Aller au contenu

Beauregard

Membres
 Afficher le profil  Afficher son activité

  • Compteur de contenus

    13

  • Inscription

  • Dernière visite

Autres informations

  • Mes langues
    Français, Anglais

Beauregard's Achievements

Junior Member

Junior Member (3/12)

0

Réputation sur la communauté

  1. Beauregard
    Fausse alarme. Désolé.
  2. Beauregard
    Fausse alarme. Désolé.
  3. Beauregard
    Pour info... 1/ Lorsque OTL a fait la manœuvre sur les fichiers HOSTS, explorer.exe s'est arrêté. Au redémarrage, OTL avait créé le fichier texte suivant: Files\Folders moved on Reboot... File\Folder C:\Windows\temp\TMP0000006B45334AFF71D2D665 not found! C:\Windows\System32\drivers\etc\Hosts moved successfully. Registry entries deleted on Reboot... 2/ J'ai verifie un certain nombre de fichiers HOSTS listes dans le rapport, ils sont bien a leur place dans le disque dur. 3/ Concernant le PM, voila: la photo de mon profil vient en effet de mon disque dur mais ce n'est pas moi qui l'ai placée sur mon profil et je ne sais comment elle est arrivée la. As-tu une explication? Etrange. Merci, Beauregard
  4. Beauregard
    Merci de ton aide. OTL etait fige hier et je ne savais quoi faire car il a rame pendant 7 heures sur les fichiers hosts. Selon le rapport ci-dessous, cela ne semble pas réglé. Des fichiers hosts sont manquants. Que puis-je faire? Merci, Beauregard /////////////////////////////////////////////// OTL logfile created on: 5/10/2011 2:22:29 AM - Run 2 OTL by OldTimer - Version 3.2.22.3 Folder = C:\Users\Emmanuel\Desktop Windows Vista Ultimate Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation Internet Explorer (Version = 9.0.8112.16421) Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy 3.00 Gb Total Physical Memory | 2.00 Gb Available Physical Memory | 56.00% Memory free 6.00 Gb Paging File | 5.00 Gb Available in Paging File | 73.00% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files Drive C: | 363.93 Gb Total Space | 84.98 Gb Free Space | 23.35% Space Free | Partition Type: NTFS Computer Name: EMMANUEL-PC | User Name: Emmanuel | Logged in as Administrator. Boot Mode: Normal | Scan Mode: Current user Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - [2011/05/08 14:51:23 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Users\Emmanuel\Desktop\OTL.exe PRC - [2011/03/08 10:19:07 | 000,310,856 | ---- | M] (BitDefender S.R.L.) -- C:\Program Files\Common Files\BitDefender\BitDefender Update Service\livesrv.exe PRC - [2011/01/18 23:49:08 | 001,176,448 | ---- | M] (BitDefender S.R.L.) -- C:\Program Files\BitDefender\BitDefender 2010\bdagent.exe PRC - [2010/04/26 15:01:54 | 001,615,688 | ---- | M] (BitDefender S.R.L.) -- C:\Program Files\BitDefender\BitDefender 2010\vsserv.exe PRC - [2010/03/25 23:49:10 | 000,057,344 | ---- | M] (Nalpeiron Ltd.) -- C:\Windows\System32\nlssrv32.exe PRC - [2010/03/18 16:04:52 | 001,091,984 | ---- | M] (BitDefender S.R.L.) -- C:\Program Files\BitDefender\BitDefender 2010\seccenter.exe PRC - [2010/03/16 02:58:36 | 000,718,208 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Office\Office14\MSOSYNC.EXE PRC - [2010/01/17 11:21:17 | 001,201,640 | ---- | M] (Webroot Software, Inc. ) -- C:\Program Files\Webroot\WebrootSecurity\WRConsumerService.exe PRC - [2009/11/06 12:00:22 | 004,048,240 | ---- | M] (Webroot Software, Inc. (www.webroot.com)) -- C:\Program Files\Webroot\WebrootSecurity\SpySweeper.exe PRC - [2009/04/11 14:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe PRC - [2009/04/11 14:27:28 | 000,069,120 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\conime.exe PRC - [2009/01/22 08:06:55 | 000,655,624 | ---- | M] (Acresso Software Inc.) -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe PRC - [2008/08/29 02:34:10 | 001,771,360 | ---- | M] (Sony Corporation) -- C:\Program Files\Sony\VAIO Power Management\SPMgr.exe PRC - [2008/08/29 02:34:10 | 000,411,488 | ---- | M] (Sony Corporation) -- C:\Program Files\Sony\VAIO Power Management\SPMService.exe PRC - [2008/08/29 01:10:18 | 000,233,472 | ---- | M] () -- C:\Program Files\DisplayLink Core Software\DisplayLinkUI.exe PRC - [2008/08/18 23:31:22 | 000,443,752 | ---- | M] (DisplayLink Corp.) -- C:\Program Files\DisplayLink Core Software\DisplayLinkService.exe PRC - [2008/08/18 23:31:20 | 004,597,096 | ---- | M] (DisplayLink Corp.) -- C:\Program Files\DisplayLink Core Software\DisplayLinkManager.exe PRC - [2008/07/11 05:10:44 | 000,182,112 | ---- | M] (Sony Corporation) -- C:\Program Files\Sony\VAIO Event Service\VESMgr.exe PRC - [2008/07/11 05:10:44 | 000,100,472 | ---- | M] (Sony Corporation) -- C:\Program Files\Sony\VAIO Event Service\VESMgrSub.exe PRC - [2008/06/11 22:43:26 | 000,640,376 | ---- | M] (Adobe Systems Inc.) -- C:\Program Files\Adobe\Acrobat 9.0\Acrobat\acrotray.exe PRC - [2008/06/09 21:59:30 | 000,098,304 | ---- | M] (Realtek Semiconductor) -- C:\Windows\RTKAUDIOSERVICE.EXE PRC - [2008/05/01 10:41:12 | 000,815,104 | ---- | M] (Intel® Corporation) -- C:\Program Files\intel\WiFi\bin\EvtEng.exe PRC - [2008/05/01 10:10:10 | 000,466,944 | ---- | M] (Intel® Corporation) -- C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe PRC - [2008/01/21 10:21:41 | 000,319,544 | ---- | M] (Microsoft Corporation) -- c:\Program Files\Windows Defender\MpCmdRun.exe PRC - [2007/06/06 04:20:32 | 000,177,704 | ---- | M] () -- C:\Windows\System32\PSIService.exe PRC - [2007/01/05 10:48:52 | 000,112,152 | R--- | M] (InterVideo) -- C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe ========== Modules (SafeList) ========== MOD - [2011/05/08 14:51:23 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Users\Emmanuel\Desktop\OTL.exe MOD - [2010/09/23 04:07:50 | 000,107,856 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Mindjet\MindManager 9\msscript.ocx MOD - [2010/08/31 23:43:52 | 001,686,016 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18305_none_5cb72f2a088b0ed3\comctl32.dll ========== Win32 Services (SafeList) ========== SRV - [2011/03/08 10:19:07 | 000,310,856 | ---- | M] (BitDefender S.R.L.) [Auto | Running] -- C:\Program Files\Common Files\BitDefender\BitDefender Update Service\livesrv.exe -- (LIVESRV) SRV - [2011/01/11 02:40:42 | 001,962,192 | ---- | M] (Astrill) [On_Demand | Stopped] -- C:\Users\Emmanuel\AppData\Roaming\Astrill\ASProxy.exe -- (ASProxy) SRV - [2011/01/11 02:40:28 | 000,428,056 | ---- | M] (Astrill) [On_Demand | Stopped] -- C:\Users\Emmanuel\AppData\Roaming\Astrill\ASOvpnSvc.exe -- (ASOVPNHelper) SRV - [2010/04/26 15:01:54 | 001,615,688 | ---- | M] (BitDefender S.R.L.) [Auto | Running] -- C:\Program Files\BitDefender\BitDefender 2010\vsserv.exe -- (VSSERV) SRV - [2010/04/22 01:46:17 | 000,373,760 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\System32\inetsrv\iisw3adm.dll -- (WAS) SRV - [2010/04/22 01:46:17 | 000,373,760 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\inetsrv\iisw3adm.dll -- (W3SVC) SRV - [2010/03/25 23:49:10 | 000,057,344 | ---- | M] (Nalpeiron Ltd.) [Auto | Running] -- C:\Windows\System32\nlssrv32.exe -- (nlsX86cc) SRV - [2010/03/25 10:25:22 | 030,969,208 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Microsoft Office\Office14\GROOVE.EXE -- (Microsoft SharePoint Workspace Audit Service) SRV - [2010/03/12 16:40:10 | 000,315,392 | ---- | M] (S.C. BitDefender S.R.L) [On_Demand | Stopped] -- C:\Program Files\Common Files\BitDefender\BitDefender Threat Scanner\scan.dll -- (scan) SRV - [2010/02/19 13:37:14 | 000,517,096 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Program Files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe -- (SwitchBoard) SRV - [2010/01/17 11:21:17 | 001,201,640 | ---- | M] (Webroot Software, Inc. ) [Auto | Running] -- C:\Program Files\Webroot\WebrootSecurity\WRConsumerService.exe -- (WRConsumerService) SRV - [2009/11/06 12:00:22 | 004,048,240 | ---- | M] (Webroot Software, Inc. (www.webroot.com)) [Auto | Running] -- C:\Program Files\Webroot\WebrootSecurity\SpySweeper.exe -- (WebrootSpySweeperService) SRV - [2009/10/19 17:06:10 | 000,183,880 | ---- | M] (BitDefender S.R.L. http://www.bitdefender.com) [On_Demand | Stopped] -- C:\Program Files\Common Files\BitDefender\BitDefender Arrakis Server\bin\arrakis3.exe -- (Arrakis3) SRV - [2009/04/11 14:28:17 | 000,052,224 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\inetsrv\apphostsvc.dll -- (AppHostSvc) SRV - [2009/01/22 08:06:55 | 000,655,624 | ---- | M] (Acresso Software Inc.) [On_Demand | Running] -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service) SRV - [2008/08/29 02:34:10 | 000,411,488 | ---- | M] (Sony Corporation) [Auto | Running] -- C:\Program Files\Sony\VAIO Power Management\SPMService.exe -- (VAIO Power Management) SRV - [2008/08/18 23:31:22 | 000,443,752 | ---- | M] (DisplayLink Corp.) [Auto | Running] -- C:\Program Files\DisplayLink Core Software\DisplayLinkService.exe -- (DisplayLinkService) SRV - [2008/07/11 05:10:44 | 000,182,112 | ---- | M] (Sony Corporation) [Auto | Running] -- C:\Program Files\Sony\VAIO Event Service\VESMgr.exe -- (VAIO Event Service) SRV - [2008/06/09 21:59:30 | 000,098,304 | ---- | M] (Realtek Semiconductor) [Auto | Running] -- C:\Windows\RTKAUDIOSERVICE.EXE -- (RtkHDMIService) SRV - [2008/05/02 09:42:06 | 000,121,360 | ---- | M] (Logitech, Inc.) [On_Demand | Stopped] -- C:\Program Files\Common Files\Logitech\Bluetooth\LBTServ.exe -- (LBTServ) SRV - [2008/05/01 10:41:12 | 000,815,104 | ---- | M] (Intel® Corporation) [Auto | Running] -- C:\Program Files\intel\WiFi\bin\EvtEng.exe -- (EvtEng) SRV - [2008/05/01 10:10:10 | 000,466,944 | ---- | M] (Intel® Corporation) [Auto | Running] -- C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe -- (RegSrvc) SRV - [2008/04/03 02:07:58 | 000,073,728 | ---- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCs\VzHardwareResourceManager\VzHardwareResourceManager.exe -- (VAIO Entertainment TV Device Arbitration Service) SRV - [2008/04/03 02:07:56 | 000,147,456 | ---- | M] (Sony Corporation) [Auto | Stopped] -- C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzFw.exe -- (VzFw) SRV - [2008/04/03 02:07:54 | 000,184,320 | ---- | M] (Sony Corporation) [Auto | Stopped] -- C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzCdbSvc.exe -- (VzCdbSvc) SRV - [2008/04/03 02:07:38 | 000,279,848 | ---- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VCSW\VCSW.exe -- (Vcsw) SRV - [2008/03/05 11:58:30 | 000,063,328 | ---- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\Program Files\Sony\VAIO Media plus\SOHDs.exe -- (SOHDs) SRV - [2008/03/05 11:56:42 | 000,350,048 | ---- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\Program Files\Sony\VAIO Media plus\SOHDms.exe -- (SOHDms) SRV - [2008/03/05 11:54:50 | 000,104,288 | ---- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\Program Files\Sony\VAIO Media plus\SOHCImp.exe -- (SOHCImp) SRV - [2008/03/04 05:45:48 | 000,333,088 | ---- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\Program Files\Sony\VCM Intelligent Analyzing Manager\VcmIAlzMgr.exe -- (VcmIAlzMgr) SRV - [2008/03/04 04:27:14 | 000,087,328 | ---- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\Sony Shared\VcmXml\VcmXmlIfHelper.exe -- (VcmXmlIfHelper) SRV - [2008/01/21 10:21:41 | 000,272,952 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend) SRV - [2007/11/28 17:08:02 | 000,077,824 | ---- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\Sony Shared\AVLib\SPTISRV.exe -- (SPTISRV) SRV - [2007/11/28 17:02:20 | 000,053,248 | ---- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\Sony Shared\AVLib\MSCSPTISRV.exe -- (MSCSPTISRV) SRV - [2007/11/28 16:43:44 | 000,053,248 | ---- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\Sony Shared\AVLib\PACSPTISVR.exe -- (PACSPTISVR) SRV - [2007/06/06 04:20:32 | 000,177,704 | ---- | M] () [Auto | Running] -- C:\Windows\System32\PSIService.exe -- (ProtexisLicensing) SRV - [2007/01/05 10:48:52 | 000,112,152 | R--- | M] (InterVideo) [Auto | Running] -- C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe -- (IviRegMgr) ========== Driver Services (SafeList) ========== DRV - [2010/08/20 22:08:46 | 000,026,112 | ---- | M] (The OpenVPN Project) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\tap0901.sys -- (tap0901) DRV - [2010/06/13 14:42:46 | 000,039,808 | ---- | M] (BitDefender S.R.L.) [Kernel | On_Demand | Stopped] -- C:\Program Files\Common Files\BitDefender\BitDefender Threat Scanner\trufos.sys -- (Trufos) DRV - [2010/06/13 14:42:44 | 000,014,720 | ---- | M] (BitDefender S.R.L.) [Kernel | On_Demand | Stopped] -- C:\Program Files\Common Files\BitDefender\BitDefender Threat Scanner\profos.sys -- (Profos) DRV - [2010/06/13 14:42:38 | 000,119,504 | ---- | M] (BitDefender LLC) [Kernel | System | Running] -- C:\Program Files\Common Files\BitDefender\BitDefender Firewall\bdftdif.sys -- (bdftdif) DRV - [2010/04/23 17:43:52 | 000,058,368 | ---- | M] (BitDefender) [Kernel | On_Demand | Stopped] -- C:\Program Files\BitDefender\BitDefender 2010\bdselfpr.sys -- (BDSelfPr) DRV - [2010/02/22 14:58:40 | 000,291,352 | ---- | M] (BitDefender) [File_System | Boot | Running] -- C:\Windows\system32\DRIVERS\bdfsfltr.sys -- (bdfsfltr) DRV - [2010/02/03 13:57:36 | 000,153,448 | ---- | M] (BitDefender S.R.L. Bucharest, ROMANIA) [File_System | On_Demand | Running] -- C:\Windows\System32\drivers\bdfm.sys -- (BDFM) DRV - [2010/01/08 16:28:40 | 000,006,656 | ---- | M] (alipay.com) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\alidevice.sys -- (Alidevice) DRV - [2009/11/06 12:00:36 | 000,176,752 | ---- | M] (Webroot Software, Inc. (www.webroot.com)) [Kernel | Boot | Running] -- C:\Windows\system32\DRIVERS\ssidrv.sys -- (ssidrv) DRV - [2009/11/06 12:00:36 | 000,023,152 | ---- | M] (Webroot Software, Inc. (www.webroot.com)) [Kernel | Boot | Running] -- C:\Windows\system32\DRIVERS\sshrmd.sys -- (sshrmd) DRV - [2009/11/06 12:00:34 | 000,029,808 | ---- | M] (Webroot Software, Inc. (www.webroot.com)) [Kernel | Boot | Running] -- C:\Windows\system32\DRIVERS\ssfs0bbc.sys -- (ssfs0bbc) DRV - [2009/08/31 10:38:02 | 000,011,808 | ---- | M] () [Kernel | Auto | Running] -- C:\Windows\System32\drivers\CertClient.dat -- (CMB8100) DRV - [2009/08/31 10:38:02 | 000,010,272 | ---- | M] () [Kernel | Auto | Running] -- C:\Windows\System32\drivers\CMBProtector.dat -- (CMBProtector) DRV - [2009/08/27 15:18:58 | 000,025,736 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\swmsflt.sys -- (swmsflt) DRV - [2009/08/21 02:08:00 | 000,024,960 | ---- | M] (LG Electronics Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\lgusbmodem.sys -- (USBModem) DRV - [2009/08/21 02:08:00 | 000,020,864 | ---- | M] (LG Electronics Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\lgusbdiag.sys -- (UsbDiag) DRV - [2009/08/21 02:08:00 | 000,013,056 | ---- | M] (LG Electronics Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\lgusbbus.sys -- (usbbus) DRV - [2009/04/11 12:43:07 | 000,029,696 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\BTHPRINT.SYS -- (BTHprint) DRV - [2009/01/16 17:08:39 | 000,717,296 | ---- | M] (Duplex Secure Ltd.) [Kernel | Disabled | Stopped] -- C:\Windows\System32\Drivers\sptd.sys -- (sptd) DRV - [2008/08/18 23:31:50 | 000,287,856 | ---- | M] (DisplayLink Corp.) [Kernel | On_Demand | Running] -- C:\Windows\system32\drivers\dlkmd.sys -- (dlkmd) DRV - [2008/08/18 23:31:50 | 000,013,424 | ---- | M] (DisplayLink Corp.) [Kernel | Boot | Running] -- C:\Windows\system32\drivers\dlkmdldr.sys -- (dlkmdldr) DRV - [2008/05/13 08:05:19 | 003,537,408 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\atikmdag.sys -- (atikmdag) DRV - [2008/04/28 21:29:26 | 003,658,752 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\NETw5v32.sys -- (NETw5v32) Intel® DRV - [2008/04/28 09:19:55 | 000,142,624 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\RtHDMIV.sys -- (RTHDMIAzAudService) DRV - [2008/04/22 22:43:36 | 000,010,216 | ---- | M] (Sony Corporation) [Kernel | System | Running] -- C:\Windows\System32\drivers\DMICall.sys -- (DMICall) DRV - [2008/04/22 08:01:11 | 000,903,680 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\athr.sys -- (athr) DRV - [2008/04/16 08:04:24 | 000,046,592 | ---- | M] (REDC) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\risdptsk.sys -- (risdptsk) DRV - [2008/04/16 08:04:12 | 000,068,096 | ---- | M] (REDC) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\rimsptsk.sys -- (rimsptsk) DRV - [2008/02/29 10:13:24 | 000,036,880 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\LMouFilt.Sys -- (LMouFilt) DRV - [2008/02/29 10:13:16 | 000,035,344 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\LHidFilt.Sys -- (LHidFilt) DRV - [2008/02/23 08:38:50 | 000,164,400 | ---- | M] (Alps Electric Co., Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\Apfiltr.sys -- (ApfiltrService) DRV - [2008/01/25 10:14:25 | 000,008,192 | ---- | M] (Conexant Systems, Inc.) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\XAudio.sys -- (XAudio) DRV - [2008/01/21 10:21:34 | 000,050,048 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\mstape.sys -- (MSTAPE) DRV - [2008/01/21 10:21:27 | 000,014,208 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\avcstrm.sys -- (AVCSTRM) DRV - [2007/12/17 09:57:23 | 000,009,344 | ---- | M] (Sony Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\SFEP.sys -- (SFEP) DRV - [2007/07/26 16:25:12 | 000,039,808 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\SRS_SSCFilter_i386.sys -- (SRS_SSCFilter) SRS Labs Audio Sandbox (WDM) DRV - [2007/06/27 10:42:34 | 000,073,856 | ---- | M] (Sierra Wireless Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\swumx56.sys -- (SWUMX56) Sierra Wireless USB MUX Driver (UMTS56) DRV - [2007/06/27 10:41:48 | 000,101,248 | ---- | M] (Sierra Wireless Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\swnc8u56.sys -- (SWNC8U56) Sierra Wireless MUX NDIS Driver (UMTS56) DRV - [2007/04/18 11:09:28 | 000,011,032 | ---- | M] (InterVideo) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\regi.sys -- (regi) DRV - [2006/11/08 15:02:40 | 000,024,064 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\point32k.sys -- (Point32) DRV - [2006/11/02 12:50:52 | 000,128,104 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\System32\drivers\WimFltr.sys -- (WimFltr) DRV - [2006/04/04 21:20:36 | 000,009,344 | ---- | M] (Hewlett Packard) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\hpfxbulk.sys -- (HPFXBULK) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1 IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = Rue89 | Site d'information et de débat sur l'actualité, indépendant et participatif IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 2 IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 ========== FireFox ========== FF - prefs.js..browser.search.defaultengine: "" FF - prefs.js..browser.search.defaultenginename: "" FF - prefs.js..browser.search.order.1: "" FF - prefs.js..browser.search.selectedEngine: "Google" FF - prefs.js..browser.search.useDBForOrder: "" FF - HKLM\software\mozilla\Firefox\Extensions\\FFToolbar@bitdefender.com: C:\Program Files\BitDefender\BitDefender 2010\bdaphffext\ [2010/09/21 09:56:53 | 000,000,000 | ---D | M] FF - HKLM\software\mozilla\Firefox\Extensions\\{22119944-ED35-4ab1-910B-E619EA06A115}: C:\Program Files\Siber Systems\AI RoboForm\Firefox [2011/05/02 15:11:12 | 000,000,000 | ---D | M] FF - HKLM\software\mozilla\Mozilla Firefox 4.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011/05/02 14:04:48 | 000,000,000 | ---D | M] FF - HKLM\software\mozilla\Mozilla Firefox 4.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011/05/02 14:04:35 | 000,000,000 | ---D | M] [2009/10/10 14:22:29 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Emmanuel\AppData\Roaming\mozilla\Extensions [2009/10/10 14:22:29 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Emmanuel\AppData\Roaming\mozilla\Extensions\{2f1e6a90-e99e-11dd-ba2f-0800200c9a66} [2011/05/08 11:24:17 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Emmanuel\AppData\Roaming\mozilla\Firefox\Profiles\8681oi1f.default\extensions [2011/04/04 19:59:04 | 000,000,000 | ---D | M] (DownloadHelper) -- C:\Users\Emmanuel\AppData\Roaming\mozilla\Firefox\Profiles\8681oi1f.default\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d} [2011/03/18 12:10:47 | 000,000,000 | ---D | M] (LinkedIn Companion for Firefox) -- C:\Users\Emmanuel\AppData\Roaming\mozilla\Firefox\Profiles\8681oi1f.default\extensions\{e2337727-f9c9-411b-929e-287584341d1a} [2010/09/29 10:23:16 | 000,000,000 | ---D | M] (United States English Spellchecker) -- C:\Users\Emmanuel\AppData\Roaming\mozilla\Firefox\Profiles\8681oi1f.default\extensions\en-US@dictionaries.addons.mozilla.org [2010/01/17 12:28:37 | 000,004,166 | ---- | M] () -- C:\Users\Emmanuel\AppData\Roaming\Mozilla\Firefox\Profiles\8681oi1f.default\searchplugins\baidu.xml [2011/05/02 14:04:47 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions [2010/07/17 14:26:18 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} [2010/08/24 19:46:28 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} [2010/10/18 16:42:14 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} File not found (No name found) -- [2011/01/15 17:17:28 | 000,000,000 | ---D | M] (Download Accelerator Plus (DAP) extension) -- C:\PROGRAM FILES\DAP\DAPFIREFOX [2011/05/02 15:11:12 | 000,000,000 | ---D | M] (Roboform Toolbar for Firefox) -- C:\PROGRAM FILES\SIBER SYSTEMS\AI ROBOFORM\FIREFOX [2009/07/06 02:37:34 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\WINDOWS\MICROSOFT.NET\FRAMEWORK\V3.5\WINDOWS PRESENTATION FOUNDATION\DOTNETASSISTANTEXTENSION [2011/04/15 00:47:17 | 000,142,296 | ---- | M] (Mozilla Foundation) -- C:\Program Files\Mozilla Firefox\components\browsercomps.dll [2008/12/15 15:05:50 | 000,234,496 | ---- | M] (Alipay.com co.,ltd) -- C:\Program Files\Mozilla Firefox\plugins\npaliedit.dll [2010/09/15 04:50:38 | 000,472,808 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npdeployJava1.dll [2007/05/17 05:00:12 | 000,046,856 | ---- | M] (E-Book Systems.) -- C:\Program Files\Mozilla Firefox\plugins\NPOpf.dll [2010/01/01 16:00:00 | 000,001,516 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\amazon-france.xml [2010/01/01 16:00:00 | 000,002,252 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\bing.xml [2010/01/01 16:00:00 | 000,001,822 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\cnrtl-tlfi-fr.xml [2010/01/01 16:00:00 | 000,001,154 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\eBay-france.xml [2010/01/01 16:00:00 | 000,001,426 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\wikipedia-fr.xml [2010/01/01 16:00:00 | 000,000,956 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\yahoo-france.xml [2011/02/28 15:06:17 | 000,001,066 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\yahoo-zugo.xml Hosts file not found O2 - BHO: (SnagIt Toolbar Loader) - {00C6482D-C502-44C8-8409-FCE54AD9C208} - C:\Program Files\TechSmith\Snagit 9\SnagitBHO.dll (TechSmith Corporation) O2 - BHO: (FlpLauncher Class) - {4401FDC3-7996-4774-8D2B-C1AE9CD6CC25} - C:\Program Files\E-Book Systems\FlipViewer\fvbho140.dll (E-Book Systems Inc.) O2 - BHO: (CmjBrowserHelperObject Object) - {6FE6A929-59D1-4763-91AD-29B61CFFB35B} - C:\Program Files\Mindjet\MindManager 9\Mm8InternetExplorer.dll (Mindjet) O2 - BHO: (no name) - {724d43a9-0d85-11d4-9908-00400523e39a} - C:\Program Files\Siber Systems\AI RoboForm\roboform.dll (Siber Systems Inc.) O2 - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation) O2 - BHO: (SSVHelper Class) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.) O2 - BHO: (Adobe PDF Conversion Toolbar Helper) - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated) O2 - BHO: (Skype Plug-In) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O2 - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation) O2 - BHO: (SmartSelect Class) - {F4971EE7-DAA0-4053-9964-665D8EE6A077} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated) O2 - BHO: (DAPIELoader Class) - {FF6C3CF0-4B15-11D1-ABED-709549C10000} - C:\Program Files\DAP\dapieloader.dll (SpeedBit Ltd.) O3 - HKLM\..\Toolbar: (BitDefender Toolbar) - {381FFDE8-2394-4f90-B10D-FC6124A40F8C} - C:\Program Files\BitDefender\BitDefender 2010\ietoolbar.dll (BitDefender S.R.L.) O3 - HKLM\..\Toolbar: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated) O3 - HKLM\..\Toolbar: (&RoboForm) - {724d43a0-0d85-11d4-9908-00400523e39a} - C:\Program Files\Siber Systems\AI RoboForm\roboform.dll (Siber Systems Inc.) O3 - HKLM\..\Toolbar: (Snagit) - {8FF5E183-ABDE-46EB-B09E-D2AAB95CABE3} - C:\Program Files\TechSmith\Snagit 9\SnagitIEAddin.dll (TechSmith Corporation) O3 - HKCU\..\Toolbar\WebBrowser: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated) O3 - HKCU\..\Toolbar\WebBrowser: (&RoboForm) - {724D43A0-0D85-11D4-9908-00400523E39A} - C:\Program Files\Siber Systems\AI RoboForm\roboform.dll (Siber Systems Inc.) O4 - HKLM..\Run: [bCSSync] C:\Program Files\Microsoft Office\Office14\BCSSync.exe (Microsoft Corporation) O4 - HKLM..\Run: [spySweeper] C:\Program Files\Webroot\WebrootSecurity\SpySweeperUI.exe (Webroot Software, Inc.) O4 - HKCU..\Run: [Ditto] C:\Program Files\Ditto\Ditto.exe () O4 - HKCU..\Run: [OfficeSyncProcess] C:\Program Files\Microsoft Office\Office14\MSOSYNC.EXE (Microsoft Corporation) O4 - HKCU..\Run: [RoboForm] C:\Program Files\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe (Siber Systems) O8 - Extra context menu item: &Clean Traces - C:\Program Files\DAP\Privacy Package\dapcleanerie.htm () O8 - Extra context menu item: &Download with &DAP - C:\Program Files\DAP\dapextie.htm () O8 - Extra context menu item: Append Link Target to Existing PDF - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated) O8 - Extra context menu item: Append to existing PDF - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated) O8 - Extra context menu item: Barre RoboForm - C:\Program Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html () O8 - Extra context menu item: Convert link target to Adobe PDF - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated) O8 - Extra context menu item: Convert link target to existing PDF - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated) O8 - Extra context menu item: Convert to Adobe PDF - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated) O8 - Extra context menu item: Download &all with DAP - C:\Program Files\DAP\dapextie2.htm () O8 - Extra context menu item: E&xport to Microsoft Excel - C:\Program Files\Microsoft Office\Office14\EXCEL.EXE (Microsoft Corporation) O8 - Extra context menu item: Enregistrer le formulaire - C:\Program Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html () O8 - Extra context menu item: Personnaliser le menu - C:\Program Files\Siber Systems\AI RoboForm\RoboFormComCustomizeIEMenu.html () O8 - Extra context menu item: QQ - C:\Program Files\Tencent\QQIntl\Bin\AddEmotion.htm () O8 - Extra context menu item: Remplir le formulaire - C:\Program Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html () O8 - Extra context menu item: Se&nd to OneNote - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation) O8 - Extra context menu item: Send image to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm () O8 - Extra context menu item: Send page to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm () O9 - Extra Button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation) O9 - Extra 'Tools' menuitem : Se&nd to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation) O9 - Extra Button: Send to Mindjet MindManager - {2F72393D-2472-4F82-B600-ED77F354B7FF} - C:\Program Files\Mindjet\MindManager 9\Mm8InternetExplorer.dll (Mindjet) O9 - Extra Button: Remplir - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - C:\Program Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html () O9 - Extra 'Tools' menuitem : Remplir le formulaire - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - C:\Program Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html () O9 - Extra Button: Enregistrer - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - C:\Program Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html () O9 - Extra 'Tools' menuitem : Enregistrer le formulaire - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - C:\Program Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html () O9 - Extra Button: Barre RoboForm - {724d43aa-0d85-11d4-9908-00400523e39a} - C:\Program Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html () O9 - Extra 'Tools' menuitem : Barre RoboForm - {724d43aa-0d85-11d4-9908-00400523e39a} - C:\Program Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html () O9 - Extra Button: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation) O9 - Extra 'Tools' menuitem : OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation) O9 - Extra Button: Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O9 - Extra 'Tools' menuitem : Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O9 - Extra Button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm () O9 - Extra 'Tools' menuitem : @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm () O10 - NameSpace_Catalog5\Catalog_Entries\000000000008 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.) O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Windows\System32\ASProxy.dll (Astrill) O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Windows\System32\ASProxy.dll (Astrill) O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\Windows\System32\ASProxy.dll (Astrill) O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\Windows\System32\ASProxy.dll (Astrill) O10 - Protocol_Catalog9\Catalog_Entries\000000000016 - C:\Windows\System32\ASProxy.dll (Astrill) O13 - gopher Prefix: missing O16 - DPF: {1E0DFFCF-27FF-4574-849B-55007349FEDA} https://download.alipay.com/aliedit/aliedit/2401/aliedit.cab (iTrusPTA Class) O16 - DPF: {233C1507-6A77-46A4-9443-F871F945D258} http://download.macromedia.com/pub/shockwave/cabs/director/sw.cab (Reg Error: Key error.) O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22) O16 - DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22) O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 180.168.255.118 116.228.111.18 O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies) O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O20 - AppInit_DLLs: (acaptuser32.dll) - C:\Windows\System32\acaptuser32.dll (Adobe Systems, Inc.) O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O20 - Winlogon\Notify\VESWinlogon: DllName - VESWinlogon.dll - C:\Windows\System32\VESWinlogon.dll (Sony Corporation) O22 - SharedTaskScheduler: {E31004D1-A431-41B8-826F-E902F9D95C81} - Windows DreamScene - C:\Windows\System32\DreamScene.dll (Microsoft Corporation) O24 - Desktop WallPaper: C:\Windows\Web\Wallpaper\img25.jpg O24 - Desktop BackupWallPaper: C:\Windows\Web\Wallpaper\img25.jpg O28 - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation) O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2006/09/19 05:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ] O34 - HKLM BootExecute: (autocheck autochk *) - File not found O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* ========== Files/Folders - Created Within 30 Days ========== [2011/05/09 01:47:13 | 000,000,000 | ---D | C] -- C:\_OTL [2011/05/09 01:42:43 | 000,876,032 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\XpsPrint.dll [2011/05/08 16:33:56 | 000,000,000 | ---D | C] -- C:\Windows\System32\WindowsPowerShell [2011/05/08 16:30:28 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Live [2011/05/08 16:19:49 | 000,000,000 | ---D | C] -- C:\Users\Emmanuel\AppData\Local\Windows Live [2011/05/08 16:11:31 | 000,754,688 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\webservices.dll [2011/05/08 15:23:02 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\winrsmgr.dll [2011/05/08 15:22:38 | 000,040,448 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\winrs.exe [2011/05/08 15:22:38 | 000,020,480 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\winrshost.exe [2011/05/08 15:22:38 | 000,012,800 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wsmprovhost.exe [2011/05/08 15:22:35 | 000,010,240 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wsmplpxy.dll [2011/05/08 15:22:35 | 000,010,240 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\winrssrv.dll [2011/05/08 15:22:31 | 000,056,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wecapi.dll [2011/05/08 15:22:30 | 000,081,408 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wevtfwd.dll [2011/05/08 15:22:30 | 000,079,872 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wecutil.exe [2011/05/08 15:22:30 | 000,054,272 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WsmRes.dll [2011/05/08 15:22:30 | 000,041,472 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\pwrshplugin.dll [2011/05/08 15:22:16 | 000,252,416 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WSManMigrationPlugin.dll [2011/05/08 15:22:16 | 000,246,272 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WSManHTTPConfig.exe [2011/05/08 15:22:16 | 000,241,152 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\winrscmd.dll [2011/05/08 15:22:16 | 000,214,016 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WsmWmiPl.dll [2011/05/08 15:22:16 | 000,145,408 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WsmAuto.dll [2011/05/08 14:51:00 | 000,580,608 | ---- | C] (OldTimer Tools) -- C:\Users\Emmanuel\Desktop\OTL.exe [2011/05/08 11:13:10 | 000,025,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dnscacheugc.exe [2011/05/08 11:02:45 | 001,068,544 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\DWrite.dll [2011/05/08 11:02:44 | 000,288,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\XpsGdiConverter.dll [2011/05/08 11:01:09 | 000,028,672 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\Apphlpdm.dll [2011/05/08 11:01:08 | 004,240,384 | ---- | C] (Microsoft) -- C:\Windows\System32\GameUXLegacyGDFs.dll [2011/05/08 11:00:32 | 003,602,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ntkrnlpa.exe [2011/05/08 11:00:28 | 003,550,096 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ntoskrnl.exe [2011/05/08 10:59:56 | 002,041,856 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\win32k.sys [2011/05/08 10:59:45 | 000,429,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\EncDec.dll [2011/05/08 10:59:44 | 000,322,560 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\sbe.dll [2011/05/08 10:59:43 | 000,177,664 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mpg2splt.ax [2011/05/08 10:59:43 | 000,153,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\sbeio.dll [2011/05/08 10:59:07 | 000,292,864 | ---- | C] (Adobe Systems Incorporated) -- C:\Windows\System32\atmfd.dll [2011/05/08 10:59:06 | 000,034,304 | ---- | C] (Adobe Systems) -- C:\Windows\System32\atmlib.dll [2011/05/08 10:58:54 | 001,162,240 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mfc42u.dll [2011/05/08 10:58:50 | 001,136,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mfc42.dll [2011/05/08 10:58:22 | 000,191,488 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\FXSCOVER.exe [2011/05/08 03:55:46 | 000,000,000 | ---D | C] -- C:\Users\Emmanuel\Desktop\Malware Cleanup [2011/05/08 03:55:15 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Your Uninstaller! 7 [2011/05/08 03:55:11 | 000,000,000 | ---D | C] -- C:\Program Files\Your Uninstaller! 7 [2011/05/08 03:28:55 | 000,161,792 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msls31.dll [2011/05/08 03:28:55 | 000,065,024 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jsproxy.dll [2011/05/08 03:28:54 | 000,162,304 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msrating.dll [2011/05/08 03:28:53 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieui.dll [2011/05/08 03:28:53 | 000,086,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iesysprep.dll [2011/05/08 03:28:53 | 000,076,800 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\SetIEInstalledDate.exe [2011/05/08 03:28:53 | 000,074,752 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\RegisterIEPKEYs.exe [2011/05/08 03:28:53 | 000,048,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mshtmler.dll [2011/05/08 03:28:51 | 000,367,104 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\html.iec [2011/05/08 03:28:51 | 000,353,792 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dxtmsft.dll [2011/05/08 03:28:51 | 000,223,232 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dxtrans.dll [2011/05/08 03:28:50 | 003,695,416 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieapfltr.dat [2011/05/08 03:28:50 | 000,434,176 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieapfltr.dll [2011/05/08 03:28:49 | 001,427,456 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\inetcpl.cpl [2011/05/08 03:28:49 | 000,353,584 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iedkcs32.dll [2011/05/08 03:28:49 | 000,231,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\url.dll [2011/05/08 03:28:49 | 000,074,752 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iesetup.dll [2011/05/08 03:28:49 | 000,074,240 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ie4uinit.exe [2011/05/08 03:28:49 | 000,031,744 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iernonce.dll [2011/05/08 03:28:48 | 000,580,608 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeeds.dll [2011/05/08 03:28:48 | 000,152,064 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wextract.exe [2011/05/08 03:28:48 | 000,150,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iexpress.exe [2011/05/08 03:28:48 | 000,078,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\inseng.dll [2011/05/08 03:28:48 | 000,023,552 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\licmgr10.dll [2011/05/08 03:28:47 | 000,420,864 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\vbscript.dll [2011/05/08 03:28:46 | 002,382,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mshtml.tlb [2011/05/08 03:28:46 | 000,142,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieUnatt.exe [2011/05/08 03:28:46 | 000,054,272 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\pngfilt.dll [2011/05/08 03:28:44 | 000,101,888 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\admparse.dll [2011/05/08 03:28:43 | 000,227,840 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieaksie.dll [2011/05/08 03:28:42 | 000,163,840 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieakui.dll [2011/05/08 03:28:39 | 001,797,632 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jscript9.dll [2011/05/08 03:28:39 | 000,716,800 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jscript.dll [2011/05/08 03:28:38 | 000,035,840 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\imgutil.dll [2011/05/08 03:28:34 | 000,118,784 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iepeers.dll [2011/05/08 03:28:30 | 000,041,472 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeedsbs.dll [2011/05/08 03:28:30 | 000,010,752 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeedssync.exe [2011/05/08 03:28:28 | 000,110,592 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\IEAdvpack.dll [2011/05/08 03:28:27 | 000,130,560 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieakeng.dll [2011/05/08 03:26:15 | 000,979,456 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\MFH264Dec.dll [2011/05/08 03:26:14 | 000,357,376 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\MFHEAACdec.dll [2011/05/08 03:26:13 | 000,302,592 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mfmp4src.dll [2011/05/08 03:26:12 | 000,261,632 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mfreadwrite.dll [2011/05/08 03:26:11 | 002,873,344 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mf.dll [2011/05/08 03:26:09 | 000,098,816 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mfps.dll [2011/05/08 03:26:05 | 000,209,920 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mfplat.dll [2011/05/08 03:25:48 | 000,683,008 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d2d1.dll [2011/05/08 03:25:48 | 000,135,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\XpsRasterService.dll [2011/05/08 03:25:46 | 000,486,400 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3d10level9.dll [2011/05/08 03:25:45 | 001,172,480 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3d10warp.dll [2011/05/08 03:25:44 | 000,219,648 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3d10_1core.dll [2011/05/08 03:25:44 | 000,160,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3d10_1.dll [2011/05/08 03:25:43 | 001,029,120 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3d10.dll [2011/05/08 03:25:43 | 000,189,952 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3d10core.dll [2011/05/08 03:25:42 | 000,478,720 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dxgi.dll [2011/05/08 03:25:41 | 000,037,376 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\cdd.dll [2011/05/08 03:25:40 | 000,667,648 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\printfilterpipelinesvc.exe [2011/05/08 03:25:40 | 000,026,112 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\printfilterpipelineprxy.dll [2011/05/08 03:25:38 | 000,847,360 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\OpcServices.dll [2011/05/08 03:25:37 | 001,554,432 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\xpsservices.dll [2011/05/08 02:50:07 | 000,000,000 | ---D | C] -- C:\Program Files\Windows Portable Devices [2011/05/08 02:44:59 | 000,092,672 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\UIAnimation.dll [2011/05/08 02:44:56 | 003,023,360 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\UIRibbon.dll [2011/05/08 02:44:56 | 001,164,800 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\UIRibbonRes.dll [2011/05/08 02:43:17 | 000,369,664 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WMPhoto.dll [2011/05/08 02:43:11 | 000,195,584 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dxdiagn.dll [2011/05/08 02:43:11 | 000,189,440 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WindowsCodecsExt.dll [2011/05/08 02:43:10 | 000,321,024 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\PhotoMetadataHandler.dll [2011/05/08 02:43:10 | 000,252,928 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dxdiag.exe [2011/05/08 02:43:09 | 000,519,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3d11.dll [2011/05/08 02:41:29 | 000,030,208 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WPDShextAutoplay.exe [2011/05/08 02:41:28 | 000,031,232 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\BthMtpContextHandler.dll [2011/05/08 02:41:20 | 000,060,928 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\PortableDeviceConnectApi.dll [2011/05/08 02:41:15 | 000,033,280 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WpdConns.dll [2011/05/08 02:41:14 | 000,546,816 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wpd_ci.dll [2011/05/08 02:41:14 | 000,061,952 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WpdMtpUS.dll [2011/05/08 02:41:13 | 000,350,208 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WPDSp.dll [2011/05/08 02:41:13 | 000,334,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\PortableDeviceApi.dll [2011/05/08 02:41:13 | 000,226,816 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WpdMtp.dll [2011/05/08 02:41:13 | 000,196,608 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\PortableDeviceWMDRM.dll [2011/05/08 02:41:13 | 000,160,256 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\PortableDeviceTypes.dll [2011/05/08 02:41:13 | 000,100,864 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\PortableDeviceClassExtension.dll [2011/05/08 02:38:21 | 000,004,096 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\oleaccrc.dll [2011/05/08 02:38:19 | 000,555,520 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\UIAutomationCore.dll [2011/05/08 02:08:02 | 000,714,240 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\timedate.cpl [2011/05/08 02:07:50 | 001,696,256 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\gameux.dll [2011/05/08 02:06:17 | 000,471,552 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\secproc_isv.dll [2011/05/08 02:06:17 | 000,471,552 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\secproc.dll [2011/05/08 02:06:15 | 000,526,336 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\RMActivate_isv.exe [2011/05/08 02:06:15 | 000,518,144 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\RMActivate.exe [2011/05/08 02:06:15 | 000,347,136 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\RMActivate_ssp.exe [2011/05/08 02:06:15 | 000,346,624 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\RMActivate_ssp_isv.exe [2011/05/08 02:06:14 | 000,332,288 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msdrm.dll [2011/05/08 02:06:14 | 000,152,576 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\secproc_ssp_isv.dll [2011/05/08 02:06:14 | 000,152,064 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\secproc_ssp.dll [2011/05/08 01:59:48 | 000,310,784 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\unregmp2.exe [2011/05/06 10:50:09 | 000,000,000 | ---D | C] -- C:\Users\Emmanuel\AppData\Roaming\Malwarebytes [2011/05/06 10:49:54 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys [2011/05/06 10:49:54 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware [2011/05/06 10:49:52 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes [2011/05/06 10:49:48 | 000,020,952 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys [2011/05/06 10:49:48 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware [2011/05/04 11:23:56 | 000,000,000 | ---D | C] -- C:\Program Files\Hewlett-Packard [2011/05/02 15:17:42 | 000,000,000 | ---D | C] -- C:\Users\Emmanuel\AppData\Roaming\RoboForm [2011/05/02 15:11:02 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\RoboForm [2011/05/02 10:58:02 | 001,481,496 | -H-- | C] (Dynamic Internet Technology, Inc.) -- C:\Users\Emmanuel\Desktop\fg710p.exe [2011/04/24 15:29:11 | 000,000,000 | ---D | C] -- C:\Users\Emmanuel\Desktop\Marketing Documents ========== Files - Modified Within 30 Days ========== [2011/05/10 02:21:04 | 000,001,073 | -H-- | M] () -- C:\Users\Emmanuel\Desktop\fg.ini [2011/05/10 02:16:54 | 000,003,616 | ---- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0 [2011/05/10 02:16:54 | 000,003,616 | ---- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0 [2011/05/09 23:48:26 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2011/05/09 22:35:12 | 000,002,555 | ---- | M] () -- C:\Users\Emmanuel\Application Data\Microsoft\Internet Explorer\Quick Launch\Microsoft Excel 2010.lnk [2011/05/09 18:32:58 | 000,002,597 | ---- | M] () -- C:\Users\Emmanuel\Application Data\Microsoft\Internet Explorer\Quick Launch\Microsoft Word 2010.lnk [2011/05/09 14:00:59 | 000,002,357 | ---- | M] () -- C:\Users\Emmanuel\Application Data\Microsoft\Internet Explorer\Quick Launch\Outlook 2010.lnk [2011/05/09 12:45:53 | 000,751,468 | ---- | M] () -- C:\Windows\System32\perfh00C.dat [2011/05/09 12:45:53 | 000,674,182 | ---- | M] () -- C:\Windows\System32\perfh009.dat [2011/05/09 12:45:53 | 000,431,304 | ---- | M] () -- C:\Windows\System32\prfh0404.dat [2011/05/09 12:45:53 | 000,421,940 | ---- | M] () -- C:\Windows\System32\prfh0804.dat [2011/05/09 12:45:53 | 000,152,004 | ---- | M] () -- C:\Windows\System32\perfc00C.dat [2011/05/09 12:45:53 | 000,127,904 | ---- | M] () -- C:\Windows\System32\perfc009.dat [2011/05/09 12:45:53 | 000,127,458 | ---- | M] () -- C:\Windows\System32\prfc0404.dat [2011/05/09 12:45:53 | 000,127,446 | ---- | M] () -- C:\Windows\System32\prfc0804.dat [2011/05/09 12:20:43 | 000,000,438 | ---- | M] () -- C:\Windows\System32\drivers\etc\hosts.ics [2011/05/09 12:17:25 | 000,065,536 | ---- | M] () -- C:\Windows\System32\Ikeext.etl [2011/05/09 11:38:02 | 000,000,052 | ---- | M] () -- C:\Windows\System32\ashttpstats.csv [2011/05/09 11:37:53 | 000,003,204 | ---- | M] () -- C:\Windows\bthservsdp.dat [2011/05/08 20:45:54 | 000,000,512 | ---- | M] () -- C:\PhysicalMBR.bin [2011/05/08 19:42:04 | 007,571,368 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT [2011/05/08 14:51:23 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Users\Emmanuel\Desktop\OTL.exe [2011/05/08 10:28:45 | 000,000,908 | ---- | M] () -- C:\Users\Emmanuel\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk [2011/05/08 03:58:52 | 000,146,944 | ---- | M] () -- C:\Users\Emmanuel\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2011/05/08 03:29:19 | 000,008,798 | ---- | M] () -- C:\Windows\System32\icrav03.rat [2011/05/08 03:29:19 | 000,001,988 | ---- | M] () -- C:\Windows\System32\ticrf.rat [2011/05/08 03:28:55 | 000,161,792 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\msls31.dll [2011/05/08 03:28:55 | 000,065,024 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\jsproxy.dll [2011/05/08 03:28:54 | 000,162,304 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\msrating.dll [2011/05/08 03:28:53 | 000,176,640 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\ieui.dll [2011/05/08 03:28:53 | 000,086,528 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\iesysprep.dll [2011/05/08 03:28:53 | 000,076,800 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\SetIEInstalledDate.exe [2011/05/08 03:28:53 | 000,074,752 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\RegisterIEPKEYs.exe [2011/05/08 03:28:53 | 000,048,640 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\mshtmler.dll [2011/05/08 03:28:51 | 000,367,104 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\html.iec [2011/05/08 03:28:51 | 000,353,792 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\dxtmsft.dll [2011/05/08 03:28:51 | 000,223,232 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\dxtrans.dll [2011/05/08 03:28:50 | 003,695,416 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\ieapfltr.dat [2011/05/08 03:28:50 | 000,434,176 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\ieapfltr.dll [2011/05/08 03:28:49 | 001,427,456 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\inetcpl.cpl [2011/05/08 03:28:49 | 000,353,584 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\iedkcs32.dll [2011/05/08 03:28:49 | 000,231,936 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\url.dll [2011/05/08 03:28:49 | 000,074,752 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\iesetup.dll [2011/05/08 03:28:49 | 000,074,240 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\ie4uinit.exe [2011/05/08 03:28:49 | 000,072,822 | ---- | M] () -- C:\Windows\System32\ieuinit.inf [2011/05/08 03:28:49 | 000,031,744 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\iernonce.dll [2011/05/08 03:28:48 | 000,580,608 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\msfeeds.dll [2011/05/08 03:28:48 | 000,152,064 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\wextract.exe [2011/05/08 03:28:48 | 000,150,528 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\iexpress.exe [2011/05/08 03:28:48 | 000,078,848 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\inseng.dll [2011/05/08 03:28:48 | 000,023,552 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\licmgr10.dll [2011/05/08 03:28:47 | 000,420,864 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\vbscript.dll [2011/05/08 03:28:46 | 002,382,848 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\mshtml.tlb [2011/05/08 03:28:46 | 000,142,848 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\ieUnatt.exe [2011/05/08 03:28:46 | 000,054,272 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\pngfilt.dll [2011/05/08 03:28:44 | 000,101,888 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\admparse.dll [2011/05/08 03:28:43 | 000,227,840 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\ieaksie.dll [2011/05/08 03:28:42 | 000,163,840 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\ieakui.dll [2011/05/08 03:28:39 | 001,797,632 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\jscript9.dll [2011/05/08 03:28:39 | 000,716,800 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\jscript.dll [2011/05/08 03:28:38 | 000,035,840 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\imgutil.dll [2011/05/08 03:28:34 | 000,118,784 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\iepeers.dll [2011/05/08 03:28:30 | 000,041,472 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\msfeedsbs.dll [2011/05/08 03:28:30 | 000,010,752 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\msfeedssync.exe [2011/05/08 03:28:28 | 000,110,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\IEAdvpack.dll [2011/05/08 03:28:27 | 000,130,560 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\ieakeng.dll [2011/05/08 03:26:15 | 000,979,456 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\MFH264Dec.dll [2011/05/08 03:26:14 | 000,357,376 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\MFHEAACdec.dll [2011/05/08 03:26:13 | 000,302,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\mfmp4src.dll [2011/05/08 03:26:12 | 000,261,632 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\mfreadwrite.dll [2011/05/08 03:26:11 | 002,873,344 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\mf.dll [2011/05/08 03:26:09 | 000,098,816 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\mfps.dll [2011/05/08 03:26:05 | 000,209,920 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\mfplat.dll [2011/05/08 03:25:48 | 000,683,008 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\d2d1.dll [2011/05/08 03:25:48 | 000,135,680 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\XpsRasterService.dll [2011/05/08 03:25:46 | 000,486,400 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\d3d10level9.dll [2011/05/08 03:25:45 | 001,172,480 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\d3d10warp.dll [2011/05/08 03:25:44 | 000,219,648 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\d3d10_1core.dll [2011/05/08 03:25:44 | 000,160,768 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\d3d10_1.dll [2011/05/08 03:25:43 | 001,029,120 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\d3d10.dll [2011/05/08 03:25:43 | 000,189,952 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\d3d10core.dll [2011/05/08 03:25:42 | 000,478,720 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\dxgi.dll [2011/05/08 03:25:41 | 000,037,376 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\cdd.dll [2011/05/08 03:25:40 | 000,667,648 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\printfilterpipelinesvc.exe [2011/05/08 03:25:40 | 000,026,112 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\printfilterpipelineprxy.dll [2011/05/08 03:25:38 | 000,847,360 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\OpcServices.dll [2011/05/08 03:25:37 | 001,554,432 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\xpsservices.dll [2011/05/08 02:49:00 | 000,000,000 | -H-- | M] () -- C:\Windows\System32\drivers\Msft_User_WpdMtpDr_01_07_00.Wdf [2011/05/08 02:46:52 | 000,000,000 | -H-- | M] () -- C:\Windows\System32\drivers\Msft_User_WpdFs_01_07_00.Wdf [2011/05/07 21:57:03 | 634,498,416 | ---- | M] () -- C:\Windows\MEMORY.DMP [2011/05/07 16:38:34 | 000,000,020 | ---- | M] () -- C:\Users\Emmanuel\defogger_reenable [2011/05/06 17:11:00 | 007,450,289 | ---- | M] () -- C:\Users\Emmanuel\Desktop\Cities of Love in Chinese.icml [2011/05/02 18:52:04 | 000,004,096 | -H-- | M] () -- C:\Users\Emmanuel\AppData\Local\keyfile3.drm [2011/05/02 14:05:03 | 000,000,835 | ---- | M] () -- C:\Users\Emmanuel\Application Data\Microsoft\Internet Explorer\Quick Launch\Mozilla Firefox.lnk [2011/05/02 13:08:01 | 000,000,476 | ---- | M] () -- C:\Users\Emmanuel\Application Data\Microsoft\Internet Explorer\Quick Launch\fg710p.exe - Raccourci.lnk [2011/05/02 11:18:03 | 000,003,136 | ---- | M] () -- C:\Windows\System32\ASProxy.ini [2011/05/02 11:18:03 | 000,001,968 | ---- | M] () -- C:\Windows\System32\ASProxyOff.ini [2011/04/29 14:26:34 | 000,000,501 | ---- | M] () -- C:\Users\Emmanuel\Desktop\Shanghai Presentation files - Raccourci.lnk [2011/04/25 09:31:40 | 000,560,553 | ---- | M] () -- C:\Users\Emmanuel\Desktop\Shanghai - Photographic Presentation.pdf [2011/04/22 19:30:06 | 001,634,304 | ---- | M] () -- C:\Users\Emmanuel\Desktop\SILY Transition Team in Ch.indd [2011/04/22 19:24:48 | 002,199,552 | ---- | M] () -- C:\Users\Emmanuel\Desktop\SILY Directors Cards in Ch.indd [2011/04/14 21:41:30 | 002,954,072 | ---- | M] () -- C:\Users\Emmanuel\Desktop\Cannes 2011.pdf [2011/04/13 14:07:44 | 001,481,496 | -H-- | M] (Dynamic Internet Technology, Inc.) -- C:\Users\Emmanuel\Desktop\fg710p.exe ========== Files Created - No Company Name ========== [2011/05/08 20:45:54 | 000,000,512 | ---- | C] () -- C:\PhysicalMBR.bin [2011/05/08 15:22:20 | 000,201,184 | ---- | C] () -- C:\Windows\System32\winrm.vbs [2011/05/08 15:22:20 | 000,002,426 | ---- | C] () -- C:\Windows\System32\WsmTxt.xsl [2011/05/08 15:22:19 | 000,004,675 | ---- | C] () -- C:\Windows\System32\wsmanconfig_schema.xml [2011/05/08 10:28:45 | 000,000,914 | ---- | C] () -- C:\Users\Emmanuel\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk [2011/05/08 10:28:45 | 000,000,908 | ---- | C] () -- C:\Users\Emmanuel\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk [2011/05/08 03:28:49 | 000,072,822 | ---- | C] () -- C:\Windows\System32\ieuinit.inf [2011/05/08 02:49:00 | 000,000,000 | -H-- | C] () -- C:\Windows\System32\drivers\Msft_User_WpdMtpDr_01_07_00.Wdf [2011/05/08 02:46:52 | 000,000,000 | -H-- | C] () -- C:\Windows\System32\drivers\Msft_User_WpdFs_01_07_00.Wdf [2011/05/07 16:37:35 | 000,000,020 | ---- | C] () -- C:\Users\Emmanuel\defogger_reenable [2011/05/06 17:11:00 | 007,450,289 | ---- | C] () -- C:\Users\Emmanuel\Desktop\Cities of Love in Chinese.icml [2011/05/05 19:24:35 | 001,634,304 | ---- | C] () -- C:\Users\Emmanuel\Desktop\SILY Transition Team in Ch.indd [2011/05/05 19:24:34 | 002,199,552 | ---- | C] () -- C:\Users\Emmanuel\Desktop\SILY Directors Cards in Ch.indd [2011/05/02 18:52:04 | 000,004,096 | -H-- | C] () -- C:\Users\Emmanuel\AppData\Local\keyfile3.drm [2011/05/02 13:08:01 | 000,000,476 | ---- | C] () -- C:\Users\Emmanuel\Application Data\Microsoft\Internet Explorer\Quick Launch\fg710p.exe - Raccourci.lnk [2011/05/02 13:01:56 | 000,001,073 | -H-- | C] () -- C:\Users\Emmanuel\Desktop\fg.ini [2011/04/29 14:26:34 | 000,000,501 | ---- | C] () -- C:\Users\Emmanuel\Desktop\Shanghai Presentation files - Raccourci.lnk [2011/04/25 09:30:33 | 000,560,553 | ---- | C] () -- C:\Users\Emmanuel\Desktop\Shanghai - Photographic Presentation.pdf [2011/04/14 21:41:30 | 002,954,072 | ---- | C] () -- C:\Users\Emmanuel\Desktop\Cannes 2011.pdf [2011/01/15 19:16:45 | 000,000,000 | ---- | C] () -- C:\Users\Emmanuel\AppData\Roaming\chrtmp [2010/12/31 10:02:15 | 000,000,132 | ---- | C] () -- C:\Users\Emmanuel\AppData\Roaming\Adobe PNG Format CS5 Prefs [2010/11/01 00:05:52 | 000,001,968 | ---- | C] () -- C:\Windows\System32\ASProxyOff.ini [2010/11/01 00:05:51 | 000,003,136 | ---- | C] () -- C:\Windows\System32\ASProxy.ini [2010/08/02 11:06:12 | 000,038,431 | ---- | C] () -- C:\Users\Emmanuel\AppData\Roaming\Comma Separated Values (DOS).ADR [2010/06/13 13:46:30 | 000,000,000 | ---- | C] () -- C:\Windows\System32\pcwords2.dat [2010/06/13 13:46:30 | 000,000,000 | ---- | C] () -- C:\Windows\System32\pcwords.dat [2010/06/13 13:46:29 | 000,000,000 | ---- | C] () -- C:\Windows\System32\pc_webproxy.dat [2010/06/13 13:46:29 | 000,000,000 | ---- | C] () -- C:\Windows\System32\pc_video.dat [2010/06/13 13:46:29 | 000,000,000 | ---- | C] () -- C:\Windows\System32\pc_tabloids.dat [2010/06/13 13:46:29 | 000,000,000 | ---- | C] () -- C:\Windows\System32\pc_socialnetworks.dat [2010/06/13 13:46:29 | 000,000,000 | ---- | C] () -- C:\Windows\System32\pc_searchengines.dat [2010/06/13 13:46:29 | 000,000,000 | ---- | C] () -- C:\Windows\System32\pc_regionaltlds.dat [2010/06/13 13:46:29 | 000,000,000 | ---- | C] () -- C:\Windows\System32\pc_pornography.dat [2010/06/13 13:46:29 | 000,000,000 | ---- | C] () -- C:\Windows\System32\pc_onlineshop.dat [2010/06/13 13:46:29 | 000,000,000 | ---- | C] () -- C:\Windows\System32\pc_onlinepay.dat [2010/06/13 13:46:29 | 000,000,000 | ---- | C] () -- C:\Windows\System32\pc_onlinedating.dat [2010/06/13 13:46:29 | 000,000,000 | ---- | C] () -- C:\Windows\System32\pc_news.dat [2010/06/13 13:46:29 | 000,000,000 | ---- | C] () -- C:\Windows\System32\pc_im.dat [2010/06/13 13:46:29 | 000,000,000 | ---- | C] () -- C:\Windows\System32\pc_illegal.dat [2010/06/13 13:46:29 | 000,000,000 | ---- | C] () -- C:\Windows\System32\pc_hate.dat [2010/06/13 13:46:29 | 000,000,000 | ---- | C] () -- C:\Windows\System32\pc_games.dat [2010/06/13 13:46:29 | 000,000,000 | ---- | C] () -- C:\Windows\System32\pc_gambling.dat [2010/06/13 13:46:29 | 000,000,000 | ---- | C] () -- C:\Windows\System32\pc_drugs.dat [2010/01/26 14:20:07 | 000,000,760 | ---- | C] () -- C:\Users\Emmanuel\AppData\Roaming\setup_ldm.iss [2010/01/17 11:17:08 | 000,000,164 | ---- | C] () -- C:\Windows\install.dat [2010/01/05 18:25:22 | 000,000,050 | ---- | C] () -- C:\Windows\MegaManager.INI [2009/12/31 12:27:14 | 000,000,156 | ---- | C] () -- C:\Windows\WININIT.INI [2009/12/29 15:05:37 | 000,403,344 | ---- | C] () -- C:\Windows\System32\CMBEdit.dll [2009/12/29 15:05:33 | 000,337,816 | ---- | C] () -- C:\Windows\System32\Cmb_Pb_LiveUpdate.exe [2009/12/29 15:05:33 | 000,100,240 | ---- | C] () -- C:\Windows\System32\CmbSafeBase.dll [2009/12/29 15:05:33 | 000,011,808 | ---- | C] () -- C:\Windows\System32\drivers\CertClient.dat [2009/12/29 15:05:33 | 000,010,272 | ---- | C] () -- C:\Windows\System32\drivers\CMBProtector.dat [2009/12/29 15:05:32 | 000,611,736 | ---- | C] () -- C:\Windows\System32\CMBPBUninstall.exe [2009/12/29 15:05:32 | 000,472,976 | ---- | C] () -- C:\Windows\System32\PBHttpComm.dll [2009/12/29 15:05:32 | 000,186,264 | ---- | C] () -- C:\Windows\System32\PersonalBankPortal.exe [2009/12/15 13:58:10 | 000,018,760 | ---- | C] () -- C:\Windows\System32\QQVistaHelper.dll [2009/11/06 12:00:28 | 000,031,088 | ---- | C] () -- C:\Windows\System32\wrLZMA.dll [2009/11/06 12:00:20 | 000,016,240 | ---- | C] () -- C:\Windows\System32\SsiEfr.exe [2009/09/11 07:53:29 | 000,001,356 | ---- | C] () -- C:\Users\Emmanuel\AppData\Local\d3d9caps.dat [2009/08/27 15:25:33 | 000,025,736 | ---- | C] () -- C:\Windows\System32\drivers\swmsflt.sys [2009/07/06 04:23:56 | 000,117,248 | ---- | C] () -- C:\Windows\System32\EhStorAuthn.dll [2009/07/06 04:23:56 | 000,107,612 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchema.bin [2009/07/06 04:21:55 | 000,062,976 | ---- | C] () -- C:\Windows\System32\PrintBrmUi.exe [2009/05/27 15:16:48 | 000,000,015 | ---- | C] () -- C:\Program Files\winreg.ini [2009/05/27 15:14:27 | 000,059,392 | ---- | C] () -- C:\Windows\System32\Win32Printer.dll [2009/04/22 21:39:09 | 000,242,176 | ---- | C] () -- C:\Windows\System32\fixflash.exe [2009/04/22 21:39:08 | 000,129,024 | ---- | C] () -- C:\Windows\System32\AVERM.dll [2009/04/22 21:39:08 | 000,028,672 | ---- | C] () -- C:\Windows\System32\AVEQT.dll [2009/03/08 03:11:28 | 000,000,206 | ---- | C] () -- C:\Windows\EurekaLog.ini [2009/02/21 19:22:14 | 000,047,360 | ---- | C] () -- C:\Windows\System32\drivers\Surroundhp_kern_i386.sys [2009/02/21 19:22:14 | 000,047,104 | ---- | C] () -- C:\Windows\System32\drivers\tshd4_kern_i386.sys [2009/02/21 19:22:14 | 000,042,112 | ---- | C] () -- C:\Windows\System32\drivers\csiidecoder_kern_i386.sys [2009/02/21 19:22:14 | 000,039,808 | ---- | C] () -- C:\Windows\System32\drivers\SRS_SSCFilter_i386.sys [2009/01/31 19:45:48 | 000,431,304 | ---- | C] () -- C:\Windows\System32\prfh0404.dat [2009/01/31 19:45:48 | 000,127,458 | ---- | C] () -- C:\Windows\System32\prfc0404.dat [2009/01/31 19:45:48 | 000,116,540 | ---- | C] () -- C:\Windows\System32\prfi0404.dat [2009/01/31 19:45:48 | 000,109,926 | ---- | C] () -- C:\Windows\System32\prfi0804.dat [2009/01/31 19:45:48 | 000,030,674 | ---- | C] () -- C:\Windows\System32\prfd0404.dat [2009/01/31 19:45:47 | 000,421,940 | ---- | C] () -- C:\Windows\System32\prfh0804.dat [2009/01/31 19:45:47 | 000,127,446 | ---- | C] () -- C:\Windows\System32\prfc0804.dat [2009/01/31 19:45:47 | 000,030,674 | ---- | C] () -- C:\Windows\System32\prfd0804.dat [2009/01/20 21:07:09 | 000,000,256 | ---- | C] () -- C:\Windows\System32\pool.bin [2009/01/19 21:55:49 | 000,000,418 | RHS- | C] () -- C:\ProgramData\ntuser.pol [2009/01/19 21:50:01 | 000,000,056 | ---- | C] () -- C:\Windows\System32\ezsidmv.dat [2009/01/15 13:45:34 | 000,181,248 | ---- | C] () -- C:\Windows\System32\txmlutil.dll [2008/10/27 19:46:09 | 000,000,196 | ---- | C] () -- C:\Windows\ulead32.ini [2008/10/15 03:00:05 | 000,000,026 | -H-- | C] () -- C:\ProgramData\.119889580931711767808769176 [2008/10/15 02:56:18 | 000,000,021 | -H-- | C] () -- C:\ProgramData\.24554863501262644635642126105 [2008/10/05 15:42:34 | 000,000,080 | ---- | C] () -- C:\Windows\System32\DCDA1745C1.dll [2008/09/12 09:28:50 | 000,034,308 | ---- | C] () -- C:\Windows\System32\BASSMOD.dll [2008/09/02 08:17:56 | 000,146,944 | ---- | C] () -- C:\Users\Emmanuel\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2008/09/02 04:20:32 | 000,002,560 | ---- | C] () -- C:\Windows\_MSRSTRT.EXE [2008/08/30 22:05:11 | 002,463,976 | ---- | C] () -- C:\Windows\System32\NPSWF32.dll [2008/08/29 08:25:33 | 000,751,468 | ---- | C] () -- C:\Windows\System32\perfh00C.dat [2008/08/29 08:25:33 | 000,340,236 | ---- | C] () -- C:\Windows\System32\perfi00C.dat [2008/08/29 08:25:33 | 000,152,004 | ---- | C] () -- C:\Windows\System32\perfc00C.dat [2008/08/29 08:25:33 | 000,037,390 | ---- | C] () -- C:\Windows\System32\perfd00C.dat [2008/08/29 07:56:06 | 000,018,904 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchemaTrivial.bin [2008/06/18 07:34:16 | 000,000,000 | ---- | C] () -- C:\Windows\VAIOUpdt.INI [2008/06/18 06:41:36 | 000,168,883 | ---- | C] () -- C:\Windows\System32\atiicdxx.dat [2008/06/18 06:41:36 | 000,159,744 | ---- | C] () -- C:\Windows\System32\atitmmxx.dll [2008/06/18 06:41:36 | 000,090,112 | ---- | C] () -- C:\Windows\System32\atibrtmon.exe [2008/06/18 06:41:16 | 000,147,456 | ---- | C] () -- C:\Windows\System32\igfxCoIn_v1493.dll [2008/06/18 06:41:16 | 000,004,608 | ---- | C] () -- C:\Windows\System32\HdmiCoin.dll [2008/06/18 06:11:41 | 000,000,031 | ---- | C] () -- C:\Windows\System32\elcric.dat [2008/06/18 05:59:29 | 000,000,000 | ---- | C] () -- C:\Windows\ativpsrm.bin [2008/06/18 05:53:54 | 003,107,788 | ---- | C] () -- C:\Windows\System32\atiumdva.dat [2008/06/18 05:50:39 | 000,003,204 | ---- | C] () -- C:\Windows\bthservsdp.dat [2008/01/21 10:23:41 | 000,081,158 | ---- | C] () -- C:\Windows\System32\manage-bde.ini.en [2007/10/31 01:44:52 | 000,393,216 | ---- | C] () -- C:\Windows\System32\btwhidcs.dll [2007/06/06 04:20:32 | 000,177,704 | ---- | C] () -- C:\Windows\System32\PSIService.exe [2007/04/16 18:24:16 | 000,023,752 | ---- | C] () -- C:\Windows\System32\providers.bin [2007/01/31 14:50:32 | 000,913,408 | ---- | C] () -- C:\Windows\System32\xreglib.dll [2006/11/02 20:55:52 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat [2006/11/02 20:46:27 | 007,571,368 | ---- | C] () -- C:\Windows\System32\FNTCACHE.DAT [2006/11/02 20:34:20 | 000,005,632 | ---- | C] () -- C:\Windows\System32\sysprepMCE.dll [2006/11/02 18:33:01 | 000,674,182 | ---- | C] () -- C:\Windows\System32\perfh009.dat [2006/11/02 18:33:01 | 000,287,440 | ---- | C] () -- C:\Windows\System32\perfi009.dat [2006/11/02 18:33:01 | 000,127,904 | ---- | C] () -- C:\Windows\System32\perfc009.dat [2006/11/02 18:33:01 | 000,030,674 | ---- | C] () -- C:\Windows\System32\perfd009.dat [2006/11/02 18:23:21 | 000,215,943 | ---- | C] () -- C:\Windows\System32\dssec.dat [2006/11/02 16:58:30 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin [2006/11/02 16:19:00 | 000,000,741 | ---- | C] () -- C:\Windows\System32\NOISE.DAT [2006/11/02 15:40:29 | 000,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini [2006/11/02 15:25:31 | 000,673,088 | ---- | C] () -- C:\Windows\System32\mlang.dat [2001/11/15 04:56:00 | 001,802,240 | ---- | C] () -- C:\Windows\System32\lcppn21.dll < End of report >
  5. Beauregard
    OK je fais ça, merci... je ne trouve pas ton e-mail pour le PM.
  6. Beauregard
    Désolé pour la couleur rouge, je ne savais pas. J'ai finalement pu redémarrer mon ordinateur après que OTL ait planté. J'ai quand même l'impression que certains programmes ont des défaillances, comme si des fichiers souches n'étaient plus là. Je ne pense pas OTL ait fait: [CLEARALLRESTOREPOINTS] [REBOOT] Je crois que j'ai redémarré un peu tôt. Peut-être devrais-je faire un nouveau rapport OTL. Merci, Emmanuel
  7. Beauregard
    Le message reçu était: "Cannot create file C:\Windows\System32\drivers\etc\Hosts." J,ai cliqué "OK" et OTL a desormais un message en bas à gauche disant: "Resetting HOSTS file. DO NOT INTERRUPT...". Cela fait maintenant 7 heures. Je suis bloqué. C'est urgent. Merci. Je viens de réussir à relancer explorer.exe
  8. Beauregard
    Concernant le Proxy, j'ai en effet enlevé les lignes puis j'ai lancé OTL. Presque arrivé au bout, sur [RESETHOSTS], un message d'erreur très simple m'est apparu m'informant que ce n'était pas possible.w J'ai cliqué sur OK et le message a disparu. Depuis, OTL est figé sur : "Restting Hosts Files. DO NOT INTERRUPT"... Cela n'a pas l'air normal: ça fait deux heures. Que faire? Je n'est que la fenetre de OTL de visible. Aucune autre fonction. Le PC semble tourner mais il est comme figé. Je n'ai rien touché. Merci, Beauregard Merci de répondre à mon MP quand tu peux.
  9. Beauregard
    OTL logfile created on: 5/8/2011 8:35:22 PM - Run 1 OTL by OldTimer - Version 3.2.22.3 Folder = C:\Users\Emmanuel\Desktop Windows Vista Ultimate Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation Internet Explorer (Version = 9.0.8112.16421) Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy 3.00 Gb Total Physical Memory | 2.00 Gb Available Physical Memory | 55.00% Memory free 6.00 Gb Paging File | 5.00 Gb Available in Paging File | 76.00% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files Drive C: | 363.93 Gb Total Space | 88.47 Gb Free Space | 24.31% Space Free | Partition Type: NTFS Computer Name: EMMANUEL-PC | User Name: Emmanuel | Logged in as Administrator. Boot Mode: Normal | Scan Mode: Current user Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - [2011/05/08 14:51:23 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Users\Emmanuel\Desktop\OTL.exe PRC - [2011/04/13 14:07:44 | 001,481,496 | -H-- | M] (Dynamic Internet Technology, Inc.) -- C:\Users\Emmanuel\Desktop\fg710p.exe PRC - [2011/03/08 10:19:07 | 000,310,856 | ---- | M] (BitDefender S.R.L.) -- C:\Program Files\Common Files\BitDefender\BitDefender Update Service\livesrv.exe PRC - [2011/01/18 23:49:08 | 001,176,448 | ---- | M] (BitDefender S.R.L.) -- C:\Program Files\BitDefender\BitDefender 2010\bdagent.exe PRC - [2010/04/26 15:01:54 | 001,615,688 | ---- | M] (BitDefender S.R.L.) -- C:\Program Files\BitDefender\BitDefender 2010\vsserv.exe PRC - [2010/03/25 23:49:10 | 000,057,344 | ---- | M] (Nalpeiron Ltd.) -- C:\Windows\System32\nlssrv32.exe PRC - [2010/03/18 16:04:52 | 001,091,984 | ---- | M] (BitDefender S.R.L.) -- C:\Program Files\BitDefender\BitDefender 2010\seccenter.exe PRC - [2010/03/16 02:58:36 | 000,718,208 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Office\Office14\MSOSYNC.EXE PRC - [2010/01/17 11:21:17 | 001,201,640 | ---- | M] (Webroot Software, Inc. ) -- C:\Program Files\Webroot\WebrootSecurity\WRConsumerService.exe PRC - [2009/11/06 12:00:22 | 004,048,240 | ---- | M] (Webroot Software, Inc. (www.webroot.com)) -- C:\Program Files\Webroot\WebrootSecurity\SpySweeper.exe PRC - [2009/04/11 14:28:10 | 000,019,968 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\inetsrv\w3wp.exe PRC - [2009/04/11 14:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe PRC - [2009/04/11 14:27:28 | 000,069,120 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\conime.exe PRC - [2008/08/29 02:34:10 | 001,771,360 | ---- | M] (Sony Corporation) -- C:\Program Files\Sony\VAIO Power Management\SPMgr.exe PRC - [2008/08/29 02:34:10 | 000,411,488 | ---- | M] (Sony Corporation) -- C:\Program Files\Sony\VAIO Power Management\SPMService.exe PRC - [2008/08/29 01:10:18 | 000,233,472 | ---- | M] () -- C:\Program Files\DisplayLink Core Software\DisplayLinkUI.exe PRC - [2008/08/18 23:31:22 | 000,443,752 | ---- | M] (DisplayLink Corp.) -- C:\Program Files\DisplayLink Core Software\DisplayLinkService.exe PRC - [2008/08/18 23:31:20 | 004,597,096 | ---- | M] (DisplayLink Corp.) -- C:\Program Files\DisplayLink Core Software\DisplayLinkManager.exe PRC - [2008/07/11 05:10:44 | 000,182,112 | ---- | M] (Sony Corporation) -- C:\Program Files\Sony\VAIO Event Service\VESMgr.exe PRC - [2008/07/11 05:10:44 | 000,100,472 | ---- | M] (Sony Corporation) -- C:\Program Files\Sony\VAIO Event Service\VESMgrSub.exe PRC - [2008/06/09 21:59:30 | 000,098,304 | ---- | M] (Realtek Semiconductor) -- C:\Windows\RTKAUDIOSERVICE.EXE PRC - [2008/05/01 10:41:12 | 000,815,104 | ---- | M] (Intel® Corporation) -- C:\Program Files\intel\WiFi\bin\EvtEng.exe PRC - [2008/05/01 10:10:10 | 000,466,944 | ---- | M] (Intel® Corporation) -- C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe PRC - [2008/04/03 02:07:56 | 000,147,456 | ---- | M] (Sony Corporation) -- C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzFw.exe PRC - [2008/04/03 02:07:54 | 000,184,320 | ---- | M] (Sony Corporation) -- C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzCdbSvc.exe PRC - [2008/04/03 02:07:38 | 000,279,848 | ---- | M] (Sony Corporation) -- C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VCSW\VCSW.exe PRC - [2007/06/06 04:20:32 | 000,177,704 | ---- | M] () -- C:\Windows\System32\PSIService.exe PRC - [2007/01/05 10:48:52 | 000,112,152 | R--- | M] (InterVideo) -- C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe ========== Modules (SafeList) ========== MOD - [2011/05/08 14:51:23 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Users\Emmanuel\Desktop\OTL.exe MOD - [2010/09/23 04:07:50 | 000,107,856 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Mindjet\MindManager 9\msscript.ocx MOD - [2010/08/31 23:43:52 | 001,686,016 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18305_none_5cb72f2a088b0ed3\comctl32.dll ========== Win32 Services (SafeList) ========== SRV - File not found [Auto | Stopped] -- -- (RoxLiveShare9) SRV - File not found [Disabled | Stopped] -- -- (CaCCProvSP) SRV - [2011/03/08 10:19:07 | 000,310,856 | ---- | M] (BitDefender S.R.L.) [Auto | Running] -- C:\Program Files\Common Files\BitDefender\BitDefender Update Service\livesrv.exe -- (LIVESRV) SRV - [2011/01/11 02:40:42 | 001,962,192 | ---- | M] (Astrill) [On_Demand | Stopped] -- C:\Users\Emmanuel\AppData\Roaming\Astrill\ASProxy.exe -- (ASProxy) SRV - [2011/01/11 02:40:28 | 000,428,056 | ---- | M] (Astrill) [On_Demand | Stopped] -- C:\Users\Emmanuel\AppData\Roaming\Astrill\ASOvpnSvc.exe -- (ASOVPNHelper) SRV - [2010/04/26 15:01:54 | 001,615,688 | ---- | M] (BitDefender S.R.L.) [Auto | Running] -- C:\Program Files\BitDefender\BitDefender 2010\vsserv.exe -- (VSSERV) SRV - [2010/04/22 01:46:17 | 000,373,760 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\System32\inetsrv\iisw3adm.dll -- (WAS) SRV - [2010/04/22 01:46:17 | 000,373,760 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\inetsrv\iisw3adm.dll -- (W3SVC) SRV - [2010/03/25 23:49:10 | 000,057,344 | ---- | M] (Nalpeiron Ltd.) [Auto | Running] -- C:\Windows\System32\nlssrv32.exe -- (nlsX86cc) SRV - [2010/03/25 10:25:22 | 030,969,208 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Microsoft Office\Office14\GROOVE.EXE -- (Microsoft SharePoint Workspace Audit Service) SRV - [2010/03/12 16:40:10 | 000,315,392 | ---- | M] (S.C. BitDefender S.R.L) [On_Demand | Stopped] -- C:\Program Files\Common Files\BitDefender\BitDefender Threat Scanner\scan.dll -- (scan) SRV - [2010/02/19 13:37:14 | 000,517,096 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Program Files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe -- (SwitchBoard) SRV - [2010/01/17 11:21:17 | 001,201,640 | ---- | M] (Webroot Software, Inc. ) [Auto | Running] -- C:\Program Files\Webroot\WebrootSecurity\WRConsumerService.exe -- (WRConsumerService) SRV - [2009/11/06 12:00:22 | 004,048,240 | ---- | M] (Webroot Software, Inc. (www.webroot.com)) [Auto | Running] -- C:\Program Files\Webroot\WebrootSecurity\SpySweeper.exe -- (WebrootSpySweeperService) SRV - [2009/10/19 17:06:10 | 000,183,880 | ---- | M] (BitDefender S.R.L. http://www.bitdefender.com) [On_Demand | Stopped] -- C:\Program Files\Common Files\BitDefender\BitDefender Arrakis Server\bin\arrakis3.exe -- (Arrakis3) SRV - [2009/04/11 14:28:17 | 000,052,224 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\inetsrv\apphostsvc.dll -- (AppHostSvc) SRV - [2009/01/22 08:06:55 | 000,655,624 | ---- | M] (Acresso Software Inc.) [On_Demand | Stopped] -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service) SRV - [2008/08/29 02:34:10 | 000,411,488 | ---- | M] (Sony Corporation) [Auto | Running] -- C:\Program Files\Sony\VAIO Power Management\SPMService.exe -- (VAIO Power Management) SRV - [2008/08/18 23:31:22 | 000,443,752 | ---- | M] (DisplayLink Corp.) [Auto | Running] -- C:\Program Files\DisplayLink Core Software\DisplayLinkService.exe -- (DisplayLinkService) SRV - [2008/07/11 05:10:44 | 000,182,112 | ---- | M] (Sony Corporation) [Auto | Running] -- C:\Program Files\Sony\VAIO Event Service\VESMgr.exe -- (VAIO Event Service) SRV - [2008/06/09 21:59:30 | 000,098,304 | ---- | M] (Realtek Semiconductor) [Auto | Running] -- C:\Windows\RTKAUDIOSERVICE.EXE -- (RtkHDMIService) SRV - [2008/05/02 09:42:06 | 000,121,360 | ---- | M] (Logitech, Inc.) [On_Demand | Stopped] -- C:\Program Files\Common Files\Logitech\Bluetooth\LBTServ.exe -- (LBTServ) SRV - [2008/05/01 10:41:12 | 000,815,104 | ---- | M] (Intel® Corporation) [Auto | Running] -- C:\Program Files\intel\WiFi\bin\EvtEng.exe -- (EvtEng) SRV - [2008/05/01 10:10:10 | 000,466,944 | ---- | M] (Intel® Corporation) [Auto | Running] -- C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe -- (RegSrvc) SRV - [2008/04/03 02:07:58 | 000,073,728 | ---- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCs\VzHardwareResourceManager\VzHardwareResourceManager.exe -- (VAIO Entertainment TV Device Arbitration Service) SRV - [2008/04/03 02:07:56 | 000,147,456 | ---- | M] (Sony Corporation) [Auto | Running] -- C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzFw.exe -- (VzFw) SRV - [2008/04/03 02:07:54 | 000,184,320 | ---- | M] (Sony Corporation) [Auto | Running] -- C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzCdbSvc.exe -- (VzCdbSvc) SRV - [2008/04/03 02:07:38 | 000,279,848 | ---- | M] (Sony Corporation) [On_Demand | Running] -- C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VCSW\VCSW.exe -- (Vcsw) SRV - [2008/03/05 11:58:30 | 000,063,328 | ---- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\Program Files\Sony\VAIO Media plus\SOHDs.exe -- (SOHDs) SRV - [2008/03/05 11:56:42 | 000,350,048 | ---- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\Program Files\Sony\VAIO Media plus\SOHDms.exe -- (SOHDms) SRV - [2008/03/05 11:54:50 | 000,104,288 | ---- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\Program Files\Sony\VAIO Media plus\SOHCImp.exe -- (SOHCImp) SRV - [2008/03/04 05:45:48 | 000,333,088 | ---- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\Program Files\Sony\VCM Intelligent Analyzing Manager\VcmIAlzMgr.exe -- (VcmIAlzMgr) SRV - [2008/03/04 04:27:14 | 000,087,328 | ---- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\Sony Shared\VcmXml\VcmXmlIfHelper.exe -- (VcmXmlIfHelper) SRV - [2008/01/21 10:21:41 | 000,272,952 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend) SRV - [2007/11/28 17:08:02 | 000,077,824 | ---- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\Sony Shared\AVLib\SPTISRV.exe -- (SPTISRV) SRV - [2007/11/28 17:02:20 | 000,053,248 | ---- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\Sony Shared\AVLib\MSCSPTISRV.exe -- (MSCSPTISRV) SRV - [2007/11/28 16:43:44 | 000,053,248 | ---- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\Sony Shared\AVLib\PACSPTISVR.exe -- (PACSPTISVR) SRV - [2007/06/06 04:20:32 | 000,177,704 | ---- | M] () [Auto | Running] -- C:\Windows\System32\PSIService.exe -- (ProtexisLicensing) SRV - [2007/01/05 10:48:52 | 000,112,152 | R--- | M] (InterVideo) [Auto | Running] -- C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe -- (IviRegMgr) ========== Driver Services (SafeList) ========== DRV - [2010/08/20 22:08:46 | 000,026,112 | ---- | M] (The OpenVPN Project) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\tap0901.sys -- (tap0901) DRV - [2010/06/13 14:42:46 | 000,039,808 | ---- | M] (BitDefender S.R.L.) [Kernel | On_Demand | Stopped] -- C:\Program Files\Common Files\BitDefender\BitDefender Threat Scanner\trufos.sys -- (Trufos) DRV - [2010/06/13 14:42:44 | 000,014,720 | ---- | M] (BitDefender S.R.L.) [Kernel | On_Demand | Stopped] -- C:\Program Files\Common Files\BitDefender\BitDefender Threat Scanner\profos.sys -- (Profos) DRV - [2010/06/13 14:42:38 | 000,119,504 | ---- | M] (BitDefender LLC) [Kernel | System | Running] -- C:\Program Files\Common Files\BitDefender\BitDefender Firewall\bdftdif.sys -- (bdftdif) DRV - [2010/04/23 17:43:52 | 000,058,368 | ---- | M] (BitDefender) [Kernel | On_Demand | Stopped] -- C:\Program Files\BitDefender\BitDefender 2010\bdselfpr.sys -- (BDSelfPr) DRV - [2010/02/22 14:58:40 | 000,291,352 | ---- | M] (BitDefender) [File_System | Boot | Running] -- C:\Windows\system32\DRIVERS\bdfsfltr.sys -- (bdfsfltr) DRV - [2010/02/03 13:57:36 | 000,153,448 | ---- | M] (BitDefender S.R.L. Bucharest, ROMANIA) [File_System | On_Demand | Running] -- C:\Windows\System32\drivers\bdfm.sys -- (BDFM) DRV - [2010/01/08 16:28:40 | 000,006,656 | ---- | M] (alipay.com) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\alidevice.sys -- (Alidevice) DRV - [2009/11/06 12:00:36 | 000,176,752 | ---- | M] (Webroot Software, Inc. (www.webroot.com)) [Kernel | Boot | Running] -- C:\Windows\system32\DRIVERS\ssidrv.sys -- (ssidrv) DRV - [2009/11/06 12:00:36 | 000,023,152 | ---- | M] (Webroot Software, Inc. (www.webroot.com)) [Kernel | Boot | Running] -- C:\Windows\system32\DRIVERS\sshrmd.sys -- (sshrmd) DRV - [2009/11/06 12:00:34 | 000,029,808 | ---- | M] (Webroot Software, Inc. (www.webroot.com)) [Kernel | Boot | Running] -- C:\Windows\system32\DRIVERS\ssfs0bbc.sys -- (ssfs0bbc) DRV - [2009/08/31 10:38:02 | 000,011,808 | ---- | M] () [Kernel | Auto | Running] -- C:\Windows\System32\drivers\CertClient.dat -- (CMB8100) DRV - [2009/08/31 10:38:02 | 000,010,272 | ---- | M] () [Kernel | Auto | Running] -- C:\Windows\System32\drivers\CMBProtector.dat -- (CMBProtector) DRV - [2009/08/27 15:18:58 | 000,025,736 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\swmsflt.sys -- (swmsflt) DRV - [2009/08/21 02:08:00 | 000,024,960 | ---- | M] (LG Electronics Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\lgusbmodem.sys -- (USBModem) DRV - [2009/08/21 02:08:00 | 000,020,864 | ---- | M] (LG Electronics Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\lgusbdiag.sys -- (UsbDiag) DRV - [2009/08/21 02:08:00 | 000,013,056 | ---- | M] (LG Electronics Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\lgusbbus.sys -- (usbbus) DRV - [2009/04/11 12:43:07 | 000,029,696 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\BTHPRINT.SYS -- (BTHprint) DRV - [2009/01/16 17:08:39 | 000,717,296 | ---- | M] (Duplex Secure Ltd.) [Kernel | Disabled | Stopped] -- C:\Windows\System32\Drivers\sptd.sys -- (sptd) DRV - [2008/08/18 23:31:50 | 000,287,856 | ---- | M] (DisplayLink Corp.) [Kernel | On_Demand | Running] -- C:\Windows\system32\drivers\dlkmd.sys -- (dlkmd) DRV - [2008/08/18 23:31:50 | 000,013,424 | ---- | M] (DisplayLink Corp.) [Kernel | Boot | Running] -- C:\Windows\system32\drivers\dlkmdldr.sys -- (dlkmdldr) DRV - [2008/05/13 08:05:19 | 003,537,408 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\atikmdag.sys -- (atikmdag) DRV - [2008/04/28 21:29:26 | 003,658,752 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\NETw5v32.sys -- (NETw5v32) Intel® DRV - [2008/04/28 09:19:55 | 000,142,624 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\RtHDMIV.sys -- (RTHDMIAzAudService) DRV - [2008/04/22 22:43:36 | 000,010,216 | ---- | M] (Sony Corporation) [Kernel | System | Running] -- C:\Windows\System32\drivers\DMICall.sys -- (DMICall) DRV - [2008/04/22 08:01:11 | 000,903,680 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\athr.sys -- (athr) DRV - [2008/04/16 08:04:24 | 000,046,592 | ---- | M] (REDC) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\risdptsk.sys -- (risdptsk) DRV - [2008/04/16 08:04:12 | 000,068,096 | ---- | M] (REDC) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\rimsptsk.sys -- (rimsptsk) DRV - [2008/02/29 10:13:24 | 000,036,880 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\LMouFilt.Sys -- (LMouFilt) DRV - [2008/02/29 10:13:16 | 000,035,344 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\LHidFilt.Sys -- (LHidFilt) DRV - [2008/02/23 08:38:50 | 000,164,400 | ---- | M] (Alps Electric Co., Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\Apfiltr.sys -- (ApfiltrService) DRV - [2008/01/25 10:14:25 | 000,008,192 | ---- | M] (Conexant Systems, Inc.) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\XAudio.sys -- (XAudio) DRV - [2008/01/21 10:21:34 | 000,050,048 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\mstape.sys -- (MSTAPE) DRV - [2008/01/21 10:21:27 | 000,014,208 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\avcstrm.sys -- (AVCSTRM) DRV - [2007/12/17 09:57:23 | 000,009,344 | ---- | M] (Sony Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\SFEP.sys -- (SFEP) DRV - [2007/07/26 16:25:12 | 000,039,808 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\SRS_SSCFilter_i386.sys -- (SRS_SSCFilter) SRS Labs Audio Sandbox (WDM) DRV - [2007/06/27 10:42:34 | 000,073,856 | ---- | M] (Sierra Wireless Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\swumx56.sys -- (SWUMX56) Sierra Wireless USB MUX Driver (UMTS56) DRV - [2007/06/27 10:41:48 | 000,101,248 | ---- | M] (Sierra Wireless Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\swnc8u56.sys -- (SWNC8U56) Sierra Wireless MUX NDIS Driver (UMTS56) DRV - [2007/04/18 11:09:28 | 000,011,032 | ---- | M] (InterVideo) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\regi.sys -- (regi) DRV - [2006/11/08 15:02:40 | 000,024,064 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\point32k.sys -- (Point32) DRV - [2006/11/02 12:50:52 | 000,128,104 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\System32\drivers\WimFltr.sys -- (WimFltr) DRV - [2006/04/04 21:20:36 | 000,009,344 | ---- | M] (Hewlett Packard) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\hpfxbulk.sys -- (HPFXBULK) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1 IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = Rue89 | Site d'information et de débat sur l'actualité, indépendant et participatif IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 2 IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 1 IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local> IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = 127.0.0.1:8580 ========== FireFox ========== FF - prefs.js..browser.search.defaultengine: "Ask.com" FF - prefs.js..browser.search.defaultenginename: "Ask.com" FF - prefs.js..browser.search.order.1: "Ask.com" FF - prefs.js..browser.search.useDBForOrder: true FF - prefs.js..browser.startup.homepage: "http://pro.imdb.com/" FF - prefs.js..extensions.enabledItems: {22119944-ED35-4ab1-910B-E619EA06A115}:6.10.1 FF - prefs.js..extensions.enabledItems: {F17C1572-C9EC-4e5c-A542-D05CBB5C5A08}:9.5.0.0 FF - prefs.js..extensions.enabledItems: {b9db16a4-6edc-47ec-a1f4-b86292ed211d}:4.8.6 FF - prefs.js..extensions.enabledItems: en-US@dictionaries.addons.mozilla.org:5.0.1 FF - prefs.js..extensions.enabledItems: FFToolbar@bitdefender.com:2.0 FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20 FF - prefs.js..extensions.enabledItems: {e2337727-f9c9-411b-929e-287584341d1a}:3.4.0 FF - prefs.js..extensions.enabledItems: {E2883E8F-472F-4fb0-9522-AC9BF37916A7}:1.6.2.91 FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}:6.0.21 FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}:6.0.22 FF - prefs.js..extensions.enabledItems: addon@astrill.com:1.4 FF - prefs.js..network.proxy.backup.ftp: "127.0.0.1" FF - prefs.js..network.proxy.backup.ftp_port: 8580 FF - prefs.js..network.proxy.backup.socks: "127.0.0.1" FF - prefs.js..network.proxy.backup.socks_port: 8580 FF - prefs.js..network.proxy.backup.ssl: "127.0.0.1" FF - prefs.js..network.proxy.backup.ssl_port: 8580 FF - prefs.js..network.proxy.ftp: "127.0.0.1" FF - prefs.js..network.proxy.ftp_port: 8580 FF - prefs.js..network.proxy.http: "127.0.0.1" FF - prefs.js..network.proxy.http_port: 8580 FF - prefs.js..network.proxy.no_proxies_on: "localhost,127.0.0.1" FF - prefs.js..network.proxy.share_proxy_settings: true FF - prefs.js..network.proxy.socks: "127.0.0.1" FF - prefs.js..network.proxy.socks_port: 8580 FF - prefs.js..network.proxy.ssl: "127.0.0.1" FF - prefs.js..network.proxy.ssl_port: 8580 FF - prefs.js..network.proxy.type: 1 FF - HKLM\software\mozilla\Firefox\Extensions\\FFToolbar@bitdefender.com: C:\Program Files\BitDefender\BitDefender 2010\bdaphffext\ [2010/09/21 09:56:53 | 000,000,000 | ---D | M] FF - HKLM\software\mozilla\Firefox\Extensions\\{22119944-ED35-4ab1-910B-E619EA06A115}: C:\Program Files\Siber Systems\AI RoboForm\Firefox [2011/05/02 15:11:12 | 000,000,000 | ---D | M] FF - HKLM\software\mozilla\Mozilla Firefox 4.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011/05/02 14:04:48 | 000,000,000 | ---D | M] FF - HKLM\software\mozilla\Mozilla Firefox 4.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011/05/02 14:04:35 | 000,000,000 | ---D | M] [2009/10/10 14:22:29 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Emmanuel\AppData\Roaming\mozilla\Extensions [2009/10/10 14:22:29 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Emmanuel\AppData\Roaming\mozilla\Extensions\{2f1e6a90-e99e-11dd-ba2f-0800200c9a66} [2011/05/08 11:24:17 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Emmanuel\AppData\Roaming\mozilla\Firefox\Profiles\8681oi1f.default\extensions [2011/04/04 19:59:04 | 000,000,000 | ---D | M] (DownloadHelper) -- C:\Users\Emmanuel\AppData\Roaming\mozilla\Firefox\Profiles\8681oi1f.default\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d} [2011/03/18 12:10:47 | 000,000,000 | ---D | M] (LinkedIn Companion for Firefox) -- C:\Users\Emmanuel\AppData\Roaming\mozilla\Firefox\Profiles\8681oi1f.default\extensions\{e2337727-f9c9-411b-929e-287584341d1a} [2010/09/29 10:23:16 | 000,000,000 | ---D | M] (United States English Spellchecker) -- C:\Users\Emmanuel\AppData\Roaming\mozilla\Firefox\Profiles\8681oi1f.default\extensions\en-US@dictionaries.addons.mozilla.org [2010/01/17 12:28:37 | 000,004,166 | ---- | M] () -- C:\Users\Emmanuel\AppData\Roaming\Mozilla\Firefox\Profiles\8681oi1f.default\searchplugins\baidu.xml [2011/05/02 14:04:47 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions [2010/07/17 14:26:18 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} [2010/08/24 19:46:28 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} [2010/10/18 16:42:14 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} File not found (No name found) -- [2011/01/15 17:17:28 | 000,000,000 | ---D | M] (Download Accelerator Plus (DAP) extension) -- C:\PROGRAM FILES\DAP\DAPFIREFOX [2011/05/02 15:11:12 | 000,000,000 | ---D | M] (Roboform Toolbar for Firefox) -- C:\PROGRAM FILES\SIBER SYSTEMS\AI ROBOFORM\FIREFOX [2009/07/06 02:37:34 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\WINDOWS\MICROSOFT.NET\FRAMEWORK\V3.5\WINDOWS PRESENTATION FOUNDATION\DOTNETASSISTANTEXTENSION [2011/04/15 00:47:17 | 000,142,296 | ---- | M] (Mozilla Foundation) -- C:\Program Files\Mozilla Firefox\components\browsercomps.dll [2008/12/15 15:05:50 | 000,234,496 | ---- | M] (Alipay.com co.,ltd) -- C:\Program Files\Mozilla Firefox\plugins\npaliedit.dll [2010/09/15 04:50:38 | 000,472,808 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npdeployJava1.dll [2007/05/17 05:00:12 | 000,046,856 | ---- | M] (E-Book Systems.) -- C:\Program Files\Mozilla Firefox\plugins\NPOpf.dll [2010/01/01 16:00:00 | 000,001,516 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\amazon-france.xml [2010/01/01 16:00:00 | 000,002,252 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\bing.xml [2010/01/01 16:00:00 | 000,001,822 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\cnrtl-tlfi-fr.xml [2010/01/01 16:00:00 | 000,001,154 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\eBay-france.xml [2010/01/01 16:00:00 | 000,001,426 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\wikipedia-fr.xml [2010/01/01 16:00:00 | 000,000,956 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\yahoo-france.xml [2011/02/28 15:06:17 | 000,001,066 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\yahoo-zugo.xml O1 HOSTS File: ([2011/03/24 14:42:12 | 000,001,963 | ---- | M]) - C:\Windows\System32\drivers\etc\HOSTS O1 - Hosts: 127.0.0.1 localhost O1 - Hosts: ::1 localhost O1 - Hosts: 127.0.0.1 activate.adobe.com O1 - Hosts: 127.0.0.1 practivate.adobe.com O1 - Hosts: 127.0.0.1 ereg.adobe.com O1 - Hosts: 127.0.0.1 activate.wip3.adobe.com O1 - Hosts: 127.0.0.1 wip3.adobe.com O1 - Hosts: 127.0.0.1 3dns-3.adobe.com O1 - Hosts: 127.0.0.1 3dns-2.adobe.com O1 - Hosts: 127.0.0.1 adobe-dns.adobe.com O1 - Hosts: 127.0.0.1 adobe-dns-2.adobe.com O1 - Hosts: 127.0.0.1 adobe-dns-3.adobe.com O1 - Hosts: 127.0.0.1 ereg.wip3.adobe.com O1 - Hosts: 127.0.0.1 activate-sea.adobe.com O1 - Hosts: 127.0.0.1 wwis-dubc1-vip60.adobe.com O1 - Hosts: 127.0.0.1 activate-sjc0.adobe.com O1 - Hosts: 127.0.0.1 wwis-dubc1-vip60.adobe.com O1 - Hosts: 66.207.162.66 freedur.com O1 - Hosts: 66.207.162.66 www.freedur.com O1 - Hosts: 204.152.194.50 clients.freedur.com O1 - Hosts: 204.152.194.50 blog.freedur.com O1 - Hosts: 66.207.162.66 freedur.net O1 - Hosts: 66.207.162.66 www.freedur.net O1 - Hosts: 204.152.194.50 clients.freedur.net O1 - Hosts: 204.152.194.50 blog.freedur.net O1 - Hosts: 15 more lines... O2 - BHO: (SnagIt Toolbar Loader) - {00C6482D-C502-44C8-8409-FCE54AD9C208} - C:\Program Files\TechSmith\Snagit 9\SnagitBHO.dll (TechSmith Corporation) O2 - BHO: (FlpLauncher Class) - {4401FDC3-7996-4774-8D2B-C1AE9CD6CC25} - C:\Program Files\E-Book Systems\FlipViewer\fvbho140.dll (E-Book Systems Inc.) O2 - BHO: (CmjBrowserHelperObject Object) - {6FE6A929-59D1-4763-91AD-29B61CFFB35B} - C:\Program Files\Mindjet\MindManager 9\Mm8InternetExplorer.dll (Mindjet) O2 - BHO: (no name) - {724d43a9-0d85-11d4-9908-00400523e39a} - C:\Program Files\Siber Systems\AI RoboForm\roboform.dll (Siber Systems Inc.) O2 - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation) O2 - BHO: (SSVHelper Class) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.) O2 - BHO: (Adobe PDF Conversion Toolbar Helper) - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated) O2 - BHO: (Skype Plug-In) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O2 - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation) O2 - BHO: (SmartSelect Class) - {F4971EE7-DAA0-4053-9964-665D8EE6A077} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated) O2 - BHO: (DAPIELoader Class) - {FF6C3CF0-4B15-11D1-ABED-709549C10000} - C:\Program Files\DAP\dapieloader.dll (SpeedBit Ltd.) O3 - HKLM\..\Toolbar: (BitDefender Toolbar) - {381FFDE8-2394-4f90-B10D-FC6124A40F8C} - C:\Program Files\BitDefender\BitDefender 2010\ietoolbar.dll (BitDefender S.R.L.) O3 - HKLM\..\Toolbar: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated) O3 - HKLM\..\Toolbar: (&RoboForm) - {724d43a0-0d85-11d4-9908-00400523e39a} - C:\Program Files\Siber Systems\AI RoboForm\roboform.dll (Siber Systems Inc.) O3 - HKLM\..\Toolbar: (Snagit) - {8FF5E183-ABDE-46EB-B09E-D2AAB95CABE3} - C:\Program Files\TechSmith\Snagit 9\SnagitIEAddin.dll (TechSmith Corporation) O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {10134636-E7AF-4AC5-A1DC-C7C44BB97D81} - No CLSID value found. O3 - HKCU\..\Toolbar\WebBrowser: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated) O3 - HKCU\..\Toolbar\WebBrowser: (&RoboForm) - {724D43A0-0D85-11D4-9908-00400523E39A} - C:\Program Files\Siber Systems\AI RoboForm\roboform.dll (Siber Systems Inc.) O4 - HKLM..\Run: [bCSSync] C:\Program Files\Microsoft Office\Office14\BCSSync.exe (Microsoft Corporation) O4 - HKLM..\Run: [spySweeper] C:\Program Files\Webroot\WebrootSecurity\SpySweeperUI.exe (Webroot Software, Inc.) O4 - HKLM..\Run: [sunJavaUpdateSched] File not found O4 - HKCU..\Run: [AdobeBridge] File not found O4 - HKCU..\Run: [Ditto] C:\Program Files\Ditto\Ditto.exe () O4 - HKCU..\Run: [lnksutil] File not found O4 - HKCU..\Run: [OfficeSyncProcess] C:\Program Files\Microsoft Office\Office14\MSOSYNC.EXE (Microsoft Corporation) O4 - HKCU..\Run: [RoboForm] C:\Program Files\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe (Siber Systems) O8 - Extra context menu item: &Clean Traces - C:\Program Files\DAP\Privacy Package\dapcleanerie.htm () O8 - Extra context menu item: &Download with &DAP - C:\Program Files\DAP\dapextie.htm () O8 - Extra context menu item: Append Link Target to Existing PDF - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated) O8 - Extra context menu item: Append to existing PDF - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated) O8 - Extra context menu item: Barre RoboForm - C:\Program Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html () O8 - Extra context menu item: Convert link target to Adobe PDF - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated) O8 - Extra context menu item: Convert link target to existing PDF - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated) O8 - Extra context menu item: Convert to Adobe PDF - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated) O8 - Extra context menu item: Download &all with DAP - C:\Program Files\DAP\dapextie2.htm () O8 - Extra context menu item: E&xport to Microsoft Excel - C:\Program Files\Microsoft Office\Office14\EXCEL.EXE (Microsoft Corporation) O8 - Extra context menu item: Enregistrer le formulaire - C:\Program Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html () O8 - Extra context menu item: Personnaliser le menu - C:\Program Files\Siber Systems\AI RoboForm\RoboFormComCustomizeIEMenu.html () O8 - Extra context menu item: QQ - C:\Program Files\Tencent\QQIntl\Bin\AddEmotion.htm () O8 - Extra context menu item: Remplir le formulaire - C:\Program Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html () O8 - Extra context menu item: Se&nd to OneNote - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation) O8 - Extra context menu item: Send image to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm () O8 - Extra context menu item: Send page to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm () O9 - Extra Button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation) O9 - Extra 'Tools' menuitem : Se&nd to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation) O9 - Extra Button: Send to Mindjet MindManager - {2F72393D-2472-4F82-B600-ED77F354B7FF} - C:\Program Files\Mindjet\MindManager 9\Mm8InternetExplorer.dll (Mindjet) O9 - Extra Button: Remplir - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - C:\Program Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html () O9 - Extra 'Tools' menuitem : Remplir le formulaire - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - C:\Program Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html () O9 - Extra Button: Enregistrer - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - C:\Program Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html () O9 - Extra 'Tools' menuitem : Enregistrer le formulaire - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - C:\Program Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html () O9 - Extra Button: Barre RoboForm - {724d43aa-0d85-11d4-9908-00400523e39a} - C:\Program Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html () O9 - Extra 'Tools' menuitem : Barre RoboForm - {724d43aa-0d85-11d4-9908-00400523e39a} - C:\Program Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html () O9 - Extra Button: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation) O9 - Extra 'Tools' menuitem : OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation) O9 - Extra Button: Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O9 - Extra 'Tools' menuitem : Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O9 - Extra Button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm () O9 - Extra 'Tools' menuitem : @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm () O10 - NameSpace_Catalog5\Catalog_Entries\000000000008 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.) O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Windows\System32\ASProxy.dll (Astrill) O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Windows\System32\ASProxy.dll (Astrill) O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\Windows\System32\ASProxy.dll (Astrill) O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\Windows\System32\ASProxy.dll (Astrill) O10 - Protocol_Catalog9\Catalog_Entries\000000000016 - C:\Windows\System32\ASProxy.dll (Astrill) O13 - gopher Prefix: missing O15 - HKCU\..Trusted Domains: alipay.com ([]http in Trusted sites) O15 - HKCU\..Trusted Domains: alipay.com ([]https in Trusted sites) O15 - HKCU\..Trusted Domains: alisoft.com ([]http in Trusted sites) O15 - HKCU\..Trusted Domains: alisoft.com ([]https in Trusted sites) O15 - HKCU\..Trusted Domains: carrefour.com.cn ([e-shop] https in Trusted sites) O15 - HKCU\..Trusted Domains: imdb.com ([secure] https in Trusted sites) O15 - HKCU\..Trusted Domains: taobao.com ([]http in Trusted sites) O15 - HKCU\..Trusted Domains: taobao.com ([]https in Trusted sites) O16 - DPF: {1E0DFFCF-27FF-4574-849B-55007349FEDA} https://download.alipay.com/aliedit/aliedit/2401/aliedit.cab (iTrusPTA Class) O16 - DPF: {233C1507-6A77-46A4-9443-F871F945D258} http://download.macromedia.com/pub/shockwave/cabs/director/sw.cab (Reg Error: Key error.) O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22) O16 - DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22) O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 180.168.255.118 116.228.111.18 O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies) O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O20 - AppInit_DLLs: (acaptuser32.dll) - C:\Windows\System32\acaptuser32.dll (Adobe Systems, Inc.) O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O20 - Winlogon\Notify\VESWinlogon: DllName - VESWinlogon.dll - C:\Windows\System32\VESWinlogon.dll (Sony Corporation) O22 - SharedTaskScheduler: {E31004D1-A431-41B8-826F-E902F9D95C81} - Windows DreamScene - C:\Windows\System32\DreamScene.dll (Microsoft Corporation) O24 - Desktop WallPaper: C:\Windows\Web\Wallpaper\img25.jpg O24 - Desktop BackupWallPaper: C:\Windows\Web\Wallpaper\img25.jpg O28 - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation) O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2006/09/19 05:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ] O33 - MountPoints2\{52ec45d6-db65-11de-ba0c-001dba1ac618}\Shell - "" = AutoRun O33 - MountPoints2\{52ec45d6-db65-11de-ba0c-001dba1ac618}\Shell\AutoRun\command - "" = I:\LaunchU3.exe -a O33 - MountPoints2\{628509f1-8cc3-11de-9c1c-001e3ded49ed}\Shell - "" = AutoRun O33 - MountPoints2\{628509f1-8cc3-11de-9c1c-001e3ded49ed}\Shell\AutoRun\command - "" = G:\setup.exe O33 - MountPoints2\{8c12c0c1-75ee-11dd-a0c9-001e3ded49ed}\Shell - "" = AutoRun O33 - MountPoints2\{8c12c0c1-75ee-11dd-a0c9-001e3ded49ed}\Shell\AutoRun\command - "" = J:\StormF1.exe O33 - MountPoints2\{cb33206e-ea18-11de-9111-00125a6014a8}\Shell - "" = AutoRun O33 - MountPoints2\{cb33206e-ea18-11de-9111-00125a6014a8}\Shell\AutoRun\command - "" = G:\USBAutoRun.exe O33 - MountPoints2\{f45104b5-2b1d-11df-9eef-001e3ded49ed}\Shell\AutoRun\command - "" = C:\Windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL I:\Zaptag-Run-Me.hta O34 - HKLM BootExecute: (autocheck autochk *) - File not found O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* NetSvcs: FastUserSwitchingCompatibility - File not found NetSvcs: Ias - File not found NetSvcs: Nla - File not found NetSvcs: Ntmssvc - File not found NetSvcs: NWCWorkstation - File not found NetSvcs: Nwsapagent - File not found NetSvcs: SRService - File not found NetSvcs: WmdmPmSp - File not found NetSvcs: LogonHours - File not found NetSvcs: PCAudit - File not found NetSvcs: helpsvc - File not found NetSvcs: uploadmgr - File not found Drivers32: msacm.l3acm - C:\Windows\System32\l3codecp.acm (Fraunhofer Institut Integrierte Schaltungen IIS) Drivers32: msacm.l3codec - C:\Windows\System32\l3codecp.acm (Fraunhofer Institut Integrierte Schaltungen IIS) Drivers32: MSVideo8 - C:\Windows\System32\vfwwdm32.dll (Microsoft Corporation) Drivers32: vidc.cvid - C:\Windows\System32\iccvid.dll (Radius Inc.) Drivers32: VIDC.dvsd - C:\Program Files\Common Files\Sony Shared\VideoLib\sonydv.dll (Sony Corporation) CREATERESTOREPOINT Restore point Set: OTL Restore Point PhysicalDisk0 MBR saved to C:\PhysicalMBR.bin ========== Files/Folders - Created Within 30 Days ========== [2011/05/08 16:33:56 | 000,000,000 | ---D | C] -- C:\Windows\System32\WindowsPowerShell [2011/05/08 16:30:28 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Live [2011/05/08 16:19:49 | 000,000,000 | ---D | C] -- C:\Users\Emmanuel\AppData\Local\Windows Live [2011/05/08 16:11:31 | 000,754,688 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\webservices.dll [2011/05/08 15:23:02 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\winrsmgr.dll [2011/05/08 15:22:38 | 000,040,448 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\winrs.exe [2011/05/08 15:22:38 | 000,020,480 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\winrshost.exe [2011/05/08 15:22:38 | 000,012,800 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wsmprovhost.exe [2011/05/08 15:22:35 | 000,010,240 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wsmplpxy.dll [2011/05/08 15:22:35 | 000,010,240 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\winrssrv.dll [2011/05/08 15:22:31 | 000,056,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wecapi.dll [2011/05/08 15:22:30 | 000,081,408 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wevtfwd.dll [2011/05/08 15:22:30 | 000,079,872 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wecutil.exe [2011/05/08 15:22:30 | 000,054,272 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WsmRes.dll [2011/05/08 15:22:30 | 000,041,472 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\pwrshplugin.dll [2011/05/08 15:22:16 | 000,252,416 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WSManMigrationPlugin.dll [2011/05/08 15:22:16 | 000,246,272 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WSManHTTPConfig.exe [2011/05/08 15:22:16 | 000,241,152 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\winrscmd.dll [2011/05/08 15:22:16 | 000,214,016 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WsmWmiPl.dll [2011/05/08 15:22:16 | 000,145,408 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WsmAuto.dll [2011/05/08 14:51:00 | 000,580,608 | ---- | C] (OldTimer Tools) -- C:\Users\Emmanuel\Desktop\OTL.exe [2011/05/08 11:13:10 | 000,025,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dnscacheugc.exe [2011/05/08 11:02:45 | 001,068,544 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\DWrite.dll [2011/05/08 11:02:44 | 000,288,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\XpsGdiConverter.dll [2011/05/08 11:01:09 | 000,028,672 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\Apphlpdm.dll [2011/05/08 11:01:08 | 004,240,384 | ---- | C] (Microsoft) -- C:\Windows\System32\GameUXLegacyGDFs.dll [2011/05/08 11:00:32 | 003,602,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ntkrnlpa.exe [2011/05/08 11:00:28 | 003,550,096 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ntoskrnl.exe [2011/05/08 10:59:56 | 002,041,856 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\win32k.sys [2011/05/08 10:59:45 | 000,429,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\EncDec.dll [2011/05/08 10:59:44 | 000,322,560 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\sbe.dll [2011/05/08 10:59:43 | 000,177,664 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mpg2splt.ax [2011/05/08 10:59:43 | 000,153,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\sbeio.dll [2011/05/08 10:59:07 | 000,292,864 | ---- | C] (Adobe Systems Incorporated) -- C:\Windows\System32\atmfd.dll [2011/05/08 10:59:06 | 000,034,304 | ---- | C] (Adobe Systems) -- C:\Windows\System32\atmlib.dll [2011/05/08 10:58:54 | 001,162,240 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mfc42u.dll [2011/05/08 10:58:50 | 001,136,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mfc42.dll [2011/05/08 10:58:22 | 000,191,488 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\FXSCOVER.exe [2011/05/08 03:55:46 | 000,000,000 | ---D | C] -- C:\Users\Emmanuel\Desktop\Malware Cleanup [2011/05/08 03:55:15 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Your Uninstaller! 7 [2011/05/08 03:55:11 | 000,000,000 | ---D | C] -- C:\Program Files\Your Uninstaller! 7 [2011/05/08 03:28:55 | 000,161,792 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msls31.dll [2011/05/08 03:28:55 | 000,065,024 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jsproxy.dll [2011/05/08 03:28:54 | 000,162,304 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msrating.dll [2011/05/08 03:28:53 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieui.dll [2011/05/08 03:28:53 | 000,086,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iesysprep.dll [2011/05/08 03:28:53 | 000,076,800 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\SetIEInstalledDate.exe [2011/05/08 03:28:53 | 000,074,752 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\RegisterIEPKEYs.exe [2011/05/08 03:28:53 | 000,048,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mshtmler.dll [2011/05/08 03:28:51 | 000,367,104 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\html.iec [2011/05/08 03:28:51 | 000,353,792 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dxtmsft.dll [2011/05/08 03:28:51 | 000,223,232 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dxtrans.dll [2011/05/08 03:28:50 | 003,695,416 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieapfltr.dat [2011/05/08 03:28:50 | 000,434,176 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieapfltr.dll [2011/05/08 03:28:49 | 001,427,456 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\inetcpl.cpl [2011/05/08 03:28:49 | 000,353,584 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iedkcs32.dll [2011/05/08 03:28:49 | 000,231,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\url.dll [2011/05/08 03:28:49 | 000,074,752 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iesetup.dll [2011/05/08 03:28:49 | 000,074,240 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ie4uinit.exe [2011/05/08 03:28:49 | 000,031,744 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iernonce.dll [2011/05/08 03:28:48 | 000,580,608 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeeds.dll [2011/05/08 03:28:48 | 000,152,064 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wextract.exe [2011/05/08 03:28:48 | 000,150,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iexpress.exe [2011/05/08 03:28:48 | 000,078,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\inseng.dll [2011/05/08 03:28:48 | 000,023,552 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\licmgr10.dll [2011/05/08 03:28:47 | 000,420,864 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\vbscript.dll [2011/05/08 03:28:46 | 002,382,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mshtml.tlb [2011/05/08 03:28:46 | 000,142,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieUnatt.exe [2011/05/08 03:28:46 | 000,054,272 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\pngfilt.dll [2011/05/08 03:28:44 | 000,101,888 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\admparse.dll [2011/05/08 03:28:43 | 000,227,840 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieaksie.dll [2011/05/08 03:28:42 | 000,163,840 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieakui.dll [2011/05/08 03:28:39 | 001,797,632 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jscript9.dll [2011/05/08 03:28:39 | 000,716,800 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jscript.dll [2011/05/08 03:28:38 | 000,035,840 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\imgutil.dll [2011/05/08 03:28:34 | 000,118,784 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iepeers.dll [2011/05/08 03:28:30 | 000,041,472 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeedsbs.dll [2011/05/08 03:28:30 | 000,010,752 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeedssync.exe [2011/05/08 03:28:28 | 000,110,592 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\IEAdvpack.dll [2011/05/08 03:28:27 | 000,130,560 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieakeng.dll [2011/05/08 03:26:15 | 000,979,456 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\MFH264Dec.dll [2011/05/08 03:26:14 | 000,357,376 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\MFHEAACdec.dll [2011/05/08 03:26:13 | 000,302,592 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mfmp4src.dll [2011/05/08 03:26:12 | 000,261,632 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mfreadwrite.dll [2011/05/08 03:26:11 | 002,873,344 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mf.dll [2011/05/08 03:26:09 | 000,098,816 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mfps.dll [2011/05/08 03:26:05 | 000,209,920 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mfplat.dll [2011/05/08 03:25:48 | 000,683,008 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d2d1.dll [2011/05/08 03:25:48 | 000,135,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\XpsRasterService.dll [2011/05/08 03:25:46 | 000,486,400 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3d10level9.dll [2011/05/08 03:25:45 | 001,172,480 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3d10warp.dll [2011/05/08 03:25:44 | 000,219,648 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3d10_1core.dll [2011/05/08 03:25:44 | 000,160,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3d10_1.dll [2011/05/08 03:25:43 | 001,029,120 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3d10.dll [2011/05/08 03:25:43 | 000,189,952 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3d10core.dll [2011/05/08 03:25:42 | 000,478,720 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dxgi.dll [2011/05/08 03:25:41 | 000,037,376 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\cdd.dll [2011/05/08 03:25:40 | 000,667,648 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\printfilterpipelinesvc.exe [2011/05/08 03:25:40 | 000,026,112 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\printfilterpipelineprxy.dll [2011/05/08 03:25:38 | 000,847,360 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\OpcServices.dll [2011/05/08 03:25:37 | 001,554,432 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\xpsservices.dll [2011/05/08 03:25:36 | 000,876,032 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\XpsPrint.dll [2011/05/08 02:50:07 | 000,000,000 | ---D | C] -- C:\Program Files\Windows Portable Devices [2011/05/08 02:44:59 | 000,092,672 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\UIAnimation.dll [2011/05/08 02:44:56 | 003,023,360 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\UIRibbon.dll [2011/05/08 02:44:56 | 001,164,800 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\UIRibbonRes.dll [2011/05/08 02:43:17 | 000,369,664 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WMPhoto.dll [2011/05/08 02:43:11 | 000,195,584 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dxdiagn.dll [2011/05/08 02:43:11 | 000,189,440 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WindowsCodecsExt.dll [2011/05/08 02:43:10 | 000,321,024 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\PhotoMetadataHandler.dll [2011/05/08 02:43:10 | 000,252,928 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dxdiag.exe [2011/05/08 02:43:09 | 000,519,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3d11.dll [2011/05/08 02:41:29 | 000,030,208 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WPDShextAutoplay.exe [2011/05/08 02:41:28 | 000,031,232 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\BthMtpContextHandler.dll [2011/05/08 02:41:20 | 000,060,928 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\PortableDeviceConnectApi.dll [2011/05/08 02:41:15 | 000,033,280 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WpdConns.dll [2011/05/08 02:41:14 | 000,546,816 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wpd_ci.dll [2011/05/08 02:41:14 | 000,061,952 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WpdMtpUS.dll [2011/05/08 02:41:13 | 000,350,208 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WPDSp.dll [2011/05/08 02:41:13 | 000,334,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\PortableDeviceApi.dll [2011/05/08 02:41:13 | 000,226,816 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WpdMtp.dll [2011/05/08 02:41:13 | 000,196,608 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\PortableDeviceWMDRM.dll [2011/05/08 02:41:13 | 000,160,256 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\PortableDeviceTypes.dll [2011/05/08 02:41:13 | 000,100,864 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\PortableDeviceClassExtension.dll [2011/05/08 02:38:21 | 000,004,096 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\oleaccrc.dll [2011/05/08 02:38:19 | 000,555,520 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\UIAutomationCore.dll [2011/05/08 02:08:02 | 000,714,240 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\timedate.cpl [2011/05/08 02:07:50 | 001,696,256 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\gameux.dll [2011/05/08 02:06:17 | 000,471,552 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\secproc_isv.dll [2011/05/08 02:06:17 | 000,471,552 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\secproc.dll [2011/05/08 02:06:15 | 000,526,336 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\RMActivate_isv.exe [2011/05/08 02:06:15 | 000,518,144 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\RMActivate.exe [2011/05/08 02:06:15 | 000,347,136 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\RMActivate_ssp.exe [2011/05/08 02:06:15 | 000,346,624 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\RMActivate_ssp_isv.exe [2011/05/08 02:06:14 | 000,332,288 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msdrm.dll [2011/05/08 02:06:14 | 000,152,576 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\secproc_ssp_isv.dll [2011/05/08 02:06:14 | 000,152,064 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\secproc_ssp.dll [2011/05/08 01:59:48 | 000,310,784 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\unregmp2.exe [2011/05/06 10:50:09 | 000,000,000 | ---D | C] -- C:\Users\Emmanuel\AppData\Roaming\Malwarebytes [2011/05/06 10:49:54 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys [2011/05/06 10:49:54 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware [2011/05/06 10:49:52 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes [2011/05/06 10:49:48 | 000,020,952 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys [2011/05/06 10:49:48 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware [2011/05/04 11:23:56 | 000,000,000 | ---D | C] -- C:\Program Files\Hewlett-Packard [2011/05/02 15:17:42 | 000,000,000 | ---D | C] -- C:\Users\Emmanuel\AppData\Roaming\RoboForm [2011/05/02 15:11:02 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\RoboForm [2011/05/02 10:58:02 | 001,481,496 | -H-- | C] (Dynamic Internet Technology, Inc.) -- C:\Users\Emmanuel\Desktop\fg710p.exe [2011/04/24 15:29:11 | 000,000,000 | ---D | C] -- C:\Users\Emmanuel\Desktop\Marketing Documents ========== Files - Modified Within 30 Days ========== [2011/05/08 21:00:35 | 000,001,073 | -H-- | M] () -- C:\Users\Emmanuel\Desktop\fg.ini [2011/05/08 20:45:54 | 000,000,512 | ---- | M] () -- C:\PhysicalMBR.bin [2011/05/08 20:29:59 | 000,000,438 | ---- | M] () -- C:\Windows\System32\drivers\etc\hosts.ics [2011/05/08 19:46:31 | 000,431,304 | ---- | M] () -- C:\Windows\System32\prfh0404.dat [2011/05/08 19:46:31 | 000,421,940 | ---- | M] () -- C:\Windows\System32\prfh0804.dat [2011/05/08 19:46:31 | 000,127,458 | ---- | M] () -- C:\Windows\System32\prfc0404.dat [2011/05/08 19:46:31 | 000,127,446 | ---- | M] () -- C:\Windows\System32\prfc0804.dat [2011/05/08 19:46:30 | 000,751,468 | ---- | M] () -- C:\Windows\System32\perfh00C.dat [2011/05/08 19:46:30 | 000,674,182 | ---- | M] () -- C:\Windows\System32\perfh009.dat [2011/05/08 19:46:30 | 000,152,004 | ---- | M] () -- C:\Windows\System32\perfc00C.dat [2011/05/08 19:46:30 | 000,127,904 | ---- | M] () -- C:\Windows\System32\perfc009.dat [2011/05/08 19:42:04 | 007,571,368 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT [2011/05/08 19:41:54 | 000,003,616 | ---- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0 [2011/05/08 19:41:53 | 000,003,616 | ---- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0 [2011/05/08 19:38:14 | 000,065,536 | ---- | M] () -- C:\Windows\System32\Ikeext.etl [2011/05/08 19:36:40 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2011/05/08 19:25:21 | 000,000,052 | ---- | M] () -- C:\Windows\System32\ashttpstats.csv [2011/05/08 19:25:11 | 000,003,204 | ---- | M] () -- C:\Windows\bthservsdp.dat [2011/05/08 15:43:13 | 000,002,357 | ---- | M] () -- C:\Users\Emmanuel\Application Data\Microsoft\Internet Explorer\Quick Launch\Outlook 2010.lnk [2011/05/08 14:51:23 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Users\Emmanuel\Desktop\OTL.exe [2011/05/08 14:18:49 | 000,002,555 | ---- | M] () -- C:\Users\Emmanuel\Application Data\Microsoft\Internet Explorer\Quick Launch\Microsoft Excel 2010.lnk [2011/05/08 10:28:45 | 000,000,908 | ---- | M] () -- C:\Users\Emmanuel\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk [2011/05/08 03:58:52 | 000,146,944 | ---- | M] () -- C:\Users\Emmanuel\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2011/05/08 03:29:19 | 000,008,798 | ---- | M] () -- C:\Windows\System32\icrav03.rat [2011/05/08 03:29:19 | 000,001,988 | ---- | M] () -- C:\Windows\System32\ticrf.rat [2011/05/08 03:28:55 | 000,161,792 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\msls31.dll [2011/05/08 03:28:55 | 000,065,024 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\jsproxy.dll [2011/05/08 03:28:54 | 000,162,304 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\msrating.dll [2011/05/08 03:28:53 | 000,176,640 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\ieui.dll [2011/05/08 03:28:53 | 000,086,528 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\iesysprep.dll [2011/05/08 03:28:53 | 000,076,800 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\SetIEInstalledDate.exe [2011/05/08 03:28:53 | 000,074,752 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\RegisterIEPKEYs.exe [2011/05/08 03:28:53 | 000,048,640 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\mshtmler.dll [2011/05/08 03:28:51 | 000,367,104 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\html.iec [2011/05/08 03:28:51 | 000,353,792 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\dxtmsft.dll [2011/05/08 03:28:51 | 000,223,232 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\dxtrans.dll [2011/05/08 03:28:50 | 003,695,416 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\ieapfltr.dat [2011/05/08 03:28:50 | 000,434,176 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\ieapfltr.dll [2011/05/08 03:28:49 | 001,427,456 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\inetcpl.cpl [2011/05/08 03:28:49 | 000,353,584 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\iedkcs32.dll [2011/05/08 03:28:49 | 000,231,936 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\url.dll [2011/05/08 03:28:49 | 000,074,752 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\iesetup.dll [2011/05/08 03:28:49 | 000,074,240 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\ie4uinit.exe [2011/05/08 03:28:49 | 000,072,822 | ---- | M] () -- C:\Windows\System32\ieuinit.inf [2011/05/08 03:28:49 | 000,031,744 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\iernonce.dll [2011/05/08 03:28:48 | 000,580,608 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\msfeeds.dll [2011/05/08 03:28:48 | 000,152,064 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\wextract.exe [2011/05/08 03:28:48 | 000,150,528 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\iexpress.exe [2011/05/08 03:28:48 | 000,078,848 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\inseng.dll [2011/05/08 03:28:48 | 000,023,552 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\licmgr10.dll [2011/05/08 03:28:47 | 000,420,864 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\vbscript.dll [2011/05/08 03:28:46 | 002,382,848 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\mshtml.tlb [2011/05/08 03:28:46 | 000,142,848 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\ieUnatt.exe [2011/05/08 03:28:46 | 000,054,272 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\pngfilt.dll [2011/05/08 03:28:44 | 000,101,888 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\admparse.dll [2011/05/08 03:28:43 | 000,227,840 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\ieaksie.dll [2011/05/08 03:28:42 | 000,163,840 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\ieakui.dll [2011/05/08 03:28:39 | 001,797,632 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\jscript9.dll [2011/05/08 03:28:39 | 000,716,800 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\jscript.dll [2011/05/08 03:28:38 | 000,035,840 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\imgutil.dll [2011/05/08 03:28:34 | 000,118,784 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\iepeers.dll [2011/05/08 03:28:30 | 000,041,472 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\msfeedsbs.dll [2011/05/08 03:28:30 | 000,010,752 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\msfeedssync.exe [2011/05/08 03:28:28 | 000,110,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\IEAdvpack.dll [2011/05/08 03:28:27 | 000,130,560 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\ieakeng.dll [2011/05/08 03:26:15 | 000,979,456 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\MFH264Dec.dll [2011/05/08 03:26:14 | 000,357,376 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\MFHEAACdec.dll [2011/05/08 03:26:13 | 000,302,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\mfmp4src.dll [2011/05/08 03:26:12 | 000,261,632 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\mfreadwrite.dll [2011/05/08 03:26:11 | 002,873,344 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\mf.dll [2011/05/08 03:26:09 | 000,098,816 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\mfps.dll [2011/05/08 03:26:05 | 000,209,920 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\mfplat.dll [2011/05/08 03:25:48 | 000,683,008 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\d2d1.dll [2011/05/08 03:25:48 | 000,135,680 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\XpsRasterService.dll [2011/05/08 03:25:46 | 000,486,400 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\d3d10level9.dll [2011/05/08 03:25:45 | 001,172,480 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\d3d10warp.dll [2011/05/08 03:25:44 | 000,219,648 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\d3d10_1core.dll [2011/05/08 03:25:44 | 000,160,768 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\d3d10_1.dll [2011/05/08 03:25:43 | 001,029,120 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\d3d10.dll [2011/05/08 03:25:43 | 000,189,952 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\d3d10core.dll [2011/05/08 03:25:42 | 000,478,720 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\dxgi.dll [2011/05/08 03:25:41 | 000,037,376 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\cdd.dll [2011/05/08 03:25:40 | 000,667,648 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\printfilterpipelinesvc.exe [2011/05/08 03:25:40 | 000,026,112 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\printfilterpipelineprxy.dll [2011/05/08 03:25:38 | 000,847,360 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\OpcServices.dll [2011/05/08 03:25:37 | 001,554,432 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\xpsservices.dll [2011/05/08 03:25:36 | 000,876,032 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\XpsPrint.dll [2011/05/08 02:49:00 | 000,000,000 | -H-- | M] () -- C:\Windows\System32\drivers\Msft_User_WpdMtpDr_01_07_00.Wdf [2011/05/08 02:46:52 | 000,000,000 | -H-- | M] () -- C:\Windows\System32\drivers\Msft_User_WpdFs_01_07_00.Wdf [2011/05/07 21:57:03 | 634,498,416 | ---- | M] () -- C:\Windows\MEMORY.DMP [2011/05/07 16:38:34 | 000,000,020 | ---- | M] () -- C:\Users\Emmanuel\defogger_reenable [2011/05/06 17:11:00 | 007,450,289 | ---- | M] () -- C:\Users\Emmanuel\Desktop\Cities of Love in Chinese.icml [2011/05/06 13:23:19 | 000,002,597 | ---- | M] () -- C:\Users\Emmanuel\Application Data\Microsoft\Internet Explorer\Quick Launch\Microsoft Word 2010.lnk [2011/05/02 18:52:04 | 000,004,096 | -H-- | M] () -- C:\Users\Emmanuel\AppData\Local\keyfile3.drm [2011/05/02 14:05:03 | 000,000,835 | ---- | M] () -- C:\Users\Emmanuel\Application Data\Microsoft\Internet Explorer\Quick Launch\Mozilla Firefox.lnk [2011/05/02 13:08:01 | 000,000,476 | ---- | M] () -- C:\Users\Emmanuel\Application Data\Microsoft\Internet Explorer\Quick Launch\fg710p.exe - Raccourci.lnk [2011/05/02 11:18:03 | 000,003,136 | ---- | M] () -- C:\Windows\System32\ASProxy.ini [2011/05/02 11:18:03 | 000,001,968 | ---- | M] () -- C:\Windows\System32\ASProxyOff.ini [2011/04/29 14:26:34 | 000,000,501 | ---- | M] () -- C:\Users\Emmanuel\Desktop\Shanghai Presentation files - Raccourci.lnk [2011/04/25 09:31:40 | 000,560,553 | ---- | M] () -- C:\Users\Emmanuel\Desktop\Shanghai - Photographic Presentation.pdf [2011/04/22 19:30:06 | 001,634,304 | ---- | M] () -- C:\Users\Emmanuel\Desktop\SILY Transition Team in Ch.indd [2011/04/22 19:24:48 | 002,199,552 | ---- | M] () -- C:\Users\Emmanuel\Desktop\SILY Directors Cards in Ch.indd [2011/04/14 21:41:30 | 002,954,072 | ---- | M] () -- C:\Users\Emmanuel\Desktop\Cannes 2011.pdf [2011/04/13 14:07:44 | 001,481,496 | -H-- | M] (Dynamic Internet Technology, Inc.) -- C:\Users\Emmanuel\Desktop\fg710p.exe ========== Files Created - No Company Name ========== [2011/05/08 20:45:54 | 000,000,512 | ---- | C] () -- C:\PhysicalMBR.bin [2011/05/08 15:22:20 | 000,201,184 | ---- | C] () -- C:\Windows\System32\winrm.vbs [2011/05/08 15:22:20 | 000,002,426 | ---- | C] () -- C:\Windows\System32\WsmTxt.xsl [2011/05/08 15:22:19 | 000,004,675 | ---- | C] () -- C:\Windows\System32\wsmanconfig_schema.xml [2011/05/08 10:28:45 | 000,000,914 | ---- | C] () -- C:\Users\Emmanuel\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk [2011/05/08 10:28:45 | 000,000,908 | ---- | C] () -- C:\Users\Emmanuel\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk [2011/05/08 03:28:49 | 000,072,822 | ---- | C] () -- C:\Windows\System32\ieuinit.inf [2011/05/08 02:49:00 | 000,000,000 | -H-- | C] () -- C:\Windows\System32\drivers\Msft_User_WpdMtpDr_01_07_00.Wdf [2011/05/08 02:46:52 | 000,000,000 | -H-- | C] () -- C:\Windows\System32\drivers\Msft_User_WpdFs_01_07_00.Wdf [2011/05/07 16:37:35 | 000,000,020 | ---- | C] () -- C:\Users\Emmanuel\defogger_reenable [2011/05/06 17:11:00 | 007,450,289 | ---- | C] () -- C:\Users\Emmanuel\Desktop\Cities of Love in Chinese.icml [2011/05/05 19:24:35 | 001,634,304 | ---- | C] () -- C:\Users\Emmanuel\Desktop\SILY Transition Team in Ch.indd [2011/05/05 19:24:34 | 002,199,552 | ---- | C] () -- C:\Users\Emmanuel\Desktop\SILY Directors Cards in Ch.indd [2011/05/02 18:52:04 | 000,004,096 | -H-- | C] () -- C:\Users\Emmanuel\AppData\Local\keyfile3.drm [2011/05/02 13:08:01 | 000,000,476 | ---- | C] () -- C:\Users\Emmanuel\Application Data\Microsoft\Internet Explorer\Quick Launch\fg710p.exe - Raccourci.lnk [2011/05/02 13:01:56 | 000,001,073 | -H-- | C] () -- C:\Users\Emmanuel\Desktop\fg.ini [2011/04/29 14:26:34 | 000,000,501 | ---- | C] () -- C:\Users\Emmanuel\Desktop\Shanghai Presentation files - Raccourci.lnk [2011/04/25 09:30:33 | 000,560,553 | ---- | C] () -- C:\Users\Emmanuel\Desktop\Shanghai - Photographic Presentation.pdf [2011/04/14 21:41:30 | 002,954,072 | ---- | C] () -- C:\Users\Emmanuel\Desktop\Cannes 2011.pdf [2011/01/15 19:16:45 | 000,000,000 | ---- | C] () -- C:\Users\Emmanuel\AppData\Roaming\chrtmp [2010/12/31 10:02:15 | 000,000,132 | ---- | C] () -- C:\Users\Emmanuel\AppData\Roaming\Adobe PNG Format CS5 Prefs [2010/11/01 00:05:52 | 000,001,968 | ---- | C] () -- C:\Windows\System32\ASProxyOff.ini [2010/11/01 00:05:51 | 000,003,136 | ---- | C] () -- C:\Windows\System32\ASProxy.ini [2010/08/02 11:06:12 | 000,038,431 | ---- | C] () -- C:\Users\Emmanuel\AppData\Roaming\Comma Separated Values (DOS).ADR [2010/06/13 13:46:30 | 000,000,000 | ---- | C] () -- C:\Windows\System32\pcwords2.dat [2010/06/13 13:46:30 | 000,000,000 | ---- | C] () -- C:\Windows\System32\pcwords.dat [2010/06/13 13:46:29 | 000,000,000 | ---- | C] () -- C:\Windows\System32\pc_webproxy.dat [2010/06/13 13:46:29 | 000,000,000 | ---- | C] () -- C:\Windows\System32\pc_video.dat [2010/06/13 13:46:29 | 000,000,000 | ---- | C] () -- C:\Windows\System32\pc_tabloids.dat [2010/06/13 13:46:29 | 000,000,000 | ---- | C] () -- C:\Windows\System32\pc_socialnetworks.dat [2010/06/13 13:46:29 | 000,000,000 | ---- | C] () -- C:\Windows\System32\pc_searchengines.dat [2010/06/13 13:46:29 | 000,000,000 | ---- | C] () -- C:\Windows\System32\pc_regionaltlds.dat [2010/06/13 13:46:29 | 000,000,000 | ---- | C] () -- C:\Windows\System32\pc_pornography.dat [2010/06/13 13:46:29 | 000,000,000 | ---- | C] () -- C:\Windows\System32\pc_onlineshop.dat [2010/06/13 13:46:29 | 000,000,000 | ---- | C] () -- C:\Windows\System32\pc_onlinepay.dat [2010/06/13 13:46:29 | 000,000,000 | ---- | C] () -- C:\Windows\System32\pc_onlinedating.dat [2010/06/13 13:46:29 | 000,000,000 | ---- | C] () -- C:\Windows\System32\pc_news.dat [2010/06/13 13:46:29 | 000,000,000 | ---- | C] () -- C:\Windows\System32\pc_im.dat [2010/06/13 13:46:29 | 000,000,000 | ---- | C] () -- C:\Windows\System32\pc_illegal.dat [2010/06/13 13:46:29 | 000,000,000 | ---- | C] () -- C:\Windows\System32\pc_hate.dat [2010/06/13 13:46:29 | 000,000,000 | ---- | C] () -- C:\Windows\System32\pc_games.dat [2010/06/13 13:46:29 | 000,000,000 | ---- | C] () -- C:\Windows\System32\pc_gambling.dat [2010/06/13 13:46:29 | 000,000,000 | ---- | C] () -- C:\Windows\System32\pc_drugs.dat [2010/01/26 14:20:07 | 000,000,760 | ---- | C] () -- C:\Users\Emmanuel\AppData\Roaming\setup_ldm.iss [2010/01/17 11:17:08 | 000,000,164 | ---- | C] () -- C:\Windows\install.dat [2010/01/05 18:25:22 | 000,000,050 | ---- | C] () -- C:\Windows\MegaManager.INI [2009/12/31 12:27:14 | 000,000,156 | ---- | C] () -- C:\Windows\WININIT.INI [2009/12/29 15:05:37 | 000,403,344 | ---- | C] () -- C:\Windows\System32\CMBEdit.dll [2009/12/29 15:05:33 | 000,337,816 | ---- | C] () -- C:\Windows\System32\Cmb_Pb_LiveUpdate.exe [2009/12/29 15:05:33 | 000,100,240 | ---- | C] () -- C:\Windows\System32\CmbSafeBase.dll [2009/12/29 15:05:33 | 000,011,808 | ---- | C] () -- C:\Windows\System32\drivers\CertClient.dat [2009/12/29 15:05:33 | 000,010,272 | ---- | C] () -- C:\Windows\System32\drivers\CMBProtector.dat [2009/12/29 15:05:32 | 000,611,736 | ---- | C] () -- C:\Windows\System32\CMBPBUninstall.exe [2009/12/29 15:05:32 | 000,472,976 | ---- | C] () -- C:\Windows\System32\PBHttpComm.dll [2009/12/29 15:05:32 | 000,186,264 | ---- | C] () -- C:\Windows\System32\PersonalBankPortal.exe [2009/12/15 13:58:10 | 000,018,760 | ---- | C] () -- C:\Windows\System32\QQVistaHelper.dll [2009/11/06 12:00:28 | 000,031,088 | ---- | C] () -- C:\Windows\System32\wrLZMA.dll [2009/11/06 12:00:20 | 000,016,240 | ---- | C] () -- C:\Windows\System32\SsiEfr.exe [2009/09/11 07:53:29 | 000,001,356 | ---- | C] () -- C:\Users\Emmanuel\AppData\Local\d3d9caps.dat [2009/08/27 15:25:33 | 000,025,736 | ---- | C] () -- C:\Windows\System32\drivers\swmsflt.sys [2009/07/06 04:23:56 | 000,117,248 | ---- | C] () -- C:\Windows\System32\EhStorAuthn.dll [2009/07/06 04:23:56 | 000,107,612 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchema.bin [2009/07/06 04:21:55 | 000,062,976 | ---- | C] () -- C:\Windows\System32\PrintBrmUi.exe [2009/05/27 15:16:48 | 000,000,015 | ---- | C] () -- C:\Program Files\winreg.ini [2009/05/27 15:14:27 | 000,059,392 | ---- | C] () -- C:\Windows\System32\Win32Printer.dll [2009/04/22 21:39:09 | 000,242,176 | ---- | C] () -- C:\Windows\System32\fixflash.exe [2009/04/22 21:39:08 | 000,129,024 | ---- | C] () -- C:\Windows\System32\AVERM.dll [2009/04/22 21:39:08 | 000,028,672 | ---- | C] () -- C:\Windows\System32\AVEQT.dll [2009/03/08 03:11:28 | 000,000,206 | ---- | C] () -- C:\Windows\EurekaLog.ini [2009/02/21 19:22:14 | 000,047,360 | ---- | C] () -- C:\Windows\System32\drivers\Surroundhp_kern_i386.sys [2009/02/21 19:22:14 | 000,047,104 | ---- | C] () -- C:\Windows\System32\drivers\tshd4_kern_i386.sys [2009/02/21 19:22:14 | 000,042,112 | ---- | C] () -- C:\Windows\System32\drivers\csiidecoder_kern_i386.sys [2009/02/21 19:22:14 | 000,039,808 | ---- | C] () -- C:\Windows\System32\drivers\SRS_SSCFilter_i386.sys [2009/01/31 19:45:48 | 000,431,304 | ---- | C] () -- C:\Windows\System32\prfh0404.dat [2009/01/31 19:45:48 | 000,127,458 | ---- | C] () -- C:\Windows\System32\prfc0404.dat [2009/01/31 19:45:48 | 000,116,540 | ---- | C] () -- C:\Windows\System32\prfi0404.dat [2009/01/31 19:45:48 | 000,109,926 | ---- | C] () -- C:\Windows\System32\prfi0804.dat [2009/01/31 19:45:48 | 000,030,674 | ---- | C] () -- C:\Windows\System32\prfd0404.dat [2009/01/31 19:45:47 | 000,421,940 | ---- | C] () -- C:\Windows\System32\prfh0804.dat [2009/01/31 19:45:47 | 000,127,446 | ---- | C] () -- C:\Windows\System32\prfc0804.dat [2009/01/31 19:45:47 | 000,030,674 | ---- | C] () -- C:\Windows\System32\prfd0804.dat [2009/01/20 21:07:09 | 000,000,256 | ---- | C] () -- C:\Windows\System32\pool.bin [2009/01/19 21:55:49 | 000,000,418 | RHS- | C] () -- C:\ProgramData\ntuser.pol [2009/01/19 21:50:01 | 000,000,056 | ---- | C] () -- C:\Windows\System32\ezsidmv.dat [2009/01/15 13:45:34 | 000,181,248 | ---- | C] () -- C:\Windows\System32\txmlutil.dll [2008/10/27 19:46:09 | 000,000,196 | ---- | C] () -- C:\Windows\ulead32.ini [2008/10/15 03:00:05 | 000,000,026 | -H-- | C] () -- C:\ProgramData\.119889580931711767808769176 [2008/10/15 02:56:18 | 000,000,021 | -H-- | C] () -- C:\ProgramData\.24554863501262644635642126105 [2008/10/05 15:42:34 | 000,000,080 | ---- | C] () -- C:\Windows\System32\DCDA1745C1.dll [2008/09/12 09:28:50 | 000,034,308 | ---- | C] () -- C:\Windows\System32\BASSMOD.dll [2008/09/02 08:17:56 | 000,146,944 | ---- | C] () -- C:\Users\Emmanuel\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2008/09/02 04:20:32 | 000,002,560 | ---- | C] () -- C:\Windows\_MSRSTRT.EXE [2008/08/30 22:05:11 | 002,463,976 | ---- | C] () -- C:\Windows\System32\NPSWF32.dll [2008/08/29 08:25:33 | 000,751,468 | ---- | C] () -- C:\Windows\System32\perfh00C.dat [2008/08/29 08:25:33 | 000,340,236 | ---- | C] () -- C:\Windows\System32\perfi00C.dat [2008/08/29 08:25:33 | 000,152,004 | ---- | C] () -- C:\Windows\System32\perfc00C.dat [2008/08/29 08:25:33 | 000,037,390 | ---- | C] () -- C:\Windows\System32\perfd00C.dat [2008/08/29 07:56:06 | 000,018,904 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchemaTrivial.bin [2008/06/18 07:34:16 | 000,000,000 | ---- | C] () -- C:\Windows\VAIOUpdt.INI [2008/06/18 06:41:36 | 000,168,883 | ---- | C] () -- C:\Windows\System32\atiicdxx.dat [2008/06/18 06:41:36 | 000,159,744 | ---- | C] () -- C:\Windows\System32\atitmmxx.dll [2008/06/18 06:41:36 | 000,090,112 | ---- | C] () -- C:\Windows\System32\atibrtmon.exe [2008/06/18 06:41:16 | 000,147,456 | ---- | C] () -- C:\Windows\System32\igfxCoIn_v1493.dll [2008/06/18 06:41:16 | 000,004,608 | ---- | C] () -- C:\Windows\System32\HdmiCoin.dll [2008/06/18 06:11:41 | 000,000,031 | ---- | C] () -- C:\Windows\System32\elcric.dat [2008/06/18 05:59:29 | 000,000,000 | ---- | C] () -- C:\Windows\ativpsrm.bin [2008/06/18 05:53:54 | 003,107,788 | ---- | C] () -- C:\Windows\System32\atiumdva.dat [2008/06/18 05:50:39 | 000,003,204 | ---- | C] () -- C:\Windows\bthservsdp.dat [2008/01/21 10:23:41 | 000,081,158 | ---- | C] () -- C:\Windows\System32\manage-bde.ini.en [2007/10/31 01:44:52 | 000,393,216 | ---- | C] () -- C:\Windows\System32\btwhidcs.dll [2007/06/06 04:20:32 | 000,177,704 | ---- | C] () -- C:\Windows\System32\PSIService.exe [2007/04/16 18:24:16 | 000,023,752 | ---- | C] () -- C:\Windows\System32\providers.bin [2007/01/31 14:50:32 | 000,913,408 | ---- | C] () -- C:\Windows\System32\xreglib.dll [2006/11/02 20:55:52 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat [2006/11/02 20:46:27 | 007,571,368 | ---- | C] () -- C:\Windows\System32\FNTCACHE.DAT [2006/11/02 20:34:20 | 000,005,632 | ---- | C] () -- C:\Windows\System32\sysprepMCE.dll [2006/11/02 18:33:01 | 000,674,182 | ---- | C] () -- C:\Windows\System32\perfh009.dat [2006/11/02 18:33:01 | 000,287,440 | ---- | C] () -- C:\Windows\System32\perfi009.dat [2006/11/02 18:33:01 | 000,127,904 | ---- | C] () -- C:\Windows\System32\perfc009.dat [2006/11/02 18:33:01 | 000,030,674 | ---- | C] () -- C:\Windows\System32\perfd009.dat [2006/11/02 18:23:21 | 000,215,943 | ---- | C] () -- C:\Windows\System32\dssec.dat [2006/11/02 16:58:30 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin [2006/11/02 16:19:00 | 000,000,741 | ---- | C] () -- C:\Windows\System32\NOISE.DAT [2006/11/02 15:40:29 | 000,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini [2006/11/02 15:25:31 | 000,673,088 | ---- | C] () -- C:\Windows\System32\mlang.dat [2001/11/15 04:56:00 | 001,802,240 | ---- | C] () -- C:\Windows\System32\lcppn21.dll ========== Custom Scans ========== < %SYSTEMDRIVE%\*.* > [2006/09/19 05:43:36 | 000,000,024 | ---- | M] () -- C:\autoexec.bat [2011/03/08 10:19:36 | 000,063,620 | ---- | M] () -- C:\bdlog.txt [2009/04/11 14:36:36 | 000,333,257 | RHS- | M] () -- C:\bootmgr [2011/01/15 23:00:51 | 000,546,687 | ---- | M] () -- C:\caisslog.txt [2006/09/19 05:43:37 | 000,000,010 | ---- | M] () -- C:\config.sys [2009/05/11 05:22:35 | 000,000,077 | ---- | M] () -- C:\DVDRipper_debug.txt [2008/11/28 01:22:27 | 000,000,000 | RHS- | M] () -- C:\IO.SYS [2009/06/16 18:51:23 | 000,000,078 | ---- | M] () -- C:\lxcy.log [2008/11/28 01:22:27 | 000,000,000 | RHS- | M] () -- C:\MSDOS.SYS [2011/05/08 19:31:38 | 3532,775,424 | -HS- | M] () -- C:\pagefile.sys [2010/06/13 13:46:35 | 000,000,000 | ---- | M] () -- C:\pcversion.txt [2011/05/08 20:45:54 | 000,000,512 | ---- | M] () -- C:\PhysicalMBR.bin [2009/06/22 20:19:33 | 000,648,016 | ---- | M] (Siber Systems) -- C:\PortableRoboForm.exe [2009/01/19 21:37:02 | 000,000,611 | ---- | M] () -- C:\RHDSetup.log < %systemroot%\*. /mp /s > < %systemroot%\system32\*.dll /lockedfiles > [2009/11/06 12:00:28 | 000,031,088 | ---- | M] () Unable to obtain MD5 -- C:\Windows\System32\wrLZMA.dll < %systemroot%\Tasks\*.job /lockedfiles > < %systemroot%\System32\config\*.sav > [2008/01/21 11:16:46 | 017,956,864 | ---- | M] () -- C:\Windows\System32\config\COMPONENTS.SAV [2008/01/21 11:16:31 | 000,106,496 | ---- | M] () -- C:\Windows\System32\config\DEFAULT.SAV [2008/01/21 11:16:46 | 000,020,480 | ---- | M] () -- C:\Windows\System32\config\SECURITY.SAV [2006/11/02 18:34:08 | 010,133,504 | ---- | M] () -- C:\Windows\System32\config\SOFTWARE.SAV [2006/11/02 18:34:08 | 001,826,816 | ---- | M] () -- C:\Windows\System32\config\SYSTEM.SAV < %systemroot%\system32\drivers\*.sys /90 > [2011/02/22 21:23:55 | 000,069,632 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\bowser.sys [2011/05/08 03:25:41 | 000,638,336 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\dxgkrnl.sys [2011/02/22 21:23:59 | 000,106,496 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\mrxsmb.sys [2011/02/22 21:24:10 | 000,213,504 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\mrxsmb10.sys [2011/02/22 21:24:02 | 000,079,360 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\mrxsmb20.sys [2011/02/18 22:03:32 | 000,305,152 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\srv.sys [2011/02/18 22:03:10 | 000,146,432 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\srv2.sys [2011/02/18 22:03:06 | 000,102,400 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\srvnet.sys < HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU > < HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs > HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install\\LastSuccessTime: 2011-05-08 11:53:34 ========== Alternate Data Streams ========== @Alternate Data Stream - 98 bytes -> C:\ProgramData\TEMP:1CE11B51 @Alternate Data Stream - 173 bytes -> C:\ProgramData\TEMP:B3D74A13 @Alternate Data Stream - 117 bytes -> C:\ProgramData\TEMP:0F8F5844 @Alternate Data Stream - 113 bytes -> C:\ProgramData\TEMP:2B11E0DF @Alternate Data Stream - 112 bytes -> C:\ProgramData\TEMP:5BB923A2 < End of report > OTL Extras logfile created on: 5/8/2011 8:35:22 PM - Run 1 OTL by OldTimer - Version 3.2.22.3 Folder = C:\Users\Emmanuel\Desktop Windows Vista Ultimate Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation Internet Explorer (Version = 9.0.8112.16421) Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy 3.00 Gb Total Physical Memory | 2.00 Gb Available Physical Memory | 55.00% Memory free 6.00 Gb Paging File | 5.00 Gb Available in Paging File | 76.00% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files Drive C: | 363.93 Gb Total Space | 88.47 Gb Free Space | 24.31% Space Free | Partition Type: NTFS Computer Name: EMMANUEL-PC | User Name: Emmanuel | Logged in as Administrator. Boot Mode: Normal | Scan Mode: Current user Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days ========== Extra Registry (SafeList) ========== ========== File Associations ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>] .cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation) .hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation) .js [@ = jsfile] -- Reg Error: Value error. File not found [HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>] .html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation) ========== Shell Spawning ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command] batfile [open] -- "%1" %* cmdfile [open] -- "%1" %* comfile [open] -- "%1" %* cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation) exefile [open] -- "%1" %* helpfile [open] -- Reg Error: Key error. hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation) htmlfile [edit] -- "C:\Program Files\Microsoft Office\Office14\msohtmed.exe" %1 (Microsoft Corporation) htmlfile [print] -- "C:\Program Files\Microsoft Office\Office14\msohtmed.exe" /p %1 (Microsoft Corporation) inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation) jsfile [open] -- Reg Error: Value error. piffile [open] -- "%1" %* regfile [merge] -- Reg Error: Key error. scrfile [config] -- "%1" scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l scrfile [open] -- "%1" /S txtfile [edit] -- Reg Error: Key error. Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 Directory [bridge] -- C:\Program Files\Adobe\Adobe Bridge CS5\Bridge.exe "%L" (Adobe Systems, Inc.) Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation) Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation) Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation) Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) ========== Security Center Settings ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center] "cval" = 1 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc] "AntiVirusOverride" = 0 "AntiSpywareOverride" = 0 "FirewallOverride" = 0 "VistaSp1" = Reg Error: Unknown registry data type -- File not found "VistaSp2" = Reg Error: Unknown registry data type -- File not found [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\S-1-5-21-2406939421-308661945-4081067968-1003] "EnableNotificationsRef" = 3 "EnableNotifications" = 1 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol] ========== Firewall Settings ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall] [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile] [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile] "EnableFirewall" = 1 "DisableNotifications" = 0 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile] "EnableFirewall" = 1 "DisableNotifications" = 0 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile] "EnableFirewall" = 1 "DisableNotifications" = 0 ========== Authorized Applications List ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List] "\" = C:\Windows\system\dwm.exe:*:Enabled:KL ========== Vista Active Open Ports Exception List ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules] "{01E1B6CF-EB58-4483-9FFA-58CC27C55787}" = lport=51000 | protocol=6 | dir=in | name=adobe version cue cs4 server | "{0F4D5E70-896B-472B-A046-7CF338AFDB9A}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe | "{13C60B5D-18C4-416E-9FB9-30AE59914AFF}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 | "{142B4D99-3232-4CD4-9B65-1D096EA1E327}" = rport=445 | protocol=6 | dir=out | app=system | "{16CF1AAB-8A03-407D-A3B9-B3F3BF36FA33}" = rport=2869 | protocol=6 | dir=out | app=system | "{254B6A4B-090C-4DF9-B144-14037FD3E71D}" = rport=139 | protocol=6 | dir=out | app=system | "{364C1B48-7493-4706-9503-0D951E9CCD58}" = lport=67 | protocol=17 | dir=in | svc=sharedaccess | app=%systemroot%\system32\svchost.exe | "{46302FAC-D5E5-4F22-BC5E-39B508649935}" = lport=63331 | protocol=6 | dir=in | name=windows live onecare | "{481EB4D7-0DB3-4A39-B567-1762E8E895CB}" = lport=5353 | protocol=6 | dir=in | name=adobe csi cs4 | "{5F4580A6-9558-49ED-82F8-281A0B002C22}" = lport=139 | protocol=6 | dir=in | app=system | "{674189B5-5B36-4C99-9D02-383DFBB8BE1B}" = rport=137 | protocol=17 | dir=out | app=system | "{68613C70-0BBD-413D-A49B-76354FF6BD50}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | "{689A1965-10AC-4716-9094-D2EB5CC4591B}" = lport=445 | protocol=6 | dir=in | app=system | "{6BBEA2F9-E16D-4250-A456-082CF5C08D17}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe | "{6C09942F-9257-4C38-B436-64DD9DCABB6B}" = lport=5353 | protocol=6 | dir=in | name=adobe csi cs4 | "{6F8CDCDF-1935-4A62-95F1-2C594682089E}" = lport=547 | protocol=17 | dir=in | svc=sharedaccess | app=%systemroot%\system32\svchost.exe | "{783461F8-8B72-4ABB-9B6A-DBE3911ACCE1}" = lport=138 | protocol=17 | dir=in | app=system | "{7BB062E3-8498-44B1-8FFE-77A5080928AB}" = lport=63331 | protocol=6 | dir=in | name=windows live onecare | "{7DA0B118-23DC-4288-9489-1D0D89F7F9CC}" = lport=3703 | protocol=6 | dir=in | name=adobe version cue cs4 server | "{8B2ABED0-9443-4DE2-B199-00E977A86AF1}" = lport=68 | protocol=17 | dir=in | svc=sharedaccess | app=%systemroot%\system32\svchost.exe | "{8CF16A9C-DCF7-4F4E-AFE9-27F71EACFE52}" = lport=6004 | protocol=17 | dir=in | app=c:\program files\microsoft office\office14\outlook.exe | "{96F4FB9B-FEEB-4779-ACCD-0651BF21B67F}" = lport=137 | protocol=17 | dir=in | app=system | "{A213CB72-45D3-4206-98A3-194533F7BAB8}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | "{AC132BC9-9BEA-46C7-A107-A85642E1947C}" = rport=138 | protocol=17 | dir=out | app=system | "{AF253F34-4F4E-4AF9-A409-95BA067993D9}" = lport=53 | protocol=17 | dir=in | svc=sharedaccess | app=%systemroot%\system32\svchost.exe | "{B5CE1329-93D1-44EF-9AA7-2300C8848079}" = lport=51001 | protocol=6 | dir=in | name=adobe version cue cs4 server | "{D6D8360C-D221-4E21-A0D4-951872F5FFE2}" = lport=63331 | protocol=6 | dir=in | name=windows live onecare | "{E7C9AC94-E10B-4D82-977F-DE9EB1C6D766}" = lport=3704 | protocol=6 | dir=in | name=adobe version cue cs4 server | "{EAA86AEC-6495-46C6-B12C-3A8FEBA02EF7}" = lport=2869 | protocol=6 | dir=in | app=system | "{F9A16040-5AF8-4920-812B-BDAE72693A02}" = lport=2869 | protocol=6 | dir=in | app=system | ========== Vista Active Application Exception List ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules] "{0B8347F6-47A6-4085-9751-1B3123A9DCAD}" = protocol=17 | dir=out | app=c:\program files\windows media player\wmplayer.exe | "{0CA24DDF-2EEF-4836-B0B5-0145F7A97F4A}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 | "{15916D17-36E9-4CE0-84A3-CFBF60E73CFA}" = dir=out | svc=sharedaccess | app=%systemroot%\system32\svchost.exe | "{167F82C9-2352-487D-B13B-5484A59F6D8F}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 | "{18DAD7E5-90D6-4307-A637-CBB7154217B7}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 | "{31172B77-DF71-4FDF-888A-AF2E59E31790}" = dir=in | app=c:\program files\windows live\messenger\msnmsgr.exe | "{340B63AB-608D-4B68-A379-CC1606BDFB15}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office12\groove.exe | "{3CE1EEC5-0816-4FEB-B0D3-90B8D80C4EE7}" = protocol=6 | dir=out | app=c:\program files\windows media player\wmplayer.exe | "{49A6A2EA-15CE-42CF-8839-D1D2A59FA8C5}" = protocol=17 | dir=in | app=c:\program files\common files\adobe\cs4servicemanager\cs4servicemanager.exe | "{4B4C1D75-F9BB-47FF-851C-CFDFA76457E6}" = protocol=6 | dir=in | app=c:\program files\webissync\ipisync.exe | "{5523A1C6-402F-446A-BDAE-ABD054A4D84A}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office14\onenote.exe | "{5B78A48B-A3A0-4A99-83B9-CBE383686D89}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe | "{5EB38ADB-FEC0-4C50-80F4-1EE4A6253206}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office12\groove.exe | "{61B9CCF7-1ADF-4CDA-9BDC-912A5C086DA7}" = protocol=17 | dir=in | app=c:\program files\webissync\ipisync.exe | "{841F878A-7F70-401F-8835-238B8FC07B31}" = protocol=17 | dir=in | app=c:\program files\windows media player\wmplayer.exe | "{887CA51E-5E1E-4139-A431-0777DAA9D526}" = dir=in | app=c:\program files\skype\phone\skype.exe | "{8C5C6ED0-E5F3-4F84-9F9F-9358B31E53EB}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe | "{92060DA9-C52A-463C-8021-FF34584D3AA7}" = protocol=6 | dir=in | app=c:\program files\common files\adobe\cs4servicemanager\cs4servicemanager.exe | "{94377041-6428-4835-B87F-0F5CF1BEE676}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe | "{974EE3AF-5EE0-4351-A7F1-4E09E7EF2CB3}" = protocol=6 | dir=in | app=c:\program files\common files\adobe\cs4servicemanager\cs4servicemanager.exe | "{975304EE-4F09-41C1-ADD7-1D131EA96667}" = protocol=6 | dir=in | app=c:\program files\bitdefender\bitdefender 2010\uiscan.exe | "{9E7CA494-2B30-462D-AA23-00CA86108A9C}" = protocol=17 | dir=in | app=c:\program files\common files\adobe\cs4servicemanager\cs4servicemanager.exe | "{AF23C1F9-E68B-4161-8624-B1BE4D64F764}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office14\onenote.exe | "{B4A7D53E-5C71-418E-81F1-D287820E419E}" = protocol=17 | dir=in | app=c:\program files\itunes\itunes.exe | "{C5CBA712-27DB-4D00-B162-C40303CBB849}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office14\groove.exe | "{D1A4C9F1-1226-411C-8F3D-24AE39F39DDE}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office14\groove.exe | "{D4AA9ACD-BE2E-4729-BB26-81FFACC7A796}" = protocol=58 | dir=in | name=@hnetcfg.dll,-148 | "{D597618B-E440-425E-8407-46D36B8C2040}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe | "{DCDF4453-2A99-4AC6-8EB4-21ADE29E9105}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 | "{DF62AD8B-E83F-4BB9-B59F-BD09A2D9FEC8}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe | "{E5A9E18A-2296-4B07-9523-FAFE49EFF580}" = protocol=17 | dir=in | app=c:\program files\bitdefender\bitdefender 2010\uiscan.exe | "{F3944638-38AB-4C38-AB90-376F5BEE05EC}" = protocol=6 | dir=in | app=c:\program files\itunes\itunes.exe | "TCP Query User{078CAC9A-E43E-4074-8217-CD505B65B1FF}C:\program files\itunes\itunes.exe" = protocol=6 | dir=in | app=c:\program files\itunes\itunes.exe | "TCP Query User{18454195-6631-4BD2-8569-0EBDDBCF6677}C:\program files\webissync\ipisync.exe" = protocol=6 | dir=in | app=c:\program files\webissync\ipisync.exe | "TCP Query User{231291DF-EF99-4C92-AE96-EB4F6611AA95}C:\program files\tencent\qqintl\bin\qq.exe" = protocol=6 | dir=in | app=c:\program files\tencent\qqintl\bin\qq.exe | "TCP Query User{3C801B3D-561C-432C-82C5-9BDCB62514D0}C:\program files\globalscape\cuteftp 8 professional\ftpte.exe" = protocol=6 | dir=in | app=c:\program files\globalscape\cuteftp 8 professional\ftpte.exe | "TCP Query User{41FB78EA-1AF5-417B-B909-F32E0A244201}C:\users\emmanuel\desktop\fg710p.exe" = protocol=6 | dir=in | app=c:\users\emmanuel\desktop\fg710p.exe | "TCP Query User{84F7E6F2-9569-4A60-B042-FCCA0E0C43E9}C:\program files\qk smtp server 3\qksmtpserver3.exe" = protocol=6 | dir=in | app=c:\program files\qk smtp server 3\qksmtpserver3.exe | "TCP Query User{882ACD17-A077-4093-91D4-05C7E905863C}C:\users\emmanuel\appdata\local\temp\keygen.exe" = protocol=6 | dir=in | app=c:\users\emmanuel\appdata\local\temp\keygen.exe | "TCP Query User{B8FD57D0-48B1-41F0-82AB-B52BB53B4A40}C:\users\emmanuel\desktop\fg710p.exe" = protocol=6 | dir=in | app=c:\users\emmanuel\desktop\fg710p.exe | "UDP Query User{3BBE4F0B-59D2-46C4-A8DD-BBADC056F797}C:\users\emmanuel\desktop\fg710p.exe" = protocol=17 | dir=in | app=c:\users\emmanuel\desktop\fg710p.exe | "UDP Query User{4D1EF782-AD8E-4E4C-8386-8B9F51D1F1C9}C:\program files\tencent\qqintl\bin\qq.exe" = protocol=17 | dir=in | app=c:\program files\tencent\qqintl\bin\qq.exe | "UDP Query User{5670350C-79AA-4DD8-ADE7-BF4D08A75B20}C:\program files\webissync\ipisync.exe" = protocol=17 | dir=in | app=c:\program files\webissync\ipisync.exe | "UDP Query User{7C666E8E-A12E-41CA-A29D-DD401A8EB571}C:\program files\globalscape\cuteftp 8 professional\ftpte.exe" = protocol=17 | dir=in | app=c:\program files\globalscape\cuteftp 8 professional\ftpte.exe | "UDP Query User{8D67DDA4-44A6-4899-8BA0-961634E24EC1}C:\program files\qk smtp server 3\qksmtpserver3.exe" = protocol=17 | dir=in | app=c:\program files\qk smtp server 3\qksmtpserver3.exe | "UDP Query User{8D786D5A-9297-4242-AFFF-C27C97979EA4}C:\users\emmanuel\desktop\fg710p.exe" = protocol=17 | dir=in | app=c:\users\emmanuel\desktop\fg710p.exe | "UDP Query User{99511C13-E16D-48CD-8D3E-67F7891642BA}C:\users\emmanuel\appdata\local\temp\keygen.exe" = protocol=17 | dir=in | app=c:\users\emmanuel\appdata\local\temp\keygen.exe | "UDP Query User{D0AFE6CB-A6B5-4A01-820A-284EF20B9535}C:\program files\itunes\itunes.exe" = protocol=17 | dir=in | app=c:\program files\itunes\itunes.exe | ========== HKEY_LOCAL_MACHINE Uninstall List ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "{00ADFB20-AE75-46F4-AD2C-F48B15AC3100}" = Adobe Color NA Recommended Settings CS4 "{01148B4C-0EC7-4D03-A615-5B4D8496AA88}" = SONY VGP-UPR1 (Display Adapter) "{01FDC9FC-4D4F-4DB0-ACD1-D3E8E1D52902}" = Sony Video Shared Library "{02D63222-CF76-E080-74DD-975B1672ED67}" = Catalyst Control Center Core Implementation "{033E378E-6AD3-4AD5-BDEB-CBD69B31046C}" = Microsoft_VC90_ATL_x86 "{03D1988F-469F-4843-8E6E-E5FE9D17889D}" = WIDCOMM Bluetooth Software 6.1.0.2200 "{0405000A-0570-549A-A819-3BCEEAA1B40B}" = Catalyst Control Center Localization Hungarian "{05308C4E-7285-4066-BAE3-6B50DA6ED755}" = Adobe Update Manager CS4 "{054EFA56-2AC1-48F4-A883-0AB89874B972}" = Adobe Extension Manager CS4 "{059C042E-796A-4ACC-A81A-ECC2010BB78C}" = Windows Live Messenger "{06786A53-D2D8-47CD-696A-ABC83625EBFE}" = Catalyst Control Center Graphics Light "{08D2E121-7F6A-43EB-97FD-629B44903403}" = Microsoft_VC90_CRT_x86 "{098727E1-775A-4450-B573-3F441F1CA243}" = kuler "{0C826C5B-B131-423A-A229-C71B3CACCD6A}" = CDDRV_Installer "{0D2DBE8A-43D0-7830-7AE7-CA6C99A832E7}" = Adobe Community Help "{0D6013AB-A0C7-41DC-973C-E93129C9A29F}" = Adobe Color JA Extra Settings CS4 "{0E4BC542-9CFD-4E97-B586-9F1E5516E7B9}" = Microsoft IntelliPoint 6.1 "{0F3647F8-E51D-4FCC-8862-9A8D0C5ACF25}" = Microsoft_VC80_ATL_x86 "{0F723FC1-7606-4867-866C-CE80AD292DAF}" = Adobe CSI CS4 "{10DF5555-D134-4C2E-9D32-71BEE4025C0F}" = CMBEdit "{12EAE4F0-8770-451C-B4AD-76B569678973}" = QuickTime MPEG2 "{1316AEF2-E086-46C7-B1FB-8C9A39A2ABF9}" = VAIO Media plus "{1439F7FF-6389-4593-8227-76E7BE4730C9}" = MXAir Tutorial "{14E7357F-487C-3BF6-7955-B898AA76306E}" = CCC Help Russian "{15D5C238-4C2E-4AEA-A66D-D6989A4C586B}" = VAIO Launcher "{1618734A-3957-4ADD-8199-F973763109A8}" = Adobe Anchor Service CS4 "{16D9D199-E8A0-9FBA-DDF3-0E2D7826D694}" = Catalyst Control Center Localization Spanish "{16E16F01-2E2D-4248-A42F-76261C147B6C}" = Adobe Drive CS4 "{16E6D2C1-7C90-4309-8EC4-D2212690AAA4}" = AdobeColorCommonSetRGB "{18C24BF9-3B71-6F89-848C-D78C40197216}" = CCC Help Chinese Traditional "{1974FF16-2A0A-76AF-D948-0037B0CB8EB5}" = CCC Help Hungarian "{1B500D37-E7CF-480B-8054-8A563594EC4E}" = VAIO OOBE and Welcome Center "{1E04CB54-AF4E-4AC3-B4B7-C0A160BE57F1}" = Adobe InDesign CS4 Icon Handler "{1E87F957-F850-D9F9-60F3-842955AAF519}" = Catalyst Control Center Localization German "{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 "{1FC4125B-4657-4D1C-B358-E921F4883ED7}" = Skylook "{1FCC574F-AFA2-4432-9EF1-79CA7BA73431}_is1" = Spy Sweeper "{2018C019-30D9-4240-8C01-0865C10DCF5A}" = VAIO Presentation Support "{20471B27-D702-4FE8-8DEC-0702CC8C0A85}" = WinDVD for VAIO "{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Outil de téléchargement Windows Live "{23825B69-36DF-4DAD-9CFD-118D11D80F16}" = VAIO Content Folder Setting "{26921B2E-3E62-47F9-A514-1FC4A83BD738}" = Intel® PROSet/Wireless WiFi Software "{27A2ABE9-E4C4-45DD-B9A8-CEEEE380E7E1}" = VAIO Content Metadata Intelligent Analyzing Manager "{288DB08D-0708-4A94-B055-55B99E39EB62}" = Adobe Creative Suite 5 Master Collection "{2A981294-F14C-4F0F-9627-D793270922F8}" = Bonjour "{2AFFFDD7-ED85-4A90-8C52-5DA9EBDC9B8F}" = Microsoft SQL Server 2005 Express Edition (MSSMLBIZ) "{2C3D71B4-85C4-5FA9-859E-1413F94EF642}" = Catalyst Control Center Localization Greek "{3101CB58-3482-4D21-AF1A-7057FC935355}" = KhalInstallWrapper "{310395F2-9206-159B-43B0-BF63D9F01B61}" = Catalyst Control Center Localization Turkish "{32343DB6-9A52-40C9-87E4-5E7C79791C87}" = MSXML 4.0 SP2 and SOAP Toolkit 3.0 "{34B37A74-125E-4406-87BA-E4BD3D097AE5}" = VAIO Survey "{35D94F92-1D3A-43C5-8605-EA268B1A7BD9}" = PDF Settings CS4 "{3A4E8896-C2E7-4084-A4A4-B8FD1894E739}" = Adobe XMP Panels CS4 "{3B4E636E-9D65-4D67-BA61-189800823F52}" = Windows Live Communications Platform "{3CA54984-A14B-42FE-9FF1-7EA90151D725}" = Tencent QQ "{3DA8DF9A-044E-46C4-8531-DEDBB0EE37FF}" = Adobe WinSoft Linguistics Plugin "{3F2E7336-7E29-4940-8E65-90E2CCC3DA07}" = FlipViewer Xpress Creator 2.2 "{3F5B6210-0903-4DC6-8034-8F488AA3A782}" = Spy Sweeper Core "{4121D906-3131-4D50-A65A-A0F2846AB5C2}" = DisplayLink Core Software "{43DA617D-1B80-0B70-FAA0-52AFCE853F40}" = CCC Help Finnish "{4742375A-9BD3-46D0-E0CC-A8819D2E2C54}" = CCC Help Greek "{48820099-ED7D-424B-890C-9A82EF00656D}" = VAIO Update 3 "{4943EFF5-229F-435D-BEA9-BE3CAEA783A7}" = Adobe Service Manager Extension "{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater "{4A52555C-032A-4083-BDD9-6A85ABFB39A8}" = Adobe SING CS4 "{4BB5D5A7-F75E-D8D9-0DF8-AA2C1F188CEB}" = Catalyst Control Center Localization French "{4DCEA9C1-4D6E-41BF-A854-28CFA8B56DBF}" = Click to Disc Editor "{4EA55D20-27FB-45D7-8726-147E8A5F6C62}" = VAIO MusicBox "{4FCBFEDD-0CBF-A4A8-79D3-E9EAD37336C9}" = CCC Help Chinese Standard "{53F5C3EE-05ED-4830-994B-50B2F0D50FCE}" = Microsoft SQL Server Setup Support Files (English) "{54C91EE3-65B9-A931-8382-12B2A02709F8}" = ATI Catalyst Install Manager "{5511F0CC-59E0-02AD-941F-2323DA2BB377}" = CCC Help Swedish "{5570C7F0-43D0-4916-8A9E-AEDD52FA86F4}" = Adobe Color EU Extra Settings CS4 "{57752979-A1C9-4C02-856B-FBB27AC4E02C}" = QuickTime "{57B955CE-B5D3-495D-AF1B-FAEE0540BFEF}" = VAIO Data Restore Tool "{596BED91-A1D8-4DF1-8CD1-1C777F7588AC}" = VAIO DVD Menu Data Basic "{5A29796D-2566-3ADA-043D-28C51CD7D4C3}" = Catalyst Control Center Localization Chinese Standard "{5A3F6A80-7913-475E-8B96-477A952CFA43}" = SupportSoft Assisted Service "{5BF5F9C5-E95B-4AFA-94BE-F2A9CA73B61D}" = Apple Mobile Device Support "{5C47C8B6-77FF-4FC7-A388-66FCF9CFC24C}" = Snagit 9.1.3 "{5C5EE8F2-0B38-4C13-AE4E-A87A237FE718}" = "{5D803295-DD78-0143-F64B-0D80852C43E9}" = CCC Help Italian "{5E06C076-E4E7-4239-A886-B3D8AC84C166}" = HP Print Diagnostic Utility "{5F5867F0-2D23-4338-A206-01A76C823924}" = VAIO Power Management "{61FD2585-3337-8822-899B-68612742BA2F}" = Catalyst Control Center Localization Russian "{634F6989-4BB5-4EF2-AF6F-C15700F81494}}_is1" = Advanced System Optimizer "{635FED5B-2C6D-49BE-87E6-7A6FCD22BC5A}" = Microsoft_VC90_MFC_x86 "{6432B21C-CA95-46CA-87D4-178CC2E58F84}_is1" = PamFax "{68243FF8-83CA-466B-B2B8-9F99DA5479C4}" = AdobeColorCommonSetCMYK "{68A69CFF-130D-4CDE-AB0E-7374ECB144C8}" = Click to Disc "{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update "{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}" = Windows Media Player Firefox Plugin "{6B1F20F2-6321-4669-A58C-33DF8E7517FF}" = VAIO Entertainment Platform "{6C7196C0-D205-03E7-39A1-7A23AB69F659}" = CCC Help Czech "{6FA8BA2C-052B-4072-B8E2-2302C268BE9E}" = VAIO Movie Story Template Data "{70D43D66-53BF-257F-72FC-96FB33B39276}" = Catalyst Control Center Graphics Full New "{713D3AEC-9C28-4A4F-8E16-6A97AE7BE336}" = FlipBook Creator 1.5 "{716E0306-8318-4364-8B8F-0CC4E9376BAC}" = MSXML 4.0 SP2 Parser and SDK "{72042FA6-5609-489F-A8EA-3C2DD650F667}" = VAIO Control Center "{723F5CDD-839A-FF16-4CFA-C4E0AA54A315}" = ccc-core-static "{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable "{7370DF47-B4F9-4279-BFC3-3F09919F720D}" = Installation Windows Live "{73BD4567-1C4E-8D45-1D28-3D469026A883}" = Skins "{753D852A-D86D-42C9-9978-40AE66FB8985}" = Driver Installer "{757CC5BA-BF08-46A5-8D10-64C6FDF659C6}" = VAIO Content Metadata Manager Setting "{761205A9-41DC-48C9-2CC1-F197D372DBEF}" = Catalyst Control Center Localization Italian "{7670D32F-DAE6-4E49-8C8B-B3F08B5B1686}" = Microsoft SQL Server Native Client "{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 "{78D62D17-D970-42DA-B8CF-5E5576293B33}" = Final Draft 7 "{7E5DEF65-FE91-02F2-C291-22741AC34017}" = Catalyst Control Center Localization Danish "{820D3F45-F6EE-4AAF-81EF-CE21FF21D230}" = Adobe Type Support CS4 "{826E7114-AA2E-59AA-1916-2A753DC49153}" = ccc-utility "{8299B94E-7F85-65A9-B0FA-6F6A8A6D4FBD}" = Catalyst Control Center Localization Thai "{83877DB1-8B77-45BC-AB43-2BAC22E093E0}" = Adobe Bridge CS4 "{842B4B72-9E8F-4962-B3C1-1C422A5C4434}" = Suite Shared Configuration CS4 "{8626472F-7AD7-C83B-66FA-00E0A1C50A26}" = Catalyst Control Center Localization Swedish "{8662A65A-A2A1-072C-708D-1C1262776F6A}" = CCC Help Thai "{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight "{8C3CD8CF-7012-51E5-107B-5A8C75701E1A}" = CCC Help Dutch "{8D7A8160-B777-4073-B1BE-62CFDD14A1D3}" = BitDefender Antivirus 2010 "{8DCD7A9A-8B0B-4184-A5D7-C4BDAA31C750}" = Microsoft Office Live Add-in Patches "{8ED3A392-28F1-4375-97AC-BF275B5855F9}" = OpenMG Secure Module 5.0.00 "{8FFC5648-FAF8-43A3-BC8F-42BA1E275C4E}" = Choice Guard "{90140000-0011-0000-0000-0000000FF1CE}" = Microsoft Office Professional Plus 2010 "{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{7C5B1ECD-FE93-4FB2-A51A-06451BA49969}" = "{90140000-0015-0409-0000-0000000FF1CE}" = Microsoft Office Access MUI (English) 2010 "{90140000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2010 "{90140000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2010 "{90140000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2010 "{90140000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2010 "{90140000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2010 "{90140000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2010 "{90140000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2010 "{90140000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2010 "{90140000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2010 "{90140000-0044-0409-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (English) 2010 "{90140000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2010 "{90140000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2010 "{90140000-00BA-0409-0000-0000000FF1CE}" = Microsoft Office Groove MUI (English) 2010 "{90140000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2010 "{90140000-0117-0409-0000-0000000FF1CE}" = Microsoft Office Access Setup Metadata MUI (English) 2010 "{918CFAF6-AC40-F2C8-C044-7FA95C8A7099}" = CCC Help German "{91F34319-08DE-457a-99C0-0BCDFAC145B9}" = CuteFTP 8 Professional "{92D58719-BBC1-4CC3-A08B-56C9E884CC2C}" = Microsoft_VC80_CRT_x86 "{931AB7EA-3656-4BB7-864D-022B09E3DD67}" = Adobe Linguistics CS4 "{94D398EB-D2FD-4FD1-B8C4-592635E8A191}" = Adobe CMaps CS4 "{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting "{96D0B6C6-5A72-4B47-8583-A87E55F5FE81}" = "{98FC7A64-774B-49B5-B046-4B4EBC053FA9}" = VAIO MusicBox Sample Music "{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 "{9B5F85CA-90D4-4AFC-BB37-32477FD0D2B9}" = SmartWi Connection Utility "{9C71059E-6DDD-4958-9251-7A5F865B6BA0}" = VAIO Content Metadata Intelligent Analyzing Manager "{9D10CB57-B085-44c3-B435-2D193BA153F0}" = Conseiller de mise à niveau vers Windows 7 "{9F72EF8B-AEC9-4CA5-B483-143980AFD6FD}" = Alps Pointing-device for VAIO "{A1C62179-A9E6-4F25-B978-ACFD01524762}" = Adobe Setup "{A2BCA9F1-566C-4805-97D1-7FDC93386723}" = Adobe AIR "{A4399CF4-7A3F-4E84-B763-AD352640203D}" = VAIO Content Metadata XML Interface Library "{A49F249F-0C91-497F-86DF-B2585E8E76B7}" = Microsoft Visual C++ 2005 Redistributable "{A55A277A-4336-FACF-991A-52B51B8FAE78}" = Catalyst Control Center Localization Finnish "{A5D54806-AA49-BBFF-A2D3-76FA3DF096FA}" = Catalyst Control Center Localization Korean "{A63E7492-A0BC-4BB9-89A7-352965222380}" = VAIO Original Function Setting "{A71D5E81-B967-43DB-93D7-FD31BFB95748}" = MobileMe Control Panel "{A77BCF74-A5A3-441B-9923-305EAD8B7976}_is1" = Astrill 2.2.0.1824 "{A78FE97A-C0C8-49CE-89D0-EDD524A17392}" = PDF Settings CS5 "{A7DA438C-2E43-4C20-BFDA-C1F4A6208558}" = Setting Utility Series "{A89768CF-CD21-44FD-A723-16D5A8557415}" = NEF Codec "{AAD47011-8518-4608-9656-951DA35B587B}" = iTunes "{AAE442C0-F28B-8D58-1A1C-D566F9BCD294}" = Catalyst Control Center Localization Portuguese "{AC76BA86-1033-F400-7761-000000000004}" = Adobe Acrobat 9 Pro Extended - English, Français, Deutsch "{AC76BA86-1033-F400-7761-000000000004}{AC76BA86-1033-F400-7761-000000000004}" = Adobe Acrobat 9 Pro Extended - English, Français, Deutsch "{B25563A0-41F4-4A81-A6C1-6DBC0911B1F3}" = VAIO Movie Story "{B29AD377-CC12-490A-A480-1452337C618D}" = Connect "{B2B30EC0-FB6A-43BB-9B38-0C3B32D75B40}_is1" = Sony Download Taxi 1.5.0.0 "{B6B0D277-D003-307F-CF94-5F5894DFA3F1}" = Catalyst Control Center Graphics Full Existing "{BB4E33EC-8181-4685-96F7-8554293DEC6A}" = Adobe Output Module "{BC653BB7-0AF0-22E5-A895-902AD52675CA}" = CCC Help Portuguese "{BCEABBD6-6EDA-4246-7EDB-D68FCCD78A65}" = Catalyst Control Center Graphics Previews Common "{BCED773C-99EE-48DD-8915-25733F69F0A8}" = VAIO Wireless Wizard "{BDD17603-CB75-0639-E6DA-0D9AA92A605B}" = CCC Help English "{BEB57E7F-FF01-4CBB-9857-FF9DC655C7F1}" = Adobe InCopy CS4 Application Feature Set Files (Roman) "{BF5F6A06-0FC3-BEC0-9CC1-54D870A9EF97}" = Catalyst Control Center Localization Chinese Traditional "{C221CE66-9C07-8EA7-8EF6-AAD8E4588AE0}" = CCC Help French "{C455F37C-E92E-5CEB-382D-8B8EC580266F}" = Catalyst Control Center Localization Norwegian "{C52E3EC1-048C-45E1-8D53-10B0C6509683}" = Adobe Default Language CS4 "{C6F150F6-AE89-30C7-6256-C40CF9328602}" = Catalyst Control Center Graphics Previews Vista "{C73A3AB4-99A4-45E5-B77F-09A3065E0D6A}" = Microsoft IntelliType Pro 6.1 "{C7477742-DDB4-43E5-AC8D-0259E1E661B1}" = VAIO Event Service "{C93F4E7C-1B31-449B-A304-EF277CF55E39}" = Catalyst Control Center - Branding "{C9E33C86-7931-43A3-9DBC-5ED7F17DFE4B}" = FlipViewer 4.5 "{CA9BCD4D-B782-4637-8F1F-F9A328D3C244}" = CanoScan Toolbox Ver4.9 "{CBAE1EE5-F6E0-BDEF-0D49-C2AE46BE3B88}" = CCC Help Polish "{CC56A2CB-EC09-4175-B8BD-93E2440D410B}" = VAIO Content Metadata Manager Setting "{CC75AB5C-2110-4A7F-AF52-708680D22FE8}" = Photoshop Camera Raw "{CD95D125-2992-4858-B3EF-5F6FB52FBAD6}" = Skype Toolbars "{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1 "{D06F5884-B439-440B-A58D-6C057C2FF8EB}" = Click to Disc "{D0AE373E-C276-432B-9A95-F8DD356A8242}" = VAIO Movie Story "{D137B59C-551C-4659-8AA8-206FA650BF40}" = LG USB Modem Drivers "{D1A19B02-817E-4296-A45B-07853FD74D57}" = Microsoft_VC80_MFC_x86 "{D3AF5596-546F-5975-39B4-259A197C7E24}" = Catalyst Control Center Localization Japanese "{D47FE987-EA3D-424B-9886-B752501D7CE7}" = VAIO Help and Support "{D60F97EC-EF06-4E1E-B0D1-C2CBABA62FA3}" = VAIO Wallpaper Contents "{D90507A2-6183-497D-9075-951DC80362DA}" = VAIO Media plus "{D92BBB52-82FF-42ED-8A3C-4E062F944AB7}" = Microsoft_VC80_MFCLOC_x86 "{DDF57E4A-66B5-E9CC-C2A2-F2C98C57912C}" = CCC Help Turkish "{DE3A9DC5-9A5D-6485-9662-347162C7E4CA}" = French App Name "{DEBA60A3-7CDE-48D7-993D-7C68663AEE68}" = VAIO Content Metadata Intelligent Analyzing Manager "{DFD0E9A9-F24A-492B-8975-8C938E32408F}" = VAIO Startup Assistant "{E1D25278-B51A-4163-BC3D-20A4D2D09F98}" = VAIO My Memory Center "{E27D2C9F-83A1-A34C-E366-26EADB9270F7}" = Catalyst Control Center Localization Dutch "{E2E7667F-C286-D110-7F9D-FC397A2607A8}" = CCC Help Danish "{E3D4D2B9-5333-41E2-A42B-D92A22C270B3}" = SONY VGP-UPR1 (Display Adapter) Utility "{E633D396-5188-4E9D-8F6B-BFB8BF3467E8}" = Skype™ 5.1 "{E6DE9A54-8514-446E-9D11-530DC599C355}" = Microsoft SharedView "{E7084B89-69E0-46B3-A118-8F99D06988CD}" = Microsoft SQL Server VSS Writer "{E7821540-B8F8-304F-1B97-C43D8582EB18}" = CCC Help Norwegian "{E8CA49A5-25C6-D80A-ED46-9D48A8B5D5F5}" = CCC Help Japanese "{EE6097DD-05F4-4178-9719-D3170BF098E8}" = Apple Application Support "{F06300A2-87AE-042F-DE0F-1A5E380877C5}" = Catalyst Control Center Localization Czech "{F06E4CBA-ABAD-4F6A-A793-9A29CD3C5FC2}_is1" = PamFax Office Integration "{F0E64E2E-3A60-40D8-A55D-92F6831875DA}" = Adobe Search for Help "{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver "{F20E6529-0B46-FC26-378F-62CD640A98C4}" = Catalyst Control Center Localization Polish "{F29B21BD-CAA6-445F-8EF7-A7E2B9D8B14E}" = Logitech SetPoint "{F40BBEC7-C2A4-4A00-9B24-7A055A2C5262}" = Microsoft Office Live Add-in 1.5 "{F570A6CC-53ED-4AA9-8B08-551CD3E38D8B}" = "{F5794D29-B9C9-4F99-9569-34CC2555B9A8}" = Mindjet MindManager 9 "{F754B561-ACAD-A3FA-AF54-3E5F9E662B04}" = CCC Help Korean "{F8821B6D-B6C9-E676-9B7D-3269F36A1769}" = CCC Help Spanish "{F8EF2B3F-C345-4F20-8FE4-791A20333CD5}" = Adobe ExtendScript Toolkit CS4 "{F93C84A6-0DC6-42AF-89FA-776F7C377353}" = Adobe PDF Library Files CS4 "{FACD3674-FC12-4B6C-A923-E1D687704E9B}" = VAIO Content Metadata XML Interface Library "{FCDD51BB-CAD0-4BB1-B7DF-CE86D1032794}" = Adobe Fonts All "{FE2FDC72-3059-4F6C-9A31-563178C60226}" = Adobe InCopy CS4 Common Base Files "Adobe AIR" = Adobe AIR "Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX "Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin "AI RoboForm" = RoboForm 7-2-9 (All Users) "Alien Skin Exposure 3" = Alien Skin Exposure 3 "CameraWindowDVC6" = Canon Utilities CameraWindow DC_DV 6 for ZoomBrowser EX "CameraWindowLauncher" = Canon Utilities CameraWindow "Canon G.726 WMP-Decoder" = Canon G.726 WMP-Decoder "CANON iMAGE GATEWAY Task" = CANON iMAGE GATEWAY Task for ZoomBrowser EX "Canon Internet Library for ZoomBrowser EX" = Canon Internet Library for ZoomBrowser EX "Canon SELPHY CP780" = Canon SELPHY CP780 "chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Adobe Community Help "CMBPB40" = ÕÐÐÐרҵ°æ "CNXT_MODEM_HDAUDIO_VEN_14F1&DEV_2BFA&SUBSYS_104D0200" = HDAUDIO SoftV92 Data Fax Modem with SmartCP "com.adobe.amp.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = French App Name "Ditto_is1" = Ditto 3.15.4.0 "Download Accelerator Plus (DAP)" = Download Accelerator Plus (DAP) "EP Budgeting" = EP Budgeting "Free HD Converter_is1" = Free HD Converter V 1.7 "InstallShield_{20471B27-D702-4FE8-8DEC-0702CC8C0A85}" = WinDVD for VAIO "InstallShield_{4DCEA9C1-4D6E-41BF-A854-28CFA8B56DBF}" = Click to Disc Editor "InstallShield_{8ED3A392-28F1-4375-97AC-BF275B5855F9}" = OpenMG Secure Module 5.0.00 "Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware "Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1 "Microsoft SQL Server 2005" = Microsoft SQL Server 2005 "MovieEditTask" = Canon MovieEdit Task for ZoomBrowser EX "MovieOutline310_is1" = Movie Outline 3.1.1 "Mozilla Firefox 4.0.1 (x86 fr)" = Mozilla Firefox 4.0.1 (x86 fr) "MyCamera" = Canon Utilities MyCamera "Ö§¸¶±¦²å¼þ_is1" = Ö§¸¶±¦²å¼þ 1.2.0.2 "Office14.PROPLUS" = Microsoft Office Professional Plus 2010 "PDF-XChange 3_is1" = PDF-XChange 3 "ProInst" = Intel PROSet Wireless "Qlock" = Qlock Lite "RAW Image Task" = Canon RAW Image Task for ZoomBrowser EX "RealAlt_is1" = Real Alternative 1.9.0 "RemoteCaptureTask" = Canon Utilities RemoteCapture Task for ZoomBrowser EX "Resolume DXV Quicktime Codec_is1" = Resolume DXV Quicktime Codec 2.1 "Ultra Flash Video FLV Converter_is1" = Ultra Flash Video FLV Converter 3.8.1023 "UltSounds" = Modèles de sons Windows "UltSounds2" = Ultimate Extras sounds from Microsoft® Tinker™ "VirtualCloneDrive" = VirtualCloneDrive "WinLiveSuite_Wave3" = Installation Windows Live "WinRAR archiver" = WinRAR archiver "Your Uninstaller! 2008_is1" = Your Uninstaller! 2008 Version 6.2 "YU2010_is1" = Your Uninstaller! 7 "ZoomBrowser EX" = Canon Utilities ZoomBrowser EX "ZoomBrowser EX Memory Card Utility" = Canon ZoomBrowser EX Memory Card Utility ========== Last 10 Event Log Errors ========== Error reading Event Logs: The Event Service is not operating properly or the Event Logs are corrupt! < End of report >
  10. Beauregard
    Loading Error at start (which has been here for a few days): C:\Users\MyName\AppData\Local\Temp\ntosetup.dll "Dos" like window has been opening at start for a few days: C:\Documents and Settings\All Users\Application Data\Skype\Plugins\Plugins\073A Windows Security center works now. Windows update and Windows Defender work now. //////////////////// Results of screen317's Security Check version 0.99.10 Windows Vista Service Pack 2 (UAC is enabled) Internet Explorer 8 `````````````````````````````` Antivirus/Firewall Check: BitDefender Antivirus 2010 WMI entry may not exist for antivirus; attempting automatic update. ``````````````````````````````` Anti-malware/Other Utilities Check: Malwarebytes' Anti-Malware Java™ 6 Update 22 Java™ SE Runtime Environment 6 Java™ 6 Update 7 Out of date Java installed! Adobe Flash Player 10.2.153.1 ```````````````````````````````` Process Check: objlist.exe by Laurent Windows Defender MSASCui.exe BitDefender BitDefender 2010 bdagent.exe BitDefender BitDefender 2010 seccenter.exe Windows Defender MSASCui.exe ``````````End of Log````````````
  11. Beauregard
    Windows Update et Windows Defender marchent à nouveau. Plusieurs mises a jour en cours. Malwarebytes' Anti-Malware 1.50.1.1100 www.malwarebytes.org Database version: 6528 Windows 6.0.6002 Service Pack 2 Internet Explorer 8.0.6001.18999 5/8/2011 2:13:54 AM mbam-log-2011-05-08 (02-13-54).txt Scan type: Quick scan Objects scanned: 174161 Time elapsed: 21 minute(s), 38 second(s) Memory Processes Infected: 0 Memory Modules Infected: 0 Registry Keys Infected: 0 Registry Values Infected: 0 Registry Data Items Infected: 0 Folders Infected: 0 Files Infected: 0 Memory Processes Infected: (No malicious items detected) Memory Modules Infected: (No malicious items detected) Registry Keys Infected: (No malicious items detected) Registry Values Infected: (No malicious items detected) Registry Data Items Infected: (No malicious items detected) Folders Infected: (No malicious items detected) Files Infected: (No malicious items detected)
  12. Beauregard
    Loading Error at start (which has been here for a few days): C:\Users\MyName\AppData\Local\Temp\ntosetup.dll "Dos" like window has been opening at start for a few days: C:\Documents and Settings\All Users\Application Data\Skype\Plugins\Plugins\073A Windows Security center has issues: BitDefender anti virus does not start. Windows update has been failing for days. Windows Defender is supposedly outdated. That was actually the first sign. Thanks for your help, Beauregard /////////////////// TDSKILLER REPORT 2011/05/08 01:06:35.0353 6084 TDSS rootkit removing tool 2.5.0.0 May 1 2011 14:20:16 2011/05/08 01:06:37.0358 6084 ================================================================================ 2011/05/08 01:06:37.0358 6084 SystemInfo: 2011/05/08 01:06:37.0358 6084 2011/05/08 01:06:37.0359 6084 OS Version: 6.0.6002 ServicePack: 2.0 2011/05/08 01:06:37.0359 6084 Product type: Workstation 2011/05/08 01:06:37.0359 6084 ComputerName: EMMANUEL-PC 2011/05/08 01:06:37.0376 6084 UserName: Emmanuel 2011/05/08 01:06:37.0376 6084 Windows directory: C:\Windows 2011/05/08 01:06:37.0376 6084 System windows directory: C:\Windows 2011/05/08 01:06:37.0376 6084 Processor architecture: Intel x86 2011/05/08 01:06:37.0376 6084 Number of processors: 2 2011/05/08 01:06:37.0376 6084 Page size: 0x1000 2011/05/08 01:06:37.0376 6084 Boot type: Normal boot 2011/05/08 01:06:37.0376 6084 ================================================================================ 2011/05/08 01:06:38.0650 6084 Initialize success 2011/05/08 01:06:47.0277 5936 ================================================================================ 2011/05/08 01:06:47.0277 5936 Scan started 2011/05/08 01:06:47.0277 5936 Mode: Manual; 2011/05/08 01:06:47.0277 5936 ================================================================================ 2011/05/08 01:06:48.0165 5936 61883 (585e64bb6dfbc0a2f1f0b554ded012df) C:\Windows\system32\DRIVERS\61883.sys 2011/05/08 01:06:48.0264 5936 ACPI (82b296ae1892fe3dbee00c9cf92f8ac7) C:\Windows\system32\drivers\acpi.sys 2011/05/08 01:06:48.0515 5936 adp94xx (04f0fcac69c7c71a3ac4eb97fafc8303) C:\Windows\system32\drivers\adp94xx.sys 2011/05/08 01:06:48.0701 5936 adpahci (60505e0041f7751bdbb80f88bf45c2ce) C:\Windows\system32\drivers\adpahci.sys 2011/05/08 01:06:48.0794 5936 adpu160m (8a42779b02aec986eab64ecfc98f8bd7) C:\Windows\system32\drivers\adpu160m.sys 2011/05/08 01:06:48.0879 5936 adpu320 (241c9e37f8ce45ef51c3de27515ca4e5) C:\Windows\system32\drivers\adpu320.sys 2011/05/08 01:06:49.0161 5936 AFD (a201207363aa900abf1a388468688570) C:\Windows\system32\drivers\afd.sys 2011/05/08 01:06:49.0258 5936 agp440 (13f9e33747e6b41a3ff305c37db0d360) C:\Windows\system32\drivers\agp440.sys 2011/05/08 01:06:49.0366 5936 aic78xx (ae1fdf7bf7bb6c6a70f67699d880592a) C:\Windows\system32\drivers\djsvs.sys 2011/05/08 01:06:49.0584 5936 Alidevice (2f17c06cda54bfbe13c4046b19055f7b) C:\Windows\system32\drivers\Alidevice.sys 2011/05/08 01:06:49.0671 5936 aliide (9eaef5fc9b8e351afa7e78a6fae91f91) C:\Windows\system32\drivers\aliide.sys 2011/05/08 01:06:49.0764 5936 amdagp (c47344bc706e5f0b9dce369516661578) C:\Windows\system32\drivers\amdagp.sys 2011/05/08 01:06:49.0841 5936 amdide (9b78a39a4c173fdbc1321e0dd659b34c) C:\Windows\system32\drivers\amdide.sys 2011/05/08 01:06:49.0970 5936 AmdK7 (18f29b49ad23ecee3d2a826c725c8d48) C:\Windows\system32\drivers\amdk7.sys 2011/05/08 01:06:50.0062 5936 AmdK8 (93ae7f7dd54ab986a6f1a1b37be7442d) C:\Windows\system32\drivers\amdk8.sys 2011/05/08 01:06:50.0148 5936 ApfiltrService (9325e49d555d8f12ce1735227dbb3d80) C:\Windows\system32\DRIVERS\Apfiltr.sys 2011/05/08 01:06:50.0614 5936 arc (5d2888182fb46632511acee92fdad522) C:\Windows\system32\drivers\arc.sys 2011/05/08 01:06:50.0769 5936 arcsas (5e2a321bd7c8b3624e41fdec3e244945) C:\Windows\system32\drivers\arcsas.sys 2011/05/08 01:06:51.0139 5936 AsyncMac (53b202abee6455406254444303e87be1) C:\Windows\system32\DRIVERS\asyncmac.sys 2011/05/08 01:06:51.0207 5936 atapi (2d9c903dc76a66813d350a562de40ed9) C:\Windows\system32\drivers\atapi.sys 2011/05/08 01:06:51.0572 5936 athr (24b4375abbc587bdc99e231383c16b8f) C:\Windows\system32\DRIVERS\athr.sys 2011/05/08 01:06:52.0272 5936 atikmdag (eb4652a6571ef66c6c778e1007623f1f) C:\Windows\system32\DRIVERS\atikmdag.sys 2011/05/08 01:06:52.0863 5936 Avc (f4b56425a00beb32f5fa6603ff7b0ea2) C:\Windows\system32\DRIVERS\avc.sys 2011/05/08 01:06:53.0278 5936 AVCSTRM (a25f0f39ac579fe899a7c8d67ecb157c) C:\Windows\system32\DRIVERS\avcstrm.sys 2011/05/08 01:06:53.0677 5936 BDFM (67c2a47db7190673350a3f9f5a1507cb) C:\Windows\system32\DRIVERS\bdfm.sys 2011/05/08 01:06:53.0910 5936 bdfsfltr (a21a4a0e6bdf0c2be0fabfa16d8c8f76) C:\Windows\system32\DRIVERS\bdfsfltr.sys 2011/05/08 01:06:54.0194 5936 bdftdif (0bdbf842a39d6c5640ba4b8acf29aa06) C:\Program Files\Common Files\BitDefender\BitDefender Firewall\bdftdif.sys 2011/05/08 01:06:54.0387 5936 BDSelfPr (0d756ced21d977ae32539da1f41bf879) C:\Program Files\BitDefender\BitDefender 2010\bdselfpr.sys 2011/05/08 01:06:54.0905 5936 Beep (67e506b75bd5326a3ec7b70bd014dfb6) C:\Windows\system32\drivers\Beep.sys 2011/05/08 01:06:55.0253 5936 blbdrive (d4df28447741fd3d953526e33a617397) C:\Windows\system32\drivers\blbdrive.sys 2011/05/08 01:06:55.0340 5936 bowser (74b442b2be1260b7588c136177ceac66) C:\Windows\system32\DRIVERS\bowser.sys 2011/05/08 01:06:55.0548 5936 BrFiltLo (9f9acc7f7ccde8a15c282d3f88b43309) C:\Windows\system32\drivers\brfiltlo.sys 2011/05/08 01:06:56.0202 5936 BrFiltUp (56801ad62213a41f6497f96dee83755a) C:\Windows\system32\drivers\brfiltup.sys 2011/05/08 01:06:56.0654 5936 Brserid (b304e75cff293029eddf094246747113) C:\Windows\system32\drivers\brserid.sys 2011/05/08 01:06:56.0968 5936 BrSerWdm (203f0b1e73adadbbb7b7b1fabd901f6b) C:\Windows\system32\drivers\brserwdm.sys 2011/05/08 01:06:57.0169 5936 BrUsbMdm (bd456606156ba17e60a04e18016ae54b) C:\Windows\system32\drivers\brusbmdm.sys 2011/05/08 01:06:57.0256 5936 BrUsbSer (af72ed54503f717a43268b3cc5faec2e) C:\Windows\system32\drivers\brusbser.sys 2011/05/08 01:06:57.0480 5936 BthEnum (6d39c954799b63ba866910234cf7d726) C:\Windows\system32\DRIVERS\BthEnum.sys 2011/05/08 01:06:57.0799 5936 BTHMODEM (9a966a8e86d1771911ae34a20d11bff3) C:\Windows\system32\DRIVERS\bthmodem.sys 2011/05/08 01:06:58.0295 5936 BthPan (5904efa25f829bf84ea6fb045134a1d8) C:\Windows\system32\DRIVERS\bthpan.sys 2011/05/08 01:06:58.0912 5936 BTHPORT (5a3abaa2f8eece7aefb942773766e3db) C:\Windows\system32\Drivers\BTHport.sys 2011/05/08 01:06:59.0263 5936 BTHprint (d72baf07a11de1dd32855bb897518d53) C:\Windows\system32\DRIVERS\bthprint.sys 2011/05/08 01:06:59.0352 5936 BTHUSB (94e2941280e3756a5e0bcb467865c43a) C:\Windows\system32\Drivers\BTHUSB.sys 2011/05/08 01:06:59.0565 5936 btwaudio (7f256d9fff384faa40df5db1cb8531d9) C:\Windows\system32\drivers\btwaudio.sys 2011/05/08 01:06:59.0635 5936 btwavdt (d87d990131aaabb27d4046790292366d) C:\Windows\system32\drivers\btwavdt.sys 2011/05/08 01:06:59.0721 5936 btwl2cap (d02f4d18aa4a38f781beefeb1892e144) C:\Windows\system32\DRIVERS\btwl2cap.sys 2011/05/08 01:06:59.0833 5936 btwrchid (e1771c0fb49e747ab2b2d29da50510f9) C:\Windows\system32\DRIVERS\btwrchid.sys 2011/05/08 01:06:59.0986 5936 cdfs (7add03e75beb9e6dd102c3081d29840a) C:\Windows\system32\DRIVERS\cdfs.sys 2011/05/08 01:07:00.0083 5936 cdrom (6b4bffb9becd728097024276430db314) C:\Windows\system32\DRIVERS\cdrom.sys 2011/05/08 01:07:00.0163 5936 circlass (e5d4133f37219dbcfe102bc61072589d) C:\Windows\system32\drivers\circlass.sys 2011/05/08 01:07:00.0369 5936 CLFS (d7659d3b5b92c31e84e53c1431f35132) C:\Windows\system32\CLFS.sys 2011/05/08 01:07:00.0517 5936 CMB8100 (6b0f39e11eec9fa75a2f3e74344470e0) C:\Windows\system32\Drivers\CertClient.dat 2011/05/08 01:07:00.0640 5936 CmBatt (99afc3795b58cc478fbbbcdc658fcb56) C:\Windows\system32\DRIVERS\CmBatt.sys 2011/05/08 01:07:00.0778 5936 CMBProtector (01bd490e00f607c0c82b2b7f7da64e25) C:\Windows\system32\Drivers\CMBProtector.dat 2011/05/08 01:07:00.0861 5936 cmdide (0ca25e686a4928484e9fdabd168ab629) C:\Windows\system32\drivers\cmdide.sys 2011/05/08 01:07:00.0951 5936 Compbatt (6afef0b60fa25de07c0968983ee4f60a) C:\Windows\system32\DRIVERS\compbatt.sys 2011/05/08 01:07:01.0031 5936 crcdisk (741e9dff4f42d2d8477d0fc1dc0df871) C:\Windows\system32\drivers\crcdisk.sys 2011/05/08 01:07:01.0164 5936 Crusoe (1f07becdca750766a96cda811ba86410) C:\Windows\system32\drivers\crusoe.sys 2011/05/08 01:07:01.0305 5936 CSC (9bdb2e89be8d0ef37b1f25c3d3fc192c) C:\Windows\system32\drivers\csc.sys 2011/05/08 01:07:01.0494 5936 DfsC (218d8ae46c88e82014f5d73d0236d9b2) C:\Windows\system32\Drivers\dfsc.sys 2011/05/08 01:07:01.0621 5936 disk (5d4aefc3386920236a548271f8f1af6a) C:\Windows\system32\drivers\disk.sys 2011/05/08 01:07:01.0839 5936 dlkmd (a4949370238c55aef82317af36d8b939) C:\Windows\system32\drivers\dlkmd.sys 2011/05/08 01:07:01.0935 5936 dlkmdldr (c8e26d7e2b8e354982d5e37e2c05fdba) C:\Windows\system32\drivers\dlkmdldr.sys 2011/05/08 01:07:02.0016 5936 DMICall (f206e28ed74c491fd5d7c0a1119ce37f) C:\Windows\system32\DRIVERS\DMICall.sys 2011/05/08 01:07:02.0154 5936 Dot4 (4f59c172c094e1a1d46463a8dc061cbd) C:\Windows\system32\DRIVERS\Dot4.sys 2011/05/08 01:07:02.0287 5936 Dot4Print (80bf3ba09f6f2523c8f6b7cc6dbf7bd5) C:\Windows\system32\DRIVERS\Dot4Prt.sys 2011/05/08 01:07:02.0378 5936 dot4usb (c55004ca6b419b6695970dfe849b122f) C:\Windows\system32\DRIVERS\dot4usb.sys 2011/05/08 01:07:02.0471 5936 drmkaud (97fef831ab90bee128c9af390e243f80) C:\Windows\system32\drivers\drmkaud.sys 2011/05/08 01:07:02.0597 5936 DXGKrnl (fb85f7f69e9b109820409243f578cc4d) C:\Windows\System32\drivers\dxgkrnl.sys 2011/05/08 01:07:02.0753 5936 E1G60 (5425f74ac0c1dbd96a1e04f17d63f94c) C:\Windows\system32\DRIVERS\E1G60I32.sys 2011/05/08 01:07:02.0854 5936 Ecache (7f64ea048dcfac7acf8b4d7b4e6fe371) C:\Windows\system32\drivers\ecache.sys 2011/05/08 01:07:03.0060 5936 ElbyCDIO (178cc9403816c082d22a1d47fa1f9c85) C:\Windows\system32\Drivers\ElbyCDIO.sys 2011/05/08 01:07:03.0209 5936 elxstor (23b62471681a124889978f6295b3f4c6) C:\Windows\system32\drivers\elxstor.sys 2011/05/08 01:07:03.0333 5936 ErrDev (3db974f3935483555d7148663f726c61) C:\Windows\system32\drivers\errdev.sys 2011/05/08 01:07:03.0481 5936 exfat (22b408651f9123527bcee54b4f6c5cae) C:\Windows\system32\drivers\exfat.sys 2011/05/08 01:07:03.0587 5936 fastfat (1e9b9a70d332103c52995e957dc09ef8) C:\Windows\system32\drivers\fastfat.sys 2011/05/08 01:07:03.0739 5936 fdc (afe1e8b9782a0dd7fb46bbd88e43f89a) C:\Windows\system32\DRIVERS\fdc.sys 2011/05/08 01:07:03.0825 5936 FileInfo (a8c0139a884861e3aae9cfe73b208a9f) C:\Windows\system32\drivers\fileinfo.sys 2011/05/08 01:07:03.0901 5936 Filetrace (0ae429a696aecbc5970e3cf2c62635ae) C:\Windows\system32\drivers\filetrace.sys 2011/05/08 01:07:04.0076 5936 flpydisk (85b7cf99d532820495d68d747fda9ebd) C:\Windows\system32\DRIVERS\flpydisk.sys 2011/05/08 01:07:04.0195 5936 FltMgr (01334f9ea68e6877c4ef05d3ea8abb05) C:\Windows\system32\drivers\fltmgr.sys 2011/05/08 01:07:04.0296 5936 Fs_Rec (65ea8b77b5851854f0c55c43fa51a198) C:\Windows\system32\drivers\Fs_Rec.sys 2011/05/08 01:07:04.0353 5936 fvevol (fecf4c2e42440a8d132bf94eee3c3fc9) C:\Windows\system32\DRIVERS\fvevol.sys 2011/05/08 01:07:04.0430 5936 gagp30kx (34582a6e6573d54a07ece5fe24a126b5) C:\Windows\system32\drivers\gagp30kx.sys 2011/05/08 01:07:04.0560 5936 GEARAspiWDM (8182ff89c65e4d38b2de4bb0fb18564e) C:\Windows\system32\DRIVERS\GEARAspiWDM.sys 2011/05/08 01:07:04.0700 5936 HdAudAddService (cb04c744be0a61b1d648faed182c3b59) C:\Windows\system32\drivers\HdAudio.sys 2011/05/08 01:07:04.0835 5936 HDAudBus (062452b7ffd68c8c042a6261fe8dff4a) C:\Windows\system32\DRIVERS\HDAudBus.sys 2011/05/08 01:07:04.0963 5936 HidBth (fcb3f4be408f72c1bd81bcaba87fc22f) C:\Windows\system32\DRIVERS\hidbth.sys 2011/05/08 01:07:05.0089 5936 HidIr (ff3160c3a2445128c5a6d9b076da519e) C:\Windows\system32\drivers\hidir.sys 2011/05/08 01:07:05.0215 5936 HidUsb (cca4b519b17e23a00b826c55716809cc) C:\Windows\system32\DRIVERS\hidusb.sys 2011/05/08 01:07:05.0304 5936 HpCISSs (16ee7b23a009e00d835cdb79574a91a6) C:\Windows\system32\drivers\hpcisss.sys 2011/05/08 01:07:05.0438 5936 HPFXBULK (9e3944a558ab84853ef985988e23a8a4) C:\Windows\system32\drivers\hpfxbulk.sys 2011/05/08 01:07:05.0581 5936 HSFHWAZL (46d67209550973257601a533e2ac5785) C:\Windows\system32\DRIVERS\VSTAZL3.SYS 2011/05/08 01:07:05.0717 5936 HSF_DPV (7bc42c65b5c6281777c1a7605b253ba8) C:\Windows\system32\DRIVERS\HSX_DPV.sys 2011/05/08 01:07:05.0843 5936 HSXHWAZL (9ebf2d102ccbb6bcdfbf1b7922f8ba2e) C:\Windows\system32\DRIVERS\HSXHWAZL.sys 2011/05/08 01:07:05.0957 5936 HTTP (f870aa3e254628ebeafe754108d664de) C:\Windows\system32\drivers\HTTP.sys 2011/05/08 01:07:06.0111 5936 i2omp (c6b032d69650985468160fc9937cf5b4) C:\Windows\system32\drivers\i2omp.sys 2011/05/08 01:07:06.0182 5936 i8042prt (22d56c8184586b7a1f6fa60be5f5a2bd) C:\Windows\system32\DRIVERS\i8042prt.sys 2011/05/08 01:07:06.0294 5936 iaStor (db0cc620b27a928d968c1a1e9cd9cb87) C:\Windows\system32\DRIVERS\iaStor.sys 2011/05/08 01:07:06.0377 5936 iaStorV (54155ea1b0df185878e0fc9ec3ac3a14) C:\Windows\system32\drivers\iastorv.sys 2011/05/08 01:07:06.0609 5936 iirsp (2d077bf86e843f901d8db709c95b49a5) C:\Windows\system32\drivers\iirsp.sys 2011/05/08 01:07:06.0814 5936 IntcAzAudAddService (2deb2538c9372568bb67b5fdf2359790) C:\Windows\system32\drivers\RTKVHDA.sys 2011/05/08 01:07:07.0042 5936 intelide (83aa759f3189e6370c30de5dc5590718) C:\Windows\system32\drivers\intelide.sys 2011/05/08 01:07:07.0188 5936 intelppm (224191001e78c89dfa78924c3ea595ff) C:\Windows\system32\DRIVERS\intelppm.sys 2011/05/08 01:07:07.0260 5936 IpFilterDriver (62c265c38769b864cb25b4bcf62df6c3) C:\Windows\system32\DRIVERS\ipfltdrv.sys 2011/05/08 01:07:07.0424 5936 IPMIDRV (b25aaf203552b7b3491139d582b39ad1) C:\Windows\system32\drivers\ipmidrv.sys 2011/05/08 01:07:07.0506 5936 IPNAT (8793643a67b42cec66490b2a0cf92d68) C:\Windows\system32\DRIVERS\ipnat.sys 2011/05/08 01:07:07.0702 5936 IRENUM (109c0dfb82c3632fbd11949b73aeeac9) C:\Windows\system32\drivers\irenum.sys 2011/05/08 01:07:07.0795 5936 isapnp (6c70698a3e5c4376c6ab5c7c17fb0614) C:\Windows\system32\drivers\isapnp.sys 2011/05/08 01:07:07.0936 5936 iScsiPrt (232fa340531d940aac623b121a595034) C:\Windows\system32\DRIVERS\msiscsi.sys 2011/05/08 01:07:08.0007 5936 iteatapi (bced60d16156e428f8df8cf27b0df150) C:\Windows\system32\drivers\iteatapi.sys 2011/05/08 01:07:08.0081 5936 iteraid (06fa654504a498c30adca8bec4e87e7e) C:\Windows\system32\drivers\iteraid.sys 2011/05/08 01:07:08.0222 5936 kbdclass (37605e0a8cf00cbba538e753e4344c6e) C:\Windows\system32\DRIVERS\kbdclass.sys 2011/05/08 01:07:08.0297 5936 kbdhid (ede59ec70e25c24581add1fbec7325f7) C:\Windows\system32\DRIVERS\kbdhid.sys 2011/05/08 01:07:08.0461 5936 KSecDD (86165728af9bf72d6442a894fdfb4f8b) C:\Windows\system32\Drivers\ksecdd.sys 2011/05/08 01:07:08.0853 5936 LHidFilt (24e0ddb99aeccf86bb37702611761459) C:\Windows\system32\DRIVERS\LHidFilt.Sys 2011/05/08 01:07:08.0980 5936 lltdio (d1c5883087a0c3f1344d9d55a44901f6) C:\Windows\system32\DRIVERS\lltdio.sys 2011/05/08 01:07:09.0085 5936 LMouFilt (d58b330d318361a66a9fe60d7c9b4951) C:\Windows\system32\DRIVERS\LMouFilt.Sys 2011/05/08 01:07:09.0209 5936 LSI_FC (c7e15e82879bf3235b559563d4185365) C:\Windows\system32\drivers\lsi_fc.sys 2011/05/08 01:07:09.0307 5936 LSI_SAS (ee01ebae8c9bf0fa072e0ff68718920a) C:\Windows\system32\drivers\lsi_sas.sys 2011/05/08 01:07:09.0402 5936 LSI_SCSI (912a04696e9ca30146a62afa1463dd5c) C:\Windows\system32\drivers\lsi_scsi.sys 2011/05/08 01:07:09.0529 5936 luafv (8f5c7426567798e62a3b3614965d62cc) C:\Windows\system32\drivers\luafv.sys 2011/05/08 01:07:09.0650 5936 mdmxsdk (0cea2d0d3fa284b85ed5b68365114f76) C:\Windows\system32\DRIVERS\mdmxsdk.sys 2011/05/08 01:07:09.0731 5936 megasas (0001ce609d66632fa17b84705f658879) C:\Windows\system32\drivers\megasas.sys 2011/05/08 01:07:09.0839 5936 MegaSR (c252f32cd9a49dbfc25ecf26ebd51a99) C:\Windows\system32\drivers\megasr.sys 2011/05/08 01:07:10.0028 5936 Modem (e13b5ea0f51ba5b1512ec671393d09ba) C:\Windows\system32\drivers\modem.sys 2011/05/08 01:07:10.0132 5936 monitor (0a9bb33b56e294f686abb7c1e4e2d8a8) C:\Windows\system32\DRIVERS\monitor.sys 2011/05/08 01:07:10.0194 5936 mouclass (5bf6a1326a335c5298477754a506d263) C:\Windows\system32\DRIVERS\mouclass.sys 2011/05/08 01:07:10.0275 5936 mouhid (93b8d4869e12cfbe663915502900876f) C:\Windows\system32\DRIVERS\mouhid.sys 2011/05/08 01:07:10.0418 5936 MountMgr (bdafc88aa6b92f7842416ea6a48e1600) C:\Windows\system32\drivers\mountmgr.sys 2011/05/08 01:07:10.0515 5936 mpio (511d011289755dd9f9a7579fb0b064e6) C:\Windows\system32\drivers\mpio.sys 2011/05/08 01:07:10.0620 5936 mpsdrv (22241feba9b2defa669c8cb0a8dd7d2e) C:\Windows\system32\drivers\mpsdrv.sys 2011/05/08 01:07:10.0714 5936 Mraid35x (4fbbb70d30fd20ec51f80061703b001e) C:\Windows\system32\drivers\mraid35x.sys 2011/05/08 01:07:10.0834 5936 MRxDAV (82cea0395524aacfeb58ba1448e8325c) C:\Windows\system32\drivers\mrxdav.sys 2011/05/08 01:07:10.0970 5936 mrxsmb (454341e652bdf5e01b0f2140232b073e) C:\Windows\system32\DRIVERS\mrxsmb.sys 2011/05/08 01:07:11.0072 5936 mrxsmb10 (2a4901aff069944fa945ed5bbf4dcde3) C:\Windows\system32\DRIVERS\mrxsmb10.sys 2011/05/08 01:07:11.0123 5936 mrxsmb20 (28b3f1ab44bdd4432c041581412f17d9) C:\Windows\system32\DRIVERS\mrxsmb20.sys 2011/05/08 01:07:11.0190 5936 msahci (28023e86f17001f7cd9b15a5bc9ae07d) C:\Windows\system32\drivers\msahci.sys 2011/05/08 01:07:11.0265 5936 msdsm (4468b0f385a86ecddaf8d3ca662ec0e7) C:\Windows\system32\drivers\msdsm.sys 2011/05/08 01:07:11.0409 5936 MSDV (343291a4dfd7c923c3f71f550830ec1c) C:\Windows\system32\DRIVERS\msdv.sys 2011/05/08 01:07:11.0504 5936 Msfs (a9927f4a46b816c92f461acb90cf8515) C:\Windows\system32\drivers\Msfs.sys 2011/05/08 01:07:11.0583 5936 msisadrv (0f400e306f385c56317357d6dea56f62) C:\Windows\system32\drivers\msisadrv.sys 2011/05/08 01:07:11.0693 5936 MSKSSRV (d8c63d34d9c9e56c059e24ec7185cc07) C:\Windows\system32\drivers\MSKSSRV.sys 2011/05/08 01:07:11.0774 5936 MSPCLOCK (1d373c90d62ddb641d50e55b9e78d65e) C:\Windows\system32\drivers\MSPCLOCK.sys 2011/05/08 01:07:11.0849 5936 MSPQM (b572da05bf4e098d4bba3a4734fb505b) C:\Windows\system32\drivers\MSPQM.sys 2011/05/08 01:07:11.0962 5936 MsRPC (b49456d70555de905c311bcda6ec6adb) C:\Windows\system32\drivers\MsRPC.sys 2011/05/08 01:07:12.0062 5936 mssmbios (e384487cb84be41d09711c30ca79646c) C:\Windows\system32\DRIVERS\mssmbios.sys 2011/05/08 01:07:12.0157 5936 MSTAPE (92b0e43b54ebff026451df3dd142129d) C:\Windows\system32\DRIVERS\mstape.sys 2011/05/08 01:07:12.0262 5936 MSTEE (7199c1eec1e4993caf96b8c0a26bd58a) C:\Windows\system32\drivers\MSTEE.sys 2011/05/08 01:07:12.0377 5936 Mup (6a57b5733d4cb702c8ea4542e836b96c) C:\Windows\system32\Drivers\mup.sys 2011/05/08 01:07:12.0516 5936 NativeWifiP (85c44fdff9cf7e72a40dcb7ec06a4416) C:\Windows\system32\DRIVERS\nwifi.sys 2011/05/08 01:07:12.0633 5936 NDIS (1357274d1883f68300aeadd15d7bbb42) C:\Windows\system32\drivers\ndis.sys 2011/05/08 01:07:12.0782 5936 NdisTapi (0e186e90404980569fb449ba7519ae61) C:\Windows\system32\DRIVERS\ndistapi.sys 2011/05/08 01:07:12.0871 5936 Ndisuio (d6973aa34c4d5d76c0430b181c3cd389) C:\Windows\system32\DRIVERS\ndisuio.sys 2011/05/08 01:07:12.0981 5936 NdisWan (818f648618ae34f729fdb47ec68345c3) C:\Windows\system32\DRIVERS\ndiswan.sys 2011/05/08 01:07:13.0058 5936 NDProxy (71dab552b41936358f3b541ae5997fb3) C:\Windows\system32\drivers\NDProxy.sys 2011/05/08 01:07:13.0152 5936 NetBIOS (bcd093a5a6777cf626434568dc7dba78) C:\Windows\system32\DRIVERS\netbios.sys 2011/05/08 01:07:13.0267 5936 netbt (ecd64230a59cbd93c85f1cd1cab9f3f6) C:\Windows\system32\DRIVERS\netbt.sys 2011/05/08 01:07:13.0535 5936 NETw5v32 (e559ea9138c77b5d1fda8c558764a25f) C:\Windows\system32\DRIVERS\NETw5v32.sys 2011/05/08 01:07:13.0749 5936 nfrd960 (2e7fb731d4790a1bc6270accefacb36e) C:\Windows\system32\drivers\nfrd960.sys 2011/05/08 01:07:13.0969 5936 Npfs (d36f239d7cce1931598e8fb90a0dbc26) C:\Windows\system32\drivers\Npfs.sys 2011/05/08 01:07:14.0118 5936 nsiproxy (609773e344a97410ce4ebf74a8914fcf) C:\Windows\system32\drivers\nsiproxy.sys 2011/05/08 01:07:14.0264 5936 Ntfs (6a4a98cee84cf9e99564510dda4baa47) C:\Windows\system32\drivers\Ntfs.sys 2011/05/08 01:07:14.0406 5936 ntrigdigi (e875c093aec0c978a90f30c9e0dfbb72) C:\Windows\system32\drivers\ntrigdigi.sys 2011/05/08 01:07:14.0564 5936 NuidFltr (cf7e041663119e09d2e118521ada9300) C:\Windows\system32\DRIVERS\NuidFltr.sys 2011/05/08 01:07:14.0658 5936 Null (c5dbbcda07d780bda9b685df333bb41e) C:\Windows\system32\drivers\Null.sys 2011/05/08 01:07:14.0733 5936 nvraid (2edf9e7751554b42cbb60116de727101) C:\Windows\system32\drivers\nvraid.sys 2011/05/08 01:07:14.0819 5936 nvstor (abed0c09758d1d97db0042dbb2688177) C:\Windows\system32\drivers\nvstor.sys 2011/05/08 01:07:14.0913 5936 nv_agp (18bbdf913916b71bd54575bdb6eeac0b) C:\Windows\system32\drivers\nv_agp.sys 2011/05/08 01:07:15.0151 5936 ohci1394 (6f310e890d46e246e0e261a63d9b36b4) C:\Windows\system32\DRIVERS\ohci1394.sys 2011/05/08 01:07:15.0430 5936 Parport (0fa9b5055484649d63c303fe404e5f4d) C:\Windows\system32\drivers\parport.sys 2011/05/08 01:07:15.0855 5936 partmgr (57389fa59a36d96b3eb09d0cb91e9cdc) C:\Windows\system32\drivers\partmgr.sys 2011/05/08 01:07:16.0299 5936 Parvdm (4f9a6a8a31413180d0fcb279ad5d8112) C:\Windows\system32\drivers\parvdm.sys 2011/05/08 01:07:17.0008 5936 pci (941dc1d19e7e8620f40bbc206981efdb) C:\Windows\system32\drivers\pci.sys 2011/05/08 01:07:17.0448 5936 pciide (fc175f5ddab666d7f4d17449a547626f) C:\Windows\system32\drivers\pciide.sys 2011/05/08 01:07:17.0738 5936 pcmcia (e6f3fb1b86aa519e7698ad05e58b04e5) C:\Windows\system32\drivers\pcmcia.sys 2011/05/08 01:07:18.0626 5936 PEAUTH (6349f6ed9c623b44b52ea3c63c831a92) C:\Windows\system32\drivers\peauth.sys 2011/05/08 01:07:19.0037 5936 Point32 (d82ac5b7da8fdccda1323836516405ec) C:\Windows\system32\DRIVERS\point32k.sys 2011/05/08 01:07:19.0382 5936 PptpMiniport (ecfffaec0c1ecd8dbc77f39070ea1db1) C:\Windows\system32\DRIVERS\raspptp.sys 2011/05/08 01:07:19.0929 5936 Processor (2027293619dd0f047c584cf2e7df4ffd) C:\Windows\system32\drivers\processr.sys 2011/05/08 01:07:20.0335 5936 Profos (d90a33660d328a9f587580f0b38c85de) C:\Program Files\Common Files\BitDefender\BitDefender Threat Scanner\profos.sys 2011/05/08 01:07:20.0567 5936 PSched (99514faa8df93d34b5589187db3aa0ba) C:\Windows\system32\DRIVERS\pacer.sys 2011/05/08 01:07:20.0666 5936 PxHelp20 (d970470f8f39470bdae94d313a1ccdce) C:\Windows\system32\Drivers\PxHelp20.sys 2011/05/08 01:07:20.0782 5936 ql2300 (0a6db55afb7820c99aa1f3a1d270f4f6) C:\Windows\system32\drivers\ql2300.sys 2011/05/08 01:07:20.0935 5936 ql40xx (81a7e5c076e59995d54bc1ed3a16e60b) C:\Windows\system32\drivers\ql40xx.sys 2011/05/08 01:07:21.0055 5936 QWAVEdrv (9f5e0e1926014d17486901c88eca2db7) C:\Windows\system32\drivers\qwavedrv.sys 2011/05/08 01:07:21.0142 5936 RasAcd (147d7f9c556d259924351feb0de606c3) C:\Windows\system32\DRIVERS\rasacd.sys 2011/05/08 01:07:21.0240 5936 Rasl2tp (a214adbaf4cb47dd2728859ef31f26b0) C:\Windows\system32\DRIVERS\rasl2tp.sys 2011/05/08 01:07:21.0356 5936 RasPppoe (509a98dd18af4375e1fc40bc175f1def) C:\Windows\system32\DRIVERS\raspppoe.sys 2011/05/08 01:07:21.0465 5936 RasSstp (2005f4a1e05fa09389ac85840f0a9e4d) C:\Windows\system32\DRIVERS\rassstp.sys 2011/05/08 01:07:21.0624 5936 rdbss (b14c9d5b9add2f84f70570bbbfaa7935) C:\Windows\system32\DRIVERS\rdbss.sys 2011/05/08 01:07:21.0726 5936 RDPCDD (89e59be9a564262a3fb6c4f4f1cd9899) C:\Windows\system32\DRIVERS\RDPCDD.sys 2011/05/08 01:07:21.0837 5936 rdpdr (943b18305eae3935598a9b4a3d560b4c) C:\Windows\system32\DRIVERS\rdpdr.sys 2011/05/08 01:07:21.0917 5936 RDPENCDD (9d91fe5286f748862ecffa05f8a0710c) C:\Windows\system32\drivers\rdpencdd.sys 2011/05/08 01:07:22.0083 5936 RDPWD (30bfbdfb7f95559ede971f9ddb9a00ba) C:\Windows\system32\drivers\RDPWD.sys 2011/05/08 01:07:22.0248 5936 regi (001b4278407f4303efc902a2b16f2453) C:\Windows\system32\drivers\regi.sys 2011/05/08 01:07:22.0398 5936 RFCOMM (6482707f9f4da0ecbab43b2e0398a101) C:\Windows\system32\DRIVERS\rfcomm.sys 2011/05/08 01:07:22.0479 5936 rimsptsk (f2993908be03181c781228daadc55230) C:\Windows\system32\DRIVERS\rimsptsk.sys 2011/05/08 01:07:22.0659 5936 RimVSerPort (2c4fb2e9f039287767c384e46ee91030) C:\Windows\system32\DRIVERS\RimSerial.sys 2011/05/08 01:07:22.0750 5936 risdptsk (cd6e3947724b337f9bc1524b710231eb) C:\Windows\system32\DRIVERS\risdptsk.sys 2011/05/08 01:07:22.0851 5936 ROOTMODEM (75e8a6bfa7374aba833ae92bf41ae4e6) C:\Windows\system32\Drivers\RootMdm.sys 2011/05/08 01:07:22.0968 5936 rspndr (9c508f4074a39e8b4b31d27198146fad) C:\Windows\system32\DRIVERS\rspndr.sys 2011/05/08 01:07:23.0106 5936 RTHDMIAzAudService (f175b21f20b60958295f9221f11fed9f) C:\Windows\system32\drivers\RtHDMIV.sys 2011/05/08 01:07:23.0275 5936 sbp2port (37ca203f8ccf732cd272a27e55b268c4) C:\Windows\system32\DRIVERS\sbp2port.sys 2011/05/08 01:07:23.0468 5936 sdbus (126ea89bcc413ee45e3004fb0764888f) C:\Windows\system32\DRIVERS\sdbus.sys 2011/05/08 01:07:23.0632 5936 secdrv (90a3935d05b494a5a39d37e71f09a677) C:\Windows\system32\drivers\secdrv.sys 2011/05/08 01:07:23.0754 5936 Serenum (68e44e331d46f0fb38f0863a84cd1a31) C:\Windows\system32\drivers\serenum.sys 2011/05/08 01:07:23.0836 5936 Serial (c70d69a918b178d3c3b06339b40c2e1b) C:\Windows\system32\drivers\serial.sys 2011/05/08 01:07:23.0932 5936 sermouse (8af3d28a879bf75db53a0ee7a4289624) C:\Windows\system32\drivers\sermouse.sys 2011/05/08 01:07:24.0156 5936 SFEP (8b7c1768d2cde2e02e09a66563ddfd16) C:\Windows\system32\DRIVERS\SFEP.sys 2011/05/08 01:07:24.0313 5936 sffdisk (3efa810bdca87f6ecc24f9832243fe86) C:\Windows\system32\drivers\sffdisk.sys 2011/05/08 01:07:24.0416 5936 sffp_mmc (e95d451f7ea3e583aec75f3b3ee42dc5) C:\Windows\system32\drivers\sffp_mmc.sys 2011/05/08 01:07:24.0504 5936 sffp_sd (3d0ea348784b7ac9ea9bd9f317980979) C:\Windows\system32\drivers\sffp_sd.sys 2011/05/08 01:07:24.0596 5936 sfloppy (46ed8e91793b2e6f848015445a0ac188) C:\Windows\system32\drivers\sfloppy.sys 2011/05/08 01:07:24.0712 5936 sisagp (1d76624a09a054f682d746b924e2dbc3) C:\Windows\system32\drivers\sisagp.sys 2011/05/08 01:07:24.0898 5936 SiSRaid2 (43cb7aa756c7db280d01da9b676cfde2) C:\Windows\system32\drivers\sisraid2.sys 2011/05/08 01:07:25.0000 5936 SiSRaid4 (a99c6c8b0baa970d8aa59ddc50b57f94) C:\Windows\system32\drivers\sisraid4.sys 2011/05/08 01:07:25.0193 5936 Smb (7b75299a4d201d6a6533603d6914ab04) C:\Windows\system32\DRIVERS\smb.sys 2011/05/08 01:07:25.0469 5936 spldr (7aebdeef071fe28b0eef2cdd69102bff) C:\Windows\system32\drivers\spldr.sys 2011/05/08 01:07:25.0623 5936 sptd (71e276f6d189413266ea22171806597b) C:\Windows\System32\Drivers\sptd.sys 2011/05/08 01:07:25.0859 5936 SRS_SSCFilter (53ff9a8b3748399f143d7572b7888dd7) C:\Windows\system32\drivers\srs_sscfilter_i386.sys 2011/05/08 01:07:25.0988 5936 srv (ff3cbc13db84d81f56931bc922cc37c4) C:\Windows\system32\DRIVERS\srv.sys 2011/05/08 01:07:26.0121 5936 srv2 (d15959d9f69f0d39a0153e9c244f20dd) C:\Windows\system32\DRIVERS\srv2.sys 2011/05/08 01:07:26.0209 5936 srvnet (faa0d553a49e85008c6bb3781987c574) C:\Windows\system32\DRIVERS\srvnet.sys 2011/05/08 01:07:26.0356 5936 ssfs0bbc (a3cc244f1e043c2b7ae32899ff99a0a0) C:\Windows\system32\DRIVERS\ssfs0bbc.sys 2011/05/08 01:07:26.0469 5936 sshrmd (e041026dafa17af2610afc4da8f4ea14) C:\Windows\system32\DRIVERS\sshrmd.sys 2011/05/08 01:07:26.0611 5936 ssidrv (5a40b485825cc31b3a49bb4701b30d35) C:\Windows\system32\DRIVERS\ssidrv.sys 2011/05/08 01:07:26.0738 5936 swenum (7ba58ecf0c0a9a69d44b3dca62becf56) C:\Windows\system32\DRIVERS\swenum.sys 2011/05/08 01:07:26.0975 5936 swmsflt (a184a1bab187809b144ba32509b9e731) C:\Windows\System32\drivers\swmsflt.sys 2011/05/08 01:07:27.0144 5936 SWNC8U56 (2f6f8b7f821c994de3d1caf399bf9cd3) C:\Windows\system32\DRIVERS\swnc8u56.sys 2011/05/08 01:07:27.0339 5936 SWUMX56 (903a5e596a3910cebfa33f3bd7d9c174) C:\Windows\system32\DRIVERS\swumx56.sys 2011/05/08 01:07:27.0466 5936 Symc8xx (192aa3ac01df071b541094f251deed10) C:\Windows\system32\drivers\symc8xx.sys 2011/05/08 01:07:27.0577 5936 Sym_hi (8c8eb8c76736ebaf3b13b633b2e64125) C:\Windows\system32\drivers\sym_hi.sys 2011/05/08 01:07:27.0704 5936 Sym_u3 (8072af52b5fd103bbba387a1e49f62cb) C:\Windows\system32\drivers\sym_u3.sys 2011/05/08 01:07:27.0917 5936 tap0901 (11d34fc869f5bda29949fe3858380894) C:\Windows\system32\DRIVERS\tap0901.sys 2011/05/08 01:07:28.0108 5936 Tcpip (a474879afa4a596b3a531f3e69730dbf) C:\Windows\system32\drivers\tcpip.sys 2011/05/08 01:07:28.0293 5936 Tcpip6 (a474879afa4a596b3a531f3e69730dbf) C:\Windows\system32\DRIVERS\tcpip.sys 2011/05/08 01:07:28.0420 5936 tcpipreg (608c345a255d82a6289c2d468eb41fd7) C:\Windows\system32\drivers\tcpipreg.sys 2011/05/08 01:07:28.0589 5936 TDPIPE (5dcf5e267be67a1ae926f2df77fbcc56) C:\Windows\system32\drivers\tdpipe.sys 2011/05/08 01:07:28.0688 5936 TDTCP (389c63e32b3cefed425b61ed92d3f021) C:\Windows\system32\drivers\tdtcp.sys 2011/05/08 01:07:28.0834 5936 tdx (76b06eb8a01fc8624d699e7045303e54) C:\Windows\system32\DRIVERS\tdx.sys 2011/05/08 01:07:28.0943 5936 TermDD (3cad38910468eab9a6479e2f01db43c7) C:\Windows\system32\DRIVERS\termdd.sys 2011/05/08 01:07:29.0156 5936 Trufos (b16d66a71de03285e14e9f165b59eda4) C:\Program Files\Common Files\BitDefender\BitDefender Threat Scanner\trufos.sys 2011/05/08 01:07:29.0332 5936 tssecsrv (dcf0f056a2e4f52287264f5ab29cf206) C:\Windows\system32\DRIVERS\tssecsrv.sys 2011/05/08 01:07:29.0433 5936 tunmp (caecc0120ac49e3d2f758b9169872d38) C:\Windows\system32\DRIVERS\tunmp.sys 2011/05/08 01:07:29.0548 5936 tunnel (300db877ac094feab0be7688c3454a9c) C:\Windows\system32\DRIVERS\tunnel.sys 2011/05/08 01:07:29.0633 5936 uagp35 (7d33c4db2ce363c8518d2dfcf533941f) C:\Windows\system32\drivers\uagp35.sys 2011/05/08 01:07:29.0750 5936 udfs (d9728af68c4c7693cb100b8441cbdec6) C:\Windows\system32\DRIVERS\udfs.sys 2011/05/08 01:07:30.0063 5936 uliagpkx (b0acfdc9e4af279e9116c03e014b2b27) C:\Windows\system32\drivers\uliagpkx.sys 2011/05/08 01:07:30.0177 5936 uliahci (9224bb254f591de4ca8d572a5f0d635c) C:\Windows\system32\drivers\uliahci.sys 2011/05/08 01:07:30.0301 5936 UlSata (8514d0e5cd0534467c5fc61be94a569f) C:\Windows\system32\drivers\ulsata.sys 2011/05/08 01:07:30.0424 5936 ulsata2 (38c3c6e62b157a6bc46594fada45c62b) C:\Windows\system32\drivers\ulsata2.sys 2011/05/08 01:07:30.0558 5936 umbus (32cff9f809ae9aed85464492bf3e32d2) C:\Windows\system32\DRIVERS\umbus.sys 2011/05/08 01:07:30.0785 5936 USBAAPL (5c2bdc152bbab34f36473deaf7713f22) C:\Windows\system32\Drivers\usbaapl.sys 2011/05/08 01:07:30.0879 5936 usbaudio (32db9517628ff0d070682aab61e688f0) C:\Windows\system32\drivers\usbaudio.sys 2011/05/08 01:07:31.0016 5936 usbbus (adb68aa60ef991ce2e217223fa20b4ff) C:\Windows\system32\DRIVERS\lgusbbus.sys 2011/05/08 01:07:31.0158 5936 usbccgp (caf811ae4c147ffcd5b51750c7f09142) C:\Windows\system32\DRIVERS\usbccgp.sys 2011/05/08 01:07:31.0272 5936 usbcir (e9476e6c486e76bc4898074768fb7131) C:\Windows\system32\drivers\usbcir.sys 2011/05/08 01:07:31.0422 5936 UsbDiag (d4a6201dd361f019e44483645b490e4e) C:\Windows\system32\DRIVERS\lgusbdiag.sys 2011/05/08 01:07:31.0512 5936 usbehci (79e96c23a97ce7b8f14d310da2db0c9b) C:\Windows\system32\DRIVERS\usbehci.sys 2011/05/08 01:07:31.0658 5936 usbhub (4673bbcb006af60e7abddbe7a130ba42) C:\Windows\system32\DRIVERS\usbhub.sys 2011/05/08 01:07:31.0759 5936 USBModem (a2b99411e10287f327a9820d260e7fe4) C:\Windows\system32\DRIVERS\lgusbmodem.sys 2011/05/08 01:07:31.0863 5936 usbohci (38dbc7dd6cc5a72011f187425384388b) C:\Windows\system32\drivers\usbohci.sys 2011/05/08 01:07:31.0966 5936 usbprint (e75c4b5269091d15a2e7dc0b6d35f2f5) C:\Windows\system32\DRIVERS\usbprint.sys 2011/05/08 01:07:32.0177 5936 usbscan (a508c9bd8724980512136b039bba65e9) C:\Windows\system32\DRIVERS\usbscan.sys 2011/05/08 01:07:32.0293 5936 USBSTOR (be3da31c191bc222d9ad503c5224f2ad) C:\Windows\system32\DRIVERS\USBSTOR.SYS 2011/05/08 01:07:32.0387 5936 usbuhci (814d653efc4d48be3b04a307eceff56f) C:\Windows\system32\DRIVERS\usbuhci.sys 2011/05/08 01:07:32.0489 5936 usbvideo (e67998e8f14cb0627a769f6530bcb352) C:\Windows\system32\Drivers\usbvideo.sys 2011/05/08 01:07:32.0783 5936 VClone (1cdaa48cb2f7744b8d25650e050766a5) C:\Windows\system32\DRIVERS\VClone.sys 2011/05/08 01:07:32.0948 5936 vga (87b06e1f30b749a114f74622d013f8d4) C:\Windows\system32\DRIVERS\vgapnp.sys 2011/05/08 01:07:33.0034 5936 VgaSave (2e93ac0a1d8c79d019db6c51f036636c) C:\Windows\System32\drivers\vga.sys 2011/05/08 01:07:33.0152 5936 viaagp (5d7159def58a800d5781ba3a879627bc) C:\Windows\system32\drivers\viaagp.sys 2011/05/08 01:07:33.0243 5936 ViaC7 (c4f3a691b5bad343e6249bd8c2d45dee) C:\Windows\system32\drivers\viac7.sys 2011/05/08 01:07:33.0386 5936 viaide (aadf5587a4063f52c2c3fed7887426fc) C:\Windows\system32\drivers\viaide.sys 2011/05/08 01:07:33.0478 5936 volmgr (69503668ac66c77c6cd7af86fbdf8c43) C:\Windows\system32\drivers\volmgr.sys 2011/05/08 01:07:33.0583 5936 volmgrx (23e41b834759917bfd6b9a0d625d0c28) C:\Windows\system32\drivers\volmgrx.sys 2011/05/08 01:07:33.0720 5936 volsnap (147281c01fcb1df9252de2a10d5e7093) C:\Windows\system32\drivers\volsnap.sys 2011/05/08 01:07:33.0822 5936 vsmraid (587253e09325e6bf226b299774b728a9) C:\Windows\system32\drivers\vsmraid.sys 2011/05/08 01:07:34.0133 5936 WacomPen (48dfee8f1af7c8235d4e626f0c4fe031) C:\Windows\system32\drivers\wacompen.sys 2011/05/08 01:07:34.0236 5936 Wanarp (55201897378cca7af8b5efd874374a26) C:\Windows\system32\DRIVERS\wanarp.sys 2011/05/08 01:07:34.0288 5936 Wanarpv6 (55201897378cca7af8b5efd874374a26) C:\Windows\system32\DRIVERS\wanarp.sys 2011/05/08 01:07:34.0512 5936 Wd (78fe9542363f297b18c027b2d7e7c07f) C:\Windows\system32\drivers\wd.sys 2011/05/08 01:07:34.0626 5936 Wdf01000 (b6f0a7ad6d4bd325fbcd8bac96cd8d96) C:\Windows\system32\drivers\Wdf01000.sys 2011/05/08 01:07:34.0978 5936 WimFltr (f9ad3a5e3fd7e0bdb18b8202b0fdd4e4) C:\Windows\system32\DRIVERS\wimfltr.sys 2011/05/08 01:07:35.0284 5936 winachsf (5a77ac34a0ffb70ce8b35b524fede9ba) C:\Windows\system32\DRIVERS\HSX_CNXT.sys 2011/05/08 01:07:36.0203 5936 WmiAcpi (2e7255d172df0b8283cdfb7b433b864e) C:\Windows\system32\drivers\wmiacpi.sys 2011/05/08 01:07:36.0508 5936 WpdUsb (0cec23084b51b8288099eb710224e955) C:\Windows\system32\DRIVERS\wpdusb.sys 2011/05/08 01:07:36.0651 5936 ws2ifsl (e3a3cb253c0ec2494d4a61f5e43a389c) C:\Windows\system32\drivers\ws2ifsl.sys 2011/05/08 01:07:36.0802 5936 WUDFRd (ac13cb789d93412106b0fb6c7eb2bcb6) C:\Windows\system32\DRIVERS\WUDFRd.sys 2011/05/08 01:07:36.0928 5936 XAudio (88af537264f2b818da15479ceeaf5d7c) C:\Windows\system32\DRIVERS\xaudio.sys 2011/05/08 01:07:37.0055 5936 yukonwlh (67e3d2af24c3873e6a0cac89de78d63b) C:\Windows\system32\DRIVERS\yk60x86.sys 2011/05/08 01:07:37.0441 5936 \HardDisk0 - detected Rootkit.Win32.TDSS.tdl4 (0) 2011/05/08 01:07:37.0453 5936 ================================================================================ 2011/05/08 01:07:37.0453 5936 Scan finished 2011/05/08 01:07:37.0453 5936 ================================================================================ 2011/05/08 01:07:37.0483 3880 Detected object count: 1 2011/05/08 01:07:58.0372 3880 \HardDisk0 (Rootkit.Win32.TDSS.tdl4) - will be cured after reboot 2011/05/08 01:07:58.0373 3880 \HardDisk0 - ok 2011/05/08 01:07:58.0423 3880 Rootkit.Win32.TDSS.tdl4(\HardDisk0) - User select action: Cure 2011/05/08 01:08:15.0679 5876 Deinitialize success
  13. Beauregard
    Rapport DDS effectué (Voir ci-dessous) Rapport Gmer en cours (pour la 2ème fois) mais sauvegarde impossible la première fois. Je viens d'y arriver. (Voir rapport ci-dessous) Multiples problèmes: - Redirection des liens Google vers des sites tiers à caractère publicitaire. - Écran bleu, puis redémarrage poussif 4 à 8 fois par jour. Une redémarrage m,a inquiété temporairement puisque Windows ne se lançait plus, avec un message laconique noir et blanc en anglais du type "Windows ne trouve pas les fichiers de lancement". - Très difficile de télécharger des outils des outils et d'aller sur certains site qui pourraient me permettre de nettoyer. - Plantage de programmes (InDesign, Excel, Outlook). Dysfonctionnements du Task Manager dans Outlook. Je pense être dans un cas similaire à celui du TDSS résolu hier par Appolo: http://forum.zebulon.fr/besoin-aide-nettoyage-pc-infecte-resolu-t185148.html Dans cet esprit: Rootkit.TDSS/Alueron TDL 4 : nouvelle variante | malekal's site A l'aide, je suis en Chine, en plein boulot. Minuit ici. Merci, Beauregard /////////////////// Rapport DDS . DDS (Ver_11-03-05.01) - NTFSx86 Run by Emmanuel at 20:49:12.58 on Sat 05/07/2011 Internet Explorer: 8.0.6001.18999 BrowserJavaVersion: 1.6.0_22 MicrosoftÆ Windows Vistaô …dition IntÈgrale 6.0.6002.2.1252.1.1033.18.3069.1807 [GMT 8:00] . AV: BitDefender Antivirus *Disabled/Updated* {982ADE23-275B-0766-37C5-DE01A484098E} SP: Spy Sweeper *Disabled/Updated* {8162D2B6-63C7-5812-E5F7-165FDC222080} SP: Windows Defender *Enabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} SP: BitDefender Antispyware *Disabled/Updated* {234B3FC7-0161-08E8-0D75-E573DF034333} . ============== Running Processes =============== . C:\Windows\system32\wininit.exe C:\Windows\system32\lsm.exe C:\Windows\system32\svchost.exe -k DcomLaunch C:\Program Files\Webroot\WebrootSecurity\WRConsumerService.exe C:\Windows\system32\svchost.exe -k rpcss C:\Windows\System32\svchost.exe -k secsvcs C:\Program Files\Common Files\BitDefender\BitDefender Update Service\livesrv.exe C:\Program Files\BitDefender\BitDefender 2010\vsserv.exe C:\Windows\system32\Ati2evxx.exe C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted C:\Windows\system32\svchost.exe -k netsvcs C:\Windows\system32\svchost.exe -k GPSvcGroup C:\Windows\system32\SLsvc.exe C:\Windows\system32\svchost.exe -k LocalService C:\Windows\system32\Ati2evxx.exe C:\Program Files\DisplayLink Core Software\DisplayLinkService.exe C:\Windows\RtkAudioService.exe C:\Windows\system32\svchost.exe -k NetworkService C:\Windows\system32\taskeng.exe C:\Windows\System32\spoolsv.exe C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork C:\Windows\system32\WLANExt.exe C:\Windows\system32\svchost.exe -k apphost C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe C:\Program Files\Bonjour\mDNSResponder.exe C:\Windows\system32\svchost.exe -k bthsvcs C:\Program Files\Intel\WiFi\bin\EvtEng.exe C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe c:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe C:\Windows\system32\nlssrv32.exe C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted C:\Windows\system32\PSIService.exe C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe c:\Program Files\Microsoft SQL Server\90\Shared\sqlbrowser.exe c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe C:\Windows\system32\svchost.exe -k imgsvc C:\Program Files\Sony\VAIO Event Service\VESMgr.exe C:\Program Files\DisplayLink Core Software\DisplayLinkManager.exe C:\Windows\system32\Dwm.exe C:\Windows\Explorer.EXE C:\Windows\system32\taskeng.exe C:\Program Files\Sony\VAIO Power Management\SPMService.exe C:\Program Files\BitDefender\BitDefender 2010\bdagent.exe C:\Windows\system32\DllHost.exe C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VCSW\VCSW.exe C:\Windows\system32\DllHost.exe C:\Windows\system32\svchost.exe -k iissvcs C:\Program Files\Sony\VAIO Event Service\VESMgrSub.exe C:\Program Files\Webroot\WebrootSecurity\SpySweeper.exe C:\Program Files\BitDefender\BitDefender 2010\seccenter.exe C:\Windows\ehome\ehtray.exe C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe C:\Program Files\DisplayLink Core Software\DisplayLinkUI.exe C:\Program Files\Microsoft Office\Office14\MSOSYNC.EXE C:\Program Files\Siber Systems\AI RoboForm\robotaskbaricon.exe C:\Program Files\Sony\VAIO Power Management\SPMgr.exe C:\Windows\system32\DllHost.exe C:\Windows\System32\svchost.exe -k WerSvcGroup C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE C:\Windows\system32\SearchIndexer.exe C:\Windows\system32\WUDFHost.exe C:\Windows\system32\DRIVERS\xaudio.exe C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzCdbSvc.exe C:\Windows\system32\wbem\wmiprvse.exe C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe C:\Windows\ehome\ehmsas.exe C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzFw.exe C:\Windows\system32\conime.exe C:\Windows\System32\alg.exe C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE C:\Windows\System32\mobsync.exe C:\Users\Emmanuel\Desktop\dds.scr C:\Windows\system32\wbem\wmiprvse.exe . ============== Pseudo HJT Report =============== . uStart Page = hxxp://www.rue89.com/ uInternet Settings,ProxyServer = 127.0.0.1:8580 uInternet Settings,ProxyOverride = <local> BHO: SnagIt Toolbar Loader: {00c6482d-c502-44c8-8409-fce54ad9c208} - c:\program files\techsmith\snagit 9\SnagitBHO.dll BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll BHO: FlpLauncher Class: {4401fdc3-7996-4774-8d2b-c1ae9cd6cc25} - c:\progra~1\e-book~1\flipvi~2\fvbho140.dll BHO: CmjBrowserHelperObject Object: {6fe6a929-59d1-4763-91ad-29b61cffb35b} - c:\program files\mindjet\mindmanager 9\Mm8InternetExplorer.dll BHO: RoboForm BHO: {724d43a9-0d85-11d4-9908-00400523e39a} - c:\program files\siber systems\ai roboform\roboform.dll BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - c:\progra~1\micros~3\office14\GROOVEEX.DLL BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll BHO: Adobe PDF Conversion Toolbar Helper: {ae7cd045-e861-484f-8273-0445ee161910} - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll BHO: Skype Plug-In: {ae805869-2e5c-4ed4-8f7b-f1f7851a4497} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll BHO: Office Document Cache Handler: {b4f3a835-0e21-4959-ba22-42b3008e02ff} - c:\progra~1\micros~3\office14\URLREDIR.DLL BHO: Java Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll BHO: SmartSelect Class: {f4971ee7-daa0-4053-9964-665d8ee6a077} - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll BHO: DAPIELoader Class: {ff6c3cf0-4b15-11d1-abed-709549c10000} - c:\progra~1\dap\DAPIEL~1.DLL TB: &RoboForm: {724d43a0-0d85-11d4-9908-00400523e39a} - c:\program files\siber systems\ai roboform\roboform.dll TB: Snagit: {8ff5e183-abde-46eb-b09e-d2aab95cabe3} - c:\program files\techsmith\snagit 9\SnagitIEAddin.dll TB: BitDefender Toolbar: {381ffde8-2394-4f90-b10d-fc6124a40f8c} - c:\program files\bitdefender\bitdefender 2010\IEToolbar.dll TB: Adobe PDF: {47833539-d0c5-4125-9fa8-0819e2eaac93} - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll TB: {10134636-E7AF-4AC5-A1DC-C7C44BB97D81} - No File TB: {D4027C7F-154A-4066-A1AD-4243D8127440} - No File TB: {8FF5E180-ABDE-46EB-B09E-D2AAB95CABE3} - No File uRun: [ehTray.exe] "c:\windows\ehome\ehTray.exe" uRun: [iSUSPM] "c:\program files\common files\installshield\updateservice\ISUSPM.exe" -scheduler uRun: [Ditto] "c:\program files\ditto\Ditto.exe" uRun: [skype] "c:\program files\skype\phone\Skype.exe" /nosplash /minimized uRun: [AdobeBridge] uRun: [lnksutil] "rundll32" "c:\users\emmanuel\appdata\local\temp\ntosetup.dll",CreateProcessNotify uRun: [OfficeSyncProcess] "c:\program files\microsoft office\office14\MSOSYNC.EXE" uRun: [RoboForm] "c:\program files\siber systems\ai roboform\RoboTaskBarIcon.exe" mRun: [bCSSync] "c:\program files\microsoft office\office14\BCSSync.exe" /DelayServices mRun: [Malwarebytes' Anti-Malware (reboot)] "c:\program files\malwarebytes' anti-malware\mbam.exe" /runcleanupscript mRun: [spySweeper] "c:\program files\webroot\webrootsecurity\SpySweeperUI.exe" /startintray mPolicies-explorer: BindDirectlyToPropertySetStorage = 0 (0x0) mPolicies-system: EnableUIADesktopToggle = 0 (0x0) IE: &Clean Traces - c:\program files\dap\privacy package\dapcleanerie.htm IE: &Download with &DAP - c:\program files\dap\dapextie.htm IE: Append Link Target to Existing PDF - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll/AcroIEAppendSelLinks.html IE: Append to existing PDF - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll/AcroIEAppend.html IE: Barre RoboForm - file://c:\program files\siber systems\ai roboform\RoboFormComShowToolbar.html IE: Convert link target to Adobe PDF - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll/AcroIECaptureSelLinks.html IE: Convert link target to existing PDF - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll/AcroIEAppendSelLinks.html IE: Convert to Adobe PDF - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll/AcroIECapture.html IE: Download &all with DAP - c:\program files\dap\dapextie2.htm IE: E&xport to Microsoft Excel - c:\progra~1\micros~3\office14\EXCEL.EXE/3000 IE: Enregistrer le formulaire - file://c:\program files\siber systems\ai roboform\RoboFormComSavePass.html IE: Personnaliser le menu - file://c:\program files\siber systems\ai roboform\RoboFormComCustomizeIEMenu.html IE: Remplir le formulaire - file://c:\program files\siber systems\ai roboform\RoboFormComFillForms.html IE: Se&nd to OneNote - c:\progra~1\micros~3\office14\ONBttnIE.dll/105 IE: Send image to &Bluetooth Device... - c:\program files\widcomm\bluetooth software\btsendto_ie_ctx.htm IE: Send page to &Bluetooth Device... - c:\program files\widcomm\bluetooth software\btsendto_ie.htm IE: QQ - c:\program files\tencent\qqintl\bin\AddEmotion.htm IE: {320AF880-6646-11D3-ABEE-C5DBF3571F46} - c:\program files\siber systems\ai roboform\RoboFormComFillForms.html IE: {320AF880-6646-11D3-ABEE-C5DBF3571F49} - c:\program files\siber systems\ai roboform\RoboFormComSavePass.html IE: {724d43aa-0d85-11d4-9908-00400523e39a} - c:\program files\siber systems\ai roboform\RoboFormComShowToolbar.html IE: {CCA281CA-C863-46ef-9331-5C8D4460577F} - c:\program files\widcomm\bluetooth software\btsendto_ie.htm IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\program files\microsoft office\office14\ONBttnIE.dll IE: {2F72393D-2472-4F82-B600-ED77F354B7FF} - {6FE6A929-59D1-4763-91AD-29B61CFFB35B} - c:\program files\mindjet\mindmanager 9\Mm8InternetExplorer.dll IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - c:\program files\microsoft office\office14\ONBttnIELinkedNotes.dll IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll LSP: c:\windows\system32\ASProxy.dll Trusted Zone: alipay.com Trusted Zone: alisoft.com Trusted Zone: carrefour.com.cn\e-shop Trusted Zone: imdb.com\secure Trusted Zone: taobao.com DPF: {1E0DFFCF-27FF-4574-849B-55007349FEDA} - hxxps://download.alipay.com/aliedit/aliedit/2401/aliedit.cab DPF: {233C1507-6A77-46A4-9443-F871F945D258} - hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - c:\program files\common files\microsoft shared\office14\MSOXMLMF.DLL Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\program files\common files\skype\Skype4COM.dll Name-Space Handler: ftp\ZDA - {5BFA1DAF-5EDC-11D2-959E-00C00C02DA5E} - c:\progra~1\dap\dapie.dll Name-Space Handler: http\ZDA - {5BFA1DAF-5EDC-11D2-959E-00C00C02DA5E} - c:\progra~1\dap\dapie.dll Notify: VESWinlogon - VESWinlogon.dll AppInit_DLLs: acaptuser32.dll STS: Windows DreamScene: {e31004d1-a431-41b8-826f-e902f9d95c81} - %SystemRoot%\System32\DreamScene.dll SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - c:\progra~1\micros~3\office14\GROOVEEX.DLL mASetup: {7070D8E0-650A-46b3-B03C-9497582E6A74} - %SystemRoot%\system32\soundschemes.exe /AddRegistration mASetup: {B3688A53-AB2A-4b1d-8CEF-8F93D8C51C24} - %SystemRoot%\system32\soundschemes2.exe /AddRegistration Hosts: 66.207.162.66 freedur.com Hosts: 66.207.162.66 www.freedur.com Hosts: 204.152.194.50 clients.freedur.com Hosts: 204.152.194.50 blog.freedur.com Hosts: 66.207.162.66 freedur.net . Note: multiple HOSTS entries found. Please refer to Attach.txt . ================= FIREFOX =================== . FF - ProfilePath - c:\users\emmanuel\appdata\roaming\mozilla\firefox\profiles\8681oi1f.default\ FF - prefs.js: browser.startup.homepage - hxxp://pro.imdb.com/ FF - prefs.js: network.proxy.ftp - 127.0.0.1 FF - prefs.js: network.proxy.ftp_port - 8580 FF - prefs.js: network.proxy.http - 127.0.0.1 FF - prefs.js: network.proxy.http_port - 8580 FF - prefs.js: network.proxy.socks - 127.0.0.1 FF - prefs.js: network.proxy.socks_port - 8580 FF - prefs.js: network.proxy.ssl - 127.0.0.1 FF - prefs.js: network.proxy.ssl_port - 8580 FF - prefs.js: network.proxy.type - 1 . ============= SERVICES / DRIVERS =============== . R0 dlkmdldr;dlkmdldr;c:\windows\system32\drivers\dlkmdldr.sys [2009-1-19 13424] R0 ssfs0bbc;ssfs0bbc;c:\windows\system32\drivers\ssfs0bbc.sys [2009-11-6 29808] R2 CMB8100;CMB8100;c:\windows\system32\drivers\CertClient.dat [2009-12-29 11808] R2 CMBProtector;CMBProtector;c:\windows\system32\drivers\CMBProtector.dat [2009-12-29 10272] R2 DisplayLinkService;DisplayLink Service;c:\program files\displaylink core software\DisplayLinkService.exe [2008-8-18 443752] R2 nlsX86cc;Nalpeiron Licensing Service;c:\windows\system32\nlssrv32.exe [2010-3-25 57344] R2 regi;regi;c:\windows\system32\drivers\regi.sys [2007-4-18 11032] R2 RtkHDMIService;RtkHDMIService;c:\windows\RTKAUDIOSERVICE.EXE [2008-6-18 98304] R2 VAIO Power Management;VAIO Power Management;c:\program files\sony\vaio power management\SPMService.exe [2009-1-19 411488] R2 WebrootSpySweeperService;Webroot Spy Sweeper Engine;c:\program files\webroot\webrootsecurity\SpySweeper.exe [2009-11-6 4048240] R2 WRConsumerService;Webroot Client Service;c:\program files\webroot\webrootsecurity\WRConsumerService.exe [2010-1-17 1201640] R3 BDFM;BDFM;c:\windows\system32\drivers\bdfm.sys [2010-2-3 153448] R3 BTHprint;Microsoft Bluetooth Printer Class;c:\windows\system32\drivers\BTHPRINT.SYS [2009-7-6 29696] R3 btwl2cap;Bluetooth L2CAP Service;c:\windows\system32\drivers\btwl2cap.sys [2008-6-18 28464] R3 dlkmd;dlkmd;c:\windows\system32\drivers\dlkmd.sys [2009-1-19 287856] R3 NETw5v32;Intel® Wireless WiFi Link Adapter Driver for Windows Vista 32 Bit ;c:\windows\system32\drivers\NETw5v32.sys [2008-4-28 3658752] R3 osppsvc;Office Software Protection Platform;c:\program files\common files\microsoft shared\officesoftwareprotectionplatform\OSPPSVC.EXE [2010-1-9 4640000] R3 SFEP;Sony Firmware Extension Parser;c:\windows\system32\drivers\SFEP.sys [2008-6-18 9344] S3 Alidevice;Alidevice;c:\windows\system32\drivers\alidevice.sys [2010-1-8 6656] S3 Arrakis3;BitDefender Arrakis Server;c:\program files\common files\bitdefender\bitdefender arrakis server\bin\arrakis3.exe [2009-10-19 183880] S3 ASOVPNHelper;Astrill OpenVPN Service;c:\users\emmanuel\appdata\roaming\astrill\asovpnsvc.exe --run --> c:\users\emmanuel\appdata\roaming\astrill\ASOvpnSvc.exe --run [?] S3 ASProxy;ASProxy;c:\users\emmanuel\appdata\roaming\astrill\ASProxy.exe [2010-10-31 1962192] S3 Microsoft SharePoint Workspace Audit Service;Microsoft SharePoint Workspace Audit Service;c:\program files\microsoft office\office14\GROOVE.EXE [2010-3-25 30969208] S3 SOHCImp;VAIO Media plus Content Importer;c:\program files\sony\vaio media plus\SOHCImp.exe [2008-8-27 104288] S3 SOHDms;VAIO Media plus Digital Media Server;c:\program files\sony\vaio media plus\SOHDms.exe [2008-8-27 350048] S3 SOHDs;VAIO Media plus Device Searcher;c:\program files\sony\vaio media plus\SOHDs.exe [2008-8-27 63328] S3 SwitchBoard;Adobe SwitchBoard;c:\program files\common files\adobe\switchboard\SwitchBoard.exe [2010-2-19 517096] S3 SWNC8U56;Sierra Wireless MUX NDIS Driver (UMTS56);c:\windows\system32\drivers\swnc8u56.sys [2007-6-27 101248] S3 SWUMX56;Sierra Wireless USB MUX Driver (UMTS56);c:\windows\system32\drivers\swumx56.sys [2007-6-27 73856] S3 VcmIAlzMgr;VAIO Content Metadata Intelligent Analyzing Manager;c:\program files\sony\vcm intelligent analyzing manager\VcmIAlzMgr.exe [2008-6-18 333088] S3 VcmXmlIfHelper;VAIO Content Metadata XML Interface;c:\program files\common files\sony shared\vcmxml\VcmXmlIfHelper.exe [2008-6-18 87328] . =============== Created Last 30 ================ . 2011-05-06 02:50:09 -------- d-----w- c:\users\emmanuel\appdata\roaming\Malwarebytes 2011-05-06 02:49:54 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys 2011-05-06 02:49:52 -------- d-----w- c:\progra~2\Malwarebytes 2011-05-06 02:49:48 20952 ----a-w- c:\windows\system32\drivers\mbam.sys 2011-05-06 02:49:48 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware 2011-05-04 03:15:43 89600 ----a-w- c:\windows\system32\spool\prtprocs\w32x86\HPZPPLHN.DLL 2011-05-02 07:17:42 -------- d-----w- c:\users\emmanuel\appdata\roaming\RoboForm 2011-05-02 06:04:48 142296 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll 2011-05-02 06:04:44 781272 ----a-w- c:\program files\mozilla firefox\mozsqlite3.dll 2011-05-02 06:04:44 1874904 ----a-w- c:\program files\mozilla firefox\mozjs.dll 2011-05-02 06:04:43 89048 ----a-w- c:\program files\mozilla firefox\libEGL.dll 2011-05-02 06:04:43 465880 ----a-w- c:\program files\mozilla firefox\libGLESv2.dll 2011-05-02 06:04:43 1892184 ----a-w- c:\program files\mozilla firefox\d3dx9_42.dll 2011-05-02 06:04:43 15832 ----a-w- c:\program files\mozilla firefox\mozalloc.dll 2011-05-02 06:04:42 1974616 ----a-w- c:\program files\mozilla firefox\D3DCompiler_42.dll . ==================== Find3M ==================== . 2011-02-15 08:27:10 26960 ----a-w- c:\windows\system32\novamnv7.dll 2011-02-15 08:27:08 21328 ----a-w- c:\windows\system32\novamiv7.dll . =================== ROOTKIT ==================== . Stealth MBR rootkit/Mebroot/Sinowal/TDL4 detector 0.4.2 by Gmer, GMER - Rootkit Detector and Remover Windows 6.0.6002 Disk: FUJITSU_ rev.0041 -> Harddisk0\DR0 -> \Device\Ide\iaStor0 . device: opened successfully user: MBR read successfully . Disk trace: called modules: ntkrnlpa.exe CLASSPNP.SYS disk.sys acpi.sys hal.dll >>UNKNOWN [0x89556555]<< _asm { PUSH EBP; MOV EBP, ESP; PUSH ECX; MOV EAX, [EBP+0x8]; CMP EAX, [0x8955c7b0]; MOV EAX, [0x8955c82c]; PUSH EBX; PUSH ESI; MOV ESI, [EBP+0xc]; MOV EBX, [ESI+0x60]; PUSH EDI; JNZ 0x20; MOV [EBP+0x8], EAX; } 1 ntkrnlpa!IofCallDriver[0x84655962] -> \Device\Harddisk0\DR0[0x891AF150] 3 CLASSPNP[0x8CDE38B3] -> ntkrnlpa!IofCallDriver[0x84655962] -> [0x87DAFC60] 5 acpi[0x8069F6BC] -> ntkrnlpa!IofCallDriver[0x84655962] -> [0x87D49028] \Driver\iaStor[0x887BD048] -> IRP_MJ_CREATE -> 0x89556555 kernel: MBR read successfully _asm { XOR AX, AX; MOV SS, AX; MOV SP, 0x7c00; MOV ES, AX; MOV DS, AX; MOV SI, 0x7c00; MOV DI, 0x600; MOV CX, 0x200; CLD ; REP MOVSB ; PUSH AX; PUSH 0x61c; RETF ; STI ; PUSHA ; MOV CX, 0x132; MOV BP, 0x62a; ROR BYTE [bP+0x0], CL; INC BP; } detected disk devices: \Device\Ide\IAAStorageDevice-0 -> \??\IDE#DiskFUJITSU_MHZ2400BT_G1____________________0041000C#4&390b30ad&0&0.0.0#{53f56307-b6bf-11d0-94f2-00a0c91efb8b} device not found detected hooks: user != kernel MBR !!! sectors 781422766 (+255): user != kernel Warning: possible TDL4 rootkit infection ! TDL4 rootkit infection detected ! Use: "mbr.exe -f" to fix. . ============= FINISH: 20:53:14.47 =============== Rapport secondaire DDS . UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG. IF REQUESTED, ZIP IT UP & ATTACH IT . DDS (Ver_11-03-05.01) . MicrosoftÆ Windows Vistaô …dition IntÈgrale Boot Device: \Device\HarddiskVolume2 Install Date: 8/27/2008 7:57:25 AM System Uptime: 5/7/2011 6:11:09 PM (2 hours ago) . Motherboard: Sony Corporation | | VAIO Processor: Intel® Core2 Duo CPU T9600 @ 2.80GHz | N/A | 800/266mhz . ==== Disk Partitions ========================= . C: is FIXED (NTFS) - 364 GiB total, 96.44 GiB free. D: is Removable E: is Removable F: is CDROM () H: is CDROM () . ==== Disabled Device Manager Items ============= . Class GUID: Description: Bluetooth Peripheral Device Device ID: BTHENUM\{00000000-DECA-FADE-DECA-DEAFDECACAFE}_VID&000205AC_PID&129A\7&1A18FFC0&0&C8BCC82ABAA6_C00000000 Manufacturer: Name: Bluetooth Peripheral Device PNP Device ID: BTHENUM\{00000000-DECA-FADE-DECA-DEAFDECACAFE}_VID&000205AC_PID&129A\7&1A18FFC0&0&C8BCC82ABAA6_C00000000 Service: . ==== System Restore Points =================== . No restore point in system. . ==== Hosts File Hijack ====================== . Hosts: 66.207.162.66 freedur.com Hosts: 66.207.162.66 www.freedur.com Hosts: 204.152.194.50 clients.freedur.com Hosts: 204.152.194.50 blog.freedur.com Hosts: 66.207.162.66 freedur.net Hosts: 66.207.162.66 www.freedur.net Hosts: 204.152.194.50 clients.freedur.net Hosts: 204.152.194.50 blog.freedur.net Hosts: 66.207.162.66 freedur.org Hosts: 66.207.162.66 www.freedur.org Hosts: 204.152.194.50 clients.freedur.org Hosts: 204.152.194.50 blog.freedur.org Hosts: 66.207.161.29 clients.skydur.com Hosts: 66.207.161.29 blog.skydur.com Hosts: 109.123.89.16 www.skydur.com Hosts: 109.123.89.16 skydur.com Hosts: 109.123.89.16 secure.skydur.com Hosts: 109.123.89.16 www.skydurvpn.com Hosts: 109.123.89.16 skydurvpn.com Hosts: 109.123.89.16 secure.skydurvpn.com . ==== Installed Programs ====================== . . ’–––◊®“µ∞Ê ÷ß∏∂±¶≤º˛ 1.2.0.2 Adobe Acrobat 9 Pro Extended - English, FranÁais, Deutsch Adobe AIR Adobe Anchor Service CS4 Adobe Bridge CS4 Adobe CMaps CS4 Adobe Color EU Extra Settings CS4 Adobe Color JA Extra Settings CS4 Adobe Color NA Recommended Settings CS4 Adobe Community Help Adobe Creative Suite 5 Master Collection Adobe CSI CS4 Adobe Default Language CS4 Adobe Drive CS4 Adobe ExtendScript Toolkit CS4 Adobe Extension Manager CS4 Adobe Flash Player 10 ActiveX Adobe Flash Player 10 Plugin Adobe Fonts All Adobe InCopy CS4 Application Feature Set Files (Roman) Adobe InCopy CS4 Common Base Files Adobe InDesign CS4 Icon Handler Adobe Linguistics CS4 Adobe Output Module Adobe PDF Library Files CS4 Adobe Search for Help Adobe Service Manager Extension Adobe Setup Adobe SING CS4 Adobe Type Support CS4 Adobe Update Manager CS4 Adobe WinSoft Linguistics Plugin Adobe XMP Panels CS4 AdobeColorCommonSetCMYK AdobeColorCommonSetRGB Advanced System Optimizer Alien Skin Exposure 3 Alps Pointing-device for VAIO Apple Application Support Apple Mobile Device Support Apple Software Update Astrill 2.2.0.1824 ATI Catalyst Install Manager BitDefender Antivirus 2010 Bonjour Canon G.726 WMP-Decoder CANON iMAGE GATEWAY Task for ZoomBrowser EX Canon Internet Library for ZoomBrowser EX Canon MovieEdit Task for ZoomBrowser EX Canon RAW Image Task for ZoomBrowser EX Canon SELPHY CP780 Canon Utilities CameraWindow Canon Utilities CameraWindow DC_DV 6 for ZoomBrowser EX Canon Utilities MyCamera Canon Utilities RemoteCapture Task for ZoomBrowser EX Canon Utilities ZoomBrowser EX Canon ZoomBrowser EX Memory Card Utility CanoScan Toolbox Ver4.9 Catalyst Control Center - Branding Catalyst Control Center Core Implementation Catalyst Control Center Graphics Full Existing Catalyst Control Center Graphics Full New Catalyst Control Center Graphics Light Catalyst Control Center Graphics Previews Common Catalyst Control Center Graphics Previews Vista Catalyst Control Center Localization Chinese Standard Catalyst Control Center Localization Chinese Traditional Catalyst Control Center Localization Czech Catalyst Control Center Localization Danish Catalyst Control Center Localization Dutch Catalyst Control Center Localization Finnish Catalyst Control Center Localization French Catalyst Control Center Localization German Catalyst Control Center Localization Greek Catalyst Control Center Localization Hungarian Catalyst Control Center Localization Italian Catalyst Control Center Localization Japanese Catalyst Control Center Localization Korean Catalyst Control Center Localization Norwegian Catalyst Control Center Localization Polish Catalyst Control Center Localization Portuguese Catalyst Control Center Localization Russian Catalyst Control Center Localization Spanish Catalyst Control Center Localization Swedish Catalyst Control Center Localization Thai Catalyst Control Center Localization Turkish ccc-core-static ccc-utility CCC Help Chinese Standard CCC Help Chinese Traditional CCC Help Czech CCC Help Danish CCC Help Dutch CCC Help English CCC Help Finnish CCC Help French CCC Help German CCC Help Greek CCC Help Hungarian CCC Help Italian CCC Help Japanese CCC Help Korean CCC Help Norwegian CCC Help Polish CCC Help Portuguese CCC Help Russian CCC Help Spanish CCC Help Swedish CCC Help Thai CCC Help Turkish CDDRV_Installer Choice Guard Click to Disc Click to Disc Editor CMBEdit Connect Conseiller de mise ‡ niveau vers Windows 7 CuteFTP 8 Professional Definition update for Microsoft Office 2010 (KB982726) DisplayLink Core Software Ditto 3.15.4.0 Download Accelerator Plus (DAP) Driver Installer EP Budgeting Final Draft 7 FlipBook Creator 1.5 FlipViewer 4.5 FlipViewer Xpress Creator 2.2 Free HD Converter V 1.7 French App Name GDR 4053 for SQL Server Database Services 2005 ENU (KB970892) HDAUDIO SoftV92 Data Fax Modem with SmartCP Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595) Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484) Hotfix for Microsoft Word 2010 (KB2459114) HP Print Diagnostic Utility Installation Windows Live Intel PROSet Wireless Intel® PROSet/Wireless WiFi Software iTunes Java Auto Updater Java 6 Update 22 Java 6 Update 7 Java SE Runtime Environment 6 KhalInstallWrapper kuler LG USB Modem Drivers Logitech SetPoint Malwarebytes' Anti-Malware Microsoft .NET Framework 3.5 SP1 Microsoft Application Error Reporting Microsoft IntelliPoint 6.1 Microsoft IntelliType Pro 6.1 Microsoft Office Access MUI (English) 2010 Microsoft Office Access Setup Metadata MUI (English) 2010 Microsoft Office Excel MUI (English) 2010 Microsoft Office Groove MUI (English) 2010 Microsoft Office InfoPath MUI (English) 2010 Microsoft Office Live Add-in 1.5 Microsoft Office Live Add-in Patches Microsoft Office OneNote MUI (English) 2010 Microsoft Office Outlook MUI (English) 2010 Microsoft Office PowerPoint MUI (English) 2010 Microsoft Office Professional Plus 2010 Microsoft Office Proof (English) 2010 Microsoft Office Proof (French) 2010 Microsoft Office Proof (Spanish) 2010 Microsoft Office Proofing (English) 2010 Microsoft Office Publisher MUI (English) 2010 Microsoft Office Shared MUI (English) 2010 Microsoft Office Shared Setup Metadata MUI (English) 2010 Microsoft Office Word MUI (English) 2010 Microsoft SharedView Microsoft Silverlight Microsoft SQL Server 2005 Microsoft SQL Server 2005 Express Edition (MSSMLBIZ) Microsoft SQL Server Native Client Microsoft SQL Server Setup Support Files (English) Microsoft SQL Server VSS Writer Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 Microsoft Visual C++ 2005 Redistributable Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 Microsoft_VC80_ATL_x86 Microsoft_VC80_CRT_x86 Microsoft_VC80_MFC_x86 Microsoft_VC80_MFCLOC_x86 Microsoft_VC90_ATL_x86 Microsoft_VC90_CRT_x86 Microsoft_VC90_MFC_x86 Mindjet MindManager 9 MobileMe Control Panel ModËles de sons Windows Movie Outline 3.1.1 Mozilla Firefox 4.0.1 (x86 fr) MSVCRT MSXML 4.0 SP2 (KB936181) MSXML 4.0 SP2 (KB941833) MSXML 4.0 SP2 (KB954430) MSXML 4.0 SP2 (KB973688) MSXML 4.0 SP2 and SOAP Toolkit 3.0 MSXML 4.0 SP2 Parser and SDK MXAir Tutorial NEF Codec OpenMG Secure Module 5.0.00 Outil de tÈlÈchargement Windows Live PamFax PamFax Office Integration PDF-XChange 3 PDF Settings CS4 PDF Settings CS5 Photoshop Camera Raw Qlock Lite QuickTime QuickTime MPEG2 Real Alternative 1.9.0 Realtek High Definition Audio Driver Resolume DXV Quicktime Codec 2.1 RoboForm 7-2-9 (All Users) Security Update for CAPICOM (KB931906) Security Update for Microsoft .NET Framework 3.5 SP1 (KB2416473) Security Update for Microsoft Office 2010 (KB2289078) Security Update for Microsoft Office 2010 (KB2289161) Security Update for Microsoft Publisher 2010 (KB2409055) Setting Utility Series Skins Skylook Skype Toolbars Skypeô 5.1 SmartWi Connection Utility Snagit 9.1.3 Sony Download Taxi 1.5.0.0 SONY VGP-UPR1 (Display Adapter) SONY VGP-UPR1 (Display Adapter) Utility Sony Video Shared Library Spy Sweeper Spy Sweeper Core Suite Shared Configuration CS4 SupportSoft Assisted Service Tencent QQ Ultimate Extras sounds from MicrosoftÆ Tinkerô Ultra Flash Video FLV Converter 3.8.1023 Update for Microsoft .NET Framework 3.5 SP1 (KB963707) Update for Microsoft Office 2010 (KB2202188) Update for Microsoft Office 2010 (KB2413186) Update for Microsoft OneNote 2010 (KB2433299) Update for Microsoft Outlook Social Connector (KB2289116) VAIO Content Folder Setting VAIO Content Metadata Intelligent Analyzing Manager VAIO Content Metadata Manager Setting VAIO Content Metadata XML Interface Library VAIO Control Center VAIO Data Restore Tool VAIO DVD Menu Data Basic VAIO Entertainment Platform VAIO Event Service VAIO Help and Support VAIO Launcher VAIO Media plus VAIO Movie Story VAIO Movie Story Template Data VAIO MusicBox VAIO MusicBox Sample Music VAIO My Memory Center VAIO OOBE and Welcome Center VAIO Original Function Setting VAIO Power Management VAIO Presentation Support VAIO Startup Assistant VAIO Survey VAIO Update 3 VAIO Wallpaper Contents VAIO Wireless Wizard VirtualCloneDrive WIDCOMM Bluetooth Software 6.1.0.2200 Windows Live Call Windows Live Communications Platform Windows Live ID Sign-in Assistant Windows Live Messenger Windows Media Player Firefox Plugin WinDVD for VAIO WinRAR archiver Your Uninstaller! 2008 Version 6.2 . ==== End Of File =========================== Rapport Gmer GMER 1.0.15.15627 - GMER - Rootkit Detector and Remover Rootkit scan 2011-05-08 00:01:05 Windows 6.0.6002 Service Pack 2 Harddisk0\DR0 -> \Device\Ide\iaStor0 FUJITSU_ rev.0041 Running: gmer.exe; Driver: C:\Users\Emmanuel\AppData\Local\Temp\pxriqkow.sys ---- System - GMER 1.0.15 ---- SSDT 87D41B70 ZwAllocateVirtualMemory SSDT 87D66218 ZwCreateProcess SSDT 87D661A0 ZwCreateProcessEx SSDT 87D41E40 ZwCreateThread SSDT 87D41BE8 ZwQueueApcThread SSDT 87D41A80 ZwReadVirtualMemory SSDT 87D41CD8 ZwSetContextThread SSDT 87D41F30 ZwSetInformationProcess SSDT 87D41D50 ZwSetInformationThread SSDT 87D41EB8 ZwSuspendProcess SSDT 87D41C60 ZwSuspendThread SSDT 87D41FA8 ZwTerminateProcess SSDT 87D41DC8 ZwTerminateThread SSDT 87D41AF8 ZwWriteVirtualMemory SSDT 87D41990 ZwCreateThreadEx SSDT 87D41A08 ZwCreateUserProcess INT 0x61 ? 90526CD0 INT 0xB0 ? 90526A50 ---- Kernel code sections - GMER 1.0.15 ---- .text ntkrnlpa.exe!KeSetEvent + 131 846F1894 4 Bytes [70, 1B, D4, 87] {JO 0x1d; AAM 0x87} .text ntkrnlpa.exe!KeSetEvent + 209 846F196C 8 Bytes [18, 62, D6, 87, A0, 61, D6, ...] .text ntkrnlpa.exe!KeSetEvent + 221 846F1984 4 Bytes [40, 1E, D4, 87] {INC EAX; PUSH DS; AAM 0x87} .text ntkrnlpa.exe!KeSetEvent + 4E5 846F1C48 4 Bytes [E8, 1B, D4, 87] .text ntkrnlpa.exe!KeSetEvent + 4FD 846F1C60 4 Bytes [80, 1A, D4, 87] .text ... .text C:\Windows\system32\DRIVERS\atikmdag.sys section is writeable [0x92C09000, 0x1F926A, 0xE8000020] ---- User code sections - GMER 1.0.15 ---- .text C:\Windows\system32\svchost.exe[1592] ntdll.dll!NtProtectVirtualMemory 77424D34 5 Bytes JMP 002C000A .text C:\Windows\system32\svchost.exe[1592] ntdll.dll!NtWriteVirtualMemory 77425674 5 Bytes JMP 002D000A .text C:\Windows\system32\svchost.exe[1592] ntdll.dll!KiUserExceptionDispatcher 77425DC8 5 Bytes JMP 002B000A .text C:\Windows\system32\svchost.exe[1592] ole32.dll!CoCreateInstance 765C9F3E 5 Bytes JMP 0081000A .text C:\Windows\system32\svchost.exe[1592] USER32.dll!WindowFromPoint 7633884F 5 Bytes JMP 0215000A .text C:\Windows\system32\svchost.exe[1592] USER32.dll!GetForegroundWindow 763432C4 5 Bytes JMP 021A000A .text C:\Windows\system32\svchost.exe[1592] USER32.dll!GetCursorPos 76350B88 5 Bytes JMP 01FE000A .text c:\Program Files\Microsoft SQL Server\90\Shared\sqlbrowser.exe[2892] ntdll.dll!NtProtectVirtualMemory 77424D34 5 Bytes JMP 0082000A .text c:\Program Files\Microsoft SQL Server\90\Shared\sqlbrowser.exe[2892] ntdll.dll!NtWriteVirtualMemory 77425674 5 Bytes JMP 0083000A .text c:\Program Files\Microsoft SQL Server\90\Shared\sqlbrowser.exe[2892] ntdll.dll!KiUserExceptionDispatcher 77425DC8 5 Bytes JMP 0081000A .text C:\Windows\Explorer.EXE[5052] ntdll.dll!NtProtectVirtualMemory 77424D34 5 Bytes JMP 0084000A .text C:\Windows\Explorer.EXE[5052] ntdll.dll!NtWriteVirtualMemory 77425674 5 Bytes JMP 0086000A .text C:\Windows\Explorer.EXE[5052] ntdll.dll!KiUserExceptionDispatcher 77425DC8 5 Bytes JMP 0083000A ---- Devices - GMER 1.0.15 ---- AttachedDevice \FileSystem\Ntfs \Ntfs ssfs0bbc.sys (Spy Sweeper FileSystem Filter Driver/Webroot Software, Inc. (www.webroot.com)) Device \Device\Ide\IAAStorageDevice-0 -> \??\IDE#DiskFUJITSU_MHZ2400BT_G1____________________0041000C#4&390b30ad&0&0.0.0#{53f56307-b6bf-11d0-94f2-00a0c91efb8b} device not found ---- Registry - GMER 1.0.15 ---- Reg HKLM\SYSTEM\CurrentControlSet\Services\BTHPORT\Parameters\Keys\00125a6014a8 Reg HKLM\SYSTEM\CurrentControlSet\Services\BTHPORT\Parameters\Keys\00125a6014a8@0017fa893ed7 0x66 0xF2 0x21 0x39 ... Reg HKLM\SYSTEM\CurrentControlSet\Services\BTHPORT\Parameters\Keys\001e3d8b7307 Reg HKLM\SYSTEM\CurrentControlSet\Services\BTHPORT\Parameters\Keys\001e3d8b731e Reg HKLM\SYSTEM\CurrentControlSet\Services\BTHPORT\Parameters\Keys\001e3ded49ed Reg HKLM\SYSTEM\CurrentControlSet\Services\BTHPORT\Parameters\Keys\001e3ded49ed@0023df53c6ac 0x4D 0xE1 0x83 0xEF ... Reg HKLM\SYSTEM\CurrentControlSet\Services\BTHPORT\Parameters\Keys\001e3ded49ed@c8bcc82abaa6 0xA0 0x12 0x5A 0x0E ... Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04 Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@h0 0 Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@ujdew 0x53 0xE1 0x7E 0x01 ... Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4 Reg HKLM\SYSTEM\ControlSet002\Services\BTHPORT\Parameters\Keys\00125a6014a8 (not active ControlSet) Reg HKLM\SYSTEM\ControlSet002\Services\BTHPORT\Parameters\Keys\00125a6014a8@0017fa893ed7 0x66 0xF2 0x21 0x39 ... Reg HKLM\SYSTEM\ControlSet002\Services\BTHPORT\Parameters\Keys\001e3d8b7307 (not active ControlSet) Reg HKLM\SYSTEM\ControlSet002\Services\BTHPORT\Parameters\Keys\001e3d8b731e (not active ControlSet) Reg HKLM\SYSTEM\ControlSet002\Services\BTHPORT\Parameters\Keys\001e3ded49ed (not active ControlSet) Reg HKLM\SYSTEM\ControlSet002\Services\BTHPORT\Parameters\Keys\001e3ded49ed@0023df53c6ac 0x4D 0xE1 0x83 0xEF ... Reg HKLM\SYSTEM\ControlSet002\Services\BTHPORT\Parameters\Keys\001e3ded49ed@c8bcc82abaa6 0xA0 0x12 0x5A 0x0E ... Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04 (not active ControlSet) Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@h0 0 Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@ujdew 0x53 0xE1 0x7E 0x01 ... Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4 (not active ControlSet) Reg HKLM\SYSTEM\ControlSet006\Services\BTHPORT\Parameters\Keys\00125a6014a8 (not active ControlSet) Reg HKLM\SYSTEM\ControlSet006\Services\BTHPORT\Parameters\Keys\00125a6014a8@0017fa893ed7 0x66 0xF2 0x21 0x39 ... Reg HKLM\SYSTEM\ControlSet006\Services\BTHPORT\Parameters\Keys\001e3d8b7307 (not active ControlSet) Reg HKLM\SYSTEM\ControlSet006\Services\BTHPORT\Parameters\Keys\001e3d8b731e (not active ControlSet) Reg HKLM\SYSTEM\ControlSet006\Services\BTHPORT\Parameters\Keys\001e3ded49ed (not active ControlSet) Reg HKLM\SYSTEM\ControlSet006\Services\BTHPORT\Parameters\Keys\001e3ded49ed@0023df53c6ac 0x4D 0xE1 0x83 0xEF ... Reg HKLM\SYSTEM\ControlSet006\Services\BTHPORT\Parameters\Keys\001e3ded49ed@c8bcc82abaa6 0xA0 0x12 0x5A 0x0E ... Reg HKLM\SYSTEM\ControlSet006\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04 (not active ControlSet) Reg HKLM\SYSTEM\ControlSet006\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@h0 0 Reg HKLM\SYSTEM\ControlSet006\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@ujdew 0x53 0xE1 0x7E 0x01 ... Reg HKLM\SYSTEM\ControlSet006\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4 (not active ControlSet) ---- Disk sectors - GMER 1.0.15 ---- Disk \Device\Harddisk0\DR0 TDL4@MBR code has been found <-- ROOTKIT !!! Disk \Device\Harddisk0\DR0 sector 00: rootkit-like behavior ---- EOF - GMER 1.0.15 ----
×
×
  • Créer...