a very sticky hlktmp - ransomware

[tybreizh29]

Hi,

Using flash player I get a malware, the one, which display in full screen a message asking for money because I'm a pirate !

After some attempts and updating flash I do not have the message again, but at each boot, (during boot time, I checked with procmon) the file is created again & again !

of course when Windows is running I have no access to the file, I but whith Knoppix to delete the file : c:\windows\temp\hlktmp.

I don't know what it's really doing but I don't like that.

Malwarebytes Anti-Malware detects nothing as any other software.

WIth my differents tries I have deleted the file stdole2.tbl which I suspected to be corrupted, because at boot time in procmon logs the creation of hlktmp what just after that file :/ since I got it restaured. I have no restaure point after the malware installation because it was disabled in my PC now it's on.

Any help would be greatly apreciated.

thanks

Marc

.

DDS (Ver_2011-08-26.01) - NTFSx86

Internet Explorer: 9.0.8112.16421 BrowserJavaVersion: 1.6.0_21

Run by marc at 9:22:01 on 2012-08-05

Microsoft Windows 7 Professionnel 6.1.7601.1.1252.33.1036.18.3071.1659 [GMT 2:00]

.

AV: AntiVir Desktop *Enabled/Updated* {090F9C29-64CE-6C6F-379C-5901B49A85B7}

SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

SP: AntiVir Desktop *Enabled/Updated* {B26E7DCD-42F4-63E1-0D2C-6273CF1DCF0A}

.

============== Running Processes ===============

.

C:\Windows\system32\wininit.exe

C:\Windows\system32\lsm.exe

C:\Windows\system32\svchost.exe -k DcomLaunch

C:\Windows\system32\nvvsvc.exe

C:\Windows\system32\svchost.exe -k RPCSS

C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted

C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted

C:\Windows\system32\svchost.exe -k netsvcs

C:\Windows\system32\svchost.exe -k LocalService

C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe

C:\Windows\system32\svchost.exe -k NetworkService

C:\Windows\system32\nvvsvc.exe

C:\Windows\System32\spoolsv.exe

C:\Program Files\Avira\AntiVir Desktop\sched.exe

C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork

C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe

C:\Program Files\Avira\AntiVir Desktop\avguard.exe

C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation

C:\Windows\system32\taskhost.exe

C:\Windows\System32\tcpsvcs.exe

C:\Windows\system32\svchost.exe -k imgsvc

C:\Program Files\Common Files\VMware\USB\vmware-usbarbitrator.exe

C:\Windows\Explorer.EXE

C:\Program Files\Avira\AntiVir Desktop\avshadow.exe

C:\Windows\system32\conhost.exe

C:\Windows\system32\vmnat.exe

C:\Windows\System32\svchost.exe -k secsvcs

C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE

C:\Windows\system32\Dwm.exe

C:\Windows\system32\vmnetdhcp.exe

C:\Program Files\VMware\VMware Player\vmware-authd.exe

C:\Windows\System32\nvraidservice.exe

C:\Program Files\Windows Sidebar\sidebar.exe

C:\Windows\system32\wbem\wmiprvse.exe

C:\Windows\system32\wbem\unsecapp.exe

C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe

C:\Program Files\TortoiseSVN\bin\TSVNCache.exe

C:\Windows\system32\SearchIndexer.exe

C:\Program Files\Mozilla Thunderbird\thunderbird.exe

C:\Program Files\Windows Media Player\wmpnetwk.exe

C:\Windows\System32\svchost.exe -k LocalServicePeerNet

C:\Windows\system32\svchost.exe -k WindowsMobile

C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe

C:\Program Files\Mozilla Firefox\firefox.exe

C:\Program Files\Mozilla Firefox\plugin-container.exe

C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_3_300_270.exe

C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_3_300_270.exe

C:\Windows\system32\SearchProtocolHost.exe

C:\Windows\system32\SearchFilterHost.exe

C:\Windows\system32\conhost.exe

C:\Windows\system32\wbem\wmiprvse.exe

.

============== Pseudo HJT Report ===============

.

uStart Page = about:blank

BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll

BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll

BHO: Java Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll

uRun: [sidebar] c:\program files\windows sidebar\sidebar.exe /autoRun

mRun: [NVRaidService] c:\windows\system32\nvraidservice.exe

mPolicies-system: ConsentPromptBehaviorAdmin = 0 (0x0)

mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)

mPolicies-system: EnableUIADesktopToggle = 0 (0x0)

mPolicies-system: PromptOnSecureDesktop = 0 (0x0)

mPolicies-system: EnableLUA = 0 (0x0)

IE: {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - {2EAF5BB0-070F-11D3-9307-00C04FAE2D4F} - c:\windows\windowsmobile\INetRepl.dll

IE: {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - {2EAF5BB0-070F-11D3-9307-00C04FAE2D4F} - c:\windows\windowsmobile\INetRepl.dll

LSP: %SystemRoot%\system32\vsocklib.dll

DPF: {369383F8-C8B7-42E1-819E-D47E3ABAD4BC} - hxxp://192.168.0.200:8080/cgi-bin/QNAPG726.cab

DPF: {4DA8C6E4-312A-4A8F-B02B-491B2BF09CF2} - hxxp://192.168.0.200:8080/cgi-bin/QNAPQ264.cab

DPF: {603E0052-7B06-496B-A04B-192419174876} - hxxp://192.168.0.200:8080/cgi-bin/QNAPQIVG.cab

DPF: {707ABFC2-1D27-4A10-A6E4-6BE6BDF9FB11} - hxxp://192.168.0.110/UltraMJCamX.cab

DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab

DPF: {937FE81C-FECF-4A55-9754-49D6D6550EDC} - hxxp://192.168.0.200:8080/cgi-bin/NNVRVMon.cab

DPF: {A4150320-98EC-4DB6-9BFB-EBF4B6FBEB16} - hxxp://192.168.0.111/codebase/DVM_IPCam2.ocx

DPF: {B824D61F-DAF3-40BF-BA5E-430D250FF51C} - hxxp://192.168.0.200:8080/cgi-bin/QNAPQMP4.cab

DPF: {CAFEEFAC-0016-0000-0018-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_18-windows-i586.cab

DPF: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab

DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab

DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/flashplayer/current/swflash.cab

DPF: {F5F2CE2F-C516-4428-8758-7178B1E1ABAB} - hxxp://192.168.0.200:8080/cgi-bin/QNAPQVivoTek.cab

TCP: Interfaces\{AB26030B-D226-4422-934A-A1A7A6260A9E} : NameServer = 212.27.40.240,212.27.40.241

TCP: Interfaces\{D6E22CFB-0BD4-408E-9A60-7B0072403E7C} : DhcpNameServer = 212.27.40.240 212.27.40.241

.

================= FIREFOX ===================

.

FF - ProfilePath - c:\users\marc\appdata\roaming\mozilla\firefox\profiles\rxbtyxna.default\

FF - prefs.js: browser.search.selectedEngine - Bing

FF - prefs.js: browser.startup.homepage - about:blank

FF - plugin: c:\program files\adobe\reader 10.0\reader\air\nppdf32.dll

FF - plugin: c:\program files\divx\divx ovs helper\npovshelper.dll

FF - plugin: c:\program files\foxit software\foxit reader\plugins\npFoxitReaderPlugin.dll

FF - plugin: c:\program files\foxit software\foxit reader\plugins\npqtplugin.dll

FF - plugin: c:\program files\foxit software\foxit reader\plugins\npqtplugin2.dll

FF - plugin: c:\program files\foxit software\foxit reader\plugins\npqtplugin3.dll

FF - plugin: c:\program files\foxit software\foxit reader\plugins\npqtplugin4.dll

FF - plugin: c:\program files\foxit software\foxit reader\plugins\npqtplugin5.dll

FF - plugin: c:\program files\foxit software\foxit reader\plugins\npqtplugin6.dll

FF - plugin: c:\program files\google\google earth\plugin\npgeplugin.dll

FF - plugin: c:\program files\google\update\1.3.21.115\npGoogleUpdate3.dll

FF - plugin: c:\program files\java\jre6\bin\new_plugin\npdeployJava1.dll

FF - plugin: c:\program files\microsoft silverlight\5.1.10411.0\npctrlui.dll

FF - plugin: c:\program files\mozilla firefox\plugins\npdeployJava1.dll

FF - plugin: c:\program files\mozilla firefox\plugins\npFoxitReaderPlugin.dll

FF - plugin: c:\windows\system32\macromed\flash\NPSWF32_11_3_300_270.dll

.

============= SERVICES / DRIVERS ===============

.

R1 avgio;avgio;c:\program files\avira\antivir desktop\avgio.sys [2010-5-15 11608]

R2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files\common files\adobe\arm\1.0\armsvc.exe [2011-6-6 64952]

R2 AntiVirSchedulerService;Avira AntiVir Planificateur;c:\program files\avira\antivir desktop\sched.exe [2010-5-15 136360]

R2 AntiVirService;Avira AntiVir Guard;c:\program files\avira\antivir desktop\avguard.exe [2010-5-15 269480]

R2 avgntflt;avgntflt;c:\windows\system32\drivers\avgntflt.sys [2010-5-15 66616]

R2 MicroGuard;MicroGuard Copy Protection;c:\windows\system32\drivers\mgnt.sys [2011-3-31 40480]

R2 VMUSBArbService;VMware USB Arbitration Service;c:\program files\common files\vmware\usb\vmware-usbarbitrator.exe [2011-8-29 665200]

R3 MBAMSwissArmy;MBAMSwissArmy;c:\windows\system32\drivers\mbamswissarmy.sys [2012-8-5 40776]

R3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\drivers\Rt86win7.sys [2009-3-1 139776]

S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]

S2 gupdate;Service Google Update (gupdate);c:\program files\google\update\GoogleUpdate.exe [2010-5-19 136176]

S2 KMService;KMService;c:\windows\system32\srvany.exe [2011-5-17 8192]

S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\system32\macromed\flash\FlashPlayerUpdateService.exe [2012-4-9 250056]

S3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;c:\windows\system32\drivers\b57nd60x.sys [2009-7-14 229888]

S3 epmntdrv;epmntdrv;c:\windows\system32\epmntdrv.sys [2010-5-16 14216]

S3 EuGdiDrv;EuGdiDrv;c:\windows\system32\EuGdiDrv.sys [2010-5-16 8456]

S3 gupdatem;Service Google Update (gupdatem);c:\program files\google\update\GoogleUpdate.exe [2010-5-19 136176]

S3 hasplms;Sentinel HASP License Manager;c:\windows\system32\hasplms.exe -run --> c:\windows\system32\hasplms.exe -run [?]

S3 hcw95bda;Hauppauge MOD7700 Tuner Driver;c:\windows\system32\drivers\hcw95bda.sys [2010-8-16 573440]

S3 hcw95rc;Hauppauge MOD7700 IR Driver;c:\windows\system32\drivers\hcw95rc.sys [2010-8-16 15616]

S3 MozillaMaintenance;Mozilla Maintenance Service;c:\program files\mozilla maintenance service\maintenanceservice.exe [2012-4-24 113120]

S3 nvUpdatusService;NVIDIA Update Service Daemon;c:\program files\nvidia corporation\nvidia updatus\daemonu.exe [2011-7-12 2214504]

S3 pbfilter;pbfilter;c:\program files\peerblock\pbfilter.sys [2012-4-22 20080]

S3 StorSvc;Service de stockage;c:\windows\system32\svchost.exe -k LocalSystemNetworkRestricted [2009-7-14 20992]

S3 T3Srv;FLIR Systems Camera Monitor;c:\program files\flir systems\flir device drivers\flir t3srv\sysx86\T3Srv.exe [2010-3-18 457312]

S3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\TsUsbFlt.sys [2011-4-4 52224]

.

=============== Created Last 30 ================

.

2012-08-05 06:54:36 40776 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys

2012-08-04 11:54:01 6891424 ----a-w- c:\programdata\microsoft\windows defender\definition updates\{b6b4ba52-281f-411b-8b81-54895a8d95c6}\mpengine.dll

2012-08-04 11:46:18 -------- d-----w- c:\users\marc\appdata\local\SKIDROW

2012-08-02 19:04:57 -------- d-----w- c:\programdata\Kaspersky Lab

2012-08-02 19:04:57 -------- d-----w- c:\program files\Kaspersky Lab

2012-07-30 19:33:29 -------- d-----w- c:\program files\CCleaner

2012-07-30 18:36:36 -------- d-----w- C:\$RECYCLE.BIN

2012-07-30 18:31:50 -------- d-----w- c:\users\marc\appdata\local\temp

2012-07-30 17:43:55 -------- d-----w- c:\program files\Unlocker

2012-07-30 17:18:18 98816 ----a-w- c:\windows\sed.exe

2012-07-30 17:18:18 518144 ----a-w- c:\windows\SWREG.exe

2012-07-30 17:18:18 256000 ----a-w- c:\windows\PEV.exe

2012-07-30 17:18:18 208896 ----a-w- c:\windows\MBR.exe

2012-07-13 08:16:58 2345984 ----a-w- c:\windows\system32\win32k.sys

.

==================== Find3M ====================

.

2012-08-04 10:19:42 17488 ----a-w- c:\windows\gdrv.sys

2012-08-04 09:49:32 70344 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl

2012-08-04 09:49:32 426184 ----a-w- c:\windows\system32\FlashPlayerApp.exe

2012-07-03 11:46:44 22344 ----a-w- c:\windows\system32\drivers\mbam.sys

2012-06-06 05:05:52 1390080 ----a-w- c:\windows\system32\msxml6.dll

2012-06-06 05:05:52 1236992 ----a-w- c:\windows\system32\msxml3.dll

2012-06-06 05:03:06 805376 ----a-w- c:\windows\system32\cdosys.dll

2012-06-02 22:12:32 2422272 ----a-w- c:\windows\system32\wucltux.dll

2012-06-02 22:12:13 88576 ----a-w- c:\windows\system32\wudriver.dll

2012-06-02 13:19:42 171904 ----a-w- c:\windows\system32\wuwebv.dll

2012-06-02 13:12:20 33792 ----a-w- c:\windows\system32\wuapp.exe

2012-06-02 08:33:25 1800192 ----a-w- c:\windows\system32\jscript9.dll

2012-06-02 08:25:08 1129472 ----a-w- c:\windows\system32\wininet.dll

2012-06-02 08:25:03 1427968 ----a-w- c:\windows\system32\inetcpl.cpl

2012-06-02 08:20:33 142848 ----a-w- c:\windows\system32\ieUnatt.exe

2012-06-02 08:16:52 2382848 ----a-w- c:\windows\system32\mshtml.tlb

2012-06-02 04:45:04 67440 ----a-w- c:\windows\system32\drivers\ksecdd.sys

2012-06-02 04:45:03 134000 ----a-w- c:\windows\system32\drivers\ksecpkg.sys

2012-06-02 04:40:59 369336 ----a-w- c:\windows\system32\drivers\cng.sys

2012-06-02 04:40:39 225280 ----a-w- c:\windows\system32\schannel.dll

2012-06-02 04:39:10 219136 ----a-w- c:\windows\system32\ncrypt.dll

2012-05-31 10:25:14 237072 ------w- c:\windows\system32\MpSigStub.exe

2010-01-06 23:00:00 107520 --sha-r- c:\windows\system32\TAKDSDecoder.dll

.

============= FINISH: 9:22:35,66 ===============

Attach.txt

Edited August 5, 2012 by Maurice Naggar

[Maurice Naggar]

Hello and welcome to MalwareBytes forum.

If you are a technician, corporate, business, educational, government or non-profit-organization, or MBAM-reseller, or MBAM-affiliate, then please contact corporate-support@malwarebytes.org and include full contact details along with your Reference # when you do to ensure that you receive prompt assistance.

Otherwise, while I am helping you, do NOT run any tools on your own. And do not make changes to this system either, without first checking with me.

Do NOT do any websurfing, online games, online transactions, or banking.

Only go to the websites I guide you to for tools, otherwise, just this forum.

Also, do NOT attach any logs or reports. ALWAYS use Notepad and Copy all contents, & Paste into main-body of reply-box

Step 1

1. Go >> Here << and download ERUNT

(ERUNT (Emergency Recovery Utility NT) is a free program that allows you to keep a complete backup of your registry and restore it when needed.)

2. Install ERUNT by following the prompts

(use the default install settings but say no to the portion that asks you to add ERUNT to the start-up folder, if you like you can enable this option later)

3. Start ERUNT

(either by double clicking on the desktop icon or choosing to start the program at the end of the setup)

4. Choose a location for the backup

(the default location is C:\WINDOWS\ERDNT which is acceptable).

5. Make sure that at least the first two check boxes are ticked

6. Press OK

7. Press YES to create the folder.

Step 2

To show all files:

• Go to your Desktop
• Double-Click the Computer icon.
  
• From the menu options, Select Tools, then Folder Options.
  
• Next click the View tab.
  
• Locate and uncheck Hide file extensions for known file types.
  
• Locate and uncheck Hide protected operating system files (Recommended).
  
• Locate and click Show hidden files and folders and drives.
  
• Click Apply > OK.

Step 3

Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools

For directions on how, see How To Temporarily Disable Your Anti-virus, Firewall And Anti-malware Programs

Do NOT turn off the firewall

Download aswMBR.exe ( 511KB ) to your desktop.

On Windows 7 or Vista, RIGHT click on aswMBR.exe and select Run As Administrator to start.

On Windows XP, double click the exe to start.

change the a-v scan to None.

uncheck trace disk IO calls

Click the "Scan" button to start scan

On completion of the scan (Note if the Fix button is enabled (not the FixMBR button) and tell me) click save log, save it to your desktop and post in your next reply

Step 4

Please read carefully and follow these steps.

• Delete the prior copies of TDSSKILLER.zip & TDSSKILLER.exe that you may have.
  
• Download TDSSKiller and save it to your Desktop.
  
• If on Windows 7 or Vista, RIGHT-Click on TDSSKiller.exe and select Run As Administrator to run the application.
  If on Windows XP, double-click to start.
  
• Click on "Change parameters" and place a checkmark next to Verify Driver Digital Signature and Detect TDLFS file system, then click OK
  
• Then press Start Scan

When the scan is done, it will display a summary screen.

• If no reboot is require, click on Report. A log file should appear. Please copy and paste the contents of that file here.
  
• If a reboot is required, the report can also be found in your root directory, (usually C:\ folder) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt". Please copy and paste the contents of that file here.
  

Step 5

RE-Enable your antivirus program.

Download OTL by OldTimer to your desktop: http://oldtimer.geekstogo.com/OTL.exe

• Close all open windows on the Task Bar. Click the icon (for Vista, or Windows 7 Right click the icon and Run as Administrator) to start the program.
  
• In the lower right corner, checkmark "LOP Check" and checkmark "Purity Check".
  
• Now click Run Scan at Top left and let the program run uninterrupted. It will take about 4 minutes.
  
• It will produce two logs for you, one will pop up called OTL.txt, the other will be saved on your desktop and called Extras.txt.
  
• Exit Notepad. Remember where you've saved these 2 files as we will need both of them shortly!
  
• Exit OTL by clicking the X at top right.

Download Security Check by screen317 and save it to your Desktop: here

• Run Security Check
• Follow the onscreen instructions inside of the command window.
• A Notepad document should open automatically called checkup.txt; close Notepad. We will need this log, too, so remember where you've saved it!

If one of your security applications (e.g., third-party firewall) requests permission to allow DIG.EXE access the Internet, allow it to do so.
Then copy/paste the following into your post (in order):

• the contents of aswMBR report;
  
• the contents of TDSSKILLER log;
  
• the contents of OTL.txt;
  
• the contents of Extras.txt ; and
  
• the contents of checkup.txt

Be sure to do a Preview prior to pressing Submit because all reports may not fit into 1 single reply. You may have to do more than 1 reply.

Do not use the attachment feature to place any of your reports. Always put them in-line inside the body of reply.

Edited August 5, 2012 by Maurice Naggar

[tybreizh29]

Hi

I'm just an person with it's home PC with a malware, and I apreciate a lot your help.

here are the requested file.

sorry 2 posts because it's too long to fit in one

Marc

aswMBR version 0.9.9.1665 Copyright© 2011 AVAST Software

Run date: 2012-08-05 16:23:54

-----------------------------

16:23:54.068 OS Version: Windows 6.1.7601 Service Pack 1

16:23:54.068 Number of processors: 4 586 0x403

16:23:54.069 ComputerName: PC-MARC UserName: marc

16:24:03.404 Initialize success

16:30:20.455 AVAST engine defs: 12080500

16:30:57.706 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\0000007b

16:30:57.712 Disk 0 Vendor: Hitachi_ V5DO Size: 238475MB BusType: 8

16:30:57.719 Disk 1 \Device\Harddisk1\DR1 -> \Device\0000007f

16:30:57.726 Disk 1 Vendor: NVIDIA__ 0100 Size: 238475MB BusType: 8

16:30:57.742 Disk 0 MBR read successfully

16:30:57.750 Disk 0 MBR scan

16:30:57.757 Disk 0 Windows 7 default MBR code

16:30:57.761 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 193584 MB offset 63

16:30:57.786 Disk 0 Partition 2 00 06 FAT16 44888 MB offset 396462080

16:30:57.792 Disk 0 scanning sectors +488392704

16:30:57.851 Disk 0 scanning C:\Windows\system32\drivers

16:31:05.768 Service scanning

16:31:21.639 Service sptd C:\Windows\System32\Drivers\sptd.sys **LOCKED** 32

16:31:28.269 Modules scanning

16:31:50.007 Scan finished successfully

16:32:16.702 Disk 0 MBR has been saved successfully to "C:\Users\marc\Desktop\MBR.dat"

16:32:16.708 The log file has been saved successfully to "C:\Users\marc\Desktop\aswMBR.txt"

16:33:08.0361 4064 TDSS rootkit removing tool 2.7.48.0 Jul 24 2012 13:16:32

16:33:08.0471 4064 ============================================================

16:33:08.0471 4064 Current date / time: 2012/08/05 16:33:08.0471

16:33:08.0472 4064 SystemInfo:

16:33:08.0472 4064

16:33:08.0472 4064 OS Version: 6.1.7601 ServicePack: 1.0

16:33:08.0472 4064 Product type: Workstation

16:33:08.0472 4064 ComputerName: PC-MARC

16:33:08.0472 4064 UserName: marc

16:33:08.0472 4064 Windows directory: C:\Windows

16:33:08.0472 4064 System windows directory: C:\Windows

16:33:08.0472 4064 Processor architecture: Intel x86

16:33:08.0472 4064 Number of processors: 4

16:33:08.0472 4064 Page size: 0x1000

16:33:08.0472 4064 Boot type: Normal boot

16:33:08.0472 4064 ============================================================

16:33:09.0387 4064 Drive \Device\Harddisk0\DR0 - Size: 0x3A38B2E000 (232.89 Gb), SectorSize: 0x200, Cylinders: 0x76C1, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000050

16:33:09.0397 4064 Drive \Device\Harddisk1\DR1 - Size: 0x3A38B20000 (232.89 Gb), SectorSize: 0x200, Cylinders: 0x76C1, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000050

16:33:09.0399 4064 ============================================================

16:33:09.0399 4064 \Device\Harddisk0\DR0:

16:33:09.0399 4064 MBR partitions:

16:33:09.0399 4064 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x3F, BlocksNum 0x17A18591

16:33:09.0399 4064 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x6, StartLBA 0x17A18800, BlocksNum 0x57AC000

16:33:09.0399 4064 \Device\Harddisk1\DR1:

16:33:09.0399 4064 MBR partitions:

16:33:09.0399 4064 \Device\Harddisk1\DR1\Partition0: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x1D1C4800

16:33:09.0399 4064 ============================================================

16:33:09.0417 4064 C: <-> \Device\Harddisk0\DR0\Partition0

16:33:09.0461 4064 D: <-> \Device\Harddisk1\DR1\Partition0

16:33:09.0462 4064 ============================================================

16:33:09.0462 4064 Initialize success

16:33:09.0462 4064 ============================================================

16:33:30.0434 1856 ============================================================

16:33:30.0434 1856 Scan started

16:33:30.0434 1856 Mode: Manual; SigCheck; TDLFS;

16:33:30.0434 1856 ============================================================

16:33:30.0946 1856 1394ohci (1b133875b8aa8ac48969bd3458afe9f5) C:\Windows\system32\drivers\1394ohci.sys

16:33:31.0024 1856 1394ohci - ok

16:33:31.0067 1856 ACPI (cea80c80bed809aa0da6febc04733349) C:\Windows\system32\drivers\ACPI.sys

16:33:31.0082 1856 ACPI - ok

16:33:31.0109 1856 AcpiPmi (1efbc664abff416d1d07db115dcb264f) C:\Windows\system32\drivers\acpipmi.sys

16:33:31.0151 1856 AcpiPmi - ok

16:33:31.0251 1856 AdobeARMservice (11a52cf7b265631deeb24c6149309eff) C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe

16:33:31.0261 1856 AdobeARMservice - ok

16:33:31.0338 1856 AdobeFlashPlayerUpdateSvc (f19c98ad81d2c0e1bbfd8153d2c80ee8) C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe

16:33:31.0369 1856 AdobeFlashPlayerUpdateSvc - ok

16:33:31.0429 1856 adp94xx (21e785ebd7dc90a06391141aac7892fb) C:\Windows\system32\DRIVERS\adp94xx.sys

16:33:31.0456 1856 adp94xx - ok

16:33:31.0476 1856 adpahci (0c676bc278d5b59ff5abd57bbe9123f2) C:\Windows\system32\DRIVERS\adpahci.sys

16:33:31.0492 1856 adpahci - ok

16:33:31.0506 1856 adpu320 (7c7b5ee4b7b822ec85321fe23a27db33) C:\Windows\system32\DRIVERS\adpu320.sys

16:33:31.0519 1856 adpu320 - ok

16:33:31.0575 1856 AeLookupSvc (8b5eefeec1e6d1a72a06c526628ad161) C:\Windows\System32\aelupsvc.dll

16:33:31.0657 1856 AeLookupSvc - ok

16:33:31.0741 1856 AFD (9ebbba55060f786f0fcaa3893bfa2806) C:\Windows\system32\drivers\afd.sys

16:33:31.0781 1856 AFD - ok

16:33:31.0803 1856 agp440 (507812c3054c21cef746b6ee3d04dd6e) C:\Windows\system32\drivers\agp440.sys

16:33:31.0815 1856 agp440 - ok

16:33:31.0835 1856 aic78xx (8b30250d573a8f6b4bd23195160d8707) C:\Windows\system32\DRIVERS\djsvs.sys

16:33:31.0847 1856 aic78xx - ok

16:33:31.0924 1856 aksfridge (45f65f2f7ae28e5e56ab64e3ac61bd52) C:\Windows\system32\drivers\aksfridge.sys

16:33:31.0985 1856 aksfridge - ok

16:33:32.0023 1856 ALG (18a54e132947cd98fea9accc57f98f13) C:\Windows\System32\alg.exe

16:33:32.0070 1856 ALG - ok

16:33:32.0112 1856 aliide (0d40bcf52ea90fc7df2aeab6503dea44) C:\Windows\system32\drivers\aliide.sys

16:33:32.0123 1856 aliide - ok

16:33:32.0131 1856 amdagp (3c6600a0696e90a463771c7422e23ab5) C:\Windows\system32\drivers\amdagp.sys

16:33:32.0142 1856 amdagp - ok

16:33:32.0151 1856 amdide (cd5914170297126b6266860198d1d4f0) C:\Windows\system32\drivers\amdide.sys

16:33:32.0162 1856 amdide - ok

16:33:32.0197 1856 AmdK8 (00dda200d71bac534bf56a9db5dfd666) C:\Windows\system32\DRIVERS\amdk8.sys

16:33:32.0213 1856 AmdK8 - ok

16:33:32.0241 1856 AmdPPM (3cbf30f5370fda40dd3e87df38ea53b6) C:\Windows\system32\DRIVERS\amdppm.sys

16:33:32.0260 1856 AmdPPM - ok

16:33:32.0298 1856 amdsata (d320bf87125326f996d4904fe24300fc) C:\Windows\system32\drivers\amdsata.sys

16:33:32.0306 1856 amdsata - ok

16:33:32.0323 1856 amdsbs (ea43af0c423ff267355f74e7a53bdaba) C:\Windows\system32\DRIVERS\amdsbs.sys

16:33:32.0332 1856 amdsbs - ok

16:33:32.0344 1856 amdxata (46387fb17b086d16dea267d5be23a2f2) C:\Windows\system32\drivers\amdxata.sys

16:33:32.0352 1856 amdxata - ok

16:33:32.0432 1856 AntiVirSchedulerService (a5bcbaf0477c4869b67e0195aea4a9cd) C:\Program Files\Avira\AntiVir Desktop\sched.exe

16:33:32.0444 1856 AntiVirSchedulerService - ok

16:33:32.0461 1856 AntiVirService (3cce4afa4aacdb28e01a148394212186) C:\Program Files\Avira\AntiVir Desktop\avguard.exe

16:33:32.0469 1856 AntiVirService - ok

16:33:32.0494 1856 AppID (aea177f783e20150ace5383ee368da19) C:\Windows\system32\drivers\appid.sys

16:33:32.0520 1856 AppID - ok

16:33:32.0551 1856 AppIDSvc (62a9c86cb6085e20db4823e4e97826f5) C:\Windows\System32\appidsvc.dll

16:33:32.0621 1856 AppIDSvc - ok

16:33:32.0647 1856 Appinfo (fb1959012294d6ad43e5304df65e3c26) C:\Windows\System32\appinfo.dll

16:33:32.0690 1856 Appinfo - ok

16:33:32.0737 1856 AppMgmt (a45d184df6a8803da13a0b329517a64a) C:\Windows\System32\appmgmts.dll

16:33:32.0761 1856 AppMgmt - ok

16:33:32.0782 1856 arc (2932004f49677bd84dbc72edb754ffb3) C:\Windows\system32\DRIVERS\arc.sys

16:33:32.0794 1856 arc - ok

16:33:32.0803 1856 arcsas (5d6f36c46fd283ae1b57bd2e9feb0bc7) C:\Windows\system32\DRIVERS\arcsas.sys

16:33:32.0815 1856 arcsas - ok

16:33:32.0826 1856 AsyncMac (add2ade1c2b285ab8378d2daaf991481) C:\Windows\system32\DRIVERS\asyncmac.sys

16:33:32.0857 1856 AsyncMac - ok

16:33:32.0901 1856 atapi (338c86357871c167a96ab976519bf59e) C:\Windows\system32\drivers\atapi.sys

16:33:32.0909 1856 atapi - ok

16:33:32.0966 1856 AudioEndpointBuilder (ce3b4e731638d2ef62fcb419be0d39f0) C:\Windows\System32\Audiosrv.dll

16:33:32.0996 1856 AudioEndpointBuilder - ok

16:33:33.0000 1856 Audiosrv (ce3b4e731638d2ef62fcb419be0d39f0) C:\Windows\System32\Audiosrv.dll

16:33:33.0019 1856 Audiosrv - ok

16:33:33.0102 1856 avgio (f1d43170fdd7399ee17ea32d4f868b0c) C:\Program Files\Avira\AntiVir Desktop\avgio.sys

16:33:33.0108 1856 avgio - ok

16:33:33.0144 1856 avgntflt (1e4114685de1ffa9675e09c6a1fb3f4b) C:\Windows\system32\DRIVERS\avgntflt.sys

16:33:33.0153 1856 avgntflt - ok

16:33:33.0180 1856 avipbb (0f78d3dae6dedd99ae54c9491c62adf2) C:\Windows\system32\DRIVERS\avipbb.sys

16:33:33.0200 1856 avipbb - ok

16:33:33.0252 1856 AxInstSV (6e30d02aac9cac84f421622e3a2f6178) C:\Windows\System32\AxInstSV.dll

16:33:33.0300 1856 AxInstSV - ok

16:33:33.0338 1856 b06bdrv (1a231abec60fd316ec54c66715543cec) C:\Windows\system32\DRIVERS\bxvbdx.sys

16:33:33.0369 1856 b06bdrv - ok

16:33:33.0394 1856 b57nd60x (bd8869eb9cde6bbe4508d869929869ee) C:\Windows\system32\DRIVERS\b57nd60x.sys

16:33:33.0416 1856 b57nd60x - ok

16:33:33.0446 1856 BDESVC (ee1e9c3bb8228ae423dd38db69128e71) C:\Windows\System32\bdesvc.dll

16:33:33.0473 1856 BDESVC - ok

16:33:33.0518 1856 Beep (505506526a9d467307b3c393dedaf858) C:\Windows\system32\drivers\Beep.sys

16:33:33.0555 1856 Beep - ok

16:33:33.0609 1856 BFE (1e2bac209d184bb851e1a187d8a29136) C:\Windows\System32\bfe.dll

16:33:33.0690 1856 BFE - ok

16:33:33.0767 1856 BITS (e585445d5021971fae10393f0f1c3961) C:\Windows\system32\qmgr.dll

16:33:33.0808 1856 BITS - ok

16:33:33.0852 1856 blbdrive (2287078ed48fcfc477b05b20cf38f36f) C:\Windows\system32\DRIVERS\blbdrive.sys

16:33:33.0873 1856 blbdrive - ok

16:33:33.0902 1856 bowser (8f2da3028d5fcbd1a060a3de64cd6506) C:\Windows\system32\DRIVERS\bowser.sys

16:33:33.0938 1856 bowser - ok

16:33:33.0954 1856 BrFiltLo (9f9acc7f7ccde8a15c282d3f88b43309) C:\Windows\system32\DRIVERS\BrFiltLo.sys

16:33:33.0976 1856 BrFiltLo - ok

16:33:33.0987 1856 BrFiltUp (56801ad62213a41f6497f96dee83755a) C:\Windows\system32\DRIVERS\BrFiltUp.sys

16:33:34.0014 1856 BrFiltUp - ok

16:33:34.0037 1856 BridgeMP (77361d72a04f18809d0efb6cceb74d4b) C:\Windows\system32\DRIVERS\bridge.sys

16:33:34.0067 1856 BridgeMP - ok

16:33:34.0108 1856 Browser (6e11f33d14d020f58d5e02e4d67dfa19) C:\Windows\System32\browser.dll

16:33:34.0176 1856 Browser - ok

16:33:34.0213 1856 Brserid (845b8ce732e67f3b4133164868c666ea) C:\Windows\System32\Drivers\Brserid.sys

16:33:34.0259 1856 Brserid - ok

16:33:34.0281 1856 BrSerWdm (203f0b1e73adadbbb7b7b1fabd901f6b) C:\Windows\System32\Drivers\BrSerWdm.sys

16:33:34.0305 1856 BrSerWdm - ok

16:33:34.0320 1856 BrUsbMdm (bd456606156ba17e60a04e18016ae54b) C:\Windows\System32\Drivers\BrUsbMdm.sys

16:33:34.0343 1856 BrUsbMdm - ok

16:33:34.0358 1856 BrUsbSer (af72ed54503f717a43268b3cc5faec2e) C:\Windows\System32\Drivers\BrUsbSer.sys

16:33:34.0388 1856 BrUsbSer - ok

16:33:34.0408 1856 BTHMODEM (ed3df7c56ce0084eb2034432fc56565a) C:\Windows\system32\DRIVERS\bthmodem.sys

16:33:34.0421 1856 BTHMODEM - ok

16:33:34.0439 1856 bthserv (1df19c96eef6c29d1c3e1a8678e07190) C:\Windows\system32\bthserv.dll

16:33:34.0475 1856 bthserv - ok

16:33:34.0561 1856 catchme - ok

16:33:34.0600 1856 cdfs (77ea11b065e0a8ab902d78145ca51e10) C:\Windows\system32\DRIVERS\cdfs.sys

16:33:34.0626 1856 cdfs - ok

16:33:34.0662 1856 cdrom (be167ed0fdb9c1fa1133953c18d5a6c9) C:\Windows\system32\DRIVERS\cdrom.sys

16:33:34.0684 1856 cdrom - ok

16:33:34.0708 1856 CertPropSvc (319c6b309773d063541d01df8ac6f55f) C:\Windows\System32\certprop.dll

16:33:34.0734 1856 CertPropSvc - ok

16:33:34.0756 1856 circlass (3fe3fe94a34df6fb06e6418d0f6a0060) C:\Windows\system32\DRIVERS\circlass.sys

16:33:34.0766 1856 circlass - ok

16:33:34.0812 1856 CLFS (635181e0e9bbf16871bf5380d71db02d) C:\Windows\system32\CLFS.sys

16:33:34.0849 1856 CLFS - ok

16:33:34.0909 1856 clr_optimization_v2.0.50727_32 (d88040f816fda31c3b466f0fa0918f29) C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe

16:33:34.0936 1856 clr_optimization_v2.0.50727_32 - ok

16:33:35.0031 1856 clr_optimization_v4.0.30319_32 (c5a75eb48e2344abdc162bda79e16841) C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe

16:33:35.0059 1856 clr_optimization_v4.0.30319_32 - ok

16:33:35.0088 1856 CmBatt (dea805815e587dad1dd2c502220b5616) C:\Windows\system32\DRIVERS\CmBatt.sys

16:33:35.0112 1856 CmBatt - ok

16:33:35.0135 1856 cmdide (c537b1db64d495b9b4717b4d6d9edbf2) C:\Windows\system32\drivers\cmdide.sys

16:33:35.0145 1856 cmdide - ok

16:33:35.0206 1856 CNG (247b4ce2dab1160cd422d532d5241e1f) C:\Windows\system32\Drivers\cng.sys

16:33:35.0234 1856 CNG - ok

16:33:35.0267 1856 Compbatt (a6023d3823c37043986713f118a89bee) C:\Windows\system32\DRIVERS\compbatt.sys

16:33:35.0275 1856 Compbatt - ok

16:33:35.0320 1856 CompositeBus (cbe8c58a8579cfe5fccf809e6f114e89) C:\Windows\system32\drivers\CompositeBus.sys

16:33:35.0340 1856 CompositeBus - ok

16:33:35.0342 1856 COMSysApp - ok

16:33:35.0357 1856 crcdisk (2c4ebcfc84a9b44f209dff6c6e6c61d1) C:\Windows\system32\DRIVERS\crcdisk.sys

16:33:35.0365 1856 crcdisk - ok

16:33:35.0409 1856 CryptSvc (06e771aa596b8761107ab57e99f128d7) C:\Windows\system32\cryptsvc.dll

16:33:35.0442 1856 CryptSvc - ok

16:33:35.0506 1856 CSC (3c2177a897b4ca2788c6fb0c3fd81d4b) C:\Windows\system32\drivers\csc.sys

16:33:35.0536 1856 CSC - ok

16:33:35.0574 1856 CscService (15f93b37f6801943360d9eb42485d5d3) C:\Windows\System32\cscsvc.dll

16:33:35.0596 1856 CscService - ok

16:33:35.0618 1856 DcomLaunch (7660f01d3b38aca1747e397d21d790af) C:\Windows\system32\rpcss.dll

16:33:35.0651 1856 DcomLaunch - ok

16:33:35.0677 1856 defragsvc (8d6e10a2d9a5eed59562d9b82cf804e1) C:\Windows\System32\defragsvc.dll

16:33:35.0702 1856 defragsvc - ok

16:33:35.0777 1856 DfsC (f024449c97ec1e464aaffda18593db88) C:\Windows\system32\Drivers\dfsc.sys

16:33:35.0832 1856 DfsC - ok

16:33:35.0878 1856 Dhcp (e9e01eb683c132f7fa27cd607b8a2b63) C:\Windows\system32\dhcpcore.dll

16:33:35.0912 1856 Dhcp - ok

16:33:35.0946 1856 discache (1a050b0274bfb3890703d490f330c0da) C:\Windows\system32\drivers\discache.sys

16:33:35.0978 1856 discache - ok

16:33:36.0010 1856 Disk (565003f326f99802e68ca78f2a68e9ff) C:\Windows\system32\DRIVERS\disk.sys

16:33:36.0018 1856 Disk - ok

16:33:36.0040 1856 Dnscache (33ef4861f19a0736b11314aad9ae28d0) C:\Windows\System32\dnsrslvr.dll

16:33:36.0063 1856 Dnscache - ok

16:33:36.0108 1856 dot3svc (366ba8fb4b7bb7435e3b9eacb3843f67) C:\Windows\System32\dot3svc.dll

16:33:36.0150 1856 dot3svc - ok

16:33:36.0173 1856 DPS (8ec04ca86f1d68da9e11952eb85973d6) C:\Windows\system32\dps.dll

16:33:36.0203 1856 DPS - ok

16:33:36.0224 1856 drmkaud (b918e7c5f9bf77202f89e1a9539f2eb4) C:\Windows\system32\drivers\drmkaud.sys

16:33:36.0257 1856 drmkaud - ok

16:33:36.0346 1856 DXGKrnl (23f5d28378a160352ba8f817bd8c71cb) C:\Windows\System32\drivers\dxgkrnl.sys

16:33:36.0379 1856 DXGKrnl - ok

16:33:36.0405 1856 EapHost (8600142fa91c1b96367d3300ad0f3f3a) C:\Windows\System32\eapsvc.dll

16:33:36.0444 1856 EapHost - ok

16:33:36.0572 1856 ebdrv (024e1b5cac09731e4d868e64dbfb4ab0) C:\Windows\system32\DRIVERS\evbdx.sys

16:33:36.0617 1856 ebdrv - ok

16:33:36.0704 1856 EFS (81951f51e318aecc2d68559e47485cc4) C:\Windows\System32\lsass.exe

16:33:36.0719 1856 EFS - ok

16:33:36.0803 1856 ehRecvr (a8c362018efc87beb013ee28f29c0863) C:\Windows\ehome\ehRecvr.exe

16:33:36.0849 1856 ehRecvr - ok

16:33:36.0870 1856 ehSched (d389bff34f80caede417bf9d1507996a) C:\Windows\ehome\ehsched.exe

16:33:36.0894 1856 ehSched - ok

16:33:36.0940 1856 elxstor (0ed67910c8c326796faa00b2bf6d9d3c) C:\Windows\system32\DRIVERS\elxstor.sys

16:33:36.0959 1856 elxstor - ok

16:33:36.0988 1856 epmntdrv (539ca34fbc74ec366a0d751028c32a08) C:\Windows\system32\epmntdrv.sys

16:33:36.0994 1856 epmntdrv ( UnsignedFile.Multi.Generic ) - warning

16:33:36.0994 1856 epmntdrv - detected UnsignedFile.Multi.Generic (1)

16:33:37.0019 1856 ErrDev (8fc3208352dd3912c94367a206ab3f11) C:\Windows\system32\drivers\errdev.sys

16:33:37.0036 1856 ErrDev - ok

16:33:37.0059 1856 EuGdiDrv (1f2f4ab15ce03ecc257feb2f6dc5a013) C:\Windows\system32\EuGdiDrv.sys

16:33:37.0077 1856 EuGdiDrv ( UnsignedFile.Multi.Generic ) - warning

16:33:37.0077 1856 EuGdiDrv - detected UnsignedFile.Multi.Generic (1)

16:33:37.0143 1856 EventSystem (f6916efc29d9953d5d0df06882ae8e16) C:\Windows\system32\es.dll

16:33:37.0175 1856 EventSystem - ok

16:33:37.0206 1856 exfat (2dc9108d74081149cc8b651d3a26207f) C:\Windows\system32\drivers\exfat.sys

16:33:37.0235 1856 exfat - ok

16:33:37.0290 1856 fastfat (7e0ab74553476622fb6ae36f73d97d35) C:\Windows\system32\drivers\fastfat.sys

16:33:37.0354 1856 fastfat - ok

16:33:37.0409 1856 Fax (967ea5b213e9984cbe270205df37755b) C:\Windows\system32\fxssvc.exe

16:33:37.0436 1856 Fax - ok

16:33:37.0452 1856 fdc (e817a017f82df2a1f8cfdbda29388b29) C:\Windows\system32\DRIVERS\fdc.sys

16:33:37.0463 1856 fdc - ok

16:33:37.0483 1856 fdPHost (f3222c893bd2f5821a0179e5c71e88fb) C:\Windows\system32\fdPHost.dll

16:33:37.0518 1856 fdPHost - ok

16:33:37.0522 1856 FDResPub (7dbe8cbfe79efbdeb98c9fb08d3a9a5b) C:\Windows\system32\fdrespub.dll

16:33:37.0544 1856 FDResPub - ok

16:33:37.0585 1856 FileInfo (6cf00369c97f3cf563be99be983d13d8) C:\Windows\system32\drivers\fileinfo.sys

16:33:37.0593 1856 FileInfo - ok

16:33:37.0605 1856 Filetrace (42c51dc94c91da21cb9196eb64c45db9) C:\Windows\system32\drivers\filetrace.sys

16:33:37.0636 1856 Filetrace - ok

16:33:37.0666 1856 flpydisk (87907aa70cb3c56600f1c2fb8841579b) C:\Windows\system32\DRIVERS\flpydisk.sys

16:33:37.0681 1856 flpydisk - ok

16:33:37.0720 1856 FltMgr (7520ec808e0c35e0ee6f841294316653) C:\Windows\system32\drivers\fltmgr.sys

16:33:37.0730 1856 FltMgr - ok

16:33:37.0803 1856 FontCache (b3a5ec6b6b6673db7e87c2bcdbddc074) C:\Windows\system32\FntCache.dll

16:33:37.0826 1856 FontCache - ok

16:33:37.0894 1856 FontCache3.0.0.0 (e56f39f6b7fda0ac77a79b0fd3de1a2f) C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe

16:33:37.0918 1856 FontCache3.0.0.0 - ok

16:33:37.0936 1856 FsDepends (1a16b57943853e598cff37fe2b8cbf1d) C:\Windows\system32\drivers\FsDepends.sys

16:33:37.0958 1856 FsDepends - ok

16:33:38.0006 1856 Fs_Rec (7dae5ebcc80e45d3253f4923dc424d05) C:\Windows\system32\drivers\Fs_Rec.sys

16:33:38.0017 1856 Fs_Rec - ok

16:33:38.0058 1856 FTDIBUS (47b9cf937ac479046da289bd5a769ce9) C:\Windows\system32\drivers\ftdibus.sys

16:33:38.0066 1856 FTDIBUS - ok

16:33:38.0104 1856 FTSER2K (216b9a2191676034999785c7f94fa5d6) C:\Windows\system32\drivers\ftser2k.sys

16:33:38.0113 1856 FTSER2K - ok

16:33:38.0159 1856 fvevol (8a73e79089b282100b9393b644cb853b) C:\Windows\system32\DRIVERS\fvevol.sys

16:33:38.0176 1856 fvevol - ok

16:33:38.0201 1856 gagp30kx (65ee0c7a58b65e74ae05637418153938) C:\Windows\system32\DRIVERS\gagp30kx.sys

16:33:38.0213 1856 gagp30kx - ok

16:33:38.0252 1856 gdrv (d556cb79967e92b5cc69686d16c1d846) C:\Windows\gdrv.sys

16:33:38.0273 1856 gdrv - ok

16:33:38.0338 1856 gpsvc (e897eaf5ed6ba41e081060c9b447a673) C:\Windows\System32\gpsvc.dll

16:33:38.0382 1856 gpsvc - ok

16:33:38.0454 1856 gupdate (f02a533f517eb38333cb12a9e8963773) C:\Program Files\Google\Update\GoogleUpdate.exe

16:33:38.0464 1856 gupdate - ok

16:33:38.0481 1856 gupdatem (f02a533f517eb38333cb12a9e8963773) C:\Program Files\Google\Update\GoogleUpdate.exe

16:33:38.0490 1856 gupdatem - ok

16:33:38.0539 1856 hardlock (995178a443b07fa9eeaea041d7b4b5ca) C:\Windows\system32\drivers\hardlock.sys

16:33:38.0555 1856 hardlock - ok

16:33:38.0558 1856 hasplms - ok

16:33:38.0598 1856 hcmon (88a6f2571405b3a4abc4ed2f52136317) C:\Windows\system32\drivers\hcmon.sys

16:33:38.0608 1856 hcmon - ok

16:33:38.0621 1856 hcw85cir (c44e3c2bab6837db337ddee7544736db) C:\Windows\system32\drivers\hcw85cir.sys

16:33:38.0632 1856 hcw85cir - ok

16:33:38.0703 1856 hcw95bda (a9157afe4b6f32dcce9bd18fecd53a0d) C:\Windows\system32\Drivers\hcw95bda.sys

16:33:38.0753 1856 hcw95bda - ok

16:33:38.0786 1856 hcw95rc (eb77f3c96c62e65cc25f04220b9a204a) C:\Windows\system32\DRIVERS\hcw95rc.sys

16:33:38.0814 1856 hcw95rc - ok

16:33:38.0874 1856 HdAudAddService (a5ef29d5315111c80a5c1abad14c8972) C:\Windows\system32\drivers\HdAudio.sys

16:33:38.0898 1856 HdAudAddService - ok

16:33:38.0921 1856 HDAudBus (9036377b8a6c15dc2eec53e489d159b5) C:\Windows\system32\drivers\HDAudBus.sys

16:33:38.0945 1856 HDAudBus - ok

16:33:38.0965 1856 HidBatt (1d58a7f3e11a9731d0eaaaa8405acc36) C:\Windows\system32\DRIVERS\HidBatt.sys

16:33:38.0983 1856 HidBatt - ok

16:33:39.0002 1856 HidBth (89448f40e6df260c206a193a4683ba78) C:\Windows\system32\DRIVERS\hidbth.sys

16:33:39.0022 1856 HidBth - ok

16:33:39.0039 1856 HidIr (cf50b4cf4a4f229b9f3c08351f99ca5e) C:\Windows\system32\DRIVERS\hidir.sys

16:33:39.0066 1856 HidIr - ok

16:33:39.0081 1856 hidserv (2bc6f6a1992b3a77f5f41432ca6b3b6b) C:\Windows\System32\hidserv.dll

16:33:39.0116 1856 hidserv - ok

16:33:39.0161 1856 HidUsb (10c19f8290891af023eaec0832e1eb4d) C:\Windows\system32\DRIVERS\hidusb.sys

16:33:39.0177 1856 HidUsb - ok

16:33:39.0200 1856 hkmsvc (196b4e3f4cccc24af836ce58facbb699) C:\Windows\system32\kmsvc.dll

16:33:39.0231 1856 hkmsvc - ok

16:33:39.0261 1856 HomeGroupListener (6658f4404de03d75fe3ba09f7aba6a30) C:\Windows\system32\ListSvc.dll

16:33:39.0270 1856 HomeGroupListener - ok

16:33:39.0302 1856 HomeGroupProvider (dbc02d918fff1cad628acbe0c0eaa8e8) C:\Windows\system32\provsvc.dll

16:33:39.0325 1856 HomeGroupProvider - ok

16:33:39.0359 1856 HpSAMD (295fdc419039090eb8b49ffdbb374549) C:\Windows\system32\drivers\HpSAMD.sys

16:33:39.0367 1856 HpSAMD - ok

16:33:39.0427 1856 HTTP (871917b07a141bff43d76d8844d48106) C:\Windows\system32\drivers\HTTP.sys

16:33:39.0500 1856 HTTP - ok

16:33:39.0531 1856 hwpolicy (0c4e035c7f105f1299258c90886c64c5) C:\Windows\system32\drivers\hwpolicy.sys

16:33:39.0542 1856 hwpolicy - ok

16:33:39.0555 1856 i8042prt (f151f0bdc47f4a28b1b20a0818ea36d6) C:\Windows\system32\drivers\i8042prt.sys

16:33:39.0581 1856 i8042prt - ok

16:33:39.0636 1856 iaStorV (5cd5f9a5444e6cdcb0ac89bd62d8b76e) C:\Windows\system32\drivers\iaStorV.sys

16:33:39.0652 1856 iaStorV - ok

16:33:39.0748 1856 IDriverT (daf66902f08796f9c694901660e5a64a) C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe

16:33:39.0763 1856 IDriverT ( UnsignedFile.Multi.Generic ) - warning

16:33:39.0763 1856 IDriverT - detected UnsignedFile.Multi.Generic (1)

16:33:39.0902 1856 idsvc (c521d7eb6497bb1af6afa89e322fb43c) C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe

16:33:39.0945 1856 idsvc - ok

16:33:40.0006 1856 iirsp (4173ff5708f3236cf25195fecd742915) C:\Windows\system32\DRIVERS\iirsp.sys

16:33:40.0017 1856 iirsp - ok

16:33:40.0069 1856 IKEEXT (f95622f161474511b8d80d6b093aa610) C:\Windows\System32\ikeext.dll

16:33:40.0109 1856 IKEEXT - ok

16:33:40.0134 1856 intelide (a0f12f2c9ba6c72f3987ce780e77c130) C:\Windows\system32\drivers\intelide.sys

16:33:40.0142 1856 intelide - ok

16:33:40.0156 1856 intelppm (3b514d27bfc4accb4037bc6685f766e0) C:\Windows\system32\DRIVERS\intelppm.sys

16:33:40.0171 1856 intelppm - ok

16:33:40.0202 1856 IPBusEnum (acb364b9075a45c0736e5c47be5cae19) C:\Windows\system32\ipbusenum.dll

16:33:40.0233 1856 IPBusEnum - ok

16:33:40.0250 1856 IpFilterDriver (709d1761d3b19a932ff0238ea6d50200) C:\Windows\system32\DRIVERS\ipfltdrv.sys

16:33:40.0267 1856 IpFilterDriver - ok

16:33:40.0310 1856 iphlpsvc (4d65a07b795d6674312f879d09aa7663) C:\Windows\System32\iphlpsvc.dll

16:33:40.0332 1856 iphlpsvc - ok

16:33:40.0354 1856 IPMIDRV (4bd7134618c1d2a27466a099062547bf) C:\Windows\system32\drivers\IPMIDrv.sys

16:33:40.0370 1856 IPMIDRV - ok

16:33:40.0398 1856 IPNAT (a5fa468d67abcdaa36264e463a7bb0cd) C:\Windows\system32\drivers\ipnat.sys

16:33:40.0424 1856 IPNAT - ok

16:33:40.0439 1856 IRENUM (42996cff20a3084a56017b7902307e9f) C:\Windows\system32\drivers\irenum.sys

16:33:40.0463 1856 IRENUM - ok

16:33:40.0478 1856 isapnp (1f32bb6b38f62f7df1a7ab7292638a35) C:\Windows\system32\drivers\isapnp.sys

16:33:40.0486 1856 isapnp - ok

16:33:40.0499 1856 iScsiPrt (cb7a9abb12b8415bce5d74994c7ba3ae) C:\Windows\system32\drivers\msiscsi.sys

16:33:40.0509 1856 iScsiPrt - ok

16:33:40.0547 1856 kbdclass (adef52ca1aeae82b50df86b56413107e) C:\Windows\system32\DRIVERS\kbdclass.sys

16:33:40.0555 1856 kbdclass - ok

16:33:40.0592 1856 kbdhid (9e3ced91863e6ee98c24794d05e27a71) C:\Windows\system32\DRIVERS\kbdhid.sys

16:33:40.0629 1856 kbdhid - ok

16:33:40.0654 1856 KeyIso (81951f51e318aecc2d68559e47485cc4) C:\Windows\system32\lsass.exe

16:33:40.0683 1856 KeyIso - ok

16:33:40.0730 1856 KMService (4635935fc972c582632bf45c26bfcb0e) C:\Windows\system32\srvany.exe

16:33:40.0748 1856 KMService ( UnsignedFile.Multi.Generic ) - warning

16:33:40.0748 1856 KMService - detected UnsignedFile.Multi.Generic (1)

16:33:40.0782 1856 KSecDD (b7895b4182c0d16f6efadeb8081e8d36) C:\Windows\system32\Drivers\ksecdd.sys

16:33:40.0793 1856 KSecDD - ok

16:33:40.0816 1856 KSecPkg (d30159ac9237519fbc62c6ec247d2d46) C:\Windows\system32\Drivers\ksecpkg.sys

16:33:40.0829 1856 KSecPkg - ok

16:33:40.0860 1856 KtmRm (89a7b9cc98d0d80c6f31b91c0a310fcd) C:\Windows\system32\msdtckrm.dll

16:33:40.0896 1856 KtmRm - ok

16:33:40.0924 1856 LanmanServer (d64af876d53eca3668bb97b51b4e70ab) C:\Windows\System32\srvsvc.dll

16:33:40.0957 1856 LanmanServer - ok

16:33:40.0991 1856 LanmanWorkstation (58405e4f68ba8e4057c6e914f326aba2) C:\Windows\System32\wkssvc.dll

16:33:41.0009 1856 LanmanWorkstation - ok

16:33:41.0062 1856 lltdio (f7611ec07349979da9b0ae1f18ccc7a6) C:\Windows\system32\DRIVERS\lltdio.sys

16:33:41.0092 1856 lltdio - ok

16:33:41.0120 1856 lltdsvc (5700673e13a2117fa3b9020c852c01e2) C:\Windows\System32\lltdsvc.dll

16:33:41.0140 1856 lltdsvc - ok

16:33:41.0163 1856 lmhosts (55ca01ba19d0006c8f2639b6c045e08b) C:\Windows\System32\lmhsvc.dll

16:33:41.0193 1856 lmhosts - ok

16:33:41.0212 1856 LSI_FC (eb119a53ccf2acc000ac71b065b78fef) C:\Windows\system32\DRIVERS\lsi_fc.sys

16:33:41.0221 1856 LSI_FC - ok

16:33:41.0230 1856 LSI_SAS (8ade1c877256a22e49b75d1cc9161f9c) C:\Windows\system32\DRIVERS\lsi_sas.sys

16:33:41.0238 1856 LSI_SAS - ok

16:33:41.0244 1856 LSI_SAS2 (dc9dc3d3daa0e276fd2ec262e38b11e9) C:\Windows\system32\DRIVERS\lsi_sas2.sys

16:33:41.0252 1856 LSI_SAS2 - ok

16:33:41.0271 1856 LSI_SCSI (0a036c7d7cab643a7f07135ac47e0524) C:\Windows\system32\DRIVERS\lsi_scsi.sys

16:33:41.0279 1856 LSI_SCSI - ok

16:33:41.0337 1856 luafv (6703e366cc18d3b6e534f5cf7df39cee) C:\Windows\system32\drivers\luafv.sys

16:33:41.0408 1856 luafv - ok

16:33:41.0434 1856 Mcx2Svc (bfb9ee8ee977efe85d1a3105abef6dd1) C:\Windows\system32\Mcx2Svc.dll

16:33:41.0447 1856 Mcx2Svc - ok

16:33:41.0458 1856 megasas (0fff5b045293002ab38eb1fd1fc2fb74) C:\Windows\system32\DRIVERS\megasas.sys

16:33:41.0469 1856 megasas - ok

16:33:41.0488 1856 MegaSR (dcbab2920c75f390caf1d29f675d03d6) C:\Windows\system32\DRIVERS\MegaSR.sys

16:33:41.0502 1856 MegaSR - ok

16:33:41.0545 1856 MicroGuard (e298b3788a69f8aa246c8c9e978dc13d) C:\Windows\system32\drivers\mgnt.sys

16:33:41.0560 1856 MicroGuard ( UnsignedFile.Multi.Generic ) - warning

16:33:41.0560 1856 MicroGuard - detected UnsignedFile.Multi.Generic (1)

16:33:41.0603 1856 MMCSS (146b6f43a673379a3c670e86d89be5ea) C:\Windows\system32\mmcss.dll

16:33:41.0639 1856 MMCSS - ok

16:33:41.0659 1856 Modem (f001861e5700ee84e2d4e52c712f4964) C:\Windows\system32\drivers\modem.sys

16:33:41.0685 1856 Modem - ok

16:33:41.0723 1856 monitor (79d10964de86b292320e9dfe02282a23) C:\Windows\system32\DRIVERS\monitor.sys

16:33:41.0740 1856 monitor - ok

16:33:41.0777 1856 mouclass (fb18cc1d4c2e716b6b903b0ac0cc0609) C:\Windows\system32\DRIVERS\mouclass.sys

16:33:41.0784 1856 mouclass - ok

16:33:41.0790 1856 mouhid (2c388d2cd01c9042596cf3c8f3c7b24d) C:\Windows\system32\DRIVERS\mouhid.sys

16:33:41.0798 1856 mouhid - ok

16:33:41.0835 1856 mountmgr (fc8771f45ecccfd89684e38842539b9b) C:\Windows\system32\drivers\mountmgr.sys

16:33:41.0843 1856 mountmgr - ok

16:33:41.0952 1856 MozillaMaintenance (46297fa8e30a6007f14118fc2b942fbc) C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe

16:33:41.0981 1856 MozillaMaintenance - ok

16:33:42.0014 1856 mpio (2d699fb6e89ce0d8da14ecc03b3edfe0) C:\Windows\system32\drivers\mpio.sys

16:33:42.0038 1856 mpio - ok

16:33:42.0077 1856 mpsdrv (ad2723a7b53dd1aacae6ad8c0bfbf4d0) C:\Windows\system32\drivers\mpsdrv.sys

16:33:42.0109 1856 mpsdrv - ok

16:33:42.0159 1856 MpsSvc (9835584e999d25004e1ee8e5f3e3b881) C:\Windows\system32\mpssvc.dll

16:33:42.0199 1856 MpsSvc - ok

16:33:42.0218 1856 MRxDAV (ceb46ab7c01c9f825f8cc6babc18166a) C:\Windows\system32\drivers\mrxdav.sys

16:33:42.0244 1856 MRxDAV - ok

16:33:42.0293 1856 mrxsmb (5d16c921e3671636c0eba3bbaac5fd25) C:\Windows\system32\DRIVERS\mrxsmb.sys

16:33:42.0321 1856 mrxsmb - ok

16:33:42.0353 1856 mrxsmb10 (6d17a4791aca19328c685d256349fefc) C:\Windows\system32\DRIVERS\mrxsmb10.sys

16:33:42.0374 1856 mrxsmb10 - ok

16:33:42.0401 1856 mrxsmb20 (b81f204d146000be76651a50670a5e9e) C:\Windows\system32\DRIVERS\mrxsmb20.sys

16:33:42.0422 1856 mrxsmb20 - ok

16:33:42.0442 1856 msahci (012c5f4e9349e711e11e0f19a8589f0a) C:\Windows\system32\drivers\msahci.sys

16:33:42.0453 1856 msahci - ok

16:33:42.0469 1856 msdsm (55055f8ad8be27a64c831322a780a228) C:\Windows\system32\drivers\msdsm.sys

16:33:42.0481 1856 msdsm - ok

16:33:42.0519 1856 MSDTC (e1bce74a3bd9902b72599c0192a07e27) C:\Windows\System32\msdtc.exe

16:33:42.0560 1856 MSDTC - ok

16:33:42.0612 1856 Msfs (daefb28e3af5a76abcc2c3078c07327f) C:\Windows\system32\drivers\Msfs.sys

16:33:42.0650 1856 Msfs - ok

16:33:42.0658 1856 mshidkmdf (3e1e5767043c5af9367f0056295e9f84) C:\Windows\System32\drivers\mshidkmdf.sys

16:33:42.0695 1856 mshidkmdf - ok

16:33:42.0718 1856 msisadrv (0a4e5757ae09fa9622e3158cc1aef114) C:\Windows\system32\drivers\msisadrv.sys

16:33:42.0729 1856 msisadrv - ok

16:33:42.0770 1856 MSiSCSI (90f7d9e6b6f27e1a707d4a297f077828) C:\Windows\system32\iscsiexe.dll

16:33:42.0802 1856 MSiSCSI - ok

16:33:42.0805 1856 msiserver - ok

16:33:42.0822 1856 MSKSSRV (8c0860d6366aaffb6c5bb9df9448e631) C:\Windows\system32\drivers\MSKSSRV.sys

16:33:42.0838 1856 MSKSSRV - ok

16:33:42.0848 1856 MSPCLOCK (3ea8b949f963562cedbb549eac0c11ce) C:\Windows\system32\drivers\MSPCLOCK.sys

16:33:42.0873 1856 MSPCLOCK - ok

16:33:42.0881 1856 MSPQM (f456e973590d663b1073e9c463b40932) C:\Windows\system32\drivers\MSPQM.sys

16:33:42.0898 1856 MSPQM - ok

16:33:42.0909 1856 MsRPC (0e008fc4819d238c51d7c93e7b41e560) C:\Windows\system32\drivers\MsRPC.sys

16:33:42.0919 1856 MsRPC - ok

16:33:42.0960 1856 mssmbios (fc6b9ff600cc585ea38b12589bd4e246) C:\Windows\system32\drivers\mssmbios.sys

16:33:42.0968 1856 mssmbios - ok

16:33:42.0970 1856 MSTEE (b42c6b921f61a6e55159b8be6cd54a36) C:\Windows\system32\drivers\MSTEE.sys

16:33:42.0987 1856 MSTEE - ok

16:33:42.0993 1856 MTConfig (33599130f44e1f34631cea241de8ac84) C:\Windows\system32\DRIVERS\MTConfig.sys

16:33:43.0015 1856 MTConfig - ok

16:33:43.0033 1856 MTsensor (d48659bb24c48345d926ecb45c1ebdf5) C:\Windows\system32\DRIVERS\ASACPI.sys

16:33:43.0040 1856 MTsensor - ok

16:33:43.0050 1856 Mup (159fad02f64e6381758c990f753bcc80) C:\Windows\system32\Drivers\mup.sys

16:33:43.0058 1856 Mup - ok

16:33:43.0157 1856 MySQL - ok

16:33:43.0201 1856 napagent (61d57a5d7c6d9afe10e77dae6e1b445e) C:\Windows\system32\qagentRT.dll

16:33:43.0271 1856 napagent - ok

16:33:43.0304 1856 NativeWifiP (26384429fcd85d83746f63e798ab1480) C:\Windows\system32\DRIVERS\nwifi.sys

16:33:43.0321 1856 NativeWifiP - ok

16:33:43.0359 1856 NDIS (e7c54812a2aaf43316eb6930c1ffa108) C:\Windows\system32\drivers\ndis.sys

16:33:43.0382 1856 NDIS - ok

16:33:43.0397 1856 NdisCap (0e1787aa6c9191d3d319e8bafe86f80c) C:\Windows\system32\DRIVERS\ndiscap.sys

16:33:43.0414 1856 NdisCap - ok

16:33:43.0434 1856 NdisTapi (e4a8aec125a2e43a9e32afeea7c9c888) C:\Windows\system32\DRIVERS\ndistapi.sys

16:33:43.0464 1856 NdisTapi - ok

16:33:43.0487 1856 Ndisuio (d8a65dafb3eb41cbb622745676fcd072) C:\Windows\system32\DRIVERS\ndisuio.sys

16:33:43.0503 1856 Ndisuio - ok

16:33:43.0526 1856 NdisWan (38fbe267e7e6983311179230facb1017) C:\Windows\system32\DRIVERS\ndiswan.sys

16:33:43.0555 1856 NdisWan - ok

16:33:43.0580 1856 NDProxy (a4bdc541e69674fbff1a8ff00be913f2) C:\Windows\system32\drivers\NDProxy.sys

16:33:43.0610 1856 NDProxy - ok

16:33:43.0642 1856 NetBIOS (80b275b1ce3b0e79909db7b39af74d51) C:\Windows\system32\DRIVERS\netbios.sys

16:33:43.0671 1856 NetBIOS - ok

16:33:43.0708 1856 NetBT (280122ddcf04b378edd1ad54d71c1e54) C:\Windows\system32\DRIVERS\netbt.sys

16:33:43.0776 1856 NetBT - ok

16:33:43.0829 1856 Netlogon (81951f51e318aecc2d68559e47485cc4) C:\Windows\system32\lsass.exe

16:33:43.0858 1856 Netlogon - ok

16:33:43.0890 1856 Netman (7cccfca7510684768da22092d1fa4db2) C:\Windows\System32\netman.dll

16:33:43.0928 1856 Netman - ok

16:33:43.0959 1856 netprofm (8c338238c16777a802d6a9211eb2ba50) C:\Windows\System32\netprofm.dll

16:33:43.0987 1856 netprofm - ok

16:33:44.0058 1856 NetTcpPortSharing (f476ec40033cdb91efbe73eb99b8362d) C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe

16:33:44.0067 1856 NetTcpPortSharing - ok

16:33:44.0082 1856 nfrd960 (1d85c4b390b0ee09c7a46b91efb2c097) C:\Windows\system32\DRIVERS\nfrd960.sys

16:33:44.0090 1856 nfrd960 - ok

16:33:44.0122 1856 NlaSvc (912084381d30d8b89ec4e293053f4710) C:\Windows\System32\nlasvc.dll

16:33:44.0154 1856 NlaSvc - ok

16:33:44.0198 1856 NPF (b48dc6abcd3aeff8618350ccbdc6b09a) C:\Windows\system32\drivers\npf.sys

16:33:44.0204 1856 NPF - ok

16:33:44.0228 1856 Npfs (1db262a9f8c087e8153d89bef3d2235f) C:\Windows\system32\drivers\Npfs.sys

16:33:44.0256 1856 Npfs - ok

16:33:44.0276 1856 nsi (ba387e955e890c8a88306d9b8d06bf17) C:\Windows\system32\nsisvc.dll

16:33:44.0327 1856 nsi - ok

16:33:44.0337 1856 nsiproxy (e9a0a4d07e53d8fea2bb8387a3293c58) C:\Windows\system32\drivers\nsiproxy.sys

16:33:44.0388 1856 nsiproxy - ok

16:33:44.0468 1856 Ntfs (81189c3d7763838e55c397759d49007a) C:\Windows\system32\drivers\Ntfs.sys

16:33:44.0500 1856 Ntfs - ok

16:33:44.0600 1856 Null (f9756a98d69098dca8945d62858a812c) C:\Windows\system32\drivers\Null.sys

16:33:44.0632 1856 Null - ok

16:33:44.0674 1856 NVENETFD (b5e37e31c053bc9950455a257526514b) C:\Windows\system32\DRIVERS\nvm62x32.sys

16:33:44.0685 1856 NVENETFD - ok

16:33:45.0193 1856 nvlddmkm (f452e6ad3eda2852f44be492e283c40f) C:\Windows\system32\DRIVERS\nvlddmkm.sys

16:33:45.0480 1856 nvlddmkm - ok

16:33:45.0590 1856 nvraid (b3e25ee28883877076e0e1ff877d02e0) C:\Windows\system32\drivers\nvraid.sys

16:33:45.0622 1856 nvraid - ok

16:33:45.0654 1856 nvrd32 (6f922993c8aa8bf555b0a8428aab5731) C:\Windows\system32\DRIVERS\nvrd32.sys

16:33:45.0666 1856 nvrd32 - ok

16:33:45.0677 1856 nvstor (4380e59a170d88c4f1022eff6719a8a4) C:\Windows\system32\drivers\nvstor.sys

16:33:45.0690 1856 nvstor - ok

16:33:45.0710 1856 nvstor32 (269de658deaf032564e8b6430b5bd170) C:\Windows\system32\DRIVERS\nvstor32.sys

16:33:45.0722 1856 nvstor32 - ok

16:33:45.0777 1856 nvsvc (7c732aff202dcd06c3d262966d71604c) C:\Windows\system32\nvvsvc.exe

16:33:45.0798 1856 nvsvc - ok

16:33:46.0001 1856 nvUpdatusService (262d2fbf211a88dcb84249df0f6ef6e7) C:\Program Files\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe

16:33:46.0061 1856 nvUpdatusService - ok

16:33:46.0157 1856 nv_agp (5a0983915f02bae73267cc2a041f717d) C:\Windows\system32\drivers\nv_agp.sys

16:33:46.0170 1856 nv_agp - ok

16:33:46.0184 1856 ohci1394 (08a70a1f2cdde9bb49b885cb817a66eb) C:\Windows\system32\drivers\ohci1394.sys

16:33:46.0210 1856 ohci1394 - ok

16:33:46.0249 1856 p2pimsvc (82a8521ddc60710c3d3d3e7325209bec) C:\Windows\system32\pnrpsvc.dll

16:33:46.0264 1856 p2pimsvc - ok

16:33:46.0288 1856 p2psvc (59c3ddd501e39e006dac31bf55150d91) C:\Windows\system32\p2psvc.dll

16:33:46.0316 1856 p2psvc - ok

16:33:46.0344 1856 Parport (2ea877ed5dd9713c5ac74e8ea7348d14) C:\Windows\system32\DRIVERS\parport.sys

16:33:46.0380 1856 Parport - ok

16:33:46.0407 1856 partmgr (3f34a1b4c5f6475f320c275e63afce9b) C:\Windows\system32\drivers\partmgr.sys

16:33:46.0436 1856 partmgr - ok

16:33:46.0468 1856 Parvdm (eb0a59f29c19b86479d36b35983daadc) C:\Windows\system32\DRIVERS\parvdm.sys

16:33:46.0486 1856 Parvdm - ok

16:33:46.0555 1856 pbfilter (2f6e885c432927a186c2e352c8a1cbf4) C:\Program Files\PeerBlock\pbfilter.sys

16:33:46.0571 1856 pbfilter - ok

16:33:46.0595 1856 PcaSvc (358ab7956d3160000726574083dfc8a6) C:\Windows\System32\pcasvc.dll

16:33:46.0630 1856 PcaSvc - ok

16:33:46.0656 1856 pci (673e55c3498eb970088e812ea820aa8f) C:\Windows\system32\drivers\pci.sys

16:33:46.0669 1856 pci - ok

16:33:46.0704 1856 pciide (afe86f419014db4e5593f69ffe26ce0a) C:\Windows\system32\drivers\pciide.sys

16:33:46.0715 1856 pciide - ok

16:33:46.0739 1856 pcmcia (f396431b31693e71e8a80687ef523506) C:\Windows\system32\DRIVERS\pcmcia.sys

16:33:46.0752 1856 pcmcia - ok

16:33:46.0781 1856 pcw (250f6b43d2b613172035c6747aeeb19f) C:\Windows\system32\drivers\pcw.sys

16:33:46.0793 1856 pcw - ok

16:33:46.0848 1856 PEAUTH (9e0104ba49f4e6973749a02bf41344ed) C:\Windows\system32\drivers\peauth.sys

16:33:46.0930 1856 PEAUTH - ok

16:33:46.0993 1856 PeerDistSvc (af4d64d2a57b9772cf3801950b8058a6) C:\Windows\system32\peerdistsvc.dll

16:33:47.0028 1856 PeerDistSvc - ok

16:33:47.0115 1856 pla (414bba67a3ded1d28437eb66aeb8a720) C:\Windows\system32\pla.dll

16:33:47.0151 1856 pla - ok

16:33:47.0243 1856 PlugPlay (ec7bc28d207da09e79b3e9faf8b232ca) C:\Windows\system32\umpnpmgr.dll

16:33:47.0268 1856 PlugPlay - ok

16:33:47.0293 1856 PNRPAutoReg (63ff8572611249931eb16bb8eed6afc8) C:\Windows\system32\pnrpauto.dll

16:33:47.0302 1856 PNRPAutoReg - ok

16:33:47.0322 1856 PNRPsvc (82a8521ddc60710c3d3d3e7325209bec) C:\Windows\system32\pnrpsvc.dll

16:33:47.0332 1856 PNRPsvc - ok

16:33:47.0362 1856 PolicyAgent (53946b69ba0836bd95b03759530c81ec) C:\Windows\System32\ipsecsvc.dll

16:33:47.0391 1856 PolicyAgent - ok

16:33:47.0420 1856 Power (f87d30e72e03d579a5199ccb3831d6ea) C:\Windows\system32\umpo.dll

16:33:47.0485 1856 Power - ok

16:33:47.0528 1856 PptpMiniport (631e3e205ad6d86f2aed6a4a8e69f2db) C:\Windows\system32\DRIVERS\raspptp.sys

16:33:47.0592 1856 PptpMiniport - ok

16:33:47.0607 1856 Processor (85b1e3a0c7585bc4aae6899ec6fcf011) C:\Windows\system32\DRIVERS\processr.sys

16:33:47.0628 1856 Processor - ok

16:33:47.0674 1856 ProfSvc (cadefac453040e370a1bdff3973be00d) C:\Windows\system32\profsvc.dll

16:33:47.0695 1856 ProfSvc - ok

16:33:47.0712 1856 ProtectedStorage (81951f51e318aecc2d68559e47485cc4) C:\Windows\system32\lsass.exe

16:33:47.0724 1856 ProtectedStorage - ok

16:33:47.0760 1856 Psched (6270ccae2a86de6d146529fe55b3246a) C:\Windows\system32\DRIVERS\pacer.sys

16:33:47.0798 1856 Psched - ok

16:33:47.0884 1856 ql2300 (ab95ecf1f6659a60ddc166d8315b0751) C:\Windows\system32\DRIVERS\ql2300.sys

16:33:47.0919 1856 ql2300 - ok

16:33:48.0012 1856 ql40xx (b4dd51dd25182244b86737dc51af2270) C:\Windows\system32\DRIVERS\ql40xx.sys

16:33:48.0020 1856 ql40xx - ok

16:33:48.0047 1856 QWAVE (31ac809e7707eb580b2bdb760390765a) C:\Windows\system32\qwave.dll

16:33:48.0061 1856 QWAVE - ok

16:33:48.0117 1856 QWAVEdrv (584078ca1b95ca72df2a27c336f9719d) C:\Windows\system32\drivers\qwavedrv.sys

16:33:48.0126 1856 QWAVEdrv - ok

16:33:48.0166 1856 RapiMgr (8f97d374ad1857e1eed85a79f29a1d3d) C:\Windows\WindowsMobile\rapimgr.dll

16:33:48.0175 1856 RapiMgr - ok

16:33:48.0197 1856 RasAcd (30a81b53c766d0133bb86d234e5556ab) C:\Windows\system32\DRIVERS\rasacd.sys

16:33:48.0268 1856 RasAcd - ok

16:33:48.0306 1856 RasAgileVpn (57ec4aef73660166074d8f7f31c0d4fd) C:\Windows\system32\DRIVERS\AgileVpn.sys

16:33:48.0369 1856 RasAgileVpn - ok

16:33:48.0398 1856 RasAuto (a60f1839849c0c00739787fd5ec03f13) C:\Windows\System32\rasauto.dll

16:33:48.0425 1856 RasAuto - ok

16:33:48.0435 1856 Rasl2tp (d9f91eafec2815365cbe6d167e4e332a) C:\Windows\system32\DRIVERS\rasl2tp.sys

16:33:48.0474 1856 Rasl2tp - ok

16:33:48.0524 1856 RasMan (cb9e04dc05eacf5b9a36ca276d475006) C:\Windows\System32\rasmans.dll

16:33:48.0554 1856 RasMan - ok

16:33:48.0579 1856 RasPppoe (0fe8b15916307a6ac12bfb6a63e45507) C:\Windows\system32\DRIVERS\raspppoe.sys

16:33:48.0596 1856 RasPppoe - ok

16:33:48.0624 1856 RasSstp (44101f495a83ea6401d886e7fd70096b) C:\Windows\system32\DRIVERS\rassstp.sys

16:33:48.0649 1856 RasSstp - ok

16:33:48.0680 1856 rdbss (d528bc58a489409ba40334ebf96a311b) C:\Windows\system32\DRIVERS\rdbss.sys

16:33:48.0705 1856 rdbss - ok

16:33:48.0721 1856 rdpbus (0d8f05481cb76e70e1da06ee9f0da9df) C:\Windows\system32\DRIVERS\rdpbus.sys

16:33:48.0730 1856 rdpbus - ok

16:33:48.0754 1856 RDPCDD (23dae03f29d253ae74c44f99e515f9a1) C:\Windows\system32\DRIVERS\RDPCDD.sys

16:33:48.0781 1856 RDPCDD - ok

16:33:48.0801 1856 RDPDR (b973fcfc50dc1434e1970a146f7e3885) C:\Windows\system32\drivers\rdpdr.sys

16:33:48.0850 1856 RDPDR - ok

16:33:48.0861 1856 RDPENCDD (5a53ca1598dd4156d44196d200c94b8a) C:\Windows\system32\drivers\rdpencdd.sys

16:33:48.0915 1856 RDPENCDD - ok

16:33:48.0931 1856 RDPREFMP (44b0a53cd4f27d50ed461dae0c0b4e1f) C:\Windows\system32\drivers\rdprefmp.sys

16:33:48.0954 1856 RDPREFMP - ok

16:33:48.0984 1856 RDPWD (f031683e6d1fea157abb2ff260b51e61) C:\Windows\system32\drivers\RDPWD.sys

16:33:49.0017 1856 RDPWD - ok

16:33:49.0060 1856 rdyboost (518395321dc96fe2c9f0e96ac743b656) C:\Windows\system32\drivers\rdyboost.sys

16:33:49.0073 1856 rdyboost - ok

16:33:49.0095 1856 RemoteAccess (7b5e1419717fac363a31cc302895217a) C:\Windows\System32\mprdim.dll

16:33:49.0130 1856 RemoteAccess - ok

16:33:49.0165 1856 RemoteRegistry (cb9a8683f4ef2bf99e123d79950d7935) C:\Windows\system32\regsvc.dll

16:33:49.0185 1856 RemoteRegistry - ok

16:33:49.0262 1856 rpcapd (b60f58f175de20a6739194e85b035178) C:\Program Files\WinPcap\rpcapd.exe

16:33:49.0271 1856 rpcapd - ok

16:33:49.0281 1856 RpcEptMapper (78d072f35bc45d9e4e1b61895c152234) C:\Windows\System32\RpcEpMap.dll

16:33:49.0299 1856 RpcEptMapper - ok

16:33:49.0316 1856 RpcLocator (94d36c0e44677dd26981d2bfeef2a29d) C:\Windows\system32\locator.exe

16:33:49.0335 1856 RpcLocator - ok

16:33:49.0373 1856 RpcSs (7660f01d3b38aca1747e397d21d790af) C:\Windows\system32\rpcss.dll

16:33:49.0393 1856 RpcSs - ok

16:33:49.0411 1856 rspndr (032b0d36ad92b582d869879f5af5b928) C:\Windows\system32\DRIVERS\rspndr.sys

16:33:49.0428 1856 rspndr - ok

16:33:49.0451 1856 RTL8167 (3983cea05bb855351d75f5482b6c42ce) C:\Windows\system32\DRIVERS\Rt86win7.sys

16:33:49.0481 1856 RTL8167 - ok

16:33:49.0497 1856 s3cap (7fa7f2e249a5dcbb7970630e15e1f482) C:\Windows\system32\drivers\vms3cap.sys

16:33:49.0512 1856 s3cap - ok

16:33:49.0529 1856 SamSs (81951f51e318aecc2d68559e47485cc4) C:\Windows\system32\lsass.exe

16:33:49.0537 1856 SamSs - ok

16:33:49.0551 1856 sbp2port (05d860da1040f111503ac416ccef2bca) C:\Windows\system32\drivers\sbp2port.sys

16:33:49.0559 1856 sbp2port - ok

16:33:49.0585 1856 SCardSvr (8fc518ffe9519c2631d37515a68009c4) C:\Windows\System32\SCardSvr.dll

16:33:49.0604 1856 SCardSvr - ok

16:33:49.0631 1856 scfilter (0693b5ec673e34dc147e195779a4dcf6) C:\Windows\system32\DRIVERS\scfilter.sys

16:33:49.0662 1856 scfilter - ok

16:33:49.0710 1856 Schedule (a04bb13f8a72f8b6e8b4071723e4e336) C:\Windows\system32\schedsvc.dll

16:33:49.0743 1856 Schedule - ok

16:33:49.0775 1856 SCPolicySvc (319c6b309773d063541d01df8ac6f55f) C:\Windows\System32\certprop.dll

16:33:49.0834 1856 SCPolicySvc - ok

16:33:49.0858 1856 SDRSVC (08236c4bce5edd0a0318a438af28e0f7) C:\Windows\System32\SDRSVC.dll

16:33:49.0905 1856 SDRSVC - ok

16:33:49.0947 1856 secdrv (90a3935d05b494a5a39d37e71f09a677) C:\Windows\system32\drivers\secdrv.sys

16:33:49.0997 1856 secdrv - ok

16:33:50.0017 1856 seclogon (a59b3a4442c52060cc7a85293aa3546f) C:\Windows\system32\seclogon.dll

16:33:50.0051 1856 seclogon - ok

16:33:50.0064 1856 SENS (dcb7fcdcc97f87360f75d77425b81737) C:\Windows\system32\sens.dll

16:33:50.0099 1856 SENS - ok

16:33:50.0121 1856 SensrSvc (50087fe1ee447009c9cc2997b90de53f) C:\Windows\system32\sensrsvc.dll

16:33:50.0144 1856 SensrSvc - ok

16:33:50.0175 1856 Serenum (9ad8b8b515e3df6acd4212ef465de2d1) C:\Windows\system32\DRIVERS\serenum.sys

16:33:50.0183 1856 Serenum - ok

16:33:50.0218 1856 Serial (5fb7fcea0490d821f26f39cc5ea3d1e2) C:\Windows\system32\DRIVERS\serial.sys

16:33:50.0226 1856 Serial - ok

16:33:50.0251 1856 sermouse (79bffb520327ff916a582dfea17aa813) C:\Windows\system32\DRIVERS\sermouse.sys

16:33:50.0259 1856 sermouse - ok

16:33:50.0294 1856 SessionEnv (4ae380f39a0032eab7dd953030b26d28) C:\Windows\system32\sessenv.dll

16:33:50.0311 1856 SessionEnv - ok

16:33:50.0323 1856 sffdisk (9f976e1eb233df46fce808d9dea3eb9c) C:\Windows\system32\drivers\sffdisk.sys

16:33:50.0332 1856 sffdisk - ok

16:33:50.0335 1856 sffp_mmc (932a68ee27833cfd57c1639d375f2731) C:\Windows\system32\drivers\sffp_mmc.sys

16:33:50.0353 1856 sffp_mmc - ok

16:33:50.0362 1856 sffp_sd (6d4ccaedc018f1cf52866bbbaa235982) C:\Windows\system32\drivers\sffp_sd.sys

16:33:50.0371 1856 sffp_sd - ok

16:33:50.0378 1856 sfloppy (db96666cc8312ebc45032f30b007a547) C:\Windows\system32\DRIVERS\sfloppy.sys

16:33:50.0397 1856 sfloppy - ok

16:33:50.0456 1856 SharedAccess (d1a079a0de2ea524513b6930c24527a2) C:\Windows\System32\ipnathlp.dll

16:33:50.0531 1856 SharedAccess - ok

16:33:50.0576 1856 ShellHWDetection (414da952a35bf5d50192e28263b40577) C:\Windows\System32\shsvcs.dll

16:33:50.0604 1856 ShellHWDetection - ok

16:33:50.0640 1856 simptcp (f5aaa8cdda25b6387af590d676d25bad) C:\Windows\System32\tcpsvcs.exe

16:33:50.0660 1856 simptcp - ok

16:33:50.0690 1856 sisagp (2565cac0dc9fe0371bdce60832582b2e) C:\Windows\system32\drivers\sisagp.sys

16:33:50.0698 1856 sisagp - ok

16:33:50.0723 1856 SiSRaid2 (a9f0486851becb6dda1d89d381e71055) C:\Windows\system32\DRIVERS\SiSRaid2.sys

16:33:50.0730 1856 SiSRaid2 - ok

16:33:50.0740 1856 SiSRaid4 (3727097b55738e2f554972c3be5bc1aa) C:\Windows\system32\DRIVERS\sisraid4.sys

16:33:50.0749 1856 SiSRaid4 - ok

16:33:50.0781 1856 Smb (3e21c083b8a01cb70ba1f09303010fce) C:\Windows\system32\DRIVERS\smb.sys

16:33:50.0798 1856 Smb - ok

16:33:50.0835 1856 SNMPTRAP (6a984831644eca1a33ffeae4126f4f37) C:\Windows\System32\snmptrap.exe

16:33:50.0855 1856 SNMPTRAP - ok

16:33:50.0867 1856 spldr (95cf1ae7527fb70f7816563cbc09d942) C:\Windows\system32\drivers\spldr.sys

16:33:50.0874 1856 spldr - ok

16:33:50.0908 1856 Spooler (866a43013535dc8587c258e43579c764) C:\Windows\System32\spoolsv.exe

16:33:50.0941 1856 Spooler - ok

16:33:51.0115 1856 sppsvc (cf87a1de791347e75b98885214ced2b8) C:\Windows\system32\sppsvc.exe

16:33:51.0184 1856 sppsvc - ok

16:33:51.0282 1856 sppuinotify (b0180b20b065d89232a78a40fe56eaa6) C:\Windows\system32\sppuinotify.dll

16:33:51.0301 1856 sppuinotify - ok

16:33:51.0379 1856 sptd (cdddec541bc3c96f91ecb48759673505) C:\Windows\system32\Drivers\sptd.sys

16:33:51.0379 1856 Suspicious file (NoAccess): C:\Windows\system32\Drivers\sptd.sys. md5: cdddec541bc3c96f91ecb48759673505

16:33:51.0380 1856 sptd ( LockedFile.Multi.Generic ) - warning

16:33:51.0380 1856 sptd - detected LockedFile.Multi.Generic (1)

16:33:51.0432 1856 srv (e4c2764065d66ea1d2d3ebc28fe99c46) C:\Windows\system32\DRIVERS\srv.sys

16:33:51.0467 1856 srv - ok

16:33:51.0551 1856 srv2 (03f0545bd8d4c77fa0ae1ceedfcc71ab) C:\Windows\system32\DRIVERS\srv2.sys

16:33:51.0595 1856 srv2 - ok

16:33:51.0743 1856 srvnet (be6bd660caa6f291ae06a718a4fa8abc) C:\Windows\system32\DRIVERS\srvnet.sys

16:33:51.0755 1856 srvnet - ok

16:33:51.0777 1856 SSDPSRV (d887c9fd02ac9fa880f6e5027a43e118) C:\Windows\System32\ssdpsrv.dll

16:33:51.0812 1856 SSDPSRV - ok

16:33:51.0838 1856 ssmdrv (a36ee93698802cd899f98bfd553d8185) C:\Windows\system32\DRIVERS\ssmdrv.sys

16:33:51.0844 1856 ssmdrv - ok

16:33:51.0856 1856 SstpSvc (d318f23be45d5e3a107469eb64815b50) C:\Windows\system32\sstpsvc.dll

16:33:51.0874 1856 SstpSvc - ok

16:33:51.0894 1856 stexstor (db32d325c192b801df274bfd12a7e72b) C:\Windows\system32\DRIVERS\stexstor.sys

16:33:51.0901 1856 stexstor - ok

16:33:51.0938 1856 StiSvc (e1fb3706030fb4578a0d72c2fc3689e4) C:\Windows\System32\wiaservc.dll

16:33:51.0968 1856 StiSvc - ok

16:33:51.0993 1856 storflt (472af0311073dceceaa8fa18ba2bdf89) C:\Windows\system32\drivers\vmstorfl.sys

16:33:52.0001 1856 storflt - ok

16:33:52.0034 1856 StorSvc (0bf669f0a910beda4a32258d363af2a5) C:\Windows\system32\storsvc.dll

16:33:52.0043 1856 StorSvc - ok

16:33:52.0071 1856 storvsc (dcaffd62259e0bdb433dd67b5bb37619) C:\Windows\system32\drivers\storvsc.sys

16:33:52.0078 1856 storvsc - ok

16:33:52.0119 1856 swenum (e58c78a848add9610a4db6d214af5224) C:\Windows\system32\drivers\swenum.sys

16:33:52.0147 1856 swenum - ok

16:33:52.0191 1856 swprv (a28bd92df340e57b024ba433165d34d7) C:\Windows\System32\swprv.dll

16:33:52.0229 1856 swprv - ok

16:33:52.0296 1856 SysMain (36650d618ca34c9d357dfd3d89b2c56f) C:\Windows\system32\sysmain.dll

16:33:52.0326 1856 SysMain - ok

16:33:52.0431 1856 T3Srv (9653f656d8dae24bb9a59e2e0c1d01b9) C:\Program Files\FLIR Systems\FLIR Device Drivers\FLIR T3Srv\sysx86\T3Srv.exe

16:33:52.0444 1856 T3Srv - ok

16:33:52.0530 1856 TabletInputService (763fecdc3d30c815fe72dd57936c6cd1) C:\Windows\System32\TabSvc.dll

16:33:52.0542 1856 TabletInputService - ok

16:33:52.0577 1856 TapiSrv (613bf4820361543956909043a265c6ac) C:\Windows\System32\tapisrv.dll

16:33:52.0610 1856 TapiSrv - ok

16:33:52.0636 1856 TBS (b799d9fdb26111737f58288d8dc172d9) C:\Windows\System32\tbssvc.dll

16:33:52.0702 1856 TBS - ok

16:33:52.0825 1856 Tcpip (7fa2e0f8b072bd04b77b421480b6cc22) C:\Windows\system32\drivers\tcpip.sys

16:33:52.0862 1856 Tcpip - ok

16:33:52.0978 1856 TCPIP6 (7fa2e0f8b072bd04b77b421480b6cc22) C:\Windows\system32\DRIVERS\tcpip.sys

16:33:53.0008 1856 TCPIP6 - ok

16:33:53.0091 1856 tcpipreg (cca24162e055c3714ce5a88b100c64ed) C:\Windows\system32\drivers\tcpipreg.sys

16:33:53.0107 1856 tcpipreg - ok

16:33:53.0133 1856 TDPIPE (1cb91b2bd8f6dd367dfc2ef26fd751b2) C:\Windows\system32\drivers\tdpipe.sys

16:33:53.0151 1856 TDPIPE - ok

16:33:53.0187 1856 TDTCP (2c2c5afe7ee4f620d69c23c0617651a8) C:\Windows\system32\drivers\tdtcp.sys

16:33:53.0203 1856 TDTCP - ok

16:33:53.0248 1856 tdx (b459575348c20e8121d6039da063c704) C:\Windows\system32\DRIVERS\tdx.sys

16:33:53.0265 1856 tdx - ok

16:33:53.0301 1856 TermDD (04dbf4b01ea4bf25a9a3e84affac9b20) C:\Windows\system32\drivers\termdd.sys

16:33:53.0309 1856 TermDD - ok

16:33:53.0357 1856 TermService (382c804c92811be57829d8e550a900e2) C:\Windows\System32\termsrv.dll

16:33:53.0435 1856 TermService - ok

16:33:53.0457 1856 Themes (42fb6afd6b79d9fe07381609172e7ca4) C:\Windows\system32\themeservice.dll

16:33:53.0486 1856 Themes - ok

16:33:53.0528 1856 THREADORDER (146b6f43a673379a3c670e86d89be5ea) C:\Windows\system32\mmcss.dll

16:33:53.0554 1856 THREADORDER - ok

16:33:53.0604 1856 TPkd (a00dbb3ccf4e0821dd531db8746a1374) C:\Windows\system32\drivers\TPkd.sys

16:33:53.0611 1856 TPkd - ok

16:33:53.0633 1856 TrkWks (4792c0378db99a9bc2ae2de6cfff0c3a) C:\Windows\System32\trkwks.dll

16:33:53.0665 1856 TrkWks - ok

16:33:53.0699 1856 truecrypt (aceb4f4f83b895e15c8c1a2f55009783) C:\Windows\system32\drivers\truecrypt.sys

16:33:53.0709 1856 truecrypt - ok

16:33:53.0754 1856 TrustedInstaller (2c49b175aee1d4364b91b531417fe583) C:\Windows\servicing\TrustedInstaller.exe

16:33:53.0781 1856 TrustedInstaller - ok

16:33:53.0816 1856 tssecsrv (254bb140eee3c59d6114c1a86b636877) C:\Windows\system32\DRIVERS\tssecsrv.sys

16:33:53.0832 1856 tssecsrv - ok

16:33:53.0873 1856 TsUsbFlt (fd1d6c73e6333be727cbcc6054247654) C:\Windows\system32\drivers\tsusbflt.sys

16:33:53.0905 1856 TsUsbFlt - ok

16:33:53.0936 1856 tunnel (b2fa25d9b17a68bb93d58b0556e8c90d) C:\Windows\system32\DRIVERS\tunnel.sys

16:33:53.0986 1856 tunnel - ok

16:33:54.0001 1856 uagp35 (750fbcb269f4d7dd2e420c56b795db6d) C:\Windows\system32\DRIVERS\uagp35.sys

16:33:54.0013 1856 uagp35 - ok

16:33:54.0065 1856 udfs (ee43346c7e4b5e63e54f927babbb32ff) C:\Windows\system32\DRIVERS\udfs.sys

16:33:54.0091 1856 udfs - ok

16:33:54.0122 1856 UI0Detect (8344fd4fce927880aa1aa7681d4927e5) C:\Windows\system32\UI0Detect.exe

16:33:54.0144 1856 UI0Detect - ok

16:33:54.0171 1856 uliagpkx (44e8048ace47befbfdc2e9be4cbc8880) C:\Windows\system32\drivers\uliagpkx.sys

16:33:54.0179 1856 uliagpkx - ok

16:33:54.0206 1856 umbus (d295bed4b898f0fd999fcfa9b32b071b) C:\Windows\system32\DRIVERS\umbus.sys

16:33:54.0222 1856 umbus - ok

16:33:54.0241 1856 UmPass (7550ad0c6998ba1cb4843e920ee0feac) C:\Windows\system32\DRIVERS\umpass.sys

16:33:54.0258 1856 UmPass - ok

16:33:54.0286 1856 UmRdpService (409994a8eaceee4e328749c0353527a0) C:\Windows\System32\umrdp.dll

16:33:54.0304 1856 UmRdpService - ok

16:33:54.0342 1856 upnphost (833fbb672460efce8011d262175fad33) C:\Windows\System32\upnphost.dll

16:33:54.0371 1856 upnphost - ok

16:33:54.0395 1856 usbccgp (bd9c55d7023c5de374507acc7a14e2ac) C:\Windows\system32\DRIVERS\usbccgp.sys

16:33:54.0403 1856 usbccgp - ok

16:33:54.0424 1856 usbcir (04ec7cec62ec3b6d9354eee93327fc82) C:\Windows\system32\drivers\usbcir.sys

16:33:54.0434 1856 usbcir - ok

16:33:54.0493 1856 usbehci (f92de757e4b7ce9c07c5e65423f3ae3b) C:\Windows\system32\DRIVERS\usbehci.sys

16:33:54.0520 1856 usbehci - ok

16:33:54.0552 1856 usbhub (8dc94aec6a7e644a06135ae7506dc2e9) C:\Windows\system32\DRIVERS\usbhub.sys

16:33:54.0598 1856 usbhub - ok

16:33:54.0627 1856 usbohci (e185d44fac515a18d9deddc23c2cdf44) C:\Windows\system32\DRIVERS\usbohci.sys

16:33:54.0661 1856 usbohci - ok

16:33:54.0688 1856 usbprint (797d862fe0875e75c7cc4c1ad7b30252) C:\Windows\system32\DRIVERS\usbprint.sys

16:33:54.0727 1856 usbprint - ok

16:33:54.0764 1856 usbscan (576096ccbc07e7c4ea4f5e6686d6888f) C:\Windows\system32\DRIVERS\usbscan.sys

16:33:54.0785 1856 usbscan - ok

16:33:54.0811 1856 USBSTOR (f991ab9cc6b908db552166768176896a) C:\Windows\system32\DRIVERS\USBSTOR.SYS

16:33:54.0831 1856 USBSTOR - ok

16:33:54.0855 1856 usbuhci (78780c3ebce17405b1ccd07a3a8a7d72) C:\Windows\system32\DRIVERS\usbuhci.sys

16:33:54.0879 1856 usbuhci - ok

16:33:54.0913 1856 usb_rndisx (d82f43d15fdaa666856c0190cb73e7c9) C:\Windows\system32\DRIVERS\usb8023x.sys

16:33:54.0939 1856 usb_rndisx - ok

16:33:54.0957 1856 UxSms (081e6e1c91aec36758902a9f727cd23c) C:\Windows\System32\uxsms.dll

16:33:54.0983 1856 UxSms - ok

16:33:55.0004 1856 VaultSvc (81951f51e318aecc2d68559e47485cc4) C:\Windows\system32\lsass.exe

16:33:55.0012 1856 VaultSvc - ok

16:33:55.0049 1856 vdrvroot (a059c4c3edb09e07d21a8e5c0aabd3cb) C:\Windows\system32\drivers\vdrvroot.sys

16:33:55.0057 1856 vdrvroot - ok

16:33:55.0091 1856 vds (c3cd30495687c2a2f66a65ca6fd89be9) C:\Windows\System32\vds.exe

16:33:55.0127 1856 vds - ok

16:33:55.0142 1856 vga (17c408214ea61696cec9c66e388b14f3) C:\Windows\system32\DRIVERS\vgapnp.sys

16:33:55.0158 1856 vga - ok

16:33:55.0174 1856 VgaSave (8e38096ad5c8570a6f1570a61e251561) C:\Windows\System32\drivers\vga.sys

16:33:55.0191 1856 VgaSave - ok

16:33:55.0224 1856 vhdmp (5461686cca2fda57b024547733ab42e3) C:\Windows\system32\drivers\vhdmp.sys

16:33:55.0233 1856 vhdmp - ok

16:33:55.0250 1856 viaagp (c829317a37b4bea8f39735d4b076e923) C:\Windows\system32\drivers\viaagp.sys

16:33:55.0258 1856 viaagp - ok

16:33:55.0285 1856 ViaC7 (e02f079a6aa107f06b16549c6e5c7b74) C:\Windows\system32\DRIVERS\viac7.sys

16:33:55.0319 1856 ViaC7 - ok

16:33:55.0337 1856 viaide (e43574f6a56a0ee11809b48c09e4fd3c) C:\Windows\system32\drivers\viaide.sys

16:33:55.0365 1856 viaide - ok

16:33:55.0454 1856 VMAuthdService (16073f2bc424558ebd277a15188d329e) C:\Program Files\VMware\VMware Player\vmware-authd.exe

16:33:55.0472 1856 VMAuthdService ( UnsignedFile.Multi.Generic ) - warning

16:33:55.0472 1856 VMAuthdService - detected UnsignedFile.Multi.Generic (1)

16:33:55.0507 1856 vmbus (c2f2911156fdc7817c52829c86da494e) C:\Windows\system32\drivers\vmbus.sys

16:33:55.0537 1856 vmbus - ok

16:33:55.0544 1856 VMBusHID (d4d77455211e204f370d08f4963063ce) C:\Windows\system32\drivers\VMBusHID.sys

16:33:55.0554 1856 VMBusHID - ok

16:33:55.0578 1856 vmci (15759158f7531853616b2b43af962fcb) C:\Windows\system32\DRIVERS\vmci.sys

16:33:55.0589 1856 vmci - ok

16:33:55.0615 1856 vmkbd (050b387296f34735d21dfa87cec37352) C:\Windows\system32\drivers\VMkbd.sys

16:33:55.0624 1856 vmkbd - ok

16:33:55.0659 1856 VMnetAdapter (1afa4af55cbea579a4bbe4f90967f720) C:\Windows\system32\DRIVERS\vmnetadapter.sys

16:33:55.0668 1856 VMnetAdapter - ok

16:33:55.0710 1856 VMnetBridge (392964a7bf46986fbd44b24a3bec2088) C:\Windows\system32\DRIVERS\vmnetbridge.sys

16:33:55.0719 1856 VMnetBridge - ok

16:33:55.0745 1856 VMnetDHCP (767b32d0466ef960e2657f028ed936fc) C:\Windows\system32\vmnetdhcp.exe

16:33:55.0762 1856 VMnetDHCP - ok

16:33:55.0769 1856 VMnetuserif (effcb341824be12e3134d4fb970a11e4) C:\Windows\system32\drivers\vmnetuserif.sys

16:33:55.0777 1856 VMnetuserif - ok

16:33:55.0850 1856 VMUSBArbService (af76c6d3f5053459e18e4c519fb496c8) C:\Program Files\Common Files\VMware\USB\vmware-usbarbitrator.exe

16:33:55.0863 1856 VMUSBArbService - ok

16:33:55.0893 1856 VMware NAT Service (0b55659b537065303fde1b4aaf646f16) C:\Windows\system32\vmnat.exe

16:33:55.0905 1856 VMware NAT Service - ok

16:33:55.0939 1856 vmx86 (20b24d3b2dac84664eefeebf55b53008) C:\Windows\system32\Drivers\vmx86.sys

16:33:55.0946 1856 vmx86 - ok

16:33:55.0969 1856 volmgr (4c63e00f2f4b5f86ab48a58cd990f212) C:\Windows\system32\drivers\volmgr.sys

16:33:55.0976 1856 volmgr - ok

16:33:56.0004 1856 volmgrx (b5bb72067ddddbbfb04b2f89ff8c3c87) C:\Windows\system32\drivers\volmgrx.sys

16:33:56.0015 1856 volmgrx - ok

16:33:56.0030 1856 volsnap (f497f67932c6fa693d7de2780631cfe7) C:\Windows\system32\drivers\volsnap.sys

16:33:56.0040 1856 volsnap - ok

16:33:56.0054 1856 vsmraid (9dfa0cc2f8855a04816729651175b631) C:\Windows\system32\DRIVERS\vsmraid.sys

16:33:56.0062 1856 vsmraid - ok

16:33:56.0156 1856 VSS (209a3b1901b83aeb8527ed211cce9e4c) C:\Windows\system32\vssvc.exe

16:33:56.0216 1856 VSS - ok

16:33:56.0226 1856 vwifibus (90567b1e658001e79d7c8bbd3dde5aa6) C:\Windows\System32\drivers\vwifibus.sys

16:33:56.0249 1856 vwifibus - ok

16:33:56.0278 1856 W32Time (55187fd710e27d5095d10a472c8baf1c) C:\Windows\system32\w32time.dll

16:33:56.0323 1856 W32Time - ok

16:33:56.0345 1856 WacomPen (de3721e89c653aa281428c8a69745d90) C:\Windows\system32\DRIVERS\wacompen.sys

16:33:56.0367 1856 WacomPen - ok

16:33:56.0398 1856 WANARP (3c3c78515f5ab448b022bdf5b8ffdd2e) C:\Windows\system32\DRIVERS\wanarp.sys

16:33:56.0437 1856 WANARP - ok

16:33:56.0439 1856 Wanarpv6 (3c3c78515f5ab448b022bdf5b8ffdd2e) C:\Windows\system32\DRIVERS\wanarp.sys

16:33:56.0463 1856 Wanarpv6 - ok

16:33:56.0542 1856 wbengine (691e3285e53dca558e1a84667f13e15a) C:\Windows\system32\wbengine.exe

16:33:56.0574 1856 wbengine - ok

16:33:56.0608 1856 WbioSrvc (9614b5d29dc76ac3c29f6d2d3aa70e67) C:\Windows\System32\wbiosrvc.dll

16:33:56.0640 1856 WbioSrvc - ok

16:33:56.0723 1856 WcesComm (59e19bd13c3bdb857646b9e436ba27f7) C:\Windows\WindowsMobile\wcescomm.dll

16:33:56.0735 1856 WcesComm - ok

16:33:56.0789 1856 wcncsvc (34eee0dfaadb4f691d6d5308a51315dc) C:\Windows\System32\wcncsvc.dll

16:33:56.0850 1856 wcncsvc - ok

16:33:56.0878 1856 WcsPlugInService (5d930b6357a6d2af4d7653bdabbf352f) C:\Windows\System32\WcsPlugInService.dll

16:33:56.0900 1856 WcsPlugInService - ok

16:33:56.0949 1856 Wd (1112a9badacb47b7c0bb0392e3158dff) C:\Windows\system32\DRIVERS\wd.sys

16:33:56.0961 1856 Wd - ok

16:33:56.0986 1856 Wdf01000 (9950e3d0f08141c7e89e64456ae7dc73) C:\Windows\system32\drivers\Wdf01000.sys

16:33:57.0004 1856 Wdf01000 - ok

16:33:57.0019 1856 WdiServiceHost (46ef9dc96265fd0b423db72e7c38c2a5) C:\Windows\system32\wdi.dll

16:33:57.0030 1856 WdiServiceHost - ok

16:33:57.0032 1856 WdiSystemHost (46ef9dc96265fd0b423db72e7c38c2a5) C:\Windows\system32\wdi.dll

16:33:57.0044 1856 WdiSystemHost - ok

16:33:57.0073 1856 WebClient (a9d880f97530d5b8fee278923349929d) C:\Windows\System32\webclnt.dll

16:33:57.0087 1856 WebClient - ok

16:33:57.0105 1856 Wecsvc (760f0afe937a77cff27153206534f275) C:\Windows\system32\wecsvc.dll

16:33:57.0126 1856 Wecsvc - ok

16:33:57.0137 1856 wercplsupport (ac804569bb2364fb6017370258a4091b) C:\Windows\System32\wercplsupport.dll

16:33:57.0170 1856 wercplsupport - ok

16:33:57.0196 1856 WerSvc (08e420d873e4fd85241ee2421b02c4a4) C:\Windows\System32\WerSvc.dll

16:33:57.0215 1856 WerSvc - ok

16:33:57.0252 1856 WfpLwf (8b9a943f3b53861f2bfaf6c186168f79) C:\Windows\system32\DRIVERS\wfplwf.sys

16:33:57.0283 1856 WfpLwf - ok

16:33:57.0303 1856 WIMMount (5cf95b35e59e2a38023836fff31be64c) C:\Windows\system32\drivers\wimmount.sys

16:33:57.0311 1856 WIMMount - ok

16:33:57.0396 1856 WinDefend (3fae8f94296001c32eab62cd7d82e0fd) C:\Program Files\Windows Defender\mpsvc.dll

16:33:57.0456 1856 WinDefend - ok

16:33:57.0460 1856 WinHttpAutoProxySvc - ok

16:33:57.0524 1856 Winmgmt (f62e510b6ad4c21eb9fe8668ed251826) C:\Windows\system32\wbem\WMIsvc.dll

16:33:57.0548 1856 Winmgmt - ok

16:33:57.0615 1856 WinRM (1b91cd34ea3a90ab6a4ef0550174f4cc) C:\Windows\system32\WsmSvc.dll

16:33:57.0646 1856 WinRM - ok

16:33:57.0702 1856 WinUsb (a67e5f9a400f3bd1be3d80613b45f708) C:\Windows\system32\DRIVERS\WinUsb.sys

16:33:57.0721 1856 WinUsb - ok

16:33:57.0782 1856 Wlansvc (16935c98ff639d185086a3529b1f2067) C:\Windows\System32\wlansvc.dll

16:33:57.0804 1856 Wlansvc - ok

16:33:57.0969 1856 wlidsvc (5144ae67d60ec653f97ddf3feed29e77) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE

16:33:58.0019 1856 wlidsvc - ok

16:33:58.0127 1856 WmiAcpi (0217679b8fca58714c3bf2726d2ca84e) C:\Windows\system32\drivers\wmiacpi.sys

16:33:58.0146 1856 WmiAcpi - ok

16:33:58.0192 1856 wmiApSrv (6eb6b66517b048d87dc1856ddf1f4c3f) C:\Windows\system32\wbem\WmiApSrv.exe

16:33:58.0211 1856 wmiApSrv - ok

16:33:58.0326 1856 WMPNetworkSvc (3b40d3a61aa8c21b88ae57c58ab3122e) C:\Program Files\Windows Media Player\wmpnetwk.exe

16:33:58.0384 1856 WMPNetworkSvc - ok

16:33:58.0472 1856 WPCSvc (a2f0ec770a92f2b3f9de6d518e11409c) C:\Windows\System32\wpcsvc.dll

16:33:58.0499 1856 WPCSvc - ok

16:33:58.0526 1856 WPDBusEnum (aa53356d60af47eacc85bc617a4f3f66) C:\Windows\system32\wpdbusenum.dll

16:33:58.0541 1856 WPDBusEnum - ok

16:33:58.0573 1856 ws2ifsl (6db3276587b853bf886b69528fdb048c) C:\Windows\system32\drivers\ws2ifsl.sys

16:33:58.0609 1856 ws2ifsl - ok

16:33:58.0642 1856 wscsvc (6f5d49efe0e7164e03ae773a3fe25340) C:\Windows\system32\wscsvc.dll

16:33:58.0670 1856 wscsvc - ok

16:33:58.0673 1856 WSearch - ok

16:33:58.0796 1856 wuauserv (fc3ec24fce372c89423e015a2ac1a31e) C:\Windows\system32\wuaueng.dll

16:33:58.0851 1856 wuauserv - ok

16:33:58.0980 1856 WudfPf (e714a1c0354636837e20ccbf00888ee7) C:\Windows\system32\drivers\WudfPf.sys

16:33:59.0004 1856 WudfPf - ok

16:33:59.0033 1856 WUDFRd (1023ee888c9b47178c5293ed5336ab69) C:\Windows\system32\DRIVERS\WUDFRd.sys

16:33:59.0050 1856 WUDFRd - ok

16:33:59.0074 1856 wudfsvc (8d1e1e529a2c9e9b6a85b55a345f7629) C:\Windows\System32\WUDFSvc.dll

16:33:59.0101 1856 wudfsvc - ok

16:33:59.0132 1856 WwanSvc (ff2d745b560f7c71b31f30f4d49f73d2) C:\Windows\System32\wwansvc.dll

16:33:59.0154 1856 WwanSvc - ok

16:33:59.0195 1856 MBR (0x1B8) (a36c5e4f47e84449ff07ed3517b43a31) \Device\Harddisk0\DR0

16:33:59.0622 1856 \Device\Harddisk0\DR0 - ok

16:33:59.0638 1856 MBR (0x1B8) (a36c5e4f47e84449ff07ed3517b43a31) \Device\Harddisk1\DR1

16:33:59.0707 1856 \Device\Harddisk1\DR1 - ok

16:33:59.0709 1856 Boot (0x1200) (4a7f31bb9723a7b22583cd19881aeb37) \Device\Harddisk0\DR0\Partition0

16:33:59.0710 1856 \Device\Harddisk0\DR0\Partition0 - ok

16:33:59.0722 1856 Boot (0x1200) (61c5930e0eb4583420f15738ad05ec6a) \Device\Harddisk0\DR0\Partition1

16:33:59.0722 1856 \Device\Harddisk0\DR0\Partition1 - ok

16:33:59.0744 1856 Boot (0x1200) (15811a8c20952416efeeb3939dc3f832) \Device\Harddisk1\DR1\Partition0

16:33:59.0764 1856 \Device\Harddisk1\DR1\Partition0 - ok

16:33:59.0764 1856 ============================================================

16:33:59.0764 1856 Scan finished

16:33:59.0764 1856 ============================================================

16:33:59.0771 3980 Detected object count: 7

16:33:59.0771 3980 Actual detected object count: 7

16:34:22.0590 3980 epmntdrv ( UnsignedFile.Multi.Generic ) - skipped by user

16:34:22.0590 3980 epmntdrv ( UnsignedFile.Multi.Generic ) - User select action: Skip

16:34:22.0593 3980 EuGdiDrv ( UnsignedFile.Multi.Generic ) - skipped by user

16:34:22.0594 3980 EuGdiDrv ( UnsignedFile.Multi.Generic ) - User select action: Skip

16:34:22.0595 3980 IDriverT ( UnsignedFile.Multi.Generic ) - skipped by user

16:34:22.0595 3980 IDriverT ( UnsignedFile.Multi.Generic ) - User select action: Skip

16:34:22.0597 3980 KMService ( UnsignedFile.Multi.Generic ) - skipped by user

16:34:22.0597 3980 KMService ( UnsignedFile.Multi.Generic ) - User select action: Skip

16:34:22.0598 3980 MicroGuard ( UnsignedFile.Multi.Generic ) - skipped by user

16:34:22.0598 3980 MicroGuard ( UnsignedFile.Multi.Generic ) - User select action: Skip

16:34:22.0600 3980 sptd ( LockedFile.Multi.Generic ) - skipped by user

16:34:22.0600 3980 sptd ( LockedFile.Multi.Generic ) - User select action: Skip

16:34:22.0601 3980 VMAuthdService ( UnsignedFile.Multi.Generic ) - skipped by user

16:34:22.0601 3980 VMAuthdService ( UnsignedFile.Multi.Generic ) - User select action: Skip

OTL logfile created on: 05/08/2012 16:37:13 - Run 1

OTL by OldTimer - Version 3.2.56.0 Folder = C:\Users\marc\Desktop

Professional Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation

Internet Explorer (Version = 9.0.8112.16421)

Locale: 0000040c | Country: France | Language: FRA | Date Format: dd/MM/yyyy

3,00 Gb Total Physical Memory | 2,23 Gb Available Physical Memory | 74,51% Memory free

6,00 Gb Paging File | 5,03 Gb Available in Paging File | 83,86% Paging File free

Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files

Drive C: | 189,05 Gb Total Space | 123,90 Gb Free Space | 65,54% Space Free | Partition Type: NTFS

Drive D: | 232,88 Gb Total Space | 49,79 Gb Free Space | 21,38% Space Free | Partition Type: NTFS

Computer Name: PC-MARC | User Name: marc | Logged in as Administrator.

Boot Mode: Normal | Scan Mode: Current user

Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

[tybreizh29]

part #2

========== Processes (SafeList) ==========

PRC - [2012/08/05 16:35:21 | 000,596,480 | ---- | M] (OldTimer Tools) -- C:\Users\marc\Desktop\OTL.exe

PRC - [2011/11/14 00:42:54 | 000,354,416 | ---- | M] (VMware, Inc.) -- C:\Windows\System32\vmnetdhcp.exe

PRC - [2011/11/14 00:42:52 | 000,433,264 | ---- | M] (VMware, Inc.) -- C:\Windows\System32\vmnat.exe

PRC - [2011/11/13 22:49:40 | 000,079,872 | ---- | M] (VMware, Inc.) -- C:\Program Files\VMware\VMware Player\vmware-authd.exe

PRC - [2011/08/31 18:05:19 | 000,269,480 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe

PRC - [2011/08/29 23:11:00 | 000,665,200 | ---- | M] (VMware, Inc.) -- C:\Program Files\Common Files\VMware\USB\vmware-usbarbitrator.exe

PRC - [2011/06/24 06:22:20 | 000,271,360 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\conhost.exe

PRC - [2011/06/06 12:55:28 | 000,064,952 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe

PRC - [2011/05/21 06:01:00 | 000,839,272 | ---- | M] (NVIDIA Corporation) -- C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe

PRC - [2011/04/29 19:36:36 | 000,136,360 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\sched.exe

PRC - [2011/02/25 07:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe

PRC - [2010/11/20 14:17:47 | 000,049,152 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\taskhost.exe

PRC - [2010/07/16 17:32:34 | 000,619,800 | ---- | M] (http://tortoisesvn.net) -- C:\Program Files\TortoiseSVN\bin\TSVNCache.exe

PRC - [2010/01/14 23:11:14 | 000,076,968 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\avshadow.exe

PRC - [2009/06/30 17:40:20 | 000,163,872 | ---- | M] (NVIDIA Corporation) -- C:\Windows\System32\nvraidservice.exe

========== Modules (No Company Name) ==========

MOD - [2010/07/04 23:32:38 | 000,010,752 | ---- | M] () -- C:\Program Files\Unlocker\UnlockerCOM.dll

MOD - [2009/11/04 02:14:04 | 000,054,272 | ---- | M] () -- C:\Program Files\Notepad++\NppShell_01.dll

========== Win32 Services (SafeList) ==========

SRV - [2012/08/04 11:49:32 | 000,250,056 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\System32\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)

SRV - [2012/07/28 19:11:26 | 000,113,120 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)

SRV - [2011/11/14 00:42:54 | 000,354,416 | ---- | M] (VMware, Inc.) [Auto | Running] -- C:\Windows\System32\vmnetdhcp.exe -- (VMnetDHCP)

SRV - [2011/11/14 00:42:52 | 000,433,264 | ---- | M] (VMware, Inc.) [Auto | Running] -- C:\Windows\System32\vmnat.exe -- (VMware NAT Service)

SRV - [2011/11/13 22:49:40 | 000,079,872 | ---- | M] (VMware, Inc.) [Auto | Running] -- C:\Program Files\VMware\VMware Player\vmware-authd.exe -- (VMAuthdService)

SRV - [2011/08/31 18:05:19 | 000,269,480 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService)

SRV - [2011/08/29 23:11:00 | 000,665,200 | ---- | M] (VMware, Inc.) [Auto | Running] -- C:\Program Files\Common Files\VMware\USB\vmware-usbarbitrator.exe -- (VMUSBArbService)

SRV - [2011/06/06 12:55:28 | 000,064,952 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)

SRV - [2011/05/21 06:01:00 | 002,214,504 | ---- | M] (NVIDIA Corporation) [On_Demand | Stopped] -- C:\Program Files\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe -- (nvUpdatusService)

SRV - [2011/05/17 19:56:04 | 000,008,192 | ---- | M] () [Auto | Stopped] -- C:\Windows\System32\srvany.exe -- (KMService)

SRV - [2011/04/29 19:36:36 | 000,136,360 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Program Files\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService)

SRV - [2010/06/25 19:07:20 | 000,117,264 | ---- | M] (CACE Technologies, Inc.) [On_Demand | Stopped] -- C:\Program Files\WinPcap\rpcapd.exe -- (rpcapd)

SRV - [2010/03/18 17:26:10 | 000,457,312 | ---- | M] (FLIR) [On_Demand | Stopped] -- C:\Program Files\FLIR Systems\FLIR Device Drivers\FLIR T3Srv\sysx86\T3Srv.exe -- (T3Srv)

SRV - [2010/03/01 23:09:48 | 006,074,368 | ---- | M] () [On_Demand | Stopped] -- D:\Databases\bin\mysqld.exe -- (MySQL)

SRV - [2009/12/16 16:44:36 | 003,750,400 | ---- | M] (SafeNet Inc.) [On_Demand | Stopped] -- C:\Windows\System32\hasplms.exe -- (hasplms)

SRV - [2009/07/14 03:16:15 | 000,016,384 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\StorSvc.dll -- (StorSvc)

SRV - [2009/07/14 03:16:13 | 000,025,088 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\sensrsvc.dll -- (SensrSvc)

SRV - [2009/07/14 03:16:12 | 001,004,544 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\PeerDistSvc.dll -- (PeerDistSvc)

SRV - [2009/07/14 03:15:41 | 000,680,960 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)

SRV - [2007/05/31 16:21:24 | 000,379,784 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\WindowsMobile\wcescomm.dll -- (WcesComm)

SRV - [2007/05/31 16:21:18 | 000,183,688 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\WindowsMobile\rapimgr.dll -- (RapiMgr)

========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Users\marc\AppData\Local\Temp\catchme.sys -- (catchme)

DRV - File not found [Kernel | On_Demand | Unknown] -- -- (aucjytb5)

DRV - File not found [Kernel | On_Demand | Unknown] -- C:\Users\marc\AppData\Local\Temp\aswMBR.sys -- (aswMBR)

DRV - [2012/08/04 12:19:42 | 000,017,488 | ---- | M] (Windows ® 2000 DDK provider) [Kernel | On_Demand | Stopped] -- C:\Windows\gdrv.sys -- (gdrv)

DRV - [2012/02/09 22:43:00 | 010,816,832 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvlddmkm.sys -- (nvlddmkm)

DRV - [2011/11/14 00:43:26 | 000,055,664 | ---- | M] (VMware, Inc.) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\vmx86.sys -- (vmx86)

DRV - [2011/11/14 00:42:40 | 000,025,584 | ---- | M] (VMware, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\VMkbd.sys -- (vmkbd)

DRV - [2011/11/14 00:42:08 | 000,025,712 | ---- | M] (VMware, Inc.) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\vmnetuserif.sys -- (VMnetuserif)

DRV - [2011/11/13 22:33:56 | 000,036,464 | ---- | M] (VMware, Inc.) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\vmnetbridge.sys -- (VMnetBridge)

DRV - [2011/11/13 22:33:56 | 000,016,624 | ---- | M] (VMware, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\vmnetadapter.sys -- (VMnetAdapter)

DRV - [2011/08/31 18:05:20 | 000,138,192 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\System32\drivers\avipbb.sys -- (avipbb)

DRV - [2011/08/31 18:05:20 | 000,066,616 | ---- | M] (Avira GmbH) [File_System | Auto | Running] -- C:\Windows\System32\drivers\avgntflt.sys -- (avgntflt)

DRV - [2011/08/29 23:11:00 | 000,032,496 | ---- | M] (VMware, Inc.) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\hcmon.sys -- (hcmon)

DRV - [2011/08/08 15:58:56 | 000,098,928 | ---- | M] (VMware, Inc.) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\vmci.sys -- (vmci)

DRV - [2010/11/20 14:30:15 | 000,175,360 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\vmbus.sys -- (vmbus)

DRV - [2010/11/20 14:30:15 | 000,040,704 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\vmstorfl.sys -- (storflt)

DRV - [2010/11/20 14:30:15 | 000,028,032 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\storvsc.sys -- (storvsc)

DRV - [2010/11/20 12:24:41 | 000,052,224 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\TsUsbFlt.sys -- (TsUsbFlt)

DRV - [2010/11/20 11:59:44 | 000,035,968 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\winusb.sys -- (WinUsb)

DRV - [2010/11/20 11:14:45 | 000,017,920 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\VMBusHID.sys -- (VMBusHID)

DRV - [2010/11/20 11:14:41 | 000,005,632 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\vms3cap.sys -- (s3cap)

DRV - [2010/11/06 22:24:32 | 000,020,080 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Program Files\PeerBlock\pbfilter.sys -- (pbfilter)

DRV - [2010/06/25 19:07:14 | 000,035,088 | ---- | M] (CACE Technologies, Inc.) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\npf.sys -- (NPF)

DRV - [2010/06/17 16:28:02 | 000,028,520 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\System32\drivers\ssmdrv.sys -- (ssmdrv)

DRV - [2010/06/13 10:12:05 | 000,691,696 | ---- | M] () [Kernel | Boot | Running] -- C:\Windows\System32\drivers\sptd.sys -- (sptd)

DRV - [2010/05/16 15:16:34 | 000,223,440 | ---- | M] (TrueCrypt Foundation) [Kernel | System | Running] -- C:\Windows\System32\drivers\truecrypt.sys -- (truecrypt)

DRV - [2010/01/20 16:53:06 | 000,014,216 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\System32\epmntdrv.sys -- (epmntdrv)

DRV - [2010/01/20 16:53:04 | 000,008,456 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\System32\EuGdiDrv.sys -- (EuGdiDrv)

DRV - [2009/12/09 22:27:18 | 000,588,800 | ---- | M] (SafeNet Inc.) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\hardlock.sys -- (hardlock)

DRV - [2009/08/20 08:01:50 | 000,356,864 | ---- | M] (Aladdin Knowledge Systems Ltd.) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\aksfridge.sys -- (aksfridge)

DRV - [2009/08/04 17:44:14 | 000,213,024 | ---- | M] (NVIDIA Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\nvstor32.sys -- (nvstor32)

DRV - [2009/08/04 17:44:12 | 000,139,296 | ---- | M] (NVIDIA Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\nvrd32.sys -- (nvrd32)

DRV - [2009/07/14 00:02:52 | 000,347,264 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\nvm62x32.sys -- (NVENETFD)

DRV - [2009/07/06 15:33:40 | 000,015,616 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\hcw95rc.sys -- (hcw95rc)

DRV - [2009/07/06 15:30:58 | 000,573,440 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\hcw95bda.sys -- (hcw95bda)

DRV - [2009/02/13 11:34:33 | 000,011,608 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Program Files\Avira\AntiVir Desktop\avgio.sys -- (avgio)

DRV - [2008/03/20 15:50:16 | 000,072,000 | ---- | M] (FTDI Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ftser2k.sys -- (FTSER2K)

DRV - [2008/03/20 15:50:16 | 000,057,536 | ---- | M] (FTDI Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ftdibus.sys -- (FTDIBUS)

DRV - [2007/09/05 12:04:34 | 000,079,408 | ---- | M] (PACE Anti-Piracy, Inc.) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\TPkd.sys -- (TPkd)

DRV - [2004/08/13 09:56:20 | 000,005,810 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ASACPI.sys -- (MTsensor)

DRV - [1998/03/03 14:55:58 | 000,040,480 | ---- | M] () [Kernel | Auto | Running] -- C:\Windows\System32\drivers\mgnt.sys -- (MicroGuard)

========== Standard Registry (SafeList) ==========

========== Internet Explorer ==========

IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}

IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...ms}&FORM=IE8SRC

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = fr

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = C0 5B 15 F4 19 62 CB 01 [binary data]

IE - HKCU\..\SearchScopes,DefaultScope = {46EFB80E-89CF-4F04-9263-D854E15EA830}

IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...Box&FORM=IE8SRC

IE - HKCU\..\SearchScopes\{46EFB80E-89CF-4F04-9263-D854E15EA830}: "URL" = http://www.google.fr...chTerms}+&meta=

IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..browser.search.searchbox.width: 267

FF - prefs.js..browser.search.selectedEngine: "Bing"

FF - prefs.js..browser.search.useDBForOrder: true

FF - prefs.js..browser.startup.homepage: "about:blank"

FF - prefs.js..extensions.enabledItems: amin.eft_Shutdown@gmail.com:3.6.2D

FF - prefs.js..extensions.enabledItems: personas@christopher.beard:1.6.2

FF - prefs.js..extensions.enabledItems: {37E4D8EA-8BDA-4831-8EA1-89053939A250}:3.0.0.2

FF - prefs.js..extensions.enabledItems: {71328583-3CA7-4809-B4BA-570A85818FBB}:0.6.3

FF - prefs.js..extensions.enabledItems: {B17C1C5A-04B1-11DB-9804-B622A1EF5492}:1.2.1

FF - prefs.js..extensions.enabledItems: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}:1.3.3

FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20

FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}:6.0.21

FF - prefs.js..extensions.enabledItems: adblockpopups@jessehakanen.net:0.2.2

FF - prefs.js..extensions.enabledItems: {EDA7B1D7-F793-4e03-B074-E6F303317FB0}:1.2.7

FF - prefs.js..extensions.enabledItems: formhistory@yahoo.com:1.2.8.1

FF - prefs.js..extensions.enabledItems: savecomplete@perlprogrammer.com:1.0.1

FF - prefs.js..extensions.enabledItems: {b9db16a4-6edc-47ec-a1f4-b86292ed211d}:4.8.4

FF - prefs.js..network.proxy.backup.ftp: "63.238.216.26"

FF - prefs.js..network.proxy.backup.ftp_port: 80

FF - prefs.js..network.proxy.backup.gopher: "63.238.216.26"

FF - prefs.js..network.proxy.backup.gopher_port: 80

FF - prefs.js..network.proxy.backup.socks: "63.238.216.26"

FF - prefs.js..network.proxy.backup.socks_port: 80

FF - prefs.js..network.proxy.backup.ssl: "63.238.216.26"

FF - prefs.js..network.proxy.backup.ssl_port: 80

FF - prefs.js..network.proxy.ftp: "152.3.138.4"

FF - prefs.js..network.proxy.ftp_port: 3127

FF - prefs.js..network.proxy.gopher: "152.3.138.4"

FF - prefs.js..network.proxy.gopher_port: 3127

FF - prefs.js..network.proxy.http: "152.3.138.4"

FF - prefs.js..network.proxy.http_port: 3127

FF - prefs.js..network.proxy.share_proxy_settings: true

FF - prefs.js..network.proxy.socks: "152.3.138.4"

FF - prefs.js..network.proxy.socks_port: 3127

FF - prefs.js..network.proxy.ssl: "152.3.138.4"

FF - prefs.js..network.proxy.ssl_port: 3127

FF - user.js - File not found

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32_11_3_300_270.dll ()

FF - HKLM\Software\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0: C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)

FF - HKLM\Software\MozillaPlugins\@foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/pdf: C:\Program Files\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll (Foxit Corporation)

FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)

FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)

FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation)

FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.115\npGoogleUpdate3.dll (Google Inc.)

FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.115\npGoogleUpdate3.dll (Google Inc.)

FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.0.1: C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)

FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 14.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012/07/28 19:11:27 | 000,000,000 | ---D | M]

FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 14.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011/10/17 21:22:35 | 000,000,000 | ---D | M]

FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 14.0\extensions\\Components: C:\Program Files\Mozilla Thunderbird\components [2012/06/19 21:49:46 | 000,000,000 | ---D | M]

FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 14.0\extensions\\Plugins: C:\Program Files\Mozilla Thunderbird\plugins [2011/10/17 21:22:35 | 000,000,000 | ---D | M]

FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 14.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012/07/28 19:11:27 | 000,000,000 | ---D | M]

FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 14.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011/10/17 21:22:35 | 000,000,000 | ---D | M]

[2010/05/15 19:04:29 | 000,000,000 | ---D | M] (No name found) -- C:\Users\marc\AppData\Roaming\mozilla\Extensions

[2010/05/15 19:04:29 | 000,000,000 | ---D | M] (No name found) -- C:\Users\marc\AppData\Roaming\mozilla\Extensions\{3550f703-e582-4d05-9a08-453d09bdfdc6}

[2012/07/25 19:04:21 | 000,000,000 | ---D | M] (No name found) -- C:\Users\marc\AppData\Roaming\mozilla\Firefox\Profiles\rxbtyxna.default\extensions

[2011/02/04 18:26:01 | 000,000,000 | ---D | M] (PDF Download) -- C:\Users\marc\AppData\Roaming\mozilla\Firefox\Profiles\rxbtyxna.default\extensions\{37E4D8EA-8BDA-4831-8EA1-89053939A250}

[2010/08/30 09:34:23 | 000,000,000 | ---D | M] (Password Exporter) -- C:\Users\marc\AppData\Roaming\mozilla\Firefox\Profiles\rxbtyxna.default\extensions\{B17C1C5A-04B1-11DB-9804-B622A1EF5492}

[2012/03/29 20:36:07 | 000,000,000 | ---D | M] (DownloadHelper) -- C:\Users\marc\AppData\Roaming\mozilla\Firefox\Profiles\rxbtyxna.default\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}

[2010/05/15 19:04:07 | 000,000,000 | ---D | M] (Adblock Plus) -- C:\Users\marc\AppData\Roaming\mozilla\Firefox\Profiles\rxbtyxna.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}(2)

[2011/03/11 20:29:50 | 000,000,000 | ---D | M] (Menu Editor) -- C:\Users\marc\AppData\Roaming\mozilla\Firefox\Profiles\rxbtyxna.default\extensions\{EDA7B1D7-F793-4e03-B074-E6F303317FB0}

[2012/06/16 07:56:02 | 000,000,000 | ---D | M] (DoNotTrackPlus) -- C:\Users\marc\AppData\Roaming\mozilla\Firefox\Profiles\rxbtyxna.default\extensions\donottrackplus@abine.com

[2012/05/20 08:22:18 | 000,000,000 | ---D | M] (United States English Spellchecker) -- C:\Users\marc\AppData\Roaming\mozilla\Firefox\Profiles\rxbtyxna.default\extensions\en-US@dictionaries.addons.mozilla.org

[2012/07/13 19:08:37 | 000,000,000 | ---D | M] (Diccionario de Español/España) -- C:\Users\marc\AppData\Roaming\mozilla\Firefox\Profiles\rxbtyxna.default\extensions\es-es@dictionaries.addons.mozilla.org

[2011/10/08 08:42:08 | 000,000,000 | ---D | M] (Dictionnaire français «Moderne») -- C:\Users\marc\AppData\Roaming\mozilla\Firefox\Profiles\rxbtyxna.default\extensions\fr-moderne@dictionaries.addons.mozilla.org

[2011/03/21 19:09:19 | 000,000,000 | ---D | M] (Personas) -- C:\Users\marc\AppData\Roaming\mozilla\Firefox\Profiles\rxbtyxna.default\extensions\personas@christopher.beard

[2010/01/16 15:57:04 | 000,002,172 | ---- | M] () -- C:\Users\marc\AppData\Roaming\Mozilla\Firefox\Profiles\rxbtyxna.default\searchplugins\bing.xml

[2012/08/02 18:48:39 | 000,001,613 | ---- | M] () -- C:\Users\marc\AppData\Roaming\Mozilla\Firefox\Profiles\rxbtyxna.default\searchplugins\ixquick---francais.xml

[2012/01/11 19:49:40 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions

[2012/05/03 19:37:28 | 000,709,293 | ---- | M] () (No name found) -- C:\USERS\MARC\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\RXBTYXNA.DEFAULT\EXTENSIONS\{DDC359D1-844A-42A7-9AA1-88A850A938A8}.XPI

[2011/11/19 21:44:09 | 000,018,894 | ---- | M] () (No name found) -- C:\USERS\MARC\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\RXBTYXNA.DEFAULT\EXTENSIONS\HISTORYBLOCK@KAIN.XPI

[2012/07/28 19:11:27 | 000,136,672 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll

[2010/07/17 05:00:04 | 000,423,656 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\mozilla firefox\plugins\npdeployJava1.dll

[2011/04/15 20:40:49 | 000,075,208 | ---- | M] (Foxit Software Company) -- C:\Program Files\mozilla firefox\plugins\npFoxitReaderPlugin.dll

[2012/03/14 19:16:48 | 000,001,516 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazon-france.xml

[2012/03/14 19:16:48 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml

[2012/03/14 19:16:48 | 000,001,822 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\cnrtl-tlfi-fr.xml

[2012/03/14 19:16:48 | 000,001,154 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay-france.xml

[2012/03/14 19:16:48 | 000,001,426 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia-fr.xml

[2012/03/14 19:16:48 | 000,000,956 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo-france.xml

O1 HOSTS File: ([2012/07/30 20:36:34 | 000,000,027 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts

O1 - Hosts: 127.0.0.1 localhost

O4 - HKLM..\Run: [NVRaidService] C:\Windows\System32\nvraidservice.exe (NVIDIA Corporation)

O4 - Startup: C:\Users\marc\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ERUNT AutoBackup.lnk = C:\Program Files\ERUNT\AUTOBACK.EXE ()

O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 255

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0

O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present

O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0

O9 - Extra Button: @C:\Windows\WindowsMobile\INetRepl.dll,-222 - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll (Microsoft Corporation)

O9 - Extra 'Tools' menuitem : @C:\Windows\WindowsMobile\INetRepl.dll,-223 - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll (Microsoft Corporation)

O10 - Protocol_Catalog9\Catalog_Entries\000000000011 - C:\Windows\System32\vsocklib.dll (VMware, Inc.)

O10 - Protocol_Catalog9\Catalog_Entries\000000000012 - C:\Windows\System32\vsocklib.dll (VMware, Inc.)

O15 - HKCU\..Trusted Ranges: Range1 ([http] in Sites de confiance)

O16 - DPF: {369383F8-C8B7-42E1-819E-D47E3ABAD4BC} http://192.168.0.200...in/QNAPG726.cab (Reg Error: Key error.)

O16 - DPF: {4DA8C6E4-312A-4A8F-B02B-491B2BF09CF2} http://192.168.0.200...in/QNAPQ264.cab (Reg Error: Key error.)

O16 - DPF: {603E0052-7B06-496B-A04B-192419174876} http://192.168.0.200...in/QNAPQIVG.cab (Reg Error: Key error.)

O16 - DPF: {707ABFC2-1D27-4A10-A6E4-6BE6BDF9FB11} http://192.168.0.110/UltraMJCamX.cab (Reg Error: Key error.)

O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_21)

O16 - DPF: {937FE81C-FECF-4A55-9754-49D6D6550EDC} http://192.168.0.200...in/NNVRVMon.cab (NAS NVR(V) Monitor)

O16 - DPF: {A4150320-98EC-4DB6-9BFB-EBF4B6FBEB16} http://192.168.0.111.../DVM_IPCam2.ocx (Reg Error: Key error.)

O16 - DPF: {B824D61F-DAF3-40BF-BA5E-430D250FF51C} http://192.168.0.200...in/QNAPQMP4.cab (Reg Error: Key error.)

O16 - DPF: {CAFEEFAC-0016-0000-0018-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_18)

O16 - DPF: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_21)

O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_21)

O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.m...ent/swflash.cab (Shockwave Flash Object)

O16 - DPF: {F5F2CE2F-C516-4428-8758-7178B1E1ABAB} http://192.168.0.200...NAPQVivoTek.cab (VivoTek AVDecoder)

O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{AB26030B-D226-4422-934A-A1A7A6260A9E}: NameServer = 212.27.40.240,212.27.40.241

O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{D6E22CFB-0BD4-408E-9A60-7B0072403E7C}: DhcpNameServer = 212.27.40.240 212.27.40.241

O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)

O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)

O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation)

O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found

O32 - HKLM CDRom: AutoRun - 1

O32 - AutoRun File - [2009/06/10 23:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]

O34 - HKLM BootExecute: (autocheck autochk *)

O35 - HKLM\..comfile [open] -- "%1" %*

O35 - HKLM\..exefile [open] -- "%1" %*

O37 - HKLM\...com [@ = ComFile] -- "%1" %*

O37 - HKLM\...exe [@ = exefile] -- "%1" %*

O37 - HKCU\...com [@ = comfile] -- Reg Error: Key error. File not found

O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)

O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)

O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)

========== Files/Folders - Created Within 30 Days ==========

[2012/08/05 16:35:20 | 000,596,480 | ---- | C] (OldTimer Tools) -- C:\Users\marc\Desktop\OTL.exe

[2012/08/05 16:32:51 | 002,136,664 | ---- | C] (Kaspersky Lab ZAO) -- C:\Users\marc\Desktop\tdsskiller.exe

[2012/08/05 16:23:23 | 004,731,392 | ---- | C] (AVAST Software) -- C:\Users\marc\Desktop\aswMBR.exe

[2012/08/05 16:21:48 | 000,000,000 | ---D | C] -- C:\Program Files\ERUNT

[2012/08/05 10:05:18 | 000,000,000 | ---D | C] -- C:\Program Files\HD Tune

[2012/08/04 13:46:18 | 000,000,000 | ---D | C] -- C:\Users\marc\AppData\Local\SKIDROW

[2012/08/04 13:46:18 | 000,000,000 | ---D | C] -- C:\Users\marc\Documents\Duke Nukem Forever

[2012/08/04 13:45:02 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\2K Games

[2012/08/04 12:12:03 | 000,000,000 | ---D | C] -- C:\Users\marc\Desktop\malware

[2012/08/02 21:04:57 | 000,000,000 | ---D | C] -- C:\ProgramData\Kaspersky Lab

[2012/08/02 21:04:57 | 000,000,000 | ---D | C] -- C:\Program Files\Kaspersky Lab

[2012/08/02 20:41:13 | 000,000,000 | ---D | C] -- C:\Qoobox

[2012/07/30 21:33:30 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner

[2012/07/30 21:33:29 | 000,000,000 | ---D | C] -- C:\Program Files\CCleaner

[2012/07/30 20:36:36 | 000,000,000 | ---D | C] -- C:\$RECYCLE.BIN

[2012/07/30 20:31:50 | 000,000,000 | ---D | C] -- C:\Users\marc\AppData\Local\temp

[2012/07/30 19:43:55 | 000,000,000 | ---D | C] -- C:\Program Files\Unlocker

[2012/07/30 19:18:18 | 000,518,144 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe

[2012/07/30 19:18:18 | 000,406,528 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe

[2012/07/30 19:18:18 | 000,060,416 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe

[2012/07/30 19:16:37 | 000,000,000 | ---D | C] -- C:\Windows\erdnt

[2012/07/13 10:18:36 | 002,382,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mshtml.tlb

[2012/07/13 10:18:35 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieui.dll

[2012/07/13 10:18:35 | 000,142,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieUnatt.exe

[2012/07/13 10:18:35 | 000,065,024 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jsproxy.dll

[2012/07/13 10:18:34 | 001,800,192 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jscript9.dll

[2012/07/13 10:18:34 | 000,231,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\url.dll

[2012/07/13 10:18:33 | 001,427,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\inetcpl.cpl

[2012/07/13 10:16:58 | 002,345,984 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\win32k.sys

[2012/07/13 10:16:16 | 000,219,136 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ncrypt.dll

[2012/07/13 10:16:14 | 000,805,376 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\cdosys.dll

[2012/07/13 10:16:10 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msxml3r.dll

========== Files - Modified Within 30 Days ==========

[2012/08/05 16:35:21 | 000,596,480 | ---- | M] (OldTimer Tools) -- C:\Users\marc\Desktop\OTL.exe

[2012/08/05 16:32:57 | 002,136,664 | ---- | M] (Kaspersky Lab ZAO) -- C:\Users\marc\Desktop\tdsskiller.exe

[2012/08/05 16:32:16 | 000,000,512 | ---- | M] () -- C:\Users\marc\Desktop\MBR.dat

[2012/08/05 16:23:50 | 004,731,392 | ---- | M] (AVAST Software) -- C:\Users\marc\Desktop\aswMBR.exe

[2012/08/05 16:21:52 | 000,001,034 | ---- | M] () -- C:\Users\marc\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ERUNT AutoBackup.lnk

[2012/08/05 16:21:48 | 000,000,854 | ---- | M] () -- C:\Users\marc\Desktop\NTREGOPT.lnk

[2012/08/05 16:21:48 | 000,000,835 | ---- | M] () -- C:\Users\marc\Desktop\ERUNT.lnk

[2012/08/05 16:14:00 | 000,001,052 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job

[2012/08/05 15:49:00 | 000,001,002 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job

[2012/08/05 15:37:20 | 000,030,784 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0

[2012/08/05 15:37:20 | 000,030,784 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0

[2012/08/05 15:30:06 | 000,001,048 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job

[2012/08/05 15:29:56 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat

[2012/08/05 15:29:55 | 2414,772,224 | -HS- | M] () -- C:\hiberfil.sys

[2012/08/05 10:05:18 | 000,000,856 | ---- | M] () -- C:\Users\marc\Desktop\HD Tune.lnk

[2012/08/04 17:10:22 | 000,706,960 | ---- | M] () -- C:\Windows\System32\perfh00C.dat

[2012/08/04 17:10:22 | 000,618,528 | ---- | M] () -- C:\Windows\System32\perfh009.dat

[2012/08/04 17:10:22 | 000,131,792 | ---- | M] () -- C:\Windows\System32\perfc00C.dat

[2012/08/04 17:10:22 | 000,107,434 | ---- | M] () -- C:\Windows\System32\perfc009.dat

[2012/08/04 13:45:02 | 000,001,793 | ---- | M] () -- C:\Users\Public\Desktop\Duke Nukem Forever.lnk

[2012/08/04 12:19:42 | 000,017,488 | ---- | M] (Windows ® 2000 DDK provider) -- C:\Windows\gdrv.sys

[2012/08/04 11:49:32 | 000,426,184 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerApp.exe

[2012/08/04 11:49:32 | 000,070,344 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerCPLApp.cpl

[2012/08/04 08:31:02 | 000,000,600 | ---- | M] () -- C:\Users\marc\AppData\Local\PUTTY.RND

[2012/07/31 21:08:01 | 000,002,054 | -H-- | M] () -- C:\Users\marc\Documents\Default.rdp

[2012/07/30 21:37:54 | 000,206,376 | RHS- | M] () -- C:\grldr

[2012/07/30 21:35:16 | 000,202,356 | ---- | M] () -- C:\Users\marc\Documents\cc_20120730_213508.reg

[2012/07/30 20:36:34 | 000,000,027 | ---- | M] () -- C:\Windows\System32\drivers\etc\hosts

[2012/07/28 19:11:28 | 000,001,990 | ---- | M] () -- C:\Users\marc\Application Data\Microsoft\Internet Explorer\Quick Launch\Mozilla Firefox.lnk

[2012/07/13 18:33:24 | 000,313,992 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT

========== Files Created - No Company Name ==========

[2012/08/05 16:32:16 | 000,000,512 | ---- | C] () -- C:\Users\marc\Desktop\MBR.dat

[2012/08/05 16:21:52 | 000,001,034 | ---- | C] () -- C:\Users\marc\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ERUNT AutoBackup.lnk

[2012/08/05 16:21:48 | 000,000,854 | ---- | C] () -- C:\Users\marc\Desktop\NTREGOPT.lnk

[2012/08/05 16:21:48 | 000,000,835 | ---- | C] () -- C:\Users\marc\Desktop\ERUNT.lnk

[2012/08/05 10:05:18 | 000,000,856 | ---- | C] () -- C:\Users\marc\Desktop\HD Tune.lnk

[2012/08/04 13:45:02 | 000,001,793 | ---- | C] () -- C:\Users\Public\Desktop\Duke Nukem Forever.lnk

[2012/07/30 21:37:54 | 000,206,376 | RHS- | C] () -- C:\grldr

[2012/07/30 21:35:11 | 000,202,356 | ---- | C] () -- C:\Users\marc\Documents\cc_20120730_213508.reg

[2012/07/30 19:36:02 | 000,001,002 | ---- | C] () -- C:\Windows\tasks\Adobe Flash Player Updater.job

[2012/07/30 19:18:18 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe

[2012/07/30 19:18:18 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe

[2012/07/30 19:18:18 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe

[2012/07/30 19:18:18 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe

[2012/07/30 19:18:18 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe

[2012/06/07 18:33:40 | 000,798,720 | ---- | C] () -- C:\Windows\System32\FCPlayer.dll

[2012/06/07 18:33:40 | 000,147,456 | ---- | C] () -- C:\Windows\System32\FCNetLib.dll

[2012/06/07 18:33:40 | 000,053,248 | ---- | C] () -- C:\Windows\System32\FCSDK.dll

[2012/06/04 18:47:32 | 000,303,104 | ---- | C] () -- C:\Windows\System32\FCPlayer.exe

[2012/04/09 10:19:46 | 000,003,950 | ---- | C] () -- C:\Users\marc\.recently-used.xbel

[2011/12/23 19:32:58 | 000,107,520 | RHS- | C] () -- C:\Windows\System32\TAKDSDecoder.dll

[2011/09/28 18:44:14 | 000,179,271 | ---- | C] () -- C:\Windows\System32\xlive.dll.cat

[2011/05/17 19:56:45 | 000,008,192 | ---- | C] () -- C:\Windows\System32\srvany.exe

[2011/04/04 18:53:05 | 000,066,048 | ---- | C] () -- C:\Windows\System32\PrintBrmUi.exe

[2011/03/31 19:50:05 | 000,040,480 | ---- | C] () -- C:\Windows\System32\drivers\mgnt.sys

[2011/03/31 19:41:02 | 000,009,136 | ---- | C] () -- C:\Windows\System32\INETWH16.DLL

[2010/09/19 17:39:59 | 000,032,256 | ---- | C] () -- C:\Windows\System32\AVSredirect.dll

[2010/08/16 21:31:16 | 000,000,209 | ---- | C] () -- C:\Windows\ODBCINST.INI

[2010/08/16 21:31:16 | 000,000,135 | ---- | C] () -- C:\Windows\ODBC.INI

[2010/08/16 21:31:09 | 000,142,337 | ---- | C] () -- C:\Windows\System32\Wait.exe

[2010/08/16 21:26:02 | 000,008,236 | ---- | C] () -- C:\Windows\HCWPNP.INI

[2010/07/23 11:31:34 | 000,000,600 | ---- | C] () -- C:\Users\marc\AppData\Local\PUTTY.RND

[2010/07/19 20:55:24 | 000,000,017 | ---- | C] () -- C:\Users\marc\AppData\Local\resmon.resmoncfg

[2010/06/12 09:53:03 | 000,001,521 | ---- | C] () -- C:\Users\marc\scanxlelm.cfg

[2010/06/12 09:45:58 | 000,001,345 | ---- | C] () -- C:\Users\marc\scanxlelmscan.cfg

[2010/06/12 09:43:47 | 000,003,072 | ---- | C] () -- C:\ProgramData\ppe_fleetdb.vdb

[2010/05/22 11:56:10 | 000,000,600 | ---- | C] () -- C:\Users\marc\PUTTY.RND

[2010/05/22 11:44:36 | 000,000,600 | ---- | C] () -- C:\Users\marc\AppData\Roaming\winscp.rnd

========== LOP Check ==========

[2012/06/26 20:59:38 | 000,000,000 | ---D | M] -- C:\Users\marc\AppData\Roaming\.purple

[2010/05/16 21:02:09 | 000,000,000 | ---D | M] -- C:\Users\marc\AppData\Roaming\ACD Systems

[2012/08/04 13:04:58 | 000,000,000 | ---D | M] -- C:\Users\marc\AppData\Roaming\DAEMON Tools Lite

[2012/05/13 09:49:36 | 000,000,000 | ---D | M] -- C:\Users\marc\AppData\Roaming\Dr.Mirows Gamma-Scout ToolBox

[2010/08/16 18:38:43 | 000,000,000 | ---D | M] -- C:\Users\marc\AppData\Roaming\DxO Labs

[2011/09/03 12:50:10 | 000,000,000 | ---D | M] -- C:\Users\marc\AppData\Roaming\ECSoftware

[2010/05/21 19:45:24 | 000,000,000 | ---D | M] -- C:\Users\marc\AppData\Roaming\EPSON

[2012/06/25 18:08:53 | 000,000,000 | ---D | M] -- C:\Users\marc\AppData\Roaming\FileZilla

[2011/12/29 20:07:56 | 000,000,000 | ---D | M] -- C:\Users\marc\AppData\Roaming\FLIR Systems

[2012/05/22 20:59:23 | 000,000,000 | ---D | M] -- C:\Users\marc\AppData\Roaming\Foxit Software

[2010/06/08 20:01:14 | 000,000,000 | ---D | M] -- C:\Users\marc\AppData\Roaming\GrabIt

[2012/04/09 10:19:46 | 000,000,000 | ---D | M] -- C:\Users\marc\AppData\Roaming\gtk-2.0

[2010/07/31 15:05:23 | 000,000,000 | ---D | M] -- C:\Users\marc\AppData\Roaming\HeidiSQL

[2010/12/25 21:01:05 | 000,000,000 | ---D | M] -- C:\Users\marc\AppData\Roaming\LibreOffice

[2012/03/11 12:22:26 | 000,000,000 | ---D | M] -- C:\Users\marc\AppData\Roaming\LockHunter

[2010/05/15 19:35:08 | 000,000,000 | ---D | M] -- C:\Users\marc\AppData\Roaming\Notepad++

[2011/11/26 12:35:54 | 000,000,000 | ---D | M] -- C:\Users\marc\AppData\Roaming\OpenArena

[2010/08/08 11:36:56 | 000,000,000 | ---D | M] -- C:\Users\marc\AppData\Roaming\OpenOffice.org

[2010/08/16 18:38:39 | 000,000,000 | ---D | M] -- C:\Users\marc\AppData\Roaming\PACE Anti-Piracy

[2010/08/02 20:58:46 | 000,000,000 | ---D | M] -- C:\Users\marc\AppData\Roaming\Subversion

[2011/12/29 20:03:06 | 000,000,000 | ---D | M] -- C:\Users\marc\AppData\Roaming\ThermaCAM Connect 3

[2010/05/15 19:04:28 | 000,000,000 | ---D | M] -- C:\Users\marc\AppData\Roaming\Thunderbird

[2010/05/16 15:20:58 | 000,000,000 | ---D | M] -- C:\Users\marc\AppData\Roaming\TrueCrypt

[2012/05/09 22:50:47 | 000,000,000 | ---D | M] -- C:\Users\marc\AppData\Roaming\uTorrent

[2012/05/04 18:45:25 | 000,000,000 | ---D | M] -- C:\Users\marc\AppData\Roaming\Wireshark

[2012/05/31 18:47:10 | 000,032,482 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT

========== Purity Check ==========

< End of report >

OTL Extras logfile created on: 05/08/2012 16:37:13 - Run 1

OTL by OldTimer - Version 3.2.56.0 Folder = C:\Users\marc\Desktop

Professional Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation

Internet Explorer (Version = 9.0.8112.16421)

Locale: 0000040c | Country: France | Language: FRA | Date Format: dd/MM/yyyy

3,00 Gb Total Physical Memory | 2,23 Gb Available Physical Memory | 74,51% Memory free

6,00 Gb Paging File | 5,03 Gb Available in Paging File | 83,86% Paging File free

Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files

Drive C: | 189,05 Gb Total Space | 123,90 Gb Free Space | 65,54% Space Free | Partition Type: NTFS

Drive D: | 232,88 Gb Total Space | 49,79 Gb Free Space | 21,38% Space Free | Partition Type: NTFS

Computer Name: PC-MARC | User Name: marc | Logged in as Administrator.

Boot Mode: Normal | Scan Mode: Current user

Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========

========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]

.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)

.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)

[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]

.bat [@ = batfile] -- Reg Error: Key error. File not found

.cmd [@ = cmdfile] -- Reg Error: Key error. File not found

.com [@ = comfile] -- Reg Error: Key error. File not found

.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)

.pif [@ = piffile] -- Reg Error: Key error. File not found

.vbs [@ = VBSFile] -- Reg Error: Key error. File not found

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]

batfile [open] -- "%1" %*

cmdfile [open] -- "%1" %*

comfile [open] -- "%1" %*

cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)

exefile [open] -- "%1" %*

helpfile [open] -- Reg Error: Key error.

hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)

htmlfile [edit] -- Reg Error: Key error.

piffile [open] -- "%1" %*

regfile [merge] -- Reg Error: Key error.

scrfile [config] -- "%1"

scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l

scrfile [open] -- "%1" /S

txtfile [edit] -- Reg Error: Key error.

Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1

Directory [ACDBrowse] -- "C:\PROGRA~1\ACDSYS~1\ACDSee\ACDSee.exe" "%1" (ACD Systems, Ltd.)

Directory [AddToPlaylistVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()

Directory [browse with FastStone] -- "C:\Program Files\FastStone Image Viewer\FSViewer.exe" "%1" ()

Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)

Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

Directory [PlayWithVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()

Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

Folder [explore] -- Reg Error: Value error.

Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]

"cval" = 1

"FirewallDisableNotify" = 0

"AntiVirusDisableNotify" = 0

"UpdatesDisableNotify" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]

"VistaSp1" = Reg Error: Unknown registry data type -- File not found

"AntiVirusOverride" = 0

"AntiSpywareOverride" = 0

"FirewallOverride" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

========== System Restore Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]

"DisableSR" = 0

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]

"DisableNotifications" = 0

"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]

"DisableNotifications" = 0

"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]

"DisableNotifications" = 0

"EnableFirewall" = 1

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]

========== Vista Active Open Ports Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]

"{0BD7B9C0-B8F7-4653-913F-88FD1D44F343}" = rport=139 | protocol=6 | dir=out | app=system |

"{12297211-0FCF-47DC-AD15-1332C486816E}" = rport=5679 | protocol=17 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe |

"{12E6DA0C-730D-409C-963B-4BC68D208AB2}" = rport=137 | protocol=17 | dir=out | app=system |

"{17A8256A-1F24-42FE-A218-594A87B91045}" = lport=137 | protocol=17 | dir=in | app=system |

"{18622CFA-FB64-4633-B4DD-D6F793A62E59}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |

"{1DA792D8-2655-46D1-ABE3-42A49A7670C7}" = lport=26675 | protocol=6 | dir=in | name=@%systemroot%\windowsmobile\wmdcbase.exe,-4006 |

"{1F15FE38-4973-4EA2-8998-83FCB2B26B78}" = lport=5678 | protocol=6 | dir=in | app=%systemroot%\windowsmobile\wmdhost.exe |

"{22646895-56FE-4258-9C17-36D92FEDD60E}" = lport=5721 | protocol=6 | dir=in | svc=rapimgr | app=%systemroot%\system32\svchost.exe |

"{277C3F3C-71C9-4227-8D40-72164DCE5B71}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |

"{30666798-7397-4725-8BB7-2DAB3BE8FC56}" = lport=5721 | protocol=6 | dir=in | svc=rapimgr | app=%systemroot%\system32\svchost.exe |

"{3278B010-962B-44D7-9266-4A2745C32863}" = lport=990 | protocol=6 | dir=in | svc=rapimgr | app=%systemroot%\system32\svchost.exe |

"{336745BB-E0D5-4E10-9A31-E54DC049E9FE}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |

"{3FBADDDF-0FE2-446C-857D-DA7737EF7AB4}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |

"{471270DD-DD69-4028-9361-AA8550AE6494}" = rport=5679 | protocol=17 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe |

"{4BE2CCF4-126A-49B8-A5B9-4E3F04B99AAE}" = rport=138 | protocol=17 | dir=out | app=system |

"{54567967-7075-4E7B-8C34-DA65CA598708}" = lport=10243 | protocol=6 | dir=in | app=system |

"{5664DE5C-6ADF-4DB6-A975-C8C5684D4623}" = lport=5721 | protocol=6 | dir=in | svc=rapimgr | app=%systemroot%\system32\svchost.exe |

"{5D65334C-ADF2-426C-9474-F177415F67C6}" = lport=990 | protocol=6 | dir=in | svc=rapimgr | app=%systemroot%\system32\svchost.exe |

"{6216EF75-1B72-4337-AE13-D3C716DCEF9C}" = lport=999 | protocol=6 | dir=in | app=%systemroot%\windowsmobile\wmdhost.exe |

"{65F5FC6C-5D15-44C4-93D9-CE34A4E562F3}" = lport=2869 | protocol=6 | dir=in | app=system |

"{6A328C2E-2E9E-45D3-A04C-A020C2158A1B}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |

"{6B5F49DE-56D7-450D-AA9A-DA2B4E6DE32A}" = lport=999 | protocol=6 | dir=in | app=%systemroot%\windowsmobile\wmdhost.exe |

"{79F9DE10-D8CE-4774-8AD9-D2A0D98FEBDE}" = lport=26675 | protocol=6 | dir=in | name=@%systemroot%\windowsmobile\wmdcbase.exe,-4006 |

"{7EEF7D7A-E2C2-418F-92FE-C043B786F565}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |

"{7F8AA9D5-43D2-4B60-BC29-56537CDBFF2A}" = lport=5678 | protocol=6 | dir=in | app=%systemroot%\windowsmobile\wmdhost.exe |

"{83F891A1-7740-4790-B963-9BA7DA33433D}" = lport=445 | protocol=6 | dir=in | app=system |

"{96F315F1-4380-48DB-B3E2-49FB4BCB60A1}" = rport=445 | protocol=6 | dir=out | app=system |

"{A37729A9-AF29-4C9E-A0E2-095020DCA08E}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |

"{AA22E970-6E5D-4B57-8555-1A55DCE513D9}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |

"{BCDCD003-D741-49BD-8E05-52B5B2D9C412}" = lport=5678 | protocol=6 | dir=in | app=%systemroot%\windowsmobile\wmdhost.exe |

"{C098F189-23A7-4C1A-83F6-C55D221549F2}" = rport=10243 | protocol=6 | dir=out | app=system |

"{C0F402D8-0D99-4EB9-BEEA-5EFE689D0794}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |

"{C1661B50-1A3F-4E43-AB43-6A3B27D722F4}" = lport=138 | protocol=17 | dir=in | app=system |

"{C63A82B8-964A-41F1-9CA2-565EA021CEFC}" = lport=999 | protocol=6 | dir=in | app=%systemroot%\windowsmobile\wmdhost.exe |

"{CBDAFBF0-7382-47C0-9EE9-26C4AB296979}" = lport=139 | protocol=6 | dir=in | app=system |

"{E335EB30-A196-4B19-A741-20147EAAC020}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |

"{E9B5057C-4738-4382-A293-A66F9422ED0B}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 |

"{F8F4A6D0-D85D-4E2A-B054-9D5CAA40A3C3}" = lport=990 | protocol=6 | dir=in | svc=rapimgr | app=%systemroot%\system32\svchost.exe |

"{FAEDACA3-5B46-42F6-B28F-70AE093FCA30}" = rport=5679 | protocol=17 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe |

"{FE71D613-C243-4300-A135-AAEA7B09C047}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |

"{FF233F56-1D32-4FC6-9383-CDC8155CAA6C}" = lport=26675 | protocol=6 | dir=in | name=@%systemroot%\windowsmobile\wmdcbase.exe,-4006 |

========== Vista Active Application Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]

"{01D5EC2C-7BC5-4859-AE85-20BA911046D5}" = dir=in | app=c:\program files\vmware\vmware player\vmware-authd.exe |

"{06DE6195-E04E-4B9F-BF18-32AE611199D5}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |

"{09C6D5C0-7A2A-4A12-A0E7-70A5C9CCB0ED}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |

"{0BDE9738-4B11-4A8F-BF91-8B13F033FF18}" = protocol=6 | dir=in | app=c:\windows\system32\ftp.exe |

"{13A049EB-024A-4623-9F5F-8A87D161F515}" = protocol=6 | dir=in | app=\\192.168.0.200\outils\utilitaires\p2p\utorrent.exe |

"{191B3B15-9E85-422A-BD64-FF9C6575DE40}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 |

"{1D95AB88-2313-4AC7-89D3-2F45B075C967}" = protocol=6 | dir=in | svc=wcescomm | app=%systemroot%\system32\svchost.exe |

"{1F52C883-4790-4AB8-8AD7-AA47B152E9FA}" = protocol=6 | dir=in | app=c:\program files\netgear\prosafe plus utility\prosafe plus utility.exe |

"{2C5AD097-E096-492D-A199-9B719F42FFAD}" = protocol=17 | dir=in | app=c:\program files\ipcamsetup\ipcamera.exe |

"{2DB638E7-7E89-4267-B9E8-378553F19462}" = protocol=6 | dir=in | app=c:\jeux\nexuiz\nexuiz.exe |

"{2EFBE256-EF8F-4B7D-B534-5EE4EBDB4A27}" = protocol=6 | dir=in | app=c:\program files\gigabyte\@bios\gwflash.exe |

"{325A55A2-9EA8-4D59-AEBD-57F0501C875B}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 |

"{330FFFA1-D13B-4391-B2AA-BC9AD75A61E1}" = protocol=6 | dir=in | app=c:\program files\gigabyte\@bios\updexe.exe |

"{3D6BF16D-E420-435B-8CCE-099673FA41E0}" = protocol=6 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe |

"{3E306DD0-E7C8-4234-8C70-EFEBFBA8D1B0}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |

"{42E9C2CF-85D8-46BB-BF5C-5CBAB78CFAEE}" = protocol=17 | dir=in | app=c:\program files\gigabyte\@bios\gbtupd.exe |

"{4C3EDD98-6FE5-448E-8FB8-A17F51C759FA}" = protocol=6 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe |

"{4CEE6F4C-C953-464D-9700-D801A2199DC7}" = protocol=17 | dir=out | svc=wcescomm | app=%systemroot%\system32\svchost.exe |

"{4D5D22C6-56D8-4C7D-8BEE-7C96D7FB47FB}" = protocol=17 | dir=in | app=c:\program files\netgear\prosafe plus utility\netgearserver.exe |

"{5325B211-B03B-471F-8E74-5167F571F9E7}" = protocol=6 | dir=out | app=system |

"{55D2DE32-F338-471A-BCE0-CD7E58127C95}" = protocol=17 | dir=in | app=c:\program files\gigabyte\@bios\gwflash.exe |

"{570C920B-E29D-4F51-97B6-0C74A0169081}" = protocol=6 | dir=in | app=c:\program files\xming\xming.exe |

"{58874870-F859-48F6-A2BC-5D1D644C8C49}" = protocol=17 | dir=in | app=c:\windows\system32\hasplms.exe |

"{597D4A5E-97A5-40C3-B418-883063CAA28A}" = protocol=17 | dir=in | app=c:\program files\netgear\prosafe plus utility\prosafe plus utility.exe |

"{621375BC-4BAE-46DB-BA71-6D800DC791D1}" = protocol=6 | dir=in | app=c:\program files\ipcamsetup\ipcamera.exe |

"{68B08599-2975-4D04-98FE-A1B03483D9E2}" = dir=in | app=c:\program files\vmware\vmware player\vmware-authd.exe |

"{6B53E4FE-44A0-4FDF-BCA9-CE7C68CA7E88}" = protocol=6 | dir=in | app=c:\program files\videolan\vlc\vlc.exe |

"{6C21B88B-FB75-482F-85E9-FBB08EBAED40}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |

"{6D291D96-6304-408D-8777-4B9A40A42799}" = protocol=6 | dir=out | svc=wcescomm | app=%systemroot%\system32\svchost.exe |

"{6D94D8A6-0DA8-469A-8981-1DD8875FFC55}" = protocol=17 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe |

"{6FFE34F2-B550-40C3-93A3-D0D391F413B7}" = protocol=6 | dir=out | svc=wcescomm | app=%systemroot%\system32\svchost.exe |

"{770868F9-79C9-4C06-8F05-037CF78FC89E}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |

"{77D79F6F-CA94-438F-89B2-8F9DC58BBFFB}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 |

"{7C25FA73-7D28-4089-B408-AC6EADFFF5D9}" = protocol=6 | dir=in | app=c:\program files\google\google earth\client\googleearth.exe |

"{7D381472-1FFF-47F3-8B41-5933D60FBBB7}" = protocol=17 | dir=in | app=c:\program files\gigabyte\@bios\updexe.exe |

"{85979336-D271-4631-930D-B899BD35F983}" = protocol=6 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe |

"{86328A3B-AE60-4378-939C-65C60F302671}" = protocol=6 | dir=in | app=c:\program files\internet explorer\iexplore.exe |

"{87AD44B8-9EA2-4EED-9A48-93BD0506A5B3}" = protocol=6 | dir=in | app=c:\program files\netgear\prosafe plus utility\nsdpmanager.exe |

"{88A1C0FB-0C3C-4D54-8DC8-4D5B8D2AB3ED}" = protocol=17 | dir=in | app=\\nas412\outils\utilitaires\drivers\foscam camera\fi8601w-v3.2.2.2.1-20120401\h.264 mac address modify tool\foscam_ftool.exe |

"{8FCC147C-0061-4449-AC93-7BEEDA37F4F7}" = protocol=6 | dir=in | app=c:\windows\system32\hasplms.exe |

"{90089205-D74D-400D-9538-1D18B98131CF}" = protocol=17 | dir=in | app=d:\databases\bin\mysqld.exe |

"{96E01B77-962F-4640-8EE4-254584B15024}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |

"{98C01558-D65A-474B-9593-34BF33E3F672}" = protocol=17 | dir=out | svc=wcescomm | app=%systemroot%\system32\svchost.exe |

"{9C8A9E6C-3098-45C7-B7B2-A2783026F642}" = protocol=17 | dir=in | app=c:\jeux\nexuiz\nexuiz.exe |

"{A269BAAE-9619-40A0-B2E9-53EC3B641465}" = protocol=6 | dir=in | app=d:\databases\bin\mysqld.exe |

"{A3B7798B-FD22-4CBC-8C26-452C07381849}" = protocol=17 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe |

"{B28DD84B-5DC0-4D41-B05E-C12E4A85AF00}" = protocol=17 | dir=in | app=c:\windows\system32\hasplms.exe |

"{B674025D-A1FE-4244-889F-037460FA244A}" = protocol=17 | dir=in | app=c:\program files\xming\xming.exe |

"{B6EF9920-3301-4EDB-8705-B2890B663235}" = protocol=6 | dir=out | svc=wcescomm | app=%systemroot%\system32\svchost.exe |

"{B8470FB6-16A5-4533-9240-F6C4BF5A6317}" = protocol=17 | dir=in | app=c:\program files\internet explorer\iexplore.exe |

"{BC4B843A-6A55-4446-A11D-D06D0104D9B8}" = protocol=17 | dir=in | app=\\192.168.0.200\outils\utilitaires\p2p\utorrent.exe |

"{C3857B0A-503D-488F-B58E-8E32A7E0793E}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |

"{C44A3A75-5D4A-4F88-B941-91FD63CF6CC1}" = protocol=6 | dir=in | svc=wcescomm | app=%systemroot%\system32\svchost.exe |

"{C46AFDF8-FF73-4187-B02D-8D3B74FA5BB0}" = protocol=17 | dir=in | app=c:\program files\videolan\vlc\vlc.exe |

"{C6CD7A25-45F9-4B55-8370-84843B7041C7}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |

"{CD9CE20F-0DA7-4F3A-A924-9C834CC4C1A8}" = protocol=6 | dir=in | app=c:\program files\gigabyte\@bios\gbtupd.exe |

"{D3EB22D5-3D58-4060-AFDF-D6D9C7596EC6}" = protocol=17 | dir=out | svc=wcescomm | app=%systemroot%\system32\svchost.exe |

"{D4D456AF-1A30-47EE-BB24-6414C6EC9A62}" = protocol=6 | dir=in | svc=wcescomm | app=%systemroot%\system32\svchost.exe |

"{DDE38668-708F-47E7-8154-5AD1F36CDE73}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |

"{DDF30A67-9D3D-4229-81C7-519B74FD64B1}" = protocol=17 | dir=in | app=c:\program files\google\google earth\client\googleearth.exe |

"{DE1D6DBC-4E8A-48EA-BBC1-9F8CC8D5762F}" = protocol=17 | dir=in | app=c:\program files\netgear\prosafe plus utility\nsdpmanager.exe |

"{E0C8DECB-96FF-4B22-A5DE-BCE84C32BD5F}" = protocol=17 | dir=in | app=c:\windows\system32\ftp.exe |

"{E26FE76E-4282-4165-A9A7-BA62FDB9984C}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |

"{E640485E-FD66-43DC-9D5C-F17A394FD751}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 |

"{E9A020C8-9CDE-4B83-BC6D-ADD545C55D1A}" = protocol=17 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe |

"{EFBC0A93-F20B-4CC3-A23E-AC08DB10A84F}" = protocol=6 | dir=in | app=c:\windows\system32\hasplms.exe |

"{F06F167B-2F77-400C-8C41-AEF8BFC88DE6}" = protocol=6 | dir=in | app=c:\program files\netgear\prosafe plus utility\netgearserver.exe |

"{F40B2283-6272-4A63-B4CE-3BB4CE4EBFBC}" = protocol=6 | dir=in | app=\\nas412\outils\utilitaires\drivers\foscam camera\fi8601w-v3.2.2.2.1-20120401\h.264 mac address modify tool\foscam_ftool.exe |

"{FBFBD05F-C766-45EA-8C4A-84F652800E97}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |

"TCP Query User{1004325B-7F57-4A0F-9F40-CF2C2E8DA059}C:\program files\netgear\prosafe plus utility\nsdpmanager.exe" = protocol=6 | dir=in | app=c:\program files\netgear\prosafe plus utility\nsdpmanager.exe |

"TCP Query User{1BE551AC-6348-47FB-B8EC-0544572F194F}C:\program files\ipcamsetup\ipcamera.exe" = protocol=6 | dir=in | app=c:\program files\ipcamsetup\ipcamera.exe |

"TCP Query User{3C4316F4-DD59-48AA-BCE8-BD8801C3A679}C:\windows\system32\ftp.exe" = protocol=6 | dir=in | app=c:\windows\system32\ftp.exe |

"TCP Query User{3C668387-0700-43AE-909D-E54DE854EDD6}C:\program files\videolan\vlc\vlc.exe" = protocol=6 | dir=in | app=c:\program files\videolan\vlc\vlc.exe |

"TCP Query User{3F74014A-632A-499A-B88F-099B095DC5A2}C:\program files\netgear\prosafe plus utility\netgearserver.exe" = protocol=6 | dir=in | app=c:\program files\netgear\prosafe plus utility\netgearserver.exe |

"TCP Query User{48D6DA3A-093E-4BC7-97BA-457ADBC551BA}C:\program files\gigabyte\@bios\gwflash.exe" = protocol=6 | dir=in | app=c:\program files\gigabyte\@bios\gwflash.exe |

"TCP Query User{53BAA5D4-CD90-4996-B8D9-FA8FBECD16D4}C:\program files\xming\xming.exe" = protocol=6 | dir=in | app=c:\program files\xming\xming.exe |

"TCP Query User{5E86AF93-B817-42DC-81FA-B014F9AFFA9C}C:\program files\netgear\prosafe plus utility\prosafe plus utility.exe" = protocol=6 | dir=in | app=c:\program files\netgear\prosafe plus utility\prosafe plus utility.exe |

"TCP Query User{77CA9679-8823-4CCD-9FD7-A42F9D87740E}\\nas412\outils\utilitaires\drivers\foscam camera\fi8601w-v3.2.2.2.1-20120401\h.264 mac address modify tool\foscam_ftool.exe" = protocol=6 | dir=in | app=\\nas412\outils\utilitaires\drivers\foscam camera\fi8601w-v3.2.2.2.1-20120401\h.264 mac address modify tool\foscam_ftool.exe |

"TCP Query User{87BD0351-CF8F-4317-B3A6-34001E826594}C:\jeux\nexuiz\nexuiz.exe" = protocol=6 | dir=in | app=c:\jeux\nexuiz\nexuiz.exe |

"TCP Query User{93CA479F-671D-4817-AD50-4F326DCA5F10}C:\program files\gigabyte\@bios\gbtupd.exe" = protocol=6 | dir=in | app=c:\program files\gigabyte\@bios\gbtupd.exe |

"TCP Query User{BF29D942-2466-4585-B822-A3A60C1F5CB1}C:\program files\gigabyte\@bios\updexe.exe" = protocol=6 | dir=in | app=c:\program files\gigabyte\@bios\updexe.exe |

"TCP Query User{C99AA55E-D929-42DE-B7F2-AFA4233060E6}C:\program files\internet explorer\iexplore.exe" = protocol=6 | dir=in | app=c:\program files\internet explorer\iexplore.exe |

"TCP Query User{D03CFAC2-D6DD-451C-B6F3-39FF341B6747}C:\program files\google\google earth\client\googleearth.exe" = protocol=6 | dir=in | app=c:\program files\google\google earth\client\googleearth.exe |

"UDP Query User{2F2293EC-16F4-4B45-AA9E-BA1C3C952663}C:\program files\xming\xming.exe" = protocol=17 | dir=in | app=c:\program files\xming\xming.exe |

"UDP Query User{394A0074-EAB7-470C-AEAA-B5872032744D}\\nas412\outils\utilitaires\drivers\foscam camera\fi8601w-v3.2.2.2.1-20120401\h.264 mac address modify tool\foscam_ftool.exe" = protocol=17 | dir=in | app=\\nas412\outils\utilitaires\drivers\foscam camera\fi8601w-v3.2.2.2.1-20120401\h.264 mac address modify tool\foscam_ftool.exe |

"UDP Query User{6FCFBAD1-12F4-4F1C-9E95-079DF53352A1}C:\program files\google\google earth\client\googleearth.exe" = protocol=17 | dir=in | app=c:\program files\google\google earth\client\googleearth.exe |

"UDP Query User{7629E970-4899-403F-AACC-A4BB84C6904F}C:\program files\internet explorer\iexplore.exe" = protocol=17 | dir=in | app=c:\program files\internet explorer\iexplore.exe |

"UDP Query User{7F95D1AE-10B4-41A4-B51B-75AAB9957BE7}C:\program files\netgear\prosafe plus utility\nsdpmanager.exe" = protocol=17 | dir=in | app=c:\program files\netgear\prosafe plus utility\nsdpmanager.exe |

"UDP Query User{81D1656A-DD46-4022-9535-81ED2A3E1322}C:\program files\gigabyte\@bios\updexe.exe" = protocol=17 | dir=in | app=c:\program files\gigabyte\@bios\updexe.exe |

"UDP Query User{84396AEA-1F46-4B4E-B207-E48590AD26DE}C:\program files\netgear\prosafe plus utility\netgearserver.exe" = protocol=17 | dir=in | app=c:\program files\netgear\prosafe plus utility\netgearserver.exe |

"UDP Query User{89A72437-7C16-45D6-BE23-C2EF46026281}C:\program files\ipcamsetup\ipcamera.exe" = protocol=17 | dir=in | app=c:\program files\ipcamsetup\ipcamera.exe |

"UDP Query User{8DC72592-84E7-40AD-98C4-D2ABE08C4097}C:\program files\gigabyte\@bios\gbtupd.exe" = protocol=17 | dir=in | app=c:\program files\gigabyte\@bios\gbtupd.exe |

"UDP Query User{95A98E08-F087-4F11-B509-E9398655B194}C:\windows\system32\ftp.exe" = protocol=17 | dir=in | app=c:\windows\system32\ftp.exe |

"UDP Query User{CFA5C5CE-1773-4A2F-894F-D03B9A2E1F24}C:\program files\videolan\vlc\vlc.exe" = protocol=17 | dir=in | app=c:\program files\videolan\vlc\vlc.exe |

"UDP Query User{E5473A7C-6DB0-4215-9B14-2724C4EBF484}C:\program files\gigabyte\@bios\gwflash.exe" = protocol=17 | dir=in | app=c:\program files\gigabyte\@bios\gwflash.exe |

"UDP Query User{EC431401-6C36-4310-8838-E3724F2C5940}C:\program files\netgear\prosafe plus utility\prosafe plus utility.exe" = protocol=17 | dir=in | app=c:\program files\netgear\prosafe plus utility\prosafe plus utility.exe |

"UDP Query User{F83FA5C8-C39B-4BC0-8322-B8B3F1C47568}C:\jeux\nexuiz\nexuiz.exe" = protocol=17 | dir=in | app=c:\jeux\nexuiz\nexuiz.exe |

========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]

"{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148

"{015C5B35-B678-451C-9AEE-821E8D69621C}_is1" = PeerBlock 1.1 (r518)

"{02C39DE9-B03A-4FE7-89F9-61E224FE65CC}" = IPCamSetup

"{0840B4D6-7DD1-4187-8523-E6FC0007EFB7}" = Windows Live ID Sign-in Assistant

"{09D72100-CAC9-42BF-AD52-47F784C92DB6}" = LibreOffice 3.5

"{0F5B4A82-9DAF-3D13-8CB8-AEB25E4A614E}" = Microsoft .NET Framework 4 Client Profile FRA Language Pack

"{136E7A33-97D9-435C-BFDE-6A1327F2C235}" = MySQL Server 5.1

"{1D5754D6-5D39-445D-8D7A-8CAC96E1E788}" = FLIR Device Drivers

"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148

"{21F342AD-E827-48AD-9D67-8D5183A5E639}" = FCClientPlus_Setup

"{25613C10-27D2-410B-942B-D922D5C3A7BE}" = Interlok driver setup x32

"{26A24AE4-039D-4CA4-87B4-2F83216018F0}" = Java™ 6 Update 18

"{26A24AE4-039D-4CA4-87B4-2F83216020FF}" = Java™ 6 Update 21

"{38BA2875-D7AD-4611-ABA3-C385051ADF42}" = Eraser 6.0.7.1893

"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile

"{3D3E663D-4E7E-4577-A560-7ECDDD45548A}" = PVSonyDll

"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater

"{4B26E060-5BC9-4B45-BD20-882E94CADFCF}" = VmciSockets

"{4CB0307C-565E-4441-86BE-0DF2E4FB828C}" = Microsoft Games for Windows Marketplace

"{4F48CD95-B2B4-4532-B6E9-5055277B95BA}" = Gamma Scout Toolbox

"{5454085C-840F-4070-8FAA-441000018301}" = BioShock 2

"{5A3C1721-F8ED-11E0-8AFB-B8AC6F97B88E}" = Google Earth

"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable

"{72FC9DEA-4803-4D67-9989-3B5C5BDB0A66}" = HexEdit

"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053

"{7729C083-48C3-4A0F-9692-30673AC856DB}" = ProSafe Plus Utility

"{820B6609-4C97-3A2B-B644-573B06A0F0CC}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729

"{832D9DE0-8AFC-4689-9819-4DBBDEBD3E4F}" = Microsoft Games for Windows - LIVE Redistributable

"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable

"{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570

"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight

"{8A809006-C25A-4A3A-9DAB-94659BCDB107}" = NVIDIA PhysX

"{904CCF62-818D-4675-BC76-D37EB399F917}" = Gestionnaire pour appareils Windows Mobile

"{933B4015-4618-4716-A828-5289FC03165F}" = VC80CRTRedist - 8.0.50727.6195

"{995414B4-F332-469F-BD9F-011DDB0003BD}" = ScanXL-ELM

"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17

"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161

"{A8AD990E-355A-4413-8647-A9B168978423}_is1" = UltraVNC v1.0.2 Fr

"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper

"{AC76BA86-7AD7-1036-7B44-AA1000000001}" = Adobe Reader X (10.1.1) - Français

"{B2DC3F08-2EB2-49A5-AA24-15DFC8B1CB83}" = @BIOS

"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.ControlPanel" = Panneau de configuration NVIDIA 275.33

"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver" = NVIDIA Pilote graphique 275.33

"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Update" = Mises à jour NVIDIA 1.3.5

"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_installer" = NVIDIA Install Application

"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_NVIDIA.Update" = NVIDIA Update Components

"{B93DCF58-AA57-41EC-8D69-B05C66C6312D}_is1" = SUPER © v2011.build.49 (July 1st, 2011) version v2011.build.49

"{BAE06076-DB3F-4936-8864-249A7B2AA662}" = Intel® Integrated Performance Primitives Run-Time Installer 5.1 for Windows* on IA-32 Intel® Architecture

"{C0EAC838-4ABD-4C89-BF07-D2292A83929C}" = FLIR QuickReport 1.2 SP2

"{DEC2C123-3CE0-4669-B119-61519130CACD}" = TortoiseSVN 1.6.10.19898 (32 bit)

"{E452E727-86B8-4233-8CC3-41FD817AFAFF}" = VMware Player

"{FDB3B167-F4FA-461D-976F-286304A57B2A}" = Adobe AIR

"{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022

"{FFD9383C-01D5-4897-A954-43AF599AED30}" = tools-windows

"7-Zip" = 7-Zip 4.57

"ACDSee" = ACDSee

"Adobe AIR" = Adobe AIR

"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX

"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin

"Applian FLV Player2.0.25" = Applian FLV Player

"Avira AntiVir Desktop" = Avira AntiVir Personal - Free Antivirus

"CCleaner" = CCleaner

"CutePDF Writer Installation" = CutePDF Writer 2.8

"DivX Setup" = Configuration DivX

"Duke Nukem Forever_is1" = Duke Nukem Forever

"EASEUS Partition Master Professional Edition_is1" = EASEUS Partition Master 5.0.1 Professional

"EPSON Scanner" = EPSON Scan

"ERUNT_is1" = ERUNT 1.1j

"FastStone Image Viewer" = FastStone Image Viewer 4.6

"Foxit Reader_is1" = Foxit Reader 5.1

"HD Tune_is1" = HD Tune 2.55

"HeidiSQL_is1" = HeidiSQL 5.1

"HexEdit" = HexEdit

"InstallShield_{7729C083-48C3-4A0F-9692-30673AC856DB}" = ProSafe Plus Utility

"LockHunter_is1" = LockHunter 2.0 beta 2, 32 bit

"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware version 1.62.0.1300

"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile

"Microsoft .NET Framework 4 Client Profile FRA Language Pack" = Module linguistique Microsoft .NET Framework 4 Client Profile FRA

"Mozilla Firefox 14.0.1 (x86 fr)" = Mozilla Firefox 14.0.1 (x86 fr)

"Mozilla Thunderbird 14.0 (x86 fr)" = Mozilla Thunderbird 14.0 (x86 fr)

"MozillaMaintenanceService" = Mozilla Maintenance Service

"Notepad++" = Notepad++

"NTFS Undelete_is1" = NTFS Undelete v0.94

"NVIDIA Display Control Panel" = NVIDIA Display Control Panel

"NVIDIA Drivers" = NVIDIA Drivers

"Pidgin" = Pidgin

"PuTTY_is1" = PuTTY version 0.60

"QNAPSurveillanceStation" = QNAP Surveillance Station

"QuicktimeAlt_is1" = QuickTime Alternative 3.2.2

"RDPSoftware Core Components" = RDPSoftware Core Components 1.0

"ST6UNST #1" = Stamp 2.8

"TrueCrypt" = TrueCrypt

"Unlocker" = Unlocker 1.9.1

"VLC media player" = VLC media player 2.0.1

"VMware_Player" = VMware Player

"Winamp" = Winamp

"WinGimp-2.0_is1" = GIMP 2.6.8

"WinHTTrack Website Copier_is1" = WinHTTrack Website Copier 3.43-9D

"WinPcapInst" = WinPcap 4.1.2

"WinRAR archiver" = Archiveur WinRAR

"Wireshark" = Wireshark 1.6.7 (32-bit)

"Xming_is1" = Xming 6.9.0.31

========== Last 20 Event Log Errors ==========

[ Application Events ]

Error - 13/06/2012 15:02:56 | Computer Name = PC-marc | Source = Microsoft-Windows-CAPI2 | ID = 4107

Description = Échec de l’extraction de la liste racine tierce depuis le fichier

CAB de mise à jour automatique à : <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>

avec l’erreur : Un certificat requis n’est pas dans sa pÉriode de validitÉ selon

la vÉrification par rapport à l’horloge système en cours ou le tampon datÉ dans

le fichier signÉ. .

Error - 13/06/2012 15:02:57 | Computer Name = PC-marc | Source = Microsoft-Windows-CAPI2 | ID = 4107

Description = Échec de l’extraction de la liste racine tierce depuis le fichier

CAB de mise à jour automatique à : <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>

avec l’erreur : Un certificat requis n’est pas dans sa pÉriode de validitÉ selon

la vÉrification par rapport à l’horloge système en cours ou le tampon datÉ dans

le fichier signÉ. .

Error - 13/06/2012 15:02:59 | Computer Name = PC-marc | Source = Microsoft-Windows-CAPI2 | ID = 4107

Description = Échec de l’extraction de la liste racine tierce depuis le fichier

CAB de mise à jour automatique à : <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>

avec l’erreur : Un certificat requis n’est pas dans sa pÉriode de validitÉ selon

la vÉrification par rapport à l’horloge système en cours ou le tampon datÉ dans

le fichier signÉ. .

Error - 13/06/2012 15:03:09 | Computer Name = PC-marc | Source = Microsoft-Windows-CAPI2 | ID = 4107

Description = Échec de l’extraction de la liste racine tierce depuis le fichier

CAB de mise à jour automatique à : <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>

avec l’erreur : Un certificat requis n’est pas dans sa pÉriode de validitÉ selon

la vÉrification par rapport à l’horloge système en cours ou le tampon datÉ dans

le fichier signÉ. .

Error - 18/06/2012 12:49:19 | Computer Name = PC-marc | Source = Application Hang | ID = 1002

Description = Le programme putty.exe version 0.60.0.0 a cessÉ d’interagir avec Windows

et a ÉtÉ fermÉ. Pour dÉterminer si des informations supplÉmentaires sont disponibles,

consultez l’historique du problème dans le Centre de maintenance. ID de processus :

b40 Heure de dÉbut : 01cd4d6f02876a30 Heure de fin : 0 Chemin d’accès de l’application

: C:\Program Files\PuTTY\putty.exe ID de rapport : 8a3ae301-b965-11e1-a0b0-005056c00008

Error - 30/07/2012 12:58:12 | Computer Name = PC-marc | Source = .NET Runtime | ID = 1023

Description =

Error - 30/07/2012 12:58:12 | Computer Name = PC-marc | Source = Application Error | ID = 1000

Error - 30/07/2012 14:52:03 | Computer Name = PC-marc | Source = Application Error

| ID = 1000

Description = Nom de l’application dÉfaillante swwhoami.exe, version : 1.0.0.1, horodatage : 0x2a425e19

Nom du module dÉfaillant : swwhoami.exe, version : 1.0.0.1, horodatage : 0x2a425e19

Code d’exception : 0xc0000005

DÉcalage d’erreur : 0x000069f8

ID du processus dÉfaillant : 0xcac

Heure de dÉbut de l’application dÉfaillante : 0x01cd6e846890a9f0

Chemin d’accès de l’application dÉfaillante : C:\MGTools\swwhoami.exe

Chemin d’accès du module dÉfaillant: C:\MGTools\swwhoami.exe

ID de rapport : a6930590-da77-11e1-ae7a-005056c00008

Error - 30/07/2012 15:30:18 | Computer Name = PC-marc | Source = .NET Runtime |

ID = 1023

Description =

Error - 30/07/2012 15:30:18 | Computer Name = PC-marc | Source = Application Error

| ID = 1000

Error - 30/07/2012 15:52:17 | Computer Name = PC-marc | Source = VSS | ID = 8194

Description =

[ System Events ]

Error - 05/08/2012 07:23:39 | Computer Name = PC-marc | Source = Service Control Manager | ID = 7001

Description = Le service Groupement de mise en rÉseau de pairs dÉpend du service

Protocole PNRP qui n’a pas pu dÉmarrer en raison de l’erreur : %%-2140993535

Error - 05/08/2012 09:30:18 | Computer Name = PC-marc | Source = PNRPSvc | ID = 102

Description =

Error - 05/08/2012 09:30:18 | Computer Name = PC-marc | Source = Service Control Manager | ID = 7023

Description = Le service Protocole PNRP s’est arrêtÉ avec l’erreur : %%-2140993535

Error - 05/08/2012 09:30:18 | Computer Name = PC-marc | Source = Service Control Manager | ID = 7001

Description = Le service Groupement de mise en rÉseau de pairs dÉpend du service

Protocole PNRP qui n’a pas pu dÉmarrer en raison de l’erreur : %%-2140993535

Error - 05/08/2012 09:30:29 | Computer Name = PC-marc | Source = PNRPSvc | ID = 102

Description =

Error - 05/08/2012 09:30:29 | Computer Name = PC-marc | Source = PNRPSvc | ID = 102

Description =

Error - 05/08/2012 09:30:29 | Computer Name = PC-marc | Source = Service Control Manager | ID = 7023

Description = Le service Protocole PNRP s’est arrêtÉ avec l’erreur : %%-2140993535

Error - 05/08/2012 09:30:29 | Computer Name = PC-marc | Source = Service Control Manager | ID = 7001

Description = Le service Groupement de mise en rÉseau de pairs dÉpend du service

Protocole PNRP qui n’a pas pu dÉmarrer en raison de l’erreur : %%-2140993535

Error - 05/08/2012 09:30:29 | Computer Name = PC-marc | Source = Service Control Manager | ID = 7023

Description = Le service Protocole PNRP s’est arrêtÉ avec l’erreur : %%-2140993535

Error - 05/08/2012 09:30:29 | Computer Name = PC-marc | Source = Service Control Manager | ID = 7001

Description = Le service Groupement de mise en rÉseau de pairs dÉpend du service

Protocole PNRP qui n’a pas pu dÉmarrer en raison de l’erreur : %%-2140993535

< End of report >

, a Results of screen317's Security Check version 0.99.43

Windows 7 Service Pack 1 x86 (UAC is disabled!)

Internet Explorer 9

``````````````Antivirus/Firewall Check:``````````````

AntiVir Desktop

Antivirus up to date!

`````````Anti-malware/Other Utilities Check:`````````

Malwarebytes Anti-Malware version 1.62.0.1300

CCleaner

Java™ 6 Update 18

Java™ 6 Update 21

Java version out of Date!

Adobe Flash Player 11.3.300.270

Adobe Reader X (10.1.1)

Mozilla Firefox (14.0.1)

Mozilla Thunderbird (14.0.)

````````Process Check: objlist.exe by Laurent````````

Avira Antivir avguard.exe

`````````````````System Health check`````````````````

Total Fragmentation on Drive C:

````````````````````End of Log``````````````````````

[tybreizh29]

I don't know if it's important but I never have set the proxy in firefox!!!

[Maurice Naggar]

If your system does not have a CD or DVD writer, let me know.

And let me know if you have the Windows 7 operating system DVD.

Create a Windows 7 System Repair Disc

Note: the below can only be done if your machine has a a type of CD/R or DVD/R optical drive installed. Also depending on the exact type of OEM your machine has you may be unable to actually create a SRD.

You need a new/unused CD-R or DVD-R of at least 175 MB capacity.

• Click on Start(Windows 7 Orb) >> Run...(or the Windows key and R together) to bring up the Run box, then copy/paste the following command into the box and click on OK:

  recdisc.exe

• Allow the UAC(User Account Control) prompt via selecting Yes.
  
• You should now see a menu like the below:-
  

• Put a blank rewritable CD/DVD in your optical(CD/DVD) drive and then click on Create disc.
  
• Note: If a AutoPlay window pops up, just close it.
  
• When the SRD has been created you will see the below:-
  

• Now click on Close >> OK.
  
• You now have a Windows 7 System Repair Disc. Remove the disc and mark a label on it with felt-tip marker.
  

Let me know when the CD is done.

• Please download CKScanner from >>Here<<
  
• Important: - Save it to your desktop.
  
• Right-click CKScanner.exe & select Run as administrator to start.
  
• then click Search For Files.
  
• After a very short time, when the cursor hourglass disappears, click Save List To File.
  
• A message box will verify the file saved. Please Run the program only once.
  
• Copy/paste the contents of CKFiles.txt in your next reply.

[tybreizh29]

the repair disk is burned.

CKScanner - Additional Security Risks - These are not necessarily bad

c:\program files\gimp-2.0\share\gimp\2.0\patterns\cracked.pat

scanner sequence 3.NA.11.LTAPDR

----- EOF -----

[tybreizh29]

I forgot to say, I also have the win7 dvd

[Maurice Naggar]

1. For x32 (x86) bit systems download Farbar Recovery Scan Tool and save it to a flash drive.
   For x64 bit systems download Farbar Recovery Scan Tool x64 and save it to a USB-flash drive.
   Plug the USB-flashdrive into the infected PC.
   If your computer is not configured to start from a CD or DVD, check your BIOS settings. You'll need to have it set to boot from CD-drive.
   Insert Windows 7 repair disc and restart the pc.
   To enter System Recovery Options by using Windows repair disc:
   • Insert the CD/DVD disc.
   • Restart your computer.
   • If prompted, press any key to start Windows from the installation disc. If your computer is not configured to start from a CD or DVD, check your BIOS settings.
   • Click Repair your computer.
   • Choose your language settings, and then click Next.
   • Select the operating system you want to repair, and then click Next.
   • Select your user account and click Next.

On the System Recovery Options menu you will get the following options:

• • Startup Repair
    
  • System Restore
    
  • Windows Complete PC Restore
    
  • Windows Memory Diagnostic Tool
    
  • Command Prompt

[*]Select Command Prompt [*]In the command window type in notepad and press Enter. [*]The notepad opens. Under File menu select Open. [*]Select "Computer" and find your flash drive letter and close the notepad.

[*]In the command window type e:\frst.exe (for x64 bit version type e:\frst64) and press Enter Note: Replace letter e with the drive letter of your flash drive. [*]The tool will start to run. [*]When the tool opens click Yes to disclaimer. [*]Press Scan button. [*]It will make a log (FRST.txt) on the flash drive. Please copy and paste it to your reply.

[tybreizh29]

here it is :

Scan result of Farbar Recovery Scan Tool (FRST written by Farbar) Version: 05-08-2012

Ran by Système at 05-08-2012 20:03:31

Running from G:\

Windows 7 Professional (X86) OS Language: French Standard

The current controlset is ControlSet002

========================== Registry (Whitelisted) =============

HKLM\...\Run: [NVRaidService] C:\Windows\system32\nvraidservice.exe [163872 2009-06-30] (NVIDIA Corporation)

Tcpip\..\Interfaces\{AB26030B-D226-4422-934A-A1A7A6260A9E}: [NameServer]212.27.40.240,212.27.40.241

================================ Services (Whitelisted) ==================

2 AntiVirSchedulerService; "C:\Program Files\Avira\AntiVir Desktop\sched.exe" [136360 2011-04-29] (Avira GmbH)

2 AntiVirService; "C:\Program Files\Avira\AntiVir Desktop\avguard.exe" [269480 2011-08-31] (Avira GmbH)

2 eventlog; C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted [20992 2009-07-14] (Microsoft Corporation)

3 hasplms; C:\Windows\system32\hasplms.exe -run [3750400 2009-12-16] (SafeNet Inc.)

2 KMService; C:\Windows\system32\srvany.exe [8192 2011-05-17] ()

3 nvUpdatusService; C:\Program Files\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe [2214504 2011-05-21] (NVIDIA Corporation)

2 simptcp; C:\Windows\System32\tcpsvcs.exe [9216 2009-07-14] (Microsoft Corporation)

3 T3Srv; "C:\Program Files\FLIR Systems\FLIR Device Drivers\FLIR T3Srv\sysx86\T3Srv.exe" [457312 2010-03-18] (FLIR)

2 VMAuthdService; "C:\Program Files\VMware\VMware Player\vmware-authd.exe" [79872 2011-11-13] (VMware, Inc.)

2 VMnetDHCP; C:\Windows\system32\vmnetdhcp.exe [354416 2011-11-13] (VMware, Inc.)

2 VMUSBArbService; "C:\Program Files\Common Files\VMware\USB\vmware-usbarbitrator.exe" [665200 2011-08-29] (VMware, Inc.)

2 VMware NAT Service; C:\Windows\system32\vmnat.exe [433264 2011-11-13] (VMware, Inc.)

3 rpcapd; "C:\Program Files\WinPcap\rpcapd.exe" -d -f "C:\Program Files\WinPcap\rpcapd.ini" [x]

========================== Drivers (Whitelisted) =============

2 aksfridge; \??\C:\Windows\system32\drivers\aksfridge.sys [356864 2009-08-20] (Aladdin Knowledge Systems Ltd.)

1 avgio; \??\C:\Program Files\Avira\AntiVir Desktop\avgio.sys [11608 2009-02-13] (Avira GmbH)

2 avgntflt; C:\Windows\System32\DRIVERS\avgntflt.sys [66616 2011-08-31] (Avira GmbH)

1 avipbb; C:\Windows\System32\DRIVERS\avipbb.sys [138192 2011-08-31] (Avira GmbH)

3 epmntdrv; \??\C:\Windows\system32\epmntdrv.sys [14216 2010-01-20] ()

3 EuGdiDrv; \??\C:\Windows\system32\EuGdiDrv.sys [8456 2010-01-20] ()

3 FTDIBUS; C:\Windows\System32\drivers\ftdibus.sys [57536 2008-03-20] (FTDI Ltd.)

3 FTSER2K; C:\Windows\System32\drivers\ftser2k.sys [72000 2008-03-20] (FTDI Ltd.)

3 gdrv; \??\C:\Windows\gdrv.sys [17488 2012-08-04] (Windows ® 2000 DDK provider)

2 hardlock; \??\C:\Windows\system32\drivers\hardlock.sys [588800 2009-12-09] (SafeNet Inc.)

2 hcmon; \??\C:\Windows\system32\drivers\hcmon.sys [32496 2011-08-29] (VMware, Inc.)

3 hcw95bda; C:\Windows\System32\Drivers\hcw95bda.sys [573440 2009-07-06] (Hauppauge Computer Works, Inc.)

3 hcw95rc; C:\Windows\System32\DRIVERS\hcw95rc.sys [15616 2009-07-06] (Hauppauge Computer Works, Inc.)

2 MicroGuard; \??\C:\Windows\system32\drivers\mgnt.sys [40480 1998-03-03] ()

3 MTsensor; C:\Windows\System32\DRIVERS\ASACPI.sys [5810 2004-08-13] ()

2 NPF; C:\Windows\System32\drivers\npf.sys [35088 2010-06-25] (CACE Technologies, Inc.)

3 pbfilter; \??\C:\Program Files\PeerBlock\pbfilter.sys [20080 2010-11-06] ()

0 sptd; C:\Windows\System32\Drivers\sptd.sys [691696 2010-06-13] (Duplex Secure Ltd.)

1 ssmdrv; C:\Windows\System32\DRIVERS\ssmdrv.sys [28520 2010-06-17] (Avira GmbH)

0 TPkd; C:\Windows\System32\Drivers\TPkd.sys [79408 2007-09-05] (PACE Anti-Piracy, Inc.)

3 usb_rndisx; C:\Windows\System32\DRIVERS\usb8023x.sys [15872 2009-07-14] (Microsoft Corporation)

3 vmkbd; \??\C:\Windows\system32\drivers\VMkbd.sys [25584 2011-11-13] (VMware, Inc.)

3 VMnetAdapter; C:\Windows\System32\DRIVERS\vmnetadapter.sys [16624 2011-11-13] (VMware, Inc.)

2 VMnetBridge; C:\Windows\System32\DRIVERS\vmnetbridge.sys [36464 2011-11-13] (VMware, Inc.)

2 VMnetuserif; \??\C:\Windows\system32\drivers\vmnetuserif.sys [25712 2011-11-13] (VMware, Inc.)

2 vmx86; \??\C:\Windows\system32\Drivers\vmx86.sys [55664 2011-11-13] (VMware, Inc.)

3 catchme; \??\C:\Users\marc\AppData\Local\Temp\catchme.sys [x]

3 MySQL; "D:\Databases\bin\mysqld" --defaults-file="D:\Databases\my.ini" MySQL [x]

========================== NetSvcs (Whitelisted) ===========

============ One Month Created Files and Folders ==============

2012-08-05 18:24 - 2012-08-05 18:24 - 00000186 ____A C:\Users\marc\Desktop\ckfiles.txt

2012-08-05 18:23 - 2012-08-05 18:23 - 00458240 ____A () C:\Users\marc\Desktop\CKScanner.exe

2012-08-05 15:21 - 2012-08-05 15:21 - 00000854 ____A C:\Users\UpdatusUser\Desktop\NTREGOPT.lnk

2012-08-05 15:21 - 2012-08-05 15:21 - 00000854 ____A C:\Users\isabelle.PC-marc\Desktop\NTREGOPT.lnk

2012-08-05 15:21 - 2012-08-05 15:21 - 00000835 ____A C:\Users\UpdatusUser\Desktop\ERUNT.lnk

2012-08-05 15:21 - 2012-08-05 15:21 - 00000835 ____A C:\Users\isabelle.PC-marc\Desktop\ERUNT.lnk

2012-08-05 15:21 - 2012-08-05 15:21 - 00000000 ____D C:\Program Files\ERUNT

2012-08-05 09:05 - 2012-08-05 09:05 - 00000000 ____D C:\Program Files\HD Tune

2012-08-04 12:46 - 2012-08-04 12:47 - 00000000 ____D C:\Users\marc\Documents\Duke Nukem Forever

2012-08-04 12:46 - 2012-08-04 12:46 - 00000000 ____D C:\Users\marc\AppData\Local\SKIDROW

2012-08-04 12:45 - 2012-08-04 12:45 - 00001793 ____A C:\Users\Public\Desktop\Duke Nukem Forever.lnk

2012-08-04 11:12 - 2012-08-05 16:03 - 00000000 ____D C:\Users\marc\Desktop\malware

2012-08-04 11:11 - 2012-08-04 11:11 - 00001216 ____A C:\AdwCleaner[R1].txt

2012-08-02 20:04 - 2012-08-02 20:04 - 00000000 ____D C:\Users\All Users\Kaspersky Lab

2012-08-02 20:04 - 2012-08-02 20:04 - 00000000 ____D C:\Program Files\Kaspersky Lab

2012-08-02 19:49 - 2012-08-02 19:49 - 00011707 ____A C:\ComboFix.txt

2012-08-02 19:41 - 2012-08-02 19:49 - 00000000 ____D C:\Qoobox

2012-07-31 19:27 - 2012-07-31 19:27 - 00000376 ____A C:\Windows\PFRO.log

2012-07-30 20:42 - 2012-08-05 14:29 - 00000762 ____A C:\Windows\setupact.log

2012-07-30 20:42 - 2012-07-30 20:42 - 00000000 ____A C:\Windows\setuperr.log

2012-07-30 20:37 - 2012-07-30 20:37 - 00206376 __RSH C:\grldr

2012-07-30 20:35 - 2012-07-30 20:35 - 00202356 ____A C:\Users\marc\Documents\cc_20120730_213508.reg

2012-07-30 20:33 - 2012-07-30 20:33 - 00000000 ____D C:\Program Files\CCleaner

2012-07-30 18:43 - 2012-07-30 18:43 - 01091128 ____A C:\Users\isabelle.PC-marc\Downloads\Unlocker1.9.1.exe

2012-07-30 18:43 - 2012-07-30 18:43 - 00000000 ____D C:\Program Files\Unlocker

2012-07-30 18:36 - 2012-08-05 18:49 - 00001002 ____A C:\Windows\Tasks\Adobe Flash Player Updater.job

2012-07-30 18:34 - 2012-07-30 18:34 - 00354184 ____A C:\Users\isabelle.PC-marc\Downloads\installer_flash_player_French.exe

2012-07-30 18:32 - 2012-07-30 18:32 - 00000000 ____D C:\Users\isabelle.PC-marc\AppData\Roaming\Notepad++

2012-07-30 18:18 - 2011-06-26 07:45 - 00256000 ____A C:\Windows\PEV.exe

2012-07-30 18:18 - 2010-11-07 18:20 - 00208896 ____A C:\Windows\MBR.exe

2012-07-30 18:18 - 2009-04-20 05:56 - 00060416 ____A (NirSoft) C:\Windows\NIRCMD.exe

2012-07-30 18:18 - 2000-08-31 01:00 - 00518144 ____A (SteelWerX) C:\Windows\SWREG.exe

2012-07-30 18:18 - 2000-08-31 01:00 - 00406528 ____A (SteelWerX) C:\Windows\SWSC.exe

2012-07-30 18:18 - 2000-08-31 01:00 - 00098816 ____A C:\Windows\sed.exe

2012-07-30 18:18 - 2000-08-31 01:00 - 00080412 ____A C:\Windows\grep.exe

2012-07-30 18:18 - 2000-08-31 01:00 - 00068096 ____A C:\Windows\zip.exe

2012-07-30 18:17 - 2012-07-30 18:17 - 00000000 ____D C:\Users\isabelle.PC-marc\AppData\Roaming\Avira

2012-07-30 18:16 - 2012-08-04 08:41 - 00000000 ____D C:\Windows\erdnt

2012-07-30 18:16 - 2012-07-30 18:16 - 04722436 ___RA (Swearware) C:\Users\isabelle.PC-marc\Downloads\ComboFix.exe

2012-07-30 18:00 - 2012-07-30 18:00 - 00000000 ____D C:\Users\isabelle.PC-marc\AppData\Local\Eraser 6

2012-07-30 17:58 - 2012-07-30 17:58 - 00068552 ____A C:\Users\isabelle.PC-marc\AppData\Local\GDIPFONTCACHEV1.DAT

2012-07-30 17:46 - 2012-07-30 17:46 - 00000000 ____D C:\Users\isabelle.PC-marc\AppData\Roaming\Adobe

2012-07-30 17:46 - 2012-07-30 17:46 - 00000000 ____D C:\Users\isabelle.PC-marc\AppData\Local\Macromedia

2012-07-30 17:45 - 2012-07-30 17:45 - 00000000 ____D C:\Users\isabelle.PC-marc\AppData\Roaming\Mozilla

2012-07-30 17:45 - 2012-07-30 17:45 - 00000000 ____D C:\Users\isabelle.PC-marc\AppData\Local\Mozilla

2012-07-30 17:41 - 2012-07-30 18:45 - 00000000 ____D C:\Users\isabelle.PC-marc\AppData\Local\TSVNCache

2012-07-30 17:41 - 2012-07-30 17:41 - 00000000 ____D C:\Users\isabelle.PC-marc\AppData\Roaming\Subversion

2012-07-30 17:41 - 2012-07-30 17:41 - 00000000 ____D C:\Users\isabelle.PC-marc\AppData\Roaming\Malwarebytes

2012-07-30 17:40 - 2012-08-04 08:41 - 00000000 ____D C:\users\isabelle.PC-marc

2012-07-30 17:40 - 2012-07-30 17:40 - 00000020 __ASH C:\Users\isabelle.PC-marc\ntuser.ini

2012-07-30 17:40 - 2012-07-30 17:40 - 00000000 __SHD C:\Users\isabelle.PC-marc\Voisinage réseau

2012-07-30 17:40 - 2012-07-30 17:40 - 00000000 __SHD C:\Users\isabelle.PC-marc\Voisinage d'impression

2012-07-30 17:40 - 2012-07-30 17:40 - 00000000 __SHD C:\Users\isabelle.PC-marc\Modèles

2012-07-30 17:40 - 2012-07-30 17:40 - 00000000 __SHD C:\Users\isabelle.PC-marc\Menu Démarrer

2012-07-30 17:40 - 2012-07-30 17:40 - 00000000 __SHD C:\Users\isabelle.PC-marc\Documents\Mes vidéos

2012-07-30 17:40 - 2012-07-30 17:40 - 00000000 __SHD C:\Users\isabelle.PC-marc\Documents\Mes images

2012-07-30 17:40 - 2012-07-30 17:40 - 00000000 __SHD C:\Users\isabelle.PC-marc\Documents\Ma musique

2012-07-30 17:40 - 2012-07-30 17:40 - 00000000 __SHD C:\Users\isabelle.PC-marc\AppData\Local\Historique

2012-07-30 17:40 - 2012-07-30 17:40 - 00000000 ____D C:\Users\isabelle.PC-marc\AppData\Local\VirtualStore

2012-07-30 17:40 - 2011-10-17 20:07 - 00000000 ____D C:\Users\isabelle.PC-marc\AppData\Roaming\Macromedia

2012-07-30 17:34 - 2012-07-30 17:34 - 00000000 ____D C:\Users\isabelle\AppData\Roaming\Subversion

2012-07-30 17:30 - 2012-07-30 17:36 - 00000000 ____D C:\users\isabelle

2012-07-30 17:30 - 2012-07-30 17:30 - 00000020 __ASH C:\Users\isabelle\ntuser.ini

2012-07-30 17:30 - 2012-07-30 17:30 - 00000000 __SHD C:\Users\isabelle\Voisinage réseau

2012-07-30 17:30 - 2012-07-30 17:30 - 00000000 __SHD C:\Users\isabelle\Voisinage d'impression

2012-07-30 17:30 - 2012-07-30 17:30 - 00000000 __SHD C:\Users\isabelle\Modèles

2012-07-30 17:30 - 2012-07-30 17:30 - 00000000 __SHD C:\Users\isabelle\Menu Démarrer

2012-07-30 17:30 - 2012-07-30 17:30 - 00000000 __SHD C:\Users\isabelle\Documents\Mes vidéos

2012-07-30 17:30 - 2012-07-30 17:30 - 00000000 __SHD C:\Users\isabelle\Documents\Mes images

2012-07-30 17:30 - 2012-07-30 17:30 - 00000000 __SHD C:\Users\isabelle\Documents\Ma musique

2012-07-30 17:30 - 2012-07-30 17:30 - 00000000 __SHD C:\Users\isabelle\AppData\Local\Historique

2012-07-30 17:30 - 2012-07-30 17:30 - 00000000 ____D C:\Users\isabelle\AppData\Local\TSVNCache

2012-07-30 17:30 - 2011-10-17 20:07 - 00000000 ____D C:\Users\isabelle\AppData\Roaming\Macromedia

2012-07-13 09:18 - 2012-06-02 10:07 - 12314624 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.dll

2012-07-13 09:18 - 2012-06-02 09:43 - 09737728 ____A (Microsoft Corporation) C:\Windows\System32\ieframe.dll

2012-07-13 09:18 - 2012-06-02 09:33 - 01800192 ____A (Microsoft Corporation) C:\Windows\System32\jscript9.dll

2012-07-13 09:18 - 2012-06-02 09:26 - 01103872 ____A (Microsoft Corporation) C:\Windows\System32\urlmon.dll

2012-07-13 09:18 - 2012-06-02 09:25 - 01427968 ____A (Microsoft Corporation) C:\Windows\System32\inetcpl.cpl

2012-07-13 09:18 - 2012-06-02 09:25 - 01129472 ____A (Microsoft Corporation) C:\Windows\System32\wininet.dll

2012-07-13 09:18 - 2012-06-02 09:23 - 00231936 ____A (Microsoft Corporation) C:\Windows\System32\url.dll

2012-07-13 09:18 - 2012-06-02 09:21 - 00065024 ____A (Microsoft Corporation) C:\Windows\System32\jsproxy.dll

2012-07-13 09:18 - 2012-06-02 09:20 - 00142848 ____A (Microsoft Corporation) C:\Windows\System32\ieUnatt.exe

2012-07-13 09:18 - 2012-06-02 09:19 - 01793024 ____A (Microsoft Corporation) C:\Windows\System32\iertutil.dll

2012-07-13 09:18 - 2012-06-02 09:19 - 00716800 ____A (Microsoft Corporation) C:\Windows\System32\jscript.dll

2012-07-13 09:18 - 2012-06-02 09:17 - 00073216 ____A (Microsoft Corporation) C:\Windows\System32\mshtmled.dll

2012-07-13 09:18 - 2012-06-02 09:16 - 02382848 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.tlb

2012-07-13 09:18 - 2012-06-02 09:14 - 00176640 ____A (Microsoft Corporation) C:\Windows\System32\ieui.dll

2012-07-13 09:16 - 2012-06-12 03:40 - 02345984 ____A (Microsoft Corporation) C:\Windows\System32\win32k.sys

2012-07-13 09:16 - 2012-06-09 05:41 - 12873728 ____A (Microsoft Corporation) C:\Windows\System32\shell32.dll

2012-07-13 09:16 - 2012-06-06 06:05 - 01390080 ____A (Microsoft Corporation) C:\Windows\System32\msxml6.dll

2012-07-13 09:16 - 2012-06-06 06:05 - 01236992 ____A (Microsoft Corporation) C:\Windows\System32\msxml3.dll

2012-07-13 09:16 - 2012-06-06 06:03 - 00805376 ____A (Microsoft Corporation) C:\Windows\System32\cdosys.dll

2012-07-13 09:16 - 2012-06-02 05:45 - 00134000 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\ksecpkg.sys

2012-07-13 09:16 - 2012-06-02 05:45 - 00067440 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\ksecdd.sys

2012-07-13 09:16 - 2012-06-02 05:40 - 00369336 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\cng.sys

2012-07-13 09:16 - 2012-06-02 05:40 - 00225280 ____A (Microsoft Corporation) C:\Windows\System32\schannel.dll

2012-07-13 09:16 - 2012-06-02 05:39 - 00219136 ____A (Microsoft Corporation) C:\Windows\System32\ncrypt.dll

2012-07-13 09:16 - 2010-06-26 04:24 - 00002048 ____A (Microsoft Corporation) C:\Windows\System32\msxml3r.dll

============ 3 Months Modified Files ========================

2012-08-05 19:01 - 2010-05-15 15:58 - 02072168 ____A C:\Windows\WindowsUpdate.log

2012-08-05 18:59 - 2010-05-15 17:44 - 01557818 ____A C:\Windows\System32\PerfStringBackup.INI

2012-08-05 18:49 - 2012-07-30 18:36 - 00001002 ____A C:\Windows\Tasks\Adobe Flash Player Updater.job

2012-08-05 18:24 - 2012-08-05 18:24 - 00000186 ____A C:\Users\marc\Desktop\ckfiles.txt

2012-08-05 18:23 - 2012-08-05 18:23 - 00458240 ____A () C:\Users\marc\Desktop\CKScanner.exe

2012-08-05 18:14 - 2010-05-19 20:04 - 00001052 ____A C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job

2012-08-05 18:14 - 2010-05-19 20:04 - 00001048 ____A C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job

2012-08-05 15:21 - 2012-08-05 15:21 - 00000854 ____A C:\Users\UpdatusUser\Desktop\NTREGOPT.lnk

2012-08-05 15:21 - 2012-08-05 15:21 - 00000854 ____A C:\Users\isabelle.PC-marc\Desktop\NTREGOPT.lnk

2012-08-05 15:21 - 2012-08-05 15:21 - 00000835 ____A C:\Users\UpdatusUser\Desktop\ERUNT.lnk

2012-08-05 15:21 - 2012-08-05 15:21 - 00000835 ____A C:\Users\isabelle.PC-marc\Desktop\ERUNT.lnk

2012-08-05 14:37 - 2009-07-14 05:34 - 00030784 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0

2012-08-05 14:37 - 2009-07-14 05:34 - 00030784 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0

2012-08-05 14:29 - 2012-07-30 20:42 - 00000762 ____A C:\Windows\setupact.log

2012-08-05 14:29 - 2009-07-14 05:53 - 00000006 ___AH C:\Windows\Tasks\SA.DAT

2012-08-04 12:45 - 2012-08-04 12:45 - 00001793 ____A C:\Users\Public\Desktop\Duke Nukem Forever.lnk

2012-08-04 11:19 - 2010-07-23 09:16 - 00017488 ____A (Windows ® 2000 DDK provider) C:\Windows\gdrv.sys

2012-08-04 11:11 - 2012-08-04 11:11 - 00001216 ____A C:\AdwCleaner[R1].txt

2012-08-04 10:49 - 2012-04-09 07:54 - 00426184 ____A (Adobe Systems Incorporated) C:\Windows\System32\FlashPlayerApp.exe

2012-08-04 10:49 - 2011-05-17 19:56 - 00070344 ____A (Adobe Systems Incorporated) C:\Windows\System32\FlashPlayerCPLApp.cpl

2012-08-04 07:31 - 2010-07-23 10:31 - 00000600 ____A C:\Users\marc\AppData\Local\PUTTY.RND

2012-08-02 19:49 - 2012-08-02 19:49 - 00011707 ____A C:\ComboFix.txt

2012-07-31 20:08 - 2010-10-09 09:01 - 00002054 ___AH C:\Users\marc\Documents\Default.rdp

2012-07-31 19:27 - 2012-07-31 19:27 - 00000376 ____A C:\Windows\PFRO.log

2012-07-30 20:42 - 2012-07-30 20:42 - 00000000 ____A C:\Windows\setuperr.log

2012-07-30 20:37 - 2012-07-30 20:37 - 00206376 __RSH C:\grldr

2012-07-30 20:35 - 2012-07-30 20:35 - 00202356 ____A C:\Users\marc\Documents\cc_20120730_213508.reg

2012-07-30 19:36 - 2009-07-14 03:04 - 00000215 ____A C:\Windows\system.ini

2012-07-30 18:43 - 2012-07-30 18:43 - 01091128 ____A C:\Users\isabelle.PC-marc\Downloads\Unlocker1.9.1.exe

2012-07-30 18:34 - 2012-07-30 18:34 - 00354184 ____A C:\Users\isabelle.PC-marc\Downloads\installer_flash_player_French.exe

2012-07-30 18:16 - 2012-07-30 18:16 - 04722436 ___RA (Swearware) C:\Users\isabelle.PC-marc\Downloads\ComboFix.exe

2012-07-30 17:58 - 2012-07-30 17:58 - 00068552 ____A C:\Users\isabelle.PC-marc\AppData\Local\GDIPFONTCACHEV1.DAT

2012-07-30 17:40 - 2012-07-30 17:40 - 00000020 __ASH C:\Users\isabelle.PC-marc\ntuser.ini

2012-07-30 17:30 - 2012-07-30 17:30 - 00000020 __ASH C:\Users\isabelle\ntuser.ini

2012-07-13 17:33 - 2009-07-14 05:33 - 00313992 ____A C:\Windows\System32\FNTCACHE.DAT

2012-07-13 09:17 - 2010-05-21 20:38 - 57442464 ____A (Microsoft Corporation) C:\Windows\System32\MRT.exe

2012-07-03 12:46 - 2011-03-31 20:07 - 00022344 ____A (Malwarebytes Corporation) C:\Windows\System32\Drivers\mbam.sys

2012-06-12 03:40 - 2012-07-13 09:16 - 02345984 ____A (Microsoft Corporation) C:\Windows\System32\win32k.sys

2012-06-09 05:41 - 2012-07-13 09:16 - 12873728 ____A (Microsoft Corporation) C:\Windows\System32\shell32.dll

2012-06-06 06:05 - 2012-07-13 09:16 - 01390080 ____A (Microsoft Corporation) C:\Windows\System32\msxml6.dll

2012-06-06 06:05 - 2012-07-13 09:16 - 01236992 ____A (Microsoft Corporation) C:\Windows\System32\msxml3.dll

2012-06-06 06:03 - 2012-07-13 09:16 - 00805376 ____A (Microsoft Corporation) C:\Windows\System32\cdosys.dll

2012-06-02 23:19 - 2012-06-21 16:26 - 01933848 ____A (Microsoft Corporation) C:\Windows\System32\wuaueng.dll

2012-06-02 23:19 - 2012-06-21 16:26 - 00577048 ____A (Microsoft Corporation) C:\Windows\System32\wuapi.dll

2012-06-02 23:19 - 2012-06-21 16:26 - 00053784 ____A (Microsoft Corporation) C:\Windows\System32\wuauclt.exe

2012-06-02 23:19 - 2012-06-21 16:26 - 00045080 ____A (Microsoft Corporation) C:\Windows\System32\wups2.dll

2012-06-02 23:19 - 2012-06-21 16:26 - 00035864 ____A (Microsoft Corporation) C:\Windows\System32\wups.dll

2012-06-02 23:12 - 2012-06-21 16:26 - 02422272 ____A (Microsoft Corporation) C:\Windows\System32\wucltux.dll

2012-06-02 23:12 - 2012-06-21 16:26 - 00088576 ____A (Microsoft Corporation) C:\Windows\System32\wudriver.dll

2012-06-02 14:19 - 2012-06-21 16:26 - 00171904 ____A (Microsoft Corporation) C:\Windows\System32\wuwebv.dll

2012-06-02 14:12 - 2012-06-21 16:26 - 00033792 ____A (Microsoft Corporation) C:\Windows\System32\wuapp.exe

2012-06-02 10:07 - 2012-07-13 09:18 - 12314624 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.dll

2012-06-02 09:43 - 2012-07-13 09:18 - 09737728 ____A (Microsoft Corporation) C:\Windows\System32\ieframe.dll

2012-06-02 09:33 - 2012-07-13 09:18 - 01800192 ____A (Microsoft Corporation) C:\Windows\System32\jscript9.dll

2012-06-02 09:26 - 2012-07-13 09:18 - 01103872 ____A (Microsoft Corporation) C:\Windows\System32\urlmon.dll

2012-06-02 09:25 - 2012-07-13 09:18 - 01427968 ____A (Microsoft Corporation) C:\Windows\System32\inetcpl.cpl

2012-06-02 09:25 - 2012-07-13 09:18 - 01129472 ____A (Microsoft Corporation) C:\Windows\System32\wininet.dll

2012-06-02 09:23 - 2012-07-13 09:18 - 00231936 ____A (Microsoft Corporation) C:\Windows\System32\url.dll

2012-06-02 09:21 - 2012-07-13 09:18 - 00065024 ____A (Microsoft Corporation) C:\Windows\System32\jsproxy.dll

2012-06-02 09:20 - 2012-07-13 09:18 - 00142848 ____A (Microsoft Corporation) C:\Windows\System32\ieUnatt.exe

2012-06-02 09:19 - 2012-07-13 09:18 - 01793024 ____A (Microsoft Corporation) C:\Windows\System32\iertutil.dll

2012-06-02 09:19 - 2012-07-13 09:18 - 00716800 ____A (Microsoft Corporation) C:\Windows\System32\jscript.dll

2012-06-02 09:17 - 2012-07-13 09:18 - 00073216 ____A (Microsoft Corporation) C:\Windows\System32\mshtmled.dll

2012-06-02 09:16 - 2012-07-13 09:18 - 02382848 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.tlb

2012-06-02 09:14 - 2012-07-13 09:18 - 00176640 ____A (Microsoft Corporation) C:\Windows\System32\ieui.dll

2012-06-02 05:45 - 2012-07-13 09:16 - 00134000 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\ksecpkg.sys

2012-06-02 05:45 - 2012-07-13 09:16 - 00067440 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\ksecdd.sys

2012-06-02 05:40 - 2012-07-13 09:16 - 00369336 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\cng.sys

2012-06-02 05:40 - 2012-07-13 09:16 - 00225280 ____A (Microsoft Corporation) C:\Windows\System32\schannel.dll

2012-06-02 05:39 - 2012-07-13 09:16 - 00219136 ____A (Microsoft Corporation) C:\Windows\System32\ncrypt.dll

2012-05-31 17:47 - 2009-07-14 05:53 - 00032482 ____A C:\Windows\Tasks\SCHEDLGU.TXT

2012-05-31 11:25 - 2010-05-15 18:12 - 00237072 ____N (Microsoft Corporation) C:\Windows\System32\MpSigStub.exe

========================= Known DLLs (Whitelisted) ============

========================= Bamital & volsnap Check ============

C:\Windows\explorer.exe => MD5 is legit

C:\Windows\System32\winlogon.exe => MD5 is legit

C:\Windows\System32\wininit.exe => MD5 is legit

C:\Windows\System32\svchost.exe => MD5 is legit

C:\Windows\System32\services.exe => MD5 is legit

C:\Windows\System32\User32.dll => MD5 is legit

C:\Windows\System32\userinit.exe => MD5 is legit

C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit

==================== EXE ASSOCIATION =====================

HKLM\...\.exe: exefile => OK

HKLM\...\exefile\DefaultIcon: %1 => OK

HKLM\...\exefile\open\command: "%1" %* => OK

========================= Memory info ======================

Percentage of memory in use: 11%

Total physical RAM: 4094.54 MB

Available physical RAM: 3611.7 MB

Total Pagefile: 4092.82 MB

Available Pagefile: 3610.17 MB

Total Virtual: 2047.88 MB

Available Virtual: 1958.3 MB

======================= Partitions =========================

2 Drive c: () (Fixed) (Total:189.05 GB) (Free:123.98 GB) NTFS ==>[system with boot components (obtained from reading drive)]

3 Drive d: (raid) (Fixed) (Total:232.88 GB) (Free:49.79 GB) NTFS

5 Drive f: (Disque de réparation Windows 7 3) (CDROM) (Total:0.14 GB) (Free:0 GB) UDF

6 Drive g: (CORSAIR) (Removable) (Total:0.95 GB) (Free:0.38 GB) FAT

7 Drive x: (Boot) (Fixed) (Total:0.03 GB) (Free:0.03 GB) NTFS

Nø disque Statut Taille Libre Dyn GPT

--------- ------------- ------- ------- --- ---

Disque 0 En ligne 232 G octets 1024 K octets

Disque 1 En ligne 232 G octets 0 octets

Disque 2 En ligne 968 M octets 0 octets

Partitions of Disk 0:

===============

Nø partition Type Taille D‚calage

------------- ---------------- ------- --------

Partition 1 Principale 189 G 31 K

Partition 2 Principale 43 G 189 G

==================================================================================

Disk: 0

Partition 1

Type : 07

Masqu‚ : Non

Active : Oui

D‚calage en octets : 32256

Nø volume Ltr Nom Fs Type Taille Statut Info

---------- --- ----------- ----- ---------- ------- --------- --------

* Volume 1 C NTFS Partition 189 G Sain

==================================================================================

Disk: 0

Partition 2

Type : 06

Masqu‚ : Non

Active : Non

D‚calage en octets : 202988584960

Nø volume Ltr Nom Fs Type Taille Statut Info

---------- --- ----------- ----- ---------- ------- --------- --------

* Volume 2 E RAW Partition 43 G Sain

==================================================================================

Partitions of Disk 1:

===============

Nø partition Type Taille D‚calage

------------- ---------------- ------- --------

Partition 1 Principale 232 G 1024 K

==================================================================================

Disk: 1

Partition 1

Type : 07

Masqu‚ : Non

Active : Non

D‚calage en octets : 1048576

Nø volume Ltr Nom Fs Type Taille Statut Info

---------- --- ----------- ----- ---------- ------- --------- --------

* Volume 3 D raid NTFS Partition 232 G Sain

==================================================================================

Partitions of Disk 2:

===============

Nø partition Type Taille D‚calage

------------- ---------------- ------- --------

Partition 1 Principale 967 M 16 K

==================================================================================

Disk: 2

Partition 1

Type : 06

Masqu‚ : Non

Active : Oui

D‚calage en octets : 16384

Nø volume Ltr Nom Fs Type Taille Statut Info

---------- --- ----------- ----- ---------- ------- --------- --------

* Volume 4 G CORSAIR FAT Amovible 967 M Sain

==================================================================================

==========================================================

Last Boot: 2012-07-28 12:34

======================= End Of Log ==========================

[tybreizh29]

I get the malware the 30th of July and i used Isabelle account to update flash player later in the day. (it's in the log, but I just explain if it can help)

[Maurice Naggar]

Marc,

Mon ami, it is a bit late now, but, since you have French-language version of Windows, you probably should have started at ZEBULON forum http://forum.zebulon.fr/securite-f40.html

Remove the CD from the CD-drive, and, Restart the system fresh.

Your Java runtime is out of date. Older versions have vulnerabilities that malware can use to infect your system. Please follow these steps to remove older version Java components and update.

• Download the latest version of >> Windows Offline << from here and save it to your desktop.
  
• Get the Offline version that corresponds to your "bit-tedness" of your Windows (32-bit or 64-bit)
  How to determine whether a computer is running a 32-bit version or 64-bit version of the Windows operating system
  
• Close any programs you may have running - especially your web browser(s).
  
• Go to Start > Settings > Control Panel, select Add/Remove Programs and remove all older versions of Java.
  
• Check (highlight) any item with Java Runtime Environment (JRE or J2SE or Java) in the name.
  
• Click the Remove or Change/Remove button.
  
• Repeat as many times as necessary to remove each Java versions.
  
• Reboot your computer once all Java components are removed.
  
• Then from your desktop double-click on jre-7u5-windows-i586.exe to install the newest version.
  ( jre-7u5-windows-x64.exe if this is a 64-bit Windows o.s.)
  

• After the install is complete, go into the Control Panel (using Classic View) and double-click the Java Icon. (looks like a coffee cup)
  • On the General tab, under Temporary Internet Files, click the Settings button.
    
  • Next, click on the Delete Files button
    
  • There are two options in the window to clear the cache - Leave BOTH Checked
    • Applications and Applets
      Trace and Log Files
      

    [*]Click OK on Delete Temporary Files Window

    Note: This deletes ALL the Downloaded Applications and Applets from the CACHE.

    [*]Click OK to leave the Temporary Files Window

Small tweaks for Java runtime, since most all users do not need to load Java at each Windows startup:

Click Advanced Tab. Expand the Miscellaneous item.

UN-check the line Java quick starter

Press Apply then OK. Close the applet when done.

Download Dr.Web CureIt to the desktop.

• Turn OFF your antivirus program.
  How To Temporarily Disable Your Anti-virus, Firewall And Anti-malware Programs
  
• Doubleclick the drweb-cureit.exe file, then on Start and allow to run the express scan
  
• This will scan the files currently running in memory and when something is found, click the yes button when it asks you if you want to cure it. This is only a short scan.
  
• Once the short scan has finished, chose the Complete Scan.
  
• Select all drives. A red dot shows which drives have been chosen.
  
• Click the green arrow at the right, and the scan will start.
  
• Click 'Yes to all' if it asks if you want to cure/move the file.
  
• When the scan has finished, look and see if you can click the following icon next to the files found:
  
  
• If so, click it and then click the next icon right below and select Move incurable as you'll see in next image:
  
  
• This will move it to the %userprofile%\DoctorWeb\quarantaine-folder if it can't be cured. (this in case if we need samples)
  
• After selecting, in the Dr.Web CureIt menu on top, click file and choose save report list
  
• Save the report to your desktop. The report will be called DrWeb.csv
  
• Close Dr.Web Cureit.
  
• Reboot your computer to allow files that were in use to be moved/deleted during reboot.
  
• After reboot, post the contents of the log from Dr.Web you saved previously in your next reply.
  

NOTE: During the scan, a pop-up window will open asking for full version purchase. Simply close the window by clicking on X in upper right corner.

Re-Enable your antivirus program when all done.

Edited August 5, 2012 by Maurice Naggar

[tybreizh29]

Hi Maurice,

To be honest is choose the place where there were as many posts as possible, as my tests & forum reading show me that my malware was more tricky that those I found in the forum, your forum seemed fine for me, English or French I don't really mind.

The scan was finished at 1:30 am, and now I'm at work and I noticed you asked for the DrWeb.cvs ! It's at home, I'll post I this evening (my evening).

To summarize it as found some virus that were in quarantine in Avira's directory, and some false positive (vvncviewer, tomtom software and your soft OTL.exe) that's all.

Is there a way to find who is creating the hlktmp file at boot time, procmon just tell me "svhost.exe create c:\windows\temp\hlktmp" and I see the protection set to that file, but not who creates it

[tybreizh29]

It's funny, in another forum I used to help people (French users of Ford Mustang's) that have electrical or electronic problems with their cars.

I bought mine in the USA but Ford France does not support the car (no spare parts, no help ... )

I'm 44 and it's the first time I really need some help to remove a virus (usually I do it logging the registry or the disk but not now)

[Maurice Naggar]

That's ok that you are here. No worries.

I would like to have the DrWeb Cure-It log, when you have a chance.

You may try getting & running a report from Autoruns from Microsoft {Sysinternals}

http://technet.microsoft.com/en-us/sysinternals/bb963902.aspx

Is your Windows 7 running as a local install? or do you have it running in a virtual VM ?

[tybreizh29]

The log size is more than 11Mo !

I put in a 7z archive, put I guess it's not good for your security but 673Ko size now. it's here http://dl.free.fr/qK6sN9Hp8 (free.fr is my provider)

what do you want me to do ?

is a win7 localinstall

attached is the arn file, it's a bin so I attached it as a txt, I'm not sure you like it too

AutoRuns.arn.txt

[Maurice Naggar]

I have downloaded, and can let you know, after I have had a chance to review.

For now, give me a summary of the current condition of "your problem".

[tybreizh29]

Now :

I have a file which is created at each boot : C:\Windows\Temp\hlktmp size 8,01 Mo (8 405 015 bits)

on the GUI no visible symptom ! (no more the ransom screen since flash player has been updated).

A friend gave me a linux bootable cd with Avira pro, nothing found.

[Maurice Naggar]

Download TFC by OldTimer and SAVE it to your desktop

• Double-click TFC.exe to run it. (Note: If you are running on Vista or Windows 7, right-click on the file and choose Run As Administrator).
  
• It will close all programs when run, so make sure you have saved all your work before you begin.
  
• Click the Start button to begin the process. Depending on how often you clean temp files, execution time should be anywhere from a few seconds to a minute or two. Let it run uninterrupted to completion.
  
• Once it's finished it should reboot your machine. If it does not, please manually reboot the machine yourself to ensure a complete clean.

[tybreizh29]

hlktmp still there

[Maurice Naggar]

Do you possibly have developer software that uses a hardware dongle?

[tybreizh29]

no

my hardware are:

1 sata disk - bootable - win7

1 sata disk raid 1 - my data

1 sata dvd

no usb memory pluged in

1 graphic card

the motherboard (gigabyte)

USB keyboard + mouse

[tybreizh29]

I've got a NAS on the network (qnap raid5) mounted manually with samba

[Maurice Naggar]

This procedure is to clean out temporary files, using OTL.

• Please double-click OTL.exe to run it. (Note: If you are running on Windows 7 or Vista, right-click on the file and choose Run As Administrator).
  
• Copy all the lines in between the **** stars lines **** below to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose Copy):
  *****************************************************************
  :processes
  killallprocesses
  :files
  C:\Windows\Temp\hlktmp
  recycler /alldrives
  :Commands
  [purity]
  [emptytemp]
  [CREATERESTOREPOINT]
  [EMPTYFLASH]
  [Reboot]
  *****************************************************************
  
• Return to OTL. Right click in the window (under the aqua-blue bar) and choose Paste.
  
• Close any browser(s) windows that may be open.
  
• Using your mouse, click on the red-lettered button .
  
• Once you see a message box "Fix complete! Click OK to open the fix log."
  Click the OK button
  
• The log will open in Notepad (your default text editor).
  
• Save the log. Post a copy of that log in your next reply.

Note: If a file or folder cannot be moved immediately you may be asked to reboot the machine to finish the move process.

If you are asked to reboot the machine choose Yes. In this case, after the reboot, open Notepad (Start->All Programs->Accessories->Notepad), click File->Open, in the File Name box enter *.log and press the Enter key, navigate to the C:\_OTL\MovedFiles folder, and open the newest .log file present, and copy/paste the contents of that document back here in your next post.

This should remove the hlktmp folder. But most likely it will return after the next Windows start.

We are on a seeming wild-goose-hunt, as this is likely not malware.

You should review closely all your startup programs (those that start with Windows) and reduce them to only the bare minimum.

which is antivirus program {Avira}

MBAM is using the PRO

HDD & raid & network drivers only

otherwise, set your other programs to not start with Windows.

See this MS article How to troubleshoot a problem by performing a clean boot in Windows Vista or in Windows 7

http://support.microsoft.com/kb/929135

Use this sequence

Turn all off

see if issue still there

Turn 1 on at a time and test to see if problem is there

Repeat as necessary.

[tybreizh29]

first below is is the OFT after the commands :

Then I disabled ALL services and startup progs (btw win is very ugly with all it's stuff) I uninstalled vmware & tortoise because they keep staying in the logs

here is the oft log I passed.

Win7 enabled after me some services but looks fine to me:

hlktmp is again created

I think it's a malware but an update of flash canceled the effects

All processes killed

========== PROCESSES ==========

========== FILES ==========

File move failed. C:\Windows\Temp\hlktmp scheduled to be moved on reboot.

recycler not found in C:\

recycler not found in D:\

========== COMMANDS ==========

[EMPTYTEMP]

User: All Users

User: Default

->Temp folder emptied: 0 bytes

->Temporary Internet Files folder emptied: 0 bytes

->Flash cache emptied: 0 bytes

User: Default User

->Temp folder emptied: 0 bytes

->Temporary Internet Files folder emptied: 0 bytes

->Flash cache emptied: 0 bytes

User: isabelle

->Temp folder emptied: 0 bytes

->Temporary Internet Files folder emptied: 0 bytes

->Flash cache emptied: 0 bytes

User: isabelle.PC-marc

->Temp folder emptied: 0 bytes

->Temporary Internet Files folder emptied: 0 bytes

->FireFox cache emptied: 0 bytes

->Flash cache emptied: 0 bytes

User: marc

->Temp folder emptied: 780 bytes

->Temporary Internet Files folder emptied: 33170 bytes

->Java cache emptied: 0 bytes

->FireFox cache emptied: 159464402 bytes

->Flash cache emptied: 2356 bytes

User: Public

->Temp folder emptied: 0 bytes

User: UpdatusUser

->Temp folder emptied: 0 bytes

->Temporary Internet Files folder emptied: 0 bytes

%systemdrive% .tmp files removed: 0 bytes

%systemroot% .tmp files removed: 0 bytes

%systemroot%\System32 .tmp files removed: 0 bytes

%systemroot%\System32\drivers .tmp files removed: 0 bytes

Windows Temp folder emptied: 8425254 bytes

RecycleBin emptied: 0 bytes

Total Files Cleaned = 160,00 mb

Restore point Set: OTL Restore Point

[EMPTYFLASH]

User: All Users

User: Default

->Flash cache emptied: 0 bytes

User: Default User

->Flash cache emptied: 0 bytes

User: isabelle

->Flash cache emptied: 0 bytes

User: isabelle.PC-marc

->Flash cache emptied: 0 bytes

User: marc

->Flash cache emptied: 0 bytes

User: Public

User: UpdatusUser

Total Flash Files Cleaned = 0,00 mb

OTL by OldTimer - Version 3.2.56.0 log created on 08072012_182212

Files\Folders moved on Reboot...

File move failed. C:\Windows\Temp\hlktmp scheduled to be moved on reboot.

File move failed. C:\Windows\temp\vmware-Système\vmauthd.log scheduled to be moved on reboot.

C:\Windows\temp\vmware-Système\vmware-usbarb-Système-2064.log moved successfully.

PendingFileRenameOperations files...

[2012/08/07 18:24:57 | 008,405,015 | ---- | M] () C:\Windows\Temp\hlktmp : Unable to obtain MD5

[2012/08/07 18:25:11 | 000,003,502 | ---- | M] () C:\Windows\temp\vmware-Système\vmauthd.log : Unable to obtain MD5

File C:\Windows\temp\vmware-Système\vmware-usbarb-Système-2064.log not found!

Registry entries deleted on Reboot...

********************************************************************************************************************

********************************************************************************************************************

********************************************************************************************************************

********************************************************************************************************************

OTL logfile created on: 07/08/2012 19:29:40 - Run 5

OTL by OldTimer - Version 3.2.56.0 Folder = C:\Users\marc\Desktop

Professional Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation

Internet Explorer (Version = 9.0.8112.16421)

Locale: 0000040c | Country: France | Language: FRA | Date Format: dd/MM/yyyy

3,00 Gb Total Physical Memory | 2,25 Gb Available Physical Memory | 75,03% Memory free

6,00 Gb Paging File | 5,24 Gb Available in Paging File | 87,32% Paging File free

Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files

Drive C: | 189,05 Gb Total Space | 122,61 Gb Free Space | 64,86% Space Free | Partition Type: NTFS

Drive D: | 232,88 Gb Total Space | 49,78 Gb Free Space | 21,38% Space Free | Partition Type: NTFS

Computer Name: PC-MARC | User Name: marc | Logged in as Administrator.

Boot Mode: Normal | Scan Mode: Current user

Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2012/08/07 17:47:43 | 000,596,480 | ---- | M] (OldTimer Tools) -- C:\Users\marc\Desktop\OTL.exe

PRC - [2011/08/31 18:05:19 | 000,269,480 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe

PRC - [2011/06/24 06:22:20 | 000,271,360 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\conhost.exe

PRC - [2011/04/29 19:36:36 | 000,136,360 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\sched.exe

PRC - [2011/02/25 07:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe

PRC - [2010/01/14 23:11:14 | 000,076,968 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\avshadow.exe

========== Modules (No Company Name) ==========

MOD - [2010/07/04 23:32:38 | 000,010,752 | ---- | M] () -- C:\Program Files\Unlocker\UnlockerCOM.dll

MOD - [2009/11/04 02:14:04 | 000,054,272 | ---- | M] () -- C:\Program Files\Notepad++\NppShell_01.dll

========== Win32 Services (SafeList) ==========

SRV - [2012/08/04 11:49:32 | 000,250,056 | ---- | M] (Adobe Systems Incorporated) [Disabled | Stopped] -- C:\Windows\System32\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)

SRV - [2012/07/28 19:11:26 | 000,113,120 | ---- | M] (Mozilla Foundation) [Disabled | Stopped] -- C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)

SRV - [2011/08/31 18:05:19 | 000,269,480 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService)

SRV - [2011/06/06 12:55:28 | 000,064,952 | ---- | M] (Adobe Systems Incorporated) [Disabled | Stopped] -- C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)

SRV - [2011/05/21 06:01:00 | 002,214,504 | ---- | M] (NVIDIA Corporation) [Disabled | Stopped] -- C:\Program Files\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe -- (nvUpdatusService)

SRV - [2011/05/17 19:56:04 | 000,008,192 | ---- | M] () [Disabled | Stopped] -- C:\Windows\System32\srvany.exe -- (KMService)

SRV - [2011/04/29 19:36:36 | 000,136,360 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Program Files\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService)

SRV - [2010/06/25 19:07:20 | 000,117,264 | ---- | M] (CACE Technologies, Inc.) [Disabled | Stopped] -- C:\Program Files\WinPcap\rpcapd.exe -- (rpcapd)

SRV - [2010/03/01 23:09:48 | 006,074,368 | ---- | M] () [Disabled | Stopped] -- D:\Databases\bin\mysqld.exe -- (MySQL)

SRV - [2009/12/16 16:44:36 | 003,750,400 | ---- | M] (SafeNet Inc.) [Disabled | Stopped] -- C:\Windows\System32\hasplms.exe -- (hasplms)

SRV - [2009/07/14 03:16:15 | 000,016,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\System32\StorSvc.dll -- (StorSvc)

SRV - [2009/07/14 03:16:13 | 000,025,088 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\System32\sensrsvc.dll -- (SensrSvc)

SRV - [2009/07/14 03:16:12 | 001,004,544 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\System32\PeerDistSvc.dll -- (PeerDistSvc)

SRV - [2009/07/14 03:15:41 | 000,680,960 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)

SRV - [2007/05/31 16:21:24 | 000,379,784 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\WindowsMobile\wcescomm.dll -- (WcesComm)

SRV - [2007/05/31 16:21:18 | 000,183,688 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\WindowsMobile\rapimgr.dll -- (RapiMgr)

========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\vmnetadapter.sys -- (VMnetAdapter)

DRV - File not found [Kernel | Boot | Stopped] -- system32\DRIVERS\vmci.sys -- (vmci)

DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Users\marc\AppData\Local\Temp\catchme.sys -- (catchme)

DRV - File not found [Kernel | On_Demand | Unknown] -- -- (aqph90cd)

DRV - [2012/08/04 12:19:42 | 000,017,488 | ---- | M] (Windows ® 2000 DDK provider) [Kernel | On_Demand | Stopped] -- C:\Windows\gdrv.sys -- (gdrv)

DRV - [2012/02/09 22:43:00 | 010,816,832 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvlddmkm.sys -- (nvlddmkm)

DRV - [2011/08/31 18:05:20 | 000,138,192 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\System32\drivers\avipbb.sys -- (avipbb)

DRV - [2011/08/31 18:05:20 | 000,066,616 | ---- | M] (Avira GmbH) [File_System | Auto | Running] -- C:\Windows\System32\drivers\avgntflt.sys -- (avgntflt)

DRV - [2010/11/20 14:30:15 | 000,175,360 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\vmbus.sys -- (vmbus)

DRV - [2010/11/20 14:30:15 | 000,040,704 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\vmstorfl.sys -- (storflt)

DRV - [2010/11/20 14:30:15 | 000,028,032 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\storvsc.sys -- (storvsc)

DRV - [2010/11/20 12:24:41 | 000,052,224 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\TsUsbFlt.sys -- (TsUsbFlt)

DRV - [2010/11/20 11:59:44 | 000,035,968 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\winusb.sys -- (WinUsb)

DRV - [2010/11/20 11:14:45 | 000,017,920 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\VMBusHID.sys -- (VMBusHID)

DRV - [2010/11/20 11:14:41 | 000,005,632 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\vms3cap.sys -- (s3cap)

DRV - [2010/11/06 22:24:32 | 000,020,080 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Program Files\PeerBlock\pbfilter.sys -- (pbfilter)

DRV - [2010/06/25 19:07:14 | 000,035,088 | ---- | M] (CACE Technologies, Inc.) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\npf.sys -- (NPF)

DRV - [2010/06/17 16:28:02 | 000,028,520 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\System32\drivers\ssmdrv.sys -- (ssmdrv)

DRV - [2010/06/13 10:12:05 | 000,691,696 | ---- | M] () [Kernel | Boot | Running] -- C:\Windows\System32\drivers\sptd.sys -- (sptd)

DRV - [2010/05/16 15:16:34 | 000,223,440 | ---- | M] (TrueCrypt Foundation) [Kernel | System | Running] -- C:\Windows\System32\drivers\truecrypt.sys -- (truecrypt)

DRV - [2010/01/20 16:53:06 | 000,014,216 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\System32\epmntdrv.sys -- (epmntdrv)

DRV - [2010/01/20 16:53:04 | 000,008,456 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\System32\EuGdiDrv.sys -- (EuGdiDrv)

DRV - [2009/12/09 22:27:18 | 000,588,800 | ---- | M] (SafeNet Inc.) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\hardlock.sys -- (hardlock)

DRV - [2009/08/20 08:01:50 | 000,356,864 | ---- | M] (Aladdin Knowledge Systems Ltd.) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\aksfridge.sys -- (aksfridge)

DRV - [2009/08/04 17:44:14 | 000,213,024 | ---- | M] (NVIDIA Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\nvstor32.sys -- (nvstor32)

DRV - [2009/08/04 17:44:12 | 000,139,296 | ---- | M] (NVIDIA Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\nvrd32.sys -- (nvrd32)

DRV - [2009/07/14 00:02:52 | 000,347,264 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\nvm62x32.sys -- (NVENETFD)

DRV - [2009/07/06 15:33:40 | 000,015,616 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\hcw95rc.sys -- (hcw95rc)

DRV - [2009/07/06 15:30:58 | 000,573,440 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\hcw95bda.sys -- (hcw95bda)

DRV - [2009/02/13 11:34:33 | 000,011,608 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Program Files\Avira\AntiVir Desktop\avgio.sys -- (avgio)

DRV - [2008/03/20 15:50:16 | 000,072,000 | ---- | M] (FTDI Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ftser2k.sys -- (FTSER2K)

DRV - [2008/03/20 15:50:16 | 000,057,536 | ---- | M] (FTDI Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ftdibus.sys -- (FTDIBUS)

DRV - [2004/08/13 09:56:20 | 000,005,810 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ASACPI.sys -- (MTsensor)

DRV - [1998/03/03 14:55:58 | 000,040,480 | ---- | M] () [Kernel | Auto | Running] -- C:\Windows\System32\drivers\mgnt.sys -- (MicroGuard)

========== Standard Registry (SafeList) ==========

========== Internet Explorer ==========

IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}

IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = fr

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = C0 5B 15 F4 19 62 CB 01 [binary data]

IE - HKCU\..\SearchScopes,DefaultScope = {46EFB80E-89CF-4F04-9263-D854E15EA830}

IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC

IE - HKCU\..\SearchScopes\{46EFB80E-89CF-4F04-9263-D854E15EA830}: "URL" = http://www.google.fr/search?hl=fr&q={searchTerms}+&meta=

IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..browser.search.searchbox.width: 267

FF - prefs.js..browser.search.selectedEngine: "Bing"

FF - prefs.js..browser.search.useDBForOrder: true

FF - prefs.js..browser.startup.homepage: "about:blank"

FF - prefs.js..extensions.enabledItems: amin.eft_Shutdown@gmail.com:3.6.2D

FF - prefs.js..extensions.enabledItems: personas@christopher.beard:1.6.2

FF - prefs.js..extensions.enabledItems: {37E4D8EA-8BDA-4831-8EA1-89053939A250}:3.0.0.2

FF - prefs.js..extensions.enabledItems: {71328583-3CA7-4809-B4BA-570A85818FBB}:0.6.3

FF - prefs.js..extensions.enabledItems: {B17C1C5A-04B1-11DB-9804-B622A1EF5492}:1.2.1

FF - prefs.js..extensions.enabledItems: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}:1.3.3

FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20

FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}:6.0.21

FF - prefs.js..extensions.enabledItems: adblockpopups@jessehakanen.net:0.2.2

FF - prefs.js..extensions.enabledItems: {EDA7B1D7-F793-4e03-B074-E6F303317FB0}:1.2.7

FF - prefs.js..extensions.enabledItems: formhistory@yahoo.com:1.2.8.1

FF - prefs.js..extensions.enabledItems: savecomplete@perlprogrammer.com:1.0.1

FF - prefs.js..extensions.enabledItems: {b9db16a4-6edc-47ec-a1f4-b86292ed211d}:4.8.4

FF - prefs.js..network.proxy.backup.ftp: "63.238.216.26"

FF - prefs.js..network.proxy.backup.ftp_port: 80

FF - prefs.js..network.proxy.backup.gopher: "63.238.216.26"

FF - prefs.js..network.proxy.backup.gopher_port: 80

FF - prefs.js..network.proxy.backup.socks: "63.238.216.26"

FF - prefs.js..network.proxy.backup.socks_port: 80

FF - prefs.js..network.proxy.backup.ssl: "63.238.216.26"

FF - prefs.js..network.proxy.backup.ssl_port: 80

FF - prefs.js..network.proxy.ftp: "152.3.138.4"

FF - prefs.js..network.proxy.ftp_port: 3127

FF - prefs.js..network.proxy.gopher: "152.3.138.4"

FF - prefs.js..network.proxy.gopher_port: 3127

FF - prefs.js..network.proxy.http_port: 3127

FF - prefs.js..network.proxy.share_proxy_settings: true

FF - prefs.js..network.proxy.socks: "152.3.138.4"

FF - prefs.js..network.proxy.socks_port: 3127

FF - prefs.js..network.proxy.ssl: "152.3.138.4"

FF - prefs.js..network.proxy.ssl_port: 3127

FF - prefs.js..network.proxy.type: 0

FF - user.js - File not found

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32_11_3_300_270.dll ()

FF - HKLM\Software\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0: C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)

FF - HKLM\Software\MozillaPlugins\@foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/pdf: C:\Program Files\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll (Foxit Corporation)

FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)

FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.5.0: C:\Windows\system32\npDeployJava1.dll (Oracle Corporation)

FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.5.0: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)

FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation)

FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.115\npGoogleUpdate3.dll (Google Inc.)

FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.115\npGoogleUpdate3.dll (Google Inc.)

FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.0.1: C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)

FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 14.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012/07/28 19:11:27 | 000,000,000 | ---D | M]

FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 14.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2012/08/05 20:50:27 | 000,000,000 | ---D | M]

FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 14.0\extensions\\Components: C:\Program Files\Mozilla Thunderbird\components [2012/06/19 21:49:46 | 000,000,000 | ---D | M]

FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 14.0\extensions\\Plugins: C:\Program Files\Mozilla Thunderbird\plugins [2011/10/17 21:22:35 | 000,000,000 | ---D | M]

FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 14.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012/07/28 19:11:27 | 000,000,000 | ---D | M]

FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 14.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2012/08/05 20:50:27 | 000,000,000 | ---D | M]

[2010/05/15 19:04:29 | 000,000,000 | ---D | M] (No name found) -- C:\Users\marc\AppData\Roaming\mozilla\Extensions

[2010/05/15 19:04:29 | 000,000,000 | ---D | M] (No name found) -- C:\Users\marc\AppData\Roaming\mozilla\Extensions\{3550f703-e582-4d05-9a08-453d09bdfdc6}

[2012/07/25 19:04:21 | 000,000,000 | ---D | M] (No name found) -- C:\Users\marc\AppData\Roaming\mozilla\Firefox\Profiles\rxbtyxna.default\extensions

[2011/02/04 18:26:01 | 000,000,000 | ---D | M] (PDF Download) -- C:\Users\marc\AppData\Roaming\mozilla\Firefox\Profiles\rxbtyxna.default\extensions\{37E4D8EA-8BDA-4831-8EA1-89053939A250}

[2010/08/30 09:34:23 | 000,000,000 | ---D | M] (Password Exporter) -- C:\Users\marc\AppData\Roaming\mozilla\Firefox\Profiles\rxbtyxna.default\extensions\{B17C1C5A-04B1-11DB-9804-B622A1EF5492}

[2012/03/29 20:36:07 | 000,000,000 | ---D | M] (DownloadHelper) -- C:\Users\marc\AppData\Roaming\mozilla\Firefox\Profiles\rxbtyxna.default\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}

[2010/05/15 19:04:07 | 000,000,000 | ---D | M] (Adblock Plus) -- C:\Users\marc\AppData\Roaming\mozilla\Firefox\Profiles\rxbtyxna.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}(2)

[2011/03/11 20:29:50 | 000,000,000 | ---D | M] (Menu Editor) -- C:\Users\marc\AppData\Roaming\mozilla\Firefox\Profiles\rxbtyxna.default\extensions\{EDA7B1D7-F793-4e03-B074-E6F303317FB0}

[2012/06/16 07:56:02 | 000,000,000 | ---D | M] (DoNotTrackPlus) -- C:\Users\marc\AppData\Roaming\mozilla\Firefox\Profiles\rxbtyxna.default\extensions\donottrackplus@abine.com

[2012/05/20 08:22:18 | 000,000,000 | ---D | M] (United States English Spellchecker) -- C:\Users\marc\AppData\Roaming\mozilla\Firefox\Profiles\rxbtyxna.default\extensions\en-US@dictionaries.addons.mozilla.org

[2012/07/13 19:08:37 | 000,000,000 | ---D | M] (Diccionario de Español/España) -- C:\Users\marc\AppData\Roaming\mozilla\Firefox\Profiles\rxbtyxna.default\extensions\es-es@dictionaries.addons.mozilla.org

[2011/10/08 08:42:08 | 000,000,000 | ---D | M] (Dictionnaire français «Moderne») -- C:\Users\marc\AppData\Roaming\mozilla\Firefox\Profiles\rxbtyxna.default\extensions\fr-moderne@dictionaries.addons.mozilla.org

[2011/03/21 19:09:19 | 000,000,000 | ---D | M] (Personas) -- C:\Users\marc\AppData\Roaming\mozilla\Firefox\Profiles\rxbtyxna.default\extensions\personas@christopher.beard

[2010/01/16 15:57:04 | 000,002,172 | ---- | M] () -- C:\Users\marc\AppData\Roaming\Mozilla\Firefox\Profiles\rxbtyxna.default\searchplugins\bing.xml

[2012/08/05 21:32:35 | 000,001,613 | ---- | M] () -- C:\Users\marc\AppData\Roaming\Mozilla\Firefox\Profiles\rxbtyxna.default\searchplugins\ixquick---francais.xml

[2012/01/11 19:49:40 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions

[2012/05/03 19:37:28 | 000,709,293 | ---- | M] () (No name found) -- C:\USERS\MARC\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\RXBTYXNA.DEFAULT\EXTENSIONS\{DDC359D1-844A-42A7-9AA1-88A850A938A8}.XPI

[2011/11/19 21:44:09 | 000,018,894 | ---- | M] () (No name found) -- C:\USERS\MARC\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\RXBTYXNA.DEFAULT\EXTENSIONS\HISTORYBLOCK@KAIN.XPI

[2012/07/28 19:11:27 | 000,136,672 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll

[2011/04/15 20:40:49 | 000,075,208 | ---- | M] (Foxit Software Company) -- C:\Program Files\mozilla firefox\plugins\npFoxitReaderPlugin.dll

[2012/03/14 19:16:48 | 000,001,516 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazon-france.xml

[2012/03/14 19:16:48 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml

[2012/03/14 19:16:48 | 000,001,822 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\cnrtl-tlfi-fr.xml

[2012/03/14 19:16:48 | 000,001,154 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay-france.xml

[2012/03/14 19:16:48 | 000,001,426 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia-fr.xml

[2012/03/14 19:16:48 | 000,000,956 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo-france.xml

O1 HOSTS File: ([2012/07/30 20:36:34 | 000,000,027 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts

O1 - Hosts: 127.0.0.1 localhost

O2 - BHO: (Java Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)

O2 - BHO: (Java Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)

O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 255

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0

O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present

O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0

O9 - Extra Button: @C:\Windows\WindowsMobile\INetRepl.dll,-222 - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll (Microsoft Corporation)

O9 - Extra 'Tools' menuitem : @C:\Windows\WindowsMobile\INetRepl.dll,-223 - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll (Microsoft Corporation)

O15 - HKCU\..Trusted Ranges: Range1 ([http] in Sites de confiance)

O16 - DPF: {369383F8-C8B7-42E1-819E-D47E3ABAD4BC} http://192.168.0.200:8080/cgi-bin/QNAPG726.cab (Reg Error: Key error.)

O16 - DPF: {4DA8C6E4-312A-4A8F-B02B-491B2BF09CF2} http://192.168.0.200:8080/cgi-bin/QNAPQ264.cab (Reg Error: Key error.)

O16 - DPF: {603E0052-7B06-496B-A04B-192419174876} http://192.168.0.200:8080/cgi-bin/QNAPQIVG.cab (Reg Error: Key error.)

O16 - DPF: {707ABFC2-1D27-4A10-A6E4-6BE6BDF9FB11} http://192.168.0.110/UltraMJCamX.cab (Reg Error: Key error.)

O16 - DPF: {937FE81C-FECF-4A55-9754-49D6D6550EDC} http://192.168.0.200:8080/cgi-bin/NNVRVMon.cab (NAS NVR(V) Monitor)

O16 - DPF: {A4150320-98EC-4DB6-9BFB-EBF4B6FBEB16} http://192.168.0.111/codebase/DVM_IPCam2.ocx (Reg Error: Key error.)

O16 - DPF: {B824D61F-DAF3-40BF-BA5E-430D250FF51C} http://192.168.0.200:8080/cgi-bin/QNAPQMP4.cab (Reg Error: Key error.)

O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/get/flashplayer/current/swflash.cab (Shockwave Flash Object)

O16 - DPF: {F5F2CE2F-C516-4428-8758-7178B1E1ABAB} http://192.168.0.200:8080/cgi-bin/QNAPQVivoTek.cab (VivoTek AVDecoder)

O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{AB26030B-D226-4422-934A-A1A7A6260A9E}: NameServer = 212.27.40.240,212.27.40.241

O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{D6E22CFB-0BD4-408E-9A60-7B0072403E7C}: DhcpNameServer = 212.27.40.240 212.27.40.241

O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)

O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)

O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation)

O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found

O32 - HKLM CDRom: AutoRun - 1

O32 - AutoRun File - [2009/06/10 23:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]

O34 - HKLM BootExecute: (autocheck autochk *)

O35 - HKLM\..comfile [open] -- "%1" %*

O35 - HKLM\..exefile [open] -- "%1" %*

O37 - HKLM\...com [@ = ComFile] -- "%1" %*

O37 - HKLM\...exe [@ = exefile] -- "%1" %*

O37 - HKCU\...com [@ = comfile] -- Reg Error: Key error. File not found

O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)

O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)

O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)

========== Files/Folders - Created Within 30 Days ==========

[2012/08/07 19:16:33 | 000,000,000 | -HSD | C] -- C:\Config.Msi

[2012/08/07 18:32:20 | 000,000,000 | ---D | C] -- C:\Windows\pss

[2012/08/07 18:22:12 | 000,000,000 | ---D | C] -- C:\_OTL

[2012/08/07 17:47:41 | 000,596,480 | ---- | C] (OldTimer Tools) -- C:\Users\marc\Desktop\OTL.exe

[2012/08/07 07:22:20 | 000,448,512 | ---- | C] (OldTimer Tools) -- C:\Users\marc\Desktop\TFC.exe

[2012/08/05 21:03:24 | 000,000,000 | ---D | C] -- C:\FRST

[2012/08/05 20:58:55 | 000,000,000 | ---D | C] -- C:\Users\marc\DoctorWeb

[2012/08/05 20:50:35 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Java

[2012/08/05 20:50:27 | 000,772,592 | ---- | C] (Oracle Corporation) -- C:\Windows\System32\npDeployJava1.dll

[2012/08/05 20:50:27 | 000,227,824 | ---- | C] (Oracle Corporation) -- C:\Windows\System32\javaws.exe

[2012/08/05 20:50:22 | 000,174,064 | ---- | C] (Oracle Corporation) -- C:\Windows\System32\javaw.exe

[2012/08/05 20:50:22 | 000,174,064 | ---- | C] (Oracle Corporation) -- C:\Windows\System32\java.exe

[2012/08/05 20:50:08 | 000,000,000 | ---D | C] -- C:\Program Files\Java

[2012/08/05 16:21:48 | 000,000,000 | ---D | C] -- C:\Program Files\ERUNT

[2012/08/05 10:05:18 | 000,000,000 | ---D | C] -- C:\Program Files\HD Tune

[2012/08/04 13:46:18 | 000,000,000 | ---D | C] -- C:\Users\marc\AppData\Local\SKIDROW

[2012/08/04 13:46:18 | 000,000,000 | ---D | C] -- C:\Users\marc\Documents\Duke Nukem Forever

[2012/08/04 13:45:02 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\2K Games

[2012/08/04 12:12:03 | 000,000,000 | ---D | C] -- C:\Users\marc\Desktop\malware

[2012/08/02 21:04:57 | 000,000,000 | ---D | C] -- C:\ProgramData\Kaspersky Lab

[2012/08/02 21:04:57 | 000,000,000 | ---D | C] -- C:\Program Files\Kaspersky Lab

[2012/08/02 20:41:13 | 000,000,000 | ---D | C] -- C:\Qoobox

[2012/07/30 21:33:30 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner

[2012/07/30 21:33:29 | 000,000,000 | ---D | C] -- C:\Program Files\CCleaner

[2012/07/30 20:36:36 | 000,000,000 | ---D | C] -- C:\$RECYCLE.BIN

[2012/07/30 20:31:50 | 000,000,000 | ---D | C] -- C:\Users\marc\AppData\Local\temp

[2012/07/30 19:43:55 | 000,000,000 | ---D | C] -- C:\Program Files\Unlocker

[2012/07/30 19:18:18 | 000,518,144 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe

[2012/07/30 19:18:18 | 000,406,528 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe

[2012/07/30 19:18:18 | 000,060,416 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe

[2012/07/30 19:16:37 | 000,000,000 | ---D | C] -- C:\Windows\erdnt

[2012/07/13 10:18:36 | 002,382,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mshtml.tlb

[2012/07/13 10:18:35 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieui.dll

[2012/07/13 10:18:35 | 000,142,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieUnatt.exe

[2012/07/13 10:18:35 | 000,065,024 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jsproxy.dll

[2012/07/13 10:18:34 | 001,800,192 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jscript9.dll

[2012/07/13 10:18:34 | 000,231,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\url.dll

[2012/07/13 10:18:33 | 001,427,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\inetcpl.cpl

[2012/07/13 10:16:58 | 002,345,984 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\win32k.sys

[2012/07/13 10:16:16 | 000,219,136 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ncrypt.dll

[2012/07/13 10:16:14 | 000,805,376 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\cdosys.dll

[2012/07/13 10:16:10 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msxml3r.dll

========== Files - Modified Within 30 Days ==========

[2012/08/07 19:29:02 | 000,030,784 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0

[2012/08/07 19:29:02 | 000,030,784 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0

[2012/08/07 19:26:45 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat

[2012/08/07 19:26:40 | 2414,772,224 | -HS- | M] () -- C:\hiberfil.sys

[2012/08/07 19:21:57 | 000,704,276 | ---- | M] () -- C:\Windows\System32\perfh00C.dat

[2012/08/07 19:21:57 | 000,615,844 | ---- | M] () -- C:\Windows\System32\perfh009.dat

[2012/08/07 19:21:57 | 000,130,582 | ---- | M] () -- C:\Windows\System32\perfc00C.dat

[2012/08/07 19:21:57 | 000,106,224 | ---- | M] () -- C:\Windows\System32\perfc009.dat

[2012/08/07 19:14:00 | 000,001,052 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job

[2012/08/07 19:14:00 | 000,001,048 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job

[2012/08/07 17:49:00 | 000,001,002 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job

[2012/08/07 17:47:43 | 000,596,480 | ---- | M] (OldTimer Tools) -- C:\Users\marc\Desktop\OTL.exe

[2012/08/07 07:22:23 | 000,448,512 | ---- | M] (OldTimer Tools) -- C:\Users\marc\Desktop\TFC.exe

[2012/08/06 20:03:08 | 000,313,992 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT

[2012/08/05 20:50:10 | 000,227,824 | ---- | M] (Oracle Corporation) -- C:\Windows\System32\javaws.exe

[2012/08/05 20:50:10 | 000,174,064 | ---- | M] (Oracle Corporation) -- C:\Windows\System32\javaw.exe

[2012/08/05 20:50:09 | 000,772,592 | ---- | M] (Oracle Corporation) -- C:\Windows\System32\npDeployJava1.dll

[2012/08/05 20:50:09 | 000,687,600 | ---- | M] (Oracle Corporation) -- C:\Windows\System32\deployJava1.dll

[2012/08/05 20:50:09 | 000,174,064 | ---- | M] (Oracle Corporation) -- C:\Windows\System32\java.exe

[2012/08/04 13:45:02 | 000,001,793 | ---- | M] () -- C:\Users\Public\Desktop\Duke Nukem Forever.lnk

[2012/08/04 12:19:42 | 000,017,488 | ---- | M] (Windows ® 2000 DDK provider) -- C:\Windows\gdrv.sys

[2012/08/04 11:49:32 | 000,426,184 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerApp.exe

[2012/08/04 11:49:32 | 000,070,344 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerCPLApp.cpl

[2012/08/04 08:31:02 | 000,000,600 | ---- | M] () -- C:\Users\marc\AppData\Local\PUTTY.RND

[2012/07/31 21:08:01 | 000,002,054 | -H-- | M] () -- C:\Users\marc\Documents\Default.rdp

[2012/07/30 21:37:54 | 000,206,376 | RHS- | M] () -- C:\grldr

[2012/07/30 21:35:16 | 000,202,356 | ---- | M] () -- C:\Users\marc\Documents\cc_20120730_213508.reg

[2012/07/30 20:36:34 | 000,000,027 | ---- | M] () -- C:\Windows\System32\drivers\etc\hosts

[2012/07/28 19:11:28 | 000,001,990 | ---- | M] () -- C:\Users\marc\Application Data\Microsoft\Internet Explorer\Quick Launch\Mozilla Firefox.lnk

========== Files Created - No Company Name ==========

[2012/08/04 13:45:02 | 000,001,793 | ---- | C] () -- C:\Users\Public\Desktop\Duke Nukem Forever.lnk

[2012/07/30 21:37:54 | 000,206,376 | RHS- | C] () -- C:\grldr

[2012/07/30 21:35:11 | 000,202,356 | ---- | C] () -- C:\Users\marc\Documents\cc_20120730_213508.reg

[2012/07/30 19:36:02 | 000,001,002 | ---- | C] () -- C:\Windows\tasks\Adobe Flash Player Updater.job

[2012/07/30 19:18:18 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe

[2012/07/30 19:18:18 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe

[2012/07/30 19:18:18 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe

[2012/07/30 19:18:18 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe

[2012/07/30 19:18:18 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe

[2012/06/07 18:33:40 | 000,798,720 | ---- | C] () -- C:\Windows\System32\FCPlayer.dll

[2012/06/07 18:33:40 | 000,147,456 | ---- | C] () -- C:\Windows\System32\FCNetLib.dll

[2012/06/07 18:33:40 | 000,053,248 | ---- | C] () -- C:\Windows\System32\FCSDK.dll

[2012/06/04 18:47:32 | 000,303,104 | ---- | C] () -- C:\Windows\System32\FCPlayer.exe

[2012/04/09 10:19:46 | 000,003,950 | ---- | C] () -- C:\Users\marc\.recently-used.xbel

[2011/12/23 19:32:58 | 000,107,520 | RHS- | C] () -- C:\Windows\System32\TAKDSDecoder.dll

[2011/09/28 18:44:14 | 000,179,271 | ---- | C] () -- C:\Windows\System32\xlive.dll.cat

[2011/05/17 19:56:45 | 000,008,192 | ---- | C] () -- C:\Windows\System32\srvany.exe

[2011/04/04 18:53:05 | 000,066,048 | ---- | C] () -- C:\Windows\System32\PrintBrmUi.exe

[2011/03/31 19:50:05 | 000,040,480 | ---- | C] () -- C:\Windows\System32\drivers\mgnt.sys

[2011/03/31 19:41:02 | 000,009,136 | ---- | C] () -- C:\Windows\System32\INETWH16.DLL

[2010/09/19 17:39:59 | 000,032,256 | ---- | C] () -- C:\Windows\System32\AVSredirect.dll

[2010/08/16 21:31:16 | 000,000,209 | ---- | C] () -- C:\Windows\ODBCINST.INI

[2010/08/16 21:31:16 | 000,000,135 | ---- | C] () -- C:\Windows\ODBC.INI

[2010/08/16 21:31:09 | 000,142,337 | ---- | C] () -- C:\Windows\System32\Wait.exe

[2010/08/16 21:26:02 | 000,008,236 | ---- | C] () -- C:\Windows\HCWPNP.INI

[2010/07/23 11:31:34 | 000,000,600 | ---- | C] () -- C:\Users\marc\AppData\Local\PUTTY.RND

[2010/07/19 20:55:24 | 000,000,017 | ---- | C] () -- C:\Users\marc\AppData\Local\resmon.resmoncfg

[2010/06/12 09:53:03 | 000,001,521 | ---- | C] () -- C:\Users\marc\scanxlelm.cfg

[2010/06/12 09:45:58 | 000,001,345 | ---- | C] () -- C:\Users\marc\scanxlelmscan.cfg

[2010/06/12 09:43:47 | 000,003,072 | ---- | C] () -- C:\ProgramData\ppe_fleetdb.vdb

[2010/05/22 11:56:10 | 000,000,600 | ---- | C] () -- C:\Users\marc\PUTTY.RND

[2010/05/22 11:44:36 | 000,000,600 | ---- | C] () -- C:\Users\marc\AppData\Roaming\winscp.rnd

< End of report >