Infection Rootkit TDLR4@MBR

lance_yien · le 9 mai 2011

...

Merci de répondre à mon MP quand tu peux.

Quel MP? J'ai vu que tu m'as ajouté à tes amis, c'est sympa et et je t'en remercie. Si tu as des questions merci de les poser ici (vois ma signature).

...

Je viens de réussir à relancer explorer.exe

Nous utilisons les couleurs pour attirer votre attention sur certains points afin d'éviter tout risque de problème pour votre machine.

Utilisée dans un contexte normale, la couleur rouge signifie (sur les forums) être en colère. C'est après qui ou quoi, si c'est ton cas?

Si tu as réussi à accéder à ton Bureau, exécute les dernières instructions.

Beauregard · le 9 mai 2011

Désolé pour la couleur rouge, je ne savais pas.

J'ai finalement pu redémarrer mon ordinateur après que OTL ait planté.

J'ai quand même l'impression que certains programmes ont des défaillances, comme si des fichiers souches n'étaient plus là.

Je ne pense pas OTL ait fait:

[CLEARALLRESTOREPOINTS]

[REBOOT]

Je crois que j'ai redémarré un peu tôt.

Peut-être devrais-je faire un nouveau rapport OTL.

Merci,

Emmanuel

lance_yien · le 9 mai 2011

... Je crois que j'ai redémarré un peu tôt.

Peut-être devrais-je faire un nouveau rapport OTL...

Oui tu es allé un peu trop vite, il devait redémarrer automatiquement.

Concernant la couleur, pas de soucis!

Et le contenu ton MP, c'était quoi?

--

Un dernier contrôle,

>>> Utiliser OTL: Fermer toutes les applications et fenêtres ouvertes et relancer OTL.

Sans rien changer ni rien ajouter, cliquer sur le bouton bleu Analyse et laisser faire.

Copier/ Coller le contenu du rapport généré.

La prochaine étape sera la dernière, (à moins qu'il te reste d'autres symptômes à vérifier?)

Beauregard · le 9 mai 2011

OK je fais ça, merci... je ne trouve pas ton e-mail pour le PM.

Beauregard · le 10 mai 2011

Merci de ton aide.

OTL etait fige hier et je ne savais quoi faire car il a rame pendant 7 heures sur les fichiers hosts.

Selon le rapport ci-dessous, cela ne semble pas réglé.

Des fichiers hosts sont manquants.

Que puis-je faire?

Merci,

Beauregard

///////////////////////////////////////////////

OTL logfile created on: 5/10/2011 2:22:29 AM - Run 2

OTL by OldTimer - Version 3.2.22.3 Folder = C:\Users\Emmanuel\Desktop

Windows Vista Ultimate Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation

Internet Explorer (Version = 9.0.8112.16421)

Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

3.00 Gb Total Physical Memory | 2.00 Gb Available Physical Memory | 56.00% Memory free

6.00 Gb Paging File | 5.00 Gb Available in Paging File | 73.00% Paging File free

Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files

Drive C: | 363.93 Gb Total Space | 84.98 Gb Free Space | 23.35% Space Free | Partition Type: NTFS

Computer Name: EMMANUEL-PC | User Name: Emmanuel | Logged in as Administrator.

Boot Mode: Normal | Scan Mode: Current user

Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2011/05/08 14:51:23 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Users\Emmanuel\Desktop\OTL.exe

PRC - [2011/03/08 10:19:07 | 000,310,856 | ---- | M] (BitDefender S.R.L.) -- C:\Program Files\Common Files\BitDefender\BitDefender Update Service\livesrv.exe

PRC - [2011/01/18 23:49:08 | 001,176,448 | ---- | M] (BitDefender S.R.L.) -- C:\Program Files\BitDefender\BitDefender 2010\bdagent.exe

PRC - [2010/04/26 15:01:54 | 001,615,688 | ---- | M] (BitDefender S.R.L.) -- C:\Program Files\BitDefender\BitDefender 2010\vsserv.exe

PRC - [2010/03/25 23:49:10 | 000,057,344 | ---- | M] (Nalpeiron Ltd.) -- C:\Windows\System32\nlssrv32.exe

PRC - [2010/03/18 16:04:52 | 001,091,984 | ---- | M] (BitDefender S.R.L.) -- C:\Program Files\BitDefender\BitDefender 2010\seccenter.exe

PRC - [2010/03/16 02:58:36 | 000,718,208 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Office\Office14\MSOSYNC.EXE

PRC - [2010/01/17 11:21:17 | 001,201,640 | ---- | M] (Webroot Software, Inc. ) -- C:\Program Files\Webroot\WebrootSecurity\WRConsumerService.exe

PRC - [2009/11/06 12:00:22 | 004,048,240 | ---- | M] (Webroot Software, Inc. (www.webroot.com)) -- C:\Program Files\Webroot\WebrootSecurity\SpySweeper.exe

PRC - [2009/04/11 14:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe

PRC - [2009/04/11 14:27:28 | 000,069,120 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\conime.exe

PRC - [2009/01/22 08:06:55 | 000,655,624 | ---- | M] (Acresso Software Inc.) -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe

PRC - [2008/08/29 02:34:10 | 001,771,360 | ---- | M] (Sony Corporation) -- C:\Program Files\Sony\VAIO Power Management\SPMgr.exe

PRC - [2008/08/29 02:34:10 | 000,411,488 | ---- | M] (Sony Corporation) -- C:\Program Files\Sony\VAIO Power Management\SPMService.exe

PRC - [2008/08/29 01:10:18 | 000,233,472 | ---- | M] () -- C:\Program Files\DisplayLink Core Software\DisplayLinkUI.exe

PRC - [2008/08/18 23:31:22 | 000,443,752 | ---- | M] (DisplayLink Corp.) -- C:\Program Files\DisplayLink Core Software\DisplayLinkService.exe

PRC - [2008/08/18 23:31:20 | 004,597,096 | ---- | M] (DisplayLink Corp.) -- C:\Program Files\DisplayLink Core Software\DisplayLinkManager.exe

PRC - [2008/07/11 05:10:44 | 000,182,112 | ---- | M] (Sony Corporation) -- C:\Program Files\Sony\VAIO Event Service\VESMgr.exe

PRC - [2008/07/11 05:10:44 | 000,100,472 | ---- | M] (Sony Corporation) -- C:\Program Files\Sony\VAIO Event Service\VESMgrSub.exe

PRC - [2008/06/11 22:43:26 | 000,640,376 | ---- | M] (Adobe Systems Inc.) -- C:\Program Files\Adobe\Acrobat 9.0\Acrobat\acrotray.exe

PRC - [2008/06/09 21:59:30 | 000,098,304 | ---- | M] (Realtek Semiconductor) -- C:\Windows\RTKAUDIOSERVICE.EXE

PRC - [2008/05/01 10:41:12 | 000,815,104 | ---- | M] (Intel® Corporation) -- C:\Program Files\intel\WiFi\bin\EvtEng.exe

PRC - [2008/05/01 10:10:10 | 000,466,944 | ---- | M] (Intel® Corporation) -- C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe

PRC - [2008/01/21 10:21:41 | 000,319,544 | ---- | M] (Microsoft Corporation) -- c:\Program Files\Windows Defender\MpCmdRun.exe

PRC - [2007/06/06 04:20:32 | 000,177,704 | ---- | M] () -- C:\Windows\System32\PSIService.exe

PRC - [2007/01/05 10:48:52 | 000,112,152 | R--- | M] (InterVideo) -- C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe

========== Modules (SafeList) ==========

MOD - [2011/05/08 14:51:23 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Users\Emmanuel\Desktop\OTL.exe

MOD - [2010/09/23 04:07:50 | 000,107,856 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Mindjet\MindManager 9\msscript.ocx

MOD - [2010/08/31 23:43:52 | 001,686,016 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18305_none_5cb72f2a088b0ed3\comctl32.dll

========== Win32 Services (SafeList) ==========

SRV - [2011/03/08 10:19:07 | 000,310,856 | ---- | M] (BitDefender S.R.L.) [Auto | Running] -- C:\Program Files\Common Files\BitDefender\BitDefender Update Service\livesrv.exe -- (LIVESRV)

SRV - [2011/01/11 02:40:42 | 001,962,192 | ---- | M] (Astrill) [On_Demand | Stopped] -- C:\Users\Emmanuel\AppData\Roaming\Astrill\ASProxy.exe -- (ASProxy)

SRV - [2011/01/11 02:40:28 | 000,428,056 | ---- | M] (Astrill) [On_Demand | Stopped] -- C:\Users\Emmanuel\AppData\Roaming\Astrill\ASOvpnSvc.exe -- (ASOVPNHelper)

SRV - [2010/04/26 15:01:54 | 001,615,688 | ---- | M] (BitDefender S.R.L.) [Auto | Running] -- C:\Program Files\BitDefender\BitDefender 2010\vsserv.exe -- (VSSERV)

SRV - [2010/04/22 01:46:17 | 000,373,760 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\System32\inetsrv\iisw3adm.dll -- (WAS)

SRV - [2010/04/22 01:46:17 | 000,373,760 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\inetsrv\iisw3adm.dll -- (W3SVC)

SRV - [2010/03/25 23:49:10 | 000,057,344 | ---- | M] (Nalpeiron Ltd.) [Auto | Running] -- C:\Windows\System32\nlssrv32.exe -- (nlsX86cc)

SRV - [2010/03/25 10:25:22 | 030,969,208 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Microsoft Office\Office14\GROOVE.EXE -- (Microsoft SharePoint Workspace Audit Service)

SRV - [2010/03/12 16:40:10 | 000,315,392 | ---- | M] (S.C. BitDefender S.R.L) [On_Demand | Stopped] -- C:\Program Files\Common Files\BitDefender\BitDefender Threat Scanner\scan.dll -- (scan)

SRV - [2010/02/19 13:37:14 | 000,517,096 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Program Files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe -- (SwitchBoard)

SRV - [2010/01/17 11:21:17 | 001,201,640 | ---- | M] (Webroot Software, Inc. ) [Auto | Running] -- C:\Program Files\Webroot\WebrootSecurity\WRConsumerService.exe -- (WRConsumerService)

SRV - [2009/11/06 12:00:22 | 004,048,240 | ---- | M] (Webroot Software, Inc. (www.webroot.com)) [Auto | Running] -- C:\Program Files\Webroot\WebrootSecurity\SpySweeper.exe -- (WebrootSpySweeperService)

SRV - [2009/10/19 17:06:10 | 000,183,880 | ---- | M] (BitDefender S.R.L. http://www.bitdefender.com) [On_Demand | Stopped] -- C:\Program Files\Common Files\BitDefender\BitDefender Arrakis Server\bin\arrakis3.exe -- (Arrakis3)

SRV - [2009/04/11 14:28:17 | 000,052,224 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\inetsrv\apphostsvc.dll -- (AppHostSvc)

SRV - [2009/01/22 08:06:55 | 000,655,624 | ---- | M] (Acresso Software Inc.) [On_Demand | Running] -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service)

SRV - [2008/08/29 02:34:10 | 000,411,488 | ---- | M] (Sony Corporation) [Auto | Running] -- C:\Program Files\Sony\VAIO Power Management\SPMService.exe -- (VAIO Power Management)

SRV - [2008/08/18 23:31:22 | 000,443,752 | ---- | M] (DisplayLink Corp.) [Auto | Running] -- C:\Program Files\DisplayLink Core Software\DisplayLinkService.exe -- (DisplayLinkService)

SRV - [2008/07/11 05:10:44 | 000,182,112 | ---- | M] (Sony Corporation) [Auto | Running] -- C:\Program Files\Sony\VAIO Event Service\VESMgr.exe -- (VAIO Event Service)

SRV - [2008/06/09 21:59:30 | 000,098,304 | ---- | M] (Realtek Semiconductor) [Auto | Running] -- C:\Windows\RTKAUDIOSERVICE.EXE -- (RtkHDMIService)

SRV - [2008/05/02 09:42:06 | 000,121,360 | ---- | M] (Logitech, Inc.) [On_Demand | Stopped] -- C:\Program Files\Common Files\Logitech\Bluetooth\LBTServ.exe -- (LBTServ)

SRV - [2008/05/01 10:41:12 | 000,815,104 | ---- | M] (Intel® Corporation) [Auto | Running] -- C:\Program Files\intel\WiFi\bin\EvtEng.exe -- (EvtEng)

SRV - [2008/05/01 10:10:10 | 000,466,944 | ---- | M] (Intel® Corporation) [Auto | Running] -- C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe -- (RegSrvc)

SRV - [2008/04/03 02:07:58 | 000,073,728 | ---- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCs\VzHardwareResourceManager\VzHardwareResourceManager.exe -- (VAIO Entertainment TV Device Arbitration Service)

SRV - [2008/04/03 02:07:56 | 000,147,456 | ---- | M] (Sony Corporation) [Auto | Stopped] -- C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzFw.exe -- (VzFw)

SRV - [2008/04/03 02:07:54 | 000,184,320 | ---- | M] (Sony Corporation) [Auto | Stopped] -- C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzCdbSvc.exe -- (VzCdbSvc)

SRV - [2008/04/03 02:07:38 | 000,279,848 | ---- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VCSW\VCSW.exe -- (Vcsw)

SRV - [2008/03/05 11:58:30 | 000,063,328 | ---- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\Program Files\Sony\VAIO Media plus\SOHDs.exe -- (SOHDs)

SRV - [2008/03/05 11:56:42 | 000,350,048 | ---- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\Program Files\Sony\VAIO Media plus\SOHDms.exe -- (SOHDms)

SRV - [2008/03/05 11:54:50 | 000,104,288 | ---- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\Program Files\Sony\VAIO Media plus\SOHCImp.exe -- (SOHCImp)

SRV - [2008/03/04 05:45:48 | 000,333,088 | ---- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\Program Files\Sony\VCM Intelligent Analyzing Manager\VcmIAlzMgr.exe -- (VcmIAlzMgr)

SRV - [2008/03/04 04:27:14 | 000,087,328 | ---- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\Sony Shared\VcmXml\VcmXmlIfHelper.exe -- (VcmXmlIfHelper)

SRV - [2008/01/21 10:21:41 | 000,272,952 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)

SRV - [2007/11/28 17:08:02 | 000,077,824 | ---- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\Sony Shared\AVLib\SPTISRV.exe -- (SPTISRV)

SRV - [2007/11/28 17:02:20 | 000,053,248 | ---- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\Sony Shared\AVLib\MSCSPTISRV.exe -- (MSCSPTISRV)

SRV - [2007/11/28 16:43:44 | 000,053,248 | ---- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\Sony Shared\AVLib\PACSPTISVR.exe -- (PACSPTISVR)

SRV - [2007/06/06 04:20:32 | 000,177,704 | ---- | M] () [Auto | Running] -- C:\Windows\System32\PSIService.exe -- (ProtexisLicensing)

SRV - [2007/01/05 10:48:52 | 000,112,152 | R--- | M] (InterVideo) [Auto | Running] -- C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe -- (IviRegMgr)

========== Driver Services (SafeList) ==========

DRV - [2010/08/20 22:08:46 | 000,026,112 | ---- | M] (The OpenVPN Project) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\tap0901.sys -- (tap0901)

DRV - [2010/06/13 14:42:46 | 000,039,808 | ---- | M] (BitDefender S.R.L.) [Kernel | On_Demand | Stopped] -- C:\Program Files\Common Files\BitDefender\BitDefender Threat Scanner\trufos.sys -- (Trufos)

DRV - [2010/06/13 14:42:44 | 000,014,720 | ---- | M] (BitDefender S.R.L.) [Kernel | On_Demand | Stopped] -- C:\Program Files\Common Files\BitDefender\BitDefender Threat Scanner\profos.sys -- (Profos)

DRV - [2010/06/13 14:42:38 | 000,119,504 | ---- | M] (BitDefender LLC) [Kernel | System | Running] -- C:\Program Files\Common Files\BitDefender\BitDefender Firewall\bdftdif.sys -- (bdftdif)

DRV - [2010/04/23 17:43:52 | 000,058,368 | ---- | M] (BitDefender) [Kernel | On_Demand | Stopped] -- C:\Program Files\BitDefender\BitDefender 2010\bdselfpr.sys -- (BDSelfPr)

DRV - [2010/02/22 14:58:40 | 000,291,352 | ---- | M] (BitDefender) [File_System | Boot | Running] -- C:\Windows\system32\DRIVERS\bdfsfltr.sys -- (bdfsfltr)

DRV - [2010/02/03 13:57:36 | 000,153,448 | ---- | M] (BitDefender S.R.L. Bucharest, ROMANIA) [File_System | On_Demand | Running] -- C:\Windows\System32\drivers\bdfm.sys -- (BDFM)

DRV - [2010/01/08 16:28:40 | 000,006,656 | ---- | M] (alipay.com) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\alidevice.sys -- (Alidevice)

DRV - [2009/11/06 12:00:36 | 000,176,752 | ---- | M] (Webroot Software, Inc. (www.webroot.com)) [Kernel | Boot | Running] -- C:\Windows\system32\DRIVERS\ssidrv.sys -- (ssidrv)

DRV - [2009/11/06 12:00:36 | 000,023,152 | ---- | M] (Webroot Software, Inc. (www.webroot.com)) [Kernel | Boot | Running] -- C:\Windows\system32\DRIVERS\sshrmd.sys -- (sshrmd)

DRV - [2009/11/06 12:00:34 | 000,029,808 | ---- | M] (Webroot Software, Inc. (www.webroot.com)) [Kernel | Boot | Running] -- C:\Windows\system32\DRIVERS\ssfs0bbc.sys -- (ssfs0bbc)

DRV - [2009/08/31 10:38:02 | 000,011,808 | ---- | M] () [Kernel | Auto | Running] -- C:\Windows\System32\drivers\CertClient.dat -- (CMB8100)

DRV - [2009/08/31 10:38:02 | 000,010,272 | ---- | M] () [Kernel | Auto | Running] -- C:\Windows\System32\drivers\CMBProtector.dat -- (CMBProtector)

DRV - [2009/08/27 15:18:58 | 000,025,736 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\swmsflt.sys -- (swmsflt)

DRV - [2009/08/21 02:08:00 | 000,024,960 | ---- | M] (LG Electronics Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\lgusbmodem.sys -- (USBModem)

DRV - [2009/08/21 02:08:00 | 000,020,864 | ---- | M] (LG Electronics Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\lgusbdiag.sys -- (UsbDiag)

DRV - [2009/08/21 02:08:00 | 000,013,056 | ---- | M] (LG Electronics Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\lgusbbus.sys -- (usbbus)

DRV - [2009/04/11 12:43:07 | 000,029,696 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\BTHPRINT.SYS -- (BTHprint)

DRV - [2009/01/16 17:08:39 | 000,717,296 | ---- | M] (Duplex Secure Ltd.) [Kernel | Disabled | Stopped] -- C:\Windows\System32\Drivers\sptd.sys -- (sptd)

DRV - [2008/08/18 23:31:50 | 000,287,856 | ---- | M] (DisplayLink Corp.) [Kernel | On_Demand | Running] -- C:\Windows\system32\drivers\dlkmd.sys -- (dlkmd)

DRV - [2008/08/18 23:31:50 | 000,013,424 | ---- | M] (DisplayLink Corp.) [Kernel | Boot | Running] -- C:\Windows\system32\drivers\dlkmdldr.sys -- (dlkmdldr)

DRV - [2008/05/13 08:05:19 | 003,537,408 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\atikmdag.sys -- (atikmdag)

DRV - [2008/04/28 21:29:26 | 003,658,752 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\NETw5v32.sys -- (NETw5v32) Intel®

DRV - [2008/04/28 09:19:55 | 000,142,624 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\RtHDMIV.sys -- (RTHDMIAzAudService)

DRV - [2008/04/22 22:43:36 | 000,010,216 | ---- | M] (Sony Corporation) [Kernel | System | Running] -- C:\Windows\System32\drivers\DMICall.sys -- (DMICall)

DRV - [2008/04/22 08:01:11 | 000,903,680 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\athr.sys -- (athr)

DRV - [2008/04/16 08:04:24 | 000,046,592 | ---- | M] (REDC) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\risdptsk.sys -- (risdptsk)

DRV - [2008/04/16 08:04:12 | 000,068,096 | ---- | M] (REDC) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\rimsptsk.sys -- (rimsptsk)

DRV - [2008/02/29 10:13:24 | 000,036,880 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\LMouFilt.Sys -- (LMouFilt)

DRV - [2008/02/29 10:13:16 | 000,035,344 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\LHidFilt.Sys -- (LHidFilt)

DRV - [2008/02/23 08:38:50 | 000,164,400 | ---- | M] (Alps Electric Co., Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\Apfiltr.sys -- (ApfiltrService)

DRV - [2008/01/25 10:14:25 | 000,008,192 | ---- | M] (Conexant Systems, Inc.) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\XAudio.sys -- (XAudio)

DRV - [2008/01/21 10:21:34 | 000,050,048 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\mstape.sys -- (MSTAPE)

DRV - [2008/01/21 10:21:27 | 000,014,208 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\avcstrm.sys -- (AVCSTRM)

DRV - [2007/12/17 09:57:23 | 000,009,344 | ---- | M] (Sony Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\SFEP.sys -- (SFEP)

DRV - [2007/07/26 16:25:12 | 000,039,808 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\SRS_SSCFilter_i386.sys -- (SRS_SSCFilter) SRS Labs Audio Sandbox (WDM)

DRV - [2007/06/27 10:42:34 | 000,073,856 | ---- | M] (Sierra Wireless Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\swumx56.sys -- (SWUMX56) Sierra Wireless USB MUX Driver (UMTS56)

DRV - [2007/06/27 10:41:48 | 000,101,248 | ---- | M] (Sierra Wireless Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\swnc8u56.sys -- (SWNC8U56) Sierra Wireless MUX NDIS Driver (UMTS56)

DRV - [2007/04/18 11:09:28 | 000,011,032 | ---- | M] (InterVideo) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\regi.sys -- (regi)

DRV - [2006/11/08 15:02:40 | 000,024,064 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\point32k.sys -- (Point32)

DRV - [2006/11/02 12:50:52 | 000,128,104 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\System32\drivers\WimFltr.sys -- (WimFltr)

DRV - [2006/04/04 21:20:36 | 000,009,344 | ---- | M] (Hewlett Packard) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\hpfxbulk.sys -- (HPFXBULK)

========== Standard Registry (SafeList) ==========

========== Internet Explorer ==========

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = Rue89 | Site d'information et de débat sur l'actualité, indépendant et participatif

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 2

IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..browser.search.defaultengine: ""

FF - prefs.js..browser.search.defaultenginename: ""

FF - prefs.js..browser.search.order.1: ""

FF - prefs.js..browser.search.selectedEngine: "Google"

FF - prefs.js..browser.search.useDBForOrder: ""

FF - HKLM\software\mozilla\Firefox\Extensions\\FFToolbar@bitdefender.com: C:\Program Files\BitDefender\BitDefender 2010\bdaphffext\ [2010/09/21 09:56:53 | 000,000,000 | ---D | M]

FF - HKLM\software\mozilla\Firefox\Extensions\\{22119944-ED35-4ab1-910B-E619EA06A115}: C:\Program Files\Siber Systems\AI RoboForm\Firefox [2011/05/02 15:11:12 | 000,000,000 | ---D | M]

FF - HKLM\software\mozilla\Mozilla Firefox 4.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011/05/02 14:04:48 | 000,000,000 | ---D | M]

FF - HKLM\software\mozilla\Mozilla Firefox 4.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011/05/02 14:04:35 | 000,000,000 | ---D | M]

[2009/10/10 14:22:29 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Emmanuel\AppData\Roaming\mozilla\Extensions

[2009/10/10 14:22:29 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Emmanuel\AppData\Roaming\mozilla\Extensions\{2f1e6a90-e99e-11dd-ba2f-0800200c9a66}

[2011/05/08 11:24:17 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Emmanuel\AppData\Roaming\mozilla\Firefox\Profiles\8681oi1f.default\extensions

[2011/04/04 19:59:04 | 000,000,000 | ---D | M] (DownloadHelper) -- C:\Users\Emmanuel\AppData\Roaming\mozilla\Firefox\Profiles\8681oi1f.default\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}

[2011/03/18 12:10:47 | 000,000,000 | ---D | M] (LinkedIn Companion for Firefox) -- C:\Users\Emmanuel\AppData\Roaming\mozilla\Firefox\Profiles\8681oi1f.default\extensions\{e2337727-f9c9-411b-929e-287584341d1a}

[2010/09/29 10:23:16 | 000,000,000 | ---D | M] (United States English Spellchecker) -- C:\Users\Emmanuel\AppData\Roaming\mozilla\Firefox\Profiles\8681oi1f.default\extensions\en-US@dictionaries.addons.mozilla.org

[2010/01/17 12:28:37 | 000,004,166 | ---- | M] () -- C:\Users\Emmanuel\AppData\Roaming\Mozilla\Firefox\Profiles\8681oi1f.default\searchplugins\baidu.xml

[2011/05/02 14:04:47 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions

[2010/07/17 14:26:18 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}

[2010/08/24 19:46:28 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}

[2010/10/18 16:42:14 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}

File not found (No name found) --

[2011/01/15 17:17:28 | 000,000,000 | ---D | M] (Download Accelerator Plus (DAP) extension) -- C:\PROGRAM FILES\DAP\DAPFIREFOX

[2011/05/02 15:11:12 | 000,000,000 | ---D | M] (Roboform Toolbar for Firefox) -- C:\PROGRAM FILES\SIBER SYSTEMS\AI ROBOFORM\FIREFOX

[2009/07/06 02:37:34 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\WINDOWS\MICROSOFT.NET\FRAMEWORK\V3.5\WINDOWS PRESENTATION FOUNDATION\DOTNETASSISTANTEXTENSION

[2011/04/15 00:47:17 | 000,142,296 | ---- | M] (Mozilla Foundation) -- C:\Program Files\Mozilla Firefox\components\browsercomps.dll

[2008/12/15 15:05:50 | 000,234,496 | ---- | M] (Alipay.com co.,ltd) -- C:\Program Files\Mozilla Firefox\plugins\npaliedit.dll

[2010/09/15 04:50:38 | 000,472,808 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npdeployJava1.dll

[2007/05/17 05:00:12 | 000,046,856 | ---- | M] (E-Book Systems.) -- C:\Program Files\Mozilla Firefox\plugins\NPOpf.dll

[2010/01/01 16:00:00 | 000,001,516 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\amazon-france.xml

[2010/01/01 16:00:00 | 000,002,252 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\bing.xml

[2010/01/01 16:00:00 | 000,001,822 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\cnrtl-tlfi-fr.xml

[2010/01/01 16:00:00 | 000,001,154 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\eBay-france.xml

[2010/01/01 16:00:00 | 000,001,426 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\wikipedia-fr.xml

[2010/01/01 16:00:00 | 000,000,956 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\yahoo-france.xml

[2011/02/28 15:06:17 | 000,001,066 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\yahoo-zugo.xml

Hosts file not found

O2 - BHO: (SnagIt Toolbar Loader) - {00C6482D-C502-44C8-8409-FCE54AD9C208} - C:\Program Files\TechSmith\Snagit 9\SnagitBHO.dll (TechSmith Corporation)

O2 - BHO: (FlpLauncher Class) - {4401FDC3-7996-4774-8D2B-C1AE9CD6CC25} - C:\Program Files\E-Book Systems\FlipViewer\fvbho140.dll (E-Book Systems Inc.)

O2 - BHO: (CmjBrowserHelperObject Object) - {6FE6A929-59D1-4763-91AD-29B61CFFB35B} - C:\Program Files\Mindjet\MindManager 9\Mm8InternetExplorer.dll (Mindjet)

O2 - BHO: (no name) - {724d43a9-0d85-11d4-9908-00400523e39a} - C:\Program Files\Siber Systems\AI RoboForm\roboform.dll (Siber Systems Inc.)

O2 - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)

O2 - BHO: (SSVHelper Class) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)

O2 - BHO: (Adobe PDF Conversion Toolbar Helper) - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)

O2 - BHO: (Skype Plug-In) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)

O2 - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)

O2 - BHO: (SmartSelect Class) - {F4971EE7-DAA0-4053-9964-665D8EE6A077} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)

O2 - BHO: (DAPIELoader Class) - {FF6C3CF0-4B15-11D1-ABED-709549C10000} - C:\Program Files\DAP\dapieloader.dll (SpeedBit Ltd.)

O3 - HKLM\..\Toolbar: (BitDefender Toolbar) - {381FFDE8-2394-4f90-B10D-FC6124A40F8C} - C:\Program Files\BitDefender\BitDefender 2010\ietoolbar.dll (BitDefender S.R.L.)

O3 - HKLM\..\Toolbar: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)

O3 - HKLM\..\Toolbar: (&RoboForm) - {724d43a0-0d85-11d4-9908-00400523e39a} - C:\Program Files\Siber Systems\AI RoboForm\roboform.dll (Siber Systems Inc.)

O3 - HKLM\..\Toolbar: (Snagit) - {8FF5E183-ABDE-46EB-B09E-D2AAB95CABE3} - C:\Program Files\TechSmith\Snagit 9\SnagitIEAddin.dll (TechSmith Corporation)

O3 - HKCU\..\Toolbar\WebBrowser: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)

O3 - HKCU\..\Toolbar\WebBrowser: (&RoboForm) - {724D43A0-0D85-11D4-9908-00400523E39A} - C:\Program Files\Siber Systems\AI RoboForm\roboform.dll (Siber Systems Inc.)

O4 - HKLM..\Run: [bCSSync] C:\Program Files\Microsoft Office\Office14\BCSSync.exe (Microsoft Corporation)

O4 - HKLM..\Run: [spySweeper] C:\Program Files\Webroot\WebrootSecurity\SpySweeperUI.exe (Webroot Software, Inc.)

O4 - HKCU..\Run: [Ditto] C:\Program Files\Ditto\Ditto.exe ()

O4 - HKCU..\Run: [OfficeSyncProcess] C:\Program Files\Microsoft Office\Office14\MSOSYNC.EXE (Microsoft Corporation)

O4 - HKCU..\Run: [RoboForm] C:\Program Files\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe (Siber Systems)

O8 - Extra context menu item: &Clean Traces - C:\Program Files\DAP\Privacy Package\dapcleanerie.htm ()

O8 - Extra context menu item: &Download with &DAP - C:\Program Files\DAP\dapextie.htm ()

O8 - Extra context menu item: Append Link Target to Existing PDF - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)

O8 - Extra context menu item: Append to existing PDF - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)

O8 - Extra context menu item: Barre RoboForm - C:\Program Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html ()

O8 - Extra context menu item: Convert link target to Adobe PDF - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)

O8 - Extra context menu item: Convert link target to existing PDF - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)

O8 - Extra context menu item: Convert to Adobe PDF - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)

O8 - Extra context menu item: Download &all with DAP - C:\Program Files\DAP\dapextie2.htm ()

O8 - Extra context menu item: E&xport to Microsoft Excel - C:\Program Files\Microsoft Office\Office14\EXCEL.EXE (Microsoft Corporation)

O8 - Extra context menu item: Enregistrer le formulaire - C:\Program Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html ()

O8 - Extra context menu item: Personnaliser le menu - C:\Program Files\Siber Systems\AI RoboForm\RoboFormComCustomizeIEMenu.html ()

O8 - Extra context menu item: QQ - C:\Program Files\Tencent\QQIntl\Bin\AddEmotion.htm ()

O8 - Extra context menu item: Remplir le formulaire - C:\Program Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html ()

O8 - Extra context menu item: Se&nd to OneNote - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)

O8 - Extra context menu item: Send image to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm ()

O8 - Extra context menu item: Send page to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()

O9 - Extra Button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)

O9 - Extra 'Tools' menuitem : Se&nd to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)

O9 - Extra Button: Send to Mindjet MindManager - {2F72393D-2472-4F82-B600-ED77F354B7FF} - C:\Program Files\Mindjet\MindManager 9\Mm8InternetExplorer.dll (Mindjet)

O9 - Extra Button: Remplir - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - C:\Program Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html ()

O9 - Extra 'Tools' menuitem : Remplir le formulaire - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - C:\Program Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html ()

O9 - Extra Button: Enregistrer - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - C:\Program Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html ()

O9 - Extra 'Tools' menuitem : Enregistrer le formulaire - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - C:\Program Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html ()

O9 - Extra Button: Barre RoboForm - {724d43aa-0d85-11d4-9908-00400523e39a} - C:\Program Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html ()

O9 - Extra 'Tools' menuitem : Barre RoboForm - {724d43aa-0d85-11d4-9908-00400523e39a} - C:\Program Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html ()

O9 - Extra Button: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)

O9 - Extra 'Tools' menuitem : OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)

O9 - Extra Button: Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)

O9 - Extra 'Tools' menuitem : Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)

O9 - Extra Button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()

O9 - Extra 'Tools' menuitem : @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()

O10 - NameSpace_Catalog5\Catalog_Entries\000000000008 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)

O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Windows\System32\ASProxy.dll (Astrill)

O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Windows\System32\ASProxy.dll (Astrill)

O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\Windows\System32\ASProxy.dll (Astrill)

O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\Windows\System32\ASProxy.dll (Astrill)

O10 - Protocol_Catalog9\Catalog_Entries\000000000016 - C:\Windows\System32\ASProxy.dll (Astrill)

O13 - gopher Prefix: missing

O16 - DPF: {1E0DFFCF-27FF-4574-849B-55007349FEDA} https://download.alipay.com/aliedit/aliedit/2401/aliedit.cab (iTrusPTA Class)

O16 - DPF: {233C1507-6A77-46A4-9443-F871F945D258} http://download.macromedia.com/pub/shockwave/cabs/director/sw.cab (Reg Error: Key error.)

O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22)

O16 - DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22)

O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22)

O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)

O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 180.168.255.118 116.228.111.18

O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)

O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)

O20 - AppInit_DLLs: (acaptuser32.dll) - C:\Windows\System32\acaptuser32.dll (Adobe Systems, Inc.)

O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)

O20 - Winlogon\Notify\VESWinlogon: DllName - VESWinlogon.dll - C:\Windows\System32\VESWinlogon.dll (Sony Corporation)

O22 - SharedTaskScheduler: {E31004D1-A431-41B8-826F-E902F9D95C81} - Windows DreamScene - C:\Windows\System32\DreamScene.dll (Microsoft Corporation)

O24 - Desktop WallPaper: C:\Windows\Web\Wallpaper\img25.jpg

O24 - Desktop BackupWallPaper: C:\Windows\Web\Wallpaper\img25.jpg

O28 - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)

O32 - HKLM CDRom: AutoRun - 1

O32 - AutoRun File - [2006/09/19 05:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]

O34 - HKLM BootExecute: (autocheck autochk *) - File not found

O35 - HKLM\..comfile [open] -- "%1" %*

O35 - HKLM\..exefile [open] -- "%1" %*

O37 - HKLM\...com [@ = comfile] -- "%1" %*

O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2011/05/09 01:47:13 | 000,000,000 | ---D | C] -- C:\_OTL

[2011/05/09 01:42:43 | 000,876,032 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\XpsPrint.dll

[2011/05/08 16:33:56 | 000,000,000 | ---D | C] -- C:\Windows\System32\WindowsPowerShell

[2011/05/08 16:30:28 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Live

[2011/05/08 16:19:49 | 000,000,000 | ---D | C] -- C:\Users\Emmanuel\AppData\Local\Windows Live

[2011/05/08 16:11:31 | 000,754,688 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\webservices.dll

[2011/05/08 15:23:02 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\winrsmgr.dll

[2011/05/08 15:22:38 | 000,040,448 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\winrs.exe

[2011/05/08 15:22:38 | 000,020,480 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\winrshost.exe

[2011/05/08 15:22:38 | 000,012,800 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wsmprovhost.exe

[2011/05/08 15:22:35 | 000,010,240 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wsmplpxy.dll

[2011/05/08 15:22:35 | 000,010,240 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\winrssrv.dll

[2011/05/08 15:22:31 | 000,056,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wecapi.dll

[2011/05/08 15:22:30 | 000,081,408 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wevtfwd.dll

[2011/05/08 15:22:30 | 000,079,872 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wecutil.exe

[2011/05/08 15:22:30 | 000,054,272 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WsmRes.dll

[2011/05/08 15:22:30 | 000,041,472 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\pwrshplugin.dll

[2011/05/08 15:22:16 | 000,252,416 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WSManMigrationPlugin.dll

[2011/05/08 15:22:16 | 000,246,272 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WSManHTTPConfig.exe

[2011/05/08 15:22:16 | 000,241,152 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\winrscmd.dll

[2011/05/08 15:22:16 | 000,214,016 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WsmWmiPl.dll

[2011/05/08 15:22:16 | 000,145,408 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WsmAuto.dll

[2011/05/08 14:51:00 | 000,580,608 | ---- | C] (OldTimer Tools) -- C:\Users\Emmanuel\Desktop\OTL.exe

[2011/05/08 11:13:10 | 000,025,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dnscacheugc.exe

[2011/05/08 11:02:45 | 001,068,544 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\DWrite.dll

[2011/05/08 11:02:44 | 000,288,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\XpsGdiConverter.dll

[2011/05/08 11:01:09 | 000,028,672 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\Apphlpdm.dll

[2011/05/08 11:01:08 | 004,240,384 | ---- | C] (Microsoft) -- C:\Windows\System32\GameUXLegacyGDFs.dll

[2011/05/08 11:00:32 | 003,602,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ntkrnlpa.exe

[2011/05/08 11:00:28 | 003,550,096 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ntoskrnl.exe

[2011/05/08 10:59:56 | 002,041,856 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\win32k.sys

[2011/05/08 10:59:45 | 000,429,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\EncDec.dll

[2011/05/08 10:59:44 | 000,322,560 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\sbe.dll

[2011/05/08 10:59:43 | 000,177,664 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mpg2splt.ax

[2011/05/08 10:59:43 | 000,153,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\sbeio.dll

[2011/05/08 10:59:07 | 000,292,864 | ---- | C] (Adobe Systems Incorporated) -- C:\Windows\System32\atmfd.dll

[2011/05/08 10:59:06 | 000,034,304 | ---- | C] (Adobe Systems) -- C:\Windows\System32\atmlib.dll

[2011/05/08 10:58:54 | 001,162,240 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mfc42u.dll

[2011/05/08 10:58:50 | 001,136,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mfc42.dll

[2011/05/08 10:58:22 | 000,191,488 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\FXSCOVER.exe

[2011/05/08 03:55:46 | 000,000,000 | ---D | C] -- C:\Users\Emmanuel\Desktop\Malware Cleanup

[2011/05/08 03:55:15 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Your Uninstaller! 7

[2011/05/08 03:55:11 | 000,000,000 | ---D | C] -- C:\Program Files\Your Uninstaller! 7

[2011/05/08 03:28:55 | 000,161,792 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msls31.dll

[2011/05/08 03:28:55 | 000,065,024 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jsproxy.dll

[2011/05/08 03:28:54 | 000,162,304 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msrating.dll

[2011/05/08 03:28:53 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieui.dll

[2011/05/08 03:28:53 | 000,086,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iesysprep.dll

[2011/05/08 03:28:53 | 000,076,800 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\SetIEInstalledDate.exe

[2011/05/08 03:28:53 | 000,074,752 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\RegisterIEPKEYs.exe

[2011/05/08 03:28:53 | 000,048,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mshtmler.dll

[2011/05/08 03:28:51 | 000,367,104 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\html.iec

[2011/05/08 03:28:51 | 000,353,792 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dxtmsft.dll

[2011/05/08 03:28:51 | 000,223,232 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dxtrans.dll

[2011/05/08 03:28:50 | 003,695,416 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieapfltr.dat

[2011/05/08 03:28:50 | 000,434,176 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieapfltr.dll

[2011/05/08 03:28:49 | 001,427,456 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\inetcpl.cpl

[2011/05/08 03:28:49 | 000,353,584 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iedkcs32.dll

[2011/05/08 03:28:49 | 000,231,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\url.dll

[2011/05/08 03:28:49 | 000,074,752 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iesetup.dll

[2011/05/08 03:28:49 | 000,074,240 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ie4uinit.exe

[2011/05/08 03:28:49 | 000,031,744 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iernonce.dll

[2011/05/08 03:28:48 | 000,580,608 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeeds.dll

[2011/05/08 03:28:48 | 000,152,064 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wextract.exe

[2011/05/08 03:28:48 | 000,150,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iexpress.exe

[2011/05/08 03:28:48 | 000,078,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\inseng.dll

[2011/05/08 03:28:48 | 000,023,552 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\licmgr10.dll

[2011/05/08 03:28:47 | 000,420,864 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\vbscript.dll

[2011/05/08 03:28:46 | 002,382,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mshtml.tlb

[2011/05/08 03:28:46 | 000,142,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieUnatt.exe

[2011/05/08 03:28:46 | 000,054,272 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\pngfilt.dll

[2011/05/08 03:28:44 | 000,101,888 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\admparse.dll

[2011/05/08 03:28:43 | 000,227,840 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieaksie.dll

[2011/05/08 03:28:42 | 000,163,840 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieakui.dll

[2011/05/08 03:28:39 | 001,797,632 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jscript9.dll

[2011/05/08 03:28:39 | 000,716,800 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jscript.dll

[2011/05/08 03:28:38 | 000,035,840 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\imgutil.dll

[2011/05/08 03:28:34 | 000,118,784 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iepeers.dll

[2011/05/08 03:28:30 | 000,041,472 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeedsbs.dll

[2011/05/08 03:28:30 | 000,010,752 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeedssync.exe

[2011/05/08 03:28:28 | 000,110,592 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\IEAdvpack.dll

[2011/05/08 03:28:27 | 000,130,560 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieakeng.dll

[2011/05/08 03:26:15 | 000,979,456 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\MFH264Dec.dll

[2011/05/08 03:26:14 | 000,357,376 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\MFHEAACdec.dll

[2011/05/08 03:26:13 | 000,302,592 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mfmp4src.dll

[2011/05/08 03:26:12 | 000,261,632 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mfreadwrite.dll

[2011/05/08 03:26:11 | 002,873,344 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mf.dll

[2011/05/08 03:26:09 | 000,098,816 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mfps.dll

[2011/05/08 03:26:05 | 000,209,920 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mfplat.dll

[2011/05/08 03:25:48 | 000,683,008 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d2d1.dll

[2011/05/08 03:25:48 | 000,135,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\XpsRasterService.dll

[2011/05/08 03:25:46 | 000,486,400 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3d10level9.dll

[2011/05/08 03:25:45 | 001,172,480 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3d10warp.dll

[2011/05/08 03:25:44 | 000,219,648 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3d10_1core.dll

[2011/05/08 03:25:44 | 000,160,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3d10_1.dll

[2011/05/08 03:25:43 | 001,029,120 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3d10.dll

[2011/05/08 03:25:43 | 000,189,952 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3d10core.dll

[2011/05/08 03:25:42 | 000,478,720 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dxgi.dll

[2011/05/08 03:25:41 | 000,037,376 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\cdd.dll

[2011/05/08 03:25:40 | 000,667,648 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\printfilterpipelinesvc.exe

[2011/05/08 03:25:40 | 000,026,112 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\printfilterpipelineprxy.dll

[2011/05/08 03:25:38 | 000,847,360 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\OpcServices.dll

[2011/05/08 03:25:37 | 001,554,432 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\xpsservices.dll

[2011/05/08 02:50:07 | 000,000,000 | ---D | C] -- C:\Program Files\Windows Portable Devices

[2011/05/08 02:44:59 | 000,092,672 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\UIAnimation.dll

[2011/05/08 02:44:56 | 003,023,360 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\UIRibbon.dll

[2011/05/08 02:44:56 | 001,164,800 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\UIRibbonRes.dll

[2011/05/08 02:43:17 | 000,369,664 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WMPhoto.dll

[2011/05/08 02:43:11 | 000,195,584 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dxdiagn.dll

[2011/05/08 02:43:11 | 000,189,440 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WindowsCodecsExt.dll

[2011/05/08 02:43:10 | 000,321,024 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\PhotoMetadataHandler.dll

[2011/05/08 02:43:10 | 000,252,928 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dxdiag.exe

[2011/05/08 02:43:09 | 000,519,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3d11.dll

[2011/05/08 02:41:29 | 000,030,208 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WPDShextAutoplay.exe

[2011/05/08 02:41:28 | 000,031,232 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\BthMtpContextHandler.dll

[2011/05/08 02:41:20 | 000,060,928 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\PortableDeviceConnectApi.dll

[2011/05/08 02:41:15 | 000,033,280 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WpdConns.dll

[2011/05/08 02:41:14 | 000,546,816 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wpd_ci.dll

[2011/05/08 02:41:14 | 000,061,952 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WpdMtpUS.dll

[2011/05/08 02:41:13 | 000,350,208 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WPDSp.dll

[2011/05/08 02:41:13 | 000,334,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\PortableDeviceApi.dll

[2011/05/08 02:41:13 | 000,226,816 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WpdMtp.dll

[2011/05/08 02:41:13 | 000,196,608 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\PortableDeviceWMDRM.dll

[2011/05/08 02:41:13 | 000,160,256 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\PortableDeviceTypes.dll

[2011/05/08 02:41:13 | 000,100,864 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\PortableDeviceClassExtension.dll

[2011/05/08 02:38:21 | 000,004,096 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\oleaccrc.dll

[2011/05/08 02:38:19 | 000,555,520 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\UIAutomationCore.dll

[2011/05/08 02:08:02 | 000,714,240 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\timedate.cpl

[2011/05/08 02:07:50 | 001,696,256 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\gameux.dll

[2011/05/08 02:06:17 | 000,471,552 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\secproc_isv.dll

[2011/05/08 02:06:17 | 000,471,552 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\secproc.dll

[2011/05/08 02:06:15 | 000,526,336 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\RMActivate_isv.exe

[2011/05/08 02:06:15 | 000,518,144 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\RMActivate.exe

[2011/05/08 02:06:15 | 000,347,136 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\RMActivate_ssp.exe

[2011/05/08 02:06:15 | 000,346,624 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\RMActivate_ssp_isv.exe

[2011/05/08 02:06:14 | 000,332,288 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msdrm.dll

[2011/05/08 02:06:14 | 000,152,576 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\secproc_ssp_isv.dll

[2011/05/08 02:06:14 | 000,152,064 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\secproc_ssp.dll

[2011/05/08 01:59:48 | 000,310,784 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\unregmp2.exe

[2011/05/06 10:50:09 | 000,000,000 | ---D | C] -- C:\Users\Emmanuel\AppData\Roaming\Malwarebytes

[2011/05/06 10:49:54 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys

[2011/05/06 10:49:54 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware

[2011/05/06 10:49:52 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes

[2011/05/06 10:49:48 | 000,020,952 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys

[2011/05/06 10:49:48 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware

[2011/05/04 11:23:56 | 000,000,000 | ---D | C] -- C:\Program Files\Hewlett-Packard

[2011/05/02 15:17:42 | 000,000,000 | ---D | C] -- C:\Users\Emmanuel\AppData\Roaming\RoboForm

[2011/05/02 15:11:02 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\RoboForm

[2011/05/02 10:58:02 | 001,481,496 | -H-- | C] (Dynamic Internet Technology, Inc.) -- C:\Users\Emmanuel\Desktop\fg710p.exe

[2011/04/24 15:29:11 | 000,000,000 | ---D | C] -- C:\Users\Emmanuel\Desktop\Marketing Documents

========== Files - Modified Within 30 Days ==========

[2011/05/10 02:21:04 | 000,001,073 | -H-- | M] () -- C:\Users\Emmanuel\Desktop\fg.ini

[2011/05/10 02:16:54 | 000,003,616 | ---- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0

[2011/05/10 02:16:54 | 000,003,616 | ---- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0

[2011/05/09 23:48:26 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat

[2011/05/09 22:35:12 | 000,002,555 | ---- | M] () -- C:\Users\Emmanuel\Application Data\Microsoft\Internet Explorer\Quick Launch\Microsoft Excel 2010.lnk

[2011/05/09 18:32:58 | 000,002,597 | ---- | M] () -- C:\Users\Emmanuel\Application Data\Microsoft\Internet Explorer\Quick Launch\Microsoft Word 2010.lnk

[2011/05/09 14:00:59 | 000,002,357 | ---- | M] () -- C:\Users\Emmanuel\Application Data\Microsoft\Internet Explorer\Quick Launch\Outlook 2010.lnk

[2011/05/09 12:45:53 | 000,751,468 | ---- | M] () -- C:\Windows\System32\perfh00C.dat

[2011/05/09 12:45:53 | 000,674,182 | ---- | M] () -- C:\Windows\System32\perfh009.dat

[2011/05/09 12:45:53 | 000,431,304 | ---- | M] () -- C:\Windows\System32\prfh0404.dat

[2011/05/09 12:45:53 | 000,421,940 | ---- | M] () -- C:\Windows\System32\prfh0804.dat

[2011/05/09 12:45:53 | 000,152,004 | ---- | M] () -- C:\Windows\System32\perfc00C.dat

[2011/05/09 12:45:53 | 000,127,904 | ---- | M] () -- C:\Windows\System32\perfc009.dat

[2011/05/09 12:45:53 | 000,127,458 | ---- | M] () -- C:\Windows\System32\prfc0404.dat

[2011/05/09 12:45:53 | 000,127,446 | ---- | M] () -- C:\Windows\System32\prfc0804.dat

[2011/05/09 12:20:43 | 000,000,438 | ---- | M] () -- C:\Windows\System32\drivers\etc\hosts.ics

[2011/05/09 12:17:25 | 000,065,536 | ---- | M] () -- C:\Windows\System32\Ikeext.etl

[2011/05/09 11:38:02 | 000,000,052 | ---- | M] () -- C:\Windows\System32\ashttpstats.csv

[2011/05/09 11:37:53 | 000,003,204 | ---- | M] () -- C:\Windows\bthservsdp.dat

[2011/05/08 20:45:54 | 000,000,512 | ---- | M] () -- C:\PhysicalMBR.bin

[2011/05/08 19:42:04 | 007,571,368 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT

[2011/05/08 14:51:23 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Users\Emmanuel\Desktop\OTL.exe

[2011/05/08 10:28:45 | 000,000,908 | ---- | M] () -- C:\Users\Emmanuel\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk

[2011/05/08 03:58:52 | 000,146,944 | ---- | M] () -- C:\Users\Emmanuel\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini

[2011/05/08 03:29:19 | 000,008,798 | ---- | M] () -- C:\Windows\System32\icrav03.rat

[2011/05/08 03:29:19 | 000,001,988 | ---- | M] () -- C:\Windows\System32\ticrf.rat

[2011/05/08 03:28:55 | 000,161,792 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\msls31.dll

[2011/05/08 03:28:55 | 000,065,024 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\jsproxy.dll

[2011/05/08 03:28:54 | 000,162,304 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\msrating.dll

[2011/05/08 03:28:53 | 000,176,640 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\ieui.dll

[2011/05/08 03:28:53 | 000,086,528 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\iesysprep.dll

[2011/05/08 03:28:53 | 000,076,800 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\SetIEInstalledDate.exe

[2011/05/08 03:28:53 | 000,074,752 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\RegisterIEPKEYs.exe

[2011/05/08 03:28:53 | 000,048,640 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\mshtmler.dll

[2011/05/08 03:28:51 | 000,367,104 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\html.iec

[2011/05/08 03:28:51 | 000,353,792 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\dxtmsft.dll

[2011/05/08 03:28:51 | 000,223,232 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\dxtrans.dll

[2011/05/08 03:28:50 | 003,695,416 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\ieapfltr.dat

[2011/05/08 03:28:50 | 000,434,176 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\ieapfltr.dll

[2011/05/08 03:28:49 | 001,427,456 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\inetcpl.cpl

[2011/05/08 03:28:49 | 000,353,584 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\iedkcs32.dll

[2011/05/08 03:28:49 | 000,231,936 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\url.dll

[2011/05/08 03:28:49 | 000,074,752 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\iesetup.dll

[2011/05/08 03:28:49 | 000,074,240 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\ie4uinit.exe

[2011/05/08 03:28:49 | 000,072,822 | ---- | M] () -- C:\Windows\System32\ieuinit.inf

[2011/05/08 03:28:49 | 000,031,744 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\iernonce.dll

[2011/05/08 03:28:48 | 000,580,608 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\msfeeds.dll

[2011/05/08 03:28:48 | 000,152,064 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\wextract.exe

[2011/05/08 03:28:48 | 000,150,528 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\iexpress.exe

[2011/05/08 03:28:48 | 000,078,848 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\inseng.dll

[2011/05/08 03:28:48 | 000,023,552 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\licmgr10.dll

[2011/05/08 03:28:47 | 000,420,864 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\vbscript.dll

[2011/05/08 03:28:46 | 002,382,848 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\mshtml.tlb

[2011/05/08 03:28:46 | 000,142,848 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\ieUnatt.exe

[2011/05/08 03:28:46 | 000,054,272 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\pngfilt.dll

[2011/05/08 03:28:44 | 000,101,888 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\admparse.dll

[2011/05/08 03:28:43 | 000,227,840 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\ieaksie.dll

[2011/05/08 03:28:42 | 000,163,840 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\ieakui.dll

[2011/05/08 03:28:39 | 001,797,632 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\jscript9.dll

[2011/05/08 03:28:39 | 000,716,800 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\jscript.dll

[2011/05/08 03:28:38 | 000,035,840 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\imgutil.dll

[2011/05/08 03:28:34 | 000,118,784 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\iepeers.dll

[2011/05/08 03:28:30 | 000,041,472 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\msfeedsbs.dll

[2011/05/08 03:28:30 | 000,010,752 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\msfeedssync.exe

[2011/05/08 03:28:28 | 000,110,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\IEAdvpack.dll

[2011/05/08 03:28:27 | 000,130,560 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\ieakeng.dll

[2011/05/08 03:26:15 | 000,979,456 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\MFH264Dec.dll

[2011/05/08 03:26:14 | 000,357,376 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\MFHEAACdec.dll

[2011/05/08 03:26:13 | 000,302,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\mfmp4src.dll

[2011/05/08 03:26:12 | 000,261,632 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\mfreadwrite.dll

[2011/05/08 03:26:11 | 002,873,344 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\mf.dll

[2011/05/08 03:26:09 | 000,098,816 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\mfps.dll

[2011/05/08 03:26:05 | 000,209,920 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\mfplat.dll

[2011/05/08 03:25:48 | 000,683,008 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\d2d1.dll

[2011/05/08 03:25:48 | 000,135,680 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\XpsRasterService.dll

[2011/05/08 03:25:46 | 000,486,400 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\d3d10level9.dll

[2011/05/08 03:25:45 | 001,172,480 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\d3d10warp.dll

[2011/05/08 03:25:44 | 000,219,648 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\d3d10_1core.dll

[2011/05/08 03:25:44 | 000,160,768 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\d3d10_1.dll

[2011/05/08 03:25:43 | 001,029,120 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\d3d10.dll

[2011/05/08 03:25:43 | 000,189,952 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\d3d10core.dll

[2011/05/08 03:25:42 | 000,478,720 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\dxgi.dll

[2011/05/08 03:25:41 | 000,037,376 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\cdd.dll

[2011/05/08 03:25:40 | 000,667,648 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\printfilterpipelinesvc.exe

[2011/05/08 03:25:40 | 000,026,112 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\printfilterpipelineprxy.dll

[2011/05/08 03:25:38 | 000,847,360 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\OpcServices.dll

[2011/05/08 03:25:37 | 001,554,432 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\xpsservices.dll

[2011/05/08 02:49:00 | 000,000,000 | -H-- | M] () -- C:\Windows\System32\drivers\Msft_User_WpdMtpDr_01_07_00.Wdf

[2011/05/08 02:46:52 | 000,000,000 | -H-- | M] () -- C:\Windows\System32\drivers\Msft_User_WpdFs_01_07_00.Wdf

[2011/05/07 21:57:03 | 634,498,416 | ---- | M] () -- C:\Windows\MEMORY.DMP

[2011/05/07 16:38:34 | 000,000,020 | ---- | M] () -- C:\Users\Emmanuel\defogger_reenable

[2011/05/06 17:11:00 | 007,450,289 | ---- | M] () -- C:\Users\Emmanuel\Desktop\Cities of Love in Chinese.icml

[2011/05/02 18:52:04 | 000,004,096 | -H-- | M] () -- C:\Users\Emmanuel\AppData\Local\keyfile3.drm

[2011/05/02 14:05:03 | 000,000,835 | ---- | M] () -- C:\Users\Emmanuel\Application Data\Microsoft\Internet Explorer\Quick Launch\Mozilla Firefox.lnk

[2011/05/02 13:08:01 | 000,000,476 | ---- | M] () -- C:\Users\Emmanuel\Application Data\Microsoft\Internet Explorer\Quick Launch\fg710p.exe - Raccourci.lnk

[2011/05/02 11:18:03 | 000,003,136 | ---- | M] () -- C:\Windows\System32\ASProxy.ini

[2011/05/02 11:18:03 | 000,001,968 | ---- | M] () -- C:\Windows\System32\ASProxyOff.ini

[2011/04/29 14:26:34 | 000,000,501 | ---- | M] () -- C:\Users\Emmanuel\Desktop\Shanghai Presentation files - Raccourci.lnk

[2011/04/25 09:31:40 | 000,560,553 | ---- | M] () -- C:\Users\Emmanuel\Desktop\Shanghai - Photographic Presentation.pdf

[2011/04/22 19:30:06 | 001,634,304 | ---- | M] () -- C:\Users\Emmanuel\Desktop\SILY Transition Team in Ch.indd

[2011/04/22 19:24:48 | 002,199,552 | ---- | M] () -- C:\Users\Emmanuel\Desktop\SILY Directors Cards in Ch.indd

[2011/04/14 21:41:30 | 002,954,072 | ---- | M] () -- C:\Users\Emmanuel\Desktop\Cannes 2011.pdf

[2011/04/13 14:07:44 | 001,481,496 | -H-- | M] (Dynamic Internet Technology, Inc.) -- C:\Users\Emmanuel\Desktop\fg710p.exe

========== Files Created - No Company Name ==========

[2011/05/08 20:45:54 | 000,000,512 | ---- | C] () -- C:\PhysicalMBR.bin

[2011/05/08 15:22:20 | 000,201,184 | ---- | C] () -- C:\Windows\System32\winrm.vbs

[2011/05/08 15:22:20 | 000,002,426 | ---- | C] () -- C:\Windows\System32\WsmTxt.xsl

[2011/05/08 15:22:19 | 000,004,675 | ---- | C] () -- C:\Windows\System32\wsmanconfig_schema.xml

[2011/05/08 10:28:45 | 000,000,914 | ---- | C] () -- C:\Users\Emmanuel\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk

[2011/05/08 10:28:45 | 000,000,908 | ---- | C] () -- C:\Users\Emmanuel\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk

[2011/05/08 03:28:49 | 000,072,822 | ---- | C] () -- C:\Windows\System32\ieuinit.inf

[2011/05/08 02:49:00 | 000,000,000 | -H-- | C] () -- C:\Windows\System32\drivers\Msft_User_WpdMtpDr_01_07_00.Wdf

[2011/05/08 02:46:52 | 000,000,000 | -H-- | C] () -- C:\Windows\System32\drivers\Msft_User_WpdFs_01_07_00.Wdf

[2011/05/07 16:37:35 | 000,000,020 | ---- | C] () -- C:\Users\Emmanuel\defogger_reenable

[2011/05/06 17:11:00 | 007,450,289 | ---- | C] () -- C:\Users\Emmanuel\Desktop\Cities of Love in Chinese.icml

[2011/05/05 19:24:35 | 001,634,304 | ---- | C] () -- C:\Users\Emmanuel\Desktop\SILY Transition Team in Ch.indd

[2011/05/05 19:24:34 | 002,199,552 | ---- | C] () -- C:\Users\Emmanuel\Desktop\SILY Directors Cards in Ch.indd

[2011/05/02 18:52:04 | 000,004,096 | -H-- | C] () -- C:\Users\Emmanuel\AppData\Local\keyfile3.drm

[2011/05/02 13:08:01 | 000,000,476 | ---- | C] () -- C:\Users\Emmanuel\Application Data\Microsoft\Internet Explorer\Quick Launch\fg710p.exe - Raccourci.lnk

[2011/05/02 13:01:56 | 000,001,073 | -H-- | C] () -- C:\Users\Emmanuel\Desktop\fg.ini

[2011/04/29 14:26:34 | 000,000,501 | ---- | C] () -- C:\Users\Emmanuel\Desktop\Shanghai Presentation files - Raccourci.lnk

[2011/04/25 09:30:33 | 000,560,553 | ---- | C] () -- C:\Users\Emmanuel\Desktop\Shanghai - Photographic Presentation.pdf

[2011/04/14 21:41:30 | 002,954,072 | ---- | C] () -- C:\Users\Emmanuel\Desktop\Cannes 2011.pdf

[2011/01/15 19:16:45 | 000,000,000 | ---- | C] () -- C:\Users\Emmanuel\AppData\Roaming\chrtmp

[2010/12/31 10:02:15 | 000,000,132 | ---- | C] () -- C:\Users\Emmanuel\AppData\Roaming\Adobe PNG Format CS5 Prefs

[2010/11/01 00:05:52 | 000,001,968 | ---- | C] () -- C:\Windows\System32\ASProxyOff.ini

[2010/11/01 00:05:51 | 000,003,136 | ---- | C] () -- C:\Windows\System32\ASProxy.ini

[2010/08/02 11:06:12 | 000,038,431 | ---- | C] () -- C:\Users\Emmanuel\AppData\Roaming\Comma Separated Values (DOS).ADR

[2010/06/13 13:46:30 | 000,000,000 | ---- | C] () -- C:\Windows\System32\pcwords2.dat

[2010/06/13 13:46:30 | 000,000,000 | ---- | C] () -- C:\Windows\System32\pcwords.dat

[2010/06/13 13:46:29 | 000,000,000 | ---- | C] () -- C:\Windows\System32\pc_webproxy.dat

[2010/06/13 13:46:29 | 000,000,000 | ---- | C] () -- C:\Windows\System32\pc_video.dat

[2010/06/13 13:46:29 | 000,000,000 | ---- | C] () -- C:\Windows\System32\pc_tabloids.dat

[2010/06/13 13:46:29 | 000,000,000 | ---- | C] () -- C:\Windows\System32\pc_socialnetworks.dat

[2010/06/13 13:46:29 | 000,000,000 | ---- | C] () -- C:\Windows\System32\pc_searchengines.dat

[2010/06/13 13:46:29 | 000,000,000 | ---- | C] () -- C:\Windows\System32\pc_regionaltlds.dat

[2010/06/13 13:46:29 | 000,000,000 | ---- | C] () -- C:\Windows\System32\pc_pornography.dat

[2010/06/13 13:46:29 | 000,000,000 | ---- | C] () -- C:\Windows\System32\pc_onlineshop.dat

[2010/06/13 13:46:29 | 000,000,000 | ---- | C] () -- C:\Windows\System32\pc_onlinepay.dat

[2010/06/13 13:46:29 | 000,000,000 | ---- | C] () -- C:\Windows\System32\pc_onlinedating.dat

[2010/06/13 13:46:29 | 000,000,000 | ---- | C] () -- C:\Windows\System32\pc_news.dat

[2010/06/13 13:46:29 | 000,000,000 | ---- | C] () -- C:\Windows\System32\pc_im.dat

[2010/06/13 13:46:29 | 000,000,000 | ---- | C] () -- C:\Windows\System32\pc_illegal.dat

[2010/06/13 13:46:29 | 000,000,000 | ---- | C] () -- C:\Windows\System32\pc_hate.dat

[2010/06/13 13:46:29 | 000,000,000 | ---- | C] () -- C:\Windows\System32\pc_games.dat

[2010/06/13 13:46:29 | 000,000,000 | ---- | C] () -- C:\Windows\System32\pc_gambling.dat

[2010/06/13 13:46:29 | 000,000,000 | ---- | C] () -- C:\Windows\System32\pc_drugs.dat

[2010/01/26 14:20:07 | 000,000,760 | ---- | C] () -- C:\Users\Emmanuel\AppData\Roaming\setup_ldm.iss

[2010/01/17 11:17:08 | 000,000,164 | ---- | C] () -- C:\Windows\install.dat

[2010/01/05 18:25:22 | 000,000,050 | ---- | C] () -- C:\Windows\MegaManager.INI

[2009/12/31 12:27:14 | 000,000,156 | ---- | C] () -- C:\Windows\WININIT.INI

[2009/12/29 15:05:37 | 000,403,344 | ---- | C] () -- C:\Windows\System32\CMBEdit.dll

[2009/12/29 15:05:33 | 000,337,816 | ---- | C] () -- C:\Windows\System32\Cmb_Pb_LiveUpdate.exe

[2009/12/29 15:05:33 | 000,100,240 | ---- | C] () -- C:\Windows\System32\CmbSafeBase.dll

[2009/12/29 15:05:33 | 000,011,808 | ---- | C] () -- C:\Windows\System32\drivers\CertClient.dat

[2009/12/29 15:05:33 | 000,010,272 | ---- | C] () -- C:\Windows\System32\drivers\CMBProtector.dat

[2009/12/29 15:05:32 | 000,611,736 | ---- | C] () -- C:\Windows\System32\CMBPBUninstall.exe

[2009/12/29 15:05:32 | 000,472,976 | ---- | C] () -- C:\Windows\System32\PBHttpComm.dll

[2009/12/29 15:05:32 | 000,186,264 | ---- | C] () -- C:\Windows\System32\PersonalBankPortal.exe

[2009/12/15 13:58:10 | 000,018,760 | ---- | C] () -- C:\Windows\System32\QQVistaHelper.dll

[2009/11/06 12:00:28 | 000,031,088 | ---- | C] () -- C:\Windows\System32\wrLZMA.dll

[2009/11/06 12:00:20 | 000,016,240 | ---- | C] () -- C:\Windows\System32\SsiEfr.exe

[2009/09/11 07:53:29 | 000,001,356 | ---- | C] () -- C:\Users\Emmanuel\AppData\Local\d3d9caps.dat

[2009/08/27 15:25:33 | 000,025,736 | ---- | C] () -- C:\Windows\System32\drivers\swmsflt.sys

[2009/07/06 04:23:56 | 000,117,248 | ---- | C] () -- C:\Windows\System32\EhStorAuthn.dll

[2009/07/06 04:23:56 | 000,107,612 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchema.bin

[2009/07/06 04:21:55 | 000,062,976 | ---- | C] () -- C:\Windows\System32\PrintBrmUi.exe

[2009/05/27 15:16:48 | 000,000,015 | ---- | C] () -- C:\Program Files\winreg.ini

[2009/05/27 15:14:27 | 000,059,392 | ---- | C] () -- C:\Windows\System32\Win32Printer.dll

[2009/04/22 21:39:09 | 000,242,176 | ---- | C] () -- C:\Windows\System32\fixflash.exe

[2009/04/22 21:39:08 | 000,129,024 | ---- | C] () -- C:\Windows\System32\AVERM.dll

[2009/04/22 21:39:08 | 000,028,672 | ---- | C] () -- C:\Windows\System32\AVEQT.dll

[2009/03/08 03:11:28 | 000,000,206 | ---- | C] () -- C:\Windows\EurekaLog.ini

[2009/02/21 19:22:14 | 000,047,360 | ---- | C] () -- C:\Windows\System32\drivers\Surroundhp_kern_i386.sys

[2009/02/21 19:22:14 | 000,047,104 | ---- | C] () -- C:\Windows\System32\drivers\tshd4_kern_i386.sys

[2009/02/21 19:22:14 | 000,042,112 | ---- | C] () -- C:\Windows\System32\drivers\csiidecoder_kern_i386.sys

[2009/02/21 19:22:14 | 000,039,808 | ---- | C] () -- C:\Windows\System32\drivers\SRS_SSCFilter_i386.sys

[2009/01/31 19:45:48 | 000,431,304 | ---- | C] () -- C:\Windows\System32\prfh0404.dat

[2009/01/31 19:45:48 | 000,127,458 | ---- | C] () -- C:\Windows\System32\prfc0404.dat

[2009/01/31 19:45:48 | 000,116,540 | ---- | C] () -- C:\Windows\System32\prfi0404.dat

[2009/01/31 19:45:48 | 000,109,926 | ---- | C] () -- C:\Windows\System32\prfi0804.dat

[2009/01/31 19:45:48 | 000,030,674 | ---- | C] () -- C:\Windows\System32\prfd0404.dat

[2009/01/31 19:45:47 | 000,421,940 | ---- | C] () -- C:\Windows\System32\prfh0804.dat

[2009/01/31 19:45:47 | 000,127,446 | ---- | C] () -- C:\Windows\System32\prfc0804.dat

[2009/01/31 19:45:47 | 000,030,674 | ---- | C] () -- C:\Windows\System32\prfd0804.dat

[2009/01/20 21:07:09 | 000,000,256 | ---- | C] () -- C:\Windows\System32\pool.bin

[2009/01/19 21:55:49 | 000,000,418 | RHS- | C] () -- C:\ProgramData\ntuser.pol

[2009/01/19 21:50:01 | 000,000,056 | ---- | C] () -- C:\Windows\System32\ezsidmv.dat

[2009/01/15 13:45:34 | 000,181,248 | ---- | C] () -- C:\Windows\System32\txmlutil.dll

[2008/10/27 19:46:09 | 000,000,196 | ---- | C] () -- C:\Windows\ulead32.ini

[2008/10/15 03:00:05 | 000,000,026 | -H-- | C] () -- C:\ProgramData\.119889580931711767808769176

[2008/10/15 02:56:18 | 000,000,021 | -H-- | C] () -- C:\ProgramData\.24554863501262644635642126105

[2008/10/05 15:42:34 | 000,000,080 | ---- | C] () -- C:\Windows\System32\DCDA1745C1.dll

[2008/09/12 09:28:50 | 000,034,308 | ---- | C] () -- C:\Windows\System32\BASSMOD.dll

[2008/09/02 08:17:56 | 000,146,944 | ---- | C] () -- C:\Users\Emmanuel\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini

[2008/09/02 04:20:32 | 000,002,560 | ---- | C] () -- C:\Windows\_MSRSTRT.EXE

[2008/08/30 22:05:11 | 002,463,976 | ---- | C] () -- C:\Windows\System32\NPSWF32.dll

[2008/08/29 08:25:33 | 000,751,468 | ---- | C] () -- C:\Windows\System32\perfh00C.dat

[2008/08/29 08:25:33 | 000,340,236 | ---- | C] () -- C:\Windows\System32\perfi00C.dat

[2008/08/29 08:25:33 | 000,152,004 | ---- | C] () -- C:\Windows\System32\perfc00C.dat

[2008/08/29 08:25:33 | 000,037,390 | ---- | C] () -- C:\Windows\System32\perfd00C.dat

[2008/08/29 07:56:06 | 000,018,904 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchemaTrivial.bin

[2008/06/18 07:34:16 | 000,000,000 | ---- | C] () -- C:\Windows\VAIOUpdt.INI

[2008/06/18 06:41:36 | 000,168,883 | ---- | C] () -- C:\Windows\System32\atiicdxx.dat

[2008/06/18 06:41:36 | 000,159,744 | ---- | C] () -- C:\Windows\System32\atitmmxx.dll

[2008/06/18 06:41:36 | 000,090,112 | ---- | C] () -- C:\Windows\System32\atibrtmon.exe

[2008/06/18 06:41:16 | 000,147,456 | ---- | C] () -- C:\Windows\System32\igfxCoIn_v1493.dll

[2008/06/18 06:41:16 | 000,004,608 | ---- | C] () -- C:\Windows\System32\HdmiCoin.dll

[2008/06/18 06:11:41 | 000,000,031 | ---- | C] () -- C:\Windows\System32\elcric.dat

[2008/06/18 05:59:29 | 000,000,000 | ---- | C] () -- C:\Windows\ativpsrm.bin

[2008/06/18 05:53:54 | 003,107,788 | ---- | C] () -- C:\Windows\System32\atiumdva.dat

[2008/06/18 05:50:39 | 000,003,204 | ---- | C] () -- C:\Windows\bthservsdp.dat

[2008/01/21 10:23:41 | 000,081,158 | ---- | C] () -- C:\Windows\System32\manage-bde.ini.en

[2007/10/31 01:44:52 | 000,393,216 | ---- | C] () -- C:\Windows\System32\btwhidcs.dll

[2007/06/06 04:20:32 | 000,177,704 | ---- | C] () -- C:\Windows\System32\PSIService.exe

[2007/04/16 18:24:16 | 000,023,752 | ---- | C] () -- C:\Windows\System32\providers.bin

[2007/01/31 14:50:32 | 000,913,408 | ---- | C] () -- C:\Windows\System32\xreglib.dll

[2006/11/02 20:55:52 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat

[2006/11/02 20:46:27 | 007,571,368 | ---- | C] () -- C:\Windows\System32\FNTCACHE.DAT

[2006/11/02 20:34:20 | 000,005,632 | ---- | C] () -- C:\Windows\System32\sysprepMCE.dll

[2006/11/02 18:33:01 | 000,674,182 | ---- | C] () -- C:\Windows\System32\perfh009.dat

[2006/11/02 18:33:01 | 000,287,440 | ---- | C] () -- C:\Windows\System32\perfi009.dat

[2006/11/02 18:33:01 | 000,127,904 | ---- | C] () -- C:\Windows\System32\perfc009.dat

[2006/11/02 18:33:01 | 000,030,674 | ---- | C] () -- C:\Windows\System32\perfd009.dat

[2006/11/02 18:23:21 | 000,215,943 | ---- | C] () -- C:\Windows\System32\dssec.dat

[2006/11/02 16:58:30 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin

[2006/11/02 16:19:00 | 000,000,741 | ---- | C] () -- C:\Windows\System32\NOISE.DAT

[2006/11/02 15:40:29 | 000,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini

[2006/11/02 15:25:31 | 000,673,088 | ---- | C] () -- C:\Windows\System32\mlang.dat

[2001/11/15 04:56:00 | 001,802,240 | ---- | C] () -- C:\Windows\System32\lcppn21.dll

< End of report >

Beauregard · le 10 mai 2011

Pour info...

1/

Lorsque OTL a fait la manœuvre sur les fichiers HOSTS, explorer.exe s'est arrêté.

Au redémarrage, OTL avait créé le fichier texte suivant:

Files\Folders moved on Reboot...

File\Folder C:\Windows\temp\TMP0000006B45334AFF71D2D665 not found!

C:\Windows\System32\drivers\etc\Hosts moved successfully.

Registry entries deleted on Reboot...

2/

J'ai verifie un certain nombre de fichiers HOSTS listes dans le rapport, ils sont bien a leur place dans le disque dur.

3/

Concernant le PM, voila: la photo de mon profil vient en effet de mon disque dur mais ce n'est pas moi qui l'ai placée sur mon profil et je ne sais comment elle est arrivée la. As-tu une explication? Etrange.

Merci,

Beauregard

Modifié le 10 mai 2011 par Beauregard

lance_yien · le 10 mai 2011

...

3/

Concernant le PM, voila: la photo de mon profil vient en effet de mon disque dur mais ce n'est pas moi qui l'ai placée sur mon profil et je ne sais comment elle est arrivée la. As-tu une explication? Etrange.

Je ne sais pas comment elle est arrivée là. En tout cas pas toute seule et personne d'autre ne peut modifier les paramètres personnels de quelqu'un d'autre à moins d'avoir l'identifiant et le mot de passe.

Si tu veux plus de détails contacte un modo.

Ce que je sais c'est que tu peux l'effacer en cliquant sur "Effacer mon avatar" (juste en dessous de ton image dans ton profil).

--

Si tu n'as plus de problèmes avec ta machine,

>>> Supprimer les utilitaires:

- Lancer OTL et cliquer sur Purge outils. Laisser faire et redémarrer le PC.

- Pour supprimer les autres utilitaires et leur rapports, cliquer-droit dessus => "Supprimer".

>>> Ré-initialiser les Points de Restauration parce qu'elles peuvent contenir des traces d'infection:

Cliquer-droit sur "Ordinateur" => "Propriétés" => "Système" => "Protection Système". Décocher la case devant le nom de la partition système (généralement C:) et laisser faire.

Quand c'est fini cocher cette même case => "OK" et redémarrer le PC.

Un nouveau point de restauration sera créé.

>>> Vérifier/ Activer l'UAC: Parce qu'il y a de plus en plus de malware qui exploitent la désactivation de l'UAC (contrôle de compte utilisateur) de Windows (Vista et W7) pour installer des rootkits, garder ce module activé même s'il paraît, des fois, énervant:

Cliquer sur "Démarrer" => "Panneau de configuration". Cliquer sur " Comptes d'utilisateurs..." => "Activer ou désactiver le contrôle des comptes d'utilisateurs". Cocher la case "Utiliser le Contrôle des Comptes d'utilisateurs pour vous aider..." => OK.

Redémarrer le PC quand c'est demandé.

>>> Protéger/ Sécuriser:

Vérifier le Pare-feu: Un pare-feu est le 1er rempart contre les intrusions.
- Ceux de Vista/ Windows 7 peuvent suffire, juste contrôler et activer si nécessaire depuis le "Centre de sécurité".
- Celui inclus dans Windows XP ne contrôle pas le flux sortant d'Internet d'où l'importance d'en installer un autre.
Vérifier et choisir, si nécessaire, un parmi ceux-ci (gratuits): Online Armor Firewall, Sunbelt Personal Firewall, Outpost Firewall FREE.
Contrôler et configurer les mises à jour Windows:
- Cliquer ICI et installer toutes les Mises à jour critiques après avoir accepté l'installation de l'activex (si proposé).
- OU, cliquer sur "Démarrer" => "Tous les programmes" => "Windows update".
- ET, optez (si ce n'est pas encore fait) pour une MAJ Automatique à une heure où vous êtes sûr que votre PC n'est pas éteint.
Installer PSI de Secunia pour des MAJ logiciels
Installer Mes drivers pour des MAJ pilotes (cliquer sur Lancer la détection
Utiliser PC Pitstop pour Optimiser votre PC (en anglais)
Sauvegarder le Registre avec Erunt
Pour des raisons évidentes, garder les copies de sauvegarde sur un support autre que le disque système.
Immunisez votre machine avec Spyware Blaster, compatible avec Toutes les versions de Windows 32bit et 64bit. Tuto.
Vaccinez votre machine et vos médias amovibles (clés USB...) avec MKV contre les "vers" (Autorun worms). Juste brancher tous les médias amovibles, lancer le programme et cliquer sur le bouton Vaccination (l'action est réversible en cliquant sur "Supprimer la vaccination".
Opter pour Firefox ou Opera pour la navigation de tous les jours et réserver Internet Explorer pour les Mises à jour et les cas bien spécifiques.
Nettoyer et dé-fragmenter, régulièrement, les Partitions/ Disques.

>>> Ce qu'il faut ÉVITER ABSOLUMENT: Parce qu'il existe toujours un programme/logiciel gratuit et légal pour pratiquement tout ce qu'on veut, supprimer de votre machine et rester à l'écart de tout ce qui est,

Warez , Crack , keygen etc. Arrêter de croire que ces programmes sont là juste pour faire plaisir ou rendre service. Il n'y a qu'à parcourir les Forums pour voir le nombre de PC victimes de ces programmes.
P2P , *.Torrent etc: Lire attentivement Le danger des P2P.

>>> Ajouter Résolu: Merci d'éditer ton 1er post pour ajouter [Résolu] à la fin du titre après avoir cliqué sur le bouton "Modifier".

Bonne chance!

Connexion

Pas encore inscrit ?

Infection Rootkit TDLR4@MBR

Messages recommandés

lance_yien

Beauregard

lance_yien

Beauregard

Beauregard

Beauregard

lance_yien

Rejoindre la conversation

En ligne récemment 0 membre est en ligne

Zebulon

Outils en ligne

Naviguer