Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Win64/Sathurbot.A


  • This topic is locked This topic is locked
3 replies to this topic

#1 leonquatre

leonquatre

  • Members
  • 1 posts
  • OFFLINE
  •  
  • Local time:03:04 AM

Posted 02 December 2014 - 07:56 AM

Hello,

 

Everytime my computer boots up I get a message from ESET SMART SECURITY telling me "iconscachehelper.dll" is a variant of Win64/Sathurbot.A and it has been quarantined. I usually delete it from quarantine but even if I dont, the message will show again on the next reboot.

Another problem (perhaps the same), I also get a frequent warning saying a connection to http://prosharereactor.in/ has been blocked.

 

Can you help me? Thanks!

regards

Leon

 

here is my dds :

 

DDS (Ver_2012-11-20.01) - NTFS_AMD64
Internet Explorer: 11.0.9600.17416  BrowserJavaVersion: 10.71.2
Run by Martial at 14:36:55 on 2014-12-02
Microsoft Windows 8.1  6.3.9600.0.1252.33.1036.18.16267.12077 [GMT 1:00]
.
AV: ESET Smart Security 7.0 *Disabled/Updated* {19259FAE-8396-A113-46DB-15B0E7DFA289}
AV: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: ESET Smart Security 7.0 *Disabled/Updated* {A2447E4A-A5AC-AE9D-7C6B-2EC29C58E834}
FW: Pare-feu personnel d'ESET *Enabled* {211E1E8B-C9F9-A04B-6D84-BC85190CE5F2}
.
============== Running Processes ===============
.
C:\WINDOWS\system32\svchost.exe -k DcomLaunch
C:\WINDOWS\system32\svchost.exe -k RPCSS
C:\WINDOWS\system32\dwm.exe
C:\WINDOWS\system32\nvvsvc.exe
C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
C:\WINDOWS\system32\nvvsvc.exe
C:\WINDOWS\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\WINDOWS\system32\svchost.exe -k netsvcs
C:\WINDOWS\system32\svchost.exe -k LocalService
C:\WINDOWS\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Program Files\DisplayLink Core Software\DisplayLinkManager.exe
C:\Program Files\DisplayLink Core Software\DisplayLinkUserAgent.exe
C:\WINDOWS\system32\svchost.exe -k NetworkService
C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\ASLDRSrv.exe
C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\GFNEXSrv.exe
C:\WINDOWS\System32\spoolsv.exe
C:\WINDOWS\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\WINDOWS\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files\ASUS\P4G\InsOnSrv.exe
C:\Program Files\ESET\ESET Smart Security\x86\ekrn.exe
C:\WINDOWS\system32\dashost.exe
C:\Program Files\Intel\iCLS Client\HeciServer.exe
C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe
C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe
C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\Program Files (x86)\TeamViewer\Version9\TeamViewer_Service.exe
C:\Program Files (x86)\AVG\AVG PC TuneUp\TuneUpUtilitiesService64.exe
C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControl.exe
C:\Program Files\ASUS\P4G\InsOnWMI.exe
C:\WINDOWS\system32\vssvc.exe
C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\KBFiltr.exe
C:\WINDOWS\system32\EscSvc64.exe
C:\Program Files\ASUS\P4G\BatteryLife.exe
C:\WINDOWS\system32\taskhostex.exe
C:\Program Files (x86)\ASUS\USBChargerPlus\USBChargerPlus.exe
C:\Program Files\ASUS\ASUS Console\ASUS Console Starter.exe
C:\Program Files (x86)\AVG\AVG PC TuneUp\TuneUpUtilitiesApp64.exe
C:\Program Files (x86)\Google\Update\1.3.25.11\GoogleCrashHandler.exe
C:\Program Files (x86)\Google\Update\1.3.25.11\GoogleCrashHandler64.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe
C:\WINDOWS\System32\alg.exe
C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
C:\WINDOWS\system32\SearchIndexer.exe
C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
C:\Windows\System32\SettingSyncHost.exe
C:\WINDOWS\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\System32\skydrive.exe
C:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe
C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe
C:\Program Files (x86)\TeamViewer\Version9\TeamViewer.exe
C:\WINDOWS\System32\svchost.exe -k LocalServicePeerNet
C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe
C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
C:\Windows\System32\spool\drivers\x64\3\WrtMon.exe
C:\Program Files\ESET\ESET Smart Security\egui.exe
C:\Windows\System32\spool\drivers\x64\3\WrtProc.exe
C:\Program Files (x86)\Internet Download Manager\IDMan.exe
C:\Program Files (x86)\TeamViewer\Version9\tv_w32.exe
C:\Program Files (x86)\TeamViewer\Version9\tv_x64.exe
C:\Program Files (x86)\Bluetooth Suite\ActivateDesktop.exe
C:\Program Files (x86)\Internet Download Manager\IDMIntegrator64.exe
C:\Program Files (x86)\Internet Download Manager\IEMonitor.exe
C:\Program Files (x86)\Mozilla Firefox\firefox.exe
C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe
C:\WINDOWS\System32\Notepad.exe
C:\Program Files (x86)\ESET\ESET Online Scanner\OnlineScannerApp.exe
C:\WINDOWS\system32\taskeng.exe
C:\Program Files\Microsoft Office\Office15\OUTLOOK.EXE
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\WINDOWS\SysWOW64\DllHost.exe
C:\WINDOWS\System32\cscript.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = www.google.com
uDefault_Page_URL = hxxp://asus13.msn.com
uProxyOverride = 127.0.0.1
mWinlogon: Userinit = userinit.exe,
BHO: IDM integration (IDMIEHlprObj Class): {0055C089-8582-441B-A0BF-17B458C2A3A8} - C:\Program Files (x86)\Internet Download Manager\IDMIECC.dll
BHO: E-Web Print: {201CF130-E29C-4E5C-A73F-CD197DEFA6AE} - C:\Program Files (x86)\Epson Software\E-Web Print\ewps_tb.dll
BHO: Lync Browser Helper: {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files (x86)\Microsoft Office\Office15\OCHelper.dll
BHO: Java™ Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll
BHO: Microsoft SkyDrive Pro Browser Helper: {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} - C:\Program Files (x86)\Microsoft Office\Office15\GROOVEEX.DLL
BHO: Java™ Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll
TB: E-Web Print: {201CF130-E29C-4E5C-A73F-CD197DEFA6AE} - C:\Program Files (x86)\Epson Software\E-Web Print\ewps_tb.dll
EB: E-Web Print: {A60C1DC7-64B3-4AD9-8E67-035D11B8B2B0} - C:\Program Files (x86)\Epson Software\E-Web Print\ewps_tb.dll
uRun: [IDMan] C:\Program Files (x86)\Internet Download Manager\IDMan.exe /onboot
uRun: [StrongVPN Client] "C:\Program Files (x86)\StrongVPN\StrongDial.exe" --silent
uRun: [Driver Manager] C:\Program Files (x86)\Driver Manager\Driver Manager\DriverManager.exe /applicationMode:systemTray /showWelcome:false
uRun: [BitTorrent] "C:\Users\Martial\AppData\Roaming\BitTorrent\BitTorrent.exe"  /MINIMIZED
uRun: [EPLTarget\P0000000000000001] C:\WINDOWS\System32\spool\DRIVERS\x64\3\E_YATIJJE.EXE /EPT "EPLTarget\P0000000000000001" /M "WF-3520 Series"
uRun: [EPLTarget\P0000000000000000] C:\WINDOWS\System32\spool\DRIVERS\x64\3\E_YATIJJE.EXE /EPT "EPLTarget\P0000000000000000" /M "WF-3520 Series" /EF "HKCU"
mRun: [ASUSPRP] "C:\Program Files (x86)\ASUS\APRP\APRP.EXE"
mRun: [ASUSWebStorage] C:\Program Files (x86)\ASUS\WebStorage Sync Agent\1.1.18.159\AsusWSPanel.exe /S
mRun: [ASUS InstantKey] C:\Program Files (x86)\ASUS\ASUS Instant Key\Ikey_start.exe
mRun: [RemoteControl10] "C:\Program Files (x86)\Cyberlink\PowerDVD10\PDVD10Serv.exe"
mRun: [BDRegion] C:\Program Files (x86)\Cyberlink\Shared files\brs.exe
mRun: [UpdatePSTShortCut] "C:\Program Files (x86)\Cyberlink\DVD Suite\MUITransfer\MUIStartMenu.exe" "C:\Program Files (x86)\Cyberlink\DVD Suite" UpdateWithCreateOnce "Software\CyberLink\PowerStarter"
mRun: [AdobeCEPServiceManager] "C:\Program Files (x86)\Common Files\Adobe\CEPServiceManager4\CEPServiceManager.exe" -launchedbylogin
mRun: [PlantronicsURE.exe] C:\Program Files (x86)\Plantronics\PlantronicsURE\PlantronicsURE.exe
mRun: [PlantronicsBatteryStatus.exe] C:\Program Files (x86)\Plantronics\PlantronicsURE\PlantronicsBatteryStatus.exe
mRun: [FUFAXRCV] "C:\Program Files (x86)\Epson Software\FAX Utility\FUFAXRCV.exe"
mRun: [FUFAXSTM] "C:\Program Files (x86)\Epson Software\FAX Utility\FUFAXSTM.exe"
mRun: [EEventManager] "C:\Program Files (x86)\Epson Software\Event Manager\EEventManager.exe"
mRun: [PMSpeed] C:\Program Files (x86)\NewSoft\Presto! PageManager 9.03\PMSpeed.EXE
mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun: [Wondershare Helper Compact.exe] C:\Program Files (x86)\Common Files\Wondershare\Wondershare Helper Compact\WSHelper.exe
mRun: [Nikon Message Center 2] C:\Program Files (x86)\Nikon\Nikon Message Center 2\NkMC2.exe -s
mRun: [TrueImageMonitor.exe] "C:\Program Files (x86)\Acronis\TrueImageHome\TrueImageMonitor.exe"
mRun: [AcronisTibMounterMonitor] C:\Program Files (x86)\Common Files\Acronis\TibMounter\TibMounterMonitor.exe
mExplorerRun: [BtvStack] "C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe"
StartupFolder: C:\Users\Martial\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\LOGITE~1.LNK - C:\Program Files (x86)\Common Files\LogiShrd\eReg\SetPoint\eReg.exe
mPolicies-System: DisableCAD = dword:1
mPolicies-Windows\System: EnableSmartScreen = dword:0
IE: &Envoyer à OneNote - C:\PROGRA~1\MICROS~1\Office15\ONBttnIE.dll/105
IE: + Offline &Explorer: Download the link - C:\Program Files (x86)\Offline Explorer Pro\Add_UrlO.htm
IE: + Offline E&xplorer: Download the current page - C:\Program Files (x86)\Offline Explorer Pro\Add_AllO.htm
IE: E&xporter vers Microsoft Excel - C:\PROGRA~1\MICROS~1\Office15\EXCEL.EXE/3000
IE: Télécharger avec IDM - C:\Program Files (x86)\Internet Download Manager\IEExt.htm
IE: Télécharger tous les liens avec Internet Download Manager - C:\Program Files (x86)\Internet Download Manager\IEGetAll.htm
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files (x86)\Microsoft Office\Office15\ONBttnIE.dll
IE: {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files (x86)\Microsoft Office\Office15\OCHelper.dll
IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files (x86)\Microsoft Office\Office15\ONBttnIELinkedNotes.dll
Trusted Zone: google-analytics.com
Trusted Zone: novastor.com
Trusted Zone: novastor.com
TCP: NameServer = 192.168.0.254
TCP: Interfaces\{B482D9C0-D628-4AEB-A186-D4948D7EDE76} : DHCPNameServer = 192.168.0.254
TCP: Interfaces\{B482D9C0-D628-4AEB-A186-D4948D7EDE76}\2426F687D2C6160247275717575647 : DHCPNameServer = 192.168.1.254
TCP: Interfaces\{B482D9C0-D628-4AEB-A186-D4948D7EDE76}\3545253575C4039393 : DHCPNameServer = 172.20.10.1
TCP: Interfaces\{B482D9C0-D628-4AEB-A186-D4948D7EDE76}\54373616C616F5255637F62747 : DHCPNameServer = 80.58.61.250 80.58.61.254
TCP: Interfaces\{B482D9C0-D628-4AEB-A186-D4948D7EDE76}\6427565626F687D2144314832483 : DHCPNameServer = 192.168.1.254
TCP: Interfaces\{B482D9C0-D628-4AEB-A186-D4948D7EDE76}\74944554 : DHCPNameServer = 212.27.40.240 212.27.40.241
TCP: Interfaces\{B482D9C0-D628-4AEB-A186-D4948D7EDE76}\D61627479616C624 : DHCPNameServer = 192.168.1.1
TCP: Interfaces\{B482D9C0-D628-4AEB-A186-D4948D7EDE76}\E4F4B4941402C457D6961602632353F563936383 : DHCPNameServer = 192.168.137.1
TCP: Interfaces\{B482D9C0-D628-4AEB-A186-D4948D7EDE76}\E4F4B4941402C457D6961602633353F583631393 : DHCPNameServer = 192.168.137.1
Filter: text/xml - {807583E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE15\MSOXMLMF.DLL
Handler: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files (x86)\Microsoft Office\Office15\MSOSB.DLL
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll
Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
AppInit_DLLs= C:\WINDOWS\SysWOW64\nvinit.dll
SSODL: WebCheck - <orphaned>
IFEO: acvt.exe - "C:\Program Files (x86)\AVG\AVG PC TuneUp\TUAutoReactivator64.exe"
IFEO: mediabuilder.exe - "C:\Program Files (x86)\AVG\AVG PC TuneUp\TUAutoReactivator64.exe"
IFEO: powerstarter.exe - "C:\Program Files (x86)\AVG\AVG PC TuneUp\TUAutoReactivator64.exe"
IFEO: systemreport.exe - "C:\Program Files (x86)\AVG\AVG PC TuneUp\TUAutoReactivator64.exe"
IFEO: trueimagelauncher.exe - "C:\Program Files (x86)\AVG\AVG PC TuneUp\TUAutoReactivator64.exe"
x64-BHO: IDM integration (IDMIEHlprObj Class): {0055C089-8582-441B-A0BF-17B458C2A3A8} - C:\Program Files (x86)\Internet Download Manager\IDMIECC64.dll
x64-BHO: Lync Browser Helper: {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files\Microsoft Office\Office15\OCHelper.dll
x64-BHO: Easy Photo Print: {9421DD08-935F-4701-A9CA-22DF90AC4EA6} - C:\Program Files (x86)\Epson Software\Easy Photo Print\EPTBL.dll
x64-BHO: Microsoft SkyDrive Pro Browser Helper: {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} - C:\Program Files\Microsoft Office\Office15\GROOVEEX.DLL
x64-TB: Easy Photo Print: {9421DD08-935F-4701-A9CA-22DF90AC4EA6} - C:\Program Files (x86)\Epson Software\Easy Photo Print\EPTBL.dll
x64-Run: [IgfxTray] "C:\WINDOWS\System32\igfxtray.exe"
x64-Run: [HotKeysCmds] "C:\WINDOWS\System32\hkcmd.exe"
x64-Run: [Persistence] "C:\WINDOWS\System32\igfxpers.exe"
x64-Run: [RTHDVCPL] "C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe" -s
x64-Run: [RtHDVBg] "C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe" /MAXX3
x64-Run: [AdobeAAMUpdater-1.0] "C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe"
x64-Run: [Logitech Download Assistant] C:\WINDOWS\System32\rundll32.exe C:\WINDOWS\System32\LogiLDA.dll,LogiFetch
x64-Run: [NvBackend] "C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe"
x64-Run: [ShadowPlay] C:\WINDOWS\System32\rundll32.exe C:\WINDOWS\System32\nvspcap64.dll,ShadowPlayOnSystemStart
x64-Run: [WrtMon.exe] C:\WINDOWS\System32\spool\drivers\x64\3\WrtMon.exe
x64-Run: [egui] "C:\Program Files\ESET\ESET Smart Security\egui.exe" /hide /waitservice
x64-Run: [Acronis Scheduler2 Service] "C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedhlp.exe"
x64-ExplorerRun: [BtvStack] "C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe"
x64-mPolicies-System: DisableCAD = dword:1
x64-IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files\Microsoft Office\Office15\ONBttnIE.dll
x64-IE: {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files\Microsoft Office\Office15\OCHelper.dll
x64-IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files\Microsoft Office\Office15\ONBttnIELinkedNotes.dll
x64-Filter: text/xml - {807583E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE15\MSOXMLMF.DLL
x64-Handler: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office\Office15\MSOSB.DLL
x64-Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - <orphaned>
x64-Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - <orphaned>
x64-Notify: igfxcui - igfxdev.dll
x64-SSODL: WebCheck - <orphaned>
x64-mASetup: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - /UserInstall
x64-mASetup: {89820200-ECBD-11cf-8B85-00AA005B4340} - U
x64-IFEO: acvt.exe - "C:\Program Files (x86)\AVG\AVG PC TuneUp\TUAutoReactivator64.exe"
x64-IFEO: mediabuilder.exe - "C:\Program Files (x86)\AVG\AVG PC TuneUp\TUAutoReactivator64.exe"
x64-IFEO: powerstarter.exe - "C:\Program Files (x86)\AVG\AVG PC TuneUp\TUAutoReactivator64.exe"
x64-IFEO: systemreport.exe - "C:\Program Files (x86)\AVG\AVG PC TuneUp\TUAutoReactivator64.exe"
x64-IFEO: trueimagelauncher.exe - "C:\Program Files (x86)\AVG\AVG PC TuneUp\TUAutoReactivator64.exe"
.
Note: multiple IFEO entries found. Please refer to Attach.txt
.
================= FIREFOX ===================
.
FF - ProfilePath - C:\Users\Martial\AppData\Roaming\Mozilla\Firefox\Profiles\hlfu52z2.default\
FF - plugin: C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL
FF - plugin: C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL
FF - plugin: C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll
FF - plugin: C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIIPT.dll
FF - plugin: C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIUpdater.dll
FF - plugin: C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\0\NP_wtapp.dll
FF - plugin: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_12_0_0_70.dll
.
============= SERVICES / DRIVERS ===============
.
R0 edevmon;edevmon;C:\WINDOWS\System32\drivers\edevmon.sys [2013-9-17 239296]
R0 epfwwfp;epfwwfp;C:\WINDOWS\System32\drivers\epfwwfp.sys [2013-9-17 62136]
R0 file_tracker;file_tracker;C:\WINDOWS\System32\drivers\file_tracker.sys [2014-11-25 296736]
R0 fltsrv;Acronis Storage Filter Management;C:\WINDOWS\System32\drivers\fltsrv.sys [2014-11-25 126752]
R0 iaStorA;iaStorA;C:\WINDOWS\System32\drivers\iaStorA.sys [2013-10-11 644968]
R0 intelpep;Pilote de plug-in du moteur d’alimentation Intel®;C:\WINDOWS\System32\drivers\intelpep.sys [2014-3-14 39768]
R0 nvpciflt;nvpciflt;C:\WINDOWS\System32\drivers\nvpciflt.sys [2014-11-19 31560]
R0 tib;Acronis TIB Manager;C:\WINDOWS\System32\drivers\tib.sys [2014-11-25 1328928]
R0 tib_mounter;Acronis TIB Mounter;C:\WINDOWS\System32\drivers\tib_mounter.sys [2014-11-25 234784]
R0 Wof;Windows Overlay File System Filter Driver;C:\WINDOWS\System32\drivers\wof.sys [2014-4-8 157016]
R1 ahcache;Application Compatibility Cache;C:\WINDOWS\System32\drivers\ahcache.sys [2013-8-22 76800]
R1 ATKWMIACPIIO;ATKWMIACPI Driver;C:\Program Files (x86)\ASUS\ATK Package\ATK WMIACPI\atkwmiacpi64.sys [2011-9-7 17536]
R1 eamonm;eamonm;C:\WINDOWS\System32\drivers\eamonm.sys [2013-9-17 239320]
R1 EpfwLWF;Epfw NDIS LightWeight Filter;C:\WINDOWS\System32\drivers\EpfwLWF.sys [2013-9-17 44120]
R1 mbamchameleon;mbamchameleon;C:\WINDOWS\System32\drivers\mbamchameleon.sys [2014-9-20 93400]
R2 ASMMAP64;ASMMAP64;C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\ASMMAP64.sys [2009-7-2 15416]
R2 ASUS InstantOn;ASUS InstantOn Service;C:\Program Files\ASUS\P4G\InsOnSrv.exe [2013-8-29 277120]
R2 DisplayLinkService;DisplayLinkManager;C:\Program Files\DisplayLink Core Software\DisplayLinkManager.exe [2014-8-27 10570032]
R2 ekrn;ESET Service;C:\Program Files\ESET\ESET Smart Security\x86\ekrn.exe [2014-2-24 1343408]
R2 EpsonScanSvc;Epson Scanner Service;C:\WINDOWS\System32\escsvc64.exe [2014-7-25 135824]
R2 IDMWFP;IDMWFP;C:\WINDOWS\System32\drivers\idmwfp.sys [2014-11-7 180136]
R2 Intel® Capability Licensing Service Interface;Intel® Capability Licensing Service Interface;C:\Program Files\Intel\iCLS Client\HeciServer.exe [2013-2-13 731648]
R2 MBAMScheduler;MBAMScheduler;C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe [2014-9-20 1871160]
R2 MBAMService;MBAMService;C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [2014-9-20 968504]
R2 NvNetworkService;NVIDIA Network Service;C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe [2014-5-27 1617696]
R2 NvStreamSvc;NVIDIA Streamer Service;C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe [2014-5-27 21007192]
R2 plctrl;plctrl;C:\Program Files\ASUS\P4G\PLCTRL.sys [2013-8-29 14136]
R2 TeamViewer9;TeamViewer 9;C:\Program Files (x86)\TeamViewer\Version9\TeamViewer_Service.exe [2014-2-25 4799760]
R2 TuneUp.UtilitiesSvc;AVG PC TuneUp Service;C:\Program Files (x86)\AVG\AVG PC TuneUp\TuneUpUtilitiesService64.exe [2014-11-24 2604856]
R3 AiCharger;ASUS Charger Driver;C:\WINDOWS\System32\drivers\AiCharger.sys [2013-4-17 17152]
R3 AthBTPort;Qualcomm Atheros Virtual Bluetooth Class;C:\WINDOWS\System32\drivers\btath_flt.sys [2013-9-25 89800]
R3 ATP;ASUS Input Device;C:\WINDOWS\System32\drivers\AsusTP.sys [2013-9-23 70416]
R3 BTATH_A2DP;Bluetooth A2DP Audio Driver;C:\WINDOWS\System32\drivers\btath_a2dp.sys [2013-9-25 338120]
R3 btath_avdt;Qualcomm Atheros Bluetooth AVDT Service;C:\WINDOWS\System32\drivers\btath_avdt.sys [2013-9-25 116424]
R3 BTATH_BUS;Qualcomm Atheros Bluetooth Bus;C:\WINDOWS\System32\drivers\btath_bus.sys [2013-9-25 34384]
R3 BTATH_HCRP;Bluetooth HCRP Server driver;C:\WINDOWS\System32\drivers\btath_hcrp.sys [2013-9-25 179432]
R3 BTATH_LWFLT;Bluetooth LWFLT Device;C:\WINDOWS\System32\drivers\btath_lwflt.sys [2013-9-25 77464]
R3 BTATH_RCP;Bluetooth AVRCP Device;C:\WINDOWS\System32\drivers\btath_rcp.sys [2013-9-25 137928]
R3 BtFilter;BtFilter;C:\WINDOWS\System32\drivers\btfilter.sys [2013-9-25 594632]
R3 BthLEEnum;Pilote Bluetooth Low Energy;C:\WINDOWS\System32\drivers\BthLEEnum.sys [2014-4-8 226304]
R3 HIDSwitch;ASUS Wireless Radio Control;C:\WINDOWS\System32\drivers\AsHIDSwitch64.sys [2013-10-9 20280]
R3 iwdbus;IWD Bus Enumerator;C:\WINDOWS\System32\drivers\iwdbus.sys [2013-8-22 26008]
R3 MBAMProtector;MBAMProtector;C:\WINDOWS\System32\drivers\mbam.sys [2014-9-20 25816]
R3 MBAMSwissArmy;MBAMSwissArmy;C:\WINDOWS\System32\drivers\MBAMSwissArmy.sys [2014-9-20 129752]
R3 MBAMWebAccessControl;MBAMWebAccessControl;C:\WINDOWS\System32\drivers\mwac.sys [2014-9-20 64216]
R3 NcbService;Service Broker pour les connexions réseau;C:\WINDOWS\System32\svchost.exe -k LocalSystemNetworkRestricted [2013-8-22 37768]
R3 NdisVirtualBus;Énumérateur de cartes réseau virtuelles Microsoft;C:\WINDOWS\System32\drivers\NdisVirtualBus.sys [2013-8-22 16384]
R3 NvStreamKms;NvStreamKms;C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys [2014-5-27 18776]
R3 nvvad_WaveExtensible;NVIDIA Virtual Audio Device (Wave Extensible) (WDM);C:\WINDOWS\System32\drivers\nvvad64v.sys [2014-5-27 40392]
R3 RTL8168;Realtek 8168 NT Driver;C:\WINDOWS\System32\drivers\Rt630x64.sys [2013-11-29 838872]
R3 RTSPER;Realtek PCIE Card Reader - PER;C:\WINDOWS\System32\drivers\RtsPer.sys [2013-12-15 455240]
R3 tapstrong;StrongVPN Adapter;C:\WINDOWS\System32\drivers\tapstrong.sys [2014-3-3 38760]
R3 TuneUpUtilitiesDrv;TuneUpUtilitiesDrv;C:\Program Files (x86)\AVG\AVG PC TuneUp\TuneUpUtilitiesDriver64.sys [2014-9-9 14112]
R3 WSDScan;Prise en charge de la numérisation WSD;C:\WINDOWS\System32\drivers\WSDScan.sys [2013-8-22 23040]
S3 ADP80XX;ADP80XX;C:\WINDOWS\System32\drivers\adp80xx.sys [2013-8-22 782176]
S3 AppReadiness;Préparation des applications;C:\WINDOWS\System32\svchost.exe -k AppReadiness [2013-8-22 37768]
S3 AppXSvc;Service de déploiement AppX (AppXSVC);C:\WINDOWS\System32\svchost.exe -k wsappx [2013-8-22 37768]
S3 bcmfn2;bcmfn2 Service;C:\WINDOWS\System32\drivers\bcmfn2.sys [2013-8-22 17624]
S3 DisplayLinkUsbIo_x64;DisplayLinkUsbIo_x64;C:\WINDOWS\System32\drivers\DisplayLinkUsbIo_x64_7.6.57242.0.sys [2014-8-27 46384]
S3 dlcdcncm;dlcdcncm;C:\WINDOWS\System32\drivers\dlcdcncm62_x64.sys [2014-8-27 82224]
S3 dlusbaudio;dlusbaudio;C:\WINDOWS\System32\drivers\dlusbaudio_x64.sys [2014-8-27 206128]
S3 ggflt;SOMC USB Flash Driver Filter;C:\WINDOWS\System32\drivers\ggflt.sys [2014-10-6 16088]
S3 ggsomc;SOMC USB Flash Driver;C:\WINDOWS\System32\drivers\ggsomc.sys [2014-10-6 30424]
S3 iaLPSSi_GPIO;Pilote de contrôleur GPIO d’E/S série Intel®;C:\WINDOWS\System32\drivers\iaLPSSi_GPIO.sys [2013-8-22 24568]
S3 iaLPSSi_I2C;Pilote de contrôleur I2C d’E/S série Intel®;C:\WINDOWS\System32\drivers\iaLPSSi_I2C.sys [2013-8-22 99320]
S3 iaStorAV;Contrôleur RAID SATA Intel® pour Windows;C:\WINDOWS\System32\drivers\iaStorAV.sys [2013-8-22 651248]
S3 IEEtwCollectorService;Service Collecteur ETW d’Internet Explorer;C:\WINDOWS\System32\ieetwcollector.exe [2014-11-12 114688]
S3 intaud_WaveExtensible;Intel WiDi Audio Device;C:\WINDOWS\System32\drivers\intelaud.sys [2013-8-22 39320]
S3 IntcDAud;Son Intel® pour écrans;C:\WINDOWS\System32\drivers\IntcDAud.sys [2013-10-11 442368]
S3 Intel® Capability Licensing Service TCP IP Interface;Intel® Capability Licensing Service TCP IP Interface;C:\Program Files\Intel\iCLS Client\SocketHeciServer.exe [2013-2-13 820184]
S3 lfsvc;Service d’infrastructure de localisation Windows;C:\WINDOWS\System32\svchost.exe -k netsvcs [2013-8-22 37768]
S3 LSI_SAS3;LSI_SAS3;C:\WINDOWS\System32\drivers\lsi_sas3.sys [2013-8-22 81760]
S3 netvsc;netvsc;C:\WINDOWS\System32\drivers\netvsc63.sys [2013-8-22 87040]
S3 ose64;Office 64 Source Engine;C:\Program Files\Common Files\microsoft shared\Source Engine\OSE.EXE [2014-1-23 178760]
S3 pwdrvio;pwdrvio;C:\WINDOWS\System32\pwdrvio.sys [2014-9-12 19152]
S3 pwdspio;pwdspio;C:\WINDOWS\System32\pwdspio.sys [2014-9-12 12504]
S3 ReFS;ReFS;C:\WINDOWS\System32\drivers\refs.sys [2014-4-8 924504]
S3 ScDeviceEnum;Service d’énumération de périphériques de carte à puce;C:\WINDOWS\System32\svchost.exe -k LocalSystemNetworkRestricted [2013-8-22 37768]
S3 SerCx2;Serial UART Support Library;C:\WINDOWS\System32\drivers\SerCx2.sys [2014-3-14 146776]
S3 smphost;SMP de l’Espace de stockages Microsoft;C:\WINDOWS\System32\svchost.exe -k smphost [2013-8-22 37768]
S3 stornvme;Pilote NVM Express standard de Microsoft;C:\WINDOWS\System32\drivers\stornvme.sys [2013-11-14 57176]
S3 UEFI;Pilote UEFI Microsoft;C:\WINDOWS\System32\drivers\uefi.sys [2013-8-22 26976]
S3 vmicguestinterface;Interface de services d’invité Hyper-V;C:\WINDOWS\System32\svchost.exe -k LocalSystemNetworkRestricted [2013-8-22 37768]
S3 WdNisDrv;Pilote du système d’inspection du réseau Windows Defender;C:\WINDOWS\System32\drivers\WdNisDrv.sys [2014-11-12 114496]
S3 WdNisSvc;Service Inspection du réseau Windows Defender;C:\Program Files\Windows Defender\NisSrv.exe [2014-11-12 368632]
S3 WEPHOSTSVC;Service hôte du fournisseur de chiffrement Windows;C:\WINDOWS\System32\svchost.exe -k WepHostSvcGroup [2013-8-22 37768]
S3 workfolderssvc;Dossiers de travail;C:\WINDOWS\System32\svchost.exe -k LocalService [2013-8-22 37768]
S3 WUDFWpdMtp;WUDFWpdMtp;C:\WINDOWS\System32\drivers\WUDFRd.sys [2014-7-23 227840]
S4 afcdpsrv;Acronis Nonstop Backup Service;C:\Program Files (x86)\Common Files\Acronis\CDP\afcdpsrv.exe [2014-11-25 4017144]
S4 Asus WebStorage Windows Service;Asus WebStorage Windows Service;C:\Program Files (x86)\ASUS\WebStorage Sync Agent\1.1.18.159\AsusWSWinService.exe [2012-12-19 72192]
S4 AtherosSvc;AtherosSvc;C:\Program Files (x86)\Bluetooth Suite\AdminService.exe [2013-9-25 312448]
S4 CLKMSVC10_38F51D56;CyberLink Product - 2013/12/15 14:08:33;C:\Program Files (x86)\CyberLink\PowerDVD10\NavFilter\kmsvc.exe [2013-7-19 244696]
S4 GamesAppService;GamesAppService;C:\Program Files (x86)\WildTangent Games\App\GamesAppService.exe [2010-10-12 206072]
S4 Intel® ME Service;Intel® ME Service;C:\Program Files (x86)\Intel\Intel® Management Engine Components\FWService\IntelMeFWService.exe [2013-12-15 131544]
S4 jhi_service;Intel® Dynamic Application Loader Host Interface Service;C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\Jhi_service.exe [2013-12-15 169432]
S4 StrongVPN Service;StrongVPN Service;C:\Program Files (x86)\StrongVPN\StrongService.exe [2014-3-3 99312]
S4 syncagentsrv;Acronis Sync Agent Service;C:\Program Files (x86)\Common Files\Acronis\SyncAgent\syncagentsrv.exe [2014-9-13 6856336]
S4 ZAtheros Bt and Wlan Coex Agent;ZAtheros Bt and Wlan Coex Agent;C:\Program Files (x86)\Bluetooth Suite\Ath_CoexAgent.exe [2013-9-25 323584]
.
=============== File Associations ===============
.
FileExt: .txt: txtfile="C:\Program Files (x86)\PSPad editor\PSPad.exe" "%1" [UserChoice]
FileExt: .ini: Applications\PSPad.exe="C:\Program Files (x86)\PSPad editor\PSPad.exe" "%1" [UserChoice]
.
=============== Created Last 30 ================
.
2014-12-02 11:59:13    --------    d-----w-    C:\Program Files (x86)\ESET
2014-12-02 11:04:43    512    ----a-w-    C:\PhysicalDisk0_MBR.bin
2014-12-02 11:01:46    --------    d-----w-    C:\Users\Martial\AppData\Roaming\ZHP
2014-12-02 11:01:46    --------    d-----w-    C:\Program Files (x86)\ZHPDiag
2014-11-30 09:17:34    --------    d-----w-    C:\FRST
2014-11-30 09:06:22    --------    d-----w-    C:\AdwCleaner
2014-11-27 12:31:21    29496    ----a-w-    C:\WINDOWS\System32\authuitu.dll
2014-11-27 12:31:21    25400    ----a-w-    C:\WINDOWS\SysWow64\authuitu.dll
2014-11-27 12:31:18    42808    ----a-w-    C:\WINDOWS\System32\uxtuneup.dll
2014-11-27 12:31:17    35640    ----a-w-    C:\WINDOWS\SysWow64\uxtuneup.dll
2014-11-25 13:40:48    296736    ----a-w-    C:\WINDOWS\System32\drivers\file_tracker.sys
2014-11-25 13:40:42    234784    ----a-w-    C:\WINDOWS\System32\drivers\tib_mounter.sys
2014-11-25 13:40:41    1328928    ----a-w-    C:\WINDOWS\System32\drivers\tib.sys
2014-11-25 13:40:39    302880    ----a-w-    C:\WINDOWS\System32\drivers\snapman.sys
2014-11-25 13:40:37    126752    ----a-w-    C:\WINDOWS\System32\drivers\fltsrv.sys
2014-11-25 10:59:48    --------    d-----w-    C:\Program Files (x86)\VS Revo Group
2014-11-24 15:09:12    --------    d-----w-    C:\Users\Martial\AppData\Roaming\Traffic Travis v4
2014-11-24 15:08:24    --------    d-----w-    C:\Users\Martial\AppData\Roaming\Affilorama
2014-11-23 15:44:28    --------    d-----w-    C:\Users\Martial\.dvdcss
2014-11-22 22:59:09    3815008    ----a-w-    C:\WINDOWS\System32\auto_reactivate.exe
2014-11-22 22:59:09    365888    ----a-w-    C:\WINDOWS\System32\snapapiar64.dll
2014-11-22 09:25:25    --------    d-----w-    C:\.cache
2014-11-19 10:31:34    --------    d-----w-    C:\WINDOWS\SysWow64\NV
2014-11-19 10:31:34    --------    d-----w-    C:\WINDOWS\System32\NV
2014-11-18 19:42:37    991232    ----a-w-    C:\WINDOWS\System32\kerberos.dll
2014-11-18 19:42:37    806400    ----a-w-    C:\WINDOWS\SysWow64\kerberos.dll
2014-11-18 19:42:37    259584    ----a-w-    C:\WINDOWS\System32\pku2u.dll
2014-11-18 19:42:37    208896    ----a-w-    C:\WINDOWS\SysWow64\pku2u.dll
2014-11-14 15:25:35    --------    d-sh--w-    C:\Users\Martial\AppData\Local\EmieBrowserModeList
2014-11-12 08:55:42    3607040    ----a-w-    C:\WINDOWS\SysWow64\msi.dll
2014-11-12 08:55:42    3320320    ----a-w-    C:\WINDOWS\System32\msi.dll
2014-11-12 08:55:42    2773504    ----a-w-    C:\WINDOWS\System32\authui.dll
2014-11-12 08:55:42    2459136    ----a-w-    C:\WINDOWS\SysWow64\authui.dll
2014-11-12 08:55:41    428032    ----a-w-    C:\WINDOWS\System32\msihnd.dll
2014-11-12 08:55:41    325120    ----a-w-    C:\WINDOWS\SysWow64\msihnd.dll
2014-11-12 08:55:41    116032    ----a-w-    C:\WINDOWS\System32\consent.exe
2014-11-12 08:55:41    110080    ----a-w-    C:\WINDOWS\System32\appinfo.dll
2014-11-12 08:55:11    88800    ----a-w-    C:\WINDOWS\SysWow64\ncryptsslp.dll
2014-11-12 08:55:11    426496    ----a-w-    C:\WINDOWS\System32\schannel.dll
2014-11-12 08:55:11    357376    ----a-w-    C:\WINDOWS\SysWow64\schannel.dll
2014-11-12 08:55:11    185856    ----a-w-    C:\WINDOWS\System32\dpapisrv.dll
2014-11-12 08:55:11    104336    ----a-w-    C:\WINDOWS\System32\ncryptsslp.dll
2014-11-12 08:53:31    433664    ----a-w-    C:\WINDOWS\System32\wbem\MDMSettingsProv.dll
2014-11-07 07:21:40    180136    ----a-w-    C:\WINDOWS\System32\drivers\idmwfp.sys
2014-11-05 12:33:24    1876296    ----a-w-    C:\WINDOWS\System32\nvdispco6434460.dll
2014-11-05 12:33:24    1539272    ----a-w-    C:\WINDOWS\System32\nvdispgenco6434460.dll
2014-11-04 12:53:29    --------    d-----w-    C:\Users\Martial\AppData\Local\Wondershare
2014-11-04 12:53:29    --------    d-----w-    C:\Program Files (x86)\Common Files\Wondershare
2014-11-04 12:52:54    --------    d-----w-    C:\Users\Martial\AppData\Roaming\Wondershare
.
==================== Find3M  ====================
.
2014-12-02 12:12:56    129752    ----a-w-    C:\WINDOWS\System32\drivers\MBAMSwissArmy.sys
2014-12-01 12:05:14    74    ----a-w-    C:\Users\Martial\AppData\Roaming\sp_data.sys
2014-11-24 11:48:40    40248    ----a-w-    C:\WINDOWS\System32\TURegOpt.exe
2014-11-20 20:51:37    714208    ----a-w-    C:\WINDOWS\SysWow64\FlashPlayerApp.exe
2014-11-20 20:51:37    106976    ----a-w-    C:\WINDOWS\SysWow64\FlashPlayerCPLApp.cpl
2014-11-12 21:56:45    6897352    ----a-w-    C:\WINDOWS\System32\nvcpl.dll
2014-11-12 21:56:45    3534152    ----a-w-    C:\WINDOWS\System32\nvsvc64.dll
2014-11-12 21:56:42    934032    ----a-w-    C:\WINDOWS\System32\nvvsvc.exe
2014-11-12 21:56:42    67072    ----a-w-    C:\WINDOWS\System32\nv3dappshextr.dll
2014-11-12 21:56:42    62608    ----a-w-    C:\WINDOWS\System32\nvshext.dll
2014-11-12 21:56:42    386368    ----a-w-    C:\WINDOWS\System32\nvmctray.dll
2014-11-12 21:56:42    2559808    ----a-w-    C:\WINDOWS\System32\nvsvcr.dll
2014-11-12 21:56:42    1092752    ----a-w-    C:\WINDOWS\System32\nv3dappshext.dll
2014-11-11 10:29:54    4100776    ----a-w-    C:\WINDOWS\System32\nvcoproc.bin
2014-11-04 23:38:37    228864    ----a-w-    C:\WINDOWS\System32\aepdu.dll
2014-11-04 00:10:18    304128    ----a-w-    C:\WINDOWS\System32\generaltel.dll
2014-10-31 05:12:41    143872    ----a-w-    C:\WINDOWS\System32\wextract.exe
2014-10-31 05:12:05    13824    ----a-w-    C:\WINDOWS\System32\mshta.exe
2014-10-31 05:10:13    167424    ----a-w-    C:\WINDOWS\System32\iexpress.exe
2014-10-31 05:06:45    66560    ----a-w-    C:\WINDOWS\System32\iesetup.dll
2014-10-31 05:06:09    580096    ----a-w-    C:\WINDOWS\System32\vbscript.dll
2014-10-31 05:06:00    48640    ----a-w-    C:\WINDOWS\System32\ieetwproxystub.dll
2014-10-31 05:05:50    417280    ----a-w-    C:\WINDOWS\System32\html.iec
2014-10-31 05:04:28    88064    ----a-w-    C:\WINDOWS\System32\MshtmlDac.dll
2014-10-31 04:54:13    132096    ----a-w-    C:\WINDOWS\System32\IEAdvpack.dll
2014-10-31 04:53:32    98816    ----a-w-    C:\WINDOWS\System32\aepic.dll
2014-10-31 04:52:22    108544    ----a-w-    C:\WINDOWS\System32\hlink.dll
2014-10-31 04:51:37    144384    ----a-w-    C:\WINDOWS\System32\ieUnatt.exe
2014-10-31 04:51:25    114688    ----a-w-    C:\WINDOWS\System32\ieetwcollector.exe
2014-10-31 04:50:44    814080    ----a-w-    C:\WINDOWS\System32\jscript9diag.dll
2014-10-31 04:50:11    6040064    ----a-w-    C:\WINDOWS\System32\jscript9.dll
2014-10-31 04:49:39    537088    ----a-w-    C:\WINDOWS\System32\aeinv.dll
2014-10-31 04:40:07    33280    ----a-w-    C:\WINDOWS\System32\licmgr10.dll
2014-10-31 04:30:28    77824    ----a-w-    C:\WINDOWS\System32\JavaScriptCollectionAgent.dll
2014-10-31 04:29:50    111616    ----a-w-    C:\WINDOWS\System32\iesysprep.dll
2014-10-31 04:29:17    87552    ----a-w-    C:\WINDOWS\System32\tdc.ocx
2014-10-31 04:24:48    391168    ----a-w-    C:\WINDOWS\System32\devinv.dll
2014-10-31 04:15:11    1032704    ----a-w-    C:\WINDOWS\System32\inetcomm.dll
2014-10-31 04:03:02    2124288    ----a-w-    C:\WINDOWS\System32\inetcpl.cpl
2014-10-31 03:45:17    2365440    ----a-w-    C:\WINDOWS\System32\wininet.dll
2014-10-31 03:44:32    2865152    ----a-w-    C:\WINDOWS\System32\actxprxy.dll
2014-10-31 03:42:04    51200    ----a-w-    C:\WINDOWS\System32\imgutil.dll
2014-10-31 03:28:47    137728    ----a-w-    C:\WINDOWS\SysWow64\wextract.exe
2014-10-31 03:28:43    12800    ----a-w-    C:\WINDOWS\SysWow64\mshta.exe
2014-10-31 03:27:26    152064    ----a-w-    C:\WINDOWS\SysWow64\iexpress.exe
2014-10-31 03:24:47    501248    ----a-w-    C:\WINDOWS\SysWow64\vbscript.dll
2014-10-31 03:24:23    62464    ----a-w-    C:\WINDOWS\SysWow64\iesetup.dll
2014-10-31 03:23:37    47616    ----a-w-    C:\WINDOWS\SysWow64\ieetwproxystub.dll
2014-10-31 03:23:21    340992    ----a-w-    C:\WINDOWS\SysWow64\html.iec
2014-10-31 03:22:08    64000    ----a-w-    C:\WINDOWS\SysWow64\MshtmlDac.dll
2014-10-31 03:14:25    112128    ----a-w-    C:\WINDOWS\SysWow64\IEAdvpack.dll
2014-10-31 03:13:05    99328    ----a-w-    C:\WINDOWS\SysWow64\hlink.dll
2014-10-31 03:12:17    115712    ----a-w-    C:\WINDOWS\SysWow64\ieUnatt.exe
2014-10-31 03:11:30    620032    ----a-w-    C:\WINDOWS\SysWow64\jscript9diag.dll
2014-10-31 03:03:33    27136    ----a-w-    C:\WINDOWS\SysWow64\licmgr10.dll
2014-10-31 02:57:20    60416    ----a-w-    C:\WINDOWS\SysWow64\JavaScriptCollectionAgent.dll
2014-10-31 02:56:44    90624    ----a-w-    C:\WINDOWS\SysWow64\iesysprep.dll
2014-10-31 02:56:18    73216    ----a-w-    C:\WINDOWS\SysWow64\tdc.ocx
2014-10-31 02:46:38    880128    ----a-w-    C:\WINDOWS\SysWow64\inetcomm.dll
2014-10-31 02:46:23    4298240    ----a-w-    C:\WINDOWS\SysWow64\jscript9.dll
2014-10-31 02:39:28    2051072    ----a-w-    C:\WINDOWS\SysWow64\inetcpl.cpl
2014-10-31 02:26:38    1042944    ----a-w-    C:\WINDOWS\SysWow64\actxprxy.dll
2014-10-31 02:24:42    40448    ----a-w-    C:\WINDOWS\SysWow64\imgutil.dll
2014-10-31 02:17:17    1892864    ----a-w-    C:\WINDOWS\SysWow64\wininet.dll
2014-10-27 10:27:11    18960    ----a-w-    C:\WINDOWS\System32\drivers\LNonPnP.sys
2014-10-23 05:48:37    81408    ----a-w-    C:\WINDOWS\System32\packager.dll
2014-10-23 05:05:08    72192    ----a-w-    C:\WINDOWS\SysWow64\packager.dll
2014-10-20 12:38:16    0    ----a-w-    C:\WINDOWS\SysWow64\dlumd9.dll
2014-10-20 12:38:16    0    ----a-w-    C:\WINDOWS\SysWow64\dlumd11.dll
2014-10-20 12:38:16    0    ----a-w-    C:\WINDOWS\SysWow64\dlumd10.dll
2014-10-20 12:38:16    0    ----a-w-    C:\WINDOWS\System32\dlumd9.dll
2014-10-20 12:38:16    0    ----a-w-    C:\WINDOWS\System32\dlumd11.dll
2014-10-20 12:38:16    0    ----a-w-    C:\WINDOWS\System32\dlumd10.dll
2014-10-18 06:50:21    17408    ----a-w-    C:\WINDOWS\System32\wuaext.dll
2014-10-18 06:27:15    35840    ----a-w-    C:\WINDOWS\System32\wuapp.exe
2014-10-18 06:26:48    140288    ----a-w-    C:\WINDOWS\System32\wuwebv.dll
2014-10-18 06:23:51    407552    ----a-w-    C:\WINDOWS\System32\WUSettingsProvider.dll
2014-10-18 06:23:11    95744    ----a-w-    C:\WINDOWS\System32\wudriver.dll
2014-10-18 06:20:43    1714176    ----a-w-    C:\WINDOWS\System32\wucltux.dll
2014-10-18 06:14:54    29696    ----a-w-    C:\WINDOWS\SysWow64\wuapp.exe
2014-10-18 06:14:32    124928    ----a-w-    C:\WINDOWS\SysWow64\wuwebv.dll
2014-10-18 06:12:10    81920    ----a-w-    C:\WINDOWS\SysWow64\wudriver.dll
2014-10-17 07:01:28    789184    ----a-w-    C:\WINDOWS\System32\oleaut32.dll
2014-10-17 06:58:44    602768    ----a-w-    C:\WINDOWS\SysWow64\oleaut32.dll
2014-10-16 16:54:03    1876296    ----a-w-    C:\WINDOWS\System32\nvdispco6434448.dll
2014-10-16 16:54:03    1539272    ----a-w-    C:\WINDOWS\System32\nvdispgenco6434448.dll
2014-10-10 01:58:57    27456    ----a-w-    C:\WINDOWS\System32\drivers\rdpvideominiport.sys
2014-10-10 01:58:57    177472    ----a-w-    C:\WINDOWS\System32\drivers\ksecpkg.sys
2014-10-10 01:44:01    563976    ----a-w-    C:\WINDOWS\System32\drivers\cng.sys
2014-10-08 07:37:31    154112    ----a-w-    C:\WINDOWS\System32\msaudite.dll
2014-10-08 07:37:27    736768    ----a-w-    C:\WINDOWS\System32\adtschema.dll
2014-10-08 07:34:45    131584    ----a-w-    C:\WINDOWS\System32\rdpudd.dll
2014-10-08 07:24:03    40448    ----a-w-    C:\WINDOWS\System32\rfxvmt.dll
2014-10-08 06:56:48    445440    ----a-w-    C:\WINDOWS\System32\certcli.dll
2014-10-08 06:51:16    154112    ----a-w-    C:\WINDOWS\SysWow64\msaudite.dll
2014-10-08 06:51:03    736768    ----a-w-    C:\WINDOWS\SysWow64\adtschema.dll
2014-10-08 06:18:10    324096    ----a-w-    C:\WINDOWS\SysWow64\certcli.dll
2014-10-08 06:17:58    1441792    ----a-w-    C:\WINDOWS\System32\lsasrv.dll
2014-10-08 05:23:52    3547648    ----a-w-    C:\WINDOWS\System32\rdpcorets.dll
2014-10-07 06:28:00    500016    ----a-w-    C:\WINDOWS\System32\AudioSes.dll
2014-02-22 13:22:20    8192    --sha-w-    C:\WINDOWS\SysWOW64\srvany.exe
.
============= FINISH: 14:38:02,17 ===============
 


Edited by leonquatre, 02 December 2014 - 08:40 AM.


BC AdBot (Login to Remove)

 


#2 B-boy/StyLe/

B-boy/StyLe/

    Bleepin' Freestyler


  • Malware Response Team
  • 8,307 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Bulgaria
  • Local time:05:04 AM

Posted 04 December 2014 - 08:49 AM

Hello! Welcome to BleepingComputer Forums! :welcome:
My name is Georgi and and I will be helping you with your computer problems.

Before we begin, please note the following:

  • I will working be on your Malware issues, this may or may not, solve other issues you have with your machine.
  • The logs can take some time to research, so please be patient with me.
  • Stay with the topic until I tell you that your system is clean. Missing symptoms does not mean that everything is okay.
  • Instructions that I give are for your system only!
  • Please do not run any tools until requested ! The reason for this is so I know what is going on with the machine at any time. Some programs can interfere with others and hamper the recovery process.
  • Please perform all steps in the order received. If you can't understand something don't hesitate to ask.
  • Again I would like to remind you to make no further changes to your computer unless I direct you to do so. I will not help you if you do not follow my instructions.

 

Please download the latest version of Farbar Recovery Scan Tool and save it to your desktop.

Note: You need to run the version compatibale with your system. If you are not sure which version applies to your system download both of them and try to run them. Only one of them will run on your system, that will be the right version.

  • Double-click to run it. When the tool opens click Yes to disclaimer.
  • Press Scan button.
  • It will make a log (FRST.txt) in the same directory the tool is run. Please copy and paste it to your reply.
  • The first time the tool is run, it makes also another log (Addition.txt). Please attach it to your reply.

 

 

Regards,

Georgi


cXfZ4wS.png


#3 B-boy/StyLe/

B-boy/StyLe/

    Bleepin' Freestyler


  • Malware Response Team
  • 8,307 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Bulgaria
  • Local time:05:04 AM

Posted 08 December 2014 - 04:54 AM

Hi,

 

Are you still around?

 

 

Regards,

Georgi


cXfZ4wS.png


#4 B-boy/StyLe/

B-boy/StyLe/

    Bleepin' Freestyler


  • Malware Response Team
  • 8,307 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Bulgaria
  • Local time:05:04 AM

Posted 12 December 2014 - 05:03 AM

Due to the lack of feedback, this topic is now closed.

In the event you still have problems, please send me or any Moderator a Private Message and ask them to reopen this topic within the next 5 days.

Please include a link to your topic in the Private Message. Thank you.

cXfZ4wS.png





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users