Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Infected with hello4 and krakow greenfield


  • This topic is locked This topic is locked
31 replies to this topic

#1 AxelFTW

AxelFTW

  • Members
  • 16 posts
  • OFFLINE
  •  
  • Local time:09:42 PM

Posted 13 September 2011 - 02:49 PM

Hi everyone!

I would like your help with a virus I got recently. It began thursday the 8th and from this point on, my laptop was completely useless. I will be honest with you. I already used a lot of antivirus and software to try and delete the viruses and/or malware that I have. Unfortunately, nothing worked. I used Combofix, malware bytes, avast, ccleaner, superantispyware and usbvirusscan. I really suspect my usb to be the root of the problem because somme strange files were created on it named "après.exe" and is almost in all of my folders. Plus, the icon of the executable "après.exe" is a folder.

Anyway, here are the specs of my laptop and you can be sure that I will follow any advice you will send to me. I will also be available monday to friday between 8 AM and 4 PM.

Computer : Toshiba Satellite Pro L550 -001
OS : Windows 7 Pro 32 bits

Thanks for all the help you can give me!

BC AdBot (Login to Remove)

 


#2 Orange Blossom

Orange Blossom

    OBleepin Investigator


  • Moderator
  • 36,993 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Location:Bloomington, IN
  • Local time:10:42 PM

Posted 14 September 2011 - 03:15 AM

Hello,

Please follow the instructions in ==>This Guide<== starting at step 6. If you cannot complete a step, skip it and continue.

Once the proper logs are created, then post them in a reply to this topic by using the Add Reply button.

If you can produce at least some of the logs, then please create the post and explain what happens when you try to create the log(s) that you couldn't get. If you cannot produce any of the logs, then still post the reply and explain that you followed the Prep. Guide, were unable to create the logs, and describe what happens when you try to create the logs.

Please note that I am not a member of the Malware Removal Team and will not be assisting you in removing the infection. I'm simply helping you to post the information they need in order to assist you.

If HelpBot replies to your topic, PLEASE follow Step One so it will report your topic to the team members.

Orange Blossom :cherry:
Help us help you. If HelpBot replies, you MUST follow step 1 in its reply so we know you need help.

Orange Blossom

An ounce of prevention is worth a pound of cure

SpywareBlaster, WinPatrol Plus, ESET Smart Security, Malwarebytes' Anti-Malware, NoScript Firefox ext., Norton noscript

#3 AxelFTW

AxelFTW
  • Topic Starter

  • Members
  • 16 posts
  • OFFLINE
  •  
  • Local time:09:42 PM

Posted 14 September 2011 - 07:47 AM

Thanks OrangeBlossom, Here's my logs and what happens during those

I would like to explain in details the problems that I have . First of all, I can't connect to the internet and I had difficulties opening any .exe. I had a popup saying ORDINAL 383 could not be located in the dynamic link library iertutil.dll.

After during a startup check with avast, I could open my software but not my internet. I use Internet Explorer 9. No message appears.
When I want to shut down the laptop, I will wait forever before it closes. I have to do it manually. I waited 30 minutes one time and it didn't close.
Lastly, the computer froze from time to time, during a couple of seconds to a whole minute.

First of all, here is the log for the dds.txt log.
.
DDS (Ver_2011-08-26.01) - NTFSx86
Internet Explorer: 8.0.7600.16385
Run by Thuillier_D at 7:53:21 on 2011-09-14
Microsoft Windows 7 Professionnel 6.1.7600.0.1252.2.1036.18.3037.2154 [GMT -4:00]
.
AV: avast! Antivirus *Enabled/Updated* {2B2D1395-420B-D5C9-657E-930FE358FC3C}
SP: avast! Antivirus *Enabled/Updated* {904CF271-6431-DA47-5FCE-A87D98DFB681}
SP: Windows Defender *Enabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
============== Running Processes ===============
.
C:\windows\system32\wininit.exe
C:\windows\system32\lsm.exe
C:\windows\system32\svchost.exe -k DcomLaunch
C:\windows\system32\svchost.exe -k RPCSS
C:\windows\system32\atiesrxx.exe
C:\windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\windows\system32\svchost.exe -k netsvcs
C:\windows\system32\svchost.exe -k LocalService
C:\windows\system32\atieclxx.exe
C:\windows\system32\svchost.exe -k NetworkService
C:\Program Files\AVAST Software\Avast\AvastSvc.exe
C:\windows\System32\spoolsv.exe
C:\windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files\McAfee\VirusScan Enterprise\EngineServer.exe
C:\Program Files\McAfee\Common Framework\FrameworkService.exe
C:\Program Files\McAfee\VirusScan Enterprise\VsTskMgr.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe
C:\windows\system32\mfevtps.exe
C:\Program Files\McAfee\Common Framework\naPrdMgr.exe
C:\windows\system32\svchost.exe -k imgsvc
C:\windows\system32\TODDSrv.exe
C:\Program Files\TOSHIBA\Power Saver\TosCoSrv.exe
C:\Program Files\TOSHIBA\TECO\TecoService.exe
C:\Program Files\McAfee\VirusScan Enterprise\Mcshield.exe
C:\Program Files\McAfee\VirusScan Enterprise\mfeann.exe
C:\windows\system32\conhost.exe
C:\windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\windows\System32\svchost.exe -k secsvcs
C:\windows\system32\taskhost.exe
C:\windows\system32\Dwm.exe
C:\windows\Explorer.EXE
C:\Program Files\AVAST Software\Avast\AvastUI.exe
C:\Users\thuillier_d\AppData\Roaming\Dropbox\bin\Dropbox.exe
C:\windows\system32\SearchIndexer.exe
C:\windows\system32\taskeng.exe
C:\Program Files\TOSHIBA\ConfigFree\NDSTray.exe
C:\windows\system32\wbem\wmiprvse.exe
C:\Program Files\TOSHIBA\ConfigFree\CFSwMgr.exe
C:\Program Files\LSI SoftModem\agrsmsvc.exe
C:\Program Files\TOSHIBA\ConfigFree\CFIWmxSvcs.exe
C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
C:\Program Files\TOSHIBA\RSelect\RSelSvc.exe
C:\Windows\system32\WUDFHost.exe
C:\windows\system32\SearchProtocolHost.exe
C:\windows\system32\SearchFilterHost.exe
c:\program files\windows defender\MpCmdRun.exe
\\?\C:\windows\system32\wbem\WMIADAP.EXE
C:\windows\system32\wbem\wmiprvse.exe
C:\windows\system32\conhost.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.lefigaro.fr/
uWindow Title = Présenté par TOSHIBA Leading Innovation >>>
uDefault_Page_URL = hxxp://www.toshiba.ca/fr/bienvenue
mDefault_Page_URL = hxxp://www.google.com/ig/redirectdomain?brand=TSCA&bmod=TSCA
mStart Page = hxxp://www.google.com/ig/redirectdomain?brand=TSCA&bmod=TSCA
uInternet Settings,ProxyOverride = *.local
uURLSearchHooks: UrlSearchHook Class: {00000000-6e41-4fd3-8538-502f5495e5fc} - c:\program files\ask.com\GenericAskToolbar.dll
BHO: Skype add-on (mastermind): {22bf413b-c6d2-4d91-82a9-a0f997ba588c} - c:\program files\skype\toolbars\internet explorer\SkypeIEPlugin.dll
BHO: scriptproxy: {7db2d5a0-7241-4e79-b68d-6309f01c5231} - c:\program files\mcafee\virusscan enterprise\scriptsn.dll
BHO: avast! WebRep: {8e5e2654-ad2d-48bf-ac2d-d17f00898d06} - c:\program files\avast software\avast\aswWebRepIE.dll
BHO: Ask Toolbar: {d4027c7f-154a-4066-a1ad-4243d8127440} - c:\program files\ask.com\GenericAskToolbar.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
TB: Ask Toolbar: {d4027c7f-154a-4066-a1ad-4243d8127440} - c:\program files\ask.com\GenericAskToolbar.dll
TB: avast! WebRep: {8e5e2654-ad2d-48bf-ac2d-d17f00898d06} - c:\program files\avast software\avast\aswWebRepIE.dll
mRun: [<NO NAME>]
mRun: [avast] "c:\program files\avast software\avast\avastUI.exe" /nogui
StartupFolder: c:\users\thuill~1\appdata\roaming\micros~1\windows\startm~1\programs\startup\dropbox.lnk - c:\users\thuillier_d\appdata\roaming\dropbox\bin\Dropbox.exe
mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5)
mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: E&xporter vers Microsoft Excel - c:\progra~1\micros~2\office12\EXCEL.EXE/3000
IE: {5067A26B-1337-4436-8AFE-EE169C2DA79F} - {77BF5300-1474-4EC7-9980-D32B190E9B07} - c:\program files\skype\toolbars\internet explorer\SkypeIEPlugin.dll
IE: {77BF5300-1474-4EC7-9980-D32B190E9B07} - {77BF5300-1474-4EC7-9980-D32B190E9B07} - c:\program files\skype\toolbars\internet explorer\SkypeIEPlugin.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office12\REFIEBAR.DLL
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_14-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0014-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_14-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_14-windows-i586.cab
TCP: DhcpNameServer = 10.10.10.1
TCP: Interfaces\{DDADD0D0-F7E7-4225-AABF-5A9FD5254978} : DhcpNameServer = 10.10.10.1
TCP: Interfaces\{FC590930-D3F6-47EE-A2E1-C9F664C9546D} : DhcpNameServer = 172.16.48.2
TCP: Interfaces\{FC590930-D3F6-47EE-A2E1-C9F664C9546D}\3616374756C6262716E646F6 : DhcpNameServer = 192.168.0.1
TCP: Interfaces\{FC590930-D3F6-47EE-A2E1-C9F664C9546D}\46162736865627169647020727966756 : DhcpNameServer = 192.168.1.254
TCP: Interfaces\{FC590930-D3F6-47EE-A2E1-C9F664C9546D}\75946494D214942505F42545 : DhcpNameServer = 10.240.0.1
TCP: Interfaces\{FC590930-D3F6-47EE-A2E1-C9F664C9546D}\C454F5745425D41494E4 : DhcpNameServer = 10.30.0.1
TCP: Interfaces\{FC590930-D3F6-47EE-A2E1-C9F664C9546D}\C496675626F687D293340393 : DhcpNameServer = 192.168.1.1 192.168.1.1
TCP: Interfaces\{FC590930-D3F6-47EE-A2E1-C9F664C9546D}\C696E6B6379737 : DhcpNameServer = 192.168.2.1
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~1\common~1\skype\SKYPE4~1.DLL
Notify: LBTWlgn - c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll
.
============= SERVICES / DRIVERS ===============
.
P2 McShield;McAfee McShield;c:\program files\mcafee\virusscan enterprise\Mcshield.exe [2009-4-29 144888]
R0 mfehidk;McAfee Inc. mfehidk;c:\windows\system32\drivers\mfehidk.sys [2010-1-28 342128]
R1 aswSnx;aswSnx;c:\windows\system32\drivers\aswSnx.sys [2011-9-13 442200]
R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [2011-9-13 320856]
R1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\drivers\vwififlt.sys [2009-7-13 48128]
R2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [2010-1-28 176128]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [2011-9-13 20568]
R2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [2011-9-13 54616]
R2 avast! Antivirus;avast! Antivirus;c:\program files\avast software\avast\AvastSvc.exe [2011-9-13 44768]
R2 cfWiMAXService;ConfigFree WiMAX Service;c:\program files\toshiba\configfree\CFIWmxSvcs.exe [2009-7-17 181616]
R2 ConfigFree Service;ConfigFree Service;c:\program files\toshiba\configfree\CFSvcs.exe [2009-3-10 46448]
R2 McAfeeEngineService;McAfee Engine Service;c:\program files\mcafee\virusscan enterprise\EngineServer.exe [2009-4-29 21256]
R2 McAfeeFramework;Service McAfee Framework;c:\program files\mcafee\common framework\FrameworkService.exe [2009-1-16 103744]
R2 McTaskManager;McAfee Task Manager;c:\program files\mcafee\virusscan enterprise\VsTskMgr.exe [2009-4-29 62800]
R2 mfevtp;McAfee Validation Trust Protection Service;c:\windows\system32\mfevtps.exe [2010-1-28 70216]
R2 RSELSVC;TOSHIBA Modem region select service;c:\program files\toshiba\rselect\RSelSvc.exe [2009-7-7 62832]
R2 TOSHIBA eco Utility Service;TOSHIBA eco Utility Service;c:\program files\toshiba\teco\TecoService.exe [2009-8-11 185712]
R2 TVALZFL;TOSHIBA ACPI-Based Value Added Logical and General Purpose Device Filter Driver;c:\windows\system32\drivers\TVALZFL.sys [2009-6-19 12920]
R3 LEqdUsb;Logitech SetPoint Unifying KMDF USB Filter;c:\windows\system32\drivers\LEqdUsb.sys [2009-6-17 40720]
R3 LHidEqd;Logitech SetPoint Unifying KMDF HID Filter;c:\windows\system32\drivers\LHidEqd.sys [2009-6-17 10384]
R3 mfeavfk;McAfee Inc. mfeavfk;c:\windows\system32\drivers\mfeavfk.sys [2010-1-28 91640]
R3 mfebopk;McAfee Inc. mfebopk;c:\windows\system32\drivers\mfebopk.sys [2010-1-28 43288]
R3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\drivers\Rt86win7.sys [2010-1-28 167936]
R3 rtl8192se;Realtek Wireless LAN 802.11n PCI-E NIC NT Driver;c:\windows\system32\drivers\rtl8192se.sys [2010-1-28 859136]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;c:\windows\system32\drivers\b57nd60x.sys [2009-7-13 229888]
S3 mferkdet;McAfee Inc. mferkdet;c:\windows\system32\drivers\mferkdet.sys [2010-1-28 65224]
S3 PGEffect;Pangu effect driver;c:\windows\system32\drivers\PGEffect.sys [2010-1-28 24064]
S3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;c:\windows\system32\drivers\RtsUStor.sys [2010-1-28 171520]
S3 StorSvc;Service de stockage;c:\windows\system32\svchost.exe -k LocalSystemNetworkRestricted [2009-7-13 20992]
S3 TMachInfo;TMachInfo;c:\program files\toshiba\toshiba service station\TMachInfo.exe [2010-1-28 51512]
S3 TOSHIBA HDD SSD Alert Service;TOSHIBA HDD SSD Alert Service;c:\program files\toshiba\toshiba hdd ssd alert\TosSmartSrv.exe [2009-8-3 111960]
S3 TPCHSrv;TPCH Service;c:\program files\toshiba\tphm\TPCHSrv.exe [2009-8-6 685424]
S3 WatAdminSvc;Service Windows Activation Technologies;c:\windows\system32\wat\WatAdminSvc.exe [2010-4-12 1343400]
.
=============== Created Last 30 ================
.
2011-09-13 18:56:09 -------- d-----w- c:\windows\pss
2011-09-13 18:19:42 442200 ----a-w- c:\windows\system32\drivers\aswSnx.sys
2011-09-13 18:19:40 54616 ----a-w- c:\windows\system32\drivers\aswMonFlt.sys
2011-09-13 18:19:31 41184 ----a-w- c:\windows\avastSS.scr
2011-09-13 17:40:03 -------- d-----w- c:\program files\USBScan
2011-09-13 15:09:33 7152464 ----a-w- c:\programdata\microsoft\windows defender\definition updates\{54afa9c7-fcb1-4b87-afc9-831c8d330bfb}\mpengine.dll
2011-09-12 20:02:56 -------- d-----w- c:\programdata\AVAST Software
2011-09-12 20:02:56 -------- d-----w- c:\program files\AVAST Software
2011-09-12 16:11:37 -------- d-----w- c:\programdata\SUPERAntiSpyware.com
2011-09-12 14:09:39 -------- d-----w- c:\users\thuillier_d\appdata\roaming\Malwarebytes
2011-09-12 14:09:32 -------- d-----w- c:\programdata\Malwarebytes
2011-09-10 16:24:41 1126912 ------w- c:\windows\system32\wininet.dll
2011-09-10 15:18:43 -------- d-----w- C:\found.000
2011-09-09 18:12:13 -------- d-----w- c:\programdata\c5d747
2011-09-08 21:40:40 -------- d-----w- c:\users\thuillier_d\appdata\local\Google
2011-09-06 00:19:16 0 ----a-w- c:\programdata\rgeg.exe
2011-08-24 14:20:32 2048 ----a-w- c:\windows\system32\tzres.dll
.
==================== Find3M ====================
.
2011-08-05 00:48:09 404640 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2011-07-22 04:56:17 1638912 ----a-w- c:\windows\system32\mshtml.tlb
2011-07-16 04:37:32 169984 ----a-w- c:\windows\system32\winsrv.dll
2011-07-16 04:34:28 290816 ----a-w- c:\windows\system32\KernelBase.dll
2011-07-16 04:31:12 271360 ----a-w- c:\windows\system32\conhost.exe
2011-07-16 02:21:47 6144 ---ha-w- c:\windows\system32\api-ms-win-security-base-l1-1-0.dll
2011-07-16 02:21:47 4608 ---ha-w- c:\windows\system32\api-ms-win-core-threadpool-l1-1-0.dll
2011-07-16 02:21:47 3584 ---ha-w- c:\windows\system32\api-ms-win-core-xstate-l1-1-0.dll
2011-07-16 02:21:47 3072 ---ha-w- c:\windows\system32\api-ms-win-core-util-l1-1-0.dll
2011-07-09 02:26:10 222720 ----a-w- c:\windows\system32\drivers\mrxsmb10.sys
2011-06-23 04:38:05 3957120 ----a-w- c:\windows\system32\ntkrnlpa.exe
2011-06-23 04:38:04 3902336 ----a-w- c:\windows\system32\ntoskrnl.exe
2011-06-21 05:39:53 1286016 ----a-w- c:\windows\system32\drivers\tcpip.sys
2011-06-21 05:36:36 981504 ----a-w- c:\windows\system32\wininet(134).dll
2011-06-21 05:36:33 1230336 ----a-w- c:\windows\system32\urlmon(132).dll
2011-06-21 05:35:05 44544 ----a-w- c:\windows\system32\licmgr10.dll
2011-06-21 05:34:49 2072576 ----a-w- c:\windows\system32\iertutil(127).dll
2011-06-21 04:26:02 386048 ----a-w- c:\windows\system32\html.iec
.
============= FINISH: 7:55:47,67 ===============

---- When I tried to SAVE AS the dds.txt file, a pop up appeared saying this :
Header : Notepad.exe
ORDINAL 383 could not be located in the dynamic link library iertutil.dll.

---- When I tried to SAVE AS the attach.txt file, a pop up appeared saying this :
Header : Notepad.exe
ORDINAL 383 could not be located in the dynamic link library iertutil.dll.

---- When GMER finished, I had this message : gmer has found system modification caused by ROOTKIT activity.


I hope that my post is all fine. If I missed something, feel free to let me know and I'll make the modifications accordingly.

Thanks!

Attached Files



#4 HelpBot

HelpBot

    Bleepin' Binary Bot


  • Bots
  • 12,730 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:10:42 PM

Posted 19 September 2011 - 11:25 PM

Hello and welcome to Bleeping Computer!

I am HelpBot: an automated program designed to help the Bleeping Computer Staff better assist you! This message contains very important information, so please read through all of it before doing anything.

We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.

To help Bleeping Computer better assist you please perform the following steps:

***************************************************

Posted Image In order to continue receiving help at BleepingComputer.com, YOU MUST tell me if you still need help or if your issue has already been resolved on your own or through another resource! To tell me this, please click on the following link and follow the instructions there.

CLICK THIS LINK >>> http://www.bleepingcomputer.com/logreply/418828 <<< CLICK THIS LINK



If you no longer need help, then all you needed to do was the previous instructions of telling me so. You can skip the rest of this post. If you do need help please continue with Step 2 below.

***************************************************

Posted Image If you still need help, I would like you to post a Reply to this topic (click the "Add Reply" button in the lower right hand of this page). In that reply, please include the following information:

  • If you have not done so already, include a clear description of the problems you're having, along with any steps you may have performed so far.
  • A new DDS and GMER log. For your convenience, you will find the instructions for generating these logs repeated at the bottom of this post.
    • Please do this even if you have previously posted logs for us.
    • If you were unable to produce the logs originally please try once more.
    • If you are unable to create a log please provide detailed information about your installed Windows Operating System including the Version, Edition and if it is a 32bit or a 64bit system.
    • If you are unsure about any of these characteristics just post what you can and we will guide you.
  • Please tell us if you have your original Windows CD/DVD available.
  • Upon completing the above steps and posting a reply, another staff member will review your topic and do their best to resolve your issues.

Thank you for your patience, and again sorry for the delay.

***************************************************

We need to see some information about what is happening in your machine. Please perform the following scan again:

  • Download DDS by sUBs from one of the following links if you no longer have it available. Save it to your desktop.
  • Double click on the DDS icon, allow it to run.
  • A small box will open, with an explanation about the tool. No input is needed, the scan is running.
  • Notepad will open with the results.
  • Follow the instructions that pop up for posting the results.
  • Close the program window, and delete the program from your desktop.
Please note: You may have to disable any script protection running if the scan fails to run. After downloading the tool, disconnect from the internet and disable all antivirus protection. Run the scan, enable your A/V and reconnect to the internet.

Information on A/V control HERE


We also need a new log from the GMER anti-rootkit Scanner.

Please note that if you are running a 64-bit version of Windows you will not be able to run GMER and you may skip this step.

Please first disable any CD emulation programs using the steps found in this topic:

Why we request you disable CD Emulation when receiving Malware Removal Advice


Then create another GMER log and post it as an attachment to the reply where you post your new DDS log. Instructions on how to properly create a GMER log can be found here:

How to create a GMER log


As I am just a silly little program running on the BleepingComputer.com servers, please do not send me private messages as I do not know how to read and reply to them! Thanks!

#5 AxelFTW

AxelFTW
  • Topic Starter

  • Members
  • 16 posts
  • OFFLINE
  •  
  • Local time:09:42 PM

Posted 20 September 2011 - 11:37 AM

I would like to explain in details the problems that I have . First of all, I can't connect to the internet and I had difficulties opening any .exe. I had a popup saying ORDINAL 383 could not be located in the dynamic link library iertutil.dll.

After during a startup check with avast, I could open my software but not my internet. I use Internet Explorer 9. No message appears.
When I want to shut down the laptop, I will wait forever before it closes. I have to do it manually. I waited 30 minutes one time and it didn't close.
Lastly, the computer froze from time to time, during a couple of seconds to a whole minute.

I don't have my windows 7 Professionnal 32 bits CD
The laptop that I use is a Toshiba Satellite Pro Dual Core T9600, 2,80 Ghz, 4 Go RAM

Here is the dds.txt log :

.
DDS (Ver_2011-08-26.01) - NTFSx86
Internet Explorer: 8.0.7600.16385
Run by Thuillier_D at 11:17:25 on 2011-09-20
Microsoft Windows 7 Professionnel 6.1.7600.0.1252.2.1036.18.3037.1847 [GMT -4:00]
.
AV: avast! Antivirus *Enabled/Updated* {2B2D1395-420B-D5C9-657E-930FE358FC3C}
SP: avast! Antivirus *Enabled/Updated* {904CF271-6431-DA47-5FCE-A87D98DFB681}
SP: Windows Defender *Enabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
============== Running Processes ===============
.
C:\windows\system32\wininit.exe
C:\windows\system32\lsm.exe
C:\windows\system32\svchost.exe -k DcomLaunch
C:\windows\system32\svchost.exe -k RPCSS
C:\windows\system32\atiesrxx.exe
C:\windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\windows\system32\svchost.exe -k LocalService
C:\windows\system32\atieclxx.exe
C:\windows\system32\svchost.exe -k NetworkService
C:\Program Files\AVAST Software\Avast\AvastSvc.exe
C:\windows\System32\spoolsv.exe
C:\windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files\McAfee\VirusScan Enterprise\EngineServer.exe
C:\Program Files\McAfee\Common Framework\FrameworkService.exe
C:\Program Files\McAfee\VirusScan Enterprise\VsTskMgr.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe
C:\windows\system32\mfevtps.exe
C:\Program Files\McAfee\Common Framework\naPrdMgr.exe
C:\windows\system32\TODDSrv.exe
C:\Program Files\TOSHIBA\Power Saver\TosCoSrv.exe
C:\Program Files\TOSHIBA\TECO\TecoService.exe
C:\Program Files\McAfee\VirusScan Enterprise\Mcshield.exe
C:\Program Files\McAfee\VirusScan Enterprise\mfeann.exe
C:\windows\system32\conhost.exe
C:\windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\windows\System32\svchost.exe -k secsvcs
C:\windows\system32\taskhost.exe
C:\windows\system32\Dwm.exe
C:\windows\Explorer.EXE
C:\Program Files\AVAST Software\Avast\AvastUI.exe
C:\Users\thuillier_d\AppData\Roaming\Dropbox\bin\Dropbox.exe
C:\windows\system32\SearchIndexer.exe
C:\windows\system32\wbem\wmiprvse.exe
C:\Program Files\LSI SoftModem\agrsmsvc.exe
C:\Program Files\TOSHIBA\ConfigFree\CFIWmxSvcs.exe
C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
C:\Program Files\TOSHIBA\RSelect\RSelSvc.exe
C:\windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\WUDFHost.exe
C:\windows\system32\svchost.exe -k netsvcs
C:\windows\system32\SearchFilterHost.exe
C:\windows\system32\SearchProtocolHost.exe
C:\windows\system32\taskeng.exe
C:\Program Files\TOSHIBA\ConfigFree\NDSTray.exe
C:\windows\system32\wbem\wmiprvse.exe
C:\Program Files\TOSHIBA\ConfigFree\CFSwMgr.exe
C:\windows\system32\DllHost.exe
C:\windows\system32\DllHost.exe
C:\windows\system32\conhost.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.lefigaro.fr/
uWindow Title = Présenté par TOSHIBA Leading Innovation >>>
uDefault_Page_URL = hxxp://www.toshiba.ca/fr/bienvenue
mDefault_Page_URL = hxxp://www.google.com/ig/redirectdomain?brand=TSCA&bmod=TSCA
mStart Page = hxxp://www.google.com/ig/redirectdomain?brand=TSCA&bmod=TSCA
uInternet Settings,ProxyOverride = *.local
uURLSearchHooks: UrlSearchHook Class: {00000000-6e41-4fd3-8538-502f5495e5fc} - c:\program files\ask.com\GenericAskToolbar.dll
BHO: Skype add-on (mastermind): {22bf413b-c6d2-4d91-82a9-a0f997ba588c} - c:\program files\skype\toolbars\internet explorer\SkypeIEPlugin.dll
BHO: scriptproxy: {7db2d5a0-7241-4e79-b68d-6309f01c5231} - c:\program files\mcafee\virusscan enterprise\scriptsn.dll
BHO: avast! WebRep: {8e5e2654-ad2d-48bf-ac2d-d17f00898d06} - c:\program files\avast software\avast\aswWebRepIE.dll
BHO: Ask Toolbar: {d4027c7f-154a-4066-a1ad-4243d8127440} - c:\program files\ask.com\GenericAskToolbar.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
TB: Ask Toolbar: {d4027c7f-154a-4066-a1ad-4243d8127440} - c:\program files\ask.com\GenericAskToolbar.dll
TB: avast! WebRep: {8e5e2654-ad2d-48bf-ac2d-d17f00898d06} - c:\program files\avast software\avast\aswWebRepIE.dll
mRun: [<NO NAME>]
mRun: [avast] "c:\program files\avast software\avast\avastUI.exe" /nogui
StartupFolder: c:\users\thuill~1\appdata\roaming\micros~1\windows\startm~1\programs\startup\dropbox.lnk - c:\users\thuillier_d\appdata\roaming\dropbox\bin\Dropbox.exe
mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5)
mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: E&xporter vers Microsoft Excel - c:\progra~1\micros~2\office12\EXCEL.EXE/3000
IE: {5067A26B-1337-4436-8AFE-EE169C2DA79F} - {77BF5300-1474-4EC7-9980-D32B190E9B07} - c:\program files\skype\toolbars\internet explorer\SkypeIEPlugin.dll
IE: {77BF5300-1474-4EC7-9980-D32B190E9B07} - {77BF5300-1474-4EC7-9980-D32B190E9B07} - c:\program files\skype\toolbars\internet explorer\SkypeIEPlugin.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office12\REFIEBAR.DLL
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_14-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0014-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_14-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_14-windows-i586.cab
TCP: DhcpNameServer = 10.10.10.1
TCP: Interfaces\{DDADD0D0-F7E7-4225-AABF-5A9FD5254978} : DhcpNameServer = 10.10.10.1
TCP: Interfaces\{FC590930-D3F6-47EE-A2E1-C9F664C9546D} : DhcpNameServer = 172.16.48.2
TCP: Interfaces\{FC590930-D3F6-47EE-A2E1-C9F664C9546D}\3616374756C6262716E646F6 : DhcpNameServer = 192.168.0.1
TCP: Interfaces\{FC590930-D3F6-47EE-A2E1-C9F664C9546D}\46162736865627169647020727966756 : DhcpNameServer = 192.168.1.254
TCP: Interfaces\{FC590930-D3F6-47EE-A2E1-C9F664C9546D}\75946494D214942505F42545 : DhcpNameServer = 10.240.0.1
TCP: Interfaces\{FC590930-D3F6-47EE-A2E1-C9F664C9546D}\C454F5745425D41494E4 : DhcpNameServer = 10.30.0.1
TCP: Interfaces\{FC590930-D3F6-47EE-A2E1-C9F664C9546D}\C496675626F687D293340393 : DhcpNameServer = 192.168.1.1 192.168.1.1
TCP: Interfaces\{FC590930-D3F6-47EE-A2E1-C9F664C9546D}\C696E6B6379737 : DhcpNameServer = 192.168.2.1
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~1\common~1\skype\SKYPE4~1.DLL
Notify: LBTWlgn - c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll
.
============= SERVICES / DRIVERS ===============
.
P2 McShield;McAfee McShield;c:\program files\mcafee\virusscan enterprise\Mcshield.exe [2009-4-29 144888]
R0 mfehidk;McAfee Inc. mfehidk;c:\windows\system32\drivers\mfehidk.sys [2010-1-28 342128]
R1 aswSnx;aswSnx;c:\windows\system32\drivers\aswSnx.sys [2011-9-13 442200]
R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [2011-9-13 320856]
R1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\drivers\vwififlt.sys [2009-7-13 48128]
R2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [2010-1-28 176128]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [2011-9-13 20568]
R2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [2011-9-13 54616]
R2 avast! Antivirus;avast! Antivirus;c:\program files\avast software\avast\AvastSvc.exe [2011-9-13 44768]
R2 cfWiMAXService;ConfigFree WiMAX Service;c:\program files\toshiba\configfree\CFIWmxSvcs.exe [2009-7-17 181616]
R2 ConfigFree Service;ConfigFree Service;c:\program files\toshiba\configfree\CFSvcs.exe [2009-3-10 46448]
R2 McAfeeEngineService;McAfee Engine Service;c:\program files\mcafee\virusscan enterprise\EngineServer.exe [2009-4-29 21256]
R2 McAfeeFramework;Service McAfee Framework;c:\program files\mcafee\common framework\FrameworkService.exe [2009-1-16 103744]
R2 McTaskManager;McAfee Task Manager;c:\program files\mcafee\virusscan enterprise\VsTskMgr.exe [2009-4-29 62800]
R2 mfevtp;McAfee Validation Trust Protection Service;c:\windows\system32\mfevtps.exe [2010-1-28 70216]
R2 RSELSVC;TOSHIBA Modem region select service;c:\program files\toshiba\rselect\RSelSvc.exe [2009-7-7 62832]
R2 TOSHIBA eco Utility Service;TOSHIBA eco Utility Service;c:\program files\toshiba\teco\TecoService.exe [2009-8-11 185712]
R2 TVALZFL;TOSHIBA ACPI-Based Value Added Logical and General Purpose Device Filter Driver;c:\windows\system32\drivers\TVALZFL.sys [2009-6-19 12920]
R3 LEqdUsb;Logitech SetPoint Unifying KMDF USB Filter;c:\windows\system32\drivers\LEqdUsb.sys [2009-6-17 40720]
R3 LHidEqd;Logitech SetPoint Unifying KMDF HID Filter;c:\windows\system32\drivers\LHidEqd.sys [2009-6-17 10384]
R3 mfeavfk;McAfee Inc. mfeavfk;c:\windows\system32\drivers\mfeavfk.sys [2010-1-28 91640]
R3 mfebopk;McAfee Inc. mfebopk;c:\windows\system32\drivers\mfebopk.sys [2010-1-28 43288]
R3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\drivers\Rt86win7.sys [2010-1-28 167936]
R3 rtl8192se;Realtek Wireless LAN 802.11n PCI-E NIC NT Driver;c:\windows\system32\drivers\rtl8192se.sys [2010-1-28 859136]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;c:\windows\system32\drivers\b57nd60x.sys [2009-7-13 229888]
S3 mferkdet;McAfee Inc. mferkdet;c:\windows\system32\drivers\mferkdet.sys [2010-1-28 65224]
S3 PGEffect;Pangu effect driver;c:\windows\system32\drivers\PGEffect.sys [2010-1-28 24064]
S3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;c:\windows\system32\drivers\RtsUStor.sys [2010-1-28 171520]
S3 StorSvc;Service de stockage;c:\windows\system32\svchost.exe -k LocalSystemNetworkRestricted [2009-7-13 20992]
S3 TMachInfo;TMachInfo;c:\program files\toshiba\toshiba service station\TMachInfo.exe [2010-1-28 51512]
S3 TOSHIBA HDD SSD Alert Service;TOSHIBA HDD SSD Alert Service;c:\program files\toshiba\toshiba hdd ssd alert\TosSmartSrv.exe [2009-8-3 111960]
S3 TPCHSrv;TPCH Service;c:\program files\toshiba\tphm\TPCHSrv.exe [2009-8-6 685424]
S3 WatAdminSvc;Service Windows Activation Technologies;c:\windows\system32\wat\WatAdminSvc.exe [2010-4-12 1343400]
.
=============== Created Last 30 ================
.
2011-09-13 18:56:09 -------- d-----w- c:\windows\pss
2011-09-13 18:19:42 442200 ----a-w- c:\windows\system32\drivers\aswSnx.sys
2011-09-13 18:19:40 54616 ----a-w- c:\windows\system32\drivers\aswMonFlt.sys
2011-09-13 18:19:31 41184 ----a-w- c:\windows\avastSS.scr
2011-09-13 17:40:03 -------- d-----w- c:\program files\USBScan
2011-09-13 15:09:33 7152464 ----a-w- c:\programdata\microsoft\windows defender\definition updates\{54afa9c7-fcb1-4b87-afc9-831c8d330bfb}\mpengine.dll
2011-09-12 20:02:56 -------- d-----w- c:\programdata\AVAST Software
2011-09-12 20:02:56 -------- d-----w- c:\program files\AVAST Software
2011-09-12 16:11:37 -------- d-----w- c:\programdata\SUPERAntiSpyware.com
2011-09-12 14:09:39 -------- d-----w- c:\users\thuillier_d\appdata\roaming\Malwarebytes
2011-09-12 14:09:32 -------- d-----w- c:\programdata\Malwarebytes
2011-09-10 16:24:41 1126912 ------w- c:\windows\system32\wininet.dll
2011-09-10 15:18:43 -------- d-----w- C:\found.000
2011-09-09 18:12:13 -------- d-----w- c:\programdata\c5d747
2011-09-08 21:40:40 -------- d-----w- c:\users\thuillier_d\appdata\local\Google
2011-09-06 00:19:16 0 ----a-w- c:\programdata\rgeg.exe
2011-08-24 14:20:32 2048 ----a-w- c:\windows\system32\tzres.dll
.
==================== Find3M ====================
.
2011-08-05 00:48:09 404640 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2011-07-22 04:56:17 1638912 ----a-w- c:\windows\system32\mshtml.tlb
2011-07-16 04:37:32 169984 ----a-w- c:\windows\system32\winsrv.dll
2011-07-16 04:34:28 290816 ----a-w- c:\windows\system32\KernelBase.dll
2011-07-16 04:31:12 271360 ----a-w- c:\windows\system32\conhost.exe
2011-07-16 02:21:47 6144 ---ha-w- c:\windows\system32\api-ms-win-security-base-l1-1-0.dll
2011-07-16 02:21:47 4608 ---ha-w- c:\windows\system32\api-ms-win-core-threadpool-l1-1-0.dll
2011-07-16 02:21:47 3584 ---ha-w- c:\windows\system32\api-ms-win-core-xstate-l1-1-0.dll
2011-07-16 02:21:47 3072 ---ha-w- c:\windows\system32\api-ms-win-core-util-l1-1-0.dll
2011-07-09 02:26:10 222720 ----a-w- c:\windows\system32\drivers\mrxsmb10.sys
2011-06-23 04:38:05 3957120 ----a-w- c:\windows\system32\ntkrnlpa.exe
2011-06-23 04:38:04 3902336 ----a-w- c:\windows\system32\ntoskrnl.exe
.
============= FINISH: 11:19:28,04 ===============

---- When I tried to SAVE AS the dds.txt file, a pop up appeared saying this :
Header : Notepad.exe
ORDINAL 383 could not be located in the dynamic link library iertutil.dll.

---- When I tried to SAVE AS the attach.txt file, a pop up appeared saying this :
Header : Notepad.exe
ORDINAL 383 could not be located in the dynamic link library iertutil.dll.

---- When GMER finished, I had this message : gmer has found system modification caused by ROOTKIT activity.



Thank you for all the help you can provide me!

Attached Files


Edited by AxelFTW, 20 September 2011 - 11:44 AM.


#6 Farbar

Farbar

    Just Curious


  • Security Developer
  • 21,716 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:The Netherlands
  • Local time:04:42 AM

Posted 21 September 2011 - 01:27 PM

Hi AxelFTW,

Welcome to this forum and apologies for the delay. I will assist you with this issue.

  • Please download MBRCheck by clicking here and save it to your desktop.
    • Double click on the file to run it (Vista and Windows 7 users will have to confirm the UAC prompt).
    • A window will open on your desktop.
    • If an unknown bootcode is found you will have further options available to you, at this time press N then press Enter twice.
    • If nothing unusual is found just press Enter.
    • A .txt file named MBRCheck_mm.dd.yy_hh.mm.txt should appear on your desktop.
    • Please post the contents of that file in your next reply.
  • For x32 (x86) bit systems download Farbar Recovery Scan Tool and save it to a flash drive.
    For x64 bit systems download Farbar Recovery Scan Tool x64 and save it to a flash drive.

    Plug the flashdrive into the infected PC.

    Enter System Recovery Options.

    To enter System Recovery Options from the Advanced Boot Options:
    • Restart the computer.
    • As soon as the BIOS is loaded begin tapping the F8 key until Advanced Boot Options appears.
    • Use the arrow keys to select the Repair your computer menu item.
    • Choose your language settings, and then click Next.
    • Select the operating system you want to repair, and then click Next.
    • Select your user account and click Next.
    On the System Recovery Options menu you will get the following options:
    Startup Repair
    System Restore
    Windows Complete PC Restore
    Windows Memory Diagnostic Tool
    Command Prompt
  • Select Command Prompt
  • In the command window type in notepad and press Enter.
  • The notepad opens. Under File menu select Open.
  • Select "Computer" and find your flash drive letter and close the notepad.
  • In the command window type e:\frst.exe (for x64 bit version type e:\frst64) and press Enter
    Note: Replace letter e with the drive letter of your flash drive.
  • The tool will start to run.
  • When the tool opens click Yes to disclaimer.
  • Press Scan button.
  • It will make a log (FRST.txt) on the flash drive. Please copy and paste it to your reply.
[/list]

#7 AxelFTW

AxelFTW
  • Topic Starter

  • Members
  • 16 posts
  • OFFLINE
  •  
  • Local time:09:42 PM

Posted 21 September 2011 - 02:23 PM

Hi farbar, really appreciate that you take some of your time to help me.
I post the log for MBRcheck :

MBRCheck, version 1.2.3
© 2010, AD

Command-line:
Windows Version: Windows 7 Professional
Windows Information: (build 7600), 32-bit
Base Board Manufacturer: TOSHIBA
BIOS Manufacturer: TOSHIBA
System Manufacturer: TOSHIBA
System Product Name: Satellite Pro L550
Logical Drives Mask: 0x0000001c

Kernel Drivers (total 183):
0x83810000 \SystemRoot\system32\ntkrnlpa.exe
0x83C20000 \SystemRoot\system32\halmacpi.dll
0x88046000 \SystemRoot\system32\kdcom.dll
0x83E05000 \SystemRoot\system32\mcupdate_GenuineIntel.dll
0x83E7D000 \SystemRoot\system32\PSHED.dll
0x83E8E000 \SystemRoot\system32\BOOTVID.dll
0x83E96000 \SystemRoot\system32\CLFS.SYS
0x83ED8000 \SystemRoot\system32\CI.dll
0x83F83000 \SystemRoot\system32\drivers\Wdf01000.sys
0x84000000 \SystemRoot\system32\drivers\WDFLDR.SYS
0x8400E000 \SystemRoot\system32\DRIVERS\ACPI.sys
0x84056000 \SystemRoot\system32\DRIVERS\WMILIB.SYS
0x8405F000 \SystemRoot\system32\DRIVERS\msisadrv.sys
0x84067000 \SystemRoot\system32\DRIVERS\pci.sys
0x84091000 \SystemRoot\system32\DRIVERS\vdrvroot.sys
0x8409C000 \SystemRoot\system32\DRIVERS\LPCFilter.sys
0x840A9000 \SystemRoot\System32\drivers\partmgr.sys
0x840BA000 \SystemRoot\system32\DRIVERS\compbatt.sys
0x840C2000 \SystemRoot\system32\DRIVERS\BATTC.SYS
0x840CD000 \SystemRoot\system32\DRIVERS\volmgr.sys
0x840DD000 \SystemRoot\System32\drivers\volmgrx.sys
0x84128000 \SystemRoot\System32\drivers\mountmgr.sys
0x8413E000 \SystemRoot\system32\DRIVERS\pciide.sys
0x84145000 \SystemRoot\system32\DRIVERS\PCIIDEX.SYS
0x84222000 \SystemRoot\system32\DRIVERS\iaStor.sys
0x842FC000 \SystemRoot\system32\DRIVERS\atapi.sys
0x84305000 \SystemRoot\system32\DRIVERS\ataport.SYS
0x84328000 \SystemRoot\system32\DRIVERS\msahci.sys
0x84332000 \SystemRoot\system32\drivers\amdxata.sys
0x8433B000 \SystemRoot\system32\drivers\fltmgr.sys
0x8436F000 \SystemRoot\system32\drivers\fileinfo.sys
0x8C02E000 \SystemRoot\System32\Drivers\Ntfs.sys
0x8C15D000 \SystemRoot\System32\Drivers\msrpc.sys
0x8C188000 \SystemRoot\System32\Drivers\ksecdd.sys
0x8C19B000 \SystemRoot\System32\Drivers\cng.sys
0x8C000000 \SystemRoot\System32\drivers\pcw.sys
0x8C00E000 \SystemRoot\System32\Drivers\Fs_Rec.sys
0x8C20F000 \SystemRoot\system32\drivers\ndis.sys
0x8C2C6000 \SystemRoot\system32\drivers\NETIO.SYS
0x8C304000 \SystemRoot\System32\Drivers\ksecpkg.sys
0x8C43B000 \SystemRoot\System32\drivers\tcpip.sys
0x8C584000 \SystemRoot\System32\drivers\fwpkclnt.sys
0x8C5B5000 \SystemRoot\system32\DRIVERS\vmstorfl.sys
0x8C5BE000 \SystemRoot\system32\DRIVERS\volsnap.sys
0x8C400000 \SystemRoot\system32\DRIVERS\TVALZ_O.SYS
0x8C329000 \SystemRoot\system32\DRIVERS\tos_sps32.sys
0x8C405000 \SystemRoot\System32\Drivers\spldr.sys
0x8C40D000 \SystemRoot\System32\drivers\rdyboost.sys
0x8C370000 \SystemRoot\System32\Drivers\mup.sys
0x8C380000 \SystemRoot\system32\drivers\mfehidk.sys
0x8C3D2000 \SystemRoot\System32\drivers\hwpolicy.sys
0x84380000 \SystemRoot\System32\DRIVERS\fvevol.sys
0x8C3DA000 \SystemRoot\system32\DRIVERS\disk.sys
0x843B2000 \SystemRoot\system32\DRIVERS\CLASSPNP.SYS
0x904F3000 \SystemRoot\system32\DRIVERS\cdrom.sys
0x90512000 \SystemRoot\System32\Drivers\aswSnx.SYS
0x90582000 \SystemRoot\System32\Drivers\Null.SYS
0x90589000 \SystemRoot\System32\Drivers\Beep.SYS
0x90590000 \SystemRoot\System32\drivers\vga.sys
0x9059C000 \SystemRoot\System32\drivers\VIDEOPRT.SYS
0x905BD000 \SystemRoot\System32\drivers\watchdog.sys
0x905CA000 \SystemRoot\System32\DRIVERS\RDPCDD.sys
0x905D2000 \SystemRoot\system32\drivers\rdpencdd.sys
0x905DA000 \SystemRoot\system32\drivers\rdprefmp.sys
0x905E2000 \SystemRoot\System32\Drivers\Msfs.SYS
0x905ED000 \SystemRoot\System32\Drivers\Npfs.SYS
0x8C017000 \SystemRoot\system32\DRIVERS\tdx.sys
0x8C200000 \SystemRoot\system32\DRIVERS\TDI.SYS
0x843D7000 \SystemRoot\system32\drivers\mfetdik.sys
0x843E5000 \SystemRoot\System32\Drivers\aswTdi.SYS
0x84153000 \SystemRoot\System32\DRIVERS\netbt.sys
0x84185000 \SystemRoot\system32\drivers\afd.sys
0x90400000 \SystemRoot\System32\Drivers\aswRdr.SYS
0x8C3F8000 \SystemRoot\system32\DRIVERS\wfplwf.sys
0x84200000 \SystemRoot\system32\DRIVERS\pacer.sys
0x841DF000 \SystemRoot\system32\DRIVERS\vwififlt.sys
0x843F0000 \SystemRoot\system32\DRIVERS\netbios.sys
0x91E2A000 \SystemRoot\system32\DRIVERS\wanarp.sys
0x91E3D000 \SystemRoot\system32\DRIVERS\termdd.sys
0x91E4D000 \SystemRoot\system32\DRIVERS\rdbss.sys
0x91E8E000 \SystemRoot\system32\drivers\nsiproxy.sys
0x91E98000 \SystemRoot\system32\DRIVERS\mssmbios.sys
0x91EA2000 \SystemRoot\System32\drivers\discache.sys
0x91EAE000 \SystemRoot\system32\drivers\csc.sys
0x91F12000 \SystemRoot\System32\Drivers\dfsc.sys
0x91F2A000 \SystemRoot\system32\DRIVERS\blbdrive.sys
0x91F38000 \SystemRoot\System32\Drivers\aswSP.SYS
0x91F85000 \SystemRoot\system32\DRIVERS\tunnel.sys
0x9242B000 \SystemRoot\system32\DRIVERS\atikmdag.sys
0x92940000 \SystemRoot\System32\drivers\dxgkrnl.sys
0x91FA6000 \SystemRoot\System32\drivers\dxgmms1.sys
0x92400000 \SystemRoot\system32\DRIVERS\HDAudBus.sys
0x9241F000 \SystemRoot\system32\DRIVERS\usbuhci.sys
0x9121C000 \SystemRoot\system32\DRIVERS\USBPORT.SYS
0x91267000 \SystemRoot\system32\DRIVERS\usbehci.sys
0x91276000 \SystemRoot\system32\DRIVERS\Rt86win7.sys
0x912A2000 \SystemRoot\system32\DRIVERS\rtl8192se.sys
0x91392000 \SystemRoot\system32\DRIVERS\vwifibus.sys
0x9139C000 \SystemRoot\system32\DRIVERS\tosrfec.sys
0x9139F000 \SystemRoot\system32\DRIVERS\CmBatt.sys
0x913A3000 \SystemRoot\system32\DRIVERS\i8042prt.sys
0x913BB000 \SystemRoot\system32\DRIVERS\kbdclass.sys
0x913C8000 \SystemRoot\system32\DRIVERS\SynTP.sys
0x913FB000 \SystemRoot\system32\DRIVERS\USBD.SYS
0x91200000 \SystemRoot\system32\DRIVERS\mouclass.sys
0x9120D000 \SystemRoot\system32\DRIVERS\tdcmdpst.sys
0x929F7000 \SystemRoot\system32\DRIVERS\GEARAspiWDM.sys
0x91FDF000 \SystemRoot\system32\DRIVERS\TVALZFL.sys
0x91FE6000 \SystemRoot\system32\DRIVERS\intelppm.sys
0x91E00000 \SystemRoot\system32\DRIVERS\CompositeBus.sys
0x91E0D000 \SystemRoot\system32\DRIVERS\AgileVpn.sys
0x92C3B000 \SystemRoot\system32\DRIVERS\rasl2tp.sys
0x92C53000 \SystemRoot\system32\DRIVERS\ndistapi.sys
0x92C5E000 \SystemRoot\system32\DRIVERS\ndiswan.sys
0x92C80000 \SystemRoot\system32\DRIVERS\raspppoe.sys
0x92C98000 \SystemRoot\system32\DRIVERS\raspptp.sys
0x92CAF000 \SystemRoot\system32\DRIVERS\rassstp.sys
0x92CC6000 \SystemRoot\system32\DRIVERS\rdpbus.sys
0x92CD0000 \SystemRoot\system32\DRIVERS\swenum.sys
0x92CD2000 \SystemRoot\system32\DRIVERS\ks.sys
0x92D06000 \SystemRoot\system32\DRIVERS\umbus.sys
0x92D14000 \SystemRoot\system32\DRIVERS\usbhub.sys
0x92D58000 \SystemRoot\System32\Drivers\NDProxy.SYS
0x92D69000 \SystemRoot\system32\drivers\RtHDMIV.sys
0x92D8E000 \SystemRoot\system32\drivers\portcls.sys
0x92DBD000 \SystemRoot\system32\drivers\drmk.sys
0x93223000 \SystemRoot\system32\drivers\RTKVHDA.sys
0x934BF000 \SystemRoot\system32\DRIVERS\AGRSM.sys
0x935DB000 \SystemRoot\system32\drivers\modem.sys
0x935E8000 \SystemRoot\system32\DRIVERS\usbccgp.sys
0x92DD6000 \SystemRoot\System32\Drivers\usbvideo.sys
0x93200000 \SystemRoot\system32\DRIVERS\hidusb.sys
0x9320B000 \SystemRoot\system32\DRIVERS\HIDCLASS.SYS
0x92C00000 \SystemRoot\system32\DRIVERS\HIDPARSE.SYS
0x92C07000 \SystemRoot\System32\Drivers\LEqdUsb.Sys
0x92C10000 \SystemRoot\system32\DRIVERS\kbdhid.sys
0x92C1C000 \SystemRoot\system32\DRIVERS\mouhid.sys
0x9321E000 \SystemRoot\System32\Drivers\LHidEqd.Sys
0x92C27000 \SystemRoot\system32\DRIVERS\LHidFilt.Sys
0x92C2F000 \SystemRoot\system32\DRIVERS\LMouFilt.Sys
0x8EA59000 \SystemRoot\System32\Drivers\crashdmp.sys
0x8EA66000 \SystemRoot\System32\Drivers\dump_iaStor.sys
0x8EB40000 \SystemRoot\System32\Drivers\dump_dumpfve.sys
0x9AE10000 \SystemRoot\System32\win32k.sys
0x8EB51000 \SystemRoot\System32\drivers\Dxapi.sys
0x9B070000 \SystemRoot\System32\TSDDD.dll
0x9B0A0000 \SystemRoot\System32\cdd.dll
0x8EB66000 \SystemRoot\system32\drivers\luafv.sys
0x8EB81000 \??\C:\windows\system32\drivers\aswMonFlt.sys
0x8EBB9000 \SystemRoot\System32\Drivers\aswFsBlk.SYS
0x8EBBC000 \SystemRoot\system32\drivers\WudfPf.sys
0x8EBD6000 \SystemRoot\system32\DRIVERS\lltdio.sys
0x90407000 \SystemRoot\system32\DRIVERS\nwifi.sys
0x8EBE6000 \SystemRoot\system32\DRIVERS\ndisuio.sys
0x8EA00000 \SystemRoot\system32\DRIVERS\rspndr.sys
0x9044D000 \SystemRoot\system32\drivers\HTTP.sys
0x904D2000 \SystemRoot\system32\DRIVERS\bowser.sys
0xA2833000 \SystemRoot\System32\drivers\mpsdrv.sys
0xA2845000 \SystemRoot\system32\DRIVERS\mrxsmb.sys
0xA2868000 \SystemRoot\system32\DRIVERS\mrxsmb10.sys
0xA28A3000 \SystemRoot\system32\DRIVERS\mrxsmb20.sys
0xA28D6000 \SystemRoot\system32\drivers\peauth.sys
0xA296D000 \SystemRoot\System32\Drivers\secdrv.SYS
0xA2977000 \SystemRoot\System32\DRIVERS\srvnet.sys
0xA2998000 \SystemRoot\System32\drivers\tcpipreg.sys
0xA29A5000 \SystemRoot\System32\DRIVERS\srv2.sys
0xA0C23000 \SystemRoot\System32\DRIVERS\srv.sys
0xA0C75000 \SystemRoot\system32\drivers\mfebopk.sys
0xA0C7E000 \SystemRoot\system32\drivers\mfeapfk.sys
0xA0C8F000 \SystemRoot\system32\drivers\mfeavfk.sys
0xA0D0E000 \SystemRoot\system32\DRIVERS\asyncmac.sys
0xA0D17000 \SystemRoot\system32\DRIVERS\USBSTOR.SYS
0xA0D2E000 \SystemRoot\System32\Drivers\fastfat.SYS
0xA0D79000 \??\C:\Users\THUILL~1\AppData\Local\Temp\mbr.sys
0xA0D80000 \??\C:\Users\THUILL~1\AppData\Local\Temp\kfgcykob.sys
0xA0D58000 \SystemRoot\system32\DRIVERS\tosrfusb.sys
0xA0D99000 \SystemRoot\system32\DRIVERS\tosrfbd.sys
0xA0DC1000 \SystemRoot\system32\DRIVERS\Tosrfhid.sys
0xA0DD4000 \SystemRoot\system32\DRIVERS\monitor.sys
0xA0DDF000 \SystemRoot\system32\DRIVERS\WUDFRd.sys
0x77430000 \Windows\System32\ntdll.dll
0x48280000 \Windows\System32\smss.exe
0x77670000 \Windows\System32\apisetschema.dll

Processes (total 63):
0 System Idle Process
4 System
364 C:\Windows\System32\smss.exe
692 csrss.exe
760 csrss.exe
768 C:\Windows\System32\wininit.exe
820 C:\Windows\System32\services.exe
844 C:\Windows\System32\winlogon.exe
852 C:\Windows\System32\lsass.exe
860 C:\Windows\System32\lsm.exe
980 C:\Windows\System32\svchost.exe
1080 C:\Windows\System32\svchost.exe
1160 C:\Windows\System32\atiesrxx.exe
1208 C:\Windows\System32\svchost.exe
1256 C:\Windows\System32\svchost.exe
1468 C:\Windows\System32\svchost.exe
1592 C:\Windows\System32\atieclxx.exe
1692 C:\Windows\System32\svchost.exe
1780 C:\Program Files\AVAST Software\Avast\AvastSvc.exe
236 C:\Windows\System32\spoolsv.exe
492 C:\Windows\System32\svchost.exe
1344 C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
1564 C:\Program Files\Bonjour\mDNSResponder.exe
1728 C:\Windows\System32\svchost.exe
1872 C:\Program Files\McAfee\VirusScan Enterprise\EngineServer.exe
2044 C:\Program Files\McAfee\Common Framework\FrameworkService.exe
2080 C:\Program Files\McAfee\VirusScan Enterprise\VsTskMgr.exe
2148 C:\Program Files\Common Files\microsoft shared\VS7DEBUG\mdm.exe
2176 C:\Windows\System32\mfevtps.exe
2296 C:\Windows\System32\TODDSrv.exe
2372 C:\Program Files\TOSHIBA\Power Saver\TosCoSrv.exe
2488 C:\Program Files\TOSHIBA\TECO\TecoService.exe
2536 C:\Program Files\McAfee\VirusScan Enterprise\Mcshield.exe
2596 mfeann.exe
2652 C:\Windows\System32\conhost.exe
2980 C:\Windows\System32\svchost.exe
3168 C:\Windows\System32\svchost.exe
3476 C:\Windows\System32\taskhost.exe
3540 C:\Windows\System32\dwm.exe
3580 C:\Windows\explorer.exe
3764 C:\Program Files\AVAST Software\Avast\AvastUI.exe
3828 C:\Users\thuillier_d\AppData\Roaming\Dropbox\bin\Dropbox.exe
4008 C:\Windows\System32\SearchIndexer.exe
2996 WmiPrvSE.exe
1276 C:\Program Files\LSI SoftModem\agrsmsvc.exe
3844 C:\Program Files\TOSHIBA\ConfigFree\CFIWmxSvcs.exe
2408 C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
2352 C:\Program Files\TOSHIBA\RSelect\RSelSvc.exe
2620 WmiPrvSE.exe
2260 WmiPrvSE.exe
1336 naPrdMgr.exe
5732 C:\Windows\System32\svchost.exe
3500 WmiPrvSE.exe
5364 C:\Windows\System32\audiodg.exe
1076 WmiPrvSE.exe
6000 WUDFHost.exe
4528 MpCmdRun.exe
5528 C:\Windows\System32\SearchProtocolHost.exe
4700 C:\Windows\System32\SearchFilterHost.exe
1500 dllhost.exe
5644 dllhost.exe
972 C:\Users\thuillier_d\Desktop\MBRCheck.exe
5440 C:\Windows\System32\conhost.exe

\\.\C: --> \\.\PhysicalDrive0 at offset 0x00000000`5dd00000 (NTFS)

PhysicalDrive0 Model Number: FUJITSUMJA2320BHG2, Rev: 00400018

Size Device Name MBR Status
--------------------------------------------
298 GB \\.\PhysicalDrive0 Windows 2008 MBR code detected
SHA1: BBAD517F7EAC529451E4B9586C847AE190574F61


Done!

---------------

Unfortunately, I wasn't able to do the second step. When I restart with the system recovery, it asks for my password of my local account. I enter it but it doesn't work. I went back, modified my password just to be sure and even though I know the password for the username : Denis Thuillier, it doesn't work. I'm working from a domain does it have something to do with it? In the box, I'm only presented with the choice Denis Thuillier. I do know that this user is a local user because the one from my domain is thuillier_d. I can't even choose the administrator account. I can't understand why it doesn't let me continue. It's saying it's a bad username or a bad password but it's impossible... The USB key is connected to my laptop and the software is saved to my USB key. I'm really sorry.

Thanks!

#8 Farbar

Farbar

    Just Curious


  • Security Developer
  • 21,716 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:The Netherlands
  • Local time:04:42 AM

Posted 21 September 2011 - 03:21 PM

Thanks for the feedback. :thumbup2:

The MBRCheck didn't confirmed the TDL4 infection as detected by GMER. So at this point not being able to boot to System Recovery Options is not essential.

Our first priority is to restore internet connection. In the course of our fixes whenever internet connection is restored let me know.

  • Please download ExeFix.reg and save it to a flashdrive or on the root of the system drive (usually C:).
    • Important: Boot your computer into the account that has trouble running exe files.
    • Double-click it and confirm the prompt to allow it to merge.
  • Please download TDSSKiller.zip and and extract it.
    • Run TDSSKiller.exe.
    • Click Start scan.
    • When it is finished the utility outputs a list of detected objects with description.
      The utility automatically selects an action (Cure or Delete) for malicious objects.
      The utility prompts the user to select an action to apply to suspicious objects (Skip, by default). Let the options as it is and click Continue
    • Let reboot if needed and tell me if the tool needed a reboot.
    • Click on Report and post the contents of the text file that will open.

      Note: By default, the utility outputs the log into system disk (it is usually the disk with installed operating system, C:\) root folder. The Log have a name like: TDSSKiller.Version_Date_Time_log.txt.
  • I do not recommend that you have more than one anti virus product installed and running on your computer at a time. The reason for this is that if both products have their automatic (Real-Time) protection switched on, then those products which do not encrypt the virus strings within them can cause other anti virus products to cause "false alarms". It can also lead to a clash as both products fight for access to files which are opened again this is the resident/automatic protection. In general terms, the two programs may conflict and cause:
    1) False Alarms: When the anti virus software tells you that your PC has a virus when it actually doesn't.
    2) System Performance Problems: Your system may lock up due to both products attempting to access the same file at the same time.
    Therefore please go to add/remove in the control panel and remove either Avast or McAfee.
  • Please download OTL by OldTimer.
    • Save it to your desktop.
    • Double click on the OTL icon on your desktop.
    • Click the "Scan All Users" checkbox.
    • Under Output select "Standard Output" checkbox.
    • Set Services, Drivers and Standard Registry to All.
    • Click Run Scan button.
    • Two reports will open, copy and paste them to your reply:
    • OTL.txt <-- Will be opened
    • Extra.txt <-- Will be minimized


#9 AxelFTW

AxelFTW
  • Topic Starter

  • Members
  • 16 posts
  • OFFLINE
  •  
  • Local time:09:42 PM

Posted 22 September 2011 - 02:47 PM

Hi farbar,

Not a lot of good news I'm afraid...

1. ExeFix.reg worked with no problem

2. It asked me to reboot or wait for now. At first, I rebooted but my computer never finished to shutdown so I had to do it manually. (I waited 45 minutes) After that, No report was sent so I clicked the software again and after all that, I cicked "Later". And I clicked on the report button. Here's the content :

2011/09/22 15:26:49.0477 3888 TDSS rootkit removing tool 2.5.23.0 Sep 20 2011 08:53:10
2011/09/22 15:26:49.0509 3888 ================================================================================
2011/09/22 15:26:49.0509 3888 SystemInfo:
2011/09/22 15:26:49.0509 3888
2011/09/22 15:26:49.0509 3888 OS Version: 6.1.7600 ServicePack: 0.0
2011/09/22 15:26:49.0509 3888 Product type: Workstation
2011/09/22 15:26:49.0509 3888 ComputerName: WIN-TNDHDP9D622
2011/09/22 15:26:49.0509 3888 UserName: Thuillier_D
2011/09/22 15:26:49.0509 3888 Windows directory: C:\windows
2011/09/22 15:26:49.0509 3888 System windows directory: C:\windows
2011/09/22 15:26:49.0509 3888 Processor architecture: Intel x86
2011/09/22 15:26:49.0509 3888 Number of processors: 2
2011/09/22 15:26:49.0509 3888 Page size: 0x1000
2011/09/22 15:26:49.0509 3888 Boot type: Normal boot
2011/09/22 15:26:49.0509 3888 ================================================================================
2011/09/22 15:26:51.0989 3888 Initialize success
2011/09/22 15:26:54.0625 0248 ================================================================================
2011/09/22 15:26:54.0625 0248 Scan started
2011/09/22 15:26:54.0625 0248 Mode: Manual;
2011/09/22 15:26:54.0625 0248 ================================================================================
2011/09/22 15:26:55.0546 0248 1394ohci (6d2aca41739bfe8cb86ee8e85f29697d) C:\windows\system32\DRIVERS\1394ohci.sys
2011/09/22 15:26:55.0686 0248 ACPI (f0e07d144c8685b8774bc32fc8da4df0) C:\windows\system32\DRIVERS\ACPI.sys
2011/09/22 15:26:55.0780 0248 AcpiPmi (98d81ca942d19f7d9153b095162ac013) C:\windows\system32\DRIVERS\acpipmi.sys
2011/09/22 15:26:55.0905 0248 adp94xx (21e785ebd7dc90a06391141aac7892fb) C:\windows\system32\DRIVERS\adp94xx.sys
2011/09/22 15:26:56.0029 0248 adpahci (0c676bc278d5b59ff5abd57bbe9123f2) C:\windows\system32\DRIVERS\adpahci.sys
2011/09/22 15:26:56.0123 0248 adpu320 (7c7b5ee4b7b822ec85321fe23a27db33) C:\windows\system32\DRIVERS\adpu320.sys
2011/09/22 15:26:56.0279 0248 AFD (0db7a48388d54d154ebec120461a0fcd) C:\windows\system32\drivers\afd.sys
2011/09/22 15:26:56.0466 0248 AgereSoftModem (07758c2196a62f207f77556311e7459a) C:\windows\system32\DRIVERS\AGRSM.sys
2011/09/22 15:26:56.0607 0248 agp440 (507812c3054c21cef746b6ee3d04dd6e) C:\windows\system32\DRIVERS\agp440.sys
2011/09/22 15:26:56.0716 0248 aic78xx (8b30250d573a8f6b4bd23195160d8707) C:\windows\system32\DRIVERS\djsvs.sys
2011/09/22 15:26:56.0794 0248 aliide (0d40bcf52ea90fc7df2aeab6503dea44) C:\windows\system32\DRIVERS\aliide.sys
2011/09/22 15:26:56.0903 0248 amdagp (3c6600a0696e90a463771c7422e23ab5) C:\windows\system32\DRIVERS\amdagp.sys
2011/09/22 15:26:57.0028 0248 amdide (cd5914170297126b6266860198d1d4f0) C:\windows\system32\DRIVERS\amdide.sys
2011/09/22 15:26:57.0153 0248 AmdK8 (00dda200d71bac534bf56a9db5dfd666) C:\windows\system32\DRIVERS\amdk8.sys
2011/09/22 15:26:57.0262 0248 AmdPPM (3cbf30f5370fda40dd3e87df38ea53b6) C:\windows\system32\DRIVERS\amdppm.sys
2011/09/22 15:26:57.0387 0248 amdsata (19ce906b4cdc11fc4fef5745f33a63b6) C:\windows\system32\drivers\amdsata.sys
2011/09/22 15:26:57.0496 0248 amdsbs (ea43af0c423ff267355f74e7a53bdaba) C:\windows\system32\DRIVERS\amdsbs.sys
2011/09/22 15:26:57.0574 0248 amdxata (869e67d66be326a5a9159fba8746fa70) C:\windows\system32\drivers\amdxata.sys
2011/09/22 15:26:57.0667 0248 AppID (feb834c02ce1e84b6a38f953ca067706) C:\windows\system32\drivers\appid.sys
2011/09/22 15:26:57.0808 0248 arc (2932004f49677bd84dbc72edb754ffb3) C:\windows\system32\DRIVERS\arc.sys
2011/09/22 15:26:57.0917 0248 arcsas (5d6f36c46fd283ae1b57bd2e9feb0bc7) C:\windows\system32\DRIVERS\arcsas.sys
2011/09/22 15:26:58.0026 0248 aswFsBlk (c47623ffd181a1e7d63574dde2a0a711) C:\windows\system32\drivers\aswFsBlk.sys
2011/09/22 15:26:58.0198 0248 aswMonFlt (4804753a4ec7d67cc22d226bffd1c1e3) C:\windows\system32\drivers\aswMonFlt.sys
2011/09/22 15:26:58.0260 0248 aswRdr (36239e24470a3dd81fae37510953cc6c) C:\windows\system32\drivers\aswRdr.sys
2011/09/22 15:26:58.0385 0248 aswSnx (caa846e9c83836bdc3d2d700c678db65) C:\windows\system32\drivers\aswSnx.sys
2011/09/22 15:26:58.0494 0248 aswSP (748ae7f2d7da33adb063fe05704a9969) C:\windows\system32\drivers\aswSP.sys
2011/09/22 15:26:58.0603 0248 aswTdi (ca9925ce1dbd07ffe1eb357752cf5577) C:\windows\system32\drivers\aswTdi.sys
2011/09/22 15:26:58.0728 0248 AsyncMac (add2ade1c2b285ab8378d2daaf991481) C:\windows\system32\DRIVERS\asyncmac.sys
2011/09/22 15:26:58.0853 0248 atapi (338c86357871c167a96ab976519bf59e) C:\windows\system32\DRIVERS\atapi.sys
2011/09/22 15:26:59.0118 0248 atikmdag (c97be8350fbcb1960b22fad2e6c2b514) C:\windows\system32\DRIVERS\atikmdag.sys
2011/09/22 15:26:59.0337 0248 b06bdrv (1a231abec60fd316ec54c66715543cec) C:\windows\system32\DRIVERS\bxvbdx.sys
2011/09/22 15:26:59.0461 0248 b57nd60x (bd8869eb9cde6bbe4508d869929869ee) C:\windows\system32\DRIVERS\b57nd60x.sys
2011/09/22 15:26:59.0633 0248 Beep (505506526a9d467307b3c393dedaf858) C:\windows\system32\drivers\Beep.sys
2011/09/22 15:26:59.0773 0248 blbdrive (2287078ed48fcfc477b05b20cf38f36f) C:\windows\system32\DRIVERS\blbdrive.sys
2011/09/22 15:26:59.0929 0248 bowser (9a5c671b7fbae4865149bb11f59b91b2) C:\windows\system32\DRIVERS\bowser.sys
2011/09/22 15:26:59.0992 0248 BrFiltLo (9f9acc7f7ccde8a15c282d3f88b43309) C:\windows\system32\DRIVERS\BrFiltLo.sys
2011/09/22 15:27:00.0070 0248 BrFiltUp (56801ad62213a41f6497f96dee83755a) C:\windows\system32\DRIVERS\BrFiltUp.sys
2011/09/22 15:27:00.0148 0248 Brserid (845b8ce732e67f3b4133164868c666ea) C:\windows\System32\Drivers\Brserid.sys
2011/09/22 15:27:00.0241 0248 BrSerWdm (203f0b1e73adadbbb7b7b1fabd901f6b) C:\windows\System32\Drivers\BrSerWdm.sys
2011/09/22 15:27:00.0304 0248 BrUsbMdm (bd456606156ba17e60a04e18016ae54b) C:\windows\System32\Drivers\BrUsbMdm.sys
2011/09/22 15:27:00.0382 0248 BrUsbSer (af72ed54503f717a43268b3cc5faec2e) C:\windows\System32\Drivers\BrUsbSer.sys
2011/09/22 15:27:00.0475 0248 BTHMODEM (ed3df7c56ce0084eb2034432fc56565a) C:\windows\system32\DRIVERS\bthmodem.sys
2011/09/22 15:27:00.0616 0248 cdfs (77ea11b065e0a8ab902d78145ca51e10) C:\windows\system32\DRIVERS\cdfs.sys
2011/09/22 15:27:00.0709 0248 cdrom (ba6e70aa0e6091bc39de29477d866a77) C:\windows\system32\DRIVERS\cdrom.sys
2011/09/22 15:27:00.0819 0248 circlass (3fe3fe94a34df6fb06e6418d0f6a0060) C:\windows\system32\DRIVERS\circlass.sys
2011/09/22 15:27:00.0928 0248 CLFS (635181e0e9bbf16871bf5380d71db02d) C:\windows\system32\CLFS.sys
2011/09/22 15:27:01.0084 0248 CmBatt (dea805815e587dad1dd2c502220b5616) C:\windows\system32\DRIVERS\CmBatt.sys
2011/09/22 15:27:01.0193 0248 cmdide (c537b1db64d495b9b4717b4d6d9edbf2) C:\windows\system32\DRIVERS\cmdide.sys
2011/09/22 15:27:01.0318 0248 CNG (1b675691ed940766149c93e8f4488d68) C:\windows\system32\Drivers\cng.sys
2011/09/22 15:27:01.0380 0248 Compbatt (a6023d3823c37043986713f118a89bee) C:\windows\system32\DRIVERS\compbatt.sys
2011/09/22 15:27:01.0458 0248 CompositeBus (f1724ba27e97d627f808fb0ba77a28a6) C:\windows\system32\DRIVERS\CompositeBus.sys
2011/09/22 15:27:01.0536 0248 crcdisk (2c4ebcfc84a9b44f209dff6c6e6c61d1) C:\windows\system32\DRIVERS\crcdisk.sys
2011/09/22 15:27:01.0677 0248 CSC (27c9490bdd0ae48911ab8cf1932591ed) C:\windows\system32\drivers\csc.sys
2011/09/22 15:27:01.0879 0248 DfsC (83d1ecea8faae75604c0fa49ac7ad996) C:\windows\system32\Drivers\dfsc.sys
2011/09/22 15:27:02.0004 0248 discache (1a050b0274bfb3890703d490f330c0da) C:\windows\system32\drivers\discache.sys
2011/09/22 15:27:02.0129 0248 Disk (565003f326f99802e68ca78f2a68e9ff) C:\windows\system32\DRIVERS\disk.sys
2011/09/22 15:27:02.0285 0248 drmkaud (b918e7c5f9bf77202f89e1a9539f2eb4) C:\windows\system32\drivers\drmkaud.sys
2011/09/22 15:27:02.0363 0248 DXGKrnl (1679a4669326cb1a67cc95658d273234) C:\windows\System32\drivers\dxgkrnl.sys
2011/09/22 15:27:02.0535 0248 ebdrv (024e1b5cac09731e4d868e64dbfb4ab0) C:\windows\system32\DRIVERS\evbdx.sys
2011/09/22 15:27:02.0737 0248 elxstor (0ed67910c8c326796faa00b2bf6d9d3c) C:\windows\system32\DRIVERS\elxstor.sys
2011/09/22 15:27:02.0862 0248 ErrDev (8fc3208352dd3912c94367a206ab3f11) C:\windows\system32\DRIVERS\errdev.sys
2011/09/22 15:27:02.0940 0248 exfat (2dc9108d74081149cc8b651d3a26207f) C:\windows\system32\drivers\exfat.sys
2011/09/22 15:27:03.0049 0248 fastfat (7e0ab74553476622fb6ae36f73d97d35) C:\windows\system32\drivers\fastfat.sys
2011/09/22 15:27:03.0159 0248 fdc (e817a017f82df2a1f8cfdbda29388b29) C:\windows\system32\DRIVERS\fdc.sys
2011/09/22 15:27:03.0315 0248 FileInfo (6cf00369c97f3cf563be99be983d13d8) C:\windows\system32\drivers\fileinfo.sys
2011/09/22 15:27:03.0377 0248 Filetrace (42c51dc94c91da21cb9196eb64c45db9) C:\windows\system32\drivers\filetrace.sys
2011/09/22 15:27:03.0471 0248 flpydisk (87907aa70cb3c56600f1c2fb8841579b) C:\windows\system32\DRIVERS\flpydisk.sys
2011/09/22 15:27:03.0533 0248 FltMgr (7520ec808e0c35e0ee6f841294316653) C:\windows\system32\drivers\fltmgr.sys
2011/09/22 15:27:03.0642 0248 FsDepends (1a16b57943853e598cff37fe2b8cbf1d) C:\windows\system32\drivers\FsDepends.sys
2011/09/22 15:27:03.0767 0248 Fs_Rec (a574b4360e438977038aae4bf60d79a2) C:\windows\system32\drivers\Fs_Rec.sys
2011/09/22 15:27:03.0892 0248 fvevol (dafbd9fe39197495aed6d51f3b85b5d2) C:\windows\system32\DRIVERS\fvevol.sys
2011/09/22 15:27:03.0985 0248 gagp30kx (65ee0c7a58b65e74ae05637418153938) C:\windows\system32\DRIVERS\gagp30kx.sys
2011/09/22 15:27:04.0095 0248 GEARAspiWDM (8182ff89c65e4d38b2de4bb0fb18564e) C:\windows\system32\DRIVERS\GEARAspiWDM.sys
2011/09/22 15:27:04.0204 0248 hcw85cir (c44e3c2bab6837db337ddee7544736db) C:\windows\system32\drivers\hcw85cir.sys
2011/09/22 15:27:04.0344 0248 HdAudAddService (3530cad25deba7dc7de8bb51632cbc5f) C:\windows\system32\drivers\HdAudio.sys
2011/09/22 15:27:04.0438 0248 HDAudBus (717a2207fd6f13ad3e664c7d5a43c7bf) C:\windows\system32\DRIVERS\HDAudBus.sys
2011/09/22 15:27:04.0531 0248 HidBatt (1d58a7f3e11a9731d0eaaaa8405acc36) C:\windows\system32\DRIVERS\HidBatt.sys
2011/09/22 15:27:04.0641 0248 HidBth (89448f40e6df260c206a193a4683ba78) C:\windows\system32\DRIVERS\hidbth.sys
2011/09/22 15:27:04.0734 0248 HidIr (cf50b4cf4a4f229b9f3c08351f99ca5e) C:\windows\system32\DRIVERS\hidir.sys
2011/09/22 15:27:04.0843 0248 HidUsb (25072fb35ac90b25f9e4e3bacf774102) C:\windows\system32\DRIVERS\hidusb.sys
2011/09/22 15:27:04.0953 0248 HpSAMD (295fdc419039090eb8b49ffdbb374549) C:\windows\system32\DRIVERS\HpSAMD.sys
2011/09/22 15:27:05.0077 0248 HTTP (c531c7fd9e8b62021112787c4e2c5a5a) C:\windows\system32\drivers\HTTP.sys
2011/09/22 15:27:05.0218 0248 hwpolicy (8305f33cde89ad6c7a0763ed0b5a8d42) C:\windows\system32\drivers\hwpolicy.sys
2011/09/22 15:27:05.0358 0248 i8042prt (f151f0bdc47f4a28b1b20a0818ea36d6) C:\windows\system32\DRIVERS\i8042prt.sys
2011/09/22 15:27:05.0530 0248 iaStor (d483687eace0c065ee772481a96e05f5) C:\windows\system32\DRIVERS\iaStor.sys
2011/09/22 15:27:05.0717 0248 iaStorV (71f1a494fedf4b33c02c4a6a28d6d9e9) C:\windows\system32\drivers\iaStorV.sys
2011/09/22 15:27:06.0357 0248 igfx (ad626f6964f4d364d226c39e06872dd3) C:\windows\system32\DRIVERS\igdkmd32.sys
2011/09/22 15:27:06.0747 0248 iirsp (4173ff5708f3236cf25195fecd742915) C:\windows\system32\DRIVERS\iirsp.sys
2011/09/22 15:27:07.0246 0248 IntcAzAudAddService (e4a2e810cb2607c9c159c0dfb0bd4c88) C:\windows\system32\drivers\RTKVHDA.sys
2011/09/22 15:27:07.0418 0248 intelide (a0f12f2c9ba6c72f3987ce780e77c130) C:\windows\system32\DRIVERS\intelide.sys
2011/09/22 15:27:07.0667 0248 intelppm (3b514d27bfc4accb4037bc6685f766e0) C:\windows\system32\DRIVERS\intelppm.sys
2011/09/22 15:27:07.0823 0248 IpFilterDriver (709d1761d3b19a932ff0238ea6d50200) C:\windows\system32\DRIVERS\ipfltdrv.sys
2011/09/22 15:27:07.0995 0248 IPMIDRV (e4454b6c37d7ffd5649611f6496308a7) C:\windows\system32\DRIVERS\IPMIDrv.sys
2011/09/22 15:27:08.0120 0248 IPNAT (a5fa468d67abcdaa36264e463a7bb0cd) C:\windows\system32\drivers\ipnat.sys
2011/09/22 15:27:08.0244 0248 IRENUM (42996cff20a3084a56017b7902307e9f) C:\windows\system32\drivers\irenum.sys
2011/09/22 15:27:08.0338 0248 isapnp (1f32bb6b38f62f7df1a7ab7292638a35) C:\windows\system32\DRIVERS\isapnp.sys
2011/09/22 15:27:08.0432 0248 iScsiPrt (ed46c223ae46c6866ab77cdc41c404b7) C:\windows\system32\DRIVERS\msiscsi.sys
2011/09/22 15:27:08.0572 0248 kbdclass (adef52ca1aeae82b50df86b56413107e) C:\windows\system32\DRIVERS\kbdclass.sys
2011/09/22 15:27:08.0666 0248 kbdhid (3d9f0ebf350edcfd6498057301455964) C:\windows\system32\DRIVERS\kbdhid.sys
2011/09/22 15:27:08.0790 0248 KSecDD (e36a061ec11b373826905b21be10948f) C:\windows\system32\Drivers\ksecdd.sys
2011/09/22 15:27:08.0915 0248 KSecPkg (365c6154bbbc5377173f1ca7bfb6cc59) C:\windows\system32\Drivers\ksecpkg.sys
2011/09/22 15:27:09.0102 0248 LEqdUsb (70035567754bed4e6ad353ca3f175127) C:\windows\system32\Drivers\LEqdUsb.Sys
2011/09/22 15:27:09.0212 0248 LHidEqd (32491b6bae0afad1d7a62c0ef0af4321) C:\windows\system32\Drivers\LHidEqd.Sys
2011/09/22 15:27:09.0321 0248 LHidFilt (7f9c7b28cf1c859e1c42619eea946dc8) C:\windows\system32\DRIVERS\LHidFilt.Sys
2011/09/22 15:27:09.0446 0248 lltdio (f7611ec07349979da9b0ae1f18ccc7a6) C:\windows\system32\DRIVERS\lltdio.sys
2011/09/22 15:27:09.0570 0248 LMouFilt (ab33792a87285344f43b5ce23421bab0) C:\windows\system32\DRIVERS\LMouFilt.Sys
2011/09/22 15:27:09.0664 0248 LPCFilter (6e3d3816749e107883eec5734ce44493) C:\windows\system32\DRIVERS\LPCFilter.sys
2011/09/22 15:27:09.0773 0248 LSI_FC (eb119a53ccf2acc000ac71b065b78fef) C:\windows\system32\DRIVERS\lsi_fc.sys
2011/09/22 15:27:09.0882 0248 LSI_SAS (8ade1c877256a22e49b75d1cc9161f9c) C:\windows\system32\DRIVERS\lsi_sas.sys
2011/09/22 15:27:09.0976 0248 LSI_SAS2 (dc9dc3d3daa0e276fd2ec262e38b11e9) C:\windows\system32\DRIVERS\lsi_sas2.sys
2011/09/22 15:27:10.0085 0248 LSI_SCSI (0a036c7d7cab643a7f07135ac47e0524) C:\windows\system32\DRIVERS\lsi_scsi.sys
2011/09/22 15:27:10.0210 0248 luafv (6703e366cc18d3b6e534f5cf7df39cee) C:\windows\system32\drivers\luafv.sys
2011/09/22 15:27:10.0382 0248 megasas (0fff5b045293002ab38eb1fd1fc2fb74) C:\windows\system32\DRIVERS\megasas.sys
2011/09/22 15:27:10.0491 0248 MegaSR (dcbab2920c75f390caf1d29f675d03d6) C:\windows\system32\DRIVERS\MegaSR.sys
2011/09/22 15:27:10.0600 0248 mfeapfk (1619082b1d7f731b11449f48e91cc84c) C:\windows\system32\drivers\mfeapfk.sys
2011/09/22 15:27:10.0740 0248 mfeavfk (1fae237d343904e24b3a9eb04bbd8170) C:\windows\system32\drivers\mfeavfk.sys
2011/09/22 15:27:10.0865 0248 mfebopk (8c324da46f9fcc5c107ceda4dbcfc7ae) C:\windows\system32\drivers\mfebopk.sys
2011/09/22 15:27:11.0006 0248 mfehidk (d0123e113243bdd427611f265bbd21b8) C:\windows\system32\drivers\mfehidk.sys
2011/09/22 15:27:11.0130 0248 mferkdet (d528f31cad4411d3ae3ce0c634232851) C:\windows\system32\drivers\mferkdet.sys
2011/09/22 15:27:11.0255 0248 mfetdik (28a2f3c4ca8c2063087c9fcd963586c0) C:\windows\system32\drivers\mfetdik.sys
2011/09/22 15:27:11.0380 0248 Modem (f001861e5700ee84e2d4e52c712f4964) C:\windows\system32\drivers\modem.sys
2011/09/22 15:27:11.0505 0248 monitor (79d10964de86b292320e9dfe02282a23) C:\windows\system32\DRIVERS\monitor.sys
2011/09/22 15:27:11.0598 0248 mouclass (fb18cc1d4c2e716b6b903b0ac0cc0609) C:\windows\system32\DRIVERS\mouclass.sys
2011/09/22 15:27:11.0708 0248 mouhid (2c388d2cd01c9042596cf3c8f3c7b24d) C:\windows\system32\DRIVERS\mouhid.sys
2011/09/22 15:27:11.0817 0248 mountmgr (921c18727c5920d6c0300736646931c2) C:\windows\system32\drivers\mountmgr.sys
2011/09/22 15:27:11.0942 0248 mpio (2af5997438c55fb79d33d015c30e1974) C:\windows\system32\DRIVERS\mpio.sys
2011/09/22 15:27:12.0066 0248 mpsdrv (ad2723a7b53dd1aacae6ad8c0bfbf4d0) C:\windows\system32\drivers\mpsdrv.sys
2011/09/22 15:27:12.0176 0248 MRxDAV (b1be47008d20e43da3adc37c24cdb89d) C:\windows\system32\drivers\mrxdav.sys
2011/09/22 15:27:12.0316 0248 mrxsmb (ca7570e42522e24324a12161db14ec02) C:\windows\system32\DRIVERS\mrxsmb.sys
2011/09/22 15:27:12.0425 0248 mrxsmb10 (f965c3ab2b2ae5c378f4562486e35051) C:\windows\system32\DRIVERS\mrxsmb10.sys
2011/09/22 15:27:12.0566 0248 mrxsmb20 (25c38264a3c72594dd21d355d70d7a5d) C:\windows\system32\DRIVERS\mrxsmb20.sys
2011/09/22 15:27:12.0675 0248 msahci (4326d168944123f38dd3b2d9c37a0b12) C:\windows\system32\DRIVERS\msahci.sys
2011/09/22 15:27:12.0768 0248 msdsm (455029c7174a2dbb03dba8a0d8bddd9a) C:\windows\system32\DRIVERS\msdsm.sys
2011/09/22 15:27:12.0909 0248 Msfs (daefb28e3af5a76abcc2c3078c07327f) C:\windows\system32\drivers\Msfs.sys
2011/09/22 15:27:13.0002 0248 mshidkmdf (3e1e5767043c5af9367f0056295e9f84) C:\windows\System32\drivers\mshidkmdf.sys
2011/09/22 15:27:13.0112 0248 msisadrv (0a4e5757ae09fa9622e3158cc1aef114) C:\windows\system32\DRIVERS\msisadrv.sys
2011/09/22 15:27:13.0221 0248 MSKSSRV (8c0860d6366aaffb6c5bb9df9448e631) C:\windows\system32\drivers\MSKSSRV.sys
2011/09/22 15:27:13.0314 0248 MSPCLOCK (3ea8b949f963562cedbb549eac0c11ce) C:\windows\system32\drivers\MSPCLOCK.sys
2011/09/22 15:27:13.0439 0248 MSPQM (f456e973590d663b1073e9c463b40932) C:\windows\system32\drivers\MSPQM.sys
2011/09/22 15:27:13.0548 0248 MsRPC (0e008fc4819d238c51d7c93e7b41e560) C:\windows\system32\drivers\MsRPC.sys
2011/09/22 15:27:13.0673 0248 mssmbios (fc6b9ff600cc585ea38b12589bd4e246) C:\windows\system32\DRIVERS\mssmbios.sys
2011/09/22 15:27:13.0782 0248 MSTEE (b42c6b921f61a6e55159b8be6cd54a36) C:\windows\system32\drivers\MSTEE.sys
2011/09/22 15:27:13.0876 0248 MTConfig (33599130f44e1f34631cea241de8ac84) C:\windows\system32\DRIVERS\MTConfig.sys
2011/09/22 15:27:13.0970 0248 Mup (159fad02f64e6381758c990f753bcc80) C:\windows\system32\Drivers\mup.sys
2011/09/22 15:27:14.0094 0248 NativeWifiP (26384429fcd85d83746f63e798ab1480) C:\windows\system32\DRIVERS\nwifi.sys
2011/09/22 15:27:14.0438 0248 NDIS (23759d175a0a9baaf04d05047bc135a8) C:\windows\system32\drivers\ndis.sys
2011/09/22 15:27:14.0765 0248 NdisCap (0e1787aa6c9191d3d319e8bafe86f80c) C:\windows\system32\DRIVERS\ndiscap.sys
2011/09/22 15:27:15.0015 0248 NdisTapi (e4a8aec125a2e43a9e32afeea7c9c888) C:\windows\system32\DRIVERS\ndistapi.sys
2011/09/22 15:27:15.0327 0248 Ndisuio (b30ae7f2b6d7e343b0df32e6c08fce75) C:\windows\system32\DRIVERS\ndisuio.sys
2011/09/22 15:27:15.0576 0248 NdisWan (267c415eadcbe53c9ca873dee39cf3a4) C:\windows\system32\DRIVERS\ndiswan.sys
2011/09/22 15:27:15.0873 0248 NDProxy (af7e7c63dcef3f8772726f86039d6eb4) C:\windows\system32\drivers\NDProxy.sys
2011/09/22 15:27:16.0200 0248 NetBIOS (80b275b1ce3b0e79909db7b39af74d51) C:\windows\system32\DRIVERS\netbios.sys
2011/09/22 15:27:16.0434 0248 NetBT (dd52a733bf4ca5af84562a5e2f963b91) C:\windows\system32\DRIVERS\netbt.sys
2011/09/22 15:27:16.0575 0248 nfrd960 (1d85c4b390b0ee09c7a46b91efb2c097) C:\windows\system32\DRIVERS\nfrd960.sys
2011/09/22 15:27:16.0700 0248 Npfs (1db262a9f8c087e8153d89bef3d2235f) C:\windows\system32\drivers\Npfs.sys
2011/09/22 15:27:16.0809 0248 nsiproxy (e9a0a4d07e53d8fea2bb8387a3293c58) C:\windows\system32\drivers\nsiproxy.sys
2011/09/22 15:27:17.0230 0248 Ntfs (187002ce05693c306f43c873f821381f) C:\windows\system32\drivers\Ntfs.sys
2011/09/22 15:27:17.0417 0248 Null (f9756a98d69098dca8945d62858a812c) C:\windows\system32\drivers\Null.sys
2011/09/22 15:27:17.0698 0248 nvraid (f1b0bed906f97e16f6d0c3629d2f21c6) C:\windows\system32\drivers\nvraid.sys
2011/09/22 15:27:17.0932 0248 nvstor (4520b63899e867f354ee012d34e11536) C:\windows\system32\drivers\nvstor.sys
2011/09/22 15:27:18.0182 0248 nv_agp (5a0983915f02bae73267cc2a041f717d) C:\windows\system32\DRIVERS\nv_agp.sys
2011/09/22 15:27:18.0431 0248 ohci1394 (08a70a1f2cdde9bb49b885cb817a66eb) C:\windows\system32\DRIVERS\ohci1394.sys
2011/09/22 15:27:18.0634 0248 Parport (2ea877ed5dd9713c5ac74e8ea7348d14) C:\windows\system32\DRIVERS\parport.sys
2011/09/22 15:27:18.0806 0248 partmgr (ff4218952b51de44fe910953a3e686b9) C:\windows\system32\drivers\partmgr.sys
2011/09/22 15:27:18.0946 0248 Parvdm (eb0a59f29c19b86479d36b35983daadc) C:\windows\system32\DRIVERS\parvdm.sys
2011/09/22 15:27:19.0164 0248 pci (c858cb77c577780ecc456a892e7e7d0f) C:\windows\system32\DRIVERS\pci.sys
2011/09/22 15:27:19.0352 0248 pciide (afe86f419014db4e5593f69ffe26ce0a) C:\windows\system32\DRIVERS\pciide.sys
2011/09/22 15:27:19.0476 0248 pcmcia (f396431b31693e71e8a80687ef523506) C:\windows\system32\DRIVERS\pcmcia.sys
2011/09/22 15:27:19.0679 0248 pcw (250f6b43d2b613172035c6747aeeb19f) C:\windows\system32\drivers\pcw.sys
2011/09/22 15:27:19.0851 0248 PEAUTH (9e0104ba49f4e6973749a02bf41344ed) C:\windows\system32\drivers\peauth.sys
2011/09/22 15:27:20.0194 0248 PGEffect (1b5011dd8d57f53aed31ff0f7d635802) C:\windows\system32\DRIVERS\pgeffect.sys
2011/09/22 15:27:20.0366 0248 PptpMiniport (631e3e205ad6d86f2aed6a4a8e69f2db) C:\windows\system32\DRIVERS\raspptp.sys
2011/09/22 15:27:20.0459 0248 Processor (85b1e3a0c7585bc4aae6899ec6fcf011) C:\windows\system32\DRIVERS\processr.sys
2011/09/22 15:27:20.0584 0248 Psched (6270ccae2a86de6d146529fe55b3246a) C:\windows\system32\DRIVERS\pacer.sys
2011/09/22 15:27:20.0740 0248 ql2300 (ab95ecf1f6659a60ddc166d8315b0751) C:\windows\system32\DRIVERS\ql2300.sys
2011/09/22 15:27:20.0896 0248 ql40xx (b4dd51dd25182244b86737dc51af2270) C:\windows\system32\DRIVERS\ql40xx.sys
2011/09/22 15:27:21.0021 0248 QWAVEdrv (584078ca1b95ca72df2a27c336f9719d) C:\windows\system32\drivers\qwavedrv.sys
2011/09/22 15:27:21.0083 0248 RasAcd (30a81b53c766d0133bb86d234e5556ab) C:\windows\system32\DRIVERS\rasacd.sys
2011/09/22 15:27:21.0146 0248 RasAgileVpn (57ec4aef73660166074d8f7f31c0d4fd) C:\windows\system32\DRIVERS\AgileVpn.sys
2011/09/22 15:27:21.0286 0248 Rasl2tp (d9f91eafec2815365cbe6d167e4e332a) C:\windows\system32\DRIVERS\rasl2tp.sys
2011/09/22 15:27:21.0411 0248 RasPppoe (0fe8b15916307a6ac12bfb6a63e45507) C:\windows\system32\DRIVERS\raspppoe.sys
2011/09/22 15:27:21.0504 0248 RasSstp (44101f495a83ea6401d886e7fd70096b) C:\windows\system32\DRIVERS\rassstp.sys
2011/09/22 15:27:21.0582 0248 rdbss (835d7e81bf517a3b72384bdcc85e1ce6) C:\windows\system32\DRIVERS\rdbss.sys
2011/09/22 15:27:21.0692 0248 rdpbus (0d8f05481cb76e70e1da06ee9f0da9df) C:\windows\system32\DRIVERS\rdpbus.sys
2011/09/22 15:27:21.0801 0248 RDPCDD (1e016846895b15a99f9a176a05029075) C:\windows\system32\DRIVERS\RDPCDD.sys
2011/09/22 15:27:21.0941 0248 RDPDR (c5ff95883ffef704d50c40d21cfb3ab5) C:\windows\system32\drivers\rdpdr.sys
2011/09/22 15:27:22.0050 0248 RDPENCDD (5a53ca1598dd4156d44196d200c94b8a) C:\windows\system32\drivers\rdpencdd.sys
2011/09/22 15:27:22.0160 0248 RDPREFMP (44b0a53cd4f27d50ed461dae0c0b4e1f) C:\windows\system32\drivers\rdprefmp.sys
2011/09/22 15:27:22.0284 0248 RDPWD (801371ba9782282892d00aadb08ee367) C:\windows\system32\drivers\RDPWD.sys
2011/09/22 15:27:22.0394 0248 rdyboost (4ea225bf1cf05e158853f30a99ca29a7) C:\windows\system32\drivers\rdyboost.sys
2011/09/22 15:27:22.0565 0248 rspndr (032b0d36ad92b582d869879f5af5b928) C:\windows\system32\DRIVERS\rspndr.sys
2011/09/22 15:27:22.0690 0248 RSUSBSTOR (ef8b2afc3c0751c5e5a59983c8893260) C:\windows\system32\Drivers\RtsUStor.sys
2011/09/22 15:27:22.0830 0248 RTHDMIAzAudService (72a5515a2031d458dd38e9336594184b) C:\windows\system32\drivers\RtHDMIV.sys
2011/09/22 15:27:22.0971 0248 RTL8167 (26a9d6227d12b9d9da5a81bb9b55d810) C:\windows\system32\DRIVERS\Rt86win7.sys
2011/09/22 15:27:23.0111 0248 rtl8192se (fd0b1d3ce2e7debd0ae8456494d21488) C:\windows\system32\DRIVERS\rtl8192se.sys
2011/09/22 15:27:23.0298 0248 s3cap (5423d8437051e89dd34749f242c98648) C:\windows\system32\DRIVERS\vms3cap.sys
2011/09/22 15:27:23.0408 0248 sbp2port (34ee0c44b724e3e4ce2eff29126de5b5) C:\windows\system32\DRIVERS\sbp2port.sys
2011/09/22 15:27:23.0532 0248 scfilter (a95c54b2ac3cc9c73fcdf9e51a1d6b51) C:\windows\system32\DRIVERS\scfilter.sys
2011/09/22 15:27:23.0657 0248 secdrv (90a3935d05b494a5a39d37e71f09a677) C:\windows\system32\drivers\secdrv.sys
2011/09/22 15:27:23.0766 0248 Serenum (9ad8b8b515e3df6acd4212ef465de2d1) C:\windows\system32\DRIVERS\serenum.sys
2011/09/22 15:27:23.0860 0248 Serial (5fb7fcea0490d821f26f39cc5ea3d1e2) C:\windows\system32\DRIVERS\serial.sys
2011/09/22 15:27:23.0938 0248 sermouse (79bffb520327ff916a582dfea17aa813) C:\windows\system32\DRIVERS\sermouse.sys
2011/09/22 15:27:24.0047 0248 sffdisk (9f976e1eb233df46fce808d9dea3eb9c) C:\windows\system32\DRIVERS\sffdisk.sys
2011/09/22 15:27:24.0141 0248 sffp_mmc (932a68ee27833cfd57c1639d375f2731) C:\windows\system32\DRIVERS\sffp_mmc.sys
2011/09/22 15:27:24.0234 0248 sffp_sd (4f1e5b0fe7c8050668dbfade8999aefb) C:\windows\system32\DRIVERS\sffp_sd.sys
2011/09/22 15:27:24.0390 0248 sfloppy (db96666cc8312ebc45032f30b007a547) C:\windows\system32\DRIVERS\sfloppy.sys
2011/09/22 15:27:24.0531 0248 sisagp (2565cac0dc9fe0371bdce60832582b2e) C:\windows\system32\DRIVERS\sisagp.sys
2011/09/22 15:27:24.0656 0248 SiSRaid2 (a9f0486851becb6dda1d89d381e71055) C:\windows\system32\DRIVERS\SiSRaid2.sys
2011/09/22 15:27:24.0765 0248 SiSRaid4 (3727097b55738e2f554972c3be5bc1aa) C:\windows\system32\DRIVERS\sisraid4.sys
2011/09/22 15:27:24.0874 0248 Smb (3e21c083b8a01cb70ba1f09303010fce) C:\windows\system32\DRIVERS\smb.sys
2011/09/22 15:27:25.0014 0248 spldr (95cf1ae7527fb70f7816563cbc09d942) C:\windows\system32\drivers\spldr.sys
2011/09/22 15:27:25.0202 0248 srv (c4a027b8c0bd3fc0699f41fa5e9e0c87) C:\windows\system32\DRIVERS\srv.sys
2011/09/22 15:27:25.0342 0248 srv2 (414bb592cad8a79649d01f9d94318fb3) C:\windows\system32\DRIVERS\srv2.sys
2011/09/22 15:27:25.0482 0248 srvnet (ff207d67700aa18242aaf985d3e7d8f4) C:\windows\system32\DRIVERS\srvnet.sys
2011/09/22 15:27:25.0592 0248 stexstor (db32d325c192b801df274bfd12a7e72b) C:\windows\system32\DRIVERS\stexstor.sys
2011/09/22 15:27:25.0701 0248 storflt (957e346ca948668f2496a6ccf6ff82cc) C:\windows\system32\DRIVERS\vmstorfl.sys
2011/09/22 15:27:25.0841 0248 storvsc (d5751969dc3e4b88bf482ac8ec9fe019) C:\windows\system32\DRIVERS\storvsc.sys
2011/09/22 15:27:25.0950 0248 swenum (e58c78a848add9610a4db6d214af5224) C:\windows\system32\DRIVERS\swenum.sys
2011/09/22 15:27:26.0075 0248 SynTP (8bd10dc8809dc69a1c5a795cb10add76) C:\windows\system32\DRIVERS\SynTP.sys
2011/09/22 15:27:26.0262 0248 Tcpip (c2daaeb48f3a47c410b041a0d2382ee1) C:\windows\system32\drivers\tcpip.sys
2011/09/22 15:27:26.0418 0248 TCPIP6 (c2daaeb48f3a47c410b041a0d2382ee1) C:\windows\system32\DRIVERS\tcpip.sys
2011/09/22 15:27:26.0543 0248 tcpipreg (e64444523add154f86567c469bc0b17f) C:\windows\system32\drivers\tcpipreg.sys
2011/09/22 15:27:26.0668 0248 tdcmdpst (4084ea00d50c858d6f9038f86ae2e2d0) C:\windows\system32\DRIVERS\tdcmdpst.sys
2011/09/22 15:27:26.0730 0248 TDPIPE (1875c1490d99e70e449e3afae9fcbadf) C:\windows\system32\drivers\tdpipe.sys
2011/09/22 15:27:26.0840 0248 TDTCP (7551e91ea999ee9a8e9c331d5a9c31f3) C:\windows\system32\drivers\tdtcp.sys
2011/09/22 15:27:26.0996 0248 tdx (cb39e896a2a83702d1737bfd402b3542) C:\windows\system32\DRIVERS\tdx.sys
2011/09/22 15:27:27.0120 0248 TermDD (c36f41ee20e6999dbf4b0425963268a5) C:\windows\system32\DRIVERS\termdd.sys
2011/09/22 15:27:27.0323 0248 Tosrfbd (b168b345fb7073930c31e0d8b85e8353) C:\windows\system32\DRIVERS\tosrfbd.sys
2011/09/22 15:27:27.0495 0248 tosrfec (9ee240f7029771b21cc6200be6516d60) C:\windows\system32\DRIVERS\tosrfec.sys
2011/09/22 15:27:27.0620 0248 Tosrfhid (a72a3473180f378cc07d342803ffd580) C:\windows\system32\DRIVERS\Tosrfhid.sys
2011/09/22 15:27:27.0729 0248 Tosrfusb (f400fb9616261a1b66e6d2e04b6c3538) C:\windows\system32\DRIVERS\tosrfusb.sys
2011/09/22 15:27:27.0854 0248 tos_sps32 (969377943fe7284609babbab4e06b93c) C:\windows\system32\DRIVERS\tos_sps32.sys
2011/09/22 15:27:28.0010 0248 tssecsrv (98ae6fa07d12cb4ec5cf4a9bfa5f4242) C:\windows\system32\DRIVERS\tssecsrv.sys
2011/09/22 15:27:28.0134 0248 tunnel (3e461d890a97f9d4c168f5fda36e1d00) C:\windows\system32\DRIVERS\tunnel.sys
2011/09/22 15:27:28.0244 0248 TVALZ (fc24015b4052600c324c43e3a79c0664) C:\windows\system32\DRIVERS\TVALZ_O.SYS
2011/09/22 15:27:28.0368 0248 TVALZFL (866462f5ae3f375ef83ef9dce436031c) C:\windows\system32\DRIVERS\TVALZFL.sys
2011/09/22 15:27:28.0478 0248 uagp35 (750fbcb269f4d7dd2e420c56b795db6d) C:\windows\system32\DRIVERS\uagp35.sys
2011/09/22 15:27:28.0618 0248 udfs (09cc3e16f8e5ee7168e01cf8fcbe061a) C:\windows\system32\DRIVERS\udfs.sys
2011/09/22 15:27:28.0758 0248 uliagpkx (44e8048ace47befbfdc2e9be4cbc8880) C:\windows\system32\DRIVERS\uliagpkx.sys
2011/09/22 15:27:28.0899 0248 umbus (049b3a50b3d646baeeee9eec9b0668dc) C:\windows\system32\DRIVERS\umbus.sys
2011/09/22 15:27:29.0008 0248 UmPass (7550ad0c6998ba1cb4843e920ee0feac) C:\windows\system32\DRIVERS\umpass.sys
2011/09/22 15:27:29.0180 0248 usbccgp (c31ae588e403042632dc796cf09e30b0) C:\windows\system32\DRIVERS\usbccgp.sys
2011/09/22 15:27:29.0351 0248 usbcir (04ec7cec62ec3b6d9354eee93327fc82) C:\windows\system32\DRIVERS\usbcir.sys
2011/09/22 15:27:29.0492 0248 usbehci (e4c436d914768ce965d5e659ba7eebd8) C:\windows\system32\DRIVERS\usbehci.sys
2011/09/22 15:27:29.0616 0248 usbhub (bdcd7156ec37448f08633fd899823620) C:\windows\system32\DRIVERS\usbhub.sys
2011/09/22 15:27:29.0726 0248 usbohci (eb2d819a639015253c871cda09d91d58) C:\windows\system32\drivers\usbohci.sys
2011/09/22 15:27:29.0850 0248 usbprint (797d862fe0875e75c7cc4c1ad7b30252) C:\windows\system32\DRIVERS\usbprint.sys
2011/09/22 15:27:29.0960 0248 USBSTOR (1c4287739a93594e57e2a9e6a3ed7353) C:\windows\system32\DRIVERS\USBSTOR.SYS
2011/09/22 15:27:30.0069 0248 usbuhci (22480bf4e5a09192e5e30ba4dde79fa4) C:\windows\system32\DRIVERS\usbuhci.sys
2011/09/22 15:27:30.0178 0248 usbvideo (b5f6a992d996282b7fae7048e50af83a) C:\windows\System32\Drivers\usbvideo.sys
2011/09/22 15:27:30.0318 0248 vdrvroot (a059c4c3edb09e07d21a8e5c0aabd3cb) C:\windows\system32\DRIVERS\vdrvroot.sys
2011/09/22 15:27:30.0459 0248 vga (17c408214ea61696cec9c66e388b14f3) C:\windows\system32\DRIVERS\vgapnp.sys
2011/09/22 15:27:30.0568 0248 VgaSave (8e38096ad5c8570a6f1570a61e251561) C:\windows\System32\drivers\vga.sys
2011/09/22 15:27:30.0646 0248 vhdmp (3be6e1f3a4f1afec8cee0d7883f93583) C:\windows\system32\DRIVERS\vhdmp.sys
2011/09/22 15:27:30.0740 0248 viaagp (c829317a37b4bea8f39735d4b076e923) C:\windows\system32\DRIVERS\viaagp.sys
2011/09/22 15:27:30.0849 0248 ViaC7 (e02f079a6aa107f06b16549c6e5c7b74) C:\windows\system32\DRIVERS\viac7.sys
2011/09/22 15:27:30.0974 0248 viaide (e43574f6a56a0ee11809b48c09e4fd3c) C:\windows\system32\DRIVERS\viaide.sys
2011/09/22 15:27:31.0098 0248 vmbus (379b349f65f453d2a6e75ea6b7448e49) C:\windows\system32\DRIVERS\vmbus.sys
2011/09/22 15:27:31.0208 0248 VMBusHID (ec2bbab4b84d0738c6c83d2234dc36fe) C:\windows\system32\DRIVERS\VMBusHID.sys
2011/09/22 15:27:31.0317 0248 volmgr (384e5a2aa49934295171e499f86ba6f3) C:\windows\system32\DRIVERS\volmgr.sys
2011/09/22 15:27:31.0473 0248 volmgrx (b5bb72067ddddbbfb04b2f89ff8c3c87) C:\windows\system32\drivers\volmgrx.sys
2011/09/22 15:27:31.0598 0248 volsnap (58df9d2481a56edde167e51b334d44fd) C:\windows\system32\DRIVERS\volsnap.sys
2011/09/22 15:27:31.0707 0248 vsmraid (9dfa0cc2f8855a04816729651175b631) C:\windows\system32\DRIVERS\vsmraid.sys
2011/09/22 15:27:31.0847 0248 vwifibus (90567b1e658001e79d7c8bbd3dde5aa6) C:\windows\system32\DRIVERS\vwifibus.sys
2011/09/22 15:27:31.0972 0248 vwififlt (7090d3436eeb4e7da3373090a23448f7) C:\windows\system32\DRIVERS\vwififlt.sys
2011/09/22 15:27:32.0050 0248 WacomPen (de3721e89c653aa281428c8a69745d90) C:\windows\system32\DRIVERS\wacompen.sys
2011/09/22 15:27:32.0128 0248 WANARP (692a712062146e96d28ba0b7d75de31b) C:\windows\system32\DRIVERS\wanarp.sys
2011/09/22 15:27:32.0159 0248 Wanarpv6 (692a712062146e96d28ba0b7d75de31b) C:\windows\system32\DRIVERS\wanarp.sys
2011/09/22 15:27:32.0300 0248 Wd (1112a9badacb47b7c0bb0392e3158dff) C:\windows\system32\DRIVERS\wd.sys
2011/09/22 15:27:32.0487 0248 Wdf01000 (9950e3d0f08141c7e89e64456ae7dc73) C:\windows\system32\drivers\Wdf01000.sys
2011/09/22 15:27:32.0736 0248 WfpLwf (8b9a943f3b53861f2bfaf6c186168f79) C:\windows\system32\DRIVERS\wfplwf.sys
2011/09/22 15:27:32.0877 0248 WIMMount (5cf95b35e59e2a38023836fff31be64c) C:\windows\system32\drivers\wimmount.sys
2011/09/22 15:27:33.0033 0248 WinUsb (30fc6e5448d0cbaaa95280eeef7fedae) C:\windows\system32\DRIVERS\WinUsb.sys
2011/09/22 15:27:33.0158 0248 WmiAcpi (0217679b8fca58714c3bf2726d2ca84e) C:\windows\system32\DRIVERS\wmiacpi.sys
2011/09/22 15:27:33.0282 0248 ws2ifsl (6db3276587b853bf886b69528fdb048c) C:\windows\system32\drivers\ws2ifsl.sys
2011/09/22 15:27:33.0423 0248 WudfPf (6f9b6c0c93232cff47d0f72d6db1d21e) C:\windows\system32\drivers\WudfPf.sys
2011/09/22 15:27:33.0563 0248 WUDFRd (f91ff1e51fca30b3c3981db7d5924252) C:\windows\system32\DRIVERS\WUDFRd.sys
2011/09/22 15:27:33.0672 0248 MBR (0x1B8) (ef1fb3fbba60e54cf5e5a0c96abf6c5b) \Device\Harddisk0\DR0
2011/09/22 15:27:33.0672 0248 \Device\Harddisk0\DR0 - detected Rootkit.Win32.TDSS.tdl4 (0)
2011/09/22 15:27:33.0688 0248 MBR (0x1B8) (739b36f7a373fc81121d831231b6d311) \Device\Harddisk1\DR1
2011/09/22 15:27:33.0704 0248 Boot (0x1200) (b9eba4717adba08e4111493054a5e400) \Device\Harddisk0\DR0\Partition0
2011/09/22 15:27:33.0719 0248 Boot (0x1200) (942629fe3e884d404a1802b793131fed) \Device\Harddisk1\DR1\Partition0
2011/09/22 15:27:33.0719 0248 ================================================================================
2011/09/22 15:27:33.0719 0248 Scan finished
2011/09/22 15:27:33.0719 0248 ================================================================================
2011/09/22 15:27:33.0719 3544 Detected object count: 1
2011/09/22 15:27:33.0719 3544 Actual detected object count: 1
2011/09/22 15:27:37.0354 3544 \Device\Harddisk0\DR0 (Rootkit.Win32.TDSS.tdl4) - will be cured after reboot
2011/09/22 15:27:37.0354 3544 \Device\Harddisk0\DR0 - ok
2011/09/22 15:27:37.0370 3544 Rootkit.Win32.TDSS.tdl4(\Device\Harddisk0\DR0) - User select action: Cure

3. I couldn't uninstall Mcafee, the uninstalling process would never finish so I decided to uninstall Avast.

4. Here's the two logs :
OTL.txt

OTL logfile created on: 2011-09-22 15:35:55 - Run 1
OTL by OldTimer - Version 3.2.29.1 Folder = C:\Users\thuillier_d\Desktop
An unknown product (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7600.16385)
Locale: 00000c0c | Country: Canada | Language: FRC | Date Format: yyyy-MM-dd

2,97 Gb Total Physical Memory | 2,12 Gb Available Physical Memory | 71,38% Memory free
5,93 Gb Paging File | 4,98 Gb Available in Paging File | 84,01% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\windows | %ProgramFiles% = C:\Program Files
Drive C: | 266,72 Gb Total Space | 216,34 Gb Free Space | 81,11% Space Free | Partition Type: NTFS
Drive E: | 3,76 Gb Total Space | 3,75 Gb Free Space | 99,80% Space Free | Partition Type: FAT32

Computer Name: WIN-TNDHDP9D622 | User Name: Thuillier_D | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2011-09-22 15:07:46 | 000,582,656 | ---- | M] (OldTimer Tools) -- C:\Users\thuillier_d\Desktop\OTL.exe
PRC - [2011-07-16 00:31:12 | 000,271,360 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\conhost.exe
PRC - [2011-05-25 16:07:14 | 024,176,560 | ---- | M] (Dropbox, Inc.) -- C:\Users\thuillier_d\AppData\Roaming\Dropbox\bin\Dropbox.exe
PRC - [2011-02-26 01:33:07 | 002,614,784 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2009-08-11 17:09:54 | 000,185,712 | ---- | M] (TOSHIBA Corporation) -- C:\Program Files\TOSHIBA\TECO\TecoService.exe
PRC - [2009-08-05 15:18:50 | 000,464,224 | ---- | M] (TOSHIBA Corporation) -- C:\Program Files\TOSHIBA\Power Saver\TosCoSrv.exe
PRC - [2009-07-30 00:54:38 | 000,348,160 | ---- | M] (AMD) -- C:\Windows\System32\atieclxx.exe
PRC - [2009-07-30 00:54:10 | 000,176,128 | ---- | M] (AMD) -- C:\Windows\System32\atiesrxx.exe
PRC - [2009-07-28 21:26:42 | 000,062,848 | ---- | M] (TOSHIBA CORPORATION) -- C:\Program Files\TOSHIBA\ConfigFree\CFSwMgr.exe
PRC - [2009-07-28 16:43:04 | 000,128,344 | ---- | M] (TOSHIBA Corporation) -- C:\Windows\System32\TODDSrv.exe
PRC - [2009-07-17 20:52:38 | 000,181,616 | ---- | M] (TOSHIBA CORPORATION) -- C:\Program Files\TOSHIBA\ConfigFree\CFIWmxSvcs.exe
PRC - [2009-07-13 21:14:42 | 000,049,152 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\taskhost.exe
PRC - [2009-07-13 21:14:24 | 000,157,184 | ---- | M] (Microsoft Corporation) -- c:\Program Files\Windows Defender\MpCmdRun.exe
PRC - [2009-07-13 16:24:00 | 000,304,496 | ---- | M] (TOSHIBA CORPORATION) -- C:\Program Files\TOSHIBA\ConfigFree\NDSTray.exe
PRC - [2009-07-07 10:37:32 | 000,062,832 | ---- | M] (TOSHIBA Corporation) -- C:\Program Files\TOSHIBA\RSelect\RSelSvc.exe
PRC - [2009-04-29 21:07:00 | 000,144,888 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee\VirusScan Enterprise\Mcshield.exe
PRC - [2009-04-29 21:07:00 | 000,124,240 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee\VirusScan Enterprise\shstat.exe
PRC - [2009-04-29 21:07:00 | 000,070,216 | ---- | M] (McAfee, Inc.) -- C:\Windows\System32\mfevtps.exe
PRC - [2009-04-29 21:07:00 | 000,062,800 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee\VirusScan Enterprise\VsTskMgr.exe
PRC - [2009-04-29 21:07:00 | 000,027,960 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee\VirusScan Enterprise\mfeann.exe
PRC - [2009-04-29 21:07:00 | 000,021,256 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee\VirusScan Enterprise\EngineServer.exe
PRC - [2009-03-27 19:10:56 | 000,014,336 | ---- | M] (LSI Corporation) -- C:\Program Files\LSI SoftModem\agrsmsvc.exe
PRC - [2009-03-10 19:51:20 | 000,046,448 | ---- | M] (TOSHIBA CORPORATION) -- C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
PRC - [2009-01-16 17:00:00 | 000,226,624 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee\Common Framework\naPrdMgr.exe
PRC - [2009-01-16 17:00:00 | 000,103,744 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee\Common Framework\FrameworkService.exe


========== Modules (No Company Name) ==========


========== Win32 Services (All) ==========

SRV - [2011-05-24 06:35:34 | 000,294,912 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\umpnpmgr.dll -- (PlugPlay)
SRV - [2011-05-04 00:52:12 | 000,428,032 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\windows\System32\SearchIndexer.exe -- (WSearch)
SRV - [2011-03-03 01:29:23 | 000,132,608 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\dnsrslvr.dll -- (Dnscache)
SRV - [2011-02-19 01:33:11 | 000,802,304 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\FntCache.dll -- (FontCache)
SRV - [2010-12-21 01:38:24 | 000,073,728 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\wscsvc.dll -- (wscsvc)
SRV - [2010-12-21 01:38:22 | 000,350,720 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\windows\System32\winhttp.dll -- (WinHttpAutoProxySvc)
SRV - [2010-12-21 01:38:21 | 000,204,800 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\WebClnt.dll -- (WebClient)
SRV - [2010-11-02 00:39:32 | 000,749,056 | ---- | M] (Microsoft Corporation) [Unknown | Running] -- C:\Windows\System32\schedsvc.dll -- (Schedule)
SRV - [2010-09-14 02:07:14 | 000,276,992 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\wcncsvc.dll -- (wcncsvc)
SRV - [2010-08-27 01:46:48 | 000,168,448 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\srvsvc.dll -- (LanmanServer)
SRV - [2010-08-21 01:32:37 | 000,316,928 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\spoolsv.exe -- (Spooler)
SRV - [2010-08-04 02:15:16 | 000,556,032 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\ehome\ehrecvr.exe -- (ehRecvr)
SRV - [2010-06-15 16:33:36 | 000,540,472 | ---- | M] (Apple Inc.) [On_Demand | Stopped] -- C:\Program Files\iPod\bin\iPodService.exe -- (iPod Service)
SRV - [2010-06-10 21:03:08 | 000,144,176 | ---- | M] (Apple Inc.) [Auto | Running] -- C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe -- (Apple Mobile Device)
SRV - [2010-05-18 16:35:14 | 000,345,376 | ---- | M] (Apple Inc.) [Auto | Running] -- C:\Program Files\Bonjour\mDNSResponder.exe -- (Bonjour Service)
SRV - [2010-04-12 00:00:15 | 001,343,400 | ---- | M] (Microsoft Corporation) [Unknown | Stopped] -- C:\Windows\System32\Wat\WatAdminSvc.exe -- (WatAdminSvc)
SRV - [2010-03-18 13:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2009-08-17 11:48:42 | 000,051,512 | ---- | M] (TOSHIBA Corporation) [On_Demand | Stopped] -- C:\Program Files\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe -- (TMachInfo)
SRV - [2009-08-11 17:09:54 | 000,185,712 | ---- | M] (TOSHIBA Corporation) [Auto | Running] -- C:\Program Files\TOSHIBA\TECO\TecoService.exe -- (TOSHIBA eco Utility Service)
SRV - [2009-08-06 18:04:56 | 000,685,424 | ---- | M] (TOSHIBA Corporation) [On_Demand | Stopped] -- C:\Program Files\TOSHIBA\TPHM\TPCHSrv.exe -- (TPCHSrv)
SRV - [2009-08-05 15:18:50 | 000,464,224 | ---- | M] (TOSHIBA Corporation) [Auto | Running] -- C:\Program Files\TOSHIBA\Power Saver\TosCoSrv.exe -- (TosCoSrv)
SRV - [2009-08-03 19:16:32 | 000,111,960 | ---- | M] (TOSHIBA Corporation) [On_Demand | Stopped] -- C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe -- (TOSHIBA HDD SSD Alert Service)
SRV - [2009-07-30 06:20:04 | 000,144,752 | ---- | M] (TOSHIBA CORPORATION) [On_Demand | Stopped] -- C:\Program Files\TOSHIBA\Bluetooth Toshiba Stack\TosBtSrv.exe -- (TOSHIBA Bluetooth Service)
SRV - [2009-07-30 00:54:10 | 000,176,128 | ---- | M] (AMD) [Auto | Running] -- C:\Windows\System32\atiesrxx.exe -- (AMD External Events Utility)
SRV - [2009-07-28 16:43:04 | 000,128,344 | ---- | M] (TOSHIBA Corporation) [Auto | Running] -- C:\Windows\System32\TODDSrv.exe -- (TODDSrv)
SRV - [2009-07-20 12:28:10 | 000,121,360 | ---- | M] (Logitech, Inc.) [On_Demand | Stopped] -- C:\Program Files\Common Files\Logishrd\Bluetooth\LBTServ.exe -- (LBTServ)
SRV - [2009-07-17 20:52:38 | 000,181,616 | ---- | M] (TOSHIBA CORPORATION) [Auto | Running] -- C:\Program Files\TOSHIBA\ConfigFree\CFIWmxSvcs.exe -- (cfWiMAXService)
SRV - [2009-07-13 21:16:21 | 001,912,832 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\wuaueng.dll -- (wuauserv)
SRV - [2009-07-13 21:16:21 | 000,185,856 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\wwansvc.dll -- (WwanSvc)
SRV - [2009-07-13 21:16:21 | 000,064,512 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\WUDFSvc.dll -- (wudfsvc)
SRV - [2009-07-13 21:16:20 | 001,175,040 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\WsmSvc.dll -- (WinRM) Gestion à distance de Windows (Gestion WSM)
SRV - [2009-07-13 21:16:20 | 000,084,480 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\System32\wpdbusenum.dll -- (WPDBusEnum)
SRV - [2009-07-13 21:16:20 | 000,010,752 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\wpcsvc.dll -- (WPCSvc)
SRV - [2009-07-13 21:16:19 | 000,829,440 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\wlansvc.dll -- (Wlansvc)
SRV - [2009-07-13 21:16:19 | 000,168,960 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\wbem\WMIsvc.dll -- (Winmgmt)
SRV - [2009-07-13 21:16:19 | 000,084,480 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\wkssvc.dll -- (LanmanWorkstation)
SRV - [2009-07-13 21:16:18 | 001,086,464 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\wevtsvc.dll -- (eventlog)
SRV - [2009-07-13 21:16:18 | 000,462,336 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\wiaservc.dll -- (StiSvc) Acquisition d’image Windows (WIA)
SRV - [2009-07-13 21:16:18 | 000,147,968 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\wecsvc.dll -- (Wecsvc)
SRV - [2009-07-13 21:16:18 | 000,076,288 | ---- | M] (Microsoft Corporation) [Unknown | Running] -- C:\Windows\System32\wdi.dll -- (WdiSystemHost)
SRV - [2009-07-13 21:16:18 | 000,076,288 | ---- | M] (Microsoft Corporation) [Unknown | Running] -- C:\Windows\System32\wdi.dll -- (WdiServiceHost)
SRV - [2009-07-13 21:16:18 | 000,065,024 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\wersvc.dll -- (WerSvc)
SRV - [2009-07-13 21:16:18 | 000,061,440 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\wercplsupport.dll -- (wercplsupport)
SRV - [2009-07-13 21:16:18 | 000,032,768 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\WcsPlugInService.dll -- (WcsPlugInService)
SRV - [2009-07-13 21:16:17 | 000,288,768 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\System32\w32time.dll -- (W32Time)
SRV - [2009-07-13 21:16:17 | 000,266,752 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\upnphost.dll -- (upnphost)
SRV - [2009-07-13 21:16:17 | 000,154,624 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\umrdp.dll -- (UmRdpService)
SRV - [2009-07-13 21:16:17 | 000,151,552 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\wbiosrvc.dll -- (WbioSrvc)
SRV - [2009-07-13 21:16:17 | 000,119,808 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\umpo.dll -- (Power)
SRV - [2009-07-13 21:16:17 | 000,029,696 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\uxsms.dll -- (UxSms)
SRV - [2009-07-13 21:16:16 | 000,077,312 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\trkwks.dll -- (TrkWks)
SRV - [2009-07-13 21:16:16 | 000,037,376 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\themeservice.dll -- (Themes)
SRV - [2009-07-13 21:16:15 | 001,169,408 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\sysmain.dll -- (SysMain)
SRV - [2009-07-13 21:16:15 | 000,543,232 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\termsrv.dll -- (TermService)
SRV - [2009-07-13 21:16:15 | 000,313,856 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\System32\swprv.dll -- (swprv)
SRV - [2009-07-13 21:16:15 | 000,241,664 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\tapisrv.dll -- (TapiSrv)
SRV - [2009-07-13 21:16:15 | 000,162,816 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\System32\ssdpsrv.dll -- (SSDPSRV)
SRV - [2009-07-13 21:16:15 | 000,090,112 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\sstpsvc.dll -- (SstpSvc) Service SSTP (Secure Socket Tunneling Protocol)
SRV - [2009-07-13 21:16:15 | 000,073,728 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\TabSvc.dll -- (TabletInputService)
SRV - [2009-07-13 21:16:15 | 000,055,808 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\tbssvc.dll -- (TBS)
SRV - [2009-07-13 21:16:15 | 000,053,760 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\sppuinotify.dll -- (sppuinotify)
SRV - [2009-07-13 21:16:15 | 000,016,384 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\StorSvc.dll -- (StorSvc)
SRV - [2009-07-13 21:16:14 | 000,328,192 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\shsvcs.dll -- (ShellHWDetection)
SRV - [2009-07-13 21:16:13 | 000,376,320 | ---- | M] (Microsoft Corporation) [Unknown | Running] -- C:\Windows\System32\rpcss.dll -- (RpcSs) Appel de procédure distante (RPC)
SRV - [2009-07-13 21:16:13 | 000,376,320 | ---- | M] (Microsoft Corporation) [Unknown | Running] -- C:\Windows\System32\rpcss.dll -- (DcomLaunch)
SRV - [2009-07-13 21:16:13 | 000,132,608 | ---- | M] (Microsoft Corporation) [Unknown | Stopped] -- C:\Windows\System32\SCardSvr.dll -- (SCardSvr)
SRV - [2009-07-13 21:16:13 | 000,125,952 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\sdrsvc.dll -- (SDRSVC)
SRV - [2009-07-13 21:16:13 | 000,112,640 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\regsvc.dll -- (RemoteRegistry)
SRV - [2009-07-13 21:16:13 | 000,099,328 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\SessEnv.dll -- (SessionEnv)
SRV - [2009-07-13 21:16:13 | 000,049,664 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\Sens.dll -- (SENS)
SRV - [2009-07-13 21:16:13 | 000,043,520 | ---- | M] (Microsoft Corporation) [Unknown | Running] -- C:\Windows\System32\RpcEpMap.dll -- (RpcEptMapper)
SRV - [2009-07-13 21:16:13 | 000,025,088 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\sensrsvc.dll -- (SensrSvc)
SRV - [2009-07-13 21:16:13 | 000,021,504 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\seclogon.dll -- (seclogon)
SRV - [2009-07-13 21:16:12 | 001,508,864 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\pla.dll -- (pla)
SRV - [2009-07-13 21:16:12 | 001,004,544 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\PeerDistSvc.dll -- (PeerDistSvc)
SRV - [2009-07-13 21:16:12 | 000,589,312 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\qmgr.dll -- (BITS)
SRV - [2009-07-13 21:16:12 | 000,330,240 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\QAGENTRT.DLL -- (napagent)
SRV - [2009-07-13 21:16:12 | 000,327,680 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\p2psvc.dll -- (p2psvc)
SRV - [2009-07-13 21:16:12 | 000,285,184 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\rasmans.dll -- (RasMan)
SRV - [2009-07-13 21:16:12 | 000,269,824 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\pnrpsvc.dll -- (PNRPsvc)
SRV - [2009-07-13 21:16:12 | 000,269,824 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\pnrpsvc.dll -- (p2pimsvc)
SRV - [2009-07-13 21:16:12 | 000,210,944 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\qwave.dll -- (QWAVE)
SRV - [2009-07-13 21:16:12 | 000,165,376 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\provsvc.dll -- (HomeGroupProvider)
SRV - [2009-07-13 21:16:12 | 000,162,816 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\profsvc.dll -- (ProfSvc)
SRV - [2009-07-13 21:16:12 | 000,154,624 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\System32\pcasvc.dll -- (PcaSvc)
SRV - [2009-07-13 21:16:12 | 000,090,624 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\rasauto.dll -- (RasAuto)
SRV - [2009-07-13 21:16:12 | 000,020,480 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\pnrpauto.dll -- (PNRPAutoReg)
SRV - [2009-07-13 21:16:11 | 000,019,456 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\nsisvc.dll -- (nsi)
SRV - [2009-07-13 21:16:03 | 000,360,448 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\System32\netprofm.dll -- (netprofm)
SRV - [2009-07-13 21:16:03 | 000,280,576 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\System32\netman.dll -- (Netman)
SRV - [2009-07-13 21:16:03 | 000,242,688 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\nlasvc.dll -- (NlaSvc)
SRV - [2009-07-13 21:15:43 | 000,308,736 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\msdtckrm.dll -- (KtmRm)
SRV - [2009-07-13 21:15:41 | 000,680,960 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2009-07-13 21:15:41 | 000,565,760 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\MPSSVC.dll -- (MpsSvc)
SRV - [2009-07-13 21:15:41 | 000,075,264 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\System32\mprdim.dll -- (RemoteAccess)
SRV - [2009-07-13 21:15:41 | 000,049,664 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\mmcss.dll -- (THREADORDER)
SRV - [2009-07-13 21:15:41 | 000,049,664 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\mmcss.dll -- (MMCSS)
SRV - [2009-07-13 21:15:38 | 000,067,584 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\System32\Mcx2Svc.dll -- (Mcx2Svc)
SRV - [2009-07-13 21:15:36 | 000,194,560 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\ListSvc.dll -- (HomeGroupListener)
SRV - [2009-07-13 21:15:36 | 000,189,952 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\lltdsvc.dll -- (lltdsvc)
SRV - [2009-07-13 21:15:36 | 000,018,432 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\lmhsvc.dll -- (lmhosts)
SRV - [2009-07-13 21:15:35 | 000,071,168 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\KMSVC.DLL -- (hkmsvc)
SRV - [2009-07-13 21:15:34 | 000,114,688 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\iscsiexe.dll -- (MSiSCSI)
SRV - [2009-07-13 21:15:33 | 000,497,152 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\iphlpsvc.dll -- (iphlpsvc)
SRV - [2009-07-13 21:15:33 | 000,350,720 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\System32\IPSECSVC.DLL -- (PolicyAgent)
SRV - [2009-07-13 21:15:33 | 000,300,544 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\System32\ipnathlp.dll -- (SharedAccess) Partage de connexion Internet (ICS)
SRV - [2009-07-13 21:15:33 | 000,078,848 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\IPBusEnum.dll -- (IPBusEnum)
SRV - [2009-07-13 21:15:31 | 000,667,136 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\IKEEXT.DLL -- (IKEEXT)
SRV - [2009-07-13 21:15:24 | 000,591,360 | ---- | M] (Microsoft Corporation) [Unknown | Running] -- C:\Windows\System32\gpsvc.dll -- (gpsvc)
SRV - [2009-07-13 21:15:24 | 000,049,152 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\System32\hidserv.dll -- (hidserv)
SRV - [2009-07-13 21:15:20 | 000,028,160 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\FDResPub.dll -- (FDResPub)
SRV - [2009-07-13 21:15:20 | 000,012,800 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\fdPHost.dll -- (fdPHost)
SRV - [2009-07-13 21:15:19 | 000,271,360 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\es.dll -- (EventSystem)
SRV - [2009-07-13 21:15:13 | 000,098,304 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\System32\eapsvc.dll -- (EapHost) Protocole EAP (Extensible Authentication Protocol)
SRV - [2009-07-13 21:15:12 | 000,214,016 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\dot3svc.dll -- (dot3svc)
SRV - [2009-07-13 21:15:12 | 000,143,360 | ---- | M] (Microsoft Corporation) [Unknown | Running] -- C:\Windows\System32\dps.dll -- (DPS)
SRV - [2009-07-13 21:15:11 | 000,253,440 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\dhcpcore.dll -- (Dhcp)
SRV - [2009-07-13 21:15:10 | 000,218,624 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\defragsvc.dll -- (defragsvc)
SRV - [2009-07-13 21:15:07 | 000,544,256 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\cscsvc.dll -- (CscService)
SRV - [2009-07-13 21:15:07 | 000,135,680 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\cryptsvc.dll -- (CryptSvc)
SRV - [2009-07-13 21:15:02 | 000,067,584 | ---- | M] (Microsoft Corporation) [Unknown | Stopped] -- C:\Windows\System32\certprop.dll -- (SCPolicySvc)
SRV - [2009-07-13 21:15:02 | 000,067,584 | ---- | M] (Microsoft Corporation) [Unknown | Stopped] -- C:\Windows\System32\certprop.dll -- (CertPropSvc)
SRV - [2009-07-13 21:15:00 | 000,102,400 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\System32\browser.dll -- (Browser)
SRV - [2009-07-13 21:15:00 | 000,064,512 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\bthserv.dll -- (bthserv)
SRV - [2009-07-13 21:14:59 | 000,493,568 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\BFE.DLL -- (BFE)
SRV - [2009-07-13 21:14:59 | 000,076,800 | ---- | M] (Microsoft Corporation) [Unknown | Stopped] -- C:\Windows\System32\bdesvc.dll -- (BDESVC)
SRV - [2009-07-13 21:14:58 | 000,088,064 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\AxInstSv.dll -- (AxInstSV) Programme d’installation ActiveX (AxInstSV)
SRV - [2009-07-13 21:14:57 | 000,473,088 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\audiosrv.dll -- (Audiosrv)
SRV - [2009-07-13 21:14:57 | 000,473,088 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\audiosrv.dll -- (AudioEndpointBuilder)
SRV - [2009-07-13 21:14:53 | 000,149,504 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\System32\appmgmts.dll -- (AppMgmt)
SRV - [2009-07-13 21:14:53 | 000,062,464 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\System32\aelupsvc.dll -- (AeLookupSvc)
SRV - [2009-07-13 21:14:53 | 000,046,592 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\System32\appinfo.dll -- (Appinfo)
SRV - [2009-07-13 21:14:53 | 000,027,648 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\appidsvc.dll -- (AppIDSvc)
SRV - [2009-07-13 21:14:47 | 001,121,280 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Media Player\wmpnetwk.exe -- (WMPNetworkSvc)
SRV - [2009-07-13 21:14:46 | 000,136,192 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\wbem\WmiApSrv.exe -- (wmiApSrv)
SRV - [2009-07-13 21:14:44 | 001,202,688 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\windows\System32\wbengine.exe -- (wbengine)
SRV - [2009-07-13 21:14:43 | 001,025,536 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\System32\VSSVC.exe -- (VSS)
SRV - [2009-07-13 21:14:43 | 000,452,608 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\vds.exe -- (vds)
SRV - [2009-07-13 21:14:43 | 000,035,840 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\UI0Detect.exe -- (UI0Detect)
SRV - [2009-07-13 21:14:42 | 000,204,800 | ---- | M] (Microsoft Corporation) [Unknown | Running] -- C:\Windows\servicing\TrustedInstaller.exe -- (TrustedInstaller)
SRV - [2009-07-13 21:14:39 | 000,012,800 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\snmptrap.exe -- (SNMPTRAP)
SRV - [2009-07-13 21:14:29 | 003,179,520 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\System32\sppsvc.exe -- (sppsvc)
SRV - [2009-07-13 21:14:25 | 000,134,144 | ---- | M] (Microsoft Corporation) [Unknown | Stopped] -- C:\Windows\System32\msdtc.exe -- (MSDTC)
SRV - [2009-07-13 21:14:25 | 000,073,216 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\windows\System32\msiexec.exe -- (msiserver)
SRV - [2009-07-13 21:14:23 | 000,022,528 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\lsass.exe -- (VaultSvc)
SRV - [2009-07-13 21:14:23 | 000,022,528 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\lsass.exe -- (SamSs)
SRV - [2009-07-13 21:14:23 | 000,022,528 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\lsass.exe -- (ProtectedStorage)
SRV - [2009-07-13 21:14:23 | 000,022,528 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\lsass.exe -- (Netlogon)
SRV - [2009-07-13 21:14:23 | 000,022,528 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\System32\lsass.exe -- (KeyIso)
SRV - [2009-07-13 21:14:23 | 000,022,528 | ---- | M] (Microsoft Corporation) [Unknown | Stopped] -- C:\Windows\System32\lsass.exe -- (EFS) Système de fichiers EFS (Encrypting File System)
SRV - [2009-07-13 21:14:22 | 000,009,216 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\Locator.exe -- (RpcLocator) Localisateur d’appels de procédure distante (RPC)
SRV - [2009-07-13 21:14:20 | 000,522,752 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\FXSSVC.exe -- (Fax)
SRV - [2009-07-13 21:14:19 | 000,094,720 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\ehome\ehsched.exe -- (ehSched)
SRV - [2009-07-13 21:14:18 | 000,007,168 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\windows\System32\dllhost.exe -- (COMSysApp)
SRV - [2009-07-13 21:14:11 | 000,059,392 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\alg.exe -- (ALG)
SRV - [2009-07-07 10:37:32 | 000,062,832 | ---- | M] (TOSHIBA Corporation) [Auto | Running] -- C:\Program Files\TOSHIBA\RSelect\RSelSvc.exe -- (RSELSVC)
SRV - [2009-06-10 17:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
SRV - [2009-06-10 17:14:51 | 000,042,856 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe -- (FontCache3.0.0.0)
SRV - [2009-06-10 17:14:05 | 000,128,848 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe -- (NetTcpPortSharing)
SRV - [2009-06-10 17:14:02 | 000,878,416 | ---- | M] (Microsoft Corporation) [Unknown | Stopped] -- C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe -- (idsvc)
SRV - [2009-04-29 21:07:00 | 000,144,888 | ---- | M] (McAfee, Inc.) [Auto | Paused] -- C:\Program Files\McAfee\VirusScan Enterprise\Mcshield.exe -- (McShield)
SRV - [2009-04-29 21:07:00 | 000,070,216 | ---- | M] (McAfee, Inc.) [Unknown | Running] -- C:\Windows\System32\mfevtps.exe -- (mfevtp)
SRV - [2009-04-29 21:07:00 | 000,062,800 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\McAfee\VirusScan Enterprise\VsTskMgr.exe -- (McTaskManager)
SRV - [2009-04-29 21:07:00 | 000,021,256 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\McAfee\VirusScan Enterprise\EngineServer.exe -- (McAfeeEngineService)
SRV - [2009-03-27 19:10:56 | 000,014,336 | ---- | M] (LSI Corporation) [Auto | Running] -- C:\Program Files\LSI SoftModem\agrsmsvc.exe -- (AgereModemAudio)
SRV - [2009-03-10 19:51:20 | 000,046,448 | ---- | M] (TOSHIBA CORPORATION) [Auto | Running] -- C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe -- (ConfigFree Service)
SRV - [2009-01-16 17:00:00 | 000,103,744 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\McAfee\Common Framework\FrameworkService.exe -- (McAfeeFramework)
SRV - [2008-11-04 02:06:28 | 000,441,712 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE -- (odserv)
SRV - [2006-10-26 15:03:08 | 000,145,184 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE -- (ose)
SRV - [2006-10-26 14:40:34 | 000,335,872 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe -- (MDM)


========== Driver Services (All) ==========

DRV - File not found [Kernel | On_Demand | Stopped] -- -- (USBCCID)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (Tosrfcom)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (RtsUIR)
DRV - File not found [Kernel | Unknown | Running] -- -- (aswTdi)
DRV - File not found [Kernel | Unknown | Running] -- -- (aswSP)
DRV - File not found [File_System | Unknown | Running] -- -- (aswSnx)
DRV - File not found [Kernel | Unknown | Running] -- -- (aswRdr)
DRV - File not found [File_System | Unknown | Running] -- -- (aswMonFlt)
DRV - File not found [File_System | Unknown | Running] -- -- (aswFsBlk)
DRV - [2011-09-22 15:23:51 | 000,445,008 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\windows\system32\drivers\Wdf01000.sys -- (Wdf01000)
DRV - [2011-07-08 22:26:10 | 000,222,720 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Running] -- C:\Windows\System32\drivers\mrxsmb10.sys -- (mrxsmb10)
DRV - [2011-06-21 01:39:53 | 001,286,016 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\tcpip.sys -- (TCPIP6)
DRV - [2011-06-21 01:39:53 | 001,286,016 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\windows\System32\drivers\tcpip.sys -- (Tcpip)
DRV - [2011-05-03 22:43:48 | 000,096,256 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Running] -- C:\Windows\System32\drivers\mrxsmb20.sys -- (mrxsmb20)
DRV - [2011-05-03 22:43:41 | 000,123,392 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Running] -- C:\Windows\System32\drivers\mrxsmb.sys -- (mrxsmb)
DRV - [2011-04-28 22:57:34 | 000,311,296 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Running] -- C:\Windows\System32\drivers\srv.sys -- (srv)
DRV - [2011-04-28 22:57:21 | 000,309,760 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Running] -- C:\Windows\System32\drivers\srv2.sys -- (srv2)
DRV - [2011-04-28 22:57:13 | 000,114,176 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Running] -- C:\Windows\System32\drivers\srvnet.sys -- (srvnet)
DRV - [2011-04-26 22:33:46 | 000,078,336 | ---- | M] (Microsoft Corporation) [File_System | System | Running] -- C:\Windows\System32\drivers\dfsc.sys -- (DfsC)
DRV - [2011-04-24 22:35:40 | 000,338,944 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\windows\system32\drivers\afd.sys -- (AFD)
DRV - [2011-03-24 23:06:46 | 000,258,560 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\usbhub.sys -- (usbhub)
DRV - [2011-03-24 23:06:23 | 000,075,776 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\usbccgp.sys -- (usbccgp)
DRV - [2011-03-24 23:06:12 | 000,043,008 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\usbehci.sys -- (usbehci)
DRV - [2011-03-24 23:06:11 | 000,020,480 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\windows\system32\drivers\usbohci.sys -- (usbohci)
DRV - [2011-03-24 23:06:10 | 000,024,064 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\usbuhci.sys -- (usbuhci)
DRV - [2011-03-11 01:44:01 | 001,210,240 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Running] -- C:\windows\System32\drivers\ntfs.sys -- (Ntfs)
DRV - [2011-03-11 01:44:01 | 000,143,744 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Stopped] -- C:\windows\system32\drivers\nvstor.sys -- (nvstor)
DRV - [2011-03-11 01:44:01 | 000,117,120 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Stopped] -- C:\windows\system32\drivers\nvraid.sys -- (nvraid)
DRV - [2011-03-11 01:43:55 | 000,332,160 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\windows\system32\drivers\iaStorV.sys -- (iaStorV)
DRV - [2011-03-11 01:43:46 | 000,080,256 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\windows\system32\drivers\amdsata.sys -- (amdsata)
DRV - [2011-03-11 01:43:46 | 000,022,400 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\windows\system32\drivers\amdxata.sys -- (amdxata)
DRV - [2011-03-11 00:08:24 | 000,075,776 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\USBSTOR.SYS -- (USBSTOR)
DRV - [2011-02-23 01:05:25 | 000,069,632 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Running] -- C:\Windows\System32\drivers\bowser.sys -- (bowser)
DRV - [2010-11-02 00:46:34 | 000,728,448 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\windows\System32\drivers\dxgkrnl.sys -- (DXGKrnl)
DRV - [2010-03-04 00:04:40 | 000,146,304 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\windows\System32\Drivers\usbvideo.sys -- (usbvideo) Périphérique vidéo USB (WDM)
DRV - [2009-12-11 03:44:02 | 000,133,720 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\windows\System32\Drivers\ksecpkg.sys -- (KSecPkg)
DRV - [2009-09-26 01:58:35 | 000,194,488 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\windows\System32\DRIVERS\fvevol.sys -- (fvevol)
DRV - [2009-08-27 23:19:22 | 000,859,136 | ---- | M] (Realtek Semiconductor Corporation ) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\rtl8192se.sys -- (rtl8192se)
DRV - [2009-08-05 15:44:44 | 000,049,400 | ---- | M] (TOSHIBA CORPORATION) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\tosrfusb.sys -- (Tosrfusb)
DRV - [2009-07-30 18:45:56 | 000,022,912 | ---- | M] (TOSHIBA Corporation.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\tdcmdpst.sys -- (tdcmdpst)
DRV - [2009-07-30 18:45:22 | 000,171,520 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\RtsUStor.sys -- (RSUSBSTOR)
DRV - [2009-07-30 13:06:30 | 004,994,560 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\atikmdag.sys -- (atikmdag)
DRV - [2009-07-28 22:02:42 | 002,735,504 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\RTKVHDA.sys -- (IntcAzAudAddService) Service for Realtek HD Audio (WDM)
DRV - [2009-07-24 16:57:06 | 000,275,536 | ---- | M] (TOSHIBA Corporation) [Kernel | Boot | Running] -- C:\windows\system32\DRIVERS\tos_sps32.sys -- (tos_sps32)
DRV - [2009-07-21 15:18:58 | 001,161,760 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\AGRSM.sys -- (AgereSoftModem)
DRV - [2009-07-20 18:48:32 | 000,213,552 | ---- | M] (Synaptics Incorporated) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\SynTP.sys -- (SynTP)
DRV - [2009-07-14 16:28:42 | 000,023,512 | ---- | M] (TOSHIBA Corporation) [Kernel | Boot | Running] -- C:\windows\system32\DRIVERS\TVALZ_O.SYS -- (TVALZ)
DRV - [2009-07-13 23:13:10 | 000,015,216 | ---- | M] (TOSHIBA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\tosrfec.sys -- (tosrfec)
DRV - [2009-07-13 21:26:21 | 000,249,408 | ---- | M] (Microsoft Corporation) [Kernel | Unknown | Running] -- C:\Windows\System32\clfs.sys -- (CLFS) Journal commun (CLFS)
DRV - [2009-07-13 21:26:21 | 000,019,024 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\windows\system32\DRIVERS\compbatt.sys -- (Compbatt)
DRV - [2009-07-13 21:26:21 | 000,015,952 | ---- | M] (CMD Technology, Inc.) [Kernel | On_Demand | Stopped] -- C:\windows\system32\DRIVERS\cmdide.sys -- (cmdide)
DRV - [2009-07-13 21:26:17 | 000,297,552 | ---- | M] (Adaptec, Inc.) [Kernel | On_Demand | Stopped] -- C:\windows\system32\DRIVERS\adpahci.sys -- (adpahci)
DRV - [2009-07-13 21:26:15 | 000,422,976 | ---- | M] (Adaptec, Inc.) [Kernel | On_Demand | Stopped] -- C:\windows\system32\DRIVERS\adp94xx.sys -- (adp94xx)
DRV - [2009-07-13 21:26:15 | 000,274,496 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\windows\system32\DRIVERS\ACPI.sys -- (ACPI)
DRV - [2009-07-13 21:26:15 | 000,159,312 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\windows\system32\DRIVERS\amdsbs.sys -- (amdsbs)
DRV - [2009-07-13 21:26:15 | 000,146,512 | ---- | M] (Adaptec, Inc.) [Kernel | On_Demand | Stopped] -- C:\windows\system32\DRIVERS\adpu320.sys -- (adpu320)
DRV - [2009-07-13 21:26:15 | 000,086,608 | ---- | M] (Adaptec, Inc.) [Kernel | On_Demand | Stopped] -- C:\windows\system32\DRIVERS\arcsas.sys -- (arcsas)
DRV - [2009-07-13 21:26:15 | 000,076,368 | ---- | M] (Adaptec, Inc.) [Kernel | On_Demand | Stopped] -- C:\windows\system32\DRIVERS\arc.sys -- (arc)
DRV - [2009-07-13 21:26:15 | 000,053,312 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\windows\system32\DRIVERS\amdagp.sys -- (amdagp)
DRV - [2009-07-13 21:26:15 | 000,053,312 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\windows\system32\DRIVERS\agp440.sys -- (agp440)
DRV - [2009-07-13 21:26:15 | 000,021,584 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\windows\system32\DRIVERS\atapi.sys -- (atapi)
DRV - [2009-07-13 21:26:15 | 000,014,912 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\windows\system32\DRIVERS\amdide.sys -- (amdide)
DRV - [2009-07-13 21:26:15 | 000,014,400 | ---- | M] (Acer Laboratories Inc.) [Kernel | On_Demand | Stopped] -- C:\windows\system32\DRIVERS\aliide.sys -- (aliide)
DRV - [2009-07-13 21:20:45 | 000,153,680 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\windows\system32\DRIVERS\pci.sys -- (pci)
DRV - [2009-07-13 21:20:45 | 000,012,368 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\windows\system32\DRIVERS\pciide.sys -- (pciide)
DRV - [2009-07-13 21:20:44 | 000,710,720 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\windows\system32\drivers\ndis.sys -- (NDIS)
DRV - [2009-07-13 21:20:44 | 000,186,960 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\windows\system32\DRIVERS\msiscsi.sys -- (iScsiPrt)
DRV - [2009-07-13 21:20:44 | 000,162,896 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\windows\System32\drivers\msrpc.sys -- (MsRPC)
DRV - [2009-07-13 21:20:44 | 000,130,624 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\windows\system32\DRIVERS\mpio.sys -- (mpio)
DRV - [2009-07-13 21:20:44 | 000,115,792 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\windows\system32\DRIVERS\msdsm.sys -- (msdsm)
DRV - [2009-07-13 21:20:44 | 000,105,024 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\windows\system32\DRIVERS\nv_agp.sys -- (nv_agp)
DRV - [2009-07-13 21:20:44 | 000,078,416 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\windows\System32\drivers\mountmgr.sys -- (mountmgr)
DRV - [2009-07-13 21:20:44 | 000,056,912 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\windows\System32\drivers\partmgr.sys -- (partmgr)
DRV - [2009-07-13 21:20:44 | 000,049,728 | ---- | M] (Microsoft Corporation) [File_System | Boot | Running] -- C:\windows\System32\Drivers\mup.sys -- (Mup)
DRV - [2009-07-13 21:20:44 | 000,044,624 | ---- | M] (IBM Corporation) [Kernel | On_Demand | Stopped] -- C:\windows\system32\DRIVERS\nfrd960.sys -- (nfrd960)
DRV - [2009-07-13 21:20:44 | 000,041,552 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\mouclass.sys -- (mouclass)
DRV - [2009-07-13 21:20:44 | 000,028,240 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\windows\system32\DRIVERS\mssmbios.sys -- (mssmbios)
DRV - [2009-07-13 21:20:44 | 000,027,712 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\windows\system32\DRIVERS\msahci.sys -- (msahci)
DRV - [2009-07-13 21:20:43 | 000,013,888 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\windows\system32\DRIVERS\msisadrv.sys -- (msisadrv)
DRV - [2009-07-13 21:20:37 | 000,089,168 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\windows\system32\DRIVERS\lsi_sas.sys -- (LSI_SAS)
DRV - [2009-07-13 21:20:36 | 000,235,584 | ---- | M] (LSI Corporation, Inc.) [Kernel | On_Demand | Stopped] -- C:\windows\system32\DRIVERS\MegaSR.sys -- (MegaSR)
DRV - [2009-07-13 21:20:36 | 000,096,848 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\windows\system32\DRIVERS\lsi_scsi.sys -- (LSI_SCSI)
DRV - [2009-07-13 21:20:36 | 000,095,824 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\windows\system32\DRIVERS\lsi_fc.sys -- (LSI_FC)
DRV - [2009-07-13 21:20:36 | 000,067,664 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\windows\System32\Drivers\ksecdd.sys -- (KSecDD)
DRV - [2009-07-13 21:20:36 | 000,054,864 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\windows\system32\DRIVERS\lsi_sas2.sys -- (LSI_SAS2)
DRV - [2009-07-13 21:20:36 | 000,046,656 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\windows\system32\DRIVERS\isapnp.sys -- (isapnp)
DRV - [2009-07-13 21:20:36 | 000,042,576 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\kbdclass.sys -- (kbdclass)
DRV - [2009-07-13 21:20:36 | 000,041,040 | ---- | M] (Intel Corp./ICP vortex GmbH) [Kernel | On_Demand | Stopped] -- C:\windows\system32\DRIVERS\iirsp.sys -- (iirsp)
DRV - [2009-07-13 21:20:36 | 000,030,800 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\windows\system32\DRIVERS\megasas.sys -- (megasas)
DRV - [2009-07-13 21:20:36 | 000,015,424 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\windows\system32\DRIVERS\intelide.sys -- (intelide)
DRV - [2009-07-13 21:20:36 | 000,013,904 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\windows\System32\drivers\hwpolicy.sys -- (hwpolicy)
DRV - [2009-07-13 21:20:28 | 000,453,712 | ---- | M] (Emulex) [Kernel | On_Demand | Stopped] -- C:\windows\system32\DRIVERS\elxstor.sys -- (elxstor)
DRV - [2009-07-13 21:20:28 | 000,198,208 | ---- | M] (Microsoft Corporation) [File_System | Boot | Running] -- C:\windows\system32\drivers\fltmgr.sys -- (FltMgr)
DRV - [2009-07-13 21:20:28 | 000,070,720 | ---- | M] (Adaptec, Inc.) [Kernel | On_Demand | Stopped] -- C:\windows\system32\DRIVERS\djsvs.sys -- (aic78xx)
DRV - [2009-07-13 21:20:28 | 000,067,152 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\windows\system32\DRIVERS\HpSAMD.sys -- (HpSAMD)
DRV - [2009-07-13 21:20:28 | 000,058,448 | ---- | M] (Microsoft Corporation) [File_System | Boot | Running] -- C:\windows\system32\drivers\fileinfo.sys -- (FileInfo)
DRV - [2009-07-13 21:20:28 | 000,057,936 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\windows\system32\DRIVERS\gagp30kx.sys -- (gagp30kx)
DRV - [2009-07-13 21:20:28 | 000,046,160 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\System32\drivers\fsdepends.sys -- (FsDepends)
DRV - [2009-07-13 21:20:28 | 000,022,096 | ---- | M] (Microsoft Corporation) [Kernel | Disabled | Stopped] -- C:\windows\system32\DRIVERS\crcdisk.sys -- (crcdisk)
DRV - [2009-07-13 21:20:27 | 000,057,424 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\windows\system32\DRIVERS\disk.sys -- (Disk)
DRV - [2009-07-13 21:19:11 | 000,297,040 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\windows\System32\drivers\volmgrx.sys -- (volmgrx)
DRV - [2009-07-13 21:19:11 | 000,141,904 | ---- | M] (VIA Technologies Inc.,Ltd) [Kernel | On_Demand | Stopped] -- C:\windows\system32\DRIVERS\vsmraid.sys -- (vsmraid)
DRV - [2009-07-13 21:19:11 | 000,057,424 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\windows\system32\DRIVERS\uliagpkx.sys -- (uliagpkx)
DRV - [2009-07-13 21:19:11 | 000,019,024 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\windows\system32\DRIVERS\wd.sys -- (Wd)
DRV - [2009-07-13 21:19:10 | 000,245,328 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\windows\system32\DRIVERS\volsnap.sys -- (volsnap)
DRV - [2009-07-13 21:19:10 | 000,175,824 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\windows\system32\DRIVERS\vmbus.sys -- (vmbus)
DRV - [2009-07-13 21:19:10 | 000,159,824 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\windows\system32\DRIVERS\vhdmp.sys -- (vhdmp)
DRV - [2009-07-13 21:19:10 | 000,055,888 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\windows\system32\DRIVERS\uagp35.sys -- (uagp35)
DRV - [2009-07-13 21:19:10 | 000,053,328 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\windows\system32\DRIVERS\viaagp.sys -- (viaagp)
DRV - [2009-07-13 21:19:10 | 000,053,312 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\windows\system32\DRIVERS\volmgr.sys -- (volmgr)
DRV - [2009-07-13 21:19:10 | 000,051,776 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\windows\system32\DRIVERS\termdd.sys -- (TermDD)
DRV - [2009-07-13 21:19:10 | 000,040,896 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\windows\system32\DRIVERS\vmstorfl.sys -- (storflt)
DRV - [2009-07-13 21:19:10 | 000,032,832 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\windows\system32\DRIVERS\vdrvroot.sys -- (vdrvroot)
DRV - [2009-07-13 21:19:10 | 000,028,224 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\windows\system32\DRIVERS\storvsc.sys -- (storvsc)
DRV - [2009-07-13 21:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\System32\drivers\wimmount.sys -- (WIMMount)
DRV - [2009-07-13 21:19:10 | 000,016,976 | ---- | M] (VIA Technologies, Inc.) [Kernel | On_Demand | Stopped] -- C:\windows\system32\DRIVERS\viaide.sys -- (viaide)
DRV - [2009-07-13 21:19:10 | 000,012,240 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\windows\system32\DRIVERS\swenum.sys -- (swenum)
DRV - [2009-07-13 21:19:04 | 001,383,488 | ---- | M] (QLogic Corporation) [Kernel | On_Demand | Stopped] -- C:\windows\system32\DRIVERS\ql2300.sys -- (ql2300)
DRV - [2009-07-13 21:19:04 | 000,173,648 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\windows\System32\drivers\rdyboost.sys -- (rdyboost)
DRV - [2009-07-13 21:19:04 | 000,106,064 | ---- | M] (QLogic Corporation) [Kernel | On_Demand | Stopped] -- C:\windows\system32\DRIVERS\ql40xx.sys -- (ql40xx)
DRV - [2009-07-13 21:19:04 | 000,085,568 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\windows\system32\DRIVERS\sbp2port.sys -- (sbp2port)
DRV - [2009-07-13 21:19:04 | 000,077,888 | ---- | M] (Silicon Integrated Systems) [Kernel | On_Demand | Stopped] -- C:\windows\system32\DRIVERS\sisraid4.sys -- (SiSRaid4)
DRV - [2009-07-13 21:19:04 | 000,043,088 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\windows\System32\drivers\pcw.sys -- (pcw)
DRV - [2009-07-13 21:19:04 | 000,040,016 | ---- | M] (Silicon Integrated Systems Corp.) [Kernel | On_Demand | Stopped] -- C:\windows\system32\DRIVERS\SiSRaid2.sys -- (SiSRaid2)
DRV - [2009-07-13 21:19:04 | 000,021,072 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\windows\system32\DRIVERS\stexstor.sys -- (stexstor)
DRV - [2009-07-13 21:19:03 | 000,180,288 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\windows\system32\DRIVERS\pcmcia.sys -- (pcmcia)
DRV - [2009-07-13 21:19:03 | 000,052,304 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\windows\system32\DRIVERS\sisagp.sys -- (sisagp)
DRV - [2009-07-13 21:19:03 | 000,017,472 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\windows\System32\drivers\spldr.sys -- (spldr)
DRV - [2009-07-13 21:17:54 | 000,369,568 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\windows\System32\Drivers\cng.sys -- (CNG)
DRV - [2009-07-13 20:57:25 | 000,272,128 | ---- | M] (Brother Industries Ltd.) [Kernel | On_Demand | Stopped] -- C:\windows\System32\Drivers\Brserid.sys -- (Brserid) Pilote d’interface de port série Brother MFC (WDM)
DRV - [2009-07-13 20:41:15 | 000,586,752 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\PEAuth.sys -- (PEAUTH)
DRV - [2009-07-13 20:17:06 | 000,019,968 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\windows\system32\DRIVERS\usbprint.sys -- (usbprint)
DRV - [2009-07-13 20:02:58 | 000,133,120 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\rdpdr.sys -- (RDPDR)
DRV - [2009-07-13 20:02:41 | 000,018,944 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\windows\system32\DRIVERS\rdpbus.sys -- (rdpbus)
DRV - [2009-07-13 20:01:55 | 000,177,152 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\windows\System32\drivers\rdpwd.sys -- (RDPWD)
DRV - [2009-07-13 20:01:51 | 000,030,208 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\tssecsrv.sys -- (tssecsrv)
DRV - [2009-07-13 20:01:41 | 000,007,168 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\System32\drivers\RDPREFMP.sys -- (RDPREFMP)
DRV - [2009-07-13 20:01:40 | 000,006,656 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\System32\drivers\RDPCDD.sys -- (RDPCDD)
DRV - [2009-07-13 20:01:39 | 000,006,656 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\System32\drivers\RDPENCDD.sys -- (RDPENCDD)
DRV - [2009-07-13 20:01:37 | 000,024,064 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\tdtcp.sys -- (TDTCP)
DRV - [2009-07-13 20:01:37 | 000,017,920 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\tdpipe.sys -- (TDPIPE)
DRV - [2009-07-13 19:55:24 | 000,031,744 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\modem.sys -- (Modem)
DRV - [2009-07-13 19:55:02 | 000,063,488 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\System32\drivers\wanarp.sys -- (Wanarpv6)
DRV - [2009-07-13 19:55:02 | 000,063,488 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\wanarp.sys -- (WANARP)
DRV - [2009-07-13 19:55:02 | 000,016,384 | ---- | M] (Microsoft Corporation) [Kernel | Disabled | Stopped] -- C:\windows\system32\drivers\ws2ifsl.sys -- (ws2ifsl)
DRV - [2009-07-13 19:55:00 | 000,049,152 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\agilevpn.sys -- (RasAgileVpn) WAN Miniport (IKEv2)
DRV - [2009-07-13 19:54:58 | 000,075,264 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\rassstp.sys -- (RasSstp) Miniport WAN (SSTP)
DRV - [2009-07-13 19:54:53 | 000,077,824 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\raspppoe.sys -- (RasPppoe)
DRV - [2009-07-13 19:54:48 | 000,073,728 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\raspptp.sys -- (PptpMiniport) Miniport WAN (PPTP)
DRV - [2009-07-13 19:54:46 | 000,017,920 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\asyncmac.sys -- (AsyncMac)
DRV - [2009-07-13 19:54:40 | 000,011,776 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\rasacd.sys -- (RasAcd)
DRV - [2009-07-13 19:54:35 | 000,118,784 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\ndiswan.sys -- (NdisWan)
DRV - [2009-07-13 19:54:34 | 000,078,848 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\rasl2tp.sys -- (Rasl2tp) Miniport WAN (L2TP)
DRV - [2009-07-13 19:54:29 | 000,101,888 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ipnat.sys -- (IPNAT)
DRV - [2009-07-13 19:54:29 | 000,058,880 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ipfltdrv.sys -- (IpFilterDriver)
DRV - [2009-07-13 19:54:27 | 000,048,128 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\windows\System32\drivers\ndproxy.sys -- (NDProxy)
DRV - [2009-07-13 19:54:24 | 000,020,992 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\ndistapi.sys -- (NdisTapi)
DRV - [2009-07-13 19:54:14 | 000,034,816 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\tcpipreg.sys -- (tcpipreg)
DRV - [2009-07-13 19:54:13 | 000,031,744 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\windows\system32\drivers\qwavedrv.sys -- (QWAVEdrv)
DRV - [2009-07-13 19:54:03 | 000,108,544 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\tunnel.sys -- (tunnel)
DRV - [2009-07-13 19:53:58 | 000,104,448 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\System32\drivers\pacer.sys -- (Psched)
DRV - [2009-07-13 19:53:54 | 000,036,352 | ---- | M] (Microsoft Corporation) [File_System | System | Running] -- C:\Windows\System32\drivers\netbios.sys -- (NetBIOS)
DRV - [2009-07-13 19:53:51 | 000,045,568 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\ndisuio.sys -- (Ndisuio)
DRV - [2009-07-13 19:53:51 | 000,009,728 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\System32\drivers\wfplwf.sys -- (WfpLwf)
DRV - [2009-07-13 19:53:41 | 000,071,168 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\smb.sys -- (Smb) Protocoles TCP/IP et TCP/IPv6 orienté messages (session SMB)
DRV - [2009-07-13 19:53:27 | 000,013,824 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\irenum.sys -- (IRENUM)
DRV - [2009-07-13 19:53:20 | 000,060,928 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\rspndr.sys -- (rspndr)
DRV - [2009-07-13 19:53:19 | 000,048,128 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\lltdio.sys -- (lltdio)
DRV - [2009-07-13 19:52:53 | 000,060,416 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\mpsdrv.sys -- (mpsdrv)
DRV - [2009-07-13 19:52:44 | 000,027,136 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ndiscap.sys -- (NdisCap)
DRV - [2009-07-13 19:52:04 | 000,048,128 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\System32\drivers\vwififlt.sys -- (vwififlt)
DRV - [2009-07-13 19:52:03 | 000,267,264 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nwifi.sys -- (NativeWifiP)
DRV - [2009-07-13 19:52:02 | 000,019,968 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\vwifibus.sys -- (vwifibus)
DRV - [2009-07-13 19:52:00 | 000,163,328 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\windows\system32\DRIVERS\1394ohci.sys -- (1394ohci)
DRV - [2009-07-13 19:51:47 | 000,304,128 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\HdAudio.sys -- (HdAudAddService)
DRV - [2009-07-13 19:51:39 | 000,039,936 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\umbus.sys -- (umbus)
DRV - [2009-07-13 19:51:35 | 000,008,192 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\windows\system32\DRIVERS\umpass.sys -- (UmPass)
DRV - [2009-07-13 19:51:34 | 000,056,320 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\windows\system32\DRIVERS\bthmodem.sys -- (BTHMODEM)
DRV - [2009-07-13 19:51:33 | 000,091,136 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\windows\system32\DRIVERS\hidbth.sys -- (HidBth)
DRV - [2009-07-13 19:51:29 | 000,062,464 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\windows\system32\DRIVERS\ohci1394.sys -- (ohci1394) Contrôleur d’hôte compatible OHCI 1394 (hérité)
DRV - [2009-07-13 19:51:18 | 000,086,016 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\windows\system32\DRIVERS\usbcir.sys -- (usbcir) Récepteur infrarouge eHome (USBCIR)
DRV - [2009-07-13 19:51:17 | 000,037,888 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\windows\system32\DRIVERS\circlass.sys -- (circlass)
DRV - [2009-07-13 19:51:11 | 000,034,944 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\winusb.sys -- (WinUsb)
DRV - [2009-07-13 19:51:08 | 000,004,096 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\windows\System32\drivers\mshidkmdf.sys -- (mshidkmdf)
DRV - [2009-07-13 19:51:05 | 000,037,888 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\windows\system32\DRIVERS\hidir.sys -- (HidIr)
DRV - [2009-07-13 19:51:04 | 000,024,064 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\hidusb.sys -- (HidUsb)
DRV - [2009-07-13 19:50:57 | 000,005,120 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\drmkaud.sys -- (drmkaud)
DRV - [2009-07-13 19:50:56 | 000,108,544 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\hdaudbus.sys -- (HDAudBus)
DRV - [2009-07-13 19:50:45 | 000,132,224 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\WUDFRd.sys -- (WUDFRd)
DRV - [2009-07-13 19:50:17 | 000,092,672 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\WUDFPf.sys -- (WudfPf)
DRV - [2009-07-13 19:46:55 | 000,012,288 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\windows\system32\DRIVERS\MTConfig.sys -- (MTConfig)
DRV - [2009-07-13 19:46:53 | 000,021,632 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\windows\system32\DRIVERS\wacompen.sys -- (WacomPen)
DRV - [2009-07-13 19:45:52 | 000,013,824 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\windows\system32\DRIVERS\sfloppy.sys -- (sfloppy)
DRV - [2009-07-13 19:45:52 | 000,012,800 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\windows\system32\DRIVERS\sffp_sd.sys -- (sffp_sd)
DRV - [2009-07-13 19:45:52 | 000,012,288 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\windows\system32\DRIVERS\sffp_mmc.sys -- (sffp_mmc)
DRV - [2009-07-13 19:45:52 | 000,011,264 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\windows\system32\DRIVERS\sffdisk.sys -- (sffdisk)
DRV - [2009-07-13 19:45:45 | 000,025,088 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\windows\system32\DRIVERS\fdc.sys -- (fdc)
DRV - [2009-07-13 19:45:45 | 000,019,968 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\windows\system32\DRIVERS\flpydisk.sys -- (flpydisk)
DRV - [2009-07-13 19:45:35 | 000,079,360 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\windows\system32\DRIVERS\parport.sys -- (Parport)
DRV - [2009-07-13 19:45:33 | 000,083,456 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\windows\system32\DRIVERS\serial.sys -- (Serial)
DRV - [2009-07-13 19:45:29 | 000,008,704 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Stopped] -- C:\windows\system32\DRIVERS\parvdm.sys -- (Parvdm)
DRV - [2009-07-13 19:45:28 | 000,017,920 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\windows\system32\DRIVERS\serenum.sys -- (Serenum)
DRV - [2009-07-13 19:45:26 | 000,031,232 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\windows\system32\DRIVERS\CompositeBus.sys -- (CompositeBus)
DRV - [2009-07-13 19:45:09 | 000,028,160 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\kbdhid.sys -- (kbdhid)
DRV - [2009-07-13 19:45:08 | 000,026,112 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\mouhid.sys -- (mouhid)
DRV - [2009-07-13 19:45:08 | 000,019,968 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\windows\system32\DRIVERS\sermouse.sys -- (sermouse)
DRV - [2009-07-13 19:45:08 | 000,008,320 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\mskssrv.sys -- (MSKSSRV)
DRV - [2009-07-13 19:45:08 | 000,006,144 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\mstee.sys -- (MSTEE)
DRV - [2009-07-13 19:45:08 | 000,005,888 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\mspclock.sys -- (MSPCLOCK)
DRV - [2009-07-13 19:45:07 | 000,005,504 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\mspqm.sys -- (MSPQM)
DRV - [2009-07-13 19:45:01 | 000,006,144 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\windows\System32\drivers\beep.sys -- (Beep)
DRV - [2009-07-13 19:36:52 | 000,050,176 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\windows\system32\drivers\appid.sys -- (AppID)
DRV - [2009-07-13 19:33:50 | 000,026,624 | ---- | M] (Microsoft Corporation) [Kernel | Unknown | Stopped] -- C:\Windows\System32\drivers\scfilter.sys -- (scfilter)
DRV - [2009-07-13 19:30:59 | 000,065,536 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\windows\system32\DRIVERS\IPMIDrv.sys -- (IPMIDRV)
DRV - [2009-07-13 19:28:47 | 000,005,632 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\windows\system32\DRIVERS\vms3cap.sys -- (s3cap)
DRV - [2009-07-13 19:28:45 | 000,017,920 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\windows\system32\DRIVERS\VMBusHID.sys -- (VMBusHID)
DRV - [2009-07-13 19:25:59 | 000,023,552 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\monitor.sys -- (monitor)
DRV - [2009-07-13 19:25:51 | 000,025,088 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\windows\System32\drivers\vga.sys -- (VgaSave)
DRV - [2009-07-13 19:25:49 | 000,026,112 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\vgapnp.sys -- (vga)
DRV - [2009-07-13 19:24:05 | 000,032,256 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\System32\drivers\discache.sys -- (discache)
DRV - [2009-07-13 19:23:04 | 000,035,328 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\windows\system32\DRIVERS\blbdrive.sys -- (blbdrive)
DRV - [2009-07-13 19:19:21 | 000,021,504 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\windows\system32\DRIVERS\HidBatt.sys -- (HidBatt)
DRV - [2009-07-13 19:19:19 | 000,007,168 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\windows\system32\DRIVERS\errdev.sys -- (ErrDev)
DRV - [2009-07-13 19:19:18 | 000,014,080 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\windows\system32\DRIVERS\CmBatt.sys -- (CmBatt)
DRV - [2009-07-13 19:19:17 | 000,011,264 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\windows\system32\DRIVERS\wmiacpi.sys -- (WmiAcpi)
DRV - [2009-07-13 19:16:36 | 000,009,728 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\windows\system32\DRIVERS\acpipmi.sys -- (AcpiPmi)
DRV - [2009-07-13 19:15:45 | 000,086,528 | ---- | M] (Microsoft Corporation) [File_System | Auto | Running] -- C:\windows\system32\drivers\luafv.sys -- (luafv)
DRV - [2009-07-13 19:15:29 | 000,028,160 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\System32\drivers\filetrace.sys -- (Filetrace)
DRV - [2009-07-13 19:15:13 | 000,387,584 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\System32\drivers\csc.sys -- (CSC)
DRV - [2009-07-13 19:14:29 | 000,241,664 | ---- | M] (Microsoft Corporation) [File_System | System | Running] -- C:\Windows\System32\drivers\rdbss.sys -- (rdbss)
DRV - [2009-07-13 19:14:26 | 000,115,712 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\windows\system32\drivers\mrxdav.sys -- (MRxDAV)
DRV - [2009-07-13 19:14:09 | 000,246,784 | ---- | M] (Microsoft Corporation) [File_System | Disabled | Stopped] -- C:\Windows\System32\drivers\udfs.sys -- (udfs)
DRV - [2009-07-13 19:14:03 | 000,142,336 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\windows\System32\drivers\exfat.sys -- (exfat)
DRV - [2009-07-13 19:14:02 | 000,148,480 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Running] -- C:\windows\System32\drivers\fastfat.sys -- (fastfat)
DRV - [2009-07-13 19:12:59 | 000,513,024 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\http.sys -- (HTTP)
DRV - [2009-07-13 19:12:21 | 000,187,904 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\System32\drivers\netbt.sys -- (NetBT)
DRV - [2009-07-13 19:12:11 | 000,074,240 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\System32\drivers\tdx.sys -- (tdx)
DRV - [2009-07-13 19:12:08 | 000,016,896 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\System32\drivers\nsiproxy.sys -- (nsiproxy)
DRV - [2009-07-13 19:11:32 | 000,035,328 | ---- | M] (Microsoft Corporation) [File_System | System | Running] -- C:\windows\System32\drivers\npfs.sys -- (Npfs)
DRV - [2009-07-13 19:11:26 | 000,108,544 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\System32\drivers\cdrom.sys -- (cdrom)
DRV - [2009-07-13 19:11:26 | 000,022,528 | ---- | M] (Microsoft Corporation) [File_System | System | Running] -- C:\windows\System32\drivers\msfs.sys -- (Msfs)
DRV - [2009-07-13 19:11:24 | 000,080,896 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\windows\system32\DRIVERS\i8042prt.sys -- (i8042prt)
DRV - [2009-07-13 19:11:15 | 000,070,656 | ---- | M] (Microsoft Corporation) [File_System | Disabled | Stopped] -- C:\Windows\System32\drivers\cdfs.sys -- (cdfs)
DRV - [2009-07-13 19:11:12 | 000,004,608 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\windows\System32\drivers\null.sys -- (Null)
DRV - [2009-07-13 19:11:04 | 000,055,296 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\windows\system32\DRIVERS\amdk8.sys -- (AmdK8)
DRV - [2009-07-13 19:11:04 | 000,053,760 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\intelppm.sys -- (intelppm)
DRV - [2009-07-13 19:11:04 | 000,052,736 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\windows\system32\DRIVERS\viac7.sys -- (ViaC7)
DRV - [2009-07-13 19:11:04 | 000,052,736 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\windows\system32\DRIVERS\amdppm.sys -- (AmdPPM)
DRV - [2009-07-13 19:11:04 | 000,052,224 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\windows\system32\DRIVERS\processr.sys -- (Processor)
DRV - [2009-07-13 18:54:14 | 000,026,624 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\windows\system32\drivers\hcw85cir.sys -- (hcw85cir)
DRV - [2009-07-13 18:53:33 | 000,012,160 | ---- | M] (Brother Industries Ltd.) [Kernel | On_Demand | Stopped] -- C:\windows\System32\Drivers\BrUsbMdm.sys -- (BrUsbMdm)
DRV - [2009-07-13 18:53:33 | 000,011,904 | ---- | M] (Brother Industries Ltd.) [Kernel | On_Demand | Stopped] -- C:\windows\System32\Drivers\BrUsbSer.sys -- (BrUsbSer)
DRV - [2009-07-13 18:53:32 | 000,062,336 | ---- | M] (Brother Industries Ltd.) [Kernel | On_Demand | Stopped] -- C:\windows\System32\Drivers\BrSerWdm.sys -- (BrSerWdm)
DRV - [2009-07-13 18:53:28 | 000,013,568 | ---- | M] (Brother Industries, Ltd.) [Kernel | On_Demand | Stopped] -- C:\windows\system32\DRIVERS\BrFiltLo.sys -- (BrFiltLo)
DRV - [2009-07-13 18:53:28 | 000,005,248 | ---- | M] (Brother Industries, Ltd.) [Kernel | On_Demand | Stopped] -- C:\windows\system32\DRIVERS\BrFiltUp.sys -- (BrFiltUp)
DRV - [2009-07-13 18:02:49 | 000,229,888 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\b57nd60x.sys -- (b57nd60x)
DRV - [2009-07-13 18:02:48 | 003,100,160 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\windows\system32\DRIVERS\evbdx.sys -- (ebdrv)
DRV - [2009-07-13 18:02:48 | 000,430,080 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\windows\system32\DRIVERS\bxvbdx.sys -- (b06bdrv)
DRV - [2009-07-13 16:50:20 | 000,020,480 | ---- | M] (Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K.) [Kernel | Auto | Running] -- C:\windows\System32\drivers\secdrv.sys -- (secdrv)
DRV - [2009-07-07 22:38:34 | 000,168,936 | ---- | M] (TOSHIBA CORPORATION) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\tosrfbd.sys -- (Tosrfbd)
DRV - [2009-07-02 15:55:36 | 000,036,208 | ---- | M] (COMPAL ELECTRONIC INC.) [Kernel | Boot | Running] -- C:\windows\system32\DRIVERS\LPCFilter.sys -- (LPCFilter)
DRV - [2009-06-22 18:04:58 | 000,024,064 | ---- | M] (TOSHIBA Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\PGEffect.sys -- (PGEffect)
DRV - [2009-06-19 20:31:08 | 000,012,920 | ---- | M] (TOSHIBA Corporation) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\TVALZFL.sys -- (TVALZFL)
DRV - [2009-06-19 10:57:20 | 000,079,872 | ---- | M] (TOSHIBA Corporation.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\Tosrfhid.sys -- (Tosrfhid)
DRV - [2009-06-17 12:56:16 | 000,037,392 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\LMouFilt.Sys -- (LMouFilt)
DRV - [2009-06-17 12:56:06 | 000,035,472 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\LHidFilt.Sys -- (LHidFilt)
DRV - [2009-06-17 12:55:58 | 000,010,384 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\LHidEqd.sys -- (LHidEqd)
DRV - [2009-06-17 12:55:50 | 000,040,720 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\LEqdUsb.sys -- (LEqdUsb)
DRV - [2009-06-10 17:19:30 | 004,756,480 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\igdkmd32.sys -- (igfx)
DRV - [2009-06-04 19:43:16 | 000,330,264 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\windows\system32\DRIVERS\iaStor.sys -- (iaStor)
DRV - [2009-05-22 23:52:04 | 000,167,936 | ---- | M] (Realtek ) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\Rt86win7.sys -- (RTL8167)
DRV - [2009-05-20 19:04:40 | 000,157,536 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\RtHDMIV.sys -- (RTHDMIAzAudService)
DRV - [2009-05-18 15:17:00 | 000,026,600 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\GEARAspiWDM.sys -- (GEARAspiWDM)
DRV - [2009-04-29 21:07:00 | 000,342,128 | ---- | M] (McAfee, Inc.) [Kernel | Boot | Running] -- C:\windows\system32\drivers\mfehidk.sys -- (mfehidk)
DRV - [2009-04-29 21:07:00 | 000,091,640 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\mfeavfk.sys -- (mfeavfk)
DRV - [2009-04-29 21:07:00 | 000,075,704 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\mfeapfk.sys -- (mfeapfk)
DRV - [2009-04-29 21:07:00 | 000,065,224 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\mferkdet.sys -- (mferkdet)
DRV - [2009-04-29 21:07:00 | 000,063,696 | ---- | M] (McAfee, Inc.) [Kernel | System | Running] -- C:\Windows\System32\drivers\mfetdik.sys -- (mfetdik)
DRV - [2009-04-29 21:07:00 | 000,043,288 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\mfebopk.sys -- (mfebopk)


========== Standard Registry (All) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.google.com/ig/redirectdomain?brand=TSCA&bmod=TSCA
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = [binary data]
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Extensions Off Page = about:NoAdd-ons
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\System32\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Security Risk Page = about:SecurityRisk
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/ig/redirectdomain?brand=TSCA&bmod=TSCA


IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0


IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-19\..\URLSearchHook: {CFBFAE00-17A6-11D0-99CB-00C04FD64497} - C:\Windows\System32\ieframe.dll (Microsoft Corporation)

IE - HKU\S-1-5-20\..\URLSearchHook: {CFBFAE00-17A6-11D0-99CB-00C04FD64497} - C:\Windows\System32\ieframe.dll (Microsoft Corporation)

IE - HKU\S-1-5-21-1830387117-390547829-181542594-5929\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.toshiba.ca/fr/bienvenue
IE - HKU\S-1-5-21-1830387117-390547829-181542594-5929\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\windows\system32\blank.htm
IE - HKU\S-1-5-21-1830387117-390547829-181542594-5929\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
IE - HKU\S-1-5-21-1830387117-390547829-181542594-5929\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.lefigaro.fr/
IE - HKU\S-1-5-21-1830387117-390547829-181542594-5929\..\URLSearchHook: {00000000-6E41-4FD3-8538-502F5495E5FC} - C:\Program Files\Ask.com\GenericAskToolbar.dll (Ask)
IE - HKU\S-1-5-21-1830387117-390547829-181542594-5929\..\URLSearchHook: {CFBFAE00-17A6-11D0-99CB-00C04FD64497} - C:\Windows\System32\ieframe.dll (Microsoft Corporation)
IE - HKU\S-1-5-21-1830387117-390547829-181542594-5929\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-1830387117-390547829-181542594-5929\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\4.0.60531.0\npctrl.dll ( Microsoft Corporation)



Hosts file not found
O2 - BHO: (Skype add-on (mastermind)) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Skype Technologies S.A.)
O2 - BHO: (scriptproxy) - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\McAfee\VirusScan Enterprise\scriptsn.dll (McAfee, Inc.)
O2 - BHO: (Ask Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll (Ask)
O2 - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)
O3 - HKLM\..\Toolbar: (no name) - - No CLSID value found.
O3 - HKLM\..\Toolbar: (Ask Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll (Ask)
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKU\S-1-5-21-1830387117-390547829-181542594-5929\..\Toolbar\WebBrowser: (Ask Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll (Ask)
O4 - HKLM..\Run: [] File not found
O4 - HKU\S-1-5-19..\Run: [Sidebar] C:\Program Files\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-20..\Run: [Sidebar] C:\Program Files\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (Microsoft Corporation)
O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (Microsoft Corporation)
O4 - Startup: C:\Users\thuillier_d\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk = C:\Users\thuillier_d\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableInstallerDetection = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableSecureUIAPaths = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableUIADesktopToggle = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableVirtualization = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ValidateAdminCodeSignatures = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: dontdisplaylastusername = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticecaption =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticetext =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: scforceoption = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: shutdownwithoutlogon = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: undockwithoutlogon = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: FilterAdministratorToken = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_TEXT = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_BITMAP = 2
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_OEMTEXT = 7
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_DIB = 8
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_PALETTE = 9
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_UNICODETEXT = 13
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_DIBV5 = 17
O7 - HKU\S-1-5-21-1830387117-390547829-181542594-5929\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: disableregistrytools = 0
O8 - Extra context menu item: E&xporter vers Microsoft Excel - C:\Program Files\Microsoft Office\Office12\EXCEL.EXE (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Skype add-on for Internet Explorer - {5067A26B-1337-4436-8AFE-EE169C2DA79F} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Skype Technologies S.A.)
O9 - Extra Button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Skype Technologies S.A.)
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Program Files\Microsoft Office\Office12\REFIEBAR.DLL (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000001 [] - C:\Windows\System32\nlaapi.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000002 [] - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000003 [] - C:\Windows\System32\winrnr.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Windows\System32\NapiNSP.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000005 [] - C:\Windows\System32\pnrpnsp.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000006 [] - C:\Windows\System32\pnrpnsp.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000007 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000008 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000009 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000010 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000011 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000012 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000013 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000014 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000015 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000016 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000017 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000018 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000019 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000020 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000021 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000022 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000023 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000024 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000025 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000026 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000027 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000028 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000029 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000030 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O13 - gopher Prefix: missing
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_14-windows-i586.cab (Java Plug-in 1.6.0_14)
O16 - DPF: {CAFEEFAC-0016-0000-0014-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_14-windows-i586.cab (Java Plug-in 1.6.0_14)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_14-windows-i586.cab (Java Plug-in 1.6.0_14)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 10.10.10.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = acad.gst.uqam.ca
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{DDADD0D0-F7E7-4225-AABF-5A9FD5254978}: DhcpNameServer = 10.10.10.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{FC590930-D3F6-47EE-A2E1-C9F664C9546D}: DhcpNameServer = 172.16.48.2
O18 - Protocol\Handler\about {3050F406-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\System32\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\cdl {3dd53d40-7b8b-11D0-b013-00aa0059ce02} - C:\Windows\System32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\dvd {12D51199-0DB5-46FE-A120-47A3D7D937CC} - C:\Windows\System32\MSVidCtl.dll (Microsoft Corporation)
O18 - Protocol\Handler\file {79eac9e7-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\System32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\ftp {79eac9e3-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\System32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\http {79eac9e2-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\System32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\https {79eac9e5-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\System32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\its {9D148291-B9C8-11D0-A4CC-0000F80149F6} - C:\Windows\System32\itss.dll (Microsoft Corporation)
O18 - Protocol\Handler\javascript {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\System32\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\local {79eac9e7-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\System32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\mailto {3050f3DA-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\System32\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\mhtml {05300401-BCBC-11d0-85E3-00C04FD85AB4} - C:\Windows\System32\inetcomm.dll (Microsoft Corporation)
O18 - Protocol\Handler\mk {79eac9e6-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\System32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Program Files\Common Files\microsoft shared\Help\hxds.dll (Microsoft Corporation)
O18 - Protocol\Handler\ms-its {9D148291-B9C8-11D0-A4CC-0000F80149F6} - C:\Windows\System32\itss.dll (Microsoft Corporation)
O18 - Protocol\Handler\ms-itss {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Program Files\Common Files\microsoft shared\Information Retrieval\msitss.dll (Microsoft Corporation)
O18 - Protocol\Handler\res {3050F3BC-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\System32\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\tv {CBD30858-AF45-11D2-B6D6-00C04FBBDE6E} - C:\Windows\System32\MSVidCtl.dll (Microsoft Corporation)
O18 - Protocol\Handler\vbscript {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\System32\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Filter\application/octet-stream {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\windows\System32\mscoree.dll (Microsoft Corporation)
O18 - Protocol\Filter\application/x-complus {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\windows\System32\mscoree.dll (Microsoft Corporation)
O18 - Protocol\Filter\application/x-msdownload {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\windows\System32\mscoree.dll (Microsoft Corporation)
O18 - Protocol\Filter\deflate {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\Windows\System32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Filter\gzip {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\Windows\System32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\microsoft shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) -C:\windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) -C:\Windows\System32\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) -C:\windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20 - Winlogon\Notify\LBTWlgn: DllName - (c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll) - c:\Program Files\Common Files\Logishrd\Bluetooth\LBTWLgn.dll (Logitech, Inc.)
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O29 - HKLM SecurityProviders - (credssp.dll) -C:\windows\System32\credssp.dll (Microsoft Corporation)
O30 - LSA: Authentication Packages - (msv1_0) -C:\windows\System32\msv1_0.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (kerberos) -C:\windows\System32\kerberos.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (msv1_0) -C:\windows\System32\msv1_0.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (schannel) -C:\windows\System32\schannel.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (wdigest) -C:\windows\System32\wdigest.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (tspkg) -C:\windows\System32\tspkg.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (pku2u) -C:\windows\System32\pku2u.dll (Microsoft Corporation)
O31 - SafeBoot: AlternateShell - cmd.exe
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009-06-10 17:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2011-09-22 15:34:10 | 000,582,656 | ---- | C] (OldTimer Tools) -- C:\Users\thuillier_d\Desktop\OTL.exe
[2011-09-14 08:05:47 | 000,000,000 | ---D | C] -- C:\Users\thuillier_d\Desktop\gmer
[2011-09-14 07:51:54 | 000,607,260 | R--- | C] (Swearware) -- C:\Users\thuillier_d\Desktop\dds.scr
[2011-09-13 14:56:09 | 000,000,000 | ---D | C] -- C:\windows\pss
[2011-09-13 14:40:45 | 000,000,000 | ---D | C] -- C:\Users\thuillier_d\Documents\gestion projets inter
[2011-09-13 14:40:40 | 000,000,000 | ---D | C] -- C:\Users\thuillier_d\Documents\Flux Setym et brochure
[2011-09-13 14:40:39 | 000,000,000 | R--D | C] -- C:\Users\thuillier_d\Documents\Fichiers LifeCam
[2011-09-13 14:40:36 | 000,000,000 | ---D | C] -- C:\Users\thuillier_d\Documents\drivers
[2011-09-13 14:40:36 | 000,000,000 | ---D | C] -- C:\Users\thuillier_d\Documents\Corel DVD MovieFactory
[2011-09-13 14:40:33 | 000,000,000 | ---D | C] -- C:\Users\thuillier_d\Documents\C.V. Thuillier
[2011-09-13 14:40:31 | 000,000,000 | ---D | C] -- C:\Users\thuillier_d\Documents\Articles BP
[2011-09-13 14:40:29 | 000,000,000 | ---D | C] -- C:\Users\thuillier_d\Documents\Roxio
[2011-09-13 14:40:28 | 000,000,000 | ---D | C] -- C:\Users\thuillier_d\Documents\rollande
[2011-09-13 14:40:26 | 000,000,000 | ---D | C] -- C:\Users\thuillier_d\Documents\Riol 2
[2011-09-13 14:40:26 | 000,000,000 | ---D | C] -- C:\Users\thuillier_d\Documents\Questionnaires GPI
[2011-09-13 14:40:21 | 000,000,000 | ---D | C] -- C:\Users\thuillier_d\Documents\plans et contenus de cours 7140, 7060
[2011-09-13 14:40:20 | 000,000,000 | ---D | C] -- C:\Users\thuillier_d\Documents\Plans essais 7060
[2011-09-13 14:40:18 | 000,000,000 | ---D | C] -- C:\Users\thuillier_d\Documents\plans 7060
[2011-09-13 14:40:17 | 000,000,000 | ---D | C] -- C:\Users\thuillier_d\Documents\Intertender
[2011-09-13 14:40:17 | 000,000,000 | ---D | C] -- C:\Users\thuillier_d\Documents\IDPM BOK
[2011-09-13 14:39:20 | 000,000,000 | ---D | C] -- C:\Users\thuillier_d\Desktop\A GARDER
[2011-09-13 13:40:03 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\USBScan
[2011-09-13 13:40:03 | 000,000,000 | ---D | C] -- C:\Program Files\USBScan
[2011-09-13 10:00:52 | 000,000,000 | ---D | C] -- C:\windows\temp
[2011-09-13 09:25:45 | 000,000,000 | ---D | C] -- C:\## aswSnx private storage
[2011-09-12 16:02:56 | 000,000,000 | ---D | C] -- C:\ProgramData\AVAST Software
[2011-09-12 16:02:56 | 000,000,000 | ---D | C] -- C:\Program Files\AVAST Software
[2011-09-12 15:58:01 | 000,000,000 | ---D | C] -- C:\Config.Msi
[2011-09-12 12:34:31 | 000,000,000 | ---D | C] -- C:\windows\ERDNT
[2011-09-12 12:34:20 | 000,000,000 | ---D | C] -- C:\Qoobox
[2011-09-12 12:11:37 | 000,000,000 | ---D | C] -- C:\ProgramData\SUPERAntiSpyware.com
[2011-09-12 10:09:39 | 000,000,000 | ---D | C] -- C:\Users\thuillier_d\AppData\Roaming\Malwarebytes
[2011-09-12 10:09:32 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2011-09-10 11:18:43 | 000,000,000 | ---D | C] -- C:\found.000
[2011-09-09 14:12:13 | 000,000,000 | ---D | C] -- C:\ProgramData\c5d747
[2011-09-08 20:10:31 | 000,000,000 | ---D | C] -- C:\windows\Sun
[2011-09-08 17:45:21 | 000,000,000 | ---D | C] -- C:\Users\thuillier_d\AppData\Roaming\Google
[2011-09-08 17:40:40 | 000,000,000 | ---D | C] -- C:\Users\thuillier_d\AppData\Local\Google
[2011-09-08 17:40:31 | 000,000,000 | ---D | C] -- C:\ProgramData\Google
[2011-09-08 17:40:31 | 000,000,000 | ---D | C] -- C:\Program Files\Google
[2011-08-24 10:20:32 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\tzres.dll
[1 C:\windows\*.tmp files -> C:\windows\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2011-09-22 15:31:30 | 000,017,504 | -H-- | M] () -- C:\windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2011-09-22 15:31:30 | 000,017,504 | -H-- | M] () -- C:\windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2011-09-22 15:29:17 | 000,721,568 | ---- | M] () -- C:\windows\System32\perfh00C.dat
[2011-09-22 15:29:17 | 000,623,194 | ---- | M] () -- C:\windows\System32\perfh009.dat
[2011-09-22 15:29:17 | 000,136,336 | ---- | M] () -- C:\windows\System32\perfc00C.dat
[2011-09-22 15:29:17 | 000,111,322 | ---- | M] () -- C:\windows\System32\perfc009.dat
[2011-09-22 15:24:05 | 000,067,584 | --S- | M] () -- C:\windows\bootstat.dat
[2011-09-22 15:23:53 | 2388,279,296 | -HS- | M] () -- C:\hiberfil.sys
[2011-09-22 15:07:46 | 000,582,656 | ---- | M] (OldTimer Tools) -- C:\Users\thuillier_d\Desktop\OTL.exe
[2011-09-21 14:49:42 | 000,080,384 | ---- | M] () -- C:\Users\thuillier_d\Desktop\MBRCheck.exe
[2011-09-14 07:52:22 | 000,000,000 | ---- | M] () -- C:\Users\thuillier_d\defogger_reenable
[2011-09-14 07:51:00 | 000,294,216 | ---- | M] () -- C:\Users\thuillier_d\Desktop\gmer.zip
[2011-09-14 07:49:38 | 000,607,260 | R--- | M] (Swearware) -- C:\Users\thuillier_d\Desktop\dds.scr
[2011-09-14 07:49:20 | 000,050,477 | ---- | M] () -- C:\Users\thuillier_d\Desktop\Defogger.exe
[2011-09-13 15:23:46 | 000,000,998 | ---- | M] () -- C:\Users\thuillier_d\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk
[2011-09-13 14:46:18 | 322,474,135 | ---- | M] () -- C:\windows\MEMORY.DMP
[2011-09-13 14:19:40 | 000,002,577 | ---- | M] () -- C:\windows\System32\config.nt
[2011-09-13 14:04:47 | 000,000,870 | ---- | M] () -- C:\Users\Public\Desktop\USBScan.lnk
[2011-09-13 13:58:48 | 000,003,224 | ---- | M] () -- C:\bootsqm.dat
[2011-09-09 16:20:32 | 000,000,112 | ---- | M] () -- C:\ProgramData\YnqK7lVrB.dat
[2011-09-06 18:05:46 | 000,011,298 | -HS- | M] () -- C:\Users\thuillier_d\AppData\Local\kl2kssls2335gr04b2n08itufc0sr323f30220j170yo
[2011-09-05 20:19:17 | 000,001,120 | -HS- | M] () -- C:\ProgramData\kl2kssls2335gr04b2n08itufc0sr323f30220j170yo
[2011-09-05 20:19:16 | 000,000,000 | ---- | M] () -- C:\ProgramData\rgeg.exe
[1 C:\windows\*.tmp files -> C:\windows\*.tmp -> ]

========== Files Created - No Company Name ==========

[2011-09-21 14:52:51 | 000,080,384 | ---- | C] () -- C:\Users\thuillier_d\Desktop\MBRCheck.exe
[2011-09-14 07:52:22 | 000,000,000 | ---- | C] () -- C:\Users\thuillier_d\defogger_reenable
[2011-09-14 07:51:56 | 000,294,216 | ---- | C] () -- C:\Users\thuillier_d\Desktop\gmer.zip
[2011-09-14 07:51:56 | 000,050,477 | ---- | C] () -- C:\Users\thuillier_d\Desktop\Defogger.exe
[2011-09-13 15:23:46 | 000,000,998 | ---- | C] () -- C:\Users\thuillier_d\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk
[2011-09-13 14:40:30 | 012,787,205 | ---- | C] () -- C:\Users\thuillier_d\Documents\musikmesse2011.mp4
[2011-09-13 14:40:30 | 001,551,641 | ---- | C] () -- C:\Users\thuillier_d\Documents\Marques-brevet-quelle-valeur-avril2004-revue-marques.pdf
[2011-09-13 14:40:30 | 001,253,560 | ---- | C] () -- C:\Users\thuillier_d\Documents\IMG_5459.JPG
[2011-09-13 14:40:30 | 000,720,875 | ---- | C] () -- C:\Users\thuillier_d\Documents\Grèce 08 003.jpg
[2011-09-13 14:40:30 | 000,457,370 | ---- | C] () -- C:\Users\thuillier_d\Documents\Photo M. Thuillier 1938-39_.jpg
[2011-09-13 14:40:29 | 000,191,005 | ---- | C] () -- C:\Users\thuillier_d\Documents\CV HOBBS Eng June 2005.pdf
[2011-09-13 14:40:29 | 000,057,272 | ---- | C] () -- C:\Users\thuillier_d\Documents\base succes et com depuis 25-02-02.sav
[2011-09-13 14:40:29 | 000,054,240 | ---- | C] () -- C:\Users\thuillier_d\Documents\facteurs de succes 20-09.sav
[2011-09-13 14:40:29 | 000,053,124 | ---- | C] () -- C:\Users\thuillier_d\Documents\base89-13-12 don manq remp.sav
[2011-09-13 14:40:29 | 000,051,728 | ---- | C] () -- C:\Users\thuillier_d\Documents\base gpi 89-24-11.sav
[2011-09-13 14:40:29 | 000,049,864 | ---- | C] () -- C:\Users\thuillier_d\Documents\base89-24-11.sav
[2011-09-13 14:40:29 | 000,036,608 | ---- | C] () -- C:\Users\thuillier_d\Documents\facteurs de succes 20-09 2.sav
[2011-09-13 14:40:29 | 000,032,124 | ---- | C] () -- C:\Users\thuillier_d\Documents\DT impôts personnels.pdf
[2011-09-13 14:40:29 | 000,005,386 | ---- | C] () -- C:\Users\thuillier_d\Documents\Commentaires EPM - 27 décembre.wpd
[2011-09-13 13:58:48 | 000,003,224 | ---- | C] () -- C:\bootsqm.dat
[2011-09-13 13:40:03 | 000,000,870 | ---- | C] () -- C:\Users\Public\Desktop\USBScan.lnk
[2011-09-09 14:15:17 | 000,000,112 | ---- | C] () -- C:\ProgramData\YnqK7lVrB.dat
[2011-09-05 20:19:17 | 000,011,298 | -HS- | C] () -- C:\Users\thuillier_d\AppData\Local\kl2kssls2335gr04b2n08itufc0sr323f30220j170yo
[2011-09-05 20:19:17 | 000,001,120 | -HS- | C] () -- C:\ProgramData\kl2kssls2335gr04b2n08itufc0sr323f30220j170yo
[2011-09-05 20:19:16 | 000,000,000 | ---- | C] () -- C:\ProgramData\rgeg.exe
[2010-02-10 12:26:07 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat
[2010-02-04 12:14:06 | 000,002,424 | RHS- | C] () -- C:\ProgramData\ntuser.pol
[2010-01-28 22:46:27 | 000,073,728 | ---- | C] () -- C:\windows\System32\RtNicProp32.dll
[2010-01-28 22:42:08 | 000,000,520 | ---- | C] () -- C:\windows\System32\drivers\RTEQEX1.dat
[2010-01-28 22:42:08 | 000,000,520 | ---- | C] () -- C:\windows\System32\drivers\RTEQEX0.dat
[2010-01-28 22:38:36 | 000,045,056 | ---- | C] () -- C:\windows\System32\HWS_Ctrl.dll
[2010-01-28 22:35:48 | 000,294,912 | ---- | C] () -- C:\windows\System32\ATIODE.exe
[2010-01-28 22:35:48 | 000,197,654 | ---- | C] () -- C:\windows\System32\atiicdxx.dat
[2010-01-28 22:35:48 | 000,045,056 | ---- | C] () -- C:\windows\System32\ATIODCLI.exe
[2010-01-28 22:29:42 | 000,000,000 | ---- | C] () -- C:\windows\ativpsrm.bin
[2010-01-28 11:51:33 | 000,000,000 | ---- | C] () -- C:\windows\NDSTray.INI
[2009-07-14 04:39:49 | 000,721,568 | ---- | C] () -- C:\windows\System32\perfh00C.dat
[2009-07-14 04:39:49 | 000,344,522 | ---- | C] () -- C:\windows\System32\perfi00C.dat
[2009-07-14 04:39:49 | 000,136,336 | ---- | C] () -- C:\windows\System32\perfc00C.dat
[2009-07-14 04:39:49 | 000,038,160 | ---- | C] () -- C:\windows\System32\perfd00C.dat
[2009-07-14 00:57:37 | 000,067,584 | --S- | C] () -- C:\windows\bootstat.dat
[2009-07-14 00:33:53 | 000,447,016 | ---- | C] () -- C:\windows\System32\FNTCACHE.DAT
[2009-07-13 22:05:48 | 000,623,194 | ---- | C] () -- C:\windows\System32\perfh009.dat
[2009-07-13 22:05:48 | 000,291,294 | ---- | C] () -- C:\windows\System32\perfi009.dat
[2009-07-13 22:05:48 | 000,111,322 | ---- | C] () -- C:\windows\System32\perfc009.dat
[2009-07-13 22:05:48 | 000,031,548 | ---- | C] () -- C:\windows\System32\perfd009.dat
[2009-07-13 22:05:05 | 000,000,741 | ---- | C] () -- C:\windows\System32\NOISE.DAT
[2009-07-13 22:04:11 | 000,215,943 | ---- | C] () -- C:\windows\System32\dssec.dat
[2009-07-13 20:19:49 | 000,066,048 | ---- | C] () -- C:\windows\System32\PrintBrmUi.exe
[2009-07-13 19:55:01 | 000,043,131 | ---- | C] () -- C:\windows\mib.bin
[2009-07-13 19:51:43 | 000,073,728 | ---- | C] () -- C:\windows\System32\BthpanContextHandler.dll
[2009-07-13 19:42:10 | 000,064,000 | ---- | C] () -- C:\windows\System32\BWContextHandler.dll
[2009-07-13 18:09:19 | 000,982,196 | ---- | C] () -- C:\windows\System32\igkrng500.bin
[2009-07-13 18:09:19 | 000,417,344 | ---- | C] () -- C:\windows\System32\igcompkrng500.bin
[2009-07-13 18:09:19 | 000,139,824 | ---- | C] () -- C:\windows\System32\igfcg500.bin
[2009-07-13 18:09:19 | 000,097,448 | ---- | C] () -- C:\windows\System32\igfcg500m.bin
[2009-06-10 17:26:10 | 000,673,088 | ---- | C] () -- C:\windows\System32\mlang.dat
[2009-04-28 05:37:00 | 000,028,672 | ---- | C] () -- C:\windows\System32\SPCtl.dll

< End of report >

Extras.txt

OTL Extras logfile created on: 2011-09-22 15:35:55 - Run 1
OTL by OldTimer - Version 3.2.29.1 Folder = C:\Users\thuillier_d\Desktop
An unknown product (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7600.16385)
Locale: 00000c0c | Country: Canada | Language: FRC | Date Format: yyyy-MM-dd

2,97 Gb Total Physical Memory | 2,12 Gb Available Physical Memory | 71,38% Memory free
5,93 Gb Paging File | 4,98 Gb Available in Paging File | 84,01% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\windows | %ProgramFiles% = C:\Program Files
Drive C: | 266,72 Gb Total Space | 216,34 Gb Free Space | 81,11% Space Free | Partition Type: NTFS
Drive E: | 3,76 Gb Total Space | 3,75 Gb Free Space | 99,80% Space Free | Partition Type: FAT32

Computer Name: WIN-TNDHDP9D622 | User Name: Thuillier_D | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\windows\winhlp32.exe (Microsoft Corporation)

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

========== System Restore Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 0

========== Authorized Applications List ==========


========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
"{0163E195-D5EF-BF70-CBEE-73AA7CBBBEEE}" = CCC Help Thai
"{03883959-80DA-6151-CEAE-46A058CF774F}" = CCC Help Danish
"{096D1CCF-0F1E-08FB-094F-C40A633D5AEB}" = ccc-core-static
"{0C826C5B-B131-423A-A229-C71B3CACCD6A}" = CDDRV_Installer
"{0CB9668D-F979-4F31-B8B8-67FE90F929F8}" = Bonjour
"{0F5B4A82-9DAF-3D13-8CB8-AEB25E4A614E}" = Microsoft .NET Framework 4 Client Profile FRA Language Pack
"{0FB630AB-7BD8-40AE-B223-60397D57C3C9}" = Realtek WLAN Driver
"{12688FD7-CB92-4A5B-BEE4-5C8E0574434F}" = Utility Common Driver
"{12B3A009-A080-4619-9A2A-C6DB151D8D67}" = TOSHIBA Assist
"{13D0EB07-FCA0-C005-A6C5-B1A4B7E5BB48}" = Catalyst Control Center Core Implementation
"{147BCE03-C0F1-4C9F-8157-6A89B6D2D973}" = McAfee VirusScan Enterprise
"{1D4A3E7D-A580-5BB7-DED3-48508A53D2B2}" = CCC Help Chinese Standard
"{2070F79D-46BC-4EEA-8F02-9B4DCABAE7CB}" = iPod for Windows 2006-03-23
"{22354A21-BE84-0D40-191D-6E530B715CCF}" = CCC Help Polish
"{26A24AE4-039D-4CA4-87B4-2F83216014FF}" = Java™ 6 Update 14
"{2F36BA32-7986-9E40-B3F6-908B214EC898}" = CCC Help Japanese
"{2F4A39B2-5A2D-3E9F-E8EA-6F891A097ACF}" = CCC Help English
"{3101CB58-3482-4D21-AF1A-7057FC935355}" = KhalInstallWrapper
"{342126B2-10D5-409E-884B-245347A497E1}" = TOSHIBA Bulletin Board
"{3B160861-7250-451E-B5EE-8B92BF30A710}" = Microsoft Works
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{3D9892BB-A751-4E48-ADC8-E4289956CE1D}" = QuickTime
"{3DBE8669-1F7D-E1C9-2BC8-CC4BAE0A5136}" = CCC Help Turkish
"{3FF5FF03-DB97-2ACE-BAE7-61D6D4A39F9B}" = Catalyst Control Center Graphics Full Existing
"{42451051-52B5-4D74-920A-BB49861D7253}" = TOSHIBA ReelTime
"{4CEE0E9F-2116-BE92-CD54-8D1834935B54}" = Catalyst Control Center Localization All
"{50F68032-B5B7-4513-9116-C978DBD8F27A}" = DVD MovieFactory for TOSHIBA
"{51B4E156-14A5-4904-9AE4-B1AA2A0E46BE}" = TOSHIBA Supervisor Password
"{5279374D-87FE-4879-9385-F17278EBB9D3}" = TOSHIBA Hardware Setup
"{53536479-DFB0-47ED-9D10-43F3708C222D}" = TOSHIBA eco Utility
"{541DEAC0-5F3D-45E6-B7CB-94ECF3B96748}" = Skype web features
"{5DA0E02F-970B-424B-BF41-513A5018E4C0}" = TOSHIBA Disc Creator
"{5DD59391-FED6-576D-B6BD-71111EF96522}" = CCC Help Russian
"{5E6F6CF3-BACC-4144-868C-E14622C658F3}" = TOSHIBA Web Camera Application
"{601E6234-EC57-0948-6E33-7F2339EC5AA1}" = ATI Catalyst Install Manager
"{6168260A-6D56-50BB-193C-BF6F471394AA}" = CCC Help Greek
"{617C36FD-0CBE-4600-84B2-441CEB12FADF}" = TOSHIBA Extended Tiles for Windows Mobility Center
"{620BBA5E-F848-4D56-8BDA-584E44584C5E}" = TOSHIBA Flash Cards Support Utility
"{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update
"{6A150790-FC79-D323-92D4-E773E3A03789}" = CCC Help Portuguese
"{6C5F3BDC-0A1B-4436-A696-5939629D5C31}" = TOSHIBA DVD PLAYER
"{6CB88B54-4C1C-E6AB-49C6-476DE56327BC}" = CCC Help Spanish
"{6DE880FE-F0C9-BC57-B7C5-2ABEAE1E501E}" = CCC Help German
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{757A7F5D-F9A1-4DC5-8738-C0A31C658BC8}" = McAfee Agent
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{7760A193-8668-4FAB-B1B1-525C259F84DC}_is1" = File Helper 2.5.4.1
"{79660B73-3DD0-9C3D-3F29-0E266F3AE5EA}" = CCC Help Norwegian
"{7AB3A249-FB81-416B-917A-A2A10E74C503}" = iTunes
"{81E5E076-F2C1-AE09-A360-0CAC2967FD5F}" = CCC Help Swedish
"{85991ED2-010C-4930-96FA-52F43C2CE98A}" = Apple Mobile Device Support
"{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
"{86D4B82A-ABED-442A-BE86-96357B70F4FE}" = Ask Toolbar
"{8833FFB6-5B0C-4764-81AA-06DFEED9A476}" = Realtek 8136 8168 8169 Ethernet Driver
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{89F7D66C-777D-473B-AA11-319C0F190EAC}" = TOSHIBA Internal Modem Region Select Utility
"{90120000-0015-040C-0000-0000000FF1CE}" = Microsoft Office Access MUI (French) 2007
"{90120000-0015-040C-0000-0000000FF1CE}_PROPLUSR_{AE187E0D-EBA5-4EE1-A397-BF1A577CB24C}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0016-040C-0000-0000000FF1CE}" = Microsoft Office Excel MUI (French) 2007
"{90120000-0016-040C-0000-0000000FF1CE}_PROPLUSR_{AE187E0D-EBA5-4EE1-A397-BF1A577CB24C}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0018-040C-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (French) 2007
"{90120000-0018-040C-0000-0000000FF1CE}_PROPLUSR_{AE187E0D-EBA5-4EE1-A397-BF1A577CB24C}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0019-040C-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (French) 2007
"{90120000-0019-040C-0000-0000000FF1CE}_PROPLUSR_{AE187E0D-EBA5-4EE1-A397-BF1A577CB24C}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001A-040C-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (French) 2007
"{90120000-001A-040C-0000-0000000FF1CE}_PROPLUSR_{AE187E0D-EBA5-4EE1-A397-BF1A577CB24C}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001B-040C-0000-0000000FF1CE}" = Microsoft Office Word MUI (French) 2007
"{90120000-001B-040C-0000-0000000FF1CE}_PROPLUSR_{AE187E0D-EBA5-4EE1-A397-BF1A577CB24C}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001F-0401-0000-0000000FF1CE}" = Microsoft Office Proof (Arabic) 2007
"{90120000-001F-0401-0000-0000000FF1CE}_PROPLUSR_{14809F99-C601-4D4A-9391-F1E8FAA964C5}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2007
"{90120000-001F-0407-0000-0000000FF1CE}_PROPLUSR_{A0516415-ED61-419A-981D-93596DA74165}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_PROPLUSR_{ABDDE972-355B-4AF1-89A8-DA50B7B5C045}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_PROPLUSR_{F580DDD5-8D37-4998-968E-EBB76BB86787}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0413-0000-0000000FF1CE}" = Microsoft Office Proof (Dutch) 2007
"{90120000-001F-0413-0000-0000000FF1CE}_PROPLUSR_{D66D5A44-E480-4BA4-B4F2-C554F6B30EBB}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007
"{90120000-001F-0C0A-0000-0000000FF1CE}_PROPLUSR_{187308AB-5FA7-4F14-9AB9-D290383A10D9}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-002C-040C-0000-0000000FF1CE}" = Microsoft Office Proofing (French) 2007
"{90120000-0044-040C-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (French) 2007
"{90120000-0044-040C-0000-0000000FF1CE}_PROPLUSR_{AE187E0D-EBA5-4EE1-A397-BF1A577CB24C}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-006E-040C-0000-0000000FF1CE}" = Microsoft Office Shared MUI (French) 2007
"{90120000-006E-040C-0000-0000000FF1CE}_PROPLUSR_{B165D3C2-40AE-4D39-86F7-E5C87C4264C0}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{9068B2BE-D93A-4C0A-861C-5E35E2C0E09E}" = Intel® Matrix Storage Manager
"{91120000-0011-0000-0000-0000000FF1CE}" = Microsoft Office Professional Plus 2007
"{91120000-0011-0000-0000-0000000FF1CE}_PROPLUSR_{0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{91120000-0011-0000-0000-0000000FF1CE}_PROPLUSR_{3D019598-7B59-447A-80AE-815B703B84FF}" = Security Update for Microsoft Office system 2007 (972581)
"{95120000-00AF-040C-0000-0000000FF1CE}" = Microsoft Office PowerPoint Viewer 2007 (French)
"{96AE7E41-E34E-47D0-AC07-1091A8127911}" = Realtek USB 2.0 Card Reader
"{986CAA52-3249-B34F-DC64-07347926CF57}" = CCC Help Korean
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9DECD0F9-D3E8-48B0-A390-1CF09F54E3A4}" = TOSHIBA PC Health Monitor
"{A498D9EB-927B-459B-85D6-DD6EF8C2C564}" = erLT
"{AC6569FA-6919-442A-8552-073BE69E247A}" = TOSHIBA Service Station
"{AC76BA86-7AD7-5464-3428-900000000004}" = Spelling Dictionaries Support For Adobe Reader 9
"{B2D328BE-45AD-4D92-96F9-2151490A203E}" = Apple Application Support
"{B5B8BA5D-55CA-9351-984B-048FEF97A544}" = Catalyst Control Center Graphics Previews Vista
"{B65BBB06-1F8E-48F5-8A54-B024A9E15FDF}" = TOSHIBA Recovery Media Creator
"{B6DECBD2-EC09-17C3-35AE-8C72B08062C9}" = CCC Help Czech
"{BF3AB290-563B-2F6F-9AF0-189B5CCF2C01}" = Catalyst Control Center Graphics Light
"{C644BA4B-07D6-A67E-9EB4-157F6DEB68BE}" = CCC Help Chinese Traditional
"{C730E42C-935A-45BB-A0C5-37E5234D111B}" = TOSHIBA Face Recognition
"{CC6ECC37-F908-4575-D549-3E0F1084B2B3}" = ccc-utility
"{CCA5EAAD-92F4-4B7A-B5EE-14294C66AB61}" = PlayReady PC Runtime x86
"{CEBB6BFB-D708-4F99-A633-BC2600E01EF6}" = Bluetooth Stack for Windows by Toshiba
"{D0831990-FF97-1F08-668D-4743CC32EFBC}" = CCC Help Finnish
"{D103C4BA-F905-437A-8049-DB24763BBE36}" = Skype™ 4.2
"{D4322448-B6AF-4316-B859-D8A0E84DCB38}" = TOSHIBA HDD/SSD Alert
"{D9835CE0-E294-83FE-AF9F-BC113A0D2EA9}" = CCC Help Hungarian
"{E25FA4E1-678F-414F-9777-1E3FDBBDA4D1}" = Catalyst Control Center InstallProxy
"{E3D63B95-4B21-414A-A2C7-D6D6A6AC6D79}" = Catalyst Control Center - Branding
"{E8B28EF5-2A73-03A7-4F02-2DFF1D182940}" = Catalyst Control Center Graphics Full New
"{E94F833D-6435-40A2-112C-4BC18100B91D}" = CCC Help Italian
"{EBFF48F5-3CFA-436F-8FD5-94FB01D3A0A7}" = TOSHIBA SD Memory Utilities
"{EEA02668-D5D9-AEFF-6FFB-1EB5BC765A52}" = CCC Help French
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F2004B8D-7791-4B35-A3FA-D8CA8BB4DD81}" = Direct DiscRecorder
"{F29B21BD-CAA6-445F-8EF7-A7E2B9D8B14E}" = Logitech SetPoint
"{F3529665-D75E-4D6D-98F0-745C78C68E9B}" = TOSHIBA ConfigFree
"{FCD674E3-F281-46D6-7717-6EAFDD16D8FC}" = CCC Help Dutch
"{FEDD27A0-B306-45EF-BF58-B527406B42C8}" = TOSHIBA Value Added Package
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"InstallShield_{2070F79D-46BC-4EEA-8F02-9B4DCABAE7CB}" = iPod for Windows 2006-03-23
"InstallShield_{342126B2-10D5-409E-884B-245347A497E1}" = TOSHIBA Bulletin Board
"InstallShield_{42451051-52B5-4D74-920A-BB49861D7253}" = TOSHIBA ReelTime
"InstallShield_{50F68032-B5B7-4513-9116-C978DBD8F27A}" = DVD MovieFactory for TOSHIBA
"InstallShield_{51B4E156-14A5-4904-9AE4-B1AA2A0E46BE}" = TOSHIBA Mot de passe responsable
"InstallShield_{5279374D-87FE-4879-9385-F17278EBB9D3}" = TOSHIBA Hardware Setup
"InstallShield_{53536479-DFB0-47ED-9D10-43F3708C222D}" = TOSHIBA eco Utility
"InstallShield_{617C36FD-0CBE-4600-84B2-441CEB12FADF}" = TOSHIBA Extended Tiles for Windows Mobility Center
"InstallShield_{620BBA5E-F848-4D56-8BDA-584E44584C5E}" = TOSHIBA Flash Cards Support Utility
"InstallShield_{89F7D66C-777D-473B-AA11-319C0F190EAC}" = TOSHIBA Internal Modem Region Select Utility
"InstallShield_{C730E42C-935A-45BB-A0C5-37E5234D111B}" = TOSHIBA Face Recognition
"InstallShield_{D4322448-B6AF-4316-B859-D8A0E84DCB38}" = TOSHIBA HDD/SSD Alert
"InstallShield_{F2004B8D-7791-4B35-A3FA-D8CA8BB4DD81}" = Direct DiscRecorder
"InstallShield_{FEDD27A0-B306-45EF-BF58-B527406B42C8}" = TOSHIBA Value Added Package
"LTMOH" = LSI V92 MOH Application
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile FRA Language Pack" = Module linguistique Microsoft .NET Framework 4 Client Profile FRA
"PROPLUSR" = Microsoft Office Professional Plus 2007
"SynTPDeinstKey" = Synaptics Pointing Device Driver
"TOSHIBA Software Modem" = TOSHIBA Software Modem
"USB Virus Scan_is1" = USB Virus Scan 2.3

========== HKEY_USERS Uninstall List ==========

[HKEY_USERS\S-1-5-21-1830387117-390547829-181542594-5929\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Dropbox" = Dropbox

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 2011-08-11 08:27:54 | Computer Name = C22788.acad.gst.uqam.ca | Source = SideBySide | ID = 16842785
Description = La création du contexte d’activation a échoué pour « C:\windows\system32\conhost.exe ».
Assembly
dépendant Microsoft.Windows.SystemCompatible,processorArchitecture="x86",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.7600.16823"
introuvable. Utilisez sxstrace.exe pour un diagnostic détaillé.

Error - 2011-08-11 08:27:54 | Computer Name = C22788.acad.gst.uqam.ca | Source = SideBySide | ID = 16842785
Description = La création du contexte d’activation a échoué pour « C:\windows\system32\conhost.exe ».
Assembly
dépendant Microsoft.Windows.SystemCompatible,processorArchitecture="x86",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.7600.16823"
introuvable. Utilisez sxstrace.exe pour un diagnostic détaillé.

Error - 2011-08-11 08:27:54 | Computer Name = C22788.acad.gst.uqam.ca | Source = SideBySide | ID = 16842785
Description = La création du contexte d’activation a échoué pour « C:\windows\system32\conhost.exe ».
Assembly
dépendant Microsoft.Windows.SystemCompatible,processorArchitecture="x86",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.7600.16823"
introuvable. Utilisez sxstrace.exe pour un diagnostic détaillé.

Error - 2011-08-11 08:27:54 | Computer Name = C22788.acad.gst.uqam.ca | Source = SideBySide | ID = 16842785
Description = La création du contexte d’activation a échoué pour « C:\windows\system32\conhost.exe ».
Assembly
dépendant Microsoft.Windows.SystemCompatible,processorArchitecture="x86",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.7600.16823"
introuvable. Utilisez sxstrace.exe pour un diagnostic détaillé.

Error - 2011-08-11 08:27:54 | Computer Name = C22788.acad.gst.uqam.ca | Source = SideBySide | ID = 16842785
Description = La création du contexte d’activation a échoué pour « C:\windows\system32\conhost.exe ».
Assembly
dépendant Microsoft.Windows.SystemCompatible,processorArchitecture="x86",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.7600.16823"
introuvable. Utilisez sxstrace.exe pour un diagnostic détaillé.

Error - 2011-08-11 08:27:57 | Computer Name = C22788.acad.gst.uqam.ca | Source = SideBySide | ID = 16842785
Description = La création du contexte d’activation a échoué pour « C:\windows\system32\conhost.exe ».
Assembly
dépendant Microsoft.Windows.SystemCompatible,processorArchitecture="x86",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.7600.16823"
introuvable. Utilisez sxstrace.exe pour un diagnostic détaillé.

Error - 2011-08-11 08:28:26 | Computer Name = C22788.acad.gst.uqam.ca | Source = SideBySide | ID = 16842785
Description = La création du contexte d’activation a échoué pour « C:\windows\system32\conhost.exe ».
Assembly
dépendant Microsoft.Windows.SystemCompatible,processorArchitecture="x86",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.7600.16823"
introuvable. Utilisez sxstrace.exe pour un diagnostic détaillé.

Error - 2011-08-11 08:28:29 | Computer Name = C22788.acad.gst.uqam.ca | Source = SideBySide | ID = 16842785
Description = La création du contexte d’activation a échoué pour « C:\windows\system32\conhost.exe ».
Assembly
dépendant Microsoft.Windows.SystemCompatible,processorArchitecture="x86",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.7600.16823"
introuvable. Utilisez sxstrace.exe pour un diagnostic détaillé.

Error - 2011-08-11 08:28:29 | Computer Name = C22788.acad.gst.uqam.ca | Source = SideBySide | ID = 16842785
Description = La création du contexte d’activation a échoué pour « C:\windows\system32\conhost.exe ».
Assembly
dépendant Microsoft.Windows.SystemCompatible,processorArchitecture="x86",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.7600.16823"
introuvable. Utilisez sxstrace.exe pour un diagnostic détaillé.

Error - 2011-08-11 08:29:12 | Computer Name = C22788.acad.gst.uqam.ca | Source = SideBySide | ID = 16842785
Description = La création du contexte d’activation a échoué pour « C:\windows\system32\conhost.exe ».
Assembly
dépendant Microsoft.Windows.SystemCompatible,processorArchitecture="x86",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.7600.16823"
introuvable. Utilisez sxstrace.exe pour un diagnostic détaillé.

[ System Events ]
Error - 2011-09-22 14:44:08 | Computer Name = C22788.acad.gst.uqam.ca | Source = atikmdag | ID = 43029
Description = Display is not active

Error - 2011-09-22 14:45:04 | Computer Name = C22788.acad.gst.uqam.ca | Source = Microsoft-Windows-GroupPolicy | ID = 1129
Description = Échec du traitement de la stratégie de groupe en raison d’une absence
de connectivité réseau vers un contrôleur de domaine. Il peut s’agir d’un problème
temporaire. Un message de réussite est généré une fois que l’ordinateur est connecté
au contrôleur de domaine et que la stratégie de groupe est correctement traitée.
Si aucun message de réussite ne s’affiche pendant plusieurs heures, contactez votre
administrateur.

Error - 2011-09-22 15:24:07 | Computer Name = C22788.acad.gst.uqam.ca | Source = EventLog | ID = 6008
Description = L’arrêt système précédant à 15:22:35 le ?2011-?09-?22 n’était pas
prévu.

Error - 2011-09-22 15:24:02 | Computer Name = C22788.acad.gst.uqam.ca | Source = atikmdag | ID = 52236
Description = CPLIB :: General - Invalid Parameter

Error - 2011-09-22 15:24:02 | Computer Name = C22788.acad.gst.uqam.ca | Source = atikmdag | ID = 43029
Description = Display is not active

Error - 2011-09-22 15:24:12 | Computer Name = C22788.acad.gst.uqam.ca | Source = NETLOGON | ID = 5719
Description = Cet ordinateur n’a pas pu configurer une session sécurisée avec un
contrôleur de domaine dans le domaine ACADEMIQUE pour la raison suivante : %%1311

Cela
peut entraîner des problèmes d’authentification. Vérifiez que cet ordinateur est
connecté au réseau. Si le problème persiste, contactez votre administrateur de domaine.



INFORMATIONS
SUPPLÉMENTAIRES Si cet ordinateur est un contrôleur de domaine pour le domaine spécifié,
il installe la session sécurisée sur l’émulateur de contrôleur de domaine principal
dans le domaine spécifié. Sinon, cet ordinateur installe la session sécurisée sur
n’importe quel contrôleur de domaine du domaine spécifié.

Error - 2011-09-22 15:24:11 | Computer Name = C22788.acad.gst.uqam.ca | Source = Microsoft-Windows-DNS-Client | ID = 1012
Description = Une erreur s’est produite lors de la lecture du fichier d’hôtes local.

Error - 2011-09-22 15:24:23 | Computer Name = C22788.acad.gst.uqam.ca | Source = Microsoft-Windows-GroupPolicy | ID = 1129
Description = Échec du traitement de la stratégie de groupe en raison d’une absence
de connectivité réseau vers un contrôleur de domaine. Il peut s’agir d’un problème
temporaire. Un message de réussite est généré une fois que l’ordinateur est connecté
au contrôleur de domaine et que la stratégie de groupe est correctement traitée.
Si aucun message de réussite ne s’affiche pendant plusieurs heures, contactez votre
administrateur.

Error - 2011-09-22 15:24:58 | Computer Name = C22788.acad.gst.uqam.ca | Source = Microsoft-Windows-GroupPolicy | ID = 1129
Description = Échec du traitement de la stratégie de groupe en raison d’une absence
de connectivité réseau vers un contrôleur de domaine. Il peut s’agir d’un problème
temporaire. Un message de réussite est généré une fois que l’ordinateur est connecté
au contrôleur de domaine et que la stratégie de groupe est correctement traitée.
Si aucun message de réussite ne s’affiche pendant plusieurs heures, contactez votre
administrateur.

Error - 2011-09-22 15:28:52 | Computer Name = C22788.acad.gst.uqam.ca | Source = Microsoft-Windows-WindowsUpdateClient | ID = 20
Description = Échec de l’installation : l’installation de la mise à jour suivante
a échoue avec l’erreur 0x80246007 : Mise à jour pour Windows 7 (KB2607712).


< End of report >

Eachtime I tried to save a txt file
---- When I tried to SAVE AS the otl.txt file, a pop up appeared saying this :
ORDINAL 383 could not be located in the dynamic link library iertutil.dll.

---- When I tried to SAVE AS the extras.txt file, a pop up appeared saying this :
ORDINAL 383 could not be located in the dynamic link library iertutil.dll.

Thanks!

Edited by AxelFTW, 22 September 2011 - 03:02 PM.


#10 Farbar

Farbar

    Just Curious


  • Security Developer
  • 21,716 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:The Netherlands
  • Local time:04:42 AM

Posted 22 September 2011 - 03:43 PM

Please go to Start => Control Panel => User Account. Remove the password for user "Thuillier_D".
Reboot the computer once to make sure the computer start without a having to use the password.
Now try to do the Step 2 of the Post 6.

#11 AxelFTW

AxelFTW
  • Topic Starter

  • Members
  • 16 posts
  • OFFLINE
  •  
  • Local time:09:42 PM

Posted 23 September 2011 - 11:26 AM

Hi farbar,

I can't change the password of the user thuillier_d because he's on a domain and I can't disconnect from the domain because I dont have the informations to connect back.

Is there another way? If not, I'll check with my administrator if I can disconnect from the domain.

I will answer today until 4:00 PM. After that, I'll be back to work monday morning.

I'm sorry for the trouble that it can cause to you.

Thanks!

#12 Farbar

Farbar

    Just Curious


  • Security Developer
  • 21,716 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:The Netherlands
  • Local time:04:42 AM

Posted 23 September 2011 - 11:40 AM

Hi AxelFTW,

It is not a trouble.:)

When trying to get to System Recovery Options, when you get the option to select the language which language do you select? Because the language you select will become the keyboard language. If you select any language other than English, and the password contains other characters other than alphabet and numbers, the character might be not the same as the one you mean to enter.

#13 AxelFTW

AxelFTW
  • Topic Starter

  • Members
  • 16 posts
  • OFFLINE
  •  
  • Local time:09:42 PM

Posted 23 September 2011 - 01:14 PM

WOW THANKS!!! That was my problem, it's a french computer so it was an AZERTY Keyboard...

Here's the log for the FRST.txt

Scan result of Farbars's Recovery Tool (FRST written by farbar) Version 2.2.1
Ran by Système at 2011-09-23 14:11:30
Running from F:\
Windows 7 Professional (X86) OS Language: 040C
The current controlset is ControlSet002

========================== Registry (Whitelisted) =============

HKLM\...\Run: [] [x]
HKU\thuillier_d\...\Policies\system: [disableregistrytools] 0
Winlogon\Notify\LBTWlgn: c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll [X]
Tcpip\Parameters: [DhcpNameServer] 10.10.10.1

================================ Services (Whitelisted) ==================

2 AgereModemAudio; C:\Program Files\LSI SoftModem\agrsmsvc.exe [14336 2009-03-28] (LSI Corporation)
2 AMD External Events Utility; C:\Windows\System32\atiesrxx.exe [176128 2009-07-30] (AMD)
2 cfWiMAXService; "C:\Program Files\TOSHIBA\ConfigFree\CFIWmxSvcs.exe" [181616 2009-07-18] (TOSHIBA CORPORATION)
2 ConfigFree Service; "C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe" [46448 2009-03-11] (TOSHIBA CORPORATION)
3 LBTServ; C:\Program Files\Common Files\Logishrd\Bluetooth\LBTServ.exe [121360 2009-07-20] (Logitech, Inc.)
2 McAfeeEngineService; "C:\Program Files\McAfee\VirusScan Enterprise\EngineServer.exe" [21256 2009-04-30] (McAfee, Inc.)
2 McAfeeFramework; "C:\Program Files\McAfee\Common Framework\FrameworkService.exe" /ServiceStart [103744 2009-01-16] (McAfee, Inc.)
2 McShield; "C:\Program Files\McAfee\VirusScan Enterprise\Mcshield.exe" [144888 2009-04-30] (McAfee, Inc.)
2 McTaskManager; "C:\Program Files\McAfee\VirusScan Enterprise\VsTskMgr.exe" [62800 2009-04-30] (McAfee, Inc.)
2 MDM; "C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe" [335872 2006-10-26] (Microsoft Corporation)
2 mfevtp; C:\windows\system32\mfevtps.exe [70216 2009-04-30] (McAfee, Inc.)
2 RSELSVC; C:\Program Files\TOSHIBA\RSelect\RSelSvc.exe /Service [62832 2009-07-07] (TOSHIBA Corporation)
3 StorSvc; C:\Windows\System32\storsvc.dll [16384 2009-07-14] (Microsoft Corporation)
3 TMachInfo; C:\Program Files\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe [51512 2009-08-17] (TOSHIBA Corporation)
2 TODDSrv; C:\windows\system32\TODDSrv.exe [128344 2009-07-28] (TOSHIBA Corporation)
2 TosCoSrv; "C:\Program Files\TOSHIBA\Power Saver\TosCoSrv.exe" [464224 2009-08-05] (TOSHIBA Corporation)
3 TOSHIBA Bluetooth Service; C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe [144752 2009-07-30] (TOSHIBA CORPORATION)
2 TOSHIBA eco Utility Service; "C:\Program Files\TOSHIBA\TECO\TecoService.exe" [185712 2009-08-11] (TOSHIBA Corporation)
3 TOSHIBA HDD SSD Alert Service; "C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe" [111960 2009-08-04] (TOSHIBA Corporation)
3 TPCHSrv; "C:\Program Files\TOSHIBA\TPHM\TPCHSrv.exe" [685424 2009-08-06] (TOSHIBA Corporation)

========================== Drivers (Whitelisted) =============

3 AgereSoftModem; C:\Windows\System32\DRIVERS\AGRSM.sys [1161760 2009-07-21] (LSI Corporation)
3 atikmdag; C:\Windows\System32\DRIVERS\atikmdag.sys [4994560 2009-07-30] (ATI Technologies Inc.)
3 LEqdUsb; C:\Windows\System32\Drivers\LEqdUsb.Sys [40720 2009-06-17] (Logitech, Inc.)
3 LHidEqd; C:\Windows\System32\Drivers\LHidEqd.Sys [10384 2009-06-17] (Logitech, Inc.)
3 LHidFilt; C:\Windows\System32\DRIVERS\LHidFilt.Sys [35472 2009-06-17] (Logitech, Inc.)
3 LMouFilt; C:\Windows\System32\DRIVERS\LMouFilt.Sys [37392 2009-06-17] (Logitech, Inc.)
0 LPCFilter; C:\Windows\System32\DRIVERS\LPCFilter.sys [36208 2009-07-02] (COMPAL ELECTRONIC INC.)
3 mfeapfk; C:\Windows\System32\drivers\mfeapfk.sys [75704 2009-04-30] (McAfee, Inc.)
3 mfeavfk; C:\Windows\System32\drivers\mfeavfk.sys [91640 2009-04-30] (McAfee, Inc.)
3 mfebopk; C:\Windows\System32\drivers\mfebopk.sys [43288 2009-04-30] (McAfee, Inc.)
0 mfehidk; C:\Windows\System32\drivers\mfehidk.sys [342128 2009-04-30] (McAfee, Inc.)
3 mferkdet; C:\Windows\System32\drivers\mferkdet.sys [65224 2009-04-30] (McAfee, Inc.)
1 mfetdik; C:\Windows\System32\drivers\mfetdik.sys [63696 2009-04-30] (McAfee, Inc.)
3 PGEffect; C:\Windows\System32\DRIVERS\pgeffect.sys [24064 2009-06-22] (TOSHIBA Corporation)
3 RTHDMIAzAudService; C:\Windows\System32\drivers\RtHDMIV.sys [157536 2009-05-21] (Realtek Semiconductor Corp.)
3 rtl8192se; C:\Windows\System32\DRIVERS\rtl8192se.sys [859136 2009-08-28] (Realtek Semiconductor Corporation )
3 tdcmdpst; C:\Windows\System32\DRIVERS\tdcmdpst.sys [22912 2009-07-30] (TOSHIBA Corporation.)
3 Tosrfbd; C:\Windows\System32\DRIVERS\tosrfbd.sys [168936 2009-07-08] (TOSHIBA CORPORATION)
3 tosrfec; C:\Windows\System32\DRIVERS\tosrfec.sys [15216 2009-07-14] (TOSHIBA Corporation)
3 Tosrfhid; C:\Windows\System32\DRIVERS\Tosrfhid.sys [79872 2009-06-19] (TOSHIBA Corporation.)
3 Tosrfusb; C:\Windows\System32\DRIVERS\tosrfusb.sys [49400 2009-08-05] (TOSHIBA CORPORATION)
0 tos_sps32; C:\Windows\System32\DRIVERS\tos_sps32.sys [275536 2009-07-24] (TOSHIBA Corporation)
0 TVALZ; C:\Windows\System32\DRIVERS\TVALZ_O.SYS [23512 2009-07-14] (TOSHIBA Corporation)
2 TVALZFL; C:\Windows\System32\DRIVERS\TVALZFL.sys [12920 2009-06-20] (TOSHIBA Corporation)
3 RtsUIR; C:\Windows\System32\DRIVERS\Rts516xIR.sys [x]
3 Tosrfcom; [x]
3 USBCCID; C:\Windows\System32\DRIVERS\RtsUCcid.sys [x]

========================== NetSvcs (Whitelisted) ===========

============ One Month Created Files and Folders ==============

2011-09-23 18:06 - 2011-09-23 18:06 - 1048576 __ASH C:\Windows\System32\config\components{327a916f-de1a-11e0-ad19-002622edf087}.TxR.1.regtrans-ms
2011-09-23 18:06 - 2011-09-23 18:06 - 1048576 __ASH C:\Windows\System32\config\components{327a916f-de1a-11e0-ad19-002622edf087}.TxR.0.regtrans-ms
2011-09-23 18:06 - 2011-09-23 18:06 - 0065536 __ASH C:\Windows\System32\config\components{327a916f-de1a-11e0-ad19-002622edf087}.TxR.blf
2011-09-23 14:11 - 2011-09-23 14:11 - 0000000 ____D C:\FRST
2011-09-22 20:40 - 2011-09-22 20:40 - 0048938 ____A C:\Users\thuillier_d\Desktop\Extras.Txt
2011-09-22 20:39 - 2011-09-22 20:39 - 0211794 ____A C:\Users\thuillier_d\Desktop\OTL.Txt
2011-09-22 20:34 - 2011-09-22 20:07 - 0582656 ____A (OldTimer Tools) C:\Users\thuillier_d\Desktop\OTL.exe
2011-09-22 20:26 - 2011-09-22 20:30 - 0072490 ____A C:\TDSSKiller.2.5.23.0_22.09.2011_15.26.49_log.txt
2011-09-22 20:21 - 2011-09-22 20:22 - 0073396 ____A C:\TDSSKiller.2.5.23.0_22.09.2011_15.21.34_log.txt
2011-09-22 20:19 - 2011-09-22 20:19 - 0000000 ____D C:\Windows\147BCE03C0F14C9F81576A89B6D2D973.TMP
2011-09-21 19:53 - 2011-09-21 19:53 - 0013358 ____A C:\Users\thuillier_d\Desktop\MBRCheck_09.21.11_14.53.15.txt
2011-09-21 19:52 - 2011-09-21 19:49 - 0080384 ____A C:\Users\thuillier_d\Desktop\MBRCheck.exe
2011-09-21 19:51 - 2011-09-21 19:51 - 0013228 ____A C:\Users\thuillier_d\Desktop\MBRCheck_09.21.11_14.51.11.txt
2011-09-20 17:07 - 2011-09-20 17:07 - 0021676 ____A C:\Users\thuillier_d\Desktop\ark.txt
2011-09-20 16:20 - 2011-09-20 16:20 - 0012758 ____A C:\Users\thuillier_d\Desktop\DDS.txt
2011-09-20 16:20 - 2011-09-20 16:20 - 0007588 ____A C:\Users\thuillier_d\Desktop\Attach.txt
2011-09-14 13:05 - 2011-09-14 13:05 - 0000000 ____D C:\Users\thuillier_d\Desktop\gmer
2011-09-14 12:52 - 2011-09-14 12:52 - 0000000 ____A C:\Users\thuillier_d\defogger_reenable
2011-09-14 12:51 - 2011-09-14 12:51 - 0294216 ____A C:\Users\thuillier_d\Desktop\gmer.zip
2011-09-14 12:51 - 2011-09-14 12:49 - 0607260 ____R (Swearware) C:\Users\thuillier_d\Desktop\dds.scr
2011-09-14 12:51 - 2011-09-14 12:49 - 0050477 ____A C:\Users\thuillier_d\Desktop\Defogger.exe
2011-09-13 20:23 - 2011-09-13 20:23 - 0000998 ____A C:\Users\thuillier_d\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk
2011-09-13 19:56 - 2011-09-13 19:56 - 0000000 ____D C:\Windows\pss
2011-09-13 19:46 - 2011-09-13 19:46 - 0139408 ____A C:\Windows\Minidump\091311-39093-01.dmp
2011-09-13 19:40 - 2011-09-13 19:40 - 0000000 ___RD C:\Users\thuillier_d\Documents\Fichiers LifeCam
2011-09-13 19:40 - 2011-09-13 19:40 - 0000000 ___AD C:\Users\thuillier_d\Documents\rollande
2011-09-13 19:40 - 2011-09-13 19:40 - 0000000 ___AD C:\Users\thuillier_d\Documents\Questionnaires GPI
2011-09-13 19:40 - 2011-09-13 19:40 - 0000000 ___AD C:\Users\thuillier_d\Documents\plans et contenus de cours 7140, 7060
2011-09-13 19:40 - 2011-09-13 19:40 - 0000000 ___AD C:\Users\thuillier_d\Documents\Plans essais 7060
2011-09-13 19:40 - 2011-09-13 19:40 - 0000000 ___AD C:\Users\thuillier_d\Documents\Intertender
2011-09-13 19:40 - 2011-09-13 19:40 - 0000000 ___AD C:\Users\thuillier_d\Documents\IDPM BOK
2011-09-13 19:40 - 2011-09-13 19:40 - 0000000 ___AD C:\Users\thuillier_d\Documents\gestion projets inter
2011-09-13 19:40 - 2011-09-13 19:40 - 0000000 ___AD C:\Users\thuillier_d\Documents\C.V. Thuillier
2011-09-13 19:40 - 2011-09-13 19:40 - 0000000 ____D C:\Users\thuillier_d\Documents\Riol 2
2011-09-13 19:40 - 2011-09-13 19:40 - 0000000 ____D C:\Users\thuillier_d\Documents\plans 7060
2011-09-13 19:40 - 2011-09-13 19:40 - 0000000 ____D C:\Users\thuillier_d\Documents\Flux Setym et brochure
2011-09-13 19:40 - 2011-09-13 19:40 - 0000000 ____D C:\Users\thuillier_d\Documents\Corel DVD MovieFactory
2011-09-13 19:40 - 2011-09-13 19:40 - 0000000 ____D C:\Users\thuillier_d\Documents\Articles BP
2011-09-13 19:40 - 2011-08-17 02:00 - 0009954 ____A C:\Users\thuillier_d\Documents\CV Thuillier accréditation.docx
2011-09-13 19:40 - 2011-04-11 02:29 - 12787205 ____A C:\Users\thuillier_d\Documents\musikmesse2011.mp4
2011-09-13 19:40 - 2011-01-30 04:44 - 0831488 ____A C:\Users\thuillier_d\Documents\FIDAL[1].ppt
2011-09-13 19:40 - 2011-01-30 04:22 - 1551641 ____A C:\Users\thuillier_d\Documents\Marques-brevet-quelle-valeur-avril2004-revue-marques.pdf
2011-09-13 19:40 - 2011-01-30 04:17 - 0274944 ____A C:\Users\thuillier_d\Documents\Conf%E9rence SOCPRA du 11-11-08 sur la propri%E9t%E9 intellectuelle et la cr%E9ation d'entreprise.ppt
2011-09-13 19:40 - 2011-01-24 21:39 - 2162176 ____A C:\Users\thuillier_d\Documents\These FCS jan18 (à distribuer).ppt
2011-09-13 19:40 - 2011-01-07 05:08 - 0011428 ____A C:\Users\thuillier_d\Documents\pierre bayle.docx
2011-09-13 19:40 - 2010-09-20 23:21 - 0012826 ____A C:\Users\thuillier_d\Documents\Évaluation Lavagnon finale.docx
2011-09-13 19:40 - 2010-04-30 18:24 - 0031744 ____A C:\Users\thuillier_d\Documents\Protocole de cession des actions DM.doc
2011-09-13 19:40 - 2010-02-04 17:38 - 0000000 ____D C:\Users\thuillier_d\Documents\Roxio
2011-09-13 19:40 - 2010-01-27 00:24 - 0457370 ____A C:\Users\thuillier_d\Documents\Photo M. Thuillier 1938-39_.jpg
2011-09-13 19:40 - 2009-11-27 18:00 - 0219648 ____A C:\Users\thuillier_d\Documents\Table 5.doc
2011-09-13 19:40 - 2009-08-05 04:35 - 0022528 ____A C:\Users\thuillier_d\Documents\Retraite séc.soc. France.doc
2011-09-13 19:40 - 2009-04-24 18:11 - 0032124 ____A C:\Users\thuillier_d\Documents\DT impôts personnels.pdf
2011-09-13 19:40 - 2009-02-16 17:45 - 0477184 ____A C:\Users\thuillier_d\Documents\FCS Banque mondiale anglo.doc
2011-09-13 19:40 - 2009-02-16 02:18 - 0649728 ____A C:\Users\thuillier_d\Documents\FCS Banque Mondiale franco.doc
2011-09-13 19:40 - 2009-01-03 19:26 - 0251392 ____A C:\Users\thuillier_d\Documents\IJPMB 03 jan.doc
2011-09-13 19:40 - 2008-12-10 18:16 - 0029184 ____A C:\Users\thuillier_d\Documents\Rapport thèse Lavagnonl.doc
2011-09-13 19:40 - 2008-08-03 21:57 - 1253560 ____A C:\Users\thuillier_d\Documents\IMG_5459.JPG
2011-09-13 19:40 - 2008-07-19 19:29 - 0720875 ____A C:\Users\thuillier_d\Documents\Grèce 08 003.jpg
2011-09-13 19:40 - 2008-01-21 18:01 - 0055296 ____A C:\Users\thuillier_d\Documents\contrat de confidentialité 2.doc
2011-09-13 19:40 - 2007-12-14 00:15 - 0043008 ____A C:\Users\thuillier_d\Documents\Brève Description des projets de recherche.doc
2011-09-13 19:40 - 2006-11-30 22:18 - 0020992 ____A C:\Users\thuillier_d\Documents\sabbatique report.doc
2011-09-13 19:40 - 2006-03-15 00:02 - 0174592 ____A C:\Users\thuillier_d\Documents\Sommaire -chaire GP - UQAM-nov 2005.doc
2011-09-13 19:40 - 2006-01-13 04:00 - 0030720 ____A C:\Users\thuillier_d\Documents\Lettre d'envoi GPI franco.doc
2011-09-13 19:40 - 2005-12-07 20:41 - 0213504 ____A C:\Users\thuillier_d\Documents\Questionnaire-Anglais final 2005.doc
2011-09-13 19:40 - 2005-08-08 18:37 - 0191005 ____A C:\Users\thuillier_d\Documents\CV HOBBS Eng June 2005.pdf
2011-09-13 19:40 - 2004-12-30 22:39 - 0005386 ____A C:\Users\thuillier_d\Documents\Commentaires EPM - 27 décembre.wpd
2011-09-13 19:40 - 2004-02-25 18:56 - 0023552 ____A C:\Users\thuillier_d\Documents\D.T et axe bureau de projet.doc
2011-09-13 19:40 - 2003-06-02 20:25 - 0165376 ____A C:\Users\thuillier_d\Documents\Success, trust and communication Diallo Thuillier.doc
2011-09-13 19:40 - 2003-05-05 23:57 - 0163840 ____A C:\Users\thuillier_d\Documents\succes conf et comm sans resume.doc
2011-09-13 19:40 - 2003-03-21 23:00 - 0057272 ____A C:\Users\thuillier_d\Documents\base succes et com depuis 25-02-02.sav
2011-09-13 19:40 - 2002-06-20 16:24 - 0068608 ____A C:\Users\thuillier_d\Documents\grille-ebauche.doc
2011-09-13 19:40 - 2001-12-14 18:29 - 0053124 ____A C:\Users\thuillier_d\Documents\base89-13-12 don manq remp.sav
2011-09-13 19:40 - 2001-12-14 01:17 - 0051728 ____A C:\Users\thuillier_d\Documents\base gpi 89-24-11.sav
2011-09-13 19:40 - 2001-12-13 02:40 - 0049864 ____A C:\Users\thuillier_d\Documents\base89-24-11.sav
2011-09-13 19:40 - 2001-11-27 19:14 - 0286720 ____A C:\Users\thuillier_d\Documents\données dimensions succès 20-11.doc
2011-09-13 19:40 - 2001-09-22 06:20 - 0036608 ____A C:\Users\thuillier_d\Documents\facteurs de succes 20-09 2.sav
2011-09-13 19:40 - 2001-09-21 18:36 - 0054240 ____A C:\Users\thuillier_d\Documents\facteurs de succes 20-09.sav
2011-09-13 19:40 - 2001-06-18 16:51 - 0046592 ____A C:\Users\thuillier_d\Documents\PLAN TRAVAIL-2001-02- Denis Thuillier.doc
2011-09-13 19:40 - 2000-10-26 04:01 - 0025088 ____A C:\Users\thuillier_d\Documents\Mémoire-marianne.doc
2011-09-13 19:40 - 1999-11-08 16:22 - 0025600 ____A C:\Users\thuillier_d\Documents\Conge sabbatique.doc
2011-09-13 19:39 - 2011-09-13 19:41 - 0000000 ____D C:\Users\thuillier_d\Desktop\A GARDER
2011-09-13 18:40 - 2011-09-13 19:04 - 0000870 ____A C:\Users\Public\Desktop\USBScan.lnk
2011-09-13 18:40 - 2011-09-13 19:04 - 0000000 ____D C:\Program Files\USBScan
2011-09-13 16:36 - 2011-09-22 20:38 - 0524288 __ASH C:\Windows\System32\config\components{327a9170-de1a-11e0-ad19-002622edf087}.TMContainer00000000000000000001.regtrans-ms
2011-09-13 16:36 - 2011-09-22 20:38 - 0065536 __ASH C:\Windows\System32\config\components{327a9170-de1a-11e0-ad19-002622edf087}.TM.blf
2011-09-13 16:36 - 2011-09-13 16:54 - 0524288 __ASH C:\Windows\System32\config\components{327a9170-de1a-11e0-ad19-002622edf087}.TMContainer00000000000000000002.regtrans-ms
2011-09-13 16:01 - 2011-09-13 16:02 - 0524288 __ASH C:\Windows\System32\config\components{0531a688-de18-11e0-9b5f-0026b666a2d2}.TMContainer00000000000000000002.regtrans-ms
2011-09-13 16:01 - 2011-09-13 16:02 - 0524288 __ASH C:\Windows\System32\config\components{0531a688-de18-11e0-9b5f-0026b666a2d2}.TMContainer00000000000000000001.regtrans-ms
2011-09-13 16:01 - 2011-09-13 16:02 - 0065536 __ASH C:\Windows\System32\config\components{0531a688-de18-11e0-9b5f-0026b666a2d2}.TM.blf
2011-09-13 15:00 - 2011-09-13 15:00 - 0016903 ____A C:\ComboFix.txt
2011-09-13 14:25 - 2011-09-13 14:27 - 0000000 ____D C:\## aswSnx private storage
2011-09-12 21:02 - 2011-09-22 20:33 - 0000000 ____D C:\Users\All Users\AVAST Software
2011-09-12 21:02 - 2011-09-22 20:33 - 0000000 ____D C:\ProgramData\AVAST Software
2011-09-12 21:02 - 2011-09-12 21:02 - 0000000 ____D C:\Program Files\AVAST Software
2011-09-12 20:58 - 2011-09-13 16:25 - 0000000 ____D C:\Config.Msi
2011-09-12 20:32 - 2011-09-12 20:32 - 0000000 __ASH C:\Windows\System32\config\system.tmp.LOG2
2011-09-12 20:32 - 2011-09-12 20:32 - 0000000 __ASH C:\Windows\System32\config\system.tmp.LOG1
2011-09-12 20:32 - 2011-09-12 20:32 - 0000000 __ASH C:\Windows\System32\config\software.tmp.LOG2
2011-09-12 20:32 - 2011-09-12 20:32 - 0000000 __ASH C:\Windows\System32\config\software.tmp.LOG1
2011-09-12 20:32 - 2011-09-12 20:32 - 0000000 __ASH C:\Windows\System32\config\security.tmp.LOG2
2011-09-12 20:32 - 2011-09-12 20:32 - 0000000 __ASH C:\Windows\System32\config\security.tmp.LOG1
2011-09-12 20:32 - 2011-09-12 20:32 - 0000000 __ASH C:\Windows\System32\config\sam.tmp.LOG2
2011-09-12 20:32 - 2011-09-12 20:32 - 0000000 __ASH C:\Windows\System32\config\sam.tmp.LOG1
2011-09-12 20:32 - 2011-09-12 20:32 - 0000000 __ASH C:\Windows\System32\config\default.tmp.LOG2
2011-09-12 20:32 - 2011-09-12 20:32 - 0000000 __ASH C:\Windows\System32\config\default.tmp.LOG1
2011-09-12 17:34 - 2011-09-13 19:05 - 0000000 ____D C:\Qoobox
2011-09-12 17:34 - 2011-09-13 15:51 - 0000000 ____D C:\Windows\ERDNT
2011-09-12 17:11 - 2011-09-12 17:11 - 0000000 ____D C:\Users\All Users\SUPERAntiSpyware.com
2011-09-12 17:11 - 2011-09-12 17:11 - 0000000 ____D C:\ProgramData\SUPERAntiSpyware.com
2011-09-12 15:09 - 2011-09-12 15:09 - 0000000 ____D C:\Users\thuillier_d\AppData\Roaming\Malwarebytes
2011-09-12 15:09 - 2011-09-12 15:09 - 0000000 ____D C:\Users\All Users\Malwarebytes
2011-09-12 15:09 - 2011-09-12 15:09 - 0000000 ____D C:\ProgramData\Malwarebytes
2011-09-10 17:24 - 2011-09-10 17:24 - 1791488 ____N (Microsoft Corporation) C:\Windows\System32\iertutil.dll
2011-09-10 17:24 - 2011-09-10 17:24 - 1126912 ____N (Microsoft Corporation) C:\Windows\System32\wininet.dll
2011-09-10 17:24 - 2011-09-10 17:24 - 1102848 ____N (Microsoft Corporation) C:\Windows\System32\urlmon.dll
2011-09-10 16:18 - 2011-09-10 16:18 - 0000000 ____D C:\found.000
2011-09-09 19:15 - 2011-09-09 21:20 - 0000112 ____A C:\Users\All Users\YnqK7lVrB.dat
2011-09-09 19:15 - 2011-09-09 21:20 - 0000112 ____A C:\ProgramData\YnqK7lVrB.dat
2011-09-09 19:12 - 2011-09-09 19:12 - 0143876 ____A C:\Windows\System32\c_7265170.nls
2011-09-09 19:12 - 2011-09-09 19:12 - 0000000 ____D C:\Users\All Users\c5d747
2011-09-09 19:12 - 2011-09-09 19:12 - 0000000 ____D C:\ProgramData\c5d747
2011-09-09 01:10 - 2011-09-09 01:10 - 0000000 ____D C:\Windows\Sun
2011-09-08 22:45 - 2011-09-08 23:38 - 0000000 ____D C:\Users\thuillier_d\AppData\Roaming\Google
2011-09-08 22:40 - 2011-09-13 15:51 - 0000000 ____D C:\Program Files\Google
2011-09-08 22:40 - 2011-09-08 23:19 - 0000000 ____D C:\Users\thuillier_d\AppData\Local\Google
2011-09-08 22:40 - 2011-09-08 22:41 - 0000000 ____D C:\Users\All Users\Google
2011-09-08 22:40 - 2011-09-08 22:41 - 0000000 ____D C:\ProgramData\Google
2011-09-06 01:19 - 2011-09-06 23:05 - 0011298 __ASH C:\Users\thuillier_d\AppData\Local\kl2kssls2335gr04b2n08itufc0sr323f30220j170yo
2011-09-06 01:19 - 2011-09-06 01:19 - 0001120 __ASH C:\Users\All Users\kl2kssls2335gr04b2n08itufc0sr323f30220j170yo
2011-09-06 01:19 - 2011-09-06 01:19 - 0001120 __ASH C:\ProgramData\kl2kssls2335gr04b2n08itufc0sr323f30220j170yo
2011-09-06 01:19 - 2011-09-06 01:19 - 0000000 ____A C:\Users\All Users\rgeg.exe
2011-09-06 01:19 - 2011-09-06 01:19 - 0000000 ____A C:\ProgramData\rgeg.exe
2011-08-24 15:20 - 2011-07-09 05:30 - 0002048 ____A (Microsoft Corporation) C:\Windows\System32\tzres.dll


============ 3 Months Modified Files and Folders ===============

2011-09-23 19:05 - 2010-01-29 03:39 - 1787893 ____A C:\Windows\WindowsUpdate.log
2011-09-23 18:06 - 2011-09-23 18:06 - 1048576 __ASH C:\Windows\System32\config\components{327a916f-de1a-11e0-ad19-002622edf087}.TxR.2.regtrans-ms
2011-09-23 18:06 - 2011-09-23 18:06 - 1048576 __ASH C:\Windows\System32\config\components{327a916f-de1a-11e0-ad19-002622edf087}.TxR.1.regtrans-ms
2011-09-23 18:06 - 2011-09-23 18:06 - 1048576 __ASH C:\Windows\System32\config\components{327a916f-de1a-11e0-ad19-002622edf087}.TxR.0.regtrans-ms
2011-09-23 18:06 - 2011-09-23 18:06 - 0065536 __ASH C:\Windows\System32\config\components{327a916f-de1a-11e0-ad19-002622edf087}.TxR.blf
2011-09-23 14:11 - 2011-09-23 14:11 - 0000000 ____D C:\FRST
2011-09-22 20:40 - 2011-09-22 20:40 - 0048938 ____A C:\Users\thuillier_d\Desktop\Extras.Txt
2011-09-22 20:39 - 2011-09-22 20:39 - 0211794 ____A C:\Users\thuillier_d\Desktop\OTL.Txt
2011-09-22 20:38 - 2011-09-13 16:36 - 0524288 __ASH C:\Windows\System32\config\components{327a9170-de1a-11e0-ad19-002622edf087}.TMContainer00000000000000000001.regtrans-ms
2011-09-22 20:38 - 2011-09-13 16:36 - 0065536 __ASH C:\Windows\System32\config\components{327a9170-de1a-11e0-ad19-002622edf087}.TM.blf
2011-09-22 20:33 - 2011-09-12 21:02 - 0000000 ____D C:\Users\All Users\AVAST Software
2011-09-22 20:33 - 2011-09-12 21:02 - 0000000 ____D C:\ProgramData\AVAST Software
2011-09-22 20:31 - 2009-07-14 05:34 - 0017504 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2011-09-22 20:31 - 2009-07-14 05:34 - 0017504 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2011-09-22 20:30 - 2011-09-22 20:26 - 0072490 ____A C:\TDSSKiller.2.5.23.0_22.09.2011_15.26.49_log.txt
2011-09-22 20:29 - 2009-08-27 04:50 - 1585542 ____A C:\Windows\System32\PerfStringBackup.INI
2011-09-22 20:24 - 2009-07-14 05:53 - 0000006 ___AH C:\Windows\Tasks\SA.DAT
2011-09-22 20:24 - 2009-07-14 05:39 - 0072093 ____A C:\Windows\setupact.log
2011-09-22 20:23 - 2010-01-29 03:28 - 2388279296 __ASH C:\hiberfil.sys
2011-09-22 20:23 - 2009-07-14 00:11 - 0445008 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\Wdf01000.sys
2011-09-22 20:22 - 2011-09-22 20:21 - 0073396 ____A C:\TDSSKiller.2.5.23.0_22.09.2011_15.21.34_log.txt
2011-09-22 20:19 - 2011-09-22 20:19 - 0000000 ____D C:\Windows\147BCE03C0F14C9F81576A89B6D2D973.TMP
2011-09-22 20:07 - 2011-09-22 20:34 - 0582656 ____A (OldTimer Tools) C:\Users\thuillier_d\Desktop\OTL.exe
2011-09-21 19:53 - 2011-09-21 19:53 - 0013358 ____A C:\Users\thuillier_d\Desktop\MBRCheck_09.21.11_14.53.15.txt
2011-09-21 19:51 - 2011-09-21 19:51 - 0013228 ____A C:\Users\thuillier_d\Desktop\MBRCheck_09.21.11_14.51.11.txt
2011-09-21 19:49 - 2011-09-21 19:52 - 0080384 ____A C:\Users\thuillier_d\Desktop\MBRCheck.exe
2011-09-21 16:15 - 2009-07-14 05:53 - 0032482 ____A C:\Windows\Tasks\SCHEDLGU.TXT
2011-09-20 17:07 - 2011-09-20 17:07 - 0021676 ____A C:\Users\thuillier_d\Desktop\ark.txt
2011-09-20 16:20 - 2011-09-20 16:20 - 0012758 ____A C:\Users\thuillier_d\Desktop\DDS.txt
2011-09-20 16:20 - 2011-09-20 16:20 - 0007588 ____A C:\Users\thuillier_d\Desktop\Attach.txt
2011-09-14 13:05 - 2011-09-14 13:05 - 0000000 ____D C:\Users\thuillier_d\Desktop\gmer
2011-09-14 12:52 - 2011-09-14 12:52 - 0000000 ____A C:\Users\thuillier_d\defogger_reenable
2011-09-14 12:52 - 2010-02-04 17:17 - 0000000 ____D C:\users\thuillier_d
2011-09-14 12:51 - 2011-09-14 12:51 - 0294216 ____A C:\Users\thuillier_d\Desktop\gmer.zip
2011-09-14 12:49 - 2011-09-14 12:51 - 0607260 ____R (Swearware) C:\Users\thuillier_d\Desktop\dds.scr
2011-09-14 12:49 - 2011-09-14 12:51 - 0050477 ____A C:\Users\thuillier_d\Desktop\Defogger.exe
2011-09-13 20:42 - 2009-08-27 04:47 - 0000000 ____D C:\Users\All Users\Adobe
2011-09-13 20:42 - 2009-08-27 04:47 - 0000000 ____D C:\ProgramData\Adobe
2011-09-13 20:23 - 2011-09-13 20:23 - 0000998 ____A C:\Users\thuillier_d\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk
2011-09-13 19:56 - 2011-09-13 19:56 - 0000000 ____D C:\Windows\pss
2011-09-13 19:49 - 2011-07-08 16:03 - 0000000 ___RD C:\Users\thuillier_d\Dropbox
2011-09-13 19:49 - 2011-07-08 15:59 - 0000000 ____D C:\Users\thuillier_d\AppData\Roaming\Dropbox
2011-09-13 19:46 - 2011-09-13 19:46 - 0139408 ____A C:\Windows\Minidump\091311-39093-01.dmp
2011-09-13 19:46 - 2010-05-24 13:53 - 322474135 ____A C:\Windows\MEMORY.DMP
2011-09-13 19:46 - 2010-05-24 13:53 - 0000000 ____D C:\Windows\Minidump
2011-09-13 19:41 - 2011-09-13 19:39 - 0000000 ____D C:\Users\thuillier_d\Desktop\A GARDER
2011-09-13 19:40 - 2011-09-13 19:40 - 0000000 ___RD C:\Users\thuillier_d\Documents\Fichiers LifeCam
2011-09-13 19:40 - 2011-09-13 19:40 - 0000000 ___AD C:\Users\thuillier_d\Documents\rollande
2011-09-13 19:40 - 2011-09-13 19:40 - 0000000 ___AD C:\Users\thuillier_d\Documents\Questionnaires GPI
2011-09-13 19:40 - 2011-09-13 19:40 - 0000000 ___AD C:\Users\thuillier_d\Documents\plans et contenus de cours 7140, 7060
2011-09-13 19:40 - 2011-09-13 19:40 - 0000000 ___AD C:\Users\thuillier_d\Documents\Plans essais 7060
2011-09-13 19:40 - 2011-09-13 19:40 - 0000000 ___AD C:\Users\thuillier_d\Documents\Intertender
2011-09-13 19:40 - 2011-09-13 19:40 - 0000000 ___AD C:\Users\thuillier_d\Documents\IDPM BOK
2011-09-13 19:40 - 2011-09-13 19:40 - 0000000 ___AD C:\Users\thuillier_d\Documents\gestion projets inter
2011-09-13 19:40 - 2011-09-13 19:40 - 0000000 ___AD C:\Users\thuillier_d\Documents\C.V. Thuillier
2011-09-13 19:40 - 2011-09-13 19:40 - 0000000 ____D C:\Users\thuillier_d\Documents\Riol 2
2011-09-13 19:40 - 2011-09-13 19:40 - 0000000 ____D C:\Users\thuillier_d\Documents\plans 7060
2011-09-13 19:40 - 2011-09-13 19:40 - 0000000 ____D C:\Users\thuillier_d\Documents\Flux Setym et brochure
2011-09-13 19:40 - 2011-09-13 19:40 - 0000000 ____D C:\Users\thuillier_d\Documents\Corel DVD MovieFactory
2011-09-13 19:40 - 2011-09-13 19:40 - 0000000 ____D C:\Users\thuillier_d\Documents\Articles BP
2011-09-13 19:38 - 2010-03-30 18:53 - 0302244 ____A C:\Windows\ntbtlog.txt
2011-09-13 19:19 - 2009-07-14 03:04 - 0002577 ____A C:\Windows\System32\config.nt
2011-09-13 19:06 - 2010-01-28 22:42 - 0000000 ____D C:\Windows\System32\appmgmt
2011-09-13 19:05 - 2011-09-12 17:34 - 0000000 ____D C:\Qoobox
2011-09-13 19:04 - 2011-09-13 18:40 - 0000870 ____A C:\Users\Public\Desktop\USBScan.lnk
2011-09-13 19:04 - 2011-09-13 18:40 - 0000000 ____D C:\Program Files\USBScan
2011-09-13 16:54 - 2011-09-13 16:36 - 0524288 __ASH C:\Windows\System32\config\components{327a9170-de1a-11e0-ad19-002622edf087}.TMContainer00000000000000000002.regtrans-ms
2011-09-13 16:25 - 2011-09-12 20:58 - 0000000 ____D C:\Config.Msi
2011-09-13 16:25 - 2010-11-16 01:30 - 0000000 ____D C:\Program Files\Common Files\Adobe
2011-09-13 16:14 - 2009-07-14 03:37 - 0000000 ____D C:\Windows\System32\config\TxR
2011-09-13 16:07 - 2010-09-04 02:08 - 0000000 ____D C:\Program Files\File Helper
2011-09-13 16:07 - 2010-09-04 02:08 - 0000000 ____D C:\Program Files\Ask.com
2011-09-13 16:07 - 2010-07-04 23:09 - 0000000 ____D C:\Program Files\iTunes
2011-09-13 16:07 - 2010-07-04 23:07 - 0000000 ____D C:\Program Files\QuickTime
2011-09-13 16:07 - 2010-02-04 17:17 - 0000000 ____D C:\Users\thuillier_d\AppData\Local\Microsoft Help
2011-09-13 16:07 - 2010-01-29 03:45 - 0000000 ____D C:\Program Files\ltmoh
2011-09-13 16:07 - 2010-01-29 03:38 - 0000000 ____D C:\Users\All Users\XP
2011-09-13 16:07 - 2010-01-29 03:38 - 0000000 ____D C:\ProgramData\XP
2011-09-13 16:07 - 2010-01-28 22:54 - 0000000 ____D C:\Program Files\McAfee
2011-09-13 16:07 - 2010-01-28 17:48 - 0000000 ____D C:\users\Denis Thuillier
2011-09-13 16:07 - 2009-08-27 04:40 - 0000000 ___HD C:\Program Files\InstallShield Installation Information
2011-09-13 16:07 - 2009-08-27 04:40 - 0000000 ____D C:\Program Files\TOSHIBA
2011-09-13 16:07 - 2009-07-14 03:37 - 0000000 __RSD C:\Windows\Media
2011-09-13 16:07 - 2009-07-14 03:37 - 0000000 ____D C:\Windows\System32\wfp
2011-09-13 16:07 - 2009-07-14 03:37 - 0000000 ____D C:\Windows\System32\fr-FR
2011-09-13 16:07 - 2009-07-14 03:37 - 0000000 ____D C:\Windows\System32\DriverStore
2011-09-13 16:07 - 2009-07-14 03:37 - 0000000 ____D C:\Windows\AppCompat
2011-09-13 16:07 - 2009-07-14 03:37 - 0000000 ____D C:\Program Files\Common Files\microsoft shared
2011-09-13 16:07 - 2009-07-14 03:36 - 0000000 __SHD C:\$Recycle.Bin
2011-09-13 16:06 - 2009-07-14 03:37 - 0000000 ____D C:\Windows\registration
2011-09-13 16:05 - 2010-02-04 17:19 - 0000000 ____D C:\Users\thuillier_d\AppData\Roaming\Adobe
2011-09-13 16:05 - 2010-02-04 17:17 - 0000000 ____D C:\Users\thuillier_d\AppData\LocalLow
2011-09-13 16:04 - 2010-01-28 22:54 - 0000000 ____D C:\Users\All Users\McAfee
2011-09-13 16:04 - 2010-01-28 22:54 - 0000000 ____D C:\ProgramData\McAfee
2011-09-13 16:04 - 2009-07-14 03:37 - 0000000 ___RD C:\users\Public
2011-09-13 16:03 - 2010-02-04 18:53 - 0000000 ____D C:\Program Files\Adobe
2011-09-13 16:03 - 2010-01-28 22:54 - 0000000 ____D C:\Program Files\Common Files\McAfee
2011-09-13 16:02 - 2011-09-13 16:01 - 0524288 __ASH C:\Windows\System32\config\components{0531a688-de18-11e0-9b5f-0026b666a2d2}.TMContainer00000000000000000002.regtrans-ms
2011-09-13 16:02 - 2011-09-13 16:01 - 0524288 __ASH C:\Windows\System32\config\components{0531a688-de18-11e0-9b5f-0026b666a2d2}.TMContainer00000000000000000001.regtrans-ms
2011-09-13 16:02 - 2011-09-13 16:01 - 0065536 __ASH C:\Windows\System32\config\components{0531a688-de18-11e0-9b5f-0026b666a2d2}.TM.blf
2011-09-13 15:51 - 2011-09-12 17:34 - 0000000 ____D C:\Windows\ERDNT
2011-09-13 15:51 - 2011-09-08 22:40 - 0000000 ____D C:\Program Files\Google
2011-09-13 15:00 - 2011-09-13 15:00 - 0016903 ____A C:\ComboFix.txt
2011-09-13 14:27 - 2011-09-13 14:25 - 0000000 ____D C:\## aswSnx private storage
2011-09-12 21:05 - 2011-03-04 20:42 - 0524288 __ASH C:\Windows\System32\config\components{28d1834d-4675-11e0-8318-002622edf087}.TMContainer00000000000000000002.regtrans-ms
2011-09-12 21:05 - 2011-03-04 20:42 - 0524288 __ASH C:\Windows\System32\config\components{28d1834d-4675-11e0-8318-002622edf087}.TMContainer00000000000000000001.regtrans-ms
2011-09-12 21:05 - 2011-03-04 20:42 - 0065536 __ASH C:\Windows\System32\config\components{28d1834d-4675-11e0-8318-002622edf087}.TM.blf
2011-09-12 21:02 - 2011-09-12 21:02 - 0000000 ____D C:\Program Files\AVAST Software
2011-09-12 20:32 - 2011-09-12 20:32 - 0000000 __ASH C:\Windows\System32\config\system.tmp.LOG2
2011-09-12 20:32 - 2011-09-12 20:32 - 0000000 __ASH C:\Windows\System32\config\system.tmp.LOG1
2011-09-12 20:32 - 2011-09-12 20:32 - 0000000 __ASH C:\Windows\System32\config\software.tmp.LOG2
2011-09-12 20:32 - 2011-09-12 20:32 - 0000000 __ASH C:\Windows\System32\config\software.tmp.LOG1
2011-09-12 20:32 - 2011-09-12 20:32 - 0000000 __ASH C:\Windows\System32\config\security.tmp.LOG2
2011-09-12 20:32 - 2011-09-12 20:32 - 0000000 __ASH C:\Windows\System32\config\security.tmp.LOG1
2011-09-12 20:32 - 2011-09-12 20:32 - 0000000 __ASH C:\Windows\System32\config\sam.tmp.LOG2
2011-09-12 20:32 - 2011-09-12 20:32 - 0000000 __ASH C:\Windows\System32\config\sam.tmp.LOG1
2011-09-12 20:32 - 2011-09-12 20:32 - 0000000 __ASH C:\Windows\System32\config\default.tmp.LOG2
2011-09-12 20:32 - 2011-09-12 20:32 - 0000000 __ASH C:\Windows\System32\config\default.tmp.LOG1
2011-09-12 20:32 - 2009-07-14 03:03 - 51380224 ____A C:\Windows\System32\config\software.bak
2011-09-12 20:32 - 2009-07-14 03:03 - 19660800 ____A C:\Windows\System32\config\system.bak
2011-09-12 20:32 - 2009-07-14 03:03 - 0524288 ____A C:\Windows\System32\config\default.bak
2011-09-12 20:32 - 2009-07-14 03:03 - 0262144 ____A C:\Windows\System32\config\security.bak
2011-09-12 17:26 - 2009-07-14 03:03 - 0262144 ____A C:\Windows\System32\config\sam.bak
2011-09-12 17:11 - 2011-09-12 17:11 - 0000000 ____D C:\Users\All Users\SUPERAntiSpyware.com
2011-09-12 17:11 - 2011-09-12 17:11 - 0000000 ____D C:\ProgramData\SUPERAntiSpyware.com
2011-09-12 15:09 - 2011-09-12 15:09 - 0000000 ____D C:\Users\thuillier_d\AppData\Roaming\Malwarebytes
2011-09-12 15:09 - 2011-09-12 15:09 - 0000000 ____D C:\Users\All Users\Malwarebytes
2011-09-12 15:09 - 2011-09-12 15:09 - 0000000 ____D C:\ProgramData\Malwarebytes
2011-09-10 17:24 - 2011-09-10 17:24 - 1791488 ____N (Microsoft Corporation) C:\Windows\System32\iertutil.dll
2011-09-10 17:24 - 2011-09-10 17:24 - 1126912 ____N (Microsoft Corporation) C:\Windows\System32\wininet.dll
2011-09-10 17:24 - 2011-09-10 17:24 - 1102848 ____N (Microsoft Corporation) C:\Windows\System32\urlmon.dll
2011-09-10 16:18 - 2011-09-10 16:18 - 0000000 ____D C:\found.000
2011-09-10 04:54 - 2010-02-04 18:59 - 0000000 ____D C:\Users\thuillier_d\AppData\Roaming\Apple Computer
2011-09-09 22:24 - 2010-03-01 20:55 - 0000000 ____D C:\QUARANTINE
2011-09-09 21:20 - 2011-09-09 19:15 - 0000112 ____A C:\Users\All Users\YnqK7lVrB.dat
2011-09-09 21:20 - 2011-09-09 19:15 - 0000112 ____A C:\ProgramData\YnqK7lVrB.dat
2011-09-09 20:02 - 2009-07-14 03:37 - 0000000 ____D C:\Windows\LiveKernelReports
2011-09-09 19:12 - 2011-09-09 19:12 - 0143876 ____A C:\Windows\System32\c_7265170.nls
2011-09-09 19:12 - 2011-09-09 19:12 - 0000000 ____D C:\Users\All Users\c5d747
2011-09-09 19:12 - 2011-09-09 19:12 - 0000000 ____D C:\ProgramData\c5d747
2011-09-09 01:10 - 2011-09-09 01:10 - 0000000 ____D C:\Windows\Sun
2011-09-08 23:38 - 2011-09-08 22:45 - 0000000 ____D C:\Users\thuillier_d\AppData\Roaming\Google
2011-09-08 23:19 - 2011-09-08 22:40 - 0000000 ____D C:\Users\thuillier_d\AppData\Local\Google
2011-09-08 22:44 - 2010-02-05 02:54 - 0000000 ____D C:\Users\thuillier_d\AppData\Local\Adobe
2011-09-08 22:41 - 2011-09-08 22:40 - 0000000 ____D C:\Users\All Users\Google
2011-09-08 22:41 - 2011-09-08 22:40 - 0000000 ____D C:\ProgramData\Google
2011-09-07 19:07 - 2010-02-04 17:10 - 0000696 ____A C:\Windows\System32\config\netlogon.ftl
2011-09-06 23:05 - 2011-09-06 01:19 - 0011298 __ASH C:\Users\thuillier_d\AppData\Local\kl2kssls2335gr04b2n08itufc0sr323f30220j170yo
2011-09-06 20:18 - 2010-02-04 17:17 - 0000000 ____D C:\Users\thuillier_d\AppData\Local\VirtualStore
2011-09-06 01:19 - 2011-09-06 01:19 - 0001120 __ASH C:\Users\All Users\kl2kssls2335gr04b2n08itufc0sr323f30220j170yo
2011-09-06 01:19 - 2011-09-06 01:19 - 0001120 __ASH C:\ProgramData\kl2kssls2335gr04b2n08itufc0sr323f30220j170yo
2011-09-06 01:19 - 2011-09-06 01:19 - 0000000 ____A C:\Users\All Users\rgeg.exe
2011-09-06 01:19 - 2011-09-06 01:19 - 0000000 ____A C:\ProgramData\rgeg.exe
2011-08-25 17:44 - 2009-07-14 03:37 - 0000000 ____D C:\Windows\rescache
2011-08-21 19:58 - 2010-09-04 02:08 - 0000334 ____A C:\Windows\Tasks\File Helper.job
2011-08-17 02:00 - 2011-09-13 19:40 - 0009954 ____A C:\Users\thuillier_d\Documents\CV Thuillier accréditation.docx
2011-08-15 14:54 - 2011-08-15 14:54 - 0462648 ____A C:\Windows\Minidump\081511-15553-01.dmp
2011-08-14 16:49 - 2009-07-14 03:37 - 0000000 ____D C:\Windows\Microsoft.NET
2011-08-11 13:32 - 2010-01-28 17:07 - 0000000 ____D C:\Users\All Users\Microsoft Help
2011-08-11 13:32 - 2010-01-28 17:07 - 0000000 ____D C:\ProgramData\Microsoft Help
2011-08-11 13:29 - 2010-01-28 22:50 - 52390856 ____A (Microsoft Corporation) C:\Windows\System32\MRT.exe
2011-08-05 01:48 - 2011-08-05 01:48 - 0404640 ____A (Adobe Systems Incorporated) C:\Windows\System32\FlashPlayerCPLApp.cpl
2011-07-31 16:16 - 2010-09-04 02:08 - 0001089 ____A C:\Users\Public\Desktop\File Helper.lnk
2011-07-27 20:38 - 2009-07-14 03:37 - 0000000 ____D C:\Windows\System32\NDF
2011-07-26 14:16 - 2009-07-14 05:53 - 0032482 ____A C:\Windows\Tasks\SCHEDLGU(135).TXT
2011-07-26 03:21 - 2010-02-04 17:51 - 0000000 ____D C:\Users\thuillier_d\Desktop\Bureau
2011-07-22 07:38 - 2011-08-10 13:58 - 5989376 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.dll
2011-07-22 05:56 - 2011-08-10 13:58 - 1638912 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.tlb
2011-07-16 05:37 - 2011-08-10 13:58 - 0169984 ____A (Microsoft Corporation) C:\Windows\System32\winsrv.dll
2011-07-16 05:34 - 2011-08-10 13:58 - 0868352 ____A (Microsoft Corporation) C:\Windows\System32\kernel32.dll
2011-07-16 05:34 - 2011-08-10 13:58 - 0290816 ____A (Microsoft Corporation) C:\Windows\System32\KernelBase.dll
2011-07-16 05:31 - 2011-08-10 13:58 - 0271360 ____A (Microsoft Corporation) C:\Windows\System32\conhost.exe
2011-07-16 05:19 - 2011-08-10 13:58 - 0005120 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-file-l1-1-0.dll
2011-07-16 05:19 - 2011-08-10 13:58 - 0004608 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-processthreads-l1-1-0.dll
2011-07-16 05:19 - 2011-08-10 13:58 - 0004096 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-sysinfo-l1-1-0.dll
2011-07-16 05:19 - 2011-08-10 13:58 - 0004096 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-synch-l1-1-0.dll
2011-07-16 05:19 - 2011-08-10 13:58 - 0004096 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-misc-l1-1-0.dll
2011-07-16 05:19 - 2011-08-10 13:58 - 0004096 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-localregistry-l1-1-0.dll
2011-07-16 05:19 - 2011-08-10 13:58 - 0004096 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-localization-l1-1-0.dll
2011-07-16 05:19 - 2011-08-10 13:58 - 0003584 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-processenvironment-l1-1-0.dll
2011-07-16 05:19 - 2011-08-10 13:58 - 0003584 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-namedpipe-l1-1-0.dll
2011-07-16 05:19 - 2011-08-10 13:58 - 0003584 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-memory-l1-1-0.dll
2011-07-16 05:19 - 2011-08-10 13:58 - 0003584 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-libraryloader-l1-1-0.dll
2011-07-16 05:19 - 2011-08-10 13:58 - 0003584 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-interlocked-l1-1-0.dll
2011-07-16 05:19 - 2011-08-10 13:58 - 0003584 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-heap-l1-1-0.dll
2011-07-16 05:19 - 2011-08-10 13:58 - 0003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-string-l1-1-0.dll
2011-07-16 05:19 - 2011-08-10 13:58 - 0003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-rtlsupport-l1-1-0.dll
2011-07-16 05:19 - 2011-08-10 13:58 - 0003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-profile-l1-1-0.dll
2011-07-16 05:19 - 2011-08-10 13:58 - 0003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-io-l1-1-0.dll
2011-07-16 05:19 - 2011-08-10 13:58 - 0003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-handle-l1-1-0.dll
2011-07-16 05:19 - 2011-08-10 13:58 - 0003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-fibers-l1-1-0.dll
2011-07-16 05:19 - 2011-08-10 13:58 - 0003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-errorhandling-l1-1-0.dll
2011-07-16 05:19 - 2011-08-10 13:58 - 0003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-delayload-l1-1-0.dll
2011-07-16 05:19 - 2011-08-10 13:58 - 0003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-debug-l1-1-0.dll
2011-07-16 05:19 - 2011-08-10 13:58 - 0003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-datetime-l1-1-0.dll
2011-07-16 05:19 - 2011-08-10 13:58 - 0003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-console-l1-1-0.dll
2011-07-16 03:21 - 2011-08-10 13:58 - 0006144 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-security-base-l1-1-0.dll
2011-07-16 03:21 - 2011-08-10 13:58 - 0004608 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-threadpool-l1-1-0.dll
2011-07-16 03:21 - 2011-08-10 13:58 - 0003584 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-xstate-l1-1-0.dll
2011-07-16 03:21 - 2011-08-10 13:58 - 0003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-util-l1-1-0.dll
2011-07-13 14:42 - 2009-07-14 05:33 - 0447016 ____A C:\Windows\System32\FNTCACHE.DAT
2011-07-09 05:30 - 2011-08-24 15:20 - 0002048 ____A (Microsoft Corporation) C:\Windows\System32\tzres.dll
2011-07-09 03:26 - 2011-08-10 13:58 - 0222720 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\mrxsmb10.sys
2011-07-08 16:03 - 2011-07-08 16:03 - 0001018 ____A C:\Users\thuillier_d\Desktop\Dropbox.lnk

========================= Known DLLs (Whitelisted) ============


========================= Bamital & volsnap Check ============

C:\Windows\explorer.exe => MD5 is legit

C:\Windows\System32\winlogon.exe => MD5 is legit

C:\Windows\System32\wininit.exe => MD5 is legit

C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit

========================= Memory info ======================

Percentage of memory in use: 12%
Total physical RAM: 4060.87 MB
Available physical RAM: 3572.18 MB
Total Pagefile: 4059.15 MB
Available Pagefile: 3571.16 MB
Total Virtual: 2047.88 MB
Available Virtual: 1962.3 MB

======================= Partitions =========================

1 Drive c: (S3A8073D002) (Fixed) (Total:266.72 GB) (Free:216.69 GB) NTFS
2 Drive d: (System) (Fixed) (Total:1.46 GB) (Free:1.29 GB) NTFS
4 Drive f: () (Removable) (Total:3.76 GB) (Free:3.75 GB) FAT32
5 Drive x: (Boot) (Fixed) (Total:0.03 GB) (Free:0.03 GB) NTFS

==========================================================

Last Boot: 2011-09-22 21:03

======================= End Of Log ==========================

Thanks!

#14 Farbar

Farbar

    Just Curious


  • Security Developer
  • 21,716 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:The Netherlands
  • Local time:04:42 AM

Posted 23 September 2011 - 01:45 PM

Well done. :thumbup2:

We are going to remove the MBR infection then uninstall Internet Explorer 9 and revert it to Internet Explorer 8.

  • Open notepad (Start =>All Programs => Accessories => Notepad). Please copy the entire contents of the code box below. (To do this highlight the contents of the box, right click on it and select copy. Right-click in the open notepad and select Paste). Save it on the flashdrive as fixlist.txt

    start
    2011-09-06 01:19 - 2011-09-06 23:05 - 0011298 __ASH C:\Users\thuillier_d\AppData\Local\kl2kssls2335gr04b2n08itufc0sr323f30220j170yo
    2011-09-06 01:19 - 2011-09-06 01:19 - 0001120 __ASH C:\Users\All Users\kl2kssls2335gr04b2n08itufc0sr323f30220j170yo
    2011-09-06 01:19 - 2011-09-06 01:19 - 0001120 __ASH C:\ProgramData\kl2kssls2335gr04b2n08itufc0sr323f30220j170yo
    2011-09-06 01:19 - 2011-09-06 01:19 - 0000000 ____A C:\Users\All Users\rgeg.exe
    2011-09-06 01:19 - 2011-09-06 01:19 - 0000000 ____A C:\ProgramData\rgeg.exe
    cmd: bootrec /FixMbr
    Control: 
    end
    

    NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system

    Now please enter System Recovery Options.

    Run FRST and press the Fix button just once and wait.
    The tool will make a log on the flashdrive (Fixlog.txt) please post it to your reply.
  • Restart the computer.
  • Go to Start => Control Panel => Programs and Features => click View installed updates in the navigation pane.
    Select Internet Explorer 9 and select Uninstall.
  • Reboot.
  • If you have no Internet Explorer icon on the Status balk or Desktop:
    Go to Start => All Programs => Right-click on Internet Explorer icon: select Pin to Status Blalk or Send to => Desktop.
    Go to desktop and run Internet Explorer (it is now 8) and configure it. And tell me how it went.


#15 AxelFTW

AxelFTW
  • Topic Starter

  • Members
  • 16 posts
  • OFFLINE
  •  
  • Local time:09:42 PM

Posted 23 September 2011 - 02:56 PM

Thanks Farbar,

Here's the fixlog.txt

Fix result of Farbars's Recovery Tool (FRST written by farbar Version 2.2.1)
Ran by Système at 2011-09-23 15:23:38 R:1
Running from F:\

==============================================

C:\Users\thuillier_d\AppData\Local\kl2kssls2335gr04b2n08itufc0sr323f30220j170yo moved successfully.
C:\Users\All Users\kl2kssls2335gr04b2n08itufc0sr323f30220j170yo moved successfully.
C:\ProgramData\kl2kssls2335gr04b2n08itufc0sr323f30220j170yo not found.
C:\Users\All Users\rgeg.exe moved successfully.
C:\ProgramData\rgeg.exe not found.

========= bootrec /FixMbr =========

ÿþL  o p é r a t i o n a r é u s s i .

========= End of CMD: =========


=========== Control: ===========

L'op‚ration a r‚ussi.

==== End of Control: ====

==== End of Fixlog ====

***** Because my laptop is in french it's marked at the end "L'op,ration a r,ussi". That means "The operation was succesful" *****

For the uninstalling of Internet Explorer 9, I'm a little bit baffled because there's nothing with this name.
To make sure, I went to the Windows Update Icon and I saw that I had installed Internet Explorer 9 at this date : 2011-09-10
I checked the list thrice but found nothing. The only thing with a 9 was Microsoft Works 9.

Maybe it's in one of the updates with à KB******* but there's so many I can't really say which one it is.
I still can't access the Internet

Thanks for your all your help.

I'll be back at my office monday morning at 8:00 AM




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users