PERSONAL SHIELD PRO • page 3

sof42 · le 26 Juil 2011 18:30

Re,

Voici le rapport après avoir fait un nouveau scanne comme hier soir:

Code: Tout sélectionner: OTL logfile created on: 7/26/2011 8:17:22 PM - Run OTLPE by OldTimer - Version 3.1.48.0 Folder = X:\Programs\OTLPE 64bit-Windows 7 Home Premium (Version = 6.1.7600) - Type = System Internet Explorer (Version = 8.0.7600.16385) Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy 2.00 Gb Total Physical Memory | 2.00 Gb Available Physical Memory | 78.00% Memory free 2.00 Gb Paging File | 2.00 Gb Available in Paging File | 94.00% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = D: | %SystemRoot% = D:\Windows | %ProgramFiles% = D:\Program Files (x86) Drive C: | 100.00 Mb Total Space | 75.86 Mb Free Space | 75.87% Space Free | Partition Type: NTFS Drive D: | 136.95 Gb Total Space | 57.41 Gb Free Space | 41.92% Space Free | Partition Type: NTFS Drive E: | 7.46 Gb Total Space | 2.61 Gb Free Space | 35.03% Space Free | Partition Type: FAT32 Drive X: | 436.59 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS Computer Name: REATOGO | User Name: SYSTEM Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days Using ControlSet: ControlSet001 [color=#E56717]========== Win32 Services (SafeList) ==========[/color] SRV:[b]64bit:[/b] - [2009/09/30 17:44:58 | 000,844,320 | ---- | M] (Acer Incorporated) [Auto] -- D:\Program Files\Acer\Acer ePower Management\ePowerSvc.exe -- (ePowerSvc) SRV - [2011/05/01 04:41:12 | 000,136,360 | ---- | M] (Avira GmbH) [Auto] -- D:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService) SRV - [2011/04/01 02:22:32 | 000,269,480 | ---- | M] (Avira GmbH) [Auto] -- D:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService) SRV - [2010/03/18 08:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto] -- D:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32) SRV - [2010/03/18 05:19:26 | 000,113,152 | ---- | M] (ArcSoft Inc.) [Auto] -- D:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe -- (ACDaemon) SRV - [2010/03/04 17:38:00 | 000,071,096 | ---- | M] () [Auto] -- D:\Program Files (x86)\CDBurnerXP\NMSAccessU.exe -- (NMSAccess) SRV - [2009/08/28 05:38:58 | 001,150,496 | ---- | M] (Acer Incorporated) [Auto] -- D:\Program Files (x86)\Acer\Registration\GregHSRW.exe -- (Greg_Service) SRV - [2009/06/10 17:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled] -- D:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32) SRV - [2009/06/04 22:03:06 | 000,354,840 | ---- | M] (Intel Corporation) [Auto] -- D:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTmon.exe -- (IAANTMON) Intel(R) SRV - [2008/01/16 03:46:24 | 000,030,312 | ---- | M] (Microsoft Corporation) [Auto] -- D:\Program Files (x86)\Microsoft Small Business\Business Contact Manager\BcmSqlStartupSvc.exe -- (BcmSqlStartupSvc) SRV - [2007/07/24 14:15:14 | 000,185,632 | ---- | M] (Protexis Inc.) [Auto] -- D:\Program Files (x86)\Common Files\Protexis\License Service\PsiService_2.exe -- (PSI_SVC_2) SRV - [2007/01/04 22:48:50 | 000,112,152 | ---- | M] (InterVideo) [Auto] -- D:\Program Files (x86)\Common Files\InterVideo\RegMgr\iviRegMgr.exe -- (IviRegMgr) [color=#E56717]========== Driver Services (SafeList) ==========[/color] DRV:[b]64bit:[/b] - [2011/03/05 15:10:40 | 000,083,120 | ---- | M] (Avira GmbH) [File_System | Auto] -- D:\Windows\System32\drivers\avgntflt.sys -- (avgntflt) DRV:[b]64bit:[/b] - [2010/08/25 14:36:04 | 010,611,552 | ---- | M] (Intel Corporation) [Kernel | On_Demand] -- D:\Windows\System32\drivers\igdkmd64.sys -- (igfx) DRV:[b]64bit:[/b] - [2010/08/17 08:39:11 | 000,116,568 | ---- | M] (Avira GmbH) [Kernel | System] -- D:\Windows\System32\drivers\avipbb.sys -- (avipbb) DRV:[b]64bit:[/b] - [2009/10/04 21:34:00 | 001,542,656 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand] -- D:\Windows\System32\drivers\athrx.sys -- (athr) DRV:[b]64bit:[/b] - [2009/09/15 00:40:00 | 006,952,960 | ---- | M] (Intel Corporation) [Kernel | On_Demand] -- D:\Windows\System32\drivers\NETw5s64.sys -- (NETw5s64) Intel(R) DRV:[b]64bit:[/b] - [2009/08/11 00:59:50 | 000,686,080 | ---- | M] (Conexant Systems Inc.) [Kernel | On_Demand] -- D:\Windows\System32\drivers\CHDRT64.sys -- (CnxtHdAudService) DRV:[b]64bit:[/b] - [2009/07/27 03:04:36 | 000,058,880 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand] -- D:\Windows\System32\drivers\L1C62x64.sys -- (L1C) NDIS Miniport Driver for Atheros AR8131/AR8132 PCI-E Ethernet Controller (NDIS 6.20) DRV:[b]64bit:[/b] - [2009/06/23 23:00:18 | 000,216,576 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand] -- D:\Windows\System32\drivers\RtsUStor.sys -- (RSUSBSTOR) DRV:[b]64bit:[/b] - [2009/06/10 16:38:56 | 000,000,308 | ---- | M] () [File_System | On_Demand] -- D:\Windows\System32\wbem\ntfs.mof -- (Ntfs) DRV:[b]64bit:[/b] - [2009/06/10 16:35:28 | 005,434,368 | ---- | M] (Intel Corporation) [Kernel | On_Demand] -- D:\Windows\System32\drivers\netw5v64.sys -- (netw5v64) Intel(R) DRV:[b]64bit:[/b] - [2009/06/10 16:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand] -- D:\Windows\system32\DRIVERS\evbda.sys -- (ebdrv) DRV:[b]64bit:[/b] - [2009/06/10 16:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand] -- D:\Windows\system32\DRIVERS\bxvbda.sys -- (b06bdrv) DRV:[b]64bit:[/b] - [2009/06/10 16:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand] -- D:\Windows\System32\drivers\b57nd60a.sys -- (b57nd60a) DRV:[b]64bit:[/b] - [2008/03/28 11:25:30 | 000,017,952 | ---- | M] (Acer, Inc.) [Kernel | On_Demand] -- D:\Windows\System32\OEM\factory\int15.sys -- (int15.sys) DRV:[b]64bit:[/b] - [2008/03/11 10:04:32 | 000,079,664 | ---- | M] (Windows (R) Codename Longhorn DDK provider) [Kernel | On_Demand] -- D:\Windows\System32\drivers\jl2005c.sys -- (JLTECH0227) DRV - [2009/11/12 08:48:56 | 000,007,168 | ---- | M] () [File_System | On_Demand] -- D:\Windows\SysWow64\drivers\StarOpen.sys -- (StarOpen) [color=#E56717]========== Standard Registry (SafeList) ==========[/color] [color=#E56717]========== Internet Explorer ==========[/color] IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\EF_ON_D\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.fr/ IE - HKU\EF_ON_D\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\EF_ON_D\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local> FF:[b]64bit:[/b] - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: File not found FF - HKLM\Software\Wow6432Node\MozillaPlugins\@microsoft.com/GENUINE: File not found FF - HKLM\Software\Wow6432Node\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: D:\Program Files (x86)\Microsoft Silverlight\4.0.60531.0\npctrl.dll ( Microsoft Corporation) FF - HKLM\Software\Wow6432Node\MozillaPlugins\@microsoft.com/WLPG,version=14.0.8081.0709: D:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF - HKLM\Software\Wow6432Node\MozillaPlugins\@tools.google.com/Google Update;version=3: D:\Program Files (x86)\Google\Update\1.3.21.57\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\Wow6432Node\MozillaPlugins\@tools.google.com/Google Update;version=9: D:\Program Files (x86)\Google\Update\1.3.21.57\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\Wow6432Node\MozillaPlugins\Adobe Reader: D:\Program Files (x86)\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) O1 HOSTS File: ([2011/07/25 10:35:42 | 000,000,027 | ---- | M]) - D:\Windows\System32\drivers\etc\hosts O1 - Hosts: 127.0.0.1 localhost O4:[b]64bit:[/b] - HKLM..\Run: [Acer ePower Management] D:\Program Files\Acer\Acer ePower Management\ePowerTray.exe (Acer Incorporated) O4:[b]64bit:[/b] - HKLM..\Run: [cAudioFilterAgent] D:\Program Files\CONEXANT\cAudioFilterAgent\cAudioFilterAgent64.exe (Conexant Systems, Inc.) O4:[b]64bit:[/b] - HKLM..\Run: [IAAnotif] D:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAAnotif.exe (Intel Corporation) O4 - HKLM..\Run: [ArcSoft Connection Service] D:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe (ArcSoft Inc.) O4 - HKLM..\Run: [avgnt] D:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH) O4 - HKLM..\Run: [LManager] D:\Program Files (x86)\Launch Manager\LManager.EXE (Dritek System Inc.) O4 - HKLM..\Run: [Nikon Transfer Monitor] D:\Program Files (x86)\Common Files\Nikon\Monitor\NkMonitor.exe (Nikon Corporation) O4 - HKU\EF_ON_D..\Run: [192695408] File not found O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3 O7 - HKU\EF_ON_D\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0 O16 - DPF: {5D637FAD-E202-48D1-8F18-5B9C459BD1E3} http://www.mypix.com/fr/fr/importer/newconf/aurigma5.8.1.0/ImageUploader5.cab (Image Uploader Control) O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab (Java Plug-in 1.6.0_17) O16 - DPF: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab (Java Plug-in 1.6.0_17) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab (Java Plug-in 1.6.0_17) O16 - DPF: {DAF94F73-2AA6-44D8-A562-A28831820D34} http://www.pixum.fr/apps/EasyUploadX.cab (Pixum EasyUploadX Control) O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 212.27.40.241 212.27.40.240 O18:[b]64bit:[/b] - Protocol\Handler\grooveLocalGWS {88FED34C-F0CA-4636-A375-3CB6248B04CD} - Reg Error: Key error. File not found O18:[b]64bit:[/b] - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - Reg Error: Key error. File not found O18:[b]64bit:[/b] - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - Reg Error: Key error. File not found O18:[b]64bit:[/b] - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - Reg Error: Key error. File not found O18:[b]64bit:[/b] - Protocol\Handler\mso-offdap11 {32505114-5902-49B2-880A-1F7738E5A384} - Reg Error: Key error. File not found O18:[b]64bit:[/b] - Protocol\Handler\wlmailhtml {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - Reg Error: Key error. File not found O20:[b]64bit:[/b] - HKLM Winlogon: Shell - (Explorer.exe) - D:\Windows\explorer.exe (Microsoft Corporation) O20:[b]64bit:[/b] - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - D:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation) O20:[b]64bit:[/b] - HKLM Winlogon: VMApplet - (/pagefile) - File not found O20 - HKLM Winlogon: Shell - (Explorer.exe) - D:\Windows\SysWow64\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found O24 - Desktop WallPaper: B:\Documents and Settings\Default User\Local Settings\Application Data\Microsoft\Wallpaper1.bmp O24 - Desktop BackupWallPaper: B:\Documents and Settings\Default User\Local Settings\Application Data\Microsoft\Wallpaper1.bmp O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2006/03/24 07:06:41 | 000,000,053 | R--- | M] () - X:\AUTORUN.INF -- [ CDFS ] O34 - HKLM BootExecute: (autocheck autochk *) - File not found [b]64bit:[/b] O35 - HKLM\..comfile [open] -- "%1" %* File not found [b]64bit:[/b] O35 - HKLM\..exefile [open] -- "%1" %* File not found O37:[b]64bit:[/b] - HKLM\...com [@ = ComFile] -- "%1" %* O37:[b]64bit:[/b] - HKLM\...exe [@ = exefile] -- "%1" %* O37 - HKLM\...com [@ = ComFile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* SafeBootMin:[b]64bit:[/b] Base - Driver Group SafeBootMin:[b]64bit:[/b] Boot Bus Extender - Driver Group SafeBootMin:[b]64bit:[/b] Boot file system - Driver Group SafeBootMin:[b]64bit:[/b] File system - Driver Group SafeBootMin:[b]64bit:[/b] Filter - Driver Group SafeBootMin:[b]64bit:[/b] HelpSvc - Service SafeBootMin:[b]64bit:[/b] PCI Configuration - Driver Group SafeBootMin:[b]64bit:[/b] PNP Filter - Driver Group SafeBootMin:[b]64bit:[/b] Primary disk - Driver Group SafeBootMin:[b]64bit:[/b] sacsvr - Service SafeBootMin:[b]64bit:[/b] SCSI Class - Driver Group SafeBootMin:[b]64bit:[/b] System Bus Extender - Driver Group SafeBootMin:[b]64bit:[/b] vmms - Service SafeBootMin:[b]64bit:[/b] WinDefend - Service SafeBootMin:[b]64bit:[/b] {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers SafeBootMin:[b]64bit:[/b] {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive SafeBootMin:[b]64bit:[/b] {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive SafeBootMin:[b]64bit:[/b] {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller SafeBootMin:[b]64bit:[/b] {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc SafeBootMin:[b]64bit:[/b] {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard SafeBootMin:[b]64bit:[/b] {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse SafeBootMin:[b]64bit:[/b] {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters SafeBootMin:[b]64bit:[/b] {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter SafeBootMin:[b]64bit:[/b] {4D36E97D-E325-11CE-BFC1-08002BE10318} - System SafeBootMin:[b]64bit:[/b] {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive SafeBootMin:[b]64bit:[/b] {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy SafeBootMin:[b]64bit:[/b] {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers SafeBootMin:[b]64bit:[/b] {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume SafeBootMin:[b]64bit:[/b] {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices SafeBootMin:[b]64bit:[/b] {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices SafeBootMin:[b]64bit:[/b] {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices SafeBootMin: Base - Driver Group SafeBootMin: Boot Bus Extender - Driver Group SafeBootMin: Boot file system - Driver Group SafeBootMin: File system - Driver Group SafeBootMin: Filter - Driver Group SafeBootMin: HelpSvc - Service SafeBootMin: PCI Configuration - Driver Group SafeBootMin: PNP Filter - Driver Group SafeBootMin: Primary disk - Driver Group SafeBootMin: sacsvr - Service SafeBootMin: SCSI Class - Driver Group SafeBootMin: System Bus Extender - Driver Group SafeBootMin: vmms - Service SafeBootMin: WinDefend - Service SafeBootMin: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers SafeBootMin: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive SafeBootMin: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive SafeBootMin: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller SafeBootMin: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc SafeBootMin: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard SafeBootMin: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse SafeBootMin: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters SafeBootMin: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter SafeBootMin: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System SafeBootMin: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive SafeBootMin: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy SafeBootMin: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers SafeBootMin: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume SafeBootMin: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices SafeBootMin: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices SafeBootMin: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices SafeBootNet:[b]64bit:[/b] Base - Driver Group SafeBootNet:[b]64bit:[/b] Boot Bus Extender - Driver Group SafeBootNet:[b]64bit:[/b] Boot file system - Driver Group SafeBootNet:[b]64bit:[/b] File system - Driver Group SafeBootNet:[b]64bit:[/b] Filter - Driver Group SafeBootNet:[b]64bit:[/b] HelpSvc - Service SafeBootNet:[b]64bit:[/b] Messenger - Service SafeBootNet:[b]64bit:[/b] MpfService - Service SafeBootNet:[b]64bit:[/b] NDIS Wrapper - Driver Group SafeBootNet:[b]64bit:[/b] NetBIOSGroup - Driver Group SafeBootNet:[b]64bit:[/b] NetDDEGroup - Driver Group SafeBootNet:[b]64bit:[/b] Network - Driver Group SafeBootNet:[b]64bit:[/b] NetworkProvider - Driver Group SafeBootNet:[b]64bit:[/b] PCI Configuration - Driver Group SafeBootNet:[b]64bit:[/b] PNP Filter - Driver Group SafeBootNet:[b]64bit:[/b] PNP_TDI - Driver Group SafeBootNet:[b]64bit:[/b] Primary disk - Driver Group SafeBootNet:[b]64bit:[/b] rdsessmgr - Service SafeBootNet:[b]64bit:[/b] sacsvr - Service SafeBootNet:[b]64bit:[/b] SCSI Class - Driver Group SafeBootNet:[b]64bit:[/b] Streams Drivers - Driver Group SafeBootNet:[b]64bit:[/b] System Bus Extender - Driver Group SafeBootNet:[b]64bit:[/b] TDI - Driver Group SafeBootNet:[b]64bit:[/b] vmms - Service SafeBootNet:[b]64bit:[/b] WinDefend - Service SafeBootNet:[b]64bit:[/b] WudfUsbccidDriver - Driver SafeBootNet:[b]64bit:[/b] {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers SafeBootNet:[b]64bit:[/b] {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive SafeBootNet:[b]64bit:[/b] {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive SafeBootNet:[b]64bit:[/b] {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller SafeBootNet:[b]64bit:[/b] {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc SafeBootNet:[b]64bit:[/b] {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard SafeBootNet:[b]64bit:[/b] {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse SafeBootNet:[b]64bit:[/b] {4D36E972-E325-11CE-BFC1-08002BE10318} - Net SafeBootNet:[b]64bit:[/b] {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient SafeBootNet:[b]64bit:[/b] {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService SafeBootNet:[b]64bit:[/b] {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans SafeBootNet:[b]64bit:[/b] {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters SafeBootNet:[b]64bit:[/b] {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter SafeBootNet:[b]64bit:[/b] {4D36E97D-E325-11CE-BFC1-08002BE10318} - System SafeBootNet:[b]64bit:[/b] {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive SafeBootNet:[b]64bit:[/b] {50DD5230-BA8A-11D1-BF5D-0000F805F530} - Smart card readers SafeBootNet:[b]64bit:[/b] {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy SafeBootNet:[b]64bit:[/b] {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers SafeBootNet:[b]64bit:[/b] {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume SafeBootNet:[b]64bit:[/b] {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices SafeBootNet:[b]64bit:[/b] {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices SafeBootNet:[b]64bit:[/b] {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices SafeBootNet: Base - Driver Group SafeBootNet: Boot Bus Extender - Driver Group SafeBootNet: Boot file system - Driver Group SafeBootNet: File system - Driver Group SafeBootNet: Filter - Driver Group SafeBootNet: HelpSvc - Service SafeBootNet: Messenger - Service SafeBootNet: MpfService - Service SafeBootNet: NDIS Wrapper - Driver Group SafeBootNet: NetBIOSGroup - Driver Group SafeBootNet: NetDDEGroup - Driver Group SafeBootNet: Network - Driver Group SafeBootNet: NetworkProvider - Driver Group SafeBootNet: PCI Configuration - Driver Group SafeBootNet: PNP Filter - Driver Group SafeBootNet: PNP_TDI - Driver Group SafeBootNet: Primary disk - Driver Group SafeBootNet: rdsessmgr - Service SafeBootNet: sacsvr - Service SafeBootNet: SCSI Class - Driver Group SafeBootNet: Streams Drivers - Driver Group SafeBootNet: System Bus Extender - Driver Group SafeBootNet: TDI - Driver Group SafeBootNet: vmms - Service SafeBootNet: WinDefend - Service SafeBootNet: WudfUsbccidDriver - Driver SafeBootNet: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers SafeBootNet: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive SafeBootNet: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive SafeBootNet: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller SafeBootNet: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc SafeBootNet: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard SafeBootNet: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse SafeBootNet: {4D36E972-E325-11CE-BFC1-08002BE10318} - Net SafeBootNet: {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient SafeBootNet: {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService SafeBootNet: {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans SafeBootNet: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters SafeBootNet: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter SafeBootNet: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System SafeBootNet: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive SafeBootNet: {50DD5230-BA8A-11D1-BF5D-0000F805F530} - Smart card readers SafeBootNet: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy SafeBootNet: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers SafeBootNet: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume SafeBootNet: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices SafeBootNet: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices SafeBootNet: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices ActiveX:[b]64bit:[/b] {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 12.0 ActiveX:[b]64bit:[/b] {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll ActiveX:[b]64bit:[/b] {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack ActiveX:[b]64bit:[/b] {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Windows Mail\WinMail.exe" OCInstallUserConfigOE ActiveX:[b]64bit:[/b] {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx ActiveX:[b]64bit:[/b] {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help ActiveX:[b]64bit:[/b] {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6 ActiveX:[b]64bit:[/b] {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools ActiveX:[b]64bit:[/b] {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements ActiveX:[b]64bit:[/b] {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player ActiveX:[b]64bit:[/b] {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access ActiveX:[b]64bit:[/b] {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7 ActiveX:[b]64bit:[/b] {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll ActiveX:[b]64bit:[/b] {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\System32\ie4uinit.exe -BaseSettings ActiveX:[b]64bit:[/b] {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\system32\Rundll32.exe C:\Windows\system32\mscories.dll,Install ActiveX:[b]64bit:[/b] {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding ActiveX:[b]64bit:[/b] {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts ActiveX:[b]64bit:[/b] {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help ActiveX:[b]64bit:[/b] {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface ActiveX:[b]64bit:[/b] {F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4} - .NET Framework ActiveX:[b]64bit:[/b] {FEBEF00C-046D-438D-8A88-BF94A6C9E703} - .NET Framework ActiveX:[b]64bit:[/b] >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - %SystemRoot%\system32\unregmp2.exe /ShowWMP ActiveX:[b]64bit:[/b] >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\System32\ie4uinit.exe -UserIconConfig ActiveX:[b]64bit:[/b] >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\iedkcs32.dll",BrandIEActiveSetup SIGNUP ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 12.0 ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Windows Mail\WinMail.exe" OCInstallUserConfigOE ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6 ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7 ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\System32\ie4uinit.exe -BaseSettings ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\system32\Rundll32.exe C:\Windows\system32\mscories.dll,Install ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface ActiveX: {F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4} - .NET Framework ActiveX: {FEBEF00C-046D-438D-8A88-BF94A6C9E703} - .NET Framework ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - %SystemRoot%\system32\unregmp2.exe /ShowWMP ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\System32\ie4uinit.exe -UserIconConfig ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\iedkcs32.dll",BrandIEActiveSetup SIGNUP Drivers32:[b]64bit:[/b] aux - D:\Windows\System32\wdmaud.drv (Microsoft Corporation) Drivers32:[b]64bit:[/b] midi - D:\Windows\System32\wdmaud.drv (Microsoft Corporation) Drivers32:[b]64bit:[/b] midimapper - D:\Windows\System32\midimap.dll (Microsoft Corporation) Drivers32:[b]64bit:[/b] mixer - D:\Windows\System32\wdmaud.drv (Microsoft Corporation) Drivers32:[b]64bit:[/b] msacm.imaadpcm - D:\Windows\System32\imaadp32.acm (Microsoft Corporation) Drivers32:[b]64bit:[/b] msacm.l3acm - D:\Windows\System32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS) Drivers32:[b]64bit:[/b] msacm.msadpcm - D:\Windows\System32\msadp32.acm (Microsoft Corporation) Drivers32:[b]64bit:[/b] msacm.msg711 - D:\Windows\System32\msg711.acm (Microsoft Corporation) Drivers32:[b]64bit:[/b] msacm.msgsm610 - D:\Windows\System32\msgsm32.acm (Microsoft Corporation) Drivers32:[b]64bit:[/b] MSVideo8 - D:\Windows\System32\vfwwdm32.dll (Microsoft Corporation) Drivers32:[b]64bit:[/b] vidc.i420 - D:\Windows\System32\iyuv_32.dll (Microsoft Corporation) Drivers32:[b]64bit:[/b] VIDC.IYUV - D:\Windows\System32\iyuv_32.dll (Microsoft Corporation) Drivers32:[b]64bit:[/b] vidc.mrle - D:\Windows\System32\msrle32.dll (Microsoft Corporation) Drivers32:[b]64bit:[/b] vidc.msvc - D:\Windows\System32\msvidc32.dll (Microsoft Corporation) Drivers32:[b]64bit:[/b] VIDC.UYVY - D:\Windows\System32\msyuv.dll (Microsoft Corporation) Drivers32:[b]64bit:[/b] VIDC.YUY2 - D:\Windows\System32\msyuv.dll (Microsoft Corporation) Drivers32:[b]64bit:[/b] VIDC.YVU9 - D:\Windows\System32\tsbyuv.dll (Microsoft Corporation) Drivers32:[b]64bit:[/b] VIDC.YVYU - D:\Windows\System32\msyuv.dll (Microsoft Corporation) Drivers32:[b]64bit:[/b] wave - D:\Windows\System32\wdmaud.drv (Microsoft Corporation) Drivers32:[b]64bit:[/b] wavemapper - D:\Windows\System32\msacm32.drv (Microsoft Corporation) Drivers32: msacm.l3acm - D:\Windows\SysWOW64\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS) Drivers32: MSVideo8 - D:\Windows\SysWow64\vfwwdm32.dll (Microsoft Corporation) [color=#E56717]========== Files/Folders - Created Within 30 Days ==========[/color] [2011/07/25 10:41:22 | 000,000,000 | ---D | C] -- D:\Windows\temp [2011/07/25 10:35:45 | 000,000,000 | ---D | C] -- D:\$RECYCLE.BIN [2011/07/25 10:26:53 | 000,518,144 | ---- | C] (SteelWerX) -- D:\Windows\SWREG.exe [2011/07/25 10:26:53 | 000,406,528 | ---- | C] (SteelWerX) -- D:\Windows\SWSC.exe [2011/07/25 10:26:53 | 000,060,416 | ---- | C] (NirSoft) -- D:\Windows\NIRCMD.exe [2011/07/25 10:26:48 | 000,000,000 | ---D | C] -- D:\Windows\ERDNT [2011/07/25 10:23:01 | 000,000,000 | ---D | C] -- D:\Qoobox [2011/07/25 10:22:11 | 004,152,159 | R--- | C] (Swearware) -- D:\Users\EF\Desktop\ComboFix.exe [2011/07/25 07:12:30 | 000,000,000 | ---D | C] -- D:\Users\EF\Desktop\tdsskiller [2011/07/25 04:34:48 | 000,000,000 | ---D | C] -- D:\_OTL [2011/07/24 15:55:27 | 000,000,000 | ---D | C] -- D:\Users\EF\Desktop\RK_Quarantine [2011/07/24 15:06:37 | 000,579,584 | ---- | C] (OldTimer Tools) -- D:\Users\EF\Desktop\OTL.exe [2011/07/21 06:03:05 | 000,000,000 | ---D | C] -- D:\Config.Msi [2011/07/13 03:44:28 | 001,162,240 | ---- | C] (Microsoft Corporation) -- D:\Windows\System32\kernel32.dll [2011/07/13 03:44:28 | 000,362,496 | ---- | C] (Microsoft Corporation) -- D:\Windows\System32\wow64win.dll [2011/07/13 03:44:27 | 000,338,944 | ---- | C] (Microsoft Corporation) -- D:\Windows\System32\conhost.exe [2011/07/13 03:44:27 | 000,243,200 | ---- | C] (Microsoft Corporation) -- D:\Windows\System32\wow64.dll [2011/07/13 03:44:27 | 000,214,528 | ---- | C] (Microsoft Corporation) -- D:\Windows\System32\winsrv.dll [2011/07/13 03:44:27 | 000,025,600 | ---- | C] (Microsoft Corporation) -- D:\Windows\SysWow64\setup16.exe [2011/07/13 03:44:27 | 000,016,384 | ---- | C] (Microsoft Corporation) -- D:\Windows\System32\ntvdm64.dll [2011/07/13 03:44:27 | 000,014,336 | ---- | C] (Microsoft Corporation) -- D:\Windows\SysWow64\ntvdm64.dll [2011/07/13 03:44:27 | 000,013,312 | ---- | C] (Microsoft Corporation) -- D:\Windows\System32\wow64cpu.dll [2011/07/13 03:44:27 | 000,007,680 | ---- | C] (Microsoft Corporation) -- D:\Windows\SysWow64\instnm.exe [2011/07/13 03:44:27 | 000,005,120 | ---- | C] (Microsoft Corporation) -- D:\Windows\SysWow64\wow32.dll [2011/07/13 03:44:25 | 000,002,048 | ---- | C] (Microsoft Corporation) -- D:\Windows\SysWow64\user.exe [2011/07/13 03:44:22 | 000,422,400 | ---- | C] (Microsoft Corporation) -- D:\Windows\System32\KernelBase.dll [2011/07/13 03:44:20 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- D:\Windows\SysWow64\api-ms-win-core-libraryloader-l1-1-0.dll [2011/07/13 03:44:20 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- D:\Windows\System32\api-ms-win-core-libraryloader-l1-1-0.dll [2011/07/13 03:44:19 | 000,006,144 | -H-- | C] (Microsoft Corporation) -- D:\Windows\SysWow64\api-ms-win-security-base-l1-1-0.dll [2011/07/13 03:44:19 | 000,006,144 | -H-- | C] (Microsoft Corporation) -- D:\Windows\System32\api-ms-win-security-base-l1-1-0.dll [2011/07/13 03:44:19 | 000,005,120 | -H-- | C] (Microsoft Corporation) -- D:\Windows\SysWow64\api-ms-win-core-file-l1-1-0.dll [2011/07/13 03:44:19 | 000,005,120 | -H-- | C] (Microsoft Corporation) -- D:\Windows\System32\api-ms-win-core-file-l1-1-0.dll [2011/07/13 03:44:19 | 000,004,608 | -H-- | C] (Microsoft Corporation) -- D:\Windows\SysWow64\api-ms-win-core-threadpool-l1-1-0.dll [2011/07/13 03:44:19 | 000,004,608 | -H-- | C] (Microsoft Corporation) -- D:\Windows\System32\api-ms-win-core-threadpool-l1-1-0.dll [2011/07/13 03:44:19 | 000,004,608 | -H-- | C] (Microsoft Corporation) -- D:\Windows\SysWow64\api-ms-win-core-processthreads-l1-1-0.dll [2011/07/13 03:44:19 | 000,004,608 | -H-- | C] (Microsoft Corporation) -- D:\Windows\System32\api-ms-win-core-processthreads-l1-1-0.dll [2011/07/13 03:44:19 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- D:\Windows\SysWow64\api-ms-win-core-sysinfo-l1-1-0.dll [2011/07/13 03:44:19 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- D:\Windows\System32\api-ms-win-core-sysinfo-l1-1-0.dll [2011/07/13 03:44:19 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- D:\Windows\SysWow64\api-ms-win-core-synch-l1-1-0.dll [2011/07/13 03:44:19 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- D:\Windows\System32\api-ms-win-core-synch-l1-1-0.dll [2011/07/13 03:44:19 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- D:\Windows\SysWow64\api-ms-win-core-misc-l1-1-0.dll [2011/07/13 03:44:19 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- D:\Windows\SysWow64\api-ms-win-core-localregistry-l1-1-0.dll [2011/07/13 03:44:19 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- D:\Windows\System32\api-ms-win-core-localregistry-l1-1-0.dll [2011/07/13 03:44:19 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- D:\Windows\SysWow64\api-ms-win-core-localization-l1-1-0.dll [2011/07/13 03:44:19 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- D:\Windows\System32\api-ms-win-core-localization-l1-1-0.dll [2011/07/13 03:44:19 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- D:\Windows\SysWow64\api-ms-win-core-xstate-l1-1-0.dll [2011/07/13 03:44:19 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- D:\Windows\System32\api-ms-win-core-rtlsupport-l1-1-0.dll [2011/07/13 03:44:19 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- D:\Windows\SysWow64\api-ms-win-core-processenvironment-l1-1-0.dll [2011/07/13 03:44:19 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- D:\Windows\System32\api-ms-win-core-processenvironment-l1-1-0.dll [2011/07/13 03:44:19 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- D:\Windows\SysWow64\api-ms-win-core-namedpipe-l1-1-0.dll [2011/07/13 03:44:19 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- D:\Windows\System32\api-ms-win-core-namedpipe-l1-1-0.dll [2011/07/13 03:44:19 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- D:\Windows\System32\api-ms-win-core-misc-l1-1-0.dll [2011/07/13 03:44:19 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- D:\Windows\SysWow64\api-ms-win-core-memory-l1-1-0.dll [2011/07/13 03:44:19 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- D:\Windows\System32\api-ms-win-core-memory-l1-1-0.dll [2011/07/13 03:44:19 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- D:\Windows\SysWow64\api-ms-win-core-interlocked-l1-1-0.dll [2011/07/13 03:44:19 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- D:\Windows\SysWow64\api-ms-win-core-heap-l1-1-0.dll [2011/07/13 03:44:19 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- D:\Windows\System32\api-ms-win-core-heap-l1-1-0.dll [2011/07/13 03:44:19 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- D:\Windows\System32\api-ms-win-core-xstate-l1-1-0.dll [2011/07/13 03:44:19 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- D:\Windows\SysWow64\api-ms-win-core-util-l1-1-0.dll [2011/07/13 03:44:19 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- D:\Windows\System32\api-ms-win-core-util-l1-1-0.dll [2011/07/13 03:44:19 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- D:\Windows\SysWow64\api-ms-win-core-string-l1-1-0.dll [2011/07/13 03:44:19 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- D:\Windows\System32\api-ms-win-core-string-l1-1-0.dll [2011/07/13 03:44:19 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- D:\Windows\SysWow64\api-ms-win-core-rtlsupport-l1-1-0.dll [2011/07/13 03:44:19 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- D:\Windows\SysWow64\api-ms-win-core-profile-l1-1-0.dll [2011/07/13 03:44:19 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- D:\Windows\System32\api-ms-win-core-profile-l1-1-0.dll [2011/07/13 03:44:19 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- D:\Windows\SysWow64\api-ms-win-core-io-l1-1-0.dll [2011/07/13 03:44:19 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- D:\Windows\System32\api-ms-win-core-io-l1-1-0.dll [2011/07/13 03:44:19 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- D:\Windows\System32\api-ms-win-core-interlocked-l1-1-0.dll [2011/07/13 03:44:19 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- D:\Windows\SysWow64\api-ms-win-core-handle-l1-1-0.dll [2011/07/13 03:44:19 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- D:\Windows\System32\api-ms-win-core-handle-l1-1-0.dll [2011/07/13 03:44:19 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- D:\Windows\SysWow64\api-ms-win-core-fibers-l1-1-0.dll [2011/07/13 03:44:19 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- D:\Windows\System32\api-ms-win-core-fibers-l1-1-0.dll [2011/07/13 03:44:19 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- D:\Windows\SysWow64\api-ms-win-core-errorhandling-l1-1-0.dll [2011/07/13 03:44:19 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- D:\Windows\System32\api-ms-win-core-errorhandling-l1-1-0.dll [2011/07/13 03:44:19 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- D:\Windows\SysWow64\api-ms-win-core-delayload-l1-1-0.dll [2011/07/13 03:44:19 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- D:\Windows\System32\api-ms-win-core-delayload-l1-1-0.dll [2011/07/13 03:44:19 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- D:\Windows\SysWow64\api-ms-win-core-debug-l1-1-0.dll [2011/07/13 03:44:19 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- D:\Windows\System32\api-ms-win-core-debug-l1-1-0.dll [2011/07/13 03:44:19 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- D:\Windows\SysWow64\api-ms-win-core-datetime-l1-1-0.dll [2011/07/13 03:44:19 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- D:\Windows\System32\api-ms-win-core-datetime-l1-1-0.dll [2011/07/13 03:44:19 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- D:\Windows\SysWow64\api-ms-win-core-console-l1-1-0.dll [2011/07/13 03:44:19 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- D:\Windows\System32\api-ms-win-core-console-l1-1-0.dll [2011/07/10 09:57:26 | 000,000,000 | ---D | C] -- D:\Program Files (x86)\Winamax Poker [2011/06/29 04:00:35 | 002,228,224 | ---- | C] (Microsoft Corporation) -- D:\Windows\System32\mssrch.dll [2011/06/29 04:00:35 | 001,401,856 | ---- | C] (Microsoft Corporation) -- D:\Windows\SysWow64\mssrch.dll [2011/06/29 04:00:34 | 002,326,016 | ---- | C] (Microsoft Corporation) -- D:\Windows\System32\tquery.dll [2011/06/29 04:00:34 | 001,553,920 | ---- | C] (Microsoft Corporation) -- D:\Windows\SysWow64\tquery.dll [2011/06/29 04:00:34 | 000,666,624 | ---- | C] (Microsoft Corporation) -- D:\Windows\SysWow64\mssvp.dll [2011/06/29 04:00:34 | 000,491,520 | ---- | C] (Microsoft Corporation) -- D:\Windows\System32\mssph.dll [2011/06/29 04:00:34 | 000,249,856 | ---- | C] (Microsoft Corporation) -- D:\Windows\System32\SearchProtocolHost.exe [2011/06/29 04:00:33 | 000,779,264 | ---- | C] (Microsoft Corporation) -- D:\Windows\System32\mssvp.dll [2011/06/29 04:00:33 | 000,337,408 | ---- | C] (Microsoft Corporation) -- D:\Windows\SysWow64\mssph.dll [2011/06/29 04:00:33 | 000,197,120 | ---- | C] (Microsoft Corporation) -- D:\Windows\SysWow64\mssphtb.dll [2011/06/29 04:00:33 | 000,113,664 | ---- | C] (Microsoft Corporation) -- D:\Windows\System32\SearchFilterHost.exe [2011/06/29 04:00:33 | 000,075,264 | ---- | C] (Microsoft Corporation) -- D:\Windows\System32\msscntrs.dll [2011/06/29 04:00:32 | 000,288,256 | ---- | C] (Microsoft Corporation) -- D:\Windows\System32\mssphtb.dll [2011/06/29 04:00:32 | 000,059,392 | ---- | C] (Microsoft Corporation) -- D:\Windows\SysWow64\msscntrs.dll [2011/06/29 04:00:30 | 000,252,928 | ---- | C] (Microsoft Corporation) -- D:\Windows\SysWow64\drvinst.exe [2011/06/29 04:00:30 | 000,044,544 | ---- | C] (Microsoft Corporation) -- D:\Windows\SysWow64\devrtl.dll [color=#E56717]========== Files - Modified Within 30 Days ==========[/color] [2011/07/25 17:50:13 | 000,067,584 | --S- | M] () -- D:\Windows\bootstat.dat [2011/07/25 17:49:12 | 000,001,066 | ---- | M] () -- D:\Windows\tasks\GoogleUpdateTaskMachineCore.job [2011/07/25 17:48:53 | 1554,726,912 | -HS- | M] () -- D:\hiberfil.sys [2011/07/25 17:39:32 | 000,009,920 | -H-- | M] () -- D:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 [2011/07/25 17:39:32 | 000,009,920 | -H-- | M] () -- D:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 [2011/07/25 17:30:05 | 000,000,000 | ---- | M] () -- D:\Users\EF\AppData\Local\{08952DD3-C5CC-4FEA-A4C6-32A9AC7D8DF2} [2011/07/25 17:14:14 | 000,000,000 | ---- | M] () -- D:\Users\EF\AppData\Local\{ECF071E5-C86B-4A6D-B3E6-A7A38A118D1E} [2011/07/25 17:10:16 | 000,001,070 | ---- | M] () -- D:\Windows\tasks\GoogleUpdateTaskMachineUA.job [2011/07/25 10:35:42 | 000,000,027 | ---- | M] () -- D:\Windows\System32\drivers\etc\hosts [2011/07/25 10:22:12 | 004,152,159 | R--- | M] (Swearware) -- D:\Users\EF\Desktop\ComboFix.exe [2011/07/25 07:17:50 | 000,000,512 | ---- | M] () -- D:\PhysicalMBR.bin [2011/07/25 07:11:31 | 001,383,430 | ---- | M] () -- D:\Users\EF\Desktop\tdsskiller.zip [2011/07/24 15:54:56 | 000,526,848 | ---- | M] () -- D:\Users\EF\Desktop\winlogon.exe [2011/07/24 15:06:45 | 000,579,584 | ---- | M] (OldTimer Tools) -- D:\Users\EF\Desktop\OTL.exe [2011/07/21 06:03:16 | 000,002,441 | ---- | M] () -- D:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader 9.lnk [2011/07/17 04:56:18 | 000,506,680 | ---- | M] () -- D:\Windows\System32\FNTCACHE.DAT [2011/07/13 14:03:47 | 000,000,952 | ---- | M] () -- D:\ProgramData\KGyGaAvL.sys [2011/07/10 09:57:29 | 000,000,937 | ---- | M] () -- D:\ProgramData\Microsoft\Windows\Start Menu\Programs\Winamax Poker.lnk [2011/07/05 12:56:53 | 000,070,642 | ---- | M] () -- D:\Users\EF\Desktop\Call.Of.Duty.2.PAL.XBOX360.rar [color=#E56717]========== Files Created - No Company Name ==========[/color] [2011/07/25 17:30:05 | 000,000,000 | ---- | C] () -- D:\Users\EF\AppData\Local\{08952DD3-C5CC-4FEA-A4C6-32A9AC7D8DF2} [2011/07/25 17:14:14 | 000,000,000 | ---- | C] () -- D:\Users\EF\AppData\Local\{ECF071E5-C86B-4A6D-B3E6-A7A38A118D1E} [2011/07/25 10:26:53 | 000,256,000 | ---- | C] () -- D:\Windows\PEV.exe [2011/07/25 10:26:53 | 000,208,896 | ---- | C] () -- D:\Windows\MBR.exe [2011/07/25 10:26:53 | 000,098,816 | ---- | C] () -- D:\Windows\sed.exe [2011/07/25 10:26:53 | 000,080,412 | ---- | C] () -- D:\Windows\grep.exe [2011/07/25 10:26:53 | 000,068,096 | ---- | C] () -- D:\Windows\zip.exe [2011/07/25 07:11:21 | 001,383,430 | ---- | C] () -- D:\Users\EF\Desktop\tdsskiller.zip [2011/07/24 16:00:50 | 000,000,512 | ---- | C] () -- D:\PhysicalMBR.bin [2011/07/24 15:54:54 | 000,526,848 | ---- | C] () -- D:\Users\EF\Desktop\winlogon.exe [2011/07/05 12:56:53 | 000,070,642 | ---- | C] () -- D:\Users\EF\Desktop\Call.Of.Duty.2.PAL.XBOX360.rar [2010/11/17 05:38:03 | 000,000,036 | ---- | C] () -- D:\Windows\eprint.INI [2010/09/27 12:04:45 | 000,000,952 | ---- | C] () -- D:\ProgramData\KGyGaAvL.sys [2010/08/25 14:34:30 | 000,982,240 | ---- | C] () -- D:\Windows\SysWow64\igkrng500.bin [2010/08/25 14:34:30 | 000,439,308 | ---- | C] () -- D:\Windows\SysWow64\igcompkrng500.bin [2010/08/25 14:34:30 | 000,092,356 | ---- | C] () -- D:\Windows\SysWow64\igfcg500m.bin [2010/08/25 13:52:00 | 000,208,896 | ---- | C] () -- D:\Windows\SysWow64\iglhsip32.dll [2010/08/25 13:52:00 | 000,143,360 | ---- | C] () -- D:\Windows\SysWow64\iglhcp32.dll [2010/07/24 17:02:42 | 000,000,000 | ---- | C] () -- D:\Windows\ViewNX.INI [2010/07/24 16:58:51 | 000,000,268 | ---- | C] () -- D:\ProgramData\Techno Kit [2010/07/24 16:58:51 | 000,000,268 | ---- | C] () -- D:\Users\EF\AppData\Roaming\Synth Textures [2010/07/24 16:58:51 | 000,000,020 | ---- | C] () -- D:\ProgramData\PKP_DLdw.DAT [2010/07/24 16:58:51 | 000,000,012 | ---- | C] () -- D:\ProgramData\Tremolo [2010/07/24 16:56:52 | 000,000,268 | ---- | C] () -- D:\ProgramData\SystemConfiguration [2010/07/24 16:56:52 | 000,000,268 | ---- | C] () -- D:\Users\EF\AppData\Roaming\Synth Leads [2010/07/24 16:56:52 | 000,000,020 | ---- | C] () -- D:\ProgramData\PKP_DLdu.DAT [2010/07/24 16:56:52 | 000,000,012 | ---- | C] () -- D:\ProgramData\Track Settings [2010/07/17 08:07:33 | 000,007,168 | ---- | C] () -- D:\Windows\SysWow64\drivers\StarOpen.sys [2010/03/13 10:54:16 | 000,000,909 | ---- | C] () -- D:\Windows\wininit.ini [2009/10/19 20:01:07 | 000,134,592 | ---- | C] () -- D:\Windows\SysWow64\igfcg500.bin [2009/07/14 01:38:36 | 000,067,584 | --S- | C] () -- D:\Windows\bootstat.dat [2009/07/13 22:35:51 | 000,000,741 | ---- | C] () -- D:\Windows\SysWow64\NOISE.DAT [2009/07/13 22:34:42 | 000,215,943 | ---- | C] () -- D:\Windows\SysWow64\dssec.dat [2009/07/13 20:10:29 | 000,043,131 | ---- | C] () -- D:\Windows\mib.bin [2009/07/13 20:02:54 | 000,245,248 | ---- | C] () -- D:\Windows\SysWow64\DShowRdpFilter.dll [2009/07/13 19:42:10 | 000,064,000 | ---- | C] () -- D:\Windows\SysWow64\BWContextHandler.dll [2009/07/13 18:25:04 | 000,197,632 | ---- | C] () -- D:\Windows\SysWow64\ir32_32.dll [2009/07/13 17:03:59 | 000,364,544 | ---- | C] () -- D:\Windows\SysWow64\msjetoledb40.dll [2009/07/03 04:25:06 | 001,578,010 | ---- | C] () -- D:\Windows\SysWow64\PerfStringBackup.INI [2009/06/10 17:26:10 | 000,673,088 | ---- | C] () -- D:\Windows\SysWow64\mlang.dat [2007/10/10 08:37:54 | 000,278,528 | ---- | C] () -- D:\Windows\ImgUploaderLang_3.dll [2007/10/10 08:37:54 | 000,278,528 | ---- | C] () -- D:\Windows\ImgUploaderLang_2.dll [2007/10/10 08:37:54 | 000,278,528 | ---- | C] () -- D:\Windows\ImgUploaderLang_1.dll [2007/06/27 06:22:54 | 000,692,224 | ---- | C] () -- D:\Windows\libcurl.dll [1998/09/14 14:43:16 | 000,065,536 | ---- | C] () -- D:\Windows\SysWow64\EZTW32.DLL [color=#E56717]========== LOP Check ==========[/color] [2011/02/04 17:08:36 | 000,000,000 | ---D | M] -- D:\ProgramData\Alawar Stargaze [2010/03/06 06:09:57 | 000,000,000 | ---D | M] -- D:\ProgramData\Alwil Software [2009/07/14 01:08:56 | 000,000,000 | -HSD | M] -- D:\ProgramData\Application Data [2010/05/02 13:22:53 | 000,000,000 | ---D | M] -- D:\ProgramData\Arcade Lab [2011/02/21 14:47:36 | 000,000,000 | ---D | M] -- D:\ProgramData\Big Fish Games [2010/02/25 13:08:16 | 000,000,000 | -HSD | M] -- D:\ProgramData\Bureau [2010/07/24 16:53:29 | 000,000,000 | ---D | M] -- D:\ProgramData\Canneverbe Limited [2009/07/14 01:08:56 | 000,000,000 | -HSD | M] -- D:\ProgramData\Desktop [2009/07/14 01:08:56 | 000,000,000 | -HSD | M] -- D:\ProgramData\Documents [2010/07/24 16:58:51 | 000,000,000 | ---D | M] -- D:\ProgramData\EnterNHelp [2009/10/19 20:03:03 | 000,000,000 | ---D | M] -- D:\ProgramData\eSobi [2010/05/01 09:44:57 | 000,000,000 | ---D | M] -- D:\ProgramData\FarmFrenzy2 [2010/02/25 13:08:16 | 000,000,000 | -HSD | M] -- D:\ProgramData\Favoris [2009/07/14 01:08:56 | 000,000,000 | -HSD | M] -- D:\ProgramData\Favorites [2010/02/25 13:11:00 | 000,000,000 | ---D | M] -- D:\ProgramData\McQcModifier-5c47-a7b0 [2010/02/25 13:08:16 | 000,000,000 | -HSD | M] -- D:\ProgramData\Menu Démarrer [2010/02/25 13:08:16 | 000,000,000 | -HSD | M] -- D:\ProgramData\Modèles [2010/07/24 16:57:44 | 000,000,000 | ---D | M] -- D:\ProgramData\Nikon [2010/02/25 13:08:43 | 000,000,000 | ---D | M] -- D:\ProgramData\OEM [2010/03/31 16:39:24 | 000,000,000 | ---D | M] -- D:\ProgramData\Partner [2010/11/04 09:23:47 | 000,000,000 | ---D | M] -- D:\ProgramData\PearlMountainSoft [2011/02/16 18:39:15 | 000,000,000 | ---D | M] -- D:\ProgramData\PlayFirst [2010/04/14 03:19:15 | 000,000,000 | ---D | M] -- D:\ProgramData\Sandlot Games [2009/07/14 01:08:56 | 000,000,000 | -HSD | M] -- D:\ProgramData\Start Menu [2011/02/21 14:49:31 | 000,000,000 | ---D | M] -- D:\ProgramData\TEMP [2009/07/14 01:08:56 | 000,000,000 | -HSD | M] -- D:\ProgramData\Templates [2011/03/02 06:54:10 | 000,000,000 | ---D | M] -- D:\ProgramData\Ubisoft [2010/07/24 16:58:51 | 000,000,000 | ---D | M] -- D:\ProgramData\Ultima_T15 [2011/07/02 04:27:58 | 000,032,496 | ---- | M] () -- D:\Windows\Tasks\SCHEDLGU.TXT [color=#E56717]========== Purity Check ==========[/color] [color=#E56717]========== Custom Scans ==========[/color] [color=#A23BEC]< HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\ >[/color] "ReportBootOk" = 1 "Shell" = Explorer.exe -- [2011/02/26 01:33:07 | 002,614,784 | ---- | M] (Microsoft Corporation) "PreCreateKnownFolders" = {A520A1A4-1780-4FF6-BD18-167343C5AF16} "Userinit" = C:\Windows\system32\userinit.exe, "VMApplet" = SystemPropertiesPerformance.exe /pagefile -- [2009/07/13 21:14:42 | 000,081,920 | ---- | M] (Microsoft Corporation) "AutoRestartShell" = 1 "Background" = 0 0 0 "CachedLogonsCount" = 10 "DebugServerCommand" = no "ForceUnlockLogon" = 0 "LegalNoticeCaption" = "LegalNoticeText" = "PasswordExpiryWarning" = 5 "PowerdownAfterShutdown" = 0 "ShutdownWithoutLogon" = 0 "WinStationsDisabled" = 0 "DisableCAD" = 1 "scremoveoption" = 0 "ShutdownFlags" = 39 "allocatecdroms" = 0 "LegalNotice Text" = "SFCDisable" = 0 "System" = [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\SpecialAccounts] [color=#A23BEC]< %systemroot%\system32\drivers\*.sys /lockedfiles >[/color] Invalid Environment Variable: %ALLUSERSPROFILE%\Application Data\*. Invalid Environment Variable: %ALLUSERSPROFILE%\Application Data\*.exe Invalid Environment Variable: %APPDATA%\*. Invalid Environment Variable: %APPDATA%\*.exe [color=#A23BEC]< %SYSTEMDRIVE%\*.exe >[/color] [color=#A23BEC]< %SYSTEMDRIVE%\*.exe >[/color] [color=#A23BEC]< MD5 for: AGP440.SYS >[/color] [2009/07/13 21:52:21 | 000,061,008 | ---- | M] (Microsoft Corporation) MD5=608C14DBA7299D8CB6ED035A68A15799 -- D:\Windows\System32\drivers\AGP440.sys [2009/07/13 21:52:21 | 000,061,008 | ---- | M] (Microsoft Corporation) MD5=608C14DBA7299D8CB6ED035A68A15799 -- D:\Windows\System32\DriverStore\FileRepository\machine.inf_amd64_neutral_9e6bb86c3b39a3e9\AGP440.sys [2009/07/13 21:52:21 | 000,061,008 | ---- | M] (Microsoft Corporation) MD5=608C14DBA7299D8CB6ED035A68A15799 -- D:\Windows\winsxs\amd64_machine.inf_31bf3856ad364e35_6.1.7600.16385_none_1607dee2d861e021\AGP440.sys [2009/07/13 21:52:21 | 000,061,008 | ---- | M] (Microsoft Corporation) MD5=608C14DBA7299D8CB6ED035A68A15799 -- D:\Windows\winsxs\amd64_machine.inf_31bf3856ad364e35_6.1.7601.17514_none_1838f2aad55063bb\AGP440.sys [color=#A23BEC]< MD5 for: ATAPI.SYS >[/color] [2009/07/13 21:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- D:\Windows\ERDNT\cache64\atapi.sys [2009/07/13 21:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- D:\Windows\System32\drivers\atapi.sys [2009/07/13 21:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- D:\Windows\System32\DriverStore\FileRepository\mshdc.inf_amd64_neutral_a69a58a4286f0b22\atapi.sys [2009/07/13 21:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- D:\Windows\winsxs\amd64_mshdc.inf_31bf3856ad364e35_6.1.7600.16385_none_392d19c13b3ad543\atapi.sys [2009/07/13 21:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- D:\Windows\winsxs\amd64_mshdc.inf_31bf3856ad364e35_6.1.7601.17514_none_3b5e2d89382958dd\atapi.sys [color=#A23BEC]< MD5 for: BOOTVID.DLL >[/color] [2009/07/13 21:52:21 | 000,023,120 | ---- | M] (Microsoft Corporation) MD5=B1DADC050C697C6371590389EDF89A95 -- D:\Windows\System32\BOOTVID.DLL [2009/07/13 21:52:21 | 000,023,120 | ---- | M] (Microsoft Corporation) MD5=B1DADC050C697C6371590389EDF89A95 -- D:\Windows\winsxs\amd64_microsoft-windows-bootvid_31bf3856ad364e35_6.1.7600.16385_none_946e6d209fe56342\BOOTVID.DLL [2009/07/13 21:26:15 | 000,021,584 | ---- | M] (Microsoft Corporation) MD5=D5037B4C527AB5069C48C9C09A12756D -- D:\Windows\SysWOW64\BOOTVID.DLL [2009/07/13 21:26:15 | 000,021,584 | ---- | M] (Microsoft Corporation) MD5=D5037B4C527AB5069C48C9C09A12756D -- D:\Windows\winsxs\x86_microsoft-windows-bootvid_31bf3856ad364e35_6.1.7600.16385_none_384fd19ce787f20c\BOOTVID.DLL [color=#A23BEC]< MD5 for: CDROM.SYS >[/color] [2009/07/13 19:19:54 | 000,147,456 | ---- | M] (Microsoft Corporation) MD5=83D2D75E1EFB81B3450C18131443F7DB -- D:\Windows\System32\drivers\cdrom.sys [2009/07/13 19:19:54 | 000,147,456 | ---- | M] (Microsoft Corporation) MD5=83D2D75E1EFB81B3450C18131443F7DB -- D:\Windows\System32\DriverStore\FileRepository\cdrom.inf_amd64_neutral_8363d00ecae4322d\cdrom.sys [2009/07/13 19:19:54 | 000,147,456 | ---- | M] (Microsoft Corporation) MD5=83D2D75E1EFB81B3450C18131443F7DB -- D:\Windows\winsxs\amd64_cdrom.inf_31bf3856ad364e35_6.1.7600.16385_none_bb9e4d89bd7870f1\cdrom.sys [2010/11/20 05:19:21 | 000,147,456 | ---- | M] (Microsoft Corporation) MD5=F036CE71586E93D94DAB220D7BDF4416 -- D:\Windows\SoftwareDistribution\Download\488053cdbca3231eeb2c2af7236d09ed\amd64_cdrom.inf_31bf3856ad364e35_6.1.7601.17514_none_bdcf6151ba66f48b\cdrom.sys [color=#A23BEC]< MD5 for: CI.DLL >[/color] [2009/07/13 21:43:14 | 000,780,224 | ---- | M] (Microsoft Corporation) MD5=02F31439AF6499B530AC285C0863BB9E -- D:\Windows\System32\ci.dll [2009/07/13 21:43:14 | 000,780,224 | ---- | M] (Microsoft Corporation) MD5=02F31439AF6499B530AC285C0863BB9E -- D:\Windows\winsxs\amd64_microsoft-windows-codeintegrity_31bf3856ad364e35_6.1.7600.16385_none_fc6ce2e51e70eaed\ci.dll [2010/11/20 09:28:59 | 000,780,008 | ---- | M] (Microsoft Corporation) MD5=11338E0557B07BC32CDB980B6EDB35AA -- D:\Windows\SoftwareDistribution\Download\488053cdbca3231eeb2c2af7236d09ed\amd64_microsoft-windows-codeintegrity_31bf3856ad364e35_6.1.7601.17514_none_fe9df6ad1b5f6e87\ci.dll [color=#A23BEC]< MD5 for: CLFS.SYS >[/color] [2009/07/13 21:52:31 | 000,367,696 | ---- | M] (Microsoft Corporation) MD5=FE1EC06F2253F691FE36217C592A0206 -- D:\Windows\System32\clfs.sys [2009/07/13 21:52:31 | 000,367,696 | ---- | M] (Microsoft Corporation) MD5=FE1EC06F2253F691FE36217C592A0206 -- D:\Windows\winsxs\amd64_microsoft-windows-commonlog_31bf3856ad364e35_6.1.7600.16385_none_da778c54413d0c9c\clfs.sys [color=#A23BEC]< MD5 for: CNGAUDIT.DLL >[/color] [2009/07/13 21:15:06 | 000,012,288 | ---- | M] (Microsoft Corporation) MD5=50BA656134F78AF64E4DD3C8B6FEFD7E -- D:\Windows\ERDNT\cache86\cngaudit.dll [2009/07/13 21:15:06 | 000,012,288 | ---- | M] (Microsoft Corporation) MD5=50BA656134F78AF64E4DD3C8B6FEFD7E -- D:\Windows\SysWOW64\cngaudit.dll [2009/07/13 21:15:06 | 000,012,288 | ---- | M] (Microsoft Corporation) MD5=50BA656134F78AF64E4DD3C8B6FEFD7E -- D:\Windows\winsxs\x86_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.1.7600.16385_none_e83a414890e8132b\cngaudit.dll [2009/07/13 21:40:20 | 000,018,944 | ---- | M] (Microsoft Corporation) MD5=86FE1B1F8FD42CD0DB641AB1CDB13093 -- D:\Windows\ERDNT\cache64\cngaudit.dll [2009/07/13 21:40:20 | 000,018,944 | ---- | M] (Microsoft Corporation) MD5=86FE1B1F8FD42CD0DB641AB1CDB13093 -- D:\Windows\System32\cngaudit.dll [2009/07/13 21:40:20 | 000,018,944 | ---- | M] (Microsoft Corporation) MD5=86FE1B1F8FD42CD0DB641AB1CDB13093 -- D:\Windows\winsxs\amd64_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.1.7600.16385_none_4458dccc49458461\cngaudit.dll [color=#A23BEC]< MD5 for: DISK.SYS >[/color] [2009/07/13 21:47:48 | 000,073,280 | ---- | M] (Microsoft Corporation) MD5=9819EEE8B5EA3784EC4AF3B137A5244C -- D:\Windows\System32\drivers\disk.sys [2009/07/13 21:47:48 | 000,073,280 | ---- | M] (Microsoft Corporation) MD5=9819EEE8B5EA3784EC4AF3B137A5244C -- D:\Windows\System32\DriverStore\FileRepository\disk.inf_amd64_neutral_10ce25bbc5a9cc43\disk.sys [2009/07/13 21:47:48 | 000,073,280 | ---- | M] (Microsoft Corporation) MD5=9819EEE8B5EA3784EC4AF3B137A5244C -- D:\Windows\winsxs\amd64_disk.inf_31bf3856ad364e35_6.1.7600.16385_none_55bb738b8ddd8a01\disk.sys [color=#A23BEC]< MD5 for: EXPLORER.EXE >[/color] [2011/02/26 02:23:14 | 002,870,272 | ---- | M] (Microsoft Corporation) MD5=0862495E0C825893DB75EF44FAEA8E93 -- D:\Windows\ERDNT\cache86\explorer.exe [2011/02/26 02:23:14 | 002,870,272 | ---- | M] (Microsoft Corporation) MD5=0862495E0C825893DB75EF44FAEA8E93 -- D:\Windows\explorer.exe [2011/02/26 02:23:14 | 002,870,272 | ---- | M] (Microsoft Corporation) MD5=0862495E0C825893DB75EF44FAEA8E93 -- D:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16768_none_adc24107935a7e25\explorer.exe [2011/02/26 01:19:21 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=0FB9C74046656D1579A64660AD67B746 -- D:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.21669_none_ba87e574ddfe652d\explorer.exe [2009/07/13 21:14:20 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=15BC38A7492BEFE831966ADB477CF76F -- D:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16385_none_b7fe430bc7ce3761\explorer.exe [2011/02/26 01:51:13 | 002,614,784 | ---- | M] (Microsoft Corporation) MD5=255CF508D7CFB10E0794D6AC93280BD8 -- D:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20910_none_b8ce9756e0b786a4\explorer.exe [2009/10/31 01:45:39 | 002,614,272 | ---- | M] (Microsoft Corporation) MD5=2626FC9755BE22F805D3CFA0CE3EE727 -- D:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16450_none_b819b343c7ba6202\explorer.exe [2011/02/26 01:33:07 | 002,614,784 | ---- | M] (Microsoft Corporation) MD5=2AF58D15EDC06EC6FDACCE1F19482BBF -- D:\Windows\SysWOW64\explorer.exe [2011/02/26 01:33:07 | 002,614,784 | ---- | M] (Microsoft Corporation) MD5=2AF58D15EDC06EC6FDACCE1F19482BBF -- D:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16768_none_b816eb59c7bb4020\explorer.exe [2011/02/25 02:19:30 | 002,871,808 | ---- | M] (Microsoft Corporation) MD5=332FEAB1435662FC6C672E25BEB37BE3 -- D:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17567_none_afa79dc39081d0ba\explorer.exe [2011/02/26 02:14:34 | 002,871,808 | ---- | M] (Microsoft Corporation) MD5=3B69712041F3D63605529BD66DC00C48 -- D:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.21669_none_b0333b22a99da332\explorer.exe [2010/11/20 08:17:09 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=40D777B7A95E00593EB1568C68514493 -- D:\Windows\SoftwareDistribution\Download\488053cdbca3231eeb2c2af7236d09ed\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17514_none_ba2f56d3c4bcbafb\explorer.exe [2009/08/03 02:19:07 | 002,868,224 | ---- | M] (Microsoft Corporation) MD5=700073016DAC1C3D2E7E2CE4223334B6 -- D:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20500_none_ae84b558ac4eb41c\explorer.exe [2011/02/25 01:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=8B88EBBB05A0E56B7DCC708498C02B3E -- D:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17567_none_b9fc4815c4e292b5\explorer.exe [2009/10/31 02:34:59 | 002,870,272 | ---- | M] (Microsoft Corporation) MD5=9AAAEC8DAC27AA17B053E6352AD233AE -- D:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16450_none_adc508f19359a007\explorer.exe [2009/08/03 01:49:47 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=9FF6C4C91A3711C0A3B18F87B08B518D -- D:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20500_none_b8d95faae0af7617\explorer.exe [2010/11/20 09:24:45 | 002,872,320 | ---- | M] (Microsoft Corporation) MD5=AC4C51EB24AA95B77F705AB159189E24 -- D:\Windows\SoftwareDistribution\Download\488053cdbca3231eeb2c2af7236d09ed\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17514_none_afdaac81905bf900\explorer.exe [2009/10/31 02:38:38 | 002,870,272 | ---- | M] (Microsoft Corporation) MD5=B8EC4BD49CE8F6FC457721BFC210B67F -- D:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20563_none_ae46d6aeac7ca7c7\explorer.exe [2009/08/03 01:35:50 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=B95EEB0F4E5EFBF1038A35B3351CF047 -- D:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16404_none_b853c407c78e3ba9\explorer.exe [2009/07/13 21:39:10 | 002,868,224 | ---- | M] (Microsoft Corporation) MD5=C235A51CB740E45FFA0EBFB9BAFCDA64 -- D:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16385_none_ada998b9936d7566\explorer.exe [2009/10/31 02:00:51 | 002,614,272 | ---- | M] (Microsoft Corporation) MD5=C76153C7ECA00FA852BB0C193378F917 -- D:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20563_none_b89b8100e0dd69c2\explorer.exe [2011/02/26 02:26:45 | 002,870,784 | ---- | M] (Microsoft Corporation) MD5=E38899074D4951D31B4040E994DD7C8D -- D:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20910_none_ae79ed04ac56c4a9\explorer.exe [2009/08/03 02:17:37 | 002,868,224 | ---- | M] (Microsoft Corporation) MD5=F170B4A061C9E026437B193B4D571799 -- D:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16404_none_adff19b5932d79ae\explorer.exe [color=#A23BEC]< MD5 for: HAL.DLL >[/color] [2009/07/13 21:47:48 | 000,263,232 | ---- | M] (Microsoft Corporation) MD5=C0A6F6E05E14FBCAEDE7796C8590B7AC -- D:\Windows\System32\hal.dll [2009/07/13 21:47:48 | 000,263,232 | ---- | M] (Microsoft Corporation) MD5=C0A6F6E05E14FBCAEDE7796C8590B7AC -- D:\Windows\winsxs\amd64_microsoft-windows-hal_31bf3856ad364e35_6.1.7600.16385_none_071de44b735b3dfc\hal.dll [2010/11/20 09:33:34 | 000,263,040 | ---- | M] (Microsoft Corporation) MD5=CFB8C673F9188F99466E76C6972191E0 -- D:\Windows\SoftwareDistribution\Download\488053cdbca3231eeb2c2af7236d09ed\amd64_microsoft-windows-hal_31bf3856ad364e35_6.1.7601.17514_none_094ef8137049c196\hal.dll [color=#A23BEC]< MD5 for: IASTOR.SYS >[/color] [2009/06/04 21:54:36 | 000,408,600 | ---- | M] (Intel Corporation) MD5=1D004CB1DA6323B1F55CAEF7F94B61D9 -- D:\Program Files (x86)\Intel\Intel Matrix Storage Manager\driver64\IaStor.sys [2009/06/04 21:54:36 | 000,408,600 | ---- | M] (Intel Corporation) MD5=1D004CB1DA6323B1F55CAEF7F94B61D9 -- D:\Windows\System32\drivers\iaStor.sys [2009/06/04 21:54:36 | 000,408,600 | ---- | M] (Intel Corporation) MD5=1D004CB1DA6323B1F55CAEF7F94B61D9 -- D:\Windows\System32\DriverStore\FileRepository\iaahci.inf_amd64_neutral_7fb62b08f6b7117a\iaStor.sys [2009/06/04 21:43:16 | 000,330,264 | ---- | M] (Intel Corporation) MD5=D483687EACE0C065EE772481A96E05F5 -- D:\Program Files (x86)\Intel\Intel Matrix Storage Manager\driver\IaStor.sys [color=#A23BEC]< MD5 for: IASTORV.SYS >[/color] [2010/11/20 09:33:38 | 000,410,496 | ---- | M] (Intel Corporation) MD5=3DF4395A7CF8B7A72A5F4606366B8C2D -- D:\Windows\SoftwareDistribution\Download\488053cdbca3231eeb2c2af7236d09ed\amd64_iastorv.inf_31bf3856ad364e35_6.1.7601.17514_none_0d3757e79e6784d0\iaStorV.sys [2011/03/11 02:19:16 | 000,410,496 | ---- | M] (Intel Corporation) MD5=5B3DE7208E5000D5B451B9D290D2579C -- D:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7601.21680_none_0d714416b7c182d5\iaStorV.sys [2011/03/11 02:41:26 | 000,410,496 | ---- | M] (Intel Corporation) MD5=AAAF44DB3BD0B9D1FB6969B23ECC8366 -- D:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7601.17577_none_0cf9793d9e95787b\iaStorV.sys [2011/03/11 02:23:00 | 000,410,496 | ---- | M] (Intel Corporation) MD5=B75E45C564E944A2657167D197AB29DA -- D:\Windows\System32\drivers\iaStorV.sys [2011/03/11 02:23:00 | 000,410,496 | ---- | M] (Intel Corporation) MD5=B75E45C564E944A2657167D197AB29DA -- D:\Windows\System32\DriverStore\FileRepository\iastorv.inf_amd64_neutral_0033117673c16921\iaStorV.sys [2011/03/11 02:23:00 | 000,410,496 | ---- | M] (Intel Corporation) MD5=B75E45C564E944A2657167D197AB29DA -- D:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7600.16778_none_0b141c81a16e25e6\iaStorV.sys [2011/03/11 02:25:49 | 000,410,496 | ---- | M] (Intel Corporation) MD5=BFDC9D75698800CFE4D1698BF2750EA2 -- D:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7600.20921_none_0bccc8c8ba6985c1\iaStorV.sys [2009/07/13 21:48:04 | 000,410,688 | ---- | M] (Intel Corporation) MD5=D83EFB6FD45DF9D55E9A1AFC63640D50 -- D:\Windows\System32\DriverStore\FileRepository\iastorv.inf_amd64_neutral_18cccb83b34e1453\iaStorV.sys [2009/07/13 21:48:04 | 000,410,688 | ---- | M] (Intel Corporation) MD5=D83EFB6FD45DF9D55E9A1AFC63640D50 -- D:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7600.16385_none_0b06441fa1790136\iaStorV.sys [color=#A23BEC]< MD5 for: KD1394.DLL >[/color] [2011/02/05 08:32:29 | 000,019,328 | ---- | M] (Microsoft Corporation) MD5=0BE5261E3D20E7CD61194308E6FE9A26 -- D:\Windows\winsxs\amd64_microsoft-windows-b..uggertransport-1394_31bf3856ad364e35_6.1.7600.20897_none_c0411de526b768a4\kd1394.dll [2011/02/05 08:41:24 | 000,019,328 | ---- | M] (Microsoft Corporation) MD5=6A9591A2E07B7AF1015587592EF27119 -- D:\Windows\System32\kd1394.dll [2011/02/05 08:41:24 | 000,019,328 | ---- | M] (Microsoft Corporation) MD5=6A9591A2E07B7AF1015587592EF27119 -- D:\Windows\winsxs\amd64_microsoft-windows-b..uggertransport-1394_31bf3856ad364e35_6.1.7600.16757_none_bfe2c0ca0d795916\kd1394.dll [2011/02/05 08:44:16 | 000,019,328 | ---- | M] (Microsoft Corporation) MD5=720AA2B993842FD7A17EC3A1526D1211 -- D:\Windows\winsxs\amd64_microsoft-windows-b..uggertransport-1394_31bf3856ad364e35_6.1.7601.21655_none_c250ba0723bf321e\kd1394.dll [2011/02/05 13:10:08 | 000,019,328 | ---- | M] (Microsoft Corporation) MD5=722258D597A0CC4EEFF3AF338681E5B6 -- D:\Windows\winsxs\amd64_microsoft-windows-b..uggertransport-1394_31bf3856ad364e35_6.1.7601.17556_none_c1c81d860aa0abab\kd1394.dll [2009/07/13 21:48:04 | 000,019,520 | ---- | M] (Microsoft Corporation) MD5=FF8FC96AF3797A06678F10BB300F154C -- D:\Windows\winsxs\amd64_microsoft-windows-b..uggertransport-1394_31bf3856ad364e35_6.1.7600.16385_none_bfc048da0d93859f\kd1394.dll [color=#A23BEC]< MD5 for: KDCOM.DLL >[/color] [2011/02/05 08:32:29 | 000,017,792 | ---- | M] (Microsoft Corporation) MD5=31A2C33658CF03C42DDE43C7204ED037 -- D:\Windows\winsxs\amd64_microsoft-windows-b..gertransport-serial_31bf3856ad364e35_6.1.7600.20897_none_6e2b53d0df7fd8c1\kdcom.dll [2009/07/13 21:48:04 | 000,017,984 | ---- | M] (Microsoft Corporation) MD5=5FD00D62F2C69F6FB2A7AD15D0DDD0DC -- D:\Windows\winsxs\amd64_microsoft-windows-b..gertransport-serial_31bf3856ad364e35_6.1.7600.16385_none_6daa7ec5c65bf5bc\kdcom.dll [2011/02/05 08:44:16 | 000,017,792 | ---- | M] (Microsoft Corporation) MD5=B8CCCD8B757BCBCF2B2E953CDC2B1564 -- D:\Windows\winsxs\amd64_microsoft-windows-b..gertransport-serial_31bf3856ad364e35_6.1.7601.21655_none_703aeff2dc87a23b\kdcom.dll [2011/02/05 13:10:08 | 000,017,792 | ---- | M] (Microsoft Corporation) MD5=CDD0C92A653CAC881D780003E0C4E813 -- D:\Windows\winsxs\amd64_microsoft-windows-b..gertransport-serial_31bf3856ad364e35_6.1.7601.17556_none_6fb25371c3691bc8\kdcom.dll [2011/02/05 08:41:23 | 000,017,792 | ---- | M] (Microsoft Corporation) MD5=F413DF1D84E4CE2546790D9B9A50ADAB -- D:\Windows\System32\kdcom.dll [2011/02/05 08:41:23 | 000,017,792 | ---- | M] (Microsoft Corporation) MD5=F413DF1D84E4CE2546790D9B9A50ADAB -- D:\Windows\winsxs\amd64_microsoft-windows-b..gertransport-serial_31bf3856ad364e35_6.1.7600.16757_none_6dccf6b5c641c933\kdcom.dll [color=#A23BEC]< MD5 for: KDUSB.DLL >[/color] [2009/07/13 21:48:04 | 000,020,544 | ---- | M] (Microsoft Corporation) MD5=040B545E6C731AE319BB5321A1FAFF3C -- D:\Windows\winsxs\amd64_microsoft-windows-b..buggertransport-usb_31bf3856ad364e35_6.1.7600.16385_none_f9729b4224386e7a\kdusb.dll [2011/02/05 08:41:24 | 000,020,352 | ---- | M] (Microsoft Corporation) MD5=390078DB867BD5AF896118B6823C4C0C -- D:\Windows\System32\kdusb.dll [2011/02/05 08:41:24 | 000,020,352 | ---- | M] (Microsoft Corporation) MD5=390078DB867BD5AF896118B6823C4C0C -- D:\Windows\winsxs\amd64_microsoft-windows-b..buggertransport-usb_31bf3856ad364e35_6.1.7600.16757_none_f9951332241e41f1\kdusb.dll [2011/02/05 08:44:17 | 000,020,352 | ---- | M] (Microsoft Corporation) MD5=4C901A03D24A5B66F2EBD77879CCFEC6 -- D:\Windows\winsxs\amd64_microsoft-windows-b..buggertransport-usb_31bf3856ad364e35_6.1.7601.21655_none_fc030c6f3a641af9\kdusb.dll [2011/02/05 13:10:08 | 000,020,352 | ---- | M] (Microsoft Corporation) MD5=539AA23C29FAC72FB29D58F33E6931B1 -- D:\Windows\winsxs\amd64_microsoft-windows-b..buggertransport-usb_31bf3856ad364e35_6.1.7601.17556_none_fb7a6fee21459486\kdusb.dll [2011/02/05 08:32:28 | 000,020,352 | ---- | M] (Microsoft Corporation) MD5=7DB1A9B87C962ECCC9CFD3ABCBFC19C2 -- D:\Windows\winsxs\amd64_microsoft-windows-b..buggertransport-usb_31bf3856ad364e35_6.1.7600.20897_none_f9f3704d3d5c517f\kdusb.dll [color=#A23BEC]< MD5 for: KSECDD.SYS >[/color] [2010/11/20 09:33:38 | 000,095,616 | ---- | M] (Microsoft Corporation) MD5=CCD53B5BD33CE0C889E830D839C8B66E -- D:\Windows\SoftwareDistribution\Download\488053cdbca3231eeb2c2af7236d09ed\amd64_microsoft-windows-lsa_31bf3856ad364e35_6.1.7601.17514_none_04709031736ac277\ksecdd.sys [2009/07/13 21:48:04 | 000,095,312 | ---- | M] (Microsoft Corporation) MD5=E8B6FCC9C83535C67F835D407620BD27 -- D:\Windows\System32\drivers\ksecdd.sys [2009/07/13 21:48:04 | 000,095,312 | ---- | M] (Microsoft Corporation) MD5=E8B6FCC9C83535C67F835D407620BD27 -- D:\Windows\winsxs\amd64_microsoft-windows-lsa_31bf3856ad364e35_6.1.7600.16385_none_023f7c69767c3edd\ksecdd.sys [2009/07/13 21:48:04 | 000,095,312 | ---- | M] (Microsoft Corporation) MD5=E8B6FCC9C83535C67F835D407620BD27 -- D:\Windows\winsxs\amd64_microsoft-windows-lsa_31bf3856ad364e35_6.1.7600.16484_none_023e7e05767d22ad\ksecdd.sys [2009/07/13 21:48:04 | 000,095,312 | ---- | M] (Microsoft Corporation) MD5=E8B6FCC9C83535C67F835D407620BD27 -- D:\Windows\winsxs\amd64_microsoft-windows-lsa_31bf3856ad364e35_6.1.7600.20594_none_02bd4ae48fa2de68\ksecdd.sys [color=#A23BEC]< MD5 for: NDIS.SYS >[/color] [2010/11/20 09:33:45 | 000,951,680 | ---- | M] (Microsoft Corporation) MD5=79B47FD40D9A817E932F9D26FAC0A81C -- D:\Windows\SoftwareDistribution\Download\488053cdbca3231eeb2c2af7236d09ed\amd64_microsoft-windows-ndis_31bf3856ad364e35_6.1.7601.17514_none_05ed313632ae9759\ndis.sys [2009/07/13 21:48:27 | 000,947,776 | ---- | M] (Microsoft Corporation) MD5=CAD515DBD07D082BB317D9928CE8962C -- D:\Windows\ERDNT\cache64\ndis.sys [2009/07/13 21:48:27 | 000,947,776 | ---- | M] (Microsoft Corporation) MD5=CAD515DBD07D082BB317D9928CE8962C -- D:\Windows\System32\drivers\ndis.sys [2009/07/13 21:48:27 | 000,947,776 | ---- | M] (Microsoft Corporation) MD5=CAD515DBD07D082BB317D9928CE8962C -- D:\Windows\winsxs\amd64_microsoft-windows-ndis_31bf3856ad364e35_6.1.7600.16385_none_03bc1d6e35c013bf\ndis.sys [color=#A23BEC]< MD5 for: NETLOGON.DLL >[/color] [2009/07/13 21:41:52 | 000,692,736 | ---- | M] (Microsoft Corporation) MD5=956D030D375F207B22FB111E06EF9C35 -- D:\Windows\ERDNT\cache64\netlogon.dll [2009/07/13 21:41:52 | 000,692,736 | ---- | M] (Microsoft Corporation) MD5=956D030D375F207B22FB111E06EF9C35 -- D:\Windows\System32\netlogon.dll [2009/07/13 21:41:52 | 000,692,736 | ---- | M] (Microsoft Corporation) MD5=956D030D375F207B22FB111E06EF9C35 -- D:\Windows\winsxs\amd64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7600.16385_none_59aca8ea51aaeefe\netlogon.dll [2010/11/20 09:27:22 | 000,695,808 | ---- | M] (Microsoft Corporation) MD5=AA339DD8BB128EF66660DFBBB59043D3 -- D:\Windows\SoftwareDistribution\Download\488053cdbca3231eeb2c2af7236d09ed\amd64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7601.17514_none_5bddbcb24e997298\netlogon.dll [2010/11/20 08:20:28 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=C1809B9907ADEDAF16F50C894100883B -- D:\Windows\SoftwareDistribution\Download\488053cdbca3231eeb2c2af7236d09ed\wow64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7601.17514_none_6632670482fa3493\netlogon.dll [2009/07/13 21:16:02 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=EAA75D9000B71F10EEC04D2AE6C60E81 -- D:\Windows\ERDNT\cache86\netlogon.dll [2009/07/13 21:16:02 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=EAA75D9000B71F10EEC04D2AE6C60E81 -- D:\Windows\SysWOW64\netlogon.dll [2009/07/13 21:16:02 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=EAA75D9000B71F10EEC04D2AE6C60E81 -- D:\Windows\winsxs\wow64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7600.16385_none_6401533c860bb0f9\netlogon.dll [color=#A23BEC]< MD5 for: NTOSKRNL.EXE >[/color] [2011/04/09 02:21:32 | 003,911,552 | ---- | M] (Microsoft Corporation) MD5=0F4A148499CC6FA5D84A0F1587869051 -- D:\Windows\winsxs\x86_microsoft-windows-os-kernel_31bf3856ad364e35_6.1.7600.20941_none_6cb79c952e776446\ntoskrnl.exe [2010/11/20 08:30:06 | 003,911,040 | ---- | M] (Microsoft Corporation) MD5=2088D9994332583EDB3C561DE31EA5AD -- D:\Windows\SoftwareDistribution\Download\488053cdbca3231eeb2c2af7236d09ed\x86_microsoft-windows-os-kernel_31bf3856ad364e35_6.1.7601.17514_none_6e37cb8c12652b73\ntoskrnl.exe [2011/04/09 02:54:07 | 005,475,712 | ---- | M] (Microsoft Corporation) MD5=240D89BBE5BCD168D748D6C12B6FE884 -- D:\Windows\winsxs\amd64_microsoft-windows-os-kernel_31bf3856ad364e35_6.1.7600.20941_none_c8d63818e6d4d57c\ntoskrnl.exe [2010/06/19 03:05:01 | 005,507,968 | ---- | M] (Microsoft Corporation) MD5=28C4FE45FC1B176FA74A48FB15DE7C9A -- D:\Windows\winsxs\amd64_microsoft-windows-os-kernel_31bf3856ad364e35_6.1.7600.16617_none_c8730901cd997f9b\ntoskrnl.exe [2010/02/27 07:46:28 | 003,899,784 | ---- | M] (Microsoft Corporation) MD5=466FD46F58768E56F7B841681014EFF1 -- D:\Windows\winsxs\x86_microsoft-windows-os-kernel_31bf3856ad364e35_6.1.7600.20655_none_6cb0c81f2e7bee1e\ntoskrnl.exe [2010/06/19 03:05:25 | 005,474,184 | ---- | M] (Microsoft Corporation) MD5=5223C216E348E397C5EACCBEFB57FFF2 -- D:\Windows\winsxs\amd64_microsoft-windows-os-kernel_31bf3856ad364e35_6.1.7600.20738_none_c8e8063ee6c6709e\ntoskrnl.exe [2011/04/09 02:02:25 | 003,912,576 | ---- | M] (Microsoft Corporation) MD5=5D21C487F79F8245E799071589E035BF -- D:\Windows\winsxs\x86_microsoft-windows-os-kernel_31bf3856ad364e35_6.1.7601.17592_none_6ddf4b9812a7d84d\ntoskrnl.exe [2010/10/27 00:43:38 | 003,901,824 | ---- | M] (Microsoft Corporation) MD5=776201760B5692F10DDA3BE85B54F213 -- D:\Windows\winsxs\x86_microsoft-windows-os-kernel_31bf3856ad364e35_6.1.7600.16695_none_6bfbed8a157ebb3f\ntoskrnl.exe [2010/02/27 11:28:56 | 005,485,448 | ---- | M] (Microsoft Corporation) MD5=7B7253D90EF53BAFCDC96C888B1DB4F3 -- D:\Windows\winsxs\amd64_microsoft-windows-os-kernel_31bf3856ad364e35_6.1.7600.20655_none_c8cf63a2e6d95f54\ntoskrnl.exe [2010/06/19 02:33:29 | 003,899,784 | ---- | M] (Microsoft Corporation) MD5=8218E74A67942120BF8EE30661EDF83F -- D:\Windows\winsxs\x86_microsoft-windows-os-kernel_31bf3856ad364e35_6.1.7600.16617_none_6c546d7e153c0e65\ntoskrnl.exe [2011/04/09 02:50:20 | 005,562,240 | ---- | M] (Microsoft Corporation) MD5=99C2715F138E7ED2F489AB796DD3B53C -- D:\Windows\winsxs\amd64_microsoft-windows-os-kernel_31bf3856ad364e35_6.1.7601.21701_none_cae7d4cee3dad1a4\ntoskrnl.exe [2009/07/13 21:48:28 | 005,511,248 | ---- | M] (Microsoft Corporation) MD5=9E722B768E33D26AD8FA7D642E707443 -- D:\Windows\winsxs\amd64_microsoft-windows-os-kernel_31bf3856ad364e35_6.1.7600.16385_none_c8255347cdd4190f\ntoskrnl.exe [2009/07/13 21:20:44 | 003,899,472 | ---- | M] (Microsoft Corporation) MD5=B9D673F7707219DFD264891A26C21ECB -- D:\Windows\winsxs\x86_microsoft-windows-os-kernel_31bf3856ad364e35_6.1.7600.16385_none_6c06b7c41576a7d9\ntoskrnl.exe [2010/10/27 00:33:37 | 003,911,552 | ---- | M] (Microsoft Corporation) MD5=C6169F5FDC8399E0C6C0729AB6EF2EF8 -- D:\Windows\winsxs\x86_microsoft-windows-os-kernel_31bf3856ad364e35_6.1.7600.20826_none_6cd23bf92e62adf0\ntoskrnl.exe [2010/11/20 09:33:46 | 005,563,776 | ---- | M] (Microsoft Corporation) MD5=C6CEC3E6CC9842B73501C70AA64C00FE -- D:\Windows\SoftwareDistribution\Download\488053cdbca3231eeb2c2af7236d09ed\amd64_microsoft-windows-os-kernel_31bf3856ad364e35_6.1.7601.17514_none_ca56670fcac29ca9\ntoskrnl.exe [2011/04/09 02:01:20 | 003,912,576 | ---- | M] (Microsoft Corporation) MD5=D385343510B75545EC5DB3A64C2D2492 -- D:\Windows\winsxs\x86_microsoft-windows-os-kernel_31bf3856ad364e35_6.1.7601.21701_none_6ec9394b2b7d606e\ntoskrnl.exe [2010/06/19 02:37:01 | 003,909,512 | ---- | M] (Microsoft Corporation) MD5=D5662CD1F9B85936561A07ADC400ACF4 -- D:\Windows\winsxs\x86_microsoft-windows-os-kernel_31bf3856ad364e35_6.1.7600.20738_none_6cc96abb2e68ff68\ntoskrnl.exe [2011/04/09 03:02:55 | 005,562,240 | ---- | M] (Microsoft Corporation) MD5=D60D9BCEAE5870A67E6C167F4681877B -- D:\Windows\winsxs\amd64_microsoft-windows-os-kernel_31bf3856ad364e35_6.1.7601.17592_none_c9fde71bcb054983\ntoskrnl.exe [2011/04/09 02:13:06 | 003,901,824 | ---- | M] (Microsoft Corporation) MD5=D9FD1D6337F15AAF2012C69909615DB5 -- D:\Windows\ERDNT\cache86\ntoskrnl.exe [2011/04/09 02:13:06 | 003,901,824 | ---- | M] (Microsoft Corporation) MD5=D9FD1D6337F15AAF2012C69909615DB5 -- D:\Windows\SysWOW64\ntoskrnl.exe [2011/04/09 02:13:06 | 003,901,824 | ---- | M] (Microsoft Corporation) MD5=D9FD1D6337F15AAF2012C69909615DB5 -- D:\Windows\winsxs\x86_microsoft-windows-os-kernel_31bf3856ad364e35_6.1.7600.16792_none_6bf8ee9215816c61\ntoskrnl.exe [2010/02/27 08:07:48 | 003,899,280 | ---- | M] (Microsoft Corporation) MD5=DD2ED3246F5F4E4B07F385A9520C3C7C -- D:\Windows\winsxs\x86_microsoft-windows-os-kernel_31bf3856ad364e35_6.1.7600.16539_none_6c40cc54154a7bce\ntoskrnl.exe [2011/04/09 02:45:48 | 005,509,504 | ---- | M] (Microsoft Corporation) MD5=E03A9AC0273182895DCB3693A36785C9 -- D:\Windows\ERDNT\cache64\ntoskrnl.exe [2011/04/09 02:45:48 | 005,509,504 | ---- | M] (Microsoft Corporation) MD5=E03A9AC0273182895DCB3693A36785C9 -- D:\Windows\System32\ntoskrnl.exe [2011/04/09 02:45:48 | 005,509,504 | ---- | M] (Microsoft Corporation) MD5=E03A9AC0273182895DCB3693A36785C9 -- D:\Windows\winsxs\amd64_microsoft-windows-os-kernel_31bf3856ad364e35_6.1.7600.16792_none_c8178a15cddedd97\ntoskrnl.exe [2010/10/27 01:18:36 | 005,510,528 | ---- | M] (Microsoft Corporation) MD5=E2EA143288BFF3D6B3AEB88C3BC02DAF -- D:\Windows\winsxs\amd64_microsoft-windows-os-kernel_31bf3856ad364e35_6.1.7600.16695_none_c81a890dcddc2c75\ntoskrnl.exe [2010/10/27 01:23:11 | 005,477,248 | ---- | M] (Microsoft Corporation) MD5=E6FC5686F6BB6F0CEB1107E6D064A944 -- D:\Windows\winsxs\amd64_microsoft-windows-os-kernel_31bf3856ad364e35_6.1.7600.20826_none_c8f0d77ce6c01f26\ntoskrnl.exe [2010/02/27 11:17:00 | 005,509,008 | ---- | M] (Microsoft Corporation) MD5=FD787551F58F9686CEC6353F693EF571 -- D:\Windows\winsxs\amd64_microsoft-windows-os-kernel_31bf3856ad364e35_6.1.7600.16539_none_c85f67d7cda7ed04\ntoskrnl.exe [color=#A23BEC]< MD5 for: NVSTOR.SYS >[/color] [2009/07/13 21:45:45 | 000,167,488 | ---- | M] (NVIDIA Corporation) MD5=477DC4D6DEB99BE37084C9AC6D013DA1 -- D:\Windows\System32\DriverStore\FileRepository\nvraid.inf_amd64_neutral_5bde3fe2945bce9e\nvstor.sys [2009/07/13 21:45:45 | 000,167,488 | ---- | M] (NVIDIA Corporation) MD5=477DC4D6DEB99BE37084C9AC6D013DA1 -- D:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7600.16385_none_95cfb4ced8afab0e\nvstor.sys [2011/03/11 02:23:06 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=6C1D5F70E7A6A3FD1C90D840EDC048B9 -- D:\Windows\System32\drivers\nvstor.sys [2011/03/11 02:23:06 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=6C1D5F70E7A6A3FD1C90D840EDC048B9 -- D:\Windows\System32\DriverStore\FileRepository\nvraid.inf_amd64_neutral_38e464dbe521cc7f\nvstor.sys [2011/03/11 02:23:06 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=6C1D5F70E7A6A3FD1C90D840EDC048B9 -- D:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7600.16778_none_95dd8d30d8a4cfbe\nvstor.sys [2011/03/11 02:25:53 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=AE274836BA56518E279087363A781214 -- D:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7600.20921_none_96963977f1a02f99\nvstor.sys [2011/03/11 02:19:21 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=D23C7E8566DA2B8A7C0DBBB761D54888 -- D:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7601.21680_none_983ab4c5eef82cad\nvstor.sys [2011/03/11 02:41:34 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=DAB0E87525C10052BF65F06152F37E4A -- D:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7601.17577_none_97c2e9ecd5cc2253\nvstor.sys [2010/11/20 09:33:48 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=F7CD50FE7139F07E77DA8AC8033D1832 -- D:\Windows\SoftwareDistribution\Download\488053cdbca3231eeb2c2af7236d09ed\amd64_nvraid.inf_31bf3856ad364e35_6.1.7601.17514_none_9800c896d59e2ea8\nvstor.sys [color=#A23BEC]< MD5 for: RASACD.SYS >[/color] [2009/07/13 20:10:09 | 000,014,848 | ---- | M] (Microsoft Corporation) MD5=5A0DA8AD5762FA2D91678A8A01311704 -- D:\Windows\System32\drivers\rasacd.sys [2009/07/13 20:10:09 | 000,014,848 | ---- | M] (Microsoft Corporation) MD5=5A0DA8AD5762FA2D91678A8A01311704 -- D:\Windows\winsxs\amd64_microsoft-windows-rasautodial_31bf3856ad364e35_6.1.7600.16385_none_6bcef05d7f04260a\rasacd.sys [color=#A23BEC]< MD5 for: RDPWD.SYS >[/color] [2010/11/20 07:04:37 | 000,210,944 | ---- | M] (Microsoft Corporation) MD5=15B66C206B5CB095BAB980553F38ED23 -- D:\Windows\SoftwareDistribution\Download\488053cdbca3231eeb2c2af7236d09ed\amd64_microsoft-windows-t..dp-winstationdriver_31bf3856ad364e35_6.1.7601.17514_none_a99b8db6eba2129b\rdpwd.sys [2009/07/13 20:16:48 | 000,204,800 | ---- | M] (Microsoft Corporation) MD5=8A3E6BEA1C53EA6177FE2B6EBA2C80D7 -- D:\Windows\System32\drivers\rdpwd.sys [2009/07/13 20:16:48 | 000,204,800 | ---- | M] (Microsoft Corporation) MD5=8A3E6BEA1C53EA6177FE2B6EBA2C80D7 -- D:\Windows\winsxs\amd64_microsoft-windows-t..dp-winstationdriver_31bf3856ad364e35_6.1.7600.16385_none_a76a79eeeeb38f01\rdpwd.sys [color=#A23BEC]< MD5 for: SCECLI.DLL >[/color] [2009/07/13 21:16:13 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=26073302DAEA83CC5B944C546D6B47D2 -- D:\Windows\ERDNT\cache86\scecli.dll [2009/07/13 21:16:13 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=26073302DAEA83CC5B944C546D6B47D2 -- D:\Windows\SysWOW64\scecli.dll [2009/07/13 21:16:13 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=26073302DAEA83CC5B944C546D6B47D2 -- D:\Windows\winsxs\wow64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7600.16385_none_9e577e55272d37b4\scecli.dll [2009/07/13 21:41:53 | 000,232,448 | ---- | M] (Microsoft Corporation) MD5=398712DDDAEFB85EDF61DF6A07B65C79 -- D:\Windows\ERDNT\cache64\scecli.dll [2009/07/13 21:41:53 | 000,232,448 | ---- | M] (Microsoft Corporation) MD5=398712DDDAEFB85EDF61DF6A07B65C79 -- D:\Windows\System32\scecli.dll [2009/07/13 21:41:53 | 000,232,448 | ---- | M] (Microsoft Corporation) MD5=398712DDDAEFB85EDF61DF6A07B65C79 -- D:\Windows\winsxs\amd64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7600.16385_none_9402d402f2cc75b9\scecli.dll [2010/11/20 08:21:04 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=8124944EC89D6A1815E4E53F5B96AAF4 -- D:\Windows\SoftwareDistribution\Download\488053cdbca3231eeb2c2af7236d09ed\wow64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7601.17514_none_a088921d241bbb4e\scecli.dll [2010/11/20 09:27:25 | 000,232,960 | ---- | M] (Microsoft Corporation) MD5=ED78427259134C63ED69804D2132B86C -- D:\Windows\SoftwareDistribution\Download\488053cdbca3231eeb2c2af7236d09ed\amd64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7601.17514_none_9633e7caefbaf953\scecli.dll [color=#A23BEC]< MD5 for: SFLOPPY.SYS >[/color] [2009/07/13 20:01:02 | 000,016,896 | ---- | M] (Microsoft Corporation) MD5=A9D601643A1647211A1EE2EC4E433FF4 -- D:\Windows\System32\drivers\sfloppy.sys [2009/07/13 20:01:02 | 000,016,896 | ---- | M] (Microsoft Corporation) MD5=A9D601643A1647211A1EE2EC4E433FF4 -- D:\Windows\System32\DriverStore\FileRepository\flpydisk.inf_amd64_neutral_f54222cc59267e1e\sfloppy.sys [2009/07/13 20:01:02 | 000,016,896 | ---- | M] (Microsoft Corporation) MD5=A9D601643A1647211A1EE2EC4E433FF4 -- D:\Windows\winsxs\amd64_flpydisk.inf_31bf3856ad364e35_6.1.7600.16385_none_42ff01d4942cc5ea\sfloppy.sys [color=#A23BEC]< MD5 for: SPLDR.SYS >[/color] [2009/07/13 21:45:55 | 000,019,008 | ---- | M] (Microsoft Corporation) MD5=B9E31E5CACDFE584F34F730A677803F9 -- D:\Windows\System32\drivers\spldr.sys [2009/07/13 21:45:55 | 000,019,008 | ---- | M] (Microsoft Corporation) MD5=B9E31E5CACDFE584F34F730A677803F9 -- D:\Windows\winsxs\amd64_microsoft-windows-s..ive-blackbox-loader_31bf3856ad364e35_6.1.7600.16385_none_c72819e06acceb59\spldr.sys [color=#A23BEC]< MD5 for: TCPIP.SYS >[/color] [2011/04/25 01:28:24 | 001,893,248 | ---- | M] (Microsoft Corporation) MD5=1F748D5439B65E0BEBD92F65048F030D -- D:\Windows\winsxs\amd64_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.1.7600.20951_none_0fb918de99201ffb\tcpip.sys [2010/11/20 09:33:57 | 001,924,480 | ---- | M] (Microsoft Corporation) MD5=509383E505C973ED7534A06B3D19688D -- D:\Windows\SoftwareDistribution\Download\488053cdbca3231eeb2c2af7236d09ed\amd64_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.1.7601.17514_none_114417c17d05cb37\tcpip.sys [2010/06/14 02:39:16 | 001,889,152 | ---- | M] (Microsoft Corporation) MD5=542C6767C68C9D6AAACA59436B0D15C2 -- D:\Windows\winsxs\amd64_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.1.7600.20733_none_0fd0b57e990e2079\tcpip.sys [2011/04/25 01:32:22 | 001,896,832 | ---- | M] (Microsoft Corporation) MD5=61DC720BB065D607D5823F13D2A64321 -- D:\Windows\ERDNT\cache64\tcpip.sys [2011/04/25 01:32:22 | 001,896,832 | ---- | M] (Microsoft Corporation) MD5=61DC720BB065D607D5823F13D2A64321 -- D:\Windows\System32\drivers\tcpip.sys [2011/04/25 01:32:22 | 001,896,832 | ---- | M] (Microsoft Corporation) MD5=61DC720BB065D607D5823F13D2A64321 -- D:\Windows\winsxs\amd64_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.1.7600.16802_none_0f668bf97fd90dd3\tcpip.sys [2010/04/09 07:06:28 | 001,898,376 | ---- | M] (Microsoft Corporation) MD5=7FC877A25796D8ADF539E64703FCA7E1 -- D:\Windows\winsxs\amd64_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.1.7600.16569_none_0f2ca8c580036f65\tcpip.sys [2010/06/14 02:37:36 | 001,896,832 | ---- | M] (Microsoft Corporation) MD5=90A2D722CF64D911879D6C4A4F802A4D -- D:\Windows\winsxs\amd64_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.1.7600.16610_none_0f59b7ad7fe2fcc8\tcpip.sys [2009/07/13 21:45:55 | 001,898,576 | ---- | M] (Microsoft Corporation) MD5=912107716BAB424C7870E8E6AF5E07E1 -- D:\Windows\winsxs\amd64_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.1.7600.16385_none_0f1303f98017479d\tcpip.sys [2011/04/25 01:33:51 | 001,923,968 | ---- | M] (Microsoft Corporation) MD5=92CE29D95AC9DD2D0EE9061D551BA250 -- D:\Windows\winsxs\amd64_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.1.7601.17603_none_114de9497cfe9316\tcpip.sys [2010/04/09 03:56:29 | 001,892,232 | ---- | M] (Microsoft Corporation) MD5=A9C0F786AC1F736891D05CE0A1D29DEB -- D:\Windows\winsxs\amd64_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.1.7600.20687_none_0f9ea52499331463\tcpip.sys [2011/04/25 02:16:34 | 001,927,552 | ---- | M] (Microsoft Corporation) MD5=B77977AEB2FF159D01DB08A309989C5F -- D:\Windows\winsxs\amd64_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.1.7601.21712_none_11cbb5de9625357a\tcpip.sys [color=#A23BEC]< MD5 for: TDPIPE.SYS >[/color] [2009/07/13 20:16:32 | 000,015,872 | ---- | M] (Microsoft Corporation) MD5=3371D21011695B16333A3934340C4E7C -- D:\Windows\System32\drivers\tdpipe.sys [2009/07/13 20:16:32 | 000,015,872 | ---- | M] (Microsoft Corporation) MD5=3371D21011695B16333A3934340C4E7C -- D:\Windows\winsxs\amd64_microsoft-windows-t..es-transportdrivers_31bf3856ad364e35_6.1.7600.16385_none_37a129135e68497e\tdpipe.sys [color=#A23BEC]< MD5 for: TDTCP.SYS >[/color] [2009/07/13 20:16:32 | 000,023,552 | ---- | M] (Microsoft Corporation) MD5=E4245BDA3190A582D55ED09E137401A9 -- D:\Windows\System32\drivers\tdtcp.sys [2009/07/13 20:16:32 | 000,023,552 | ---- | M] (Microsoft Corporation) MD5=E4245BDA3190A582D55ED09E137401A9 -- D:\Windows\winsxs\amd64_microsoft-windows-t..es-transportdrivers_31bf3856ad364e35_6.1.7600.16385_none_37a129135e68497e\tdtcp.sys [color=#A23BEC]< MD5 for: TPM.SYS >[/color] [2009/07/13 19:21:48 | 000,038,400 | ---- | M] (Microsoft Corporation) MD5=DBCC20C02E8A3E43B03C304A4E40A84F -- D:\Windows\System32\DriverStore\FileRepository\tpm.inf_amd64_neutral_d5bb6575cf91cd73\tpm.sys [2009/07/13 19:21:48 | 000,038,400 | ---- | M] (Microsoft Corporation) MD5=DBCC20C02E8A3E43B03C304A4E40A84F -- D:\Windows\winsxs\amd64_tpm.inf_31bf3856ad364e35_6.1.7600.16385_none_0817dcde20d8acd1\tpm.sys [color=#A23BEC]< MD5 for: USBPRINT.SYS >[/color] [2009/07/13 20:38:18 | 000,025,088 | ---- | M] (Microsoft Corporation) MD5=73188F58FB384E75C4063D29413CEE3D -- D:\Windows\System32\drivers\usbprint.sys [2009/07/13 20:38:18 | 000,025,088 | ---- | M] (Microsoft Corporation) MD5=73188F58FB384E75C4063D29413CEE3D -- D:\Windows\System32\DriverStore\FileRepository\usbprint.inf_amd64_neutral_54948be2bc4bcdd1\usbprint.sys [2009/07/13 20:38:18 | 000,025,088 | ---- | M] (Microsoft Corporation) MD5=73188F58FB384E75C4063D29413CEE3D -- D:\Windows\winsxs\amd64_usbprint.inf_31bf3856ad364e35_6.1.7600.16385_none_8eeeb411db1b01c5\usbprint.sys [color=#A23BEC]< MD5 for: USBSCAN.SYS >[/color] [2009/07/13 20:35:32 | 000,041,984 | ---- | M] (Microsoft Corporation) MD5=AAA2513C8AED8B54B189FD0C6B1634C0 -- D:\Windows\System32\DriverStore\FileRepository\sti.inf_amd64_neutral_9d9a7113099a28a2\usbscan.sys [2009/07/13 20:35:32 | 000,041,984 | ---- | M] (Microsoft Corporation) MD5=AAA2513C8AED8B54B189FD0C6B1634C0 -- D:\Windows\winsxs\amd64_sti.inf_31bf3856ad364e35_6.1.7600.16385_none_b5d3c30ffa77a77a\usbscan.sys [color=#A23BEC]< MD5 for: USERINIT.EXE >[/color] [2010/11/20 08:17:48 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- D:\Windows\SoftwareDistribution\Download\488053cdbca3231eeb2c2af7236d09ed\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7601.17514_none_de3024012ff21116\userinit.exe [2009/07/13 21:14:43 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=6DE80F60D7DE9CE6B8C2DDFDF79EF175 -- D:\Windows\ERDNT\cache86\userinit.exe [2009/07/13 21:14:43 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=6DE80F60D7DE9CE6B8C2DDFDF79EF175 -- D:\Windows\SysWOW64\userinit.exe [2009/07/13 21:14:43 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=6DE80F60D7DE9CE6B8C2DDFDF79EF175 -- D:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7600.16385_none_dbff103933038d7c\userinit.exe [2009/07/13 21:39:48 | 000,030,208 | ---- | M] (Microsoft Corporation) MD5=6F8F1376A13114CC10C0E69274F5A4DE -- D:\Windows\ERDNT\cache64\userinit.exe [2009/07/13 21:39:48 | 000,030,208 | ---- | M] (Microsoft Corporation) MD5=6F8F1376A13114CC10C0E69274F5A4DE -- D:\Windows\System32\userinit.exe [2009/07/13 21:39:48 | 000,030,208 | ---- | M] (Microsoft Corporation) MD5=6F8F1376A13114CC10C0E69274F5A4DE -- D:\Windows\winsxs\amd64_microsoft-windows-userinit_31bf3856ad364e35_6.1.7600.16385_none_381dabbceb60feb2\userinit.exe [2010/11/20 09:25:24 | 000,030,720 | ---- | M] (Microsoft Corporation) MD5=BAFE84E637BF7388C96EF48D4D3FDD53 -- D:\Windows\SoftwareDistribution\Download\488053cdbca3231eeb2c2af7236d09ed\amd64_microsoft-windows-userinit_31bf3856ad364e35_6.1.7601.17514_none_3a4ebf84e84f824c\userinit.exe [color=#A23BEC]< MD5 for: WINLOAD.EXE >[/color] [2011/02/05 08:39:21 | 000,603,976 | ---- | M] (Microsoft Corporation) MD5=09DD82F21499682086554C054676F08C -- D:\Windows\System32\Boot\winload.exe [2011/02/05 08:39:21 | 000,603,976 | ---- | M] (Microsoft Corporation) MD5=09DD82F21499682086554C054676F08C -- D:\Windows\System32\winload.exe [2011/02/05 08:39:21 | 000,603,976 | ---- | M] (Microsoft Corporation) MD5=09DD82F21499682086554C054676F08C -- D:\Windows\winsxs\amd64_microsoft-windows-b..environment-windows_31bf3856ad364e35_6.1.7600.16757_none_c55000c1a6617837\winload.exe [2011/02/05 08:39:21 | 000,603,976 | ---- | M] (Microsoft Corporation) MD5=09DD82F21499682086554C054676F08C -- D:\Windows\winsxs\amd64_microsoft-windows-b..vironment-os-loader_31bf3856ad364e35_6.1.7600.16757_none_b73e23c9863dba66\winload.exe [2011/02/05 08:40:06 | 000,605,552 | ---- | M] (Microsoft Corporation) MD5=1814099E8025B579C57279AD3F1A7931 -- D:\Windows\winsxs\amd64_microsoft-windows-b..environment-windows_31bf3856ad364e35_6.1.7601.21655_none_c7bdf9febca7513f\winload.exe [2011/02/05 08:40:06 | 000,605,552 | ---- | M] (Microsoft Corporation) MD5=1814099E8025B579C57279AD3F1A7931 -- D:\Windows\winsxs\amd64_microsoft-windows-b..vironment-os-loader_31bf3856ad364e35_6.1.7601.21655_none_b9ac1d069c83936e\winload.exe [2011/02/05 13:06:41 | 000,605,552 | ---- | M] (Microsoft Corporation) MD5=78C918D3612FE5937D32E488F053F10A -- D:\Windows\winsxs\amd64_microsoft-windows-b..environment-windows_31bf3856ad364e35_6.1.7601.17556_none_c7355d7da388cacc\winload.exe [2011/02/05 13:06:41 | 000,605,552 | ---- | M] (Microsoft Corporation) MD5=78C918D3612FE5937D32E488F053F10A -- D:\Windows\winsxs\amd64_microsoft-windows-b..vironment-os-loader_31bf3856ad364e35_6.1.7601.17556_none_b923808583650cfb\winload.exe [2011/02/05 08:30:30 | 000,605,040 | ---- | M] (Microsoft Corporation) MD5=8139738658C31621541293085A94681D -- D:\Windows\winsxs\amd64_microsoft-windows-b..environment-windows_31bf3856ad364e35_6.1.7600.20897_none_c5ae5ddcbf9f87c5\winload.exe [2011/02/05 08:30:30 | 000,605,040 | ---- | M] (Microsoft Corporation) MD5=8139738658C31621541293085A94681D -- D:\Windows\winsxs\amd64_microsoft-windows-b..vironment-os-loader_31bf3856ad364e35_6.1.7600.20897_none_b79c80e49f7bc9f4\winload.exe [2009/07/13 21:43:15 | 000,604,192 | ---- | M] (Microsoft Corporation) MD5=87B2086D7382A42935D55EC69E5E71AB -- D:\Windows\winsxs\amd64_microsoft-windows-b..environment-windows_31bf3856ad364e35_6.1.7600.16385_none_c52d88d1a67ba4c0\winload.exe [2009/07/13 21:43:15 | 000,604,192 | ---- | M] (Microsoft Corporation) MD5=87B2086D7382A42935D55EC69E5E71AB -- D:\Windows\winsxs\amd64_microsoft-windows-b..vironment-os-loader_31bf3856ad364e35_6.1.7600.16385_none_b71babd98657e6ef\winload.exe [2010/11/20 09:28:59 | 000,605,552 | ---- | M] (Microsoft Corporation) MD5=E2F68DC7FBD6E0BF031CA3809A739346 -- D:\Windows\SoftwareDistribution\Download\488053cdbca3231eeb2c2af7236d09ed\amd64_microsoft-windows-b..environment-windows_31bf3856ad364e35_6.1.7601.17514_none_c75e9c99a36a285a\winload.exe [2010/11/20 09:28:59 | 000,605,552 | ---- | M] (Microsoft Corporation) MD5=E2F68DC7FBD6E0BF031CA3809A739346 -- D:\Windows\SoftwareDistribution\Download\488053cdbca3231eeb2c2af7236d09ed\amd64_microsoft-windows-b..vironment-os-loader_31bf3856ad364e35_6.1.7601.17514_none_b94cbfa183466a89\winload.exe [color=#A23BEC]< MD5 for: WINLOGON.EXE >[/color] [2011/07/24 15:54:56 | 000,526,848 | ---- | M] () MD5=08E93418EFC70EB4E39BBD964304AD71 -- D:\Users\EF\Desktop\winlogon.exe [2010/11/20 09:25:30 | 000,390,656 | ---- | M] (Microsoft Corporation) MD5=1151B1BAA6F350B1DB6598E0FEA7C457 -- D:\Windows\SoftwareDistribution\Download\488053cdbca3231eeb2c2af7236d09ed\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7601.17514_none_cde90685eb910636\winlogon.exe [2009/07/13 21:39:52 | 000,389,120 | ---- | M] (Microsoft Corporation) MD5=132328DF455B0028F13BF0ABEE51A63A -- D:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16385_none_cbb7f2bdeea2829c\winlogon.exe [2009/10/28 03:01:57 | 000,389,632 | ---- | M] (Microsoft Corporation) MD5=A93D41A4D4B0D91C072D11DD8AF266DE -- D:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.20560_none_cc522fd507b468f8\winlogon.exe [2009/10/28 02:24:40 | 000,389,632 | ---- | M] (Microsoft Corporation) MD5=DA3E2A6FA9660CC75B471530CE88453A -- D:\Windows\ERDNT\cache64\winlogon.exe [2009/10/28 02:24:40 | 000,389,632 | ---- | M] (Microsoft Corporation) MD5=DA3E2A6FA9660CC75B471530CE88453A -- D:\Windows\System32\winlogon.exe [2009/10/28 02:24:40 | 000,389,632 | ---- | M] (Microsoft Corporation) MD5=DA3E2A6FA9660CC75B471530CE88453A -- D:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16447_none_cbe534e7ee8042ad\winlogon.exe [color=#A23BEC]< %systemroot%\*. /mp /s >[/color] [color=#A23BEC]< %systemroot%\system32\*.dll /lockedfiles >[/color] [color=#A23BEC]< %systemroot%\Tasks\*.job /lockedfiles >[/color] < End of report >

sof42 · le 26 Juil 2011 18:33

Voici le lien où tu trouveras le rapport du nouveau scanne:
http://www.cijoint.fr/cjlink.php?file=c ... zDIIun.txt

jeanmimigab · le 26 Juil 2011 18:34

ça bug pour l'affichage du rapport (trop long)...

envoie le sur Cijoint comme hier stp :wink:

EDIT: oups, on c'est croisé :lol:

jeanmimigab · le 26 Juil 2011 18:50

bien c'est pas mal du tout,

Redémarre ton pc en mode normal, et ne lance aucuns programme à part ton navigateur Web pour suivre la procédure

Tout de suite après... fais cela...

télécharge et installes Malwarebytes.
Téléchargement .
Choisie "exécuter un examen rapide" et à la fin du scan , coche tous les éléments trouvés,et clique sur supprimer la sélection.
Poste moi le rapport stp.

sof42 · le 26 Juil 2011 21:00

re,

impossible de ouvrir internet, une fenêtre s'ouvre disant "choisissez le programme à utiliser pour ouvrir ce fichier" et quand je clique sur mon choix (internet) on me demande de télécharger quelque chose.

Je n'arrive rien, je suis nulle!!!! :cry:

jeanmimigab · le 26 Juil 2011 21:12

Mais non tu n'es pas nul, tu te débrouille très bien, c'est l'infection qui a mis le bazar là-dedans :wink:

ça te donne ce message quand tu utilise firefox ou bien Internet explorer ?

sof42 · le 26 Juil 2011 21:56

Merci pour ton soutien

, sa fait ceci quand je veux utiliser internet explorer et pour malwarebites (car j'avais le logiciel sur mon bureau), j'ai rien essayé d'autre.

jeanmimigab · le 26 Juil 2011 22:28

essais cela stp...

Si tu vas dans C:\Programmes\Internet Explorer\...et que tu fais un double-clic sur "iexplore", est-ce que internet explorer s'ouvre ?

sof42 · le 26 Juil 2011 23:00

non, toujours le même message "choisissez le programme à utiliser pour ouvrir ce fichier"
Désolée.

jeanmimigab · le 27 Juil 2011 16:31

Bonjour sof... :wink:

essais cela stp...

Avec ton deuxième PC, télécharge sur le bureau ce fichier
http://www.winhelponline.com/fileasso/exefix_vista.zip
Dézipe-le sur ta clef USB (clic-droit sur "exefix_vista.zip" et choisis "extraire tout" ) et tu choisis ta clef USB comme cible de décompression, tu aras donc sur ta clef USB un dossier nommé "exefix_vista" qui contiendra le fichier "exefix_vista.reg"
Ensuite tranfère le dossier "exefix_vista" sur le bureau du pc infecté, ouvre-le et fais un clic-droit sur le fichier "exefix_vista.reg" et choisis "Fusionner"..et accepte l'avertissement affiché par Windows.

Et enfin redémarre ton PC et dit moi si internet explorer fonctionne à nouveau...

sof42 · le 27 Juil 2011 16:48

Hello Jean...,

Ouffff! Ca marche!

Est ce que je fais les manipulations avec malwares bites?

jeanmimigab · le 27 Juil 2011 16:58

Est ce que je fais les manipulations avec malwares bites?

Tu veux plutôt dire Malwarebyte :lol:

yep, fais l'installation et le scan :wink:

sof42 · le 27 Juil 2011 18:01

jeanmimigab a écrit:Tu veux plutôt dire Malwarebyte

Excuse mais je suis une blonde :lol:

Voici le rapport de malwa....:

Code: Tout sélectionner: Malwarebytes' Anti-Malware 1.50.1.1100 www.malwarebytes.org Version de la base de données: 7286 Windows 6.1.7600 Internet Explorer 8.0.7600.16385 27/07/2011 19:57:40 mbam-log-2011-07-27 (19-57-40).txt Type d'examen: Examen rapide Elément(s) analysé(s): 173510 Temps écoulé: 3 minute(s), 11 seconde(s) Processus mémoire infecté(s): 0 Module(s) mémoire infecté(s): 0 Clé(s) du Registre infectée(s): 0 Valeur(s) du Registre infectée(s): 2 Elément(s) de données du Registre infecté(s): 1 Dossier(s) infecté(s): 0 Fichier(s) infecté(s): 10 Processus mémoire infecté(s): (Aucun élément nuisible détecté) Module(s) mémoire infecté(s): (Aucun élément nuisible détecté) Clé(s) du Registre infectée(s): (Aucun élément nuisible détecté) Valeur(s) du Registre infectée(s): HKEY_CLASSES_ROOT\.exe\shell\open\command\(default) (Hijack.ExeFile) -> Value: (default) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\192695408 (Trojan.FakeAlert) -> Value: 192695408 -> Quarantined and deleted successfully. Elément(s) de données du Registre infecté(s): HKEY_LOCAL_MACHINE\SOFTWARE\Clients\StartMenuInternet\IEXPLORE.EXE\shell\open\command\(default) (Hijack.StartMenuInternet) -> Bad: ("C:\Users\EF\AppData\Local\qmi.exe" -a "C:\Program Files (x86)\Internet Explorer\iexplore.exe") Good: (iexplore.exe) -> Quarantined and deleted successfully. Dossier(s) infecté(s): (Aucun élément nuisible détecté) Fichier(s) infecté(s): c:\Users\EF\AppData\Local\Temp\jar_cache1296386449999373709.tmp (Trojan.FakeAlert) -> Quarantined and deleted successfully. c:\Users\EF\AppData\Local\Temp\jar_cache2983053379501855294.tmp (Trojan.FakeAlert) -> Quarantined and deleted successfully. c:\Users\EF\AppData\Local\Temp\jar_cache31591535134808278.tmp (Trojan.FakeAlert) -> Quarantined and deleted successfully. c:\Users\EF\AppData\Local\Temp\jar_cache3390440295073115007.tmp (Trojan.FakeAlert) -> Quarantined and deleted successfully. c:\Users\EF\AppData\Local\Temp\jar_cache5927066460256379213.tmp (Trojan.FakeAlert) -> Quarantined and deleted successfully. c:\Users\EF\AppData\Local\Temp\jar_cache7474740576096884642.tmp (Trojan.FakeAlert) -> Quarantined and deleted successfully. c:\Users\EF\AppData\Local\Temp\0.21418026446099792.exe (Exploit.Drop.2) -> Quarantined and deleted successfully. c:\Users\EF\AppData\Local\Temp\0.5745515789874667.exe (Exploit.Drop.2) -> Quarantined and deleted successfully. c:\Users\EF\AppData\Local\Temp\0.6037284427527939.exe (Exploit.Drop.2) -> Quarantined and deleted successfully. c:\Users\EF\Desktop\winlogon.exe (Heuristics.Reserved.Word.Exploit) -> Quarantined and deleted successfully.

jeanmimigab · le 27 Juil 2011 18:09

Bien c'est pas mal, certaines valeurs de registre importantes ont étés restaurées...

Peux-tu me dire si tu constates toujours des dysfonctionnements ou bien est-ce que tout est rentrés dans l'ordre ?

sof42 · le 28 Juil 2011 12:04

Hello Jean..,

Il me semblerai que tout est rentré dans l'ordre. :wink:

PERSONAL SHIELD PRO • page 3

Re: PERSONAL SHIELD PRO

Re: PERSONAL SHIELD PRO

Re: PERSONAL SHIELD PRO

Re: PERSONAL SHIELD PRO

Re: PERSONAL SHIELD PRO

Re: PERSONAL SHIELD PRO

Re: PERSONAL SHIELD PRO

Re: PERSONAL SHIELD PRO

Re: PERSONAL SHIELD PRO

Re: PERSONAL SHIELD PRO

Re: PERSONAL SHIELD PRO

Re: PERSONAL SHIELD PRO

Re: PERSONAL SHIELD PRO

Re: PERSONAL SHIELD PRO

Re: PERSONAL SHIELD PRO

Sujets similaires

Qui est en ligne