Il y a actuellement 133 visiteurs
Vendredi 27 Décembre 2024
accueilactualitésdossierscomparer les prixtélécharger gratuitement vos logicielsoffres d'emploiforum informatique
Connexion
Créer un compte

PERSONAL SHIELD PRO • page 2

Un ordinateur qui ralentit, des écrans publicitaires qui apparaissent, des applications qui refusent de démarrer ou encore votre navigateur qui s'obstine à ouvrir une page douteuse sont autant d'éléments qui indiquent que l'intégrité de votre ordinateur est menacée par un virus. Vous trouverez dans ce forum quelques conseils et logiciels pour surfer tranquillement.
Règles du forum
Pour afficher un rapport d'analyse ou un rapport d'infection (HijackThis, OTL, AdwCleaner etc...)‎, veuillez utiliser le système de fichiers joints interne au forum. Seuls les formats les .txt et .log de moins de 1Mo sont acceptés. Pour obtenir de l'aide pour insérer vos fichiers joints, veuillez consulter ce tutoriel

Re: PERSONAL SHIELD PRO

Message le 25 Juil 2011 13:03

re,

le rapport se trouve ici normalement >> C:\TDSSKiller_Quarantine\DATE_HEURE, !

est-ce qu'il est présent ?
Avatar de l'utilisateur
jeanmimigab
PC-Infopraticien
PC-Infopraticien
 
Messages: 2986
Inscription: 29 Nov 2009 12:05
 


Re: PERSONAL SHIELD PRO

Message le 25 Juil 2011 14:29

je ne trouve rien, en sachant que quand le scann a terminé il était marqué "infected:not found" et on ne ma jamais demandé de redémarré l'ordinateur
sof42
Apprenti(e) Expert(e)
Apprenti(e) Expert(e)
 
Messages: 104
Inscription: 07 Nov 2010 12:00
 

Re: PERSONAL SHIELD PRO

Message le 25 Juil 2011 14:59

re,

Fais cela stp...

Télécharge Combofix sur ton Bureau (et pas ailleurs)

Fait un clic-droit sur l'icône de ComboFix.exe et choisie "Exécuter en tant qu'administrateur" pour démarrer le scan et suis les instructions indiquées par combofix.
Lorsque le scan sera complet, un rapport apparaîtra, enregistre le sur ton bureau.
Redémarre impérativement ton pc !!
Copie/colle le rapport combofix dans ta prochaine réponse

NOTE : Le rapport se trouve également ici : C:\Combofix.txt
NOTE : Ne pas cliquer dans la fenêtre de Combofix durant l'analyse ; ceci provoquerait le gel du programme.
Avatar de l'utilisateur
jeanmimigab
PC-Infopraticien
PC-Infopraticien
 
Messages: 2986
Inscription: 29 Nov 2009 12:05
 

Re: PERSONAL SHIELD PRO

Message le 25 Juil 2011 16:17

re,

Voici le rapport:
Code: Tout sélectionner
ComboFix 11-07-25.02 - EF 25/07/2011  16:28:10.1.1 - x64
Microsoft Windows 7 Édition Familiale Premium   6.1.7600.0.1252.33.1036.18.1977.1138 [GMT 2:00]
Lancé depuis: c:\users\EF\Desktop\ComboFix.exe
AV: AntiVir Desktop *Disabled/Updated* {090F9C29-64CE-6C6F-379C-5901B49A85B7}
SP: AntiVir Desktop *Disabled/Updated* {B26E7DCD-42F4-63E1-0D2C-6273CF1DCF0A}
SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((   Autres suppressions   ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
C:\Install.exe
c:\users\EF\AppData\Roaming\.#
.
.
(((((((((((((((((((((((((((((   Fichiers créés du 2011-06-25 au 2011-07-25  ))))))))))))))))))))))))))))))))))))
.
.
2011-07-25 14:33 . 2011-07-25 14:33   --------   d-----w-   c:\users\Default\AppData\Local\temp
2011-07-25 08:34 . 2011-07-25 08:34   --------   d-----w-   C:\_OTL
2011-07-24 20:00 . 2011-07-25 11:17   512   ----a-w-   C:\PhysicalMBR.bin
2011-07-10 13:57 . 2011-07-10 13:57   --------   d-----w-   c:\program files (x86)\Winamax Poker
.
.
.
((((((((((((((((((((((((((((((((((   Compte-rendu de Find3M   ))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-07-13 18:03 . 2010-09-27 16:04   952   ----a-w-   c:\programdata\KGyGaAvL.sys
2011-06-02 05:56 . 2011-07-13 07:44   44032   ----a-w-   c:\windows\apppatch\acwow64.dll
2011-05-28 03:25 . 2011-06-16 11:59   1638912   ----a-w-   c:\windows\system32\mshtml.tlb
2011-05-28 03:00 . 2011-06-16 11:59   1638912   ----a-w-   c:\windows\SysWow64\mshtml.tlb
2011-05-04 02:51 . 2011-06-16 11:59   287744   ----a-w-   c:\windows\system32\drivers\mrxsmb10.sys
2011-05-04 02:51 . 2011-06-16 11:59   157696   ----a-w-   c:\windows\system32\drivers\mrxsmb.sys
2011-05-04 02:51 . 2011-06-16 11:59   126464   ----a-w-   c:\windows\system32\drivers\mrxsmb20.sys
2011-05-03 05:21 . 2011-06-16 11:58   976896   ----a-w-   c:\windows\system32\inetcomm.dll
2011-05-03 04:50 . 2011-06-16 11:58   740864   ----a-w-   c:\windows\SysWow64\inetcomm.dll
2011-04-29 03:13 . 2011-06-16 11:58   461312   ----a-w-   c:\windows\system32\drivers\srv.sys
2011-04-29 03:12 . 2011-06-16 11:58   399872   ----a-w-   c:\windows\system32\drivers\srv2.sys
2011-04-29 03:12 . 2011-06-16 11:58   161792   ----a-w-   c:\windows\system32\drivers\srvnet.sys
2011-04-27 02:57 . 2011-06-16 11:59   102400   ----a-w-   c:\windows\system32\drivers\dfsc.sys
.
.
(((((((((((((((((((((((((((((((((   Points de chargement Reg   ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"msnmsgr"="c:\program files (x86)\Windows Live\Messenger\msnmsgr.exe" [2009-07-26 3883856]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"LManager"="c:\program files (x86)\Launch Manager\LManager.exe" [2009-09-24 825864]
"ArcSoft Connection Service"="c:\program files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe" [2010-10-27 207424]
"SunJavaUpdateSched"="c:\program files (x86)\Java\jre6\bin\jusched.exe" [2009-10-11 149280]
"GrooveMonitor"="c:\program files (x86)\Microsoft Office\Office12\GrooveMonitor.exe" [2008-10-25 31072]
"QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2007-12-11 286720]
"Nikon Transfer Monitor"="c:\program files (x86)\Common Files\Nikon\Monitor\NkMonitor.exe" [2009-02-24 479232]
"Adobe Reader Speed Launcher"="c:\program files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2011-06-08 37296]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2011-03-30 937920]
"avgnt"="c:\program files (x86)\Avira\AntiVir Desktop\avgnt.exe" [2010-08-17 281768]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
"aux"=wdmaud.drv
.
R1 fgfksera;fgfksera;c:\windows\system32\drivers\fgfksera.sys [x]
R1 iuwynwhy;iuwynwhy;c:\windows\system32\drivers\iuwynwhy.sys [x]
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 gupdate;Service Google Update (gupdate);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-03-13 135664]
R3 gupdatem;Service Google Update (gupdatem);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-03-13 135664]
R3 JLTECH0227;Dual Mode Camera;c:\windows\system32\Drivers\jl2005c.sys [x]
R3 NETw5s64;Intel(R) Wireless WiFi Link 5000 Series Adapter Driver for Windows 7 - 64 Bit;c:\windows\system32\DRIVERS\NETw5s64.sys [x]
R3 netw5v64;Intel(R) Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 64 Bit;c:\windows\system32\DRIVERS\netw5v64.sys [x]
R3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;c:\windows\system32\Drivers\RtsUStor.sys [x]
R3 RtsUIR;Realtek IR Driver;c:\windows\system32\DRIVERS\Rts516xIR.sys [x]
R3 WatAdminSvc;Service Windows Activation Technologies;c:\windows\system32\Wat\WatAdminSvc.exe [x]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [x]
S2 AntiVirSchedulerService;Avira AntiVir Planificateur;c:\program files (x86)\Avira\AntiVir Desktop\sched.exe [2011-05-01 136360]
S2 ePowerSvc;Acer ePower Service;c:\program files\Acer\Acer ePower Management\ePowerSvc.exe [2009-09-30 844320]
S2 Greg_Service;GRegService;c:\program files (x86)\Acer\Registration\GregHSRW.exe [2009-08-28 1150496]
S3 L1C;NDIS Miniport Driver for Atheros AR8131/AR8132 PCI-E Ethernet Controller (NDIS 6.20);c:\windows\system32\DRIVERS\L1C62x64.sys [x]
S3 vwifimp;Microsoft Virtual WiFi Miniport Service;c:\windows\system32\DRIVERS\vwifimp.sys [x]
.
.
Contenu du dossier 'Tâches planifiées'
.
2011-07-25 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-03-13 07:56]
.
2011-07-25 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-03-13 07:56]
.
.
--------- x86-64 -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IAAnotif"="c:\program files (x86)\Intel\Intel Matrix Storage Manager\iaanotif.exe" [2009-06-05 186904]
"cAudioFilterAgent"="c:\program files\Conexant\cAudioFilterAgent\cAudioFilterAgent64.exe" [2009-07-20 503864]
"Acer ePower Management"="c:\program files\Acer\Acer ePower Management\ePowerTray.exe" [2009-09-30 823840]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2010-08-25 161304]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2010-08-25 386584]
"Persistence"="c:\windows\system32\igfxpers.exe" [2010-08-25 415256]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"LoadAppInit_DLLs"=0x0
.
------- Examen supplémentaire -------
.
uStart Page = hxxp://www.google.fr/
uLocal Page = c:\windows\system32\blank.htm
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = <local>
TCP: DhcpNameServer = 212.27.40.241 212.27.40.240
DPF: {DAF94F73-2AA6-44D8-A562-A28831820D34} - hxxp://www.pixum.fr/apps/EasyUploadX.cab
.
- - - - ORPHELINS SUPPRIMES - - - -
.
Wow6432Node-HKLM-Run-AutoStart - c:\users\EF\Desktop\0.10757333289269955.exe
SafeBoot-mcmscsvc
SafeBoot-MCODS
HKLM-Run-SynTPEnh - c:\program files (x86)\Synaptics\SynTP\SynTPEnh.exe
.
.
.
--------------------- CLES DE REGISTRE BLOQUEES ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil10c.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}\LocalServer32]
@="c:\\Windows\\SysWow64\\Macromed\\Flash\\FlashUtil10c.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash10c.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.10"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash10c.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash10c.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash10c.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}]
@Denied: (A 2) (Everyone)
@="IFlashBroker3"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Autres processus actifs ------------------------
.
c:\program files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
c:\program files (x86)\Avira\AntiVir Desktop\avguard.exe
c:\program files (x86)\Microsoft Small Business\Business Contact Manager\BcmSqlStartupSvc.exe
c:\program files (x86)\CDBurnerXP\NMSAccessU.exe
c:\program files (x86)\Common Files\Protexis\License Service\PsiService_2.exe
c:\program files (x86)\Microsoft SQL Server\90\Shared\sqlbrowser.exe
c:\program files (x86)\Intel\Intel Matrix Storage Manager\IAANTMon.exe
c:\program files (x86)\Common Files\ArcSoft\Connection Service\Bin\ArcCon.ac
c:\program files (x86)\Common Files\InterVideo\RegMgr\iviRegMgr.exe
.
**************************************************************************
.
Heure de fin: 2011-07-25  16:41:17 - La machine a redémarré
ComboFix-quarantined-files.txt  2011-07-25 14:41
.
Avant-CF: 61 603 020 800 octets libres
Après-CF: 61 443 198 976 octets libres
.
- - End Of File - - 3113E73691CBABC3F093BAC0BAA9FD69
sof42
Apprenti(e) Expert(e)
Apprenti(e) Expert(e)
 
Messages: 104
Inscription: 07 Nov 2010 12:00
 

Re: PERSONAL SHIELD PRO

Message le 25 Juil 2011 17:43

ok c'est cool, ont progresse...

> crées un nouveau document texte sur ton bureau
> pour cela clic-droit sur le bureau > Nouveau > document texte > copies et colles le contenu de la citation ci-dessous à l'intérieur

KillAll::

Driver::
fgfksera
iuwynwhy

File::
c:\windows\system32\drivers\fgfksera.sys
c:\windows\system32\drivers\iuwynwhy.sys
C:\Users\EF\Desktop\0.3835261800545806.exe
C:\Users\EF\Desktop\0.4864873851557573.exe
C:\Users\EF\Desktop\0.5124420421076967.exe
C:\Users\EF\Desktop\0.07849969423845005.exe
C:\Users\EF\Desktop\0.015736044417480444.exe
C:\Users\EF\Desktop\0.10830938780318111.exe
C:\Users\EF\Desktop\0.49623053872482026.exe
C:\Users\EF\Desktop\0.22245900170071087.exe
C:\Users\EF\Desktop\0.27143178991091443.exe
C:\Users\EF\Desktop\0.733647115277317.exe
c:\Users\EF\AppData\Roaming\1206.574
C:\Users\EF\0AB48F72

Registry::
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"AutoStart"=-
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"AutoStart"=-
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"AutoStart"=-


Respectes à la lettre la procédure d'enregistrement suivante,c'est très important

> ensuite cliques sur "fichier" > "enregistrer sous..."
> dans la fenêtre d'enregistrement choisis le bureau comme destination > dans type choisis "tous les fichiers" > et dans nom du fichier tape CFScript.txt > ensuite cliques sur enregistrer et fermes le document texte.

> fais un glisser/déposer(clic-gauche enfoncé sur CFScrit.txt et tu fais glisser) de ce fichier CFScript.txt sur le fichier ComboFix.exe comme sur cette capture.

Image

> une fenêtre bleue va apparaître >>suis les instructions
> patientes le temps du scan. Le bureau va disparaître à plusieurs reprises,c'est normal!
> ne touches à rien tant que le scan n'est pas terminé
> une fois le scan achevé, un rapport va s'afficher,postes son contenu dans ta prochaine réponse.
> si le rapport ne s'ouvre pas, il se trouve à cet emplacement C:\ComboFix.txt
Avatar de l'utilisateur
jeanmimigab
PC-Infopraticien
PC-Infopraticien
 
Messages: 2986
Inscription: 29 Nov 2009 12:05
 

Re: PERSONAL SHIELD PRO

Message le 25 Juil 2011 20:59

Re,

Panique à bord!!!! :cry:

1, je n'arrive plus à me connecter (je me connecte grace à mon 2ème ordi)
2, Quand j'essaye de me connecter un page s'ouvre disant "Win 7 Internet security 2012" et tout se referme.
3, Win 7 Internet Security s'ouvre et lance des scanne sans que je le demande, mais surtout je ne sais pas ce que sais que ces trucs.
4, Une fenêtre apparait " Win 7 internet Security 2012 has blocked a program from accessing the internet.
5, Centre de maintenance s'ouvre et me dit avtiver maintenat Protection antivirus (important), intitulé Win 7 internet security 2012.
6,Une fenêtre est sur le bureau "Windows ne trouve pas C:\Windows\System32\hkcmd.exe. Vérifiez que vous avez entré le nom correct, puis réessayez.
7, Une autre fenêtre sur le bireau disant: "Application 16 bits non prise en charge. Impossible de demarrer ou d'exécuter le programme ou la fonction \??\C:\Users\EF\AppData\Local\wax.exe. en raison d'une incompatibilité avec les versions 64 bits de windows. Contactez l'éditeur du logiciel pour demander si une version compatible avec Windows 64 bits est diponible.
8, Pour finir, 3 icônes (représentant un CD dans une boîte) comme intitulé 0.11720384978834653, 0.12041723897129442 et 0.35215216153365136.

Donc forcement n'arriavant plus à me connecter à internet sur mon ordinateur infecté, je n'ai pu effectuer les manipulations que tu m'as demandées de faire.

Je ne comprends plus rien..... :cry:
Je suis vraiment désolée, mais je ne sais plus oû j'en suis...... :cry:
En espérant avoir été assez clair dans mes explications.
sof42
Apprenti(e) Expert(e)
Apprenti(e) Expert(e)
 
Messages: 104
Inscription: 07 Nov 2010 12:00
 

Re: PERSONAL SHIELD PRO

Message le 25 Juil 2011 21:20

lol, voilà que ça a dropper un autre rogue... :roll:


Pas de panique, on va faire ça autrement car c'est du coriace aprioris :wink:

Bon, ont a pas 50 solutions, on va passer par un live CD pour désinfecter ton PC, cela évitera que l'on soit embêter pas cette infection qui est coriace avec un Windows en cours de fonctionnement.

ça fonctionne un peu comme OTL...cool tu sais faire maintenant hein ! :D

Sur un pc qui est équipé d'un graveur CD/DVD fais cela stp...

Création d'un CD/DVD Reatogo-XPE OTLPE

Insère un CD (ou un DVD) vierge dans ton graveur...si une fenêtre s'ouvre te demandant ce que tu veux faire, ferme cette fenêtre.
  • Télécharge OTLPENet.iso sur ton bureau.
  • Insère un CD vierge dans ton graveur, si une fenêtre s'ouvre te demandant ce que tu veux faire, ferme cette fenêtre.
  • Fais un double-clic sur l'icône d'OTLPENet.iso et suis les instructions pour graver le CD/DVD automatiquement


Redémarrage du pc infecté sous environnement Reatogo-XPE OTLPE



  • Le setup se charge en RAM
Image

  • Une fois le CD lancé Windows se charge (comptez 15 à 20 minutes) et vous arrivez sur le bureau REATOGO-X-PE.

Image
  • Double cliquer sur OTLPE Image
  • Une fenêtre s'ouvre : "Browse for folder" ; navigue jusqu'au dossier "Windows" de ton pc, fais un clic-gauche dessus afin qu'il apparaisse dans la zone de saisie en bas de la fenêtre et clique sur "OK"
Image

  • Une fenêtre s'ouvre : Do you wish to load the remote registry ; Cliques sur "YES"

Image

  • Une seconde : Do you wish to load remote user profile(s) for scanning, cliques sur "YES"

Image

  • Veillez à ce que la case"Automatically Load All Remaining Users" soit cochée et cliquez sur "OK"

Image

  • OTL se lance tu arrives sur cette fenêtre

Image

  • Utilises une clé usb pour sauver le contenu du cadre ci-dessous dans un fichier bloc notes/txt
  • Tu connectes la clef au PC, tu recherches le fichier bloc note/txt que tu as crées, tu l'ouvres et fais un "copié/collé" de son contenu sous"Custom Scans/Fixes"


HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\
NetSvcs
%systemroot%\system32\drivers\*.sys /lockedfiles
msconfig
safebootminimal
safebootnetwork
activex
drivers32
%ALLUSERSPROFILE%\Application Data\*.
%ALLUSERSPROFILE%\Application Data\*.exe /s
%APPDATA%\*.
%APPDATA%\*.exe /s
%SYSTEMDRIVE%\*.exe
netsvcs
%SYSTEMDRIVE%\*.exe
/md5start
winload.exe
ntoskrnl.exe
bootvid.dll
hal.dll
tpm.sys
ksecdd.sys
clfs.sys
ci.dll
kdcom.dll
kdusb.dll
kd1394.dll
spldr.sys
sptd.sys
explorer.exe
userinit.exe
winlogon.exe
tcpip.sys
Sfloppy.sys
Changer.sys
cdrom.sys
disk.sys
ndis.sys
usbscan.sys
usbprint.sys
tdtcp.sys
tdpipe.sys
swmidi.sys
splitter.sys
rdpwd.sys
eventlog.dll
scecli.dll
netlogon.dll
cngaudit.dll
sceclt.dll
ntelogon.dll
logevent.dll
RASACD.SYS
iaStor.sys
nvstor.sys
atapi.sys
IdeChnDr.sys
viasraid.sys
AGP440.sys
vaxscsi.sys
nvatabus.sys
viamraid.sys
nvata.sys
nvgts.sys
iastorv.sys
ViPrt.sys
eNetHook.dll
ahcix86.sys
KR10N.sys
nvstor32.sys
ahcix86s.sys
nvrd32.sys
/md5stop
%systemroot%\*. /mp /s
%systemroot%\system32\*.dll /lockedfiles
%systemroot%\Tasks\*.job /lockedfiles


  • cliques Run Scan pour démarrer le scanne.
  • une fois terminé, le fichier se trouve là C:\OTL.txt
  • Fais un copié/collé du fichier "OTL.txt" sur ta clef USB et postes son contenu dans ta prochaine réponse.

Allez, courage ont va l'avoir ...(enfin j'espère !)
Avatar de l'utilisateur
jeanmimigab
PC-Infopraticien
PC-Infopraticien
 
Messages: 2986
Inscription: 29 Nov 2009 12:05
 

Re: PERSONAL SHIELD PRO

Message le 25 Juil 2011 23:45

Je n'arrive pas à envoyer le rapport, unmessage me dit " trop peu de caractère.
Je reéssayerais demain matin.

A demain :wink:
sof42
Apprenti(e) Expert(e)
Apprenti(e) Expert(e)
 
Messages: 104
Inscription: 07 Nov 2010 12:00
 

Re: PERSONAL SHIELD PRO

Message le 25 Juil 2011 23:47

Code: Tout sélectionner
OTL logfile created on: 7/26/2011 1:09:19 AM - Run
OTLPE by OldTimer - Version 3.1.48.0     Folder = X:\Programs\OTLPE
64bit-Windows 7 Home Premium  (Version = 6.1.7600) - Type = System
Internet Explorer (Version = 8.0.7600.16385)
Locale: 0000040c | Country: France | Language: FRA | Date Format: dd/MM/yyyy
 
2.00 Gb Total Physical Memory | 2.00 Gb Available Physical Memory | 85.00% Memory free
2.00 Gb Paging File | 2.00 Gb Available in Paging File | 97.00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = D: | %SystemRoot% = D:\Windows | %ProgramFiles% = D:\Program Files (x86)
Drive C: | 100.00 Mb Total Space | 75.86 Mb Free Space | 75.87% Space Free | Partition Type: NTFS
Drive D: | 136.95 Gb Total Space | 57.40 Gb Free Space | 41.91% Space Free | Partition Type: NTFS
Drive E: | 7.46 Gb Total Space | 2.61 Gb Free Space | 35.03% Space Free | Partition Type: FAT32
Drive X: | 436.59 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS
 
Computer Name: REATOGO | User Name: SYSTEM
Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
Using ControlSet: ControlSet001
 
[color=#E56717]========== Win32 Services (SafeList) ==========[/color]
 
SRV:[b]64bit:[/b] - [2009/09/30 17:44:58 | 000,844,320 | ---- | M] (Acer Incorporated) [Auto] -- D:\Program Files\Acer\Acer ePower Management\ePowerSvc.exe -- (ePowerSvc)
SRV - [2011/05/01 04:41:12 | 000,136,360 | ---- | M] (Avira GmbH) [Auto] -- D:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService)
SRV - [2011/04/01 02:22:32 | 000,269,480 | ---- | M] (Avira GmbH) [Auto] -- D:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService)
SRV - [2010/03/18 08:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto] -- D:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2010/03/18 05:19:26 | 000,113,152 | ---- | M] (ArcSoft Inc.) [Auto] -- D:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe -- (ACDaemon)
SRV - [2010/03/04 17:38:00 | 000,071,096 | ---- | M] () [Auto] -- D:\Program Files (x86)\CDBurnerXP\NMSAccessU.exe -- (NMSAccess)
SRV - [2009/08/28 05:38:58 | 001,150,496 | ---- | M] (Acer Incorporated) [Auto] -- D:\Program Files (x86)\Acer\Registration\GregHSRW.exe -- (Greg_Service)
SRV - [2009/06/10 17:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled] -- D:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
SRV - [2009/06/04 22:03:06 | 000,354,840 | ---- | M] (Intel Corporation) [Auto] -- D:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTmon.exe -- (IAANTMON) Intel(R)
SRV - [2008/01/16 03:46:24 | 000,030,312 | ---- | M] (Microsoft Corporation) [Auto] -- D:\Program Files (x86)\Microsoft Small Business\Business Contact Manager\BcmSqlStartupSvc.exe -- (BcmSqlStartupSvc)
SRV - [2007/07/24 14:15:14 | 000,185,632 | ---- | M] (Protexis Inc.) [Auto] -- D:\Program Files (x86)\Common Files\Protexis\License Service\PsiService_2.exe -- (PSI_SVC_2)
SRV - [2007/01/04 22:48:50 | 000,112,152 | ---- | M] (InterVideo) [Auto] -- D:\Program Files (x86)\Common Files\InterVideo\RegMgr\iviRegMgr.exe -- (IviRegMgr)
 
 
[color=#E56717]========== Driver Services (SafeList) ==========[/color]
 
DRV:[b]64bit:[/b] - [2011/03/05 15:10:40 | 000,083,120 | ---- | M] (Avira GmbH) [File_System | Auto] -- D:\Windows\System32\drivers\avgntflt.sys -- (avgntflt)
DRV:[b]64bit:[/b] - [2010/08/25 14:36:04 | 010,611,552 | ---- | M] (Intel Corporation) [Kernel | On_Demand] -- D:\Windows\System32\drivers\igdkmd64.sys -- (igfx)
DRV:[b]64bit:[/b] - [2010/08/17 08:39:11 | 000,116,568 | ---- | M] (Avira GmbH) [Kernel | System] -- D:\Windows\System32\drivers\avipbb.sys -- (avipbb)
DRV:[b]64bit:[/b] - [2009/10/04 21:34:00 | 001,542,656 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand] -- D:\Windows\System32\drivers\athrx.sys -- (athr)
DRV:[b]64bit:[/b] - [2009/09/15 00:40:00 | 006,952,960 | ---- | M] (Intel Corporation) [Kernel | On_Demand] -- D:\Windows\System32\drivers\NETw5s64.sys -- (NETw5s64) Intel(R)
DRV:[b]64bit:[/b] - [2009/08/11 00:59:50 | 000,686,080 | ---- | M] (Conexant Systems Inc.) [Kernel | On_Demand] -- D:\Windows\System32\drivers\CHDRT64.sys -- (CnxtHdAudService)
DRV:[b]64bit:[/b] - [2009/07/27 03:04:36 | 000,058,880 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand] -- D:\Windows\System32\drivers\L1C62x64.sys -- (L1C) NDIS Miniport Driver for Atheros AR8131/AR8132 PCI-E Ethernet Controller (NDIS 6.20)
DRV:[b]64bit:[/b] - [2009/06/23 23:00:18 | 000,216,576 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand] -- D:\Windows\System32\drivers\RtsUStor.sys -- (RSUSBSTOR)
DRV:[b]64bit:[/b] - [2009/06/10 16:38:56 | 000,000,308 | ---- | M] () [File_System | On_Demand] -- D:\Windows\System32\wbem\ntfs.mof -- (Ntfs)
DRV:[b]64bit:[/b] - [2009/06/10 16:35:28 | 005,434,368 | ---- | M] (Intel Corporation) [Kernel | On_Demand] -- D:\Windows\System32\drivers\netw5v64.sys -- (netw5v64) Intel(R)
DRV:[b]64bit:[/b] - [2009/06/10 16:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand] -- D:\Windows\system32\DRIVERS\evbda.sys -- (ebdrv)
DRV:[b]64bit:[/b] - [2009/06/10 16:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand] -- D:\Windows\system32\DRIVERS\bxvbda.sys -- (b06bdrv)
DRV:[b]64bit:[/b] - [2009/06/10 16:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand] -- D:\Windows\System32\drivers\b57nd60a.sys -- (b57nd60a)
DRV:[b]64bit:[/b] - [2008/03/28 11:25:30 | 000,017,952 | ---- | M] (Acer, Inc.) [Kernel | On_Demand] -- D:\Windows\System32\OEM\factory\int15.sys -- (int15.sys)
DRV:[b]64bit:[/b] - [2008/03/11 10:04:32 | 000,079,664 | ---- | M] (Windows (R) Codename Longhorn DDK provider) [Kernel | On_Demand] -- D:\Windows\System32\drivers\jl2005c.sys -- (JLTECH0227)
DRV - [2009/11/12 08:48:56 | 000,007,168 | ---- | M] () [File_System | On_Demand] -- D:\Windows\SysWow64\drivers\StarOpen.sys -- (StarOpen)
 
 
[color=#E56717]========== Standard Registry (SafeList) ==========[/color]
 
 
[color=#E56717]========== Internet Explorer ==========[/color]
 
 
 
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKU\EF_ON_D\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.fr/
IE - HKU\EF_ON_D\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\EF_ON_D\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local>
 
 
 
 
FF:[b]64bit:[/b] - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE:  File not found
FF - HKLM\Software\Wow6432Node\MozillaPlugins\@microsoft.com/GENUINE:  File not found
FF - HKLM\Software\Wow6432Node\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: D:\Program Files (x86)\Microsoft Silverlight\4.0.60531.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\Wow6432Node\MozillaPlugins\@microsoft.com/WLPG,version=14.0.8081.0709: D:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\Wow6432Node\MozillaPlugins\@tools.google.com/Google Update;version=3: D:\Program Files (x86)\Google\Update\1.3.21.57\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\Wow6432Node\MozillaPlugins\@tools.google.com/Google Update;version=9: D:\Program Files (x86)\Google\Update\1.3.21.57\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\Wow6432Node\MozillaPlugins\Adobe Reader: D:\Program Files (x86)\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
 
 
 
O1 HOSTS File: ([2011/07/25 10:35:42 | 000,000,027 | ---- | M]) - D:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1       localhost
O4:[b]64bit:[/b] - HKLM..\Run: [Acer ePower Management] D:\Program Files\Acer\Acer ePower Management\ePowerTray.exe (Acer Incorporated)
O4:[b]64bit:[/b] - HKLM..\Run: [cAudioFilterAgent] D:\Program Files\CONEXANT\cAudioFilterAgent\cAudioFilterAgent64.exe (Conexant Systems, Inc.)
O4:[b]64bit:[/b] - HKLM..\Run: [IAAnotif] D:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAAnotif.exe (Intel Corporation)
O4 - HKLM..\Run: [ArcSoft Connection Service] D:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe (ArcSoft Inc.)
O4 - HKLM..\Run: [avgnt] D:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)
O4 - HKLM..\Run: [LManager] D:\Program Files (x86)\Launch Manager\LManager.EXE (Dritek System Inc.)
O4 - HKLM..\Run: [Nikon Transfer Monitor] D:\Program Files (x86)\Common Files\Nikon\Monitor\NkMonitor.exe (Nikon Corporation)
O4 - HKU\EF_ON_D..\Run: [192695408] D:\Users\EF\AppData\Local\wax.exe ()
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\EF_ON_D\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\EF_ON_D\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKU\EF_ON_D\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HideSCAHealth = 1
O7 - HKU\LocalService_ON_D\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\NetworkService_ON_D\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\systemprofile_ON_D\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O16 - DPF: {5D637FAD-E202-48D1-8F18-5B9C459BD1E3} http://www.mypix.com/fr/fr/importer/newconf/aurigma5.8.1.0/ImageUploader5.cab (Image Uploader Control)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab (Java Plug-in 1.6.0_17)
O16 - DPF: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab (Java Plug-in 1.6.0_17)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab (Java Plug-in 1.6.0_17)
O16 - DPF: {DAF94F73-2AA6-44D8-A562-A28831820D34} http://www.pixum.fr/apps/EasyUploadX.cab (Pixum EasyUploadX Control)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 212.27.40.241 212.27.40.240
O18:[b]64bit:[/b] - Protocol\Handler\grooveLocalGWS {88FED34C-F0CA-4636-A375-3CB6248B04CD} - Reg Error: Key error. File not found
O18:[b]64bit:[/b] - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - Reg Error: Key error. File not found
O18:[b]64bit:[/b] - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - Reg Error: Key error. File not found
O18:[b]64bit:[/b] - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - Reg Error: Key error. File not found
O18:[b]64bit:[/b] - Protocol\Handler\mso-offdap11 {32505114-5902-49B2-880A-1F7738E5A384} - Reg Error: Key error. File not found
O18:[b]64bit:[/b] - Protocol\Handler\wlmailhtml {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - Reg Error: Key error. File not found
O20:[b]64bit:[/b] - HKLM Winlogon: Shell - (Explorer.exe) - D:\Windows\explorer.exe (Microsoft Corporation)
O20:[b]64bit:[/b] - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - D:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20:[b]64bit:[/b] - HKLM Winlogon: VMApplet - (/pagefile) -  File not found
O20 - HKLM Winlogon: Shell - (Explorer.exe) - D:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) -  File not found
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006/03/24 07:06:41 | 000,000,053 | R--- | M] () - X:\AUTORUN.INF -- [ CDFS ]
O34 - HKLM BootExecute: (autocheck autochk *) -  File not found
[b]64bit:[/b] O35 - HKLM\..comfile [open] -- "%1" %* File not found
[b]64bit:[/b] O35 - HKLM\..exefile [open] -- "%1" %* File not found
O37:[b]64bit:[/b] - HKLM\...com [@ = ComFile] -- "%1" %*
O37:[b]64bit:[/b] - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
 
 
 
SafeBootMin:[b]64bit:[/b] Base - Driver Group
SafeBootMin:[b]64bit:[/b] Boot Bus Extender - Driver Group
SafeBootMin:[b]64bit:[/b] Boot file system - Driver Group
SafeBootMin:[b]64bit:[/b] File system - Driver Group
SafeBootMin:[b]64bit:[/b] Filter - Driver Group
SafeBootMin:[b]64bit:[/b] HelpSvc - Service
SafeBootMin:[b]64bit:[/b] PCI Configuration - Driver Group
SafeBootMin:[b]64bit:[/b] PNP Filter - Driver Group
SafeBootMin:[b]64bit:[/b] Primary disk - Driver Group
SafeBootMin:[b]64bit:[/b] sacsvr - Service
SafeBootMin:[b]64bit:[/b] SCSI Class - Driver Group
SafeBootMin:[b]64bit:[/b] System Bus Extender - Driver Group
SafeBootMin:[b]64bit:[/b] vmms - Service
SafeBootMin:[b]64bit:[/b] WinDefend - Service
SafeBootMin:[b]64bit:[/b] {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootMin:[b]64bit:[/b] {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootMin:[b]64bit:[/b] {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootMin:[b]64bit:[/b] {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootMin:[b]64bit:[/b] {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootMin:[b]64bit:[/b] {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootMin:[b]64bit:[/b] {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootMin:[b]64bit:[/b] {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootMin:[b]64bit:[/b] {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootMin:[b]64bit:[/b] {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootMin:[b]64bit:[/b] {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootMin:[b]64bit:[/b] {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootMin:[b]64bit:[/b] {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootMin:[b]64bit:[/b] {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootMin:[b]64bit:[/b] {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootMin:[b]64bit:[/b] {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootMin:[b]64bit:[/b] {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices
SafeBootMin: Base - Driver Group
SafeBootMin: Boot Bus Extender - Driver Group
SafeBootMin: Boot file system - Driver Group
SafeBootMin: File system - Driver Group
SafeBootMin: Filter - Driver Group
SafeBootMin: HelpSvc - Service
SafeBootMin: PCI Configuration - Driver Group
SafeBootMin: PNP Filter - Driver Group
SafeBootMin: Primary disk - Driver Group
SafeBootMin: sacsvr - Service
SafeBootMin: SCSI Class - Driver Group
SafeBootMin: System Bus Extender - Driver Group
SafeBootMin: vmms - Service
SafeBootMin: WinDefend - Service
SafeBootMin: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootMin: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootMin: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootMin: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootMin: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootMin: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootMin: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootMin: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootMin: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootMin: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootMin: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootMin: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootMin: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootMin: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootMin: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootMin: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootMin: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices
 
SafeBootNet:[b]64bit:[/b] Base - Driver Group
SafeBootNet:[b]64bit:[/b] Boot Bus Extender - Driver Group
SafeBootNet:[b]64bit:[/b] Boot file system - Driver Group
SafeBootNet:[b]64bit:[/b] File system - Driver Group
SafeBootNet:[b]64bit:[/b] Filter - Driver Group
SafeBootNet:[b]64bit:[/b] HelpSvc - Service
SafeBootNet:[b]64bit:[/b] Messenger - Service
SafeBootNet:[b]64bit:[/b] MpfService - Service
SafeBootNet:[b]64bit:[/b] NDIS Wrapper - Driver Group
SafeBootNet:[b]64bit:[/b] NetBIOSGroup - Driver Group
SafeBootNet:[b]64bit:[/b] NetDDEGroup - Driver Group
SafeBootNet:[b]64bit:[/b] Network - Driver Group
SafeBootNet:[b]64bit:[/b] NetworkProvider - Driver Group
SafeBootNet:[b]64bit:[/b] PCI Configuration - Driver Group
SafeBootNet:[b]64bit:[/b] PNP Filter - Driver Group
SafeBootNet:[b]64bit:[/b] PNP_TDI - Driver Group
SafeBootNet:[b]64bit:[/b] Primary disk - Driver Group
SafeBootNet:[b]64bit:[/b] rdsessmgr - Service
SafeBootNet:[b]64bit:[/b] sacsvr - Service
SafeBootNet:[b]64bit:[/b] SCSI Class - Driver Group
SafeBootNet:[b]64bit:[/b] Streams Drivers - Driver Group
SafeBootNet:[b]64bit:[/b] System Bus Extender - Driver Group
SafeBootNet:[b]64bit:[/b] TDI - Driver Group
SafeBootNet:[b]64bit:[/b] vmms - Service
SafeBootNet:[b]64bit:[/b] WinDefend - Service
SafeBootNet:[b]64bit:[/b] WudfUsbccidDriver - Driver
SafeBootNet:[b]64bit:[/b] {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootNet:[b]64bit:[/b] {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootNet:[b]64bit:[/b] {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootNet:[b]64bit:[/b] {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootNet:[b]64bit:[/b] {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootNet:[b]64bit:[/b] {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootNet:[b]64bit:[/b] {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootNet:[b]64bit:[/b] {4D36E972-E325-11CE-BFC1-08002BE10318} - Net
SafeBootNet:[b]64bit:[/b] {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient
SafeBootNet:[b]64bit:[/b] {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService
SafeBootNet:[b]64bit:[/b] {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans
SafeBootNet:[b]64bit:[/b] {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootNet:[b]64bit:[/b] {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootNet:[b]64bit:[/b] {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootNet:[b]64bit:[/b] {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootNet:[b]64bit:[/b] {50DD5230-BA8A-11D1-BF5D-0000F805F530} - Smart card readers
SafeBootNet:[b]64bit:[/b] {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootNet:[b]64bit:[/b] {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootNet:[b]64bit:[/b] {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootNet:[b]64bit:[/b] {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootNet:[b]64bit:[/b] {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootNet:[b]64bit:[/b] {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices
SafeBootNet: Base - Driver Group
SafeBootNet: Boot Bus Extender - Driver Group
SafeBootNet: Boot file system - Driver Group
SafeBootNet: File system - Driver Group
SafeBootNet: Filter - Driver Group
SafeBootNet: HelpSvc - Service
SafeBootNet: Messenger - Service
SafeBootNet: MpfService - Service
SafeBootNet: NDIS Wrapper - Driver Group
SafeBootNet: NetBIOSGroup - Driver Group
SafeBootNet: NetDDEGroup - Driver Group
SafeBootNet: Network - Driver Group
SafeBootNet: NetworkProvider - Driver Group
SafeBootNet: PCI Configuration - Driver Group
SafeBootNet: PNP Filter - Driver Group
SafeBootNet: PNP_TDI - Driver Group
SafeBootNet: Primary disk - Driver Group
SafeBootNet: rdsessmgr - Service
SafeBootNet: sacsvr - Service
SafeBootNet: SCSI Class - Driver Group
SafeBootNet: Streams Drivers - Driver Group
SafeBootNet: System Bus Extender - Driver Group
SafeBootNet: TDI - Driver Group
SafeBootNet: vmms - Service
SafeBootNet: WinDefend - Service
SafeBootNet: WudfUsbccidDriver - Driver
SafeBootNet: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootNet: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootNet: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootNet: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootNet: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootNet: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootNet: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootNet: {4D36E972-E325-11CE-BFC1-08002BE10318} - Net
SafeBootNet: {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient
SafeBootNet: {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService
SafeBootNet: {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans
SafeBootNet: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootNet: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootNet: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootNet: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootNet: {50DD5230-BA8A-11D1-BF5D-0000F805F530} - Smart card readers
SafeBootNet: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootNet: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootNet: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootNet: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootNet: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootNet: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices
 
ActiveX:[b]64bit:[/b] {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 12.0
ActiveX:[b]64bit:[/b] {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX:[b]64bit:[/b] {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX:[b]64bit:[/b] {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Windows Mail\WinMail.exe" OCInstallUserConfigOE
ActiveX:[b]64bit:[/b] {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX:[b]64bit:[/b] {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX:[b]64bit:[/b] {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6
ActiveX:[b]64bit:[/b] {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX:[b]64bit:[/b] {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX:[b]64bit:[/b] {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX:[b]64bit:[/b] {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX:[b]64bit:[/b] {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7
ActiveX:[b]64bit:[/b] {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX:[b]64bit:[/b] {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\System32\ie4uinit.exe -BaseSettings
ActiveX:[b]64bit:[/b] {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\system32\Rundll32.exe C:\Windows\system32\mscories.dll,Install
ActiveX:[b]64bit:[/b] {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX:[b]64bit:[/b] {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX:[b]64bit:[/b] {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX:[b]64bit:[/b] {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX:[b]64bit:[/b] {F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4} - .NET Framework
ActiveX:[b]64bit:[/b] {FEBEF00C-046D-438D-8A88-BF94A6C9E703} - .NET Framework
ActiveX:[b]64bit:[/b] >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - %SystemRoot%\system32\unregmp2.exe /ShowWMP
ActiveX:[b]64bit:[/b] >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\System32\ie4uinit.exe -UserIconConfig
ActiveX:[b]64bit:[/b] >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\iedkcs32.dll",BrandIEActiveSetup SIGNUP
ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 12.0
ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Windows Mail\WinMail.exe" OCInstallUserConfigOE
ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6
ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\System32\ie4uinit.exe -BaseSettings
ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\system32\Rundll32.exe C:\Windows\system32\mscories.dll,Install
ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX: {F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4} - .NET Framework
ActiveX: {FEBEF00C-046D-438D-8A88-BF94A6C9E703} - .NET Framework
ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - %SystemRoot%\system32\unregmp2.exe /ShowWMP
ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\System32\ie4uinit.exe -UserIconConfig
ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\iedkcs32.dll",BrandIEActiveSetup SIGNUP
 
Drivers32:[b]64bit:[/b] aux - D:\Windows\System32\wdmaud.drv (Microsoft Corporation)
Drivers32:[b]64bit:[/b] midi - D:\Windows\System32\wdmaud.drv (Microsoft Corporation)
Drivers32:[b]64bit:[/b] midimapper - D:\Windows\System32\midimap.dll (Microsoft Corporation)
Drivers32:[b]64bit:[/b] mixer - D:\Windows\System32\wdmaud.drv (Microsoft Corporation)
Drivers32:[b]64bit:[/b] msacm.imaadpcm - D:\Windows\System32\imaadp32.acm (Microsoft Corporation)
Drivers32:[b]64bit:[/b] msacm.l3acm - D:\Windows\System32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32:[b]64bit:[/b] msacm.msadpcm - D:\Windows\System32\msadp32.acm (Microsoft Corporation)
Drivers32:[b]64bit:[/b] msacm.msg711 - D:\Windows\System32\msg711.acm (Microsoft Corporation)
Drivers32:[b]64bit:[/b] msacm.msgsm610 - D:\Windows\System32\msgsm32.acm (Microsoft Corporation)
Drivers32:[b]64bit:[/b] MSVideo8 - D:\Windows\System32\vfwwdm32.dll (Microsoft Corporation)
Drivers32:[b]64bit:[/b] vidc.i420 - D:\Windows\System32\iyuv_32.dll (Microsoft Corporation)
Drivers32:[b]64bit:[/b] VIDC.IYUV - D:\Windows\System32\iyuv_32.dll (Microsoft Corporation)
Drivers32:[b]64bit:[/b] vidc.mrle - D:\Windows\System32\msrle32.dll (Microsoft Corporation)
Drivers32:[b]64bit:[/b] vidc.msvc - D:\Windows\System32\msvidc32.dll (Microsoft Corporation)
Drivers32:[b]64bit:[/b] VIDC.UYVY - D:\Windows\System32\msyuv.dll (Microsoft Corporation)
Drivers32:[b]64bit:[/b] VIDC.YUY2 - D:\Windows\System32\msyuv.dll (Microsoft Corporation)
Drivers32:[b]64bit:[/b] VIDC.YVU9 - D:\Windows\System32\tsbyuv.dll (Microsoft Corporation)
Drivers32:[b]64bit:[/b] VIDC.YVYU - D:\Windows\System32\msyuv.dll (Microsoft Corporation)
Drivers32:[b]64bit:[/b] wave - D:\Windows\System32\wdmaud.drv (Microsoft Corporation)
Drivers32:[b]64bit:[/b] wavemapper - D:\Windows\System32\msacm32.drv (Microsoft Corporation)
Drivers32: msacm.l3acm - D:\Windows\SysWOW64\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: MSVideo8 - D:\Windows\SysWow64\vfwwdm32.dll (Microsoft Corporation)
 
 
[color=#E56717]========== Files/Folders - Created Within 30 Days ==========[/color]
 
[2011/07/25 10:41:22 | 000,000,000 | ---D | C] -- D:\Windows\temp
[2011/07/25 10:35:45 | 000,000,000 | ---D | C] -- D:\$RECYCLE.BIN
[2011/07/25 10:26:53 | 000,518,144 | ---- | C] (SteelWerX) -- D:\Windows\SWREG.exe
[2011/07/25 10:26:53 | 000,406,528 | ---- | C] (SteelWerX) -- D:\Windows\SWSC.exe
[2011/07/25 10:26:53 | 000,060,416 | ---- | C] (NirSoft) -- D:\Windows\NIRCMD.exe
[2011/07/25 10:26:48 | 000,000,000 | ---D | C] -- D:\Windows\ERDNT
[2011/07/25 10:23:01 | 000,000,000 | ---D | C] -- D:\Qoobox
[2011/07/25 10:22:11 | 004,152,159 | R--- | C] (Swearware) -- D:\Users\EF\Desktop\ComboFix.exe
[2011/07/25 07:12:30 | 000,000,000 | ---D | C] -- D:\Users\EF\Desktop\tdsskiller
[2011/07/25 05:42:38 | 000,045,568 | ---- | C] (Mozilla Foundation) -- D:\Users\EF\Desktop\0.3835261800545806.exe
[2011/07/25 05:42:37 | 000,045,568 | ---- | C] (Mozilla Foundation) -- D:\Users\EF\Desktop\0.4864873851557573.exe
[2011/07/25 05:38:43 | 000,045,568 | ---- | C] (Mozilla Foundation) -- D:\Users\EF\Desktop\0.5124420421076967.exe
[2011/07/25 05:38:42 | 000,045,568 | ---- | C] (Mozilla Foundation) -- D:\Users\EF\Desktop\0.07849969423845005.exe
[2011/07/25 05:38:30 | 000,045,568 | ---- | C] (Mozilla Foundation) -- D:\Users\EF\Desktop\0.015736044417480444.exe
[2011/07/25 05:38:28 | 000,045,568 | ---- | C] (Mozilla Foundation) -- D:\Users\EF\Desktop\0.10830938780318111.exe
[2011/07/25 05:38:24 | 000,045,568 | ---- | C] (Mozilla Foundation) -- D:\Users\EF\Desktop\0.49623053872482026.exe
[2011/07/25 05:38:23 | 000,045,568 | ---- | C] (Mozilla Foundation) -- D:\Users\EF\Desktop\0.22245900170071087.exe
[2011/07/25 05:38:03 | 000,045,568 | ---- | C] (Mozilla Foundation) -- D:\Users\EF\Desktop\0.27143178991091443.exe
[2011/07/25 05:36:34 | 000,045,568 | ---- | C] (Mozilla Foundation) -- D:\Users\EF\Desktop\0.733647115277317.exe
[2011/07/25 04:34:48 | 000,000,000 | ---D | C] -- D:\_OTL
[2011/07/24 15:55:27 | 000,000,000 | ---D | C] -- D:\Users\EF\Desktop\RK_Quarantine
[2011/07/24 15:06:37 | 000,579,584 | ---- | C] (OldTimer Tools) -- D:\Users\EF\Desktop\OTL.exe
[2011/07/21 06:03:05 | 000,000,000 | ---D | C] -- D:\Config.Msi
[2011/07/13 03:44:28 | 001,162,240 | ---- | C] (Microsoft Corporation) -- D:\Windows\System32\kernel32.dll
[2011/07/13 03:44:28 | 000,362,496 | ---- | C] (Microsoft Corporation) -- D:\Windows\System32\wow64win.dll
[2011/07/13 03:44:27 | 000,338,944 | ---- | C] (Microsoft Corporation) -- D:\Windows\System32\conhost.exe
[2011/07/13 03:44:27 | 000,243,200 | ---- | C] (Microsoft Corporation) -- D:\Windows\System32\wow64.dll
[2011/07/13 03:44:27 | 000,214,528 | ---- | C] (Microsoft Corporation) -- D:\Windows\System32\winsrv.dll
[2011/07/13 03:44:27 | 000,025,600 | ---- | C] (Microsoft Corporation) -- D:\Windows\SysWow64\setup16.exe
[2011/07/13 03:44:27 | 000,016,384 | ---- | C] (Microsoft Corporation) -- D:\Windows\System32\ntvdm64.dll
[2011/07/13 03:44:27 | 000,014,336 | ---- | C] (Microsoft Corporation) -- D:\Windows\SysWow64\ntvdm64.dll
[2011/07/13 03:44:27 | 000,013,312 | ---- | C] (Microsoft Corporation) -- D:\Windows\System32\wow64cpu.dll
[2011/07/13 03:44:27 | 000,007,680 | ---- | C] (Microsoft Corporation) -- D:\Windows\SysWow64\instnm.exe
[2011/07/13 03:44:27 | 000,005,120 | ---- | C] (Microsoft Corporation) -- D:\Windows\SysWow64\wow32.dll
[2011/07/13 03:44:25 | 000,002,048 | ---- | C] (Microsoft Corporation) -- D:\Windows\SysWow64\user.exe
[2011/07/13 03:44:22 | 000,422,400 | ---- | C] (Microsoft Corporation) -- D:\Windows\System32\KernelBase.dll
[2011/07/13 03:44:20 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- D:\Windows\SysWow64\api-ms-win-core-libraryloader-l1-1-0.dll
[2011/07/13 03:44:20 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- D:\Windows\System32\api-ms-win-core-libraryloader-l1-1-0.dll
[2011/07/13 03:44:19 | 000,006,144 | -H-- | C] (Microsoft Corporation) -- D:\Windows\SysWow64\api-ms-win-security-base-l1-1-0.dll
[2011/07/13 03:44:19 | 000,006,144 | -H-- | C] (Microsoft Corporation) -- D:\Windows\System32\api-ms-win-security-base-l1-1-0.dll
[2011/07/13 03:44:19 | 000,005,120 | -H-- | C] (Microsoft Corporation) -- D:\Windows\SysWow64\api-ms-win-core-file-l1-1-0.dll
[2011/07/13 03:44:19 | 000,005,120 | -H-- | C] (Microsoft Corporation) -- D:\Windows\System32\api-ms-win-core-file-l1-1-0.dll
[2011/07/13 03:44:19 | 000,004,608 | -H-- | C] (Microsoft Corporation) -- D:\Windows\SysWow64\api-ms-win-core-threadpool-l1-1-0.dll
[2011/07/13 03:44:19 | 000,004,608 | -H-- | C] (Microsoft Corporation) -- D:\Windows\System32\api-ms-win-core-threadpool-l1-1-0.dll
[2011/07/13 03:44:19 | 000,004,608 | -H-- | C] (Microsoft Corporation) -- D:\Windows\SysWow64\api-ms-win-core-processthreads-l1-1-0.dll
[2011/07/13 03:44:19 | 000,004,608 | -H-- | C] (Microsoft Corporation) -- D:\Windows\System32\api-ms-win-core-processthreads-l1-1-0.dll
[2011/07/13 03:44:19 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- D:\Windows\SysWow64\api-ms-win-core-sysinfo-l1-1-0.dll
[2011/07/13 03:44:19 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- D:\Windows\System32\api-ms-win-core-sysinfo-l1-1-0.dll
[2011/07/13 03:44:19 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- D:\Windows\SysWow64\api-ms-win-core-synch-l1-1-0.dll
[2011/07/13 03:44:19 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- D:\Windows\System32\api-ms-win-core-synch-l1-1-0.dll
[2011/07/13 03:44:19 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- D:\Windows\SysWow64\api-ms-win-core-misc-l1-1-0.dll
[2011/07/13 03:44:19 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- D:\Windows\SysWow64\api-ms-win-core-localregistry-l1-1-0.dll
[2011/07/13 03:44:19 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- D:\Windows\System32\api-ms-win-core-localregistry-l1-1-0.dll
[2011/07/13 03:44:19 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- D:\Windows\SysWow64\api-ms-win-core-localization-l1-1-0.dll
[2011/07/13 03:44:19 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- D:\Windows\System32\api-ms-win-core-localization-l1-1-0.dll
[2011/07/13 03:44:19 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- D:\Windows\SysWow64\api-ms-win-core-xstate-l1-1-0.dll
[2011/07/13 03:44:19 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- D:\Windows\System32\api-ms-win-core-rtlsupport-l1-1-0.dll
[2011/07/13 03:44:19 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- D:\Windows\SysWow64\api-ms-win-core-processenvironment-l1-1-0.dll
[2011/07/13 03:44:19 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- D:\Windows\System32\api-ms-win-core-processenvironment-l1-1-0.dll
[2011/07/13 03:44:19 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- D:\Windows\SysWow64\api-ms-win-core-namedpipe-l1-1-0.dll
[2011/07/13 03:44:19 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- D:\Windows\System32\api-ms-win-core-namedpipe-l1-1-0.dll
[2011/07/13 03:44:19 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- D:\Windows\System32\api-ms-win-core-misc-l1-1-0.dll
[2011/07/13 03:44:19 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- D:\Windows\SysWow64\api-ms-win-core-memory-l1-1-0.dll
[2011/07/13 03:44:19 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- D:\Windows\System32\api-ms-win-core-memory-l1-1-0.dll
[2011/07/13 03:44:19 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- D:\Windows\SysWow64\api-ms-win-core-interlocked-l1-1-0.dll
[2011/07/13 03:44:19 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- D:\Windows\SysWow64\api-ms-win-core-heap-l1-1-0.dll
[2011/07/13 03:44:19 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- D:\Windows\System32\api-ms-win-core-heap-l1-1-0.dll
[2011/07/13 03:44:19 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- D:\Windows\System32\api-ms-win-core-xstate-l1-1-0.dll
[2011/07/13 03:44:19 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- D:\Windows\SysWow64\api-ms-win-core-util-l1-1-0.dll
[2011/07/13 03:44:19 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- D:\Windows\System32\api-ms-win-core-util-l1-1-0.dll
[2011/07/13 03:44:19 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- D:\Windows\SysWow64\api-ms-win-core-string-l1-1-0.dll
[2011/07/13 03:44:19 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- D:\Windows\System32\api-ms-win-core-string-l1-1-0.dll
[2011/07/13 03:44:19 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- D:\Windows\SysWow64\api-ms-win-core-rtlsupport-l1-1-0.dll
[2011/07/13 03:44:19 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- D:\Windows\SysWow64\api-ms-win-core-profile-l1-1-0.dll
[2011/07/13 03:44:19 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- D:\Windows\System32\api-ms-win-core-profile-l1-1-0.dll
[2011/07/13 03:44:19 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- D:\Windows\SysWow64\api-ms-win-core-io-l1-1-0.dll
[2011/07/13 03:44:19 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- D:\Windows\System32\api-ms-win-core-io-l1-1-0.dll
[2011/07/13 03:44:19 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- D:\Windows\System32\api-ms-win-core-interlocked-l1-1-0.dll
[2011/07/13 03:44:19 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- D:\Windows\SysWow64\api-ms-win-core-handle-l1-1-0.dll
[2011/07/13 03:44:19 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- D:\Windows\System32\api-ms-win-core-handle-l1-1-0.dll
[2011/07/13 03:44:19 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- D:\Windows\SysWow64\api-ms-win-core-fibers-l1-1-0.dll
[2011/07/13 03:44:19 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- D:\Windows\System32\api-ms-win-core-fibers-l1-1-0.dll
[2011/07/13 03:44:19 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- D:\Windows\SysWow64\api-ms-win-core-errorhandling-l1-1-0.dll
[2011/07/13 03:44:19 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- D:\Windows\System32\api-ms-win-core-errorhandling-l1-1-0.dll
[2011/07/13 03:44:19 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- D:\Windows\SysWow64\api-ms-win-core-delayload-l1-1-0.dll
[2011/07/13 03:44:19 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- D:\Windows\System32\api-ms-win-core-delayload-l1-1-0.dll
[2011/07/13 03:44:19 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- D:\Windows\SysWow64\api-ms-win-core-debug-l1-1-0.dll
[2011/07/13 03:44:19 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- D:\Windows\System32\api-ms-win-core-debug-l1-1-0.dll
[2011/07/13 03:44:19 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- D:\Windows\SysWow64\api-ms-win-core-datetime-l1-1-0.dll
[2011/07/13 03:44:19 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- D:\Windows\System32\api-ms-win-core-datetime-l1-1-0.dll
[2011/07/13 03:44:19 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- D:\Windows\SysWow64\api-ms-win-core-console-l1-1-0.dll
[2011/07/13 03:44:19 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- D:\Windows\System32\api-ms-win-core-console-l1-1-0.dll
[2011/07/10 09:57:26 | 000,000,000 | ---D | C] -- D:\Program Files (x86)\Winamax Poker
[2011/06/29 04:00:35 | 002,228,224 | ---- | C] (Microsoft Corporation) -- D:\Windows\System32\mssrch.dll
[2011/06/29 04:00:35 | 001,401,856 | ---- | C] (Microsoft Corporation) -- D:\Windows\SysWow64\mssrch.dll
[2011/06/29 04:00:34 | 002,326,016 | ---- | C] (Microsoft Corporation) -- D:\Windows\System32\tquery.dll
[2011/06/29 04:00:34 | 001,553,920 | ---- | C] (Microsoft Corporation) -- D:\Windows\SysWow64\tquery.dll
[2011/06/29 04:00:34 | 000,666,624 | ---- | C] (Microsoft Corporation) -- D:\Windows\SysWow64\mssvp.dll
[2011/06/29 04:00:34 | 000,491,520 | ---- | C] (Microsoft Corporation) -- D:\Windows\System32\mssph.dll
[2011/06/29 04:00:34 | 000,249,856 | ---- | C] (Microsoft Corporation) -- D:\Windows\System32\SearchProtocolHost.exe
[2011/06/29 04:00:33 | 000,779,264 | ---- | C] (Microsoft Corporation) -- D:\Windows\System32\mssvp.dll
[2011/06/29 04:00:33 | 000,337,408 | ---- | C] (Microsoft Corporation) -- D:\Windows\SysWow64\mssph.dll
[2011/06/29 04:00:33 | 000,197,120 | ---- | C] (Microsoft Corporation) -- D:\Windows\SysWow64\mssphtb.dll
[2011/06/29 04:00:33 | 000,113,664 | ---- | C] (Microsoft Corporation) -- D:\Windows\System32\SearchFilterHost.exe
[2011/06/29 04:00:33 | 000,075,264 | ---- | C] (Microsoft Corporation) -- D:\Windows\System32\msscntrs.dll
[2011/06/29 04:00:32 | 000,288,256 | ---- | C] (Microsoft Corporation) -- D:\Windows\System32\mssphtb.dll
[2011/06/29 04:00:32 | 000,059,392 | ---- | C] (Microsoft Corporation) -- D:\Windows\SysWow64\msscntrs.dll
[2011/06/29 04:00:30 | 000,252,928 | ---- | C] (Microsoft Corporation) -- D:\Windows\SysWow64\drvinst.exe
[2011/06/29 04:00:30 | 000,044,544 | ---- | C] (Microsoft Corporation) -- D:\Windows\SysWow64\devrtl.dll
[2 D:\Users\EF\AppData\Local\*.tmp files -> D:\Users\EF\AppData\Local\*.tmp -> ]
 
[color=#E56717]========== Files - Modified Within 30 Days ==========[/color]
 
[2011/07/25 17:50:13 | 000,067,584 | --S- | M] () -- D:\Windows\bootstat.dat
[2011/07/25 17:49:29 | 000,011,292 | -HS- | M] () -- D:\Users\EF\AppData\Local\3y6os41x68
[2011/07/25 17:49:12 | 000,001,066 | ---- | M] () -- D:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2011/07/25 17:48:53 | 1554,726,912 | -HS- | M] () -- D:\hiberfil.sys
[2011/07/25 17:39:32 | 000,009,920 | -H-- | M] () -- D:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2011/07/25 17:39:32 | 000,009,920 | -H-- | M] () -- D:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2011/07/25 17:30:05 | 000,000,000 | ---- | M] () -- D:\Users\EF\AppData\Local\{08952DD3-C5CC-4FEA-A4C6-32A9AC7D8DF2}
[2011/07/25 17:14:14 | 000,000,000 | ---- | M] () -- D:\Users\EF\AppData\Local\{ECF071E5-C86B-4A6D-B3E6-A7A38A118D1E}
[2011/07/25 17:10:16 | 000,001,070 | ---- | M] () -- D:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2011/07/25 15:19:01 | 000,011,324 | -HS- | M] () -- D:\ProgramData\3y6os41x68
[2011/07/25 15:16:40 | 000,368,640 | ---- | M] () -- D:\Users\EF\AppData\Local\wax.exe
[2011/07/25 15:16:39 | 000,368,640 | ---- | M] () -- D:\Users\EF\AppData\Local\ann.exe
[2011/07/25 15:16:33 | 000,368,640 | ---- | M] () -- D:\Users\EF\AppData\Local\vvg.exe
[2011/07/25 15:16:33 | 000,368,640 | ---- | M] () -- D:\Users\EF\AppData\Local\qmi.exe
[2011/07/25 15:16:33 | 000,368,640 | ---- | M] () -- D:\Users\EF\AppData\Local\hjj.exe
[2011/07/25 15:16:30 | 000,368,640 | ---- | M] () -- D:\Users\EF\AppData\Local\nwm.exe
[2011/07/25 15:16:29 | 000,368,640 | ---- | M] () -- D:\Users\EF\Desktop\0.35215216153365136.exe
[2011/07/25 15:16:28 | 000,368,640 | ---- | M] () -- D:\Users\EF\AppData\Local\tpk.exe
[2011/07/25 15:16:28 | 000,368,640 | ---- | M] () -- D:\Users\EF\Desktop\0.7488563607386016.exe
[2011/07/25 15:16:26 | 000,368,640 | ---- | M] () -- D:\Users\EF\AppData\Local\mon.exe
[2011/07/25 15:16:25 | 000,368,640 | ---- | M] () -- D:\Users\EF\AppData\Local\lmf.exe
[2011/07/25 15:16:25 | 000,368,640 | ---- | M] () -- D:\Users\EF\AppData\Local\fek.exe
[2011/07/25 15:16:25 | 000,368,640 | ---- | M] () -- D:\Users\EF\Desktop\0.12041723897129442.exe
[2011/07/25 15:16:24 | 000,368,640 | ---- | M] () -- D:\Users\EF\Desktop\0.9248803555660287.exe
[2011/07/25 15:16:24 | 000,368,640 | ---- | M] () -- D:\Users\EF\Desktop\0.11720384978834653.exe
[2011/07/25 10:35:42 | 000,000,027 | ---- | M] () -- D:\Windows\System32\drivers\etc\hosts
[2011/07/25 10:22:12 | 004,152,159 | R--- | M] (Swearware) -- D:\Users\EF\Desktop\ComboFix.exe
[2011/07/25 07:17:50 | 000,000,512 | ---- | M] () -- D:\PhysicalMBR.bin
[2011/07/25 07:11:31 | 001,383,430 | ---- | M] () -- D:\Users\EF\Desktop\tdsskiller.zip
[2011/07/25 05:42:40 | 000,045,568 | ---- | M] (Mozilla Foundation) -- D:\Users\EF\Desktop\0.3835261800545806.exe
[2011/07/25 05:42:39 | 000,045,568 | ---- | M] (Mozilla Foundation) -- D:\Users\EF\Desktop\0.4864873851557573.exe
[2011/07/25 05:38:44 | 000,045,568 | ---- | M] (Mozilla Foundation) -- D:\Users\EF\Desktop\0.5124420421076967.exe
[2011/07/25 05:38:43 | 000,045,568 | ---- | M] (Mozilla Foundation) -- D:\Users\EF\Desktop\0.07849969423845005.exe
[2011/07/25 05:38:32 | 000,045,568 | ---- | M] (Mozilla Foundation) -- D:\Users\EF\Desktop\0.015736044417480444.exe
[2011/07/25 05:38:30 | 000,045,568 | ---- | M] (Mozilla Foundation) -- D:\Users\EF\Desktop\0.10830938780318111.exe
[2011/07/25 05:38:28 | 000,045,568 | ---- | M] (Mozilla Foundation) -- D:\Users\EF\Desktop\0.22245900170071087.exe
[2011/07/25 05:38:25 | 000,045,568 | ---- | M] (Mozilla Foundation) -- D:\Users\EF\Desktop\0.49623053872482026.exe
[2011/07/25 05:38:04 | 000,045,568 | ---- | M] (Mozilla Foundation) -- D:\Users\EF\Desktop\0.27143178991091443.exe
[2011/07/25 05:36:38 | 000,045,568 | ---- | M] (Mozilla Foundation) -- D:\Users\EF\Desktop\0.733647115277317.exe
[2011/07/24 15:54:56 | 000,526,848 | ---- | M] () -- D:\Users\EF\Desktop\winlogon.exe
[2011/07/24 15:06:45 | 000,579,584 | ---- | M] (OldTimer Tools) -- D:\Users\EF\Desktop\OTL.exe
[2011/07/21 06:03:16 | 000,002,441 | ---- | M] () -- D:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader 9.lnk
[2011/07/21 06:03:16 | 000,002,018 | ---- | M] () -- D:\Users\Public\Desktop\Adobe Reader 9.lnk
[2011/07/17 04:56:18 | 000,506,680 | ---- | M] () -- D:\Windows\System32\FNTCACHE.DAT
[2011/07/13 14:03:47 | 000,000,952 | ---- | M] () -- D:\ProgramData\KGyGaAvL.sys
[2011/07/10 09:57:29 | 000,000,937 | ---- | M] () -- D:\ProgramData\Microsoft\Windows\Start Menu\Programs\Winamax Poker.lnk
[2011/07/10 09:57:29 | 000,000,925 | ---- | M] () -- D:\Users\Public\Desktop\Winamax Poker.lnk
[2011/07/05 12:56:53 | 000,070,642 | ---- | M] () -- D:\Users\EF\Desktop\Call.Of.Duty.2.PAL.XBOX360.rar
[2011/06/26 02:45:56 | 000,256,000 | ---- | M] () -- D:\Windows\PEV.exe
[2 D:\Users\EF\AppData\Local\*.tmp files -> D:\Users\EF\AppData\Local\*.tmp -> ]
 
[color=#E56717]========== Files Created - No Company Name ==========[/color]
 
[2011/07/25 17:30:05 | 000,000,000 | ---- | C] () -- D:\Users\EF\AppData\Local\{08952DD3-C5CC-4FEA-A4C6-32A9AC7D8DF2}
[2011/07/25 17:14:14 | 000,000,000 | ---- | C] () -- D:\Users\EF\AppData\Local\{ECF071E5-C86B-4A6D-B3E6-A7A38A118D1E}
[2011/07/25 15:16:40 | 000,368,640 | ---- | C] () -- D:\Users\EF\AppData\Local\wax.exe
[2011/07/25 15:16:39 | 000,368,640 | ---- | C] () -- D:\Users\EF\AppData\Local\ann.exe
[2011/07/25 15:16:39 | 000,011,324 | -HS- | C] () -- D:\ProgramData\3y6os41x68
[2011/07/25 15:16:39 | 000,011,292 | -HS- | C] () -- D:\Users\EF\AppData\Local\3y6os41x68
[2011/07/25 15:16:33 | 000,368,640 | ---- | C] () -- D:\Users\EF\AppData\Local\vvg.exe
[2011/07/25 15:16:33 | 000,368,640 | ---- | C] () -- D:\Users\EF\AppData\Local\qmi.exe
[2011/07/25 15:16:33 | 000,368,640 | ---- | C] () -- D:\Users\EF\AppData\Local\hjj.exe
[2011/07/25 15:16:30 | 000,368,640 | ---- | C] () -- D:\Users\EF\AppData\Local\nwm.exe
[2011/07/25 15:16:28 | 000,368,640 | ---- | C] () -- D:\Users\EF\AppData\Local\tpk.exe
[2011/07/25 15:16:26 | 000,368,640 | ---- | C] () -- D:\Users\EF\AppData\Local\mon.exe
[2011/07/25 15:16:25 | 000,368,640 | ---- | C] () -- D:\Users\EF\AppData\Local\lmf.exe
[2011/07/25 15:16:25 | 000,368,640 | ---- | C] () -- D:\Users\EF\AppData\Local\fek.exe
[2011/07/25 15:16:24 | 000,368,640 | ---- | C] () -- D:\Users\EF\Desktop\0.7488563607386016.exe
[2011/07/25 15:16:24 | 000,368,640 | ---- | C] () -- D:\Users\EF\Desktop\0.35215216153365136.exe
[2011/07/25 15:16:19 | 000,368,640 | ---- | C] () -- D:\Users\EF\Desktop\0.9248803555660287.exe
[2011/07/25 15:16:19 | 000,368,640 | ---- | C] () -- D:\Users\EF\Desktop\0.12041723897129442.exe
[2011/07/25 15:16:19 | 000,368,640 | ---- | C] () -- D:\Users\EF\Desktop\0.11720384978834653.exe
[2011/07/25 10:26:53 | 000,256,000 | ---- | C] () -- D:\Windows\PEV.exe
[2011/07/25 10:26:53 | 000,208,896 | ---- | C] () -- D:\Windows\MBR.exe
[2011/07/25 10:26:53 | 000,098,816 | ---- | C] () -- D:\Windows\sed.exe
[2011/07/25 10:26:53 | 000,080,412 | ---- | C] () -- D:\Windows\grep.exe
[2011/07/25 10:26:53 | 000,068,096 | ---- | C] () -- D:\Windows\zip.exe
[2011/07/25 07:11:21 | 001,383,430 | ---- | C] () -- D:\Users\EF\Desktop\tdsskiller.zip
[2011/07/24 16:00:50 | 000,000,512 | ---- | C] () -- D:\PhysicalMBR.bin
[2011/07/24 15:54:54 | 000,526,848 | ---- | C] () -- D:\Users\EF\Desktop\winlogon.exe
[2011/07/21 06:03:16 | 000,002,018 | ---- | C] () -- D:\Users\Public\Desktop\Adobe Reader 9.lnk
[2011/07/05 12:56:53 | 000,070,642 | ---- | C] () -- D:\Users\EF\Desktop\Call.Of.Duty.2.PAL.XBOX360.rar
[2011/02/25 07:38:49 | 000,013,619 | ---- | C] () -- D:\Users\EF\AppData\Roaming\1206.574
[2010/11/17 05:38:03 | 000,000,036 | ---- | C] () -- D:\Windows\eprint.INI
[2010/09/27 12:04:45 | 000,000,952 | ---- | C] () -- D:\ProgramData\KGyGaAvL.sys
[2010/08/25 14:34:30 | 000,982,240 | ---- | C] () -- D:\Windows\SysWow64\igkrng500.bin
[2010/08/25 14:34:30 | 000,439,308 | ---- | C] () -- D:\Windows\SysWow64\igcompkrng500.bin
[2010/08/25 14:34:30 | 000,092,356 | ---- | C] () -- D:\Windows\SysWow64\igfcg500m.bin
[2010/08/25 13:52:00 | 000,208,896 | ---- | C] () -- D:\Windows\SysWow64\iglhsip32.dll
[2010/08/25 13:52:00 | 000,143,360 | ---- | C] () -- D:\Windows\SysWow64\iglhcp32.dll
[2010/07/24 17:02:42 | 000,000,000 | ---- | C] () -- D:\Windows\ViewNX.INI
[2010/07/24 16:58:51 | 000,000,268 | ---- | C] () -- D:\ProgramData\Techno Kit
[2010/07/24 16:58:51 | 000,000,268 | ---- | C] () -- D:\Users\EF\AppData\Roaming\Synth Textures
[2010/07/24 16:58:51 | 000,000,020 | ---- | C] () -- D:\ProgramData\PKP_DLdw.DAT
[2010/07/24 16:58:51 | 000,000,012 | ---- | C] () -- D:\ProgramData\Tremolo
[2010/07/24 16:56:52 | 000,000,268 | ---- | C] () -- D:\ProgramData\SystemConfiguration
[2010/07/24 16:56:52 | 000,000,268 | ---- | C] () -- D:\Users\EF\AppData\Roaming\Synth Leads
[2010/07/24 16:56:52 | 000,000,020 | ---- | C] () -- D:\ProgramData\PKP_DLdu.DAT
[2010/07/24 16:56:52 | 000,000,012 | ---- | C] () -- D:\ProgramData\Track Settings
[2010/07/17 08:07:33 | 000,007,168 | ---- | C] () -- D:\Windows\SysWow64\drivers\StarOpen.sys
[2010/03/13 10:54:16 | 000,000,909 | ---- | C] () -- D:\Windows\wininit.ini
[2009/10/19 20:01:07 | 000,134,592 | ---- | C] () -- D:\Windows\SysWow64\igfcg500.bin
[2009/07/14 01:38:36 | 000,067,584 | --S- | C] () -- D:\Windows\bootstat.dat
[2009/07/13 22:35:51 | 000,000,741 | ---- | C] () -- D:\Windows\SysWow64\NOISE.DAT
[2009/07/13 22:34:42 | 000,215,943 | ---- | C] () -- D:\Windows\SysWow64\dssec.dat
[2009/07/13 20:10:29 | 000,043,131 | ---- | C] () -- D:\Windows\mib.bin
[2009/07/13 20:02:54 | 000,245,248 | ---- | C] () -- D:\Windows\SysWow64\DShowRdpFilter.dll
[2009/07/13 19:42:10 | 000,064,000 | ---- | C] () -- D:\Windows\SysWow64\BWContextHandler.dll
[2009/07/13 18:25:04 | 000,197,632 | ---- | C] () -- D:\Windows\SysWow64\ir32_32.dll
[2009/07/13 17:03:59 | 000,364,544 | ---- | C] () -- D:\Windows\SysWow64\msjetoledb40.dll
[2009/07/03 04:25:06 | 001,578,010 | ---- | C] () -- D:\Windows\SysWow64\PerfStringBackup.INI
[2009/06/10 17:26:10 | 000,673,088 | ---- | C] () -- D:\Windows\SysWow64\mlang.dat
[2007/10/10 08:37:54 | 000,278,528 | ---- | C] () -- D:\Windows\ImgUploaderLang_3.dll
[2007/10/10 08:37:54 | 000,278,528 | ---- | C] () -- D:\Windows\ImgUploaderLang_2.dll
[2007/10/10 08:37:54 | 000,278,528 | ---- | C] () -- D:\Windows\ImgUploaderLang_1.dll
[2007/06/27 06:22:54 | 000,692,224 | ---- | C] () -- D:\Windows\libcurl.dll
[1998/09/14 14:43:16 | 000,065,536 | ---- | C] () -- D:\Windows\SysWow64\EZTW32.DLL
 
[color=#E56717]========== LOP Check ==========[/color]
 
[2011/02/04 17:08:36 | 000,000,000 | ---D | M] -- D:\ProgramData\Alawar Stargaze
[2010/03/06 06:09:57 | 000,000,000 | ---D | M] -- D:\ProgramData\Alwil Software
[2009/07/14 01:08:56 | 000,000,000 | -HSD | M] -- D:\ProgramData\Application Data
[2010/05/02 13:22:53 | 000,000,000 | ---D | M] -- D:\ProgramData\Arcade Lab
[2011/02/21 14:47:36 | 000,000,000 | ---D | M] -- D:\ProgramData\Big Fish Games
[2010/02/25 13:08:16 | 000,000,000 | -HSD | M] -- D:\ProgramData\Bureau
[2010/07/24 16:53:29 | 000,000,000 | ---D | M] -- D:\ProgramData\Canneverbe Limited
[2009/07/14 01:08:56 | 000,000,000 | -HSD | M] -- D:\ProgramData\Desktop
[2009/07/14 01:08:56 | 000,000,000 | -HSD | M] -- D:\ProgramData\Documents
[2010/07/24 16:58:51 | 000,000,000 | ---D | M] -- D:\ProgramData\EnterNHelp
[2009/10/19 20:03:03 | 000,000,000 | ---D | M] -- D:\ProgramData\eSobi
[2010/05/01 09:44:57 | 000,000,000 | ---D | M] -- D:\ProgramData\FarmFrenzy2
[2010/02/25 13:08:16 | 000,000,000 | -HSD | M] -- D:\ProgramData\Favoris
[2009/07/14 01:08:56 | 000,000,000 | -HSD | M] -- D:\ProgramData\Favorites
[2010/02/25 13:11:00 | 000,000,000 | ---D | M] -- D:\ProgramData\McQcModifier-5c47-a7b0
[2010/02/25 13:08:16 | 000,000,000 | -HSD | M] -- D:\ProgramData\Menu Démarrer
[2010/02/25 13:08:16 | 000,000,000 | -HSD | M] -- D:\ProgramData\Modèles
[2010/07/24 16:57:44 | 000,000,000 | ---D | M] -- D:\ProgramData\Nikon
[2010/02/25 13:08:43 | 000,000,000 | ---D | M] -- D:\ProgramData\OEM
[2010/03/31 16:39:24 | 000,000,000 | ---D | M] -- D:\ProgramData\Partner
[2010/11/04 09:23:47 | 000,000,000 | ---D | M] -- D:\ProgramData\PearlMountainSoft
[2011/02/16 18:39:15 | 000,000,000 | ---D | M] -- D:\ProgramData\PlayFirst
[2010/04/14 03:19:15 | 000,000,000 | ---D | M] -- D:\ProgramData\Sandlot Games
[2009/07/14 01:08:56 | 000,000,000 | -HSD | M] -- D:\ProgramData\Start Menu
[2010/09/30 17:44:17 | 000,000,000 | ---D | M] -- D:\ProgramData\SweetIM
[2011/02/21 14:49:31 | 000,000,000 | ---D | M] -- D:\ProgramData\TEMP
[2009/07/14 01:08:56 | 000,000,000 | -HSD | M] -- D:\ProgramData\Templates
[2011/03/02 06:54:10 | 000,000,000 | ---D | M] -- D:\ProgramData\Ubisoft
[2010/07/24 16:58:51 | 000,000,000 | ---D | M] -- D:\ProgramData\Ultima_T15
[2011/07/02 04:27:58 | 000,032,496 | ---- | M] () -- D:\Windows\Tasks\SCHEDLGU.TXT
 
[color=#E56717]========== Purity Check ==========[/color]
 
 
 
[color=#E56717]========== Custom Scans ==========[/color]
 
 
[color=#A23BEC]< HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\ >[/color]
"ReportBootOk" = 1
"Shell" = Explorer.exe -- [2011/02/26 01:33:07 | 002,614,784 | ---- | M] (Microsoft Corporation)
"PreCreateKnownFolders" = {A520A1A4-1780-4FF6-BD18-167343C5AF16}
"Userinit" = C:\Windows\system32\userinit.exe,
"VMApplet" = SystemPropertiesPerformance.exe /pagefile -- [2009/07/13 21:14:42 | 000,081,920 | ---- | M] (Microsoft Corporation)
"AutoRestartShell" = 1
"Background" = 0 0 0
"CachedLogonsCount" = 10
"DebugServerCommand" = no
"ForceUnlockLogon" = 0
"LegalNoticeCaption" =
"LegalNoticeText" =
"PasswordExpiryWarning" = 5
"PowerdownAfterShutdown" = 0
"ShutdownWithoutLogon" = 0
"WinStationsDisabled" = 0
"DisableCAD" = 1
"scremoveoption" = 0
"ShutdownFlags" = 39
"allocatecdroms" = 0
"LegalNotice Text" =
"SFCDisable" = 0
"System" =
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\SpecialAccounts]
 
[color=#A23BEC]< %systemroot%\system32\drivers\*.sys /lockedfiles >[/color]
 
Invalid Environment Variable: %ALLUSERSPROFILE%\Application Data\*.
 
Invalid Environment Variable: %ALLUSERSPROFILE%\Application Data\*.exe
 
Invalid Environment Variable: %APPDATA%\*.
 
Invalid Environment Variable: %APPDATA%\*.exe
 
[color=#A23BEC]< %SYSTEMDRIVE%\*.exe >[/color]
 
[color=#A23BEC]< %SYSTEMDRIVE%\*.exe >[/color]
 
 
[color=#A23BEC]< MD5 for: AGP440.SYS  >[/color]
[2009/07/13 21:52:21 | 000,061,008 | ---- | M] (Microsoft Corporation) MD5=608C14DBA7299D8CB6ED035A68A15799 -- D:\Windows\System32\drivers\AGP440.sys
[2009/07/13 21:52:21 | 000,061,008 | ---- | M] (Microsoft Corporation) MD5=608C14DBA7299D8CB6ED035A68A15799 -- D:\Windows\System32\DriverStore\FileRepository\machine.inf_amd64_neutral_9e6bb86c3b39a3e9\AGP440.sys
[2009/07/13 21:52:21 | 000,061,008 | ---- | M] (Microsoft Corporation) MD5=608C14DBA7299D8CB6ED035A68A15799 -- D:\Windows\winsxs\amd64_machine.inf_31bf3856ad364e35_6.1.7600.16385_none_1607dee2d861e021\AGP440.sys
[2009/07/13 21:52:21 | 000,061,008 | ---- | M] (Microsoft Corporation) MD5=608C14DBA7299D8CB6ED035A68A15799 -- D:\Windows\winsxs\amd64_machine.inf_31bf3856ad364e35_6.1.7601.17514_none_1838f2aad55063bb\AGP440.sys
 
[color=#A23BEC]< MD5 for: ATAPI.SYS  >[/color]
[2009/07/13 21:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- D:\Windows\ERDNT\cache64\atapi.sys
[2009/07/13 21:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- D:\Windows\System32\drivers\atapi.sys
[2009/07/13 21:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- D:\Windows\System32\DriverStore\FileRepository\mshdc.inf_amd64_neutral_a69a58a4286f0b22\atapi.sys
[2009/07/13 21:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- D:\Windows\winsxs\amd64_mshdc.inf_31bf3856ad364e35_6.1.7600.16385_none_392d19c13b3ad543\atapi.sys
[2009/07/13 21:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- D:\Windows\winsxs\amd64_mshdc.inf_31bf3856ad364e35_6.1.7601.17514_none_3b5e2d89382958dd\atapi.sys
 
[color=#A23BEC]< MD5 for: BOOTVID.DLL  >[/color]
[2009/07/13 21:52:21 | 000,023,120 | ---- | M] (Microsoft Corporation) MD5=B1DADC050C697C6371590389EDF89A95 -- D:\Windows\System32\BOOTVID.DLL
[2009/07/13 21:52:21 | 000,023,120 | ---- | M] (Microsoft Corporation) MD5=B1DADC050C697C6371590389EDF89A95 -- D:\Windows\winsxs\amd64_microsoft-windows-bootvid_31bf3856ad364e35_6.1.7600.16385_none_946e6d209fe56342\BOOTVID.DLL
[2009/07/13 21:26:15 | 000,021,584 | ---- | M] (Microsoft Corporation) MD5=D5037B4C527AB5069C48C9C09A12756D -- D:\Windows\SysWOW64\BOOTVID.DLL
[2009/07/13 21:26:15 | 000,021,584 | ---- | M] (Microsoft Corporation) MD5=D5037B4C527AB5069C48C9C09A12756D -- D:\Windows\winsxs\x86_microsoft-windows-bootvid_31bf3856ad364e35_6.1.7600.16385_none_384fd19ce787f20c\BOOTVID.DLL
 
[color=#A23BEC]< MD5 for: CDROM.SYS  >[/color]
[2009/07/13 19:19:54 | 000,147,456 | ---- | M] (Microsoft Corporation) MD5=83D2D75E1EFB81B3450C18131443F7DB -- D:\Windows\System32\drivers\cdrom.sys
[2009/07/13 19:19:54 | 000,147,456 | ---- | M] (Microsoft Corporation) MD5=83D2D75E1EFB81B3450C18131443F7DB -- D:\Windows\System32\DriverStore\FileRepository\cdrom.inf_amd64_neutral_8363d00ecae4322d\cdrom.sys
[2009/07/13 19:19:54 | 000,147,456 | ---- | M] (Microsoft Corporation) MD5=83D2D75E1EFB81B3450C18131443F7DB -- D:\Windows\winsxs\amd64_cdrom.inf_31bf3856ad364e35_6.1.7600.16385_none_bb9e4d89bd7870f1\cdrom.sys
[2010/11/20 05:19:21 | 000,147,456 | ---- | M] (Microsoft Corporation) MD5=F036CE71586E93D94DAB220D7BDF4416 -- D:\Windows\SoftwareDistribution\Download\488053cdbca3231eeb2c2af7236d09ed\amd64_cdrom.inf_31bf3856ad364e35_6.1.7601.17514_none_bdcf6151ba66f48b\cdrom.sys
 
[color=#A23BEC]< MD5 for: CI.DLL  >[/color]
[2009/07/13 21:43:14 | 000,780,224 | ---- | M] (Microsoft Corporation) MD5=02F31439AF6499B530AC285C0863BB9E -- D:\Windows\System32\ci.dll
[2009/07/13 21:43:14 | 000,780,224 | ---- | M] (Microsoft Corporation) MD5=02F31439AF6499B530AC285C0863BB9E -- D:\Windows\winsxs\amd64_microsoft-windows-codeintegrity_31bf3856ad364e35_6.1.7600.16385_none_fc6ce2e51e70eaed\ci.dll
[2010/11/20 09:28:59 | 000,780,008 | ---- | M] (Microsoft Corporation) MD5=11338E0557B07BC32CDB980B6EDB35AA -- D:\Windows\SoftwareDistribution\Download\488053cdbca3231eeb2c2af7236d09ed\amd64_microsoft-windows-codeintegrity_31bf3856ad364e35_6.1.7601.17514_none_fe9df6ad1b5f6e87\ci.dll
 
[color=#A23BEC]< MD5 for: CLFS.SYS  >[/color]
[2009/07/13 21:52:31 | 000,367,696 | ---- | M] (Microsoft Corporation) MD5=FE1EC06F2253F691FE36217C592A0206 -- D:\Windows\System32\clfs.sys
[2009/07/13 21:52:31 | 000,367,696 | ---- | M] (Microsoft Corporation) MD5=FE1EC06F2253F691FE36217C592A0206 -- D:\Windows\winsxs\amd64_microsoft-windows-commonlog_31bf3856ad364e35_6.1.7600.16385_none_da778c54413d0c9c\clfs.sys
 
[color=#A23BEC]< MD5 for: CNGAUDIT.DLL  >[/color]
[2009/07/13 21:15:06 | 000,012,288 | ---- | M] (Microsoft Corporation) MD5=50BA656134F78AF64E4DD3C8B6FEFD7E -- D:\Windows\ERDNT\cache86\cngaudit.dll
[2009/07/13 21:15:06 | 000,012,288 | ---- | M] (Microsoft Corporation) MD5=50BA656134F78AF64E4DD3C8B6FEFD7E -- D:\Windows\SysWOW64\cngaudit.dll
[2009/07/13 21:15:06 | 000,012,288 | ---- | M] (Microsoft Corporation) MD5=50BA656134F78AF64E4DD3C8B6FEFD7E -- D:\Windows\winsxs\x86_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.1.7600.16385_none_e83a414890e8132b\cngaudit.dll
[2009/07/13 21:40:20 | 000,018,944 | ---- | M] (Microsoft Corporation) MD5=86FE1B1F8FD42CD0DB641AB1CDB13093 -- D:\Windows\ERDNT\cache64\cngaudit.dll
[2009/07/13 21:40:20 | 000,018,944 | ---- | M] (Microsoft Corporation) MD5=86FE1B1F8FD42CD0DB641AB1CDB13093 -- D:\Windows\System32\cngaudit.dll
[2009/07/13 21:40:20 | 000,018,944 | ---- | M] (Microsoft Corporation) MD5=86FE1B1F8FD42CD0DB641AB1CDB13093 -- D:\Windows\winsxs\amd64_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.1.7600.16385_none_4458dccc49458461\cngaudit.dll
 
[color=#A23BEC]< MD5 for: DISK.SYS  >[/color]
[2009/07/13 21:47:48 | 000,073,280 | ---- | M] (Microsoft Corporation) MD5=9819EEE8B5EA3784EC4AF3B137A5244C -- D:\Windows\System32\drivers\disk.sys
[2009/07/13 21:47:48 | 000,073,280 | ---- | M] (Microsoft Corporation) MD5=9819EEE8B5EA3784EC4AF3B137A5244C -- D:\Windows\System32\DriverStore\FileRepository\disk.inf_amd64_neutral_10ce25bbc5a9cc43\disk.sys
[2009/07/13 21:47:48 | 000,073,280 | ---- | M] (Microsoft Corporation) MD5=9819EEE8B5EA3784EC4AF3B137A5244C -- D:\Windows\winsxs\amd64_disk.inf_31bf3856ad364e35_6.1.7600.16385_none_55bb738b8ddd8a01\disk.sys
 
[color=#A23BEC]< MD5 for: EXPLORER.EXE  >[/color]
[2011/02/26 02:23:14 | 002,870,272 | ---- | M] (Microsoft Corporation) MD5=0862495E0C825893DB75EF44FAEA8E93 -- D:\Windows\ERDNT\cache86\explorer.exe
[2011/02/26 02:23:14 | 002,870,272 | ---- | M] (Microsoft Corporation) MD5=0862495E0C825893DB75EF44FAEA8E93 -- D:\Windows\explorer.exe
[2011/02/26 02:23:14 | 002,870,272 | ---- | M] (Microsoft Corporation) MD5=0862495E0C825893DB75EF44FAEA8E93 -- D:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16768_none_adc24107935a7e25\explorer.exe
[2011/02/26 01:19:21 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=0FB9C74046656D1579A64660AD67B746 -- D:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.21669_none_ba87e574ddfe652d\explorer.exe
[2009/07/13 21:14:20 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=15BC38A7492BEFE831966ADB477CF76F -- D:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16385_none_b7fe430bc7ce3761\explorer.exe
[2011/02/26 01:51:13 | 002,614,784 | ---- | M] (Microsoft Corporation) MD5=255CF508D7CFB10E0794D6AC93280BD8 -- D:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20910_none_b8ce9756e0b786a4\explorer.exe
[2009/10/31 01:45:39 | 002,614,272 | ---- | M] (Microsoft Corporation) MD5=2626FC9755BE22F805D3CFA0CE3EE727 -- D:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16450_none_b819b343c7ba6202\explorer.exe
[2011/02/26 01:33:07 | 002,614,784 | ---- | M] (Microsoft Corporation) MD5=2AF58D15EDC06EC6FDACCE1F19482BBF -- D:\Windows\SysWOW64\explorer.exe
[2011/02/26 01:33:07 | 002,614,784 | ---- | M] (Microsoft Corporation) MD5=2AF58D15EDC06EC6FDACCE1F19482BBF -- D:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16768_none_b816eb59c7bb4020\explorer.exe
[2011/02/25 02:19:30 | 002,871,808 | ---- | M] (Microsoft Corporation) MD5=332FEAB1435662FC6C672E25BEB37BE3 -- D:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17567_none_afa79dc39081d0ba\explorer.exe
[2011/02/26 02:14:34 | 002,871,808 | ---- | M] (Microsoft Corporation) MD5=3B69712041F3D63605529BD66DC00C48 -- D:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.21669_none_b0333b22a99da332\explorer.exe
[2010/11/20 08:17:09 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=40D777B7A95E00593EB1568C68514493 -- D:\Windows\SoftwareDistribution\Download\488053cdbca3231eeb2c2af7236d09ed\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17514_none_ba2f56d3c4bcbafb\explorer.exe
[2009/08/03 02:19:07 | 002,868,224 | ---- | M] (Microsoft Corporation) MD5=700073016DAC1C3D2E7E2CE4223334B6 -- D:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20500_none_ae84b558ac4eb41c\explorer.exe
[2011/02/25 01:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=8B88EBBB05A0E56B7DCC708498C02B3E -- D:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17567_none_b9fc4815c4e292b5\explorer.exe
[2009/10/31 02:34:59 | 002,870,272 | ---- | M] (Microsoft Corporation) MD5=9AAAEC8DAC27AA17B053E6352AD233AE -- D:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16450_none_adc508f19359a007\explorer.exe
[2009/08/03 01:49:47 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=9FF6C4C91A3711C0A3B18F87B08B518D -- D:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20500_none_b8d95faae0af7617\explorer.exe
[2010/11/20 09:24:45 | 002,872,320 | ---- | M] (Microsoft Corporation) MD5=AC4C51EB24AA95B77F705AB159189E24 -- D:\Windows\SoftwareDistribution\Download\488053cdbca3231eeb2c2af7236d09ed\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17514_none_afdaac81905bf900\explorer.exe
[2009/10/31 02:38:38 | 002,870,272 | ---- | M] (Microsoft Corporation) MD5=B8EC4BD49CE8F6FC457721BFC210B67F -- D:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20563_none_ae46d6aeac7ca7c7\explorer.exe
[2009/08/03 01:35:50 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=B95EEB0F4E5EFBF1038A35B3351CF047 -- D:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16404_none_b853c407c78e3ba9\explorer.exe
[2009/07/13 21:39:10 | 002,868,224 | ---- | M] (Microsoft Corporation) MD5=C235A51CB740E45FFA0EBFB9BAFCDA64 -- D:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16385_none_ada998b9936d7566\explorer.exe
[2009/10/31 02:00:51 | 002,614,272 | ---- | M] (Microsoft Corporation) MD5=C76153C7ECA00FA852BB0C193378F917 -- D:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20563_none_b89b8100e0dd69c2\explorer.exe
[2011/02/26 02:26:45 | 002,870,784 | ---- | M] (Microsoft Corporation) MD5=E38899074D4951D31B4040E994DD7C8D -- D:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20910_none_ae79ed04ac56c4a9\explorer.exe
[2009/08/03 02:17:37 | 002,868,224 | ---- | M] (Microsoft Corporation) MD5=F170B4A061C9E026437B193B4D571799 -- D:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16404_none_adff19b5932d79ae\explorer.exe
 
[color=#A23BEC]< MD5 for: HAL.DLL  >[/color]
[2009/07/13 21:47:48 | 000,263,232 | ---- | M] (Microsoft Corporation) MD5=C0A6F6E05E14FBCAEDE7796C8590B7AC -- D:\Windows\System32\hal.dll
[2009/07/13 21:47:48 | 000,263,232 | ---- | M] (Microsoft Corporation) MD5=C0A6F6E05E14FBCAEDE7796C8590B7AC -- D:\Windows\winsxs\amd64_microsoft-windows-hal_31bf3856ad364e35_6.1.7600.16385_none_071de44b735b3dfc\hal.dll
[2010/11/20 09:33:34 | 000,263,040 | ---- | M] (Microsoft Corporation) MD5=CFB8C673F9188F99466E76C6972191E0 -- D:\Windows\SoftwareDistribution\Download\488053cdbca3231eeb2c2af7236d09ed\amd64_microsoft-windows-hal_31bf3856ad364e35_6.1.7601.17514_none_094ef8137049c196\hal.dll
 
[color=#A23BEC]< MD5 for: IASTOR.SYS  >[/color]
[2009/06/04 21:54:36 | 000,408,600 | ---- | M] (Intel Corporation) MD5=1D004CB1DA6323B1F55CAEF7F94B61D9 -- D:\Program Files (x86)\Intel\Intel Matrix Storage Manager\driver64\IaStor.sys
[2009/06/04 21:54:36 | 000,408,600 | ---- | M] (Intel Corporation) MD5=1D004CB1DA6323B1F55CAEF7F94B61D9 -- D:\Windows\System32\drivers\iaStor.sys
[2009/06/04 21:54:36 | 000,408,600 | ---- | M] (Intel Corporation) MD5=1D004CB1DA6323B1F55CAEF7F94B61D9 -- D:\Windows\System32\DriverStore\FileRepository\iaahci.inf_amd64_neutral_7fb62b08f6b7117a\iaStor.sys
[2009/06/04 21:43:16 | 000,330,264 | ---- | M] (Intel Corporation) MD5=D483687EACE0C065EE772481A96E05F5 -- D:\Program Files (x86)\Intel\Intel Matrix Storage Manager\driver\IaStor.sys
 
[color=#A23BEC]< MD5 for: IASTORV.SYS  >[/color]
[2010/11/20 09:33:38 | 000,410,496 | ---- | M] (Intel Corporation) MD5=3DF4395A7CF8B7A72A5F4606366B8C2D -- D:\Windows\SoftwareDistribution\Download\488053cdbca3231eeb2c2af7236d09ed\amd64_iastorv.inf_31bf3856ad364e35_6.1.7601.17514_none_0d3757e79e6784d0\iaStorV.sys
[2011/03/11 02:19:16 | 000,410,496 | ---- | M] (Intel Corporation) MD5=5B3DE7208E5000D5B451B9D290D2579C -- D:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7601.21680_none_0d714416b7c182d5\iaStorV.sys
[2011/03/11 02:41:26 | 000,410,496 | ---- | M] (Intel Corporation) MD5=AAAF44DB3BD0B9D1FB6969B23ECC8366 -- D:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7601.17577_none_0cf9793d9e95787b\iaStorV.sys
[2011/03/11 02:23:00 | 000,410,496 | ---- | M] (Intel Corporation) MD5=B75E45C564E944A2657167D197AB29DA -- D:\Windows\System32\drivers\iaStorV.sys
[2011/03/11 02:23:00 | 000,410,496 | ---- | M] (Intel Corporation) MD5=B75E45C564E944A2657167D197AB29DA -- D:\Windows\System32\DriverStore\FileRepository\iastorv.inf_amd64_neutral_0033117673c16921\iaStorV.sys
[2011/03/11 02:23:00 | 000,410,496 | ---- | M] (Intel Corporation) MD5=B75E45C564E944A2657167D197AB29DA -- D:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7600.16778_none_0b141c81a16e25e6\iaStorV.sys
[2011/03/11 02:25:49 | 000,410,496 | ---- | M] (Intel Corporation) MD5=BFDC9D75698800CFE4D1698BF2750EA2 -- D:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7600.20921_none_0bccc8c8ba6985c1\iaStorV.sys
[2009/07/13 21:48:04 | 000,410,688 | ---- | M] (Intel Corporation) MD5=D83EFB6FD45DF9D55E9A1AFC63640D50 -- D:\Windows\System32\DriverStore\FileRepository\iastorv.inf_amd64_neutral_18cccb83b34e1453\iaStorV.sys
[2009/07/13 21:48:04 | 000,410,688 | ---- | M] (Intel Corporation) MD5=D83EFB6FD45DF9D55E9A1AFC63640D50 -- D:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7600.16385_none_0b06441fa1790136\iaStorV.sys
 
[color=#A23BEC]< MD5 for: KD1394.DLL  >[/color]
[2011/02/05 08:32:29 | 000,019,328 | ---- | M] (Microsoft Corporation) MD5=0BE5261E3D20E7CD61194308E6FE9A26 -- D:\Windows\winsxs\amd64_microsoft-windows-b..uggertransport-1394_31bf3856ad364e35_6.1.7600.20897_none_c0411de526b768a4\kd1394.dll
[2011/02/05 08:41:24 | 000,019,328 | ---- | M] (Microsoft Corporation) MD5=6A9591A2E07B7AF1015587592EF27119 -- D:\Windows\System32\kd1394.dll
[2011/02/05 08:41:24 | 000,019,328 | ---- | M] (Microsoft Corporation) MD5=6A9591A2E07B7AF1015587592EF27119 -- D:\Windows\winsxs\amd64_microsoft-windows-b..uggertransport-1394_31bf3856ad364e35_6.1.7600.16757_none_bfe2c0ca0d795916\kd1394.dll
[2011/02/05 08:44:16 | 000,019,328 | ---- | M] (Microsoft Corporation) MD5=720AA2B993842FD7A17EC3A1526D1211 -- D:\Windows\winsxs\amd64_microsoft-windows-b..uggertransport-1394_31bf3856ad364e35_6.1.7601.21655_none_c250ba0723bf321e\kd1394.dll
[2011/02/05 13:10:08 | 000,019,328 | ---- | M] (Microsoft Corporation) MD5=722258D597A0CC4EEFF3AF338681E5B6 -- D:\Windows\winsxs\amd64_microsoft-windows-b..uggertransport-1394_31bf3856ad364e35_6.1.7601.17556_none_c1c81d860aa0abab\kd1394.dll
[2009/07/13 21:48:04 | 000,019,520 | ---- | M] (Microsoft Corporation) MD5=FF8FC96AF3797A06678F10BB300F154C -- D:\Windows\winsxs\amd64_microsoft-windows-b..uggertransport-1394_31bf3856ad364e35_6.1.7600.16385_none_bfc048da0d93859f\kd1394.dll
 
[color=#A23BEC]< MD5 for: KDCOM.DLL  >[/color]
[2011/02/05 08:32:29 | 000,017,792 | ---- | M] (Microsoft Corporation) MD5=31A2C33658CF03C42DDE43C7204ED037 -- D:\Windows\winsxs\amd64_microsoft-windows-b..gertransport-serial_31bf3856ad364e35_6.1.7600.20897_none_6e2b53d0df7fd8c1\kdcom.dll
[2009/07/13 21:48:04 | 000,017,984 | ---- | M] (Microsoft Corporation) MD5=5FD00D62F2C69F6FB2A7AD15D0DDD0DC -- D:\Windows\winsxs\amd64_microsoft-windows-b..gertransport-serial_31bf3856ad364e35_6.1.7600.16385_none_6daa7ec5c65bf5bc\kdcom.dll
[2011/02/05 08:44:16 | 000,017,792 | ---- | M] (Microsoft Corporation) MD5=B8CCCD8B757BCBCF2B2E953CDC2B1564 -- D:\Windows\winsxs\amd64_microsoft-windows-b..gertransport-serial_31bf3856ad364e35_6.1.7601.21655_none_703aeff2dc87a23b\kdcom.dll
[2011/02/05 13:10:08 | 000,017,792 | ---- | M] (Microsoft Corporation) MD5=CDD0C92A653CAC881D780003E0C4E813 -- D:\Windows\winsxs\amd64_microsoft-windows-b..gertransport-serial_31bf3856ad364e35_6.1.7601.17556_none_6fb25371c3691bc8\kdcom.dll
[2011/02/05 08:41:23 | 000,017,792 | ---- | M] (Microsoft Corporation) MD5=F413DF1D84E4CE2546790D9B9A50ADAB -- D:\Windows\System32\kdcom.dll
[2011/02/05 08:41:23 | 000,017,792 | ---- | M] (Microsoft Corporation) MD5=F413DF1D84E4CE2546790D9B9A50ADAB -- D:\Windows\winsxs\amd64_microsoft-windows-b..gertransport-serial_31bf3856ad364e35_6.1.7600.16757_none_6dccf6b5c641c933\kdcom.dll
 
[color=#A23BEC]< MD5 for: KDUSB.DLL  >[/color]
[2009/07/13 21:48:04 | 000,020,544 | ---- | M] (Microsoft Corporation) MD5=040B545E6C731AE319BB5321A1FAFF3C -- D:\Windows\winsxs\amd64_microsoft-windows-b..buggertransport-usb_31bf3856ad364e35_6.1.7600.16385_none_f9729b4224386e7a\kdusb.dll
[2011/02/05 08:41:24 | 000,020,352 | ---- | M] (Microsoft Corporation) MD5=390078DB867BD5AF896118B6823C4C0C -- D:\Windows\System32\kdusb.dll
[2011/02/05 08:41:24 | 000,020,352 | ---- | M] (Microsoft Corporation) MD5=390078DB867BD5AF896118B6823C4C0C -- D:\Windows\winsxs\amd64_microsoft-windows-b..buggertransport-usb_31bf3856ad364e35_6.1.7600.16757_none_f9951332241e41f1\kdusb.dll
[2011/02/05 08:44:17 | 000,020,352 | ---- | M] (Microsoft Corporation) MD5=4C901A03D24A5B66F2EBD77879CCFEC6 -- D:\Windows\winsxs\amd64_microsoft-windows-b..buggertransport-usb_31bf3856ad364e35_6.1.7601.21655_none_fc030c6f3a641af9\kdusb.dll
[2011/02/05 13:10:08 | 000,020,352 | ---- | M] (Microsoft Corporation) MD5=539AA23C29FAC72FB29D58F33E6931B1 -- D:\Windows\winsxs\amd64_microsoft-windows-b..buggertransport-usb_31bf3856ad364e35_6.1.7601.17556_none_fb7a6fee21459486\kdusb.dll
[2011/02/05 08:32:28 | 000,020,352 | ---- | M] (Microsoft Corporation) MD5=7DB1A9B87C962ECCC9CFD3ABCBFC19C2 -- D:\Windows\winsxs\amd64_microsoft-windows-b..buggertransport-usb_31bf3856ad364e35_6.1.7600.20897_none_f9f3704d3d5c517f\kdusb.dll
 
[color=#A23BEC]< MD5 for: KSECDD.SYS  >[/color]
[2010/11/20 09:33:38 | 000,095,616 | ---- | M] (Microsoft Corporation) MD5=CCD53B5BD33CE0C889E830D839C8B66E -- D:\Windows\SoftwareDistribution\Download\488053cdbca3231eeb2c2af7236d09ed\amd64_microsoft-windows-lsa_31bf3856ad364e35_6.1.7601.17514_none_04709031736ac277\ksecdd.sys
[2009/07/13 21:48:04 | 000,095,312 | ---- | M] (Microsoft Corporation) MD5=E8B6FCC9C83535C67F835D407620BD27 -- D:\Windows\System32\drivers\ksecdd.sys
[2009/07/13 21:48:04 | 000,095,312 | ---- | M] (Microsoft Corporation) MD5=E8B6FCC9C83535C67F835D407620BD27 -- D:\Windows\winsxs\amd64_microsoft-windows-lsa_31bf3856ad364e35_6.1.7600.16385_none_023f7c69767c3edd\ksecdd.sys
[2009/07/13 21:48:04 | 000,095,312 | ---- | M] (Microsoft Corporation) MD5=E8B6FCC9C83535C67F835D407620BD27 -- D:\Windows\winsxs\amd64_microsoft-windows-lsa_31bf3856ad364e35_6.1.7600.16484_none_023e7e05767d22ad\ksecdd.sys
[2009/07/13 21:48:04 | 000,095,312 | ---- | M] (Microsoft Corporation) MD5=E8B6FCC9C83535C67F835D407620BD27 -- D:\Windows\winsxs\amd64_microsoft-windows-lsa_31bf3856ad364e35_6.1.7600.20594_none_02bd4ae48fa2de68\ksecdd.sys
 
[color=#A23BEC]< MD5 for: NDIS.SYS  >[/color]
[2010/11/20 09:33:45 | 000,951,680 | ---- | M] (Microsoft Corporation) MD5=79B47FD40D9A817E932F9D26FAC0A81C -- D:\Windows\SoftwareDistribution\Download\488053cdbca3231eeb2c2af7236d09ed\amd64_microsoft-windows-ndis_31bf3856ad364e35_6.1.7601.17514_none_05ed313632ae9759\ndis.sys
[2009/07/13 21:48:27 | 000,947,776 | ---- | M] (Microsoft Corporation) MD5=CAD515DBD07D082BB317D9928CE8962C -- D:\Windows\ERDNT\cache64\ndis.sys
[2009/07/13 21:48:27 | 000,947,776 | ---- | M] (Microsoft Corporation) MD5=CAD515DBD07D082BB317D9928CE8962C -- D:\Windows\System32\drivers\ndis.sys
[2009/07/13 21:48:27 | 000,947,776 | ---- | M] (Microsoft Corporation) MD5=CAD515DBD07D082BB317D9928CE8962C -- D:\Windows\winsxs\amd64_microsoft-windows-ndis_31bf3856ad364e35_6.1.7600.16385_none_03bc1d6e35c013bf\ndis.sys
 
[color=#A23BEC]< MD5 for: NETLOGON.DLL  >[/color]
[2009/07/13 21:41:52 | 000,692,736 | ---- | M] (Microsoft Corporation) MD5=956D030D375F207B22FB111E06EF9C35 -- D:\Windows\ERDNT\cache64\netlogon.dll
[2009/07/13 21:41:52 | 000,692,736 | ---- | M] (Microsoft Corporation) MD5=956D030D375F207B22FB111E06EF9C35 -- D:\Windows\System32\netlogon.dll
[2009/07/13 21:41:52 | 000,692,736 | ---- | M] (Microsoft Corporation) MD5=956D030D375F207B22FB111E06EF9C35 -- D:\Windows\winsxs\amd64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7600.16385_none_59aca8ea51aaeefe\netlogon.dll
[2010/11/20 09:27:22 | 000,695,808 | ---- | M] (Microsoft Corporation) MD5=AA339DD8BB128EF66660DFBBB59043D3 -- D:\Windows\SoftwareDistribution\Download\488053cdbca3231eeb2c2af7236d09ed\amd64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7601.17514_none_5bddbcb24e997298\netlogon.dll
[2010/11/20 08:20:28 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=C1809B9907ADEDAF16F50C894100883B -- D:\Windows\SoftwareDistribution\Download\488053cdbca3231eeb2c2af7236d09ed\wow64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7601.17514_none_6632670482fa3493\netlogon.dll
[2009/07/13 21:16:02 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=EAA75D9000B71F10EEC04D2AE6C60E81 -- D:\Windows\ERDNT\cache86\netlogon.dll
[2009/07/13 21:16:02 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=EAA75D9000B71F10EEC04D2AE6C60E81 -- D:\Windows\SysWOW64\netlogon.dll
[2009/07/13 21:16:02 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=EAA75D9000B71F10EEC04D2AE6C60E81 -- D:\Windows\winsxs\wow64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7600.16385_none_6401533c860bb0f9\netlogon.dll
 
[color=#A23BEC]< MD5 for: NTOSKRNL.EXE  >[/color]
[2011/04/09 02:21:32 | 003,911,552 | ---- | M] (Microsoft Corporation) MD5=0F4A148499CC6FA5D84A0F1587869051 -- D:\Windows\winsxs\x86_microsoft-windows-os-kernel_31bf3856ad364e35_6.1.7600.20941_none_6cb79c952e776446\ntoskrnl.exe
[2010/11/20 08:30:06 | 003,911,040 | ---- | M] (Microsoft Corporation) MD5=2088D9994332583EDB3C561DE31EA5AD -- D:\Windows\SoftwareDistribution\Download\488053cdbca3231eeb2c2af7236d09ed\x86_microsoft-windows-os-kernel_31bf3856ad364e35_6.1.7601.17514_none_6e37cb8c12652b73\ntoskrnl.exe
[2011/04/09 02:54:07 | 005,475,712 | ---- | M] (Microsoft Corporation) MD5=240D89BBE5BCD168D748D6C12B6FE884 -- D:\Windows\winsxs\amd64_microsoft-windows-os-kernel_31bf3856ad364e35_6.1.7600.20941_none_c8d63818e6d4d57c\ntoskrnl.exe
[2010/06/19 03:05:01 | 005,507,968 | ---- | M] (Microsoft Corporation) MD5=28C4FE45FC1B176FA74A48FB15DE7C9A -- D:\Windows\winsxs\amd64_microsoft-windows-os-kernel_31bf3856ad364e35_6.1.7600.16617_none_c8730901cd997f9b\ntoskrnl.exe
[2010/02/27 07:46:28 | 003,899,784 | ---- | M] (Microsoft Corporation) MD5=466FD46F58768E56F7B841681014EFF1 -- D:\Windows\winsxs\x86_microsoft-windows-os-kernel_31bf3856ad364e35_6.1.7600.20655_none_6cb0c81f2e7bee1e\ntoskrnl.exe
[2010/06/19 03:05:25 | 005,474,184 | ---- | M] (Microsoft Corporation) MD5=5223C216E348E397C5EACCBEFB57FFF2 -- D:\Windows\winsxs\amd64_microsoft-windows-os-kernel_31bf3856ad364e35_6.1.7600.20738_none_c8e8063ee6c6709e\ntoskrnl.exe
[2011/04/09 02:02:25 | 003,912,576 | ---- | M] (Microsoft Corporation) MD5=5D21C487F79F8245E799071589E035BF -- D:\Windows\winsxs\x86_microsoft-windows-os-kernel_31bf3856ad364e35_6.1.7601.17592_none_6ddf4b9812a7d84d\ntoskrnl.exe
[2010/10/27 00:43:38 | 003,901,824 | ---- | M] (Microsoft Corporation) MD5=776201760B5692F10DDA3BE85B54F213 -- D:\Windows\winsxs\x86_microsoft-windows-os-kernel_31bf3856ad364e35_6.1.7600.16695_none_6bfbed8a157ebb3f\ntoskrnl.exe
[2010/02/27 11:28:56 | 005,485,448 | ---- | M] (Microsoft Corporation) MD5=7B7253D90EF53BAFCDC96C888B1DB4F3 -- D:\Windows\winsxs\amd64_microsoft-windows-os-kernel_31bf3856ad364e35_6.1.7600.20655_none_c8cf63a2e6d95f54\ntoskrnl.exe
[2010/06/19 02:33:29 | 003,899,784 | ---- | M] (Microsoft Corporation) MD5=8218E74A67942120BF8EE30661EDF83F -- D:\Windows\winsxs\x86_microsoft-windows-os-kernel_31bf3856ad364e35_6.1.7600.16617_none_6c546d7e153c0e65\ntoskrnl.exe
[2011/04/09 02:50:20 | 005,562,240 | ---- | M] (Microsoft Corporation) MD5=99C2715F138E7ED2F489AB796DD3B53C -- D:\Windows\winsxs\amd64_microsoft-windows-os-kernel_31bf3856ad364e35_6.1.7601.21701_none_cae7d4cee3dad1a4\ntoskrnl.exe
[2009/07/13 21:48:28 | 005,511,248 | ---- | M] (Microsoft Corporation) MD5=9E722B768E33D26AD8FA7D642E707443 -- D:\Windows\winsxs\amd64_microsoft-windows-os-kernel_31bf3856ad364e35_6.1.7600.16385_none_c8255347cdd4190f\ntoskrnl.exe
[2009/07/13 21:20:44 | 003,899,472 | ---- | M] (Microsoft Corporation) MD5=B9D673F7707219DFD264891A26C21ECB -- D:\Windows\winsxs\x86_microsoft-windows-os-kernel_31bf3856ad364e35_6.1.7600.16385_none_6c06b7c41576a7d9\ntoskrnl.exe
[2010/10/27 00:33:37 | 003,911,552 | ---- | M] (Microsoft Corporation) MD5=C6169F5FDC8399E0C6C0729AB6EF2EF8 -- D:\Windows\winsxs\x86_microsoft-windows-os-kernel_31bf3856ad364e35_6.1.7600.20826_none_6cd23bf92e62adf0\ntoskrnl.exe
[2010/11/20 09:33:46 | 005,563,776 | ---- | M] (Microsoft Corporation) MD5=C6CEC3E6CC9842B73501C70AA64C00FE -- D:\Windows\SoftwareDistribution\Download\488053cdbca3231eeb2c2af7236d09ed\amd64_microsoft-windows-os-kernel_31bf3856ad364e35_6.1.7601.17514_none_ca56670fcac29ca9\ntoskrnl.exe
[2011/04/09 02:01:20 | 003,912,576 | ---- | M] (Microsoft Corporation) MD5=D385343510B75545EC5DB3A64C2D2492 -- D:\Windows\winsxs\x86_microsoft-windows-os-kernel_31bf3856ad364e35_6.1.7601.21701_none_6ec9394b2b7d606e\ntoskrnl.exe
[2010/06/19 02:37:01 | 003,909,512 | ---- | M] (Microsoft Corporation) MD5=D5662CD1F9B85936561A07ADC400ACF4 -- D:\Windows\winsxs\x86_microsoft-windows-os-kernel_31bf3856ad364e35_6.1.7600.20738_none_6cc96abb2e68ff68\ntoskrnl.exe
[2011/04/09 03:02:55 | 005,562,240 | ---- | M] (Microsoft Corporation) MD5=D60D9BCEAE5870A67E6C167F4681877B -- D:\Windows\winsxs\amd64_microsoft-windows-os-kernel_31bf3856ad364e35_6.1.7601.17592_none_c9fde71bcb054983\ntoskrnl.exe
[2011/04/09 02:13:06 | 003,901,824 | ---- | M] (Microsoft Corporation) MD5=D9FD1D6337F15AAF2012C69909615DB5 -- D:\Windows\ERDNT\cache86\ntoskrnl.exe
[2011/04/09 02:13:06 | 003,901,824 | ---- | M] (Microsoft Corporation) MD5=D9FD1D6337F15AAF2012C69909615DB5 -- D:\Windows\SysWOW64\ntoskrnl.exe
[2011/04/09 02:13:06 | 003,901,824 | ---- | M] (Microsoft Corporation) MD5=D9FD1D6337F15AAF2012C69909615DB5 -- D:\Windows\winsxs\x86_microsoft-windows-os-kernel_31bf3856ad364e35_6.1.7600.16792_none_6bf8ee9215816c61\ntoskrnl.exe
[2010/02/27 08:07:48 | 003,899,280 | ---- | M] (Microsoft Corporation) MD5=DD2ED3246F5F4E4B07F385A9520C3C7C -- D:\Windows\winsxs\x86_microsoft-windows-os-kernel_31bf3856ad364e35_6.1.7600.16539_none_6c40cc54154a7bce\ntoskrnl.exe
[2011/04/09 02:45:48 | 005,509,504 | ---- | M] (Microsoft Corporation) MD5=E03A9AC0273182895DCB3693A36785C9 -- D:\Windows\ERDNT\cache64\ntoskrnl.exe
[2011/04/09 02:45:48 | 005,509,504 | ---- | M] (Microsoft Corporation) MD5=E03A9AC0273182895DCB3693A36785C9 -- D:\Windows\System32\ntoskrnl.exe
[2011/04/09 02:45:48 | 005,509,504 | ---- | M] (Microsoft Corporation) MD5=E03A9AC0273182895DCB3693A36785C9 -- D:\Windows\winsxs\amd64_microsoft-windows-os-kernel_31bf3856ad364e35_6.1.7600.16792_none_c8178a15cddedd97\ntoskrnl.exe
[2010/10/27 01:18:36 | 005,510,528 | ---- | M] (Microsoft Corporation) MD5=E2EA143288BFF3D6B3AEB88C3BC02DAF -- D:\Windows\winsxs\amd64_microsoft-windows-os-kernel_31bf3856ad364e35_6.1.7600.16695_none_c81a890dcddc2c75\ntoskrnl.exe
[2010/10/27 01:23:11 | 005,477,248 | ---- | M] (Microsoft Corporation) MD5=E6FC5686F6BB6F0CEB1107E6D064A944 -- D:\Windows\winsxs\amd64_microsoft-windows-os-kernel_31bf3856ad364e35_6.1.7600.20826_none_c8f0d77ce6c01f26\ntoskrnl.exe
[2010/02/27 11:17:00 | 005,509,008 | ---- | M] (Microsoft Corporation) MD5=FD787551F58F9686CEC6353F693EF571 -- D:\Windows\winsxs\amd64_microsoft-windows-os-kernel_31bf3856ad364e35_6.1.7600.16539_none_c85f67d7cda7ed04\ntoskrnl.exe
 
[color=#A23BEC]< MD5 for: NVSTOR.SYS  >[/color]
[2009/07/13 21:45:45 | 000,167,488 | ---- | M] (NVIDIA Corporation) MD5=477DC4D6DEB99BE37084C9AC6D013DA1 -- D:\Windows\System32\DriverStore\FileRepository\nvraid.inf_amd64_neutral_5bde3fe2945bce9e\nvstor.sys
[2009/07/13 21:45:45 | 000,167,488 | ---- | M] (NVIDIA Corporation) MD5=477DC4D6DEB99BE37084C9AC6D013DA1 -- D:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7600.16385_none_95cfb4ced8afab0e\nvstor.sys
[2011/03/11 02:23:06 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=6C1D5F70E7A6A3FD1C90D840EDC048B9 -- D:\Windows\System32\drivers\nvstor.sys
[2011/03/11 02:23:06 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=6C1D5F70E7A6A3FD1C90D840EDC048B9 -- D:\Windows\System32\DriverStore\FileRepository\nvraid.inf_amd64_neutral_38e464dbe521cc7f\nvstor.sys
[2011/03/11 02:23:06 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=6C1D5F70E7A6A3FD1C90D840EDC048B9 -- D:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7600.16778_none_95dd8d30d8a4cfbe\nvstor.sys
[2011/03/11 02:25:53 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=AE274836BA56518E279087363A781214 -- D:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7600.20921_none_96963977f1a02f99\nvstor.sys
[2011/03/11 02:19:21 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=D23C7E8566DA2B8A7C0DBBB761D54888 -- D:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7601.21680_none_983ab4c5eef82cad\nvstor.sys
[2011/03/11 02:41:34 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=DAB0E87525C10052BF65F06152F37E4A -- D:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7601.17577_none_97c2e9ecd5cc2253\nvstor.sys
[2010/11/20 09:33:48 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=F7CD50FE7139F07E77DA8AC8033D1832 -- D:\Windows\SoftwareDistribution\Download\488053cdbca3231eeb2c2af7236d09ed\amd64_nvraid.inf_31bf3856ad364e35_6.1.7601.17514_none_9800c896d59e2ea8\nvstor.sys
 
[color=#A23BEC]< MD5 for: RASACD.SYS  >[/color]
[2009/07/13 20:10:09 | 000,014,848 | ---- | M] (Microsoft Corporation) MD5=5A0DA8AD5762FA2D91678A8A01311704 -- D:\Windows\System32\drivers\rasacd.sys
[2009/07/13 20:10:09 | 000,014,848 | ---- | M] (Microsoft Corporation) MD5=5A0DA8AD5762FA2D91678A8A01311704 -- D:\Windows\winsxs\amd64_microsoft-windows-rasautodial_31bf3856ad364e35_6.1.7600.16385_none_6bcef05d7f04260a\rasacd.sys
 
[color=#A23BEC]< MD5 for: RDPWD.SYS  >[/color]
[2010/11/20 07:04:37 | 000,210,944 | ---- | M] (Microsoft Corporation) MD5=15B66C206B5CB095BAB980553F38ED23 -- D:\Windows\SoftwareDistribution\Download\488053cdbca3231eeb2c2af7236d09ed\amd64_microsoft-windows-t..dp-winstationdriver_31bf3856ad364e35_6.1.7601.17514_none_a99b8db6eba2129b\rdpwd.sys
[2009/07/13 20:16:48 | 000,204,800 | ---- | M] (Microsoft Corporation) MD5=8A3E6BEA1C53EA6177FE2B6EBA2C80D7 -- D:\Windows\System32\drivers\rdpwd.sys
[2009/07/13 20:16:48 | 000,204,800 | ---- | M] (Microsoft Corporation) MD5=8A3E6BEA1C53EA6177FE2B6EBA2C80D7 -- D:\Windows\winsxs\amd64_microsoft-windows-t..dp-winstationdriver_31bf3856ad364e35_6.1.7600.16385_none_a76a79eeeeb38f01\rdpwd.sys
 
[color=#A23BEC]< MD5 for: SCECLI.DLL  >[/color]
[2009/07/13 21:16:13 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=26073302DAEA83CC5B944C546D6B47D2 -- D:\Windows\ERDNT\cache86\scecli.dll
[2009/07/13 21:16:13 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=26073302DAEA83CC5B944C546D6B47D2 -- D:\Windows\SysWOW64\scecli.dll
[2009/07/13 21:16:13 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=26073302DAEA83CC5B944C546D6B47D2 -- D:\Windows\winsxs\wow64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7600.16385_none_9e577e55272d37b4\scecli.dll
[2009/07/13 21:41:53 | 000,232,448 | ---- | M] (Microsoft Corporation) MD5=398712DDDAEFB85EDF61DF6A07B65C79 -- D:\Windows\ERDNT\cache64\scecli.dll
[2009/07/13 21:41:53 | 000,232,448 | ---- | M] (Microsoft Corporation) MD5=398712DDDAEFB85EDF61DF6A07B65C79 -- D:\Windows\System32\scecli.dll
[2009/07/13 21:41:53 | 000,232,448 | ---- | M] (Microsoft Corporation) MD5=398712DDDAEFB85EDF61DF6A07B65C79 -- D:\Windows\winsxs\amd64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7600.16385_none_9402d402f2cc75b9\scecli.dll
[2010/11/20 08:21:04 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=8124944EC89D6A1815E4E53F5B96AAF4 -- D:\Windows\SoftwareDistribution\Download\488053cdbca3231eeb2c2af7236d09ed\wow64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7601.17514_none_a088921d241bbb4e\scecli.dll
[2010/11/20 09:27:25 | 000,232,960 | ---- | M] (Microsoft Corporation) MD5=ED78427259134C63ED69804D2132B86C -- D:\Windows\SoftwareDistribution\Download\488053cdbca3231eeb2c2af7236d09ed\amd64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7601.17514_none_9633e7caefbaf953\scecli.dll
 
[color=#A23BEC]< MD5 for: SFLOPPY.SYS  >[/color]
[2009/07/13 20:01:02 | 000,016,896 | ---- | M] (Microsoft Corporation) MD5=A9D601643A1647211A1EE2EC4E433FF4 -- D:\Windows\System32\drivers\sfloppy.sys
[2009/07/13 20:01:02 | 000,016,896 | ---- | M] (Microsoft Corporation) MD5=A9D601643A1647211A1EE2EC4E433FF4 -- D:\Windows\System32\DriverStore\FileRepository\flpydisk.inf_amd64_neutral_f54222cc59267e1e\sfloppy.sys
[2009/07/13 20:01:02 | 000,016,896 | ---- | M] (Microsoft Corporation) MD5=A9D601643A1647211A1EE2EC4E433FF4 -- D:\Windows\winsxs\amd64_flpydisk.inf_31bf3856ad364e35_6.1.7600.16385_none_42ff01d4942cc5ea\sfloppy.sys
 
[color=#A23BEC]< MD5 for: SPLDR.SYS  >[/color]
[2009/07/13 21:45:55 | 000,019,008 | ---- | M] (Microsoft Corporation) MD5=B9E31E5CACDFE584F34F730A677803F9 -- D:\Windows\System32\drivers\spldr.sys
[2009/07/13 21:45:55 | 000,019,008 | ---- | M] (Microsoft Corporation) MD5=B9E31E5CACDFE584F34F730A677803F9 -- D:\Windows\winsxs\amd64_microsoft-windows-s..ive-blackbox-loader_31bf3856ad364e35_6.1.7600.16385_none_c72819e06acceb59\spldr.sys
 
[color=#A23BEC]< MD5 for: TCPIP.SYS  >[/color]
[2011/04/25 01:28:24 | 001,893,248 | ---- | M] (Microsoft Corporation) MD5=1F748D5439B65E0BEBD92F65048F030D -- D:\Windows\winsxs\amd64_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.1.7600.20951_none_0fb918de99201ffb\tcpip.sys
[2010/11/20 09:33:57 | 001,924,480 | ---- | M] (Microsoft Corporation) MD5=509383E505C973ED7534A06B3D19688D -- D:\Windows\SoftwareDistribution\Download\488053cdbca3231eeb2c2af7236d09ed\amd64_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.1.7601.17514_none_114417c17d05cb37\tcpip.sys
[2010/06/14 02:39:16 | 001,889,152 | ---- | M] (Microsoft Corporation) MD5=542C6767C68C9D6AAACA59436B0D15C2 -- D:\Windows\winsxs\amd64_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.1.7600.20733_none_0fd0b57e990e2079\tcpip.sys
[2011/04/25 01:32:22 | 001,896,832 | ---- | M] (Microsoft Corporation) MD5=61DC720BB065D607D5823F13D2A64321 -- D:\Windows\ERDNT\cache64\tcpip.sys
[2011/04/25 01:32:22 | 001,896,832 | ---- | M] (Microsoft Corporation) MD5=61DC720BB065D607D5823F13D2A64321 -- D:\Windows\System32\drivers\tcpip.sys
[2011/04/25 01:32:22 | 001,896,832 | ---- | M] (Microsoft Corporation) MD5=61DC720BB065D607D5823F13D2A64321 -- D:\Windows\winsxs\amd64_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.1.7600.16802_none_0f668bf97fd90dd3\tcpip.sys
[2010/04/09 07:06:28 | 001,898,376 | ---- | M] (Microsoft Corporation) MD5=7FC877A25796D8ADF539E64703FCA7E1 -- D:\Windows\winsxs\amd64_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.1.7600.16569_none_0f2ca8c580036f65\tcpip.sys
[2010/06/14 02:37:36 | 001,896,832 | ---- | M] (Microsoft Corporation) MD5=90A2D722CF64D911879D6C4A4F802A4D -- D:\Windows\winsxs\amd64_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.1.7600.16610_none_0f59b7ad7fe2fcc8\tcpip.sys
[2009/07/13 21:45:55 | 001,898,576 | ---- | M] (Microsoft Corporation) MD5=912107716BAB424C7870E8E6AF5E07E1 -- D:\Windows\winsxs\amd64_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.1.7600.16385_none_0f1303f98017479d\tcpip.sys
[2011/04/25 01:33:51 | 001,923,968 | ---- | M] (Microsoft Corporation) MD5=92CE29D95AC9DD2D0EE9061D551BA250 -- D:\Windows\winsxs\amd64_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.1.7601.17603_none_114de9497cfe9316\tcpip.sys
[2010/04/09 03:56:29 | 001,892,232 | ---- | M] (Microsoft Corporation) MD5=A9C0F786AC1F736891D05CE0A1D29DEB -- D:\Windows\winsxs\amd64_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.1.7600.20687_none_0f9ea52499331463\tcpip.sys
[2011/04/25 02:16:34 | 001,927,552 | ---- | M] (Microsoft Corporation) MD5=B77977AEB2FF159D01DB08A309989C5F -- D:\Windows\winsxs\amd64_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.1.7601.21712_none_11cbb5de9625357a\tcpip.sys
 
[color=#A23BEC]< MD5 for: TDPIPE.SYS  >[/color]
[2009/07/13 20:16:32 | 000,015,872 | ---- | M] (Microsoft Corporation) MD5=3371D21011695B16333A3934340C4E7C -- D:\Windows\System32\drivers\tdpipe.sys
[2009/07/13 20:16:32 | 000,015,872 | ---- | M] (Microsoft Corporation) MD5=3371D21011695B16333A3934340C4E7C -- D:\Windows\winsxs\amd64_microsoft-windows-t..es-transportdrivers_31bf3856ad364e35_6.1.7600.16385_none_37a129135e68497e\tdpipe.sys
 
[color=#A23BEC]< MD5 for: TDTCP.SYS  >[/color]
[2009/07/13 20:16:32 | 000,023,552 | ---- | M] (Microsoft Corporation) MD5=E4245BDA3190A582D55ED09E137401A9 -- D:\Windows\System32\drivers\tdtcp.sys
[2009/07/13 20:16:32 | 000,023,552 | ---- | M] (Microsoft Corporation) MD5=E4245BDA3190A582D55ED09E137401A9 -- D:\Windows\winsxs\amd64_microsoft-windows-t..es-transportdrivers_31bf3856ad364e35_6.1.7600.16385_none_37a129135e68497e\tdtcp.sys
 
[color=#A23BEC]< MD5 for: TPM.SYS  >[/color]
[2009/07/13 19:21:48 | 000,038,400 | ---- | M] (Microsoft Corporation) MD5=DBCC20C02E8A3E43B03C304A4E40A84F -- D:\Windows\System32\DriverStore\FileRepository\tpm.inf_amd64_neutral_d5bb6575cf91cd73\tpm.sys
[2009/07/13 19:21:48 | 000,038,400 | ---- | M] (Microsoft Corporation) MD5=DBCC20C02E8A3E43B03C304A4E40A84F -- D:\Windows\winsxs\amd64_tpm.inf_31bf3856ad364e35_6.1.7600.16385_none_0817dcde20d8acd1\tpm.sys
 
[color=#A23BEC]< MD5 for: USBPRINT.SYS  >[/color]
[2009/07/13 20:38:18 | 000,025,088 | ---- | M] (Microsoft Corporation) MD5=73188F58FB384E75C4063D29413CEE3D -- D:\Windows\System32\drivers\usbprint.sys
[2009/07/13 20:38:18 | 000,025,088 | ---- | M] (Microsoft Corporation) MD5=73188F58FB384E75C4063D29413CEE3D -- D:\Windows\System32\DriverStore\FileRepository\usbprint.inf_amd64_neutral_54948be2bc4bcdd1\usbprint.sys
[2009/07/13 20:38:18 | 000,025,088 | ---- | M] (Microsoft Corporation) MD5=73188F58FB384E75C4063D29413CEE3D -- D:\Windows\winsxs\amd64_usbprint.inf_31bf3856ad364e35_6.1.7600.16385_none_8eeeb411db1b01c5\usbprint.sys
 
[color=#A23BEC]< MD5 for: USBSCAN.SYS  >[/color]
[2009/07/13 20:35:32 | 000,041,984 | ---- | M] (Microsoft Corporation) MD5=AAA2513C8AED8B54B189FD0C6B1634C0 -- D:\Windows\System32\DriverStore\FileRepository\sti.inf_amd64_neutral_9d9a7113099a28a2\usbscan.sys
[2009/07/13 20:35:32 | 000,041,984 | ---- | M] (Microsoft Corporation) MD5=AAA2513C8AED8B54B189FD0C6B1634C0 -- D:\Windows\winsxs\amd64_sti.inf_31bf3856ad364e35_6.1.7600.16385_none_b5d3c30ffa77a77a\usbscan.sys
 
[color=#A23BEC]< MD5 for: USERINIT.EXE  >[/color]
[2010/11/20 08:17:48 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- D:\Windows\SoftwareDistribution\Download\488053cdbca3231eeb2c2af7236d09ed\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7601.17514_none_de3024012ff21116\userinit.exe
[2009/07/13 21:14:43 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=6DE80F60D7DE9CE6B8C2DDFDF79EF175 -- D:\Windows\ERDNT\cache86\userinit.exe
[2009/07/13 21:14:43 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=6DE80F60D7DE9CE6B8C2DDFDF79EF175 -- D:\Windows\SysWOW64\userinit.exe
[2009/07/13 21:14:43 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=6DE80F60D7DE9CE6B8C2DDFDF79EF175 -- D:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7600.16385_none_dbff103933038d7c\userinit.exe
[2009/07/13 21:39:48 | 000,030,208 | ---- | M] (Microsoft Corporation) MD5=6F8F1376A13114CC10C0E69274F5A4DE -- D:\Windows\ERDNT\cache64\userinit.exe
[2009/07/13 21:39:48 | 000,030,208 | ---- | M] (Microsoft Corporation) MD5=6F8F1376A13114CC10C0E69274F5A4DE -- D:\Windows\System32\userinit.exe
[2009/07/13 21:39:48 | 000,030,208 | ---- | M] (Microsoft Corporation) MD5=6F8F1376A13114CC10C0E69274F5A4DE -- D:\Windows\winsxs\amd64_microsoft-windows-userinit_31bf3856ad364e35_6.1.7600.16385_none_381dabbceb60feb2\userinit.exe
[2010/11/20 09:25:24 | 000,030,720 | ---- | M] (Microsoft Corporation) MD5=BAFE84E637BF7388C96EF48D4D3FDD53 -- D:\Windows\SoftwareDistribution\Download\488053cdbca3231eeb2c2af7236d09ed\amd64_microsoft-windows-userinit_31bf3856ad364e35_6.1.7601.17514_none_3a4ebf84e84f824c\userinit.exe
 
[color=#A23BEC]< MD5 for: WINLOAD.EXE  >[/color]
[2011/02/05 08:39:21 | 000,603,976 | ---- | M] (Microsoft Corporation) MD5=09DD82F21499682086554C054676F08C -- D:\Windows\System32\Boot\winload.exe
[2011/02/05 08:39:21 | 000,603,976 | ---- | M] (Microsoft Corporation) MD5=09DD82F21499682086554C054676F08C -- D:\Windows\System32\winload.exe
[2011/02/05 08:39:21 | 000,603,976 | ---- | M] (Microsoft Corporation) MD5=09DD82F21499682086554C054676F08C -- D:\Windows\winsxs\amd64_microsoft-windows-b..environment-windows_31bf3856ad364e35_6.1.7600.16757_none_c55000c1a6617837\winload.exe
[2011/02/05 08:39:21 | 000,603,976 | ---- | M] (Microsoft Corporation) MD5=09DD82F21499682086554C054676F08C -- D:\Windows\winsxs\amd64_microsoft-windows-b..vironment-os-loader_31bf3856ad364e35_6.1.7600.16757_none_b73e23c9863dba66\winload.exe
[2011/02/05 08:40:06 | 000,605,552 | ---- | M] (Microsoft Corporation) MD5=1814099E8025B579C57279AD3F1A7931 -- D:\Windows\winsxs\amd64_microsoft-windows-b..environment-windows_31bf3856ad364e35_6.1.7601.21655_none_c7bdf9febca7513f\winload.exe
[2011/02/05 08:40:06 | 000,605,552 | ---- | M] (Microsoft Corporation) MD5=1814099E8025B579C57279AD3F1A7931 -- D:\Windows\winsxs\amd64_microsoft-windows-b..vironment-os-loader_31bf3856ad364e35_6.1.7601.21655_none_b9ac1d069c83936e\winload.exe
[2011/02/05 13:06:41 | 000,605,552 | ---- | M] (Microsoft Corporation) MD5=78C918D3612FE5937D32E488F053F10A -- D:\Windows\winsxs\amd64_microsoft-windows-b..environment-windows_31bf3856ad364e35_6.1.7601.17556_none_c7355d7da388cacc\winload.exe
[2011/02/05 13:06:41 | 000,605,552 | ---- | M] (Microsoft Corporation) MD5=78C918D3612FE5937D32E488F053F10A -- D:\Windows\winsxs\amd64_microsoft-windows-b..vironment-os-loader_31bf3856ad364e35_6.1.7601.17556_none_b923808583650cfb\winload.exe
[2011/02/05 08:30:30 | 000,605,040 | ---- | M] (Microsoft Corporation) MD5=8139738658C31621541293085A94681D -- D:\Windows\winsxs\amd64_microsoft-windows-b..environment-windows_31bf3856ad364e35_6.1.7600.20897_none_c5ae5ddcbf9f87c5\winload.exe
[2011/02/05 08:30:30 | 000,605,040 | ---- | M] (Microsoft Corporation) MD5=8139738658C31621541293085A94681D -- D:\Windows\winsxs\amd64_microsoft-windows-b..vironment-os-loader_31bf3856ad364e35_6.1.7600.20897_none_b79c80e49f7bc9f4\winload.exe
[2009/07/13 21:43:15 | 000,604,192 | ---- | M] (Microsoft Corporation) MD5=87B2086D7382A42935D55EC69E5E71AB -- D:\Windows\winsxs\amd64_microsoft-windows-b..environment-windows_31bf3856ad364e35_6.1.7600.16385_none_c52d88d1a67ba4c0\winload.exe
[2009/07/13 21:43:15 | 000,604,192 | ---- | M] (Microsoft Corporation) MD5=87B2086D7382A42935D55EC69E5E71AB -- D:\Windows\winsxs\amd64_microsoft-windows-b..vironment-os-loader_31bf3856ad364e35_6.1.7600.16385_none_b71babd98657e6ef\winload.exe
[2010/11/20 09:28:59 | 000,605,552 | ---- | M] (Microsoft Corporation) MD5=E2F68DC7FBD6E0BF031CA3809A739346 -- D:\Windows\SoftwareDistribution\Download\488053cdbca3231eeb2c2af7236d09ed\amd64_microsoft-windows-b..environment-windows_31bf3856ad364e35_6.1.7601.17514_none_c75e9c99a36a285a\winload.exe
[2010/11/20 09:28:59 | 000,605,552 | ---- | M] (Microsoft Corporation) MD5=E2F68DC7FBD6E0BF031CA3809A739346 -- D:\Windows\SoftwareDistribution\Download\488053cdbca3231eeb2c2af7236d09ed\amd64_microsoft-windows-b..vironment-os-loader_31bf3856ad364e35_6.1.7601.17514_none_b94cbfa183466a89\winload.exe
 
[color=#A23BEC]< MD5 for: WINLOGON.EXE  >[/color]
[2011/07/24 15:54:56 | 000,526,848 | ---- | M] () MD5=08E93418EFC70EB4E39BBD964304AD71 -- D:\Users\EF\Desktop\winlogon.exe
[2010/11/20 09:25:30 | 000,390,656 | ---- | M] (Microsoft Corporation) MD5=1151B1BAA6F350B1DB6598E0FEA7C457 -- D:\Windows\SoftwareDistribution\Download\488053cdbca3231eeb2c2af7236d09ed\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7601.17514_none_cde90685eb910636\winlogon.exe
[2009/07/13 21:39:52 | 000,389,120 | ---- | M] (Microsoft Corporation) MD5=132328DF455B0028F13BF0ABEE51A63A -- D:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16385_none_cbb7f2bdeea2829c\winlogon.exe
[2009/10/28 03:01:57 | 000,389,632 | ---- | M] (Microsoft Corporation) MD5=A93D41A4D4B0D91C072D11DD8AF266DE -- D:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.20560_none_cc522fd507b468f8\winlogon.exe
[2009/10/28 02:24:40 | 000,389,632 | ---- | M] (Microsoft Corporation) MD5=DA3E2A6FA9660CC75B471530CE88453A -- D:\Windows\ERDNT\cache64\winlogon.exe
[2009/10/28 02:24:40 | 000,389,632 | ---- | M] (Microsoft Corporation) MD5=DA3E2A6FA9660CC75B471530CE88453A -- D:\Windows\System32\winlogon.exe
[2009/10/28 02:24:40 | 000,389,632 | ---- | M] (Microsoft Corporation) MD5=DA3E2A6FA9660CC75B471530CE88453A -- D:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16447_none_cbe534e7ee8042ad\winlogon.exe
 
[color=#A23BEC]< %systemroot%\*. /mp /s >[/color]
 
[color=#A23BEC]< %systemroot%\system32\*.dll /lockedfiles >[/color]
 
[color=#A23BEC]< %systemroot%\Tasks\*.job /lockedfiles  >[/color]
 
 
< End of report >
sof42
Apprenti(e) Expert(e)
Apprenti(e) Expert(e)
 
Messages: 104
Inscription: 07 Nov 2010 12:00
 

Re: PERSONAL SHIELD PRO

Message le 25 Juil 2011 23:49

Je ne comprends rien j'ai réessayer sur le message de dessus et cette fois ci mon rapport n'apparait même pas.
Code: Tout sélectionner
OTL logfile created on: 7/26/2011 1:09:19 AM - Run
OTLPE by OldTimer - Version 3.1.48.0     Folder = X:\Programs\OTLPE
64bit-Windows 7 Home Premium  (Version = 6.1.7600) - Type = System
Internet Explorer (Version = 8.0.7600.16385)
Locale: 0000040c | Country: France | Language: FRA | Date Format: dd/MM/yyyy
 
2.00 Gb Total Physical Memory | 2.00 Gb Available Physical Memory | 85.00% Memory free
2.00 Gb Paging File | 2.00 Gb Available in Paging File | 97.00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = D: | %SystemRoot% = D:\Windows | %ProgramFiles% = D:\Program Files (x86)
Drive C: | 100.00 Mb Total Space | 75.86 Mb Free Space | 75.87% Space Free | Partition Type: NTFS
Drive D: | 136.95 Gb Total Space | 57.40 Gb Free Space | 41.91% Space Free | Partition Type: NTFS
Drive E: | 7.46 Gb Total Space | 2.61 Gb Free Space | 35.03% Space Free | Partition Type: FAT32
Drive X: | 436.59 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS
 
Computer Name: REATOGO | User Name: SYSTEM
Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
Using ControlSet: ControlSet001
 
[color=#E56717]========== Win32 Services (SafeList) ==========[/color]
 
SRV:[b]64bit:[/b] - [2009/09/30 17:44:58 | 000,844,320 | ---- | M] (Acer Incorporated) [Auto] -- D:\Program Files\Acer\Acer ePower Management\ePowerSvc.exe -- (ePowerSvc)
SRV - [2011/05/01 04:41:12 | 000,136,360 | ---- | M] (Avira GmbH) [Auto] -- D:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService)
SRV - [2011/04/01 02:22:32 | 000,269,480 | ---- | M] (Avira GmbH) [Auto] -- D:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService)
SRV - [2010/03/18 08:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto] -- D:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2010/03/18 05:19:26 | 000,113,152 | ---- | M] (ArcSoft Inc.) [Auto] -- D:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe -- (ACDaemon)
SRV - [2010/03/04 17:38:00 | 000,071,096 | ---- | M] () [Auto] -- D:\Program Files (x86)\CDBurnerXP\NMSAccessU.exe -- (NMSAccess)
SRV - [2009/08/28 05:38:58 | 001,150,496 | ---- | M] (Acer Incorporated) [Auto] -- D:\Program Files (x86)\Acer\Registration\GregHSRW.exe -- (Greg_Service)
SRV - [2009/06/10 17:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled] -- D:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
SRV - [2009/06/04 22:03:06 | 000,354,840 | ---- | M] (Intel Corporation) [Auto] -- D:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTmon.exe -- (IAANTMON) Intel(R)
SRV - [2008/01/16 03:46:24 | 000,030,312 | ---- | M] (Microsoft Corporation) [Auto] -- D:\Program Files (x86)\Microsoft Small Business\Business Contact Manager\BcmSqlStartupSvc.exe -- (BcmSqlStartupSvc)
SRV - [2007/07/24 14:15:14 | 000,185,632 | ---- | M] (Protexis Inc.) [Auto] -- D:\Program Files (x86)\Common Files\Protexis\License Service\PsiService_2.exe -- (PSI_SVC_2)
SRV - [2007/01/04 22:48:50 | 000,112,152 | ---- | M] (InterVideo) [Auto] -- D:\Program Files (x86)\Common Files\InterVideo\RegMgr\iviRegMgr.exe -- (IviRegMgr)
 
 
[color=#E56717]========== Driver Services (SafeList) ==========[/color]
 
DRV:[b]64bit:[/b] - [2011/03/05 15:10:40 | 000,083,120 | ---- | M] (Avira GmbH) [File_System | Auto] -- D:\Windows\System32\drivers\avgntflt.sys -- (avgntflt)
DRV:[b]64bit:[/b] - [2010/08/25 14:36:04 | 010,611,552 | ---- | M] (Intel Corporation) [Kernel | On_Demand] -- D:\Windows\System32\drivers\igdkmd64.sys -- (igfx)
DRV:[b]64bit:[/b] - [2010/08/17 08:39:11 | 000,116,568 | ---- | M] (Avira GmbH) [Kernel | System] -- D:\Windows\System32\drivers\avipbb.sys -- (avipbb)
DRV:[b]64bit:[/b] - [2009/10/04 21:34:00 | 001,542,656 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand] -- D:\Windows\System32\drivers\athrx.sys -- (athr)
DRV:[b]64bit:[/b] - [2009/09/15 00:40:00 | 006,952,960 | ---- | M] (Intel Corporation) [Kernel | On_Demand] -- D:\Windows\System32\drivers\NETw5s64.sys -- (NETw5s64) Intel(R)
DRV:[b]64bit:[/b] - [2009/08/11 00:59:50 | 000,686,080 | ---- | M] (Conexant Systems Inc.) [Kernel | On_Demand] -- D:\Windows\System32\drivers\CHDRT64.sys -- (CnxtHdAudService)
DRV:[b]64bit:[/b] - [2009/07/27 03:04:36 | 000,058,880 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand] -- D:\Windows\System32\drivers\L1C62x64.sys -- (L1C) NDIS Miniport Driver for Atheros AR8131/AR8132 PCI-E Ethernet Controller (NDIS 6.20)
DRV:[b]64bit:[/b] - [2009/06/23 23:00:18 | 000,216,576 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand] -- D:\Windows\System32\drivers\RtsUStor.sys -- (RSUSBSTOR)
DRV:[b]64bit:[/b] - [2009/06/10 16:38:56 | 000,000,308 | ---- | M] () [File_System | On_Demand] -- D:\Windows\System32\wbem\ntfs.mof -- (Ntfs)
DRV:[b]64bit:[/b] - [2009/06/10 16:35:28 | 005,434,368 | ---- | M] (Intel Corporation) [Kernel | On_Demand] -- D:\Windows\System32\drivers\netw5v64.sys -- (netw5v64) Intel(R)
DRV:[b]64bit:[/b] - [2009/06/10 16:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand] -- D:\Windows\system32\DRIVERS\evbda.sys -- (ebdrv)
DRV:[b]64bit:[/b] - [2009/06/10 16:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand] -- D:\Windows\system32\DRIVERS\bxvbda.sys -- (b06bdrv)
DRV:[b]64bit:[/b] - [2009/06/10 16:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand] -- D:\Windows\System32\drivers\b57nd60a.sys -- (b57nd60a)
DRV:[b]64bit:[/b] - [2008/03/28 11:25:30 | 000,017,952 | ---- | M] (Acer, Inc.) [Kernel | On_Demand] -- D:\Windows\System32\OEM\factory\int15.sys -- (int15.sys)
DRV:[b]64bit:[/b] - [2008/03/11 10:04:32 | 000,079,664 | ---- | M] (Windows (R) Codename Longhorn DDK provider) [Kernel | On_Demand] -- D:\Windows\System32\drivers\jl2005c.sys -- (JLTECH0227)
DRV - [2009/11/12 08:48:56 | 000,007,168 | ---- | M] () [File_System | On_Demand] -- D:\Windows\SysWow64\drivers\StarOpen.sys -- (StarOpen)
 
 
[color=#E56717]========== Standard Registry (SafeList) ==========[/color]
 
 
[color=#E56717]========== Internet Explorer ==========[/color]
 
 
 
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKU\EF_ON_D\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.fr/
IE - HKU\EF_ON_D\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\EF_ON_D\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local>
 
 
 
 
FF:[b]64bit:[/b] - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE:  File not found
FF - HKLM\Software\Wow6432Node\MozillaPlugins\@microsoft.com/GENUINE:  File not found
FF - HKLM\Software\Wow6432Node\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: D:\Program Files (x86)\Microsoft Silverlight\4.0.60531.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\Wow6432Node\MozillaPlugins\@microsoft.com/WLPG,version=14.0.8081.0709: D:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\Wow6432Node\MozillaPlugins\@tools.google.com/Google Update;version=3: D:\Program Files (x86)\Google\Update\1.3.21.57\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\Wow6432Node\MozillaPlugins\@tools.google.com/Google Update;version=9: D:\Program Files (x86)\Google\Update\1.3.21.57\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\Wow6432Node\MozillaPlugins\Adobe Reader: D:\Program Files (x86)\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
 
 
 
O1 HOSTS File: ([2011/07/25 10:35:42 | 000,000,027 | ---- | M]) - D:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1       localhost
O4:[b]64bit:[/b] - HKLM..\Run: [Acer ePower Management] D:\Program Files\Acer\Acer ePower Management\ePowerTray.exe (Acer Incorporated)
O4:[b]64bit:[/b] - HKLM..\Run: [cAudioFilterAgent] D:\Program Files\CONEXANT\cAudioFilterAgent\cAudioFilterAgent64.exe (Conexant Systems, Inc.)
O4:[b]64bit:[/b] - HKLM..\Run: [IAAnotif] D:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAAnotif.exe (Intel Corporation)
O4 - HKLM..\Run: [ArcSoft Connection Service] D:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe (ArcSoft Inc.)
O4 - HKLM..\Run: [avgnt] D:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)
O4 - HKLM..\Run: [LManager] D:\Program Files (x86)\Launch Manager\LManager.EXE (Dritek System Inc.)
O4 - HKLM..\Run: [Nikon Transfer Monitor] D:\Program Files (x86)\Common Files\Nikon\Monitor\NkMonitor.exe (Nikon Corporation)
O4 - HKU\EF_ON_D..\Run: [192695408] D:\Users\EF\AppData\Local\wax.exe ()
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\EF_ON_D\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\EF_ON_D\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKU\EF_ON_D\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HideSCAHealth = 1
O7 - HKU\LocalService_ON_D\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\NetworkService_ON_D\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\systemprofile_ON_D\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O16 - DPF: {5D637FAD-E202-48D1-8F18-5B9C459BD1E3} http://www.mypix.com/fr/fr/importer/newconf/aurigma5.8.1.0/ImageUploader5.cab (Image Uploader Control)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab (Java Plug-in 1.6.0_17)
O16 - DPF: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab (Java Plug-in 1.6.0_17)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab (Java Plug-in 1.6.0_17)
O16 - DPF: {DAF94F73-2AA6-44D8-A562-A28831820D34} http://www.pixum.fr/apps/EasyUploadX.cab (Pixum EasyUploadX Control)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 212.27.40.241 212.27.40.240
O18:[b]64bit:[/b] - Protocol\Handler\grooveLocalGWS {88FED34C-F0CA-4636-A375-3CB6248B04CD} - Reg Error: Key error. File not found
O18:[b]64bit:[/b] - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - Reg Error: Key error. File not found
O18:[b]64bit:[/b] - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - Reg Error: Key error. File not found
O18:[b]64bit:[/b] - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - Reg Error: Key error. File not found
O18:[b]64bit:[/b] - Protocol\Handler\mso-offdap11 {32505114-5902-49B2-880A-1F7738E5A384} - Reg Error: Key error. File not found
O18:[b]64bit:[/b] - Protocol\Handler\wlmailhtml {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - Reg Error: Key error. File not found
O20:[b]64bit:[/b] - HKLM Winlogon: Shell - (Explorer.exe) - D:\Windows\explorer.exe (Microsoft Corporation)
O20:[b]64bit:[/b] - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - D:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20:[b]64bit:[/b] - HKLM Winlogon: VMApplet - (/pagefile) -  File not found
O20 - HKLM Winlogon: Shell - (Explorer.exe) - D:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) -  File not found
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006/03/24 07:06:41 | 000,000,053 | R--- | M] () - X:\AUTORUN.INF -- [ CDFS ]
O34 - HKLM BootExecute: (autocheck autochk *) -  File not found
[b]64bit:[/b] O35 - HKLM\..comfile [open] -- "%1" %* File not found
[b]64bit:[/b] O35 - HKLM\..exefile [open] -- "%1" %* File not found
O37:[b]64bit:[/b] - HKLM\...com [@ = ComFile] -- "%1" %*
O37:[b]64bit:[/b] - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
 
 
 
SafeBootMin:[b]64bit:[/b] Base - Driver Group
SafeBootMin:[b]64bit:[/b] Boot Bus Extender - Driver Group
SafeBootMin:[b]64bit:[/b] Boot file system - Driver Group
SafeBootMin:[b]64bit:[/b] File system - Driver Group
SafeBootMin:[b]64bit:[/b] Filter - Driver Group
SafeBootMin:[b]64bit:[/b] HelpSvc - Service
SafeBootMin:[b]64bit:[/b] PCI Configuration - Driver Group
SafeBootMin:[b]64bit:[/b] PNP Filter - Driver Group
SafeBootMin:[b]64bit:[/b] Primary disk - Driver Group
SafeBootMin:[b]64bit:[/b] sacsvr - Service
SafeBootMin:[b]64bit:[/b] SCSI Class - Driver Group
SafeBootMin:[b]64bit:[/b] System Bus Extender - Driver Group
SafeBootMin:[b]64bit:[/b] vmms - Service
SafeBootMin:[b]64bit:[/b] WinDefend - Service
SafeBootMin:[b]64bit:[/b] {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootMin:[b]64bit:[/b] {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootMin:[b]64bit:[/b] {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootMin:[b]64bit:[/b] {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootMin:[b]64bit:[/b] {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootMin:[b]64bit:[/b] {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootMin:[b]64bit:[/b] {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootMin:[b]64bit:[/b] {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootMin:[b]64bit:[/b] {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootMin:[b]64bit:[/b] {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootMin:[b]64bit:[/b] {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootMin:[b]64bit:[/b] {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootMin:[b]64bit:[/b] {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootMin:[b]64bit:[/b] {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootMin:[b]64bit:[/b] {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootMin:[b]64bit:[/b] {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootMin:[b]64bit:[/b] {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices
SafeBootMin: Base - Driver Group
SafeBootMin: Boot Bus Extender - Driver Group
SafeBootMin: Boot file system - Driver Group
SafeBootMin: File system - Driver Group
SafeBootMin: Filter - Driver Group
SafeBootMin: HelpSvc - Service
SafeBootMin: PCI Configuration - Driver Group
SafeBootMin: PNP Filter - Driver Group
SafeBootMin: Primary disk - Driver Group
SafeBootMin: sacsvr - Service
SafeBootMin: SCSI Class - Driver Group
SafeBootMin: System Bus Extender - Driver Group
SafeBootMin: vmms - Service
SafeBootMin: WinDefend - Service
SafeBootMin: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootMin: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootMin: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootMin: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootMin: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootMin: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootMin: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootMin: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootMin: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootMin: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootMin: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootMin: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootMin: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootMin: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootMin: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootMin: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootMin: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices
 
SafeBootNet:[b]64bit:[/b] Base - Driver Group
SafeBootNet:[b]64bit:[/b] Boot Bus Extender - Driver Group
SafeBootNet:[b]64bit:[/b] Boot file system - Driver Group
SafeBootNet:[b]64bit:[/b] File system - Driver Group
SafeBootNet:[b]64bit:[/b] Filter - Driver Group
SafeBootNet:[b]64bit:[/b] HelpSvc - Service
SafeBootNet:[b]64bit:[/b] Messenger - Service
SafeBootNet:[b]64bit:[/b] MpfService - Service
SafeBootNet:[b]64bit:[/b] NDIS Wrapper - Driver Group
SafeBootNet:[b]64bit:[/b] NetBIOSGroup - Driver Group
SafeBootNet:[b]64bit:[/b] NetDDEGroup - Driver Group
SafeBootNet:[b]64bit:[/b] Network - Driver Group
SafeBootNet:[b]64bit:[/b] NetworkProvider - Driver Group
SafeBootNet:[b]64bit:[/b] PCI Configuration - Driver Group
SafeBootNet:[b]64bit:[/b] PNP Filter - Driver Group
SafeBootNet:[b]64bit:[/b] PNP_TDI - Driver Group
SafeBootNet:[b]64bit:[/b] Primary disk - Driver Group
SafeBootNet:[b]64bit:[/b] rdsessmgr - Service
SafeBootNet:[b]64bit:[/b] sacsvr - Service
SafeBootNet:[b]64bit:[/b] SCSI Class - Driver Group
SafeBootNet:[b]64bit:[/b] Streams Drivers - Driver Group
SafeBootNet:[b]64bit:[/b] System Bus Extender - Driver Group
SafeBootNet:[b]64bit:[/b] TDI - Driver Group
SafeBootNet:[b]64bit:[/b] vmms - Service
SafeBootNet:[b]64bit:[/b] WinDefend - Service
SafeBootNet:[b]64bit:[/b] WudfUsbccidDriver - Driver
SafeBootNet:[b]64bit:[/b] {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootNet:[b]64bit:[/b] {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootNet:[b]64bit:[/b] {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootNet:[b]64bit:[/b] {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootNet:[b]64bit:[/b] {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootNet:[b]64bit:[/b] {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootNet:[b]64bit:[/b] {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootNet:[b]64bit:[/b] {4D36E972-E325-11CE-BFC1-08002BE10318} - Net
SafeBootNet:[b]64bit:[/b] {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient
SafeBootNet:[b]64bit:[/b] {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService
SafeBootNet:[b]64bit:[/b] {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans
SafeBootNet:[b]64bit:[/b] {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootNet:[b]64bit:[/b] {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootNet:[b]64bit:[/b] {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootNet:[b]64bit:[/b] {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootNet:[b]64bit:[/b] {50DD5230-BA8A-11D1-BF5D-0000F805F530} - Smart card readers
SafeBootNet:[b]64bit:[/b] {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootNet:[b]64bit:[/b] {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootNet:[b]64bit:[/b] {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootNet:[b]64bit:[/b] {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootNet:[b]64bit:[/b] {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootNet:[b]64bit:[/b] {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices
SafeBootNet: Base - Driver Group
SafeBootNet: Boot Bus Extender - Driver Group
SafeBootNet: Boot file system - Driver Group
SafeBootNet: File system - Driver Group
SafeBootNet: Filter - Driver Group
SafeBootNet: HelpSvc - Service
SafeBootNet: Messenger - Service
SafeBootNet: MpfService - Service
SafeBootNet: NDIS Wrapper - Driver Group
SafeBootNet: NetBIOSGroup - Driver Group
SafeBootNet: NetDDEGroup - Driver Group
SafeBootNet: Network - Driver Group
SafeBootNet: NetworkProvider - Driver Group
SafeBootNet: PCI Configuration - Driver Group
SafeBootNet: PNP Filter - Driver Group
SafeBootNet: PNP_TDI - Driver Group
SafeBootNet: Primary disk - Driver Group
SafeBootNet: rdsessmgr - Service
SafeBootNet: sacsvr - Service
SafeBootNet: SCSI Class - Driver Group
SafeBootNet: Streams Drivers - Driver Group
SafeBootNet: System Bus Extender - Driver Group
SafeBootNet: TDI - Driver Group
SafeBootNet: vmms - Service
SafeBootNet: WinDefend - Service
SafeBootNet: WudfUsbccidDriver - Driver
SafeBootNet: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootNet: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootNet: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootNet: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootNet: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootNet: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootNet: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootNet: {4D36E972-E325-11CE-BFC1-08002BE10318} - Net
SafeBootNet: {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient
SafeBootNet: {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService
SafeBootNet: {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans
SafeBootNet: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootNet: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootNet: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootNet: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootNet: {50DD5230-BA8A-11D1-BF5D-0000F805F530} - Smart card readers
SafeBootNet: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootNet: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootNet: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootNet: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootNet: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootNet: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices
 
ActiveX:[b]64bit:[/b] {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 12.0
ActiveX:[b]64bit:[/b] {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX:[b]64bit:[/b] {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX:[b]64bit:[/b] {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Windows Mail\WinMail.exe" OCInstallUserConfigOE
ActiveX:[b]64bit:[/b] {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX:[b]64bit:[/b] {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX:[b]64bit:[/b] {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6
ActiveX:[b]64bit:[/b] {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX:[b]64bit:[/b] {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX:[b]64bit:[/b] {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX:[b]64bit:[/b] {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX:[b]64bit:[/b] {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7
ActiveX:[b]64bit:[/b] {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX:[b]64bit:[/b] {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\System32\ie4uinit.exe -BaseSettings
ActiveX:[b]64bit:[/b] {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\system32\Rundll32.exe C:\Windows\system32\mscories.dll,Install
ActiveX:[b]64bit:[/b] {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX:[b]64bit:[/b] {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX:[b]64bit:[/b] {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX:[b]64bit:[/b] {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX:[b]64bit:[/b] {F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4} - .NET Framework
ActiveX:[b]64bit:[/b] {FEBEF00C-046D-438D-8A88-BF94A6C9E703} - .NET Framework
ActiveX:[b]64bit:[/b] >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - %SystemRoot%\system32\unregmp2.exe /ShowWMP
ActiveX:[b]64bit:[/b] >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\System32\ie4uinit.exe -UserIconConfig
ActiveX:[b]64bit:[/b] >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\iedkcs32.dll",BrandIEActiveSetup SIGNUP
ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 12.0
ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Windows Mail\WinMail.exe" OCInstallUserConfigOE
ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6
ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\System32\ie4uinit.exe -BaseSettings
ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\system32\Rundll32.exe C:\Windows\system32\mscories.dll,Install
ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX: {F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4} - .NET Framework
ActiveX: {FEBEF00C-046D-438D-8A88-BF94A6C9E703} - .NET Framework
ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - %SystemRoot%\system32\unregmp2.exe /ShowWMP
ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\System32\ie4uinit.exe -UserIconConfig
ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\iedkcs32.dll",BrandIEActiveSetup SIGNUP
 
Drivers32:[b]64bit:[/b] aux - D:\Windows\System32\wdmaud.drv (Microsoft Corporation)
Drivers32:[b]64bit:[/b] midi - D:\Windows\System32\wdmaud.drv (Microsoft Corporation)
Drivers32:[b]64bit:[/b] midimapper - D:\Windows\System32\midimap.dll (Microsoft Corporation)
Drivers32:[b]64bit:[/b] mixer - D:\Windows\System32\wdmaud.drv (Microsoft Corporation)
Drivers32:[b]64bit:[/b] msacm.imaadpcm - D:\Windows\System32\imaadp32.acm (Microsoft Corporation)
Drivers32:[b]64bit:[/b] msacm.l3acm - D:\Windows\System32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32:[b]64bit:[/b] msacm.msadpcm - D:\Windows\System32\msadp32.acm (Microsoft Corporation)
Drivers32:[b]64bit:[/b] msacm.msg711 - D:\Windows\System32\msg711.acm (Microsoft Corporation)
Drivers32:[b]64bit:[/b] msacm.msgsm610 - D:\Windows\System32\msgsm32.acm (Microsoft Corporation)
Drivers32:[b]64bit:[/b] MSVideo8 - D:\Windows\System32\vfwwdm32.dll (Microsoft Corporation)
Drivers32:[b]64bit:[/b] vidc.i420 - D:\Windows\System32\iyuv_32.dll (Microsoft Corporation)
Drivers32:[b]64bit:[/b] VIDC.IYUV - D:\Windows\System32\iyuv_32.dll (Microsoft Corporation)
Drivers32:[b]64bit:[/b] vidc.mrle - D:\Windows\System32\msrle32.dll (Microsoft Corporation)
Drivers32:[b]64bit:[/b] vidc.msvc - D:\Windows\System32\msvidc32.dll (Microsoft Corporation)
Drivers32:[b]64bit:[/b] VIDC.UYVY - D:\Windows\System32\msyuv.dll (Microsoft Corporation)
Drivers32:[b]64bit:[/b] VIDC.YUY2 - D:\Windows\System32\msyuv.dll (Microsoft Corporation)
Drivers32:[b]64bit:[/b] VIDC.YVU9 - D:\Windows\System32\tsbyuv.dll (Microsoft Corporation)
Drivers32:[b]64bit:[/b] VIDC.YVYU - D:\Windows\System32\msyuv.dll (Microsoft Corporation)
Drivers32:[b]64bit:[/b] wave - D:\Windows\System32\wdmaud.drv (Microsoft Corporation)
Drivers32:[b]64bit:[/b] wavemapper - D:\Windows\System32\msacm32.drv (Microsoft Corporation)
Drivers32: msacm.l3acm - D:\Windows\SysWOW64\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: MSVideo8 - D:\Windows\SysWow64\vfwwdm32.dll (Microsoft Corporation)
 
 
[color=#E56717]========== Files/Folders - Created Within 30 Days ==========[/color]
 
[2011/07/25 10:41:22 | 000,000,000 | ---D | C] -- D:\Windows\temp
[2011/07/25 10:35:45 | 000,000,000 | ---D | C] -- D:\$RECYCLE.BIN
[2011/07/25 10:26:53 | 000,518,144 | ---- | C] (SteelWerX) -- D:\Windows\SWREG.exe
[2011/07/25 10:26:53 | 000,406,528 | ---- | C] (SteelWerX) -- D:\Windows\SWSC.exe
[2011/07/25 10:26:53 | 000,060,416 | ---- | C] (NirSoft) -- D:\Windows\NIRCMD.exe
[2011/07/25 10:26:48 | 000,000,000 | ---D | C] -- D:\Windows\ERDNT
[2011/07/25 10:23:01 | 000,000,000 | ---D | C] -- D:\Qoobox
[2011/07/25 10:22:11 | 004,152,159 | R--- | C] (Swearware) -- D:\Users\EF\Desktop\ComboFix.exe
[2011/07/25 07:12:30 | 000,000,000 | ---D | C] -- D:\Users\EF\Desktop\tdsskiller
[2011/07/25 05:42:38 | 000,045,568 | ---- | C] (Mozilla Foundation) -- D:\Users\EF\Desktop\0.3835261800545806.exe
[2011/07/25 05:42:37 | 000,045,568 | ---- | C] (Mozilla Foundation) -- D:\Users\EF\Desktop\0.4864873851557573.exe
[2011/07/25 05:38:43 | 000,045,568 | ---- | C] (Mozilla Foundation) -- D:\Users\EF\Desktop\0.5124420421076967.exe
[2011/07/25 05:38:42 | 000,045,568 | ---- | C] (Mozilla Foundation) -- D:\Users\EF\Desktop\0.07849969423845005.exe
[2011/07/25 05:38:30 | 000,045,568 | ---- | C] (Mozilla Foundation) -- D:\Users\EF\Desktop\0.015736044417480444.exe
[2011/07/25 05:38:28 | 000,045,568 | ---- | C] (Mozilla Foundation) -- D:\Users\EF\Desktop\0.10830938780318111.exe
[2011/07/25 05:38:24 | 000,045,568 | ---- | C] (Mozilla Foundation) -- D:\Users\EF\Desktop\0.49623053872482026.exe
[2011/07/25 05:38:23 | 000,045,568 | ---- | C] (Mozilla Foundation) -- D:\Users\EF\Desktop\0.22245900170071087.exe
[2011/07/25 05:38:03 | 000,045,568 | ---- | C] (Mozilla Foundation) -- D:\Users\EF\Desktop\0.27143178991091443.exe
[2011/07/25 05:36:34 | 000,045,568 | ---- | C] (Mozilla Foundation) -- D:\Users\EF\Desktop\0.733647115277317.exe
[2011/07/25 04:34:48 | 000,000,000 | ---D | C] -- D:\_OTL
[2011/07/24 15:55:27 | 000,000,000 | ---D | C] -- D:\Users\EF\Desktop\RK_Quarantine
[2011/07/24 15:06:37 | 000,579,584 | ---- | C] (OldTimer Tools) -- D:\Users\EF\Desktop\OTL.exe
[2011/07/21 06:03:05 | 000,000,000 | ---D | C] -- D:\Config.Msi
[2011/07/13 03:44:28 | 001,162,240 | ---- | C] (Microsoft Corporation) -- D:\Windows\System32\kernel32.dll
[2011/07/13 03:44:28 | 000,362,496 | ---- | C] (Microsoft Corporation) -- D:\Windows\System32\wow64win.dll
[2011/07/13 03:44:27 | 000,338,944 | ---- | C] (Microsoft Corporation) -- D:\Windows\System32\conhost.exe
[2011/07/13 03:44:27 | 000,243,200 | ---- | C] (Microsoft Corporation) -- D:\Windows\System32\wow64.dll
[2011/07/13 03:44:27 | 000,214,528 | ---- | C] (Microsoft Corporation) -- D:\Windows\System32\winsrv.dll
[2011/07/13 03:44:27 | 000,025,600 | ---- | C] (Microsoft Corporation) -- D:\Windows\SysWow64\setup16.exe
[2011/07/13 03:44:27 | 000,016,384 | ---- | C] (Microsoft Corporation) -- D:\Windows\System32\ntvdm64.dll
[2011/07/13 03:44:27 | 000,014,336 | ---- | C] (Microsoft Corporation) -- D:\Windows\SysWow64\ntvdm64.dll
[2011/07/13 03:44:27 | 000,013,312 | ---- | C] (Microsoft Corporation) -- D:\Windows\System32\wow64cpu.dll
[2011/07/13 03:44:27 | 000,007,680 | ---- | C] (Microsoft Corporation) -- D:\Windows\SysWow64\instnm.exe
[2011/07/13 03:44:27 | 000,005,120 | ---- | C] (Microsoft Corporation) -- D:\Windows\SysWow64\wow32.dll
[2011/07/13 03:44:25 | 000,002,048 | ---- | C] (Microsoft Corporation) -- D:\Windows\SysWow64\user.exe
[2011/07/13 03:44:22 | 000,422,400 | ---- | C] (Microsoft Corporation) -- D:\Windows\System32\KernelBase.dll
[2011/07/13 03:44:20 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- D:\Windows\SysWow64\api-ms-win-core-libraryloader-l1-1-0.dll
[2011/07/13 03:44:20 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- D:\Windows\System32\api-ms-win-core-libraryloader-l1-1-0.dll
[2011/07/13 03:44:19 | 000,006,144 | -H-- | C] (Microsoft Corporation) -- D:\Windows\SysWow64\api-ms-win-security-base-l1-1-0.dll
[2011/07/13 03:44:19 | 000,006,144 | -H-- | C] (Microsoft Corporation) -- D:\Windows\System32\api-ms-win-security-base-l1-1-0.dll
[2011/07/13 03:44:19 | 000,005,120 | -H-- | C] (Microsoft Corporation) -- D:\Windows\SysWow64\api-ms-win-core-file-l1-1-0.dll
[2011/07/13 03:44:19 | 000,005,120 | -H-- | C] (Microsoft Corporation) -- D:\Windows\System32\api-ms-win-core-file-l1-1-0.dll
[2011/07/13 03:44:19 | 000,004,608 | -H-- | C] (Microsoft Corporation) -- D:\Windows\SysWow64\api-ms-win-core-threadpool-l1-1-0.dll
[2011/07/13 03:44:19 | 000,004,608 | -H-- | C] (Microsoft Corporation) -- D:\Windows\System32\api-ms-win-core-threadpool-l1-1-0.dll
[2011/07/13 03:44:19 | 000,004,608 | -H-- | C] (Microsoft Corporation) -- D:\Windows\SysWow64\api-ms-win-core-processthreads-l1-1-0.dll
[2011/07/13 03:44:19 | 000,004,608 | -H-- | C] (Microsoft Corporation) -- D:\Windows\System32\api-ms-win-core-processthreads-l1-1-0.dll
[2011/07/13 03:44:19 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- D:\Windows\SysWow64\api-ms-win-core-sysinfo-l1-1-0.dll
[2011/07/13 03:44:19 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- D:\Windows\System32\api-ms-win-core-sysinfo-l1-1-0.dll
[2011/07/13 03:44:19 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- D:\Windows\SysWow64\api-ms-win-core-synch-l1-1-0.dll
[2011/07/13 03:44:19 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- D:\Windows\System32\api-ms-win-core-synch-l1-1-0.dll
[2011/07/13 03:44:19 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- D:\Windows\SysWow64\api-ms-win-core-misc-l1-1-0.dll
[2011/07/13 03:44:19 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- D:\Windows\SysWow64\api-ms-win-core-localregistry-l1-1-0.dll
[2011/07/13 03:44:19 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- D:\Windows\System32\api-ms-win-core-localregistry-l1-1-0.dll
[2011/07/13 03:44:19 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- D:\Windows\SysWow64\api-ms-win-core-localization-l1-1-0.dll
[2011/07/13 03:44:19 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- D:\Windows\System32\api-ms-win-core-localization-l1-1-0.dll
[2011/07/13 03:44:19 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- D:\Windows\SysWow64\api-ms-win-core-xstate-l1-1-0.dll
[2011/07/13 03:44:19 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- D:\Windows\System32\api-ms-win-core-rtlsupport-l1-1-0.dll
[2011/07/13 03:44:19 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- D:\Windows\SysWow64\api-ms-win-core-processenvironment-l1-1-0.dll
[2011/07/13 03:44:19 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- D:\Windows\System32\api-ms-win-core-processenvironment-l1-1-0.dll
[2011/07/13 03:44:19 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- D:\Windows\SysWow64\api-ms-win-core-namedpipe-l1-1-0.dll
[2011/07/13 03:44:19 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- D:\Windows\System32\api-ms-win-core-namedpipe-l1-1-0.dll
[2011/07/13 03:44:19 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- D:\Windows\System32\api-ms-win-core-misc-l1-1-0.dll
[2011/07/13 03:44:19 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- D:\Windows\SysWow64\api-ms-win-core-memory-l1-1-0.dll
[2011/07/13 03:44:19 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- D:\Windows\System32\api-ms-win-core-memory-l1-1-0.dll
[2011/07/13 03:44:19 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- D:\Windows\SysWow64\api-ms-win-core-interlocked-l1-1-0.dll
[2011/07/13 03:44:19 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- D:\Windows\SysWow64\api-ms-win-core-heap-l1-1-0.dll
[2011/07/13 03:44:19 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- D:\Windows\System32\api-ms-win-core-heap-l1-1-0.dll
[2011/07/13 03:44:19 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- D:\Windows\System32\api-ms-win-core-xstate-l1-1-0.dll
[2011/07/13 03:44:19 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- D:\Windows\SysWow64\api-ms-win-core-util-l1-1-0.dll
[2011/07/13 03:44:19 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- D:\Windows\System32\api-ms-win-core-util-l1-1-0.dll
[2011/07/13 03:44:19 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- D:\Windows\SysWow64\api-ms-win-core-string-l1-1-0.dll
[2011/07/13 03:44:19 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- D:\Windows\System32\api-ms-win-core-string-l1-1-0.dll
[2011/07/13 03:44:19 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- D:\Windows\SysWow64\api-ms-win-core-rtlsupport-l1-1-0.dll
[2011/07/13 03:44:19 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- D:\Windows\SysWow64\api-ms-win-core-profile-l1-1-0.dll
[2011/07/13 03:44:19 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- D:\Windows\System32\api-ms-win-core-profile-l1-1-0.dll
[2011/07/13 03:44:19 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- D:\Windows\SysWow64\api-ms-win-core-io-l1-1-0.dll
[2011/07/13 03:44:19 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- D:\Windows\System32\api-ms-win-core-io-l1-1-0.dll
[2011/07/13 03:44:19 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- D:\Windows\System32\api-ms-win-core-interlocked-l1-1-0.dll
[2011/07/13 03:44:19 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- D:\Windows\SysWow64\api-ms-win-core-handle-l1-1-0.dll
[2011/07/13 03:44:19 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- D:\Windows\System32\api-ms-win-core-handle-l1-1-0.dll
[2011/07/13 03:44:19 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- D:\Windows\SysWow64\api-ms-win-core-fibers-l1-1-0.dll
[2011/07/13 03:44:19 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- D:\Windows\System32\api-ms-win-core-fibers-l1-1-0.dll
[2011/07/13 03:44:19 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- D:\Windows\SysWow64\api-ms-win-core-errorhandling-l1-1-0.dll
[2011/07/13 03:44:19 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- D:\Windows\System32\api-ms-win-core-errorhandling-l1-1-0.dll
[2011/07/13 03:44:19 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- D:\Windows\SysWow64\api-ms-win-core-delayload-l1-1-0.dll
[2011/07/13 03:44:19 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- D:\Windows\System32\api-ms-win-core-delayload-l1-1-0.dll
[2011/07/13 03:44:19 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- D:\Windows\SysWow64\api-ms-win-core-debug-l1-1-0.dll
[2011/07/13 03:44:19 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- D:\Windows\System32\api-ms-win-core-debug-l1-1-0.dll
[2011/07/13 03:44:19 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- D:\Windows\SysWow64\api-ms-win-core-datetime-l1-1-0.dll
[2011/07/13 03:44:19 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- D:\Windows\System32\api-ms-win-core-datetime-l1-1-0.dll
[2011/07/13 03:44:19 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- D:\Windows\SysWow64\api-ms-win-core-console-l1-1-0.dll
[2011/07/13 03:44:19 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- D:\Windows\System32\api-ms-win-core-console-l1-1-0.dll
[2011/07/10 09:57:26 | 000,000,000 | ---D | C] -- D:\Program Files (x86)\Winamax Poker
[2011/06/29 04:00:35 | 002,228,224 | ---- | C] (Microsoft Corporation) -- D:\Windows\System32\mssrch.dll
[2011/06/29 04:00:35 | 001,401,856 | ---- | C] (Microsoft Corporation) -- D:\Windows\SysWow64\mssrch.dll
[2011/06/29 04:00:34 | 002,326,016 | ---- | C] (Microsoft Corporation) -- D:\Windows\System32\tquery.dll
[2011/06/29 04:00:34 | 001,553,920 | ---- | C] (Microsoft Corporation) -- D:\Windows\SysWow64\tquery.dll
[2011/06/29 04:00:34 | 000,666,624 | ---- | C] (Microsoft Corporation) -- D:\Windows\SysWow64\mssvp.dll
[2011/06/29 04:00:34 | 000,491,520 | ---- | C] (Microsoft Corporation) -- D:\Windows\System32\mssph.dll
[2011/06/29 04:00:34 | 000,249,856 | ---- | C] (Microsoft Corporation) -- D:\Windows\System32\SearchProtocolHost.exe
[2011/06/29 04:00:33 | 000,779,264 | ---- | C] (Microsoft Corporation) -- D:\Windows\System32\mssvp.dll
[2011/06/29 04:00:33 | 000,337,408 | ---- | C] (Microsoft Corporation) -- D:\Windows\SysWow64\mssph.dll
[2011/06/29 04:00:33 | 000,197,120 | ---- | C] (Microsoft Corporation) -- D:\Windows\SysWow64\mssphtb.dll
[2011/06/29 04:00:33 | 000,113,664 | ---- | C] (Microsoft Corporation) -- D:\Windows\System32\SearchFilterHost.exe
[2011/06/29 04:00:33 | 000,075,264 | ---- | C] (Microsoft Corporation) -- D:\Windows\System32\msscntrs.dll
[2011/06/29 04:00:32 | 000,288,256 | ---- | C] (Microsoft Corporation) -- D:\Windows\System32\mssphtb.dll
[2011/06/29 04:00:32 | 000,059,392 | ---- | C] (Microsoft Corporation) -- D:\Windows\SysWow64\msscntrs.dll
[2011/06/29 04:00:30 | 000,252,928 | ---- | C] (Microsoft Corporation) -- D:\Windows\SysWow64\drvinst.exe
[2011/06/29 04:00:30 | 000,044,544 | ---- | C] (Microsoft Corporation) -- D:\Windows\SysWow64\devrtl.dll
[2 D:\Users\EF\AppData\Local\*.tmp files -> D:\Users\EF\AppData\Local\*.tmp -> ]
 
[color=#E56717]========== Files - Modified Within 30 Days ==========[/color]
 
[2011/07/25 17:50:13 | 000,067,584 | --S- | M] () -- D:\Windows\bootstat.dat
[2011/07/25 17:49:29 | 000,011,292 | -HS- | M] () -- D:\Users\EF\AppData\Local\3y6os41x68
[2011/07/25 17:49:12 | 000,001,066 | ---- | M] () -- D:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2011/07/25 17:48:53 | 1554,726,912 | -HS- | M] () -- D:\hiberfil.sys
[2011/07/25 17:39:32 | 000,009,920 | -H-- | M] () -- D:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2011/07/25 17:39:32 | 000,009,920 | -H-- | M] () -- D:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2011/07/25 17:30:05 | 000,000,000 | ---- | M] () -- D:\Users\EF\AppData\Local\{08952DD3-C5CC-4FEA-A4C6-32A9AC7D8DF2}
[2011/07/25 17:14:14 | 000,000,000 | ---- | M] () -- D:\Users\EF\AppData\Local\{ECF071E5-C86B-4A6D-B3E6-A7A38A118D1E}
[2011/07/25 17:10:16 | 000,001,070 | ---- | M] () -- D:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2011/07/25 15:19:01 | 000,011,324 | -HS- | M] () -- D:\ProgramData\3y6os41x68
[2011/07/25 15:16:40 | 000,368,640 | ---- | M] () -- D:\Users\EF\AppData\Local\wax.exe
[2011/07/25 15:16:39 | 000,368,640 | ---- | M] () -- D:\Users\EF\AppData\Local\ann.exe
[2011/07/25 15:16:33 | 000,368,640 | ---- | M] () -- D:\Users\EF\AppData\Local\vvg.exe
[2011/07/25 15:16:33 | 000,368,640 | ---- | M] () -- D:\Users\EF\AppData\Local\qmi.exe
[2011/07/25 15:16:33 | 000,368,640 | ---- | M] () -- D:\Users\EF\AppData\Local\hjj.exe
[2011/07/25 15:16:30 | 000,368,640 | ---- | M] () -- D:\Users\EF\AppData\Local\nwm.exe
[2011/07/25 15:16:29 | 000,368,640 | ---- | M] () -- D:\Users\EF\Desktop\0.35215216153365136.exe
[2011/07/25 15:16:28 | 000,368,640 | ---- | M] () -- D:\Users\EF\AppData\Local\tpk.exe
[2011/07/25 15:16:28 | 000,368,640 | ---- | M] () -- D:\Users\EF\Desktop\0.7488563607386016.exe
[2011/07/25 15:16:26 | 000,368,640 | ---- | M] () -- D:\Users\EF\AppData\Local\mon.exe
[2011/07/25 15:16:25 | 000,368,640 | ---- | M] () -- D:\Users\EF\AppData\Local\lmf.exe
[2011/07/25 15:16:25 | 000,368,640 | ---- | M] () -- D:\Users\EF\AppData\Local\fek.exe
[2011/07/25 15:16:25 | 000,368,640 | ---- | M] () -- D:\Users\EF\Desktop\0.12041723897129442.exe
[2011/07/25 15:16:24 | 000,368,640 | ---- | M] () -- D:\Users\EF\Desktop\0.9248803555660287.exe
[2011/07/25 15:16:24 | 000,368,640 | ---- | M] () -- D:\Users\EF\Desktop\0.11720384978834653.exe
[2011/07/25 10:35:42 | 000,000,027 | ---- | M] () -- D:\Windows\System32\drivers\etc\hosts
[2011/07/25 10:22:12 | 004,152,159 | R--- | M] (Swearware) -- D:\Users\EF\Desktop\ComboFix.exe
[2011/07/25 07:17:50 | 000,000,512 | ---- | M] () -- D:\PhysicalMBR.bin
[2011/07/25 07:11:31 | 001,383,430 | ---- | M] () -- D:\Users\EF\Desktop\tdsskiller.zip
[2011/07/25 05:42:40 | 000,045,568 | ---- | M] (Mozilla Foundation) -- D:\Users\EF\Desktop\0.3835261800545806.exe
[2011/07/25 05:42:39 | 000,045,568 | ---- | M] (Mozilla Foundation) -- D:\Users\EF\Desktop\0.4864873851557573.exe
[2011/07/25 05:38:44 | 000,045,568 | ---- | M] (Mozilla Foundation) -- D:\Users\EF\Desktop\0.5124420421076967.exe
[2011/07/25 05:38:43 | 000,045,568 | ---- | M] (Mozilla Foundation) -- D:\Users\EF\Desktop\0.07849969423845005.exe
[2011/07/25 05:38:32 | 000,045,568 | ---- | M] (Mozilla Foundation) -- D:\Users\EF\Desktop\0.015736044417480444.exe
[2011/07/25 05:38:30 | 000,045,568 | ---- | M] (Mozilla Foundation) -- D:\Users\EF\Desktop\0.10830938780318111.exe
[2011/07/25 05:38:28 | 000,045,568 | ---- | M] (Mozilla Foundation) -- D:\Users\EF\Desktop\0.22245900170071087.exe
[2011/07/25 05:38:25 | 000,045,568 | ---- | M] (Mozilla Foundation) -- D:\Users\EF\Desktop\0.49623053872482026.exe
[2011/07/25 05:38:04 | 000,045,568 | ---- | M] (Mozilla Foundation) -- D:\Users\EF\Desktop\0.27143178991091443.exe
[2011/07/25 05:36:38 | 000,045,568 | ---- | M] (Mozilla Foundation) -- D:\Users\EF\Desktop\0.733647115277317.exe
[2011/07/24 15:54:56 | 000,526,848 | ---- | M] () -- D:\Users\EF\Desktop\winlogon.exe
[2011/07/24 15:06:45 | 000,579,584 | ---- | M] (OldTimer Tools) -- D:\Users\EF\Desktop\OTL.exe
[2011/07/21 06:03:16 | 000,002,441 | ---- | M] () -- D:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader 9.lnk
[2011/07/21 06:03:16 | 000,002,018 | ---- | M] () -- D:\Users\Public\Desktop\Adobe Reader 9.lnk
[2011/07/17 04:56:18 | 000,506,680 | ---- | M] () -- D:\Windows\System32\FNTCACHE.DAT
[2011/07/13 14:03:47 | 000,000,952 | ---- | M] () -- D:\ProgramData\KGyGaAvL.sys
[2011/07/10 09:57:29 | 000,000,937 | ---- | M] () -- D:\ProgramData\Microsoft\Windows\Start Menu\Programs\Winamax Poker.lnk
[2011/07/10 09:57:29 | 000,000,925 | ---- | M] () -- D:\Users\Public\Desktop\Winamax Poker.lnk
[2011/07/05 12:56:53 | 000,070,642 | ---- | M] () -- D:\Users\EF\Desktop\Call.Of.Duty.2.PAL.XBOX360.rar
[2011/06/26 02:45:56 | 000,256,000 | ---- | M] () -- D:\Windows\PEV.exe
[2 D:\Users\EF\AppData\Local\*.tmp files -> D:\Users\EF\AppData\Local\*.tmp -> ]
 
[color=#E56717]========== Files Created - No Company Name ==========[/color]
 
[2011/07/25 17:30:05 | 000,000,000 | ---- | C] () -- D:\Users\EF\AppData\Local\{08952DD3-C5CC-4FEA-A4C6-32A9AC7D8DF2}
[2011/07/25 17:14:14 | 000,000,000 | ---- | C] () -- D:\Users\EF\AppData\Local\{ECF071E5-C86B-4A6D-B3E6-A7A38A118D1E}
[2011/07/25 15:16:40 | 000,368,640 | ---- | C] () -- D:\Users\EF\AppData\Local\wax.exe
[2011/07/25 15:16:39 | 000,368,640 | ---- | C] () -- D:\Users\EF\AppData\Local\ann.exe
[2011/07/25 15:16:39 | 000,011,324 | -HS- | C] () -- D:\ProgramData\3y6os41x68
[2011/07/25 15:16:39 | 000,011,292 | -HS- | C] () -- D:\Users\EF\AppData\Local\3y6os41x68
[2011/07/25 15:16:33 | 000,368,640 | ---- | C] () -- D:\Users\EF\AppData\Local\vvg.exe
[2011/07/25 15:16:33 | 000,368,640 | ---- | C] () -- D:\Users\EF\AppData\Local\qmi.exe
[2011/07/25 15:16:33 | 000,368,640 | ---- | C] () -- D:\Users\EF\AppData\Local\hjj.exe
[2011/07/25 15:16:30 | 000,368,640 | ---- | C] () -- D:\Users\EF\AppData\Local\nwm.exe
[2011/07/25 15:16:28 | 000,368,640 | ---- | C] () -- D:\Users\EF\AppData\Local\tpk.exe
[2011/07/25 15:16:26 | 000,368,640 | ---- | C] () -- D:\Users\EF\AppData\Local\mon.exe
[2011/07/25 15:16:25 | 000,368,640 | ---- | C] () -- D:\Users\EF\AppData\Local\lmf.exe
[2011/07/25 15:16:25 | 000,368,640 | ---- | C] () -- D:\Users\EF\AppData\Local\fek.exe
[2011/07/25 15:16:24 | 000,368,640 | ---- | C] () -- D:\Users\EF\Desktop\0.7488563607386016.exe
[2011/07/25 15:16:24 | 000,368,640 | ---- | C] () -- D:\Users\EF\Desktop\0.35215216153365136.exe
[2011/07/25 15:16:19 | 000,368,640 | ---- | C] () -- D:\Users\EF\Desktop\0.9248803555660287.exe
[2011/07/25 15:16:19 | 000,368,640 | ---- | C] () -- D:\Users\EF\Desktop\0.12041723897129442.exe
[2011/07/25 15:16:19 | 000,368,640 | ---- | C] () -- D:\Users\EF\Desktop\0.11720384978834653.exe
[2011/07/25 10:26:53 | 000,256,000 | ---- | C] () -- D:\Windows\PEV.exe
[2011/07/25 10:26:53 | 000,208,896 | ---- | C] () -- D:\Windows\MBR.exe
[2011/07/25 10:26:53 | 000,098,816 | ---- | C] () -- D:\Windows\sed.exe
[2011/07/25 10:26:53 | 000,080,412 | ---- | C] () -- D:\Windows\grep.exe
[2011/07/25 10:26:53 | 000,068,096 | ---- | C] () -- D:\Windows\zip.exe
[2011/07/25 07:11:21 | 001,383,430 | ---- | C] () -- D:\Users\EF\Desktop\tdsskiller.zip
[2011/07/24 16:00:50 | 000,000,512 | ---- | C] () -- D:\PhysicalMBR.bin
[2011/07/24 15:54:54 | 000,526,848 | ---- | C] () -- D:\Users\EF\Desktop\winlogon.exe
[2011/07/21 06:03:16 | 000,002,018 | ---- | C] () -- D:\Users\Public\Desktop\Adobe Reader 9.lnk
[2011/07/05 12:56:53 | 000,070,642 | ---- | C] () -- D:\Users\EF\Desktop\Call.Of.Duty.2.PAL.XBOX360.rar
[2011/02/25 07:38:49 | 000,013,619 | ---- | C] () -- D:\Users\EF\AppData\Roaming\1206.574
[2010/11/17 05:38:03 | 000,000,036 | ---- | C] () -- D:\Windows\eprint.INI
[2010/09/27 12:04:45 | 000,000,952 | ---- | C] () -- D:\ProgramData\KGyGaAvL.sys
[2010/08/25 14:34:30 | 000,982,240 | ---- | C] () -- D:\Windows\SysWow64\igkrng500.bin
[2010/08/25 14:34:30 | 000,439,308 | ---- | C] () -- D:\Windows\SysWow64\igcompkrng500.bin
[2010/08/25 14:34:30 | 000,092,356 | ---- | C] () -- D:\Windows\SysWow64\igfcg500m.bin
[2010/08/25 13:52:00 | 000,208,896 | ---- | C] () -- D:\Windows\SysWow64\iglhsip32.dll
[2010/08/25 13:52:00 | 000,143,360 | ---- | C] () -- D:\Windows\SysWow64\iglhcp32.dll
[2010/07/24 17:02:42 | 000,000,000 | ---- | C] () -- D:\Windows\ViewNX.INI
[2010/07/24 16:58:51 | 000,000,268 | ---- | C] () -- D:\ProgramData\Techno Kit
[2010/07/24 16:58:51 | 000,000,268 | ---- | C] () -- D:\Users\EF\AppData\Roaming\Synth Textures
[2010/07/24 16:58:51 | 000,000,020 | ---- | C] () -- D:\ProgramData\PKP_DLdw.DAT
[2010/07/24 16:58:51 | 000,000,012 | ---- | C] () -- D:\ProgramData\Tremolo
[2010/07/24 16:56:52 | 000,000,268 | ---- | C] () -- D:\ProgramData\SystemConfiguration
[2010/07/24 16:56:52 | 000,000,268 | ---- | C] () -- D:\Users\EF\AppData\Roaming\Synth Leads
[2010/07/24 16:56:52 | 000,000,020 | ---- | C] () -- D:\ProgramData\PKP_DLdu.DAT
[2010/07/24 16:56:52 | 000,000,012 | ---- | C] () -- D:\ProgramData\Track Settings
[2010/07/17 08:07:33 | 000,007,168 | ---- | C] () -- D:\Windows\SysWow64\drivers\StarOpen.sys
[2010/03/13 10:54:16 | 000,000,909 | ---- | C] () -- D:\Windows\wininit.ini
[2009/10/19 20:01:07 | 000,134,592 | ---- | C] () -- D:\Windows\SysWow64\igfcg500.bin
[2009/07/14 01:38:36 | 000,067,584 | --S- | C] () -- D:\Windows\bootstat.dat
[2009/07/13 22:35:51 | 000,000,741 | ---- | C] () -- D:\Windows\SysWow64\NOISE.DAT
[2009/07/13 22:34:42 | 000,215,943 | ---- | C] () -- D:\Windows\SysWow64\dssec.dat
[2009/07/13 20:10:29 | 000,043,131 | ---- | C] () -- D:\Windows\mib.bin
[2009/07/13 20:02:54 | 000,245,248 | ---- | C] () -- D:\Windows\SysWow64\DShowRdpFilter.dll
[2009/07/13 19:42:10 | 000,064,000 | ---- | C] () -- D:\Windows\SysWow64\BWContextHandler.dll
[2009/07/13 18:25:04 | 000,197,632 | ---- | C] () -- D:\Windows\SysWow64\ir32_32.dll
[2009/07/13 17:03:59 | 000,364,544 | ---- | C] () -- D:\Windows\SysWow64\msjetoledb40.dll
[2009/07/03 04:25:06 | 001,578,010 | ---- | C] () -- D:\Windows\SysWow64\PerfStringBackup.INI
[2009/06/10 17:26:10 | 000,673,088 | ---- | C] () -- D:\Windows\SysWow64\mlang.dat
[2007/10/10 08:37:54 | 000,278,528 | ---- | C] () -- D:\Windows\ImgUploaderLang_3.dll
[2007/10/10 08:37:54 | 000,278,528 | ---- | C] () -- D:\Windows\ImgUploaderLang_2.dll
[2007/10/10 08:37:54 | 000,278,528 | ---- | C] () -- D:\Windows\ImgUploaderLang_1.dll
[2007/06/27 06:22:54 | 000,692,224 | ---- | C] () -- D:\Windows\libcurl.dll
[1998/09/14 14:43:16 | 000,065,536 | ---- | C] () -- D:\Windows\SysWow64\EZTW32.DLL
 
[color=#E56717]========== LOP Check ==========[/color]
 
[2011/02/04 17:08:36 | 000,000,000 | ---D | M] -- D:\ProgramData\Alawar Stargaze
[2010/03/06 06:09:57 | 000,000,000 | ---D | M] -- D:\ProgramData\Alwil Software
[2009/07/14 01:08:56 | 000,000,000 | -HSD | M] -- D:\ProgramData\Application Data
[2010/05/02 13:22:53 | 000,000,000 | ---D | M] -- D:\ProgramData\Arcade Lab
[2011/02/21 14:47:36 | 000,000,000 | ---D | M] -- D:\ProgramData\Big Fish Games
[2010/02/25 13:08:16 | 000,000,000 | -HSD | M] -- D:\ProgramData\Bureau
[2010/07/24 16:53:29 | 000,000,000 | ---D | M] -- D:\ProgramData\Canneverbe Limited
[2009/07/14 01:08:56 | 000,000,000 | -HSD | M] -- D:\ProgramData\Desktop
[2009/07/14 01:08:56 | 000,000,000 | -HSD | M] -- D:\ProgramData\Documents
[2010/07/24 16:58:51 | 000,000,000 | ---D | M] -- D:\ProgramData\EnterNHelp
[2009/10/19 20:03:03 | 000,000,000 | ---D | M] -- D:\ProgramData\eSobi
[2010/05/01 09:44:57 | 000,000,000 | ---D | M] -- D:\ProgramData\FarmFrenzy2
[2010/02/25 13:08:16 | 000,000,000 | -HSD | M] -- D:\ProgramData\Favoris
[2009/07/14 01:08:56 | 000,000,000 | -HSD | M] -- D:\ProgramData\Favorites
[2010/02/25 13:11:00 | 000,000,000 | ---D | M] -- D:\ProgramData\McQcModifier-5c47-a7b0
[2010/02/25 13:08:16 | 000,000,000 | -HSD | M] -- D:\ProgramData\Menu Démarrer
[2010/02/25 13:08:16 | 000,000,000 | -HSD | M] -- D:\ProgramData\Modèles
[2010/07/24 16:57:44 | 000,000,000 | ---D | M] -- D:\ProgramData\Nikon
[2010/02/25 13:08:43 | 000,000,000 | ---D | M] -- D:\ProgramData\OEM
[2010/03/31 16:39:24 | 000,000,000 | ---D | M] -- D:\ProgramData\Partner
[2010/11/04 09:23:47 | 000,000,000 | ---D | M] -- D:\ProgramData\PearlMountainSoft
[2011/02/16 18:39:15 | 000,000,000 | ---D | M] -- D:\ProgramData\PlayFirst
[2010/04/14 03:19:15 | 000,000,000 | ---D | M] -- D:\ProgramData\Sandlot Games
[2009/07/14 01:08:56 | 000,000,000 | -HSD | M] -- D:\ProgramData\Start Menu
[2010/09/30 17:44:17 | 000,000,000 | ---D | M] -- D:\ProgramData\SweetIM
[2011/02/21 14:49:31 | 000,000,000 | ---D | M] -- D:\ProgramData\TEMP
[2009/07/14 01:08:56 | 000,000,000 | -HSD | M] -- D:\ProgramData\Templates
[2011/03/02 06:54:10 | 000,000,000 | ---D | M] -- D:\ProgramData\Ubisoft
[2010/07/24 16:58:51 | 000,000,000 | ---D | M] -- D:\ProgramData\Ultima_T15
[2011/07/02 04:27:58 | 000,032,496 | ---- | M] () -- D:\Windows\Tasks\SCHEDLGU.TXT
 
[color=#E56717]========== Purity Check ==========[/color]
 
 
 
[color=#E56717]========== Custom Scans ==========[/color]
 
 
[color=#A23BEC]< HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\ >[/color]
"ReportBootOk" = 1
"Shell" = Explorer.exe -- [2011/02/26 01:33:07 | 002,614,784 | ---- | M] (Microsoft Corporation)
"PreCreateKnownFolders" = {A520A1A4-1780-4FF6-BD18-167343C5AF16}
"Userinit" = C:\Windows\system32\userinit.exe,
"VMApplet" = SystemPropertiesPerformance.exe /pagefile -- [2009/07/13 21:14:42 | 000,081,920 | ---- | M] (Microsoft Corporation)
"AutoRestartShell" = 1
"Background" = 0 0 0
"CachedLogonsCount" = 10
"DebugServerCommand" = no
"ForceUnlockLogon" = 0
"LegalNoticeCaption" =
"LegalNoticeText" =
"PasswordExpiryWarning" = 5
"PowerdownAfterShutdown" = 0
"ShutdownWithoutLogon" = 0
"WinStationsDisabled" = 0
"DisableCAD" = 1
"scremoveoption" = 0
"ShutdownFlags" = 39
"allocatecdroms" = 0
"LegalNotice Text" =
"SFCDisable" = 0
"System" =
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\SpecialAccounts]
 
[color=#A23BEC]< %systemroot%\system32\drivers\*.sys /lockedfiles >[/color]
 
Invalid Environment Variable: %ALLUSERSPROFILE%\Application Data\*.
 
Invalid Environment Variable: %ALLUSERSPROFILE%\Application Data\*.exe
 
Invalid Environment Variable: %APPDATA%\*.
 
Invalid Environment Variable: %APPDATA%\*.exe
 
[color=#A23BEC]< %SYSTEMDRIVE%\*.exe >[/color]
 
[color=#A23BEC]< %SYSTEMDRIVE%\*.exe >[/color]
 
 
[color=#A23BEC]< MD5 for: AGP440.SYS  >[/color]
[2009/07/13 21:52:21 | 000,061,008 | ---- | M] (Microsoft Corporation) MD5=608C14DBA7299D8CB6ED035A68A15799 -- D:\Windows\System32\drivers\AGP440.sys
[2009/07/13 21:52:21 | 000,061,008 | ---- | M] (Microsoft Corporation) MD5=608C14DBA7299D8CB6ED035A68A15799 -- D:\Windows\System32\DriverStore\FileRepository\machine.inf_amd64_neutral_9e6bb86c3b39a3e9\AGP440.sys
[2009/07/13 21:52:21 | 000,061,008 | ---- | M] (Microsoft Corporation) MD5=608C14DBA7299D8CB6ED035A68A15799 -- D:\Windows\winsxs\amd64_machine.inf_31bf3856ad364e35_6.1.7600.16385_none_1607dee2d861e021\AGP440.sys
[2009/07/13 21:52:21 | 000,061,008 | ---- | M] (Microsoft Corporation) MD5=608C14DBA7299D8CB6ED035A68A15799 -- D:\Windows\winsxs\amd64_machine.inf_31bf3856ad364e35_6.1.7601.17514_none_1838f2aad55063bb\AGP440.sys
 
[color=#A23BEC]< MD5 for: ATAPI.SYS  >[/color]
[2009/07/13 21:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- D:\Windows\ERDNT\cache64\atapi.sys
[2009/07/13 21:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- D:\Windows\System32\drivers\atapi.sys
[2009/07/13 21:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- D:\Windows\System32\DriverStore\FileRepository\mshdc.inf_amd64_neutral_a69a58a4286f0b22\atapi.sys
[2009/07/13 21:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- D:\Windows\winsxs\amd64_mshdc.inf_31bf3856ad364e35_6.1.7600.16385_none_392d19c13b3ad543\atapi.sys
[2009/07/13 21:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- D:\Windows\winsxs\amd64_mshdc.inf_31bf3856ad364e35_6.1.7601.17514_none_3b5e2d89382958dd\atapi.sys
 
[color=#A23BEC]< MD5 for: BOOTVID.DLL  >[/color]
[2009/07/13 21:52:21 | 000,023,120 | ---- | M] (Microsoft Corporation) MD5=B1DADC050C697C6371590389EDF89A95 -- D:\Windows\System32\BOOTVID.DLL
[2009/07/13 21:52:21 | 000,023,120 | ---- | M] (Microsoft Corporation) MD5=B1DADC050C697C6371590389EDF89A95 -- D:\Windows\winsxs\amd64_microsoft-windows-bootvid_31bf3856ad364e35_6.1.7600.16385_none_946e6d209fe56342\BOOTVID.DLL
[2009/07/13 21:26:15 | 000,021,584 | ---- | M] (Microsoft Corporation) MD5=D5037B4C527AB5069C48C9C09A12756D -- D:\Windows\SysWOW64\BOOTVID.DLL
[2009/07/13 21:26:15 | 000,021,584 | ---- | M] (Microsoft Corporation) MD5=D5037B4C527AB5069C48C9C09A12756D -- D:\Windows\winsxs\x86_microsoft-windows-bootvid_31bf3856ad364e35_6.1.7600.16385_none_384fd19ce787f20c\BOOTVID.DLL
 
[color=#A23BEC]< MD5 for: CDROM.SYS  >[/color]
[2009/07/13 19:19:54 | 000,147,456 | ---- | M] (Microsoft Corporation) MD5=83D2D75E1EFB81B3450C18131443F7DB -- D:\Windows\System32\drivers\cdrom.sys
[2009/07/13 19:19:54 | 000,147,456 | ---- | M] (Microsoft Corporation) MD5=83D2D75E1EFB81B3450C18131443F7DB -- D:\Windows\System32\DriverStore\FileRepository\cdrom.inf_amd64_neutral_8363d00ecae4322d\cdrom.sys
[2009/07/13 19:19:54 | 000,147,456 | ---- | M] (Microsoft Corporation) MD5=83D2D75E1EFB81B3450C18131443F7DB -- D:\Windows\winsxs\amd64_cdrom.inf_31bf3856ad364e35_6.1.7600.16385_none_bb9e4d89bd7870f1\cdrom.sys
[2010/11/20 05:19:21 | 000,147,456 | ---- | M] (Microsoft Corporation) MD5=F036CE71586E93D94DAB220D7BDF4416 -- D:\Windows\SoftwareDistribution\Download\488053cdbca3231eeb2c2af7236d09ed\amd64_cdrom.inf_31bf3856ad364e35_6.1.7601.17514_none_bdcf6151ba66f48b\cdrom.sys
 
[color=#A23BEC]< MD5 for: CI.DLL  >[/color]
[2009/07/13 21:43:14 | 000,780,224 | ---- | M] (Microsoft Corporation) MD5=02F31439AF6499B530AC285C0863BB9E -- D:\Windows\System32\ci.dll
[2009/07/13 21:43:14 | 000,780,224 | ---- | M] (Microsoft Corporation) MD5=02F31439AF6499B530AC285C0863BB9E -- D:\Windows\winsxs\amd64_microsoft-windows-codeintegrity_31bf3856ad364e35_6.1.7600.16385_none_fc6ce2e51e70eaed\ci.dll
[2010/11/20 09:28:59 | 000,780,008 | ---- | M] (Microsoft Corporation) MD5=11338E0557B07BC32CDB980B6EDB35AA -- D:\Windows\SoftwareDistribution\Download\488053cdbca3231eeb2c2af7236d09ed\amd64_microsoft-windows-codeintegrity_31bf3856ad364e35_6.1.7601.17514_none_fe9df6ad1b5f6e87\ci.dll
 
[color=#A23BEC]< MD5 for: CLFS.SYS  >[/color]
[2009/07/13 21:52:31 | 000,367,696 | ---- | M] (Microsoft Corporation) MD5=FE1EC06F2253F691FE36217C592A0206 -- D:\Windows\System32\clfs.sys
[2009/07/13 21:52:31 | 000,367,696 | ---- | M] (Microsoft Corporation) MD5=FE1EC06F2253F691FE36217C592A0206 -- D:\Windows\winsxs\amd64_microsoft-windows-commonlog_31bf3856ad364e35_6.1.7600.16385_none_da778c54413d0c9c\clfs.sys
 
[color=#A23BEC]< MD5 for: CNGAUDIT.DLL  >[/color]
[2009/07/13 21:15:06 | 000,012,288 | ---- | M] (Microsoft Corporation) MD5=50BA656134F78AF64E4DD3C8B6FEFD7E -- D:\Windows\ERDNT\cache86\cngaudit.dll
[2009/07/13 21:15:06 | 000,012,288 | ---- | M] (Microsoft Corporation) MD5=50BA656134F78AF64E4DD3C8B6FEFD7E -- D:\Windows\SysWOW64\cngaudit.dll
[2009/07/13 21:15:06 | 000,012,288 | ---- | M] (Microsoft Corporation) MD5=50BA656134F78AF64E4DD3C8B6FEFD7E -- D:\Windows\winsxs\x86_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.1.7600.16385_none_e83a414890e8132b\cngaudit.dll
[2009/07/13 21:40:20 | 000,018,944 | ---- | M] (Microsoft Corporation) MD5=86FE1B1F8FD42CD0DB641AB1CDB13093 -- D:\Windows\ERDNT\cache64\cngaudit.dll
[2009/07/13 21:40:20 | 000,018,944 | ---- | M] (Microsoft Corporation) MD5=86FE1B1F8FD42CD0DB641AB1CDB13093 -- D:\Windows\System32\cngaudit.dll
[2009/07/13 21:40:20 | 000,018,944 | ---- | M] (Microsoft Corporation) MD5=86FE1B1F8FD42CD0DB641AB1CDB13093 -- D:\Windows\winsxs\amd64_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.1.7600.16385_none_4458dccc49458461\cngaudit.dll
 
[color=#A23BEC]< MD5 for: DISK.SYS  >[/color]
[2009/07/13 21:47:48 | 000,073,280 | ---- | M] (Microsoft Corporation) MD5=9819EEE8B5EA3784EC4AF3B137A5244C -- D:\Windows\System32\drivers\disk.sys
[2009/07/13 21:47:48 | 000,073,280 | ---- | M] (Microsoft Corporation) MD5=9819EEE8B5EA3784EC4AF3B137A5244C -- D:\Windows\System32\DriverStore\FileRepository\disk.inf_amd64_neutral_10ce25bbc5a9cc43\disk.sys
[2009/07/13 21:47:48 | 000,073,280 | ---- | M] (Microsoft Corporation) MD5=9819EEE8B5EA3784EC4AF3B137A5244C -- D:\Windows\winsxs\amd64_disk.inf_31bf3856ad364e35_6.1.7600.16385_none_55bb738b8ddd8a01\disk.sys
 
[color=#A23BEC]< MD5 for: EXPLORER.EXE  >[/color]
[2011/02/26 02:23:14 | 002,870,272 | ---- | M] (Microsoft Corporation) MD5=0862495E0C825893DB75EF44FAEA8E93 -- D:\Windows\ERDNT\cache86\explorer.exe
[2011/02/26 02:23:14 | 002,870,272 | ---- | M] (Microsoft Corporation) MD5=0862495E0C825893DB75EF44FAEA8E93 -- D:\Windows\explorer.exe
[2011/02/26 02:23:14 | 002,870,272 | ---- | M] (Microsoft Corporation) MD5=0862495E0C825893DB75EF44FAEA8E93 -- D:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16768_none_adc24107935a7e25\explorer.exe
[2011/02/26 01:19:21 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=0FB9C74046656D1579A64660AD67B746 -- D:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.21669_none_ba87e574ddfe652d\explorer.exe
[2009/07/13 21:14:20 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=15BC38A7492BEFE831966ADB477CF76F -- D:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16385_none_b7fe430bc7ce3761\explorer.exe
[2011/02/26 01:51:13 | 002,614,784 | ---- | M] (Microsoft Corporation) MD5=255CF508D7CFB10E0794D6AC93280BD8 -- D:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20910_none_b8ce9756e0b786a4\explorer.exe
[2009/10/31 01:45:39 | 002,614,272 | ---- | M] (Microsoft Corporation) MD5=2626FC9755BE22F805D3CFA0CE3EE727 -- D:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16450_none_b819b343c7ba6202\explorer.exe
[2011/02/26 01:33:07 | 002,614,784 | ---- | M] (Microsoft Corporation) MD5=2AF58D15EDC06EC6FDACCE1F19482BBF -- D:\Windows\SysWOW64\explorer.exe
[2011/02/26 01:33:07 | 002,614,784 | ---- | M] (Microsoft Corporation) MD5=2AF58D15EDC06EC6FDACCE1F19482BBF -- D:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16768_none_b816eb59c7bb4020\explorer.exe
[2011/02/25 02:19:30 | 002,871,808 | ---- | M] (Microsoft Corporation) MD5=332FEAB1435662FC6C672E25BEB37BE3 -- D:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17567_none_afa79dc39081d0ba\explorer.exe
[2011/02/26 02:14:34 | 002,871,808 | ---- | M] (Microsoft Corporation) MD5=3B69712041F3D63605529BD66DC00C48 -- D:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.21669_none_b0333b22a99da332\explorer.exe
[2010/11/20 08:17:09 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=40D777B7A95E00593EB1568C68514493 -- D:\Windows\SoftwareDistribution\Download\488053cdbca3231eeb2c2af7236d09ed\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17514_none_ba2f56d3c4bcbafb\explorer.exe
[2009/08/03 02:19:07 | 002,868,224 | ---- | M] (Microsoft Corporation) MD5=700073016DAC1C3D2E7E2CE4223334B6 -- D:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20500_none_ae84b558ac4eb41c\explorer.exe
[2011/02/25 01:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=8B88EBBB05A0E56B7DCC708498C02B3E -- D:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17567_none_b9fc4815c4e292b5\explorer.exe
[2009/10/31 02:34:59 | 002,870,272 | ---- | M] (Microsoft Corporation) MD5=9AAAEC8DAC27AA17B053E6352AD233AE -- D:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16450_none_adc508f19359a007\explorer.exe
[2009/08/03 01:49:47 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=9FF6C4C91A3711C0A3B18F87B08B518D -- D:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20500_none_b8d95faae0af7617\explorer.exe
[2010/11/20 09:24:45 | 002,872,320 | ---- | M] (Microsoft Corporation) MD5=AC4C51EB24AA95B77F705AB159189E24 -- D:\Windows\SoftwareDistribution\Download\488053cdbca3231eeb2c2af7236d09ed\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17514_none_afdaac81905bf900\explorer.exe
[2009/10/31 02:38:38 | 002,870,272 | ---- | M] (Microsoft Corporation) MD5=B8EC4BD49CE8F6FC457721BFC210B67F -- D:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20563_none_ae46d6aeac7ca7c7\explorer.exe
[2009/08/03 01:35:50 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=B95EEB0F4E5EFBF1038A35B3351CF047 -- D:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16404_none_b853c407c78e3ba9\explorer.exe
[2009/07/13 21:39:10 | 002,868,224 | ---- | M] (Microsoft Corporation) MD5=C235A51CB740E45FFA0EBFB9BAFCDA64 -- D:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16385_none_ada998b9936d7566\explorer.exe
[2009/10/31 02:00:51 | 002,614,272 | ---- | M] (Microsoft Corporation) MD5=C76153C7ECA00FA852BB0C193378F917 -- D:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20563_none_b89b8100e0dd69c2\explorer.exe
[2011/02/26 02:26:45 | 002,870,784 | ---- | M] (Microsoft Corporation) MD5=E38899074D4951D31B4040E994DD7C8D -- D:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20910_none_ae79ed04ac56c4a9\explorer.exe
[2009/08/03 02:17:37 | 002,868,224 | ---- | M] (Microsoft Corporation) MD5=F170B4A061C9E026437B193B4D571799 -- D:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16404_none_adff19b5932d79ae\explorer.exe
 
[color=#A23BEC]< MD5 for: HAL.DLL  >[/color]
[2009/07/13 21:47:48 | 000,263,232 | ---- | M] (Microsoft Corporation) MD5=C0A6F6E05E14FBCAEDE7796C8590B7AC -- D:\Windows\System32\hal.dll
[2009/07/13 21:47:48 | 000,263,232 | ---- | M] (Microsoft Corporation) MD5=C0A6F6E05E14FBCAEDE7796C8590B7AC -- D:\Windows\winsxs\amd64_microsoft-windows-hal_31bf3856ad364e35_6.1.7600.16385_none_071de44b735b3dfc\hal.dll
[2010/11/20 09:33:34 | 000,263,040 | ---- | M] (Microsoft Corporation) MD5=CFB8C673F9188F99466E76C6972191E0 -- D:\Windows\SoftwareDistribution\Download\488053cdbca3231eeb2c2af7236d09ed\amd64_microsoft-windows-hal_31bf3856ad364e35_6.1.7601.17514_none_094ef8137049c196\hal.dll
 
[color=#A23BEC]< MD5 for: IASTOR.SYS  >[/color]
[2009/06/04 21:54:36 | 000,408,600 | ---- | M] (Intel Corporation) MD5=1D004CB1DA6323B1F55CAEF7F94B61D9 -- D:\Program Files (x86)\Intel\Intel Matrix Storage Manager\driver64\IaStor.sys
[2009/06/04 21:54:36 | 000,408,600 | ---- | M] (Intel Corporation) MD5=1D004CB1DA6323B1F55CAEF7F94B61D9 -- D:\Windows\System32\drivers\iaStor.sys
[2009/06/04 21:54:36 | 000,408,600 | ---- | M] (Intel Corporation) MD5=1D004CB1DA6323B1F55CAEF7F94B61D9 -- D:\Windows\System32\DriverStore\FileRepository\iaahci.inf_amd64_neutral_7fb62b08f6b7117a\iaStor.sys
[2009/06/04 21:43:16 | 000,330,264 | ---- | M] (Intel Corporation) MD5=D483687EACE0C065EE772481A96E05F5 -- D:\Program Files (x86)\Intel\Intel Matrix Storage Manager\driver\IaStor.sys
 
[color=#A23BEC]< MD5 for: IASTORV.SYS  >[/color]
[2010/11/20 09:33:38 | 000,410,496 | ---- | M] (Intel Corporation) MD5=3DF4395A7CF8B7A72A5F4606366B8C2D -- D:\Windows\SoftwareDistribution\Download\488053cdbca3231eeb2c2af7236d09ed\amd64_iastorv.inf_31bf3856ad364e35_6.1.7601.17514_none_0d3757e79e6784d0\iaStorV.sys
[2011/03/11 02:19:16 | 000,410,496 | ---- | M] (Intel Corporation) MD5=5B3DE7208E5000D5B451B9D290D2579C -- D:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7601.21680_none_0d714416b7c182d5\iaStorV.sys
[2011/03/11 02:41:26 | 000,410,496 | ---- | M] (Intel Corporation) MD5=AAAF44DB3BD0B9D1FB6969B23ECC8366 -- D:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7601.17577_none_0cf9793d9e95787b\iaStorV.sys
[2011/03/11 02:23:00 | 000,410,496 | ---- | M] (Intel Corporation) MD5=B75E45C564E944A2657167D197AB29DA -- D:\Windows\System32\drivers\iaStorV.sys
[2011/03/11 02:23:00 | 000,410,496 | ---- | M] (Intel Corporation) MD5=B75E45C564E944A2657167D197AB29DA -- D:\Windows\System32\DriverStore\FileRepository\iastorv.inf_amd64_neutral_0033117673c16921\iaStorV.sys
[2011/03/11 02:23:00 | 000,410,496 | ---- | M] (Intel Corporation) MD5=B75E45C564E944A2657167D197AB29DA -- D:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7600.16778_none_0b141c81a16e25e6\iaStorV.sys
[2011/03/11 02:25:49 | 000,410,496 | ---- | M] (Intel Corporation) MD5=BFDC9D75698800CFE4D1698BF2750EA2 -- D:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7600.20921_none_0bccc8c8ba6985c1\iaStorV.sys
[2009/07/13 21:48:04 | 000,410,688 | ---- | M] (Intel Corporation) MD5=D83EFB6FD45DF9D55E9A1AFC63640D50 -- D:\Windows\System32\DriverStore\FileRepository\iastorv.inf_amd64_neutral_18cccb83b34e1453\iaStorV.sys
[2009/07/13 21:48:04 | 000,410,688 | ---- | M] (Intel Corporation) MD5=D83EFB6FD45DF9D55E9A1AFC63640D50 -- D:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7600.16385_none_0b06441fa1790136\iaStorV.sys
 
[color=#A23BEC]< MD5 for: KD1394.DLL  >[/color]
[2011/02/05 08:32:29 | 000,019,328 | ---- | M] (Microsoft Corporation) MD5=0BE5261E3D20E7CD61194308E6FE9A26 -- D:\Windows\winsxs\amd64_microsoft-windows-b..uggertransport-1394_31bf3856ad364e35_6.1.7600.20897_none_c0411de526b768a4\kd1394.dll
[2011/02/05 08:41:24 | 000,019,328 | ---- | M] (Microsoft Corporation) MD5=6A9591A2E07B7AF1015587592EF27119 -- D:\Windows\System32\kd1394.dll
[2011/02/05 08:41:24 | 000,019,328 | ---- | M] (Microsoft Corporation) MD5=6A9591A2E07B7AF1015587592EF27119 -- D:\Windows\winsxs\amd64_microsoft-windows-b..uggertransport-1394_31bf3856ad364e35_6.1.7600.16757_none_bfe2c0ca0d795916\kd1394.dll
[2011/02/05 08:44:16 | 000,019,328 | ---- | M] (Microsoft Corporation) MD5=720AA2B993842FD7A17EC3A1526D1211 -- D:\Windows\winsxs\amd64_microsoft-windows-b..uggertransport-1394_31bf3856ad364e35_6.1.7601.21655_none_c250ba0723bf321e\kd1394.dll
[2011/02/05 13:10:08 | 000,019,328 | ---- | M] (Microsoft Corporation) MD5=722258D597A0CC4EEFF3AF338681E5B6 -- D:\Windows\winsxs\amd64_microsoft-windows-b..uggertransport-1394_31bf3856ad364e35_6.1.7601.17556_none_c1c81d860aa0abab\kd1394.dll
[2009/07/13 21:48:04 | 000,019,520 | ---- | M] (Microsoft Corporation) MD5=FF8FC96AF3797A06678F10BB300F154C -- D:\Windows\winsxs\amd64_microsoft-windows-b..uggertransport-1394_31bf3856ad364e35_6.1.7600.16385_none_bfc048da0d93859f\kd1394.dll
 
[color=#A23BEC]< MD5 for: KDCOM.DLL  >[/color]
[2011/02/05 08:32:29 | 000,017,792 | ---- | M] (Microsoft Corporation) MD5=31A2C33658CF03C42DDE43C7204ED037 -- D:\Windows\winsxs\amd64_microsoft-windows-b..gertransport-serial_31bf3856ad364e35_6.1.7600.20897_none_6e2b53d0df7fd8c1\kdcom.dll
[2009/07/13 21:48:04 | 000,017,984 | ---- | M] (Microsoft Corporation) MD5=5FD00D62F2C69F6FB2A7AD15D0DDD0DC -- D:\Windows\winsxs\amd64_microsoft-windows-b..gertransport-serial_31bf3856ad364e35_6.1.7600.16385_none_6daa7ec5c65bf5bc\kdcom.dll
[2011/02/05 08:44:16 | 000,017,792 | ---- | M] (Microsoft Corporation) MD5=B8CCCD8B757BCBCF2B2E953CDC2B1564 -- D:\Windows\winsxs\amd64_microsoft-windows-b..gertransport-serial_31bf3856ad364e35_6.1.7601.21655_none_703aeff2dc87a23b\kdcom.dll
[2011/02/05 13:10:08 | 000,017,792 | ---- | M] (Microsoft Corporation) MD5=CDD0C92A653CAC881D780003E0C4E813 -- D:\Windows\winsxs\amd64_microsoft-windows-b..gertransport-serial_31bf3856ad364e35_6.1.7601.17556_none_6fb25371c3691bc8\kdcom.dll
[2011/02/05 08:41:23 | 000,017,792 | ---- | M] (Microsoft Corporation) MD5=F413DF1D84E4CE2546790D9B9A50ADAB -- D:\Windows\System32\kdcom.dll
[2011/02/05 08:41:23 | 000,017,792 | ---- | M] (Microsoft Corporation) MD5=F413DF1D84E4CE2546790D9B9A50ADAB -- D:\Windows\winsxs\amd64_microsoft-windows-b..gertransport-serial_31bf3856ad364e35_6.1.7600.16757_none_6dccf6b5c641c933\kdcom.dll
 
[color=#A23BEC]< MD5 for: KDUSB.DLL  >[/color]
[2009/07/13 21:48:04 | 000,020,544 | ---- | M] (Microsoft Corporation) MD5=040B545E6C731AE319BB5321A1FAFF3C -- D:\Windows\winsxs\amd64_microsoft-windows-b..buggertransport-usb_31bf3856ad364e35_6.1.7600.16385_none_f9729b4224386e7a\kdusb.dll
[2011/02/05 08:41:24 | 000,020,352 | ---- | M] (Microsoft Corporation) MD5=390078DB867BD5AF896118B6823C4C0C -- D:\Windows\System32\kdusb.dll
[2011/02/05 08:41:24 | 000,020,352 | ---- | M] (Microsoft Corporation) MD5=390078DB867BD5AF896118B6823C4C0C -- D:\Windows\winsxs\amd64_microsoft-windows-b..buggertransport-usb_31bf3856ad364e35_6.1.7600.16757_none_f9951332241e41f1\kdusb.dll
[2011/02/05 08:44:17 | 000,020,352 | ---- | M] (Microsoft Corporation) MD5=4C901A03D24A5B66F2EBD77879CCFEC6 -- D:\Windows\winsxs\amd64_microsoft-windows-b..buggertransport-usb_31bf3856ad364e35_6.1.7601.21655_none_fc030c6f3a641af9\kdusb.dll
[2011/02/05 13:10:08 | 000,020,352 | ---- | M] (Microsoft Corporation) MD5=539AA23C29FAC72FB29D58F33E6931B1 -- D:\Windows\winsxs\amd64_microsoft-windows-b..buggertransport-usb_31bf3856ad364e35_6.1.7601.17556_none_fb7a6fee21459486\kdusb.dll
[2011/02/05 08:32:28 | 000,020,352 | ---- | M] (Microsoft Corporation) MD5=7DB1A9B87C962ECCC9CFD3ABCBFC19C2 -- D:\Windows\winsxs\amd64_microsoft-windows-b..buggertransport-usb_31bf3856ad364e35_6.1.7600.20897_none_f9f3704d3d5c517f\kdusb.dll
 
[color=#A23BEC]< MD5 for: KSECDD.SYS  >[/color]
[2010/11/20 09:33:38 | 000,095,616 | ---- | M] (Microsoft Corporation) MD5=CCD53B5BD33CE0C889E830D839C8B66E -- D:\Windows\SoftwareDistribution\Download\488053cdbca3231eeb2c2af7236d09ed\amd64_microsoft-windows-lsa_31bf3856ad364e35_6.1.7601.17514_none_04709031736ac277\ksecdd.sys
[2009/07/13 21:48:04 | 000,095,312 | ---- | M] (Microsoft Corporation) MD5=E8B6FCC9C83535C67F835D407620BD27 -- D:\Windows\System32\drivers\ksecdd.sys
[2009/07/13 21:48:04 | 000,095,312 | ---- | M] (Microsoft Corporation) MD5=E8B6FCC9C83535C67F835D407620BD27 -- D:\Windows\winsxs\amd64_microsoft-windows-lsa_31bf3856ad364e35_6.1.7600.16385_none_023f7c69767c3edd\ksecdd.sys
[2009/07/13 21:48:04 | 000,095,312 | ---- | M] (Microsoft Corporation) MD5=E8B6FCC9C83535C67F835D407620BD27 -- D:\Windows\winsxs\amd64_microsoft-windows-lsa_31bf3856ad364e35_6.1.7600.16484_none_023e7e05767d22ad\ksecdd.sys
[2009/07/13 21:48:04 | 000,095,312 | ---- | M] (Microsoft Corporation) MD5=E8B6FCC9C83535C67F835D407620BD27 -- D:\Windows\winsxs\amd64_microsoft-windows-lsa_31bf3856ad364e35_6.1.7600.20594_none_02bd4ae48fa2de68\ksecdd.sys
 
[color=#A23BEC]< MD5 for: NDIS.SYS  >[/color]
[2010/11/20 09:33:45 | 000,951,680 | ---- | M] (Microsoft Corporation) MD5=79B47FD40D9A817E932F9D26FAC0A81C -- D:\Windows\SoftwareDistribution\Download\488053cdbca3231eeb2c2af7236d09ed\amd64_microsoft-windows-ndis_31bf3856ad364e35_6.1.7601.17514_none_05ed313632ae9759\ndis.sys
[2009/07/13 21:48:27 | 000,947,776 | ---- | M] (Microsoft Corporation) MD5=CAD515DBD07D082BB317D9928CE8962C -- D:\Windows\ERDNT\cache64\ndis.sys
[2009/07/13 21:48:27 | 000,947,776 | ---- | M] (Microsoft Corporation) MD5=CAD515DBD07D082BB317D9928CE8962C -- D:\Windows\System32\drivers\ndis.sys
[2009/07/13 21:48:27 | 000,947,776 | ---- | M] (Microsoft Corporation) MD5=CAD515DBD07D082BB317D9928CE8962C -- D:\Windows\winsxs\amd64_microsoft-windows-ndis_31bf3856ad364e35_6.1.7600.16385_none_03bc1d6e35c013bf\ndis.sys
 
[color=#A23BEC]< MD5 for: NETLOGON.DLL  >[/color]
[2009/07/13 21:41:52 | 000,692,736 | ---- | M] (Microsoft Corporation) MD5=956D030D375F207B22FB111E06EF9C35 -- D:\Windows\ERDNT\cache64\netlogon.dll
[2009/07/13 21:41:52 | 000,692,736 | ---- | M] (Microsoft Corporation) MD5=956D030D375F207B22FB111E06EF9C35 -- D:\Windows\System32\netlogon.dll
[2009/07/13 21:41:52 | 000,692,736 | ---- | M] (Microsoft Corporation) MD5=956D030D375F207B22FB111E06EF9C35 -- D:\Windows\winsxs\amd64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7600.16385_none_59aca8ea51aaeefe\netlogon.dll
[2010/11/20 09:27:22 | 000,695,808 | ---- | M] (Microsoft Corporation) MD5=AA339DD8BB128EF66660DFBBB59043D3 -- D:\Windows\SoftwareDistribution\Download\488053cdbca3231eeb2c2af7236d09ed\amd64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7601.17514_none_5bddbcb24e997298\netlogon.dll
[2010/11/20 08:20:28 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=C1809B9907ADEDAF16F50C894100883B -- D:\Windows\SoftwareDistribution\Download\488053cdbca3231eeb2c2af7236d09ed\wow64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7601.17514_none_6632670482fa3493\netlogon.dll
[2009/07/13 21:16:02 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=EAA75D9000B71F10EEC04D2AE6C60E81 -- D:\Windows\ERDNT\cache86\netlogon.dll
[2009/07/13 21:16:02 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=EAA75D9000B71F10EEC04D2AE6C60E81 -- D:\Windows\SysWOW64\netlogon.dll
[2009/07/13 21:16:02 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=EAA75D9000B71F10EEC04D2AE6C60E81 -- D:\Windows\winsxs\wow64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7600.16385_none_6401533c860bb0f9\netlogon.dll
 
[color=#A23BEC]< MD5 for: NTOSKRNL.EXE  >[/color]
[2011/04/09 02:21:32 | 003,911,552 | ---- | M] (Microsoft Corporation) MD5=0F4A148499CC6FA5D84A0F1587869051 -- D:\Windows\winsxs\x86_microsoft-windows-os-kernel_31bf3856ad364e35_6.1.7600.20941_none_6cb79c952e776446\ntoskrnl.exe
[2010/11/20 08:30:06 | 003,911,040 | ---- | M] (Microsoft Corporation) MD5=2088D9994332583EDB3C561DE31EA5AD -- D:\Windows\SoftwareDistribution\Download\488053cdbca3231eeb2c2af7236d09ed\x86_microsoft-windows-os-kernel_31bf3856ad364e35_6.1.7601.17514_none_6e37cb8c12652b73\ntoskrnl.exe
[2011/04/09 02:54:07 | 005,475,712 | ---- | M] (Microsoft Corporation) MD5=240D89BBE5BCD168D748D6C12B6FE884 -- D:\Windows\winsxs\amd64_microsoft-windows-os-kernel_31bf3856ad364e35_6.1.7600.20941_none_c8d63818e6d4d57c\ntoskrnl.exe
[2010/06/19 03:05:01 | 005,507,968 | ---- | M] (Microsoft Corporation) MD5=28C4FE45FC1B176FA74A48FB15DE7C9A -- D:\Windows\winsxs\amd64_microsoft-windows-os-kernel_31bf3856ad364e35_6.1.7600.16617_none_c8730901cd997f9b\ntoskrnl.exe
[2010/02/27 07:46:28 | 003,899,784 | ---- | M] (Microsoft Corporation) MD5=466FD46F58768E56F7B841681014EFF1 -- D:\Windows\winsxs\x86_microsoft-windows-os-kernel_31bf3856ad364e35_6.1.7600.20655_none_6cb0c81f2e7bee1e\ntoskrnl.exe
[2010/06/19 03:05:25 | 005,474,184 | ---- | M] (Microsoft Corporation) MD5=5223C216E348E397C5EACCBEFB57FFF2 -- D:\Windows\winsxs\amd64_microsoft-windows-os-kernel_31bf3856ad364e35_6.1.7600.20738_none_c8e8063ee6c6709e\ntoskrnl.exe
[2011/04/09 02:02:25 | 003,912,576 | ---- | M] (Microsoft Corporation) MD5=5D21C487F79F8245E799071589E035BF -- D:\Windows\winsxs\x86_microsoft-windows-os-kernel_31bf3856ad364e35_6.1.7601.17592_none_6ddf4b9812a7d84d\ntoskrnl.exe
[2010/10/27 00:43:38 | 003,901,824 | ---- | M] (Microsoft Corporation) MD5=776201760B5692F10DDA3BE85B54F213 -- D:\Windows\winsxs\x86_microsoft-windows-os-kernel_31bf3856ad364e35_6.1.7600.16695_none_6bfbed8a157ebb3f\ntoskrnl.exe
[2010/02/27 11:28:56 | 005,485,448 | ---- | M] (Microsoft Corporation) MD5=7B7253D90EF53BAFCDC96C888B1DB4F3 -- D:\Windows\winsxs\amd64_microsoft-windows-os-kernel_31bf3856ad364e35_6.1.7600.20655_none_c8cf63a2e6d95f54\ntoskrnl.exe
[2010/06/19 02:33:29 | 003,899,784 | ---- | M] (Microsoft Corporation) MD5=8218E74A67942120BF8EE30661EDF83F -- D:\Windows\winsxs\x86_microsoft-windows-os-kernel_31bf3856ad364e35_6.1.7600.16617_none_6c546d7e153c0e65\ntoskrnl.exe
[2011/04/09 02:50:20 | 005,562,240 | ---- | M] (Microsoft Corporation) MD5=99C2715F138E7ED2F489AB796DD3B53C -- D:\Windows\winsxs\amd64_microsoft-windows-os-kernel_31bf3856ad364e35_6.1.7601.21701_none_cae7d4cee3dad1a4\ntoskrnl.exe
[2009/07/13 21:48:28 | 005,511,248 | ---- | M] (Microsoft Corporation) MD5=9E722B768E33D26AD8FA7D642E707443 -- D:\Windows\winsxs\amd64_microsoft-windows-os-kernel_31bf3856ad364e35_6.1.7600.16385_none_c8255347cdd4190f\ntoskrnl.exe
[2009/07/13 21:20:44 | 003,899,472 | ---- | M] (Microsoft Corporation) MD5=B9D673F7707219DFD264891A26C21ECB -- D:\Windows\winsxs\x86_microsoft-windows-os-kernel_31bf3856ad364e35_6.1.7600.16385_none_6c06b7c41576a7d9\ntoskrnl.exe
[2010/10/27 00:33:37 | 003,911,552 | ---- | M] (Microsoft Corporation) MD5=C6169F5FDC8399E0C6C0729AB6EF2EF8 -- D:\Windows\winsxs\x86_microsoft-windows-os-kernel_31bf3856ad364e35_6.1.7600.20826_none_6cd23bf92e62adf0\ntoskrnl.exe
[2010/11/20 09:33:46 | 005,563,776 | ---- | M] (Microsoft Corporation) MD5=C6CEC3E6CC9842B73501C70AA64C00FE -- D:\Windows\SoftwareDistribution\Download\488053cdbca3231eeb2c2af7236d09ed\amd64_microsoft-windows-os-kernel_31bf3856ad364e35_6.1.7601.17514_none_ca56670fcac29ca9\ntoskrnl.exe
[2011/04/09 02:01:20 | 003,912,576 | ---- | M] (Microsoft Corporation) MD5=D385343510B75545EC5DB3A64C2D2492 -- D:\Windows\winsxs\x86_microsoft-windows-os-kernel_31bf3856ad364e35_6.1.7601.21701_none_6ec9394b2b7d606e\ntoskrnl.exe
[2010/06/19 02:37:01 | 003,909,512 | ---- | M] (Microsoft Corporation) MD5=D5662CD1F9B85936561A07ADC400ACF4 -- D:\Windows\winsxs\x86_microsoft-windows-os-kernel_31bf3856ad364e35_6.1.7600.20738_none_6cc96abb2e68ff68\ntoskrnl.exe
[2011/04/09 03:02:55 | 005,562,240 | ---- | M] (Microsoft Corporation) MD5=D60D9BCEAE5870A67E6C167F4681877B -- D:\Windows\winsxs\amd64_microsoft-windows-os-kernel_31bf3856ad364e35_6.1.7601.17592_none_c9fde71bcb054983\ntoskrnl.exe
[2011/04/09 02:13:06 | 003,901,824 | ---- | M] (Microsoft Corporation) MD5=D9FD1D6337F15AAF2012C69909615DB5 -- D:\Windows\ERDNT\cache86\ntoskrnl.exe
[2011/04/09 02:13:06 | 003,901,824 | ---- | M] (Microsoft Corporation) MD5=D9FD1D6337F15AAF2012C69909615DB5 -- D:\Windows\SysWOW64\ntoskrnl.exe
[2011/04/09 02:13:06 | 003,901,824 | ---- | M] (Microsoft Corporation) MD5=D9FD1D6337F15AAF2012C69909615DB5 -- D:\Windows\winsxs\x86_microsoft-windows-os-kernel_31bf3856ad364e35_6.1.7600.16792_none_6bf8ee9215816c61\ntoskrnl.exe
[2010/02/27 08:07:48 | 003,899,280 | ---- | M] (Microsoft Corporation) MD5=DD2ED3246F5F4E4B07F385A9520C3C7C -- D:\Windows\winsxs\x86_microsoft-windows-os-kernel_31bf3856ad364e35_6.1.7600.16539_none_6c40cc54154a7bce\ntoskrnl.exe
[2011/04/09 02:45:48 | 005,509,504 | ---- | M] (Microsoft Corporation) MD5=E03A9AC0273182895DCB3693A36785C9 -- D:\Windows\ERDNT\cache64\ntoskrnl.exe
[2011/04/09 02:45:48 | 005,509,504 | ---- | M] (Microsoft Corporation) MD5=E03A9AC0273182895DCB3693A36785C9 -- D:\Windows\System32\ntoskrnl.exe
[2011/04/09 02:45:48 | 005,509,504 | ---- | M] (Microsoft Corporation) MD5=E03A9AC0273182895DCB3693A36785C9 -- D:\Windows\winsxs\amd64_microsoft-windows-os-kernel_31bf3856ad364e35_6.1.7600.16792_none_c8178a15cddedd97\ntoskrnl.exe
[2010/10/27 01:18:36 | 005,510,528 | ---- | M] (Microsoft Corporation) MD5=E2EA143288BFF3D6B3AEB88C3BC02DAF -- D:\Windows\winsxs\amd64_microsoft-windows-os-kernel_31bf3856ad364e35_6.1.7600.16695_none_c81a890dcddc2c75\ntoskrnl.exe
[2010/10/27 01:23:11 | 005,477,248 | ---- | M] (Microsoft Corporation) MD5=E6FC5686F6BB6F0CEB1107E6D064A944 -- D:\Windows\winsxs\amd64_microsoft-windows-os-kernel_31bf3856ad364e35_6.1.7600.20826_none_c8f0d77ce6c01f26\ntoskrnl.exe
[2010/02/27 11:17:00 | 005,509,008 | ---- | M] (Microsoft Corporation) MD5=FD787551F58F9686CEC6353F693EF571 -- D:\Windows\winsxs\amd64_microsoft-windows-os-kernel_31bf3856ad364e35_6.1.7600.16539_none_c85f67d7cda7ed04\ntoskrnl.exe
 
[color=#A23BEC]< MD5 for: NVSTOR.SYS  >[/color]
[2009/07/13 21:45:45 | 000,167,488 | ---- | M] (NVIDIA Corporation) MD5=477DC4D6DEB99BE37084C9AC6D013DA1 -- D:\Windows\System32\DriverStore\FileRepository\nvraid.inf_amd64_neutral_5bde3fe2945bce9e\nvstor.sys
[2009/07/13 21:45:45 | 000,167,488 | ---- | M] (NVIDIA Corporation) MD5=477DC4D6DEB99BE37084C9AC6D013DA1 -- D:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7600.16385_none_95cfb4ced8afab0e\nvstor.sys
[2011/03/11 02:23:06 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=6C1D5F70E7A6A3FD1C90D840EDC048B9 -- D:\Windows\System32\drivers\nvstor.sys
[2011/03/11 02:23:06 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=6C1D5F70E7A6A3FD1C90D840EDC048B9 -- D:\Windows\System32\DriverStore\FileRepository\nvraid.inf_amd64_neutral_38e464dbe521cc7f\nvstor.sys
[2011/03/11 02:23:06 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=6C1D5F70E7A6A3FD1C90D840EDC048B9 -- D:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7600.16778_none_95dd8d30d8a4cfbe\nvstor.sys
[2011/03/11 02:25:53 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=AE274836BA56518E279087363A781214 -- D:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7600.20921_none_96963977f1a02f99\nvstor.sys
[2011/03/11 02:19:21 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=D23C7E8566DA2B8A7C0DBBB761D54888 -- D:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7601.21680_none_983ab4c5eef82cad\nvstor.sys
[2011/03/11 02:41:34 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=DAB0E87525C10052BF65F06152F37E4A -- D:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7601.17577_none_97c2e9ecd5cc2253\nvstor.sys
[2010/11/20 09:33:48 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=F7CD50FE7139F07E77DA8AC8033D1832 -- D:\Windows\SoftwareDistribution\Download\488053cdbca3231eeb2c2af7236d09ed\amd64_nvraid.inf_31bf3856ad364e35_6.1.7601.17514_none_9800c896d59e2ea8\nvstor.sys
 
[color=#A23BEC]< MD5 for: RASACD.SYS  >[/color]
[2009/07/13 20:10:09 | 000,014,848 | ---- | M] (Microsoft Corporation) MD5=5A0DA8AD5762FA2D91678A8A01311704 -- D:\Windows\System32\drivers\rasacd.sys
[2009/07/13 20:10:09 | 000,014,848 | ---- | M] (Microsoft Corporation) MD5=5A0DA8AD5762FA2D91678A8A01311704 -- D:\Windows\winsxs\amd64_microsoft-windows-rasautodial_31bf3856ad364e35_6.1.7600.16385_none_6bcef05d7f04260a\rasacd.sys
 
[color=#A23BEC]< MD5 for: RDPWD.SYS  >[/color]
[2010/11/20 07:04:37 | 000,210,944 | ---- | M] (Microsoft Corporation) MD5=15B66C206B5CB095BAB980553F38ED23 -- D:\Windows\SoftwareDistribution\Download\488053cdbca3231eeb2c2af7236d09ed\amd64_microsoft-windows-t..dp-winstationdriver_31bf3856ad364e35_6.1.7601.17514_none_a99b8db6eba2129b\rdpwd.sys
[2009/07/13 20:16:48 | 000,204,800 | ---- | M] (Microsoft Corporation) MD5=8A3E6BEA1C53EA6177FE2B6EBA2C80D7 -- D:\Windows\System32\drivers\rdpwd.sys
[2009/07/13 20:16:48 | 000,204,800 | ---- | M] (Microsoft Corporation) MD5=8A3E6BEA1C53EA6177FE2B6EBA2C80D7 -- D:\Windows\winsxs\amd64_microsoft-windows-t..dp-winstationdriver_31bf3856ad364e35_6.1.7600.16385_none_a76a79eeeeb38f01\rdpwd.sys
 
[color=#A23BEC]< MD5 for: SCECLI.DLL  >[/color]
[2009/07/13 21:16:13 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=26073302DAEA83CC5B944C546D6B47D2 -- D:\Windows\ERDNT\cache86\scecli.dll
[2009/07/13 21:16:13 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=26073302DAEA83CC5B944C546D6B47D2 -- D:\Windows\SysWOW64\scecli.dll
[2009/07/13 21:16:13 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=26073302DAEA83CC5B944C546D6B47D2 -- D:\Windows\winsxs\wow64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7600.16385_none_9e577e55272d37b4\scecli.dll
[2009/07/13 21:41:53 | 000,232,448 | ---- | M] (Microsoft Corporation) MD5=398712DDDAEFB85EDF61DF6A07B65C79 -- D:\Windows\ERDNT\cache64\scecli.dll
[2009/07/13 21:41:53 | 000,232,448 | ---- | M] (Microsoft Corporation) MD5=398712DDDAEFB85EDF61DF6A07B65C79 -- D:\Windows\System32\scecli.dll
[2009/07/13 21:41:53 | 000,232,448 | ---- | M] (Microsoft Corporation) MD5=398712DDDAEFB85EDF61DF6A07B65C79 -- D:\Windows\winsxs\amd64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7600.16385_none_9402d402f2cc75b9\scecli.dll
[2010/11/20 08:21:04 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=8124944EC89D6A1815E4E53F5B96AAF4 -- D:\Windows\SoftwareDistribution\Download\488053cdbca3231eeb2c2af7236d09ed\wow64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7601.17514_none_a088921d241bbb4e\scecli.dll
[2010/11/20 09:27:25 | 000,232,960 | ---- | M] (Microsoft Corporation) MD5=ED78427259134C63ED69804D2132B86C -- D:\Windows\SoftwareDistribution\Download\488053cdbca3231eeb2c2af7236d09ed\amd64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7601.17514_none_9633e7caefbaf953\scecli.dll
 
[color=#A23BEC]< MD5 for: SFLOPPY.SYS  >[/color]
[2009/07/13 20:01:02 | 000,016,896 | ---- | M] (Microsoft Corporation) MD5=A9D601643A1647211A1EE2EC4E433FF4 -- D:\Windows\System32\drivers\sfloppy.sys
[2009/07/13 20:01:02 | 000,016,896 | ---- | M] (Microsoft Corporation) MD5=A9D601643A1647211A1EE2EC4E433FF4 -- D:\Windows\System32\DriverStore\FileRepository\flpydisk.inf_amd64_neutral_f54222cc59267e1e\sfloppy.sys
[2009/07/13 20:01:02 | 000,016,896 | ---- | M] (Microsoft Corporation) MD5=A9D601643A1647211A1EE2EC4E433FF4 -- D:\Windows\winsxs\amd64_flpydisk.inf_31bf3856ad364e35_6.1.7600.16385_none_42ff01d4942cc5ea\sfloppy.sys
 
[color=#A23BEC]< MD5 for: SPLDR.SYS  >[/color]
[2009/07/13 21:45:55 | 000,019,008 | ---- | M] (Microsoft Corporation) MD5=B9E31E5CACDFE584F34F730A677803F9 -- D:\Windows\System32\drivers\spldr.sys
[2009/07/13 21:45:55 | 000,019,008 | ---- | M] (Microsoft Corporation) MD5=B9E31E5CACDFE584F34F730A677803F9 -- D:\Windows\winsxs\amd64_microsoft-windows-s..ive-blackbox-loader_31bf3856ad364e35_6.1.7600.16385_none_c72819e06acceb59\spldr.sys
 
[color=#A23BEC]< MD5 for: TCPIP.SYS  >[/color]
[2011/04/25 01:28:24 | 001,893,248 | ---- | M] (Microsoft Corporation) MD5=1F748D5439B65E0BEBD92F65048F030D -- D:\Windows\winsxs\amd64_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.1.7600.20951_none_0fb918de99201ffb\tcpip.sys
[2010/11/20 09:33:57 | 001,924,480 | ---- | M] (Microsoft Corporation) MD5=509383E505C973ED7534A06B3D19688D -- D:\Windows\SoftwareDistribution\Download\488053cdbca3231eeb2c2af7236d09ed\amd64_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.1.7601.17514_none_114417c17d05cb37\tcpip.sys
[2010/06/14 02:39:16 | 001,889,152 | ---- | M] (Microsoft Corporation) MD5=542C6767C68C9D6AAACA59436B0D15C2 -- D:\Windows\winsxs\amd64_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.1.7600.20733_none_0fd0b57e990e2079\tcpip.sys
[2011/04/25 01:32:22 | 001,896,832 | ---- | M] (Microsoft Corporation) MD5=61DC720BB065D607D5823F13D2A64321 -- D:\Windows\ERDNT\cache64\tcpip.sys
[2011/04/25 01:32:22 | 001,896,832 | ---- | M] (Microsoft Corporation) MD5=61DC720BB065D607D5823F13D2A64321 -- D:\Windows\System32\drivers\tcpip.sys
[2011/04/25 01:32:22 | 001,896,832 | ---- | M] (Microsoft Corporation) MD5=61DC720BB065D607D5823F13D2A64321 -- D:\Windows\winsxs\amd64_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.1.7600.16802_none_0f668bf97fd90dd3\tcpip.sys
[2010/04/09 07:06:28 | 001,898,376 | ---- | M] (Microsoft Corporation) MD5=7FC877A25796D8ADF539E64703FCA7E1 -- D:\Windows\winsxs\amd64_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.1.7600.16569_none_0f2ca8c580036f65\tcpip.sys
[2010/06/14 02:37:36 | 001,896,832 | ---- | M] (Microsoft Corporation) MD5=90A2D722CF64D911879D6C4A4F802A4D -- D:\Windows\winsxs\amd64_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.1.7600.16610_none_0f59b7ad7fe2fcc8\tcpip.sys
[2009/07/13 21:45:55 | 001,898,576 | ---- | M] (Microsoft Corporation) MD5=912107716BAB424C7870E8E6AF5E07E1 -- D:\Windows\winsxs\amd64_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.1.7600.16385_none_0f1303f98017479d\tcpip.sys
[2011/04/25 01:33:51 | 001,923,968 | ---- | M] (Microsoft Corporation) MD5=92CE29D95AC9DD2D0EE9061D551BA250 -- D:\Windows\winsxs\amd64_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.1.7601.17603_none_114de9497cfe9316\tcpip.sys
[2010/04/09 03:56:29 | 001,892,232 | ---- | M] (Microsoft Corporation) MD5=A9C0F786AC1F736891D05CE0A1D29DEB -- D:\Windows\winsxs\amd64_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.1.7600.20687_none_0f9ea52499331463\tcpip.sys
[2011/04/25 02:16:34 | 001,927,552 | ---- | M] (Microsoft Corporation) MD5=B77977AEB2FF159D01DB08A309989C5F -- D:\Windows\winsxs\amd64_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.1.7601.21712_none_11cbb5de9625357a\tcpip.sys
 
[color=#A23BEC]< MD5 for: TDPIPE.SYS  >[/color]
[2009/07/13 20:16:32 | 000,015,872 | ---- | M] (Microsoft Corporation) MD5=3371D21011695B16333A3934340C4E7C -- D:\Windows\System32\drivers\tdpipe.sys
[2009/07/13 20:16:32 | 000,015,872 | ---- | M] (Microsoft Corporation) MD5=3371D21011695B16333A3934340C4E7C -- D:\Windows\winsxs\amd64_microsoft-windows-t..es-transportdrivers_31bf3856ad364e35_6.1.7600.16385_none_37a129135e68497e\tdpipe.sys
 
[color=#A23BEC]< MD5 for: TDTCP.SYS  >[/color]
[2009/07/13 20:16:32 | 000,023,552 | ---- | M] (Microsoft Corporation) MD5=E4245BDA3190A582D55ED09E137401A9 -- D:\Windows\System32\drivers\tdtcp.sys
[2009/07/13 20:16:32 | 000,023,552 | ---- | M] (Microsoft Corporation) MD5=E4245BDA3190A582D55ED09E137401A9 -- D:\Windows\winsxs\amd64_microsoft-windows-t..es-transportdrivers_31bf3856ad364e35_6.1.7600.16385_none_37a129135e68497e\tdtcp.sys
 
[color=#A23BEC]< MD5 for: TPM.SYS  >[/color]
[2009/07/13 19:21:48 | 000,038,400 | ---- | M] (Microsoft Corporation) MD5=DBCC20C02E8A3E43B03C304A4E40A84F -- D:\Windows\System32\DriverStore\FileRepository\tpm.inf_amd64_neutral_d5bb6575cf91cd73\tpm.sys
[2009/07/13 19:21:48 | 000,038,400 | ---- | M] (Microsoft Corporation) MD5=DBCC20C02E8A3E43B03C304A4E40A84F -- D:\Windows\winsxs\amd64_tpm.inf_31bf3856ad364e35_6.1.7600.16385_none_0817dcde20d8acd1\tpm.sys
 
[color=#A23BEC]< MD5 for: USBPRINT.SYS  >[/color]
[2009/07/13 20:38:18 | 000,025,088 | ---- | M] (Microsoft Corporation) MD5=73188F58FB384E75C4063D29413CEE3D -- D:\Windows\System32\drivers\usbprint.sys
[2009/07/13 20:38:18 | 000,025,088 | ---- | M] (Microsoft Corporation) MD5=73188F58FB384E75C4063D29413CEE3D -- D:\Windows\System32\DriverStore\FileRepository\usbprint.inf_amd64_neutral_54948be2bc4bcdd1\usbprint.sys
[2009/07/13 20:38:18 | 000,025,088 | ---- | M] (Microsoft Corporation) MD5=73188F58FB384E75C4063D29413CEE3D -- D:\Windows\winsxs\amd64_usbprint.inf_31bf3856ad364e35_6.1.7600.16385_none_8eeeb411db1b01c5\usbprint.sys
 
[color=#A23BEC]< MD5 for: USBSCAN.SYS  >[/color]
[2009/07/13 20:35:32 | 000,041,984 | ---- | M] (Microsoft Corporation) MD5=AAA2513C8AED8B54B189FD0C6B1634C0 -- D:\Windows\System32\DriverStore\FileRepository\sti.inf_amd64_neutral_9d9a7113099a28a2\usbscan.sys
[2009/07/13 20:35:32 | 000,041,984 | ---- | M] (Microsoft Corporation) MD5=AAA2513C8AED8B54B189FD0C6B1634C0 -- D:\Windows\winsxs\amd64_sti.inf_31bf3856ad364e35_6.1.7600.16385_none_b5d3c30ffa77a77a\usbscan.sys
 
[color=#A23BEC]< MD5 for: USERINIT.EXE  >[/color]
[2010/11/20 08:17:48 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- D:\Windows\SoftwareDistribution\Download\488053cdbca3231eeb2c2af7236d09ed\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7601.17514_none_de3024012ff21116\userinit.exe
[2009/07/13 21:14:43 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=6DE80F60D7DE9CE6B8C2DDFDF79EF175 -- D:\Windows\ERDNT\cache86\userinit.exe
[2009/07/13 21:14:43 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=6DE80F60D7DE9CE6B8C2DDFDF79EF175 -- D:\Windows\SysWOW64\userinit.exe
[2009/07/13 21:14:43 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=6DE80F60D7DE9CE6B8C2DDFDF79EF175 -- D:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7600.16385_none_dbff103933038d7c\userinit.exe
[2009/07/13 21:39:48 | 000,030,208 | ---- | M] (Microsoft Corporation) MD5=6F8F1376A13114CC10C0E69274F5A4DE -- D:\Windows\ERDNT\cache64\userinit.exe
[2009/07/13 21:39:48 | 000,030,208 | ---- | M] (Microsoft Corporation) MD5=6F8F1376A13114CC10C0E69274F5A4DE -- D:\Windows\System32\userinit.exe
[2009/07/13 21:39:48 | 000,030,208 | ---- | M] (Microsoft Corporation) MD5=6F8F1376A13114CC10C0E69274F5A4DE -- D:\Windows\winsxs\amd64_microsoft-windows-userinit_31bf3856ad364e35_6.1.7600.16385_none_381dabbceb60feb2\userinit.exe
[2010/11/20 09:25:24 | 000,030,720 | ---- | M] (Microsoft Corporation) MD5=BAFE84E637BF7388C96EF48D4D3FDD53 -- D:\Windows\SoftwareDistribution\Download\488053cdbca3231eeb2c2af7236d09ed\amd64_microsoft-windows-userinit_31bf3856ad364e35_6.1.7601.17514_none_3a4ebf84e84f824c\userinit.exe
 
[color=#A23BEC]< MD5 for: WINLOAD.EXE  >[/color]
[2011/02/05 08:39:21 | 000,603,976 | ---- | M] (Microsoft Corporation) MD5=09DD82F21499682086554C054676F08C -- D:\Windows\System32\Boot\winload.exe
[2011/02/05 08:39:21 | 000,603,976 | ---- | M] (Microsoft Corporation) MD5=09DD82F21499682086554C054676F08C -- D:\Windows\System32\winload.exe
[2011/02/05 08:39:21 | 000,603,976 | ---- | M] (Microsoft Corporation) MD5=09DD82F21499682086554C054676F08C -- D:\Windows\winsxs\amd64_microsoft-windows-b..environment-windows_31bf3856ad364e35_6.1.7600.16757_none_c55000c1a6617837\winload.exe
[2011/02/05 08:39:21 | 000,603,976 | ---- | M] (Microsoft Corporation) MD5=09DD82F21499682086554C054676F08C -- D:\Windows\winsxs\amd64_microsoft-windows-b..vironment-os-loader_31bf3856ad364e35_6.1.7600.16757_none_b73e23c9863dba66\winload.exe
[2011/02/05 08:40:06 | 000,605,552 | ---- | M] (Microsoft Corporation) MD5=1814099E8025B579C57279AD3F1A7931 -- D:\Windows\winsxs\amd64_microsoft-windows-b..environment-windows_31bf3856ad364e35_6.1.7601.21655_none_c7bdf9febca7513f\winload.exe
[2011/02/05 08:40:06 | 000,605,552 | ---- | M] (Microsoft Corporation) MD5=1814099E8025B579C57279AD3F1A7931 -- D:\Windows\winsxs\amd64_microsoft-windows-b..vironment-os-loader_31bf3856ad364e35_6.1.7601.21655_none_b9ac1d069c83936e\winload.exe
[2011/02/05 13:06:41 | 000,605,552 | ---- | M] (Microsoft Corporation) MD5=78C918D3612FE5937D32E488F053F10A -- D:\Windows\winsxs\amd64_microsoft-windows-b..environment-windows_31bf3856ad364e35_6.1.7601.17556_none_c7355d7da388cacc\winload.exe
[2011/02/05 13:06:41 | 000,605,552 | ---- | M] (Microsoft Corporation) MD5=78C918D3612FE5937D32E488F053F10A -- D:\Windows\winsxs\amd64_microsoft-windows-b..vironment-os-loader_31bf3856ad364e35_6.1.7601.17556_none_b923808583650cfb\winload.exe
[2011/02/05 08:30:30 | 000,605,040 | ---- | M] (Microsoft Corporation) MD5=8139738658C31621541293085A94681D -- D:\Windows\winsxs\amd64_microsoft-windows-b..environment-windows_31bf3856ad364e35_6.1.7600.20897_none_c5ae5ddcbf9f87c5\winload.exe
[2011/02/05 08:30:30 | 000,605,040 | ---- | M] (Microsoft Corporation) MD5=8139738658C31621541293085A94681D -- D:\Windows\winsxs\amd64_microsoft-windows-b..vironment-os-loader_31bf3856ad364e35_6.1.7600.20897_none_b79c80e49f7bc9f4\winload.exe
[2009/07/13 21:43:15 | 000,604,192 | ---- | M] (Microsoft Corporation) MD5=87B2086D7382A42935D55EC69E5E71AB -- D:\Windows\winsxs\amd64_microsoft-windows-b..environment-windows_31bf3856ad364e35_6.1.7600.16385_none_c52d88d1a67ba4c0\winload.exe
[2009/07/13 21:43:15 | 000,604,192 | ---- | M] (Microsoft Corporation) MD5=87B2086D7382A42935D55EC69E5E71AB -- D:\Windows\winsxs\amd64_microsoft-windows-b..vironment-os-loader_31bf3856ad364e35_6.1.7600.16385_none_b71babd98657e6ef\winload.exe
[2010/11/20 09:28:59 | 000,605,552 | ---- | M] (Microsoft Corporation) MD5=E2F68DC7FBD6E0BF031CA3809A739346 -- D:\Windows\SoftwareDistribution\Download\488053cdbca3231eeb2c2af7236d09ed\amd64_microsoft-windows-b..environment-windows_31bf3856ad364e35_6.1.7601.17514_none_c75e9c99a36a285a\winload.exe
[2010/11/20 09:28:59 | 000,605,552 | ---- | M] (Microsoft Corporation) MD5=E2F68DC7FBD6E0BF031CA3809A739346 -- D:\Windows\SoftwareDistribution\Download\488053cdbca3231eeb2c2af7236d09ed\amd64_microsoft-windows-b..vironment-os-loader_31bf3856ad364e35_6.1.7601.17514_none_b94cbfa183466a89\winload.exe
 
[color=#A23BEC]< MD5 for: WINLOGON.EXE  >[/color]
[2011/07/24 15:54:56 | 000,526,848 | ---- | M] () MD5=08E93418EFC70EB4E39BBD964304AD71 -- D:\Users\EF\Desktop\winlogon.exe
[2010/11/20 09:25:30 | 000,390,656 | ---- | M] (Microsoft Corporation) MD5=1151B1BAA6F350B1DB6598E0FEA7C457 -- D:\Windows\SoftwareDistribution\Download\488053cdbca3231eeb2c2af7236d09ed\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7601.17514_none_cde90685eb910636\winlogon.exe
[2009/07/13 21:39:52 | 000,389,120 | ---- | M] (Microsoft Corporation) MD5=132328DF455B0028F13BF0ABEE51A63A -- D:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16385_none_cbb7f2bdeea2829c\winlogon.exe
[2009/10/28 03:01:57 | 000,389,632 | ---- | M] (Microsoft Corporation) MD5=A93D41A4D4B0D91C072D11DD8AF266DE -- D:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.20560_none_cc522fd507b468f8\winlogon.exe
[2009/10/28 02:24:40 | 000,389,632 | ---- | M] (Microsoft Corporation) MD5=DA3E2A6FA9660CC75B471530CE88453A -- D:\Windows\ERDNT\cache64\winlogon.exe
[2009/10/28 02:24:40 | 000,389,632 | ---- | M] (Microsoft Corporation) MD5=DA3E2A6FA9660CC75B471530CE88453A -- D:\Windows\System32\winlogon.exe
[2009/10/28 02:24:40 | 000,389,632 | ---- | M] (Microsoft Corporation) MD5=DA3E2A6FA9660CC75B471530CE88453A -- D:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16447_none_cbe534e7ee8042ad\winlogon.exe
 
[color=#A23BEC]< %systemroot%\*. /mp /s >[/color]
 
[color=#A23BEC]< %systemroot%\system32\*.dll /lockedfiles >[/color]
 
[color=#A23BEC]< %systemroot%\Tasks\*.job /lockedfiles  >[/color]
 
 
< End of report >
sof42
Apprenti(e) Expert(e)
Apprenti(e) Expert(e)
 
Messages: 104
Inscription: 07 Nov 2010 12:00
 

Re: PERSONAL SHIELD PRO

Message le 26 Juil 2011 06:58

hello,

ça bloque apparemment, héberge le ici et file moi le lien stp...
http://www.cijoint.fr/
Tu cliques sur "Parcourir" / tu choisis ton rapport / et tu cliques en bas sur "Cliquez ici pour déposer le fichier".

Ensuite le lien te sera donné :wink:

à ce soir
Avatar de l'utilisateur
jeanmimigab
PC-Infopraticien
PC-Infopraticien
 
Messages: 2986
Inscription: 29 Nov 2009 12:05
 

Re: PERSONAL SHIELD PRO

Message le 26 Juil 2011 09:11

Hello,

Comme promis voici le lien où tu trouveras le rapport de OTL:
http://www.cijoint.fr/cjlink.php?file=c ... 6UExsv.txt

Au faite, le "enfin j'espère" écrit en tout petit lors de tout avant dernier message me fait un peu peur... :wink:

Je tenais tout de même à te remercier pour tout ce que tu fais pour moi, c'est super cool. :wink:
sof42
Apprenti(e) Expert(e)
Apprenti(e) Expert(e)
 
Messages: 104
Inscription: 07 Nov 2010 12:00
 

Re: PERSONAL SHIELD PRO

Message le 26 Juil 2011 16:52

Bonsoir sof42,

le "enfin j'espère" écrit en tout petit


J'ai écrit ça ? (ha oui, peut être...)

Allez, soyons sérieux,

Lis bien entièrement cette procédure avant de commencer

Une chose importante, à chaque démarrage de ton pc en mode normal, l'infection se "régénère/multiplie"...

Donc il y a deux cas de figures...qui sont très important


Cas N°1:
Si jamais après avoir utilisé OTLPE et fais le scanne hier soir, tu as redémarrer ton pc en mode normal sous Windows, il faut que tu me fasse un nouveau scanne OTLPE comme tu l'as fais hier soir et poster le nouveau rapport et tu laisse le pc sous cet environnement OTLPE...et tu ne fais pas la suite de cette procédure


Cas N°2:
Si après avoir utilisé OTLPE et fais le scanne hier soir, tu n'as pas redémarrer ton pc mais que tu l'as juste éteins, c'est OK, tu peux suivre la suite de la procédure
:wink:


Si tu est dans la cas N°2, voici la suite de la procédure:

Tu redémarre sous OTLPE et lance OTL de la même manière qu'hier soir.

Tu utilises une clé usb pour sauver le contenu du cadre ci dessous dans un fichier bloc notes , afin de le retrouver facilement et de le coller ensuite sous "Custom Scan box"

:OTL
O4 - HKU\EF_ON_D..\Run: [192695408] D:\Users\EF\AppData\Local\wax.exe ()
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O7 - HKU\EF_ON_D\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HideSCAHealth = 1
[2 D:\Users\EF\AppData\Local\*.tmp files -> D:\Users\EF\AppData\Local\*.tmp -> ]

:Files
D:\Users\EF\AppData\Local\wax.exe
D:\Users\EF\Desktop\0.12041723897129442.exe
D:\Users\EF\Desktop\0.35215216153365136.exe
D:\Users\EF\Desktop\0.3835261800545806.exe
D:\Users\EF\Desktop\0.4864873851557573.exe
D:\Users\EF\Desktop\0.5124420421076967.exe
D:\Users\EF\Desktop\0.07849969423845005.exe
D:\Users\EF\Desktop\0.015736044417480444.exe
D:\Users\EF\Desktop\0.10830938780318111.exe
D:\Users\EF\Desktop\0.49623053872482026.exe
D:\Users\EF\Desktop\0.22245900170071087.exe
D:\Users\EF\Desktop\0.11720384978834653.exe
D:\Users\EF\Desktop\0.27143178991091443.exe
D:\Users\EF\Desktop\0.733647115277317.exe
D:\Users\EF\Desktop\0.9248803555660287.exe
D:\Users\EF\Desktop\0.7488563607386016.exe
D:\Users\EF\AppData\Local\3y6os41x68
D:\ProgramData\3y6os41x68
D:\Users\EF\AppData\Local\ann.exe
D:\Users\EF\AppData\Local\vvg.exe
D:\Users\EF\AppData\Local\qmi.exe
D:\Users\EF\AppData\Local\hjj.exe
D:\Users\EF\AppData\Local\nwm.exe
D:\Users\EF\AppData\Local\tpk.exe
D:\Users\EF\AppData\Local\mon.exe
D:\Users\EF\AppData\Local\lmf.exe
D:\Users\EF\AppData\Local\fek.exe
D:\Users\EF\AppData\Roaming\1206.574
D:\ProgramData\SweetIM
D:\windows\system32\drivers\fgfksera.sys
D:\windows\system32\drivers\iuwynwhy.sys
D:\Users\EF\0AB48F72
:reg
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"AutoStart"=-
[HKEY_CURRENT_USER\EF_ON_D\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"AutoStart"=-
[HKEY_LOCAL_MACHINE\EF_ON_D\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"AutoStart"=-
[HKEY_LOCAL_MACHINE/SYSTEM/CurrentControlSet/Services]
"fgfksera"=-
"iuwynwhy"=-
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001/Services]
"fgfksera"=-
"iuwynwhy"=-
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002/Services]
"fgfksera"=-
"iuwynwhy"=-
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003/Services]
"fgfksera"=-
"iuwynwhy"=-

:Commands
[emptytemp]
[EMPTYFLASH]


Tu cliques cette fois-ci sur "Run Fix"


Tu sauvegardes le rapport du RunFix sur ta clef USB pour le poster dans ton prochain message.

Et enfin tu refais un scanne comme tu l'as fais hier soir pour me poster un nouveau rapport complet (sur cijoint.fr)

Et surtout tu laisse le pc sous cet environnement OTLPE au cas où ont aurait besoin de faire une autre manipulation

Bon courage
Avatar de l'utilisateur
jeanmimigab
PC-Infopraticien
PC-Infopraticien
 
Messages: 2986
Inscription: 29 Nov 2009 12:05
 

Re: PERSONAL SHIELD PRO

Message le 26 Juil 2011 18:14

Hello,

Voici le rapport après avoir fait un "run fix":
Code: Tout sélectionner
========== OTL ==========
Registry key HKEY_USERS\EF_ON_D\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Run not found.
D:\Users\EF\AppData\Local\wax.exe moved successfully.
Registry key HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Internet Explorer\Restrictions\ deleted successfully.
Registry value HKEY_USERS\EF_ON_D\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\HideSCAHealth deleted successfully.
D:\Users\EF\AppData\Local\BITD98C.tmp deleted successfully.
D:\Users\EF\AppData\Local\BITF18E.tmp deleted successfully.
========== FILES ==========
File\Folder D:\Users\EF\AppData\Local\wax.exe not found.
D:\Users\EF\Desktop\0.12041723897129442.exe moved successfully.
D:\Users\EF\Desktop\0.35215216153365136.exe moved successfully.
D:\Users\EF\Desktop\0.3835261800545806.exe moved successfully.
D:\Users\EF\Desktop\0.4864873851557573.exe moved successfully.
D:\Users\EF\Desktop\0.5124420421076967.exe moved successfully.
D:\Users\EF\Desktop\0.07849969423845005.exe moved successfully.
D:\Users\EF\Desktop\0.015736044417480444.exe moved successfully.
D:\Users\EF\Desktop\0.10830938780318111.exe moved successfully.
D:\Users\EF\Desktop\0.49623053872482026.exe moved successfully.
D:\Users\EF\Desktop\0.22245900170071087.exe moved successfully.
D:\Users\EF\Desktop\0.11720384978834653.exe moved successfully.
D:\Users\EF\Desktop\0.27143178991091443.exe moved successfully.
D:\Users\EF\Desktop\0.733647115277317.exe moved successfully.
D:\Users\EF\Desktop\0.9248803555660287.exe moved successfully.
D:\Users\EF\Desktop\0.7488563607386016.exe moved successfully.
D:\Users\EF\AppData\Local\3y6os41x68 moved successfully.
D:\ProgramData\3y6os41x68 moved successfully.
D:\Users\EF\AppData\Local\ann.exe moved successfully.
D:\Users\EF\AppData\Local\vvg.exe moved successfully.
D:\Users\EF\AppData\Local\qmi.exe moved successfully.
D:\Users\EF\AppData\Local\hjj.exe moved successfully.
D:\Users\EF\AppData\Local\nwm.exe moved successfully.
D:\Users\EF\AppData\Local\tpk.exe moved successfully.
D:\Users\EF\AppData\Local\mon.exe moved successfully.
D:\Users\EF\AppData\Local\lmf.exe moved successfully.
D:\Users\EF\AppData\Local\fek.exe moved successfully.
D:\Users\EF\AppData\Roaming\1206.574 moved successfully.
D:\ProgramData\SweetIM\Messenger\update folder moved successfully.
D:\ProgramData\SweetIM\Messenger\logs folder moved successfully.
D:\ProgramData\SweetIM\Messenger\data\contentdb folder moved successfully.
D:\ProgramData\SweetIM\Messenger\data folder moved successfully.
D:\ProgramData\SweetIM\Messenger\conf\users folder moved successfully.
D:\ProgramData\SweetIM\Messenger\conf folder moved successfully.
D:\ProgramData\SweetIM\Messenger folder moved successfully.
D:\ProgramData\SweetIM folder moved successfully.
File\Folder D:\windows\system32\drivers\fgfksera.sys not found.
File\Folder D:\windows\system32\drivers\iuwynwhy.sys not found.
D:\Users\EF\0AB48F72 moved successfully.
========== REGISTRY ==========
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\\AutoStart not found.
Registry key HKEY_CURRENT_USER\EF_ON_D\SOFTWARE\Microsoft\Windows\CurrentVersion\Run not found.
Registry key HKEY_LOCAL_MACHINE\EF_ON_D\SOFTWARE\Microsoft\Windows\CurrentVersion\Run not found.
Registry key HKEY_LOCAL_MACHINE/SYSTEM/CurrentControlSet/Services\\"fgfksera"\ not found.
Registry key HKEY_LOCAL_MACHINE/SYSTEM/CurrentControlSet/Services\\"iuwynwhy"\ not found.
Registry key HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001/Services not found.
Registry key HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001/Services not found.
Registry key HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002/Services not found.
Registry key HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002/Services not found.
Registry key HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003/Services not found.
Registry key HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003/Services not found.
========== COMMANDS ==========
 
[EMPTYTEMP]
 
User: All Users
 
User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes
 
User: Default User
 
User: EF
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 2654796 bytes
->Java cache emptied: 29024 bytes
->Google Chrome cache emptied: 0 bytes
->Flash cache emptied: 3364 bytes
 
User: Public
->Temp folder emptied: 0 bytes
 
%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32 (64bit) .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 0 bytes
%systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 33170 bytes
 
Total Files Cleaned = 3.00 mb
 
 
[EMPTYFLASH]
 
User: All Users
 
User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes
 
User: Default User
 
User: EF
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Java cache emptied: 0 bytes
->Google Chrome cache emptied: 0 bytes
->Flash cache emptied: 0 bytes
 
User: Public
->Temp folder emptied: 0 bytes
 
Total Flash Files Cleaned = 0.00 mb
 
 
OTLPE by OldTimer - Version 3.1.48.0 log created on 07262011_201028
sof42
Apprenti(e) Expert(e)
Apprenti(e) Expert(e)
 
Messages: 104
Inscription: 07 Nov 2010 12:00
 

Re: PERSONAL SHIELD PRO

Message le 26 Juil 2011 18:28

Bonsoir,

C'est pas mal, ne redémarre pas ton pc mais fais cela comme demander à la fin de mon dernier message..
Et enfin tu refais un scanne comme tu l'as fais hier soir pour me poster un nouveau rapport complet (sur cijoint.fr)
Et surtout tu laisse le pc sous cet environnement OTLPE au cas où ont aurait besoin de faire une autre manipulation
Avatar de l'utilisateur
jeanmimigab
PC-Infopraticien
PC-Infopraticien
 
Messages: 2986
Inscription: 29 Nov 2009 12:05
 

PrécédenteSuivante


Sujets similaires

Message [Résolu] Kerio personal firwall
BonjourJe voudrais installer W10 mais pour cela on me demande de désinstaller"Sunbelt Kerio Personal Firewall" alors que je ne l'ai pas. J'ai été dans programme et il n'apparait pas. Ou le trouver????Merci
Réponses: 21

Message la shield tablette vaut-elle le coup ?
Bonjour à tous alors voila je prévois d'acheter cette tablette mais est ce qu'il ne serai pas mieux, pour du jeu, de prendre une samsung ou une gigabyte ?
Réponses: 8

Message Désinfection d'un Toshiba Personal Computer
Bonjour,J'aurai besoin d'aide pour désinfecté mon pc qui comporte de nombreux problème dont une parti doit être de ma responsabilité. Ayant déjà été aidé pour mon pc le plus récent, il est temps que je désinfecte l'ancien qui est souvent requit.Voici mon second ordinateur:ToshibaPersonal ComputerAMD ...
Réponses: 9

Message Hotspot shield (VPN) au secours !
Bonsoir,De Samedi à Dimanche début d'après-midi j'utilisais Hotspot Shield qui est un VPN gratuit plus ou moins connue, depuis hier je croule sous les problèmes, voici ce qui se passe :-Samedi installation du VPN + utilisation jusqu'à dimanche fin de matinée-Hier fin de matinée-début d'aprem, le VPN ...
Réponses: 20

Message bug Personal Solution Pac (onduleur mge/ups)
salutj'ai installé un onduleur MGE pulsar ES8+ qui fonctionne très bien, j'avais pas le logiciel (personal solution pac) donc je l'ai téléchargé sur le site MGE UPS, impec il s?installe bien, reconnait mon onduleur(par le biais d'un câble série) mais ne m'informe pas du tout sur l?état de l'onduleur ...
Réponses: 6

Message Rogue security shield [Réglé]
Pour le faire fonctionner, j'ai éteint mon ordinateur.En le rallumant, j'ai direct insisté pour faire fonctionner mon ad-aware.En même temps, j'ai re essayer d'installer malware, vu que le ad-aware fonctionné.Ad aware a identifié un problème mais security shield à bloqué son fonctionnement.malware à ...
Réponses: 27

Message Problème hotspot shield
bjr a tous svp qui peut m'aider j'ai un problème avec hotspot shield j'ai l'installer sur windows 7 l'installation est terminée avec sucée. mai ce dernier ne fonction pas correctement. lors de chargement du navigateur ce message produit("La connexion a échoué")? aider moi svp
Réponses: 1


Qui est en ligne

Utilisateurs parcourant ce forum: Aucun utilisateur enregistré et 12 invités


.: Nous contacter :: Flux RSS :: Données personnelles :.