Run and copy/paste the following bold text into the Run box and click OK:
  • ComboFix /Uninstall
===

To remove AdwCleaner.

Please double click on AdwCleaner.exe to run the tool.
Click on Uninstall.
Confirm with Yes.

If you decide to keep the AdwCleaner tool make sure to delete your version and download the latest before running it.

Delete the other tools we used.
You can Keep the DDS tool as most forum will ask to see a log before suggesting a fix.

Surf Safely, and Think Prevention!
===

#8 ebouge

ebouge
  • Topic Starter

  • Members
  • 19 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:LFBO
  • Local time:05:38 PM

Posted 27 May 2013 - 02:02 PM

Hi nasdaq,

 

There is still some issue installing Firefox in French from http://www.mozilla.org/fr/download/?product=firefox-21.0&os=win&lang=fr

 

IE says that it is recognised as dangerous and when trying to install it, the archive extraction process says that the file is corrupted.

 

With Chrome, the setup is downloaded but the archive extraction process says that the file is corrupted.

 

Would you have any idea of what can be causing that to happen?

 

Cheers

Eric



#9 ebouge

ebouge
  • Topic Starter

  • Members
  • 19 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:LFBO
  • Local time:05:38 PM

Posted 28 May 2013 - 05:55 AM

Hi nasdaq,

 

I downloaded firefox setup 2.10 from home and I will test again whether there still is an issue with installing it on that PC. I will let you know how it goes.

 

That computer is accessing internet via a satellite broadband connection which has a fairly good bandwidth 2.5Mbps up and 0.5Mbps down. However, the responce time (latency) is pretty appauling around 1200ms to the first hop on the internet. Where on sililar terrestrial ADSL line it would more around 20 to 150ms. Could that be causing problem when downloading files?

 

Cheers

 

Eric



#10 nasdaq

nasdaq

  • Malware Response Team
  • 38,769 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:12:38 PM

Posted 28 May 2013 - 07:37 AM

Could that be causing problem when downloading files?

Anything can happen when download files.

If using a different router for the ADSL etc. that router may be corrupted.

#11 ebouge

ebouge
  • Topic Starter

  • Members
  • 19 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:LFBO
  • Local time:05:38 PM

Posted 28 May 2013 - 09:32 AM

Hi nasdaq,

 

Thank you for the hint, I will check that out with ISP!

 

Cheers

 

Eric



#12 nasdaq

nasdaq

  • Malware Response Team
  • 38,769 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:12:38 PM

Posted 03 June 2013 - 07:58 AM

It appears that this issue is resolved, therefore I am closing the topic. If that is not the case and you need or wish to continue with this topic, please send me or any Moderator a Personal Message (PM) that you would like this topic re-opened.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users