Infection Rootkit TDLR4@MBR

Beauregard · le 7 mai 2011

Rapport DDS effectué (Voir ci-dessous)

Rapport Gmer en cours (pour la 2ème fois) mais sauvegarde impossible la première fois. Je viens d'y arriver. (Voir rapport ci-dessous)

Multiples problèmes:

- Redirection des liens Google vers des sites tiers à caractère publicitaire.

- Écran bleu, puis redémarrage poussif 4 à 8 fois par jour. Une redémarrage m,a inquiété temporairement puisque Windows ne se lançait plus, avec un message laconique noir et blanc en anglais du type "Windows ne trouve pas les fichiers de lancement".

- Très difficile de télécharger des outils des outils et d'aller sur certains site qui pourraient me permettre de nettoyer.

- Plantage de programmes (InDesign, Excel, Outlook). Dysfonctionnements du Task Manager dans Outlook.

Je pense être dans un cas similaire à celui du TDSS résolu hier par Appolo:

http://forum.zebulon.fr/be s oin-aide-nettoyage-pc-infecte-re s olu-t185148.html

Dans cet esprit:

Rootkit.TDSS/Alueron TDL 4 : nouvelle variante | malekal's site

A l'aide, je suis en Chine, en plein boulot. Minuit ici.

Merci,

Beauregard

///////////////////

Rapport DDS

.

DDS (Ver_11-03-05.01) - NTFSx86

Run by Emmanuel at 20:49:12.58 on Sat 05/07/2011

Internet Explorer: 8.0.6001.18999 BrowserJavaVersion: 1.6.0_22

MicrosoftÆ Windows Vistaô …dition IntÈgrale 6.0.6002.2.1252.1.1033.18.3069.1807 [GMT 8:00]

.

AV: BitDefender Antivirus *Disabled/Updated* {982ADE23-275B-0766-37C5-DE01A484098E}

SP: Spy Sweeper *Disabled/Updated* {8162D2B6-63C7-5812-E5F7-165FDC222080}

SP: Windows Defender *Enabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

SP: BitDefender Antispyware *Disabled/Updated* {234B3FC7-0161-08E8-0D75-E573DF034333}

.

============== Running Processes ===============

.

C:\Windows\system32\wininit.exe

C:\Windows\system32\lsm.exe

C:\Windows\system32\svchost.exe -k DcomLaunch

C:\Program Files\Webroot\WebrootSecurity\WRConsumerService.exe

C:\Windows\system32\svchost.exe -k rpcss

C:\Windows\System32\svchost.exe -k secsvcs

C:\Program Files\Common Files\BitDefender\BitDefender Update Service\livesrv.exe

C:\Program Files\BitDefender\BitDefender 2010\vsserv.exe

C:\Windows\system32\Ati2evxx.exe

C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted

C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted

C:\Windows\system32\svchost.exe -k netsvcs

C:\Windows\system32\svchost.exe -k GPSvcGroup

C:\Windows\system32\SLsvc.exe

C:\Windows\system32\svchost.exe -k LocalService

C:\Windows\system32\Ati2evxx.exe

C:\Program Files\DisplayLink Core Software\DisplayLinkService.exe

C:\Windows\RtkAudioService.exe

C:\Windows\system32\svchost.exe -k NetworkService

C:\Windows\system32\taskeng.exe

C:\Windows\System32\spoolsv.exe

C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork

C:\Windows\system32\WLANExt.exe

C:\Windows\system32\svchost.exe -k apphost

C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe

C:\Program Files\Bonjour\mDNSResponder.exe

C:\Windows\system32\svchost.exe -k bthsvcs

C:\Program Files\Intel\WiFi\bin\EvtEng.exe

C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe

c:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe

C:\Windows\system32\nlssrv32.exe

C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted

C:\Windows\system32\PSIService.exe

C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe

c:\Program Files\Microsoft SQL Server\90\Shared\sqlbrowser.exe

c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe

C:\Windows\system32\svchost.exe -k imgsvc

C:\Program Files\Sony\VAIO Event Service\VESMgr.exe

C:\Program Files\DisplayLink Core Software\DisplayLinkManager.exe

C:\Windows\system32\Dwm.exe

C:\Windows\Explorer.EXE

C:\Windows\system32\taskeng.exe

C:\Program Files\Sony\VAIO Power Management\SPMService.exe

C:\Program Files\BitDefender\BitDefender 2010\bdagent.exe

C:\Windows\system32\DllHost.exe

C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VCSW\VCSW.exe

C:\Windows\system32\DllHost.exe

C:\Windows\system32\svchost.exe -k iissvcs

C:\Program Files\Sony\VAIO Event Service\VESMgrSub.exe

C:\Program Files\Webroot\WebrootSecurity\SpySweeper.exe

C:\Program Files\BitDefender\BitDefender 2010\seccenter.exe

C:\Windows\ehome\ehtray.exe

C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe

C:\Program Files\DisplayLink Core Software\DisplayLinkUI.exe

C:\Program Files\Microsoft Office\Office14\MSOSYNC.EXE

C:\Program Files\Siber Systems\AI RoboForm\robotaskbaricon.exe

C:\Program Files\Sony\VAIO Power Management\SPMgr.exe

C:\Windows\system32\DllHost.exe

C:\Windows\System32\svchost.exe -k WerSvcGroup

C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE

C:\Windows\system32\SearchIndexer.exe

C:\Windows\system32\WUDFHost.exe

C:\Windows\system32\DRIVERS\xaudio.exe

C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzCdbSvc.exe

C:\Windows\system32\wbem\wmiprvse.exe

C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe

C:\Windows\ehome\ehmsas.exe

C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzFw.exe

C:\Windows\system32\conime.exe

C:\Windows\System32\alg.exe

C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE

C:\Windows\System32\mobsync.exe

C:\Users\Emmanuel\Desktop\dds.scr

C:\Windows\system32\wbem\wmiprvse.exe

.

============== Pseudo HJT Report ===============

.

uStart Page = hxxp://www.rue89.com/

uInternet Settings,ProxyServer = 127.0.0.1:8580

uInternet Settings,ProxyOverride = <local>

BHO: SnagIt Toolbar Loader: {00c6482d-c502-44c8-8409-fce54ad9c208} - c:\program files\techsmith\snagit 9\SnagitBHO.dll

BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll

BHO: FlpLauncher Class: {4401fdc3-7996-4774-8d2b-c1ae9cd6cc25} - c:\progra~1\e-book~1\flipvi~2\fvbho140.dll

BHO: CmjBrowserHelperObject Object: {6fe6a929-59d1-4763-91ad-29b61cffb35b} - c:\program files\mindjet\mindmanager 9\Mm8InternetExplorer.dll

BHO: RoboForm BHO: {724d43a9-0d85-11d4-9908-00400523e39a} - c:\program files\siber systems\ai roboform\roboform.dll

BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - c:\progra~1\micros~3\office14\GROOVEEX.DLL

BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll

BHO: Adobe PDF Conversion Toolbar Helper: {ae7cd045-e861-484f-8273-0445ee161910} - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll

BHO: Skype Plug-In: {ae805869-2e5c-4ed4-8f7b-f1f7851a4497} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll

BHO: Office Document Cache Handler: {b4f3a835-0e21-4959-ba22-42b3008e02ff} - c:\progra~1\micros~3\office14\URLREDIR.DLL

BHO: Java Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll

BHO: SmartSelect Class: {f4971ee7-daa0-4053-9964-665d8ee6a077} - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll

BHO: DAPIELoader Class: {ff6c3cf0-4b15-11d1-abed-709549c10000} - c:\progra~1\dap\DAPIEL~1.DLL

TB: &RoboForm: {724d43a0-0d85-11d4-9908-00400523e39a} - c:\program files\siber systems\ai roboform\roboform.dll

TB: Snagit: {8ff5e183-abde-46eb-b09e-d2aab95cabe3} - c:\program files\techsmith\snagit 9\SnagitIEAddin.dll

TB: BitDefender Toolbar: {381ffde8-2394-4f90-b10d-fc6124a40f8c} - c:\program files\bitdefender\bitdefender 2010\IEToolbar.dll

TB: Adobe PDF: {47833539-d0c5-4125-9fa8-0819e2eaac93} - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll

TB: {10134636-E7AF-4AC5-A1DC-C7C44BB97D81} - No File

TB: {D4027C7F-154A-4066-A1AD-4243D8127440} - No File

TB: {8FF5E180-ABDE-46EB-B09E-D2AAB95CABE3} - No File

uRun: [ehTray.exe] "c:\windows\ehome\ehTray.exe"

uRun: [iSUSPM] "c:\program files\common files\installshield\updateservice\ISUSPM.exe" -scheduler

uRun: [Ditto] "c:\program files\ditto\Ditto.exe"

uRun: [skype] "c:\program files\skype\phone\Skype.exe" /nosplash /minimized

uRun: [AdobeBridge]

uRun: [lnksutil] "rundll32" "c:\users\emmanuel\appdata\local\temp\ntosetup.dll",CreateProcessNotify

uRun: [OfficeSyncProcess] "c:\program files\microsoft office\office14\MSOSYNC.EXE"

uRun: [RoboForm] "c:\program files\siber systems\ai roboform\RoboTaskBarIcon.exe"

mRun: [bCSSync] "c:\program files\microsoft office\office14\BCSSync.exe" /DelayServices

mRun: [Malwarebytes' Anti-Malware (reboot)] "c:\program files\malwarebytes' anti-malware\mbam.exe" /runcleanupscript

mRun: [spySweeper] "c:\program files\webroot\webrootsecurity\SpySweeperUI.exe" /startintray

mPolicies-explorer: BindDirectlyToPropertySetStorage = 0 (0x0)

mPolicies-system: EnableUIADesktopToggle = 0 (0x0)

IE: &Clean Traces - c:\program files\dap\privacy package\dapcleanerie.htm

IE: &Download with &DAP - c:\program files\dap\dapextie.htm

IE: Append Link Target to Existing PDF - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll/AcroIEAppendSelLinks.html

IE: Append to existing PDF - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll/AcroIEAppend.html

IE: Barre RoboForm - file://c:\program files\siber systems\ai roboform\RoboFormComShowToolbar.html

IE: Convert link target to Adobe PDF - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll/AcroIECaptureSelLinks.html

IE: Convert link target to existing PDF - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll/AcroIEAppendSelLinks.html

IE: Convert to Adobe PDF - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll/AcroIECapture.html

IE: Download &all with DAP - c:\program files\dap\dapextie2.htm

IE: E&xport to Microsoft Excel - c:\progra~1\micros~3\office14\EXCEL.EXE/3000

IE: Enregistrer le formulaire - file://c:\program files\siber systems\ai roboform\RoboFormComSavePass.html

IE: Personnaliser le menu - file://c:\program files\siber systems\ai roboform\RoboFormComCustomizeIEMenu.html

IE: Remplir le formulaire - file://c:\program files\siber systems\ai roboform\RoboFormComFillForms.html

IE: Se&nd to OneNote - c:\progra~1\micros~3\office14\ONBttnIE.dll/105

IE: Send image to &Bluetooth Device... - c:\program files\widcomm\bluetooth software\btsendto_ie_ctx.htm

IE: Send page to &Bluetooth Device... - c:\program files\widcomm\bluetooth software\btsendto_ie.htm

IE: QQ - c:\program files\tencent\qqintl\bin\AddEmotion.htm

IE: {320AF880-6646-11D3-ABEE-C5DBF3571F46} - c:\program files\siber systems\ai roboform\RoboFormComFillForms.html

IE: {320AF880-6646-11D3-ABEE-C5DBF3571F49} - c:\program files\siber systems\ai roboform\RoboFormComSavePass.html

IE: {724d43aa-0d85-11d4-9908-00400523e39a} - c:\program files\siber systems\ai roboform\RoboFormComShowToolbar.html

IE: {CCA281CA-C863-46ef-9331-5C8D4460577F} - c:\program files\widcomm\bluetooth software\btsendto_ie.htm

IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\program files\microsoft office\office14\ONBttnIE.dll

IE: {2F72393D-2472-4F82-B600-ED77F354B7FF} - {6FE6A929-59D1-4763-91AD-29B61CFFB35B} - c:\program files\mindjet\mindmanager 9\Mm8InternetExplorer.dll

IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - c:\program files\microsoft office\office14\ONBttnIELinkedNotes.dll

IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll

LSP: c:\windows\system32\ASProxy.dll

Trusted Zone: alipay.com

Trusted Zone: alisoft.com

Trusted Zone: carrefour.com.cn\e-shop

Trusted Zone: imdb.com\secure

Trusted Zone: taobao.com

DPF: {1E0DFFCF-27FF-4574-849B-55007349FEDA} - hxxps://download.alipay.com/aliedit/aliedit/2401/aliedit.cab

DPF: {233C1507-6A77-46A4-9443-F871F945D258} - hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab

DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab

DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab

DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab

DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab

Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - c:\program files\common files\microsoft shared\office14\MSOXMLMF.DLL

Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll

Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\program files\common files\skype\Skype4COM.dll

Name-Space Handler: ftp\ZDA - {5BFA1DAF-5EDC-11D2-959E-00C00C02DA5E} - c:\progra~1\dap\dapie.dll

Name-Space Handler: http\ZDA - {5BFA1DAF-5EDC-11D2-959E-00C00C02DA5E} - c:\progra~1\dap\dapie.dll

Notify: VESWinlogon - VESWinlogon.dll

AppInit_DLLs: acaptuser32.dll

STS: Windows DreamScene: {e31004d1-a431-41b8-826f-e902f9d95c81} - %SystemRoot%\System32\DreamScene.dll

SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - c:\progra~1\micros~3\office14\GROOVEEX.DLL

mASetup: {7070D8E0-650A-46b3-B03C-9497582E6A74} - %SystemRoot%\system32\soundschemes.exe /AddRegistration

mASetup: {B3688A53-AB2A-4b1d-8CEF-8F93D8C51C24} - %SystemRoot%\system32\soundschemes2.exe /AddRegistration

Hosts: 66.207.162.66 freedur.com

Hosts: 66.207.162.66 www.freedur.com

Hosts: 204.152.194.50 clients.freedur.com

Hosts: 204.152.194.50 blog.freedur.com

Hosts: 66.207.162.66 freedur.net

.

Note: multiple HOSTS entries found. Please refer to Attach.txt

.

================= FIREFOX ===================

.

FF - ProfilePath - c:\users\emmanuel\appdata\roaming\mozilla\firefox\profiles\8681oi1f.default\

FF - prefs.js: browser.startup.homepage - hxxp://pro.imdb.com/

FF - prefs.js: network.proxy.ftp - 127.0.0.1

FF - prefs.js: network.proxy.ftp_port - 8580

FF - prefs.js: network.proxy.http - 127.0.0.1

FF - prefs.js: network.proxy.http_port - 8580

FF - prefs.js: network.proxy.socks - 127.0.0.1

FF - prefs.js: network.proxy.socks_port - 8580

FF - prefs.js: network.proxy.ssl - 127.0.0.1

FF - prefs.js: network.proxy.ssl_port - 8580

FF - prefs.js: network.proxy.type - 1

.

============= SERVICES / DRIVERS ===============

.

R0 dlkmdldr;dlkmdldr;c:\windows\system32\drivers\dlkmdldr.sys [2009-1-19 13424]

R0 ssfs0bbc;ssfs0bbc;c:\windows\system32\drivers\ssfs0bbc.sys [2009-11-6 29808]

R2 CMB8100;CMB8100;c:\windows\system32\drivers\CertClient.dat [2009-12-29 11808]

R2 CMBProtector;CMBProtector;c:\windows\system32\drivers\CMBProtector.dat [2009-12-29 10272]

R2 DisplayLinkService;DisplayLink Service;c:\program files\displaylink core software\DisplayLinkService.exe [2008-8-18 443752]

R2 nlsX86cc;Nalpeiron Licensing Service;c:\windows\system32\nlssrv32.exe [2010-3-25 57344]

R2 regi;regi;c:\windows\system32\drivers\regi.sys [2007-4-18 11032]

R2 RtkHDMIService;RtkHDMIService;c:\windows\RTKAUDIOSERVICE.EXE [2008-6-18 98304]

R2 VAIO Power Management;VAIO Power Management;c:\program files\sony\vaio power management\SPMService.exe [2009-1-19 411488]

R2 WebrootSpySweeperService;Webroot Spy Sweeper Engine;c:\program files\webroot\webrootsecurity\SpySweeper.exe [2009-11-6 4048240]

R2 WRConsumerService;Webroot Client Service;c:\program files\webroot\webrootsecurity\WRConsumerService.exe [2010-1-17 1201640]

R3 BDFM;BDFM;c:\windows\system32\drivers\bdfm.sys [2010-2-3 153448]

R3 BTHprint;Microsoft Bluetooth Printer Class;c:\windows\system32\drivers\BTHPRINT.SYS [2009-7-6 29696]

R3 btwl2cap;Bluetooth L2CAP Service;c:\windows\system32\drivers\btwl2cap.sys [2008-6-18 28464]

R3 dlkmd;dlkmd;c:\windows\system32\drivers\dlkmd.sys [2009-1-19 287856]

R3 NETw5v32;Intel® Wireless WiFi Link Adapter Driver for Windows Vista 32 Bit ;c:\windows\system32\drivers\NETw5v32.sys [2008-4-28 3658752]

R3 osppsvc;Office Software Protection Platform;c:\program files\common files\microsoft shared\officesoftwareprotectionplatform\OSPPSVC.EXE [2010-1-9 4640000]

R3 SFEP;Sony Firmware Extension Parser;c:\windows\system32\drivers\SFEP.sys [2008-6-18 9344]

S3 Alidevice;Alidevice;c:\windows\system32\drivers\alidevice.sys [2010-1-8 6656]

S3 Arrakis3;BitDefender Arrakis Server;c:\program files\common files\bitdefender\bitdefender arrakis server\bin\arrakis3.exe [2009-10-19 183880]

S3 ASOVPNHelper;Astrill OpenVPN Service;c:\users\emmanuel\appdata\roaming\astrill\asovpnsvc.exe --run --> c:\users\emmanuel\appdata\roaming\astrill\ASOvpnSvc.exe --run [?]

S3 ASProxy;ASProxy;c:\users\emmanuel\appdata\roaming\astrill\ASProxy.exe [2010-10-31 1962192]

S3 Microsoft SharePoint Workspace Audit Service;Microsoft SharePoint Workspace Audit Service;c:\program files\microsoft office\office14\GROOVE.EXE [2010-3-25 30969208]

S3 SOHCImp;VAIO Media plus Content Importer;c:\program files\sony\vaio media plus\SOHCImp.exe [2008-8-27 104288]

S3 SOHDms;VAIO Media plus Digital Media Server;c:\program files\sony\vaio media plus\SOHDms.exe [2008-8-27 350048]

S3 SOHDs;VAIO Media plus Device Searcher;c:\program files\sony\vaio media plus\SOHDs.exe [2008-8-27 63328]

S3 SwitchBoard;Adobe SwitchBoard;c:\program files\common files\adobe\switchboard\SwitchBoard.exe [2010-2-19 517096]

S3 SWNC8U56;Sierra Wireless MUX NDIS Driver (UMTS56);c:\windows\system32\drivers\swnc8u56.sys [2007-6-27 101248]

S3 SWUMX56;Sierra Wireless USB MUX Driver (UMTS56);c:\windows\system32\drivers\swumx56.sys [2007-6-27 73856]

S3 VcmIAlzMgr;VAIO Content Metadata Intelligent Analyzing Manager;c:\program files\sony\vcm intelligent analyzing manager\VcmIAlzMgr.exe [2008-6-18 333088]

S3 VcmXmlIfHelper;VAIO Content Metadata XML Interface;c:\program files\common files\sony shared\vcmxml\VcmXmlIfHelper.exe [2008-6-18 87328]

.

=============== Created Last 30 ================

.

2011-05-06 02:50:09 -------- d-----w- c:\users\emmanuel\appdata\roaming\Malwarebytes

2011-05-06 02:49:54 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys

2011-05-06 02:49:52 -------- d-----w- c:\progra~2\Malwarebytes

2011-05-06 02:49:48 20952 ----a-w- c:\windows\system32\drivers\mbam.sys

2011-05-06 02:49:48 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware

2011-05-04 03:15:43 89600 ----a-w- c:\windows\system32\spool\prtprocs\w32x86\HPZPPLHN.DLL

2011-05-02 07:17:42 -------- d-----w- c:\users\emmanuel\appdata\roaming\RoboForm

2011-05-02 06:04:48 142296 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll

2011-05-02 06:04:44 781272 ----a-w- c:\program files\mozilla firefox\mozsqlite3.dll

2011-05-02 06:04:44 1874904 ----a-w- c:\program files\mozilla firefox\mozjs.dll

2011-05-02 06:04:43 89048 ----a-w- c:\program files\mozilla firefox\libEGL.dll

2011-05-02 06:04:43 465880 ----a-w- c:\program files\mozilla firefox\libGLESv2.dll

2011-05-02 06:04:43 1892184 ----a-w- c:\program files\mozilla firefox\d3dx9_42.dll

2011-05-02 06:04:43 15832 ----a-w- c:\program files\mozilla firefox\mozalloc.dll

2011-05-02 06:04:42 1974616 ----a-w- c:\program files\mozilla firefox\D3DCompiler_42.dll

.

==================== Find3M ====================

.

2011-02-15 08:27:10 26960 ----a-w- c:\windows\system32\novamnv7.dll

2011-02-15 08:27:08 21328 ----a-w- c:\windows\system32\novamiv7.dll

.

=================== ROOTKIT ====================

.

Stealth MBR rootkit/Mebroot/Sinowal/TDL4 detector 0.4.2 by Gmer, GMER - Rootkit Detector and Remover

Windows 6.0.6002 Disk: FUJITSU_ rev.0041 -> Harddisk0\DR0 -> \Device\Ide\iaStor0

.

device: opened successfully

user: MBR read successfully

.

Disk trace:

called modules: ntkrnlpa.exe CLASSPNP.SYS disk.sys acpi.sys hal.dll >>UNKNOWN [0x89556555]<<

_asm { PUSH EBP; MOV EBP, ESP; PUSH ECX; MOV EAX, [EBP+0x8]; CMP EAX, [0x8955c7b0]; MOV EAX, [0x8955c82c]; PUSH EBX; PUSH ESI; MOV ESI, [EBP+0xc]; MOV EBX, [ESI+0x60]; PUSH EDI; JNZ 0x20; MOV [EBP+0x8], EAX; }

1 ntkrnlpa!IofCallDriver[0x84655962] -> \Device\Harddisk0\DR0[0x891AF150]

3 CLASSPNP[0x8CDE38B3] -> ntkrnlpa!IofCallDriver[0x84655962] -> [0x87DAFC60]

5 acpi[0x8069F6BC] -> ntkrnlpa!IofCallDriver[0x84655962] -> [0x87D49028]

\Driver\iaStor[0x887BD048] -> IRP_MJ_CREATE -> 0x89556555

kernel: MBR read successfully

_asm { XOR AX, AX; MOV SS, AX; MOV SP, 0x7c00; MOV ES, AX; MOV DS, AX; MOV SI, 0x7c00; MOV DI, 0x600; MOV CX, 0x200; CLD ; REP MOVSB ; PUSH AX; PUSH 0x61c; RETF ; STI ; PUSHA ; MOV CX, 0x132; MOV BP, 0x62a; ROR BYTE [bP+0x0], CL; INC BP; }

detected disk devices:

\Device\Ide\IAAStorageDevice-0 -> \??\IDE#DiskFUJITSU_MHZ2400BT_G1____________________0041000C#4&390b30ad&0&0.0.0#{53f56307-b6bf-11d0-94f2-00a0c91efb8b} device not found

detected hooks:

user != kernel MBR !!!

sectors 781422766 (+255): user != kernel

Warning: possible TDL4 rootkit infection !

TDL4 rootkit infection detected ! Use: "mbr.exe -f" to fix.

.

============= FINISH: 20:53:14.47 ===============

Rapport secondaire DDS

.

UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.

IF REQUESTED, ZIP IT UP & ATTACH IT

.

DDS (Ver_11-03-05.01)

.

MicrosoftÆ Windows Vistaô …dition IntÈgrale

Boot Device: \Device\HarddiskVolume2

Install Date: 8/27/2008 7:57:25 AM

System Uptime: 5/7/2011 6:11:09 PM (2 hours ago)

.

Motherboard: Sony Corporation | | VAIO

Processor: Intel® Core2 Duo CPU T9600 @ 2.80GHz | N/A | 800/266mhz

.

==== Disk Partitions =========================

.

C: is FIXED (NTFS) - 364 GiB total, 96.44 GiB free.

D: is Removable

E: is Removable

F: is CDROM ()

H: is CDROM ()

.

==== Disabled Device Manager Items =============

.

Class GUID:

Description: Bluetooth Peripheral Device

Device ID: BTHENUM\{00000000-DECA-FADE-DECA-DEAFDECACAFE}_VID&000205AC_PID&129A\7&1A18FFC0&0&C8BCC82ABAA6_C00000000

Manufacturer:

Name: Bluetooth Peripheral Device

PNP Device ID: BTHENUM\{00000000-DECA-FADE-DECA-DEAFDECACAFE}_VID&000205AC_PID&129A\7&1A18FFC0&0&C8BCC82ABAA6_C00000000

Service:

.

==== System Restore Points ===================

.

No restore point in system.

.

==== Hosts File Hijack ======================

.

Hosts: 66.207.162.66 freedur.com

Hosts: 66.207.162.66 www.freedur.com

Hosts: 204.152.194.50 clients.freedur.com

Hosts: 204.152.194.50 blog.freedur.com

Hosts: 66.207.162.66 freedur.net

Hosts: 66.207.162.66 www.freedur.net

Hosts: 204.152.194.50 clients.freedur.net

Hosts: 204.152.194.50 blog.freedur.net

Hosts: 66.207.162.66 freedur.org

Hosts: 66.207.162.66 www.freedur.org

Hosts: 204.152.194.50 clients.freedur.org

Hosts: 204.152.194.50 blog.freedur.org

Hosts: 66.207.161.29 clients.skydur.com

Hosts: 66.207.161.29 blog.skydur.com

Hosts: 109.123.89.16 www.skydur.com

Hosts: 109.123.89.16 skydur.com

Hosts: 109.123.89.16 secure.skydur.com

Hosts: 109.123.89.16 www.skydurvpn.com

Hosts: 109.123.89.16 skydurvpn.com

Hosts: 109.123.89.16 secure.skydurvpn.com

.

==== Installed Programs ======================

.

’–––◊®“µ∞Ê

÷ß∏∂±¶≤Âº˛ 1.2.0.2

Adobe Acrobat 9 Pro Extended - English, FranÁais, Deutsch

Adobe AIR

Adobe Anchor Service CS4

Adobe Bridge CS4

Adobe CMaps CS4

Adobe Color EU Extra Settings CS4

Adobe Color JA Extra Settings CS4

Adobe Color NA Recommended Settings CS4

Adobe Community Help

Adobe Creative Suite 5 Master Collection

Adobe CSI CS4

Adobe Default Language CS4

Adobe Drive CS4

Adobe ExtendScript Toolkit CS4

Adobe Extension Manager CS4

Adobe Flash Player 10 ActiveX

Adobe Flash Player 10 Plugin

Adobe Fonts All

Adobe InCopy CS4 Application Feature Set Files (Roman)

Adobe InCopy CS4 Common Base Files

Adobe InDesign CS4 Icon Handler

Adobe Linguistics CS4

Adobe Output Module

Adobe PDF Library Files CS4

Adobe Search for Help

Adobe Service Manager Extension

Adobe Setup

Adobe SING CS4

Adobe Type Support CS4

Adobe Update Manager CS4

Adobe WinSoft Linguistics Plugin

Adobe XMP Panels CS4

AdobeColorCommonSetCMYK

AdobeColorCommonSetRGB

Advanced System Optimizer

Alien Skin Exposure 3

Alps Pointing-device for VAIO

Apple Application Support

Apple Mobile Device Support

Apple Software Update

Astrill 2.2.0.1824

ATI Catalyst Install Manager

BitDefender Antivirus 2010

Bonjour

Canon G.726 WMP-Decoder

CANON iMAGE GATEWAY Task for ZoomBrowser EX

Canon Internet Library for ZoomBrowser EX

Canon MovieEdit Task for ZoomBrowser EX

Canon RAW Image Task for ZoomBrowser EX

Canon SELPHY CP780

Canon Utilities CameraWindow

Canon Utilities CameraWindow DC_DV 6 for ZoomBrowser EX

Canon Utilities MyCamera

Canon Utilities RemoteCapture Task for ZoomBrowser EX

Canon Utilities ZoomBrowser EX

Canon ZoomBrowser EX Memory Card Utility

CanoScan Toolbox Ver4.9

Catalyst Control Center - Branding

Catalyst Control Center Core Implementation

Catalyst Control Center Graphics Full Existing

Catalyst Control Center Graphics Full New

Catalyst Control Center Graphics Light

Catalyst Control Center Graphics Previews Common

Catalyst Control Center Graphics Previews Vista

Catalyst Control Center Localization Chinese Standard

Catalyst Control Center Localization Chinese Traditional

Catalyst Control Center Localization Czech

Catalyst Control Center Localization Danish

Catalyst Control Center Localization Dutch

Catalyst Control Center Localization Finnish

Catalyst Control Center Localization French

Catalyst Control Center Localization German

Catalyst Control Center Localization Greek

Catalyst Control Center Localization Hungarian

Catalyst Control Center Localization Italian

Catalyst Control Center Localization Japanese

Catalyst Control Center Localization Korean

Catalyst Control Center Localization Norwegian

Catalyst Control Center Localization Polish

Catalyst Control Center Localization Portuguese

Catalyst Control Center Localization Russian

Catalyst Control Center Localization Spanish

Catalyst Control Center Localization Swedish

Catalyst Control Center Localization Thai

Catalyst Control Center Localization Turkish

ccc-core-static

ccc-utility

CCC Help Chinese Standard

CCC Help Chinese Traditional

CCC Help Czech

CCC Help Danish

CCC Help Dutch

CCC Help English

CCC Help Finnish

CCC Help French

CCC Help German

CCC Help Greek

CCC Help Hungarian

CCC Help Italian

CCC Help Japanese

CCC Help Korean

CCC Help Norwegian

CCC Help Polish

CCC Help Portuguese

CCC Help Russian

CCC Help Spanish

CCC Help Swedish

CCC Help Thai

CCC Help Turkish

CDDRV_Installer

Choice Guard

Click to Disc

Click to Disc Editor

CMBEdit

Connect

Conseiller de mise ‡ niveau vers Windows 7

CuteFTP 8 Professional

Definition update for Microsoft Office 2010 (KB982726)

DisplayLink Core Software

Ditto 3.15.4.0

Download Accelerator Plus (DAP)

Driver Installer

EP Budgeting

Final Draft 7

FlipBook Creator 1.5

FlipViewer 4.5

FlipViewer Xpress Creator 2.2

Free HD Converter V 1.7

French App Name

GDR 4053 for SQL Server Database Services 2005 ENU (KB970892)

HDAUDIO SoftV92 Data Fax Modem with SmartCP

Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)

Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)

Hotfix for Microsoft Word 2010 (KB2459114)

HP Print Diagnostic Utility

Installation Windows Live

Intel PROSet Wireless

Intel® PROSet/Wireless WiFi Software

iTunes

Java Auto Updater

Java 6 Update 22

Java 6 Update 7

Java SE Runtime Environment 6

KhalInstallWrapper

kuler

LG USB Modem Drivers

Logitech SetPoint

Malwarebytes' Anti-Malware

Microsoft .NET Framework 3.5 SP1

Microsoft Application Error Reporting

Microsoft IntelliPoint 6.1

Microsoft IntelliType Pro 6.1

Microsoft Office Access MUI (English) 2010

Microsoft Office Access Setup Metadata MUI (English) 2010

Microsoft Office Excel MUI (English) 2010

Microsoft Office Groove MUI (English) 2010

Microsoft Office InfoPath MUI (English) 2010

Microsoft Office Live Add-in 1.5

Microsoft Office Live Add-in Patches

Microsoft Office OneNote MUI (English) 2010

Microsoft Office Outlook MUI (English) 2010

Microsoft Office PowerPoint MUI (English) 2010

Microsoft Office Professional Plus 2010

Microsoft Office Proof (English) 2010

Microsoft Office Proof (French) 2010

Microsoft Office Proof (Spanish) 2010

Microsoft Office Proofing (English) 2010

Microsoft Office Publisher MUI (English) 2010

Microsoft Office Shared MUI (English) 2010

Microsoft Office Shared Setup Metadata MUI (English) 2010

Microsoft Office Word MUI (English) 2010

Microsoft SharedView

Microsoft Silverlight

Microsoft SQL Server 2005

Microsoft SQL Server 2005 Express Edition (MSSMLBIZ)

Microsoft SQL Server Native Client

Microsoft SQL Server Setup Support Files (English)

Microsoft SQL Server VSS Writer

Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053

Microsoft Visual C++ 2005 Redistributable

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148

Microsoft_VC80_ATL_x86

Microsoft_VC80_CRT_x86

Microsoft_VC80_MFC_x86

Microsoft_VC80_MFCLOC_x86

Microsoft_VC90_ATL_x86

Microsoft_VC90_CRT_x86

Microsoft_VC90_MFC_x86

Mindjet MindManager 9

MobileMe Control Panel

ModËles de sons Windows

Movie Outline 3.1.1

Mozilla Firefox 4.0.1 (x86 fr)

MSVCRT

MSXML 4.0 SP2 (KB936181)

MSXML 4.0 SP2 (KB941833)

MSXML 4.0 SP2 (KB954430)

MSXML 4.0 SP2 (KB973688)

MSXML 4.0 SP2 and SOAP Toolkit 3.0

MSXML 4.0 SP2 Parser and SDK

MXAir Tutorial

NEF Codec

OpenMG Secure Module 5.0.00

Outil de tÈlÈchargement Windows Live

PamFax

PamFax Office Integration

PDF-XChange 3

PDF Settings CS4

PDF Settings CS5

Photoshop Camera Raw

Qlock Lite

QuickTime

QuickTime MPEG2

Real Alternative 1.9.0

Realtek High Definition Audio Driver

Resolume DXV Quicktime Codec 2.1

RoboForm 7-2-9 (All Users)

Security Update for CAPICOM (KB931906)

Security Update for Microsoft .NET Framework 3.5 SP1 (KB2416473)

Security Update for Microsoft Office 2010 (KB2289078)

Security Update for Microsoft Office 2010 (KB2289161)

Security Update for Microsoft Publisher 2010 (KB2409055)

Setting Utility Series

Skins

Skylook

Skype Toolbars

Skypeô 5.1

SmartWi Connection Utility

Snagit 9.1.3

Sony Download Taxi 1.5.0.0

SONY VGP-UPR1 (Display Adapter)

SONY VGP-UPR1 (Display Adapter) Utility

Sony Video Shared Library

Spy Sweeper

Spy Sweeper Core

Suite Shared Configuration CS4

SupportSoft Assisted Service

Tencent QQ

Ultimate Extras sounds from MicrosoftÆ Tinkerô

Ultra Flash Video FLV Converter 3.8.1023

Update for Microsoft .NET Framework 3.5 SP1 (KB963707)

Update for Microsoft Office 2010 (KB2202188)

Update for Microsoft Office 2010 (KB2413186)

Update for Microsoft OneNote 2010 (KB2433299)

Update for Microsoft Outlook Social Connector (KB2289116)

VAIO Content Folder Setting

VAIO Content Metadata Intelligent Analyzing Manager

VAIO Content Metadata Manager Setting

VAIO Content Metadata XML Interface Library

VAIO Control Center

VAIO Data Restore Tool

VAIO DVD Menu Data Basic

VAIO Entertainment Platform

VAIO Event Service

VAIO Help and Support

VAIO Launcher

VAIO Media plus

VAIO Movie Story

VAIO Movie Story Template Data

VAIO MusicBox

VAIO MusicBox Sample Music

VAIO My Memory Center

VAIO OOBE and Welcome Center

VAIO Original Function Setting

VAIO Power Management

VAIO Presentation Support

VAIO Startup Assistant

VAIO Survey

VAIO Update 3

VAIO Wallpaper Contents

VAIO Wireless Wizard

VirtualCloneDrive

WIDCOMM Bluetooth Software 6.1.0.2200

Windows Live Call

Windows Live Communications Platform

Windows Live ID Sign-in Assistant

Windows Live Messenger

Windows Media Player Firefox Plugin

WinDVD for VAIO

WinRAR archiver

Your Uninstaller! 2008 Version 6.2

.

==== End Of File ===========================

Rapport Gmer

GMER 1.0.15.15627 - GMER - Rootkit Detector and Remover

Rootkit scan 2011-05-08 00:01:05

Windows 6.0.6002 Service Pack 2 Harddisk0\DR0 -> \Device\Ide\iaStor0 FUJITSU_ rev.0041

Running: gmer.exe; Driver: C:\Users\Emmanuel\AppData\Local\Temp\pxriqkow.sys

---- System - GMER 1.0.15 ----

SSDT 87D41B70 ZwAllocateVirtualMemory

SSDT 87D66218 ZwCreateProcess

SSDT 87D661A0 ZwCreateProcessEx

SSDT 87D41E40 ZwCreateThread

SSDT 87D41BE8 ZwQueueApcThread

SSDT 87D41A80 ZwReadVirtualMemory

SSDT 87D41CD8 ZwSetContextThread

SSDT 87D41F30 ZwSetInformationProcess

SSDT 87D41D50 ZwSetInformationThread

SSDT 87D41EB8 ZwSuspendProcess

SSDT 87D41C60 ZwSuspendThread

SSDT 87D41FA8 ZwTerminateProcess

SSDT 87D41DC8 ZwTerminateThread

SSDT 87D41AF8 ZwWriteVirtualMemory

SSDT 87D41990 ZwCreateThreadEx

SSDT 87D41A08 ZwCreateUserProcess

INT 0x61 ? 90526CD0

INT 0xB0 ? 90526A50

---- Kernel code sections - GMER 1.0.15 ----

.text ntkrnlpa.exe!KeSetEvent + 131 846F1894 4 Bytes [70, 1B, D4, 87] {JO 0x1d; AAM 0x87}

.text ntkrnlpa.exe!KeSetEvent + 209 846F196C 8 Bytes [18, 62, D6, 87, A0, 61, D6, ...]

.text ntkrnlpa.exe!KeSetEvent + 221 846F1984 4 Bytes [40, 1E, D4, 87] {INC EAX; PUSH DS; AAM 0x87}

.text ntkrnlpa.exe!KeSetEvent + 4E5 846F1C48 4 Bytes [E8, 1B, D4, 87]

.text ntkrnlpa.exe!KeSetEvent + 4FD 846F1C60 4 Bytes [80, 1A, D4, 87]

.text ...

.text C:\Windows\system32\DRIVERS\atikmdag.sys section is writeable [0x92C09000, 0x1F926A, 0xE8000020]

---- User code sections - GMER 1.0.15 ----

.text C:\Windows\system32\svchost.exe[1592] ntdll.dll!NtProtectVirtualMemory 77424D34 5 Bytes JMP 002C000A

.text C:\Windows\system32\svchost.exe[1592] ntdll.dll!NtWriteVirtualMemory 77425674 5 Bytes JMP 002D000A

.text C:\Windows\system32\svchost.exe[1592] ntdll.dll!KiUserExceptionDispatcher 77425DC8 5 Bytes JMP 002B000A

.text C:\Windows\system32\svchost.exe[1592] ole32.dll!CoCreateInstance 765C9F3E 5 Bytes JMP 0081000A

.text C:\Windows\system32\svchost.exe[1592] USER32.dll!WindowFromPoint 7633884F 5 Bytes JMP 0215000A

.text C:\Windows\system32\svchost.exe[1592] USER32.dll!GetForegroundWindow 763432C4 5 Bytes JMP 021A000A

.text C:\Windows\system32\svchost.exe[1592] USER32.dll!GetCursorPos 76350B88 5 Bytes JMP 01FE000A

.text c:\Program Files\Microsoft SQL Server\90\Shared\sqlbrowser.exe[2892] ntdll.dll!NtProtectVirtualMemory 77424D34 5 Bytes JMP 0082000A

.text c:\Program Files\Microsoft SQL Server\90\Shared\sqlbrowser.exe[2892] ntdll.dll!NtWriteVirtualMemory 77425674 5 Bytes JMP 0083000A

.text c:\Program Files\Microsoft SQL Server\90\Shared\sqlbrowser.exe[2892] ntdll.dll!KiUserExceptionDispatcher 77425DC8 5 Bytes JMP 0081000A

.text C:\Windows\Explorer.EXE[5052] ntdll.dll!NtProtectVirtualMemory 77424D34 5 Bytes JMP 0084000A

.text C:\Windows\Explorer.EXE[5052] ntdll.dll!NtWriteVirtualMemory 77425674 5 Bytes JMP 0086000A

.text C:\Windows\Explorer.EXE[5052] ntdll.dll!KiUserExceptionDispatcher 77425DC8 5 Bytes JMP 0083000A

---- Devices - GMER 1.0.15 ----

AttachedDevice \FileSystem\Ntfs \Ntfs ssfs0bbc.sys (Spy Sweeper FileSystem Filter Driver/Webroot Software, Inc. (www.webroot.com))

Device \Device\Ide\IAAStorageDevice-0 -> \??\IDE#DiskFUJITSU_MHZ2400BT_G1____________________0041000C#4&390b30ad&0&0.0.0#{53f56307-b6bf-11d0-94f2-00a0c91efb8b} device not found

---- Registry - GMER 1.0.15 ----

Reg HKLM\SYSTEM\CurrentControlSet\Services\BTHPORT\Parameters\Keys\00125a6014a8

Reg HKLM\SYSTEM\CurrentControlSet\Services\BTHPORT\Parameters\Keys\00125a6014a8@0017fa893ed7 0x66 0xF2 0x21 0x39 ...

Reg HKLM\SYSTEM\CurrentControlSet\Services\BTHPORT\Parameters\Keys\001e3d8b7307

Reg HKLM\SYSTEM\CurrentControlSet\Services\BTHPORT\Parameters\Keys\001e3d8b731e

Reg HKLM\SYSTEM\CurrentControlSet\Services\BTHPORT\Parameters\Keys\001e3ded49ed

Reg HKLM\SYSTEM\CurrentControlSet\Services\BTHPORT\Parameters\Keys\001e3ded49ed@0023df53c6ac 0x4D 0xE1 0x83 0xEF ...

Reg HKLM\SYSTEM\CurrentControlSet\Services\BTHPORT\Parameters\Keys\001e3ded49ed@c8bcc82abaa6 0xA0 0x12 0x5A 0x0E ...

Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04

Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@h0 0

Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@ujdew 0x53 0xE1 0x7E 0x01 ...

Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4

Reg HKLM\SYSTEM\ControlSet002\Services\BTHPORT\Parameters\Keys\00125a6014a8 (not active ControlSet)

Reg HKLM\SYSTEM\ControlSet002\Services\BTHPORT\Parameters\Keys\00125a6014a8@0017fa893ed7 0x66 0xF2 0x21 0x39 ...

Reg HKLM\SYSTEM\ControlSet002\Services\BTHPORT\Parameters\Keys\001e3d8b7307 (not active ControlSet)

Reg HKLM\SYSTEM\ControlSet002\Services\BTHPORT\Parameters\Keys\001e3d8b731e (not active ControlSet)

Reg HKLM\SYSTEM\ControlSet002\Services\BTHPORT\Parameters\Keys\001e3ded49ed (not active ControlSet)

Reg HKLM\SYSTEM\ControlSet002\Services\BTHPORT\Parameters\Keys\001e3ded49ed@0023df53c6ac 0x4D 0xE1 0x83 0xEF ...

Reg HKLM\SYSTEM\ControlSet002\Services\BTHPORT\Parameters\Keys\001e3ded49ed@c8bcc82abaa6 0xA0 0x12 0x5A 0x0E ...

Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04 (not active ControlSet)

Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@h0 0

Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@ujdew 0x53 0xE1 0x7E 0x01 ...

Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4 (not active ControlSet)

Reg HKLM\SYSTEM\ControlSet006\Services\BTHPORT\Parameters\Keys\00125a6014a8 (not active ControlSet)

Reg HKLM\SYSTEM\ControlSet006\Services\BTHPORT\Parameters\Keys\00125a6014a8@0017fa893ed7 0x66 0xF2 0x21 0x39 ...

Reg HKLM\SYSTEM\ControlSet006\Services\BTHPORT\Parameters\Keys\001e3d8b7307 (not active ControlSet)

Reg HKLM\SYSTEM\ControlSet006\Services\BTHPORT\Parameters\Keys\001e3d8b731e (not active ControlSet)

Reg HKLM\SYSTEM\ControlSet006\Services\BTHPORT\Parameters\Keys\001e3ded49ed (not active ControlSet)

Reg HKLM\SYSTEM\ControlSet006\Services\BTHPORT\Parameters\Keys\001e3ded49ed@0023df53c6ac 0x4D 0xE1 0x83 0xEF ...

Reg HKLM\SYSTEM\ControlSet006\Services\BTHPORT\Parameters\Keys\001e3ded49ed@c8bcc82abaa6 0xA0 0x12 0x5A 0x0E ...

Reg HKLM\SYSTEM\ControlSet006\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04 (not active ControlSet)

Reg HKLM\SYSTEM\ControlSet006\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@h0 0

Reg HKLM\SYSTEM\ControlSet006\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@ujdew 0x53 0xE1 0x7E 0x01 ...

Reg HKLM\SYSTEM\ControlSet006\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4 (not active ControlSet)

---- Disk sectors - GMER 1.0.15 ----

Disk \Device\Harddisk0\DR0 TDL4@MBR code has been found <-- ROOTKIT !!!

Disk \Device\Harddisk0\DR0 sector 00: rootkit-like behavior

---- EOF - GMER 1.0.15 ----

Modifié le 7 mai 2011 par Beauregard

lance_yien · le 7 mai 2011

Bonjour Beauregard,

Très Important!

>>> A faire immédiatement:

- En haut de ce message cliquer sur le bouton "Suivre ce sujet", en choisissant "Notification immédiate" => "Soumettre" tu seras avisé en temps réel pour les réponses apportées à ton sujet et de ce fait, ta machine sera nettoyée dans les meilleurs délais.

- Sauvegarder (en copiant) tous les documents personnels sur un support autre que la partition système: Clé USB, CD/DVD, Disque Dur externe etc.

>>> Que faire durant ce nettoyage: Merci de NE PAS utiliser, installer et/ou désinstaller aucun programme à part ceux qui sont proposés à chaque étape ce qui a pour but d'éviter tout problème d'incompatibilité entre les outils.

>>> Que faire à la réception de nouvelles instructions:

Lire la totalité du message.
TOUS LES UTILITAIRES doivent être lancés depuis le Bureau (sauf indication spécifique). Aussi, il est demandé de les télécharger et enregistrer DIRECTEMENT sur le Bureau ou les déplacer (tout de suite après par un clic-droit dessus => "Couper" puis clic-droit sur le Bureau => "Coller".
Certains programmes peuvent créer des problèmes s'ils ne sont pas lancés depuis le Bureau.
Prendre l'habitude de désactiver tous les programmes de protection au début de chaque nouvelle étape et de les réactiver à la fin.
Procéder toujours dans l'ordre donné et demander des clarifications si nécessaire AVANT de commencer.
NE PAS hésiter à commenter et signaler tout changement (en bien ou en mal) dans le comportement de la machine ou par rapport au problème initial.

>>> Comment répondre:

- Cliquer sur le bouton (et non sur car je n'ai pas besoin de relire mes messages précédents).

- Coller le contenu des rapports SANS y ajouter AUCUN formatage de texte (en citation, code, couleur etc...).

>>> Ne pas abandonner son sujet avant d'avoir été informé(e) que tout est OK.

Imprimer ces instructions ou les enregistrer dans un fichier texte sur le Bureau pour les consulter facilement à tout moment et télécharger, sur le Bureau (ou depuis un PC sain et transférer sur ton Bureau):

Malware Bytes Anti-Malware depuis ici.
Security Check (par screen317) depuis ici ou ici.
TDSSKiller.zip depuis ici.

>>> TDSSKiller: Dézipper TDSSKiller.zip (clic-droit dessus => "Extraire ici". Glisser TDSSKiller.zip dans la corbeille pour le supprimer.

Fermer tout et désactiver antivirus et tout autre programme de protection. Cliquer sur TDSSKiller.exe pour lancer le programme.
Cliquer sur le bouton Start Scan et patienter jusqu'à la fin de l'analyse.
Si un fichier infecté est détecté, l'action par défaut sera Cure. Cliquer sur le bouton Continue Sans rien changer.
Si un fichier suspect est détecté, l'action par défaut sera Skip. Cliquer sur le bouton Continue Sans rien changer.

Si vous êtes invité à redémarre la machine pour finir le processus (reboot the computer to complete the process), cliquez sur le bouton Reboot Now. Le rapport sera sauvegardé à la racine de la partition système, là où Windows est installé (généralement C:\); son format est du type "TDSSKiller.[Version]_[Date]_[Heure]_log.txt" (par exemple, C:\TDSSKiller.2.2.0_20.12.2009_15.31.43_log.txt). Poster son contenu.

Si aucun redémarrage n'est requis, cliquer sur Report. Un fichier texte s'ouvre et sera sauvegardé de la même manière, poster son contenu.

>>> Utiliser Malwarebytes' Anti-Malware: Fermer toutes les applications et fenêtres ouvertes et double-cliquer sur mbam-setup.exe (pour Vista/ Windows7, cliquer-droit sur mbam-setup.exe => "Exécuter en tant qu'administrateur"). Suivre les indications en laissant tout par défaut. Cliquer sur Terminer sans rien changer.

- Lancer le programme depuis son icône sur le bureau ou depuis "Démarrer" => "Tous les programmes" => "Malwarebytes' Anti-Malware".

- Faire les Mises à jour depuis l'onglet du même nom. Si problème avec les mises à jour automatiques, cliquer ICI pour les télécharger et les installer manuellement.

- Dans l'onglet "Recherche" laisser la case "Exécuter un examen rapide" cochée et cliquer sur "Rechercher".

Patienter jusqu'à la fin (affichage du message ci-dessous)

Cliquer sur OK, pour fermer ce message.

- Cliquer sur "Afficher les résultats" puis s'assurer que tout est coché et cliquer sur "Supprimer la sélection".

Le programme procède alors au nettoyage. S'il vous demande de redémarrer le PC, ACCEPTER (c'est pour supprimer certains fichiers spécifiques).

A la fin un rapport s'affiche (accessible à tout moment depuis l'onglet Rapport/Logs de la fenêtre principale de MBAM. Poster son contenu dans la prochaine réponse.

>>> Utiliser SecurityCheck: Fermer tout et double-cliquer sur "SecurityCheck.exe" (Vista/W7, cliquer-droit dessus => "Exécuter en tant qu'administrateur") pour lancer le programme.

Appuyer sur une touche comme demandé et suivre les indications.

Note: Si un des programmes de sécurité demande la permission d'accéder à Internet depuis dig.exe, acceptez.

Le Rapport checkup.txt s'ouvre à la fin. Poster son contenu.

Ce rapport ne sera pas enregistré automatiquement. Si vous voulez en garder une copie, cliquez sur "Fichier" => "Enregistrer sous", choisissez un endroit (Bureau par exemple) et cliquez sur "Enregistrer" en bas à droite.

Poster son contenu.

Rapports demandés:

TDSSKiller_log.txt
Malwarebytes Anti-Malware log
checkup.txt

Un changement quelconque?

Modifié le 7 mai 2011 par lance_yien

Beauregard · le 7 mai 2011

Loading Error at start (which has been here for a few days):

C:\Users\MyName\AppData\Local\Temp\ntosetup.dll

"Dos" like window has been opening at start for a few days:

C:\Documents and Settings\All Users\Application Data\Skype\Plugins\Plugins\073A

Windows Security center has issues: BitDefender anti virus does not start.

Windows update has been failing for days.

Windows Defender is supposedly outdated. That was actually the first sign.

Thanks for your help,

Beauregard

///////////////////

TDSKILLER REPORT

2011/05/08 01:06:35.0353 6084 TDSS rootkit removing tool 2.5.0.0 May 1 2011 14:20:16

2011/05/08 01:06:37.0358 6084 ================================================================================

2011/05/08 01:06:37.0358 6084 SystemInfo:

2011/05/08 01:06:37.0358 6084

2011/05/08 01:06:37.0359 6084 OS Version: 6.0.6002 ServicePack: 2.0

2011/05/08 01:06:37.0359 6084 Product type: Workstation

2011/05/08 01:06:37.0359 6084 ComputerName: EMMANUEL-PC

2011/05/08 01:06:37.0376 6084 UserName: Emmanuel

2011/05/08 01:06:37.0376 6084 Windows directory: C:\Windows

2011/05/08 01:06:37.0376 6084 System windows directory: C:\Windows

2011/05/08 01:06:37.0376 6084 Processor architecture: Intel x86

2011/05/08 01:06:37.0376 6084 Number of processors: 2

2011/05/08 01:06:37.0376 6084 Page size: 0x1000

2011/05/08 01:06:37.0376 6084 Boot type: Normal boot

2011/05/08 01:06:37.0376 6084 ================================================================================

2011/05/08 01:06:38.0650 6084 Initialize success

2011/05/08 01:06:47.0277 5936 ================================================================================

2011/05/08 01:06:47.0277 5936 Scan started

2011/05/08 01:06:47.0277 5936 Mode: Manual;

2011/05/08 01:06:47.0277 5936 ================================================================================

2011/05/08 01:06:48.0165 5936 61883 (585e64bb6dfbc0a2f1f0b554ded012df) C:\Windows\system32\DRIVERS\61883.sys

2011/05/08 01:06:48.0264 5936 ACPI (82b296ae1892fe3dbee00c9cf92f8ac7) C:\Windows\system32\drivers\acpi.sys

2011/05/08 01:06:48.0515 5936 adp94xx (04f0fcac69c7c71a3ac4eb97fafc8303) C:\Windows\system32\drivers\adp94xx.sys

2011/05/08 01:06:48.0701 5936 adpahci (60505e0041f7751bdbb80f88bf45c2ce) C:\Windows\system32\drivers\adpahci.sys

2011/05/08 01:06:48.0794 5936 adpu160m (8a42779b02aec986eab64ecfc98f8bd7) C:\Windows\system32\drivers\adpu160m.sys

2011/05/08 01:06:48.0879 5936 adpu320 (241c9e37f8ce45ef51c3de27515ca4e5) C:\Windows\system32\drivers\adpu320.sys

2011/05/08 01:06:49.0161 5936 AFD (a201207363aa900abf1a388468688570) C:\Windows\system32\drivers\afd.sys

2011/05/08 01:06:49.0258 5936 agp440 (13f9e33747e6b41a3ff305c37db0d360) C:\Windows\system32\drivers\agp440.sys

2011/05/08 01:06:49.0366 5936 aic78xx (ae1fdf7bf7bb6c6a70f67699d880592a) C:\Windows\system32\drivers\djsvs.sys

2011/05/08 01:06:49.0584 5936 Alidevice (2f17c06cda54bfbe13c4046b19055f7b) C:\Windows\system32\drivers\Alidevice.sys

2011/05/08 01:06:49.0671 5936 aliide (9eaef5fc9b8e351afa7e78a6fae91f91) C:\Windows\system32\drivers\aliide.sys

2011/05/08 01:06:49.0764 5936 amdagp (c47344bc706e5f0b9dce369516661578) C:\Windows\system32\drivers\amdagp.sys

2011/05/08 01:06:49.0841 5936 amdide (9b78a39a4c173fdbc1321e0dd659b34c) C:\Windows\system32\drivers\amdide.sys

2011/05/08 01:06:49.0970 5936 AmdK7 (18f29b49ad23ecee3d2a826c725c8d48) C:\Windows\system32\drivers\amdk7.sys

2011/05/08 01:06:50.0062 5936 AmdK8 (93ae7f7dd54ab986a6f1a1b37be7442d) C:\Windows\system32\drivers\amdk8.sys

2011/05/08 01:06:50.0148 5936 ApfiltrService (9325e49d555d8f12ce1735227dbb3d80) C:\Windows\system32\DRIVERS\Apfiltr.sys

2011/05/08 01:06:50.0614 5936 arc (5d2888182fb46632511acee92fdad522) C:\Windows\system32\drivers\arc.sys

2011/05/08 01:06:50.0769 5936 arcsas (5e2a321bd7c8b3624e41fdec3e244945) C:\Windows\system32\drivers\arcsas.sys

2011/05/08 01:06:51.0139 5936 AsyncMac (53b202abee6455406254444303e87be1) C:\Windows\system32\DRIVERS\asyncmac.sys

2011/05/08 01:06:51.0207 5936 atapi (2d9c903dc76a66813d350a562de40ed9) C:\Windows\system32\drivers\atapi.sys

2011/05/08 01:06:51.0572 5936 athr (24b4375abbc587bdc99e231383c16b8f) C:\Windows\system32\DRIVERS\athr.sys

2011/05/08 01:06:52.0272 5936 atikmdag (eb4652a6571ef66c6c778e1007623f1f) C:\Windows\system32\DRIVERS\atikmdag.sys

2011/05/08 01:06:52.0863 5936 Avc (f4b56425a00beb32f5fa6603ff7b0ea2) C:\Windows\system32\DRIVERS\avc.sys

2011/05/08 01:06:53.0278 5936 AVCSTRM (a25f0f39ac579fe899a7c8d67ecb157c) C:\Windows\system32\DRIVERS\avcstrm.sys

2011/05/08 01:06:53.0677 5936 BDFM (67c2a47db7190673350a3f9f5a1507cb) C:\Windows\system32\DRIVERS\bdfm.sys

2011/05/08 01:06:53.0910 5936 bdfsfltr (a21a4a0e6bdf0c2be0fabfa16d8c8f76) C:\Windows\system32\DRIVERS\bdfsfltr.sys

2011/05/08 01:06:54.0194 5936 bdftdif (0bdbf842a39d6c5640ba4b8acf29aa06) C:\Program Files\Common Files\BitDefender\BitDefender Firewall\bdftdif.sys

2011/05/08 01:06:54.0387 5936 BDSelfPr (0d756ced21d977ae32539da1f41bf879) C:\Program Files\BitDefender\BitDefender 2010\bdselfpr.sys

2011/05/08 01:06:54.0905 5936 Beep (67e506b75bd5326a3ec7b70bd014dfb6) C:\Windows\system32\drivers\Beep.sys

2011/05/08 01:06:55.0253 5936 blbdrive (d4df28447741fd3d953526e33a617397) C:\Windows\system32\drivers\blbdrive.sys

2011/05/08 01:06:55.0340 5936 bowser (74b442b2be1260b7588c136177ceac66) C:\Windows\system32\DRIVERS\bowser.sys

2011/05/08 01:06:55.0548 5936 BrFiltLo (9f9acc7f7ccde8a15c282d3f88b43309) C:\Windows\system32\drivers\brfiltlo.sys

2011/05/08 01:06:56.0202 5936 BrFiltUp (56801ad62213a41f6497f96dee83755a) C:\Windows\system32\drivers\brfiltup.sys

2011/05/08 01:06:56.0654 5936 Brserid (b304e75cff293029eddf094246747113) C:\Windows\system32\drivers\brserid.sys

2011/05/08 01:06:56.0968 5936 BrSerWdm (203f0b1e73adadbbb7b7b1fabd901f6b) C:\Windows\system32\drivers\brserwdm.sys

2011/05/08 01:06:57.0169 5936 BrUsbMdm (bd456606156ba17e60a04e18016ae54b) C:\Windows\system32\drivers\brusbmdm.sys

2011/05/08 01:06:57.0256 5936 BrUsbSer (af72ed54503f717a43268b3cc5faec2e) C:\Windows\system32\drivers\brusbser.sys

2011/05/08 01:06:57.0480 5936 BthEnum (6d39c954799b63ba866910234cf7d726) C:\Windows\system32\DRIVERS\BthEnum.sys

2011/05/08 01:06:57.0799 5936 BTHMODEM (9a966a8e86d1771911ae34a20d11bff3) C:\Windows\system32\DRIVERS\bthmodem.sys

2011/05/08 01:06:58.0295 5936 BthPan (5904efa25f829bf84ea6fb045134a1d8) C:\Windows\system32\DRIVERS\bthpan.sys

2011/05/08 01:06:58.0912 5936 BTHPORT (5a3abaa2f8eece7aefb942773766e3db) C:\Windows\system32\Drivers\BTHport.sys

2011/05/08 01:06:59.0263 5936 BTHprint (d72baf07a11de1dd32855bb897518d53) C:\Windows\system32\DRIVERS\bthprint.sys

2011/05/08 01:06:59.0352 5936 BTHUSB (94e2941280e3756a5e0bcb467865c43a) C:\Windows\system32\Drivers\BTHUSB.sys

2011/05/08 01:06:59.0565 5936 btwaudio (7f256d9fff384faa40df5db1cb8531d9) C:\Windows\system32\drivers\btwaudio.sys

2011/05/08 01:06:59.0635 5936 btwavdt (d87d990131aaabb27d4046790292366d) C:\Windows\system32\drivers\btwavdt.sys

2011/05/08 01:06:59.0721 5936 btwl2cap (d02f4d18aa4a38f781beefeb1892e144) C:\Windows\system32\DRIVERS\btwl2cap.sys

2011/05/08 01:06:59.0833 5936 btwrchid (e1771c0fb49e747ab2b2d29da50510f9) C:\Windows\system32\DRIVERS\btwrchid.sys

2011/05/08 01:06:59.0986 5936 cdfs (7add03e75beb9e6dd102c3081d29840a) C:\Windows\system32\DRIVERS\cdfs.sys

2011/05/08 01:07:00.0083 5936 cdrom (6b4bffb9becd728097024276430db314) C:\Windows\system32\DRIVERS\cdrom.sys

2011/05/08 01:07:00.0163 5936 circlass (e5d4133f37219dbcfe102bc61072589d) C:\Windows\system32\drivers\circlass.sys

2011/05/08 01:07:00.0369 5936 CLFS (d7659d3b5b92c31e84e53c1431f35132) C:\Windows\system32\CLFS.sys

2011/05/08 01:07:00.0517 5936 CMB8100 (6b0f39e11eec9fa75a2f3e74344470e0) C:\Windows\system32\Drivers\CertClient.dat

2011/05/08 01:07:00.0640 5936 CmBatt (99afc3795b58cc478fbbbcdc658fcb56) C:\Windows\system32\DRIVERS\CmBatt.sys

2011/05/08 01:07:00.0778 5936 CMBProtector (01bd490e00f607c0c82b2b7f7da64e25) C:\Windows\system32\Drivers\CMBProtector.dat

2011/05/08 01:07:00.0861 5936 cmdide (0ca25e686a4928484e9fdabd168ab629) C:\Windows\system32\drivers\cmdide.sys

2011/05/08 01:07:00.0951 5936 Compbatt (6afef0b60fa25de07c0968983ee4f60a) C:\Windows\system32\DRIVERS\compbatt.sys

2011/05/08 01:07:01.0031 5936 crcdisk (741e9dff4f42d2d8477d0fc1dc0df871) C:\Windows\system32\drivers\crcdisk.sys

2011/05/08 01:07:01.0164 5936 Crusoe (1f07becdca750766a96cda811ba86410) C:\Windows\system32\drivers\crusoe.sys

2011/05/08 01:07:01.0305 5936 CSC (9bdb2e89be8d0ef37b1f25c3d3fc192c) C:\Windows\system32\drivers\csc.sys

2011/05/08 01:07:01.0494 5936 DfsC (218d8ae46c88e82014f5d73d0236d9b2) C:\Windows\system32\Drivers\dfsc.sys

2011/05/08 01:07:01.0621 5936 disk (5d4aefc3386920236a548271f8f1af6a) C:\Windows\system32\drivers\disk.sys

2011/05/08 01:07:01.0839 5936 dlkmd (a4949370238c55aef82317af36d8b939) C:\Windows\system32\drivers\dlkmd.sys

2011/05/08 01:07:01.0935 5936 dlkmdldr (c8e26d7e2b8e354982d5e37e2c05fdba) C:\Windows\system32\drivers\dlkmdldr.sys

2011/05/08 01:07:02.0016 5936 DMICall (f206e28ed74c491fd5d7c0a1119ce37f) C:\Windows\system32\DRIVERS\DMICall.sys

2011/05/08 01:07:02.0154 5936 Dot4 (4f59c172c094e1a1d46463a8dc061cbd) C:\Windows\system32\DRIVERS\Dot4.sys

2011/05/08 01:07:02.0287 5936 Dot4Print (80bf3ba09f6f2523c8f6b7cc6dbf7bd5) C:\Windows\system32\DRIVERS\Dot4Prt.sys

2011/05/08 01:07:02.0378 5936 dot4usb (c55004ca6b419b6695970dfe849b122f) C:\Windows\system32\DRIVERS\dot4usb.sys

2011/05/08 01:07:02.0471 5936 drmkaud (97fef831ab90bee128c9af390e243f80) C:\Windows\system32\drivers\drmkaud.sys

2011/05/08 01:07:02.0597 5936 DXGKrnl (fb85f7f69e9b109820409243f578cc4d) C:\Windows\System32\drivers\dxgkrnl.sys

2011/05/08 01:07:02.0753 5936 E1G60 (5425f74ac0c1dbd96a1e04f17d63f94c) C:\Windows\system32\DRIVERS\E1G60I32.sys

2011/05/08 01:07:02.0854 5936 Ecache (7f64ea048dcfac7acf8b4d7b4e6fe371) C:\Windows\system32\drivers\ecache.sys

2011/05/08 01:07:03.0060 5936 ElbyCDIO (178cc9403816c082d22a1d47fa1f9c85) C:\Windows\system32\Drivers\ElbyCDIO.sys

2011/05/08 01:07:03.0209 5936 elxstor (23b62471681a124889978f6295b3f4c6) C:\Windows\system32\drivers\elxstor.sys

2011/05/08 01:07:03.0333 5936 ErrDev (3db974f3935483555d7148663f726c61) C:\Windows\system32\drivers\errdev.sys

2011/05/08 01:07:03.0481 5936 exfat (22b408651f9123527bcee54b4f6c5cae) C:\Windows\system32\drivers\exfat.sys

2011/05/08 01:07:03.0587 5936 fastfat (1e9b9a70d332103c52995e957dc09ef8) C:\Windows\system32\drivers\fastfat.sys

2011/05/08 01:07:03.0739 5936 fdc (afe1e8b9782a0dd7fb46bbd88e43f89a) C:\Windows\system32\DRIVERS\fdc.sys

2011/05/08 01:07:03.0825 5936 FileInfo (a8c0139a884861e3aae9cfe73b208a9f) C:\Windows\system32\drivers\fileinfo.sys

2011/05/08 01:07:03.0901 5936 Filetrace (0ae429a696aecbc5970e3cf2c62635ae) C:\Windows\system32\drivers\filetrace.sys

2011/05/08 01:07:04.0076 5936 flpydisk (85b7cf99d532820495d68d747fda9ebd) C:\Windows\system32\DRIVERS\flpydisk.sys

2011/05/08 01:07:04.0195 5936 FltMgr (01334f9ea68e6877c4ef05d3ea8abb05) C:\Windows\system32\drivers\fltmgr.sys

2011/05/08 01:07:04.0296 5936 Fs_Rec (65ea8b77b5851854f0c55c43fa51a198) C:\Windows\system32\drivers\Fs_Rec.sys

2011/05/08 01:07:04.0353 5936 fvevol (fecf4c2e42440a8d132bf94eee3c3fc9) C:\Windows\system32\DRIVERS\fvevol.sys

2011/05/08 01:07:04.0430 5936 gagp30kx (34582a6e6573d54a07ece5fe24a126b5) C:\Windows\system32\drivers\gagp30kx.sys

2011/05/08 01:07:04.0560 5936 GEARAspiWDM (8182ff89c65e4d38b2de4bb0fb18564e) C:\Windows\system32\DRIVERS\GEARAspiWDM.sys

2011/05/08 01:07:04.0700 5936 HdAudAddService (cb04c744be0a61b1d648faed182c3b59) C:\Windows\system32\drivers\HdAudio.sys

2011/05/08 01:07:04.0835 5936 HDAudBus (062452b7ffd68c8c042a6261fe8dff4a) C:\Windows\system32\DRIVERS\HDAudBus.sys

2011/05/08 01:07:04.0963 5936 HidBth (fcb3f4be408f72c1bd81bcaba87fc22f) C:\Windows\system32\DRIVERS\hidbth.sys

2011/05/08 01:07:05.0089 5936 HidIr (ff3160c3a2445128c5a6d9b076da519e) C:\Windows\system32\drivers\hidir.sys

2011/05/08 01:07:05.0215 5936 HidUsb (cca4b519b17e23a00b826c55716809cc) C:\Windows\system32\DRIVERS\hidusb.sys

2011/05/08 01:07:05.0304 5936 HpCISSs (16ee7b23a009e00d835cdb79574a91a6) C:\Windows\system32\drivers\hpcisss.sys

2011/05/08 01:07:05.0438 5936 HPFXBULK (9e3944a558ab84853ef985988e23a8a4) C:\Windows\system32\drivers\hpfxbulk.sys

2011/05/08 01:07:05.0581 5936 HSFHWAZL (46d67209550973257601a533e2ac5785) C:\Windows\system32\DRIVERS\VSTAZL3.SYS

2011/05/08 01:07:05.0717 5936 HSF_DPV (7bc42c65b5c6281777c1a7605b253ba8) C:\Windows\system32\DRIVERS\HSX_DPV.sys

2011/05/08 01:07:05.0843 5936 HSXHWAZL (9ebf2d102ccbb6bcdfbf1b7922f8ba2e) C:\Windows\system32\DRIVERS\HSXHWAZL.sys

2011/05/08 01:07:05.0957 5936 HTTP (f870aa3e254628ebeafe754108d664de) C:\Windows\system32\drivers\HTTP.sys

2011/05/08 01:07:06.0111 5936 i2omp (c6b032d69650985468160fc9937cf5b4) C:\Windows\system32\drivers\i2omp.sys

2011/05/08 01:07:06.0182 5936 i8042prt (22d56c8184586b7a1f6fa60be5f5a2bd) C:\Windows\system32\DRIVERS\i8042prt.sys

2011/05/08 01:07:06.0294 5936 iaStor (db0cc620b27a928d968c1a1e9cd9cb87) C:\Windows\system32\DRIVERS\iaStor.sys

2011/05/08 01:07:06.0377 5936 iaStorV (54155ea1b0df185878e0fc9ec3ac3a14) C:\Windows\system32\drivers\iastorv.sys

2011/05/08 01:07:06.0609 5936 iirsp (2d077bf86e843f901d8db709c95b49a5) C:\Windows\system32\drivers\iirsp.sys

2011/05/08 01:07:06.0814 5936 IntcAzAudAddService (2deb2538c9372568bb67b5fdf2359790) C:\Windows\system32\drivers\RTKVHDA.sys

2011/05/08 01:07:07.0042 5936 intelide (83aa759f3189e6370c30de5dc5590718) C:\Windows\system32\drivers\intelide.sys

2011/05/08 01:07:07.0188 5936 intelppm (224191001e78c89dfa78924c3ea595ff) C:\Windows\system32\DRIVERS\intelppm.sys

2011/05/08 01:07:07.0260 5936 IpFilterDriver (62c265c38769b864cb25b4bcf62df6c3) C:\Windows\system32\DRIVERS\ipfltdrv.sys

2011/05/08 01:07:07.0424 5936 IPMIDRV (b25aaf203552b7b3491139d582b39ad1) C:\Windows\system32\drivers\ipmidrv.sys

2011/05/08 01:07:07.0506 5936 IPNAT (8793643a67b42cec66490b2a0cf92d68) C:\Windows\system32\DRIVERS\ipnat.sys

2011/05/08 01:07:07.0702 5936 IRENUM (109c0dfb82c3632fbd11949b73aeeac9) C:\Windows\system32\drivers\irenum.sys

2011/05/08 01:07:07.0795 5936 isapnp (6c70698a3e5c4376c6ab5c7c17fb0614) C:\Windows\system32\drivers\isapnp.sys

2011/05/08 01:07:07.0936 5936 iScsiPrt (232fa340531d940aac623b121a595034) C:\Windows\system32\DRIVERS\msiscsi.sys

2011/05/08 01:07:08.0007 5936 iteatapi (bced60d16156e428f8df8cf27b0df150) C:\Windows\system32\drivers\iteatapi.sys

2011/05/08 01:07:08.0081 5936 iteraid (06fa654504a498c30adca8bec4e87e7e) C:\Windows\system32\drivers\iteraid.sys

2011/05/08 01:07:08.0222 5936 kbdclass (37605e0a8cf00cbba538e753e4344c6e) C:\Windows\system32\DRIVERS\kbdclass.sys

2011/05/08 01:07:08.0297 5936 kbdhid (ede59ec70e25c24581add1fbec7325f7) C:\Windows\system32\DRIVERS\kbdhid.sys

2011/05/08 01:07:08.0461 5936 KSecDD (86165728af9bf72d6442a894fdfb4f8b) C:\Windows\system32\Drivers\ksecdd.sys

2011/05/08 01:07:08.0853 5936 LHidFilt (24e0ddb99aeccf86bb37702611761459) C:\Windows\system32\DRIVERS\LHidFilt.Sys

2011/05/08 01:07:08.0980 5936 lltdio (d1c5883087a0c3f1344d9d55a44901f6) C:\Windows\system32\DRIVERS\lltdio.sys

2011/05/08 01:07:09.0085 5936 LMouFilt (d58b330d318361a66a9fe60d7c9b4951) C:\Windows\system32\DRIVERS\LMouFilt.Sys

2011/05/08 01:07:09.0209 5936 LSI_FC (c7e15e82879bf3235b559563d4185365) C:\Windows\system32\drivers\lsi_fc.sys

2011/05/08 01:07:09.0307 5936 LSI_SAS (ee01ebae8c9bf0fa072e0ff68718920a) C:\Windows\system32\drivers\lsi_sas.sys

2011/05/08 01:07:09.0402 5936 LSI_SCSI (912a04696e9ca30146a62afa1463dd5c) C:\Windows\system32\drivers\lsi_scsi.sys

2011/05/08 01:07:09.0529 5936 luafv (8f5c7426567798e62a3b3614965d62cc) C:\Windows\system32\drivers\luafv.sys

2011/05/08 01:07:09.0650 5936 mdmxsdk (0cea2d0d3fa284b85ed5b68365114f76) C:\Windows\system32\DRIVERS\mdmxsdk.sys

2011/05/08 01:07:09.0731 5936 megasas (0001ce609d66632fa17b84705f658879) C:\Windows\system32\drivers\megasas.sys

2011/05/08 01:07:09.0839 5936 MegaSR (c252f32cd9a49dbfc25ecf26ebd51a99) C:\Windows\system32\drivers\megasr.sys

2011/05/08 01:07:10.0028 5936 Modem (e13b5ea0f51ba5b1512ec671393d09ba) C:\Windows\system32\drivers\modem.sys

2011/05/08 01:07:10.0132 5936 monitor (0a9bb33b56e294f686abb7c1e4e2d8a8) C:\Windows\system32\DRIVERS\monitor.sys

2011/05/08 01:07:10.0194 5936 mouclass (5bf6a1326a335c5298477754a506d263) C:\Windows\system32\DRIVERS\mouclass.sys

2011/05/08 01:07:10.0275 5936 mouhid (93b8d4869e12cfbe663915502900876f) C:\Windows\system32\DRIVERS\mouhid.sys

2011/05/08 01:07:10.0418 5936 MountMgr (bdafc88aa6b92f7842416ea6a48e1600) C:\Windows\system32\drivers\mountmgr.sys

2011/05/08 01:07:10.0515 5936 mpio (511d011289755dd9f9a7579fb0b064e6) C:\Windows\system32\drivers\mpio.sys

2011/05/08 01:07:10.0620 5936 mpsdrv (22241feba9b2defa669c8cb0a8dd7d2e) C:\Windows\system32\drivers\mpsdrv.sys

2011/05/08 01:07:10.0714 5936 Mraid35x (4fbbb70d30fd20ec51f80061703b001e) C:\Windows\system32\drivers\mraid35x.sys

2011/05/08 01:07:10.0834 5936 MRxDAV (82cea0395524aacfeb58ba1448e8325c) C:\Windows\system32\drivers\mrxdav.sys

2011/05/08 01:07:10.0970 5936 mrxsmb (454341e652bdf5e01b0f2140232b073e) C:\Windows\system32\DRIVERS\mrxsmb.sys

2011/05/08 01:07:11.0072 5936 mrxsmb10 (2a4901aff069944fa945ed5bbf4dcde3) C:\Windows\system32\DRIVERS\mrxsmb10.sys

2011/05/08 01:07:11.0123 5936 mrxsmb20 (28b3f1ab44bdd4432c041581412f17d9) C:\Windows\system32\DRIVERS\mrxsmb20.sys

2011/05/08 01:07:11.0190 5936 msahci (28023e86f17001f7cd9b15a5bc9ae07d) C:\Windows\system32\drivers\msahci.sys

2011/05/08 01:07:11.0265 5936 msdsm (4468b0f385a86ecddaf8d3ca662ec0e7) C:\Windows\system32\drivers\msdsm.sys

2011/05/08 01:07:11.0409 5936 MSDV (343291a4dfd7c923c3f71f550830ec1c) C:\Windows\system32\DRIVERS\msdv.sys

2011/05/08 01:07:11.0504 5936 Msfs (a9927f4a46b816c92f461acb90cf8515) C:\Windows\system32\drivers\Msfs.sys

2011/05/08 01:07:11.0583 5936 msisadrv (0f400e306f385c56317357d6dea56f62) C:\Windows\system32\drivers\msisadrv.sys

2011/05/08 01:07:11.0693 5936 MSKSSRV (d8c63d34d9c9e56c059e24ec7185cc07) C:\Windows\system32\drivers\MSKSSRV.sys

2011/05/08 01:07:11.0774 5936 MSPCLOCK (1d373c90d62ddb641d50e55b9e78d65e) C:\Windows\system32\drivers\MSPCLOCK.sys

2011/05/08 01:07:11.0849 5936 MSPQM (b572da05bf4e098d4bba3a4734fb505b) C:\Windows\system32\drivers\MSPQM.sys

2011/05/08 01:07:11.0962 5936 MsRPC (b49456d70555de905c311bcda6ec6adb) C:\Windows\system32\drivers\MsRPC.sys

2011/05/08 01:07:12.0062 5936 mssmbios (e384487cb84be41d09711c30ca79646c) C:\Windows\system32\DRIVERS\mssmbios.sys

2011/05/08 01:07:12.0157 5936 MSTAPE (92b0e43b54ebff026451df3dd142129d) C:\Windows\system32\DRIVERS\mstape.sys

2011/05/08 01:07:12.0262 5936 MSTEE (7199c1eec1e4993caf96b8c0a26bd58a) C:\Windows\system32\drivers\MSTEE.sys

2011/05/08 01:07:12.0377 5936 Mup (6a57b5733d4cb702c8ea4542e836b96c) C:\Windows\system32\Drivers\mup.sys

2011/05/08 01:07:12.0516 5936 NativeWifiP (85c44fdff9cf7e72a40dcb7ec06a4416) C:\Windows\system32\DRIVERS\nwifi.sys

2011/05/08 01:07:12.0633 5936 NDIS (1357274d1883f68300aeadd15d7bbb42) C:\Windows\system32\drivers\ndis.sys

2011/05/08 01:07:12.0782 5936 NdisTapi (0e186e90404980569fb449ba7519ae61) C:\Windows\system32\DRIVERS\ndistapi.sys

2011/05/08 01:07:12.0871 5936 Ndisuio (d6973aa34c4d5d76c0430b181c3cd389) C:\Windows\system32\DRIVERS\ndisuio.sys

2011/05/08 01:07:12.0981 5936 NdisWan (818f648618ae34f729fdb47ec68345c3) C:\Windows\system32\DRIVERS\ndiswan.sys

2011/05/08 01:07:13.0058 5936 NDProxy (71dab552b41936358f3b541ae5997fb3) C:\Windows\system32\drivers\NDProxy.sys

2011/05/08 01:07:13.0152 5936 NetBIOS (bcd093a5a6777cf626434568dc7dba78) C:\Windows\system32\DRIVERS\netbios.sys

2011/05/08 01:07:13.0267 5936 netbt (ecd64230a59cbd93c85f1cd1cab9f3f6) C:\Windows\system32\DRIVERS\netbt.sys

2011/05/08 01:07:13.0535 5936 NETw5v32 (e559ea9138c77b5d1fda8c558764a25f) C:\Windows\system32\DRIVERS\NETw5v32.sys

2011/05/08 01:07:13.0749 5936 nfrd960 (2e7fb731d4790a1bc6270accefacb36e) C:\Windows\system32\drivers\nfrd960.sys

2011/05/08 01:07:13.0969 5936 Npfs (d36f239d7cce1931598e8fb90a0dbc26) C:\Windows\system32\drivers\Npfs.sys

2011/05/08 01:07:14.0118 5936 nsiproxy (609773e344a97410ce4ebf74a8914fcf) C:\Windows\system32\drivers\nsiproxy.sys

2011/05/08 01:07:14.0264 5936 Ntfs (6a4a98cee84cf9e99564510dda4baa47) C:\Windows\system32\drivers\Ntfs.sys

2011/05/08 01:07:14.0406 5936 ntrigdigi (e875c093aec0c978a90f30c9e0dfbb72) C:\Windows\system32\drivers\ntrigdigi.sys

2011/05/08 01:07:14.0564 5936 NuidFltr (cf7e041663119e09d2e118521ada9300) C:\Windows\system32\DRIVERS\NuidFltr.sys

2011/05/08 01:07:14.0658 5936 Null (c5dbbcda07d780bda9b685df333bb41e) C:\Windows\system32\drivers\Null.sys

2011/05/08 01:07:14.0733 5936 nvraid (2edf9e7751554b42cbb60116de727101) C:\Windows\system32\drivers\nvraid.sys

2011/05/08 01:07:14.0819 5936 nvstor (abed0c09758d1d97db0042dbb2688177) C:\Windows\system32\drivers\nvstor.sys

2011/05/08 01:07:14.0913 5936 nv_agp (18bbdf913916b71bd54575bdb6eeac0b) C:\Windows\system32\drivers\nv_agp.sys

2011/05/08 01:07:15.0151 5936 ohci1394 (6f310e890d46e246e0e261a63d9b36b4) C:\Windows\system32\DRIVERS\ohci1394.sys

2011/05/08 01:07:15.0430 5936 Parport (0fa9b5055484649d63c303fe404e5f4d) C:\Windows\system32\drivers\parport.sys

2011/05/08 01:07:15.0855 5936 partmgr (57389fa59a36d96b3eb09d0cb91e9cdc) C:\Windows\system32\drivers\partmgr.sys

2011/05/08 01:07:16.0299 5936 Parvdm (4f9a6a8a31413180d0fcb279ad5d8112) C:\Windows\system32\drivers\parvdm.sys

2011/05/08 01:07:17.0008 5936 pci (941dc1d19e7e8620f40bbc206981efdb) C:\Windows\system32\drivers\pci.sys

2011/05/08 01:07:17.0448 5936 pciide (fc175f5ddab666d7f4d17449a547626f) C:\Windows\system32\drivers\pciide.sys

2011/05/08 01:07:17.0738 5936 pcmcia (e6f3fb1b86aa519e7698ad05e58b04e5) C:\Windows\system32\drivers\pcmcia.sys

2011/05/08 01:07:18.0626 5936 PEAUTH (6349f6ed9c623b44b52ea3c63c831a92) C:\Windows\system32\drivers\peauth.sys

2011/05/08 01:07:19.0037 5936 Point32 (d82ac5b7da8fdccda1323836516405ec) C:\Windows\system32\DRIVERS\point32k.sys

2011/05/08 01:07:19.0382 5936 PptpMiniport (ecfffaec0c1ecd8dbc77f39070ea1db1) C:\Windows\system32\DRIVERS\raspptp.sys

2011/05/08 01:07:19.0929 5936 Processor (2027293619dd0f047c584cf2e7df4ffd) C:\Windows\system32\drivers\processr.sys

2011/05/08 01:07:20.0335 5936 Profos (d90a33660d328a9f587580f0b38c85de) C:\Program Files\Common Files\BitDefender\BitDefender Threat Scanner\profos.sys

2011/05/08 01:07:20.0567 5936 PSched (99514faa8df93d34b5589187db3aa0ba) C:\Windows\system32\DRIVERS\pacer.sys

2011/05/08 01:07:20.0666 5936 PxHelp20 (d970470f8f39470bdae94d313a1ccdce) C:\Windows\system32\Drivers\PxHelp20.sys

2011/05/08 01:07:20.0782 5936 ql2300 (0a6db55afb7820c99aa1f3a1d270f4f6) C:\Windows\system32\drivers\ql2300.sys

2011/05/08 01:07:20.0935 5936 ql40xx (81a7e5c076e59995d54bc1ed3a16e60b) C:\Windows\system32\drivers\ql40xx.sys

2011/05/08 01:07:21.0055 5936 QWAVEdrv (9f5e0e1926014d17486901c88eca2db7) C:\Windows\system32\drivers\qwavedrv.sys

2011/05/08 01:07:21.0142 5936 RasAcd (147d7f9c556d259924351feb0de606c3) C:\Windows\system32\DRIVERS\rasacd.sys

2011/05/08 01:07:21.0240 5936 Rasl2tp (a214adbaf4cb47dd2728859ef31f26b0) C:\Windows\system32\DRIVERS\rasl2tp.sys

2011/05/08 01:07:21.0356 5936 RasPppoe (509a98dd18af4375e1fc40bc175f1def) C:\Windows\system32\DRIVERS\raspppoe.sys

2011/05/08 01:07:21.0465 5936 RasSstp (2005f4a1e05fa09389ac85840f0a9e4d) C:\Windows\system32\DRIVERS\rassstp.sys

2011/05/08 01:07:21.0624 5936 rdbss (b14c9d5b9add2f84f70570bbbfaa7935) C:\Windows\system32\DRIVERS\rdbss.sys

2011/05/08 01:07:21.0726 5936 RDPCDD (89e59be9a564262a3fb6c4f4f1cd9899) C:\Windows\system32\DRIVERS\RDPCDD.sys

2011/05/08 01:07:21.0837 5936 rdpdr (943b18305eae3935598a9b4a3d560b4c) C:\Windows\system32\DRIVERS\rdpdr.sys

2011/05/08 01:07:21.0917 5936 RDPENCDD (9d91fe5286f748862ecffa05f8a0710c) C:\Windows\system32\drivers\rdpencdd.sys

2011/05/08 01:07:22.0083 5936 RDPWD (30bfbdfb7f95559ede971f9ddb9a00ba) C:\Windows\system32\drivers\RDPWD.sys

2011/05/08 01:07:22.0248 5936 regi (001b4278407f4303efc902a2b16f2453) C:\Windows\system32\drivers\regi.sys

2011/05/08 01:07:22.0398 5936 RFCOMM (6482707f9f4da0ecbab43b2e0398a101) C:\Windows\system32\DRIVERS\rfcomm.sys

2011/05/08 01:07:22.0479 5936 rimsptsk (f2993908be03181c781228daadc55230) C:\Windows\system32\DRIVERS\rimsptsk.sys

2011/05/08 01:07:22.0659 5936 RimVSerPort (2c4fb2e9f039287767c384e46ee91030) C:\Windows\system32\DRIVERS\RimSerial.sys

2011/05/08 01:07:22.0750 5936 risdptsk (cd6e3947724b337f9bc1524b710231eb) C:\Windows\system32\DRIVERS\risdptsk.sys

2011/05/08 01:07:22.0851 5936 ROOTMODEM (75e8a6bfa7374aba833ae92bf41ae4e6) C:\Windows\system32\Drivers\RootMdm.sys

2011/05/08 01:07:22.0968 5936 rspndr (9c508f4074a39e8b4b31d27198146fad) C:\Windows\system32\DRIVERS\rspndr.sys

2011/05/08 01:07:23.0106 5936 RTHDMIAzAudService (f175b21f20b60958295f9221f11fed9f) C:\Windows\system32\drivers\RtHDMIV.sys

2011/05/08 01:07:23.0275 5936 sbp2port (37ca203f8ccf732cd272a27e55b268c4) C:\Windows\system32\DRIVERS\sbp2port.sys

2011/05/08 01:07:23.0468 5936 sdbus (126ea89bcc413ee45e3004fb0764888f) C:\Windows\system32\DRIVERS\sdbus.sys

2011/05/08 01:07:23.0632 5936 secdrv (90a3935d05b494a5a39d37e71f09a677) C:\Windows\system32\drivers\secdrv.sys

2011/05/08 01:07:23.0754 5936 Serenum (68e44e331d46f0fb38f0863a84cd1a31) C:\Windows\system32\drivers\serenum.sys

2011/05/08 01:07:23.0836 5936 Serial (c70d69a918b178d3c3b06339b40c2e1b) C:\Windows\system32\drivers\serial.sys

2011/05/08 01:07:23.0932 5936 sermouse (8af3d28a879bf75db53a0ee7a4289624) C:\Windows\system32\drivers\sermouse.sys

2011/05/08 01:07:24.0156 5936 SFEP (8b7c1768d2cde2e02e09a66563ddfd16) C:\Windows\system32\DRIVERS\SFEP.sys

2011/05/08 01:07:24.0313 5936 sffdisk (3efa810bdca87f6ecc24f9832243fe86) C:\Windows\system32\drivers\sffdisk.sys

2011/05/08 01:07:24.0416 5936 sffp_mmc (e95d451f7ea3e583aec75f3b3ee42dc5) C:\Windows\system32\drivers\sffp_mmc.sys

2011/05/08 01:07:24.0504 5936 sffp_sd (3d0ea348784b7ac9ea9bd9f317980979) C:\Windows\system32\drivers\sffp_sd.sys

2011/05/08 01:07:24.0596 5936 sfloppy (46ed8e91793b2e6f848015445a0ac188) C:\Windows\system32\drivers\sfloppy.sys

2011/05/08 01:07:24.0712 5936 sisagp (1d76624a09a054f682d746b924e2dbc3) C:\Windows\system32\drivers\sisagp.sys

2011/05/08 01:07:24.0898 5936 SiSRaid2 (43cb7aa756c7db280d01da9b676cfde2) C:\Windows\system32\drivers\sisraid2.sys

2011/05/08 01:07:25.0000 5936 SiSRaid4 (a99c6c8b0baa970d8aa59ddc50b57f94) C:\Windows\system32\drivers\sisraid4.sys

2011/05/08 01:07:25.0193 5936 Smb (7b75299a4d201d6a6533603d6914ab04) C:\Windows\system32\DRIVERS\smb.sys

2011/05/08 01:07:25.0469 5936 spldr (7aebdeef071fe28b0eef2cdd69102bff) C:\Windows\system32\drivers\spldr.sys

2011/05/08 01:07:25.0623 5936 sptd (71e276f6d189413266ea22171806597b) C:\Windows\System32\Drivers\sptd.sys

2011/05/08 01:07:25.0859 5936 SRS_SSCFilter (53ff9a8b3748399f143d7572b7888dd7) C:\Windows\system32\drivers\srs_sscfilter_i386.sys

2011/05/08 01:07:25.0988 5936 srv (ff3cbc13db84d81f56931bc922cc37c4) C:\Windows\system32\DRIVERS\srv.sys

2011/05/08 01:07:26.0121 5936 srv2 (d15959d9f69f0d39a0153e9c244f20dd) C:\Windows\system32\DRIVERS\srv2.sys

2011/05/08 01:07:26.0209 5936 srvnet (faa0d553a49e85008c6bb3781987c574) C:\Windows\system32\DRIVERS\srvnet.sys

2011/05/08 01:07:26.0356 5936 ssfs0bbc (a3cc244f1e043c2b7ae32899ff99a0a0) C:\Windows\system32\DRIVERS\ssfs0bbc.sys

2011/05/08 01:07:26.0469 5936 sshrmd (e041026dafa17af2610afc4da8f4ea14) C:\Windows\system32\DRIVERS\sshrmd.sys

2011/05/08 01:07:26.0611 5936 ssidrv (5a40b485825cc31b3a49bb4701b30d35) C:\Windows\system32\DRIVERS\ssidrv.sys

2011/05/08 01:07:26.0738 5936 swenum (7ba58ecf0c0a9a69d44b3dca62becf56) C:\Windows\system32\DRIVERS\swenum.sys

2011/05/08 01:07:26.0975 5936 swmsflt (a184a1bab187809b144ba32509b9e731) C:\Windows\System32\drivers\swmsflt.sys

2011/05/08 01:07:27.0144 5936 SWNC8U56 (2f6f8b7f821c994de3d1caf399bf9cd3) C:\Windows\system32\DRIVERS\swnc8u56.sys

2011/05/08 01:07:27.0339 5936 SWUMX56 (903a5e596a3910cebfa33f3bd7d9c174) C:\Windows\system32\DRIVERS\swumx56.sys

2011/05/08 01:07:27.0466 5936 Symc8xx (192aa3ac01df071b541094f251deed10) C:\Windows\system32\drivers\symc8xx.sys

2011/05/08 01:07:27.0577 5936 Sym_hi (8c8eb8c76736ebaf3b13b633b2e64125) C:\Windows\system32\drivers\sym_hi.sys

2011/05/08 01:07:27.0704 5936 Sym_u3 (8072af52b5fd103bbba387a1e49f62cb) C:\Windows\system32\drivers\sym_u3.sys

2011/05/08 01:07:27.0917 5936 tap0901 (11d34fc869f5bda29949fe3858380894) C:\Windows\system32\DRIVERS\tap0901.sys

2011/05/08 01:07:28.0108 5936 Tcpip (a474879afa4a596b3a531f3e69730dbf) C:\Windows\system32\drivers\tcpip.sys

2011/05/08 01:07:28.0293 5936 Tcpip6 (a474879afa4a596b3a531f3e69730dbf) C:\Windows\system32\DRIVERS\tcpip.sys

2011/05/08 01:07:28.0420 5936 tcpipreg (608c345a255d82a6289c2d468eb41fd7) C:\Windows\system32\drivers\tcpipreg.sys

2011/05/08 01:07:28.0589 5936 TDPIPE (5dcf5e267be67a1ae926f2df77fbcc56) C:\Windows\system32\drivers\tdpipe.sys

2011/05/08 01:07:28.0688 5936 TDTCP (389c63e32b3cefed425b61ed92d3f021) C:\Windows\system32\drivers\tdtcp.sys

2011/05/08 01:07:28.0834 5936 tdx (76b06eb8a01fc8624d699e7045303e54) C:\Windows\system32\DRIVERS\tdx.sys

2011/05/08 01:07:28.0943 5936 TermDD (3cad38910468eab9a6479e2f01db43c7) C:\Windows\system32\DRIVERS\termdd.sys

2011/05/08 01:07:29.0156 5936 Trufos (b16d66a71de03285e14e9f165b59eda4) C:\Program Files\Common Files\BitDefender\BitDefender Threat Scanner\trufos.sys

2011/05/08 01:07:29.0332 5936 tssecsrv (dcf0f056a2e4f52287264f5ab29cf206) C:\Windows\system32\DRIVERS\tssecsrv.sys

2011/05/08 01:07:29.0433 5936 tunmp (caecc0120ac49e3d2f758b9169872d38) C:\Windows\system32\DRIVERS\tunmp.sys

2011/05/08 01:07:29.0548 5936 tunnel (300db877ac094feab0be7688c3454a9c) C:\Windows\system32\DRIVERS\tunnel.sys

2011/05/08 01:07:29.0633 5936 uagp35 (7d33c4db2ce363c8518d2dfcf533941f) C:\Windows\system32\drivers\uagp35.sys

2011/05/08 01:07:29.0750 5936 udfs (d9728af68c4c7693cb100b8441cbdec6) C:\Windows\system32\DRIVERS\udfs.sys

2011/05/08 01:07:30.0063 5936 uliagpkx (b0acfdc9e4af279e9116c03e014b2b27) C:\Windows\system32\drivers\uliagpkx.sys

2011/05/08 01:07:30.0177 5936 uliahci (9224bb254f591de4ca8d572a5f0d635c) C:\Windows\system32\drivers\uliahci.sys

2011/05/08 01:07:30.0301 5936 UlSata (8514d0e5cd0534467c5fc61be94a569f) C:\Windows\system32\drivers\ulsata.sys

2011/05/08 01:07:30.0424 5936 ulsata2 (38c3c6e62b157a6bc46594fada45c62b) C:\Windows\system32\drivers\ulsata2.sys

2011/05/08 01:07:30.0558 5936 umbus (32cff9f809ae9aed85464492bf3e32d2) C:\Windows\system32\DRIVERS\umbus.sys

2011/05/08 01:07:30.0785 5936 USBAAPL (5c2bdc152bbab34f36473deaf7713f22) C:\Windows\system32\Drivers\usbaapl.sys

2011/05/08 01:07:30.0879 5936 usbaudio (32db9517628ff0d070682aab61e688f0) C:\Windows\system32\drivers\usbaudio.sys

2011/05/08 01:07:31.0016 5936 usbbus (adb68aa60ef991ce2e217223fa20b4ff) C:\Windows\system32\DRIVERS\lgusbbus.sys

2011/05/08 01:07:31.0158 5936 usbccgp (caf811ae4c147ffcd5b51750c7f09142) C:\Windows\system32\DRIVERS\usbccgp.sys

2011/05/08 01:07:31.0272 5936 usbcir (e9476e6c486e76bc4898074768fb7131) C:\Windows\system32\drivers\usbcir.sys

2011/05/08 01:07:31.0422 5936 UsbDiag (d4a6201dd361f019e44483645b490e4e) C:\Windows\system32\DRIVERS\lgusbdiag.sys

2011/05/08 01:07:31.0512 5936 usbehci (79e96c23a97ce7b8f14d310da2db0c9b) C:\Windows\system32\DRIVERS\usbehci.sys

2011/05/08 01:07:31.0658 5936 usbhub (4673bbcb006af60e7abddbe7a130ba42) C:\Windows\system32\DRIVERS\usbhub.sys

2011/05/08 01:07:31.0759 5936 USBModem (a2b99411e10287f327a9820d260e7fe4) C:\Windows\system32\DRIVERS\lgusbmodem.sys

2011/05/08 01:07:31.0863 5936 usbohci (38dbc7dd6cc5a72011f187425384388b) C:\Windows\system32\drivers\usbohci.sys

2011/05/08 01:07:31.0966 5936 usbprint (e75c4b5269091d15a2e7dc0b6d35f2f5) C:\Windows\system32\DRIVERS\usbprint.sys

2011/05/08 01:07:32.0177 5936 usbscan (a508c9bd8724980512136b039bba65e9) C:\Windows\system32\DRIVERS\usbscan.sys

2011/05/08 01:07:32.0293 5936 USBSTOR (be3da31c191bc222d9ad503c5224f2ad) C:\Windows\system32\DRIVERS\USBSTOR.SYS

2011/05/08 01:07:32.0387 5936 usbuhci (814d653efc4d48be3b04a307eceff56f) C:\Windows\system32\DRIVERS\usbuhci.sys

2011/05/08 01:07:32.0489 5936 usbvideo (e67998e8f14cb0627a769f6530bcb352) C:\Windows\system32\Drivers\usbvideo.sys

2011/05/08 01:07:32.0783 5936 VClone (1cdaa48cb2f7744b8d25650e050766a5) C:\Windows\system32\DRIVERS\VClone.sys

2011/05/08 01:07:32.0948 5936 vga (87b06e1f30b749a114f74622d013f8d4) C:\Windows\system32\DRIVERS\vgapnp.sys

2011/05/08 01:07:33.0034 5936 VgaSave (2e93ac0a1d8c79d019db6c51f036636c) C:\Windows\System32\drivers\vga.sys

2011/05/08 01:07:33.0152 5936 viaagp (5d7159def58a800d5781ba3a879627bc) C:\Windows\system32\drivers\viaagp.sys

2011/05/08 01:07:33.0243 5936 ViaC7 (c4f3a691b5bad343e6249bd8c2d45dee) C:\Windows\system32\drivers\viac7.sys

2011/05/08 01:07:33.0386 5936 viaide (aadf5587a4063f52c2c3fed7887426fc) C:\Windows\system32\drivers\viaide.sys

2011/05/08 01:07:33.0478 5936 volmgr (69503668ac66c77c6cd7af86fbdf8c43) C:\Windows\system32\drivers\volmgr.sys

2011/05/08 01:07:33.0583 5936 volmgrx (23e41b834759917bfd6b9a0d625d0c28) C:\Windows\system32\drivers\volmgrx.sys

2011/05/08 01:07:33.0720 5936 volsnap (147281c01fcb1df9252de2a10d5e7093) C:\Windows\system32\drivers\volsnap.sys

2011/05/08 01:07:33.0822 5936 vsmraid (587253e09325e6bf226b299774b728a9) C:\Windows\system32\drivers\vsmraid.sys

2011/05/08 01:07:34.0133 5936 WacomPen (48dfee8f1af7c8235d4e626f0c4fe031) C:\Windows\system32\drivers\wacompen.sys

2011/05/08 01:07:34.0236 5936 Wanarp (55201897378cca7af8b5efd874374a26) C:\Windows\system32\DRIVERS\wanarp.sys

2011/05/08 01:07:34.0288 5936 Wanarpv6 (55201897378cca7af8b5efd874374a26) C:\Windows\system32\DRIVERS\wanarp.sys

2011/05/08 01:07:34.0512 5936 Wd (78fe9542363f297b18c027b2d7e7c07f) C:\Windows\system32\drivers\wd.sys

2011/05/08 01:07:34.0626 5936 Wdf01000 (b6f0a7ad6d4bd325fbcd8bac96cd8d96) C:\Windows\system32\drivers\Wdf01000.sys

2011/05/08 01:07:34.0978 5936 WimFltr (f9ad3a5e3fd7e0bdb18b8202b0fdd4e4) C:\Windows\system32\DRIVERS\wimfltr.sys

2011/05/08 01:07:35.0284 5936 winachsf (5a77ac34a0ffb70ce8b35b524fede9ba) C:\Windows\system32\DRIVERS\HSX_CNXT.sys

2011/05/08 01:07:36.0203 5936 WmiAcpi (2e7255d172df0b8283cdfb7b433b864e) C:\Windows\system32\drivers\wmiacpi.sys

2011/05/08 01:07:36.0508 5936 WpdUsb (0cec23084b51b8288099eb710224e955) C:\Windows\system32\DRIVERS\wpdusb.sys

2011/05/08 01:07:36.0651 5936 ws2ifsl (e3a3cb253c0ec2494d4a61f5e43a389c) C:\Windows\system32\drivers\ws2ifsl.sys

2011/05/08 01:07:36.0802 5936 WUDFRd (ac13cb789d93412106b0fb6c7eb2bcb6) C:\Windows\system32\DRIVERS\WUDFRd.sys

2011/05/08 01:07:36.0928 5936 XAudio (88af537264f2b818da15479ceeaf5d7c) C:\Windows\system32\DRIVERS\xaudio.sys

2011/05/08 01:07:37.0055 5936 yukonwlh (67e3d2af24c3873e6a0cac89de78d63b) C:\Windows\system32\DRIVERS\yk60x86.sys

2011/05/08 01:07:37.0441 5936 \HardDisk0 - detected Rootkit.Win32.TDSS.tdl4 (0)

2011/05/08 01:07:37.0453 5936 ================================================================================

2011/05/08 01:07:37.0453 5936 Scan finished

2011/05/08 01:07:37.0453 5936 ================================================================================

2011/05/08 01:07:37.0483 3880 Detected object count: 1

2011/05/08 01:07:58.0372 3880 \HardDisk0 (Rootkit.Win32.TDSS.tdl4) - will be cured after reboot

2011/05/08 01:07:58.0373 3880 \HardDisk0 - ok

2011/05/08 01:07:58.0423 3880 Rootkit.Win32.TDSS.tdl4(\HardDisk0) - User select action: Cure

2011/05/08 01:08:15.0679 5876 Deinitialize success

Beauregard · le 7 mai 2011

Windows Update et Windows Defender marchent à nouveau.

Plusieurs mises a jour en cours.

Malwarebytes' Anti-Malware 1.50.1.1100

www.malwarebytes.org

Database version: 6528

Windows 6.0.6002 Service Pack 2

Internet Explorer 8.0.6001.18999

5/8/2011 2:13:54 AM

mbam-log-2011-05-08 (02-13-54).txt

Scan type: Quick scan

Objects scanned: 174161

Time elapsed: 21 minute(s), 38 second(s)

Memory Processes Infected: 0

Memory Modules Infected: 0

Registry Keys Infected: 0

Registry Values Infected: 0

Registry Data Items Infected: 0

Folders Infected: 0

Files Infected: 0

Memory Processes Infected:

(No malicious items detected)

Memory Modules Infected:

(No malicious items detected)

Registry Keys Infected:

(No malicious items detected)

Registry Values Infected:

(No malicious items detected)

Registry Data Items Infected:

(No malicious items detected)

Folders Infected:

(No malicious items detected)

Files Infected:

(No malicious items detected)

Beauregard · le 7 mai 2011

Loading Error at start (which has been here for a few days):

C:\Users\MyName\AppData\Local\Temp\ntosetup.dll

"Dos" like window has been opening at start for a few days:

C:\Documents and Settings\All Users\Application Data\Skype\Plugins\Plugins\073A

Windows Security center works now.

Windows update and Windows Defender work now.

////////////////////

Results of screen317's Security Check version 0.99.10

Windows Vista Service Pack 2 (UAC is enabled)

Internet Explorer 8

``````````````````````````````

Antivirus/Firewall Check:

BitDefender Antivirus 2010

WMI entry may not exist for antivirus; attempting automatic update.

```````````````````````````````

Anti-malware/Other Utilities Check:

Malwarebytes' Anti-Malware

Java™ 6 Update 22

Java™ SE Runtime Environment 6

Java™ 6 Update 7

Out of date Java installed!

Adobe Flash Player 10.2.153.1

````````````````````````````````

Process Check:

objlist.exe by Laurent

Windows Defender MSASCui.exe

BitDefender BitDefender 2010 bdagent.exe

BitDefender BitDefender 2010 seccenter.exe

Windows Defender MSASCui.exe

``````````End of Log````````````

lance_yien · le 8 mai 2011

Bonjour,

Ta machine était infectée par la dernière version du Rootkit.Win32.TDSS.tdl4(supprimé par TDSSKiller). On continue la recherche,

Imprimer ces instructions ou les enregistrer dans un fichier texte sur le Bureau pour les consulter facilement à tout moment et télécharger, sur le Bureau OTL (par OldTimer) depuis ici ou ici.

Fermer toutes les applications et fenêtres ouvertes et cliquer-droit sur OTL.exe => Exécuter en tant qu'Admin.

Copiez/ Collez ces lignes (commençant par netsvcs) dans l'espace sous "Personnalisation":

netsvcs
drivers32

%SYSTEMDRIVE%\*.*

%systemroot%\*. /mp /s

%systemroot%\system32\*.dll /lockedfiles

%systemroot%\Tasks\*.job /lockedfiles

%systemroot%\System32\config\*.sav

%systemroot%\system32\drivers\*.sys /90

CREATERESTOREPOINT

HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs

SAVEMBR:0

Sans rien changer, cliquer sur le bouton bleu Analyse et laisser faire.

A la fin du scan, 2 rapports seront créés: OTL.txt (qui s'ouvre dans le bloc-note) et Extras.txt (qui sera minimisé dans la Barre des tâches).

Copier/ Coller le contenu de chaque rapport, un seul par message parce qu'ils sont souvent très longs et dépassent la limite autorisée par le forum.

Rapports demandés:

OTL.txt
Extras.txt

Beauregard · le 8 mai 2011

OTL logfile created on: 5/8/2011 8:35:22 PM - Run 1

OTL by OldTimer - Version 3.2.22.3 Folder = C:\Users\Emmanuel\Desktop

Windows Vista Ultimate Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation

Internet Explorer (Version = 9.0.8112.16421)

Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

3.00 Gb Total Physical Memory | 2.00 Gb Available Physical Memory | 55.00% Memory free

6.00 Gb Paging File | 5.00 Gb Available in Paging File | 76.00% Paging File free

Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files

Drive C: | 363.93 Gb Total Space | 88.47 Gb Free Space | 24.31% Space Free | Partition Type: NTFS

Computer Name: EMMANUEL-PC | User Name: Emmanuel | Logged in as Administrator.

Boot Mode: Normal | Scan Mode: Current user

Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2011/05/08 14:51:23 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Users\Emmanuel\Desktop\OTL.exe

PRC - [2011/04/13 14:07:44 | 001,481,496 | -H-- | M] (Dynamic Internet Technology, Inc.) -- C:\Users\Emmanuel\Desktop\fg710p.exe

PRC - [2011/03/08 10:19:07 | 000,310,856 | ---- | M] (BitDefender S.R.L.) -- C:\Program Files\Common Files\BitDefender\BitDefender Update Service\livesrv.exe

PRC - [2011/01/18 23:49:08 | 001,176,448 | ---- | M] (BitDefender S.R.L.) -- C:\Program Files\BitDefender\BitDefender 2010\bdagent.exe

PRC - [2010/04/26 15:01:54 | 001,615,688 | ---- | M] (BitDefender S.R.L.) -- C:\Program Files\BitDefender\BitDefender 2010\vsserv.exe

PRC - [2010/03/25 23:49:10 | 000,057,344 | ---- | M] (Nalpeiron Ltd.) -- C:\Windows\System32\nlssrv32.exe

PRC - [2010/03/18 16:04:52 | 001,091,984 | ---- | M] (BitDefender S.R.L.) -- C:\Program Files\BitDefender\BitDefender 2010\seccenter.exe

PRC - [2010/03/16 02:58:36 | 000,718,208 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Office\Office14\MSOSYNC.EXE

PRC - [2010/01/17 11:21:17 | 001,201,640 | ---- | M] (Webroot Software, Inc. ) -- C:\Program Files\Webroot\WebrootSecurity\WRConsumerService.exe

PRC - [2009/11/06 12:00:22 | 004,048,240 | ---- | M] (Webroot Software, Inc. (www.webroot.com)) -- C:\Program Files\Webroot\WebrootSecurity\SpySweeper.exe

PRC - [2009/04/11 14:28:10 | 000,019,968 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\inetsrv\w3wp.exe

PRC - [2009/04/11 14:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe

PRC - [2009/04/11 14:27:28 | 000,069,120 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\conime.exe

PRC - [2008/08/29 02:34:10 | 001,771,360 | ---- | M] (Sony Corporation) -- C:\Program Files\Sony\VAIO Power Management\SPMgr.exe

PRC - [2008/08/29 02:34:10 | 000,411,488 | ---- | M] (Sony Corporation) -- C:\Program Files\Sony\VAIO Power Management\SPMService.exe

PRC - [2008/08/29 01:10:18 | 000,233,472 | ---- | M] () -- C:\Program Files\DisplayLink Core Software\DisplayLinkUI.exe

PRC - [2008/08/18 23:31:22 | 000,443,752 | ---- | M] (DisplayLink Corp.) -- C:\Program Files\DisplayLink Core Software\DisplayLinkService.exe

PRC - [2008/08/18 23:31:20 | 004,597,096 | ---- | M] (DisplayLink Corp.) -- C:\Program Files\DisplayLink Core Software\DisplayLinkManager.exe

PRC - [2008/07/11 05:10:44 | 000,182,112 | ---- | M] (Sony Corporation) -- C:\Program Files\Sony\VAIO Event Service\VESMgr.exe

PRC - [2008/07/11 05:10:44 | 000,100,472 | ---- | M] (Sony Corporation) -- C:\Program Files\Sony\VAIO Event Service\VESMgrSub.exe

PRC - [2008/06/09 21:59:30 | 000,098,304 | ---- | M] (Realtek Semiconductor) -- C:\Windows\RTKAUDIOSERVICE.EXE

PRC - [2008/05/01 10:41:12 | 000,815,104 | ---- | M] (Intel® Corporation) -- C:\Program Files\intel\WiFi\bin\EvtEng.exe

PRC - [2008/05/01 10:10:10 | 000,466,944 | ---- | M] (Intel® Corporation) -- C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe

PRC - [2008/04/03 02:07:56 | 000,147,456 | ---- | M] (Sony Corporation) -- C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzFw.exe

PRC - [2008/04/03 02:07:54 | 000,184,320 | ---- | M] (Sony Corporation) -- C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzCdbSvc.exe

PRC - [2008/04/03 02:07:38 | 000,279,848 | ---- | M] (Sony Corporation) -- C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VCSW\VCSW.exe

PRC - [2007/06/06 04:20:32 | 000,177,704 | ---- | M] () -- C:\Windows\System32\PSIService.exe

PRC - [2007/01/05 10:48:52 | 000,112,152 | R--- | M] (InterVideo) -- C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe

========== Modules (SafeList) ==========

MOD - [2011/05/08 14:51:23 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Users\Emmanuel\Desktop\OTL.exe

MOD - [2010/09/23 04:07:50 | 000,107,856 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Mindjet\MindManager 9\msscript.ocx

MOD - [2010/08/31 23:43:52 | 001,686,016 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18305_none_5cb72f2a088b0ed3\comctl32.dll

========== Win32 Services (SafeList) ==========

SRV - File not found [Auto | Stopped] -- -- (RoxLiveShare9)

SRV - File not found [Disabled | Stopped] -- -- (CaCCProvSP)

SRV - [2011/03/08 10:19:07 | 000,310,856 | ---- | M] (BitDefender S.R.L.) [Auto | Running] -- C:\Program Files\Common Files\BitDefender\BitDefender Update Service\livesrv.exe -- (LIVESRV)

SRV - [2011/01/11 02:40:42 | 001,962,192 | ---- | M] (Astrill) [On_Demand | Stopped] -- C:\Users\Emmanuel\AppData\Roaming\Astrill\ASProxy.exe -- (ASProxy)

SRV - [2011/01/11 02:40:28 | 000,428,056 | ---- | M] (Astrill) [On_Demand | Stopped] -- C:\Users\Emmanuel\AppData\Roaming\Astrill\ASOvpnSvc.exe -- (ASOVPNHelper)

SRV - [2010/04/26 15:01:54 | 001,615,688 | ---- | M] (BitDefender S.R.L.) [Auto | Running] -- C:\Program Files\BitDefender\BitDefender 2010\vsserv.exe -- (VSSERV)

SRV - [2010/04/22 01:46:17 | 000,373,760 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\System32\inetsrv\iisw3adm.dll -- (WAS)

SRV - [2010/04/22 01:46:17 | 000,373,760 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\inetsrv\iisw3adm.dll -- (W3SVC)

SRV - [2010/03/25 23:49:10 | 000,057,344 | ---- | M] (Nalpeiron Ltd.) [Auto | Running] -- C:\Windows\System32\nlssrv32.exe -- (nlsX86cc)

SRV - [2010/03/25 10:25:22 | 030,969,208 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Microsoft Office\Office14\GROOVE.EXE -- (Microsoft SharePoint Workspace Audit Service)

SRV - [2010/03/12 16:40:10 | 000,315,392 | ---- | M] (S.C. BitDefender S.R.L) [On_Demand | Stopped] -- C:\Program Files\Common Files\BitDefender\BitDefender Threat Scanner\scan.dll -- (scan)

SRV - [2010/02/19 13:37:14 | 000,517,096 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Program Files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe -- (SwitchBoard)

SRV - [2010/01/17 11:21:17 | 001,201,640 | ---- | M] (Webroot Software, Inc. ) [Auto | Running] -- C:\Program Files\Webroot\WebrootSecurity\WRConsumerService.exe -- (WRConsumerService)

SRV - [2009/11/06 12:00:22 | 004,048,240 | ---- | M] (Webroot Software, Inc. (www.webroot.com)) [Auto | Running] -- C:\Program Files\Webroot\WebrootSecurity\SpySweeper.exe -- (WebrootSpySweeperService)

SRV - [2009/10/19 17:06:10 | 000,183,880 | ---- | M] (BitDefender S.R.L. http://www.bitdefender.com) [On_Demand | Stopped] -- C:\Program Files\Common Files\BitDefender\BitDefender Arrakis Server\bin\arrakis3.exe -- (Arrakis3)

SRV - [2009/04/11 14:28:17 | 000,052,224 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\inetsrv\apphostsvc.dll -- (AppHostSvc)

SRV - [2009/01/22 08:06:55 | 000,655,624 | ---- | M] (Acresso Software Inc.) [On_Demand | Stopped] -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service)

SRV - [2008/08/29 02:34:10 | 000,411,488 | ---- | M] (Sony Corporation) [Auto | Running] -- C:\Program Files\Sony\VAIO Power Management\SPMService.exe -- (VAIO Power Management)

SRV - [2008/08/18 23:31:22 | 000,443,752 | ---- | M] (DisplayLink Corp.) [Auto | Running] -- C:\Program Files\DisplayLink Core Software\DisplayLinkService.exe -- (DisplayLinkService)

SRV - [2008/07/11 05:10:44 | 000,182,112 | ---- | M] (Sony Corporation) [Auto | Running] -- C:\Program Files\Sony\VAIO Event Service\VESMgr.exe -- (VAIO Event Service)

SRV - [2008/06/09 21:59:30 | 000,098,304 | ---- | M] (Realtek Semiconductor) [Auto | Running] -- C:\Windows\RTKAUDIOSERVICE.EXE -- (RtkHDMIService)

SRV - [2008/05/02 09:42:06 | 000,121,360 | ---- | M] (Logitech, Inc.) [On_Demand | Stopped] -- C:\Program Files\Common Files\Logitech\Bluetooth\LBTServ.exe -- (LBTServ)

SRV - [2008/05/01 10:41:12 | 000,815,104 | ---- | M] (Intel® Corporation) [Auto | Running] -- C:\Program Files\intel\WiFi\bin\EvtEng.exe -- (EvtEng)

SRV - [2008/05/01 10:10:10 | 000,466,944 | ---- | M] (Intel® Corporation) [Auto | Running] -- C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe -- (RegSrvc)

SRV - [2008/04/03 02:07:58 | 000,073,728 | ---- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCs\VzHardwareResourceManager\VzHardwareResourceManager.exe -- (VAIO Entertainment TV Device Arbitration Service)

SRV - [2008/04/03 02:07:56 | 000,147,456 | ---- | M] (Sony Corporation) [Auto | Running] -- C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzFw.exe -- (VzFw)

SRV - [2008/04/03 02:07:54 | 000,184,320 | ---- | M] (Sony Corporation) [Auto | Running] -- C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzCdbSvc.exe -- (VzCdbSvc)

SRV - [2008/04/03 02:07:38 | 000,279,848 | ---- | M] (Sony Corporation) [On_Demand | Running] -- C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VCSW\VCSW.exe -- (Vcsw)

SRV - [2008/03/05 11:58:30 | 000,063,328 | ---- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\Program Files\Sony\VAIO Media plus\SOHDs.exe -- (SOHDs)

SRV - [2008/03/05 11:56:42 | 000,350,048 | ---- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\Program Files\Sony\VAIO Media plus\SOHDms.exe -- (SOHDms)

SRV - [2008/03/05 11:54:50 | 000,104,288 | ---- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\Program Files\Sony\VAIO Media plus\SOHCImp.exe -- (SOHCImp)

SRV - [2008/03/04 05:45:48 | 000,333,088 | ---- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\Program Files\Sony\VCM Intelligent Analyzing Manager\VcmIAlzMgr.exe -- (VcmIAlzMgr)

SRV - [2008/03/04 04:27:14 | 000,087,328 | ---- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\Sony Shared\VcmXml\VcmXmlIfHelper.exe -- (VcmXmlIfHelper)

SRV - [2008/01/21 10:21:41 | 000,272,952 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)

SRV - [2007/11/28 17:08:02 | 000,077,824 | ---- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\Sony Shared\AVLib\SPTISRV.exe -- (SPTISRV)

SRV - [2007/11/28 17:02:20 | 000,053,248 | ---- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\Sony Shared\AVLib\MSCSPTISRV.exe -- (MSCSPTISRV)

SRV - [2007/11/28 16:43:44 | 000,053,248 | ---- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\Sony Shared\AVLib\PACSPTISVR.exe -- (PACSPTISVR)

SRV - [2007/06/06 04:20:32 | 000,177,704 | ---- | M] () [Auto | Running] -- C:\Windows\System32\PSIService.exe -- (ProtexisLicensing)

SRV - [2007/01/05 10:48:52 | 000,112,152 | R--- | M] (InterVideo) [Auto | Running] -- C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe -- (IviRegMgr)

========== Driver Services (SafeList) ==========

DRV - [2010/08/20 22:08:46 | 000,026,112 | ---- | M] (The OpenVPN Project) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\tap0901.sys -- (tap0901)

DRV - [2010/06/13 14:42:46 | 000,039,808 | ---- | M] (BitDefender S.R.L.) [Kernel | On_Demand | Stopped] -- C:\Program Files\Common Files\BitDefender\BitDefender Threat Scanner\trufos.sys -- (Trufos)

DRV - [2010/06/13 14:42:44 | 000,014,720 | ---- | M] (BitDefender S.R.L.) [Kernel | On_Demand | Stopped] -- C:\Program Files\Common Files\BitDefender\BitDefender Threat Scanner\profos.sys -- (Profos)

DRV - [2010/06/13 14:42:38 | 000,119,504 | ---- | M] (BitDefender LLC) [Kernel | System | Running] -- C:\Program Files\Common Files\BitDefender\BitDefender Firewall\bdftdif.sys -- (bdftdif)

DRV - [2010/04/23 17:43:52 | 000,058,368 | ---- | M] (BitDefender) [Kernel | On_Demand | Stopped] -- C:\Program Files\BitDefender\BitDefender 2010\bdselfpr.sys -- (BDSelfPr)

DRV - [2010/02/22 14:58:40 | 000,291,352 | ---- | M] (BitDefender) [File_System | Boot | Running] -- C:\Windows\system32\DRIVERS\bdfsfltr.sys -- (bdfsfltr)

DRV - [2010/02/03 13:57:36 | 000,153,448 | ---- | M] (BitDefender S.R.L. Bucharest, ROMANIA) [File_System | On_Demand | Running] -- C:\Windows\System32\drivers\bdfm.sys -- (BDFM)

DRV - [2010/01/08 16:28:40 | 000,006,656 | ---- | M] (alipay.com) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\alidevice.sys -- (Alidevice)

DRV - [2009/11/06 12:00:36 | 000,176,752 | ---- | M] (Webroot Software, Inc. (www.webroot.com)) [Kernel | Boot | Running] -- C:\Windows\system32\DRIVERS\ssidrv.sys -- (ssidrv)

DRV - [2009/11/06 12:00:36 | 000,023,152 | ---- | M] (Webroot Software, Inc. (www.webroot.com)) [Kernel | Boot | Running] -- C:\Windows\system32\DRIVERS\sshrmd.sys -- (sshrmd)

DRV - [2009/11/06 12:00:34 | 000,029,808 | ---- | M] (Webroot Software, Inc. (www.webroot.com)) [Kernel | Boot | Running] -- C:\Windows\system32\DRIVERS\ssfs0bbc.sys -- (ssfs0bbc)

DRV - [2009/08/31 10:38:02 | 000,011,808 | ---- | M] () [Kernel | Auto | Running] -- C:\Windows\System32\drivers\CertClient.dat -- (CMB8100)

DRV - [2009/08/31 10:38:02 | 000,010,272 | ---- | M] () [Kernel | Auto | Running] -- C:\Windows\System32\drivers\CMBProtector.dat -- (CMBProtector)

DRV - [2009/08/27 15:18:58 | 000,025,736 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\swmsflt.sys -- (swmsflt)

DRV - [2009/08/21 02:08:00 | 000,024,960 | ---- | M] (LG Electronics Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\lgusbmodem.sys -- (USBModem)

DRV - [2009/08/21 02:08:00 | 000,020,864 | ---- | M] (LG Electronics Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\lgusbdiag.sys -- (UsbDiag)

DRV - [2009/08/21 02:08:00 | 000,013,056 | ---- | M] (LG Electronics Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\lgusbbus.sys -- (usbbus)

DRV - [2009/04/11 12:43:07 | 000,029,696 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\BTHPRINT.SYS -- (BTHprint)

DRV - [2009/01/16 17:08:39 | 000,717,296 | ---- | M] (Duplex Secure Ltd.) [Kernel | Disabled | Stopped] -- C:\Windows\System32\Drivers\sptd.sys -- (sptd)

DRV - [2008/08/18 23:31:50 | 000,287,856 | ---- | M] (DisplayLink Corp.) [Kernel | On_Demand | Running] -- C:\Windows\system32\drivers\dlkmd.sys -- (dlkmd)

DRV - [2008/08/18 23:31:50 | 000,013,424 | ---- | M] (DisplayLink Corp.) [Kernel | Boot | Running] -- C:\Windows\system32\drivers\dlkmdldr.sys -- (dlkmdldr)

DRV - [2008/05/13 08:05:19 | 003,537,408 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\atikmdag.sys -- (atikmdag)

DRV - [2008/04/28 21:29:26 | 003,658,752 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\NETw5v32.sys -- (NETw5v32) Intel®

DRV - [2008/04/28 09:19:55 | 000,142,624 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\RtHDMIV.sys -- (RTHDMIAzAudService)

DRV - [2008/04/22 22:43:36 | 000,010,216 | ---- | M] (Sony Corporation) [Kernel | System | Running] -- C:\Windows\System32\drivers\DMICall.sys -- (DMICall)

DRV - [2008/04/22 08:01:11 | 000,903,680 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\athr.sys -- (athr)

DRV - [2008/04/16 08:04:24 | 000,046,592 | ---- | M] (REDC) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\risdptsk.sys -- (risdptsk)

DRV - [2008/04/16 08:04:12 | 000,068,096 | ---- | M] (REDC) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\rimsptsk.sys -- (rimsptsk)

DRV - [2008/02/29 10:13:24 | 000,036,880 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\LMouFilt.Sys -- (LMouFilt)

DRV - [2008/02/29 10:13:16 | 000,035,344 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\LHidFilt.Sys -- (LHidFilt)

DRV - [2008/02/23 08:38:50 | 000,164,400 | ---- | M] (Alps Electric Co., Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\Apfiltr.sys -- (ApfiltrService)

DRV - [2008/01/25 10:14:25 | 000,008,192 | ---- | M] (Conexant Systems, Inc.) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\XAudio.sys -- (XAudio)

DRV - [2008/01/21 10:21:34 | 000,050,048 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\mstape.sys -- (MSTAPE)

DRV - [2008/01/21 10:21:27 | 000,014,208 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\avcstrm.sys -- (AVCSTRM)

DRV - [2007/12/17 09:57:23 | 000,009,344 | ---- | M] (Sony Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\SFEP.sys -- (SFEP)

DRV - [2007/07/26 16:25:12 | 000,039,808 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\SRS_SSCFilter_i386.sys -- (SRS_SSCFilter) SRS Labs Audio Sandbox (WDM)

DRV - [2007/06/27 10:42:34 | 000,073,856 | ---- | M] (Sierra Wireless Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\swumx56.sys -- (SWUMX56) Sierra Wireless USB MUX Driver (UMTS56)

DRV - [2007/06/27 10:41:48 | 000,101,248 | ---- | M] (Sierra Wireless Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\swnc8u56.sys -- (SWNC8U56) Sierra Wireless MUX NDIS Driver (UMTS56)

DRV - [2007/04/18 11:09:28 | 000,011,032 | ---- | M] (InterVideo) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\regi.sys -- (regi)

DRV - [2006/11/08 15:02:40 | 000,024,064 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\point32k.sys -- (Point32)

DRV - [2006/11/02 12:50:52 | 000,128,104 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\System32\drivers\WimFltr.sys -- (WimFltr)

DRV - [2006/04/04 21:20:36 | 000,009,344 | ---- | M] (Hewlett Packard) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\hpfxbulk.sys -- (HPFXBULK)

========== Standard Registry (SafeList) ==========

========== Internet Explorer ==========

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = Rue89 | Site d'information et de débat sur l'actualité, indépendant et participatif

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 2

IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 1

IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local>

IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = 127.0.0.1:8580

========== FireFox ==========

FF - prefs.js..browser.search.defaultengine: "Ask.com"

FF - prefs.js..browser.search.defaultenginename: "Ask.com"

FF - prefs.js..browser.search.order.1: "Ask.com"

FF - prefs.js..browser.search.useDBForOrder: true

FF - prefs.js..browser.startup.homepage: "http://pro.imdb.com/"

FF - prefs.js..extensions.enabledItems: {22119944-ED35-4ab1-910B-E619EA06A115}:6.10.1

FF - prefs.js..extensions.enabledItems: {F17C1572-C9EC-4e5c-A542-D05CBB5C5A08}:9.5.0.0

FF - prefs.js..extensions.enabledItems: {b9db16a4-6edc-47ec-a1f4-b86292ed211d}:4.8.6

FF - prefs.js..extensions.enabledItems: en-US@dictionaries.addons.mozilla.org:5.0.1

FF - prefs.js..extensions.enabledItems: FFToolbar@bitdefender.com:2.0

FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20

FF - prefs.js..extensions.enabledItems: {e2337727-f9c9-411b-929e-287584341d1a}:3.4.0

FF - prefs.js..extensions.enabledItems: {E2883E8F-472F-4fb0-9522-AC9BF37916A7}:1.6.2.91

FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}:6.0.21

FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}:6.0.22

FF - prefs.js..extensions.enabledItems: addon@astrill.com:1.4

FF - prefs.js..network.proxy.backup.ftp: "127.0.0.1"

FF - prefs.js..network.proxy.backup.ftp_port: 8580

FF - prefs.js..network.proxy.backup.socks: "127.0.0.1"

FF - prefs.js..network.proxy.backup.socks_port: 8580

FF - prefs.js..network.proxy.backup.ssl: "127.0.0.1"

FF - prefs.js..network.proxy.backup.ssl_port: 8580

FF - prefs.js..network.proxy.ftp: "127.0.0.1"

FF - prefs.js..network.proxy.ftp_port: 8580

FF - prefs.js..network.proxy.http: "127.0.0.1"

FF - prefs.js..network.proxy.http_port: 8580

FF - prefs.js..network.proxy.no_proxies_on: "localhost,127.0.0.1"

FF - prefs.js..network.proxy.share_proxy_settings: true

FF - prefs.js..network.proxy.socks: "127.0.0.1"

FF - prefs.js..network.proxy.socks_port: 8580

FF - prefs.js..network.proxy.ssl: "127.0.0.1"

FF - prefs.js..network.proxy.ssl_port: 8580

FF - prefs.js..network.proxy.type: 1

FF - HKLM\software\mozilla\Firefox\Extensions\\FFToolbar@bitdefender.com: C:\Program Files\BitDefender\BitDefender 2010\bdaphffext\ [2010/09/21 09:56:53 | 000,000,000 | ---D | M]

FF - HKLM\software\mozilla\Firefox\Extensions\\{22119944-ED35-4ab1-910B-E619EA06A115}: C:\Program Files\Siber Systems\AI RoboForm\Firefox [2011/05/02 15:11:12 | 000,000,000 | ---D | M]

FF - HKLM\software\mozilla\Mozilla Firefox 4.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011/05/02 14:04:48 | 000,000,000 | ---D | M]

FF - HKLM\software\mozilla\Mozilla Firefox 4.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011/05/02 14:04:35 | 000,000,000 | ---D | M]

[2009/10/10 14:22:29 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Emmanuel\AppData\Roaming\mozilla\Extensions

[2009/10/10 14:22:29 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Emmanuel\AppData\Roaming\mozilla\Extensions\{2f1e6a90-e99e-11dd-ba2f-0800200c9a66}

[2011/05/08 11:24:17 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Emmanuel\AppData\Roaming\mozilla\Firefox\Profiles\8681oi1f.default\extensions

[2011/04/04 19:59:04 | 000,000,000 | ---D | M] (DownloadHelper) -- C:\Users\Emmanuel\AppData\Roaming\mozilla\Firefox\Profiles\8681oi1f.default\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}

[2011/03/18 12:10:47 | 000,000,000 | ---D | M] (LinkedIn Companion for Firefox) -- C:\Users\Emmanuel\AppData\Roaming\mozilla\Firefox\Profiles\8681oi1f.default\extensions\{e2337727-f9c9-411b-929e-287584341d1a}

[2010/09/29 10:23:16 | 000,000,000 | ---D | M] (United States English Spellchecker) -- C:\Users\Emmanuel\AppData\Roaming\mozilla\Firefox\Profiles\8681oi1f.default\extensions\en-US@dictionaries.addons.mozilla.org

[2010/01/17 12:28:37 | 000,004,166 | ---- | M] () -- C:\Users\Emmanuel\AppData\Roaming\Mozilla\Firefox\Profiles\8681oi1f.default\searchplugins\baidu.xml

[2011/05/02 14:04:47 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions

[2010/07/17 14:26:18 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}

[2010/08/24 19:46:28 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}

[2010/10/18 16:42:14 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}

File not found (No name found) --

[2011/01/15 17:17:28 | 000,000,000 | ---D | M] (Download Accelerator Plus (DAP) extension) -- C:\PROGRAM FILES\DAP\DAPFIREFOX

[2011/05/02 15:11:12 | 000,000,000 | ---D | M] (Roboform Toolbar for Firefox) -- C:\PROGRAM FILES\SIBER SYSTEMS\AI ROBOFORM\FIREFOX

[2009/07/06 02:37:34 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\WINDOWS\MICROSOFT.NET\FRAMEWORK\V3.5\WINDOWS PRESENTATION FOUNDATION\DOTNETASSISTANTEXTENSION

[2011/04/15 00:47:17 | 000,142,296 | ---- | M] (Mozilla Foundation) -- C:\Program Files\Mozilla Firefox\components\browsercomps.dll

[2008/12/15 15:05:50 | 000,234,496 | ---- | M] (Alipay.com co.,ltd) -- C:\Program Files\Mozilla Firefox\plugins\npaliedit.dll

[2010/09/15 04:50:38 | 000,472,808 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npdeployJava1.dll

[2007/05/17 05:00:12 | 000,046,856 | ---- | M] (E-Book Systems.) -- C:\Program Files\Mozilla Firefox\plugins\NPOpf.dll

[2010/01/01 16:00:00 | 000,001,516 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\amazon-france.xml

[2010/01/01 16:00:00 | 000,002,252 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\bing.xml

[2010/01/01 16:00:00 | 000,001,822 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\cnrtl-tlfi-fr.xml

[2010/01/01 16:00:00 | 000,001,154 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\eBay-france.xml

[2010/01/01 16:00:00 | 000,001,426 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\wikipedia-fr.xml

[2010/01/01 16:00:00 | 000,000,956 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\yahoo-france.xml

[2011/02/28 15:06:17 | 000,001,066 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\yahoo-zugo.xml

O1 HOSTS File: ([2011/03/24 14:42:12 | 000,001,963 | ---- | M]) - C:\Windows\System32\drivers\etc\HOSTS

O1 - Hosts: 127.0.0.1 localhost

O1 - Hosts: ::1 localhost

O1 - Hosts: 127.0.0.1 activate.adobe.com

O1 - Hosts: 127.0.0.1 practivate.adobe.com

O1 - Hosts: 127.0.0.1 ereg.adobe.com

O1 - Hosts: 127.0.0.1 activate.wip3.adobe.com

O1 - Hosts: 127.0.0.1 wip3.adobe.com

O1 - Hosts: 127.0.0.1 3dns-3.adobe.com

O1 - Hosts: 127.0.0.1 3dns-2.adobe.com

O1 - Hosts: 127.0.0.1 adobe-dns.adobe.com

O1 - Hosts: 127.0.0.1 adobe-dns-2.adobe.com

O1 - Hosts: 127.0.0.1 adobe-dns-3.adobe.com

O1 - Hosts: 127.0.0.1 ereg.wip3.adobe.com

O1 - Hosts: 127.0.0.1 activate-sea.adobe.com

O1 - Hosts: 127.0.0.1 wwis-dubc1-vip60.adobe.com

O1 - Hosts: 127.0.0.1 activate-sjc0.adobe.com

O1 - Hosts: 127.0.0.1 wwis-dubc1-vip60.adobe.com

O1 - Hosts: 66.207.162.66 freedur.com

O1 - Hosts: 66.207.162.66 www.freedur.com

O1 - Hosts: 204.152.194.50 clients.freedur.com

O1 - Hosts: 204.152.194.50 blog.freedur.com

O1 - Hosts: 66.207.162.66 freedur.net

O1 - Hosts: 66.207.162.66 www.freedur.net

O1 - Hosts: 204.152.194.50 clients.freedur.net

O1 - Hosts: 204.152.194.50 blog.freedur.net

O1 - Hosts: 15 more lines...

O2 - BHO: (SnagIt Toolbar Loader) - {00C6482D-C502-44C8-8409-FCE54AD9C208} - C:\Program Files\TechSmith\Snagit 9\SnagitBHO.dll (TechSmith Corporation)

O2 - BHO: (FlpLauncher Class) - {4401FDC3-7996-4774-8D2B-C1AE9CD6CC25} - C:\Program Files\E-Book Systems\FlipViewer\fvbho140.dll (E-Book Systems Inc.)

O2 - BHO: (CmjBrowserHelperObject Object) - {6FE6A929-59D1-4763-91AD-29B61CFFB35B} - C:\Program Files\Mindjet\MindManager 9\Mm8InternetExplorer.dll (Mindjet)

O2 - BHO: (no name) - {724d43a9-0d85-11d4-9908-00400523e39a} - C:\Program Files\Siber Systems\AI RoboForm\roboform.dll (Siber Systems Inc.)

O2 - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)

O2 - BHO: (SSVHelper Class) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)

O2 - BHO: (Adobe PDF Conversion Toolbar Helper) - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)

O2 - BHO: (Skype Plug-In) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)

O2 - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)

O2 - BHO: (SmartSelect Class) - {F4971EE7-DAA0-4053-9964-665D8EE6A077} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)

O2 - BHO: (DAPIELoader Class) - {FF6C3CF0-4B15-11D1-ABED-709549C10000} - C:\Program Files\DAP\dapieloader.dll (SpeedBit Ltd.)

O3 - HKLM\..\Toolbar: (BitDefender Toolbar) - {381FFDE8-2394-4f90-B10D-FC6124A40F8C} - C:\Program Files\BitDefender\BitDefender 2010\ietoolbar.dll (BitDefender S.R.L.)

O3 - HKLM\..\Toolbar: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)

O3 - HKLM\..\Toolbar: (&RoboForm) - {724d43a0-0d85-11d4-9908-00400523e39a} - C:\Program Files\Siber Systems\AI RoboForm\roboform.dll (Siber Systems Inc.)

O3 - HKLM\..\Toolbar: (Snagit) - {8FF5E183-ABDE-46EB-B09E-D2AAB95CABE3} - C:\Program Files\TechSmith\Snagit 9\SnagitIEAddin.dll (TechSmith Corporation)

O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {10134636-E7AF-4AC5-A1DC-C7C44BB97D81} - No CLSID value found.

O3 - HKCU\..\Toolbar\WebBrowser: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)

O3 - HKCU\..\Toolbar\WebBrowser: (&RoboForm) - {724D43A0-0D85-11D4-9908-00400523E39A} - C:\Program Files\Siber Systems\AI RoboForm\roboform.dll (Siber Systems Inc.)

O4 - HKLM..\Run: [bCSSync] C:\Program Files\Microsoft Office\Office14\BCSSync.exe (Microsoft Corporation)

O4 - HKLM..\Run: [spySweeper] C:\Program Files\Webroot\WebrootSecurity\SpySweeperUI.exe (Webroot Software, Inc.)

O4 - HKLM..\Run: [sunJavaUpdateSched] File not found

O4 - HKCU..\Run: [AdobeBridge] File not found

O4 - HKCU..\Run: [Ditto] C:\Program Files\Ditto\Ditto.exe ()

O4 - HKCU..\Run: [lnksutil] File not found

O4 - HKCU..\Run: [OfficeSyncProcess] C:\Program Files\Microsoft Office\Office14\MSOSYNC.EXE (Microsoft Corporation)

O4 - HKCU..\Run: [RoboForm] C:\Program Files\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe (Siber Systems)

O8 - Extra context menu item: &Clean Traces - C:\Program Files\DAP\Privacy Package\dapcleanerie.htm ()

O8 - Extra context menu item: &Download with &DAP - C:\Program Files\DAP\dapextie.htm ()

O8 - Extra context menu item: Append Link Target to Existing PDF - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)

O8 - Extra context menu item: Append to existing PDF - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)

O8 - Extra context menu item: Barre RoboForm - C:\Program Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html ()

O8 - Extra context menu item: Convert link target to Adobe PDF - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)

O8 - Extra context menu item: Convert link target to existing PDF - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)

O8 - Extra context menu item: Convert to Adobe PDF - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)

O8 - Extra context menu item: Download &all with DAP - C:\Program Files\DAP\dapextie2.htm ()

O8 - Extra context menu item: E&xport to Microsoft Excel - C:\Program Files\Microsoft Office\Office14\EXCEL.EXE (Microsoft Corporation)

O8 - Extra context menu item: Enregistrer le formulaire - C:\Program Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html ()

O8 - Extra context menu item: Personnaliser le menu - C:\Program Files\Siber Systems\AI RoboForm\RoboFormComCustomizeIEMenu.html ()

O8 - Extra context menu item: QQ - C:\Program Files\Tencent\QQIntl\Bin\AddEmotion.htm ()

O8 - Extra context menu item: Remplir le formulaire - C:\Program Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html ()

O8 - Extra context menu item: Se&nd to OneNote - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)

O8 - Extra context menu item: Send image to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm ()

O8 - Extra context menu item: Send page to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()

O9 - Extra Button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)

O9 - Extra 'Tools' menuitem : Se&nd to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)

O9 - Extra Button: Send to Mindjet MindManager - {2F72393D-2472-4F82-B600-ED77F354B7FF} - C:\Program Files\Mindjet\MindManager 9\Mm8InternetExplorer.dll (Mindjet)

O9 - Extra Button: Remplir - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - C:\Program Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html ()

O9 - Extra 'Tools' menuitem : Remplir le formulaire - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - C:\Program Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html ()

O9 - Extra Button: Enregistrer - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - C:\Program Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html ()

O9 - Extra 'Tools' menuitem : Enregistrer le formulaire - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - C:\Program Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html ()

O9 - Extra Button: Barre RoboForm - {724d43aa-0d85-11d4-9908-00400523e39a} - C:\Program Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html ()

O9 - Extra 'Tools' menuitem : Barre RoboForm - {724d43aa-0d85-11d4-9908-00400523e39a} - C:\Program Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html ()

O9 - Extra Button: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)

O9 - Extra 'Tools' menuitem : OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)

O9 - Extra Button: Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)

O9 - Extra 'Tools' menuitem : Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)

O9 - Extra Button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()

O9 - Extra 'Tools' menuitem : @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()

O10 - NameSpace_Catalog5\Catalog_Entries\000000000008 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)

O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Windows\System32\ASProxy.dll (Astrill)

O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Windows\System32\ASProxy.dll (Astrill)

O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\Windows\System32\ASProxy.dll (Astrill)

O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\Windows\System32\ASProxy.dll (Astrill)

O10 - Protocol_Catalog9\Catalog_Entries\000000000016 - C:\Windows\System32\ASProxy.dll (Astrill)

O13 - gopher Prefix: missing

O15 - HKCU\..Trusted Domains: alipay.com ([]http in Trusted sites)

O15 - HKCU\..Trusted Domains: alipay.com ([]https in Trusted sites)

O15 - HKCU\..Trusted Domains: alisoft.com ([]http in Trusted sites)

O15 - HKCU\..Trusted Domains: alisoft.com ([]https in Trusted sites)

O15 - HKCU\..Trusted Domains: carrefour.com.cn ([e-shop] https in Trusted sites)

O15 - HKCU\..Trusted Domains: imdb.com ([secure] https in Trusted sites)

O15 - HKCU\..Trusted Domains: taobao.com ([]http in Trusted sites)

O15 - HKCU\..Trusted Domains: taobao.com ([]https in Trusted sites)

O16 - DPF: {1E0DFFCF-27FF-4574-849B-55007349FEDA} https://download.alipay.com/aliedit/aliedit/2401/aliedit.cab (iTrusPTA Class)

O16 - DPF: {233C1507-6A77-46A4-9443-F871F945D258} http://download.macromedia.com/pub/shockwave/cabs/director/sw.cab (Reg Error: Key error.)

O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22)

O16 - DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22)

O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22)

O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)

O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 180.168.255.118 116.228.111.18

O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)

O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)

O20 - AppInit_DLLs: (acaptuser32.dll) - C:\Windows\System32\acaptuser32.dll (Adobe Systems, Inc.)

O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)

O20 - Winlogon\Notify\VESWinlogon: DllName - VESWinlogon.dll - C:\Windows\System32\VESWinlogon.dll (Sony Corporation)

O22 - SharedTaskScheduler: {E31004D1-A431-41B8-826F-E902F9D95C81} - Windows DreamScene - C:\Windows\System32\DreamScene.dll (Microsoft Corporation)

O24 - Desktop WallPaper: C:\Windows\Web\Wallpaper\img25.jpg

O24 - Desktop BackupWallPaper: C:\Windows\Web\Wallpaper\img25.jpg

O28 - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)

O32 - HKLM CDRom: AutoRun - 1

O32 - AutoRun File - [2006/09/19 05:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]

O33 - MountPoints2\{52ec45d6-db65-11de-ba0c-001dba1ac618}\Shell - "" = AutoRun

O33 - MountPoints2\{52ec45d6-db65-11de-ba0c-001dba1ac618}\Shell\AutoRun\command - "" = I:\LaunchU3.exe -a

O33 - MountPoints2\{628509f1-8cc3-11de-9c1c-001e3ded49ed}\Shell - "" = AutoRun

O33 - MountPoints2\{628509f1-8cc3-11de-9c1c-001e3ded49ed}\Shell\AutoRun\command - "" = G:\setup.exe

O33 - MountPoints2\{8c12c0c1-75ee-11dd-a0c9-001e3ded49ed}\Shell - "" = AutoRun

O33 - MountPoints2\{8c12c0c1-75ee-11dd-a0c9-001e3ded49ed}\Shell\AutoRun\command - "" = J:\StormF1.exe

O33 - MountPoints2\{cb33206e-ea18-11de-9111-00125a6014a8}\Shell - "" = AutoRun

O33 - MountPoints2\{cb33206e-ea18-11de-9111-00125a6014a8}\Shell\AutoRun\command - "" = G:\USBAutoRun.exe

O33 - MountPoints2\{f45104b5-2b1d-11df-9eef-001e3ded49ed}\Shell\AutoRun\command - "" = C:\Windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL I:\Zaptag-Run-Me.hta

O34 - HKLM BootExecute: (autocheck autochk *) - File not found

O35 - HKLM\..comfile [open] -- "%1" %*

O35 - HKLM\..exefile [open] -- "%1" %*

O37 - HKLM\...com [@ = comfile] -- "%1" %*

O37 - HKLM\...exe [@ = exefile] -- "%1" %*

NetSvcs: FastUserSwitchingCompatibility - File not found

NetSvcs: Ias - File not found

NetSvcs: Nla - File not found

NetSvcs: Ntmssvc - File not found

NetSvcs: NWCWorkstation - File not found

NetSvcs: Nwsapagent - File not found

NetSvcs: SRService - File not found

NetSvcs: WmdmPmSp - File not found

NetSvcs: LogonHours - File not found

NetSvcs: PCAudit - File not found

NetSvcs: helpsvc - File not found

NetSvcs: uploadmgr - File not found

Drivers32: msacm.l3acm - C:\Windows\System32\l3codecp.acm (Fraunhofer Institut Integrierte Schaltungen IIS)

Drivers32: msacm.l3codec - C:\Windows\System32\l3codecp.acm (Fraunhofer Institut Integrierte Schaltungen IIS)

Drivers32: MSVideo8 - C:\Windows\System32\vfwwdm32.dll (Microsoft Corporation)

Drivers32: vidc.cvid - C:\Windows\System32\iccvid.dll (Radius Inc.)

Drivers32: VIDC.dvsd - C:\Program Files\Common Files\Sony Shared\VideoLib\sonydv.dll (Sony Corporation)

CREATERESTOREPOINT

Restore point Set: OTL Restore Point

PhysicalDisk0 MBR saved to C:\PhysicalMBR.bin

========== Files/Folders - Created Within 30 Days ==========

[2011/05/08 16:33:56 | 000,000,000 | ---D | C] -- C:\Windows\System32\WindowsPowerShell

[2011/05/08 16:30:28 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Live

[2011/05/08 16:19:49 | 000,000,000 | ---D | C] -- C:\Users\Emmanuel\AppData\Local\Windows Live

[2011/05/08 16:11:31 | 000,754,688 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\webservices.dll

[2011/05/08 15:23:02 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\winrsmgr.dll

[2011/05/08 15:22:38 | 000,040,448 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\winrs.exe

[2011/05/08 15:22:38 | 000,020,480 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\winrshost.exe

[2011/05/08 15:22:38 | 000,012,800 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wsmprovhost.exe

[2011/05/08 15:22:35 | 000,010,240 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wsmplpxy.dll

[2011/05/08 15:22:35 | 000,010,240 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\winrssrv.dll

[2011/05/08 15:22:31 | 000,056,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wecapi.dll

[2011/05/08 15:22:30 | 000,081,408 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wevtfwd.dll

[2011/05/08 15:22:30 | 000,079,872 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wecutil.exe

[2011/05/08 15:22:30 | 000,054,272 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WsmRes.dll

[2011/05/08 15:22:30 | 000,041,472 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\pwrshplugin.dll

[2011/05/08 15:22:16 | 000,252,416 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WSManMigrationPlugin.dll

[2011/05/08 15:22:16 | 000,246,272 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WSManHTTPConfig.exe

[2011/05/08 15:22:16 | 000,241,152 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\winrscmd.dll

[2011/05/08 15:22:16 | 000,214,016 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WsmWmiPl.dll

[2011/05/08 15:22:16 | 000,145,408 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WsmAuto.dll

[2011/05/08 14:51:00 | 000,580,608 | ---- | C] (OldTimer Tools) -- C:\Users\Emmanuel\Desktop\OTL.exe

[2011/05/08 11:13:10 | 000,025,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dnscacheugc.exe

[2011/05/08 11:02:45 | 001,068,544 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\DWrite.dll

[2011/05/08 11:02:44 | 000,288,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\XpsGdiConverter.dll

[2011/05/08 11:01:09 | 000,028,672 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\Apphlpdm.dll

[2011/05/08 11:01:08 | 004,240,384 | ---- | C] (Microsoft) -- C:\Windows\System32\GameUXLegacyGDFs.dll

[2011/05/08 11:00:32 | 003,602,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ntkrnlpa.exe

[2011/05/08 11:00:28 | 003,550,096 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ntoskrnl.exe

[2011/05/08 10:59:56 | 002,041,856 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\win32k.sys

[2011/05/08 10:59:45 | 000,429,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\EncDec.dll

[2011/05/08 10:59:44 | 000,322,560 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\sbe.dll

[2011/05/08 10:59:43 | 000,177,664 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mpg2splt.ax

[2011/05/08 10:59:43 | 000,153,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\sbeio.dll

[2011/05/08 10:59:07 | 000,292,864 | ---- | C] (Adobe Systems Incorporated) -- C:\Windows\System32\atmfd.dll

[2011/05/08 10:59:06 | 000,034,304 | ---- | C] (Adobe Systems) -- C:\Windows\System32\atmlib.dll

[2011/05/08 10:58:54 | 001,162,240 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mfc42u.dll

[2011/05/08 10:58:50 | 001,136,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mfc42.dll

[2011/05/08 10:58:22 | 000,191,488 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\FXSCOVER.exe

[2011/05/08 03:55:46 | 000,000,000 | ---D | C] -- C:\Users\Emmanuel\Desktop\Malware Cleanup

[2011/05/08 03:55:15 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Your Uninstaller! 7

[2011/05/08 03:55:11 | 000,000,000 | ---D | C] -- C:\Program Files\Your Uninstaller! 7

[2011/05/08 03:28:55 | 000,161,792 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msls31.dll

[2011/05/08 03:28:55 | 000,065,024 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jsproxy.dll

[2011/05/08 03:28:54 | 000,162,304 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msrating.dll

[2011/05/08 03:28:53 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieui.dll

[2011/05/08 03:28:53 | 000,086,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iesysprep.dll

[2011/05/08 03:28:53 | 000,076,800 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\SetIEInstalledDate.exe

[2011/05/08 03:28:53 | 000,074,752 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\RegisterIEPKEYs.exe

[2011/05/08 03:28:53 | 000,048,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mshtmler.dll

[2011/05/08 03:28:51 | 000,367,104 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\html.iec

[2011/05/08 03:28:51 | 000,353,792 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dxtmsft.dll

[2011/05/08 03:28:51 | 000,223,232 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dxtrans.dll

[2011/05/08 03:28:50 | 003,695,416 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieapfltr.dat

[2011/05/08 03:28:50 | 000,434,176 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieapfltr.dll

[2011/05/08 03:28:49 | 001,427,456 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\inetcpl.cpl

[2011/05/08 03:28:49 | 000,353,584 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iedkcs32.dll

[2011/05/08 03:28:49 | 000,231,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\url.dll

[2011/05/08 03:28:49 | 000,074,752 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iesetup.dll

[2011/05/08 03:28:49 | 000,074,240 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ie4uinit.exe

[2011/05/08 03:28:49 | 000,031,744 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iernonce.dll

[2011/05/08 03:28:48 | 000,580,608 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeeds.dll

[2011/05/08 03:28:48 | 000,152,064 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wextract.exe

[2011/05/08 03:28:48 | 000,150,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iexpress.exe

[2011/05/08 03:28:48 | 000,078,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\inseng.dll

[2011/05/08 03:28:48 | 000,023,552 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\licmgr10.dll

[2011/05/08 03:28:47 | 000,420,864 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\vbscript.dll

[2011/05/08 03:28:46 | 002,382,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mshtml.tlb

[2011/05/08 03:28:46 | 000,142,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieUnatt.exe

[2011/05/08 03:28:46 | 000,054,272 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\pngfilt.dll

[2011/05/08 03:28:44 | 000,101,888 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\admparse.dll

[2011/05/08 03:28:43 | 000,227,840 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieaksie.dll

[2011/05/08 03:28:42 | 000,163,840 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieakui.dll

[2011/05/08 03:28:39 | 001,797,632 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jscript9.dll

[2011/05/08 03:28:39 | 000,716,800 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jscript.dll

[2011/05/08 03:28:38 | 000,035,840 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\imgutil.dll

[2011/05/08 03:28:34 | 000,118,784 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iepeers.dll

[2011/05/08 03:28:30 | 000,041,472 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeedsbs.dll

[2011/05/08 03:28:30 | 000,010,752 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeedssync.exe

[2011/05/08 03:28:28 | 000,110,592 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\IEAdvpack.dll

[2011/05/08 03:28:27 | 000,130,560 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieakeng.dll

[2011/05/08 03:26:15 | 000,979,456 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\MFH264Dec.dll

[2011/05/08 03:26:14 | 000,357,376 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\MFHEAACdec.dll

[2011/05/08 03:26:13 | 000,302,592 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mfmp4src.dll

[2011/05/08 03:26:12 | 000,261,632 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mfreadwrite.dll

[2011/05/08 03:26:11 | 002,873,344 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mf.dll

[2011/05/08 03:26:09 | 000,098,816 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mfps.dll

[2011/05/08 03:26:05 | 000,209,920 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mfplat.dll

[2011/05/08 03:25:48 | 000,683,008 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d2d1.dll

[2011/05/08 03:25:48 | 000,135,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\XpsRasterService.dll

[2011/05/08 03:25:46 | 000,486,400 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3d10level9.dll

[2011/05/08 03:25:45 | 001,172,480 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3d10warp.dll

[2011/05/08 03:25:44 | 000,219,648 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3d10_1core.dll

[2011/05/08 03:25:44 | 000,160,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3d10_1.dll

[2011/05/08 03:25:43 | 001,029,120 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3d10.dll

[2011/05/08 03:25:43 | 000,189,952 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3d10core.dll

[2011/05/08 03:25:42 | 000,478,720 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dxgi.dll

[2011/05/08 03:25:41 | 000,037,376 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\cdd.dll

[2011/05/08 03:25:40 | 000,667,648 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\printfilterpipelinesvc.exe

[2011/05/08 03:25:40 | 000,026,112 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\printfilterpipelineprxy.dll

[2011/05/08 03:25:38 | 000,847,360 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\OpcServices.dll

[2011/05/08 03:25:37 | 001,554,432 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\xpsservices.dll

[2011/05/08 03:25:36 | 000,876,032 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\XpsPrint.dll

[2011/05/08 02:50:07 | 000,000,000 | ---D | C] -- C:\Program Files\Windows Portable Devices

[2011/05/08 02:44:59 | 000,092,672 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\UIAnimation.dll

[2011/05/08 02:44:56 | 003,023,360 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\UIRibbon.dll

[2011/05/08 02:44:56 | 001,164,800 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\UIRibbonRes.dll

[2011/05/08 02:43:17 | 000,369,664 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WMPhoto.dll

[2011/05/08 02:43:11 | 000,195,584 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dxdiagn.dll

[2011/05/08 02:43:11 | 000,189,440 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WindowsCodecsExt.dll

[2011/05/08 02:43:10 | 000,321,024 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\PhotoMetadataHandler.dll

[2011/05/08 02:43:10 | 000,252,928 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dxdiag.exe

[2011/05/08 02:43:09 | 000,519,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3d11.dll

[2011/05/08 02:41:29 | 000,030,208 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WPDShextAutoplay.exe

[2011/05/08 02:41:28 | 000,031,232 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\BthMtpContextHandler.dll

[2011/05/08 02:41:20 | 000,060,928 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\PortableDeviceConnectApi.dll

[2011/05/08 02:41:15 | 000,033,280 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WpdConns.dll

[2011/05/08 02:41:14 | 000,546,816 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wpd_ci.dll

[2011/05/08 02:41:14 | 000,061,952 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WpdMtpUS.dll

[2011/05/08 02:41:13 | 000,350,208 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WPDSp.dll

[2011/05/08 02:41:13 | 000,334,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\PortableDeviceApi.dll

[2011/05/08 02:41:13 | 000,226,816 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WpdMtp.dll

[2011/05/08 02:41:13 | 000,196,608 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\PortableDeviceWMDRM.dll

[2011/05/08 02:41:13 | 000,160,256 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\PortableDeviceTypes.dll

[2011/05/08 02:41:13 | 000,100,864 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\PortableDeviceClassExtension.dll

[2011/05/08 02:38:21 | 000,004,096 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\oleaccrc.dll

[2011/05/08 02:38:19 | 000,555,520 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\UIAutomationCore.dll

[2011/05/08 02:08:02 | 000,714,240 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\timedate.cpl

[2011/05/08 02:07:50 | 001,696,256 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\gameux.dll

[2011/05/08 02:06:17 | 000,471,552 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\secproc_isv.dll

[2011/05/08 02:06:17 | 000,471,552 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\secproc.dll

[2011/05/08 02:06:15 | 000,526,336 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\RMActivate_isv.exe

[2011/05/08 02:06:15 | 000,518,144 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\RMActivate.exe

[2011/05/08 02:06:15 | 000,347,136 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\RMActivate_ssp.exe

[2011/05/08 02:06:15 | 000,346,624 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\RMActivate_ssp_isv.exe

[2011/05/08 02:06:14 | 000,332,288 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msdrm.dll

[2011/05/08 02:06:14 | 000,152,576 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\secproc_ssp_isv.dll

[2011/05/08 02:06:14 | 000,152,064 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\secproc_ssp.dll

[2011/05/08 01:59:48 | 000,310,784 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\unregmp2.exe

[2011/05/06 10:50:09 | 000,000,000 | ---D | C] -- C:\Users\Emmanuel\AppData\Roaming\Malwarebytes

[2011/05/06 10:49:54 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys

[2011/05/06 10:49:54 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware

[2011/05/06 10:49:52 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes

[2011/05/06 10:49:48 | 000,020,952 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys

[2011/05/06 10:49:48 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware

[2011/05/04 11:23:56 | 000,000,000 | ---D | C] -- C:\Program Files\Hewlett-Packard

[2011/05/02 15:17:42 | 000,000,000 | ---D | C] -- C:\Users\Emmanuel\AppData\Roaming\RoboForm

[2011/05/02 15:11:02 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\RoboForm

[2011/05/02 10:58:02 | 001,481,496 | -H-- | C] (Dynamic Internet Technology, Inc.) -- C:\Users\Emmanuel\Desktop\fg710p.exe

[2011/04/24 15:29:11 | 000,000,000 | ---D | C] -- C:\Users\Emmanuel\Desktop\Marketing Documents

========== Files - Modified Within 30 Days ==========

[2011/05/08 21:00:35 | 000,001,073 | -H-- | M] () -- C:\Users\Emmanuel\Desktop\fg.ini

[2011/05/08 20:45:54 | 000,000,512 | ---- | M] () -- C:\PhysicalMBR.bin

[2011/05/08 20:29:59 | 000,000,438 | ---- | M] () -- C:\Windows\System32\drivers\etc\hosts.ics

[2011/05/08 19:46:31 | 000,431,304 | ---- | M] () -- C:\Windows\System32\prfh0404.dat

[2011/05/08 19:46:31 | 000,421,940 | ---- | M] () -- C:\Windows\System32\prfh0804.dat

[2011/05/08 19:46:31 | 000,127,458 | ---- | M] () -- C:\Windows\System32\prfc0404.dat

[2011/05/08 19:46:31 | 000,127,446 | ---- | M] () -- C:\Windows\System32\prfc0804.dat

[2011/05/08 19:46:30 | 000,751,468 | ---- | M] () -- C:\Windows\System32\perfh00C.dat

[2011/05/08 19:46:30 | 000,674,182 | ---- | M] () -- C:\Windows\System32\perfh009.dat

[2011/05/08 19:46:30 | 000,152,004 | ---- | M] () -- C:\Windows\System32\perfc00C.dat

[2011/05/08 19:46:30 | 000,127,904 | ---- | M] () -- C:\Windows\System32\perfc009.dat

[2011/05/08 19:42:04 | 007,571,368 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT

[2011/05/08 19:41:54 | 000,003,616 | ---- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0

[2011/05/08 19:41:53 | 000,003,616 | ---- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0

[2011/05/08 19:38:14 | 000,065,536 | ---- | M] () -- C:\Windows\System32\Ikeext.etl

[2011/05/08 19:36:40 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat

[2011/05/08 19:25:21 | 000,000,052 | ---- | M] () -- C:\Windows\System32\ashttpstats.csv

[2011/05/08 19:25:11 | 000,003,204 | ---- | M] () -- C:\Windows\bthservsdp.dat

[2011/05/08 15:43:13 | 000,002,357 | ---- | M] () -- C:\Users\Emmanuel\Application Data\Microsoft\Internet Explorer\Quick Launch\Outlook 2010.lnk

[2011/05/08 14:51:23 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Users\Emmanuel\Desktop\OTL.exe

[2011/05/08 14:18:49 | 000,002,555 | ---- | M] () -- C:\Users\Emmanuel\Application Data\Microsoft\Internet Explorer\Quick Launch\Microsoft Excel 2010.lnk

[2011/05/08 10:28:45 | 000,000,908 | ---- | M] () -- C:\Users\Emmanuel\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk

[2011/05/08 03:58:52 | 000,146,944 | ---- | M] () -- C:\Users\Emmanuel\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini

[2011/05/08 03:29:19 | 000,008,798 | ---- | M] () -- C:\Windows\System32\icrav03.rat

[2011/05/08 03:29:19 | 000,001,988 | ---- | M] () -- C:\Windows\System32\ticrf.rat

[2011/05/08 03:28:55 | 000,161,792 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\msls31.dll

[2011/05/08 03:28:55 | 000,065,024 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\jsproxy.dll

[2011/05/08 03:28:54 | 000,162,304 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\msrating.dll

[2011/05/08 03:28:53 | 000,176,640 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\ieui.dll

[2011/05/08 03:28:53 | 000,086,528 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\iesysprep.dll

[2011/05/08 03:28:53 | 000,076,800 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\SetIEInstalledDate.exe

[2011/05/08 03:28:53 | 000,074,752 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\RegisterIEPKEYs.exe

[2011/05/08 03:28:53 | 000,048,640 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\mshtmler.dll

[2011/05/08 03:28:51 | 000,367,104 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\html.iec

[2011/05/08 03:28:51 | 000,353,792 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\dxtmsft.dll

[2011/05/08 03:28:51 | 000,223,232 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\dxtrans.dll

[2011/05/08 03:28:50 | 003,695,416 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\ieapfltr.dat

[2011/05/08 03:28:50 | 000,434,176 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\ieapfltr.dll

[2011/05/08 03:28:49 | 001,427,456 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\inetcpl.cpl

[2011/05/08 03:28:49 | 000,353,584 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\iedkcs32.dll

[2011/05/08 03:28:49 | 000,231,936 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\url.dll

[2011/05/08 03:28:49 | 000,074,752 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\iesetup.dll

[2011/05/08 03:28:49 | 000,074,240 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\ie4uinit.exe

[2011/05/08 03:28:49 | 000,072,822 | ---- | M] () -- C:\Windows\System32\ieuinit.inf

[2011/05/08 03:28:49 | 000,031,744 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\iernonce.dll

[2011/05/08 03:28:48 | 000,580,608 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\msfeeds.dll

[2011/05/08 03:28:48 | 000,152,064 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\wextract.exe

[2011/05/08 03:28:48 | 000,150,528 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\iexpress.exe

[2011/05/08 03:28:48 | 000,078,848 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\inseng.dll

[2011/05/08 03:28:48 | 000,023,552 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\licmgr10.dll

[2011/05/08 03:28:47 | 000,420,864 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\vbscript.dll

[2011/05/08 03:28:46 | 002,382,848 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\mshtml.tlb

[2011/05/08 03:28:46 | 000,142,848 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\ieUnatt.exe

[2011/05/08 03:28:46 | 000,054,272 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\pngfilt.dll

[2011/05/08 03:28:44 | 000,101,888 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\admparse.dll

[2011/05/08 03:28:43 | 000,227,840 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\ieaksie.dll

[2011/05/08 03:28:42 | 000,163,840 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\ieakui.dll

[2011/05/08 03:28:39 | 001,797,632 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\jscript9.dll

[2011/05/08 03:28:39 | 000,716,800 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\jscript.dll

[2011/05/08 03:28:38 | 000,035,840 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\imgutil.dll

[2011/05/08 03:28:34 | 000,118,784 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\iepeers.dll

[2011/05/08 03:28:30 | 000,041,472 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\msfeedsbs.dll

[2011/05/08 03:28:30 | 000,010,752 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\msfeedssync.exe

[2011/05/08 03:28:28 | 000,110,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\IEAdvpack.dll

[2011/05/08 03:28:27 | 000,130,560 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\ieakeng.dll

[2011/05/08 03:26:15 | 000,979,456 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\MFH264Dec.dll

[2011/05/08 03:26:14 | 000,357,376 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\MFHEAACdec.dll

[2011/05/08 03:26:13 | 000,302,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\mfmp4src.dll

[2011/05/08 03:26:12 | 000,261,632 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\mfreadwrite.dll

[2011/05/08 03:26:11 | 002,873,344 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\mf.dll

[2011/05/08 03:26:09 | 000,098,816 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\mfps.dll

[2011/05/08 03:26:05 | 000,209,920 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\mfplat.dll

[2011/05/08 03:25:48 | 000,683,008 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\d2d1.dll

[2011/05/08 03:25:48 | 000,135,680 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\XpsRasterService.dll

[2011/05/08 03:25:46 | 000,486,400 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\d3d10level9.dll

[2011/05/08 03:25:45 | 001,172,480 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\d3d10warp.dll

[2011/05/08 03:25:44 | 000,219,648 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\d3d10_1core.dll

[2011/05/08 03:25:44 | 000,160,768 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\d3d10_1.dll

[2011/05/08 03:25:43 | 001,029,120 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\d3d10.dll

[2011/05/08 03:25:43 | 000,189,952 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\d3d10core.dll

[2011/05/08 03:25:42 | 000,478,720 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\dxgi.dll

[2011/05/08 03:25:41 | 000,037,376 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\cdd.dll

[2011/05/08 03:25:40 | 000,667,648 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\printfilterpipelinesvc.exe

[2011/05/08 03:25:40 | 000,026,112 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\printfilterpipelineprxy.dll

[2011/05/08 03:25:38 | 000,847,360 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\OpcServices.dll

[2011/05/08 03:25:37 | 001,554,432 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\xpsservices.dll

[2011/05/08 03:25:36 | 000,876,032 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\XpsPrint.dll

[2011/05/08 02:49:00 | 000,000,000 | -H-- | M] () -- C:\Windows\System32\drivers\Msft_User_WpdMtpDr_01_07_00.Wdf

[2011/05/08 02:46:52 | 000,000,000 | -H-- | M] () -- C:\Windows\System32\drivers\Msft_User_WpdFs_01_07_00.Wdf

[2011/05/07 21:57:03 | 634,498,416 | ---- | M] () -- C:\Windows\MEMORY.DMP

[2011/05/07 16:38:34 | 000,000,020 | ---- | M] () -- C:\Users\Emmanuel\defogger_reenable

[2011/05/06 17:11:00 | 007,450,289 | ---- | M] () -- C:\Users\Emmanuel\Desktop\Cities of Love in Chinese.icml

[2011/05/06 13:23:19 | 000,002,597 | ---- | M] () -- C:\Users\Emmanuel\Application Data\Microsoft\Internet Explorer\Quick Launch\Microsoft Word 2010.lnk

[2011/05/02 18:52:04 | 000,004,096 | -H-- | M] () -- C:\Users\Emmanuel\AppData\Local\keyfile3.drm

[2011/05/02 14:05:03 | 000,000,835 | ---- | M] () -- C:\Users\Emmanuel\Application Data\Microsoft\Internet Explorer\Quick Launch\Mozilla Firefox.lnk

[2011/05/02 13:08:01 | 000,000,476 | ---- | M] () -- C:\Users\Emmanuel\Application Data\Microsoft\Internet Explorer\Quick Launch\fg710p.exe - Raccourci.lnk

[2011/05/02 11:18:03 | 000,003,136 | ---- | M] () -- C:\Windows\System32\ASProxy.ini

[2011/05/02 11:18:03 | 000,001,968 | ---- | M] () -- C:\Windows\System32\ASProxyOff.ini

[2011/04/29 14:26:34 | 000,000,501 | ---- | M] () -- C:\Users\Emmanuel\Desktop\Shanghai Presentation files - Raccourci.lnk

[2011/04/25 09:31:40 | 000,560,553 | ---- | M] () -- C:\Users\Emmanuel\Desktop\Shanghai - Photographic Presentation.pdf

[2011/04/22 19:30:06 | 001,634,304 | ---- | M] () -- C:\Users\Emmanuel\Desktop\SILY Transition Team in Ch.indd

[2011/04/22 19:24:48 | 002,199,552 | ---- | M] () -- C:\Users\Emmanuel\Desktop\SILY Directors Cards in Ch.indd

[2011/04/14 21:41:30 | 002,954,072 | ---- | M] () -- C:\Users\Emmanuel\Desktop\Cannes 2011.pdf

[2011/04/13 14:07:44 | 001,481,496 | -H-- | M] (Dynamic Internet Technology, Inc.) -- C:\Users\Emmanuel\Desktop\fg710p.exe

========== Files Created - No Company Name ==========

[2011/05/08 20:45:54 | 000,000,512 | ---- | C] () -- C:\PhysicalMBR.bin

[2011/05/08 15:22:20 | 000,201,184 | ---- | C] () -- C:\Windows\System32\winrm.vbs

[2011/05/08 15:22:20 | 000,002,426 | ---- | C] () -- C:\Windows\System32\WsmTxt.xsl

[2011/05/08 15:22:19 | 000,004,675 | ---- | C] () -- C:\Windows\System32\wsmanconfig_schema.xml

[2011/05/08 10:28:45 | 000,000,914 | ---- | C] () -- C:\Users\Emmanuel\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk

[2011/05/08 10:28:45 | 000,000,908 | ---- | C] () -- C:\Users\Emmanuel\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk

[2011/05/08 03:28:49 | 000,072,822 | ---- | C] () -- C:\Windows\System32\ieuinit.inf

[2011/05/08 02:49:00 | 000,000,000 | -H-- | C] () -- C:\Windows\System32\drivers\Msft_User_WpdMtpDr_01_07_00.Wdf

[2011/05/08 02:46:52 | 000,000,000 | -H-- | C] () -- C:\Windows\System32\drivers\Msft_User_WpdFs_01_07_00.Wdf

[2011/05/07 16:37:35 | 000,000,020 | ---- | C] () -- C:\Users\Emmanuel\defogger_reenable

[2011/05/06 17:11:00 | 007,450,289 | ---- | C] () -- C:\Users\Emmanuel\Desktop\Cities of Love in Chinese.icml

[2011/05/05 19:24:35 | 001,634,304 | ---- | C] () -- C:\Users\Emmanuel\Desktop\SILY Transition Team in Ch.indd

[2011/05/05 19:24:34 | 002,199,552 | ---- | C] () -- C:\Users\Emmanuel\Desktop\SILY Directors Cards in Ch.indd

[2011/05/02 18:52:04 | 000,004,096 | -H-- | C] () -- C:\Users\Emmanuel\AppData\Local\keyfile3.drm

[2011/05/02 13:08:01 | 000,000,476 | ---- | C] () -- C:\Users\Emmanuel\Application Data\Microsoft\Internet Explorer\Quick Launch\fg710p.exe - Raccourci.lnk

[2011/05/02 13:01:56 | 000,001,073 | -H-- | C] () -- C:\Users\Emmanuel\Desktop\fg.ini

[2011/04/29 14:26:34 | 000,000,501 | ---- | C] () -- C:\Users\Emmanuel\Desktop\Shanghai Presentation files - Raccourci.lnk

[2011/04/25 09:30:33 | 000,560,553 | ---- | C] () -- C:\Users\Emmanuel\Desktop\Shanghai - Photographic Presentation.pdf

[2011/04/14 21:41:30 | 002,954,072 | ---- | C] () -- C:\Users\Emmanuel\Desktop\Cannes 2011.pdf

[2011/01/15 19:16:45 | 000,000,000 | ---- | C] () -- C:\Users\Emmanuel\AppData\Roaming\chrtmp

[2010/12/31 10:02:15 | 000,000,132 | ---- | C] () -- C:\Users\Emmanuel\AppData\Roaming\Adobe PNG Format CS5 Prefs

[2010/11/01 00:05:52 | 000,001,968 | ---- | C] () -- C:\Windows\System32\ASProxyOff.ini

[2010/11/01 00:05:51 | 000,003,136 | ---- | C] () -- C:\Windows\System32\ASProxy.ini

[2010/08/02 11:06:12 | 000,038,431 | ---- | C] () -- C:\Users\Emmanuel\AppData\Roaming\Comma Separated Values (DOS).ADR

[2010/06/13 13:46:30 | 000,000,000 | ---- | C] () -- C:\Windows\System32\pcwords2.dat

[2010/06/13 13:46:30 | 000,000,000 | ---- | C] () -- C:\Windows\System32\pcwords.dat

[2010/06/13 13:46:29 | 000,000,000 | ---- | C] () -- C:\Windows\System32\pc_webproxy.dat

[2010/06/13 13:46:29 | 000,000,000 | ---- | C] () -- C:\Windows\System32\pc_video.dat

[2010/06/13 13:46:29 | 000,000,000 | ---- | C] () -- C:\Windows\System32\pc_tabloids.dat

[2010/06/13 13:46:29 | 000,000,000 | ---- | C] () -- C:\Windows\System32\pc_socialnetworks.dat

[2010/06/13 13:46:29 | 000,000,000 | ---- | C] () -- C:\Windows\System32\pc_searchengines.dat

[2010/06/13 13:46:29 | 000,000,000 | ---- | C] () -- C:\Windows\System32\pc_regionaltlds.dat

[2010/06/13 13:46:29 | 000,000,000 | ---- | C] () -- C:\Windows\System32\pc_pornography.dat

[2010/06/13 13:46:29 | 000,000,000 | ---- | C] () -- C:\Windows\System32\pc_onlineshop.dat

[2010/06/13 13:46:29 | 000,000,000 | ---- | C] () -- C:\Windows\System32\pc_onlinepay.dat

[2010/06/13 13:46:29 | 000,000,000 | ---- | C] () -- C:\Windows\System32\pc_onlinedating.dat

[2010/06/13 13:46:29 | 000,000,000 | ---- | C] () -- C:\Windows\System32\pc_news.dat

[2010/06/13 13:46:29 | 000,000,000 | ---- | C] () -- C:\Windows\System32\pc_im.dat

[2010/06/13 13:46:29 | 000,000,000 | ---- | C] () -- C:\Windows\System32\pc_illegal.dat

[2010/06/13 13:46:29 | 000,000,000 | ---- | C] () -- C:\Windows\System32\pc_hate.dat

[2010/06/13 13:46:29 | 000,000,000 | ---- | C] () -- C:\Windows\System32\pc_games.dat

[2010/06/13 13:46:29 | 000,000,000 | ---- | C] () -- C:\Windows\System32\pc_gambling.dat

[2010/06/13 13:46:29 | 000,000,000 | ---- | C] () -- C:\Windows\System32\pc_drugs.dat

[2010/01/26 14:20:07 | 000,000,760 | ---- | C] () -- C:\Users\Emmanuel\AppData\Roaming\setup_ldm.iss

[2010/01/17 11:17:08 | 000,000,164 | ---- | C] () -- C:\Windows\install.dat

[2010/01/05 18:25:22 | 000,000,050 | ---- | C] () -- C:\Windows\MegaManager.INI

[2009/12/31 12:27:14 | 000,000,156 | ---- | C] () -- C:\Windows\WININIT.INI

[2009/12/29 15:05:37 | 000,403,344 | ---- | C] () -- C:\Windows\System32\CMBEdit.dll

[2009/12/29 15:05:33 | 000,337,816 | ---- | C] () -- C:\Windows\System32\Cmb_Pb_LiveUpdate.exe

[2009/12/29 15:05:33 | 000,100,240 | ---- | C] () -- C:\Windows\System32\CmbSafeBase.dll

[2009/12/29 15:05:33 | 000,011,808 | ---- | C] () -- C:\Windows\System32\drivers\CertClient.dat

[2009/12/29 15:05:33 | 000,010,272 | ---- | C] () -- C:\Windows\System32\drivers\CMBProtector.dat

[2009/12/29 15:05:32 | 000,611,736 | ---- | C] () -- C:\Windows\System32\CMBPBUninstall.exe

[2009/12/29 15:05:32 | 000,472,976 | ---- | C] () -- C:\Windows\System32\PBHttpComm.dll

[2009/12/29 15:05:32 | 000,186,264 | ---- | C] () -- C:\Windows\System32\PersonalBankPortal.exe

[2009/12/15 13:58:10 | 000,018,760 | ---- | C] () -- C:\Windows\System32\QQVistaHelper.dll

[2009/11/06 12:00:28 | 000,031,088 | ---- | C] () -- C:\Windows\System32\wrLZMA.dll

[2009/11/06 12:00:20 | 000,016,240 | ---- | C] () -- C:\Windows\System32\SsiEfr.exe

[2009/09/11 07:53:29 | 000,001,356 | ---- | C] () -- C:\Users\Emmanuel\AppData\Local\d3d9caps.dat

[2009/08/27 15:25:33 | 000,025,736 | ---- | C] () -- C:\Windows\System32\drivers\swmsflt.sys

[2009/07/06 04:23:56 | 000,117,248 | ---- | C] () -- C:\Windows\System32\EhStorAuthn.dll

[2009/07/06 04:23:56 | 000,107,612 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchema.bin

[2009/07/06 04:21:55 | 000,062,976 | ---- | C] () -- C:\Windows\System32\PrintBrmUi.exe

[2009/05/27 15:16:48 | 000,000,015 | ---- | C] () -- C:\Program Files\winreg.ini

[2009/05/27 15:14:27 | 000,059,392 | ---- | C] () -- C:\Windows\System32\Win32Printer.dll

[2009/04/22 21:39:09 | 000,242,176 | ---- | C] () -- C:\Windows\System32\fixflash.exe

[2009/04/22 21:39:08 | 000,129,024 | ---- | C] () -- C:\Windows\System32\AVERM.dll

[2009/04/22 21:39:08 | 000,028,672 | ---- | C] () -- C:\Windows\System32\AVEQT.dll

[2009/03/08 03:11:28 | 000,000,206 | ---- | C] () -- C:\Windows\EurekaLog.ini

[2009/02/21 19:22:14 | 000,047,360 | ---- | C] () -- C:\Windows\System32\drivers\Surroundhp_kern_i386.sys

[2009/02/21 19:22:14 | 000,047,104 | ---- | C] () -- C:\Windows\System32\drivers\tshd4_kern_i386.sys

[2009/02/21 19:22:14 | 000,042,112 | ---- | C] () -- C:\Windows\System32\drivers\csiidecoder_kern_i386.sys

[2009/02/21 19:22:14 | 000,039,808 | ---- | C] () -- C:\Windows\System32\drivers\SRS_SSCFilter_i386.sys

[2009/01/31 19:45:48 | 000,431,304 | ---- | C] () -- C:\Windows\System32\prfh0404.dat

[2009/01/31 19:45:48 | 000,127,458 | ---- | C] () -- C:\Windows\System32\prfc0404.dat

[2009/01/31 19:45:48 | 000,116,540 | ---- | C] () -- C:\Windows\System32\prfi0404.dat

[2009/01/31 19:45:48 | 000,109,926 | ---- | C] () -- C:\Windows\System32\prfi0804.dat

[2009/01/31 19:45:48 | 000,030,674 | ---- | C] () -- C:\Windows\System32\prfd0404.dat

[2009/01/31 19:45:47 | 000,421,940 | ---- | C] () -- C:\Windows\System32\prfh0804.dat

[2009/01/31 19:45:47 | 000,127,446 | ---- | C] () -- C:\Windows\System32\prfc0804.dat

[2009/01/31 19:45:47 | 000,030,674 | ---- | C] () -- C:\Windows\System32\prfd0804.dat

[2009/01/20 21:07:09 | 000,000,256 | ---- | C] () -- C:\Windows\System32\pool.bin

[2009/01/19 21:55:49 | 000,000,418 | RHS- | C] () -- C:\ProgramData\ntuser.pol

[2009/01/19 21:50:01 | 000,000,056 | ---- | C] () -- C:\Windows\System32\ezsidmv.dat

[2009/01/15 13:45:34 | 000,181,248 | ---- | C] () -- C:\Windows\System32\txmlutil.dll

[2008/10/27 19:46:09 | 000,000,196 | ---- | C] () -- C:\Windows\ulead32.ini

[2008/10/15 03:00:05 | 000,000,026 | -H-- | C] () -- C:\ProgramData\.119889580931711767808769176

[2008/10/15 02:56:18 | 000,000,021 | -H-- | C] () -- C:\ProgramData\.24554863501262644635642126105

[2008/10/05 15:42:34 | 000,000,080 | ---- | C] () -- C:\Windows\System32\DCDA1745C1.dll

[2008/09/12 09:28:50 | 000,034,308 | ---- | C] () -- C:\Windows\System32\BASSMOD.dll

[2008/09/02 08:17:56 | 000,146,944 | ---- | C] () -- C:\Users\Emmanuel\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini

[2008/09/02 04:20:32 | 000,002,560 | ---- | C] () -- C:\Windows\_MSRSTRT.EXE

[2008/08/30 22:05:11 | 002,463,976 | ---- | C] () -- C:\Windows\System32\NPSWF32.dll

[2008/08/29 08:25:33 | 000,751,468 | ---- | C] () -- C:\Windows\System32\perfh00C.dat

[2008/08/29 08:25:33 | 000,340,236 | ---- | C] () -- C:\Windows\System32\perfi00C.dat

[2008/08/29 08:25:33 | 000,152,004 | ---- | C] () -- C:\Windows\System32\perfc00C.dat

[2008/08/29 08:25:33 | 000,037,390 | ---- | C] () -- C:\Windows\System32\perfd00C.dat

[2008/08/29 07:56:06 | 000,018,904 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchemaTrivial.bin

[2008/06/18 07:34:16 | 000,000,000 | ---- | C] () -- C:\Windows\VAIOUpdt.INI

[2008/06/18 06:41:36 | 000,168,883 | ---- | C] () -- C:\Windows\System32\atiicdxx.dat

[2008/06/18 06:41:36 | 000,159,744 | ---- | C] () -- C:\Windows\System32\atitmmxx.dll

[2008/06/18 06:41:36 | 000,090,112 | ---- | C] () -- C:\Windows\System32\atibrtmon.exe

[2008/06/18 06:41:16 | 000,147,456 | ---- | C] () -- C:\Windows\System32\igfxCoIn_v1493.dll

[2008/06/18 06:41:16 | 000,004,608 | ---- | C] () -- C:\Windows\System32\HdmiCoin.dll

[2008/06/18 06:11:41 | 000,000,031 | ---- | C] () -- C:\Windows\System32\elcric.dat

[2008/06/18 05:59:29 | 000,000,000 | ---- | C] () -- C:\Windows\ativpsrm.bin

[2008/06/18 05:53:54 | 003,107,788 | ---- | C] () -- C:\Windows\System32\atiumdva.dat

[2008/06/18 05:50:39 | 000,003,204 | ---- | C] () -- C:\Windows\bthservsdp.dat

[2008/01/21 10:23:41 | 000,081,158 | ---- | C] () -- C:\Windows\System32\manage-bde.ini.en

[2007/10/31 01:44:52 | 000,393,216 | ---- | C] () -- C:\Windows\System32\btwhidcs.dll

[2007/06/06 04:20:32 | 000,177,704 | ---- | C] () -- C:\Windows\System32\PSIService.exe

[2007/04/16 18:24:16 | 000,023,752 | ---- | C] () -- C:\Windows\System32\providers.bin

[2007/01/31 14:50:32 | 000,913,408 | ---- | C] () -- C:\Windows\System32\xreglib.dll

[2006/11/02 20:55:52 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat

[2006/11/02 20:46:27 | 007,571,368 | ---- | C] () -- C:\Windows\System32\FNTCACHE.DAT

[2006/11/02 20:34:20 | 000,005,632 | ---- | C] () -- C:\Windows\System32\sysprepMCE.dll

[2006/11/02 18:33:01 | 000,674,182 | ---- | C] () -- C:\Windows\System32\perfh009.dat

[2006/11/02 18:33:01 | 000,287,440 | ---- | C] () -- C:\Windows\System32\perfi009.dat

[2006/11/02 18:33:01 | 000,127,904 | ---- | C] () -- C:\Windows\System32\perfc009.dat

[2006/11/02 18:33:01 | 000,030,674 | ---- | C] () -- C:\Windows\System32\perfd009.dat

[2006/11/02 18:23:21 | 000,215,943 | ---- | C] () -- C:\Windows\System32\dssec.dat

[2006/11/02 16:58:30 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin

[2006/11/02 16:19:00 | 000,000,741 | ---- | C] () -- C:\Windows\System32\NOISE.DAT

[2006/11/02 15:40:29 | 000,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini

[2006/11/02 15:25:31 | 000,673,088 | ---- | C] () -- C:\Windows\System32\mlang.dat

[2001/11/15 04:56:00 | 001,802,240 | ---- | C] () -- C:\Windows\System32\lcppn21.dll

========== Custom Scans ==========

< %SYSTEMDRIVE%\*.* >

[2006/09/19 05:43:36 | 000,000,024 | ---- | M] () -- C:\autoexec.bat

[2011/03/08 10:19:36 | 000,063,620 | ---- | M] () -- C:\bdlog.txt

[2009/04/11 14:36:36 | 000,333,257 | RHS- | M] () -- C:\bootmgr

[2011/01/15 23:00:51 | 000,546,687 | ---- | M] () -- C:\caisslog.txt

[2006/09/19 05:43:37 | 000,000,010 | ---- | M] () -- C:\config.sys

[2009/05/11 05:22:35 | 000,000,077 | ---- | M] () -- C:\DVDRipper_debug.txt

[2008/11/28 01:22:27 | 000,000,000 | RHS- | M] () -- C:\IO.SYS

[2009/06/16 18:51:23 | 000,000,078 | ---- | M] () -- C:\lxcy.log

[2008/11/28 01:22:27 | 000,000,000 | RHS- | M] () -- C:\MSDOS.SYS

[2011/05/08 19:31:38 | 3532,775,424 | -HS- | M] () -- C:\pagefile.sys

[2010/06/13 13:46:35 | 000,000,000 | ---- | M] () -- C:\pcversion.txt

[2011/05/08 20:45:54 | 000,000,512 | ---- | M] () -- C:\PhysicalMBR.bin

[2009/06/22 20:19:33 | 000,648,016 | ---- | M] (Siber Systems) -- C:\PortableRoboForm.exe

[2009/01/19 21:37:02 | 000,000,611 | ---- | M] () -- C:\RHDSetup.log

< %systemroot%\*. /mp /s >

< %systemroot%\system32\*.dll /lockedfiles >

[2009/11/06 12:00:28 | 000,031,088 | ---- | M] () Unable to obtain MD5 -- C:\Windows\System32\wrLZMA.dll

< %systemroot%\Tasks\*.job /lockedfiles >

< %systemroot%\System32\config\*.sav >

[2008/01/21 11:16:46 | 017,956,864 | ---- | M] () -- C:\Windows\System32\config\COMPONENTS.SAV

[2008/01/21 11:16:31 | 000,106,496 | ---- | M] () -- C:\Windows\System32\config\DEFAULT.SAV

[2008/01/21 11:16:46 | 000,020,480 | ---- | M] () -- C:\Windows\System32\config\SECURITY.SAV

[2006/11/02 18:34:08 | 010,133,504 | ---- | M] () -- C:\Windows\System32\config\SOFTWARE.SAV

[2006/11/02 18:34:08 | 001,826,816 | ---- | M] () -- C:\Windows\System32\config\SYSTEM.SAV

< %systemroot%\system32\drivers\*.sys /90 >

[2011/02/22 21:23:55 | 000,069,632 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\bowser.sys

[2011/05/08 03:25:41 | 000,638,336 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\dxgkrnl.sys

[2011/02/22 21:23:59 | 000,106,496 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\mrxsmb.sys

[2011/02/22 21:24:10 | 000,213,504 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\mrxsmb10.sys

[2011/02/22 21:24:02 | 000,079,360 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\mrxsmb20.sys

[2011/02/18 22:03:32 | 000,305,152 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\srv.sys

[2011/02/18 22:03:10 | 000,146,432 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\srv2.sys

[2011/02/18 22:03:06 | 000,102,400 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\srvnet.sys

< HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU >

< HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs >

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install\\LastSuccessTime: 2011-05-08 11:53:34

========== Alternate Data Streams ==========

@Alternate Data Stream - 98 bytes -> C:\ProgramData\TEMP:1CE11B51

@Alternate Data Stream - 173 bytes -> C:\ProgramData\TEMP:B3D74A13

@Alternate Data Stream - 117 bytes -> C:\ProgramData\TEMP:0F8F5844

@Alternate Data Stream - 113 bytes -> C:\ProgramData\TEMP:2B11E0DF

@Alternate Data Stream - 112 bytes -> C:\ProgramData\TEMP:5BB923A2

< End of report >

OTL Extras logfile created on: 5/8/2011 8:35:22 PM - Run 1

OTL by OldTimer - Version 3.2.22.3 Folder = C:\Users\Emmanuel\Desktop

Windows Vista Ultimate Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation

Internet Explorer (Version = 9.0.8112.16421)

Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

3.00 Gb Total Physical Memory | 2.00 Gb Available Physical Memory | 55.00% Memory free

6.00 Gb Paging File | 5.00 Gb Available in Paging File | 76.00% Paging File free

Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files

Drive C: | 363.93 Gb Total Space | 88.47 Gb Free Space | 24.31% Space Free | Partition Type: NTFS

Computer Name: EMMANUEL-PC | User Name: Emmanuel | Logged in as Administrator.

Boot Mode: Normal | Scan Mode: Current user

Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========

========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]

.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)

.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)

.js [@ = jsfile] -- Reg Error: Value error. File not found

[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]

.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]

batfile [open] -- "%1" %*

cmdfile [open] -- "%1" %*

comfile [open] -- "%1" %*

cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)

exefile [open] -- "%1" %*

helpfile [open] -- Reg Error: Key error.

hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)

htmlfile [edit] -- "C:\Program Files\Microsoft Office\Office14\msohtmed.exe" %1 (Microsoft Corporation)

htmlfile [print] -- "C:\Program Files\Microsoft Office\Office14\msohtmed.exe" /p %1 (Microsoft Corporation)

inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)

jsfile [open] -- Reg Error: Value error.

piffile [open] -- "%1" %*

regfile [merge] -- Reg Error: Key error.

scrfile [config] -- "%1"

scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l

scrfile [open] -- "%1" /S

txtfile [edit] -- Reg Error: Key error.

Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1

Directory [bridge] -- C:\Program Files\Adobe\Adobe Bridge CS5\Bridge.exe "%L" (Adobe Systems, Inc.)

Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)

Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)

Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)

Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]

"cval" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]

"AntiVirusOverride" = 0

"AntiSpywareOverride" = 0

"FirewallOverride" = 0

"VistaSp1" = Reg Error: Unknown registry data type -- File not found

"VistaSp2" = Reg Error: Unknown registry data type -- File not found

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\S-1-5-21-2406939421-308661945-4081067968-1003]

"EnableNotificationsRef" = 3

"EnableNotifications" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]

"EnableFirewall" = 1

"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]

"EnableFirewall" = 1

"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]

"EnableFirewall" = 1

"DisableNotifications" = 0

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]

"\" = C:\Windows\system\dwm.exe:*:Enabled:KL

========== Vista Active Open Ports Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]

"{01E1B6CF-EB58-4483-9FFA-58CC27C55787}" = lport=51000 | protocol=6 | dir=in | name=adobe version cue cs4 server |

"{0F4D5E70-896B-472B-A046-7CF338AFDB9A}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |

"{13C60B5D-18C4-416E-9FB9-30AE59914AFF}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 |

"{142B4D99-3232-4CD4-9B65-1D096EA1E327}" = rport=445 | protocol=6 | dir=out | app=system |

"{16CF1AAB-8A03-407D-A3B9-B3F3BF36FA33}" = rport=2869 | protocol=6 | dir=out | app=system |

"{254B6A4B-090C-4DF9-B144-14037FD3E71D}" = rport=139 | protocol=6 | dir=out | app=system |

"{364C1B48-7493-4706-9503-0D951E9CCD58}" = lport=67 | protocol=17 | dir=in | svc=sharedaccess | app=%systemroot%\system32\svchost.exe |

"{46302FAC-D5E5-4F22-BC5E-39B508649935}" = lport=63331 | protocol=6 | dir=in | name=windows live onecare |

"{481EB4D7-0DB3-4A39-B567-1762E8E895CB}" = lport=5353 | protocol=6 | dir=in | name=adobe csi cs4 |

"{5F4580A6-9558-49ED-82F8-281A0B002C22}" = lport=139 | protocol=6 | dir=in | app=system |

"{674189B5-5B36-4C99-9D02-383DFBB8BE1B}" = rport=137 | protocol=17 | dir=out | app=system |

"{68613C70-0BBD-413D-A49B-76354FF6BD50}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |

"{689A1965-10AC-4716-9094-D2EB5CC4591B}" = lport=445 | protocol=6 | dir=in | app=system |

"{6BBEA2F9-E16D-4250-A456-082CF5C08D17}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe |

"{6C09942F-9257-4C38-B436-64DD9DCABB6B}" = lport=5353 | protocol=6 | dir=in | name=adobe csi cs4 |

"{6F8CDCDF-1935-4A62-95F1-2C594682089E}" = lport=547 | protocol=17 | dir=in | svc=sharedaccess | app=%systemroot%\system32\svchost.exe |

"{783461F8-8B72-4ABB-9B6A-DBE3911ACCE1}" = lport=138 | protocol=17 | dir=in | app=system |

"{7BB062E3-8498-44B1-8FFE-77A5080928AB}" = lport=63331 | protocol=6 | dir=in | name=windows live onecare |

"{7DA0B118-23DC-4288-9489-1D0D89F7F9CC}" = lport=3703 | protocol=6 | dir=in | name=adobe version cue cs4 server |

"{8B2ABED0-9443-4DE2-B199-00E977A86AF1}" = lport=68 | protocol=17 | dir=in | svc=sharedaccess | app=%systemroot%\system32\svchost.exe |

"{8CF16A9C-DCF7-4F4E-AFE9-27F71EACFE52}" = lport=6004 | protocol=17 | dir=in | app=c:\program files\microsoft office\office14\outlook.exe |

"{96F4FB9B-FEEB-4779-ACCD-0651BF21B67F}" = lport=137 | protocol=17 | dir=in | app=system |

"{A213CB72-45D3-4206-98A3-194533F7BAB8}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |

"{AC132BC9-9BEA-46C7-A107-A85642E1947C}" = rport=138 | protocol=17 | dir=out | app=system |

"{AF253F34-4F4E-4AF9-A409-95BA067993D9}" = lport=53 | protocol=17 | dir=in | svc=sharedaccess | app=%systemroot%\system32\svchost.exe |

"{B5CE1329-93D1-44EF-9AA7-2300C8848079}" = lport=51001 | protocol=6 | dir=in | name=adobe version cue cs4 server |

"{D6D8360C-D221-4E21-A0D4-951872F5FFE2}" = lport=63331 | protocol=6 | dir=in | name=windows live onecare |

"{E7C9AC94-E10B-4D82-977F-DE9EB1C6D766}" = lport=3704 | protocol=6 | dir=in | name=adobe version cue cs4 server |

"{EAA86AEC-6495-46C6-B12C-3A8FEBA02EF7}" = lport=2869 | protocol=6 | dir=in | app=system |

"{F9A16040-5AF8-4920-812B-BDAE72693A02}" = lport=2869 | protocol=6 | dir=in | app=system |

========== Vista Active Application Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]

"{0B8347F6-47A6-4085-9751-1B3123A9DCAD}" = protocol=17 | dir=out | app=c:\program files\windows media player\wmplayer.exe |

"{0CA24DDF-2EEF-4836-B0B5-0145F7A97F4A}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 |

"{15916D17-36E9-4CE0-84A3-CFBF60E73CFA}" = dir=out | svc=sharedaccess | app=%systemroot%\system32\svchost.exe |

"{167F82C9-2352-487D-B13B-5484A59F6D8F}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 |

"{18DAD7E5-90D6-4307-A637-CBB7154217B7}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 |

"{31172B77-DF71-4FDF-888A-AF2E59E31790}" = dir=in | app=c:\program files\windows live\messenger\msnmsgr.exe |

"{340B63AB-608D-4B68-A379-CC1606BDFB15}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office12\groove.exe |

"{3CE1EEC5-0816-4FEB-B0D3-90B8D80C4EE7}" = protocol=6 | dir=out | app=c:\program files\windows media player\wmplayer.exe |

"{49A6A2EA-15CE-42CF-8839-D1D2A59FA8C5}" = protocol=17 | dir=in | app=c:\program files\common files\adobe\cs4servicemanager\cs4servicemanager.exe |

"{4B4C1D75-F9BB-47FF-851C-CFDFA76457E6}" = protocol=6 | dir=in | app=c:\program files\webissync\ipisync.exe |

"{5523A1C6-402F-446A-BDAE-ABD054A4D84A}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office14\onenote.exe |

"{5B78A48B-A3A0-4A99-83B9-CBE383686D89}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe |

"{5EB38ADB-FEC0-4C50-80F4-1EE4A6253206}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office12\groove.exe |

"{61B9CCF7-1ADF-4CDA-9BDC-912A5C086DA7}" = protocol=17 | dir=in | app=c:\program files\webissync\ipisync.exe |

"{841F878A-7F70-401F-8835-238B8FC07B31}" = protocol=17 | dir=in | app=c:\program files\windows media player\wmplayer.exe |

"{887CA51E-5E1E-4139-A431-0777DAA9D526}" = dir=in | app=c:\program files\skype\phone\skype.exe |

"{8C5C6ED0-E5F3-4F84-9F9F-9358B31E53EB}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |

"{92060DA9-C52A-463C-8021-FF34584D3AA7}" = protocol=6 | dir=in | app=c:\program files\common files\adobe\cs4servicemanager\cs4servicemanager.exe |

"{94377041-6428-4835-B87F-0F5CF1BEE676}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |

"{974EE3AF-5EE0-4351-A7F1-4E09E7EF2CB3}" = protocol=6 | dir=in | app=c:\program files\common files\adobe\cs4servicemanager\cs4servicemanager.exe |

"{975304EE-4F09-41C1-ADD7-1D131EA96667}" = protocol=6 | dir=in | app=c:\program files\bitdefender\bitdefender 2010\uiscan.exe |

"{9E7CA494-2B30-462D-AA23-00CA86108A9C}" = protocol=17 | dir=in | app=c:\program files\common files\adobe\cs4servicemanager\cs4servicemanager.exe |

"{AF23C1F9-E68B-4161-8624-B1BE4D64F764}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office14\onenote.exe |

"{B4A7D53E-5C71-418E-81F1-D287820E419E}" = protocol=17 | dir=in | app=c:\program files\itunes\itunes.exe |

"{C5CBA712-27DB-4D00-B162-C40303CBB849}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office14\groove.exe |

"{D1A4C9F1-1226-411C-8F3D-24AE39F39DDE}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office14\groove.exe |

"{D4AA9ACD-BE2E-4729-BB26-81FFACC7A796}" = protocol=58 | dir=in | name=@hnetcfg.dll,-148 |

"{D597618B-E440-425E-8407-46D36B8C2040}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe |

"{DCDF4453-2A99-4AC6-8EB4-21ADE29E9105}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 |

"{DF62AD8B-E83F-4BB9-B59F-BD09A2D9FEC8}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |

"{E5A9E18A-2296-4B07-9523-FAFE49EFF580}" = protocol=17 | dir=in | app=c:\program files\bitdefender\bitdefender 2010\uiscan.exe |

"{F3944638-38AB-4C38-AB90-376F5BEE05EC}" = protocol=6 | dir=in | app=c:\program files\itunes\itunes.exe |

"TCP Query User{078CAC9A-E43E-4074-8217-CD505B65B1FF}C:\program files\itunes\itunes.exe" = protocol=6 | dir=in | app=c:\program files\itunes\itunes.exe |

"TCP Query User{18454195-6631-4BD2-8569-0EBDDBCF6677}C:\program files\webissync\ipisync.exe" = protocol=6 | dir=in | app=c:\program files\webissync\ipisync.exe |

"TCP Query User{231291DF-EF99-4C92-AE96-EB4F6611AA95}C:\program files\tencent\qqintl\bin\qq.exe" = protocol=6 | dir=in | app=c:\program files\tencent\qqintl\bin\qq.exe |

"TCP Query User{3C801B3D-561C-432C-82C5-9BDCB62514D0}C:\program files\globalscape\cuteftp 8 professional\ftpte.exe" = protocol=6 | dir=in | app=c:\program files\globalscape\cuteftp 8 professional\ftpte.exe |

"TCP Query User{41FB78EA-1AF5-417B-B909-F32E0A244201}C:\users\emmanuel\desktop\fg710p.exe" = protocol=6 | dir=in | app=c:\users\emmanuel\desktop\fg710p.exe |

"TCP Query User{84F7E6F2-9569-4A60-B042-FCCA0E0C43E9}C:\program files\qk smtp server 3\qksmtpserver3.exe" = protocol=6 | dir=in | app=c:\program files\qk smtp server 3\qksmtpserver3.exe |

"TCP Query User{882ACD17-A077-4093-91D4-05C7E905863C}C:\users\emmanuel\appdata\local\temp\keygen.exe" = protocol=6 | dir=in | app=c:\users\emmanuel\appdata\local\temp\keygen.exe |

"TCP Query User{B8FD57D0-48B1-41F0-82AB-B52BB53B4A40}C:\users\emmanuel\desktop\fg710p.exe" = protocol=6 | dir=in | app=c:\users\emmanuel\desktop\fg710p.exe |

"UDP Query User{3BBE4F0B-59D2-46C4-A8DD-BBADC056F797}C:\users\emmanuel\desktop\fg710p.exe" = protocol=17 | dir=in | app=c:\users\emmanuel\desktop\fg710p.exe |

"UDP Query User{4D1EF782-AD8E-4E4C-8386-8B9F51D1F1C9}C:\program files\tencent\qqintl\bin\qq.exe" = protocol=17 | dir=in | app=c:\program files\tencent\qqintl\bin\qq.exe |

"UDP Query User{5670350C-79AA-4DD8-ADE7-BF4D08A75B20}C:\program files\webissync\ipisync.exe" = protocol=17 | dir=in | app=c:\program files\webissync\ipisync.exe |

"UDP Query User{7C666E8E-A12E-41CA-A29D-DD401A8EB571}C:\program files\globalscape\cuteftp 8 professional\ftpte.exe" = protocol=17 | dir=in | app=c:\program files\globalscape\cuteftp 8 professional\ftpte.exe |

"UDP Query User{8D67DDA4-44A6-4899-8BA0-961634E24EC1}C:\program files\qk smtp server 3\qksmtpserver3.exe" = protocol=17 | dir=in | app=c:\program files\qk smtp server 3\qksmtpserver3.exe |

"UDP Query User{8D786D5A-9297-4242-AFFF-C27C97979EA4}C:\users\emmanuel\desktop\fg710p.exe" = protocol=17 | dir=in | app=c:\users\emmanuel\desktop\fg710p.exe |

"UDP Query User{99511C13-E16D-48CD-8D3E-67F7891642BA}C:\users\emmanuel\appdata\local\temp\keygen.exe" = protocol=17 | dir=in | app=c:\users\emmanuel\appdata\local\temp\keygen.exe |

"UDP Query User{D0AFE6CB-A6B5-4A01-820A-284EF20B9535}C:\program files\itunes\itunes.exe" = protocol=17 | dir=in | app=c:\program files\itunes\itunes.exe |

========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]

"{00ADFB20-AE75-46F4-AD2C-F48B15AC3100}" = Adobe Color NA Recommended Settings CS4

"{01148B4C-0EC7-4D03-A615-5B4D8496AA88}" = SONY VGP-UPR1 (Display Adapter)

"{01FDC9FC-4D4F-4DB0-ACD1-D3E8E1D52902}" = Sony Video Shared Library

"{02D63222-CF76-E080-74DD-975B1672ED67}" = Catalyst Control Center Core Implementation

"{033E378E-6AD3-4AD5-BDEB-CBD69B31046C}" = Microsoft_VC90_ATL_x86

"{03D1988F-469F-4843-8E6E-E5FE9D17889D}" = WIDCOMM Bluetooth Software 6.1.0.2200

"{0405000A-0570-549A-A819-3BCEEAA1B40B}" = Catalyst Control Center Localization Hungarian

"{05308C4E-7285-4066-BAE3-6B50DA6ED755}" = Adobe Update Manager CS4

"{054EFA56-2AC1-48F4-A883-0AB89874B972}" = Adobe Extension Manager CS4

"{059C042E-796A-4ACC-A81A-ECC2010BB78C}" = Windows Live Messenger

"{06786A53-D2D8-47CD-696A-ABC83625EBFE}" = Catalyst Control Center Graphics Light

"{08D2E121-7F6A-43EB-97FD-629B44903403}" = Microsoft_VC90_CRT_x86

"{098727E1-775A-4450-B573-3F441F1CA243}" = kuler

"{0C826C5B-B131-423A-A229-C71B3CACCD6A}" = CDDRV_Installer

"{0D2DBE8A-43D0-7830-7AE7-CA6C99A832E7}" = Adobe Community Help

"{0D6013AB-A0C7-41DC-973C-E93129C9A29F}" = Adobe Color JA Extra Settings CS4

"{0E4BC542-9CFD-4E97-B586-9F1E5516E7B9}" = Microsoft IntelliPoint 6.1

"{0F3647F8-E51D-4FCC-8862-9A8D0C5ACF25}" = Microsoft_VC80_ATL_x86

"{0F723FC1-7606-4867-866C-CE80AD292DAF}" = Adobe CSI CS4

"{10DF5555-D134-4C2E-9D32-71BEE4025C0F}" = CMBEdit

"{12EAE4F0-8770-451C-B4AD-76B569678973}" = QuickTime MPEG2

"{1316AEF2-E086-46C7-B1FB-8C9A39A2ABF9}" = VAIO Media plus

"{1439F7FF-6389-4593-8227-76E7BE4730C9}" = MXAir Tutorial

"{14E7357F-487C-3BF6-7955-B898AA76306E}" = CCC Help Russian

"{15D5C238-4C2E-4AEA-A66D-D6989A4C586B}" = VAIO Launcher

"{1618734A-3957-4ADD-8199-F973763109A8}" = Adobe Anchor Service CS4

"{16D9D199-E8A0-9FBA-DDF3-0E2D7826D694}" = Catalyst Control Center Localization Spanish

"{16E16F01-2E2D-4248-A42F-76261C147B6C}" = Adobe Drive CS4

"{16E6D2C1-7C90-4309-8EC4-D2212690AAA4}" = AdobeColorCommonSetRGB

"{18C24BF9-3B71-6F89-848C-D78C40197216}" = CCC Help Chinese Traditional

"{1974FF16-2A0A-76AF-D948-0037B0CB8EB5}" = CCC Help Hungarian

"{1B500D37-E7CF-480B-8054-8A563594EC4E}" = VAIO OOBE and Welcome Center

"{1E04CB54-AF4E-4AC3-B4B7-C0A160BE57F1}" = Adobe InDesign CS4 Icon Handler

"{1E87F957-F850-D9F9-60F3-842955AAF519}" = Catalyst Control Center Localization German

"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148

"{1FC4125B-4657-4D1C-B358-E921F4883ED7}" = Skylook

"{1FCC574F-AFA2-4432-9EF1-79CA7BA73431}_is1" = Spy Sweeper

"{2018C019-30D9-4240-8C01-0865C10DCF5A}" = VAIO Presentation Support

"{20471B27-D702-4FE8-8DEC-0702CC8C0A85}" = WinDVD for VAIO

"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Outil de téléchargement Windows Live

"{23825B69-36DF-4DAD-9CFD-118D11D80F16}" = VAIO Content Folder Setting

"{26921B2E-3E62-47F9-A514-1FC4A83BD738}" = Intel® PROSet/Wireless WiFi Software

"{27A2ABE9-E4C4-45DD-B9A8-CEEEE380E7E1}" = VAIO Content Metadata Intelligent Analyzing Manager

"{288DB08D-0708-4A94-B055-55B99E39EB62}" = Adobe Creative Suite 5 Master Collection

"{2A981294-F14C-4F0F-9627-D793270922F8}" = Bonjour

"{2AFFFDD7-ED85-4A90-8C52-5DA9EBDC9B8F}" = Microsoft SQL Server 2005 Express Edition (MSSMLBIZ)

"{2C3D71B4-85C4-5FA9-859E-1413F94EF642}" = Catalyst Control Center Localization Greek

"{3101CB58-3482-4D21-AF1A-7057FC935355}" = KhalInstallWrapper

"{310395F2-9206-159B-43B0-BF63D9F01B61}" = Catalyst Control Center Localization Turkish

"{32343DB6-9A52-40C9-87E4-5E7C79791C87}" = MSXML 4.0 SP2 and SOAP Toolkit 3.0

"{34B37A74-125E-4406-87BA-E4BD3D097AE5}" = VAIO Survey

"{35D94F92-1D3A-43C5-8605-EA268B1A7BD9}" = PDF Settings CS4

"{3A4E8896-C2E7-4084-A4A4-B8FD1894E739}" = Adobe XMP Panels CS4

"{3B4E636E-9D65-4D67-BA61-189800823F52}" = Windows Live Communications Platform

"{3CA54984-A14B-42FE-9FF1-7EA90151D725}" = Tencent QQ

"{3DA8DF9A-044E-46C4-8531-DEDBB0EE37FF}" = Adobe WinSoft Linguistics Plugin

"{3F2E7336-7E29-4940-8E65-90E2CCC3DA07}" = FlipViewer Xpress Creator 2.2

"{3F5B6210-0903-4DC6-8034-8F488AA3A782}" = Spy Sweeper Core

"{4121D906-3131-4D50-A65A-A0F2846AB5C2}" = DisplayLink Core Software

"{43DA617D-1B80-0B70-FAA0-52AFCE853F40}" = CCC Help Finnish

"{4742375A-9BD3-46D0-E0CC-A8819D2E2C54}" = CCC Help Greek

"{48820099-ED7D-424B-890C-9A82EF00656D}" = VAIO Update 3

"{4943EFF5-229F-435D-BEA9-BE3CAEA783A7}" = Adobe Service Manager Extension

"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater

"{4A52555C-032A-4083-BDD9-6A85ABFB39A8}" = Adobe SING CS4

"{4BB5D5A7-F75E-D8D9-0DF8-AA2C1F188CEB}" = Catalyst Control Center Localization French

"{4DCEA9C1-4D6E-41BF-A854-28CFA8B56DBF}" = Click to Disc Editor

"{4EA55D20-27FB-45D7-8726-147E8A5F6C62}" = VAIO MusicBox

"{4FCBFEDD-0CBF-A4A8-79D3-E9EAD37336C9}" = CCC Help Chinese Standard

"{53F5C3EE-05ED-4830-994B-50B2F0D50FCE}" = Microsoft SQL Server Setup Support Files (English)

"{54C91EE3-65B9-A931-8382-12B2A02709F8}" = ATI Catalyst Install Manager

"{5511F0CC-59E0-02AD-941F-2323DA2BB377}" = CCC Help Swedish

"{5570C7F0-43D0-4916-8A9E-AEDD52FA86F4}" = Adobe Color EU Extra Settings CS4

"{57752979-A1C9-4C02-856B-FBB27AC4E02C}" = QuickTime

"{57B955CE-B5D3-495D-AF1B-FAEE0540BFEF}" = VAIO Data Restore Tool

"{596BED91-A1D8-4DF1-8CD1-1C777F7588AC}" = VAIO DVD Menu Data Basic

"{5A29796D-2566-3ADA-043D-28C51CD7D4C3}" = Catalyst Control Center Localization Chinese Standard

"{5A3F6A80-7913-475E-8B96-477A952CFA43}" = SupportSoft Assisted Service

"{5BF5F9C5-E95B-4AFA-94BE-F2A9CA73B61D}" = Apple Mobile Device Support

"{5C47C8B6-77FF-4FC7-A388-66FCF9CFC24C}" = Snagit 9.1.3

"{5C5EE8F2-0B38-4C13-AE4E-A87A237FE718}" =

"{5D803295-DD78-0143-F64B-0D80852C43E9}" = CCC Help Italian

"{5E06C076-E4E7-4239-A886-B3D8AC84C166}" = HP Print Diagnostic Utility

"{5F5867F0-2D23-4338-A206-01A76C823924}" = VAIO Power Management

"{61FD2585-3337-8822-899B-68612742BA2F}" = Catalyst Control Center Localization Russian

"{634F6989-4BB5-4EF2-AF6F-C15700F81494}}_is1" = Advanced System Optimizer

"{635FED5B-2C6D-49BE-87E6-7A6FCD22BC5A}" = Microsoft_VC90_MFC_x86

"{6432B21C-CA95-46CA-87D4-178CC2E58F84}_is1" = PamFax

"{68243FF8-83CA-466B-B2B8-9F99DA5479C4}" = AdobeColorCommonSetCMYK

"{68A69CFF-130D-4CDE-AB0E-7374ECB144C8}" = Click to Disc

"{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update

"{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}" = Windows Media Player Firefox Plugin

"{6B1F20F2-6321-4669-A58C-33DF8E7517FF}" = VAIO Entertainment Platform

"{6C7196C0-D205-03E7-39A1-7A23AB69F659}" = CCC Help Czech

"{6FA8BA2C-052B-4072-B8E2-2302C268BE9E}" = VAIO Movie Story Template Data

"{70D43D66-53BF-257F-72FC-96FB33B39276}" = Catalyst Control Center Graphics Full New

"{713D3AEC-9C28-4A4F-8E16-6A97AE7BE336}" = FlipBook Creator 1.5

"{716E0306-8318-4364-8B8F-0CC4E9376BAC}" = MSXML 4.0 SP2 Parser and SDK

"{72042FA6-5609-489F-A8EA-3C2DD650F667}" = VAIO Control Center

"{723F5CDD-839A-FF16-4CFA-C4E0AA54A315}" = ccc-core-static

"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable

"{7370DF47-B4F9-4279-BFC3-3F09919F720D}" = Installation Windows Live

"{73BD4567-1C4E-8D45-1D28-3D469026A883}" = Skins

"{753D852A-D86D-42C9-9978-40AE66FB8985}" = Driver Installer

"{757CC5BA-BF08-46A5-8D10-64C6FDF659C6}" = VAIO Content Metadata Manager Setting

"{761205A9-41DC-48C9-2CC1-F197D372DBEF}" = Catalyst Control Center Localization Italian

"{7670D32F-DAE6-4E49-8C8B-B3F08B5B1686}" = Microsoft SQL Server Native Client

"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053

"{78D62D17-D970-42DA-B8CF-5E5576293B33}" = Final Draft 7

"{7E5DEF65-FE91-02F2-C291-22741AC34017}" = Catalyst Control Center Localization Danish

"{820D3F45-F6EE-4AAF-81EF-CE21FF21D230}" = Adobe Type Support CS4

"{826E7114-AA2E-59AA-1916-2A753DC49153}" = ccc-utility

"{8299B94E-7F85-65A9-B0FA-6F6A8A6D4FBD}" = Catalyst Control Center Localization Thai

"{83877DB1-8B77-45BC-AB43-2BAC22E093E0}" = Adobe Bridge CS4

"{842B4B72-9E8F-4962-B3C1-1C422A5C4434}" = Suite Shared Configuration CS4

"{8626472F-7AD7-C83B-66FA-00E0A1C50A26}" = Catalyst Control Center Localization Swedish

"{8662A65A-A2A1-072C-708D-1C1262776F6A}" = CCC Help Thai

"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight

"{8C3CD8CF-7012-51E5-107B-5A8C75701E1A}" = CCC Help Dutch

"{8D7A8160-B777-4073-B1BE-62CFDD14A1D3}" = BitDefender Antivirus 2010

"{8DCD7A9A-8B0B-4184-A5D7-C4BDAA31C750}" = Microsoft Office Live Add-in Patches

"{8ED3A392-28F1-4375-97AC-BF275B5855F9}" = OpenMG Secure Module 5.0.00

"{8FFC5648-FAF8-43A3-BC8F-42BA1E275C4E}" = Choice Guard

"{90140000-0011-0000-0000-0000000FF1CE}" = Microsoft Office Professional Plus 2010

"{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{7C5B1ECD-FE93-4FB2-A51A-06451BA49969}" =

"{90140000-0015-0409-0000-0000000FF1CE}" = Microsoft Office Access MUI (English) 2010

"{90140000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2010

"{90140000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2010

"{90140000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2010

"{90140000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2010

"{90140000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2010

"{90140000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2010

"{90140000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2010

"{90140000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2010

"{90140000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2010

"{90140000-0044-0409-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (English) 2010

"{90140000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2010

"{90140000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2010

"{90140000-00BA-0409-0000-0000000FF1CE}" = Microsoft Office Groove MUI (English) 2010

"{90140000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2010

"{90140000-0117-0409-0000-0000000FF1CE}" = Microsoft Office Access Setup Metadata MUI (English) 2010

"{918CFAF6-AC40-F2C8-C044-7FA95C8A7099}" = CCC Help German

"{91F34319-08DE-457a-99C0-0BCDFAC145B9}" = CuteFTP 8 Professional

"{92D58719-BBC1-4CC3-A08B-56C9E884CC2C}" = Microsoft_VC80_CRT_x86

"{931AB7EA-3656-4BB7-864D-022B09E3DD67}" = Adobe Linguistics CS4

"{94D398EB-D2FD-4FD1-B8C4-592635E8A191}" = Adobe CMaps CS4

"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting

"{96D0B6C6-5A72-4B47-8583-A87E55F5FE81}" =

"{98FC7A64-774B-49B5-B046-4B4EBC053FA9}" = VAIO MusicBox Sample Music

"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17

"{9B5F85CA-90D4-4AFC-BB37-32477FD0D2B9}" = SmartWi Connection Utility

"{9C71059E-6DDD-4958-9251-7A5F865B6BA0}" = VAIO Content Metadata Intelligent Analyzing Manager

"{9D10CB57-B085-44c3-B435-2D193BA153F0}" = Conseiller de mise à niveau vers Windows 7

"{9F72EF8B-AEC9-4CA5-B483-143980AFD6FD}" = Alps Pointing-device for VAIO

"{A1C62179-A9E6-4F25-B978-ACFD01524762}" = Adobe Setup

"{A2BCA9F1-566C-4805-97D1-7FDC93386723}" = Adobe AIR

"{A4399CF4-7A3F-4E84-B763-AD352640203D}" = VAIO Content Metadata XML Interface Library

"{A49F249F-0C91-497F-86DF-B2585E8E76B7}" = Microsoft Visual C++ 2005 Redistributable

"{A55A277A-4336-FACF-991A-52B51B8FAE78}" = Catalyst Control Center Localization Finnish

"{A5D54806-AA49-BBFF-A2D3-76FA3DF096FA}" = Catalyst Control Center Localization Korean

"{A63E7492-A0BC-4BB9-89A7-352965222380}" = VAIO Original Function Setting

"{A71D5E81-B967-43DB-93D7-FD31BFB95748}" = MobileMe Control Panel

"{A77BCF74-A5A3-441B-9923-305EAD8B7976}_is1" = Astrill 2.2.0.1824

"{A78FE97A-C0C8-49CE-89D0-EDD524A17392}" = PDF Settings CS5

"{A7DA438C-2E43-4C20-BFDA-C1F4A6208558}" = Setting Utility Series

"{A89768CF-CD21-44FD-A723-16D5A8557415}" = NEF Codec

"{AAD47011-8518-4608-9656-951DA35B587B}" = iTunes

"{AAE442C0-F28B-8D58-1A1C-D566F9BCD294}" = Catalyst Control Center Localization Portuguese

"{AC76BA86-1033-F400-7761-000000000004}" = Adobe Acrobat 9 Pro Extended - English, Français, Deutsch

"{AC76BA86-1033-F400-7761-000000000004}{AC76BA86-1033-F400-7761-000000000004}" = Adobe Acrobat 9 Pro Extended - English, Français, Deutsch

"{B25563A0-41F4-4A81-A6C1-6DBC0911B1F3}" = VAIO Movie Story

"{B29AD377-CC12-490A-A480-1452337C618D}" = Connect

"{B2B30EC0-FB6A-43BB-9B38-0C3B32D75B40}_is1" = Sony Download Taxi 1.5.0.0

"{B6B0D277-D003-307F-CF94-5F5894DFA3F1}" = Catalyst Control Center Graphics Full Existing

"{BB4E33EC-8181-4685-96F7-8554293DEC6A}" = Adobe Output Module

"{BC653BB7-0AF0-22E5-A895-902AD52675CA}" = CCC Help Portuguese

"{BCEABBD6-6EDA-4246-7EDB-D68FCCD78A65}" = Catalyst Control Center Graphics Previews Common

"{BCED773C-99EE-48DD-8915-25733F69F0A8}" = VAIO Wireless Wizard

"{BDD17603-CB75-0639-E6DA-0D9AA92A605B}" = CCC Help English

"{BEB57E7F-FF01-4CBB-9857-FF9DC655C7F1}" = Adobe InCopy CS4 Application Feature Set Files (Roman)

"{BF5F6A06-0FC3-BEC0-9CC1-54D870A9EF97}" = Catalyst Control Center Localization Chinese Traditional

"{C221CE66-9C07-8EA7-8EF6-AAD8E4588AE0}" = CCC Help French

"{C455F37C-E92E-5CEB-382D-8B8EC580266F}" = Catalyst Control Center Localization Norwegian

"{C52E3EC1-048C-45E1-8D53-10B0C6509683}" = Adobe Default Language CS4

"{C6F150F6-AE89-30C7-6256-C40CF9328602}" = Catalyst Control Center Graphics Previews Vista

"{C73A3AB4-99A4-45E5-B77F-09A3065E0D6A}" = Microsoft IntelliType Pro 6.1

"{C7477742-DDB4-43E5-AC8D-0259E1E661B1}" = VAIO Event Service

"{C93F4E7C-1B31-449B-A304-EF277CF55E39}" = Catalyst Control Center - Branding

"{C9E33C86-7931-43A3-9DBC-5ED7F17DFE4B}" = FlipViewer 4.5

"{CA9BCD4D-B782-4637-8F1F-F9A328D3C244}" = CanoScan Toolbox Ver4.9

"{CBAE1EE5-F6E0-BDEF-0D49-C2AE46BE3B88}" = CCC Help Polish

"{CC56A2CB-EC09-4175-B8BD-93E2440D410B}" = VAIO Content Metadata Manager Setting

"{CC75AB5C-2110-4A7F-AF52-708680D22FE8}" = Photoshop Camera Raw

"{CD95D125-2992-4858-B3EF-5F6FB52FBAD6}" = Skype Toolbars

"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1

"{D06F5884-B439-440B-A58D-6C057C2FF8EB}" = Click to Disc

"{D0AE373E-C276-432B-9A95-F8DD356A8242}" = VAIO Movie Story

"{D137B59C-551C-4659-8AA8-206FA650BF40}" = LG USB Modem Drivers

"{D1A19B02-817E-4296-A45B-07853FD74D57}" = Microsoft_VC80_MFC_x86

"{D3AF5596-546F-5975-39B4-259A197C7E24}" = Catalyst Control Center Localization Japanese

"{D47FE987-EA3D-424B-9886-B752501D7CE7}" = VAIO Help and Support

"{D60F97EC-EF06-4E1E-B0D1-C2CBABA62FA3}" = VAIO Wallpaper Contents

"{D90507A2-6183-497D-9075-951DC80362DA}" = VAIO Media plus

"{D92BBB52-82FF-42ED-8A3C-4E062F944AB7}" = Microsoft_VC80_MFCLOC_x86

"{DDF57E4A-66B5-E9CC-C2A2-F2C98C57912C}" = CCC Help Turkish

"{DE3A9DC5-9A5D-6485-9662-347162C7E4CA}" = French App Name

"{DEBA60A3-7CDE-48D7-993D-7C68663AEE68}" = VAIO Content Metadata Intelligent Analyzing Manager

"{DFD0E9A9-F24A-492B-8975-8C938E32408F}" = VAIO Startup Assistant

"{E1D25278-B51A-4163-BC3D-20A4D2D09F98}" = VAIO My Memory Center

"{E27D2C9F-83A1-A34C-E366-26EADB9270F7}" = Catalyst Control Center Localization Dutch

"{E2E7667F-C286-D110-7F9D-FC397A2607A8}" = CCC Help Danish

"{E3D4D2B9-5333-41E2-A42B-D92A22C270B3}" = SONY VGP-UPR1 (Display Adapter) Utility

"{E633D396-5188-4E9D-8F6B-BFB8BF3467E8}" = Skype™ 5.1

"{E6DE9A54-8514-446E-9D11-530DC599C355}" = Microsoft SharedView

"{E7084B89-69E0-46B3-A118-8F99D06988CD}" = Microsoft SQL Server VSS Writer

"{E7821540-B8F8-304F-1B97-C43D8582EB18}" = CCC Help Norwegian

"{E8CA49A5-25C6-D80A-ED46-9D48A8B5D5F5}" = CCC Help Japanese

"{EE6097DD-05F4-4178-9719-D3170BF098E8}" = Apple Application Support

"{F06300A2-87AE-042F-DE0F-1A5E380877C5}" = Catalyst Control Center Localization Czech

"{F06E4CBA-ABAD-4F6A-A793-9A29CD3C5FC2}_is1" = PamFax Office Integration

"{F0E64E2E-3A60-40D8-A55D-92F6831875DA}" = Adobe Search for Help

"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver

"{F20E6529-0B46-FC26-378F-62CD640A98C4}" = Catalyst Control Center Localization Polish

"{F29B21BD-CAA6-445F-8EF7-A7E2B9D8B14E}" = Logitech SetPoint

"{F40BBEC7-C2A4-4A00-9B24-7A055A2C5262}" = Microsoft Office Live Add-in 1.5

"{F570A6CC-53ED-4AA9-8B08-551CD3E38D8B}" =

"{F5794D29-B9C9-4F99-9569-34CC2555B9A8}" = Mindjet MindManager 9

"{F754B561-ACAD-A3FA-AF54-3E5F9E662B04}" = CCC Help Korean

"{F8821B6D-B6C9-E676-9B7D-3269F36A1769}" = CCC Help Spanish

"{F8EF2B3F-C345-4F20-8FE4-791A20333CD5}" = Adobe ExtendScript Toolkit CS4

"{F93C84A6-0DC6-42AF-89FA-776F7C377353}" = Adobe PDF Library Files CS4

"{FACD3674-FC12-4B6C-A923-E1D687704E9B}" = VAIO Content Metadata XML Interface Library

"{FCDD51BB-CAD0-4BB1-B7DF-CE86D1032794}" = Adobe Fonts All

"{FE2FDC72-3059-4F6C-9A31-563178C60226}" = Adobe InCopy CS4 Common Base Files

"Adobe AIR" = Adobe AIR

"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX

"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin

"AI RoboForm" = RoboForm 7-2-9 (All Users)

"Alien Skin Exposure 3" = Alien Skin Exposure 3

"CameraWindowDVC6" = Canon Utilities CameraWindow DC_DV 6 for ZoomBrowser EX

"CameraWindowLauncher" = Canon Utilities CameraWindow

"Canon G.726 WMP-Decoder" = Canon G.726 WMP-Decoder

"CANON iMAGE GATEWAY Task" = CANON iMAGE GATEWAY Task for ZoomBrowser EX

"Canon Internet Library for ZoomBrowser EX" = Canon Internet Library for ZoomBrowser EX

"Canon SELPHY CP780" = Canon SELPHY CP780

"chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Adobe Community Help

"CMBPB40" = ÕÐÐÐ×¨Òµ°æ

"CNXT_MODEM_HDAUDIO_VEN_14F1&DEV_2BFA&SUBSYS_104D0200" = HDAUDIO SoftV92 Data Fax Modem with SmartCP

"com.adobe.amp.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = French App Name

"Ditto_is1" = Ditto 3.15.4.0

"Download Accelerator Plus (DAP)" = Download Accelerator Plus (DAP)

"EP Budgeting" = EP Budgeting

"Free HD Converter_is1" = Free HD Converter V 1.7

"InstallShield_{20471B27-D702-4FE8-8DEC-0702CC8C0A85}" = WinDVD for VAIO

"InstallShield_{4DCEA9C1-4D6E-41BF-A854-28CFA8B56DBF}" = Click to Disc Editor

"InstallShield_{8ED3A392-28F1-4375-97AC-BF275B5855F9}" = OpenMG Secure Module 5.0.00

"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware

"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1

"Microsoft SQL Server 2005" = Microsoft SQL Server 2005

"MovieEditTask" = Canon MovieEdit Task for ZoomBrowser EX

"MovieOutline310_is1" = Movie Outline 3.1.1

"Mozilla Firefox 4.0.1 (x86 fr)" = Mozilla Firefox 4.0.1 (x86 fr)

"MyCamera" = Canon Utilities MyCamera

"Ö§¸¶±¦²å¼þ_is1" = Ö§¸¶±¦²å¼þ 1.2.0.2

"Office14.PROPLUS" = Microsoft Office Professional Plus 2010

"PDF-XChange 3_is1" = PDF-XChange 3

"ProInst" = Intel PROSet Wireless

"Qlock" = Qlock Lite

"RAW Image Task" = Canon RAW Image Task for ZoomBrowser EX

"RealAlt_is1" = Real Alternative 1.9.0

"RemoteCaptureTask" = Canon Utilities RemoteCapture Task for ZoomBrowser EX

"Resolume DXV Quicktime Codec_is1" = Resolume DXV Quicktime Codec 2.1

"Ultra Flash Video FLV Converter_is1" = Ultra Flash Video FLV Converter 3.8.1023

"UltSounds" = Modèles de sons Windows

"UltSounds2" = Ultimate Extras sounds from Microsoft® Tinker™

"VirtualCloneDrive" = VirtualCloneDrive

"WinLiveSuite_Wave3" = Installation Windows Live

"WinRAR archiver" = WinRAR archiver

"Your Uninstaller! 2008_is1" = Your Uninstaller! 2008 Version 6.2

"YU2010_is1" = Your Uninstaller! 7

"ZoomBrowser EX" = Canon Utilities ZoomBrowser EX

"ZoomBrowser EX Memory Card Utility" = Canon ZoomBrowser EX Memory Card Utility

========== Last 10 Event Log Errors ==========

Error reading Event Logs: The Event Service is not operating properly or the Event Logs are corrupt!

< End of report >

lance_yien · le 8 mai 2011

Bonjour,

Pas de signes d'infection.

Lancer OTL et copier la liste suivante (commençant par :OTL) et la coller dans l'espace sous "Personnalisation" (les : au début et le ] à la fin sont très important, merci de vérifier).

:OTL

SRV - File not found [Auto | Stopped] -- -- (RoxLiveShare9)

SRV - File not found [Disabled | Stopped] -- -- (CaCCProvSP)

IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 1

IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local>

IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = 127.0.0.1:8580

FF - prefs.js..browser.search.defaultengine: "Ask.com"

FF - prefs.js..browser.search.defaultenginename: "Ask.com"

FF - prefs.js..browser.search.order.1: "Ask.com"

FF - prefs.js..browser.search.useDBForOrder: true

FF - prefs.js..browser.startup.homepage: "http://pro.imdb.com/"

FF - prefs.js..extensions.enabledItems: addon@astrill.com:1.4

FF - prefs.js..network.proxy.backup.ftp: "127.0.0.1"

FF - prefs.js..network.proxy.backup.ftp_port: 8580

FF - prefs.js..network.proxy.backup.socks: "127.0.0.1"

FF - prefs.js..network.proxy.backup.socks_port: 8580

FF - prefs.js..network.proxy.backup.ssl: "127.0.0.1"

FF - prefs.js..network.proxy.backup.ssl_port: 8580

FF - prefs.js..network.proxy.ftp: "127.0.0.1"

FF - prefs.js..network.proxy.ftp_port: 8580

FF - prefs.js..network.proxy.http: "127.0.0.1"

FF - prefs.js..network.proxy.http_port: 8580

FF - prefs.js..network.proxy.no_proxies_on: "localhost,127.0.0.1"

FF - prefs.js..network.proxy.share_proxy_settings: true

FF - prefs.js..network.proxy.socks: "127.0.0.1"

FF - prefs.js..network.proxy.socks_port: 8580

FF - prefs.js..network.proxy.ssl: "127.0.0.1"

FF - prefs.js..network.proxy.ssl_port: 8580

FF - prefs.js..network.proxy.type: 1

O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {10134636-E7AF-4AC5-A1DC-C7C44BB97D81} - No CLSID value found.

O4 - HKLM..\Run: [sunJavaUpdateSched] File not found

O4 - HKCU..\Run: [AdobeBridge] File not found

O4 - HKCU..\Run: [lnksutil] File not found

O15 - HKCU\..Trusted Domains: alipay.com ([]http in Trusted sites)

O15 - HKCU\..Trusted Domains: alipay.com ([]https in Trusted sites)

O15 - HKCU\..Trusted Domains: alisoft.com ([]http in Trusted sites)

O15 - HKCU\..Trusted Domains: alisoft.com ([]https in Trusted sites)

O15 - HKCU\..Trusted Domains: carrefour.com.cn ([e-shop] https in Trusted sites)

O15 - HKCU\..Trusted Domains: imdb.com ([secure] https in Trusted sites)

O15 - HKCU\..Trusted Domains: taobao.com ([]http in Trusted sites)

O15 - HKCU\..Trusted Domains: taobao.com ([]https in Trusted sites)

O33 - MountPoints2\{52ec45d6-db65-11de-ba0c-001dba1ac618}\Shell - "" = AutoRun

O33 - MountPoints2\{52ec45d6-db65-11de-ba0c-001dba1ac618}\Shell\AutoRun\command - "" = I:\LaunchU3.exe -a

O33 - MountPoints2\{628509f1-8cc3-11de-9c1c-001e3ded49ed}\Shell - "" = AutoRun

O33 - MountPoints2\{628509f1-8cc3-11de-9c1c-001e3ded49ed}\Shell\AutoRun\command - "" = G:\setup.exe

O33 - MountPoints2\{8c12c0c1-75ee-11dd-a0c9-001e3ded49ed}\Shell - "" = AutoRun

O33 - MountPoints2\{8c12c0c1-75ee-11dd-a0c9-001e3ded49ed}\Shell\AutoRun\command - "" = J:\StormF1.exe

O33 - MountPoints2\{cb33206e-ea18-11de-9111-00125a6014a8}\Shell - "" = AutoRun

O33 - MountPoints2\{cb33206e-ea18-11de-9111-00125a6014a8}\Shell\AutoRun\command - "" = G:\USBAutoRun.exe

O33 - MountPoints2\{f45104b5-2b1d-11df-9eef-001e3ded49ed}\Shell\AutoRun\command - "" = C:\Windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL I:\Zaptag-Run-Me.hta

@Alternate Data Stream - 98 bytes -> C:\ProgramData\TEMP:1CE11B51

@Alternate Data Stream - 173 bytes -> C:\ProgramData\TEMP:B3D74A13

@Alternate Data Stream - 117 bytes -> C:\ProgramData\TEMP:0F8F5844

@Alternate Data Stream - 113 bytes -> C:\ProgramData\TEMP:2B11E0DF

@Alternate Data Stream - 112 bytes -> C:\ProgramData\TEMP:5BB923A2

:Services

RoxLiveShare9

CaCCProvSP

:Reg

:Files

ipconfig /flushdns /c

C:\WINDOWS\tasks\*.job

C:\*.sqm

:Commands

[PURITY]

[EMPTYTEMP]

[EMPTYFLASH]

[RESETHOSTS]

[CLEARALLRESTOREPOINTS]

[REBOOT]

ATTENTION: Les lignes en bleu concernent un proxy. Si c'est toi ou ton Administrateur qui avez paramétré ce proxy, n'inclus pas ces lignes dans la correction.

Cliquer sur le bouton rouge Correction et laisser faire.

Si un ou plusieurs fichiers ne peuvent pas être supprimés normalement, le programme demandera de redémarrer la machine pour finir le processus, cliquer sur Oui.

A la fin un rapport s'ouvre dans le bloc-note. Copier son contenu et le coller dans une nouvelle réponse. Fermer le rapport et OTL.

Rapports demandés:

OTL.txt

Pas d'autres problèmes?

Beauregard · le 8 mai 2011

Concernant le Proxy, j'ai en effet enlevé les lignes puis j'ai lancé OTL.

Presque arrivé au bout, sur [RESETHOSTS], un message d'erreur très simple m'est apparu m'informant que ce n'était pas possible.w

J'ai cliqué sur OK et le message a disparu.

Depuis, OTL est figé sur : "Restting Hosts Files. DO NOT INTERRUPT"...

Cela n'a pas l'air normal: ça fait deux heures.

Que faire? Je n'est que la fenetre de OTL de visible. Aucune autre fonction.

Le PC semble tourner mais il est comme figé.

Je n'ai rien touché.

Merci,

Beauregard

Merci de répondre à mon MP quand tu peux.

Beauregard · le 9 mai 2011

Le message reçu était: "Cannot create file C:\Windows\System32\drivers\etc\Hosts." J,ai cliqué "OK" et OTL a desormais un message en bas à gauche disant: "Resetting HOSTS file. DO NOT INTERRUPT...". Cela fait maintenant 7 heures.

Je suis bloqué. C'est urgent.

Merci.

Je viens de réussir à relancer explorer.exe

Modifié le 9 mai 2011 par Beauregard

Connexion

Pas encore inscrit ?

Infection Rootkit TDLR4@MBR

Messages recommandés

Beauregard

lance_yien

Beauregard

Beauregard

Beauregard

lance_yien

Beauregard

lance_yien

Beauregard

Beauregard

Rejoindre la conversation

En ligne récemment 0 membre est en ligne

Zebulon

Outils en ligne

Naviguer