Aller au contenu

riondu

Membres
 Afficher le profil  Afficher son activité

  • Compteur de contenus

    7

  • Inscription

  • Dernière visite

 Type de contenu 

Tout ce qui a été posté par riondu

  1. riondu
    bonjour, merci de ton aide, mais ne manque-t-il pas quelque chose dans ton dernier post ? ^^ Tu dis "suis ceci jusqu'a "Virutkiller" " mais je ne vois pas quoi... (Ni les autres méthodes dont tu parles). J'espère qu'il s'agit d'un oubli sinon je suis pas rendu merci et à bientôt
  2. riondu
    Re bonjour, le scan de windows/system32/temp.00E n'a rien donné du tout, supposant qu'il faut donc que je fasse ce que tu indiques dans le post précédent, je me lance ! Petit souci déjà, à aucun moment je n'ai de bouton Correction qui s'affiche... Je copie colle de :OTL à [emptytemp], je clic runfix, il me dit de faire ok si je veux voir le fichier de log, ce que je fais, et plus rien... La suite donc, Combofix. Celui ci ne m'a pas proposé d'installer la console de rcupération windows, mais m'a néamoins pondu un très joli rapport visible ci-dessous : ComboFix 10-11-28.05 - Carles 29/11/2010 12:59:55.1.2 - x86 Microsoft Windows 7 Professionnel 6.1.7600.0.1252.33.1036.18.3318.2398 [GMT 1:00] Lancé depuis: c:\users\Carles\Desktop\ComboFix.exe * Un nouveau point de restauration a été créé . (((((((((((((((((((((((((((((((((((( Autres suppressions )))))))))))))))))))))))))))))))))))))))))))))))) . c:\windows\system32\zip32.dll . ((((((((((((((((((((((((((((( Fichiers créés du 2010-10-28 au 2010-11-29 )))))))))))))))))))))))))))))))))))) . 2010-11-29 17:40 . 2010-11-29 17:40 -------- d-----w- C:\_OTL 2010-11-29 12:02 . 2010-11-29 12:03 -------- d-----w- c:\users\Carles\AppData\Local\temp 2010-11-29 12:02 . 2010-11-29 12:02 -------- d-----w- c:\users\Default\AppData\Local\temp 2010-11-29 11:06 . 2010-11-29 11:06 -------- d-----w- c:\users\Carles\AppData\Local\Mozilla 2010-11-24 12:42 . 2010-11-24 12:42 -------- d-----w- c:\program files\CCleaner 2010-11-24 10:46 . 2010-10-19 08:10 7680 ----a-w- c:\program files\Internet Explorer\iecompat.dll 2010-11-17 16:11 . 2004-08-19 16:09 151552 ----a-w- c:\windows\system32\temp.01A 2010-11-17 16:11 . 2000-05-27 00:10 1388544 ----a-w- c:\windows\system32\temp.017 2010-11-17 16:11 . 1999-12-07 13:00 614672 ----a-w- c:\windows\system32\temp.016 2010-11-17 16:11 . 1999-12-07 13:00 164112 ----a-w- c:\windows\system32\temp.015 2010-11-17 16:11 . 1999-12-07 13:00 147728 ----a-w- c:\windows\system32\temp.019 2010-11-17 16:11 . 1998-06-01 00:00 22288 ----a-w- c:\windows\system32\temp.018 2010-11-17 16:11 . 2003-07-17 09:23 44032 ----a-w- c:\windows\system32\temp.013 2010-11-17 16:11 . 2003-07-17 09:23 1129472 ----a-w- c:\windows\system32\temp.014 2010-11-17 16:11 . 2001-08-17 21:43 583680 ----a-w- c:\windows\system32\temp.012 2010-11-17 07:59 . 2010-11-17 07:59 -------- d-----w- c:\program files\Common Files\Java 2010-11-16 13:35 . 2010-11-17 10:21 -------- d-----w- c:\users\Carles\AppData\Local\Windows Live Writer 2010-11-16 13:35 . 2010-11-16 13:35 -------- d-----w- c:\users\Carles\AppData\Roaming\Windows Live Writer 2010-11-15 11:30 . 2010-11-26 17:51 -------- d-----w- c:\users\LogMeInRemoteUser 2010-11-12 10:22 . 2010-11-12 10:22 -------- d-----w- c:\programdata\F-Secure 2010-11-12 08:53 . 2010-11-12 08:53 -------- d-----w- c:\users\Carles\AppData\Local\LogMeIn 2010-11-12 08:53 . 2010-11-12 08:53 -------- d-----w- c:\programdata\LogMeIn 2010-11-12 08:53 . 2010-09-27 13:50 83360 ----a-w- c:\windows\system32\LMIRfsClientNP.dll 2010-11-12 08:53 . 2010-09-27 13:49 53632 ----a-w- c:\windows\system32\Spool\prtprocs\w32x86\LMIproc.dll 2010-11-12 08:53 . 2010-09-27 13:49 29568 ----a-w- c:\windows\system32\LMIport.dll 2010-11-12 08:53 . 2010-05-31 10:31 47640 ----a-w- c:\windows\system32\drivers\LMIRfsDriver.sys 2010-11-12 08:53 . 2010-09-27 13:49 87424 ----a-w- c:\windows\system32\LMIinit.dll 2010-11-12 08:52 . 2010-11-29 06:59 -------- d-----w- c:\program files\LogMeIn 2010-11-12 08:51 . 2010-11-12 08:51 -------- d-----w- c:\users\Carles\AppData\Local\Deployment 2010-11-12 08:51 . 2010-11-12 08:51 -------- d-----w- c:\users\Carles\AppData\Local\Apps 2010-11-09 09:12 . 2010-09-07 15:47 17744 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys 2010-11-09 09:12 . 2010-09-07 15:52 165584 ----a-w- c:\windows\system32\drivers\aswSP.sys 2010-11-09 09:12 . 2010-09-07 15:47 23376 ----a-w- c:\windows\system32\drivers\aswRdr.sys 2010-11-09 09:12 . 2010-09-07 15:52 46672 ----a-w- c:\windows\system32\drivers\aswTdi.sys 2010-11-09 09:12 . 2010-09-07 15:47 50768 ----a-w- c:\windows\system32\drivers\aswMonFlt.sys 2010-11-09 09:12 . 2010-09-07 16:12 38848 ----a-w- c:\windows\avastSS.scr 2010-11-09 09:12 . 2010-09-07 16:11 167592 ----a-w- c:\windows\system32\aswBoot.exe 2010-11-09 09:12 . 2010-11-09 09:12 -------- d-----w- c:\programdata\Alwil Software 2010-11-09 09:12 . 2010-11-09 09:12 -------- d-----w- c:\program files\Alwil Software 2010-11-08 16:10 . 2004-08-19 16:09 151552 ----a-w- c:\windows\system32\temp.011 2010-11-08 16:10 . 2000-05-27 00:10 1388544 ----a-w- c:\windows\system32\temp.00E 2010-11-08 16:10 . 1999-12-07 13:00 614672 ----a-w- c:\windows\system32\temp.00D 2010-11-08 16:10 . 1999-12-07 13:00 164112 ----a-w- c:\windows\system32\temp.00C 2010-11-08 16:10 . 1999-12-07 13:00 147728 ----a-w- c:\windows\system32\temp.010 2010-11-08 16:10 . 1998-06-01 00:00 22288 ----a-w- c:\windows\system32\temp.00F 2010-11-08 16:10 . 2003-07-17 09:23 44032 ----a-w- c:\windows\system32\temp.00A 2010-11-08 16:10 . 2003-07-17 09:23 1129472 ----a-w- c:\windows\system32\temp.00B 2010-11-08 16:10 . 2001-08-17 21:43 583680 ----a-w- c:\windows\system32\temp.009 2010-11-08 16:10 . 2010-11-17 16:11 -------- d-----w- C:\TRANSNET_V4 2010-11-03 11:40 . 2010-11-24 13:11 -------- d-----w- c:\users\Carles\Tracing 2010-11-03 11:36 . 2010-11-03 11:36 -------- d-----w- c:\windows\PCHEALTH 2010-11-03 11:36 . 2010-11-03 11:38 -------- d-----w- c:\program files\Windows Live 2010-11-03 11:36 . 2010-11-04 07:02 -------- d-----w- c:\program files\Microsoft Silverlight 2010-11-03 11:35 . 2010-05-23 10:11 196608 ----a-w- c:\windows\system32\mfreadwrite.dll 2010-11-03 11:35 . 2010-05-23 10:11 3181568 ----a-w- c:\windows\system32\mf.dll 2010-11-03 11:35 . 2010-05-23 10:15 1619456 ----a-w- c:\windows\system32\WMVDECOD.DLL 2010-11-03 11:34 . 2010-11-24 13:12 -------- d-----w- c:\users\Carles\AppData\Local\Windows Live 2010-11-03 11:34 . 2010-11-03 11:34 -------- d-----w- c:\program files\Common Files\Windows Live . (((((((((((((((((((((((((((((((((( Compte-rendu de Find3M )))))))))))))))))))))))))))))))))))))))))))))))) . 2010-09-22 23:47 . 2010-09-22 23:47 49016 ----a-w- c:\windows\system32\sirenacm.dll 2010-09-21 13:03 . 2010-09-21 13:03 208768 ----a-w- c:\windows\system32\LIVESSP.DLL 2010-09-16 08:24 . 2010-10-05 10:00 6084944 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{AD7F91B8-5F84-4827-B643-F9688AD887E1}\mpengine.dll 2010-09-15 03:50 . 2010-10-18 10:29 472808 ----a-w- c:\windows\system32\deployJava1.dll 2010-09-08 04:30 . 2010-10-14 19:17 978432 ----a-w- c:\windows\system32\wininet.dll 2010-09-08 04:28 . 2010-10-14 19:17 44544 ----a-w- c:\windows\system32\licmgr10.dll 2010-09-08 03:22 . 2010-10-14 19:17 386048 ----a-w- c:\windows\system32\html.iec 2010-09-08 02:48 . 2010-10-14 19:17 1638912 ----a-w- c:\windows\system32\mshtml.tlb 2010-09-01 04:23 . 2010-10-14 19:17 12625408 ----a-w- c:\windows\system32\wmploc.DLL 2010-09-01 02:34 . 2010-10-14 19:17 2327552 ----a-w- c:\windows\system32\win32k.sys . ((((((((((((((((((((((((((((((((( Points de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés REGEDIT4 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RtHDVCpl.exe" [2010-04-06 8555040] "IgfxTray"="c:\windows\system32\igfxtray.exe" [2009-09-23 141848] "HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2009-09-23 173592] "Persistence"="c:\windows\system32\igfxpers.exe" [2009-09-23 150552] "Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2010-09-23 35760] "Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-09-20 932288] "avast5"="c:\program files\Alwil Software\Avast5\avastUI.exe" [2010-09-07 2838912] "LogMeIn GUI"="c:\program files\LogMeIn\x86\LogMeInSystray.exe" [2010-05-31 63048] "SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-05-14 248552] c:\users\Carles\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ OpenOffice.org 3.2.lnk - c:\program files\OpenOffice.org 3\program\quickstart.exe [2010-5-20 1195008] c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\ Canon LBP3000 Fenˆtre d'‚tat.lnk - c:\windows\System32\spool\drivers\w32x86\3\CNAB3LAK.EXE [2010-10-7 50848] [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system] "ConsentPromptBehaviorAdmin"= 5 (0x5) "ConsentPromptBehaviorUser"= 3 (0x3) "EnableUIADesktopToggle"= 0 (0x0) [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32] "aux"=wdmaud.drv [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa] Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384] R2 ISWKL;ZoneAlarm Toolbar ISWKL;c:\program files\CheckPoint\ZAForceField\ISWKL.sys [x] R2 IswSvc;ZoneAlarm Toolbar IswSvc;c:\program files\CheckPoint\ZAForceField\IswSvc.exe [x] R3 WatAdminSvc;Service Windows Activation Technologies;c:\windows\system32\Wat\WatAdminSvc.exe [2010-09-30 1343400] S1 aswSP;aswSP; [x] S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [2009-07-13 48128] S2 aswFsBlk;aswFsBlk; [x] S2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [2010-09-07 50768] S2 hasplms;Sentinel HASP License Manager;c:\windows\system32\hasplms.exe -run [x] S2 LMIGuardianSvc;LMIGuardianSvc;c:\program files\LogMeIn\x86\LMIGuardianSvc.exe [2010-09-27 374152] S2 LMIInfo;LogMeIn Kernel Information Provider;c:\program files\LogMeIn\x86\RaInfo.sys [2010-05-31 12856] S3 netr73;Pilote de carte LAN sans fil USB RT73 pour Vista;c:\windows\system32\DRIVERS\netr73.sys [2009-07-13 545792] S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt86win7.sys [2010-03-22 278560] . . ------- Examen supplémentaire ------- . uStart Page = hxxp://www.google.fr/ FF - ProfilePath - c:\users\Carles\AppData\Roaming\Mozilla\Firefox\Profiles\wvvvuhi3.default\ FF - plugin: c:\program files\Java\jre6\bin\new_plugin\npdeployJava1.dll FF - Extension: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd} . - - - - ORPHELINS SUPPRIMES - - - - HKLM-Run-ZoneAlarm Client - c:\program files\Zone Labs\ZoneAlarm\zlclient.exe HKLM-Run-ISW - c:\program files\CheckPoint\ZAForceField\ForceField.exe AddRemove-ZoneAlarm - c:\program files\Zone Labs\ZoneAlarm\zauninst.exe AddRemove-ZoneAlarm Toolbar - c:\program files\CheckPoint\ZAForceField\Uninstall.exe . --------------------- CLES DE REGISTRE BLOQUEES --------------------- [HKEY_USERS\S-1-5-21-2995731032-777273703-170551780-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.eml\UserChoice] @Denied: (2) (LocalSystem) "Progid"="WindowsLiveMail.Email.1" [HKEY_USERS\S-1-5-21-2995731032-777273703-170551780-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.vcf\UserChoice] @Denied: (2) (LocalSystem) "Progid"="WindowsLiveMail.VCard.1" [HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security] @Denied: (Full) (Everyone) . Heure de fin: 2010-11-29 13:03:55 ComboFix-quarantined-files.txt 2010-11-29 12:03 Avant-CF: 480 505 544 704 octets libres Après-CF: 480 928 477 184 octets libres - - End Of File - - D2423E63079DEE530DC504B80FF833B8 En espérant que malgré les hic rencontrés cela puisse faire avancer les choses Merci encore (je ne le dirais jamais assez ^^ )
  3. riondu
    bonjour, je fais donc un scan de temp.00E, mais que dois je faire après...? (j'imagine qu'en fonction du résultat j'applique ou non ce que tu as marqué dans le post précédent ? ) Je vais de ce pas faire le dis scan, je pars chez mon client (je vais donc revenir très vite...) Merci
  4. riondu
    bonsoir, je teste tout dès que possible, pour TRANSNET_V4 il s'agit d'un logiciel de passage de commande utilisé par mon client Merci et à très bientôt pour la suite des aventures !
  5. riondu
    bonjour, après presque une heure de sauvegarde (pour trier ^^ ), j'ai réussi à faire la manip et voilà donc le fichier obtenu : OTL logfile created on: 11/26/2010 12:53:35 PM - Run OTLPE by OldTimer - Version 3.1.43.0 Folder = X:\Programs\OTLPE Windows 7 Professional (Version = 6.1.7600) - Type = System Internet Explorer (Version = 8.0.7600.16385) Locale: 0000040c | Country: France | Language: FRA | Date Format: dd/MM/yyyy 3.00 Gb Total Physical Memory | 3.00 Gb Available Physical Memory | 92.00% Memory free 3.00 Gb Paging File | 3.00 Gb Available in Paging File | 98.00% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = D: | %SystemRoot% = D:\Windows | %ProgramFiles% = D:\Program Files Drive C: | 100.00 Mb Total Space | 74.36 Mb Free Space | 74.37% Space Free | Partition Type: NTFS Drive D: | 465.66 Gb Total Space | 447.61 Gb Free Space | 96.12% Space Free | Partition Type: NTFS Drive E: | 3.73 Gb Total Space | 2.90 Gb Free Space | 77.78% Space Free | Partition Type: FAT32 Drive X: | 434.99 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS Computer Name: REATOGO | User Name: SYSTEM Boot Mode: Normal | Scan Mode: All users Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days Using ControlSet: ControlSet001 ========== Win32 Services (SafeList) ========== SRV - File not found [Disabled] -- D:\Windows\System32\ZoneLabs\vsmon.exe -- (vsmon) SRV - File not found [Auto] -- D:\Program Files\CheckPoint\ZAForceField\IswSvc.exe -- (IswSvc) SRV - [2010/11/12 03:58:00 | 006,582,272 | ---- | M] () [On_Demand] -- D:\wamp\bin\mysql\mysql5.1.36\bin\mysqld.exe -- (wampmysqld) SRV - [2010/11/12 03:57:56 | 000,028,672 | ---- | M] (Apache Software Foundation) [On_Demand] -- D:\wamp\bin\apache\apache2.2.11\bin\httpd.exe -- (wampapache) SRV - [2010/09/30 11:07:06 | 001,343,400 | ---- | M] (Microsoft Corporation) [On_Demand] -- D:\Windows\System32\Wat\WatAdminSvc.exe -- (WatAdminSvc) SRV - [2010/09/27 08:49:10 | 000,116,104 | ---- | M] (LogMeIn, Inc.) [Auto] -- D:\Program Files\LogMeIn\x86\RaMaint.exe -- (LMIMaint) SRV - [2010/09/27 08:47:14 | 000,374,152 | ---- | M] (LogMeIn, Inc.) [Auto] -- D:\Program Files\LogMeIn\x86\LMIGuardianSvc.exe -- (LMIGuardianSvc) SRV - [2010/09/07 11:11:59 | 000,040,384 | ---- | M] (AVAST Software) [On_Demand] -- D:\Program Files\Alwil Software\Avast5\AvastSvc.exe -- (avast! Web Scanner) SRV - [2010/09/07 11:11:59 | 000,040,384 | ---- | M] (AVAST Software) [On_Demand] -- D:\Program Files\Alwil Software\Avast5\AvastSvc.exe -- (avast! Mail Scanner) SRV - [2010/09/07 11:11:59 | 000,040,384 | ---- | M] (AVAST Software) [Auto] -- D:\Program Files\Alwil Software\Avast5\AvastSvc.exe -- (avast! Antivirus) SRV - [2010/05/31 05:31:10 | 000,063,040 | ---- | M] (LogMeIn, Inc.) [Auto] -- D:\Program Files\LogMeIn\x86\LogMeIn.exe -- (LogMeIn) SRV - [2010/03/18 06:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto] -- D:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32) SRV - [2009/12/16 09:44:36 | 003,750,400 | ---- | M] (SafeNet Inc.) [Auto] -- D:\Windows\System32\hasplms.exe -- (hasplms) SRV - [2009/07/13 20:16:21 | 000,185,856 | ---- | M] (Microsoft Corporation) [On_Demand] -- D:\Windows\System32\wwansvc.dll -- (WwanSvc) SRV - [2009/07/13 20:16:17 | 000,151,552 | ---- | M] (Microsoft Corporation) [On_Demand] -- D:\Windows\System32\wbiosrvc.dll -- (WbioSrvc) SRV - [2009/07/13 20:16:17 | 000,119,808 | ---- | M] (Microsoft Corporation) [Auto] -- D:\Windows\System32\umpo.dll -- (Power) SRV - [2009/07/13 20:16:16 | 000,037,376 | ---- | M] (Microsoft Corporation) [Auto] -- D:\Windows\System32\themeservice.dll -- (Themes) SRV - [2009/07/13 20:16:15 | 000,053,760 | ---- | M] (Microsoft Corporation) [On_Demand] -- D:\Windows\System32\sppuinotify.dll -- (sppuinotify) SRV - [2009/07/13 20:16:15 | 000,016,384 | ---- | M] (Microsoft Corporation) [On_Demand] -- D:\Windows\System32\StorSvc.dll -- (StorSvc) SRV - [2009/07/13 20:16:13 | 000,043,520 | ---- | M] (Microsoft Corporation) [Auto] -- D:\Windows\System32\RpcEpMap.dll -- (RpcEptMapper) SRV - [2009/07/13 20:16:13 | 000,025,088 | ---- | M] (Microsoft Corporation) [On_Demand] -- D:\Windows\System32\sensrsvc.dll -- (SensrSvc) SRV - [2009/07/13 20:16:12 | 001,004,544 | ---- | M] (Microsoft Corporation) [On_Demand] -- D:\Windows\System32\PeerDistSvc.dll -- (PeerDistSvc) SRV - [2009/07/13 20:16:12 | 000,269,824 | ---- | M] (Microsoft Corporation) [On_Demand] -- D:\Windows\System32\pnrpsvc.dll -- (PNRPsvc) SRV - [2009/07/13 20:16:12 | 000,269,824 | ---- | M] (Microsoft Corporation) [On_Demand] -- D:\Windows\System32\pnrpsvc.dll -- (p2pimsvc) SRV - [2009/07/13 20:16:12 | 000,165,376 | ---- | M] (Microsoft Corporation) [On_Demand] -- D:\Windows\System32\provsvc.dll -- (HomeGroupProvider) SRV - [2009/07/13 20:16:12 | 000,020,480 | ---- | M] (Microsoft Corporation) [On_Demand] -- D:\Windows\System32\pnrpauto.dll -- (PNRPAutoReg) SRV - [2009/07/13 20:15:41 | 000,680,960 | ---- | M] (Microsoft Corporation) [On_Demand] -- D:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend) SRV - [2009/07/13 20:15:36 | 000,194,560 | ---- | M] (Microsoft Corporation) [On_Demand] -- D:\Windows\System32\ListSvc.dll -- (HomeGroupListener) SRV - [2009/07/13 20:15:21 | 000,797,696 | ---- | M] (Microsoft Corporation) [On_Demand] -- D:\Windows\System32\FntCache.dll -- (FontCache) SRV - [2009/07/13 20:15:11 | 000,253,440 | ---- | M] (Microsoft Corporation) [Auto] -- D:\Windows\System32\dhcpcore.dll -- (Dhcp) SRV - [2009/07/13 20:15:10 | 000,218,624 | ---- | M] (Microsoft Corporation) [On_Demand] -- D:\Windows\System32\defragsvc.dll -- (defragsvc) SRV - [2009/07/13 20:14:59 | 000,076,800 | ---- | M] (Microsoft Corporation) [On_Demand] -- D:\Windows\System32\bdesvc.dll -- (BDESVC) SRV - [2009/07/13 20:14:58 | 000,088,064 | ---- | M] (Microsoft Corporation) [On_Demand] -- D:\Windows\System32\AxInstSv.dll -- (AxInstSV) SRV - [2009/07/13 20:14:53 | 000,027,648 | ---- | M] (Microsoft Corporation) [On_Demand] -- D:\Windows\System32\appidsvc.dll -- (AppIDSvc) SRV - [2009/07/13 20:14:29 | 003,179,520 | ---- | M] (Microsoft Corporation) [Auto] -- D:\Windows\System32\sppsvc.exe -- (sppsvc) ========== Driver Services (SafeList) ========== DRV - File not found [Kernel | Disabled] -- D:\Windows\System32\DRIVERS\vsdatant.sys -- (Vsdatant) DRV - File not found [Kernel | Auto] -- D:\Program Files\CheckPoint\ZAForceField\ISWKL.sys -- (ISWKL) DRV - [2010/09/27 08:50:44 | 000,083,360 | ---- | M] (LogMeIn, Inc.) [File_System | Disabled] -- D:\Windows\System32\LMIRfsClientNP.dll -- (LMIRfsClientNP) DRV - [2010/09/07 10:52:25 | 000,046,672 | ---- | M] (AVAST Software) [Kernel | System] -- D:\Windows\System32\drivers\aswTdi.sys -- (aswTdi) DRV - [2010/09/07 10:52:03 | 000,165,584 | ---- | M] (AVAST Software) [Kernel | System] -- D:\Windows\System32\drivers\aswSP.sys -- (aswSP) DRV - [2010/09/07 10:47:46 | 000,023,376 | ---- | M] (AVAST Software) [Kernel | System] -- D:\Windows\System32\drivers\aswRdr.sys -- (aswRdr) DRV - [2010/09/07 10:47:30 | 000,050,768 | ---- | M] (AVAST Software) [File_System | Auto] -- D:\Windows\System32\drivers\aswMonFlt.sys -- (aswMonFlt) DRV - [2010/09/07 10:47:07 | 000,017,744 | ---- | M] (AVAST Software) [File_System | Auto] -- D:\Windows\System32\drivers\aswFsBlk.sys -- (aswFsBlk) DRV - [2010/05/31 05:31:12 | 000,012,856 | ---- | M] (LogMeIn, Inc.) [Kernel | Auto] -- D:\Program Files\LogMeIn\x86\rainfo.sys -- (LMIInfo) DRV - [2010/05/31 05:31:10 | 000,047,640 | ---- | M] (LogMeIn, Inc.) [File_System | Auto] -- D:\Windows\System32\drivers\LMIRfsDriver.sys -- (LMIRfsDriver) DRV - [2010/04/06 05:13:58 | 003,066,912 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand] -- D:\Windows\System32\drivers\RTKVHDA.sys -- (IntcAzAudAddService) Service for Realtek HD Audio (WDM) DRV - [2010/03/22 04:57:18 | 000,278,560 | ---- | M] (Realtek ) [Kernel | On_Demand] -- D:\Windows\System32\drivers\Rt86win7.sys -- (RTL8167) DRV - [2009/12/11 02:44:02 | 000,133,720 | ---- | M] (Microsoft Corporation) [Kernel | Boot] -- D:\Windows\System32\drivers\ksecpkg.sys -- (KSecPkg) DRV - [2009/12/09 14:27:18 | 000,588,800 | ---- | M] (SafeNet Inc.) [Kernel | Auto] -- D:\Windows\System32\drivers\hardlock.sys -- (hardlock) DRV - [2009/09/23 12:18:14 | 004,808,192 | ---- | M] (Intel Corporation) [Kernel | On_Demand] -- D:\Windows\System32\drivers\igdkmd32.sys -- (igfx) DRV - [2009/08/20 00:01:50 | 000,356,864 | ---- | M] (Aladdin Knowledge Systems Ltd.) [Kernel | Auto] -- D:\Windows\System32\drivers\aksfridge.sys -- (aksfridge) DRV - [2009/07/13 20:26:21 | 000,015,952 | ---- | M] (CMD Technology, Inc.) [Kernel | On_Demand] -- D:\Windows\system32\DRIVERS\cmdide.sys -- (cmdide) DRV - [2009/07/13 20:26:17 | 000,297,552 | ---- | M] (Adaptec, Inc.) [Kernel | On_Demand] -- D:\Windows\system32\DRIVERS\adpahci.sys -- (adpahci) DRV - [2009/07/13 20:26:15 | 000,422,976 | ---- | M] (Adaptec, Inc.) [Kernel | On_Demand] -- D:\Windows\system32\DRIVERS\adp94xx.sys -- (adp94xx) DRV - [2009/07/13 20:26:15 | 000,159,312 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand] -- D:\Windows\system32\DRIVERS\amdsbs.sys -- (amdsbs) DRV - [2009/07/13 20:26:15 | 000,146,512 | ---- | M] (Adaptec, Inc.) [Kernel | On_Demand] -- D:\Windows\system32\DRIVERS\adpu320.sys -- (adpu320) DRV - [2009/07/13 20:26:15 | 000,086,608 | ---- | M] (Adaptec, Inc.) [Kernel | On_Demand] -- D:\Windows\system32\DRIVERS\arcsas.sys -- (arcsas) DRV - [2009/07/13 20:26:15 | 000,079,952 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand] -- D:\Windows\system32\DRIVERS\amdsata.sys -- (amdsata) DRV - [2009/07/13 20:26:15 | 000,076,368 | ---- | M] (Adaptec, Inc.) [Kernel | On_Demand] -- D:\Windows\system32\DRIVERS\arc.sys -- (arc) DRV - [2009/07/13 20:26:15 | 000,023,616 | ---- | M] (Advanced Micro Devices) [Kernel | Boot] -- D:\Windows\System32\drivers\amdxata.sys -- (amdxata) DRV - [2009/07/13 20:26:15 | 000,014,400 | ---- | M] (Acer Laboratories Inc.) [Kernel | On_Demand] -- D:\Windows\system32\DRIVERS\aliide.sys -- (aliide) DRV - [2009/07/13 20:20:44 | 000,142,416 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand] -- D:\Windows\system32\DRIVERS\nvstor.sys -- (nvstor) DRV - [2009/07/13 20:20:44 | 000,117,312 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand] -- D:\Windows\system32\DRIVERS\nvraid.sys -- (nvraid) DRV - [2009/07/13 20:20:44 | 000,044,624 | ---- | M] (IBM Corporation) [Kernel | On_Demand] -- D:\Windows\system32\DRIVERS\nfrd960.sys -- (nfrd960) DRV - [2009/07/13 20:20:37 | 000,089,168 | ---- | M] (LSI Corporation) [Kernel | On_Demand] -- D:\Windows\system32\DRIVERS\lsi_sas.sys -- (LSI_SAS) DRV - [2009/07/13 20:20:36 | 000,332,352 | ---- | M] (Intel Corporation) [Kernel | On_Demand] -- D:\Windows\system32\DRIVERS\iaStorV.sys -- (iaStorV) DRV - [2009/07/13 20:20:36 | 000,235,584 | ---- | M] (LSI Corporation, Inc.) [Kernel | On_Demand] -- D:\Windows\system32\DRIVERS\MegaSR.sys -- (MegaSR) DRV - [2009/07/13 20:20:36 | 000,096,848 | ---- | M] (LSI Corporation) [Kernel | On_Demand] -- D:\Windows\system32\DRIVERS\lsi_scsi.sys -- (LSI_SCSI) DRV - [2009/07/13 20:20:36 | 000,095,824 | ---- | M] (LSI Corporation) [Kernel | On_Demand] -- D:\Windows\system32\DRIVERS\lsi_fc.sys -- (LSI_FC) DRV - [2009/07/13 20:20:36 | 000,054,864 | ---- | M] (LSI Corporation) [Kernel | On_Demand] -- D:\Windows\system32\DRIVERS\lsi_sas2.sys -- (LSI_SAS2) DRV - [2009/07/13 20:20:36 | 000,041,040 | ---- | M] (Intel Corp./ICP vortex GmbH) [Kernel | On_Demand] -- D:\Windows\system32\DRIVERS\iirsp.sys -- (iirsp) DRV - [2009/07/13 20:20:36 | 000,030,800 | ---- | M] (LSI Corporation) [Kernel | On_Demand] -- D:\Windows\system32\DRIVERS\megasas.sys -- (megasas) DRV - [2009/07/13 20:20:36 | 000,013,904 | ---- | M] (Microsoft Corporation) [Kernel | Boot] -- D:\Windows\System32\drivers\hwpolicy.sys -- (hwpolicy) DRV - [2009/07/13 20:20:28 | 000,453,712 | ---- | M] (Emulex) [Kernel | On_Demand] -- D:\Windows\system32\DRIVERS\elxstor.sys -- (elxstor) DRV - [2009/07/13 20:20:28 | 000,070,720 | ---- | M] (Adaptec, Inc.) [Kernel | On_Demand] -- D:\Windows\system32\DRIVERS\djsvs.sys -- (aic78xx) DRV - [2009/07/13 20:20:28 | 000,067,152 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand] -- D:\Windows\system32\DRIVERS\HpSAMD.sys -- (HpSAMD) DRV - [2009/07/13 20:20:28 | 000,046,160 | ---- | M] (Microsoft Corporation) [File_System | On_Demand] -- D:\Windows\System32\drivers\fsdepends.sys -- (FsDepends) DRV - [2009/07/13 20:19:11 | 000,141,904 | ---- | M] (VIA Technologies Inc.,Ltd) [Kernel | On_Demand] -- D:\Windows\system32\DRIVERS\vsmraid.sys -- (vsmraid) DRV - [2009/07/13 20:19:10 | 000,175,824 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- D:\Windows\system32\DRIVERS\vmbus.sys -- (vmbus) DRV - [2009/07/13 20:19:10 | 000,159,824 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- D:\Windows\system32\DRIVERS\vhdmp.sys -- (vhdmp) DRV - [2009/07/13 20:19:10 | 000,040,896 | ---- | M] (Microsoft Corporation) [Kernel | Boot] -- D:\Windows\System32\drivers\vmstorfl.sys -- (storflt) DRV - [2009/07/13 20:19:10 | 000,032,832 | ---- | M] (Microsoft Corporation) [Kernel | Boot] -- D:\Windows\System32\drivers\vdrvroot.sys -- (vdrvroot) DRV - [2009/07/13 20:19:10 | 000,028,224 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- D:\Windows\system32\DRIVERS\storvsc.sys -- (storvsc) DRV - [2009/07/13 20:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand] -- D:\Windows\System32\drivers\wimmount.sys -- (WIMMount) DRV - [2009/07/13 20:19:10 | 000,016,976 | ---- | M] (VIA Technologies, Inc.) [Kernel | On_Demand] -- D:\Windows\system32\DRIVERS\viaide.sys -- (viaide) DRV - [2009/07/13 20:19:04 | 001,383,488 | ---- | M] (QLogic Corporation) [Kernel | On_Demand] -- D:\Windows\system32\DRIVERS\ql2300.sys -- (ql2300) DRV - [2009/07/13 20:19:04 | 000,173,648 | ---- | M] (Microsoft Corporation) [Kernel | Boot] -- D:\Windows\System32\drivers\rdyboost.sys -- (rdyboost) DRV - [2009/07/13 20:19:04 | 000,106,064 | ---- | M] (QLogic Corporation) [Kernel | On_Demand] -- D:\Windows\system32\DRIVERS\ql40xx.sys -- (ql40xx) DRV - [2009/07/13 20:19:04 | 000,077,888 | ---- | M] (Silicon Integrated Systems) [Kernel | On_Demand] -- D:\Windows\system32\DRIVERS\sisraid4.sys -- (SiSRaid4) DRV - [2009/07/13 20:19:04 | 000,043,088 | ---- | M] (Microsoft Corporation) [Kernel | Boot] -- D:\Windows\System32\drivers\pcw.sys -- (pcw) DRV - [2009/07/13 20:19:04 | 000,040,016 | ---- | M] (Silicon Integrated Systems Corp.) [Kernel | On_Demand] -- D:\Windows\system32\DRIVERS\SiSRaid2.sys -- (SiSRaid2) DRV - [2009/07/13 20:19:04 | 000,021,072 | ---- | M] (Promise Technology) [Kernel | On_Demand] -- D:\Windows\system32\DRIVERS\stexstor.sys -- (stexstor) DRV - [2009/07/13 20:17:54 | 000,369,568 | ---- | M] (Microsoft Corporation) [Kernel | Boot] -- D:\Windows\System32\drivers\cng.sys -- (CNG) DRV - [2009/07/13 19:57:25 | 000,272,128 | ---- | M] (Brother Industries Ltd.) [Kernel | On_Demand] -- D:\Windows\System32\Drivers\Brserid.sys -- (Brserid) Brother MFC Serial Port Interface Driver (WDM) DRV - [2009/07/13 19:02:41 | 000,018,944 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- D:\Windows\System32\drivers\rdpbus.sys -- (rdpbus) DRV - [2009/07/13 19:01:41 | 000,007,168 | ---- | M] (Microsoft Corporation) [Kernel | System] -- D:\Windows\System32\drivers\RDPREFMP.sys -- (RDPREFMP) DRV - [2009/07/13 18:55:00 | 000,049,152 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- D:\Windows\System32\drivers\agilevpn.sys -- (RasAgileVpn) WAN Miniport (IKEv2) DRV - [2009/07/13 18:53:51 | 000,009,728 | ---- | M] (Microsoft Corporation) [Kernel | System] -- D:\Windows\System32\drivers\wfplwf.sys -- (WfpLwf) DRV - [2009/07/13 18:52:44 | 000,027,136 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- D:\Windows\System32\drivers\ndiscap.sys -- (NdisCap) DRV - [2009/07/13 18:52:04 | 000,048,128 | ---- | M] (Microsoft Corporation) [Kernel | System] -- D:\Windows\System32\drivers\vwififlt.sys -- (vwififlt) DRV - [2009/07/13 18:52:02 | 000,019,968 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- D:\Windows\System32\drivers\vwifibus.sys -- (vwifibus) DRV - [2009/07/13 18:52:00 | 000,163,328 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- D:\Windows\system32\DRIVERS\1394ohci.sys -- (1394ohci) DRV - [2009/07/13 18:51:35 | 000,008,192 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- D:\Windows\system32\DRIVERS\umpass.sys -- (UmPass) DRV - [2009/07/13 18:51:08 | 000,004,096 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- D:\Windows\System32\drivers\mshidkmdf.sys -- (mshidkmdf) DRV - [2009/07/13 18:46:55 | 000,012,288 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- D:\Windows\system32\DRIVERS\MTConfig.sys -- (MTConfig) DRV - [2009/07/13 18:45:26 | 000,031,232 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- D:\Windows\System32\drivers\CompositeBus.sys -- (CompositeBus) DRV - [2009/07/13 18:36:52 | 000,050,176 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- D:\Windows\system32\drivers\appid.sys -- (AppID) DRV - [2009/07/13 18:33:50 | 000,026,624 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- D:\Windows\System32\drivers\scfilter.sys -- (scfilter) DRV - [2009/07/13 18:28:47 | 000,005,632 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- D:\Windows\system32\DRIVERS\vms3cap.sys -- (s3cap) DRV - [2009/07/13 18:28:45 | 000,017,920 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- D:\Windows\system32\DRIVERS\VMBusHID.sys -- (VMBusHID) DRV - [2009/07/13 18:24:05 | 000,032,256 | ---- | M] (Microsoft Corporation) [Kernel | System] -- D:\Windows\System32\drivers\discache.sys -- (discache) DRV - [2009/07/13 18:16:36 | 000,009,728 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- D:\Windows\system32\DRIVERS\acpipmi.sys -- (AcpiPmi) DRV - [2009/07/13 18:11:04 | 000,052,736 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- D:\Windows\system32\DRIVERS\amdppm.sys -- (AmdPPM) DRV - [2009/07/13 17:54:14 | 000,026,624 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand] -- D:\Windows\system32\drivers\hcw85cir.sys -- (hcw85cir) DRV - [2009/07/13 17:53:33 | 000,012,160 | ---- | M] (Brother Industries Ltd.) [Kernel | On_Demand] -- D:\Windows\System32\Drivers\BrUsbMdm.sys -- (BrUsbMdm) DRV - [2009/07/13 17:53:33 | 000,011,904 | ---- | M] (Brother Industries Ltd.) [Kernel | On_Demand] -- D:\Windows\System32\Drivers\BrUsbSer.sys -- (BrUsbSer) DRV - [2009/07/13 17:53:32 | 000,062,336 | ---- | M] (Brother Industries Ltd.) [Kernel | On_Demand] -- D:\Windows\System32\Drivers\BrSerWdm.sys -- (BrSerWdm) DRV - [2009/07/13 17:53:28 | 000,013,568 | ---- | M] (Brother Industries, Ltd.) [Kernel | On_Demand] -- D:\Windows\system32\DRIVERS\BrFiltLo.sys -- (BrFiltLo) DRV - [2009/07/13 17:53:28 | 000,005,248 | ---- | M] (Brother Industries, Ltd.) [Kernel | On_Demand] -- D:\Windows\system32\DRIVERS\BrFiltUp.sys -- (BrFiltUp) DRV - [2009/07/13 17:02:53 | 000,545,792 | ---- | M] (Ralink Technology, Corp.) [Kernel | On_Demand] -- D:\Windows\System32\drivers\netr73.sys -- (netr73) DRV - [2009/07/13 17:02:49 | 000,229,888 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand] -- D:\Windows\System32\drivers\b57nd60x.sys -- (b57nd60x) DRV - [2009/07/13 17:02:48 | 003,100,160 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand] -- D:\Windows\system32\DRIVERS\evbdx.sys -- (ebdrv) DRV - [2009/07/13 17:02:48 | 000,430,080 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand] -- D:\Windows\system32\DRIVERS\bxvbdx.sys -- (b06bdrv) DRV - [2009/06/22 02:06:32 | 000,016,384 | ---- | M] (Aladdin Knowledge Systems Ltd.) [Kernel | On_Demand] -- D:\Windows\System32\drivers\aksusb.sys -- (aksusb) DRV - [2009/03/13 03:55:26 | 000,238,208 | ---- | M] (Aladdin Knowledge Systems Ltd.) [Kernel | On_Demand] -- D:\Windows\System32\drivers\akshasp.sys -- (akshasp) DRV - [2007/07/23 07:12:44 | 000,046,336 | ---- | M] (Aladdin Knowledge Systems Ltd.) [Kernel | On_Demand] -- D:\Windows\System32\drivers\akshhl.sys -- (akshhl) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\Carles_ON_D\Software\Microsoft\Internet Explorer\Main,Start Page = Google IE - HKU\Carles_ON_D\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = MSN : Hotmail, Messenger, Bing, Actualité et Sport IE - HKU\Carles_ON_D\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = fr IE - HKU\Carles_ON_D\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 26 E1 6C C3 73 64 CB 01 [binary data] IE - HKU\Carles_ON_D\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 FF - HKLM\software\mozilla\Firefox\Extensions\\{FFB96CC1-7EB3-449D-B827-DB661701C6BB}: C:\Program Files\CheckPoint\ZAForceField\TrustChecker O1 HOSTS File: ([2010/10/05 05:48:45 | 000,000,022 | ---- | M]) - D:\Windows\System32\drivers\etc\hosts O1 - Hosts: 127.0.0.1 vetoos.com O2 - BHO: (ZoneAlarm Toolbar Registrar) - {8A4A36C2-0535-4D2C-BD3D-496CB7EED6E3} - D:\Program Files\CheckPoint\ZAForceField\TrustChecker\bin\TrustCheckerIEPlugin.dll File not found O3 - HKLM\..\Toolbar: (ZoneAlarm Toolbar) - {EE2AC4E5-B0B0-4EC6-88A9-BCA1A32AB107} - D:\Program Files\CheckPoint\ZAForceField\TrustChecker\bin\TrustCheckerIEPlugin.dll File not found O3 - HKU\Carles_ON_D\..\Toolbar\WebBrowser: (ZoneAlarm Toolbar) - {EE2AC4E5-B0B0-4EC6-88A9-BCA1A32AB107} - D:\Program Files\CheckPoint\ZAForceField\TrustChecker\bin\TrustCheckerIEPlugin.dll File not found O4 - HKLM..\Run: [avast5] D:\Program Files\Alwil Software\Avast5\avastUI.exe (AVAST Software) O4 - HKLM..\Run: [iSW] D:\Program Files\CheckPoint\ZAForceField\ForceField.exe File not found O4 - HKLM..\Run: [LogMeIn GUI] D:\Program Files\LogMeIn\x86\LogMeInSystray.exe (LogMeIn, Inc.) O4 - HKLM..\Run: [RtHDVCpl] D:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe (Realtek Semiconductor) O4 - HKLM..\Run: [ZoneAlarm Client] D:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe File not found O4 - HKU\LocalService_ON_D..\RunOnce: [mctadmin] D:\Windows\System32\mctadmin.exe (Microsoft Corporation) O4 - HKU\LogMeInRemoteUser_ON_D..\RunOnce: [mctadmin] D:\Windows\System32\mctadmin.exe (Microsoft Corporation) O4 - HKU\NetworkService_ON_D..\RunOnce: [mctadmin] D:\Windows\System32\mctadmin.exe (Microsoft Corporation) O4 - Startup: Error locating startup folders. O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3 O13 - gopher Prefix: missing O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22) O16 - DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22) O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1 O18 - Protocol\Handler\wlmailhtml {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - D:\Program Files\Windows Live\Mail\mailcomm.dll (Microsoft Corporation) O20 - HKLM Winlogon: Shell - (explorer.exe) - D:\Windows\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - D:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation) O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found O20 - Winlogon\Notify\igfxcui: DllName - igfxdev.dll - D:\Windows\System32\igfxdev.dll (Intel Corporation) O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found. O30 - LSA: Security Packages - (pku2u) - D:\Windows\System32\pku2u.dll (Microsoft Corporation) O30 - LSA: Security Packages - (livessp) - D:\Windows\System32\livessp.dll (Microsoft Corp.) O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2009/06/10 16:42:20 | 000,000,024 | ---- | M] () - D:\autoexec.bat -- [ NTFS ] O32 - AutoRun File - [2006/03/24 06:06:41 | 000,000,053 | R--- | M] () - X:\AUTORUN.INF -- [ CDFS ] O34 - HKLM BootExecute: (autocheck autochk *) - File not found O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* NetSvcs: FastUserSwitchingCompatibility - File not found NetSvcs: Ias - File not found NetSvcs: Nla - File not found NetSvcs: Ntmssvc - File not found NetSvcs: NWCWorkstation - File not found NetSvcs: Nwsapagent - File not found NetSvcs: SRService - File not found NetSvcs: WmdmPmSp - File not found NetSvcs: LogonHours - File not found NetSvcs: PCAudit - File not found NetSvcs: helpsvc - File not found NetSvcs: uploadmgr - File not found NetSvcs: Themes - D:\Windows\System32\themeservice.dll (Microsoft Corporation) NetSvcs: BDESVC - D:\Windows\System32\bdesvc.dll (Microsoft Corporation) SafeBootMin: Base - Driver Group SafeBootMin: Boot Bus Extender - Driver Group SafeBootMin: Boot file system - Driver Group SafeBootMin: File system - Driver Group SafeBootMin: Filter - Driver Group SafeBootMin: HelpSvc - Service SafeBootMin: NTDS - File not found SafeBootMin: PCI Configuration - Driver Group SafeBootMin: PNP Filter - Driver Group SafeBootMin: Power - D:\Windows\System32\umpo.dll (Microsoft Corporation) SafeBootMin: Primary disk - Driver Group SafeBootMin: RpcEptMapper - D:\Windows\System32\RpcEpMap.dll (Microsoft Corporation) SafeBootMin: sacsvr - Service SafeBootMin: SCSI Class - Driver Group SafeBootMin: System Bus Extender - Driver Group SafeBootMin: vmms - Service SafeBootMin: WinDefend - D:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation) SafeBootMin: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers SafeBootMin: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive SafeBootMin: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive SafeBootMin: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller SafeBootMin: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc SafeBootMin: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard SafeBootMin: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse SafeBootMin: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters SafeBootMin: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter SafeBootMin: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System SafeBootMin: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive SafeBootMin: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy SafeBootMin: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers SafeBootMin: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume SafeBootMin: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices SafeBootMin: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices SafeBootMin: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices SafeBootNet: Base - Driver Group SafeBootNet: Boot Bus Extender - Driver Group SafeBootNet: Boot file system - Driver Group SafeBootNet: Dhcp - D:\Windows\System32\dhcpcore.dll (Microsoft Corporation) SafeBootNet: File system - Driver Group SafeBootNet: Filter - Driver Group SafeBootNet: HelpSvc - Service SafeBootNet: Messenger - Service SafeBootNet: NDIS Wrapper - Driver Group SafeBootNet: ndiscap - D:\Windows\System32\drivers\ndiscap.sys (Microsoft Corporation) SafeBootNet: NetBIOSGroup - Driver Group SafeBootNet: NetDDEGroup - Driver Group SafeBootNet: Network - Driver Group SafeBootNet: NetworkProvider - Driver Group SafeBootNet: NTDS - File not found SafeBootNet: PCI Configuration - Driver Group SafeBootNet: PNP Filter - Driver Group SafeBootNet: PNP_TDI - Driver Group SafeBootNet: Power - D:\Windows\System32\umpo.dll (Microsoft Corporation) SafeBootNet: Primary disk - Driver Group SafeBootNet: rdsessmgr - Service SafeBootNet: RpcEptMapper - D:\Windows\System32\RpcEpMap.dll (Microsoft Corporation) SafeBootNet: sacsvr - Service SafeBootNet: SCSI Class - Driver Group SafeBootNet: Streams Drivers - Driver Group SafeBootNet: System Bus Extender - Driver Group SafeBootNet: TDI - Driver Group SafeBootNet: vmms - Service SafeBootNet: vsmon - D:\Windows\System32\ZoneLabs\vsmon.exe File not found SafeBootNet: WinDefend - D:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation) SafeBootNet: WudfUsbccidDriver - Driver SafeBootNet: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers SafeBootNet: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive SafeBootNet: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive SafeBootNet: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller SafeBootNet: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc SafeBootNet: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard SafeBootNet: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse SafeBootNet: {4D36E972-E325-11CE-BFC1-08002BE10318} - Net SafeBootNet: {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient SafeBootNet: {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService SafeBootNet: {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans SafeBootNet: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters SafeBootNet: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter SafeBootNet: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System SafeBootNet: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive SafeBootNet: {50DD5230-BA8A-11D1-BF5D-0000F805F530} - Smart card readers SafeBootNet: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy SafeBootNet: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers SafeBootNet: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume SafeBootNet: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices SafeBootNet: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices SafeBootNet: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices ActiveX: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Java (Sun) ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 12.0 ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack ActiveX: {3C3901C5-3455-3E0A-A214-0B093A5070A6} - .NET Framework ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Windows Mail\WinMail.exe" OCInstallUserConfigOE ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6 ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7 ActiveX: {7C028AF8-F614-47B3-82DA-BA94E41B1089} - .NET Framework ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\System32\ie4uinit.exe -BaseSettings ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\system32\Rundll32.exe C:\Windows\system32\mscories.dll,Install ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding ActiveX: {C6BAF60B-6E91-453F-BFF9-D3789CFEFCDD} - .NET Framework ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - %SystemRoot%\system32\unregmp2.exe /ShowWMP ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\System32\ie4uinit.exe -UserIconConfig ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\iedkcs32.dll",BrandIEActiveSetup SIGNUP Drivers32: msacm.l3acm - D:\Windows\System32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS) Drivers32: vidc.cvid - D:\Windows\System32\iccvid.dll (Radius Inc.) ========== Files/Folders - Created Within 30 Days ========== [2010/11/24 07:42:13 | 000,000,000 | ---D | C] -- D:\Program Files\CCleaner [2010/11/17 11:11:16 | 001,388,544 | ---- | C] (Microsoft Corporation) -- D:\Windows\System32\temp.017 [2010/11/17 11:11:16 | 000,614,672 | ---- | C] (Microsoft Corporation) -- D:\Windows\System32\temp.016 [2010/11/17 11:11:16 | 000,164,112 | ---- | C] (Microsoft Corporation) -- D:\Windows\System32\temp.015 [2010/11/17 11:11:16 | 000,151,552 | ---- | C] (Microsoft Corporation) -- D:\Windows\System32\temp.01A [2010/11/17 11:11:16 | 000,147,728 | ---- | C] (Microsoft Corporation) -- D:\Windows\System32\temp.019 [2010/11/17 11:11:16 | 000,022,288 | ---- | C] (Microsoft Corporation) -- D:\Windows\System32\temp.018 [2010/11/17 11:11:15 | 001,129,472 | ---- | C] (Microsoft Corporation) -- D:\Windows\System32\temp.014 [2010/11/17 11:11:15 | 000,583,680 | ---- | C] (Microsoft Corporation) -- D:\Windows\System32\temp.012 [2010/11/17 11:11:15 | 000,044,032 | ---- | C] (Microsoft Corporation) -- D:\Windows\System32\temp.013 [2010/11/17 02:59:08 | 000,000,000 | ---D | C] -- D:\Program Files\Common Files\Java [2010/11/12 03:53:04 | 000,083,360 | ---- | C] (LogMeIn, Inc.) -- D:\Windows\System32\LMIRfsClientNP.dll [2010/11/12 03:53:04 | 000,047,640 | ---- | C] (LogMeIn, Inc.) -- D:\Windows\System32\drivers\LMIRfsDriver.sys [2010/11/12 03:53:04 | 000,029,568 | ---- | C] (LogMeIn, Inc.) -- D:\Windows\System32\LMIport.dll [2010/11/12 03:53:03 | 000,087,424 | ---- | C] (LogMeIn, Inc.) -- D:\Windows\System32\LMIinit.dll [2010/11/12 03:52:55 | 000,000,000 | ---D | C] -- D:\Program Files\LogMeIn [2010/11/09 04:12:22 | 000,017,744 | ---- | C] (AVAST Software) -- D:\Windows\System32\drivers\aswFsBlk.sys [2010/11/09 04:12:21 | 000,165,584 | ---- | C] (AVAST Software) -- D:\Windows\System32\drivers\aswSP.sys [2010/11/09 04:12:21 | 000,023,376 | ---- | C] (AVAST Software) -- D:\Windows\System32\drivers\aswRdr.sys [2010/11/09 04:12:19 | 000,046,672 | ---- | C] (AVAST Software) -- D:\Windows\System32\drivers\aswTdi.sys [2010/11/09 04:12:18 | 000,050,768 | ---- | C] (AVAST Software) -- D:\Windows\System32\drivers\aswMonFlt.sys [2010/11/09 04:12:09 | 000,167,592 | ---- | C] (AVAST Software) -- D:\Windows\System32\aswBoot.exe [2010/11/09 04:12:09 | 000,038,848 | ---- | C] (AVAST Software) -- D:\Windows\avastSS.scr [2010/11/09 04:12:07 | 000,000,000 | ---D | C] -- D:\Program Files\Alwil Software [2010/11/08 11:10:56 | 001,388,544 | ---- | C] (Microsoft Corporation) -- D:\Windows\System32\temp.00E [2010/11/08 11:10:56 | 000,614,672 | ---- | C] (Microsoft Corporation) -- D:\Windows\System32\temp.00D [2010/11/08 11:10:56 | 000,164,112 | ---- | C] (Microsoft Corporation) -- D:\Windows\System32\temp.00C [2010/11/08 11:10:56 | 000,151,552 | ---- | C] (Microsoft Corporation) -- D:\Windows\System32\temp.011 [2010/11/08 11:10:56 | 000,147,728 | ---- | C] (Microsoft Corporation) -- D:\Windows\System32\temp.010 [2010/11/08 11:10:56 | 000,022,288 | ---- | C] (Microsoft Corporation) -- D:\Windows\System32\temp.00F [2010/11/08 11:10:55 | 001,129,472 | ---- | C] (Microsoft Corporation) -- D:\Windows\System32\temp.00B [2010/11/08 11:10:55 | 000,583,680 | ---- | C] (Microsoft Corporation) -- D:\Windows\System32\temp.009 [2010/11/08 11:10:55 | 000,044,032 | ---- | C] (Microsoft Corporation) -- D:\Windows\System32\temp.00A [2010/11/08 11:10:51 | 000,000,000 | ---D | C] -- D:\TRANSNET_V4 [2010/11/03 06:36:53 | 000,000,000 | ---D | C] -- D:\Windows\PCHEALTH [2010/11/03 06:36:34 | 000,000,000 | ---D | C] -- D:\Program Files\Windows Live [2010/11/03 06:36:00 | 000,000,000 | ---D | C] -- D:\Program Files\Microsoft Silverlight [2010/11/03 06:35:42 | 003,181,568 | ---- | C] (Microsoft Corporation) -- D:\Windows\System32\mf.dll [2010/11/03 06:35:42 | 000,196,608 | ---- | C] (Microsoft Corporation) -- D:\Windows\System32\mfreadwrite.dll [2010/11/03 06:35:41 | 001,619,456 | ---- | C] (Microsoft Corporation) -- D:\Windows\System32\WMVDECOD.DLL [2010/11/03 06:34:40 | 000,000,000 | ---D | C] -- D:\Program Files\Common Files\Windows Live [3 D:\Windows\System32\*.tmp files -> D:\Windows\System32\*.tmp -> ] ========== Files - Modified Within 30 Days ========== [2010/11/26 06:38:38 | 000,067,584 | --S- | M] () -- D:\Windows\bootstat.dat [2010/11/26 06:03:36 | 000,704,242 | ---- | M] () -- D:\Windows\System32\perfh00C.dat [2010/11/26 06:03:36 | 000,615,810 | ---- | M] () -- D:\Windows\System32\perfh009.dat [2010/11/26 06:03:36 | 000,130,548 | ---- | M] () -- D:\Windows\System32\perfc00C.dat [2010/11/26 06:03:36 | 000,106,190 | ---- | M] () -- D:\Windows\System32\perfc009.dat [2010/11/25 03:26:10 | 000,000,029 | ---- | M] () -- D:\Windows\WDIND.INI [2010/11/25 03:26:10 | 000,000,026 | ---- | M] () -- D:\Windows\WD.INI [2010/11/25 03:15:56 | 000,015,040 | -H-- | M] () -- D:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 [2010/11/25 03:15:56 | 000,015,040 | -H-- | M] () -- D:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 [2010/11/25 03:08:40 | 2609,569,792 | -HS- | M] () -- D:\hiberfil.sys [2010/11/12 03:53:02 | 000,001,024 | ---- | M] () -- D:\.rnd [2010/11/10 21:01:31 | 000,000,753 | ---- | M] () -- D:\Windows\System32\MRT.INI [2010/11/09 04:12:18 | 000,002,577 | ---- | M] () -- D:\Windows\System32\config.nt [3 D:\Windows\System32\*.tmp files -> D:\Windows\System32\*.tmp -> ] ========== Files Created - No Company Name ========== [2010/11/25 03:26:10 | 000,000,029 | ---- | C] () -- D:\Windows\WDIND.INI [2010/11/12 03:53:01 | 000,001,024 | ---- | C] () -- D:\.rnd [2010/11/10 21:01:31 | 000,000,753 | ---- | C] () -- D:\Windows\System32\MRT.INI [2010/10/12 03:28:28 | 000,000,060 | ---- | C] () -- D:\Windows\System32\CS1504.ini [2010/10/05 06:22:54 | 000,000,026 | ---- | C] () -- D:\Windows\WD.INI [2010/09/30 10:47:37 | 000,140,288 | ---- | C] () -- D:\Windows\System32\igfxtvcx.dll [2010/09/30 10:45:23 | 000,080,416 | ---- | C] () -- D:\Windows\System32\RtNicProp32.dll [2009/07/13 19:02:54 | 000,245,248 | ---- | C] () -- D:\Windows\System32\DShowRdpFilter.dll [2009/07/13 18:51:43 | 000,073,728 | ---- | C] () -- D:\Windows\System32\BthpanContextHandler.dll [2009/07/13 18:42:10 | 000,064,000 | ---- | C] () -- D:\Windows\System32\BWContextHandler.dll ========== LOP Check ========== [2009/07/13 23:53:46 | 000,028,898 | ---- | M] () -- D:\Windows\Tasks\SCHEDLGU.TXT ========== Purity Check ========== ========== Custom Scans ========== Invalid Environment Variable: %ALLUSERSPROFILE%\Application Data\*. Invalid Environment Variable: %ALLUSERSPROFILE%\Application Data\*.exe Invalid Environment Variable: %APPDATA%\*. Invalid Environment Variable: %APPDATA%\*.exe < %SYSTEMDRIVE%\*.exe > < MD5 for: AGP440.SYS > [2009/07/13 20:26:15 | 000,053,312 | ---- | M] (Microsoft Corporation) MD5=507812C3054C21CEF746B6EE3D04DD6E -- D:\Windows\System32\drivers\AGP440.sys [2009/07/13 20:26:15 | 000,053,312 | ---- | M] (Microsoft Corporation) MD5=507812C3054C21CEF746B6EE3D04DD6E -- D:\Windows\System32\DriverStore\FileRepository\machine.inf_x86_neutral_65848c2d7375a720\AGP440.sys [2009/07/13 20:26:15 | 000,053,312 | ---- | M] (Microsoft Corporation) MD5=507812C3054C21CEF746B6EE3D04DD6E -- D:\Windows\winsxs\x86_machine.inf_31bf3856ad364e35_6.1.7600.16385_none_b9e9435f20046eeb\AGP440.sys < MD5 for: ALG.EXE > [2009/07/13 20:14:11 | 000,059,392 | ---- | M] (Microsoft Corporation) MD5=18A54E132947CD98FEA9ACCC57F98F13 -- D:\Windows\System32\alg.exe [2009/07/13 20:14:11 | 000,059,392 | ---- | M] (Microsoft Corporation) MD5=18A54E132947CD98FEA9ACCC57F98F13 -- D:\Windows\winsxs\x86_microsoft-windows-alg_31bf3856ad364e35_6.1.7600.16385_none_a8bfa843bc721ead\alg.exe < MD5 for: ATAPI.SYS > [2009/07/13 20:26:15 | 000,021,584 | ---- | M] (Microsoft Corporation) MD5=338C86357871C167A96AB976519BF59E -- D:\Windows\System32\drivers\atapi.sys [2009/07/13 20:26:15 | 000,021,584 | ---- | M] (Microsoft Corporation) MD5=338C86357871C167A96AB976519BF59E -- D:\Windows\System32\DriverStore\FileRepository\mshdc.inf_x86_neutral_f64b9c35a3a5be81\atapi.sys [2009/07/13 20:26:15 | 000,021,584 | ---- | M] (Microsoft Corporation) MD5=338C86357871C167A96AB976519BF59E -- D:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.1.7600.16385_none_dd0e7e3d82dd640d\atapi.sys < MD5 for: CDROM.SYS > [2009/07/13 18:11:26 | 000,108,544 | ---- | M] (Microsoft Corporation) MD5=BA6E70AA0E6091BC39DE29477D866A77 -- D:\Windows\System32\drivers\cdrom.sys [2009/07/13 18:11:26 | 000,108,544 | ---- | M] (Microsoft Corporation) MD5=BA6E70AA0E6091BC39DE29477D866A77 -- D:\Windows\System32\DriverStore\FileRepository\cdrom.inf_x86_neutral_db87d184bc84f910\cdrom.sys [2009/07/13 18:11:26 | 000,108,544 | ---- | M] (Microsoft Corporation) MD5=BA6E70AA0E6091BC39DE29477D866A77 -- D:\Windows\winsxs\x86_cdrom.inf_31bf3856ad364e35_6.1.7600.16385_none_5f7fb206051affbb\cdrom.sys < MD5 for: CNGAUDIT.DLL > [2009/07/13 20:15:06 | 000,012,288 | ---- | M] (Microsoft Corporation) MD5=50BA656134F78AF64E4DD3C8B6FEFD7E -- D:\Windows\System32\cngaudit.dll [2009/07/13 20:15:06 | 000,012,288 | ---- | M] (Microsoft Corporation) MD5=50BA656134F78AF64E4DD3C8B6FEFD7E -- D:\Windows\winsxs\x86_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.1.7600.16385_none_e83a414890e8132b\cngaudit.dll < MD5 for: CSRSS.EXE > [2009/07/13 20:14:16 | 000,006,144 | ---- | M] (Microsoft Corporation) MD5=342271F6142E7C70805B8A81E1BA5F5C -- D:\Windows\System32\csrss.exe [2009/07/13 20:14:16 | 000,006,144 | ---- | M] (Microsoft Corporation) MD5=342271F6142E7C70805B8A81E1BA5F5C -- D:\Windows\winsxs\x86_microsoft-windows-csrss_31bf3856ad364e35_6.1.7600.16385_none_58ba39fb456943bd\csrss.exe < MD5 for: CTFMON.EXE > [2009/07/13 20:14:16 | 000,008,704 | ---- | M] (Microsoft Corporation) MD5=4A3CDCEF8ED41B221F3DBEF5792FB52D -- D:\Windows\System32\ctfmon.exe [2009/07/13 20:14:16 | 000,008,704 | ---- | M] (Microsoft Corporation) MD5=4A3CDCEF8ED41B221F3DBEF5792FB52D -- D:\Windows\winsxs\x86_microsoft-windows-t..cesframework-ctfmon_31bf3856ad364e35_6.1.7600.16385_none_9d06e2f6f1e51f98\ctfmon.exe < MD5 for: DISK.SYS > [2009/07/13 20:20:27 | 000,057,424 | ---- | M] (Microsoft Corporation) MD5=565003F326F99802E68CA78F2A68E9FF -- D:\Windows\System32\drivers\disk.sys [2009/07/13 20:20:27 | 000,057,424 | ---- | M] (Microsoft Corporation) MD5=565003F326F99802E68CA78F2A68E9FF -- D:\Windows\System32\DriverStore\FileRepository\disk.inf_x86_neutral_b431b61a11f8df6c\disk.sys [2009/07/13 20:20:27 | 000,057,424 | ---- | M] (Microsoft Corporation) MD5=565003F326F99802E68CA78F2A68E9FF -- D:\Windows\winsxs\x86_disk.inf_31bf3856ad364e35_6.1.7600.16385_none_f99cd807d58018cb\disk.sys < MD5 for: EXPLORER.EXE > [2009/07/13 20:14:20 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=15BC38A7492BEFE831966ADB477CF76F -- D:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16385_none_518afd35db100430\explorer.exe [2009/10/31 00:45:39 | 002,614,272 | ---- | M] (Microsoft Corporation) MD5=2626FC9755BE22F805D3CFA0CE3EE727 -- D:\Windows\explorer.exe [2009/10/31 00:45:39 | 002,614,272 | ---- | M] (Microsoft Corporation) MD5=2626FC9755BE22F805D3CFA0CE3EE727 -- D:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16450_none_51a66d6ddafc2ed1\explorer.exe [2009/08/03 00:49:47 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=9FF6C4C91A3711C0A3B18F87B08B518D -- D:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20500_none_526619d4f3f142e6\explorer.exe [2009/08/03 00:35:50 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=B95EEB0F4E5EFBF1038A35B3351CF047 -- D:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16404_none_51e07e31dad00878\explorer.exe [2009/10/31 01:00:51 | 002,614,272 | ---- | M] (Microsoft Corporation) MD5=C76153C7ECA00FA852BB0C193378F917 -- D:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20563_none_52283b2af41f3691\explorer.exe < MD5 for: I8042PRT.SYS > [2009/07/13 18:11:24 | 000,080,896 | ---- | M] (Microsoft Corporation) MD5=F151F0BDC47F4A28B1B20A0818EA36D6 -- D:\Windows\System32\drivers\i8042prt.sys [2009/07/13 18:11:24 | 000,080,896 | ---- | M] (Microsoft Corporation) MD5=F151F0BDC47F4A28B1B20A0818EA36D6 -- D:\Windows\System32\DriverStore\FileRepository\keyboard.inf_x86_neutral_0c4a1880f2aa5a72\i8042prt.sys [2009/07/13 18:11:24 | 000,080,896 | ---- | M] (Microsoft Corporation) MD5=F151F0BDC47F4A28B1B20A0818EA36D6 -- D:\Windows\System32\DriverStore\FileRepository\msmouse.inf_x86_neutral_7a9084e0177406eb\i8042prt.sys [2009/07/13 18:11:24 | 000,080,896 | ---- | M] (Microsoft Corporation) MD5=F151F0BDC47F4A28B1B20A0818EA36D6 -- D:\Windows\winsxs\x86_keyboard.inf_31bf3856ad364e35_6.1.7600.16385_none_9724c3fc3a4c81ef\i8042prt.sys [2009/07/13 18:11:24 | 000,080,896 | ---- | M] (Microsoft Corporation) MD5=F151F0BDC47F4A28B1B20A0818EA36D6 -- D:\Windows\winsxs\x86_msmouse.inf_31bf3856ad364e35_6.1.7600.16385_none_4e0a61a033aec8c3\i8042prt.sys < MD5 for: IASTORV.SYS > [2009/07/13 20:20:36 | 000,332,352 | ---- | M] (Intel Corporation) MD5=934AF4D7C5F457B9F0743F4299B77B67 -- D:\Windows\System32\drivers\iaStorV.sys [2009/07/13 20:20:36 | 000,332,352 | ---- | M] (Intel Corporation) MD5=934AF4D7C5F457B9F0743F4299B77B67 -- D:\Windows\System32\DriverStore\FileRepository\iastorv.inf_x86_neutral_18cccb83b34e1453\iaStorV.sys [2009/07/13 20:20:36 | 000,332,352 | ---- | M] (Intel Corporation) MD5=934AF4D7C5F457B9F0743F4299B77B67 -- D:\Windows\winsxs\x86_iastorv.inf_31bf3856ad364e35_6.1.7600.16385_none_aee7a89be91b9000\iaStorV.sys < MD5 for: INTELIDE.SYS > [2009/07/13 20:20:36 | 000,015,424 | ---- | M] (Microsoft Corporation) MD5=A0F12F2C9BA6C72F3987CE780E77C130 -- D:\Windows\System32\drivers\intelide.sys [2009/07/13 20:20:36 | 000,015,424 | ---- | M] (Microsoft Corporation) MD5=A0F12F2C9BA6C72F3987CE780E77C130 -- D:\Windows\System32\DriverStore\FileRepository\mshdc.inf_x86_neutral_f64b9c35a3a5be81\intelide.sys [2009/07/13 20:20:36 | 000,015,424 | ---- | M] (Microsoft Corporation) MD5=A0F12F2C9BA6C72F3987CE780E77C130 -- D:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.1.7600.16385_none_dd0e7e3d82dd640d\intelide.sys < MD5 for: MOUNTMGR.SYS > [2009/07/13 20:20:44 | 000,078,416 | ---- | M] (Microsoft Corporation) MD5=921C18727C5920D6C0300736646931C2 -- D:\Windows\System32\drivers\mountmgr.sys [2009/07/13 20:20:44 | 000,078,416 | ---- | M] (Microsoft Corporation) MD5=921C18727C5920D6C0300736646931C2 -- D:\Windows\winsxs\x86_microsoft-windows-mountpointmanager_31bf3856ad364e35_6.1.7600.16385_none_f26e7ae968595905\mountmgr.sys < MD5 for: MRXSMB.SYS > [2010/02/27 02:33:23 | 000,123,392 | ---- | M] (Microsoft Corporation) MD5=DD364C196F822EDC52217E8E819C8664 -- D:\Windows\winsxs\x86_microsoft-windows-smbminirdr_31bf3856ad364e35_6.1.7600.20655_none_8011d3b3cb764ad9\mrxsmb.sys [2010/02/27 02:32:05 | 000,123,392 | ---- | M] (Microsoft Corporation) MD5=F1B6AA08497EA86CA6EF6F7A08B0BFB8 -- D:\Windows\System32\drivers\mrxsmb.sys [2010/02/27 02:32:05 | 000,123,392 | ---- | M] (Microsoft Corporation) MD5=F1B6AA08497EA86CA6EF6F7A08B0BFB8 -- D:\Windows\winsxs\x86_microsoft-windows-smbminirdr_31bf3856ad364e35_6.1.7600.16539_none_7fa1d7e8b244d889\mrxsmb.sys [2009/07/13 18:14:26 | 000,123,392 | ---- | M] (Microsoft Corporation) MD5=F4A054BE78AF7F410129C4B64B07DC9B -- D:\Windows\winsxs\x86_microsoft-windows-smbminirdr_31bf3856ad364e35_6.1.7600.16385_none_7f67c358b2710494\mrxsmb.sys < MD5 for: MRXSMB10.SYS > [2010/02/27 02:32:26 | 000,221,696 | ---- | M] (Microsoft Corporation) MD5=5613358B4050F46F5A9832DA8050D6E4 -- D:\Windows\System32\drivers\mrxsmb10.sys [2010/02/27 02:32:26 | 000,221,696 | ---- | M] (Microsoft Corporation) MD5=5613358B4050F46F5A9832DA8050D6E4 -- D:\Windows\winsxs\x86_microsoft-windows-smb10-minirdr_31bf3856ad364e35_6.1.7600.16539_none_88b4f63cac9616eb\mrxsmb10.sys [2010/02/27 02:33:51 | 000,221,696 | ---- | M] (Microsoft Corporation) MD5=9B4728B57E1D73AFE9A2D7DEF4845CC9 -- D:\Windows\winsxs\x86_microsoft-windows-smb10-minirdr_31bf3856ad364e35_6.1.7600.20655_none_8924f207c5c7893b\mrxsmb10.sys [2009/07/13 18:14:37 | 000,221,184 | ---- | M] (Microsoft Corporation) MD5=DEFFA295BD1895C6ED8E3078412AC60B -- D:\Windows\winsxs\x86_microsoft-windows-smb10-minirdr_31bf3856ad364e35_6.1.7600.16385_none_887ae1acacc242f6\mrxsmb10.sys < MD5 for: MRXSMB20.SYS > [2009/07/13 18:14:31 | 000,095,744 | ---- | M] (Microsoft Corporation) MD5=24D76ABE5DCAD22F19D105F76FDF0CE1 -- D:\Windows\winsxs\x86_microsoft-windows-smb20-minirdr_31bf3856ad364e35_6.1.7600.16385_none_8ab14bbeeb197667\mrxsmb20.sys [2010/02/27 02:32:12 | 000,095,744 | ---- | M] (Microsoft Corporation) MD5=25C9792778D80FEB4C8201E62281BFDF -- D:\Windows\System32\drivers\mrxsmb20.sys [2010/02/27 02:32:12 | 000,095,744 | ---- | M] (Microsoft Corporation) MD5=25C9792778D80FEB4C8201E62281BFDF -- D:\Windows\winsxs\x86_microsoft-windows-smb20-minirdr_31bf3856ad364e35_6.1.7600.16539_none_8aeb604eeaed4a5c\mrxsmb20.sys [2010/02/27 02:33:35 | 000,095,744 | ---- | M] (Microsoft Corporation) MD5=9EC8EC45AF834C00CA5E7431729A2A6E -- D:\Windows\winsxs\x86_microsoft-windows-smb20-minirdr_31bf3856ad364e35_6.1.7600.20655_none_8b5b5c1a041ebcac\mrxsmb20.sys < MD5 for: NDIS.SYS > [2009/07/13 20:20:44 | 000,710,720 | ---- | M] (Microsoft Corporation) MD5=23759D175A0A9BAAF04D05047BC135A8 -- D:\Windows\System32\drivers\ndis.sys [2009/07/13 20:20:44 | 000,710,720 | ---- | M] (Microsoft Corporation) MD5=23759D175A0A9BAAF04D05047BC135A8 -- D:\Windows\winsxs\x86_microsoft-windows-ndis_31bf3856ad364e35_6.1.7600.16385_none_a79d81ea7d62a289\ndis.sys < MD5 for: NETLOGON.DLL > [2009/07/13 20:16:02 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=EAA75D9000B71F10EEC04D2AE6C60E81 -- D:\Windows\System32\netlogon.dll [2009/07/13 20:16:02 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=EAA75D9000B71F10EEC04D2AE6C60E81 -- D:\Windows\winsxs\x86_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7600.16385_none_fd8e0d66994d7dc8\netlogon.dll < MD5 for: NVSTOR.SYS > [2009/07/13 20:20:44 | 000,142,416 | ---- | M] (NVIDIA Corporation) MD5=C99F251A5DE63C6F129CF71933ACED0F -- D:\Windows\System32\drivers\nvstor.sys [2009/07/13 20:20:44 | 000,142,416 | ---- | M] (NVIDIA Corporation) MD5=C99F251A5DE63C6F129CF71933ACED0F -- D:\Windows\System32\DriverStore\FileRepository\nvraid.inf_x86_neutral_5bde3fe2945bce9e\nvstor.sys [2009/07/13 20:20:44 | 000,142,416 | ---- | M] (NVIDIA Corporation) MD5=C99F251A5DE63C6F129CF71933ACED0F -- D:\Windows\winsxs\x86_nvraid.inf_31bf3856ad364e35_6.1.7600.16385_none_39b1194b205239d8\nvstor.sys < MD5 for: RASACD.SYS > [2009/07/13 18:54:40 | 000,011,776 | ---- | M] (Microsoft Corporation) MD5=30A81B53C766D0133BB86D234E5556AB -- D:\Windows\System32\drivers\rasacd.sys [2009/07/13 18:54:40 | 000,011,776 | ---- | M] (Microsoft Corporation) MD5=30A81B53C766D0133BB86D234E5556AB -- D:\Windows\winsxs\x86_microsoft-windows-rasautodial_31bf3856ad364e35_6.1.7600.16385_none_0fb054d9c6a6b4d4\rasacd.sys < MD5 for: RDPCDD.SYS > [2009/07/13 19:01:40 | 000,006,656 | ---- | M] (Microsoft Corporation) MD5=1E016846895B15A99F9A176A05029075 -- D:\Windows\System32\drivers\RDPCDD.sys [2009/07/13 19:01:40 | 000,006,656 | ---- | M] (Microsoft Corporation) MD5=1E016846895B15A99F9A176A05029075 -- D:\Windows\winsxs\x86_microsoft-windows-t..niportdisplaydriver_31bf3856ad364e35_6.1.7600.16385_none_d4b17a3e9f928d55\RDPCDD.sys < MD5 for: SCECLI.DLL > [2009/07/13 20:16:13 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=26073302DAEA83CC5B944C546D6B47D2 -- D:\Windows\System32\scecli.dll [2009/07/13 20:16:13 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=26073302DAEA83CC5B944C546D6B47D2 -- D:\Windows\winsxs\x86_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7600.16385_none_37e4387f3a6f0483\scecli.dll < MD5 for: SERVICES.EXE > [2009/07/13 20:14:36 | 000,259,072 | ---- | M] (Microsoft Corporation) MD5=5F1B6A9C35D3D5CA72D6D6FDEF9747D6 -- D:\Windows\System32\services.exe [2009/07/13 20:14:36 | 000,259,072 | ---- | M] (Microsoft Corporation) MD5=5F1B6A9C35D3D5CA72D6D6FDEF9747D6 -- D:\Windows\winsxs\x86_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.1.7600.16385_none_cf36168b2e9c967b\services.exe < MD5 for: SMSS.EXE > [2009/07/13 20:14:39 | 000,069,632 | ---- | M] (Microsoft Corporation) MD5=16742790895960690237A5143CEDEC8B -- D:\Windows\System32\smss.exe [2009/07/13 20:14:39 | 000,069,632 | ---- | M] (Microsoft Corporation) MD5=16742790895960690237A5143CEDEC8B -- D:\Windows\winsxs\x86_microsoft-windows-smss_31bf3856ad364e35_6.1.7600.16385_none_ac10fe207a85352b\smss.exe < MD5 for: SPOOLSV.EXE > [2010/08/19 23:25:14 | 000,316,928 | ---- | M] (Microsoft Corporation) MD5=2FB4CE429488156B19C0D8E5C4552043 -- D:\Windows\winsxs\x86_microsoft-windows-printing-spooler-core_31bf3856ad364e35_6.1.7600.20785_none_d6ab9bc23bf9f1c6\spoolsv.exe [2009/07/13 20:14:41 | 000,316,416 | ---- | M] (Microsoft Corporation) MD5=49B6DD6AB3715B7A67965F17194E98A9 -- D:\Windows\winsxs\x86_microsoft-windows-printing-spooler-core_31bf3856ad364e35_6.1.7600.16385_none_d621f94522dc5a87\spoolsv.exe [2010/08/21 00:32:37 | 000,316,928 | ---- | M] (Microsoft Corporation) MD5=D1BB750EB51694DE183E08B9C33BE5B2 -- D:\Windows\System32\spoolsv.exe [2010/08/21 00:32:37 | 000,316,928 | ---- | M] (Microsoft Corporation) MD5=D1BB750EB51694DE183E08B9C33BE5B2 -- D:\Windows\winsxs\x86_microsoft-windows-printing-spooler-core_31bf3856ad364e35_6.1.7600.16661_none_d6339da722cfb4be\spoolsv.exe < MD5 for: STORPORT.SYS > [2009/07/13 20:19:04 | 000,144,960 | ---- | M] (Microsoft Corporation) MD5=55DCA8693ED545FD7F2F93776E294AE2 -- D:\Windows\System32\drivers\storport.sys [2009/07/13 20:19:04 | 000,144,960 | ---- | M] (Microsoft Corporation) MD5=55DCA8693ED545FD7F2F93776E294AE2 -- D:\Windows\winsxs\x86_microsoft-windows-storport_31bf3856ad364e35_6.1.7600.16385_none_2752a4cc91827b44\storport.sys < MD5 for: SVCHOST.EXE > [2009/07/13 20:14:41 | 000,020,992 | ---- | M] (Microsoft Corporation) MD5=54A47F6B5E09A77E61649109C6A08866 -- D:\Windows\System32\svchost.exe [2009/07/13 20:14:41 | 000,020,992 | ---- | M] (Microsoft Corporation) MD5=54A47F6B5E09A77E61649109C6A08866 -- D:\Windows\winsxs\x86_microsoft-windows-services-svchost_31bf3856ad364e35_6.1.7600.16385_none_b591afc466a15356\svchost.exe < MD5 for: TCPIP.SYS > [2009/07/13 20:19:10 | 001,285,712 | ---- | M] (Microsoft Corporation) MD5=2CC3D75488ABD3EC628BBB9A4FC84EFC -- D:\Windows\winsxs\x86_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.1.7600.16385_none_b2f46875c7b9d667\tcpip.sys [2010/06/14 01:06:58 | 001,288,576 | ---- | M] (Microsoft Corporation) MD5=A39EA325C081AD27461F630C8E3E56E0 -- D:\Windows\winsxs\x86_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.1.7600.20733_none_b3b219fae0b0af43\tcpip.sys [2010/06/14 01:12:30 | 001,286,016 | ---- | M] (Microsoft Corporation) MD5=BB7F39C31C4A4417FD318E7CD184E225 -- D:\Windows\System32\drivers\tcpip.sys [2010/06/14 01:12:30 | 001,286,016 | ---- | M] (Microsoft Corporation) MD5=BB7F39C31C4A4417FD318E7CD184E225 -- D:\Windows\winsxs\x86_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.1.7600.16610_none_b33b1c29c7858b92\tcpip.sys < MD5 for: TERMDD.SYS > [2009/07/13 20:19:10 | 000,051,776 | ---- | M] (Microsoft Corporation) MD5=C36F41EE20E6999DBF4B0425963268A5 -- D:\Windows\System32\drivers\termdd.sys [2009/07/13 20:19:10 | 000,051,776 | ---- | M] (Microsoft Corporation) MD5=C36F41EE20E6999DBF4B0425963268A5 -- D:\Windows\System32\DriverStore\FileRepository\machine.inf_x86_neutral_65848c2d7375a720\termdd.sys [2009/07/13 20:19:10 | 000,051,776 | ---- | M] (Microsoft Corporation) MD5=C36F41EE20E6999DBF4B0425963268A5 -- D:\Windows\winsxs\x86_machine.inf_31bf3856ad364e35_6.1.7600.16385_none_b9e9435f20046eeb\termdd.sys < MD5 for: USERINIT.EXE > [2009/07/13 20:14:43 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=6DE80F60D7DE9CE6B8C2DDFDF79EF175 -- D:\Windows\System32\userinit.exe [2009/07/13 20:14:43 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=6DE80F60D7DE9CE6B8C2DDFDF79EF175 -- D:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7600.16385_none_dbff103933038d7c\userinit.exe < MD5 for: WIN32K.SYS > [2010/06/18 23:13:29 | 002,327,552 | ---- | M] (Microsoft Corporation) MD5=2DD6DCA5E68661380FC13F73D854618A -- D:\Windows\winsxs\x86_microsoft-windows-win32k_31bf3856ad364e35_6.1.7600.20738_none_b98c82d514ccb6c0\win32k.sys [2009/07/13 18:26:52 | 002,326,528 | ---- | M] (Microsoft Corporation) MD5=34999766FBCAB11BA5C4D26CE0378903 -- D:\Windows\winsxs\x86_microsoft-windows-win32k_31bf3856ad364e35_6.1.7600.16385_none_b8c9cfddfbda5f31\win32k.sys [2010/08/31 21:34:52 | 002,327,552 | ---- | M] (Microsoft Corporation) MD5=B1CA529E534D6B1607D5ABDAE570744F -- D:\Windows\System32\win32k.sys [2010/08/31 21:34:52 | 002,327,552 | ---- | M] (Microsoft Corporation) MD5=B1CA529E534D6B1607D5ABDAE570744F -- D:\Windows\winsxs\x86_microsoft-windows-win32k_31bf3856ad364e35_6.1.7600.16667_none_b8e175fbfbc85172\win32k.sys [2010/09/01 01:16:51 | 002,328,064 | ---- | M] (Microsoft Corporation) MD5=C78BEE7964C8D99180B9D19EDF6F53CE -- D:\Windows\winsxs\x86_microsoft-windows-win32k_31bf3856ad364e35_6.1.7600.20792_none_b945a1911502c65c\win32k.sys [2010/06/18 23:07:18 | 002,326,016 | ---- | M] (Microsoft Corporation) MD5=F97031D1F370E3A82F2B684BB426CF87 -- D:\Windows\winsxs\x86_microsoft-windows-win32k_31bf3856ad364e35_6.1.7600.16617_none_b9178597fb9fc5bd\win32k.sys < MD5 for: WININIT.EXE > [2009/07/13 20:14:45 | 000,096,256 | ---- | M] (Microsoft Corporation) MD5=B5C5DCAD3899512020D135600129D665 -- D:\Windows\System32\wininit.exe [2009/07/13 20:14:45 | 000,096,256 | ---- | M] (Microsoft Corporation) MD5=B5C5DCAD3899512020D135600129D665 -- D:\Windows\winsxs\x86_microsoft-windows-wininit_31bf3856ad364e35_6.1.7600.16385_none_30c90ef265a43c13\wininit.exe < MD5 for: WINLOGON.EXE > [2009/10/28 01:17:59 | 000,285,696 | ---- | M] (Microsoft Corporation) MD5=37CDB7E72EB66BA85A87CBE37E7F03FD -- D:\Windows\System32\winlogon.exe [2009/10/28 01:17:59 | 000,285,696 | ---- | M] (Microsoft Corporation) MD5=37CDB7E72EB66BA85A87CBE37E7F03FD -- D:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16447_none_6fc699643622d177\winlogon.exe [2009/10/28 00:52:08 | 000,285,696 | ---- | M] (Microsoft Corporation) MD5=3BABE6767C78FBF5FB8435FEED187F30 -- D:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.20560_none_703394514f56f7c2\winlogon.exe [2009/07/13 20:14:45 | 000,285,696 | ---- | M] (Microsoft Corporation) MD5=8EC6A4AB12B8F3759E21F8E3A388F2CF -- D:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16385_none_6f99573a36451166\winlogon.exe < %systemroot%\*. /mp /s > < %systemroot%\system32\*.dll /lockedfiles > [2009/07/13 20:15:21 | 000,828,928 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- D:\Windows\System32\fontext.dll [2010/07/27 09:03:24 | 012,867,584 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- D:\Windows\System32\shell32.dll [3 D:\Windows\system32\*.tmp files -> D:\Windows\system32\*.tmp -> ] < %systemroot%\Tasks\*.job /lockedfiles > < %systemroot%\system32\drivers\*.sys /lockedfiles > < %systemroot%\System32\config\*.sav > < CREATERESTOREPOINT > < End of report > Merci pour ton aide ! et à très bientôt, comme je ne peux accéder au pc qu'entre 12h et 14h, je ne pourrais faire la suite que demain ou lundi...
  6. riondu
    Merci de ta réponse, j'ai accès au pc demain midi pour faire tout ça, je posterais donc le rapport en début d'après midi Bonne soirée
  7. riondu
    Bonjour à tous, je viens ici dans l'espoir de trouver de l'aide pour éradiquer w32 tenga sur le pc d'un de mes clients. Le ver a été détecté la première fois avec Antivir, qui m'a gentiment mis (au fur et à mesure des infections) tous les .exe qui étaient infectés en quarantaine. Après moultes tentatives de nettoyage, installation, MAJ puis scan de Avast (euh oui, je sais.... en même temps Antivir n'a pas fait mieux non plus...), passage de Vcleaner,et j'en passe, la chose est toujours là. Je précise que les exécutables infestés sont bien sur ceux dont mes clients se servent le plus, et que s'agissant d'un pc d'entreprise, j'ai des contraintes dues au logiciel de gestion installé : pas de pare feu, mais malgré tout une connexion wifi qui permet le passage de commandes via internet, ainsi que la maintenance du dit logiciel.(je sais, c'est pas top, mais si je mets un pare feu le logiciel de gestion se met à bugger...- d'où les quelques traces de ZA que le rapport ci dessous indique.) Autre énorme inconvénient : la sauvegarde complète des dossiers clients du logiciel de gestion se fait par une copie du répertoire de celui-ci. J'ai donc peur de réinfecter tout ça même en réinstallant. Voilà, après cette petite introduction qui j'espère vous éclairera, un rapport de notre ami hijackthis passé en mode sans échec, avec clé wifi et ethernet débranchés. Logfile of Trend Micro HijackThis v2.0.4 Scan saved at 13:41:13, on 24/11/2010 Platform: Windows 7 (WinNT 6.00.3504) MSIE: Internet Explorer v8.00 (8.00.7600.16671) Boot mode: Safe mode Running processes: C:\Windows\Explorer.EXE C:\Windows\system32\ctfmon.exe C:\Users\Carles\Desktop\HijackThis.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = Bing R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = Google R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = MSN : Hotmail, Messenger, Bing, Actualité et Sport R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = Bing R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = Bing R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = MSN : Hotmail, Messenger, Bing, Actualité et Sport R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll O2 - BHO: ZoneAlarm Toolbar Registrar - {8A4A36C2-0535-4D2C-BD3D-496CB7EED6E3} - C:\Program Files\CheckPoint\ZAForceField\TrustChecker\bin\TrustCheckerIEPlugin.dll (file missing) O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll O3 - Toolbar: ZoneAlarm Toolbar - {EE2AC4E5-B0B0-4EC6-88A9-BCA1A32AB107} - C:\Program Files\CheckPoint\ZAForceField\TrustChecker\bin\TrustCheckerIEPlugin.dll (file missing) O4 - HKLM\..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe -s O4 - HKLM\..\Run: [igfxTray] C:\Windows\system32\igfxtray.exe O4 - HKLM\..\Run: [HotKeysCmds] C:\Windows\system32\hkcmd.exe O4 - HKLM\..\Run: [Persistence] C:\Windows\system32\igfxpers.exe O4 - HKLM\..\Run: [ZoneAlarm Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe" O4 - HKLM\..\Run: [iSW] "C:\Program Files\CheckPoint\ZAForceField\ForceField.exe" /icon="hidden" O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe" O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" O4 - HKLM\..\Run: [avast5] "C:\Program Files\Alwil Software\Avast5\avastUI.exe" /nogui O4 - HKLM\..\Run: [LogMeIn GUI] "C:\Program Files\LogMeIn\x86\LogMeInSystray.exe" O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe" O4 - HKUS\S-1-5-19\..\Run: [sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'SERVICE LOCAL') O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'SERVICE LOCAL') O4 - HKUS\S-1-5-20\..\Run: [sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'SERVICE RÉSEAU') O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'SERVICE RÉSEAU') O4 - Startup: OpenOffice.org 3.2.lnk = C:\Program Files\OpenOffice.org 3\program\quickstart.exe O4 - Global Startup: Canon LBP3000 Fenêtre d'état.lnk = C:\Windows\System32\spool\drivers\w32x86\3\CNAB3LAK.EXE O10 - Unknown file in Winsock LSP: c:\program files\common files\microsoft shared\windows live\wlidnsp.dll O10 - Unknown file in Winsock LSP: c:\program files\common files\microsoft shared\windows live\wlidnsp.dll O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab O23 - Service: @%SystemRoot%\system32\aelupsvc.dll,-1 (AeLookupSvc) - Unknown owner - C:\Windows\system32\svchost.exe O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe O23 - Service: @%systemroot%\system32\appidsvc.dll,-100 (AppIDSvc) - Unknown owner - C:\Windows\system32\svchost.exe O23 - Service: @%systemroot%\system32\appinfo.dll,-100 (Appinfo) - Unknown owner - C:\Windows\system32\svchost.exe O23 - Service: @appmgmts.dll,-3250 (AppMgmt) - Unknown owner - C:\Windows\system32\svchost.exe O23 - Service: @%SystemRoot%\system32\audiosrv.dll,-204 (AudioEndpointBuilder) - Unknown owner - C:\Windows\System32\svchost.exe O23 - Service: @%SystemRoot%\system32\audiosrv.dll,-200 (Audiosrv) - Unknown owner - C:\Windows\System32\svchost.exe O23 - Service: avast! Antivirus - AVAST Software - C:\Program Files\Alwil Software\Avast5\AvastSvc.exe O23 - Service: avast! Mail Scanner - AVAST Software - C:\Program Files\Alwil Software\Avast5\AvastSvc.exe O23 - Service: avast! Web Scanner - AVAST Software - C:\Program Files\Alwil Software\Avast5\AvastSvc.exe O23 - Service: @%SystemRoot%\system32\AxInstSV.dll,-103 (AxInstSV) - Unknown owner - C:\Windows\system32\svchost.exe O23 - Service: @%SystemRoot%\system32\bdesvc.dll,-100 (BDESVC) - Unknown owner - C:\Windows\System32\svchost.exe O23 - Service: @%SystemRoot%\system32\bfe.dll,-1001 (BFE) - Unknown owner - C:\Windows\system32\svchost.exe O23 - Service: @%SystemRoot%\system32\qmgr.dll,-1000 (BITS) - Unknown owner - C:\Windows\System32\svchost.exe O23 - Service: @%systemroot%\system32\browser.dll,-100 (Browser) - Unknown owner - C:\Windows\System32\svchost.exe O23 - Service: @%SystemRoot%\System32\bthserv.dll,-101 (bthserv) - Unknown owner - C:\Windows\system32\svchost.exe O23 - Service: @%SystemRoot%\System32\certprop.dll,-11 (CertPropSvc) - Unknown owner - C:\Windows\system32\svchost.exe O23 - Service: @%SystemRoot%\system32\cryptsvc.dll,-1001 (CryptSvc) - Unknown owner - C:\Windows\system32\svchost.exe O23 - Service: @%systemroot%\system32\cscsvc.dll,-200 (CscService) - Unknown owner - C:\Windows\System32\svchost.exe O23 - Service: @oleres.dll,-5012 (DcomLaunch) - Unknown owner - C:\Windows\system32\svchost.exe O23 - Service: @%SystemRoot%\system32\defragsvc.dll,-101 (defragsvc) - Unknown owner - C:\Windows\system32\svchost.exe O23 - Service: @%SystemRoot%\system32\dhcpcore.dll,-100 (Dhcp) - Unknown owner - C:\Windows\system32\svchost.exe O23 - Service: @%SystemRoot%\System32\dnsapi.dll,-101 (Dnscache) - Unknown owner - C:\Windows\system32\svchost.exe O23 - Service: @%systemroot%\system32\dot3svc.dll,-1102 (dot3svc) - Unknown owner - C:\Windows\system32\svchost.exe O23 - Service: @%systemroot%\system32\dps.dll,-500 (DPS) - Unknown owner - C:\Windows\System32\svchost.exe O23 - Service: @%systemroot%\system32\eapsvc.dll,-1 (EapHost) - Unknown owner - C:\Windows\System32\svchost.exe O23 - Service: @%SystemRoot%\ehome\ehrecvr.exe,-101 (ehRecvr) - Unknown owner - C:\Windows\ehome\ehRecvr.exe O23 - Service: @%SystemRoot%\ehome\ehsched.exe,-101 (ehSched) - Unknown owner - C:\Windows\ehome\ehsched.exe O23 - Service: @%SystemRoot%\system32\wevtsvc.dll,-200 (eventlog) - Unknown owner - C:\Windows\System32\svchost.exe O23 - Service: @comres.dll,-2450 (EventSystem) - Unknown owner - C:\Windows\system32\svchost.exe O23 - Service: @%systemroot%\system32\fdPHost.dll,-100 (fdPHost) - Unknown owner - C:\Windows\system32\svchost.exe O23 - Service: @%systemroot%\system32\fdrespub.dll,-100 (FDResPub) - Unknown owner - C:\Windows\system32\svchost.exe O23 - Service: @%systemroot%\system32\FntCache.dll,-100 (FontCache) - Unknown owner - C:\Windows\system32\svchost.exe O23 - Service: @gpapi.dll,-112 (gpsvc) - Unknown owner - C:\Windows\system32\svchost.exe O23 - Service: Sentinel HASP License Manager (hasplms) - SafeNet Inc. - C:\Windows\system32\hasplms.exe O23 - Service: @%SystemRoot%\System32\hidserv.dll,-101 (hidserv) - Unknown owner - C:\Windows\system32\svchost.exe O23 - Service: @%SystemRoot%\system32\kmsvc.dll,-6 (hkmsvc) - Unknown owner - C:\Windows\System32\svchost.exe O23 - Service: @%SystemRoot%\System32\ListSvc.dll,-100 (HomeGroupListener) - Unknown owner - C:\Windows\System32\svchost.exe O23 - Service: @%SystemRoot%\System32\provsvc.dll,-100 (HomeGroupProvider) - Unknown owner - C:\Windows\System32\svchost.exe O23 - Service: @%SystemRoot%\system32\ikeext.dll,-501 (IKEEXT) - Unknown owner - C:\Windows\system32\svchost.exe O23 - Service: @%systemroot%\system32\IPBusEnum.dll,-102 (IPBusEnum) - Unknown owner - C:\Windows\system32\svchost.exe O23 - Service: @%SystemRoot%\system32\iphlpsvc.dll,-500 (iphlpsvc) - Unknown owner - C:\Windows\System32\svchost.exe O23 - Service: ZoneAlarm Toolbar IswSvc (IswSvc) - Unknown owner - C:\Program Files\CheckPoint\ZAForceField\IswSvc.exe (file missing) O23 - Service: @comres.dll,-2946 (KtmRm) - Unknown owner - C:\Windows\System32\svchost.exe O23 - Service: @%systemroot%\system32\srvsvc.dll,-100 (LanmanServer) - Unknown owner - C:\Windows\system32\svchost.exe O23 - Service: @%systemroot%\system32\wkssvc.dll,-100 (LanmanWorkstation) - Unknown owner - C:\Windows\System32\svchost.exe O23 - Service: @%SystemRoot%\system32\lltdres.dll,-1 (lltdsvc) - Unknown owner - C:\Windows\System32\svchost.exe O23 - Service: @%SystemRoot%\system32\lmhsvc.dll,-101 (lmhosts) - Unknown owner - C:\Windows\system32\svchost.exe O23 - Service: LMIGuardianSvc - LogMeIn, Inc. - C:\Program Files\LogMeIn\x86\LMIGuardianSvc.exe O23 - Service: LogMeIn Maintenance Service (LMIMaint) - LogMeIn, Inc. - C:\Program Files\LogMeIn\x86\RaMaint.exe O23 - Service: LogMeIn - LogMeIn, Inc. - C:\Program Files\LogMeIn\x86\LogMeIn.exe O23 - Service: @%systemroot%\system32\mmcss.dll,-100 (MMCSS) - Unknown owner - C:\Windows\system32\svchost.exe O23 - Service: @%SystemRoot%\system32\FirewallAPI.dll,-23090 (MpsSvc) - Unknown owner - C:\Windows\system32\svchost.exe O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe O23 - Service: @%SystemRoot%\system32\iscsidsc.dll,-5000 (MSiSCSI) - Unknown owner - C:\Windows\system32\svchost.exe O23 - Service: @%SystemRoot%\system32\msimsg.dll,-27 (msiserver) - Unknown owner - C:\Windows\system32\msiexec.exe O23 - Service: @%SystemRoot%\system32\qagentrt.dll,-6 (napagent) - Unknown owner - C:\Windows\System32\svchost.exe O23 - Service: @%SystemRoot%\system32\netman.dll,-109 (Netman) - Unknown owner - C:\Windows\System32\svchost.exe O23 - Service: @%SystemRoot%\system32\netprofm.dll,-202 (netprofm) - Unknown owner - C:\Windows\System32\svchost.exe O23 - Service: @%SystemRoot%\System32\nlasvc.dll,-1 (NlaSvc) - Unknown owner - C:\Windows\System32\svchost.exe O23 - Service: @%SystemRoot%\system32\nsisvc.dll,-200 (nsi) - Unknown owner - C:\Windows\system32\svchost.exe O23 - Service: @%SystemRoot%\system32\pnrpsvc.dll,-8004 (p2pimsvc) - Unknown owner - C:\Windows\System32\svchost.exe O23 - Service: @%SystemRoot%\system32\p2psvc.dll,-8006 (p2psvc) - Unknown owner - C:\Windows\System32\svchost.exe O23 - Service: @%SystemRoot%\system32\pcasvc.dll,-1 (PcaSvc) - Unknown owner - C:\Windows\system32\svchost.exe O23 - Service: @%SystemRoot%\system32\peerdistsvc.dll,-9000 (PeerDistSvc) - Unknown owner - C:\Windows\System32\svchost.exe O23 - Service: @%systemroot%\system32\pla.dll,-500 (pla) - Unknown owner - C:\Windows\System32\svchost.exe O23 - Service: @%SystemRoot%\system32\umpnpmgr.dll,-100 (PlugPlay) - Unknown owner - C:\Windows\system32\svchost.exe O23 - Service: @%SystemRoot%\system32\pnrpauto.dll,-8002 (PNRPAutoReg) - Unknown owner - C:\Windows\System32\svchost.exe O23 - Service: @%SystemRoot%\system32\pnrpsvc.dll,-8000 (PNRPsvc) - Unknown owner - C:\Windows\System32\svchost.exe O23 - Service: @%SystemRoot%\System32\polstore.dll,-5010 (PolicyAgent) - Unknown owner - C:\Windows\system32\svchost.exe O23 - Service: @%SystemRoot%\system32\umpo.dll,-100 (Power) - Unknown owner - C:\Windows\system32\svchost.exe O23 - Service: @%systemroot%\system32\profsvc.dll,-300 (ProfSvc) - Unknown owner - C:\Windows\system32\svchost.exe O23 - Service: @%SystemRoot%\system32\qwave.dll,-1 (QWAVE) - Unknown owner - C:\Windows\system32\svchost.exe O23 - Service: @%Systemroot%\system32\rasauto.dll,-200 (RasAuto) - Unknown owner - C:\Windows\System32\svchost.exe O23 - Service: @%Systemroot%\system32\rasmans.dll,-200 (RasMan) - Unknown owner - C:\Windows\System32\svchost.exe O23 - Service: @regsvc.dll,-1 (RemoteRegistry) - Unknown owner - C:\Windows\system32\svchost.exe O23 - Service: @%windir%\system32\RpcEpMap.dll,-1001 (RpcEptMapper) - Unknown owner - C:\Windows\system32\svchost.exe O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe O23 - Service: @oleres.dll,-5010 (RpcSs) - Unknown owner - C:\Windows\system32\svchost.exe O23 - Service: @%SystemRoot%\System32\SCardSvr.dll,-1 (SCardSvr) - Unknown owner - C:\Windows\system32\svchost.exe O23 - Service: @%SystemRoot%\system32\schedsvc.dll,-100 (Schedule) - Unknown owner - C:\Windows\system32\svchost.exe O23 - Service: @%SystemRoot%\System32\certprop.dll,-13 (SCPolicySvc) - Unknown owner - C:\Windows\system32\svchost.exe O23 - Service: @%SystemRoot%\system32\sdrsvc.dll,-107 (SDRSVC) - Unknown owner - C:\Windows\system32\svchost.exe O23 - Service: @%SystemRoot%\system32\seclogon.dll,-7001 (seclogon) - Unknown owner - C:\Windows\system32\svchost.exe O23 - Service: @%SystemRoot%\system32\Sens.dll,-200 (SENS) - Unknown owner - C:\Windows\system32\svchost.exe O23 - Service: @%SystemRoot%\System32\sensrsvc.dll,-1000 (SensrSvc) - Unknown owner - C:\Windows\system32\svchost.exe O23 - Service: @%SystemRoot%\System32\SessEnv.dll,-1026 (SessionEnv) - Unknown owner - C:\Windows\System32\svchost.exe O23 - Service: @%SystemRoot%\system32\ipnathlp.dll,-106 (SharedAccess) - Unknown owner - C:\Windows\System32\svchost.exe O23 - Service: @%SystemRoot%\System32\shsvcs.dll,-12288 (ShellHWDetection) - Unknown owner - C:\Windows\System32\svchost.exe O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe O23 - Service: @%SystemRoot%\system32\sppuinotify.dll,-103 (sppuinotify) - Unknown owner - C:\Windows\system32\svchost.exe O23 - Service: @%systemroot%\system32\ssdpsrv.dll,-100 (SSDPSRV) - Unknown owner - C:\Windows\system32\svchost.exe O23 - Service: @%SystemRoot%\system32\sstpsvc.dll,-200 (SstpSvc) - Unknown owner - C:\Windows\system32\svchost.exe O23 - Service: @%SystemRoot%\system32\wiaservc.dll,-9 (StiSvc) - Unknown owner - C:\Windows\system32\svchost.exe O23 - Service: @%SystemRoot%\System32\StorSvc.dll,-100 (StorSvc) - Unknown owner - C:\Windows\System32\svchost.exe O23 - Service: @%SystemRoot%\System32\swprv.dll,-103 (swprv) - Unknown owner - C:\Windows\System32\svchost.exe O23 - Service: @%SystemRoot%\system32\sysmain.dll,-1000 (SysMain) - Unknown owner - C:\Windows\system32\svchost.exe O23 - Service: @%SystemRoot%\system32\TabSvc.dll,-100 (TabletInputService) - Unknown owner - C:\Windows\System32\svchost.exe O23 - Service: @%SystemRoot%\system32\tapisrv.dll,-10100 (TapiSrv) - Unknown owner - C:\Windows\System32\svchost.exe O23 - Service: @%SystemRoot%\system32\tbssvc.dll,-100 (TBS) - Unknown owner - C:\Windows\System32\svchost.exe O23 - Service: @%SystemRoot%\System32\termsrv.dll,-268 (TermService) - Unknown owner - C:\Windows\System32\svchost.exe O23 - Service: @%SystemRoot%\System32\themeservice.dll,-8192 (Themes) - Unknown owner - C:\Windows\System32\svchost.exe O23 - Service: @%systemroot%\system32\mmcss.dll,-102 (THREADORDER) - Unknown owner - C:\Windows\system32\svchost.exe O23 - Service: @%SystemRoot%\system32\trkwks.dll,-1 (TrkWks) - Unknown owner - C:\Windows\System32\svchost.exe O23 - Service: @%SystemRoot%\servicing\TrustedInstaller.exe,-100 (TrustedInstaller) - Unknown owner - C:\Windows\servicing\TrustedInstaller.exe O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe O23 - Service: @%SystemRoot%\system32\umrdp.dll,-1000 (UmRdpService) - Unknown owner - C:\Windows\System32\svchost.exe O23 - Service: @%systemroot%\system32\upnphost.dll,-213 (upnphost) - Unknown owner - C:\Windows\system32\svchost.exe O23 - Service: @%SystemRoot%\system32\dwm.exe,-2000 (UxSms) - Unknown owner - C:\Windows\System32\svchost.exe O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe O23 - Service: @%SystemRoot%\system32\w32time.dll,-200 (W32Time) - Unknown owner - C:\Windows\system32\svchost.exe O23 - Service: wampapache - Apache Software Foundation - c:\wamp\bin\apache\apache2.2.11\bin\httpd.exe O23 - Service: wampmysqld - Unknown owner - c:\wamp\bin\mysql\mysql5.1.36\bin\mysqld.exe O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe O23 - Service: @%systemroot%\system32\wbiosrvc.dll,-100 (WbioSrvc) - Unknown owner - C:\Windows\system32\svchost.exe O23 - Service: @%SystemRoot%\system32\wcncsvc.dll,-3 (wcncsvc) - Unknown owner - C:\Windows\System32\svchost.exe O23 - Service: @%SystemRoot%\system32\WcsPlugInService.dll,-200 (WcsPlugInService) - Unknown owner - C:\Windows\system32\svchost.exe O23 - Service: @%systemroot%\system32\wdi.dll,-502 (WdiServiceHost) - Unknown owner - C:\Windows\System32\svchost.exe O23 - Service: @%systemroot%\system32\wdi.dll,-500 (WdiSystemHost) - Unknown owner - C:\Windows\System32\svchost.exe O23 - Service: @%systemroot%\system32\webclnt.dll,-100 (WebClient) - Unknown owner - C:\Windows\system32\svchost.exe O23 - Service: @%SystemRoot%\system32\wecsvc.dll,-200 (Wecsvc) - Unknown owner - C:\Windows\system32\svchost.exe O23 - Service: @%SystemRoot%\System32\wercplsupport.dll,-101 (wercplsupport) - Unknown owner - C:\Windows\System32\svchost.exe O23 - Service: @%SystemRoot%\System32\wersvc.dll,-100 (WerSvc) - Unknown owner - C:\Windows\System32\svchost.exe O23 - Service: @%ProgramFiles%\Windows Defender\MsMpRes.dll,-103 (WinDefend) - Unknown owner - C:\Windows\System32\svchost.exe O23 - Service: @%SystemRoot%\system32\winhttp.dll,-100 (WinHttpAutoProxySvc) - Unknown owner - C:\Windows\system32\svchost.exe O23 - Service: @%Systemroot%\system32\wbem\wmisvc.dll,-205 (Winmgmt) - Unknown owner - C:\Windows\system32\svchost.exe O23 - Service: @%Systemroot%\system32\wsmsvc.dll,-101 (WinRM) - Unknown owner - C:\Windows\System32\svchost.exe O23 - Service: @%SystemRoot%\System32\wlansvc.dll,-257 (Wlansvc) - Unknown owner - C:\Windows\system32\svchost.exe O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files\Windows Media Player\wmpnetwk.exe O23 - Service: @%SystemRoot%\system32\wpcsvc.dll,-100 (WPCSvc) - Unknown owner - C:\Windows\system32\svchost.exe O23 - Service: @%SystemRoot%\system32\wpdbusenum.dll,-100 (WPDBusEnum) - Unknown owner - C:\Windows\system32\svchost.exe O23 - Service: @%SystemRoot%\System32\wscsvc.dll,-200 (wscsvc) - Unknown owner - C:\Windows\System32\svchost.exe O23 - Service: @%systemroot%\system32\SearchIndexer.exe,-103 (WSearch) - Unknown owner - C:\Windows\system32\SearchIndexer.exe O23 - Service: @%systemroot%\system32\wuaueng.dll,-105 (wuauserv) - Unknown owner - C:\Windows\system32\svchost.exe O23 - Service: @%SystemRoot%\system32\wudfsvc.dll,-1000 (wudfsvc) - Unknown owner - C:\Windows\system32\svchost.exe O23 - Service: @%SystemRoot%\System32\wwansvc.dll,-257 (WwanSvc) - Unknown owner - C:\Windows\system32\svchost.exe -- End of file - 20099 bytes J'espère que vous saurez m'aider, et vous remercie d'avance de me prêter vos lumières.
×
×
  • Créer...