Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

HijackThis Log: Please help Diagnose


  • This topic is locked This topic is locked
15 replies to this topic

#1 Belllisarrio

Belllisarrio

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:11:43 PM

Posted 07 June 2013 - 09:55 AM

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 19:59 - Naguy, on 06/06/2013
Platform: Windows 7 SP1 (WinNT 6.00.3505)
MSIE: Internet Explorer v9.00 (9.00.8112.16457)
Boot mode: Normal

Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\TuneUp Utilities 2013\TuneUpUtilitiesApp32.exe
C:\Program Files\Hewlett-Packard\HP On Screen Display\HPOSD.exe
C:\Program Files\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Internet Haut Débit Mobile\AutoDect.exe
C:\Windows\System32\igfxtray.exe
C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
C:\Windows\System32\hkcmd.exe
C:\Windows\System32\igfxpers.exe
C:\Program Files\Realtek\Audio\HDA\RtkNGUI.exe
C:\Program Files\USB Disk Security\USBGuard.exe
C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe
C:\Program Files\Internet Download Manager\IDMan.exe
C:\Program Files\Siber Systems\AI RoboForm\robotaskbaricon.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Windows\Alienware Skin Pack\AlienwareDock\AlienwareDock.exe
C:\Windows\Alienware Skin Pack\YzShadow\YzShadow.exe
C:\Windows\system32\DllHost.exe
C:\Program Files\Internet Download Manager\IEMonitor.exe
C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Mozilla Firefox\plugin-container.exe
C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_7_700_202.exe
C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_7_700_202.exe
C:\Windows\explorer.exe
C:\Users\naguib\Downloads\HijackThis.exe
C:\Windows\system32\SearchFilterHost.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yandex.ru/?win=56&clid=1975308
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/p/?LinkId=255141
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/p/?LinkId=255141
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = :0
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O2 - BHO: IDM Helper - {0055C089-8582-441B-A0BF-17B458C2A3A8} - C:\Program Files\Internet Download Manager\IDMIECC.dll
O2 - BHO: RoboForm BHO - {724d43a9-0d85-11d4-9908-00400523e39a} - C:\Program Files\Siber Systems\AI RoboForm\roboform.dll
O2 - BHO: IESpeakDoc - {8D10F6C4-0E01-4BD4-8601-11AC1FDF8126} - C:\Program Files\Bluetooth Suite\IEPlugIn.dll
O2 - BHO: SkypeIEPluginBHO - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O2 - BHO: HP Network Check Helper - {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} - C:\Program Files\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll
O3 - Toolbar: &RoboForm Toolbar - {724d43a0-0d85-11d4-9908-00400523e39a} - C:\Program Files\Siber Systems\AI RoboForm\roboform.dll
O4 - HKLM\..\Run: [HPOSD] C:\Program Files\Hewlett-Packard\HP On Screen Display\HPOSD.exe
O4 - HKLM\..\Run: [HP Quick Launch] C:\Program Files\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe
O4 - HKLM\..\Run: [SynTPEnh] %ProgramFiles%\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [IAStorIcon] C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorIconLaunch.exe "C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe" 60
O4 - HKLM\..\Run: [autodetect] C:\Program Files\Internet Haut Débit Mobile\AutoDect.exe
O4 - HKLM\..\Run: [IgfxTray] C:\Windows\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\Windows\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] C:\Windows\system32\igfxpers.exe
O4 - HKLM\..\Run: [RTHDVCPL] C:\Program Files\Realtek\Audio\HDA\RtkNGUI.exe -s
O4 - HKLM\..\Run: [USB Security] C:\Program Files\USB Disk Security\USBGuard.exe
O4 - HKLM\..\Run: [svchost] wscript.exe //B "C:\Users\naguib\AppData\Local\Temp\svchost.vbs"
O4 - HKCU\..\Run: [LightScribe Control Panel] C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe -hidden
O4 - HKCU\..\Run: [IDMan] C:\Program Files\Internet Download Manager\IDMan.exe /onboot
O4 - HKCU\..\Run: [RoboForm] "C:\Program Files\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe"
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [svchost] wscript.exe //B "C:\Users\naguib\AppData\Local\Temp\svchost.vbs"
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'SERVICE RESEAU')
O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'SERVICE RESEAU')
O4 - Global Startup: AlienwareDock.lnk = C:\Windows\Alienware Skin Pack\AlienwareDock\AlienwareDock.exe
O4 - Global Startup: Yzshadow.lnk = C:\Windows\Alienware Skin Pack\YzShadow\YzShadow.exe
O8 - Extra context menu item: Barre RoboForm - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html
O8 - Extra context menu item: Enregistrer les formulaires - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html
O8 - Extra context menu item: Personnaliser le menu - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComCustomizeIEMenu.html
O8 - Extra context menu item: Remplir les formulaires - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html
O8 - Extra context menu item: Télécharger avec IDM - C:\Program Files\Internet Download Manager\IEExt.htm
O8 - Extra context menu item: Télécharger avec Mipony - file://C:\Program Files\MiPony\Browser\IEContext.htm
O8 - Extra context menu item: Télécharger tous les liens avec IDM - C:\Program Files\Internet Download Manager\IEGetAll.htm
O8 - Extra context menu item: اàêà÷àٍü ïًè ïîىîùè Download Master - C:\Program Files\Download Master\dmie.htm
O8 - Extra context menu item: اàêà÷àٍü آرإ ïًè ïîىîùè Download Master - C:\Program Files\Download Master\dmieall.htm
O8 - Extra context menu item: دهًهنàٍü يà َنàëهييَ‏ çàêà÷êَ DM - C:\Program Files\Download Master\remdown.htm
O9 - Extra button: @C:\Program Files\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll,-103 - {25510184-5A38-4A99-B273-DCA8EEF6CD08} - C:\Program Files\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\NCLauncherFromIE.exe
O9 - Extra 'Tools' menuitem: @C:\Program Files\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll,-102 - {25510184-5A38-4A99-B273-DCA8EEF6CD08} - C:\Program Files\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\NCLauncherFromIE.exe
O9 - Extra button: Remplir les formulaires - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - C:\Program Files\Siber Systems\AI RoboForm\roboform.dll
O9 - Extra 'Tools' menuitem: Remplir les formulaires - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - C:\Program Files\Siber Systems\AI RoboForm\roboform.dll
O9 - Extra button: Sauvegarder - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - C:\Program Files\Siber Systems\AI RoboForm\roboform.dll
O9 - Extra 'Tools' menuitem: Enregistrer les formulaires - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - C:\Program Files\Siber Systems\AI RoboForm\roboform.dll
O9 - Extra button: Afficher la barret d'outils - {724d43aa-0d85-11d4-9908-00400523e39a} - C:\Program Files\Siber Systems\AI RoboForm\roboform.dll
O9 - Extra 'Tools' menuitem: Barre RoboForm - {724d43aa-0d85-11d4-9908-00400523e39a} - C:\Program Files\Siber Systems\AI RoboForm\roboform.dll
O9 - Extra button: (no name) - {7815BE26-237D-41A8-A98F-F7BD75F71086} - C:\Program Files\Bluetooth Suite\IEPlugIn.dll
O9 - Extra 'Tools' menuitem: Send by Bluetooth to - {7815BE26-237D-41A8-A98F-F7BD75F71086} - C:\Program Files\Bluetooth Suite\IEPlugIn.dll
O9 - Extra button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O9 - Extra button: (no name) - {8DAE90AD-4583-4977-9DD4-4360F7A45C74} - (no file)
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{C15B05D4-A766-4DAB-85E9-E78D8B4261C4}: NameServer = 208.67.222.222,208.67.220.220
O18 - Protocol: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O20 - AppInit_DLLs: c:\progra~2\browse~1\251005~1.80\{c16c1~1\browse~1.dll
O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
O23 - Service: @%SystemRoot%\system32\aelupsvc.dll,-1 (AeLookupSvc) - Unknown owner - C:\Windows\system32\svchost.exe
O23 - Service: Andrea RT Filters Service (AERTFilters) - Andrea Electronics Corporation - C:\Program Files\Realtek\Audio\HDA\AERTSrv.exe
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe
O23 - Service: @%systemroot%\system32\appidsvc.dll,-100 (AppIDSvc) - Unknown owner - C:\Windows\system32\svchost.exe
O23 - Service: @%systemroot%\system32\appinfo.dll,-100 (Appinfo) - Unknown owner - C:\Windows\system32\svchost.exe
O23 - Service: @appmgmts.dll,-3250 (AppMgmt) - Unknown owner - C:\Windows\system32\svchost.exe
O23 - Service: Atheros Bt&Wlan Coex Agent - Atheros - C:\Program Files\Bluetooth Suite\Ath_CoexAgent.exe
O23 - Service: AtherosSvc - Atheros Commnucations - C:\Program Files\Bluetooth Suite\adminservice.exe
O23 - Service: @%SystemRoot%\system32\audiosrv.dll,-204 (AudioEndpointBuilder) - Unknown owner - C:\Windows\System32\svchost.exe
O23 - Service: @%SystemRoot%\system32\audiosrv.dll,-200 (Audiosrv) - Unknown owner - C:\Windows\System32\svchost.exe
O23 - Service: @%SystemRoot%\system32\AxInstSV.dll,-103 (AxInstSV) - Unknown owner - C:\Windows\system32\svchost.exe
O23 - Service: @%SystemRoot%\system32\bdesvc.dll,-100 (BDESVC) - Unknown owner - C:\Windows\System32\svchost.exe
O23 - Service: @%SystemRoot%\system32\bfe.dll,-1001 (BFE) - Unknown owner - C:\Windows\system32\svchost.exe
O23 - Service: @%SystemRoot%\system32\qmgr.dll,-1000 (BITS) - Unknown owner - C:\Windows\System32\svchost.exe
O23 - Service: @%systemroot%\system32\browser.dll,-100 (Browser) - Unknown owner - C:\Windows\System32\svchost.exe
O23 - Service: @%SystemRoot%\System32\bthserv.dll,-101 (bthserv) - Unknown owner - C:\Windows\system32\svchost.exe
O23 - Service: @%SystemRoot%\System32\certprop.dll,-11 (CertPropSvc) - Unknown owner - C:\Windows\system32\svchost.exe
O23 - Service: CLHNServiceForPowerDVD - Unknown owner - C:\Program Files\CyberLink\PowerDVD11\Kernel\DMP\CLHNServiceForPowerDVD.exe
O23 - Service: @%SystemRoot%\system32\cryptsvc.dll,-1001 (CryptSvc) - Unknown owner - C:\Windows\system32\svchost.exe
O23 - Service: @%systemroot%\system32\cscsvc.dll,-200 (CscService) - Unknown owner - C:\Windows\System32\svchost.exe
O23 - Service: CyberLink PowerDVD 11.0 Monitor Service - CyberLink - C:\Program Files\CyberLink\PowerDVD11\Common\MediaServer\CLMSMonitorService.exe
O23 - Service: CyberLink PowerDVD 11.0 Service - CyberLink - C:\Program Files\CyberLink\PowerDVD11\Common\MediaServer\CLMSServer.exe
O23 - Service: @oleres.dll,-5012 (DcomLaunch) - Unknown owner - C:\Windows\system32\svchost.exe
O23 - Service: Défragmenteur de disque (defragsvc) - Unknown owner - C:\Windows\system32\svchost.exe
O23 - Service: @%SystemRoot%\system32\dhcpcore.dll,-100 (Dhcp) - Unknown owner - C:\Windows\system32\svchost.exe
O23 - Service: @%SystemRoot%\System32\dnsapi.dll,-101 (Dnscache) - Unknown owner - C:\Windows\system32\svchost.exe
O23 - Service: @%systemroot%\system32\dot3svc.dll,-1102 (dot3svc) - Unknown owner - C:\Windows\system32\svchost.exe
O23 - Service: @%systemroot%\system32\dps.dll,-500 (DPS) - Unknown owner - C:\Windows\System32\svchost.exe
O23 - Service: @%systemroot%\system32\eapsvc.dll,-1 (EapHost) - Unknown owner - C:\Windows\System32\svchost.exe
O23 - Service: @%SystemRoot%\ehome\ehrecvr.exe,-101 (ehRecvr) - Unknown owner - C:\Windows\ehome\ehRecvr.exe
O23 - Service: @%SystemRoot%\ehome\ehsched.exe,-101 (ehSched) - Unknown owner - C:\Windows\ehome\ehsched.exe
O23 - Service: @%SystemRoot%\system32\wevtsvc.dll,-200 (eventlog) - Unknown owner - C:\Windows\System32\svchost.exe
O23 - Service: @comres.dll,-2450 (EventSystem) - Unknown owner - C:\Windows\system32\svchost.exe
O23 - Service: @%systemroot%\system32\fdPHost.dll,-100 (fdPHost) - Unknown owner - C:\Windows\system32\svchost.exe
O23 - Service: @%systemroot%\system32\fdrespub.dll,-100 (FDResPub) - Unknown owner - C:\Windows\system32\svchost.exe
O23 - Service: @%systemroot%\system32\FntCache.dll,-100 (FontCache) - Unknown owner - C:\Windows\system32\svchost.exe
O23 - Service: @gpapi.dll,-112 (gpsvc) - Unknown owner - C:\Windows\system32\svchost.exe
O23 - Service: @%SystemRoot%\System32\hidserv.dll,-101 (hidserv) - Unknown owner - C:\Windows\system32\svchost.exe
O23 - Service: @%SystemRoot%\system32\kmsvc.dll,-6 (hkmsvc) - Unknown owner - C:\Windows\System32\svchost.exe
O23 - Service: @%SystemRoot%\System32\ListSvc.dll,-100 (HomeGroupListener) - Unknown owner - C:\Windows\System32\svchost.exe
O23 - Service: @%SystemRoot%\System32\provsvc.dll,-100 (HomeGroupProvider) - Unknown owner - C:\Windows\System32\svchost.exe
O23 - Service: HP Support Assistant Service - Hewlett-Packard Company - C:\Program Files\Hewlett-Packard\HP Support Framework\hpsa_service.exe
O23 - Service: HP Software Framework Service (hpqwmiex) - Hewlett-Packard Company - C:\Program Files\Hewlett-Packard\Shared\hpqWmiEx.exe
O23 - Service: HPWMISVC - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe
O23 - Service: Technologie de stockage Intel® Rapid (IAStorDataMgrSvc) - Intel Corporation - C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe
O23 - Service: IconMan_R - Realsil Microelectronics Inc. - C:\Program Files\Realtek\Realtek PCIE Card Reader\RIconMan.exe
O23 - Service: @%SystemRoot%\system32\ikeext.dll,-501 (IKEEXT) - Unknown owner - C:\Windows\system32\svchost.exe
O23 - Service: @%systemroot%\system32\IPBusEnum.dll,-102 (IPBusEnum) - Unknown owner - C:\Windows\system32\svchost.exe
O23 - Service: @%SystemRoot%\system32\iphlpsvc.dll,-500 (iphlpsvc) - Unknown owner - C:\Windows\System32\svchost.exe
O23 - Service: @comres.dll,-2946 (KtmRm) - Unknown owner - C:\Windows\System32\svchost.exe
O23 - Service: @%systemroot%\system32\srvsvc.dll,-100 (LanmanServer) - Unknown owner - C:\Windows\system32\svchost.exe
O23 - Service: @%systemroot%\system32\wkssvc.dll,-100 (LanmanWorkstation) - Unknown owner - C:\Windows\System32\svchost.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: @%SystemRoot%\system32\lltdres.dll,-1 (lltdsvc) - Unknown owner - C:\Windows\System32\svchost.exe
O23 - Service: @%SystemRoot%\system32\lmhsvc.dll,-101 (lmhosts) - Unknown owner - C:\Windows\system32\svchost.exe
O23 - Service: Ma-Config Agent (MaConfigAgent) - Unknown owner - C:\Program Files\ma-config.com\MaConfigAgent.exe
O23 - Service: Planificateur de classes multimédias (MMCSS) - Unknown owner - C:\Windows\system32\svchost.exe
O23 - Service: Mozilla Maintenance Service (MozillaMaintenance) - Mozilla Foundation - C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe
O23 - Service: @%SystemRoot%\system32\FirewallAPI.dll,-23090 (MpsSvc) - Unknown owner - C:\Windows\system32\svchost.exe
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe
O23 - Service: @%SystemRoot%\system32\iscsidsc.dll,-5000 (MSiSCSI) - Unknown owner - C:\Windows\system32\svchost.exe
O23 - Service: @%SystemRoot%\system32\msimsg.dll,-27 (msiserver) - Unknown owner - C:\Windows\system32\msiexec.exe
O23 - Service: @%SystemRoot%\system32\qagentrt.dll,-6 (napagent) - Unknown owner - C:\Windows\System32\svchost.exe
O23 - Service: @%SystemRoot%\system32\netman.dll,-109 (Netman) - Unknown owner - C:\Windows\System32\svchost.exe
O23 - Service: @%SystemRoot%\system32\netprofm.dll,-202 (netprofm) - Unknown owner - C:\Windows\System32\svchost.exe
O23 - Service: @%SystemRoot%\System32\nlasvc.dll,-1 (NlaSvc) - Unknown owner - C:\Windows\System32\svchost.exe
O23 - Service: @%SystemRoot%\system32\nsisvc.dll,-200 (nsi) - Unknown owner - C:\Windows\system32\svchost.exe
O23 - Service: @%SystemRoot%\system32\pnrpsvc.dll,-8004 (p2pimsvc) - Unknown owner - C:\Windows\System32\svchost.exe
O23 - Service: @%SystemRoot%\system32\p2psvc.dll,-8006 (p2psvc) - Unknown owner - C:\Windows\System32\svchost.exe
O23 - Service: @%SystemRoot%\system32\pcasvc.dll,-1 (PcaSvc) - Unknown owner - C:\Windows\system32\svchost.exe
O23 - Service: @%SystemRoot%\system32\peerdistsvc.dll,-9000 (PeerDistSvc) - Unknown owner - C:\Windows\System32\svchost.exe
O23 - Service: @%systemroot%\system32\pla.dll,-500 (pla) - Unknown owner - C:\Windows\System32\svchost.exe
O23 - Service: @%SystemRoot%\system32\umpnpmgr.dll,-100 (PlugPlay) - Unknown owner - C:\Windows\system32\svchost.exe
O23 - Service: @%SystemRoot%\system32\pnrpauto.dll,-8002 (PNRPAutoReg) - Unknown owner - C:\Windows\System32\svchost.exe
O23 - Service: @%SystemRoot%\system32\pnrpsvc.dll,-8000 (PNRPsvc) - Unknown owner - C:\Windows\System32\svchost.exe
O23 - Service: Agent de stratégie IPsec (PolicyAgent) - Unknown owner - C:\Windows\system32\svchost.exe
O23 - Service: @%SystemRoot%\system32\umpo.dll,-100 (Power) - Unknown owner - C:\Windows\system32\svchost.exe
O23 - Service: @%systemroot%\system32\profsvc.dll,-300 (ProfSvc) - Unknown owner - C:\Windows\system32\svchost.exe
O23 - Service: @%SystemRoot%\system32\qwave.dll,-1 (QWAVE) - Unknown owner - C:\Windows\system32\svchost.exe
O23 - Service: @%Systemroot%\system32\rasauto.dll,-200 (RasAuto) - Unknown owner - C:\Windows\System32\svchost.exe
O23 - Service: @%Systemroot%\system32\rasmans.dll,-200 (RasMan) - Unknown owner - C:\Windows\System32\svchost.exe
O23 - Service: @%windir%\system32\RpcEpMap.dll,-1001 (RpcEptMapper) - Unknown owner - C:\Windows\system32\svchost.exe
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe
O23 - Service: @oleres.dll,-5010 (RpcSs) - Unknown owner - C:\Windows\system32\svchost.exe
O23 - Service: @%SystemRoot%\System32\SCardSvr.dll,-1 (SCardSvr) - Unknown owner - C:\Windows\system32\svchost.exe
O23 - Service: @%SystemRoot%\system32\schedsvc.dll,-100 (Schedule) - Unknown owner - C:\Windows\system32\svchost.exe
O23 - Service: @%SystemRoot%\System32\certprop.dll,-13 (SCPolicySvc) - Unknown owner - C:\Windows\system32\svchost.exe
O23 - Service: @%SystemRoot%\system32\sdrsvc.dll,-107 (SDRSVC) - Unknown owner - C:\Windows\system32\svchost.exe
O23 - Service: @%SystemRoot%\system32\Sens.dll,-200 (SENS) - Unknown owner - C:\Windows\system32\svchost.exe
O23 - Service: @%SystemRoot%\System32\sensrsvc.dll,-1000 (SensrSvc) - Unknown owner - C:\Windows\system32\svchost.exe
O23 - Service: @%SystemRoot%\System32\SessEnv.dll,-1026 (SessionEnv) - Unknown owner - C:\Windows\System32\svchost.exe
O23 - Service: @%SystemRoot%\system32\ipnathlp.dll,-106 (SharedAccess) - Unknown owner - C:\Windows\System32\svchost.exe
O23 - Service: @%SystemRoot%\System32\shsvcs.dll,-12288 (ShellHWDetection) - Unknown owner - C:\Windows\System32\svchost.exe
O23 - Service: Skype C2C Service - Skype Technologies S.A. - C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe
O23 - Service: Skype Updater (SkypeUpdate) - Skype Technologies - C:\Program Files\Skype\Updater\Updater.exe
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe
O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe
O23 - Service: @%SystemRoot%\system32\sppuinotify.dll,-103 (sppuinotify) - Unknown owner - C:\Windows\system32\svchost.exe
O23 - Service: @%SystemRoot%\system32\sstpsvc.dll,-200 (SstpSvc) - Unknown owner - C:\Windows\system32\svchost.exe
O23 - Service: @%SystemRoot%\system32\wiaservc.dll,-9 (StiSvc) - Unknown owner - C:\Windows\system32\svchost.exe
O23 - Service: @%SystemRoot%\System32\swprv.dll,-103 (swprv) - Unknown owner - C:\Windows\System32\svchost.exe
O23 - Service: @%SystemRoot%\system32\sysmain.dll,-1000 (SysMain) - Unknown owner - C:\Windows\system32\svchost.exe
O23 - Service: @%SystemRoot%\system32\TabSvc.dll,-100 (TabletInputService) - Unknown owner - C:\Windows\System32\svchost.exe
O23 - Service: @%SystemRoot%\system32\tapisrv.dll,-10100 (TapiSrv) - Unknown owner - C:\Windows\System32\svchost.exe
O23 - Service: @%SystemRoot%\system32\tbssvc.dll,-100 (TBS) - Unknown owner - C:\Windows\System32\svchost.exe
O23 - Service: @%SystemRoot%\System32\termsrv.dll,-268 (TermService) - Unknown owner - C:\Windows\System32\svchost.exe
O23 - Service: @%SystemRoot%\System32\themeservice.dll,-8192 (Themes) - Unknown owner - C:\Windows\System32\svchost.exe
O23 - Service: @%systemroot%\system32\mmcss.dll,-102 (THREADORDER) - Unknown owner - C:\Windows\system32\svchost.exe
O23 - Service: @%SystemRoot%\system32\trkwks.dll,-1 (TrkWks) - Unknown owner - C:\Windows\System32\svchost.exe
O23 - Service: @%SystemRoot%\servicing\TrustedInstaller.exe,-100 (TrustedInstaller) - Unknown owner - C:\Windows\servicing\TrustedInstaller.exe
O23 - Service: TuneUp Utilities Service (TuneUp.UtilitiesSvc) - TuneUp Software - C:\Program Files\TuneUp Utilities 2013\TuneUpUtilitiesService32.exe
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe
O23 - Service: @%SystemRoot%\system32\umrdp.dll,-1000 (UmRdpService) - Unknown owner - C:\Windows\System32\svchost.exe
O23 - Service: @%systemroot%\system32\upnphost.dll,-213 (upnphost) - Unknown owner - C:\Windows\system32\svchost.exe
O23 - Service: @%SystemRoot%\system32\dwm.exe,-2000 (UxSms) - Unknown owner - C:\Windows\System32\svchost.exe
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe
O23 - Service: @%systemroot%\system32\wbiosrvc.dll,-100 (WbioSrvc) - Unknown owner - C:\Windows\system32\svchost.exe
O23 - Service: @%SystemRoot%\system32\wcncsvc.dll,-3 (wcncsvc) - Unknown owner - C:\Windows\System32\svchost.exe
O23 - Service: @%SystemRoot%\system32\WcsPlugInService.dll,-200 (WcsPlugInService) - Unknown owner - C:\Windows\system32\svchost.exe
O23 - Service: @%systemroot%\system32\wdi.dll,-502 (WdiServiceHost) - Unknown owner - C:\Windows\System32\svchost.exe
O23 - Service: @%systemroot%\system32\wdi.dll,-500 (WdiSystemHost) - Unknown owner - C:\Windows\System32\svchost.exe
O23 - Service: @%systemroot%\system32\webclnt.dll,-100 (WebClient) - Unknown owner - C:\Windows\system32\svchost.exe
O23 - Service: @%SystemRoot%\system32\wecsvc.dll,-200 (Wecsvc) - Unknown owner - C:\Windows\system32\svchost.exe
O23 - Service: @%SystemRoot%\System32\wercplsupport.dll,-101 (wercplsupport) - Unknown owner - C:\Windows\System32\svchost.exe
O23 - Service: @%SystemRoot%\System32\wersvc.dll,-100 (WerSvc) - Unknown owner - C:\Windows\System32\svchost.exe
O23 - Service: Windows Defender (WinDefend) - Unknown owner - C:\Windows\System32\svchost.exe
O23 - Service: @%SystemRoot%\system32\winhttp.dll,-100 (WinHttpAutoProxySvc) - Unknown owner - C:\Windows\system32\svchost.exe
O23 - Service: @%Systemroot%\system32\wbem\wmisvc.dll,-205 (Winmgmt) - Unknown owner - C:\Windows\system32\svchost.exe
O23 - Service: @%Systemroot%\system32\wsmsvc.dll,-101 (WinRM) - Unknown owner - C:\Windows\System32\svchost.exe
O23 - Service: @%SystemRoot%\System32\wlansvc.dll,-257 (Wlansvc) - Unknown owner - C:\Windows\system32\svchost.exe
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe
O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files\Windows Media Player\wmpnetwk.exe
O23 - Service: @%SystemRoot%\system32\wpcsvc.dll,-100 (WPCSvc) - Unknown owner - C:\Windows\system32\svchost.exe
O23 - Service: @%SystemRoot%\system32\wpdbusenum.dll,-100 (WPDBusEnum) - Unknown owner - C:\Windows\system32\svchost.exe
O23 - Service: @%SystemRoot%\System32\wscsvc.dll,-200 (wscsvc) - Unknown owner - C:\Windows\System32\svchost.exe
O23 - Service: @%systemroot%\system32\SearchIndexer.exe,-103 (WSearch) - Unknown owner - C:\Windows\system32\SearchIndexer.exe
O23 - Service: @%systemroot%\system32\wuaueng.dll,-105 (wuauserv) - Unknown owner - C:\Windows\system32\svchost.exe
O23 - Service: @%SystemRoot%\system32\wudfsvc.dll,-1000 (wudfsvc) - Unknown owner - C:\Windows\system32\svchost.exe
O23 - Service: @%SystemRoot%\System32\wwansvc.dll,-257 (WwanSvc) - Unknown owner - C:\Windows\system32\svchost.exe

--
End of file - 26066 bytes
 


Edited by Belllisarrio, 07 June 2013 - 01:20 PM.


BC AdBot (Login to Remove)

 


#2 Belllisarrio

Belllisarrio
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:11:43 PM

Posted 07 June 2013 - 01:19 PM

Hey! Pro or you?



#3 CatByte

CatByte

    bleepin' tiger


  • Malware Response Team
  • 14,664 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Location:Canada
  • Local time:06:43 PM

Posted 07 June 2013 - 06:34 PM

Please run the following:

Please download Farbar Recovery Scan Tool and save it to your desktop.

Note: You need to run the version compatible with your system. If you are not sure which version applies to your system download both of them and try to run them. Only one of them will run on your system, that will be the right version.
  • Double-click to run it. When the tool opens click Yes to disclaimer.
  • Press Scan button.
  • It will make a log (FRST.txt) in the same directory the tool is run. Please copy and paste it to your reply.
  • The first time the tool is run, it makes also another log (Addition.txt). Please attach it to your reply.

Microsoft MVP - 2010, 2011, 2012, 2013, 2014, 2015


#4 Belllisarrio

Belllisarrio
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:11:43 PM

Posted 08 June 2013 - 09:45 PM


Thank you for your response Mr.bleepin 'tiger
As you have asked me, attached two reports (FRST.txt) and (Addition.txt) ...

1) FRST.txt
 
Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 08-06-2013
Ran by naguib (administrator) on 08-06-2013 20:28:42
Running from C:\Users\naguib\Downloads\Anti-Spyware\Farbar Recovery Scan Tool
Windows 7 Ultimate Service Pack 1 (X86) OS Language: French Standard
Internet Explorer Version 9
Boot Mode: Normal

==================== Processes (Whitelisted) ===================

(Andrea Electronics Corporation) C:\Program Files\Realtek\Audio\HDA\AERTSrv.exe
(Atheros) C:\Program Files\Bluetooth Suite\Ath_CoexAgent.exe
(Atheros Commnucations) C:\Program Files\Bluetooth Suite\adminservice.exe
(Hewlett-Packard Development Company, L.P.) C:\Program Files\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe
(Hewlett-Packard Company) C:\Program Files\Common Files\LightScribe\LSSrvc.exe
(CybelSoft) C:\Program Files\ma-config.com\MaConfigAgent.exe
(TuneUp Software) C:\Program Files\TuneUp Utilities 2013\TuneUpUtilitiesService32.exe
(TuneUp Software) C:\Program Files\TuneUp Utilities 2013\TuneUpUtilitiesApp32.exe
(Hewlett-Packard Development Company, L.P.) C:\Program Files\Hewlett-Packard\HP On Screen Display\HPOSD.exe
(Hewlett-Packard Development Company, L.P.) C:\Program Files\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
() C:\Program Files\Internet Haut Débit Mobile\AutoDect.exe
(Intel Corporation) C:\Windows\System32\igfxtray.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkNGUI.exe
(Zbshareware Lab) C:\Program Files\USB Disk Security\USBGuard.exe
(Hewlett-Packard Company) C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe
(Tonec Inc.) C:\Program Files\Internet Download Manager\IDMan.exe
(Siber Systems) C:\Program Files\Siber Systems\AI RoboForm\robotaskbaricon.exe
(Microsoft Corporation) C:\Program Files\Windows Sidebar\sidebar.exe
(Stardock) C:\Windows\Alienware Skin Pack\AlienwareDock\AlienwareDock.exe
(Y'z) C:\Windows\Alienware Skin Pack\YzShadow\YzShadow.exe
(Hewlett-Packard Company) C:\Program Files\Hewlett-Packard\Shared\hpqWmiEx.exe
(Tonec Inc.) C:\Program Files\Internet Download Manager\IEMonitor.exe
(Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe
(Mozilla Corporation) C:\Program Files\Mozilla Firefox\plugin-container.exe
(Adobe Systems, Inc.) C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_7_700_202.exe
(Adobe Systems, Inc.) C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_7_700_202.exe
(Intel Corporation) C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe
(Hewlett-Packard Company) C:\Program Files\Hewlett-Packard\HP Support Framework\hpsa_service.exe
(Intel Corporation) C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe
(Realsil Microelectronics Inc.) C:\Program Files\Realtek\Realtek PCIE Card Reader\RIconMan.exe
(Microsoft Corporation) C:\Windows\system32\WLANExt.exe

==================== Registry (Whitelisted) ==================

HKLM\...\Run: [HPOSD] C:\Program Files\Hewlett-Packard\HP On Screen Display\HPOSD.exe [318520 2011-01-27] (Hewlett-Packard Development Company, L.P.)
HKLM\...\Run: [HP Quick Launch] C:\Program Files\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe [574008 2011-07-11] (Hewlett-Packard Development Company, L.P.)
HKLM\...\Run: [SynTPEnh] %ProgramFiles%\Synaptics\SynTP\SynTPEnh.exe [1996072 2010-12-21] (Synaptics Incorporated)
HKLM\...\Run: [IAStorIcon] C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorIconLaunch.exe "C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe" 60 [285240 2012-11-19] (Intel Corporation)
HKLM\...\Run: [autodetect] C:\Program Files\Internet Haut Débit Mobile\AutoDect.exe [129360 2010-03-02] ()
HKLM\...\Run: [RTHDVCPL] C:\Program Files\Realtek\Audio\HDA\RtkNGUI.exe -s [5995152 2012-08-31] (Realtek Semiconductor)
HKLM\...\Run: [USB Security] C:\Program Files\USB Disk Security\USBGuard.exe [658632 2012-07-31] (Zbshareware Lab)
HKLM\...\Run: [svchost] wscript.exe //B "C:\Users\naguib\AppData\Local\Temp\svchost.vbs" [x]
HKCU\...\Run: [LightScribe Control Panel] C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe -hidden [2736128 2011-03-04] (Hewlett-Packard Company)
HKCU\...\Run: [IDMan] C:\Program Files\Internet Download Manager\IDMan.exe /onboot [3540416 2013-01-24] (Tonec Inc.)
HKCU\...\Run: [RoboForm] "C:\Program Files\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe" [109784 2013-05-28] (Siber Systems)
HKCU\...\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun [1174016 2010-11-20] (Microsoft Corporation)
HKCU\...\Run: [svchost] wscript.exe //B "C:\Users\naguib\AppData\Local\Temp\svchost.vbs" [x]
Startup: C:\ProgramData\Start Menu\Programs\Startup\AlienwareDock.lnk
ShortcutTarget: AlienwareDock.lnk -> C:\Windows\Alienware Skin Pack\AlienwareDock\AlienwareDock.exe (Stardock)
Startup: C:\ProgramData\Start Menu\Programs\Startup\Yzshadow.lnk
ShortcutTarget: Yzshadow.lnk -> C:\Windows\Alienware Skin Pack\YzShadow\YzShadow.exe (Y'z)
BootExecute: autocheck autochk * sdnclean.exe

==================== Internet (Whitelisted) ====================

ProxyServer: :0
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yandex.ru/?win=56&clid=1975308
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://fr.msn.com/?ocid=iehp
HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.google.com
HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.google.com
HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com
SearchScopes: HKCU - yandex.ru-175406 URL = http://search.certified-toolbar.com?si=38268&bs=true&tid=77&q={searchTerms}
SearchScopes: HKCU - {483830EE-A4CD-4b71-B0A3-3D82E62A6909} URL =
SearchScopes: HKCU - {6B09586F-491D-4E57-B162-1DB63843B81A} URL = http://websearch.ask.com/redirect?client=ie&tb=HIP&o=&src=kw&q={searchTerms}&locale=&apn_ptnrs=&apn_dtid=&apn_uid=40670F76-80E2-4129-8133-388D9A2F4AF6&apn_sauid=DFF28B65-2A4C-4597-927C-34844AE288BC
SearchScopes: HKCU - {DF2C791D-0F08-4476-8AF4-8DE35C869E5C} URL = http://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT2851639
BHO: IDM integration (IDMIEHlprObj Class) - {0055C089-8582-441B-A0BF-17B458C2A3A8} - C:\Program Files\Internet Download Manager\IDMIECC.dll (Internet Download Manager, Tonec Inc.)
BHO: RoboForm Toolbar Helper - {724d43a9-0d85-11d4-9908-00400523e39a} - C:\Program Files\Siber Systems\AI RoboForm\roboform.dll (Siber Systems Inc.)
BHO: CIESpeechBHO Class - {8D10F6C4-0E01-4BD4-8601-11AC1FDF8126} - C:\Program Files\Bluetooth Suite\IEPlugIn.dll (Atheros Commnucations)
BHO: Skype Browser Helper - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
BHO: HP Network Check Helper - {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} - C:\Program Files\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll (Hewlett-Packard)
Toolbar: HKLM - &RoboForm Toolbar - {724d43a0-0d85-11d4-9908-00400523e39a} - C:\Program Files\Siber Systems\AI RoboForm\roboform.dll (Siber Systems Inc.)
Toolbar: HKCU -No Name - {05EEB91A-AEF7-4F8A-978F-FB83E7B03F8E} -  No File
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL (Skype Technologies)
Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{C15B05D4-A766-4DAB-85E9-E78D8B4261C4}: [NameServer]208.67.222.222,208.67.220.220

FireFox:
========
FF ProfilePath: C:\Users\naguib\AppData\Roaming\Mozilla\Firefox\Profiles\3t9rxmw2.default-1368471228886
FF Homepage: hxxp://www.google.fr/
FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF32_11_7_700_202.dll ()
FF Plugin: @microsoft.com/GENUINE - disabled No File
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files\Microsoft Silverlight\4.0.60310.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @videolan.org/vlc,version=2.0.6 - C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin: Adobe Reader - C:\Program Files\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)

Chrome:
=======
CHR HomePage: hxxp://www.yandex.ru/?win=56&clid=1975308
CHR RestoreOnStartup: "hxxp://www.yandex.ru/?win=56&clid=1975308"]},"browser":{"show_home_button"

========================== Services (Whitelisted) =================

S3 CLHNServiceForPowerDVD; C:\Program Files\CyberLink\PowerDVD11\Kernel\DMP\CLHNServiceForPowerDVD.exe [83240 2011-04-20] ()
S3 CyberLink PowerDVD 11.0 Monitor Service; C:\Program Files\CyberLink\PowerDVD11\Common\MediaServer\CLMSMonitorService.exe [70952 2011-03-31] (CyberLink)
S3 CyberLink PowerDVD 11.0 Service; C:\Program Files\CyberLink\PowerDVD11\Common\MediaServer\CLMSServer.exe [312616 2011-03-31] (CyberLink)
R2 IconMan_R; C:\Program Files\Realtek\Realtek PCIE Card Reader\RIconMan.exe [1822352 2012-07-24] (Realsil Microelectronics Inc.)
R2 MaConfigAgent; C:\Program Files\ma-config.com\MaConfigAgent.exe [755536 2013-05-15] (CybelSoft)
S3 Skype C2C Service; C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe [3064000 2012-10-02] (Skype Technologies S.A.)
R2 TuneUp.UtilitiesSvc; C:\Program Files\TuneUp Utilities 2013\TuneUpUtilitiesService32.exe [1723744 2012-12-07] (TuneUp Software)

==================== Drivers (Whitelisted) ====================

R3 AthBTPort; C:\Windows\System32\DRIVERS\btath_flt.sys [34976 2011-05-09] (Atheros)
R3 athr; C:\Windows\System32\DRIVERS\athr.sys [3081216 2012-11-22] (Qualcomm Atheros Communications, Inc.)
R3 BTATH_A2DP; C:\Windows\System32\drivers\btath_a2dp.sys [259232 2011-05-09] (Atheros)
R3 BTATH_BUS; C:\Windows\System32\DRIVERS\btath_bus.sys [24736 2011-05-09] (Atheros)
R3 BTATH_HCRP; C:\Windows\System32\DRIVERS\btath_hcrp.sys [175776 2011-05-09] (Atheros)
R3 BTATH_LWFLT; C:\Windows\System32\DRIVERS\btath_lwflt.sys [49312 2011-05-09] (Atheros)
R3 BTATH_RCP; C:\Windows\System32\DRIVERS\btath_rcp.sys [141088 2011-05-09] (Atheros)
R3 BtFilter; C:\Windows\System32\DRIVERS\btfilter.sys [243872 2011-05-09] (Atheros)
S3 driverhardwarev2; C:\Program Files\ma-config.com\Drivers\driverhardwarev2.sys [16640 2011-07-21] (CybelSoft)
R1 eamonm; C:\Windows\System32\DRIVERS\eamonm.sys [171680 2013-02-14] (ESET)
R1 ehdrv; C:\Windows\System32\DRIVERS\ehdrv.sys [122240 2013-01-10] (ESET)
R2 epfwwfpr; C:\Windows\System32\DRIVERS\epfwwfpr.sys [105760 2013-01-10] (ESET)
R0 iaStorA; C:\Windows\System32\DRIVERS\iaStorA.sys [526392 2012-11-19] (Intel Corporation)
R0 iaStorF; C:\Windows\System32\DRIVERS\iaStorF.sys [25656 2012-11-19] (Intel Corporation)
R2 ntk_PowerDVD; C:\Program Files\CyberLink\PowerDVD11\Kernel\DMP\ntk_PowerDVD.sys [71664 2011-04-20] (Cyberlink Corp.)
R3 RSPCIESTOR; C:\Windows\System32\DRIVERS\RtsPStor.sys [254608 2012-08-03] (Realtek Semiconductor Corp.)
S3 tap0901; C:\Windows\System32\DRIVERS\tap0901.sys [26624 2012-04-10] (The OpenVPN Project)
S3 taphss; C:\Windows\System32\DRIVERS\taphss.sys [33512 2012-08-01] (AnchorFree Inc)
S3 taphss6; C:\Windows\System32\DRIVERS\taphss6.sys [35592 2012-11-15] (Anchorfree Inc.)
R3 TuneUpUtilitiesDrv; C:\Program Files\TuneUp Utilities 2013\TuneUpUtilitiesDriver32.sys [10088 2012-11-16] (TuneUp Software)
R2 {329F96B6-DF1E-4328-BFDA-39EA953C1312}; C:\Program Files\CyberLink\PowerDVD11\Common\NavFilter\000.fcl [77296 2011-04-12] (CyberLink Corp.)
S2 NPF; system32\drivers\NPF.sys [x]
S3 Synth3dVsc; System32\drivers\synth3dvsc.sys [x]
S3 tsusbhub; system32\drivers\tsusbhub.sys [x]
S3 VGPU; System32\drivers\rdvgkmd.sys [x]

==================== NetSvcs (Whitelisted) ===================


==================== One Month Created Files and Folders ========

2013-06-08 20:28 - 2013-06-08 20:28 - 00000000 ____D C:\FRST
2013-06-07 20:21 - 2013-06-07 20:34 - 00000000 ____D C:\Users\naguib\Downloads\موقع رائع لتعلم أي لغة تريدها بالصوت والصورة وعبراللغة الأم العربية
2013-06-07 16:19 - 2013-06-07 16:20 - 00000000 ____D C:\Users\naguib\Downloads\كتاب لينكس الشامل
2013-06-06 19:40 - 2013-06-08 20:25 - 00000000 ____D C:\Users\naguib\Downloads\Anti-Spyware
2013-06-05 19:29 - 2013-06-06 18:19 - 00000000 ____D C:\Users\naguib\Downloads\تحميل ونسخ و تثبيت أحدث اصدارات توزيعة Ubuntu 13.04 من خلال USB
2013-06-05 18:24 - 2013-06-05 18:24 - 00001392 ____A C:\Users\naguib\Desktop\NBA 2012_2013.txt
2013-06-04 20:33 - 2013-06-04 20:33 - 00256720 ____A C:\Users\naguib\Downloads\MaConfig_Win.exe
2013-06-04 20:31 - 2013-06-04 20:31 - 00014636 ____A C:\Users\naguib\Downloads\AudioPlaybackDiagnostic.diagcab
2013-06-04 20:06 - 2013-06-04 20:07 - 00347424 ____A (Microsoft Corporation) C:\Users\naguib\Downloads\MicrosoftFixit.AudioPlayback.Run.exe
2013-06-03 19:36 - 2013-06-07 17:48 - 00000000 ____D C:\Users\naguib\Desktop\Comment installer Windows 8 et le cracker
2013-06-03 19:22 - 2013-06-03 19:41 - 00000000 ____D C:\Users\naguib\Desktop\Crack windows 7 100%
2013-06-01 23:23 - 2013-06-08 17:47 - 00002847 ____A C:\Windows\setupact.log
2013-06-01 23:23 - 2013-06-01 23:23 - 00058016 ____A C:\Users\naguib\AppData\Local\GDIPFONTCACHEV1.DAT
2013-06-01 23:23 - 2013-06-01 23:23 - 00000000 ____A C:\Windows\setuperr.log
2013-06-01 23:22 - 2013-06-01 23:23 - 00268128 ____A C:\Windows\System32\FNTCACHE.DAT
2013-06-01 16:57 - 2013-06-01 16:57 - 00000079 ____A C:\Windows\wininit.ini
2013-06-01 11:36 - 2013-06-01 11:36 - 00000000 ____D C:\Users\naguib\AppData\Local\Thinstall
2013-05-30 19:39 - 2012-12-07 13:26 - 00308736 ____A (Microsoft Corporation) C:\Windows\System32\Wpc.dll
2013-05-30 19:39 - 2012-12-07 13:20 - 02576384 ____A (Microsoft Corporation) C:\Windows\System32\gameux.dll
2013-05-30 19:39 - 2012-12-07 11:46 - 00046592 ____A (Microsoft) C:\Windows\System32\fpb.rs
2013-05-30 19:39 - 2012-12-07 11:46 - 00045568 ____A (Microsoft) C:\Windows\System32\oflc-nz.rs
2013-05-30 19:39 - 2012-12-07 11:46 - 00044544 ____A (Microsoft) C:\Windows\System32\pegibbfc.rs
2013-05-30 19:39 - 2012-12-07 11:46 - 00043520 ____A (Microsoft) C:\Windows\System32\csrr.rs
2013-05-30 19:39 - 2012-12-07 11:46 - 00040960 ____A (Microsoft) C:\Windows\System32\cob-au.rs
2013-05-30 19:39 - 2012-12-07 11:46 - 00030720 ____A (Microsoft) C:\Windows\System32\usk.rs
2013-05-30 19:39 - 2012-12-07 11:46 - 00021504 ____A (Microsoft) C:\Windows\System32\grb.rs
2013-05-30 19:39 - 2012-12-07 11:46 - 00020480 ____A (Microsoft) C:\Windows\System32\pegi-pt.rs
2013-05-30 19:39 - 2012-12-07 11:46 - 00020480 ____A (Microsoft) C:\Windows\System32\pegi.rs
2013-05-30 19:39 - 2012-12-07 11:46 - 00015360 ____A (Microsoft) C:\Windows\System32\djctq.rs
2013-05-30 19:38 - 2012-12-07 11:46 - 00055296 ____A (Microsoft) C:\Windows\System32\cero.rs
2013-05-30 19:38 - 2012-12-07 11:46 - 00051712 ____A (Microsoft) C:\Windows\System32\esrb.rs
2013-05-30 19:38 - 2012-12-07 11:46 - 00023552 ____A (Microsoft) C:\Windows\System32\oflc.rs
2013-05-30 19:38 - 2012-12-07 11:46 - 00020480 ____A (Microsoft) C:\Windows\System32\pegi-fi.rs
2013-05-30 17:32 - 2013-05-09 09:58 - 00229648 ____A (AVAST Software) C:\Windows\System32\aswBoot.exe
2013-05-30 17:30 - 2013-05-30 17:30 - 00000000 ____D C:\Program Files\AVAST Software
2013-05-30 16:41 - 2013-05-30 17:26 - 00000000 ____D C:\ProgramData\Spybot - Search & Destroy
2013-05-30 16:39 - 2013-05-30 16:39 - 00000000 ____D C:\Users\naguib\Downloads\AntiVirus 2013
2013-05-30 14:47 - 2013-05-30 14:47 - 00000000 ____D C:\ProgramData\StarApp
2013-05-30 14:16 - 2013-05-30 14:16 - 00264343 ____A C:\Users\naguib\AppData\Local\census.cache
2013-05-30 14:15 - 2013-05-30 14:15 - 00104520 ____A C:\Users\naguib\AppData\Local\ars.cache
2013-05-30 13:42 - 2013-05-30 13:42 - 00000036 ____A C:\Users\naguib\AppData\Local\housecall.guid.cache
2013-05-29 23:36 - 2013-05-29 23:36 - 00191604 ____A C:\ProgramData\1369866862.bdinstall.bin
2013-05-29 23:32 - 2013-05-29 23:32 - 00000376 ____A C:\Users\naguib\AppData\Roamingprivacy.xml
2013-05-29 21:31 - 2012-04-10 09:30 - 00026624 ____A (The OpenVPN Project) C:\Windows\System32\Drivers\tap0901.sys
2013-05-29 21:30 - 2013-05-29 21:30 - 00000000 ____D C:\Program Files\Microsoft Silverlight
2013-05-29 21:16 - 2013-05-29 21:16 - 00000000 ____D C:\Program Files\NirSoft
2013-05-29 21:13 - 2012-07-26 04:39 - 00526952 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\Wdf01000.sys
2013-05-29 21:13 - 2012-07-26 04:39 - 00047720 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\WdfLdr.sys
2013-05-29 21:13 - 2012-07-26 03:46 - 00009728 ____A (Microsoft Corporation) C:\Windows\System32\Wdfres.dll
2013-05-29 21:13 - 2012-06-02 15:34 - 00000003 ____A C:\Windows\System32\Drivers\MsftWdf_Kernel_01011_Inbox_Critical.Wdf
2013-05-29 21:12 - 2012-07-26 04:21 - 00196608 ____A (Microsoft Corporation) C:\Windows\System32\WUDFHost.exe
2013-05-29 21:12 - 2012-07-26 04:20 - 00613888 ____A (Microsoft Corporation) C:\Windows\System32\WUDFx.dll
2013-05-29 21:12 - 2012-07-26 04:20 - 00172032 ____A (Microsoft Corporation) C:\Windows\System32\WUDFPlatform.dll
2013-05-29 21:12 - 2012-07-26 04:20 - 00073216 ____A (Microsoft Corporation) C:\Windows\System32\WUDFSvc.dll
2013-05-29 21:12 - 2012-07-26 04:20 - 00038912 ____A (Microsoft Corporation) C:\Windows\System32\WUDFCoinstaller.dll
2013-05-29 21:12 - 2012-07-26 03:33 - 00066560 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\WUDFPf.sys
2013-05-29 21:12 - 2012-07-26 03:32 - 00155136 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\WUDFRd.sys
2013-05-29 21:12 - 2012-06-02 15:57 - 00000003 ____A C:\Windows\System32\Drivers\MsftWdf_User_01_11_00_Inbox_Critical.Wdf
2013-05-29 21:04 - 2012-11-30 05:47 - 00868352 ____A (Microsoft Corporation) C:\Windows\System32\kernel32.dll
2013-05-29 21:04 - 2012-11-30 05:47 - 00293376 ____A (Microsoft Corporation) C:\Windows\System32\KernelBase.dll
2013-05-29 21:04 - 2012-11-30 05:45 - 00005120 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-file-l1-1-0.dll
2013-05-29 21:04 - 2012-11-30 05:45 - 00004608 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-processthreads-l1-1-0.dll
2013-05-29 21:04 - 2012-11-30 05:45 - 00004096 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-sysinfo-l1-1-0.dll
2013-05-29 21:04 - 2012-11-30 05:45 - 00004096 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-synch-l1-1-0.dll
2013-05-29 21:04 - 2012-11-30 05:45 - 00004096 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-misc-l1-1-0.dll
2013-05-29 21:04 - 2012-11-30 05:45 - 00004096 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-localregistry-l1-1-0.dll
2013-05-29 21:04 - 2012-11-30 05:45 - 00004096 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-localization-l1-1-0.dll
2013-05-29 21:04 - 2012-11-30 05:45 - 00003584 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-processenvironment-l1-1-0.dll
2013-05-29 21:04 - 2012-11-30 05:45 - 00003584 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-namedpipe-l1-1-0.dll
2013-05-29 21:04 - 2012-11-30 05:45 - 00003584 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-memory-l1-1-0.dll
2013-05-29 21:04 - 2012-11-30 05:45 - 00003584 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-libraryloader-l1-1-0.dll
2013-05-29 21:04 - 2012-11-30 05:45 - 00003584 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-interlocked-l1-1-0.dll
2013-05-29 21:04 - 2012-11-30 05:45 - 00003584 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-heap-l1-1-0.dll
2013-05-29 21:04 - 2012-11-30 05:45 - 00003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-string-l1-1-0.dll
2013-05-29 21:04 - 2012-11-30 05:45 - 00003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-rtlsupport-l1-1-0.dll
2013-05-29 21:04 - 2012-11-30 05:45 - 00003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-profile-l1-1-0.dll
2013-05-29 21:04 - 2012-11-30 05:45 - 00003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-io-l1-1-0.dll
2013-05-29 21:04 - 2012-11-30 05:45 - 00003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-handle-l1-1-0.dll
2013-05-29 21:04 - 2012-11-30 05:45 - 00003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-fibers-l1-1-0.dll
2013-05-29 21:04 - 2012-11-30 05:45 - 00003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-errorhandling-l1-1-0.dll
2013-05-29 21:04 - 2012-11-30 05:45 - 00003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-delayload-l1-1-0.dll
2013-05-29 21:04 - 2012-11-30 05:45 - 00003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-debug-l1-1-0.dll
2013-05-29 21:04 - 2012-11-30 05:45 - 00003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-datetime-l1-1-0.dll
2013-05-29 21:04 - 2012-11-30 05:45 - 00003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-console-l1-1-0.dll
2013-05-29 21:04 - 2012-11-30 03:55 - 00271360 ____A (Microsoft Corporation) C:\Windows\System32\conhost.exe
2013-05-29 21:04 - 2012-11-30 03:38 - 00006144 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-security-base-l1-1-0.dll
2013-05-29 21:04 - 2012-11-30 03:38 - 00004608 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-threadpool-l1-1-0.dll
2013-05-29 21:04 - 2012-11-30 03:38 - 00003584 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-xstate-l1-1-0.dll
2013-05-29 21:04 - 2012-11-30 03:38 - 00003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-util-l1-1-0.dll
2013-05-29 21:04 - 2012-11-30 00:17 - 00420064 ____A C:\Windows\System32\locale.nls
2013-05-29 21:02 - 2013-05-29 21:03 - 00000415 ____A C:\Windows\System32\checkdnsid.xml
2013-05-29 21:00 - 2012-08-21 21:12 - 00245760 ____A (Microsoft Corporation) C:\Windows\System32\OxpsConverter.exe
2013-05-29 20:59 - 2012-10-03 17:42 - 00242176 ____A (Microsoft Corporation) C:\Windows\System32\nlasvc.dll
2013-05-29 20:59 - 2012-10-03 17:42 - 00175104 ____A (Microsoft Corporation) C:\Windows\System32\netcorehc.dll
2013-05-29 20:59 - 2012-10-03 17:42 - 00156672 ____A (Microsoft Corporation) C:\Windows\System32\ncsi.dll
2013-05-29 20:59 - 2012-10-03 17:42 - 00052224 ____A (Microsoft Corporation) C:\Windows\System32\nlaapi.dll
2013-05-29 20:59 - 2012-10-03 17:42 - 00018944 ____A (Microsoft Corporation) C:\Windows\System32\netevent.dll
2013-05-29 20:59 - 2012-10-03 17:40 - 00499712 ____A (Microsoft Corporation) C:\Windows\System32\iphlpsvc.dll
2013-05-29 20:59 - 2012-10-03 16:21 - 00035328 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\tcpipreg.sys
2013-05-29 20:59 - 2012-01-04 09:58 - 00442880 ____A (Microsoft Corporation) C:\Windows\System32\ntshrui.dll
2013-05-29 20:59 - 2011-05-04 05:34 - 01549312 ____A (Microsoft Corporation) C:\Windows\System32\tquery.dll
2013-05-29 20:59 - 2011-05-04 05:32 - 01401344 ____A (Microsoft Corporation) C:\Windows\System32\mssrch.dll
2013-05-29 20:59 - 2011-05-04 05:32 - 00666624 ____A (Microsoft Corporation) C:\Windows\System32\mssvp.dll
2013-05-29 20:59 - 2011-05-04 05:32 - 00337408 ____A (Microsoft Corporation) C:\Windows\System32\mssph.dll
2013-05-29 20:59 - 2011-05-04 05:32 - 00197120 ____A (Microsoft Corporation) C:\Windows\System32\mssphtb.dll
2013-05-29 20:59 - 2011-05-04 05:32 - 00059392 ____A (Microsoft Corporation) C:\Windows\System32\msscntrs.dll
2013-05-29 20:59 - 2011-05-04 05:28 - 00427520 ____A (Microsoft Corporation) C:\Windows\System32\SearchIndexer.exe
2013-05-29 20:59 - 2011-05-04 05:28 - 00164352 ____A (Microsoft Corporation) C:\Windows\System32\SearchProtocolHost.exe
2013-05-29 20:59 - 2011-05-04 05:28 - 00086528 ____A (Microsoft Corporation) C:\Windows\System32\SearchFilterHost.exe
2013-05-29 20:58 - 2011-03-11 06:39 - 00148864 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\storport.sys
2013-05-29 20:58 - 2011-03-11 06:39 - 00143744 ____A (NVIDIA Corporation) C:\Windows\System32\Drivers\nvstor.sys
2013-05-29 20:58 - 2011-03-11 06:39 - 00117120 ____A (NVIDIA Corporation) C:\Windows\System32\Drivers\nvraid.sys
2013-05-29 20:58 - 2011-03-11 06:38 - 00332160 ____A (Intel Corporation) C:\Windows\System32\Drivers\iaStorV.sys
2013-05-29 20:58 - 2011-03-11 06:38 - 00080256 ____A (Advanced Micro Devices) C:\Windows\System32\Drivers\amdsata.sys
2013-05-29 20:58 - 2011-03-11 06:38 - 00022400 ____A (Advanced Micro Devices) C:\Windows\System32\Drivers\amdxata.sys
2013-05-29 20:58 - 2011-03-11 06:33 - 01699328 ____A (Microsoft Corporation) C:\Windows\System32\esent.dll
2013-05-29 20:58 - 2011-03-11 06:31 - 00074240 ____A (Microsoft Corporation) C:\Windows\System32\fsutil.exe
2013-05-29 20:58 - 2011-03-11 05:01 - 00076288 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\USBSTOR.SYS
2013-05-29 20:57 - 2012-05-05 08:46 - 00400896 ____A (Microsoft Corporation) C:\Windows\System32\srcore.dll
2013-05-29 20:57 - 2012-04-07 12:26 - 02342400 ____A (Microsoft Corporation) C:\Windows\System32\msi.dll
2013-05-29 20:57 - 2012-02-11 06:37 - 00317440 ____A (Microsoft Corporation) C:\Windows\System32\spoolsv.exe
2013-05-29 20:56 - 2012-08-22 18:16 - 00712048 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\ndis.sys
2013-05-29 20:56 - 2012-07-04 20:45 - 00033280 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\RNDISMP.sys
2013-05-29 20:56 - 2011-12-30 06:27 - 00478720 ____A (Microsoft Corporation) C:\Windows\System32\timedate.cpl
2013-05-29 20:52 - 2012-10-09 18:40 - 00193536 ____A (Microsoft Corporation) C:\Windows\System32\dhcpcore6.dll
2013-05-29 20:52 - 2012-10-09 18:40 - 00044032 ____A (Microsoft Corporation) C:\Windows\System32\dhcpcsvc6.dll
2013-05-29 20:52 - 2011-06-16 05:33 - 00180224 ____A (Microsoft Corporation) C:\Windows\System32\xmllite.dll
2013-05-29 20:51 - 2013-03-19 05:53 - 00186368 ____A (Microsoft Corporation) C:\Windows\System32\wwansvc.dll
2013-05-29 20:51 - 2013-03-19 04:33 - 00040960 ____A (Microsoft Corporation) C:\Windows\System32\wwanprotdim.dll
2013-05-29 20:51 - 2013-01-24 05:47 - 00196328 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\fvevol.sys
2013-05-29 20:51 - 2012-11-22 05:45 - 00626688 ____A (Microsoft Corporation) C:\Windows\System32\usp10.dll
2013-05-29 20:51 - 2012-07-06 20:23 - 00393728 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\bthport.sys
2013-05-29 20:51 - 2012-05-01 05:44 - 00164352 ____A (Microsoft Corporation) C:\Windows\System32\profsvc.dll
2013-05-29 20:51 - 2011-04-22 20:14 - 00027008 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\Diskdump.sys
2013-05-29 20:51 - 2011-03-25 03:58 - 00284672 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\usbport.sys
2013-05-29 20:51 - 2011-03-25 03:58 - 00258560 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\usbhub.sys
2013-05-29 20:51 - 2011-03-25 03:58 - 00075776 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\usbccgp.sys
2013-05-29 20:51 - 2011-03-25 03:57 - 00043008 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\usbehci.sys
2013-05-29 20:51 - 2011-03-25 03:57 - 00024064 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\usbuhci.sys
2013-05-29 20:51 - 2011-03-25 03:57 - 00020480 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\usbohci.sys
2013-05-29 20:51 - 2011-03-25 03:57 - 00005888 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\usbd.sys
2013-05-29 20:51 - 2011-02-18 06:39 - 00031232 ____A (Microsoft Corporation) C:\Windows\System32\prevhost.exe
2013-05-29 20:40 - 2013-05-29 20:40 - 00000000 ____D C:\Users\naguib\AppData\Roaming\ExtremeCopy
2013-05-29 20:38 - 2013-05-29 20:38 - 00000385 ____A C:\Windows\System32\user_gensett.xml
2013-05-29 20:34 - 2013-05-29 20:34 - 00001999 ____A C:\Users\Public\Desktop\ExtremeCopy Pro.lnk
2013-05-29 20:34 - 2013-05-29 20:34 - 00000000 ____D C:\Program Files\Easersoft
2013-05-29 20:12 - 2013-05-29 20:12 - 00486536 ____A (BitDefender) C:\Windows\System32\Drivers\avckf.sys.upd
2013-05-29 20:11 - 2013-05-29 20:11 - 00343456 ____A (BitDefender S.R.L.) C:\Windows\System32\Drivers\trufos.sys.upd
2013-05-29 19:58 - 2013-05-29 19:58 - 00633344 ____A (BitDefender) C:\Windows\System32\Drivers\avc3.sys.upd
2013-05-29 19:58 - 2013-05-29 19:58 - 00072704 ____A (BitDefender) C:\Windows\System32\Drivers\bdvedisk.sys.upd
2013-05-29 19:58 - 2013-05-29 19:58 - 00066392 ____A (BitDefender SRL) C:\Windows\System32\Drivers\bdsandbox.sys.upd
2013-05-29 19:57 - 2013-05-29 19:57 - 00242504 ____A (BitDefender) C:\Windows\System32\Drivers\avchv.sys.upd
2013-05-29 19:56 - 2013-05-29 19:56 - 00162976 ____A (BitDefender LLC) C:\Windows\System32\Drivers\gzflt.sys.upd
2013-05-29 19:54 - 2013-05-29 19:54 - 01817740 ____A C:\ProgramData\1369853256.bdinstall.bin
2013-05-29 19:51 - 2013-05-29 19:51 - 00000000 ___AH C:\Windows\System32\Drivers\Msft_Kernel_avchv_01009.Wdf
2013-05-29 19:51 - 2013-05-29 19:51 - 00000000 ____D C:\ProgramData\BDLogging
2013-05-29 19:51 - 2012-07-10 19:18 - 00000000 ____D C:\Windows\System32\ui
2013-05-29 19:51 - 2009-07-14 14:27 - 01461992 ____A (Microsoft Corporation) C:\Windows\System32\WdfCoInstaller01009.dll
2013-05-29 19:51 - 2007-04-11 11:11 - 00511328 ____A (Microsoft Corporation) C:\Windows\capicom.dll
2013-05-29 19:49 - 2013-05-29 19:49 - 00000000 ____D C:\Users\naguib\AppData\Roaming\QuickScan
2013-05-29 19:47 - 2013-05-29 23:35 - 00000000 ____D C:\Program Files\Common Files\Bitdefender
2013-05-28 21:22 - 2013-05-28 21:22 - 00001249 ____A C:\Users\naguib\Desktop\iobit-uninstaller.exe - Raccourci.lnk
2013-05-28 21:13 - 2013-05-28 21:13 - 00000000 ____D C:\Users\naguib\AppData\Roaming\IObit
2013-05-28 21:13 - 2012-08-03 16:10 - 01688408 ____A (IObit) C:\Users\naguib\Downloads\iobit-uninstaller.exe
2013-05-28 19:59 - 2013-05-28 19:59 - 00000000 ____D C:\ProgramData\RoboForm
2013-05-28 19:58 - 2013-05-28 19:58 - 00000000 ____D C:\Users\naguib\Documents\My RoboForm Data
2013-05-28 19:57 - 2013-05-28 19:57 - 00000000 ____D C:\Program Files\Siber Systems
2013-05-28 19:54 - 2013-06-08 15:43 - 00000000 ____D C:\Users\naguib\AppData\Roaming\vlc
2013-05-28 19:53 - 2013-05-28 19:53 - 00001028 ____A C:\Users\Public\Desktop\VLC media player.lnk
2013-05-28 19:52 - 2013-05-28 19:52 - 00000000 ____D C:\Program Files\VideoLAN
2013-05-27 19:18 - 2013-05-27 19:19 - 04767859 ____A C:\Users\naguib\Downloads\Activator BTS 2013 DrKiller94 .rar
2013-05-27 19:08 - 2013-05-27 19:08 - 14323712 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.dll
2013-05-27 19:08 - 2013-05-27 19:08 - 13760512 ____A (Microsoft Corporation) C:\Windows\System32\ieframe.dll
2013-05-27 19:08 - 2013-05-27 19:08 - 02877440 ____A (Microsoft Corporation) C:\Windows\System32\jscript9.dll
2013-05-27 19:08 - 2013-05-27 19:08 - 02706432 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.tlb
2013-05-27 19:08 - 2013-05-27 19:08 - 02046976 ____A (Microsoft Corporation) C:\Windows\System32\iertutil.dll
2013-05-27 19:08 - 2013-05-27 19:08 - 01767424 ____A (Microsoft Corporation) C:\Windows\System32\wininet.dll
2013-05-27 19:08 - 2013-05-27 19:08 - 01441280 ____A (Microsoft Corporation) C:\Windows\System32\inetcpl.cpl
2013-05-27 19:08 - 2013-05-27 19:08 - 01130496 ____A (Microsoft Corporation) C:\Windows\System32\urlmon.dll
2013-05-27 19:08 - 2013-05-27 19:08 - 00745472 ____A (Microsoft Corporation) C:\Windows\System32\MsSpellCheckingFacility.exe
2013-05-27 19:08 - 2013-05-27 19:08 - 00719360 ____A (Microsoft Corporation) C:\Windows\System32\mshtmlmedia.dll
2013-05-27 19:08 - 2013-05-27 19:08 - 00690688 ____A (Microsoft Corporation) C:\Windows\System32\jscript.dll
2013-05-27 19:08 - 2013-05-27 19:08 - 00629248 ____A (Microsoft Corporation) C:\Windows\System32\ieapfltr.dll
2013-05-27 19:08 - 2013-05-27 19:08 - 00523264 ____A (Microsoft Corporation) C:\Windows\System32\vbscript.dll
2013-05-27 19:08 - 2013-05-27 19:08 - 00493056 ____A (Microsoft Corporation) C:\Windows\System32\msfeeds.dll
2013-05-27 19:08 - 2013-05-27 19:08 - 00391168 ____A (Microsoft Corporation) C:\Windows\System32\ieui.dll
2013-05-27 19:08 - 2013-05-27 19:08 - 00361984 ____A (Microsoft Corporation) C:\Windows\System32\html.iec
2013-05-27 19:08 - 2013-05-27 19:08 - 00357888 ____A (Microsoft Corporation) C:\Windows\System32\dxtmsft.dll
2013-05-27 19:08 - 2013-05-27 19:08 - 00242200 ____A (Microsoft Corporation) C:\Windows\System32\iedkcs32.dll
2013-05-27 19:08 - 2013-05-27 19:08 - 00232960 ____A (Microsoft Corporation) C:\Windows\System32\url.dll
2013-05-27 19:08 - 2013-05-27 19:08 - 00226816 ____A (Microsoft Corporation) C:\Windows\System32\dxtrans.dll
2013-05-27 19:08 - 2013-05-27 19:08 - 00204800 ____A (Microsoft Corporation) C:\Windows\System32\webcheck.dll
2013-05-27 19:08 - 2013-05-27 19:08 - 00185344 ____A (Microsoft Corporation) C:\Windows\System32\elshyph.dll
2013-05-27 19:08 - 2013-05-27 19:08 - 00163840 ____A (Microsoft Corporation) C:\Windows\System32\msrating.dll
2013-05-27 19:08 - 2013-05-27 19:08 - 00158720 ____A (Microsoft Corporation) C:\Windows\System32\msls31.dll
2013-05-27 19:08 - 2013-05-27 19:08 - 00150528 ____A (Microsoft Corporation) C:\Windows\System32\iexpress.exe
2013-05-27 19:08 - 2013-05-27 19:08 - 00138752 ____A (Microsoft Corporation) C:\Windows\System32\wextract.exe
2013-05-27 19:08 - 2013-05-27 19:08 - 00137216 ____A (Microsoft Corporation) C:\Windows\System32\ieUnatt.exe
2013-05-27 19:08 - 2013-05-27 19:08 - 00125440 ____A (Microsoft Corporation) C:\Windows\System32\occache.dll
2013-05-27 19:08 - 2013-05-27 19:08 - 00117248 ____A (Microsoft Corporation) C:\Windows\System32\iepeers.dll
2013-05-27 19:08 - 2013-05-27 19:08 - 00110592 ____A (Microsoft Corporation) C:\Windows\System32\IEAdvpack.dll
2013-05-27 19:08 - 2013-05-27 19:08 - 00109056 ____A (Microsoft Corporation) C:\Windows\System32\iesysprep.dll
2013-05-27 19:08 - 2013-05-27 19:08 - 00082432 ____A (Microsoft Corporation) C:\Windows\System32\inseng.dll
2013-05-27 19:08 - 2013-05-27 19:08 - 00079872 ____A (Microsoft Corporation) C:\Windows\System32\mshtmled.dll
2013-05-27 19:08 - 2013-05-27 19:08 - 00073728 ____A (Microsoft Corporation) C:\Windows\System32\SetIEInstalledDate.exe
2013-05-27 19:08 - 2013-05-27 19:08 - 00071680 ____A (Microsoft Corporation) C:\Windows\System32\RegisterIEPKEYs.exe
2013-05-27 19:08 - 2013-05-27 19:08 - 00069120 ____A (Microsoft Corporation) C:\Windows\System32\icardie.dll
2013-05-27 19:08 - 2013-05-27 19:08 - 00061952 ____A (Microsoft Corporation) C:\Windows\System32\tdc.ocx
2013-05-27 19:08 - 2013-05-27 19:08 - 00061440 ____A (Microsoft Corporation) C:\Windows\System32\iesetup.dll
2013-05-27 19:08 - 2013-05-27 19:08 - 00057344 ____A (Microsoft Corporation) C:\Windows\System32\pngfilt.dll
2013-05-27 19:08 - 2013-05-27 19:08 - 00048640 ____A (Microsoft Corporation) C:\Windows\System32\mshtmler.dll
2013-05-27 19:08 - 2013-05-27 19:08 - 00042496 ____A (Microsoft Corporation) C:\Windows\System32\ie4uinit.exe
2013-05-27 19:08 - 2013-05-27 19:08 - 00041984 ____A (Microsoft Corporation) C:\Windows\System32\msfeedsbs.dll
2013-05-27 19:08 - 2013-05-27 19:08 - 00039424 ____A (Microsoft Corporation) C:\Windows\System32\jsproxy.dll
2013-05-27 19:08 - 2013-05-27 19:08 - 00038400 ____A (Microsoft Corporation) C:\Windows\System32\imgutil.dll
2013-05-27 19:08 - 2013-05-27 19:08 - 00033280 ____A (Microsoft Corporation) C:\Windows\System32\iernonce.dll
2013-05-27 19:08 - 2013-05-27 19:08 - 00023040 ____A (Microsoft Corporation) C:\Windows\System32\licmgr10.dll
2013-05-27 19:08 - 2013-05-27 19:08 - 00012800 ____A (Microsoft Corporation) C:\Windows\System32\mshta.exe
2013-05-27 19:08 - 2013-05-27 19:08 - 00011776 ____A (Microsoft Corporation) C:\Windows\System32\msfeedssync.exe
2013-05-27 19:07 - 2013-05-27 19:07 - 03419136 ____A (Microsoft Corporation) C:\Windows\System32\d2d1.dll
2013-05-27 19:07 - 2013-05-27 19:07 - 02284544 ____A (Microsoft Corporation) C:\Windows\System32\msmpeg2vdec.dll
2013-05-27 19:07 - 2013-05-27 19:07 - 01988096 ____A (Microsoft Corporation) C:\Windows\System32\d3d10warp.dll
2013-05-27 19:07 - 2013-05-27 19:07 - 01504768 ____A (Microsoft Corporation) C:\Windows\System32\d3d11.dll
2013-05-27 19:07 - 2013-05-27 19:07 - 01247744 ____A (Microsoft Corporation) C:\Windows\System32\DWrite.dll
2013-05-27 19:07 - 2013-05-27 19:07 - 01230336 ____A (Microsoft Corporation) C:\Windows\System32\WindowsCodecs.dll
2013-05-27 19:07 - 2013-05-27 19:07 - 01158144 ____A (Microsoft Corporation) C:\Windows\System32\XpsPrint.dll
2013-05-27 19:07 - 2013-05-27 19:07 - 01080832 ____A (Microsoft Corporation) C:\Windows\System32\d3d10.dll
2013-05-27 19:07 - 2013-05-27 19:07 - 00906240 ____A (Microsoft Corporation) C:\Windows\System32\FntCache.dll
2013-05-27 19:07 - 2013-05-27 19:07 - 00604160 ____A (Microsoft Corporation) C:\Windows\System32\d3d10level9.dll
2013-05-27 19:07 - 2013-05-27 19:07 - 00417792 ____A (Microsoft Corporation) C:\Windows\System32\WMPhoto.dll
2013-05-27 19:07 - 2013-05-27 19:07 - 00364544 ____A (Microsoft Corporation) C:\Windows\System32\XpsGdiConverter.dll
2013-05-27 19:07 - 2013-05-27 19:07 - 00293376 ____A (Microsoft Corporation) C:\Windows\System32\dxgi.dll
2013-05-27 19:07 - 2013-05-27 19:07 - 00249856 ____A (Microsoft Corporation) C:\Windows\System32\d3d10_1core.dll
2013-05-27 19:07 - 2013-05-27 19:07 - 00220160 ____A (Microsoft Corporation) C:\Windows\System32\d3d10core.dll
2013-05-27 19:07 - 2013-05-27 19:07 - 00207872 ____A (Microsoft Corporation) C:\Windows\System32\WindowsCodecsExt.dll
2013-05-27 19:07 - 2013-05-27 19:07 - 00187392 ____A (Microsoft Corporation) C:\Windows\System32\UIAnimation.dll
2013-05-27 19:07 - 2013-05-27 19:07 - 00161792 ____A (Microsoft Corporation) C:\Windows\System32\d3d10_1.dll
2013-05-27 19:07 - 2013-05-27 19:07 - 00010752 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-downlevel-advapi32-l1-1-0.dll
2013-05-27 19:07 - 2013-05-27 19:07 - 00009728 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-downlevel-shlwapi-l1-1-0.dll
2013-05-27 19:07 - 2013-05-27 19:07 - 00005632 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-downlevel-shlwapi-l2-1-0.dll
2013-05-27 19:07 - 2013-05-27 19:07 - 00005632 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-downlevel-ole32-l1-1-0.dll
2013-05-27 19:07 - 2013-05-27 19:07 - 00004096 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-downlevel-user32-l1-1-0.dll
2013-05-27 19:07 - 2013-05-27 19:07 - 00003584 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-downlevel-advapi32-l2-1-0.dll
2013-05-27 19:07 - 2013-05-27 19:07 - 00003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-downlevel-version-l1-1-0.dll
2013-05-27 19:07 - 2013-05-27 19:07 - 00003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-downlevel-shell32-l1-1-0.dll
2013-05-27 19:07 - 2013-05-27 19:07 - 00002560 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-downlevel-normaliz-l1-1-0.dll
2013-05-23 19:42 - 2013-05-27 01:54 - 00000000 ____D C:\Program Files\TuneUp Utilities 2013
2013-05-23 19:42 - 2013-05-23 19:42 - 00002175 ____A C:\Users\Public\Desktop\TuneUp Maintenance en 1 clic.lnk
2013-05-23 19:42 - 2013-05-23 19:42 - 00002139 ____A C:\Users\Public\Desktop\TuneUp Utilities 2013.lnk
2013-05-23 19:42 - 2012-12-07 10:30 - 00031584 ____A (TuneUp Software) C:\Windows\System32\TURegOpt.exe
2013-05-23 19:42 - 2012-12-07 10:30 - 00021344 ____A (TuneUp Software) C:\Windows\System32\authuitu.dll
2013-05-23 19:40 - 2013-05-23 19:53 - 00000000 __SHD C:\ProgramData\{C4ABDBC8-1C81-42C9-BFFC-4A68511E9E4F}
2013-05-23 18:44 - 2013-05-23 18:45 - 00001282 ____A C:\Users\Public\Desktop\Freemake Video Converter.lnk
2013-05-23 18:36 - 2013-05-23 18:41 - 29720176 ____A (Ellora Assets Corporation                                   ) C:\Users\naguib\Downloads\FreemakeVideoConverter_4.0.1.4.exe
2013-05-22 18:40 - 2013-05-27 18:13 - 00000000 ____D C:\Users\naguib\Downloads\برنامج التحكم في الشبكات والاتصال بالاجهزه Veronisoft IP Net Checker 1.5.3.6
2013-05-22 18:20 - 2013-05-22 18:20 - 00000682 ____A C:\Users\naguib\Desktop\Erreur 797.txt
2013-05-21 20:21 - 2013-05-21 20:24 - 10285040 ____A (Malwarebytes Corporation                                    ) C:\Users\naguib\Downloads\mbam-setup-1.75.0.1300.exe
2013-05-20 19:09 - 2013-05-20 19:29 - 00000000 ____D C:\Users\naguib\Downloads\Mask My IP 2.3.3.8 + الكراك
2013-05-20 18:33 - 2013-05-29 20:32 - 00000000 ____D C:\Users\naguib\Downloads\Extreme Copy 2.3.0 PRO
2013-05-18 20:15 - 2013-05-18 20:15 - 00000000 ____D C:\Program Files\Qualcomm Atheros
2013-05-18 20:14 - 2012-11-26 22:55 - 00078355 ____A C:\Windows\System32\athrext.cat
2013-05-18 20:14 - 2012-11-22 20:46 - 03081216 ____A (Qualcomm Atheros Communications, Inc.) C:\Windows\System32\Drivers\athr.sys
2013-05-18 20:14 - 2012-11-22 20:46 - 03081216 ____A (Qualcomm Atheros Communications, Inc.) C:\Windows\System32\athr.sys
2013-05-17 19:02 - 2013-05-17 19:02 - 00000000 ____D C:\Users\naguib\AppData\Roaming\GlarySoft
2013-05-17 18:18 - 2013-05-17 20:03 - 00000000 ____D C:\Users\naguib\AppData\Roaming\TeraCopy
2013-05-17 17:03 - 2013-05-21 20:24 - 00000000 ____D C:\Users\naguib\Downloads\اصلاح كل مشاكل الاتصال
2013-05-16 07:00 - 2013-02-27 06:05 - 00101720 ____A (Microsoft Corporation) C:\Windows\System32\consent.exe
2013-05-16 07:00 - 2013-02-27 05:55 - 12872704 ____A (Microsoft Corporation) C:\Windows\System32\shell32.dll
2013-05-16 07:00 - 2013-02-27 05:55 - 00180224 ____A (Microsoft Corporation) C:\Windows\System32\shdocvw.dll
2013-05-16 07:00 - 2013-02-27 05:49 - 00047104 ____A (Microsoft Corporation) C:\Windows\System32\appinfo.dll
2013-05-16 06:59 - 2013-04-10 04:14 - 02347520 ____A (Microsoft Corporation) C:\Windows\System32\win32k.sys
2013-05-16 06:54 - 2013-04-10 06:18 - 00728424 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\dxgkrnl.sys
2013-05-16 06:54 - 2013-04-10 06:18 - 00218984 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\dxgmms1.sys
2013-05-15 20:24 - 2013-05-16 18:04 - 00000000 ____D C:\Users\naguib\Downloads\Drivers MAI 2013
2013-05-15 20:17 - 2013-06-04 20:34 - 00000949 ____A C:\Users\Public\Desktop\Ma-Config.com - Démarrer la détection.lnk
2013-05-15 20:17 - 2013-06-04 20:34 - 00000000 ____D C:\ProgramData\ma-config.com
2013-05-15 20:17 - 2013-06-04 20:34 - 00000000 ____D C:\Program Files\ma-config.com
2013-05-15 03:39 - 2013-05-15 03:39 - 00000000 ____D C:\Users\naguib\AppData\Local\ESET
2013-05-14 14:35 - 2013-05-15 03:18 - 00000000 ____D C:\Users\naguib\AppData\Roaming\Mipony
2013-05-14 03:38 - 2013-06-08 19:22 - 01600197 ____A C:\Windows\WindowsUpdate.log
2013-05-13 19:53 - 2013-05-18 02:06 - 00000000 ____D C:\Users\naguib\Desktop\Anciennes données de Firefox
2013-05-13 07:05 - 2013-05-13 17:46 - 00000000 ____D C:\Program Files\USB Disk Security
2013-05-13 07:05 - 2013-05-13 07:07 - 00000000 ____D C:\ProgramData\Zbshareware Lab
2013-05-13 07:05 - 2013-05-13 07:05 - 00000000 ____D C:\Users\naguib\AppData\Roaming\Zbshareware Lab
2013-05-12 07:01 - 2013-05-12 18:05 - 00000000 ____D C:\Users\naguib\Downloads\شرح تعريب سامسونج
2013-05-11 18:44 - 2013-05-12 06:22 - 00000000 ____D C:\Users\naguib\Downloads\كاميرا خفية بن ابراهيم
2013-05-10 00:13 - 2013-05-10 00:34 - 06047956 ____A C:\Users\naguib\Downloads\[TUTO] Comment améliorer sa Connexion Internet avec cmd - YouTube_2.mp4
2013-05-10 00:00 - 2013-04-11 18:12 - 00001796 ____A C:\Users\naguib\Downloads\copie de Windows n'est pas authentique.txt
2013-05-09 19:25 - 2013-05-09 19:27 - 06017764 ____A C:\Users\naguib\Downloads\Comment augmenter son débit internet et jeux vidéos - YouTube.mp4
2013-05-09 19:14 - 2013-05-09 19:15 - 06018499 ____A C:\Users\naguib\Downloads\accélérer votre connexion internet avec DNS - YouTube.mp4
2013-05-09 18:08 - 2013-02-15 05:37 - 03217408 ____A (Microsoft Corporation) C:\Windows\System32\mstscax.dll
2013-05-09 18:08 - 2013-02-15 05:34 - 00131584 ____A (Microsoft Corporation) C:\Windows\System32\aaclient.dll
2013-05-09 18:08 - 2013-02-15 04:25 - 00036864 ____A (Microsoft Corporation) C:\Windows\System32\tsgqec.dll
2013-05-09 18:07 - 2013-03-19 06:04 - 03968856 ____A (Microsoft Corporation) C:\Windows\System32\ntkrnlpa.exe
2013-05-09 18:07 - 2013-03-19 06:04 - 03913560 ____A (Microsoft Corporation) C:\Windows\System32\ntoskrnl.exe
2013-05-09 18:07 - 2013-03-19 05:48 - 00038912 ____A (Microsoft Corporation) C:\Windows\System32\csrsrv.dll
2013-05-09 18:07 - 2013-03-19 03:49 - 00069632 ____A (Microsoft Corporation) C:\Windows\System32\smss.exe
2013-05-09 18:06 - 2013-04-12 14:45 - 01211752 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\ntfs.sys
2013-05-09 18:05 - 2013-02-12 04:32 - 00015872 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\usb8023.sys
2013-05-09 15:46 - 2013-05-09 15:46 - 00000000 ____D C:\Windows\System32\IconsCache

==================== One Month Modified Files and Folders ========

2013-06-08 20:28 - 2013-06-08 20:28 - 00000000 ____D C:\FRST
2013-06-08 20:26 - 2012-11-26 21:45 - 00000000 ____D C:\Users\naguib\AppData\Roaming\DMCache
2013-06-08 20:25 - 2013-06-06 19:40 - 00000000 ____D C:\Users\naguib\Downloads\Anti-Spyware
2013-06-08 19:27 - 2009-07-14 05:53 - 00032556 ____A C:\Windows\Tasks\SCHEDLGU.TXT
2013-06-08 19:27 - 2009-07-14 05:53 - 00000006 ___AH C:\Windows\Tasks\SA.DAT
2013-06-08 19:22 - 2013-05-14 03:38 - 01600197 ____A C:\Windows\WindowsUpdate.log
2013-06-08 18:39 - 2009-07-14 03:37 - 00000000 ____D C:\Windows\System32\NDF
2013-06-08 17:55 - 2009-07-14 05:34 - 00020800 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2013-06-08 17:55 - 2009-07-14 05:34 - 00020800 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2013-06-08 17:54 - 2012-11-26 21:43 - 00000000 ____D C:\Program Files\Mozilla Firefox
2013-06-08 17:47 - 2013-06-01 23:23 - 00002847 ____A C:\Windows\setupact.log
2013-06-08 15:43 - 2013-05-28 19:54 - 00000000 ____D C:\Users\naguib\AppData\Roaming\vlc
2013-06-07 20:42 - 2012-11-27 18:59 - 00007288 ____A C:\Users\naguib\Desktop\Compte Messagerie 3.txt
2013-06-07 20:34 - 2013-06-07 20:21 - 00000000 ____D C:\Users\naguib\Downloads\موقع رائع لتعلم أي لغة تريدها بالصوت والصورة وعبراللغة الأم العربية
2013-06-07 17:48 - 2013-06-03 19:36 - 00000000 ____D C:\Users\naguib\Desktop\Comment installer Windows 8 et le cracker
2013-06-07 16:20 - 2013-06-07 16:19 - 00000000 ____D C:\Users\naguib\Downloads\كتاب لينكس الشامل
2013-06-06 20:26 - 2012-11-27 18:58 - 00012723 ____A C:\Users\naguib\Desktop\My Forum's Two.txt
2013-06-06 18:19 - 2013-06-05 19:29 - 00000000 ____D C:\Users\naguib\Downloads\تحميل ونسخ و تثبيت أحدث اصدارات توزيعة Ubuntu 13.04 من خلال USB
2013-06-05 21:14 - 2012-11-26 00:46 - 01581250 ____A C:\Windows\System32\PerfStringBackup.INI
2013-06-05 18:24 - 2013-06-05 18:24 - 00001392 ____A C:\Users\naguib\Desktop\NBA 2012_2013.txt
2013-06-05 18:06 - 2012-12-20 17:06 - 00000000 ____D C:\Windows\System32\RTCOM
2013-06-04 20:34 - 2013-05-15 20:17 - 00000949 ____A C:\Users\Public\Desktop\Ma-Config.com - Démarrer la détection.lnk
2013-06-04 20:34 - 2013-05-15 20:17 - 00000000 ____D C:\ProgramData\ma-config.com
2013-06-04 20:34 - 2013-05-15 20:17 - 00000000 ____D C:\Program Files\ma-config.com
2013-06-04 20:33 - 2013-06-04 20:33 - 00256720 ____A C:\Users\naguib\Downloads\MaConfig_Win.exe
2013-06-04 20:31 - 2013-06-04 20:31 - 00014636 ____A C:\Users\naguib\Downloads\AudioPlaybackDiagnostic.diagcab
2013-06-04 20:07 - 2013-06-04 20:06 - 00347424 ____A (Microsoft Corporation) C:\Users\naguib\Downloads\MicrosoftFixit.AudioPlayback.Run.exe
2013-06-03 19:41 - 2013-06-03 19:22 - 00000000 ____D C:\Users\naguib\Desktop\Crack windows 7 100%
2013-06-02 18:25 - 2012-11-26 22:29 - 00000000 ____D C:\Users\naguib\AppData\Local\CrashDumps
2013-06-01 23:23 - 2013-06-01 23:23 - 00058016 ____A C:\Users\naguib\AppData\Local\GDIPFONTCACHEV1.DAT
2013-06-01 23:23 - 2013-06-01 23:23 - 00000000 ____A C:\Windows\setuperr.log
2013-06-01 23:23 - 2013-06-01 23:22 - 00268128 ____A C:\Windows\System32\FNTCACHE.DAT
2013-06-01 20:55 - 2013-01-14 02:53 - 00000000 ____D C:\Users\naguib\Downloads\Astuces DREAMBOX
2013-06-01 20:50 - 2012-12-17 00:45 - 00000000 ___SD C:\Users\naguib\Desktop\Tutorials
2013-06-01 17:19 - 2012-11-26 00:42 - 00000000 ____D C:\users\naguib
2013-06-01 17:18 - 2009-07-14 03:03 - 38010880 ____A C:\Windows\System32\config\SOFTWARE_tureg_old
2013-06-01 17:18 - 2009-07-14 03:03 - 17825792 ____A C:\Windows\System32\config\SYSTEM_tureg_old
2013-06-01 17:18 - 2009-07-14 03:03 - 00024576 ____A C:\Windows\System32\config\SECURITY_tureg_old
2013-06-01 17:17 - 2009-07-14 03:03 - 00262144 ____A C:\Windows\System32\config\DEFAULT_tureg_old
2013-06-01 17:17 - 2009-07-14 03:03 - 00069632 ____A C:\Windows\System32\config\SAM_tureg_old
2013-06-01 16:57 - 2013-06-01 16:57 - 00000079 ____A C:\Windows\wininit.ini
2013-06-01 16:54 - 2012-11-30 21:29 - 00000000 ____D C:\ProgramData\Freemake
2013-06-01 11:36 - 2013-06-01 11:36 - 00000000 ____D C:\Users\naguib\AppData\Local\Thinstall
2013-05-31 17:19 - 2012-11-26 02:20 - 00000000 ____D C:\ProgramData\AVAST Software
2013-05-31 04:17 - 2012-11-28 22:07 - 00508904 ____A (Microsoft Corporation) C:\Windows\System32\winload.exe
2013-05-31 04:17 - 2012-11-28 22:07 - 00442720 ____A (Microsoft Corporation) C:\Windows\System32\winresume.exe
2013-05-30 20:57 - 2012-11-26 22:39 - 00001002 ____A C:\Windows\Tasks\Adobe Flash Player Updater.job
2013-05-30 20:56 - 2009-07-14 03:37 - 00000000 ____D C:\Windows\System32\fr-FR
2013-05-30 19:38 - 2012-11-26 22:39 - 00692104 ____A (Adobe Systems Incorporated) C:\Windows\System32\FlashPlayerApp.exe
2013-05-30 19:38 - 2012-11-26 22:39 - 00071048 ____A (Adobe Systems Incorporated) C:\Windows\System32\FlashPlayerCPLApp.cpl
2013-05-30 19:00 - 2012-12-14 23:59 - 00000000 ___HD C:\Windows\Alienware Skin Pack
2013-05-30 18:58 - 2012-11-28 22:07 - 02755072 ____A (Microsoft Corporation) C:\Windows\System32\themeui.dll
2013-05-30 18:58 - 2009-07-14 00:40 - 00249856 ____A (Microsoft Corporation) C:\Windows\System32\uxtheme.dll
2013-05-30 18:58 - 2009-07-14 00:39 - 00037376 ____A (Microsoft Corporation) C:\Windows\System32\themeservice.dll
2013-05-30 17:32 - 2009-07-14 03:37 - 00000000 ____D C:\Windows\System32\DriverStore
2013-05-30 17:32 - 2009-07-14 03:04 - 00002577 ____A C:\Windows\System32\config.nt
2013-05-30 17:30 - 2013-05-30 17:30 - 00000000 ____D C:\Program Files\AVAST Software
2013-05-30 17:26 - 2013-05-30 16:41 - 00000000 ____D C:\ProgramData\Spybot - Search & Destroy
2013-05-30 17:03 - 2009-07-14 03:37 - 00000000 ____D C:\Windows\Microsoft.NET
2013-05-30 16:39 - 2013-05-30 16:39 - 00000000 ____D C:\Users\naguib\Downloads\AntiVirus 2013
2013-05-30 14:47 - 2013-05-30 14:47 - 00000000 ____D C:\ProgramData\StarApp
2013-05-30 14:16 - 2013-05-30 14:16 - 00264343 ____A C:\Users\naguib\AppData\Local\census.cache
2013-05-30 14:15 - 2013-05-30 14:15 - 00104520 ____A C:\Users\naguib\AppData\Local\ars.cache
2013-05-30 13:42 - 2013-05-30 13:42 - 00000036 ____A C:\Users\naguib\AppData\Local\housecall.guid.cache
2013-05-29 23:36 - 2013-05-29 23:36 - 00191604 ____A C:\ProgramData\1369866862.bdinstall.bin
2013-05-29 23:35 - 2013-05-29 19:47 - 00000000 ____D C:\Program Files\Common Files\Bitdefender
2013-05-29 23:32 - 2013-05-29 23:32 - 00000376 ____A C:\Users\naguib\AppData\Roamingprivacy.xml
2013-05-29 21:43 - 2012-11-26 08:34 - 00000000 ____D C:\Windows\System32\Drivers\fr-FR
2013-05-29 21:30 - 2013-05-29 21:30 - 00000000 ____D C:\Program Files\Microsoft Silverlight
2013-05-29 21:16 - 2013-05-29 21:16 - 00000000 ____D C:\Program Files\NirSoft
2013-05-29 21:03 - 2013-05-29 21:02 - 00000415 ____A C:\Windows\System32\checkdnsid.xml
2013-05-29 20:40 - 2013-05-29 20:40 - 00000000 ____D C:\Users\naguib\AppData\Roaming\ExtremeCopy
2013-05-29 20:38 - 2013-05-29 20:38 - 00000385 ____A C:\Windows\System32\user_gensett.xml
2013-05-29 20:34 - 2013-05-29 20:34 - 00001999 ____A C:\Users\Public\Desktop\ExtremeCopy Pro.lnk
2013-05-29 20:34 - 2013-05-29 20:34 - 00000000 ____D C:\Program Files\Easersoft
2013-05-29 20:32 - 2013-05-20 18:33 - 00000000 ____D C:\Users\naguib\Downloads\Extreme Copy 2.3.0 PRO
2013-05-29 20:31 - 2012-08-27 22:47 - 00000000 ____D C:\Users\naguib\Downloads\a installer apres formatage_pc samira
2013-05-29 20:12 - 2013-05-29 20:12 - 00486536 ____A (BitDefender) C:\Windows\System32\Drivers\avckf.sys.upd
2013-05-29 20:11 - 2013-05-29 20:11 - 00343456 ____A (BitDefender S.R.L.) C:\Windows\System32\Drivers\trufos.sys.upd
2013-05-29 19:58 - 2013-05-29 19:58 - 00633344 ____A (BitDefender) C:\Windows\System32\Drivers\avc3.sys.upd
2013-05-29 19:58 - 2013-05-29 19:58 - 00072704 ____A (BitDefender) C:\Windows\System32\Drivers\bdvedisk.sys.upd
2013-05-29 19:58 - 2013-05-29 19:58 - 00066392 ____A (BitDefender SRL) C:\Windows\System32\Drivers\bdsandbox.sys.upd
2013-05-29 19:57 - 2013-05-29 19:57 - 00242504 ____A (BitDefender) C:\Windows\System32\Drivers\avchv.sys.upd
2013-05-29 19:56 - 2013-05-29 19:56 - 00162976 ____A (BitDefender LLC) C:\Windows\System32\Drivers\gzflt.sys.upd
2013-05-29 19:54 - 2013-05-29 19:54 - 01817740 ____A C:\ProgramData\1369853256.bdinstall.bin
2013-05-29 19:51 - 2013-05-29 19:51 - 00000000 ___AH C:\Windows\System32\Drivers\Msft_Kernel_avchv_01009.Wdf
2013-05-29 19:51 - 2013-05-29 19:51 - 00000000 ____D C:\ProgramData\BDLogging
2013-05-29 19:49 - 2013-05-29 19:49 - 00000000 ____D C:\Users\naguib\AppData\Roaming\QuickScan
2013-05-29 18:00 - 2012-11-26 08:35 - 00000000 ____D C:\Windows\Panther
2013-05-28 23:53 - 2012-11-26 22:08 - 00000000 ____D C:\Program Files\Internet Haut Débit Mobile
2013-05-28 21:22 - 2013-05-28 21:22 - 00001249 ____A C:\Users\naguib\Desktop\iobit-uninstaller.exe - Raccourci.lnk
2013-05-28 21:17 - 2012-12-26 18:19 - 00000000 ____D C:\Program Files\Applian Technologies
2013-05-28 21:13 - 2013-05-28 21:13 - 00000000 ____D C:\Users\naguib\AppData\Roaming\IObit
2013-05-28 19:59 - 2013-05-28 19:59 - 00000000 ____D C:\ProgramData\RoboForm
2013-05-28 19:58 - 2013-05-28 19:58 - 00000000 ____D C:\Users\naguib\Documents\My RoboForm Data
2013-05-28 19:57 - 2013-05-28 19:57 - 00000000 ____D C:\Program Files\Siber Systems
2013-05-28 19:53 - 2013-05-28 19:53 - 00001028 ____A C:\Users\Public\Desktop\VLC media player.lnk
2013-05-28 19:52 - 2013-05-28 19:52 - 00000000 ____D C:\Program Files\VideoLAN
2013-05-27 20:04 - 2009-07-14 03:37 - 00000000 ____D C:\Windows\System32\zh-TW
2013-05-27 20:04 - 2009-07-14 03:37 - 00000000 ____D C:\Windows\System32\zh-HK
2013-05-27 20:04 - 2009-07-14 03:37 - 00000000 ____D C:\Windows\System32\zh-CN
2013-05-27 20:04 - 2009-07-14 03:37 - 00000000 ____D C:\Windows\System32\tr-TR
2013-05-27 20:04 - 2009-07-14 03:37 - 00000000 ____D C:\Windows\System32\sv-SE
2013-05-27 20:04 - 2009-07-14 03:37 - 00000000 ____D C:\Windows\System32\ru-RU
2013-05-27 20:04 - 2009-07-14 03:37 - 00000000 ____D C:\Windows\System32\pt-PT
2013-05-27 20:04 - 2009-07-14 03:37 - 00000000 ____D C:\Windows\System32\pt-BR
2013-05-27 20:04 - 2009-07-14 03:37 - 00000000 ____D C:\Windows\System32\pl-PL
2013-05-27 20:04 - 2009-07-14 03:37 - 00000000 ____D C:\Windows\System32\nl-NL
2013-05-27 20:04 - 2009-07-14 03:37 - 00000000 ____D C:\Windows\System32\nb-NO
2013-05-27 20:04 - 2009-07-14 03:37 - 00000000 ____D C:\Windows\System32\ko-KR
2013-05-27 20:04 - 2009-07-14 03:37 - 00000000 ____D C:\Windows\System32\ja-JP
2013-05-27 20:04 - 2009-07-14 03:37 - 00000000 ____D C:\Windows\System32\it-IT
2013-05-27 20:04 - 2009-07-14 03:37 - 00000000 ____D C:\Windows\System32\hu-HU
2013-05-27 20:04 - 2009-07-14 03:37 - 00000000 ____D C:\Windows\System32\fi-FI
2013-05-27 20:04 - 2009-07-14 03:37 - 00000000 ____D C:\Windows\System32\el-GR
2013-05-27 20:04 - 2009-07-14 03:37 - 00000000 ____D C:\Windows\System32\de-DE
2013-05-27 19:19 - 2013-05-27 19:18 - 04767859 ____A C:\Users\naguib\Downloads\Activator BTS 2013 DrKiller94 .rar
2013-05-27 19:08 - 2013-05-27 19:08 - 14323712 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.dll
2013-05-27 19:08 - 2013-05-27 19:08 - 13760512 ____A (Microsoft Corporation) C:\Windows\System32\ieframe.dll
2013-05-27 19:08 - 2013-05-27 19:08 - 02877440 ____A (Microsoft Corporation) C:\Windows\System32\jscript9.dll
2013-05-27 19:08 - 2013-05-27 19:08 - 02706432 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.tlb
2013-05-27 19:08 - 2013-05-27 19:08 - 02046976 ____A (Microsoft Corporation) C:\Windows\System32\iertutil.dll
2013-05-27 19:08 - 2013-05-27 19:08 - 01767424 ____A (Microsoft Corporation) C:\Windows\System32\wininet.dll
2013-05-27 19:08 - 2013-05-27 19:08 - 01441280 ____A (Microsoft Corporation) C:\Windows\System32\inetcpl.cpl
2013-05-27 19:08 - 2013-05-27 19:08 - 01130496 ____A (Microsoft Corporation) C:\Windows\System32\urlmon.dll
2013-05-27 19:08 - 2013-05-27 19:08 - 00745472 ____A (Microsoft Corporation) C:\Windows\System32\MsSpellCheckingFacility.exe
2013-05-27 19:08 - 2013-05-27 19:08 - 00719360 ____A (Microsoft Corporation) C:\Windows\System32\mshtmlmedia.dll
2013-05-27 19:08 - 2013-05-27 19:08 - 00690688 ____A (Microsoft Corporation) C:\Windows\System32\jscript.dll
2013-05-27 19:08 - 2013-05-27 19:08 - 00629248 ____A (Microsoft Corporation) C:\Windows\System32\ieapfltr.dll
2013-05-27 19:08 - 2013-05-27 19:08 - 00523264 ____A (Microsoft Corporation) C:\Windows\System32\vbscript.dll
2013-05-27 19:08 - 2013-05-27 19:08 - 00493056 ____A (Microsoft Corporation) C:\Windows\System32\msfeeds.dll
2013-05-27 19:08 - 2013-05-27 19:08 - 00391168 ____A (Microsoft Corporation) C:\Windows\System32\ieui.dll
2013-05-27 19:08 - 2013-05-27 19:08 - 00361984 ____A (Microsoft Corporation) C:\Windows\System32\html.iec
2013-05-27 19:08 - 2013-05-27 19:08 - 00357888 ____A (Microsoft Corporation) C:\Windows\System32\dxtmsft.dll
2013-05-27 19:08 - 2013-05-27 19:08 - 00242200 ____A (Microsoft Corporation) C:\Windows\System32\iedkcs32.dll
2013-05-27 19:08 - 2013-05-27 19:08 - 00232960 ____A (Microsoft Corporation) C:\Windows\System32\url.dll
2013-05-27 19:08 - 2013-05-27 19:08 - 00226816 ____A (Microsoft Corporation) C:\Windows\System32\dxtrans.dll
2013-05-27 19:08 - 2013-05-27 19:08 - 00204800 ____A (Microsoft Corporation) C:\Windows\System32\webcheck.dll
2013-05-27 19:08 - 2013-05-27 19:08 - 00185344 ____A (Microsoft Corporation) C:\Windows\System32\elshyph.dll
2013-05-27 19:08 - 2013-05-27 19:08 - 00163840 ____A (Microsoft Corporation) C:\Windows\System32\msrating.dll
2013-05-27 19:08 - 2013-05-27 19:08 - 00158720 ____A (Microsoft Corporation) C:\Windows\System32\msls31.dll
2013-05-27 19:08 - 2013-05-27 19:08 - 00150528 ____A (Microsoft Corporation) C:\Windows\System32\iexpress.exe
2013-05-27 19:08 - 2013-05-27 19:08 - 00138752 ____A (Microsoft Corporation) C:\Windows\System32\wextract.exe
2013-05-27 19:08 - 2013-05-27 19:08 - 00137216 ____A (Microsoft Corporation) C:\Windows\System32\ieUnatt.exe
2013-05-27 19:08 - 2013-05-27 19:08 - 00125440 ____A (Microsoft Corporation) C:\Windows\System32\occache.dll
2013-05-27 19:08 - 2013-05-27 19:08 - 00117248 ____A (Microsoft Corporation) C:\Windows\System32\iepeers.dll
2013-05-27 19:08 - 2013-05-27 19:08 - 00110592 ____A (Microsoft Corporation) C:\Windows\System32\IEAdvpack.dll
2013-05-27 19:08 - 2013-05-27 19:08 - 00109056 ____A (Microsoft Corporation) C:\Windows\System32\iesysprep.dll
2013-05-27 19:08 - 2013-05-27 19:08 - 00082432 ____A (Microsoft Corporation) C:\Windows\System32\inseng.dll
2013-05-27 19:08 - 2013-05-27 19:08 - 00079872 ____A (Microsoft Corporation) C:\Windows\System32\mshtmled.dll
2013-05-27 19:08 - 2013-05-27 19:08 - 00073728 ____A (Microsoft Corporation) C:\Windows\System32\SetIEInstalledDate.exe
2013-05-27 19:08 - 2013-05-27 19:08 - 00071680 ____A (Microsoft Corporation) C:\Windows\System32\RegisterIEPKEYs.exe
2013-05-27 19:08 - 2013-05-27 19:08 - 00069120 ____A (Microsoft Corporation) C:\Windows\System32\icardie.dll
2013-05-27 19:08 - 2013-05-27 19:08 - 00061952 ____A (Microsoft Corporation) C:\Windows\System32\tdc.ocx
2013-05-27 19:08 - 2013-05-27 19:08 - 00061440 ____A (Microsoft Corporation) C:\Windows\System32\iesetup.dll
2013-05-27 19:08 - 2013-05-27 19:08 - 00057344 ____A (Microsoft Corporation) C:\Windows\System32\pngfilt.dll
2013-05-27 19:08 - 2013-05-27 19:08 - 00048640 ____A (Microsoft Corporation) C:\Windows\System32\mshtmler.dll
2013-05-27 19:08 - 2013-05-27 19:08 - 00042496 ____A (Microsoft Corporation) C:\Windows\System32\ie4uinit.exe
2013-05-27 19:08 - 2013-05-27 19:08 - 00041984 ____A (Microsoft Corporation) C:\Windows\System32\msfeedsbs.dll
2013-05-27 19:08 - 2013-05-27 19:08 - 00039424 ____A (Microsoft Corporation) C:\Windows\System32\jsproxy.dll
2013-05-27 19:08 - 2013-05-27 19:08 - 00038400 ____A (Microsoft Corporation) C:\Windows\System32\imgutil.dll
2013-05-27 19:08 - 2013-05-27 19:08 - 00033280 ____A (Microsoft Corporation) C:\Windows\System32\iernonce.dll
2013-05-27 19:08 - 2013-05-27 19:08 - 00023040 ____A (Microsoft Corporation) C:\Windows\System32\licmgr10.dll
2013-05-27 19:08 - 2013-05-27 19:08 - 00012800 ____A (Microsoft Corporation) C:\Windows\System32\mshta.exe
2013-05-27 19:08 - 2013-05-27 19:08 - 00011776 ____A (Microsoft Corporation) C:\Windows\System32\msfeedssync.exe
2013-05-27 19:07 - 2013-05-27 19:07 - 03419136 ____A (Microsoft Corporation) C:\Windows\System32\d2d1.dll
2013-05-27 19:07 - 2013-05-27 19:07 - 02284544 ____A (Microsoft Corporation) C:\Windows\System32\msmpeg2vdec.dll
2013-05-27 19:07 - 2013-05-27 19:07 - 01988096 ____A (Microsoft Corporation) C:\Windows\System32\d3d10warp.dll
2013-05-27 19:07 - 2013-05-27 19:07 - 01504768 ____A (Microsoft Corporation) C:\Windows\System32\d3d11.dll
2013-05-27 19:07 - 2013-05-27 19:07 - 01247744 ____A (Microsoft Corporation) C:\Windows\System32\DWrite.dll
2013-05-27 19:07 - 2013-05-27 19:07 - 01230336 ____A (Microsoft Corporation) C:\Windows\System32\WindowsCodecs.dll
2013-05-27 19:07 - 2013-05-27 19:07 - 01158144 ____A (Microsoft Corporation) C:\Windows\System32\XpsPrint.dll
2013-05-27 19:07 - 2013-05-27 19:07 - 01080832 ____A (Microsoft Corporation) C:\Windows\System32\d3d10.dll
2013-05-27 19:07 - 2013-05-27 19:07 - 00906240 ____A (Microsoft Corporation) C:\Windows\System32\FntCache.dll
2013-05-27 19:07 - 2013-05-27 19:07 - 00604160 ____A (Microsoft Corporation) C:\Windows\System32\d3d10level9.dll
2013-05-27 19:07 - 2013-05-27 19:07 - 00417792 ____A (Microsoft Corporation) C:\Windows\System32\WMPhoto.dll
2013-05-27 19:07 - 2013-05-27 19:07 - 00364544 ____A (Microsoft Corporation) C:\Windows\System32\XpsGdiConverter.dll
2013-05-27 19:07 - 2013-05-27 19:07 - 00293376 ____A (Microsoft Corporation) C:\Windows\System32\dxgi.dll
2013-05-27 19:07 - 2013-05-27 19:07 - 00249856 ____A (Microsoft Corporation) C:\Windows\System32\d3d10_1core.dll
2013-05-27 19:07 - 2013-05-27 19:07 - 00220160 ____A (Microsoft Corporation) C:\Windows\System32\d3d10core.dll
2013-05-27 19:07 - 2013-05-27 19:07 - 00207872 ____A (Microsoft Corporation) C:\Windows\System32\WindowsCodecsExt.dll
2013-05-27 19:07 - 2013-05-27 19:07 - 00187392 ____A (Microsoft Corporation) C:\Windows\System32\UIAnimation.dll
2013-05-27 19:07 - 2013-05-27 19:07 - 00161792 ____A (Microsoft Corporation) C:\Windows\System32\d3d10_1.dll
2013-05-27 19:07 - 2013-05-27 19:07 - 00010752 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-downlevel-advapi32-l1-1-0.dll
2013-05-27 19:07 - 2013-05-27 19:07 - 00009728 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-downlevel-shlwapi-l1-1-0.dll
2013-05-27 19:07 - 2013-05-27 19:07 - 00005632 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-downlevel-shlwapi-l2-1-0.dll
2013-05-27 19:07 - 2013-05-27 19:07 - 00005632 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-downlevel-ole32-l1-1-0.dll
2013-05-27 19:07 - 2013-05-27 19:07 - 00004096 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-downlevel-user32-l1-1-0.dll
2013-05-27 19:07 - 2013-05-27 19:07 - 00003584 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-downlevel-advapi32-l2-1-0.dll
2013-05-27 19:07 - 2013-05-27 19:07 - 00003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-downlevel-version-l1-1-0.dll
2013-05-27 19:07 - 2013-05-27 19:07 - 00003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-downlevel-shell32-l1-1-0.dll
2013-05-27 19:07 - 2013-05-27 19:07 - 00002560 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-downlevel-normaliz-l1-1-0.dll
2013-05-27 18:13 - 2013-05-22 18:40 - 00000000 ____D C:\Users\naguib\Downloads\برنامج التحكم في الشبكات والاتصال بالاجهزه Veronisoft IP Net Checker 1.5.3.6
2013-05-27 01:54 - 2013-05-23 19:42 - 00000000 ____D C:\Program Files\TuneUp Utilities 2013
2013-05-26 18:34 - 2012-12-22 20:50 - 00000441 ____A C:\Windows\System32\Drivers\etc\hosts.ics
2013-05-23 19:53 - 2013-05-23 19:40 - 00000000 __SHD C:\ProgramData\{C4ABDBC8-1C81-42C9-BFFC-4A68511E9E4F}
2013-05-23 19:53 - 2012-11-26 03:13 - 00000000 ____D C:\Users\naguib\AppData\Roaming\hpqLog
2013-05-23 19:42 - 2013-05-23 19:42 - 00002175 ____A C:\Users\Public\Desktop\TuneUp Maintenance en 1 clic.lnk
2013-05-23 19:42 - 2013-05-23 19:42 - 00002139 ____A C:\Users\Public\Desktop\TuneUp Utilities 2013.lnk
2013-05-23 19:41 - 2012-11-30 01:25 - 00000000 ____D C:\ProgramData\TuneUp Software
2013-05-23 18:45 - 2013-05-23 18:44 - 00001282 ____A C:\Users\Public\Desktop\Freemake Video Converter.lnk
2013-05-23 18:41 - 2013-05-23 18:36 - 29720176 ____A (Ellora Assets Corporation                                   ) C:\Users\naguib\Downloads\FreemakeVideoConverter_4.0.1.4.exe
2013-05-23 07:08 - 2012-11-30 21:29 - 00000000 ____D C:\Users\naguib\Documents\Freemake
2013-05-23 07:06 - 2012-11-30 18:21 - 00000000 ____D C:\Program Files\Freemake
2013-05-23 05:08 - 2012-11-28 22:07 - 00508904 ____A (Microsoft Corporation) C:\Windows\System32\winload~5.exe
2013-05-23 05:08 - 2012-11-28 22:07 - 00442720 ____A (Microsoft Corporation) C:\Windows\System32\winresume~5.exe
2013-05-22 18:20 - 2013-05-22 18:20 - 00000682 ____A C:\Users\naguib\Desktop\Erreur 797.txt
2013-05-21 20:24 - 2013-05-21 20:21 - 10285040 ____A (Malwarebytes Corporation                                    ) C:\Users\naguib\Downloads\mbam-setup-1.75.0.1300.exe
2013-05-21 20:24 - 2013-05-17 17:03 - 00000000 ____D C:\Users\naguib\Downloads\اصلاح كل مشاكل الاتصال
2013-05-20 19:29 - 2013-05-20 19:09 - 00000000 ____D C:\Users\naguib\Downloads\Mask My IP 2.3.3.8 + الكراك
2013-05-20 19:28 - 2013-01-24 17:55 - 00000000 ____D C:\Users\naguib\AppData\Roaming\IDM
2013-05-20 17:50 - 2012-12-12 01:36 - 00000438 _RASH C:\ProgramData\ntuser.pol
2013-05-18 20:15 - 2013-05-18 20:15 - 00000000 ____D C:\Program Files\Qualcomm Atheros
2013-05-18 20:14 - 2012-11-26 00:50 - 00000000 ___HD C:\Program Files\InstallShield Installation Information
2013-05-18 20:13 - 2012-12-20 08:04 - 00000000 ____D C:\ProgramData\Qualcomm Atheros
2013-05-18 02:06 - 2013-05-13 19:53 - 00000000 ____D C:\Users\naguib\Desktop\Anciennes données de Firefox
2013-05-17 20:03 - 2013-05-17 18:18 - 00000000 ____D C:\Users\naguib\AppData\Roaming\TeraCopy
2013-05-17 19:38 - 2012-11-26 21:45 - 00000000 ____D C:\Users\naguib\Downloads\Compressed
2013-05-17 19:32 - 2013-01-08 18:38 - 00000000 ____D C:\Users\naguib\Downloads\Themes Windows 7
2013-05-17 19:02 - 2013-05-17 19:02 - 00000000 ____D C:\Users\naguib\AppData\Roaming\GlarySoft
2013-05-17 03:12 - 2012-11-27 01:47 - 72607752 ____A (Microsoft Corporation) C:\Windows\System32\MRT.exe
2013-05-16 19:47 - 2012-11-26 03:29 - 00000000 ____D C:\Users\naguib\Documents\Youcam
2013-05-16 18:04 - 2013-05-15 20:24 - 00000000 ____D C:\Users\naguib\Downloads\Drivers MAI 2013
2013-05-15 20:01 - 2012-12-17 20:54 - 00000000 ____D C:\Program Files\SmartPCFixer
2013-05-15 03:39 - 2013-05-15 03:39 - 00000000 ____D C:\Users\naguib\AppData\Local\ESET
2013-05-15 03:18 - 2013-05-14 14:35 - 00000000 ____D C:\Users\naguib\AppData\Roaming\Mipony
2013-05-13 23:46 - 2012-12-03 11:13 - 00000000 ____D C:\Users\naguib\AppData\Roaming\dvdcss
2013-05-13 23:22 - 2013-01-17 23:08 - 00000000 ____D C:\Users\naguib\Desktop\A3CHAAB
2013-05-13 17:46 - 2013-05-13 07:05 - 00000000 ____D C:\Program Files\USB Disk Security
2013-05-13 07:07 - 2013-05-13 07:05 - 00000000 ____D C:\ProgramData\Zbshareware Lab
2013-05-13 07:05 - 2013-05-13 07:05 - 00000000 ____D C:\Users\naguib\AppData\Roaming\Zbshareware Lab
2013-05-12 23:21 - 2006-02-14 22:17 - 00000000 _RSHD C:\Windows\System32\install
2013-05-12 18:05 - 2013-05-12 07:01 - 00000000 ____D C:\Users\naguib\Downloads\شرح تعريب سامسونج
2013-05-12 06:22 - 2013-05-11 18:44 - 00000000 ____D C:\Users\naguib\Downloads\كاميرا خفية بن ابراهيم
2013-05-11 19:06 - 2012-12-22 17:53 - 00000254 ____A C:\Users\naguib\Desktop\A Telecharger.txt
2013-05-11 19:03 - 2012-11-26 21:43 - 00000000 ____D C:\Program Files\Mozilla Maintenance Service
2013-05-10 00:34 - 2013-05-10 00:13 - 06047956 ____A C:\Users\naguib\Downloads\[TUTO] Comment améliorer sa Connexion Internet avec cmd - YouTube_2.mp4
2013-05-09 19:27 - 2013-05-09 19:25 - 06017764 ____A C:\Users\naguib\Downloads\Comment augmenter son débit internet et jeux vidéos - YouTube.mp4
2013-05-09 19:15 - 2013-05-09 19:14 - 06018499 ____A C:\Users\naguib\Downloads\accélérer votre connexion internet avec DNS - YouTube.mp4
2013-05-09 15:46 - 2013-05-09 15:46 - 00000000 ____D C:\Windows\System32\IconsCache
2013-05-09 09:58 - 2013-05-30 17:32 - 00229648 ____A (AVAST Software) C:\Windows\System32\aswBoot.exe

Files to move or delete:
====================
C:\Windows\Tasks\{DD552472-A185-4a0c-AC58-90AA40E9E26A}.job

==================== Bamital & volsnap Check =================

C:\Windows\explorer.exe
[2012-12-14 23:59] - [2010-11-20 13:17] - 4022272 ____A (Microsoft Corporation) E925D6E353C7B308EC7BF11C95DF9864

C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit


LastRegBack: 2012-12-27 21:14

==================== End Of Log ============================
 
2 °) Addition.txt
 
Additional scan result of Farbar Recovery Scan Tool (x86) Version: 08-06-2013
Ran by naguib at 2013-06-08 20:29:51 Run:
Running from C:\Users\naguib\Downloads\Anti-Spyware\Farbar Recovery Scan Tool
Boot Mode: Normal
==========================================================


==================== Installed Programs =======================

Adobe Flash Player 11 ActiveX (Version: 11.7.700.202)
Adobe Flash Player 11 Plugin (Version: 11.7.700.202)
Adobe Reader XI (11.0.03) - Français (Version: 11.0.03)
Alienware Skin Pack 1.0-X86 (Version: 1.0-X86)
Ashampoo Burning Studio 10.0.7 (Version: 10.0.7)
Bluetooth Win7 Suite (Version: 7.2.0.80)
Bubble Shooter v3.07
Cisco EAP-FAST Module (Version: 2.2.14)
Cisco LEAP Module (Version: 1.0.19)
Cisco PEAP Module (Version: 1.1.6)
CyberLink PowerDVD 11 (Version: 11.0.1620.51)
CyberLink YouCam (Version: 3.5.1.4305)
ESU for Microsoft Windows 7 (Version: 1.0.0)
ExtremeCopy (Version: 2.3.0)
Freemake Video Converter version 4.0.1 (Version: 4.0.1)
Hewlett-Packard ACLM.NET v1.2.1.1 (Version: 1.00.0000)
HP On Screen Display (Version: 1.1.2)
HP Power Manager (Version: 1.4.4)
HP Quick Launch (Version: 2.5.2)
HP Software Framework (Version: 4.1.13.1)
Intel® Control Center (Version: 1.2.1.1007)
Intel® Processor Graphics (Version: 8.15.10.2622)
Intel® Rapid Storage Technology (Version: 11.7.0.1013)
Internet Download Manager
Internet Haut Débit Mobile (Version: 1.0.0.1)
LightScribe System Software (Version: 1.18.22.2)
Ma-Config.com (Version: 7.0.095)
Microsoft .NET Framework 4 Client Profile (Version: 4.0.30319)
Microsoft .NET Framework 4 Client Profile FRA Language Pack (Version: 4.0.30319)
Microsoft Silverlight (Version: 4.0.60310.0)
Microsoft Visual C++ 2005 Redistributable (Version: 8.0.61001)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (Version: 9.0.30729.4148)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (Version: 9.0.30729.6161)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (Version: 10.0.40219)
Module linguistique Microsoft .NET Framework 4 Client Profile FRA (Version: 4.0.30319)
Mozilla Firefox 20.0.1 (x86 fr) (Version: 20.0.1)
Mozilla Maintenance Service (Version: 20.0.1)
Outil de téléchargement USB/DVD Windows 7 (Version: 1.0.30)
Qualcomm Atheros Client Installation Program (Version: 10.0)
Qualcomm Atheros Driver Installation Program (Version: 10.0)
Realtek Ethernet Controller Driver (Version: 7.42.304.2011)
Realtek High Definition Audio Driver (Version: 6.0.1.6728)
Realtek PCIE Card Reader (Version: 6.2.8400.28124)
RoboForm 7-8-9-5 (All Users) (Version: 7-8-9-5)
Skype Click to Call (Version: 6.3.11079)
Skype™ 6.0 (Version: 6.0.126)
Synaptics Pointing Device Driver (Version: 15.2.4.3)
TuneUp Utilities 2013 (Version: 13.0.3000.160)
TuneUp Utilities Language Pack (fr-FR) (Version: 13.0.3000.160)
USB Disk Security
VLC media player 2.0.6 (Version: 2.0.6)
WinRAR 4.00 (32-bit) (Version: 4.00.0)

==================== Restore Points  =========================

04-06-2013 17:23:25 Windows Update
04-06-2013 19:34:03 Installed Ma-Config.com

==================== Hosts content: ==========================








==================== Faulty Device Manager Devices =============

Name: NetGroup Packet Filter Driver
Description: NetGroup Packet Filter Driver
Class Guid: {8ECC055D-047F-11D1-A537-0000F8753ED1}
Manufacturer:
Service: npf
Problem: : This device is not present, is not working properly, or does not have all its drivers installed. (Code 24)
Resolution: The device is installed incorrectly. The problem could be a hardware failure, or a new driver might be needed.
Devices stay in this state if they have been prepared for removal.
After you remove the device, this error disappears.Remove the device, and this error should be resolved.


==================== Event log errors: =========================

Application errors:
==================
Error: (06/08/2013 07:27:14 PM) (Source: Schedule) (User: )
Description: Schedule error: 0Initialize call failed, bailing out

Error: (06/08/2013 07:25:42 PM) (Source: Schedule) (User: )
Description: Schedule error: 0Initialize call failed, bailing out

Error: (06/08/2013 07:24:24 PM) (Source: Schedule) (User: )
Description: Schedule error: 0Initialize call failed, bailing out

Error: (06/08/2013 07:23:12 PM) (Source: Schedule) (User: )
Description: Schedule error: 0Initialize call failed, bailing out

Error: (06/08/2013 05:47:50 PM) (Source: Schedule) (User: )
Description: Schedule error: 0Initialize call failed, bailing out

Error: (06/08/2013 02:10:10 PM) (Source: Schedule) (User: )
Description: Schedule error: 0Initialize call failed, bailing out

Error: (06/08/2013 06:02:10 AM) (Source: Schedule) (User: )
Description: Schedule error: 0Initialize call failed, bailing out

Error: (06/08/2013 03:27:17 AM) (Source: Schedule) (User: )
Description: Schedule error: 0Initialize call failed, bailing out

Error: (06/07/2013 11:45:15 PM) (Source: Schedule) (User: )
Description: Schedule error: 0Initialize call failed, bailing out

Error: (06/07/2013 11:28:51 PM) (Source: Schedule) (User: )
Description: Schedule error: 0Initialize call failed, bailing out


System errors:
=============
Error: (06/08/2013 05:50:13 PM) (Source: Service Control Manager) (User: )
Description: Le service Hôte de périphérique UPnP dépend du service Découverte SSDP qui n’a pas pu démarrer en raison de l’erreur :
%%1058

Error: (06/08/2013 05:50:13 PM) (Source: Service Control Manager) (User: )
Description: Le service Hôte de périphérique UPnP dépend du service Découverte SSDP qui n’a pas pu démarrer en raison de l’erreur :
%%1058

Error: (06/08/2013 05:50:13 PM) (Source: DCOM) (User: )
Description: 1068upnphost{204810B9-73B2-11D4-BF42-00B0D0118B56}

Error: (06/08/2013 05:50:13 PM) (Source: WMPNetworkSvc) (User: )
Description: WMPNetworkSvc0x80070422

Error: (06/08/2013 05:47:52 PM) (Source: Service Control Manager) (User: )
Description: Le service WinPcap Packet Driver (NPF) n’a pas pu démarrer en raison de l’erreur :
%%2

Error: (06/08/2013 02:12:26 PM) (Source: Service Control Manager) (User: )
Description: Le service Hôte de périphérique UPnP dépend du service Découverte SSDP qui n’a pas pu démarrer en raison de l’erreur :
%%1058

Error: (06/08/2013 02:12:26 PM) (Source: Service Control Manager) (User: )
Description: Le service Hôte de périphérique UPnP dépend du service Découverte SSDP qui n’a pas pu démarrer en raison de l’erreur :
%%1058

Error: (06/08/2013 02:12:26 PM) (Source: DCOM) (User: )
Description: 1068upnphost{204810B9-73B2-11D4-BF42-00B0D0118B56}

Error: (06/08/2013 02:12:26 PM) (Source: WMPNetworkSvc) (User: )
Description: WMPNetworkSvc0x80070422

Error: (06/08/2013 02:10:12 PM) (Source: Service Control Manager) (User: )
Description: Le service WinPcap Packet Driver (NPF) n’a pas pu démarrer en raison de l’erreur :
%%2


Microsoft Office Sessions:
=========================
Error: (06/08/2013 07:27:14 PM) (Source: Schedule)(User: )
Description: Schedule error: 0Initialize call failed, bailing out

Error: (06/08/2013 07:25:42 PM) (Source: Schedule)(User: )
Description: Schedule error: 0Initialize call failed, bailing out

Error: (06/08/2013 07:24:24 PM) (Source: Schedule)(User: )
Description: Schedule error: 0Initialize call failed, bailing out

Error: (06/08/2013 07:23:12 PM) (Source: Schedule)(User: )
Description: Schedule error: 0Initialize call failed, bailing out

Error: (06/08/2013 05:47:50 PM) (Source: Schedule)(User: )
Description: Schedule error: 0Initialize call failed, bailing out

Error: (06/08/2013 02:10:10 PM) (Source: Schedule)(User: )
Description: Schedule error: 0Initialize call failed, bailing out

Error: (06/08/2013 06:02:10 AM) (Source: Schedule)(User: )
Description: Schedule error: 0Initialize call failed, bailing out

Error: (06/08/2013 03:27:17 AM) (Source: Schedule)(User: )
Description: Schedule error: 0Initialize call failed, bailing out

Error: (06/07/2013 11:45:15 PM) (Source: Schedule)(User: )
Description: Schedule error: 0Initialize call failed, bailing out

Error: (06/07/2013 11:28:51 PM) (Source: Schedule)(User: )
Description: Schedule error: 0Initialize call failed, bailing out


CodeIntegrity Errors:
===================================
  Date: 2013-05-29 23:31:04.871
  Description: Le module d’intégrité du code ne peut pas vérifier l’intégrité image du fichier \Device\HarddiskVolume2\Program Files\Bitdefender\Bitdefender 2013\active virus control\Avc3_00193_002\avcuf32.dll car le jeu de hachages d’images par page n’a pas été trouvé sur le système.

  Date: 2013-05-29 23:13:54.487
  Description: Le module d’intégrité du code ne peut pas vérifier l’intégrité image du fichier \Device\HarddiskVolume2\Program Files\Bitdefender\Bitdefender 2013\active virus control\Avc3_00193_002\avcuf32.dll car le jeu de hachages d’images par page n’a pas été trouvé sur le système.

  Date: 2013-05-29 22:55:48.256
  Description: Le module d’intégrité du code ne peut pas vérifier l’intégrité image du fichier \Device\HarddiskVolume2\Program Files\Bitdefender\Bitdefender 2013\active virus control\Avc3_00193_002\avcuf32.dll car le jeu de hachages d’images par page n’a pas été trouvé sur le système.

  Date: 2013-05-29 20:46:18.693
  Description: Le module d’intégrité du code ne peut pas vérifier l’intégrité image du fichier \Device\HarddiskVolume2\Program Files\Bitdefender\Bitdefender 2013\active virus control\Avc3_00193_002\avcuf32.dll car le jeu de hachages d’images par page n’a pas été trouvé sur le système.

  Date: 2013-05-29 20:02:27.513
  Description: Le module d’intégrité du code ne peut pas vérifier l’intégrité image du fichier \Device\HarddiskVolume2\Program Files\Bitdefender\Bitdefender 2013\active virus control\avc3_000_001\avcuf32.dll car le jeu de hachages d’images par page n’a pas été trouvé sur le système.


==================== Memory info ===========================

Percentage of memory in use: 55%
Total physical RAM: 2997.86 MB
Available physical RAM: 1339.88 MB
Total Pagefile: 5994 MB
Available Pagefile: 3982.67 MB
Total Virtual: 2047.88 MB
Available Virtual: 1860.59 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:58.5 GB) (Free:18.11 GB) NTFS
Drive d: () (Fixed) (Total:97.65 GB) (Free:15.09 GB) NTFS
Drive e: (Sauvegarde) (Fixed) (Total:83.25 GB) (Free:33.42 GB) NTFS
Drive g: (Données Perso) (Fixed) (Total:58.59 GB) (Free:0.47 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 298 GB) (Disk ID: 1D7D8D3B)
Partition 1: (Not Active) - (Size=993 KB) - (Type=42)
Partition 2: (Active) - (Size=100 MB) - (Type=42)
Partition 3: (Not Active) - (Size=58 GB) - (Type=42)
Partition 4: (Not Active) - (Size=239 GB) - (Type=42)

==================== End Of Log ============================
 
Dans l'attente de vous lire,
 
Je vous Salue.

Edited by Belllisarrio, 08 June 2013 - 09:58 PM.


#5 CatByte

CatByte

    bleepin' tiger


  • Malware Response Team
  • 14,664 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Location:Canada
  • Local time:06:43 PM

Posted 08 June 2013 - 10:44 PM

Please do the following:

Open notepad (Start =>All Programs => Accessories => Notepad). Please copy the entire contents of the code box below. (To do this highlight the contents of the box, right click on it and select copy. Right-click in the open notepad and select Paste).
Save it on your desktop as fixlist.txt

(if you saved FRST to a different folder and not your desktop originally, then save fixlist.txt to the same location as FRST was saved)


start
HKCU\...\Run: [svchost] wscript.exe //B "C:\Users\naguib\AppData\Local\Temp\svchost.vbs" [x]
SearchScopes: HKCU - yandex.ru-175406 URL = http://search.certified-toolbar.com?si=38268&bs=true&tid=77&q={searchTerms}
SearchScopes: HKCU - {483830EE-A4CD-4b71-B0A3-3D82E62A6909} URL =
SearchScopes: HKCU - {6B09586F-491D-4E57-B162-1DB63843B81A} URL = http://websearch.ask.com/redirect?client=ie&tb=HIP&o=&src=kw&q={searchTerms}&locale=&apn_ptnrs=&apn_dtid=&apn_uid=40670F76-80E2-4129-8133-388D9A2F4AF6&apn_sauid=DFF28B65-2A4C-4597-927C-34844AE288BC
SearchScopes: HKCU - {DF2C791D-0F08-4476-8AF4-8DE35C869E5C} URL = http://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT2851639
Toolbar: HKCU -No Name - {05EEB91A-AEF7-4F8A-978F-FB83E7B03F8E} -  No File
CHR HomePage: hxxp://www.yandex.ru/?win=56&clid=1975308
CHR RestoreOnStartup: "hxxp://www.yandex.ru/?win=56&clid=1975308"]},"browser":{"show_home_button"
2013-06-03 19:36 - 2013-06-07 17:48 - 00000000 ____D C:\Users\naguib\Desktop\Comment installer Windows 8 et le cracker
2013-06-03 19:22 - 2013-06-03 19:41 - 00000000 ____D C:\Users\naguib\Desktop\Crack windows 7 100%
C:\Windows\Tasks\{DD552472-A185-4a0c-AC58-90AA40E9E26A}.job
end
NOTICE: This script was written specifically for this user, for use on this particular machine. Running this on another machine may cause damage to your operating system

Now run FRST (or FRST64 if you have the 64bit version) and press the Fix button just once and wait.
The tool will make a log on your desktop (Fixlog.txt) please attach that log to your reply.

Note: FixList.txt and FRST must be saved to the same location or the fix will not work

Reboot Normally.


NEXT

Refer to the ComboFix User's Guide
  • Download ComboFix from the following location:

    Link

    * IMPORTANT !!! Place ComboFix.exe on your Desktop
  • Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with ComboFix.
    You can get help on disabling your protection programs here
  • Double click on ComboFix.exe & follow the prompts.
  • Your desktop may go blank. This is normal. It will return when ComboFix is done. ComboFix may reboot your machine. This is normal.
  • When finished, it shall produce a log for you. Post that log in your next reply

    Note:
    Do not mouseclick combofix's window whilst it's running. That may cause it to stall.


    ---------------------------------------------------------------------------------------------
  • Ensure your AntiVirus and AntiSpyware applications are re-enabled.

    ---------------------------------------------------------------------------------------------
NOTE: If you encounter a message "illegal operation attempted on registry key that has been marked for deletion" and no programs will run - please just reboot and that will resolve that error.

Microsoft MVP - 2010, 2011, 2012, 2013, 2014, 2015


#6 Belllisarrio

Belllisarrio
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:11:43 PM

Posted 10 June 2013 - 12:23 PM

I do not know how to thank you dear Mr. bleepin 'tiger. In all cases the problem is solved! ...
Still, I bring you two reports that you asked:

 

1°) Fixlog.txt

 

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x86) Version: 08-06-2013
Ran by naguib at 2013-06-09 20:13:11 Run:1
Running from C:\Users\naguib\Downloads\Anti-Spyware\Farbar Recovery Scan Tool
Boot Mode: Normal

==============================================

HKCU\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\SearchScopes: HKCU - yandex.ru-175406 URL = http://search.certified-toolbar.com?si=38268&bs=true&tid=77&q = {} searchTerms => Key not found.
HKCR\CLSID\SearchScopes: HKCU - yandex.ru-175406 URL = http://search.certified-toolbar.com?si=38268&bs=true&tid=77&q = {} searchTerms => Key not found.
HKCU\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{483830EE-A4cd-4b71-B0A3-3D82E62A6909} => Key deleted successfully.
HKCR\CLSID\{483830EE-A4cd-4b71-B0A3-3D82E62A6909} => Key not found.
HKCU\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{6B09586F-491D-4E57-B162-1DB63843B81A} => Key deleted successfully.
HKCR\CLSID\{6B09586F-491D-4E57-B162-1DB63843B81A} => Key not found.
HKCU\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{DF2C791D-0F08-4476-8AF4-8DE35C869E5C} => Key deleted successfully.
HKCR\CLSID\{DF2C791D-0F08-4476-8AF4-8DE35C869E5C} => Key not found.
CHR RestoreOnStartup: "hxxp :/ / www.yandex.ru/?win=56&clid=1975308"]}, "navigateur": {"show_home_button" ==> The Chrome "Settings" can be used to fix the entry.
2013-06-03 19:36 - 2013-06-07 17:48 - 00000000 ____ D C: \ Users \ Naguib \ Desktop \ Commentaire installation de Windows 8 et le pirate => File/Directory not found.
2013-06-03 19:22 - 2013-06-03 19:41 - 00000000 ____ D C: \ Users \ Naguib \ Desktop \ windows Crack 7 100% => File/Directory not found.

==== End of Fixlog ====

 

2°) ComboFix.txt

 

ComboFix 13-06-08.02 - naguib 09/06/2013  20:25:58.1.4 - x86
Microsoft Windows 7 Edition Intégrale   6.1.7601.1.1256.966.1036.18.2998.1561 [GMT 1:00]
Running from: c:\users\naguib\Desktop\ComboFix.exe
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
 * Created a new restore point
.
.
(((((((((((((((((((((((((((((((((((((((   Other Deletions   )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\programdata\1369853256.bdinstall.bin
c:\programdata\1369866862.bdinstall.bin
c:\users\naguib\AppData\Roaming\addons.dat
c:\users\naguib\AppData\Roaming\logs.dat
c:\windows\system32\cc32100mt.dll
c:\windows\system32\drivers\etc\hosts.ics
c:\windows\system32\install
c:\windows\system32\Packet.dll
c:\windows\system32\system32\logg.dat
c:\windows\system32\ui
c:\windows\system32\ui\bdidntconp.ui
c:\windows\system32\wpcap.dll
c:\windows\wininit.ini
.
.
(((((((((((((((((((((((((((((((((((((((   Drivers/Services   )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Legacy_NPF
-------\Service_NPF
.
.
(((((((((((((((((((((((((   Files Created from 2013-05-09 to 2013-06-09  )))))))))))))))))))))))))))))))
.
.
2013-06-08 19:28 . 2013-06-08 19:28    --------    d-----w-    C:\FRST
2013-06-07 14:14 . 2013-05-14 00:49    7016152    ----a-w-    c:\programdata\Microsoft\Windows Defender\Definition Updates\{4BE841F5-8B76-4E86-A8E4-6B369A83CF19}\mpengine.dll
2013-06-01 10:36 . 2013-06-01 10:36    --------    d-----w-    c:\users\naguib\AppData\Local\Thinstall
2013-05-30 18:39 . 2012-12-07 10:46    45568    ----a-w-    c:\windows\system32\oflc-nz.rs
2013-05-30 18:39 . 2012-12-07 10:46    43520    ----a-w-    c:\windows\system32\csrr.rs
2013-05-30 18:39 . 2012-12-07 10:46    44544    ----a-w-    c:\windows\system32\pegibbfc.rs
2013-05-30 18:39 . 2012-12-07 10:46    46592    ----a-w-    c:\windows\system32\fpb.rs
2013-05-30 18:39 . 2012-12-07 10:46    40960    ----a-w-    c:\windows\system32\cob-au.rs
2013-05-30 18:39 . 2012-12-07 10:46    15360    ----a-w-    c:\windows\system32\djctq.rs
2013-05-30 18:39 . 2012-12-07 12:20    2576384    ----a-w-    c:\windows\system32\gameux.dll
2013-05-30 18:39 . 2012-12-07 10:46    30720    ----a-w-    c:\windows\system32\usk.rs
2013-05-30 18:39 . 2012-12-07 10:46    20480    ----a-w-    c:\windows\system32\pegi-pt.rs
2013-05-30 18:39 . 2012-12-07 10:46    20480    ----a-w-    c:\windows\system32\pegi.rs
2013-05-30 18:39 . 2012-12-07 10:46    21504    ----a-w-    c:\windows\system32\grb.rs
2013-05-30 18:39 . 2012-12-07 12:26    308736    ----a-w-    c:\windows\system32\Wpc.dll
2013-05-30 18:38 . 2012-12-07 10:46    20480    ----a-w-    c:\windows\system32\pegi-fi.rs
2013-05-30 18:38 . 2012-12-07 10:46    51712    ----a-w-    c:\windows\system32\esrb.rs
2013-05-30 18:38 . 2012-12-07 10:46    23552    ----a-w-    c:\windows\system32\oflc.rs
2013-05-30 18:38 . 2012-12-07 10:46    55296    ----a-w-    c:\windows\system32\cero.rs
2013-05-30 16:32 . 2013-05-09 08:58    229648    ----a-w-    c:\windows\system32\aswBoot.exe
2013-05-30 16:30 . 2013-05-30 16:30    --------    d-----w-    c:\program files\AVAST Software
2013-05-30 15:41 . 2013-05-30 16:26    --------    d-----w-    c:\programdata\Spybot - Search & Destroy
2013-05-30 13:47 . 2013-05-30 13:47    --------    d-----w-    c:\programdata\StarApp
2013-05-29 20:31 . 2012-04-10 08:30    26624    ----a-w-    c:\windows\system32\drivers\tap0901.sys
2013-05-29 20:30 . 2013-05-29 20:30    --------    d-----w-    c:\program files\Microsoft Silverlight
2013-05-29 20:16 . 2013-05-29 20:16    --------    d-----w-    c:\program files\NirSoft
2013-05-29 20:13 . 2012-07-26 03:39    47720    ----a-w-    c:\windows\system32\drivers\WdfLdr.sys
2013-05-29 20:13 . 2012-07-26 03:39    526952    ----a-w-    c:\windows\system32\drivers\Wdf01000.sys
2013-05-29 20:13 . 2012-07-26 02:46    9728    ----a-w-    c:\windows\system32\Wdfres.dll
2013-05-29 20:12 . 2012-07-26 02:33    66560    ----a-w-    c:\windows\system32\drivers\WUDFPf.sys
2013-05-29 20:12 . 2012-07-26 02:32    155136    ----a-w-    c:\windows\system32\drivers\WUDFRd.sys
2013-05-29 20:12 . 2012-07-26 03:20    73216    ----a-w-    c:\windows\system32\WUDFSvc.dll
2013-05-29 20:12 . 2012-07-26 03:20    172032    ----a-w-    c:\windows\system32\WUDFPlatform.dll
2013-05-29 20:12 . 2012-07-26 03:21    196608    ----a-w-    c:\windows\system32\WUDFHost.exe
2013-05-29 20:12 . 2012-07-26 03:20    38912    ----a-w-    c:\windows\system32\WUDFCoinstaller.dll
2013-05-29 20:12 . 2012-07-26 03:20    613888    ----a-w-    c:\windows\system32\WUDFx.dll
2013-05-29 20:00 . 2012-08-21 20:12    245760    ----a-w-    c:\windows\system32\OxpsConverter.exe
2013-05-29 19:58 . 2011-03-11 05:33    1699328    ----a-w-    c:\windows\system32\esent.dll
2013-05-29 19:58 . 2011-03-11 05:39    148864    ----a-w-    c:\windows\system32\drivers\storport.sys
2013-05-29 19:58 . 2011-03-11 05:39    143744    ----a-w-    c:\windows\system32\drivers\nvstor.sys
2013-05-29 19:58 . 2011-03-11 05:39    117120    ----a-w-    c:\windows\system32\drivers\nvraid.sys
2013-05-29 19:58 . 2011-03-11 05:38    332160    ----a-w-    c:\windows\system32\drivers\iaStorV.sys
2013-05-29 19:58 . 2011-03-11 05:38    80256    ----a-w-    c:\windows\system32\drivers\amdsata.sys
2013-05-29 19:58 . 2011-03-11 05:38    22400    ----a-w-    c:\windows\system32\drivers\amdxata.sys
2013-05-29 19:58 . 2011-03-11 05:31    74240    ----a-w-    c:\windows\system32\fsutil.exe
2013-05-29 19:57 . 2012-05-05 07:46    400896    ----a-w-    c:\windows\system32\srcore.dll
2013-05-29 19:57 . 2012-02-11 05:37    317440    ----a-w-    c:\windows\system32\spoolsv.exe
2013-05-29 19:57 . 2012-04-07 11:26    2342400    ----a-w-    c:\windows\system32\msi.dll
2013-05-29 19:56 . 2012-08-22 17:16    712048    ----a-w-    c:\windows\system32\drivers\ndis.sys
2013-05-29 19:56 . 2012-07-04 19:45    33280    ----a-w-    c:\windows\system32\drivers\RNDISMP.sys
2013-05-29 19:56 . 2011-12-30 05:27    478720    ----a-w-    c:\windows\system32\timedate.cpl
2013-05-29 19:52 . 2012-10-09 17:40    44032    ----a-w-    c:\windows\system32\dhcpcsvc6.dll
2013-05-29 19:52 . 2012-10-09 17:40    193536    ----a-w-    c:\windows\system32\dhcpcore6.dll
2013-05-29 19:40 . 2013-05-29 19:40    --------    d-----w-    c:\users\naguib\AppData\Roaming\ExtremeCopy
2013-05-29 19:34 . 2013-05-29 19:34    --------    d-----w-    c:\program files\Easersoft
2013-05-29 18:51 . 2013-05-29 18:51    --------    d-----w-    c:\programdata\BDLogging
2013-05-29 18:51 . 2009-07-14 13:27    1461992    ----a-w-    c:\windows\system32\WdfCoInstaller01009.dll
2013-05-29 18:51 . 2007-04-11 10:11    511328    ----a-w-    c:\windows\capicom.dll
2013-05-29 18:49 . 2013-05-29 18:49    --------    d-----w-    c:\users\naguib\AppData\Roaming\QuickScan
2013-05-29 18:47 . 2013-05-29 22:35    --------    d-----w-    c:\program files\Common Files\Bitdefender
2013-05-28 20:13 . 2013-05-28 20:13    --------    d-----w-    c:\users\naguib\AppData\Roaming\IObit
2013-05-28 18:59 . 2013-05-28 18:59    --------    d-----w-    c:\programdata\RoboForm
2013-05-28 18:57 . 2013-05-28 18:57    --------    d-----w-    c:\program files\Siber Systems
2013-05-28 18:54 . 2013-06-09 18:11    --------    d-----w-    c:\users\naguib\AppData\Roaming\vlc
2013-05-28 18:52 . 2013-05-28 18:52    --------    d-----w-    c:\program files\VideoLAN
2013-05-27 18:07 . 2013-05-27 18:07    9728    ---ha-w-    c:\windows\system32\api-ms-win-downlevel-shlwapi-l1-1-0.dll
2013-05-23 18:42 . 2012-12-07 09:30    31584    ----a-w-    c:\windows\system32\TURegOpt.exe
2013-05-23 18:42 . 2012-12-07 09:30    21344    ----a-w-    c:\windows\system32\authuitu.dll
2013-05-23 18:42 . 2013-05-27 00:54    --------    d-----w-    c:\program files\TuneUp Utilities 2013
2013-05-23 18:40 . 2013-05-23 18:53    --------    d-sh--w-    c:\programdata\{C4ABDBC8-1C81-42C9-BFFC-4A68511E9E4F}
2013-05-18 19:15 . 2013-05-18 19:15    --------    d-----w-    c:\program files\Qualcomm Atheros
2013-05-18 19:14 . 2012-11-22 19:46    3081216    ----a-w-    c:\windows\system32\drivers\athr.sys
2013-05-18 19:14 . 2012-11-22 19:46    3081216    ----a-w-    c:\windows\system32\athr.sys
2013-05-17 18:02 . 2013-05-17 18:02    --------    d-----w-    c:\users\naguib\AppData\Roaming\GlarySoft
2013-05-17 17:18 . 2013-05-17 19:03    --------    d-----w-    c:\users\naguib\AppData\Roaming\TeraCopy
2013-05-16 06:00 . 2013-02-27 05:05    101720    ----a-w-    c:\windows\system32\consent.exe
2013-05-16 06:00 . 2013-02-27 04:49    47104    ----a-w-    c:\windows\system32\appinfo.dll
2013-05-16 05:59 . 2013-04-10 03:14    2347520    ----a-w-    c:\windows\system32\win32k.sys
2013-05-16 05:54 . 2013-04-10 05:18    728424    ----a-w-    c:\windows\system32\drivers\dxgkrnl.sys
2013-05-16 05:54 . 2013-04-10 05:18    218984    ----a-w-    c:\windows\system32\drivers\dxgmms1.sys
2013-05-15 19:17 . 2013-06-04 19:34    --------    d-----w-    c:\programdata\ma-config.com
2013-05-15 19:17 . 2013-06-04 19:34    --------    d-----w-    c:\program files\ma-config.com
2013-05-15 02:39 . 2013-05-15 02:39    --------    d-----w-    c:\users\naguib\AppData\Local\ESET
2013-05-14 13:35 . 2013-05-15 02:18    --------    d-----w-    c:\users\naguib\AppData\Roaming\Mipony
2013-05-13 06:05 . 2013-05-13 06:07    --------    d-----w-    c:\programdata\Zbshareware Lab
2013-05-13 06:05 . 2013-05-13 06:05    --------    d-----w-    c:\users\naguib\AppData\Roaming\Zbshareware Lab
2013-05-13 06:05 . 2013-05-13 16:46    --------    d-----w-    c:\program files\USB Disk Security
2013-05-11 17:45 . 2013-05-11 17:45    74136    ----a-w-    c:\program files\Mozilla Firefox\breakpadinjector.dll
2013-05-11 17:45 . 2013-05-11 17:45    96664    ----a-w-    c:\program files\Mozilla Firefox\webapprt-stub.exe
2013-05-11 17:45 . 2013-05-11 17:45    26520    ----a-w-    c:\program files\Mozilla Firefox\plugin-hang-ui.exe
2013-05-11 17:45 . 2013-05-11 17:45    170232    ----a-w-    c:\program files\Mozilla Firefox\webapp-uninstaller.exe
.
.
.
((((((((((((((((((((((((((((((((((((((((   Find3M Report   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2013-05-31 03:17 . 2012-11-28 21:07    508904    ----a-w-    c:\windows\system32\winload.exe
2013-05-31 03:17 . 2012-11-28 21:07    442720    ----a-w-    c:\windows\system32\winresume.exe
2013-05-30 18:38 . 2012-11-26 21:39    71048    ----a-w-    c:\windows\system32\FlashPlayerCPLApp.cpl
2013-05-30 18:38 . 2012-11-26 21:39    692104    ----a-w-    c:\windows\system32\FlashPlayerApp.exe
2013-05-30 17:58 . 2012-11-28 21:07    2755072    ----a-w-    c:\windows\system32\themeui.dll
2013-05-30 17:58 . 2009-07-13 23:39    37376    ----a-w-    c:\windows\system32\themeservice.dll
2013-05-30 17:58 . 2009-07-13 23:40    249856    ----a-w-    c:\windows\system32\uxtheme.dll
2013-05-29 19:12 . 2013-05-29 19:12    486536    ----a-w-    c:\windows\system32\drivers\avckf.sys.upd
2013-05-29 19:11 . 2013-05-29 19:11    343456    ----a-w-    c:\windows\system32\drivers\trufos.sys.upd
2013-05-29 18:58 . 2013-05-29 18:58    72704    ----a-w-    c:\windows\system32\drivers\bdvedisk.sys.upd
2013-05-29 18:58 . 2013-05-29 18:58    66392    ----a-w-    c:\windows\system32\drivers\bdsandbox.sys.upd
2013-05-29 18:58 . 2013-05-29 18:58    633344    ----a-w-    c:\windows\system32\drivers\avc3.sys.upd
2013-05-29 18:57 . 2013-05-29 18:57    242504    ----a-w-    c:\windows\system32\drivers\avchv.sys.upd
2013-05-29 18:56 . 2013-05-29 18:56    162976    ----a-w-    c:\windows\system32\drivers\gzflt.sys.upd
2013-05-23 04:08 . 2012-11-28 21:07    508904    ----a-w-    c:\windows\system32\winload~5.exe
2013-05-23 04:08 . 2012-11-28 21:07    442720    ----a-w-    c:\windows\system32\winresume~5.exe
2013-05-02 01:06 . 2012-11-26 00:01    238872    ------w-    c:\windows\system32\MpSigStub.exe
2013-04-13 04:45 . 2013-05-29 20:01    474624    ----a-w-    c:\windows\apppatch\AcSpecfc.dll
2013-04-13 04:45 . 2013-05-29 20:01    2176512    ----a-w-    c:\windows\apppatch\AcGenral.dll
2013-04-12 13:45 . 2013-05-09 17:06    1211752    ----a-w-    c:\windows\system32\drivers\ntfs.sys
2013-03-19 05:04 . 2013-05-09 17:07    3968856    ----a-w-    c:\windows\system32\ntkrnlpa.exe
2013-03-19 05:04 . 2013-05-09 17:07    3913560    ----a-w-    c:\windows\system32\ntoskrnl.exe
2013-03-19 04:48 . 2013-05-09 17:07    38912    ----a-w-    c:\windows\system32\csrsrv.dll
2013-03-19 02:49 . 2013-05-09 17:07    69632    ----a-w-    c:\windows\system32\smss.exe
2013-05-11 17:45 . 2012-11-26 20:43    263064    ----a-w-    c:\program files\mozilla firefox\components\browsercomps.dll
.
.
------- Sigcheck -------
Note: Unsigned files aren't necessarily malware.
.
[7] 2011-02-26 . 255CF508D7CFB10E0794D6AC93280BD8 . 2614784 . . [6.1.7600.20910] . . c:\windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20910_none_525b5180f3f95373\explorer.exe
[7] 2011-02-26 . 2AF58D15EDC06EC6FDACCE1F19482BBF . 2614784 . . [6.1.7600.16768] . . c:\windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16768_none_51a3a583dafd0cef\explorer.exe
[7] 2011-02-26 . 0FB9C74046656D1579A64660AD67B746 . 2616320 . . [6.1.7601.21669] . . c:\windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.21669_none_54149f9ef14031fc\explorer.exe
[7] 2011-02-25 . 8B88EBBB05A0E56B7DCC708498C02B3E . 2616320 . . [6.1.7601.17567] . . c:\windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17567_none_5389023fd8245f84\explorer.exe
[-] 2010-11-20 . E925D6E353C7B308EC7BF11C95DF9864 . 4022272 . . [6.1.7600.16385] . . c:\windows\explorer.exe
[-] 2010-11-20 . E229349C564EFAD065D45FA0A8B4AD9E . 4090368 . . [6.1.7601.17514] . . c:\windows\Alienware Skin Pack\Backup\explorer.exe
[7] 2010-11-20 . 40D777B7A95E00593EB1568C68514493 . 2616320 . . [6.1.7601.17514] . . c:\windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17514_none_53bc10fdd7fe87ca\explorer.exe
[7] 2009-10-31 . C76153C7ECA00FA852BB0C193378F917 . 2614272 . . [6.1.7600.20563] . . c:\windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20563_none_52283b2af41f3691\explorer.exe
[7] 2009-10-31 . 2626FC9755BE22F805D3CFA0CE3EE727 . 2614272 . . [6.1.7600.16450] . . c:\windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16450_none_51a66d6ddafc2ed1\explorer.exe
[7] 2009-08-03 . 9FF6C4C91A3711C0A3B18F87B08B518D . 2613248 . . [6.1.7600.20500] . . c:\windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20500_none_526619d4f3f142e6\explorer.exe
[7] 2009-08-03 . B95EEB0F4E5EFBF1038A35B3351CF047 . 2613248 . . [6.1.7600.16404] . . c:\windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16404_none_51e07e31dad00878\explorer.exe
[7] 2009-07-14 . 15BC38A7492BEFE831966ADB477CF76F . 2613248 . . [6.1.7600.16385] . . c:\windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16385_none_518afd35db100430\explorer.exe
.
[7] 2013-05-27 . AAD90795E84E710543C6C7C2F7048E30 . 770608 . . [10.00.9200.16576] . . c:\windows\winsxs\x86_microsoft-windows-i..etexplorer-optional_31bf3856ad364e35_10.2.9200.16576_none_ba75e9f465d7f339\iexplore.exe
[7] 2013-01-12 . CAF61908B16842761DB356389F059B53 . 770560 . . [10.00.9200.16438] . . c:\windows\winsxs\x86_microsoft-windows-i..etexplorer-optional_31bf3856ad364e35_10.2.9200.16438_none_ba7c8b2865d3a52e\iexplore.exe
[7] 2012-11-27 . 270A1342BD5AF95CA25A586B4C2F1522 . 748704 . . [9.00.8112.16455] . . c:\windows\winsxs\x86_microsoft-windows-i..etexplorer-optional_31bf3856ad364e35_9.4.8112.16455_none_b119907bc820d278\iexplore.exe
[-] 2012-11-16 . 256F42F5A56A730C56C40F887C1797B9 . 1614368 . . [9.00.8112.16457] . . c:\windows\Alienware Skin Pack\Backup\iexplore.exe
[7] 2012-11-16 . B201AF83DF2E85323E29EB83E4046810 . 757280 . . [9.00.8112.16457] . . c:\windows\winsxs\x86_microsoft-windows-i..etexplorer-optional_31bf3856ad364e35_9.4.8112.16457_none_b11b910fc81f0526\iexplore.exe
[7] 2012-11-16 . C0BA71C1B3FB6E3DD432FF3CCAEBDC62 . 757280 . . [9.00.8112.20565] . . c:\windows\winsxs\x86_microsoft-windows-i..etexplorer-optional_31bf3856ad364e35_9.4.8112.20565_none_b1985d5ae1468e33\iexplore.exe
[7] 2012-08-24 . 4ADB84297505A1627DEEA18529BF4B16 . 672872 . . [8.00.7600.17115] . . c:\windows\winsxs\x86_microsoft-windows-i..etexplorer-optional_31bf3856ad364e35_8.0.7600.17115_none_b3928e9485e2b17e\iexplore.exe
[7] 2012-08-24 . C6E8F6DB0FD7B28924D1CBC8AE03ECEE . 672872 . . [8.00.7600.21313] . . c:\windows\winsxs\x86_microsoft-windows-i..etexplorer-optional_31bf3856ad364e35_8.0.7600.21313_none_b41a2cb19f021bc1\iexplore.exe
[7] 2010-11-20 . C613E69C3B191BB02C7A191741A1D024 . 673040 . . [8.00.7601.17514] . . c:\windows\winsxs\x86_microsoft-windows-i..etexplorer-optional_31bf3856ad364e35_8.0.7601.17514_none_b5780d7c8309d95c\iexplore.exe
[7] 2009-07-14 . 2C32E3E596CFE660353753EABEFB0540 . 673048 . . [8.00.7600.16385] . . c:\windows\winsxs\x86_microsoft-windows-i..etexplorer-optional_31bf3856ad364e35_8.0.7600.16385_none_b346f9b4861b55c2\iexplore.exe
.
(((((((((((((((((((((((((((((((((((((   Reg Loading Points   ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\IDM Shell Extension]
@="{CDC95B92-E27C-4745-A8C5-64A52A78855D}"
[HKEY_CLASSES_ROOT\CLSID\{CDC95B92-E27C-4745-A8C5-64A52A78855D}]
2012-11-15 23:07    21904    ----a-w-    c:\program files\Internet Download Manager\IDMShellExt.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"LightScribe Control Panel"="c:\program files\Common Files\LightScribe\LightScribeControlPanel.exe" [2011-03-04 2736128]
"IDMan"="c:\program files\Internet Download Manager\IDMan.exe" [2013-01-24 3540416]
"RoboForm"="c:\program files\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe" [2013-05-28 109784]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2010-11-20 1174016]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"HPOSD"="c:\program files\Hewlett-Packard\HP On Screen Display\HPOSD.exe" [2011-01-27 318520]
"HP Quick Launch"="c:\program files\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe" [2011-07-11 574008]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2010-12-21 1996072]
"IAStorIcon"="c:\program files\Intel\Intel® Rapid Storage Technology\IAStorIconLaunch.exe" [2012-11-30 56128]
"autodetect"="c:\program files\Internet Haut Débit Mobile\AutoDect.exe" [2010-03-02 129360]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2012-01-10 142616]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2012-01-10 177432]
"Persistence"="c:\windows\system32\igfxpers.exe" [2012-01-10 177944]
"RTHDVCPL"="c:\program files\Realtek\Audio\HDA\RtkNGUI.exe" [2012-08-31 5995152]
"USB Security"="c:\program files\USB Disk Security\USBGuard.exe" [2012-07-31 658632]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
AlienwareDock.lnk - c:\windows\Alienware Skin Pack\AlienwareDock\AlienwareDock.exe [2006-10-3 2074360]
Yzshadow.lnk - c:\windows\Alienware Skin Pack\YzShadow\YzShadow.exe [2009-3-21 184320]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 0 (0x0)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute    REG_MULTI_SZ       autocheck autochk *\0sdnclean.exe
.
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
"Skype"="c:\program files\Skype\Phone\Skype.exe" /minimized /regrun
"Sidebar"=c:\program files\Windows Sidebar\sidebar.exe /autoRun
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
"RemoteControl11"="c:\program files\CyberLink\PowerDVD11\PDVD11Serv.exe"
"AtherosBtStack"="c:\program files\Bluetooth Suite\BtvStack.exe"
"AthBtTray"="c:\program files\Bluetooth Suite\AthBtTray.exe"
.
R3 CLHNServiceForPowerDVD;CLHNServiceForPowerDVD;c:\program files\CyberLink\PowerDVD11\Kernel\DMP\CLHNServiceForPowerDVD.exe [2011-04-20 83240]
R3 CyberLink PowerDVD 11.0 Monitor Service;CyberLink PowerDVD 11.0 Monitor Service;c:\program files\CyberLink\PowerDVD11\Common\MediaServer\CLMSMonitorService.exe [2011-03-31 70952]
R3 CyberLink PowerDVD 11.0 Service;CyberLink PowerDVD 11.0 Service;c:\program files\CyberLink\PowerDVD11\Common\MediaServer\CLMSServer.exe [2011-03-31 312616]
R3 massfilter;ZTE Mass Storage Filter Driver;c:\windows\system32\drivers\massfilter.sys [2010-03-01 9216]
R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys [2010-11-20 15872]
R3 Skype C2C Service;Skype C2C Service;c:\programdata\Skype\Toolbars\Skype C2C Service\c2c_service.exe [2012-10-02 3064000]
R3 SkypeUpdate;Skype Updater;c:\program files\Skype\Updater\Updater.exe [2012-11-09 160944]
R3 Synth3dVsc;Synth3dVsc;c:\windows\system32\drivers\synth3dvsc.sys [x]
R3 taphss6;Anchorfree HSS VPN Adapter;c:\windows\system32\DRIVERS\taphss6.sys [2012-11-15 35592]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-20 52224]
R3 tsusbhub;tsusbhub;c:\windows\system32\drivers\tsusbhub.sys [x]
R3 VGPU;VGPU;c:\windows\system32\drivers\rdvgkmd.sys [x]
R3 WatAdminSvc;Service Windows Activation Technologies;c:\windows\system32\Wat\WatAdminSvc.exe [2012-11-26 1343400]
S0 iaStorA;iaStorA;c:\windows\system32\DRIVERS\iaStorA.sys [2012-11-19 526392]
S0 iaStorF;iaStorF;c:\windows\system32\DRIVERS\iaStorF.sys [2012-11-19 25656]
S1 eamonm;eamonm;c:\windows\system32\DRIVERS\eamonm.sys [2013-02-14 171680]
S1 ehdrv;ehdrv;c:\windows\system32\DRIVERS\ehdrv.sys [2013-01-10 122240]
S2 {329F96B6-DF1E-4328-BFDA-39EA953C1312};Power Control [2012/11/26 20:58];c:\program files\CyberLink\PowerDVD11\Common\NavFilter\000.fcl [2011-04-12 09:16 77296]
S2 AERTFilters;Andrea RT Filters Service;c:\program files\Realtek\Audio\HDA\AERTSrv.exe [2009-11-17 87968]
S2 Atheros Bt&Wlan Coex Agent;Atheros Bt&Wlan Coex Agent;c:\program files\Bluetooth Suite\Ath_CoexAgent.exe [2011-05-09 146592]
S2 AtherosSvc;AtherosSvc;c:\program files\Bluetooth Suite\adminservice.exe [2011-05-09 76960]
S2 epfwwfpr;epfwwfpr;c:\windows\system32\DRIVERS\epfwwfpr.sys [2013-01-10 105760]
S2 HP Support Assistant Service;HP Support Assistant Service;c:\program files\Hewlett-Packard\HP Support Framework\hpsa_service.exe [2012-09-27 86528]
S2 HPWMISVC;HPWMISVC;c:\program files\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe [2011-07-11 26680]
S2 IAStorDataMgrSvc;Technologie de stockage Intel® Rapid;c:\program files\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe [2012-11-19 14904]
S2 IconMan_R;IconMan_R;c:\program files\Realtek\Realtek PCIE Card Reader\RIconMan.exe [2012-07-24 1822352]
S2 IDMWFP;IDMWFP;c:\windows\system32\DRIVERS\idmwfp.sys [2012-11-22 100216]
S2 MaConfigAgent;Ma-Config Agent;c:\program files\ma-config.com\MaConfigAgent.exe [2013-05-15 755536]
S2 ntk_PowerDVD;ntk_PowerDVD;c:\program files\CyberLink\PowerDVD11\Kernel\DMP\ntk_PowerDVD.sys [2011-04-20 71664]
S2 TuneUp.UtilitiesSvc;TuneUp Utilities Service;c:\program files\TuneUp Utilities 2013\TuneUpUtilitiesService32.exe [2012-12-07 1723744]
S3 AthBTPort;Atheros Virtual Bluetooth Class;c:\windows\system32\DRIVERS\btath_flt.sys [2011-05-09 34976]
S3 BTATH_A2DP;Bluetooth A2DP Audio Driver;c:\windows\system32\drivers\btath_a2dp.sys [2011-05-09 259232]
S3 BTATH_BUS;Atheros Bluetooth Bus;c:\windows\system32\DRIVERS\btath_bus.sys [2011-05-09 24736]
S3 BTATH_HCRP;Bluetooth HCRP Server driver;c:\windows\system32\DRIVERS\btath_hcrp.sys [2011-05-09 175776]
S3 BTATH_LWFLT;Bluetooth LWFLT Device;c:\windows\system32\DRIVERS\btath_lwflt.sys [2011-05-09 49312]
S3 BTATH_RCP;Bluetooth AVRCP Device;c:\windows\system32\DRIVERS\btath_rcp.sys [2011-05-09 141088]
S3 BtFilter;BtFilter;c:\windows\system32\DRIVERS\btfilter.sys [2011-05-09 243872]
S3 clwvd;CyberLink WebCam Virtual Driver;c:\windows\system32\DRIVERS\clwvd.sys [2010-07-28 27632]
S3 IntcDAud;Son Intel® pour écrans;c:\windows\system32\DRIVERS\IntcDAud.sys [2011-08-23 270336]
S3 RSPCIESTOR;Realtek PCIE CardReader Driver;c:\windows\system32\DRIVERS\RtsPStor.sys [2012-08-03 254608]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt86win7.sys [2011-03-05 348776]
S3 TuneUpUtilitiesDrv;TuneUpUtilitiesDrv;c:\program files\TuneUp Utilities 2013\TuneUpUtilitiesDriver32.sys [2012-11-16 10088]
.
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - WS2IFSL
.
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]
2011-03-04 12:29    451872    ----a-w-    c:\program files\Common Files\LightScribe\LSRunOnce.exe
.
Contents of the 'Scheduled Tasks' folder
.
2013-05-30 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-11-26 18:38]
.
2013-01-13 c:\windows\Tasks\TuneUpUtilities_Task_BkGndMaintenance2013.job
- c:\program files\TuneUp Utilities 2013\OneClick.exe [2012-12-07 09:27]
.
2013-04-13 c:\windows\Tasks\{DD552472-A185-4a0c-AC58-90AA40E9E26A}.job
- c:\windows\explorer.exe [2012-12-14 12:17]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.yandex.ru/?win=56&clid=1975308
uDefault_Search_URL = hxxp://www.google.com
mSearch Bar = hxxp://www.google.com
IE: ???????? ?? ????????? ??????? DM
IE: ???????? ??? ??? ?????? Download Master
IE: ???????? ??? ?????? Download Master
IE: Barre RoboForm - file://c:\program files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html
IE: Enregistrer les formulaires - file://c:\program files\Siber Systems\AI RoboForm\RoboFormComSavePass.html
IE: Personnaliser le menu - file://c:\program files\Siber Systems\AI RoboForm\RoboFormComCustomizeIEMenu.html
IE: Remplir les formulaires - file://c:\program files\Siber Systems\AI RoboForm\RoboFormComFillForms.html
IE: Télécharger avec IDM - c:\program files\Internet Download Manager\IEExt.htm
IE: Télécharger avec Mipony - file://c:\program files\MiPony\Browser\IEContext.htm
IE: Télécharger tous les liens avec IDM - c:\program files\Internet Download Manager\IEGetAll.htm
IE: ???????? ??? ??? ?????? Download Master
IE: ???????? ??? ?????? Download Master
IE: ???????? ?? ????????? ??????? DM
IE: اàêà÷àٍü ïًè ïîىîùè Download Master - c:\program files\Download Master\dmie.htm
IE: اàêà÷àٍü آرإ ïًè ïîىîùè Download Master - c:\program files\Download Master\dmieall.htm
IE: دهًهنàٍü يà َنàëهييَ‏ çàêà÷êَ DM - c:\program files\Download Master\remdown.htm
TCP: DhcpNameServer = 192.168.1.1
TCP: Interfaces\{C15B05D4-A766-4DAB-85E9-E78D8B4261C4}: NameServer = 208.67.222.222,208.67.220.220
TCP: Interfaces\{C15B05D4-A766-4DAB-85E9-E78D8B4261C4}\4586F6D637F6E6635473342403: NameServer = 208.67.222.222,208.67.220.220
FF - ProfilePath - c:\users\naguib\AppData\Roaming\Mozilla\Firefox\Profiles\3t9rxmw2.default-1368471228886\
FF - prefs.js: browser.startup.homepage - hxxp://www.google.fr/
FF - ExtSQL: 2013-05-28 19:59; {22119944-ED35-4ab1-910B-E619EA06A115}; c:\program files\Siber Systems\AI RoboForm\Firefox
.
- - - - ORPHANS REMOVED - - - -
.
WebBrowser-{05EEB91A-AEF7-4F8A-978F-FB83E7B03F8E} - (no file)
MSConfigStartUp-egui - c:\program files\ESET\ESET NOD32 Antivirus\egui.exe
MSConfigStartUp-SDTray - c:\program files\Spybot - Search & Destroy 2\SDTray.exe
.
.
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\{329F96B6-DF1E-4328-BFDA-39EA953C1312}]
"ImagePath"="\??\c:\program files\CyberLink\PowerDVD11\Common\NavFilter\000.fcl"
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\S-1-5-21-3020206579-2667662715-2659810040-1000_Classes\CLSID\{7B8E9164-324D-4A2E-A46D-0165FB2000EC}]
@Denied: (Full) (Everyone)
"scansk"=hex(0):c9,b3,28,77,17,d4,55,91,cc,c0,b2,db,d8,83,6e,d4,44,1e,f5,2e,ba,
   17,17,94,0e,2d,fa,48,1d,39,49,ef,ef,fc,f5,a7,82,c3,e5,b3,00,00,00,00,00,00,\
.
[HKEY_USERS\S-1-5-21-3020206579-2667662715-2659810040-1000_Classes\CLSID\{8673286b-f200-49a2-81b3-c3aec72d66bc}]
@Denied: (Full) (Everyone)
@Allowed: (Read) (RestrictedCode)
"Model"=dword:0000007a
"Therad"=dword:00000015
"MData"=hex(0):73,d5,cf,b8,a4,07,89,80,31,e4,35,6b,2a,ca,fe,43,b6,1f,81,1f,5a,
   1b,4d,36,46,8f,3c,f2,5c,68,ee,21,46,8f,3c,f2,5c,68,ee,21,46,8f,3c,f2,5c,68,\
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil32_11_7_700_202_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil32_11_7_700_202_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'Explorer.exe'(1092)
c:\windows\Alienware Skin Pack\AlienwareDock\DockShellHookOEM.dll
c:\windows\Alienware Skin Pack\YzShadow\YzShadow.dll
c:\program files\Bluetooth Suite\AthCopyHook.dll
.
------------------------ Other Running Processes ------------------------
.
c:\windows\system32\WLANExt.exe
c:\windows\system32\conhost.exe
c:\program files\Common Files\LightScribe\LSSrvc.exe
c:\windows\system32\conhost.exe
c:\program files\TuneUp Utilities 2013\TuneUpUtilitiesApp32.exe
c:\program files\Synaptics\SynTP\SynTPHelper.exe
c:\program files\Hewlett-Packard\Shared\hpqWmiEx.exe
c:\windows\system32\DllHost.exe
c:\program files\Internet Download Manager\IEMonitor.exe
c:\windows\system32\sppsvc.exe
.
**************************************************************************
.
Completion time: 2013-06-09  20:36:37 - machine was rebooted
ComboFix-quarantined-files.txt  2013-06-09 19:36
.
Pre-Run: 20 620 566 528 octets libres
Post-Run: 20 410 810 368 octets libres
.
- - End Of File - - 519EC72FBF9199467FEC964B671A0466
A36C5E4F47E84449FF07ED3517B43A31
 

Waiting for your any detail,
Hail.



#7 CatByte

CatByte

    bleepin' tiger


  • Malware Response Team
  • 14,664 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Location:Canada
  • Local time:06:43 PM

Posted 10 June 2013 - 01:03 PM

that's good to hear, but there are a few more scans I'd like you to run

Please download Junkware Removal Tool to your desktop.
  • Shutdown your antivirus to avoid any conflicts.
  • Right-mouse click JRT.exe and select Run as administrator
  • The tool will open and start scanning your system.
  • Please be patient as this can take a while to complete.
  • On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
  • Post the contents of JRT.txt into your next message

NEXT


Download AdwCleaner from here and save it to your desktop.
  • Run AdwCleaner and select Delete
  • Once done it will ask to reboot, allow the reboot
  • On reboot a log will be produced, please attach the content of the log to your next reply
NEXT
  • Please open your MalwareBytes AntiMalware Program
  • Click the Update Tab and search for updates
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select "Perform Quick Scan", then click Scan.
  • The scan may take some time to finish, so please be patient.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Make sure that everything is checked, and click Remove Selected. <-- very important
  • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart. (See Extra Note)
  • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
  • Copy&Paste the entire report in your next reply.
Extra Note:If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts, click OK to either and let MBAM proceed with the disinfection process, if asked to restart the computer, please do so immediately.



NEXT


Go here to run an online scanner from ESET.
  • Turn off the real time scanner of any existing antivirus program while performing the online scan
  • Tick the box next to YES, I accept the Terms of Use.
  • Click Start
  • When asked, allow the activeX control to install
  • Click Start
  • Make sure that the option Remove found threats is unticked and the Scan Archives option is ticked.
  • Click on Advanced Settings, ensure the options Scan for potentially unwanted applications, Scan for potentially unsafe applications, and Enable Anti-Stealth Technology are ticked.
  • Click Scan
  • Wait for the scan to finish
  • When the scan completes, press the LIST OF THREATS FOUND button
  • Press EXPORT TO TEXT FILE , name the file ESETSCAN and save it to your desktop
  • Include the contents of this report in your next reply.
  • Press the BACK button.
  • Press Finish

Microsoft MVP - 2010, 2011, 2012, 2013, 2014, 2015


#8 Belllisarrio

Belllisarrio
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:11:43 PM

Posted 12 June 2013 - 01:25 AM

Welcome back,
As agreed, I bring four reports that you asked me ... Until your next suggestions
Thanks again!

 

1°)  JRT.txt

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 4.9.4 (05.06.2013:1)
OS: Windows 7 Ultimate x86
Ran by naguib on 12/06/2013 at  6:39:13,08
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
~~~ Services

~~~ Registry Values

~~~ Registry Keys

~~~ Files

~~~ Folders

~~~ FireFox

Emptied folder: C:\Users\naguib\AppData\Roaming\mozilla\firefox\profiles\3t9rxmw2.default-1368471228886\minidumps [1 files]

~~~ Event Viewer Logs were cleared

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on 12/06/2013 at  6:41:04,14
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~             

                                            <<<<<<<<<<<<<<<<<<<<<<<<                   >>>>>>>>>>>>>>>>>>>>>>>>>>

 

2°)   AdwCleaner.txt

 

# AdwCleaner v2.303 - Rapport créé le 11/06/2013 à 21:20:56
# Mis à jour le 08/06/2013 par Xplode
# Système d'exploitation : Windows 7 Ultimate Service Pack 1 (32 bits)
# Nom d'utilisateur : naguib - HSKYEZOJGDY
# Mode de démarrage : Normal
# Exécuté depuis : C:\Users\naguib\Desktop\adwcleaner.exe
# Option [Suppression]


***** [Services] *****


***** [Fichiers / Dossiers] *****


***** [Registre] *****

Clé Supprimée : HKCU\Software\d2be3e6d11846430c067fc874a79f583
Clé Supprimée : HKCU\Software\YahooPartnerToolbar
Clé Supprimée : HKLM\SOFTWARE\Classes\AppID\{18B9B16E-716F-43DF-A6AD-512C7D2EB983}
Clé Supprimée : HKLM\Software\InstallIQ
Clé Supprimée : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{AFB904C4-C255-4540-B97E-A75A34F1FFB0}

***** [Navigateurs] *****

-\\ Internet Explorer v9.0.8112.16457

[OK] Le registre ne contient aucune entrée illégitime.

-\\ Mozilla Firefox v20.0.1 (fr)

Fichier : C:\Users\naguib\AppData\Roaming\Mozilla\Firefox\Profiles\3t9rxmw2.default-1368471228886\prefs.js

[OK] Le fichier ne contient aucune entrée illégitime.

-\\ Google Chrome v [Impossible d'obtenir la version]

Fichier : C:\Users\naguib\AppData\Local\Google\Chrome\User Data\Default\Preferences

[OK] Le fichier ne contient aucune entrée illégitime.

-\\ Chromium vns:64

Fichier : C:\Users\naguib\AppData\Local\Chromium\User Data\Default\Preferences

[OK] Le fichier ne contient aucune entrée illégitime.

-\\ Opera v [Impossible d'obtenir la version]

Fichier : C:\Users\naguib\AppData\Roaming\Opera\Opera\operaprefs.ini

[OK] Le fichier ne contient aucune entrée illégitime.

*************************

AdwCleaner[S1].txt - [1694 octets] - [11/06/2013 21:20:56]

########## EOF - C:\AdwCleaner[S1].txt - [1754 octets] ##########
 

                                                     <<<<<<<<<<<<<<<<<<<<<<<<<<<                       >>>>>>>>>>>>>>>>>>>>>>>>>>>

 

3°)   mbam-log.txt

 

Malwarebytes Anti-Malware (PRO) 1.75.0.1300
www.malwarebytes.org

Version de la base de données: v2013.06.11.07

Windows 7 Service Pack 1 x86 NTFS
Internet Explorer 10.0.9200.16576
naguib :: HSKYEZOJGDY [administrateur]

Protection: Activé

11/06/2013 22:04 - Naguy
mbam-log-2013-06-11 (22-04-05).txt

Type d'examen: Examen rapide
Options d'examen activées: Mémoire | Démarrage | Registre | Système de fichiers | Heuristique/Extra | Heuristique/Shuriken | PUP | PUM
Options d'examen désactivées: P2P
Elément(s) analysé(s): 259106
Temps écoulé: 3 minute(s), 42 seconde(s)

Processus mémoire détecté(s): 1
C:\Users\naguib\AppData\Local\temp\java.exe (Trojan.Agent) -> 2480 -> Suppression au redémarrage.

Module(s) mémoire détecté(s): 0
(Aucun élément nuisible détecté)

Clé(s) du Registre détectée(s): 0
(Aucun élément nuisible détecté)

Valeur(s) du Registre détectée(s): 2
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run|d2be3e6d11846430c067fc874a79f583 (Trojan.Agent) -> Données: "C:\Users\naguib\AppData\Local\temp\java.exe" .. -> Mis en quarantaine et supprimé avec succès.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run|d2be3e6d11846430c067fc874a79f583 (Trojan.Agent) -> Données: "C:\Users\naguib\AppData\Local\temp\java.exe" .. -> Mis en quarantaine et supprimé avec succès.

Elément(s) de données du Registre détecté(s): 0
(Aucun élément nuisible détecté)

Dossier(s) détecté(s): 0
(Aucun élément nuisible détecté)

Fichier(s) détecté(s): 1
C:\Users\naguib\AppData\Local\temp\java.exe (Trojan.Agent) -> Suppression au redémarrage.

(fin)
 

                                             <<<<<<<<<<<<<<<<<<<<<<<<<<<<                >>>>>>>>>>>>>>>>>>>>>>>>>>>>>

 

4°)  ESETSCAN.txt

 

C:\$RECYCLE.BIN\S-1-5-21-3020206579-2667662715-2659810040-1000\$RM30F33.EXE    a variant of MSIL/Packed.NetShrink.A trojan
C:\Program Files\DDLManager setup\MyBabylonTB.exe    Win32/Toolbar.Babylon application
C:\Program Files\DDLManager setup\plugin.crx    JS/Adware.DSNR.A application
C:\Program Files\SmartPCFixer\patch smartpcfixer.exe    a variant of Win32/HackTool.Patcher.AD application
C:\Program Files\TuneUp Utilities 2013\patch.exe    multiple threats
C:\Users\naguib\AppData\Roaming\IDM\DwnlData\naguib\avira_antivirus_premium_en_80\avira_antivirus_premium_en.exe    a variant of Win32/Bundled.Toolbar.Ask application
C:\Users\naguib\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\d2be3e6d11846430c067fc874a79f583.exe    a variant of MSIL/Packed.NetShrink.A trojan
C:\Users\naguib\Desktop\Protection WIFI contre Intrusion\Who Is On My Wifi.rar    Win32/Bifrose.NTA trojan
C:\Users\naguib\Desktop\Protection WIFI contre Intrusion\??? ????? ??? ????? ?? ???? ??????? ?????\netcup by huhu1981ful.rar    a variant of Win32/NetTool.Netcut.A application
C:\Users\naguib\Desktop\Protection WIFI contre Intrusion\??? ????? ??? ????? ?? ???? ??????? ?????\netcup by huhu1981ful_2.rar    a variant of Win32/NetTool.Netcut.A application
C:\Users\naguib\Desktop\Protection WIFI contre Intrusion\??? ????? ??? ????? ?? ???? ??????? ?????\netcup by huhu1981ful\netcut.exe    a variant of Win32/NetTool.Netcut.A application
C:\Users\naguib\Desktop\Protection WIFI contre Intrusion\???? ?? ??????? ????? ??????? ??? ?? ????? ???????\Who Is On My Wifi.exe    Win32/Bifrose.NTA trojan
C:\Users\naguib\Desktop\Protection WIFI contre Intrusion\???? ?? ??????? ????? ??????? ??? ?? ????? ???????\Who Is On My Wifi.rar    Win32/Bifrose.NTA trojan
C:\Users\naguib\Desktop\Tutorials\????? ??????? ?????? ??? ??????? 8\actFuturoGeek8 (1).rar    Win32/HackTool.SLICMod.C application
C:\Users\naguib\Desktop\Tutorials\?? ?????? ?? ?????? ???? ??? ????? ?? ?????\Allmyapps (2).exe    Win32/OpenCandy application
C:\Users\naguib\Desktop\Tutorials\?? ?????? ?? ?????? ???? ??? ????? ?? ?????\Allmyapps.exe    Win32/OpenCandy application
C:\Users\naguib\Desktop\?? ?????? ???? ?????? ??????? ????? ???????? ?? Product Key Explorer 3.2.7.0\PKE.rar    a variant of Win32/HackTool.Patcher.D application
C:\Users\naguib\Downloads\Activator BTS 2013 DrKiller94 .rar    a variant of MSIL/Packed.CryptoObfuscator.C application
C:\Users\naguib\Downloads\FreemakeVideoConverter_4.0.1.4.exe    Win32/OpenCandy application
C:\Users\naguib\Downloads\a installer apres formatage_pc samira\flash player maj\installer_windows_live_messenger_2012_French.exe    Win32/Toolbar.Babylon application
C:\Users\naguib\Downloads\a installer apres formatage_pc samira\Glary Utilities Pro + Serial\Glary Utilities Pro + Serial.rar    a variant of Win32/Bundled.Toolbar.Ask application
C:\Users\naguib\Downloads\a installer apres formatage_pc samira\Glary Utilities Pro + Serial\Glary Utilities Pro + Serial\Glary Utilities 2.36.0.1232.exe    a variant of Win32/Bundled.Toolbar.Ask application
C:\Users\naguib\Downloads\AntiVirus 2013\Avast internet security 8 ( 2015 )\avastlic Valid.rar.exe    Win32/InstalleRex.J application
C:\Users\naguib\Downloads\DFX Audio Enhancer 10.137 Full\dfx10Setup.exe    Win32/OpenCandy application
C:\Users\naguib\Downloads\DFX.Audio.Enhancer.v11.105.Keygen\DFX.Audio.Enhancer.v11.105.Keygen.Patch.DiiHTuToriaisHD.rar    Win32/OpenCandy application
C:\Users\naguib\Downloads\DFX.Audio.Enhancer.v11.105.Keygen\DFX.Audio.Enhancer.v11.105.Keygen.Patch.DiiHTuToriaisHD\DiiHTuToriaisHD.DFX.Audio.Enhancer.v11.105.Keygen.Patch\DiiHTuToriaisHD.DFX.Audio.Enhancer.v11.105.Keygen.Patch.rar    Win32/OpenCandy application
C:\Users\naguib\Downloads\DFX.Audio.Enhancer.v11.105.Keygen\DFX.Audio.Enhancer.v11.105.Keygen.Patch.DiiHTuToriaisHD\DiiHTuToriaisHD.DFX.Audio.Enhancer.v11.105.Keygen.Patch\DiiHTuToriaisHD.DFX.Audio.Enhancer.v11.105.Keygen.Patch\dfx11Setup.exe    Win32/OpenCandy application
C:\Users\naguib\Downloads\DFX.Audio.Enhancer.v11.105.Keygen\DFX.Audio.Enhancer.v11.105.Keygen.Patch.DiiHTuToriaisHD\DiiHTuToriaisHD.DFX.Audio.Enhancer.v11.105.Keygen.Patch\DiiHTuToriaisHD.DFX.Audio.Enhancer.v11.105.Keygen.Patch\Patch\dfx v10xx patch.exe    a variant of Win32/HackTool.Patcher.T application
C:\Users\naguib\Downloads\Extreme Copy 2.3.0 PRO\ExtremeCopy 2.3.0 PRO\Setup_ExtremeCopy-2.3.0-pro-32bits.exe    VBS/Agent.NDE worm
C:\Users\naguib\Downloads\Music\Traitements Audio 2013\GOLDWAV\goldwave 5.25\goldwave 5.25.rar    a variant of Win32/Keygen.AD application
C:\Users\naguib\Downloads\Music\Traitements Audio 2013\GOLDWAV\GoldWave v5.55 +Crack\GoldWave v5.55 +Crack.rar    a variant of Win32/Keygen.AD application
C:\Users\naguib\Downloads\Music\Traitements Audio 2013\GOLDWAV\GoldWave v5.55 +Crack\GoldWave v5.55 +Crack\crack\keygen.exe    a variant of Win32/Keygen.AD application
C:\Users\naguib\Downloads\Music\Traitements Audio 2013\MAGIX Audio Cleaning Lab 2013 19.0.0.10 English\Audio_Cleaning_Lab_2013_DLV_en-II_121001_10-52_19_0_0_10.exe    a variant of Win32/Bundled.Toolbar.Ask application
C:\Users\naguib\Downloads\Music\Traitements Audio 2013\MAGIX Music Maker 2013 Premium\Startimes.CoM.MAGIX.Music.Maker.2013.Premium.v19.0.5.57\MAGIX.Music.Maker.2013.Premium.v19.0Crack\Music_Maker_2013_Premium_DLV_en-II_121023_14-53_19_0_3_47.exe    a variant of Win32/Bundled.Toolbar.Ask application
C:\Users\naguib\Downloads\Music\Traitements Audio 2013\Quick Media Converter\Install-Hd-4-5-0-5.EXE    a variant of Win32/Bundled.Toolbar.Ask application
C:\Users\naguib\Downloads\Music\Traitements Audio 2013\Quick Media Converter\Install-Hd-4-5-0-5.zip    a variant of Win32/Bundled.Toolbar.Ask application
C:\Users\naguib\Downloads\Programs\AlienwareSkinPackX86_downloader_by_SkinPack.exe    a variant of Win32/Somoto.A application
C:\Users\naguib\Downloads\Programs\FreemakeVideoConverter_3.1.2.0.exe    Win32/OpenCandy application
C:\Users\naguib\Downloads\Programs\SmartPCFixer+serial\spcfi\spcfi.rar    a variant of Win32/HackTool.Patcher.AD application
C:\Users\naguib\Downloads\Programs\SmartPCFixer+serial\spcfi\spcfi\patch smartpcfixer.exe    a variant of Win32/HackTool.Patcher.AD application
C:\Users\naguib\Downloads\Programs\TuneUp Utilities 2013\TuneUp Utilities 2013 By Tutoriel pour tous !\TuneUp Utilities 2013 By Tutoriel pour tous !.rar    a variant of Win32/HackTool.Patcher.AD application
C:\Users\naguib\Downloads\Programs\TuneUp Utilities 2013\TuneUp Utilities 2013 By Tutoriel pour tous !\TuneUp Utilities 2013 By Tutoriel pour tous !\Patch\Patch.exe    a variant of Win32/HackTool.Patcher.AD application
C:\Users\naguib\Downloads\Programs\TuneUp Utilities 2013\TuneUpUtilities2013_en-GB\TuneUpUtilities2013_en-GB.rar    multiple threats
C:\Users\naguib\Downloads\Programs\TuneUp Utilities 2013\TuneUpUtilities2013_en-GB\TuneUpUtilities2013_Full\Patch\patch.exe    multiple threats
E:\Hide IP Easy+SERIAL\2.9.AutoHideIP.5.1.0.8.zip    a variant of Win32/HackTool.Patcher.T application
E:\Hide IP Easy+SERIAL\hide ip easy 5.1.8.2 incl patch-s.h.w.z.rar    multiple threats
E:\Hide IP Easy+SERIAL\Hide IP Easy v5.0.8.8.rar    a variant of Win32/Bundled.Toolbar.Ask application
E:\HP Support Assistant\M2D.hp.pavilion.g6.ENG.A.ELshayeb.rar.exe    Win32/InstalleRex.I application
E:\Logiciels importés du PC Khalid\speed connexion.rar    Win32/KeyLogger.Ardamax.NBB application
E:\Logiciels importés du PC Khalid\VIDEO\Comment hacker un site\FreeHideIPSetup.exe    a variant of Win32/Bundled.Toolbar.Ask application
E:\Logiciels importés du PC Khalid\VIDEO\Comment hacker un site\LOIC-1.0.7.42-binary.zip    a variant of MSIL/HackTool.LOIC.AB application
E:\Logiciels importés du PC Khalid\VIDEO\TH3 Professional  ???????\Wondershare Video Editor\AVS Audio Converter 7.0.3.485 + Patch\3. Patch MPT.exe    a variant of Win32/HackTool.Patcher.T application
E:\Logiciels importés du PC Khalid\VIDEO\TH3 Professional  ???????\Wondershare Video Editor\AVS Audio Converter 7.0.3.485 + Patch\AVS_Audio_Converter_7.0.3.485_Incl_Patch_-_MPT_Adham-Astuce.rar    a variant of Win32/HackTool.Patcher.T application
E:\Logiciels importés du PC Khalid\VIDEO\TH3 Professional  ???????\Wondershare Video Editor\AVS Audio Editor 7.1.4.476 + Patch\Patch_MPT_de_AVS_Audio_Editor_7.1.4.476_Adham-Astuce.rar    a variant of Win32/HackTool.Patcher.T application
E:\Logiciels importés du PC Khalid\VIDEO\TH3 Professional  ???????\Wondershare Video Editor\AVS Audio Editor 7.1.4.476 + Patch\Patch_MPT_de_AVS_Audio_Editor_7.1.4.476_Adham-Astuce_2.rar    a variant of Win32/HackTool.Patcher.T application
E:\Logiciels importés du PC Khalid\VIDEO\TH3 Professional  ???????\Wondershare Video Editor\AVS Image Converter 2.1.2.169 Incl. Patch 32bits-64bits\AVS_Image_Converter_2.1.2.169_Incl._Patch_32bits-64bits_Fait_par_Adham-Astuce__Patch_MPT_Adham-Astuce.rar    a variant of Win32/HackTool.Patcher.T application
E:\Logiciels importés du PC Khalid\??????All Edition ?????? ?? ??? ???????? ????????\All Edition.exe    Win32/HackTool.SLICMod.C application
E:\Programmes Sauvegardés\DRIVERS\Pilotes PC-halimma\Activation Windows 7\Windows.7.Loader.v2.1.2\Windows.7.Loader.v2.1.2.zip    Win32/Fynloski.AA trojan
E:\Programmes Sauvegardés\Internet\pal_install_ar_u22423204_a729_r1404_p128.exe    a variant of Win32/Bundled.Toolbar.Ask.C application
E:\Programmes Sauvegardés\Internet\Snooper 1.37.4 + ???????\setup.exe    a variant of Win32/Snooper.A application
E:\Programmes Sauvegardés\Internet\Snooper 1.37.4 + ???????\Snooper 1.37.4.EYP.CoM.rar    a variant of Win32/Snooper.A application
E:\Programmes Sauvegardés\Logiciels Convertion Video\AVS video Remaker 4.1___crack\AVS.Video.ReMaker.4.1.1.144\AVS.Video.ReMaker.4.1.1.144.rar    a variant of Win32/HackTool.Patcher.T application
E:\Programmes Sauvegardés\Logiciels Convertion Video\AVS video Remaker 4.1___crack\AVS.Video.ReMaker.4.1.1.144\avs4you.all.products.activator.2012.v1.0-MPT.rar    a variant of Win32/HackTool.Patcher.T application
E:\Programmes Sauvegardés\Logiciels Convertion Video\AVS video Remaker 4.1___crack\AVS.Video.ReMaker.4.1.1.144\avs4you.all.products.activator.2012.v1.0-MPT\avs4you.all.products.activator.2012.v1.0-MPT.exe    a variant of Win32/HackTool.Patcher.T application
E:\Programmes Sauvegardés\Traitements AUDIO\??? ????? ?? ???????? ?? ?????\AV_Music_Morpher_Gold_4.0.66.rar    Win32/HackTool.Patcher.A application
E:\Programmes Sauvegardés\Windows 7 ttes version\Activation Windows 7\Windows.7.Loader.v2.1.2\Windows.7.Loader.v2.1.2.zip    Win32/Fynloski.AA trojan
E:\SAUVEGARDE  C\Telechargements\pc_portable_siyana.rar    a variant of Win32/HackTool.Patcher.A application
E:\SAUVEGARDE  C\Telechargements\www.movizdb.com_download as premium from RS HF UP MU DF.rar    a variant of Win32/Keygen.AN application
E:\SAUVEGARDE  C\Telechargements\Compressed\AVS All-In-One Install Package v2.1.1.75\avs4you.all.products.activator.rar    a variant of Win32/HackTool.Patcher.T application
E:\SAUVEGARDE  C\Telechargements\Compressed\AVS All-In-One Install Package v2.1.1.75\MyEgy.CoM.AVS All-In-One Install Package v2.1.1.75.By.Rico\avs4you.all.products.activator.2012.(v1.1a)-FIXED-mpt\avs4you.all.products.activator.2012.(v1.1a)-FIXED-mpt.exe    a variant of Win32/HackTool.Patcher.T application
E:\SAUVEGARDE  C\Telechargements\Compressed\D F X\DFX Audio Enhancer V9.12.0.0\DFX Audio Enhancer V9.12.0.0 All Products Full.rar    Win32/Keygen.DJ application
E:\SAUVEGARDE  C\Telechargements\Compressed\Verrouiller votre PC avec votre visage\Banana_Screen.rar    MSIL/Solimba application
E:\SAUVEGARDE  C\Telechargements\Logiciels pour Hacker Réseau WIFI\Nouveau dossier (2)\H22g_ARAB_NOKIA_WepKey_full.rar    Win32/WEPSpy.A application
E:\SAUVEGARDE  C\Telechargements\Logiciels pour Hacker Réseau WIFI\WepKey_full\H22g_ARAB_NOKIA_WepKey_full.rar    Win32/WEPSpy.A application
E:\SAUVEGARDE  C\Telechargements\Logiciels pour Hacker Réseau WIFI\WepKey_full\WepKey_full\WepKey full\Wepkey.exe    Win32/WEPSpy.A application
E:\SAUVEGARDE  C\Telechargements\Network_LookOut_Administrator_Professional\Network LookOut Administrator Professional 2.6.2\nmadmipro.rar    a variant of Win32/NetworkLookOutAgent.A application
E:\SAUVEGARDE  C\Telechargements\Network_LookOut_Administrator_Professional\Network.LookOut.Administrator.Professional.v3.4.2.Incl._-Lz0\Network.LookOut.Administrator.Professional.v3.4.2.Incl._-Lz0.rar    multiple threats
E:\SAUVEGARDE  C\Telechargements\Network_LookOut_Administrator_Professional\Network.LookOut.Administrator.Professional.v3.4.2.Incl._-Lz0\Network.LookOut.Administrator.Professional.v3.4.2.Incl.Keygen-Lz0\Linezer0.part1.rar    multiple threats
E:\SAUVEGARDE  C\Telechargements\Network_LookOut_Administrator_Professional\Network.LookOut.Administrator.Professional.v3.4.2.Incl._-Lz0\Network.LookOut.Administrator.Professional.v3.4.2.Incl.Keygen-Lz0\nmadminpro.exe    a variant of Win32/NetworkLookOutAgent.A application
E:\SAUVEGARDE  C\Telechargements\Network_LookOut_Administrator_Professional\Network.LookOut.Administrator.Professional.v3.4.2.Incl._-Lz0\Network.LookOut.Administrator.Professional.v3.4.2.Incl.Keygen-Lz0\Lz0\keygen.exe    Win32/Keygen.CC application
E:\SAUVEGARDE  C\Telechargements\NOKIA N91\AntiVirus Mobile\Programm\S60v3.39.Programs.rar    multiple threats
E:\SAUVEGARDE  C\Telechargements\NOKIA N91\Fscaller\SignSiS.zip    a variant of Win32/HackTool.Patcher.AN application
E:\SAUVEGARDE  C\Telechargements\NOKIA N91\PC Cleaner Pro 10.0.0.126.2012\PC Cleaner Pro 10.0.0.126.2012.rar    a variant of Win32/PCCleaners application
E:\SAUVEGARDE  C\Telechargements\SAVE Clé Usb\TuneUp 2008\Crack\tuneup.utilities.2008.v7.0.7986-patch.exe    a variant of Win32/HackTool.Patcher.A application
E:\SAUVEGARDE  C\Telechargements\SAVE Clé Usb\TuneUp 2008\Crack\TuneUp_Utilities_2008_v7[1].0.7986.zip    Win32/HackTool.Patcher.A application
E:\SAUVEGARDE  C\Telechargements\winamp5623_full_emusic-7plus_fr-fr\winamp5623_full_emusic-7plus_fr-fr.exe    Win32/OpenCandy application
E:\???????\Netcut 2.8.1.rar    a variant of Win32/NetTool.Netcut.A application
E:\???????\Netcut 2.8.1\netcut.exe    a variant of Win32/NetTool.Netcut.A application
E:\???????\??? ????? ??? ????? ?? ???? ??????? ?????\netcup by huhu1981ful.rar    a variant of Win32/NetTool.Netcut.A application
E:\???????\??? ????? ??? ????? ?? ???? ??????? ?????\netcup by huhu1981ful_2.rar    a variant of Win32/NetTool.Netcut.A application
E:\???????\??? ????? ??? ????? ?? ???? ??????? ?????\reginout_setup.exe    multiple threats
E:\???????\??? ????? ??? ????? ?? ???? ??????? ?????\netcup by huhu1981ful\netcut.exe    a variant of Win32/NetTool.Netcut.A application
 

                                             <<<<<<<<<<<<<<<<<<<<<<<<<<             >>>>>>>>>>>>>>>>>>>>>>>>>>

 

However some clarification, particularly exécuta.nt JRT.exe a dialog box appears with the following message:
File not found:
C: \ JRT \ ERUNT \ ERDNT.E_E

In fact, it is because of Malwarebytes Anti-Malware JRT.exe which considers as harmful.

Another detail: the question marks contained in the reports are actually Arabic characters that said software are unable to decipher.

end

 

 

 

 

 

 

 

 

 

 



#9 CatByte

CatByte

    bleepin' tiger


  • Malware Response Team
  • 14,664 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Location:Canada
  • Local time:06:43 PM

Posted 12 June 2013 - 07:29 AM

You may need to manually look for and delete the entries with the Arabic letters as I doubt ComboFix will process the question marks.

Please do the following:
  • Very Important! Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before following the steps below.
  • They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results".

Copy/paste the text inside the Codebox below into notepad:

Here's how to do that:
Press the WinKey + R to open a run box, type Notepad > click OK.
This will open an empty notepad file:

Copy all the text inside of the code box - Press Ctrl+C (or right click on the highlighted section and choose 'copy')

File::
C:\$RECYCLE.BIN\S-1-5-21-3020206579-2667662715-2659810040-1000\$RM30F33.EXE   
C:\Program Files\DDLManager setup\MyBabylonTB.exe   
C:\Program Files\DDLManager setup\plugin.crx   
C:\Program Files\SmartPCFixer\patch smartpcfixer.exe    
C:\Program Files\TuneUp Utilities 2013\patch.exe   
C:\Users\naguib\AppData\Roaming\IDM\DwnlData\naguib\avira_antivirus_premium_en_80\avira_antivirus_premium_en.exe   
C:\Users\naguib\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\d2be3e6d11846430c067fc874a79f583.exe    
C:\Users\naguib\Desktop\Protection WIFI contre Intrusion\Who Is On My Wifi.rar   
C:\Users\naguib\Downloads\Activator BTS 2013 DrKiller94 .rar    
C:\Users\naguib\Downloads\FreemakeVideoConverter_4.0.1.4.exe   
C:\Users\naguib\Downloads\a installer apres formatage_pc samira\flash player maj\installer_windows_live_messenger_2012_French.exe    
C:\Users\naguib\Downloads\a installer apres formatage_pc samira\Glary Utilities Pro + Serial\Glary Utilities Pro + Serial.rar    
C:\Users\naguib\Downloads\a installer apres formatage_pc samira\Glary Utilities Pro + Serial\Glary Utilities Pro + Serial\Glary Utilities 2.36.0.1232.exe   
C:\Users\naguib\Downloads\AntiVirus 2013\Avast internet security 8 ( 2015 )\avastlic Valid.rar.exe   
C:\Users\naguib\Downloads\DFX Audio Enhancer 10.137 Full\dfx10Setup.exe    
C:\Users\naguib\Downloads\DFX.Audio.Enhancer.v11.105.Keygen\DFX.Audio.Enhancer.v11.105.Keygen.Patch.DiiHTuToriaisHD.rar    
C:\Users\naguib\Downloads\DFX.Audio.Enhancer.v11.105.Keygen\DFX.Audio.Enhancer.v11.105.Keygen.Patch.DiiHTuToriaisHD\DiiHTuToriaisHD.DFX.Audio.Enhancer.v11.105.Keygen.Patch\DiiHTuToriaisHD.DFX.Audio.Enhancer.v11.105.Keygen.Patch.rar    
C:\Users\naguib\Downloads\DFX.Audio.Enhancer.v11.105.Keygen\DFX.Audio.Enhancer.v11.105.Keygen.Patch.DiiHTuToriaisHD\DiiHTuToriaisHD.DFX.Audio.Enhancer.v11.105.Keygen.Patch\DiiHTuToriaisHD.DFX.Audio.Enhancer.v11.105.Keygen.Patch\dfx11Setup.exe    
C:\Users\naguib\Downloads\DFX.Audio.Enhancer.v11.105.Keygen\DFX.Audio.Enhancer.v11.105.Keygen.Patch.DiiHTuToriaisHD\DiiHTuToriaisHD.DFX.Audio.Enhancer.v11.105.Keygen.Patch\DiiHTuToriaisHD.DFX.Audio.Enhancer.v11.105.Keygen.Patch\Patch\dfx v10xx patch.exe    
C:\Users\naguib\Downloads\Extreme Copy 2.3.0 PRO\ExtremeCopy 2.3.0 PRO\Setup_ExtremeCopy-2.3.0-pro-32bits.exe    
C:\Users\naguib\Downloads\Music\Traitements Audio 2013\GOLDWAV\goldwave 5.25\goldwave 5.25.rar    
C:\Users\naguib\Downloads\Music\Traitements Audio 2013\GOLDWAV\GoldWave v5.55 +Crack\GoldWave v5.55 +Crack.rar    
C:\Users\naguib\Downloads\Music\Traitements Audio 2013\GOLDWAV\GoldWave v5.55 +Crack\GoldWave v5.55 +Crack\crack\keygen.exe    
C:\Users\naguib\Downloads\Music\Traitements Audio 2013\MAGIX Audio Cleaning Lab 2013 19.0.0.10 English\Audio_Cleaning_Lab_2013_DLV_en-II_121001_10-52_19_0_0_10.exe    
C:\Users\naguib\Downloads\Music\Traitements Audio 2013\MAGIX Music Maker 2013 Premium\Startimes.CoM.MAGIX.Music.Maker.2013.Premium.v19.0.5.57\MAGIX.Music.Maker.2013.Premium.v19.0Crack\Music_Maker_2013_Premium_DLV_en-II_121023_14-53_19_0_3_47.exe   
C:\Users\naguib\Downloads\Music\Traitements Audio 2013\Quick Media Converter\Install-Hd-4-5-0-5.EXE   
C:\Users\naguib\Downloads\Music\Traitements Audio 2013\Quick Media Converter\Install-Hd-4-5-0-5.zip    
C:\Users\naguib\Downloads\Programs\AlienwareSkinPackX86_downloader_by_SkinPack.exe    
C:\Users\naguib\Downloads\Programs\FreemakeVideoConverter_3.1.2.0.exe    
C:\Users\naguib\Downloads\Programs\SmartPCFixer+serial\spcfi\spcfi.rar    
C:\Users\naguib\Downloads\Programs\SmartPCFixer+serial\spcfi\spcfi\patch smartpcfixer.exe    
C:\Users\naguib\Downloads\Programs\TuneUp Utilities 2013\TuneUp Utilities 2013 By Tutoriel pour tous !\TuneUp Utilities 2013 By Tutoriel pour tous !.rar    
C:\Users\naguib\Downloads\Programs\TuneUp Utilities 2013\TuneUp Utilities 2013 By Tutoriel pour tous !\TuneUp Utilities 2013 By Tutoriel pour tous !\Patch\Patch.exe   
C:\Users\naguib\Downloads\Programs\TuneUp Utilities 2013\TuneUpUtilities2013_en-GB\TuneUpUtilities2013_en-GB.rar    
C:\Users\naguib\Downloads\Programs\TuneUp Utilities 2013\TuneUpUtilities2013_en-GB\TuneUpUtilities2013_Full\Patch\patch.exe    
E:\Hide IP Easy+SERIAL\2.9.AutoHideIP.5.1.0.8.zip    
E:\Hide IP Easy+SERIAL\hide ip easy 5.1.8.2 incl patch-s.h.w.z.rar    
E:\Hide IP Easy+SERIAL\Hide IP Easy v5.0.8.8.rar   
E:\HP Support Assistant\M2D.hp.pavilion.g6.ENG.A.ELshayeb.rar.exe    
E:\Logiciels importés du PC Khalid\speed connexion.rar    
E:\Logiciels importés du PC Khalid\VIDEO\Comment hacker un site\FreeHideIPSetup.exe    
E:\Logiciels importés du PC Khalid\VIDEO\Comment hacker un site\LOIC-1.0.7.42-binary.zip    
E:\Programmes Sauvegardés\DRIVERS\Pilotes PC-halimma\Activation Windows 7\Windows.7.Loader.v2.1.2\Windows.7.Loader.v2.1.2.zip   
E:\Programmes Sauvegardés\Internet\pal_install_ar_u22423204_a729_r1404_p128.exe   
E:\Programmes Sauvegardés\Logiciels Convertion Video\AVS video Remaker 4.1___crack\AVS.Video.ReMaker.4.1.1.144\AVS.Video.ReMaker.4.1.1.144.rar    
E:\Programmes Sauvegardés\Logiciels Convertion Video\AVS video Remaker 4.1___crack\AVS.Video.ReMaker.4.1.1.144\avs4you.all.products.activator.2012.v1.0-MPT.rar    
E:\Programmes Sauvegardés\Logiciels Convertion Video\AVS video Remaker 4.1___crack\AVS.Video.ReMaker.4.1.1.144\avs4you.all.products.activator.2012.v1.0-MPT\avs4you.all.products.activator.2012.v1.0-MPT.exe   
E:\Programmes Sauvegardés\Windows 7 ttes version\Activation Windows 7\Windows.7.Loader.v2.1.2\Windows.7.Loader.v2.1.2.zip    
E:\SAUVEGARDE  C\Telechargements\pc_portable_siyana.rar    
E:\SAUVEGARDE  C\Telechargements\www.movizdb.com_download as premium from RS HF UP MU DF.rar    
E:\SAUVEGARDE  C\Telechargements\Compressed\AVS All-In-One Install Package v2.1.1.75\avs4you.all.products.activator.rar    
E:\SAUVEGARDE  C\Telechargements\Compressed\AVS All-In-One Install Package v2.1.1.75\MyEgy.CoM.AVS All-In-One Install Package v2.1.1.75.By.Rico\avs4you.all.products.activator.2012.(v1.1a)-FIXED-mpt\avs4you.all.products.activator.2012.(v1.1a)-FIXED-mpt.exe   
E:\SAUVEGARDE  C\Telechargements\Compressed\D F X\DFX Audio Enhancer V9.12.0.0\DFX Audio Enhancer V9.12.0.0 All Products Full.rar    
E:\SAUVEGARDE  C\Telechargements\Compressed\Verrouiller votre PC avec votre visage\Banana_Screen.rar    
E:\SAUVEGARDE  C\Telechargements\Logiciels pour Hacker Réseau WIFI\Nouveau dossier (2)\H22g_ARAB_NOKIA_WepKey_full.rar    
E:\SAUVEGARDE  C\Telechargements\Logiciels pour Hacker Réseau WIFI\WepKey_full\H22g_ARAB_NOKIA_WepKey_full.rar    
E:\SAUVEGARDE  C\Telechargements\Logiciels pour Hacker Réseau WIFI\WepKey_full\WepKey_full\WepKey full\Wepkey.exe    
E:\SAUVEGARDE  C\Telechargements\Network_LookOut_Administrator_Professional\Network LookOut Administrator Professional 2.6.2\nmadmipro.rar    
E:\SAUVEGARDE  C\Telechargements\Network_LookOut_Administrator_Professional\Network.LookOut.Administrator.Professional.v3.4.2.Incl._-Lz0\Network.LookOut.Administrator.Professional.v3.4.2.Incl._-Lz0.rar   
E:\SAUVEGARDE  C\Telechargements\Network_LookOut_Administrator_Professional\Network.LookOut.Administrator.Professional.v3.4.2.Incl._-Lz0\Network.LookOut.Administrator.Professional.v3.4.2.Incl.Keygen-Lz0\Linezer0.part1.rar  
E:\SAUVEGARDE  C\Telechargements\Network_LookOut_Administrator_Professional\Network.LookOut.Administrator.Professional.v3.4.2.Incl._-Lz0\Network.LookOut.Administrator.Professional.v3.4.2.Incl.Keygen-Lz0\nmadminpro.exe   
E:\SAUVEGARDE  C\Telechargements\Network_LookOut_Administrator_Professional\Network.LookOut.Administrator.Professional.v3.4.2.Incl._-Lz0\Network.LookOut.Administrator.Professional.v3.4.2.Incl.Keygen-Lz0\Lz0\keygen.exe    
E:\SAUVEGARDE  C\Telechargements\NOKIA N91\AntiVirus Mobile\Programm\S60v3.39.Programs.rar  
E:\SAUVEGARDE  C\Telechargements\NOKIA N91\Fscaller\SignSiS.zip    
E:\SAUVEGARDE  C\Telechargements\NOKIA N91\PC Cleaner Pro 10.0.0.126.2012\PC Cleaner Pro 10.0.0.126.2012.rar    
E:\SAUVEGARDE  C\Telechargements\SAVE Clé Usb\TuneUp 2008\Crack\tuneup.utilities.2008.v7.0.7986-patch.exe   
E:\SAUVEGARDE  C\Telechargements\SAVE Clé Usb\TuneUp 2008\Crack\TuneUp_Utilities_2008_v7[1].0.7986.zip    
E:\SAUVEGARDE  C\Telechargements\winamp5623_full_emusic-7plus_fr-fr\winamp5623_full_emusic-7plus_fr-fr.exe    

ClearJavaCache::
Now paste the copied text into the open notepad - press CTRL+V (or right click and choose 'paste')

Save this file to your desktop, Save this as "CFScript"

Here's how to do that:

1.Click File;
2.Click Save As... Change the directory to your desktop;
3.Change the Save as type to "All Files";
4.Type in the file name: CFScript
5.Click Save ...

CFScriptB-4.gif
  • Referring to the screenshot above, drag CFScript.txt into ComboFix.exe.
  • ComboFix may request an update; please allow it.
  • ComboFix will now run a scan on your system. It may reboot your system when it finishes. This is normal.
  • When finished, it shall produce a log for you.
  • Copy and paste the contents of the log in your next reply.
CAUTION: Do not mouse-click ComboFix's window while it is running. That may cause it to stall.

NEXT

Navigate to the following folders and remove them:

C:\Users\naguib\Desktop\Protection WIFI contre Intrusion

C:\Users\naguib\Desktop\Tutorials

E:\Logiciels importés du PC Khalid\VIDEO\TH3 Professional ???????\Wondershare Video Editor

E:\Programmes Sauvegardés\Internet\Snooper 1.37.4 + ???????

E:\Programmes Sauvegardés\Traitements AUDIO

E:\???????\Netcut


It's clear that the cracks and keygens are likely responsible for your infection.
It's illegal, but more than that, very harmful to your computer. If you have more pirated programs on your computer, I stongly urge you to remove them.


Please advise how the computer is running now and if there are any outstanding issues

Microsoft MVP - 2010, 2011, 2012, 2013, 2014, 2015


#10 Belllisarrio

Belllisarrio
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:11:43 PM

Posted 13 June 2013 - 12:09 AM

Any expensive around Mr.bleepin 'tiger, I want to once again express you my gratitude for the help you give me ... I remain yours truly!
Because I know impertinently, I think?, You have other obligations that take you to heart, what are Home or Professional.

That said, I followed your instructions exactly to the letter! ...

the result is the following two-step ... How?
I had to! ...
The first time it was held in this way:

Dragging CFScript.txt into ComboFix.exe the operation was carried out smoothly. But on reboot I got the blue screen with this warning:

"STOP: C0000139 {Entry Point Not Found}
  The Procedure entry Point RtlcopyContext Could not be located in the dynamic link library ntdll.dll "

So that I was forced to restore the MBR.
So ComboFix has not generated report.

The second time was done this way:

ComboFix is to work without problem, restart was normal. But trying to open a dialog explore appears as follows:

"C: \ Windows \ explorer.exe
   Unauthorized attempt on a registry key marked for deletion operation "

After restart everything is back to normal!

The report ComboFix is:
 
ComboFix 13-06-08.02 - naguib 13/06/2013   1:13.2.4 - x86
Microsoft Windows 7 Edition Intégrale   6.1.7601.1.1256.966.1036.18.2998.1923 [GMT 1:00]
Running from: c:\users\naguib\Desktop\ComboFix.exe
Command switches used :: c:\users\naguib\Desktop\CFScript.txt
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
(((((((((((((((((((((((((((((((((((((((   Other Deletions   )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\users\naguib\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\d2be3e6d11846430c067fc874a79f583.exe
c:\users\naguib\Downloads\DFX.Audio.Enhancer.v11.105.Keygen\DFX.Audio.Enhancer.v11.105.Keygen.Patch.DiiHTuToriaisHD\DiiHTuToriaisHD.DFX.Audio.Enhancer.v11.105.Keygen.Patch\DiiHTuToriaisHD.DFX.Audio.Enhancer.v11.105.Keygen.Patch\dfx11Setup.exe . . . . Failed to delete
c:\users\naguib\Downloads\DFX.Audio.Enhancer.v11.105.Keygen\DFX.Audio.Enhancer.v11.105.Keygen.Patch.DiiHTuToriaisHD\DiiHTuToriaisHD.DFX.Audio.Enhancer.v11.105.Keygen.Patch\DiiHTuToriaisHD.DFX.Audio.Enhancer.v11.105.Keygen.Patch\Patch\dfx v10xx patch.exe . . . . Failed to delete
c:\users\naguib\Downloads\Music\Traitements Audio 2013\MAGIX Music Maker 2013 Premium\Startimes.CoM.MAGIX.Music.Maker.2013.Premium.v19.0.5.57\MAGIX.Music.Maker.2013.Premium.v19.0Crack\Music_Maker_2013_Premium_DLV_en-II_121023_14-53_19_0_3_47.exe . . . . Failed to delete
e:\sauvegarde  c\Telechargements\Compressed\AVS All-In-One Install Package v2.1.1.75\MyEgy.CoM.AVS All-In-One Install Package v2.1.1.75.By.Rico\avs4you.all.products.activator.2012.(v1.1a)-FIXED-mpt\avs4you.all.products.activator.2012.(v1.1a)-FIXED-mpt.exe . . . . Failed to delete
.
---- Previous Run -------
.
c:\program files\DDLManager setup\MyBabylonTB.exe
c:\program files\DDLManager setup\plugin.crx
c:\program files\SmartPCFixer\patch smartpcfixer.exe
c:\program files\TuneUp Utilities 2013\patch.exe
c:\users\naguib\AppData\Roaming\IDM\DwnlData\naguib\avira_antivirus_premium_en_80\avira_antivirus_premium_en.exe
c:\users\naguib\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\d2be3e6d11846430c067fc874a79f583.exe
c:\users\naguib\Downloads\a installer apres formatage_pc samira\flash player maj\installer_windows_live_messenger_2012_French.exe
c:\users\naguib\Downloads\a installer apres formatage_pc samira\Glary Utilities Pro + Serial\Glary Utilities Pro + Serial.rar
c:\users\naguib\Downloads\a installer apres formatage_pc samira\Glary Utilities Pro + Serial\Glary Utilities Pro + Serial\Glary Utilities 2.36.0.1232.exe
c:\users\naguib\Downloads\Activator BTS 2013 DrKiller94 .rar
c:\users\naguib\Downloads\AntiVirus 2013\Avast internet security 8 ( 2015 )\avastlic Valid.rar.exe
c:\users\naguib\Downloads\DFX Audio Enhancer 10.137 Full\dfx10Setup.exe
c:\users\naguib\Downloads\DFX.Audio.Enhancer.v11.105.Keygen\DFX.Audio.Enhancer.v11.105.Keygen.Patch.DiiHTuToriaisHD.rar
c:\users\naguib\Downloads\DFX.Audio.Enhancer.v11.105.Keygen\DFX.Audio.Enhancer.v11.105.Keygen.Patch.DiiHTuToriaisHD\DiiHTuToriaisHD.DFX.Audio.Enhancer.v11.105.Keygen.Patch\DiiHTuToriaisHD.DFX.Audio.Enhancer.v11.105.Keygen.Patch.rar
c:\users\naguib\Downloads\Extreme Copy 2.3.0 PRO\ExtremeCopy 2.3.0 PRO\Setup_ExtremeCopy-2.3.0-pro-32bits.exe
c:\users\naguib\Downloads\FreemakeVideoConverter_4.0.1.4.exe
c:\users\naguib\Downloads\Music\Traitements Audio 2013\GOLDWAV\goldwave 5.25\goldwave 5.25.rar
c:\users\naguib\Downloads\Music\Traitements Audio 2013\GOLDWAV\GoldWave v5.55 +Crack\GoldWave v5.55 +Crack.rar
c:\users\naguib\Downloads\Music\Traitements Audio 2013\GOLDWAV\GoldWave v5.55 +Crack\GoldWave v5.55 +Crack\crack\keygen.exe
c:\users\naguib\Downloads\Music\Traitements Audio 2013\MAGIX Audio Cleaning Lab 2013 19.0.0.10 English\Audio_Cleaning_Lab_2013_DLV_en-II_121001_10-52_19_0_0_10.exe
c:\users\naguib\Downloads\Music\Traitements Audio 2013\Quick Media Converter\Install-Hd-4-5-0-5.EXE
c:\users\naguib\Downloads\Music\Traitements Audio 2013\Quick Media Converter\Install-Hd-4-5-0-5.zip
c:\users\naguib\Downloads\Programs\AlienwareSkinPackX86_downloader_by_SkinPack.exe
c:\users\naguib\Downloads\Programs\FreemakeVideoConverter_3.1.2.0.exe
c:\users\naguib\Downloads\Programs\SmartPCFixer+serial\spcfi\spcfi.rar
c:\users\naguib\Downloads\Programs\SmartPCFixer+serial\spcfi\spcfi\patch smartpcfixer.exe
c:\users\naguib\Downloads\Programs\TuneUp Utilities 2013\TuneUp Utilities 2013 By Tutoriel pour tous !\TuneUp Utilities 2013 By Tutoriel pour tous !.rar
c:\users\naguib\Downloads\Programs\TuneUp Utilities 2013\TuneUp Utilities 2013 By Tutoriel pour tous !\TuneUp Utilities 2013 By Tutoriel pour tous !\Patch\Patch.exe
c:\users\naguib\Downloads\Programs\TuneUp Utilities 2013\TuneUpUtilities2013_en-GB\TuneUpUtilities2013_en-GB.rar
c:\users\naguib\Downloads\Programs\TuneUp Utilities 2013\TuneUpUtilities2013_en-GB\TuneUpUtilities2013_Full\Patch\patch.exe
e:\hide ip easy+serial\2.9.AutoHideIP.5.1.0.8.zip
e:\hide ip easy+serial\hide ip easy 5.1.8.2 incl patch-s.h.w.z.rar
e:\hide ip easy+serial\Hide IP Easy v5.0.8.8.rar
e:\hp support assistant\M2D.hp.pavilion.g6.ENG.A.ELshayeb.rar.exe
e:\sauvegarde  c\Telechargements\Compressed\AVS All-In-One Install Package v2.1.1.75\avs4you.all.products.activator.rar
e:\sauvegarde  c\Telechargements\Compressed\D F X\DFX Audio Enhancer V9.12.0.0\DFX Audio Enhancer V9.12.0.0 All Products Full.rar
e:\sauvegarde  c\Telechargements\Compressed\Verrouiller votre PC avec votre visage\Banana_Screen.rar
e:\sauvegarde  c\Telechargements\Network_LookOut_Administrator_Professional\Network LookOut Administrator Professional 2.6.2\nmadmipro.rar
e:\sauvegarde  c\Telechargements\Network_LookOut_Administrator_Professional\Network.LookOut.Administrator.Professional.v3.4.2.Incl._-Lz0\Network.LookOut.Administrator.Professional.v3.4.2.Incl._-Lz0.rar
e:\sauvegarde  c\Telechargements\Network_LookOut_Administrator_Professional\Network.LookOut.Administrator.Professional.v3.4.2.Incl._-Lz0\Network.LookOut.Administrator.Professional.v3.4.2.Incl.Keygen-Lz0\Linezer0.part1.rar
e:\sauvegarde  c\Telechargements\Network_LookOut_Administrator_Professional\Network.LookOut.Administrator.Professional.v3.4.2.Incl._-Lz0\Network.LookOut.Administrator.Professional.v3.4.2.Incl.Keygen-Lz0\Lz0\keygen.exe
e:\sauvegarde  c\Telechargements\Network_LookOut_Administrator_Professional\Network.LookOut.Administrator.Professional.v3.4.2.Incl._-Lz0\Network.LookOut.Administrator.Professional.v3.4.2.Incl.Keygen-Lz0\nmadminpro.exe
e:\sauvegarde  c\Telechargements\NOKIA N91\AntiVirus Mobile\Programm\S60v3.39.Programs.rar
e:\sauvegarde  c\Telechargements\NOKIA N91\Fscaller\SignSiS.zip
e:\sauvegarde  c\Telechargements\NOKIA N91\PC Cleaner Pro 10.0.0.126.2012\PC Cleaner Pro 10.0.0.126.2012.rar
e:\sauvegarde  c\Telechargements\pc_portable_siyana.rar
e:\sauvegarde  c\Telechargements\winamp5623_full_emusic-7plus_fr-fr\winamp5623_full_emusic-7plus_fr-fr.exe
e:\sauvegarde  c\Telechargements\www.movizdb.com_download as premium from RS HF UP MU DF.rar
.
.
(((((((((((((((((((((((((   Files Created from 2013-05-13 to 2013-06-13  )))))))))))))))))))))))))))))))
.
.
2013-06-13 00:17 . 2013-06-13 00:19    --------    d-----w-    c:\users\naguib\AppData\Local\temp
2013-06-13 00:17 . 2013-06-13 00:17    --------    d-----w-    c:\users\Default\AppData\Local\temp
2013-06-12 17:20 . 2013-05-14 00:49    7016152    ----a-w-    c:\programdata\Microsoft\Windows Defender\Definition Updates\{A313B7D5-5E80-4604-93A3-B851595E9A21}\mpengine.dll
2013-06-11 20:25 . 2013-06-11 20:25    --------    d-----w-    c:\users\naguib\AppData\Roaming\Malwarebytes
2013-06-11 20:24 . 2013-06-11 20:24    --------    d-----w-    c:\programdata\Malwarebytes
2013-06-11 20:24 . 2013-06-11 20:24    --------    d-----w-    c:\program files\Malwarebytes' Anti-Malware
2013-06-11 20:24 . 2013-04-04 13:50    22856    ----a-w-    c:\windows\system32\drivers\mbam.sys
2013-06-11 20:04 . 2013-06-11 20:04    --------    d-----w-    c:\windows\ERUNT
2013-06-11 20:04 . 2013-06-12 06:08    --------    d-----w-    C:\JRT
2013-06-11 19:42 . 2013-06-11 19:42    --------    d-----w-    c:\program files\DFX
2013-06-11 19:42 . 2013-06-11 19:42    --------    d-----w-    c:\program files\Common Files\DFX
2013-06-10 19:34 . 2013-06-11 21:09    4669    ----a-w-    c:\windows\system32\.tmp
2013-06-10 19:31 . 2013-06-10 19:31    --------    d-----w-    c:\users\naguib\AppData\Local\DFX
2013-06-10 19:31 . 2013-06-10 19:31    --------    d-----w-    c:\programdata\DFX
2013-06-10 19:29 . 2013-06-10 19:29    --------    d-----w-    c:\users\Invité
2013-06-10 19:29 . 2013-06-10 19:29    --------    d-----w-    c:\users\HomeGroupUser$
2013-06-10 19:29 . 2013-06-10 19:29    --------    d-----w-    c:\users\Administrateur
2013-06-08 19:28 . 2013-06-08 19:28    --------    d-----w-    C:\FRST
2013-06-01 10:36 . 2013-06-01 10:36    --------    d-----w-    c:\users\naguib\AppData\Local\Thinstall
2013-05-30 18:39 . 2012-12-07 10:46    45568    ----a-w-    c:\windows\system32\oflc-nz.rs
2013-05-30 18:39 . 2012-12-07 10:46    43520    ----a-w-    c:\windows\system32\csrr.rs
2013-05-30 18:39 . 2012-12-07 10:46    44544    ----a-w-    c:\windows\system32\pegibbfc.rs
2013-05-30 18:39 . 2012-12-07 10:46    46592    ----a-w-    c:\windows\system32\fpb.rs
2013-05-30 18:39 . 2012-12-07 10:46    40960    ----a-w-    c:\windows\system32\cob-au.rs
2013-05-30 18:39 . 2012-12-07 10:46    15360    ----a-w-    c:\windows\system32\djctq.rs
2013-05-30 18:39 . 2012-12-07 12:20    2576384    ----a-w-    c:\windows\system32\gameux.dll
2013-05-30 18:39 . 2012-12-07 10:46    30720    ----a-w-    c:\windows\system32\usk.rs
2013-05-30 18:39 . 2012-12-07 10:46    20480    ----a-w-    c:\windows\system32\pegi-pt.rs
2013-05-30 18:39 . 2012-12-07 10:46    20480    ----a-w-    c:\windows\system32\pegi.rs
2013-05-30 18:39 . 2012-12-07 10:46    21504    ----a-w-    c:\windows\system32\grb.rs
2013-05-30 18:39 . 2012-12-07 12:26    308736    ----a-w-    c:\windows\system32\Wpc.dll
2013-05-30 18:38 . 2012-12-07 10:46    20480    ----a-w-    c:\windows\system32\pegi-fi.rs
2013-05-30 18:38 . 2012-12-07 10:46    51712    ----a-w-    c:\windows\system32\esrb.rs
2013-05-30 18:38 . 2012-12-07 10:46    23552    ----a-w-    c:\windows\system32\oflc.rs
2013-05-30 18:38 . 2012-12-07 10:46    55296    ----a-w-    c:\windows\system32\cero.rs
2013-05-30 16:32 . 2013-05-09 08:58    229648    ----a-w-    c:\windows\system32\aswBoot.exe
2013-05-30 15:41 . 2013-05-30 16:26    --------    d-----w-    c:\programdata\Spybot - Search & Destroy
2013-05-30 13:47 . 2013-05-30 13:47    --------    d-----w-    c:\programdata\StarApp
2013-05-29 20:31 . 2012-04-10 08:30    26624    ----a-w-    c:\windows\system32\drivers\tap0901.sys
2013-05-29 20:30 . 2013-05-29 20:30    --------    d-----w-    c:\program files\Microsoft Silverlight
2013-05-29 20:16 . 2013-05-29 20:16    --------    d-----w-    c:\program files\NirSoft
2013-05-29 20:13 . 2012-07-26 03:39    47720    ----a-w-    c:\windows\system32\drivers\WdfLdr.sys
2013-05-29 20:13 . 2012-07-26 03:39    526952    ----a-w-    c:\windows\system32\drivers\Wdf01000.sys
2013-05-29 20:13 . 2012-07-26 02:46    9728    ----a-w-    c:\windows\system32\Wdfres.dll
2013-05-29 20:12 . 2012-07-26 02:33    66560    ----a-w-    c:\windows\system32\drivers\WUDFPf.sys
2013-05-29 20:12 . 2012-07-26 02:32    155136    ----a-w-    c:\windows\system32\drivers\WUDFRd.sys
2013-05-29 20:12 . 2012-07-26 03:20    73216    ----a-w-    c:\windows\system32\WUDFSvc.dll
2013-05-29 20:12 . 2012-07-26 03:20    172032    ----a-w-    c:\windows\system32\WUDFPlatform.dll
2013-05-29 20:12 . 2012-07-26 03:21    196608    ----a-w-    c:\windows\system32\WUDFHost.exe
2013-05-29 20:12 . 2012-07-26 03:20    38912    ----a-w-    c:\windows\system32\WUDFCoinstaller.dll
2013-05-29 20:12 . 2012-07-26 03:20    613888    ----a-w-    c:\windows\system32\WUDFx.dll
2013-05-29 20:00 . 2012-08-21 20:12    245760    ----a-w-    c:\windows\system32\OxpsConverter.exe
2013-05-29 19:58 . 2011-03-11 05:33    1699328    ----a-w-    c:\windows\system32\esent.dll
2013-05-29 19:58 . 2011-03-11 05:39    148864    ----a-w-    c:\windows\system32\drivers\storport.sys
2013-05-29 19:58 . 2011-03-11 05:39    143744    ----a-w-    c:\windows\system32\drivers\nvstor.sys
2013-05-29 19:58 . 2011-03-11 05:39    117120    ----a-w-    c:\windows\system32\drivers\nvraid.sys
2013-05-29 19:58 . 2011-03-11 05:38    332160    ----a-w-    c:\windows\system32\drivers\iaStorV.sys
2013-05-29 19:58 . 2011-03-11 05:38    80256    ----a-w-    c:\windows\system32\drivers\amdsata.sys
2013-05-29 19:58 . 2011-03-11 05:38    22400    ----a-w-    c:\windows\system32\drivers\amdxata.sys
2013-05-29 19:58 . 2011-03-11 05:31    74240    ----a-w-    c:\windows\system32\fsutil.exe
2013-05-29 19:57 . 2012-05-05 07:46    400896    ----a-w-    c:\windows\system32\srcore.dll
2013-05-29 19:57 . 2012-02-11 05:37    317440    ----a-w-    c:\windows\system32\spoolsv.exe
2013-05-29 19:57 . 2012-04-07 11:26    2342400    ----a-w-    c:\windows\system32\msi.dll
2013-05-29 19:56 . 2012-08-22 17:16    712048    ----a-w-    c:\windows\system32\drivers\ndis.sys
2013-05-29 19:56 . 2012-07-04 19:45    33280    ----a-w-    c:\windows\system32\drivers\RNDISMP.sys
2013-05-29 19:56 . 2011-12-30 05:27    478720    ----a-w-    c:\windows\system32\timedate.cpl
2013-05-29 19:52 . 2012-10-09 17:40    44032    ----a-w-    c:\windows\system32\dhcpcsvc6.dll
2013-05-29 19:52 . 2012-10-09 17:40    193536    ----a-w-    c:\windows\system32\dhcpcore6.dll
2013-05-29 19:40 . 2013-05-29 19:40    --------    d-----w-    c:\users\naguib\AppData\Roaming\ExtremeCopy
2013-05-29 19:34 . 2013-05-29 19:34    --------    d-----w-    c:\program files\Easersoft
2013-05-29 18:51 . 2013-05-29 18:51    --------    d-----w-    c:\programdata\BDLogging
2013-05-29 18:51 . 2009-07-14 13:27    1461992    ----a-w-    c:\windows\system32\WdfCoInstaller01009.dll
2013-05-29 18:51 . 2007-04-11 10:11    511328    ----a-w-    c:\windows\capicom.dll
2013-05-29 18:49 . 2013-05-29 18:49    --------    d-----w-    c:\users\naguib\AppData\Roaming\QuickScan
2013-05-28 20:13 . 2013-05-28 20:13    --------    d-----w-    c:\users\naguib\AppData\Roaming\IObit
2013-05-28 18:59 . 2013-05-28 18:59    --------    d-----w-    c:\programdata\RoboForm
2013-05-28 18:57 . 2013-05-28 18:57    --------    d-----w-    c:\program files\Siber Systems
2013-05-28 18:54 . 2013-06-13 00:06    --------    d-----w-    c:\users\naguib\AppData\Roaming\vlc
2013-05-28 18:52 . 2013-05-28 18:52    --------    d-----w-    c:\program files\VideoLAN
2013-05-27 18:07 . 2013-05-27 18:07    9728    ---ha-w-    c:\windows\system32\api-ms-win-downlevel-shlwapi-l1-1-0.dll
2013-05-23 18:42 . 2012-12-07 09:30    21344    ----a-w-    c:\windows\system32\authuitu.dll
2013-05-23 18:42 . 2013-06-13 08:06    --------    d-----w-    c:\program files\TuneUp Utilities 2013
2013-05-23 18:40 . 2013-05-23 18:53    --------    d-sh--w-    c:\programdata\{C4ABDBC8-1C81-42C9-BFFC-4A68511E9E4F}
2013-05-18 19:15 . 2013-05-18 19:15    --------    d-----w-    c:\program files\Qualcomm Atheros
2013-05-18 19:14 . 2012-11-22 19:46    3081216    ----a-w-    c:\windows\system32\drivers\athr.sys
2013-05-18 19:14 . 2012-11-22 19:46    3081216    ----a-w-    c:\windows\system32\athr.sys
2013-05-17 18:02 . 2013-05-17 18:02    --------    d-----w-    c:\users\naguib\AppData\Roaming\GlarySoft
2013-05-17 17:18 . 2013-05-17 19:03    --------    d-----w-    c:\users\naguib\AppData\Roaming\TeraCopy
2013-05-16 06:00 . 2013-02-27 05:05    101720    ----a-w-    c:\windows\system32\consent.exe
2013-05-16 06:00 . 2013-02-27 04:49    47104    ----a-w-    c:\windows\system32\appinfo.dll
2013-05-16 05:59 . 2013-04-10 03:14    2347520    ----a-w-    c:\windows\system32\win32k.sys
2013-05-16 05:54 . 2013-04-10 05:18    728424    ----a-w-    c:\windows\system32\drivers\dxgkrnl.sys
2013-05-16 05:54 . 2013-04-10 05:18    218984    ----a-w-    c:\windows\system32\drivers\dxgmms1.sys
2013-05-15 19:17 . 2013-06-04 19:34    --------    d-----w-    c:\programdata\ma-config.com
2013-05-15 19:17 . 2013-06-04 19:34    --------    d-----w-    c:\program files\ma-config.com
2013-05-15 02:39 . 2013-05-15 02:39    --------    d-----w-    c:\users\naguib\AppData\Local\ESET
2013-05-14 13:35 . 2013-05-15 02:18    --------    d-----w-    c:\users\naguib\AppData\Roaming\Mipony
.
.
.
((((((((((((((((((((((((((((((((((((((((   Find3M Report   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2013-06-12 22:43 . 2012-11-26 21:39    71048    ----a-w-    c:\windows\system32\FlashPlayerCPLApp.cpl
2013-06-12 22:43 . 2012-11-26 21:39    692104    ----a-w-    c:\windows\system32\FlashPlayerApp.exe
2013-05-31 03:17 . 2012-11-28 21:07    508904    ----a-w-    c:\windows\system32\winload.exe
2013-05-31 03:17 . 2012-11-28 21:07    442720    ----a-w-    c:\windows\system32\winresume.exe
2013-05-30 17:58 . 2012-11-28 21:07    2755072    ----a-w-    c:\windows\system32\themeui.dll
2013-05-30 17:58 . 2009-07-13 23:39    37376    ----a-w-    c:\windows\system32\themeservice.dll
2013-05-30 17:58 . 2009-07-13 23:40    249856    ----a-w-    c:\windows\system32\uxtheme.dll
2013-05-29 19:12 . 2013-05-29 19:12    486536    ----a-w-    c:\windows\system32\drivers\avckf.sys.upd
2013-05-29 19:11 . 2013-05-29 19:11    343456    ----a-w-    c:\windows\system32\drivers\trufos.sys.upd
2013-05-29 18:58 . 2013-05-29 18:58    72704    ----a-w-    c:\windows\system32\drivers\bdvedisk.sys.upd
2013-05-29 18:58 . 2013-05-29 18:58    66392    ----a-w-    c:\windows\system32\drivers\bdsandbox.sys.upd
2013-05-29 18:58 . 2013-05-29 18:58    633344    ----a-w-    c:\windows\system32\drivers\avc3.sys.upd
2013-05-29 18:57 . 2013-05-29 18:57    242504    ----a-w-    c:\windows\system32\drivers\avchv.sys.upd
2013-05-29 18:56 . 2013-05-29 18:56    162976    ----a-w-    c:\windows\system32\drivers\gzflt.sys.upd
2013-05-23 04:08 . 2012-11-28 21:07    508904    ----a-w-    c:\windows\system32\winload~5.exe
2013-05-23 04:08 . 2012-11-28 21:07    442720    ----a-w-    c:\windows\system32\winresume~5.exe
2013-05-02 01:06 . 2012-11-26 00:01    238872    ------w-    c:\windows\system32\MpSigStub.exe
2013-04-13 04:45 . 2013-05-29 20:01    474624    ----a-w-    c:\windows\apppatch\AcSpecfc.dll
2013-04-13 04:45 . 2013-05-29 20:01    2176512    ----a-w-    c:\windows\apppatch\AcGenral.dll
2013-04-12 13:45 . 2013-05-09 17:06    1211752    ----a-w-    c:\windows\system32\drivers\ntfs.sys
2013-03-19 05:04 . 2013-05-09 17:07    3968856    ----a-w-    c:\windows\system32\ntkrnlpa.exe
2013-03-19 05:04 . 2013-05-09 17:07    3913560    ----a-w-    c:\windows\system32\ntoskrnl.exe
2013-03-19 04:48 . 2013-05-09 17:07    38912    ----a-w-    c:\windows\system32\csrsrv.dll
2013-03-19 02:49 . 2013-05-09 17:07    69632    ----a-w-    c:\windows\system32\smss.exe
2013-05-11 17:45 . 2012-11-26 20:43    263064    ----a-w-    c:\program files\mozilla firefox\components\browsercomps.dll
.
.
------- Sigcheck -------
Note: Unsigned files aren't necessarily malware.
.
[7] 2011-02-26 . 255CF508D7CFB10E0794D6AC93280BD8 . 2614784 . . [6.1.7600.20910] . . c:\windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20910_none_525b5180f3f95373\explorer.exe
[7] 2011-02-26 . 2AF58D15EDC06EC6FDACCE1F19482BBF . 2614784 . . [6.1.7600.16768] . . c:\windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16768_none_51a3a583dafd0cef\explorer.exe
[7] 2011-02-26 . 0FB9C74046656D1579A64660AD67B746 . 2616320 . . [6.1.7601.21669] . . c:\windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.21669_none_54149f9ef14031fc\explorer.exe
[7] 2011-02-25 . 8B88EBBB05A0E56B7DCC708498C02B3E . 2616320 . . [6.1.7601.17567] . . c:\windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17567_none_5389023fd8245f84\explorer.exe
[-] 2010-11-20 . E925D6E353C7B308EC7BF11C95DF9864 . 4022272 . . [6.1.7600.16385] . . c:\windows\explorer.exe
[-] 2010-11-20 . E229349C564EFAD065D45FA0A8B4AD9E . 4090368 . . [6.1.7601.17514] . . c:\windows\Alienware Skin Pack\Backup\explorer.exe
[7] 2010-11-20 . 40D777B7A95E00593EB1568C68514493 . 2616320 . . [6.1.7601.17514] . . c:\windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17514_none_53bc10fdd7fe87ca\explorer.exe
[7] 2009-10-31 . C76153C7ECA00FA852BB0C193378F917 . 2614272 . . [6.1.7600.20563] . . c:\windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20563_none_52283b2af41f3691\explorer.exe
[7] 2009-10-31 . 2626FC9755BE22F805D3CFA0CE3EE727 . 2614272 . . [6.1.7600.16450] . . c:\windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16450_none_51a66d6ddafc2ed1\explorer.exe
[7] 2009-08-03 . 9FF6C4C91A3711C0A3B18F87B08B518D . 2613248 . . [6.1.7600.20500] . . c:\windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20500_none_526619d4f3f142e6\explorer.exe
[7] 2009-08-03 . B95EEB0F4E5EFBF1038A35B3351CF047 . 2613248 . . [6.1.7600.16404] . . c:\windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16404_none_51e07e31dad00878\explorer.exe
[7] 2009-07-14 . 15BC38A7492BEFE831966ADB477CF76F . 2613248 . . [6.1.7600.16385] . . c:\windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16385_none_518afd35db100430\explorer.exe
.
[7] 2013-05-27 . AAD90795E84E710543C6C7C2F7048E30 . 770608 . . [10.00.9200.16576] . . c:\windows\winsxs\x86_microsoft-windows-i..etexplorer-optional_31bf3856ad364e35_10.2.9200.16576_none_ba75e9f465d7f339\iexplore.exe
[7] 2013-01-12 . CAF61908B16842761DB356389F059B53 . 770560 . . [10.00.9200.16438] . . c:\windows\winsxs\x86_microsoft-windows-i..etexplorer-optional_31bf3856ad364e35_10.2.9200.16438_none_ba7c8b2865d3a52e\iexplore.exe
[7] 2012-11-27 . 270A1342BD5AF95CA25A586B4C2F1522 . 748704 . . [9.00.8112.16455] . . c:\windows\winsxs\x86_microsoft-windows-i..etexplorer-optional_31bf3856ad364e35_9.4.8112.16455_none_b119907bc820d278\iexplore.exe
[-] 2012-11-16 . 256F42F5A56A730C56C40F887C1797B9 . 1614368 . . [9.00.8112.16457] . . c:\windows\Alienware Skin Pack\Backup\iexplore.exe
[7] 2012-11-16 . B201AF83DF2E85323E29EB83E4046810 . 757280 . . [9.00.8112.16457] . . c:\windows\winsxs\x86_microsoft-windows-i..etexplorer-optional_31bf3856ad364e35_9.4.8112.16457_none_b11b910fc81f0526\iexplore.exe
[7] 2012-11-16 . C0BA71C1B3FB6E3DD432FF3CCAEBDC62 . 757280 . . [9.00.8112.20565] . . c:\windows\winsxs\x86_microsoft-windows-i..etexplorer-optional_31bf3856ad364e35_9.4.8112.20565_none_b1985d5ae1468e33\iexplore.exe
[7] 2012-08-24 . 4ADB84297505A1627DEEA18529BF4B16 . 672872 . . [8.00.7600.17115] . . c:\windows\winsxs\x86_microsoft-windows-i..etexplorer-optional_31bf3856ad364e35_8.0.7600.17115_none_b3928e9485e2b17e\iexplore.exe
[7] 2012-08-24 . C6E8F6DB0FD7B28924D1CBC8AE03ECEE . 672872 . . [8.00.7600.21313] . . c:\windows\winsxs\x86_microsoft-windows-i..etexplorer-optional_31bf3856ad364e35_8.0.7600.21313_none_b41a2cb19f021bc1\iexplore.exe
[7] 2010-11-20 . C613E69C3B191BB02C7A191741A1D024 . 673040 . . [8.00.7601.17514] . . c:\windows\winsxs\x86_microsoft-windows-i..etexplorer-optional_31bf3856ad364e35_8.0.7601.17514_none_b5780d7c8309d95c\iexplore.exe
[7] 2009-07-14 . 2C32E3E596CFE660353753EABEFB0540 . 673048 . . [8.00.7600.16385] . . c:\windows\winsxs\x86_microsoft-windows-i..etexplorer-optional_31bf3856ad364e35_8.0.7600.16385_none_b346f9b4861b55c2\iexplore.exe
.
(((((((((((((((((((((((((((((((((((((   Reg Loading Points   ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\IDM Shell Extension]
@="{CDC95B92-E27C-4745-A8C5-64A52A78855D}"
[HKEY_CLASSES_ROOT\CLSID\{CDC95B92-E27C-4745-A8C5-64A52A78855D}]
2012-11-15 23:07    21904    ----a-w-    c:\program files\Internet Download Manager\IDMShellExt.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"LightScribe Control Panel"="c:\program files\Common Files\LightScribe\LightScribeControlPanel.exe" [2011-03-04 2736128]
"IDMan"="c:\program files\Internet Download Manager\IDMan.exe" [2013-01-24 3540416]
"RoboForm"="c:\program files\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe" [2013-05-28 109784]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2010-11-20 1174016]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"HPOSD"="c:\program files\Hewlett-Packard\HP On Screen Display\HPOSD.exe" [2011-01-27 318520]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2010-12-21 1996072]
"IAStorIcon"="c:\program files\Intel\Intel® Rapid Storage Technology\IAStorIconLaunch.exe" [2012-11-30 56128]
"autodetect"="c:\program files\Internet Haut Débit Mobile\AutoDect.exe" [2010-03-02 129360]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2012-01-10 142616]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2012-01-10 177432]
"Persistence"="c:\windows\system32\igfxpers.exe" [2012-01-10 177944]
"USB Security"="c:\program files\USB Disk Security\USBGuard.exe" [2012-07-31 658632]
"RTHDVCPL"="c:\program files\Realtek\Audio\HDA\RtkNGUI.exe" [2013-03-29 6310984]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
AlienwareDock.lnk - c:\windows\Alienware Skin Pack\AlienwareDock\AlienwareDock.exe [2006-10-3 2074360]
DFX.lnk - c:\program files\DFX\DFX.exe [2012-4-13 1060776]
Yzshadow.lnk - c:\windows\Alienware Skin Pack\YzShadow\YzShadow.exe [2009-3-21 184320]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 0 (0x0)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute    REG_MULTI_SZ       autocheck autochk *\0sdnclean.exe
.
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
"Skype"="c:\program files\Skype\Phone\Skype.exe" /minimized /regrun
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
"RemoteControl11"="c:\program files\CyberLink\PowerDVD11\PDVD11Serv.exe"
"AtherosBtStack"="c:\program files\Bluetooth Suite\BtvStack.exe"
"AthBtTray"="c:\program files\Bluetooth Suite\AthBtTray.exe"
"RTHDVCPL"=c:\program files\Realtek\Audio\HDA\RtkNGUI.exe -s
"HP Quick Launch"=c:\program files\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe
.
R3 CLHNServiceForPowerDVD;CLHNServiceForPowerDVD;c:\program files\CyberLink\PowerDVD11\Kernel\DMP\CLHNServiceForPowerDVD.exe [2011-04-20 83240]
R3 CyberLink PowerDVD 11.0 Monitor Service;CyberLink PowerDVD 11.0 Monitor Service;c:\program files\CyberLink\PowerDVD11\Common\MediaServer\CLMSMonitorService.exe [2011-03-31 70952]
R3 CyberLink PowerDVD 11.0 Service;CyberLink PowerDVD 11.0 Service;c:\program files\CyberLink\PowerDVD11\Common\MediaServer\CLMSServer.exe [2011-03-31 312616]
R3 DFX11_1;DFX Audio Enhancer 11.1;c:\windows\system32\drivers\dfx11_1.sys [2012-12-13 24424]
R3 massfilter;ZTE Mass Storage Filter Driver;c:\windows\system32\drivers\massfilter.sys [2010-03-01 9216]
R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys [2010-11-20 15872]
R3 Skype C2C Service;Skype C2C Service;c:\programdata\Skype\Toolbars\Skype C2C Service\c2c_service.exe [2012-10-02 3064000]
R3 SkypeUpdate;Skype Updater;c:\program files\Skype\Updater\Updater.exe [2012-11-09 160944]
R3 Synth3dVsc;Synth3dVsc;c:\windows\system32\drivers\synth3dvsc.sys [x]
R3 taphss6;Anchorfree HSS VPN Adapter;c:\windows\system32\DRIVERS\taphss6.sys [2012-11-15 35592]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-20 52224]
R3 tsusbhub;tsusbhub;c:\windows\system32\drivers\tsusbhub.sys [x]
R3 VGPU;VGPU;c:\windows\system32\drivers\rdvgkmd.sys [x]
R3 WatAdminSvc;Service Windows Activation Technologies;c:\windows\system32\Wat\WatAdminSvc.exe [2012-11-26 1343400]
S0 iaStorA;iaStorA;c:\windows\system32\DRIVERS\iaStorA.sys [2012-11-19 526392]
S0 iaStorF;iaStorF;c:\windows\system32\DRIVERS\iaStorF.sys [2012-11-19 25656]
S1 eamonm;eamonm;c:\windows\system32\DRIVERS\eamonm.sys [2013-02-14 171680]
S1 ehdrv;ehdrv;c:\windows\system32\DRIVERS\ehdrv.sys [2013-01-10 122240]
S2 {329F96B6-DF1E-4328-BFDA-39EA953C1312};Power Control [2012/11/26 20:58];c:\program files\CyberLink\PowerDVD11\Common\NavFilter\000.fcl [2011-04-12 09:16 77296]
S2 AERTFilters;Andrea RT Filters Service;c:\program files\Realtek\Audio\HDA\AERTSrv.exe [2009-11-17 87968]
S2 Atheros Bt&Wlan Coex Agent;Atheros Bt&Wlan Coex Agent;c:\program files\Bluetooth Suite\Ath_CoexAgent.exe [2011-05-09 146592]
S2 AtherosSvc;AtherosSvc;c:\program files\Bluetooth Suite\adminservice.exe [2011-05-09 76960]
S2 epfwwfpr;epfwwfpr;c:\windows\system32\DRIVERS\epfwwfpr.sys [2013-01-10 105760]
S2 HP Support Assistant Service;HP Support Assistant Service;c:\program files\Hewlett-Packard\HP Support Framework\hpsa_service.exe [2012-09-27 86528]
S2 HPWMISVC;HPWMISVC;c:\program files\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe [2011-07-11 26680]
S2 IAStorDataMgrSvc;Technologie de stockage Intel® Rapid;c:\program files\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe [2012-11-19 14904]
S2 IconMan_R;IconMan_R;c:\program files\Realtek\Realtek PCIE Card Reader\RIconMan.exe [2012-07-24 1822352]
S2 IDMWFP;IDMWFP;c:\windows\system32\DRIVERS\idmwfp.sys [2012-11-22 100216]
S2 MaConfigAgent;Ma-Config Agent;c:\program files\ma-config.com\MaConfigAgent.exe [2013-05-15 755536]
S2 MBAMScheduler;MBAMScheduler;c:\program files\Malwarebytes' Anti-Malware\mbamscheduler.exe [2013-04-04 418376]
S2 MBAMService;MBAMService;c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [2013-04-04 701512]
S2 ntk_PowerDVD;ntk_PowerDVD;c:\program files\CyberLink\PowerDVD11\Kernel\DMP\ntk_PowerDVD.sys [2011-04-20 71664]
S2 RtkAudioService;Realtek Audio Service;c:\program files\Realtek\Audio\HDA\RtkAudioService.exe [2013-02-19 203848]
S2 TuneUp.UtilitiesSvc;TuneUp Utilities Service;c:\program files\TuneUp Utilities 2013\TuneUpUtilitiesService32.exe [2012-12-07 1723744]
S3 AthBTPort;Atheros Virtual Bluetooth Class;c:\windows\system32\DRIVERS\btath_flt.sys [2011-05-09 34976]
S3 BTATH_A2DP;Bluetooth A2DP Audio Driver;c:\windows\system32\drivers\btath_a2dp.sys [2011-05-09 259232]
S3 BTATH_BUS;Atheros Bluetooth Bus;c:\windows\system32\DRIVERS\btath_bus.sys [2011-05-09 24736]
S3 BTATH_HCRP;Bluetooth HCRP Server driver;c:\windows\system32\DRIVERS\btath_hcrp.sys [2011-05-09 175776]
S3 BTATH_LWFLT;Bluetooth LWFLT Device;c:\windows\system32\DRIVERS\btath_lwflt.sys [2011-05-09 49312]
S3 BTATH_RCP;Bluetooth AVRCP Device;c:\windows\system32\DRIVERS\btath_rcp.sys [2011-05-09 141088]
S3 BtFilter;BtFilter;c:\windows\system32\DRIVERS\btfilter.sys [2011-05-09 243872]
S3 clwvd;CyberLink WebCam Virtual Driver;c:\windows\system32\DRIVERS\clwvd.sys [2010-07-28 27632]
S3 IntcDAud;Son Intel® pour écrans;c:\windows\system32\DRIVERS\IntcDAud.sys [2011-08-23 270336]
S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2013-04-04 22856]
S3 RSPCIESTOR;Realtek PCIE CardReader Driver;c:\windows\system32\DRIVERS\RtsPStor.sys [2012-08-03 254608]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt86win7.sys [2011-03-05 348776]
S3 TuneUpUtilitiesDrv;TuneUpUtilitiesDrv;c:\program files\TuneUp Utilities 2013\TuneUpUtilitiesDriver32.sys [2012-11-16 10088]
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]
2011-03-04 12:29    451872    ----a-w-    c:\program files\Common Files\LightScribe\LSRunOnce.exe
.
Contents of the 'Scheduled Tasks' folder
.
2013-06-12 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-11-26 22:43]
.
2013-01-13 c:\windows\Tasks\TuneUpUtilities_Task_BkGndMaintenance2013.job
- c:\program files\TuneUp Utilities 2013\OneClick.exe [2012-12-07 09:27]
.
2013-04-13 c:\windows\Tasks\{DD552472-A185-4a0c-AC58-90AA40E9E26A}.job
- c:\windows\explorer.exe [2012-12-14 12:17]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.yandex.ru/?win=56&clid=1975308
uDefault_Search_URL = hxxp://www.google.com
mSearch Bar = hxxp://www.google.com
IE: ???????? ?? ????????? ??????? DM
IE: ???????? ??? ??? ?????? Download Master
IE: ???????? ??? ?????? Download Master
IE: Barre RoboForm - file://c:\program files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html
IE: Enregistrer les formulaires - file://c:\program files\Siber Systems\AI RoboForm\RoboFormComSavePass.html
IE: Personnaliser le menu - file://c:\program files\Siber Systems\AI RoboForm\RoboFormComCustomizeIEMenu.html
IE: Remplir les formulaires - file://c:\program files\Siber Systems\AI RoboForm\RoboFormComFillForms.html
IE: Télécharger avec IDM - c:\program files\Internet Download Manager\IEExt.htm
IE: Télécharger avec Mipony - file://c:\program files\MiPony\Browser\IEContext.htm
IE: Télécharger tous les liens avec IDM - c:\program files\Internet Download Manager\IEGetAll.htm
IE: ???????? ??? ??? ?????? Download Master
IE: ???????? ??? ?????? Download Master
IE: ???????? ?? ????????? ??????? DM
IE: اàêà÷àٍü ïًè ïîىîùè Download Master - c:\program files\Download Master\dmie.htm
IE: اàêà÷àٍü آرإ ïًè ïîىîùè Download Master - c:\program files\Download Master\dmieall.htm
IE: دهًهنàٍü يà َنàëهييَ‏ çàêà÷êَ DM - c:\program files\Download Master\remdown.htm
TCP: Interfaces\{C15B05D4-A766-4DAB-85E9-E78D8B4261C4}: NameServer = 208.67.222.222,208.67.220.220
TCP: Interfaces\{C15B05D4-A766-4DAB-85E9-E78D8B4261C4}\4586F6D637F6E6635473342403: NameServer = 208.67.222.222,208.67.220.220
FF - ProfilePath - c:\users\naguib\AppData\Roaming\Mozilla\Firefox\Profiles\3t9rxmw2.default-1368471228886\
FF - prefs.js: browser.startup.homepage - hxxp://www.google.fr/
FF - ExtSQL: 2013-05-28 19:59; {22119944-ED35-4ab1-910B-E619EA06A115}; c:\program files\Siber Systems\AI RoboForm\Firefox
.
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\{329F96B6-DF1E-4328-BFDA-39EA953C1312}]
"ImagePath"="\??\c:\program files\CyberLink\PowerDVD11\Common\NavFilter\000.fcl"
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\S-1-5-21-3020206579-2667662715-2659810040-1000_Classes\CLSID\{7B8E9164-324D-4A2E-A46D-0165FB2000EC}]
@Denied: (Full) (Everyone)
"scansk"=hex(0):c9,b3,28,77,17,d4,55,91,cc,c0,b2,db,d8,83,6e,d4,44,1e,f5,2e,ba,
   17,17,94,0e,2d,fa,48,1d,39,49,ef,ef,fc,f5,a7,82,c3,e5,b3,00,00,00,00,00,00,\
.
[HKEY_USERS\S-1-5-21-3020206579-2667662715-2659810040-1000_Classes\CLSID\{8673286b-f200-49a2-81b3-c3aec72d66bc}]
@Denied: (Full) (Everyone)
@Allowed: (Read) (RestrictedCode)
"Model"=dword:0000007a
"Therad"=dword:00000015
"MData"=hex(0):73,d5,cf,b8,a4,07,89,80,31,e4,35,6b,2a,ca,fe,43,b6,1f,81,1f,5a,
   1b,4d,36,46,8f,3c,f2,5c,68,ee,21,46,8f,3c,f2,5c,68,ee,21,46,8f,3c,f2,5c,68,\
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil32_11_7_700_202_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil32_11_7_700_202_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'Explorer.exe'(2348)
c:\windows\Alienware Skin Pack\YzShadow\YzShadow.dll
c:\windows\Alienware Skin Pack\AlienwareDock\DockShellHookOEM.dll
c:\program files\Bluetooth Suite\AthCopyHook.dll
.
------------------------ Other Running Processes ------------------------
.
c:\program files\Realtek\Audio\HDA\RtHDVBg.exe
c:\windows\system32\WLANExt.exe
c:\windows\system32\conhost.exe
c:\program files\Common Files\LightScribe\LSSrvc.exe
c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe
c:\windows\system32\conhost.exe
c:\program files\TuneUp Utilities 2013\TuneUpUtilitiesApp32.exe
c:\program files\Synaptics\SynTP\SynTPHelper.exe
c:\windows\system32\DllHost.exe
c:\program files\DFX\Universal\Apps\DfxSharedApp32.exe
c:\program files\DFX\Universal\Apps\dfxItunesSong.exe
c:\program files\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe
c:\windows\system32\sppsvc.exe
.
**************************************************************************
.
Completion time: 2013-06-13  01:23:58 - machine was rebooted
ComboFix-quarantined-files.txt  2013-06-13 00:23
ComboFix2.txt  2013-06-09 19:36
.
Pre-Run: 22 245 105 664 octets libres
Post-Run: 21 806 903 296 octets libres
.
- - End Of File - - AFA14F78BDD0C689F49D7D24B45052C3
A36C5E4F47E84449FF07ED3517B43A31

My respects.
 

Edited by Belllisarrio, 13 June 2013 - 12:12 AM.


#11 CatByte

CatByte

    bleepin' tiger


  • Malware Response Team
  • 14,664 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Location:Canada
  • Local time:06:43 PM

Posted 13 June 2013 - 07:52 AM

that was a strange hiccup, but it appears to look good now.

How is the computer running now, are there any outstanding issues?

Microsoft MVP - 2010, 2011, 2012, 2013, 2014, 2015


#12 Belllisarrio

Belllisarrio
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:11:43 PM

Posted 13 June 2013 - 09:53 PM

It's very kind of you Mr. tiger
The problem is solved!
In fact, the initial problem was:
    "Windows reports that the operation of the device" NetGroup Packet Filter Driver "does not conform"

One last question mark how the problem is solved?

A big thank you to hear from you...!



#13 CatByte

CatByte

    bleepin' tiger


  • Malware Response Team
  • 14,664 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Location:Canada
  • Local time:06:43 PM

Posted 14 June 2013 - 06:09 AM

We just have some housekeeping to do now,

Please do the following:


You can delete the FRST and JRT logs and programs from your desktop.


NEXT


Follow these steps to uninstall Combofix
  • Make sure your security programs are totally disabled.
  • Press the WinKey +R to open a run box
  • Now copy/paste Combofix /uninstall into the runbox and click OK. Note the space between the ..X and the /U, it needs to be there.
Combofix_uninstall_image.jpg


NEXT
  • Double click on adwcleaner.exe to run the tool.
  • Click on Uninstall.
  • Confirm with yes.
If there are any logs/tools remaining on your desktop > right click and delete them.


NEXT


Below I have included a number of recommendations for how to protect your computer against malware infections.
  • It is good security practice to change your passwords to all your online accounts on a fairly regular basis, this is especially true after an infection. Refer to this Microsoft article
    Strong passwords: How to create and use them
    Then consider a password keeper, to keep all your passwords safe. KeePass is a small utility that allows you to manage all your passwords.
  • Keep Windows updated by regularly checking their website at :
    http://windowsupdate.microsoft.com/
    This will ensure your computer has always the latest security updates available installed on your computer.
  • Make Internet Explorer more secure
    • Click Start > Run
    • Type Inetcpl.cpl & click OK
    • Click on the Security tab
    • Click Reset all zones to default level
    • Make sure the Internet Zone is selected & Click Custom level
    • In the ActiveX section, set the first two options ("Download signed and unsigned ActiveX controls) to "Prompt", and ("Initialize and Script ActiveX controls not marked as safe") to "Disable".
    • Next Click OK, then Apply button and then OK to exit the Internet Properties page.
  • Download TFC to your desktop
    • Close any open windows.
    • Double click the TFC icon to run the program
    • TFC will close all open programs itself in order to run,
    • Click the Start button to begin the process.
    • Allow TFC to run uninterrupted.
    • The program should not take long to finish it's job
    • Once its finished it should automatically reboot your machine,
    • if it doesn't, manually reboot to ensure a complete clean
    It's normal after running TFC cleaner that the PC will be slower to boot the first time.
  • WOT, Web of Trust, warns you about risky websites that try to scam visitors, deliver malware or send spam. Protect your computer against online threats by using WOT as your front-line layer of protection when browsing or searching in unfamiliar territory. WOT's color-coded icons show you ratings for 21 million websites, helping you avoid the dangerous sites:
    • Green to go
    • Yellow for caution
    • Red to stop
    WOT has an addon available for both Firefox and IE
  • Keep a backup of your important files - Now, more than ever, it's especially important to protect your digital files and memories. This article is full of good information on alternatives for home backup solutions.
  • In light of your recent issue, I'm sure you'd like to avoid any future infections. Please take a look at these well written articles:
    %5BB%5DPC Safety and Security--What Do I Need?.[/b]
  • Simple and easy ways to keep your computer safe and secure on the Internet
Thank you for your patience, and performing all of the procedures requested.

Please respond one last time so we can consider the thread resolved and close it, thank-you.

Microsoft MVP - 2010, 2011, 2012, 2013, 2014, 2015


#14 Belllisarrio

Belllisarrio
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:11:43 PM

Posted 16 June 2013 - 01:08 PM

Dear Mr. tiger

First of all, I must apologize for the delay due to unforeseen impediment !
It goes without saying that I performed your last instructions without hooked, and I have to admit that everything is back in order,
My PC runs flawlessly.

Now, I agree to follow your recommendation and advice...!
In conclusion, I reiterate my warmest thanks.

Your Devoted Belllisario.



#15 CatByte

CatByte

    bleepin' tiger


  • Malware Response Team
  • 14,664 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Location:Canada
  • Local time:06:43 PM

Posted 16 June 2013 - 02:29 PM

That's good to hear, I'm glad this got resolved.

stay safe :hello:

~CB

Microsoft MVP - 2010, 2011, 2012, 2013, 2014, 2015





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users