Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

"DHCP Client 100% CPU after ComboFix" logs


  • This topic is locked This topic is locked
26 replies to this topic

#1 Troudhyl

Troudhyl

  • Members
  • 15 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:France
  • Local time:10:41 AM

Posted 25 August 2012 - 05:47 AM

Hello,

========================================================================

This topic is linked to this other one where I explained that I am not infected by a malware, I just ran ComboFix without precautions. Maybe it conflicts with :
- REALTEK 11n Wireless LAN Utility
- FrozenWay (OpenVPN software)
- Shrew Soft VPN Client
Now, something is broken and I lost the DHCP Client and PolicyAgent services. Here are 2 event logs about DHCP Client (and v6, the worst), different from the other topic because I took it in Safe Mode with network support, so it is very focused on the problem.
http://www.partage-facile.com/UATKE7MPHF/dhcp_client_2_.evtx.html
http://www.partage-facile.com/SVZA3DQXH7/dhcpv6_client_2_.evtx.html
As you can see, DHCP Client get always WSAEINVAL error and retry as an infinite loop. Men which made ComboFix could know which step can provoke these DhcpV6ClientEvents_ErrorOpeningSocket.

========================================================================

Here is DDS.txt log, taken in Safe Mode with network support (IE opened to see instructions) :

.
DDS (Ver_2011-08-26.01) - NTFSAMD64 NETWORK
Internet Explorer: 9.0.8112.16421 BrowserJavaVersion: 10.6.2
Run by Jean-Christophe at 11:31:08 on 2012-08-25
Microsoft Windows 7 Professionnel 6.1.7601.1.1252.33.1036.18.4094.1707 [GMT 2:00]
.
AV: Microsoft Security Essentials *Enabled/Updated* {9765EA51-0D3C-7DFB-6091-10E4E1F341F6}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: Microsoft Security Essentials *Enabled/Updated* {2C040BB5-2B06-7275-5A21-2B969A740B4B}
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Program Files\Microsoft Security Client\MsMpEng.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\Explorer.EXE
C:\Windows\system32\ctfmon.exe
C:\Program Files\TortoiseSVN\bin\TSVNCache.exe
C:\Windows\system32\taskmgr.exe
C:\Windows\system32\mmc.exe
C:\Windows\explorer.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Windows\system32\DllHost.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\conhost.exe
C:\Windows\SysWOW64\cscript.exe
C:\Windows\system32\wbem\wmiprvse.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.google.fr/
uInternet Settings,ProxyOverride = *.local;localhost;127.0.0.1;*.insa-toulouse.fr;<local>
uInternet Settings,ProxyServer = wwwcache.insa-toulouse.fr:3128
BHO: IDM integration (IDMIEHlprObj Class): {0055c089-8582-441b-a0bf-17b458c2a3a8} - C:\Program Files (x86)\Internet Download Manager\IDMIECC.dll
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - C:\PROGRA~2\MIF5BA~1\Office14\GROOVEEX.DLL
BHO: Java™ Plug-In SSV Helper: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll
BHO: Programme d’aide de l’Assistant de connexion au compte Microsoft: {9030d464-4c02-4abf-8ecc-5164760863c6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO: Office Document Cache Handler: {b4f3a835-0e21-4959-ba22-42b3008e02ff} - C:\PROGRA~2\MIF5BA~1\Office14\URLREDIR.DLL
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll
BHO: Programme d'assistance de Microsoft Web Test Recorder 10.0: {dda57003-0068-4ed2-9d32-4d1ec707d94d} - C:\Program Files (x86)\Microsoft Visual Studio 10.0\Common7\IDE\PrivateAssemblies\Microsoft.VisualStudio.QualityTools.RecorderBarBHO100.dll
TB: {71576546-354D-41C9-AAE8-31F2EC22BF0D} - No File
EB: Developer Tools: {1a6fe369-f28c-4ad9-a3e6-2bcb50807cf1} - C:\Program Files (x86)\Internet Explorer\iedvtool.dll
uRun: [Spiffy] "C:\Program Files (x86)\Spiffy\spiffy.exe"
uRun: [SuperF4] "C:\Program Files\SuperF4\SuperF4.exe" -hide
uRun: [FileHippo.com] "C:\Program Files (x86)\FileHippo.com\UpdateChecker.exe" /background
uRun: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
uRun: [msnmsgr] "C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe" /background
mRun: [StartCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
StartupFolder: C:\Users\JEAN-C~1\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\SERVIC~1.LNK - C:\Program Files (x86)\Rex\RexDaemon\RexDaemon.exe
StartupFolder: C:\Users\JEAN-C~1\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\SHREWS~1.LNK - C:\Program Files (x86)\ShrewSoft\VPN Client\ipsecc.exe
mPolicies-explorer: BindDirectlyToPropertySetStorage = 0 (0x0)
mPolicies-system: ConsentPromptBehaviorAdmin = 0 (0x0)
mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
mPolicies-system: EnableLUA = 0 (0x0)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
mPolicies-system: PromptOnSecureDesktop = 0 (0x0)
mPolicies-system: LocalAccountTokenFilterPolicy = 0 (0x0)
IE: &Envoyer à OneNote - C:\PROGRA~1\MICROS~3\Office14\ONBttnIE.dll/105
IE: E&xporter vers Microsoft Excel - C:\PROGRA~1\MICROS~3\Office14\EXCEL.EXE/3000
IE: Tout télécharger avec Free Download Manager - file://C:\Program Files (x86)\Free Download Manager\dlall.htm
IE: Télécharger avec Free Download Manager - file://C:\Program Files (x86)\Free Download Manager\dllink.htm
IE: Télécharger avec IDM - C:\Program Files (x86)\Internet Download Manager\IEExt.htm
IE: Télécharger la sélection avec Free Download Manager - file://C:\Program Files (x86)\Free Download Manager\dlselected.htm
IE: Télécharger la vidéo avec Free Download Manager - file://C:\Program Files (x86)\Free Download Manager\dlfvideo.htm
IE: Télécharger tous les liens avec IDM - C:\Program Files (x86)\Internet Download Manager\IEGetAll.htm
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll
IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
DPF: {166B1BCA-3F9C-11CF-8075-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
DPF: {17492023-C23A-453E-A040-C7C580BBF700} - hxxp://download.microsoft.com/download/E/5/6/E5611B10-0D6D-4117-8430-A67417AA88CD/LegitCheckControl.cab
DPF: {233C1507-6A77-46A4-9443-F871F945D258} - hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
DPF: {784797A8-342D-4072-9486-03C8D0F2F0A1} - hxxps://www.battlefieldheroes.com/static/updater/BFHUpdater_4.0.27.0.cab
DPF: {867E13F2-7F31-44FB-AC97-CD38E0DC46EF} - hxxp://fichiers.touslesdrivers.com/maconfig/MaConfig_5_2_1_0.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_34-windows-i586.cab
DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab
DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} - hxxp://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
DPF: {CAFEEFAC-0016-0000-0034-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_34-windows-i586.cab
DPF: {CAFEEFAC-0017-0000-0004-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_04-windows-i586.cab
DPF: {CAFEEFAC-0017-0000-0005-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_05-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_34-windows-i586.cab
TCP: Interfaces\{7A65A7D7-929B-4A87-AF78-BDC5C9C46E8B} : NameServer = 195.83.9.11,195.83.9.12
TCP: Interfaces\{F9E6E265-D7FB-4568-9327-6544BBD1559A} : NameServer = 195.83.9.11,195.83.9.12
Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\microsoft shared\OFFICE14\MSOXMLMF.DLL
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL
Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - C:\PROGRA~2\MIF5BA~1\Office14\GROOVEEX.DLL
{0055C089-8582-441B-A0BF-17B458C2A3A8}
{18DF081C-E8AD-4283-A596-FA578C2EBDC3}
{72853161-30C5-4D22-B7F9-0BBC1D38A37E}
{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}
{9030D464-4C02-4ABF-8ECC-5164760863C6}
{B4F3A835-0E21-4959-BA22-42B3008E02FF}
{DBC80044-A445-435b-BC74-9C25C1C588A9}
{DDA57003-0068-4ed2-9D32-4D1EC707D94D}
TB-X64: {71576546-354D-41C9-AAE8-31F2EC22BF0D} - No File
EB-X64: {1A6FE369-F28C-4AD9-A3E6-2BCB50807CF1} - No File
mRun-x64: [StartCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
SEH-X64: {B5A7F190-DDA6-4420-B3BA-52453494E6CD}: Groove GFS Stub Execution Hook
Hosts: 127.0.0.1 www.spywareinfo.com
Hosts: 195.83.11.66 wwwcache.insa-toulouse.fr # proxy INSA
.
============= SERVICES / DRIVERS ===============
.
R1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;C:\Windows\system32\DRIVERS\dtsoftbus01.sys --> C:\Windows\system32\DRIVERS\dtsoftbus01.sys [?]
R1 vflt;Shrew Soft Lightweight Filter;C:\Windows\system32\DRIVERS\vfilter.sys --> C:\Windows\system32\DRIVERS\vfilter.sys [?]
R1 VWiFiFlt;Virtual WiFi Filter Driver;C:\Windows\system32\DRIVERS\vwififlt.sys --> C:\Windows\system32\DRIVERS\vwififlt.sys [?]
R3 RTL8167;Realtek 8167 NT Driver;C:\Windows\system32\DRIVERS\Rt64win7.sys --> C:\Windows\system32\DRIVERS\Rt64win7.sys [?]
R3 RTL8192su;Realtek RTL8192SU Wireless LAN 802.11n USB 2.0 Network Adapter;C:\Windows\system32\DRIVERS\RTL8192su.sys --> C:\Windows\system32\DRIVERS\RTL8192su.sys [?]
S0 MpFilter;Microsoft Malware Protection Driver;C:\Windows\system32\DRIVERS\MpFilter.sys --> C:\Windows\system32\DRIVERS\MpFilter.sys [?]
S1 ElRawDisk;ElRawDisk;\??\C:\Windows\system32\drivers\ElRawDsk.sys --> C:\Windows\system32\drivers\ElRawDsk.sys [?]
S2 acedrv11;acedrv11;\??\C:\Windows\system32\drivers\acedrv11.sys --> C:\Windows\system32\drivers\acedrv11.sys [?]
S2 AdobeARMservice;Adobe Acrobat Update Service;C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2012-7-27 63960]
S2 AMD External Events Utility;AMD External Events Utility;C:\Windows\system32\atiesrxx.exe --> C:\Windows\system32\atiesrxx.exe [?]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
S2 dtpd;ShrewSoft DNS Proxy Daemon;C:\Program Files\ShrewSoft\VPN Client\dtpd.exe -service --> C:\Program Files\ShrewSoft\VPN Client\dtpd.exe -service [?]
S2 IDMWFP;IDMWFP;C:\Windows\system32\DRIVERS\idmwfp.sys --> C:\Windows\system32\DRIVERS\idmwfp.sys [?]
S2 iked;ShrewSoft IKE Daemon;C:\Program Files\ShrewSoft\VPN Client\iked.exe -service --> C:\Program Files\ShrewSoft\VPN Client\iked.exe -service [?]
S2 ipsecd;ShrewSoft IPSEC Daemon;C:\Program Files\ShrewSoft\VPN Client\ipsecd.exe -service --> C:\Program Files\ShrewSoft\VPN Client\ipsecd.exe -service [?]
S2 OODefragAgent;O&O Defrag;C:\Program Files\OO Software\Defrag\oodag.exe [2010-11-25 3152200]
S2 PDFsFilter;PDFsFilter;C:\Windows\system32\DRIVERS\PDFsFilter.sys --> C:\Windows\system32\DRIVERS\PDFsFilter.sys [?]
S2 Realtek11nSU;Realtek11nSU;C:\Program Files (x86)\Realtek\11n USB Wireless LAN Utility\RtlService.exe [2012-8-22 36864]
S2 SkypeUpdate;Skype Updater;C:\Program Files (x86)\Skype\Updater\Updater.exe [2012-6-7 160944]
S2 TeamViewer7;TeamViewer 7;C:\Program Files (x86)\TeamViewer\Version7\TeamViewer_Service.exe [2012-7-16 2673064]
S3 amdkmdag;amdkmdag;C:\Windows\system32\DRIVERS\atikmdag.sys --> C:\Windows\system32\DRIVERS\atikmdag.sys [?]
S3 amdkmdap;amdkmdap;C:\Windows\system32\DRIVERS\atikmpag.sys --> C:\Windows\system32\DRIVERS\atikmpag.sys [?]
S3 AtiHDAudioService;AMD Function Driver for HD Audio Service;C:\Windows\system32\drivers\AtihdW76.sys --> C:\Windows\system32\drivers\AtihdW76.sys [?]
S3 dg_ssudbus;SAMSUNG Mobile USB Composite Device Driver (DEVGURU Ver.);C:\Windows\system32\DRIVERS\ssudbus.sys --> C:\Windows\system32\DRIVERS\ssudbus.sys [?]
S3 driverhardwarev2x64;driverhardwarev2x64;C:\Program Files\ma-config.com\Drivers\driverhardwarev2x64.sys [2011-7-21 16640]
S3 ENTECH64;ENTECH64;C:\Windows\System32\drivers\Entech64.sys [2009-3-23 12744]
S3 etdrv;etdrv;C:\Windows\etdrv.sys [2011-1-15 25640]
S3 Gun;Gun;\??\C:\Windows\system32\Gun64.sys --> C:\Windows\system32\Gun64.sys [?]
S3 GVTDrv64;GVTDrv64;C:\Windows\GVTDrv64.sys [2009-3-16 30528]
S3 HiPatchService;Hi-Rez Studios Authenticate and Update Service;C:\Program Files (x86)\Hi-Rez Studios\HiPatchService.exe [2012-6-27 8704]
S3 ioloSystemService;iolo System Service;C:\Program Files (x86)\iolo\Common\Lib\ioloServiceManager.exe [2012-8-23 1027792]
S3 maconfservice;Ma-Config Service;C:\Program Files\ma-config.com\x64\maconfservice.exe [2012-7-4 427672]
S3 Microsoft SharePoint Workspace Audit Service;Microsoft SharePoint Workspace Audit Service;C:\Program Files\Microsoft Office\Office14\GROOVE.EXE [2011-6-12 51740536]
S3 MozillaMaintenance;Mozilla Maintenance Service;C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe [2012-4-29 113120]
S3 MsgPlusService;Messenger Plus! Service;C:\Program Files (x86)\Yuna Software\Messenger Plus! for Skype\MsgPlusForSkypeService.exe [2012-4-2 124832]
S3 netr7364;Hercules USB Wireless LAN Card Driver for Vista;C:\Windows\system32\DRIVERS\netr7364.sys --> C:\Windows\system32\DRIVERS\netr7364.sys [?]
S3 NisDrv;Microsoft Network Inspection System;C:\Windows\system32\DRIVERS\NisDrvWFP.sys --> C:\Windows\system32\DRIVERS\NisDrvWFP.sys [?]
S3 NisSrv;Inspection du réseau Microsoft;C:\Program Files\Microsoft Security Client\NisSrv.exe [2012-3-26 291696]
S3 ose64;Office 64 Source Engine;C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2010-1-9 174440]
S3 osppsvc;Office Software Protection Platform;C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-1-9 4925184]
S3 PORTMON;PORTMON;D:\Mes Documents\Téléchargement\Programmes\NirLauncher\SysinternalsSuite\PORTMSYS.SYS [2011-5-28 28656]
S3 ReportServer;SQL Server Reporting Services (MSSQLSERVER);C:\Program Files\Microsoft SQL Server\MSRS10.MSSQLSERVER\Reporting Services\ReportServer\bin\ReportingServicesService.exe [2010-9-17 2085208]
S3 Revoflt;Revoflt;C:\Windows\system32\DRIVERS\revoflt.sys --> C:\Windows\system32\DRIVERS\revoflt.sys [?]
S3 rtlss;Service for enabling selective suspend to RTL device;C:\Windows\system32\Drivers\rtlss.sys --> C:\Windows\system32\Drivers\rtlss.sys [?]
S3 SandraAgentSrv;SiSoftware Deployment Agent Service;C:\Program Files\SiSoftware\SiSoftware Sandra Lite 2012.SP2\RpcAgentSrv.exe [2012-2-7 68760]
S3 ScreamBAudioSvc;ScreamBee Audio;C:\Windows\system32\drivers\ScreamingBAudio64.sys --> C:\Windows\system32\drivers\ScreamingBAudio64.sys [?]
S3 sesvc;ShadowExplorer Service;C:\Program Files (x86)\ShadowExplorer\sesvc.exe [2011-3-2 9216]
S3 ssudmdm;SAMSUNG Mobile USB Modem Drivers (DEVGURU Ver.);C:\Windows\system32\DRIVERS\ssudmdm.sys --> C:\Windows\system32\DRIVERS\ssudmdm.sys [?]
S3 ssudserd;SAMSUNG Mobile USB Diagnostic Serial Port(DEVGURU Ver.);C:\Windows\system32\DRIVERS\ssudserd.sys --> C:\Windows\system32\DRIVERS\ssudserd.sys [?]
S3 StorSvc;Service de stockage;C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted [2009-7-14 20992]
S3 teamviewervpn;TeamViewer VPN Adapter;C:\Windows\system32\DRIVERS\teamviewervpn.sys --> C:\Windows\system32\DRIVERS\teamviewervpn.sys [?]
S3 Tomcat6;Apache Tomcat 6.0 Tomcat6;C:\Program Files\Apache Software Foundation\Tomcat 6.0\bin\Tomcat6.exe [2011-11-28 96256]
S3 Tomcat7;Apache Tomcat 7.0 Tomcat7;C:\Program Files\Apache Software Foundation\Tomcat 7.0\bin\Tomcat7.exe [2012-7-3 99840]
S3 TsUsbFlt;TsUsbFlt;C:\Windows\system32\drivers\tsusbflt.sys --> C:\Windows\system32\drivers\tsusbflt.sys [?]
S3 TuneUp.UtilitiesSvc;TuneUp Utilities Service;C:\Program Files (x86)\TuneUp Utilities 2012\TuneUpUtilitiesService64.exe [2012-5-29 2143072]
S3 TuneUpUtilitiesDrv;TuneUpUtilitiesDrv;C:\Program Files (x86)\TuneUp Utilities 2012\TuneUpUtilitiesDriver64.sys [2011-12-6 11856]
S3 VBoxUSB;VirtualBox USB;C:\Windows\system32\Drivers\VBoxUSB.sys --> C:\Windows\system32\Drivers\VBoxUSB.sys [?]
S3 vnet;Shrew Soft Virtual Adapter;C:\Windows\system32\DRIVERS\virtualnet.sys --> C:\Windows\system32\DRIVERS\virtualnet.sys [?]
S3 vpcuxd;Service stub de virtualisation USB;C:\Windows\system32\DRIVERS\vpcuxd.sys --> C:\Windows\system32\DRIVERS\vpcuxd.sys [?]
S3 VSPerfDrv100;Performance Tools Driver 10.0;C:\Program Files (x86)\Microsoft Visual Studio 10.0\Team Tools\Performance Tools\x64\VSPerfDrv100.sys [2011-1-18 68440]
S3 vwifimp;Microsoft Virtual WiFi Miniport Service;C:\Windows\system32\DRIVERS\vwifimp.sys --> C:\Windows\system32\DRIVERS\vwifimp.sys [?]
S3 WatAdminSvc;Service Windows Activation Technologies;C:\Windows\system32\Wat\WatAdminSvc.exe --> C:\Windows\system32\Wat\WatAdminSvc.exe [?]
S3 WsAudio_DeviceS(1);WsAudio_DeviceS(1);C:\Windows\system32\drivers\WsAudio_DeviceS(1).sys --> C:\Windows\system32\drivers\WsAudio_DeviceS(1).sys [?]
S3 WsAudio_DeviceS(2);WsAudio_DeviceS(2);C:\Windows\system32\drivers\WsAudio_DeviceS(2).sys --> C:\Windows\system32\drivers\WsAudio_DeviceS(2).sys [?]
S3 WsAudio_DeviceS(3);WsAudio_DeviceS(3);C:\Windows\system32\drivers\WsAudio_DeviceS(3).sys --> C:\Windows\system32\drivers\WsAudio_DeviceS(3).sys [?]
S3 WsAudio_DeviceS(4);WsAudio_DeviceS(4);C:\Windows\system32\drivers\WsAudio_DeviceS(4).sys --> C:\Windows\system32\drivers\WsAudio_DeviceS(4).sys [?]
S3 WsAudio_DeviceS(5);WsAudio_DeviceS(5);C:\Windows\system32\drivers\WsAudio_DeviceS(5).sys --> C:\Windows\system32\drivers\WsAudio_DeviceS(5).sys [?]
S4 gupdate;Service Google Update (gupdate);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2010-1-3 135664]
S4 gupdatem;Service Google Update (gupdatem);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2010-1-3 135664]
S4 MsDepSvc;Service de l'agent de déploiement Web;C:\Program Files\IIS\Microsoft Web Deploy\MsDepSvc.exe [2011-2-4 63304]
S4 MsDtsServer100;SQL Server Integration Services 10.0;C:\Program Files\Microsoft SQL Server\100\DTS\Binn\MsDtsSrvr.exe [2010-9-17 210776]
S4 MSSQLFDLauncher;SQL Full-text Filter Daemon Launcher (MSSQLSERVER);C:\Program Files\Microsoft SQL Server\MSSQL10.MSSQLSERVER\MSSQL\Binn\fdlauncher.exe [2008-7-10 34840]
S4 MSSQLServerADHelper100;Service SQL Active Directory Helper;C:\Program Files\Microsoft SQL Server\100\Shared\sqladhlp.exe [2008-7-10 61976]
S4 RsFx0103;RsFx0103 Driver;C:\Windows\system32\DRIVERS\RsFx0103.sys --> C:\Windows\system32\DRIVERS\RsFx0103.sys [?]
.
=============== Created Last 30 ================
.
2012-08-25 08:18:00 -------- d-----w- C:\Program Files (x86)\Uniblue
2012-08-24 19:37:12 9309624 ----a-w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{B0BDAE24-8BFD-4C90-94E5-68667EA17E6A}\mpengine.dll
2012-08-23 21:41:53 224088 ----a-w- C:\Windows\System32\drivers\VBoxDrv.sys
2012-08-23 21:41:45 130904 ----a-w- C:\Windows\System32\drivers\VBoxUSBMon.sys
2012-08-23 18:52:09 -------- d-----w- C:\Program Files (x86)\Common Files\Windows Live
2012-08-23 18:20:32 512 ----a-w- C:\PhysicalDisk0_MBR.bin
2012-08-23 17:43:16 -------- d-----w- C:\ZHP
2012-08-23 17:43:16 -------- d-----w- C:\Program Files (x86)\ZHPDiag
2012-08-23 07:19:08 82160 ----a-w- C:\Windows\System32\drivers\PDFsFilter.sys
2012-08-23 07:18:16 74703 ----a-w- C:\Windows\SysWow64\mfc45.dat
2012-08-23 07:13:43 23464 ----a-w- C:\Windows\System32\drivers\ElRawDsk.sys
2012-08-23 05:31:58 9309624 ----a-w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2012-08-22 20:38:55 -------- d-----w- C:\Windows\SysWow64\URTTEMP
2012-08-22 20:38:40 172032 ----a-w- C:\Windows\SysWow64\muzapp.exe
2012-08-22 20:38:19 74703 ----a-w- C:\Windows\SysWOW64mfc45.dll
2012-08-22 19:59:17 -------- d-----w- C:\Program Files (x86)\Cisco
2012-08-22 19:58:30 694376 ----a-w- C:\Windows\System32\drivers\rtl8192su.sys
2012-08-22 19:58:24 614400 ----a-w- C:\Windows\SysWow64\Rtlihvs.dll
2012-08-22 19:58:24 380928 ----a-w- C:\Windows\RtlUI2.exe
2012-08-22 19:49:09 -------- d-----w- C:\Users\Jean-Christophe\AppData\Local\Shrew Soft VPN
2012-08-22 19:49:09 -------- d-----w- C:\ProgramData\Shrew Soft VPN
2012-08-22 12:55:58 71680 ----a-w- C:\Windows\System32\frapsv64.dll
2012-08-22 12:55:56 65536 ----a-w- C:\Windows\SysWow64\frapsvid.dll
2012-08-21 17:23:43 -------- d-----w- C:\CAPTURES
2012-08-21 16:33:03 -------- d-sh--w- C:\$RECYCLE.BIN
2012-08-20 15:23:52 166232 ----a-w- C:\Windows\System32\drivers\VBoxNetFlt.sys
2012-08-20 15:23:52 147288 ----a-w- C:\Windows\System32\drivers\VBoxNetAdp.sys
2012-08-20 15:23:50 320856 ----a-w- C:\Windows\System32\VBoxNetFltNobj.dll
2012-08-18 21:32:29 -------- d-----w- C:\Program Files (x86)\AMD APP
2012-08-18 21:09:07 108008 ----a-w- C:\Windows\System32\WindowsAccessBridge-64.dll
2012-08-18 21:03:11 95208 ----a-w- C:\Windows\SysWow64\WindowsAccessBridge-32.dll
2012-08-18 19:55:48 -------- d-----w- C:\Program Files\Wireshark
2012-08-18 19:33:42 503808 ----a-w- C:\Windows\System32\srcore.dll
2012-08-18 19:33:42 43008 ----a-w- C:\Windows\SysWow64\srclient.dll
2012-08-18 19:33:36 751104 ----a-w- C:\Windows\System32\win32spl.dll
2012-08-18 19:33:36 67072 ----a-w- C:\Windows\splwow64.exe
2012-08-18 19:33:36 559104 ----a-w- C:\Windows\System32\spoolsv.exe
2012-08-18 19:33:36 492032 ----a-w- C:\Windows\SysWow64\win32spl.dll
2012-08-18 19:33:33 59392 ----a-w- C:\Windows\System32\browcli.dll
2012-08-18 19:33:33 41984 ----a-w- C:\Windows\SysWow64\browcli.dll
2012-08-18 19:33:33 136704 ----a-w- C:\Windows\System32\browser.dll
2012-08-18 19:33:30 3148800 ----a-w- C:\Windows\System32\win32k.sys
2012-08-18 19:33:28 956928 ----a-w- C:\Windows\System32\localspl.dll
2012-08-11 06:33:57 -------- d-----w- C:\Program Files (x86)\LibreOffice 3.6
2012-08-08 23:23:04 -------- d-----w- C:\Program Files (x86)\HexCmp
2012-08-08 18:25:26 -------- d-----w- C:\Windows\fr
2012-08-08 09:38:53 -------- d-----w- C:\Users\Jean-Christophe\AppData\Local\{840E2A8C-E756-43DE-B478-6A700478A173}
2012-08-08 09:38:53 -------- d-----w- C:\Users\Jean-Christophe\AppData\Local\{1A52BE8A-5B5F-4D63-8813-20050EC92DAB}
2012-08-08 06:11:44 -------- d-----w- C:\ProgramData\TmForever
2012-08-08 06:08:46 -------- d-----w- C:\Program Files (x86)\TmNationsForever
2012-08-07 21:38:22 -------- d-----w- C:\Users\Jean-Christophe\AppData\Local\{93F35AE8-912B-4835-8AF2-C2F868441D0E}
2012-08-07 21:38:16 -------- d-----w- C:\Users\Jean-Christophe\AppData\Local\{5A43A7E6-ED57-45A5-BE07-95BEC09FF3E6}
2012-08-07 09:38:10 -------- d-----w- C:\Users\Jean-Christophe\AppData\Local\{B4A7CFD1-0737-4AAA-BEC5-695009D3DDC4}
2012-08-07 09:38:09 -------- d-----w- C:\Users\Jean-Christophe\AppData\Local\{AEB65A14-50AD-408A-8EED-6D4FD2FF9C2D}
2012-08-06 21:37:45 -------- d-----w- C:\Users\Jean-Christophe\AppData\Local\{9285A96A-A965-4603-85B5-1F54F5217407}
2012-08-06 21:37:37 -------- d-----w- C:\Users\Jean-Christophe\AppData\Local\{372CB4BD-E0E7-4CCB-9CC4-294C3E0375C9}
2012-08-06 09:37:25 -------- d-----w- C:\Users\Jean-Christophe\AppData\Local\{6F0B5824-292D-4198-8DC2-561E043A30B6}
2012-08-06 09:37:18 -------- d-----w- C:\Users\Jean-Christophe\AppData\Local\{304DFE00-DB46-4943-98ED-3528856F4B67}
2012-08-05 21:36:59 -------- d-----w- C:\Users\Jean-Christophe\AppData\Local\{F879C759-5112-4DE2-946C-903DDDFD5F64}
2012-08-05 21:36:56 -------- d-----w- C:\Users\Jean-Christophe\AppData\Local\{743DB8E0-7C2B-4457-8411-31357BF6FC2A}
2012-08-05 12:35:32 -------- d-----w- C:\Users\Jean-Christophe\AppData\Roaming\NetBeans
2012-08-05 12:35:32 -------- d-----w- C:\Users\Jean-Christophe\AppData\Local\NetBeans
2012-08-05 12:26:13 -------- d-----w- C:\Program Files (x86)\glassfish-3.1.2.2
2012-08-05 12:19:14 -------- d-----w- C:\Program Files (x86)\NetBeans 7.2
2012-08-05 09:15:42 -------- d-----w- C:\Users\Jean-Christophe\AppData\Local\{805BAE06-67F3-4927-AD90-0D91DB63E58F}
2012-08-05 09:15:40 -------- d-----w- C:\Users\Jean-Christophe\AppData\Local\{39C70EB6-A9B8-467D-B67D-7A15055C1D38}
2012-08-04 21:15:20 -------- d-----w- C:\Users\Jean-Christophe\AppData\Local\{0F662792-855B-4CE0-9200-2960537B2CF3}
2012-08-04 21:15:19 -------- d-----w- C:\Users\Jean-Christophe\AppData\Local\{AAC25CFF-549B-423A-99F9-622CB2249F50}
2012-08-04 09:15:01 -------- d-----w- C:\Users\Jean-Christophe\AppData\Local\{4ED051D8-9B0B-4CAF-93D0-3181696F9707}
2012-08-04 09:15:00 -------- d-----w- C:\Users\Jean-Christophe\AppData\Local\{7C6F62DE-24BD-43C8-AAA4-9CC31B530577}
2012-08-03 18:27:51 -------- d-----w- C:\Users\Jean-Christophe\AppData\Local\{D2FAADC8-F0BA-4DA9-8E6B-D45BF389A43C}
2012-08-03 06:27:42 -------- d-----w- C:\Users\Jean-Christophe\AppData\Local\{DD0BFDE4-0B83-45F0-A7CD-E43C16567CD8}
2012-08-03 06:27:41 -------- d-----w- C:\Users\Jean-Christophe\AppData\Local\{EC8C2033-A50C-4DF7-90D7-36ED1A14023C}
2012-08-02 18:27:19 -------- d-----w- C:\Users\Jean-Christophe\AppData\Local\{9B6663EC-2986-4E68-BFC1-4D76AA2BC52E}
2012-08-02 06:27:09 -------- d-----w- C:\Users\Jean-Christophe\AppData\Local\{543BC7F9-163A-46DB-A847-15C90E762DF2}
2012-08-02 06:27:05 -------- d-----w- C:\Users\Jean-Christophe\AppData\Local\{48652C92-7903-4B7D-ABC2-B1D0F3AA4C07}
2012-08-01 19:12:39 -------- d-----w- C:\Program Files (x86)\The Witcher 2
2012-08-01 18:26:42 -------- d-----w- C:\Users\Jean-Christophe\AppData\Local\{58E0CB1F-FF9A-478F-B521-5E9E04925C55}
2012-08-01 18:26:40 -------- d-----w- C:\Users\Jean-Christophe\AppData\Local\{166169E2-4D23-4A94-934E-86C799FBA020}
2012-08-01 06:25:38 -------- d-----w- C:\Users\Jean-Christophe\AppData\Local\{2E85DBC1-19AF-4424-98F9-E5417D549B3E}
2012-08-01 06:24:55 -------- d-----w- C:\Users\Jean-Christophe\AppData\Local\{983A5226-C8C1-4FF0-9571-8EFE32B214A9}
2012-07-31 17:53:50 -------- d-----w- C:\Users\Jean-Christophe\AppData\Local\{112D7E96-11EA-4517-B7A8-69E674AF16FD}
2012-07-31 05:53:42 -------- d-----w- C:\Users\Jean-Christophe\AppData\Local\{85565794-C711-4380-BDF2-7D830C1BADF4}
2012-07-31 05:53:41 -------- d-----w- C:\Users\Jean-Christophe\AppData\Local\{11EAEC19-FDD8-4B35-803D-32CE8B2F6D22}
2012-07-30 19:24:33 137000 ----a-w- C:\Windows\SysWow64\MSMAPI32.OCX
2012-07-30 19:24:32 59904 ----a-w- C:\Windows\SysWow64\MSCC2FR.DLL
2012-07-30 19:24:32 23552 ----a-w- C:\Windows\SysWow64\MSMPIDE.DLL
2012-07-30 19:24:31 -------- d-----w- C:\Program Files (x86)\PDFCreator
2012-07-30 17:53:23 -------- d-----w- C:\Users\Jean-Christophe\AppData\Local\{EC9DABE4-1CF5-4ADC-A3A1-E97491D28ADF}
2012-07-30 17:53:23 -------- d-----w- C:\Users\Jean-Christophe\AppData\Local\{80712E3A-C169-42DC-A442-BB61F72919C2}
2012-07-30 05:52:24 -------- d-----w- C:\Users\Jean-Christophe\AppData\Local\{F6A85AA7-988F-41FF-BB4C-1AFAA4A4BA2E}
2012-07-30 05:51:40 -------- d-----w- C:\Users\Jean-Christophe\AppData\Local\{57F133DD-CB61-4C75-BFAD-CDACE0E4518A}
2012-07-29 11:16:36 -------- d-----w- C:\Users\Jean-Christophe\AppData\Local\{6F8FCF08-C229-446E-975A-FF5139D06A70}
2012-07-29 11:15:53 -------- d-----w- C:\Users\Jean-Christophe\AppData\Local\{672B6602-11DB-45EB-813D-53E983A739D8}
2012-07-28 22:03:38 -------- d-----w- C:\Users\Jean-Christophe\AppData\Local\{FF7A5DFE-10C8-4CD4-8438-EF26679F21C9}
2012-07-28 17:05:34 -------- d-----w- C:\Program Files (x86)\Fraps
2012-07-28 10:03:30 -------- d-----w- C:\Users\Jean-Christophe\AppData\Local\{DD180668-216E-4498-8801-FC0F0F406BEA}
2012-07-28 10:03:30 -------- d-----w- C:\Users\Jean-Christophe\AppData\Local\{55F8529C-AD56-49FD-ABB1-EF0E833E62E0}
2012-07-28 04:09:20 5538984 ----a-w- C:\Windows\SysWow64\atiumdag.dll
2012-07-28 04:07:44 10278912 ----a-w- C:\Windows\System32\drivers\atikmdag.sys
2012-07-28 03:43:12 70144 ----a-w- C:\Windows\System32\coinst_8.982.dll
2012-07-28 03:19:34 24935424 ----a-w- C:\Windows\System32\atio6axx.dll
2012-07-28 02:50:10 20546560 ----a-w- C:\Windows\SysWow64\atioglxx.dll
2012-07-28 02:15:50 163840 ----a-w- C:\Windows\System32\atiapfxx.exe
2012-07-28 02:10:34 534528 ----a-w- C:\Windows\System32\atieclxx.exe
2012-07-28 02:09:44 239616 ----a-w- C:\Windows\System32\atiesrxx.exe
2012-07-28 02:08:20 120320 ----a-w- C:\Windows\System32\atitmm64.dll
2012-07-28 02:08:04 21504 ----a-w- C:\Windows\System32\atimuixx.dll
2012-07-28 02:07:58 59392 ----a-w- C:\Windows\System32\atiedu64.dll
2012-07-28 02:07:52 43520 ----a-w- C:\Windows\SysWow64\ati2edxx.dll
2012-07-28 01:35:10 51200 ----a-w- C:\Windows\System32\aticalrt64.dll
2012-07-28 01:35:08 46080 ----a-w- C:\Windows\SysWow64\aticalrt.dll
2012-07-28 01:35:02 44544 ----a-w- C:\Windows\System32\aticalcl64.dll
2012-07-28 01:35:00 44032 ----a-w- C:\Windows\SysWow64\aticalcl.dll
2012-07-28 01:34:48 16034304 ----a-w- C:\Windows\System32\aticaldd64.dll
2012-07-28 01:32:32 4751872 ----a-w- C:\Windows\SysWow64\atiumdva.dll
2012-07-28 01:30:10 13605888 ----a-w- C:\Windows\SysWow64\aticaldd.dll
2012-07-28 01:15:22 368640 ----a-w- C:\Windows\SysWow64\atiadlxy.dll
2012-07-28 01:15:12 17920 ----a-w- C:\Windows\System32\atig6pxx.dll
2012-07-28 01:15:08 14848 ----a-w- C:\Windows\SysWow64\atiglpxx.dll
2012-07-28 01:15:08 14848 ----a-w- C:\Windows\System32\atiglpxx.dll
2012-07-28 01:15:04 41984 ----a-w- C:\Windows\System32\atig6txx.dll
2012-07-28 01:14:56 33280 ----a-w- C:\Windows\SysWow64\atigktxx.dll
2012-07-28 01:14:46 368640 ----a-w- C:\Windows\System32\drivers\atikmpag.sys
2012-07-28 01:13:32 83456 ----a-w- C:\Windows\SysWow64\atiu9pag.dll
2012-07-28 01:12:54 53248 ----a-w- C:\Windows\System32\drivers\ati2erec.dll
2012-07-28 01:09:02 57792 ----a-w- C:\Windows\SysWow64\sirenacm.dll
2012-07-28 01:08:42 56320 ----a-w- C:\Windows\System32\atimpc64.dll
2012-07-28 01:08:42 56320 ----a-w- C:\Windows\System32\amdpcom64.dll
2012-07-28 01:08:36 56832 ----a-w- C:\Windows\SysWow64\atimpc32.dll
2012-07-28 01:08:36 56832 ----a-w- C:\Windows\SysWow64\amdpcom32.dll
2012-07-28 00:54:00 321472 ----a-w- C:\Windows\WLXPGSS.SCR
2012-07-27 22:02:30 -------- d-----w- C:\Users\Jean-Christophe\AppData\Local\{C6F654CD-CA24-42CD-81FE-7163AEAD39FE}
2012-07-27 20:51:30 184248 ----a-w- C:\Program Files (x86)\Mozilla Firefox\plugins\nppdf32.dll
2012-07-27 20:47:40 187392 ----a-w- C:\Windows\System32\clinfo.exe
2012-07-27 20:47:24 75776 ----a-w- C:\Windows\System32\OpenVideo64.dll
2012-07-27 20:47:16 65024 ----a-w- C:\Windows\SysWow64\OpenVideo.dll
2012-07-27 20:47:10 63488 ----a-w- C:\Windows\System32\OVDecode64.dll
2012-07-27 20:47:06 56320 ----a-w- C:\Windows\SysWow64\OVDecode.dll
2012-07-27 20:46:56 16464896 ----a-w- C:\Windows\System32\amdocl64.dll
2012-07-27 20:46:06 13013504 ----a-w- C:\Windows\SysWow64\amdocl.dll
2012-07-27 09:22:50 -------- d-----w- C:\Users\Jean-Christophe\AppData\Local\{BEDD1C49-0A2A-4DF8-B36E-6E60CBFB2175}
2012-07-27 09:22:49 -------- d-----w- C:\Users\Jean-Christophe\AppData\Local\{79B51EAC-E50D-4E13-869E-CE38A486E023}
2012-07-26 21:22:30 -------- d-----w- C:\Users\Jean-Christophe\AppData\Local\{8C7C3621-5A44-4C7E-8279-BC2709F1554B}
2012-07-26 17:08:06 862664 ----a-w- C:\Windows\SysWow64\msvcr110.dll
2012-07-26 17:08:06 534480 ----a-w- C:\Windows\SysWow64\msvcp110.dll
2012-07-26 17:08:06 251864 ----a-w- C:\Windows\SysWow64\vccorlib110.dll
2012-07-26 17:08:06 153536 ----a-w- C:\Windows\SysWow64\atl110.dll
2012-07-26 17:08:06 115656 ----a-w- C:\Windows\SysWow64\vcomp110.dll
2012-07-26 13:22:10 828872 ----a-w- C:\Windows\System32\msvcr110.dll
2012-07-26 13:22:10 661448 ----a-w- C:\Windows\System32\msvcp110.dll
2012-07-26 13:22:10 354264 ----a-w- C:\Windows\System32\vccorlib110.dll
2012-07-26 13:22:10 177096 ----a-w- C:\Windows\System32\atl110.dll
2012-07-26 13:22:10 124360 ----a-w- C:\Windows\System32\vcomp110.dll
.
==================== Find3M ====================
.
2012-08-21 18:35:48 73416 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
2012-08-21 18:35:48 696520 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe
2012-08-18 21:08:31 1034216 ----a-w- C:\Windows\System32\npdeployJava1.dll
2012-08-18 21:08:30 916456 ----a-w- C:\Windows\System32\deployJava1.dll
2012-08-18 21:03:04 821736 ----a-w- C:\Windows\SysWow64\npdeployJava1.dll
2012-08-18 21:03:04 746984 ----a-w- C:\Windows\SysWow64\deployJava1.dll
2012-08-02 10:45:44 56472 ----a-w- C:\Windows\System32\iolobtdfg.exe
2012-08-02 10:45:34 25072 ----a-w- C:\Windows\System32\smrgdf.exe
2012-08-02 09:27:36 2154576 ----a-w- C:\Windows\System32\Incinerator64.dll
2012-08-02 09:27:34 2096360 ----a-w- C:\Windows\SysWow64\Incinerator32.dll
2012-07-28 02:15:42 931328 ----a-w- C:\Windows\SysWow64\aticfx32.dll
2012-07-28 02:13:56 1100288 ----a-w- C:\Windows\System32\aticfx64.dll
2012-07-28 02:10:40 442368 ----a-w- C:\Windows\System32\ATIDEMGX.dll
2012-07-28 02:07:10 6430208 ----a-w- C:\Windows\SysWow64\atidxx32.dll
2012-07-28 01:51:12 7052288 ----a-w- C:\Windows\System32\atidxx64.dll
2012-07-28 01:41:32 4266496 ----a-w- C:\Windows\System32\atiumd6a.dll
2012-07-28 01:25:52 6676480 ----a-w- C:\Windows\System32\atiumd64.dll
2012-07-28 01:15:32 540160 ----a-w- C:\Windows\System32\atiadlxx.dll
2012-07-28 01:13:54 129536 ----a-w- C:\Windows\System32\atiuxp64.dll
2012-07-28 01:13:48 109568 ----a-w- C:\Windows\SysWow64\atiuxpag.dll
2012-07-28 01:13:40 103936 ----a-w- C:\Windows\System32\atiu9p64.dll
2012-07-20 18:00:00 127488 ----a-w- C:\Windows\System32\ff_vfw.dll
2012-07-20 18:00:00 112640 ----a-w- C:\Windows\SysWow64\ff_vfw.dll
2012-07-17 13:14:44 253184 ----a-w- C:\Windows\System32\LIVESSP.DLL
2012-07-17 12:49:00 209648 ----a-w- C:\Windows\SysWow64\LIVESSP.DLL
2012-07-07 10:52:26 298016 ----a-w- C:\Windows\SysWow64\PnkBstrB.xtr
2012-07-07 10:52:26 298016 ----a-w- C:\Windows\SysWow64\PnkBstrB.exe
2012-07-05 22:54:01 76888 ----a-w- C:\Windows\SysWow64\PnkBstrA.exe
2012-07-05 22:53:33 298016 ----a-w- C:\Windows\SysWow64\PnkBstrB.ex0
2012-07-05 22:39:17 3130440 ----a-w- C:\Windows\SysWow64\pbsvc_blr.exe
2012-07-05 19:51:34 1 ----a-w- C:\Windows\SysWow64\SI.bin
2012-07-05 11:02:30 95744 ----a-w- C:\Windows\System32\pdfcmon.dll
2012-07-03 11:46:44 24904 ----a-w- C:\Windows\System32\drivers\mbam.sys
2012-07-01 22:15:28 4102656 ----a-w- C:\Windows\SysWow64\x264vfw.dll
2012-06-29 03:56:34 2312704 ----a-w- C:\Windows\System32\jscript9.dll
2012-06-29 03:49:11 1392128 ----a-w- C:\Windows\System32\wininet.dll
2012-06-29 03:48:07 1494528 ----a-w- C:\Windows\System32\inetcpl.cpl
2012-06-29 03:43:49 173056 ----a-w- C:\Windows\System32\ieUnatt.exe
2012-06-29 03:39:48 2382848 ----a-w- C:\Windows\System32\mshtml.tlb
2012-06-29 00:16:58 1800704 ----a-w- C:\Windows\SysWow64\jscript9.dll
2012-06-29 00:09:01 1129472 ----a-w- C:\Windows\SysWow64\wininet.dll
2012-06-29 00:08:59 1427968 ----a-w- C:\Windows\SysWow64\inetcpl.cpl
2012-06-29 00:04:43 142848 ----a-w- C:\Windows\SysWow64\ieUnatt.exe
2012-06-29 00:00:45 2382848 ----a-w- C:\Windows\SysWow64\mshtml.tlb
2012-06-26 07:02:38 45320 ----a-w- C:\Windows\SysWow64\MAMACExtract.dll
2012-06-20 17:32:26 39424 ----a-w- C:\Windows\System32\udefrag.exe
2012-06-20 17:32:22 7168 ----a-w- C:\Windows\System32\hibernate4win.exe
2012-06-20 17:32:20 12800 ----a-w- C:\Windows\System32\bootexctrl.exe
2012-06-20 17:32:18 31232 ----a-w- C:\Windows\System32\wgx.dll
2012-06-20 17:32:06 204288 ----a-w- C:\Windows\System32\lua5.1a.dll
2012-06-20 17:31:54 62464 ----a-w- C:\Windows\System32\udefrag.dll
2012-06-20 17:31:52 99328 ----a-w- C:\Windows\System32\zenwinx.dll
2012-06-20 17:31:50 168448 ----a-w- C:\Windows\System32\defrag_native.exe
2012-06-19 14:54:20 4065296 ----a-w- C:\Windows\System32\drivers\RTKVHD64.sys
2012-06-09 17:21:56 178688 ----a-w- C:\Windows\SysWow64\unrar.dll
2012-06-09 17:21:50 206336 ----a-w- C:\Windows\System32\unrar.dll
2012-06-08 14:23:58 83072 ----a-w- C:\Windows\System32\MBWrp64.dll
2012-06-08 14:21:18 897152 ----a-w- C:\Windows\System32\MBAPO64.dll
2012-06-08 14:21:18 753280 ----a-w- C:\Windows\SysWow64\MBAPO32.dll
2012-06-08 14:18:46 3615888 ----a-w- C:\Windows\System32\RtkAPO64.dll
2012-06-06 18:59:42 1070152 ----a-w- C:\Windows\SysWow64\MSCOMCTL.OCX
2012-06-06 08:44:20 869520 ----a-w- C:\Windows\System32\RtkApi64.dll
2012-06-06 06:06:16 2004480 ----a-w- C:\Windows\System32\msxml6.dll
2012-06-06 06:06:16 1881600 ----a-w- C:\Windows\System32\msxml3.dll
2012-06-06 06:02:54 1133568 ----a-w- C:\Windows\System32\cdosys.dll
2012-06-06 05:05:52 1390080 ----a-w- C:\Windows\SysWow64\msxml6.dll
2012-06-06 05:05:52 1236992 ----a-w- C:\Windows\SysWow64\msxml3.dll
2012-06-06 05:03:06 805376 ----a-w- C:\Windows\SysWow64\cdosys.dll
2012-06-02 22:15:31 2622464 ----a-w- C:\Windows\System32\wucltux.dll
2012-06-02 22:15:08 99840 ----a-w- C:\Windows\System32\wudriver.dll
2012-06-02 13:19:42 186752 ----a-w- C:\Windows\System32\wuwebv.dll
2012-06-02 13:15:12 36864 ----a-w- C:\Windows\System32\wuapp.exe
2012-06-02 05:50:10 458704 ----a-w- C:\Windows\System32\drivers\cng.sys
2012-06-02 05:48:16 95600 ----a-w- C:\Windows\System32\drivers\ksecdd.sys
2012-06-02 05:48:16 151920 ----a-w- C:\Windows\System32\drivers\ksecpkg.sys
2012-06-02 05:45:31 340992 ----a-w- C:\Windows\System32\schannel.dll
2012-06-02 05:44:21 307200 ----a-w- C:\Windows\System32\ncrypt.dll
2012-06-02 04:40:42 22016 ----a-w- C:\Windows\SysWow64\secur32.dll
2012-06-02 04:40:39 225280 ----a-w- C:\Windows\SysWow64\schannel.dll
2012-06-02 04:39:10 219136 ----a-w- C:\Windows\SysWow64\ncrypt.dll
2012-06-02 04:34:09 96768 ----a-w- C:\Windows\SysWow64\sspicli.dll
2012-06-01 07:37:38 2674320 ----a-w- C:\Windows\System32\RtPgEx64.dll
2012-05-31 16:08:20 105616 ----a-w- C:\Windows\System32\RCoInstII64.dll
2012-05-30 05:51:55 30528 ----a-w- C:\Windows\GVTDrv64.sys
2012-05-30 05:51:39 25640 ----a-w- C:\Windows\gdrv.sys
2012-05-29 22:12:23 25640 ----a-w- C:\Windows\etdrv.sys
2012-05-29 15:11:10 34656 ----a-w- C:\Windows\System32\TURegOpt.exe
2012-05-29 15:11:08 35680 ----a-w- C:\Windows\System32\uxtuneup.dll
2012-05-29 15:11:08 29024 ----a-w- C:\Windows\SysWow64\uxtuneup.dll
2012-05-29 15:11:08 21344 ----a-w- C:\Windows\SysWow64\authuitu.dll
2012-05-29 15:11:04 25952 ----a-w- C:\Windows\System32\authuitu.dll
2012-05-29 07:38:50 330240 ----a-w- C:\Windows\MASetupCaller.dll
2011-11-07 19:37:56 8192 --sha-w- C:\Windows\SysWOW64\srvany.exe
.
============= FINISH: 11:33:18,81 ===============

BC AdBot (Login to Remove)

 


#2 HelpBot

HelpBot

    Bleepin' Binary Bot


  • Bots
  • 12,769 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:04:41 AM

Posted 30 August 2012 - 05:50 AM

Hello and welcome to Bleeping Computer!

I am HelpBot: an automated program designed to help the Bleeping Computer Staff better assist you! This message contains very important information, so please read through all of it before doing anything.

We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.

To help Bleeping Computer better assist you please perform the following steps:

***************************************************

Posted Image In order to continue receiving help at BleepingComputer.com, YOU MUST tell me if you still need help or if your issue has already been resolved on your own or through another resource! To tell me this, please click on the following link and follow the instructions there.

CLICK THIS LINK >>> http://www.bleepingcomputer.com/logreply/466406 <<< CLICK THIS LINK



If you no longer need help, then all you needed to do was the previous instructions of telling me so. You can skip the rest of this post. If you do need help please continue with Step 2 below.

***************************************************

Posted Image If you still need help, I would like you to post a Reply to this topic (click the "Add Reply" button in the lower right hand of this page). In that reply, please include the following information:

  • If you have not done so already, include a clear description of the problems you're having, along with any steps you may have performed so far.
  • A new DDS and GMER log. For your convenience, you will find the instructions for generating these logs repeated at the bottom of this post.
    • Please do this even if you have previously posted logs for us.
    • If you were unable to produce the logs originally please try once more.
    • If you are unable to create a log please provide detailed information about your installed Windows Operating System including the Version, Edition and if it is a 32bit or a 64bit system.
    • If you are unsure about any of these characteristics just post what you can and we will guide you.
  • Please tell us if you have your original Windows CD/DVD available.
  • Upon completing the above steps and posting a reply, another staff member will review your topic and do their best to resolve your issues.

Thank you for your patience, and again sorry for the delay.

***************************************************

We need to see some information about what is happening in your machine. Please perform the following scan again:

  • Download DDS by sUBs from one of the following links if you no longer have it available. Save it to your desktop.
  • Double click on the DDS icon, allow it to run.
  • A small box will open, with an explanation about the tool. No input is needed, the scan is running.
  • Notepad will open with the results.
  • Follow the instructions that pop up for posting the results.
  • Close the program window, and delete the program from your desktop.
Please note: You may have to disable any script protection running if the scan fails to run. After downloading the tool, disconnect from the internet and disable all antivirus protection. Run the scan, enable your A/V and reconnect to the internet.

Information on A/V control HERE


We also need a new log from the GMER anti-rootkit Scanner.

Please note that if you are running a 64-bit version of Windows, you should not bother creating a GMER log.

Please first disable any CD emulation programs using the steps found in this topic:

Why we request you disable CD Emulation when receiving Malware Removal Advice


Then create another GMER log and post it as an attachment to the reply where you post your new DDS log. Instructions on how to properly create a GMER log can be found here:

How to create a GMER log


As I am just a silly little program running on the BleepingComputer.com servers, please do not send me private messages as I do not know how to read and reply to them! Thanks!

#3 Troudhyl

Troudhyl
  • Topic Starter

  • Members
  • 15 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:France
  • Local time:10:41 AM

Posted 30 August 2012 - 12:55 PM

1) Please read the other post and topic to understand what my problem is. My situation today :

- I disabled IPv6. Only the DHCPv6 client take 100% CPU. Even if the IPv4 one is looping with always errors, it doesn't impact performances.

- I reactivate the PolicyAgent service but it can't start (error), like the UPnP one, and maybe some other.

- The DHCP Client fails all it requests so I made a batch script with netsh and route to manually perform routing and use my (free) VPN over (restricted student) VPN connexion.

So everything is ok but nothing is repaired. I don't want to finally completly lose my connexion and be forced to reinstall my system, so I hope we will find where to change some bits to fix all :D

2) New DDS log (not in Safe Mode this time, but not really useful because I'm pretty sure I'm not infected.

.
DDS (Ver_2011-08-26.01) - NTFSAMD64
Internet Explorer: 9.0.8112.16421 BrowserJavaVersion: 10.6.2
Run by Jean-Christophe at 19:30:45 on 2012-08-30
Microsoft Windows 7 Professionnel 6.1.7601.1.1252.33.1036.18.4094.1050 [GMT 2:00]
.
AV: Microsoft Security Essentials *Disabled/Updated* {9765EA51-0D3C-7DFB-6091-10E4E1F341F6}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: Microsoft Security Essentials *Disabled/Updated* {2C040BB5-2B06-7275-5A21-2B969A740B4B}
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Program Files\Microsoft Security Client\MsMpEng.exe
C:\Windows\system32\atiesrxx.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\atieclxx.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\taskhost.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\Windows\system32\taskeng.exe
C:\Windows\System32\wfc.exe
C:\Program Files\ShrewSoft\VPN Client\dtpd.exe
C:\Program Files\ShrewSoft\VPN Client\iked.exe
C:\Program Files\ShrewSoft\VPN Client\ipsecd.exe
C:\Program Files\OO Software\Defrag\oodag.exe
C:\Program Files (x86)\Realtek\11n USB Wireless LAN Utility\RtlService.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files (x86)\Realtek\11n USB Wireless LAN Utility\RtWlan.exe
C:\Program Files\OO Software\Defrag\oodtray.exe
C:\Program Files\Logitech\SetPointP\SetPoint.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
C:\Program Files\Microsoft Security Client\msseces.exe
C:\Program Files (x86)\Spiffy\spiffy.exe
C:\Program Files\SuperF4\SuperF4.exe
C:\Program Files\TortoiseSVN\bin\TSVNCache.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\Common Files\LogiShrd\KHAL3\KHALMNPR.EXE
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Windows\system32\WUDFHost.exe
C:\Windows\System32\alg.exe
C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
C:\Program Files (x86)\Realtek\11n USB Wireless LAN Utility\RTLDHCP.exe
C:\Windows\system32\conhost.exe
C:\Program Files (x86)\Windows Live\Contacts\wlcomm.exe
C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
D:\Mes Documents\Téléchargement\Programmes\FrozenWay 1.5.0\FrozenWay.exe
D:\Mes Documents\Bureau\NetEject 2.0.exe
C:\Windows\explorer.exe
C:\Program Files (x86)\Mozilla Firefox\firefox.exe
C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe
C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_4_402_265.exe
C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_4_402_265.exe
C:\Program Files (x86)\Internet Download Manager\IDMIntegrator64.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\conhost.exe
C:\Windows\SysWOW64\cscript.exe
C:\Windows\system32\DllHost.exe
C:\Windows\system32\wbem\wmiprvse.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.google.fr/
uInternet Settings,ProxyOverride = *.local;localhost;127.0.0.1;*.insa-toulouse.fr;<local>
uInternet Settings,ProxyServer = wwwcache.insa-toulouse.fr:3128
BHO: IDM integration (IDMIEHlprObj Class): {0055c089-8582-441b-a0bf-17b458c2a3a8} - C:\Program Files (x86)\Internet Download Manager\IDMIECC.dll
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - C:\PROGRA~2\MIF5BA~1\Office14\GROOVEEX.DLL
BHO: Java™ Plug-In SSV Helper: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll
BHO: Programme d’aide de l’Assistant de connexion au compte Microsoft: {9030d464-4c02-4abf-8ecc-5164760863c6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO: Office Document Cache Handler: {b4f3a835-0e21-4959-ba22-42b3008e02ff} - C:\PROGRA~2\MIF5BA~1\Office14\URLREDIR.DLL
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll
BHO: Programme d'assistance de Microsoft Web Test Recorder 10.0: {dda57003-0068-4ed2-9d32-4d1ec707d94d} - C:\Program Files (x86)\Microsoft Visual Studio 10.0\Common7\IDE\PrivateAssemblies\Microsoft.VisualStudio.QualityTools.RecorderBarBHO100.dll
TB: {71576546-354D-41C9-AAE8-31F2EC22BF0D} - No File
EB: Developer Tools: {1a6fe369-f28c-4ad9-a3e6-2bcb50807cf1} - C:\Program Files (x86)\Internet Explorer\iedvtool.dll
uRun: [Spiffy] "C:\Program Files (x86)\Spiffy\spiffy.exe"
uRun: [SuperF4] "C:\Program Files\SuperF4\SuperF4.exe" -hide
uRun: [FileHippo.com] "C:\Program Files (x86)\FileHippo.com\UpdateChecker.exe" /background
uRun: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
uRun: [msnmsgr] "C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe" /background
mRun: [StartCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
StartupFolder: C:\Users\JEAN-C~1\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\SERVIC~1.LNK - C:\Program Files (x86)\Rex\RexDaemon\RexDaemon.exe
StartupFolder: C:\Users\JEAN-C~1\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\SHREWS~1.LNK - C:\Program Files (x86)\ShrewSoft\VPN Client\ipsecc.exe
mPolicies-explorer: BindDirectlyToPropertySetStorage = 0 (0x0)
mPolicies-system: ConsentPromptBehaviorAdmin = 0 (0x0)
mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
mPolicies-system: EnableLUA = 0 (0x0)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
mPolicies-system: PromptOnSecureDesktop = 0 (0x0)
mPolicies-system: LocalAccountTokenFilterPolicy = 0 (0x0)
IE: &Envoyer à OneNote - C:\PROGRA~1\MICROS~3\Office14\ONBttnIE.dll/105
IE: E&xporter vers Microsoft Excel - C:\PROGRA~1\MICROS~3\Office14\EXCEL.EXE/3000
IE: Tout télécharger avec Free Download Manager - file://C:\Program Files (x86)\Free Download Manager\dlall.htm
IE: Télécharger avec Free Download Manager - file://C:\Program Files (x86)\Free Download Manager\dllink.htm
IE: Télécharger avec IDM - C:\Program Files (x86)\Internet Download Manager\IEExt.htm
IE: Télécharger la sélection avec Free Download Manager - file://C:\Program Files (x86)\Free Download Manager\dlselected.htm
IE: Télécharger la vidéo avec Free Download Manager - file://C:\Program Files (x86)\Free Download Manager\dlfvideo.htm
IE: Télécharger tous les liens avec IDM - C:\Program Files (x86)\Internet Download Manager\IEGetAll.htm
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll
IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
DPF: {166B1BCA-3F9C-11CF-8075-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
DPF: {17492023-C23A-453E-A040-C7C580BBF700} - hxxp://download.microsoft.com/download/E/5/6/E5611B10-0D6D-4117-8430-A67417AA88CD/LegitCheckControl.cab
DPF: {233C1507-6A77-46A4-9443-F871F945D258} - hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
DPF: {784797A8-342D-4072-9486-03C8D0F2F0A1} - hxxps://www.battlefieldheroes.com/static/updater/BFHUpdater_4.0.27.0.cab
DPF: {867E13F2-7F31-44FB-AC97-CD38E0DC46EF} - hxxp://fichiers.touslesdrivers.com/maconfig/MaConfig_5_2_1_0.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_34-windows-i586.cab
DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab
DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} - hxxp://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
DPF: {CAFEEFAC-0016-0000-0034-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_34-windows-i586.cab
DPF: {CAFEEFAC-0017-0000-0004-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_04-windows-i586.cab
DPF: {CAFEEFAC-0017-0000-0005-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_05-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_34-windows-i586.cab
TCP: Interfaces\{7A65A7D7-929B-4A87-AF78-BDC5C9C46E8B} : NameServer = 195.83.9.11,195.83.9.12
TCP: Interfaces\{88BC69E1-81E5-4987-ABD8-D0F8076F9FB3} : NameServer = 10.4.0.1
TCP: Interfaces\{F9E6E265-D7FB-4568-9327-6544BBD1559A} : NameServer = 195.83.9.11,195.83.9.12
Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\microsoft shared\OFFICE14\MSOXMLMF.DLL
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL
Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - C:\PROGRA~2\MIF5BA~1\Office14\GROOVEEX.DLL
{0055C089-8582-441B-A0BF-17B458C2A3A8}
{18DF081C-E8AD-4283-A596-FA578C2EBDC3}
{72853161-30C5-4D22-B7F9-0BBC1D38A37E}
{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}
{9030D464-4C02-4ABF-8ECC-5164760863C6}
{B4F3A835-0E21-4959-BA22-42B3008E02FF}
{DBC80044-A445-435b-BC74-9C25C1C588A9}
{DDA57003-0068-4ed2-9D32-4D1EC707D94D}
TB-X64: {71576546-354D-41C9-AAE8-31F2EC22BF0D} - No File
EB-X64: {1A6FE369-F28C-4AD9-A3E6-2BCB50807CF1} - No File
mRun-x64: [StartCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
SEH-X64: {B5A7F190-DDA6-4420-B3BA-52453494E6CD}: Groove GFS Stub Execution Hook
Hosts: 127.0.0.1 www.spywareinfo.com
Hosts: 195.83.11.66 wwwcache.insa-toulouse.fr # proxy INSA
.
============= SERVICES / DRIVERS ===============
.
R0 MpFilter;Microsoft Malware Protection Driver;C:\Windows\system32\DRIVERS\MpFilter.sys --> C:\Windows\system32\DRIVERS\MpFilter.sys [?]
R1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;C:\Windows\system32\DRIVERS\dtsoftbus01.sys --> C:\Windows\system32\DRIVERS\dtsoftbus01.sys [?]
R1 ElRawDisk;ElRawDisk;\??\C:\Windows\system32\drivers\ElRawDsk.sys --> C:\Windows\system32\drivers\ElRawDsk.sys [?]
R1 vflt;Shrew Soft Lightweight Filter;C:\Windows\system32\DRIVERS\vfilter.sys --> C:\Windows\system32\DRIVERS\vfilter.sys [?]
R1 VWiFiFlt;Virtual WiFi Filter Driver;C:\Windows\system32\DRIVERS\vwififlt.sys --> C:\Windows\system32\DRIVERS\vwififlt.sys [?]
R2 acedrv11;acedrv11;\??\C:\Windows\system32\drivers\acedrv11.sys --> C:\Windows\system32\drivers\acedrv11.sys [?]
R2 AdobeARMservice;Adobe Acrobat Update Service;C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2012-7-27 63960]
R2 AMD External Events Utility;AMD External Events Utility;C:\Windows\system32\atiesrxx.exe --> C:\Windows\system32\atiesrxx.exe [?]
R2 dtpd;ShrewSoft DNS Proxy Daemon;C:\Program Files\ShrewSoft\VPN Client\dtpd.exe -service --> C:\Program Files\ShrewSoft\VPN Client\dtpd.exe -service [?]
R2 IDMWFP;IDMWFP;C:\Windows\system32\DRIVERS\idmwfp.sys --> C:\Windows\system32\DRIVERS\idmwfp.sys [?]
R2 iked;ShrewSoft IKE Daemon;C:\Program Files\ShrewSoft\VPN Client\iked.exe -service --> C:\Program Files\ShrewSoft\VPN Client\iked.exe -service [?]
R2 ipsecd;ShrewSoft IPSEC Daemon;C:\Program Files\ShrewSoft\VPN Client\ipsecd.exe -service --> C:\Program Files\ShrewSoft\VPN Client\ipsecd.exe -service [?]
R2 OODefragAgent;O&O Defrag;C:\Program Files\OO Software\Defrag\oodag.exe [2010-11-25 3152200]
R2 PDFsFilter;PDFsFilter;C:\Windows\system32\DRIVERS\PDFsFilter.sys --> C:\Windows\system32\DRIVERS\PDFsFilter.sys [?]
R2 Realtek11nSU;Realtek11nSU;C:\Program Files (x86)\Realtek\11n USB Wireless LAN Utility\RtlService.exe [2012-8-22 36864]
R3 amdkmdag;amdkmdag;C:\Windows\system32\DRIVERS\atikmdag.sys --> C:\Windows\system32\DRIVERS\atikmdag.sys [?]
R3 amdkmdap;amdkmdap;C:\Windows\system32\DRIVERS\atikmpag.sys --> C:\Windows\system32\DRIVERS\atikmpag.sys [?]
R3 AtiHDAudioService;AMD Function Driver for HD Audio Service;C:\Windows\system32\drivers\AtihdW76.sys --> C:\Windows\system32\drivers\AtihdW76.sys [?]
R3 RTL8167;Realtek 8167 NT Driver;C:\Windows\system32\DRIVERS\Rt64win7.sys --> C:\Windows\system32\DRIVERS\Rt64win7.sys [?]
R3 RTL8192su;Realtek RTL8192SU Wireless LAN 802.11n USB 2.0 Network Adapter;C:\Windows\system32\DRIVERS\RTL8192su.sys --> C:\Windows\system32\DRIVERS\RTL8192su.sys [?]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
S2 SkypeUpdate;Skype Updater;C:\Program Files (x86)\Skype\Updater\Updater.exe [2012-6-7 160944]
S2 TeamViewer7;TeamViewer 7;C:\Program Files (x86)\TeamViewer\Version7\TeamViewer_Service.exe [2012-8-24 2735528]
S3 dg_ssudbus;SAMSUNG Mobile USB Composite Device Driver (DEVGURU Ver.);C:\Windows\system32\DRIVERS\ssudbus.sys --> C:\Windows\system32\DRIVERS\ssudbus.sys [?]
S3 driverhardwarev2x64;driverhardwarev2x64;C:\Program Files\ma-config.com\Drivers\driverhardwarev2x64.sys [2011-7-21 16640]
S3 ENTECH64;ENTECH64;C:\Windows\System32\drivers\Entech64.sys [2009-3-23 12744]
S3 etdrv;etdrv;C:\Windows\etdrv.sys [2011-1-15 25640]
S3 Gun;Gun;\??\C:\Windows\system32\Gun64.sys --> C:\Windows\system32\Gun64.sys [?]
S3 GVTDrv64;GVTDrv64;C:\Windows\GVTDrv64.sys [2009-3-16 30528]
S3 HiPatchService;Hi-Rez Studios Authenticate and Update Service;C:\Program Files (x86)\Hi-Rez Studios\HiPatchService.exe [2012-6-27 8704]
S3 ioloSystemService;iolo System Service;C:\Program Files (x86)\iolo\Common\Lib\ioloServiceManager.exe [2012-8-23 1027792]
S3 maconfservice;Ma-Config Service;C:\Program Files\ma-config.com\x64\maconfservice.exe [2012-7-4 427672]
S3 Microsoft SharePoint Workspace Audit Service;Microsoft SharePoint Workspace Audit Service;C:\Program Files\Microsoft Office\Office14\GROOVE.EXE [2011-6-12 51740536]
S3 MozillaMaintenance;Mozilla Maintenance Service;C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe [2012-4-29 114144]
S3 MsgPlusService;Messenger Plus! Service;C:\Program Files (x86)\Yuna Software\Messenger Plus! for Skype\MsgPlusForSkypeService.exe [2012-4-2 124832]
S3 netr7364;Hercules USB Wireless LAN Card Driver for Vista;C:\Windows\system32\DRIVERS\netr7364.sys --> C:\Windows\system32\DRIVERS\netr7364.sys [?]
S3 NisDrv;Microsoft Network Inspection System;C:\Windows\system32\DRIVERS\NisDrvWFP.sys --> C:\Windows\system32\DRIVERS\NisDrvWFP.sys [?]
S3 NisSrv;Inspection du réseau Microsoft;C:\Program Files\Microsoft Security Client\NisSrv.exe [2012-3-26 291696]
S3 ose64;Office 64 Source Engine;C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2010-1-9 174440]
S3 osppsvc;Office Software Protection Platform;C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-1-9 4925184]
S3 PORTMON;PORTMON;D:\Mes Documents\Téléchargement\Programmes\NirLauncher\SysinternalsSuite\PORTMSYS.SYS [2011-5-28 28656]
S3 ReportServer;SQL Server Reporting Services (MSSQLSERVER);C:\Program Files\Microsoft SQL Server\MSRS10.MSSQLSERVER\Reporting Services\ReportServer\bin\ReportingServicesService.exe [2010-9-17 2085208]
S3 Revoflt;Revoflt;C:\Windows\system32\DRIVERS\revoflt.sys --> C:\Windows\system32\DRIVERS\revoflt.sys [?]
S3 rtlss;Service for enabling selective suspend to RTL device;C:\Windows\system32\Drivers\rtlss.sys --> C:\Windows\system32\Drivers\rtlss.sys [?]
S3 SandraAgentSrv;SiSoftware Deployment Agent Service;C:\Program Files\SiSoftware\SiSoftware Sandra Lite 2012.SP2\RpcAgentSrv.exe [2012-2-7 68760]
S3 ScreamBAudioSvc;ScreamBee Audio;C:\Windows\system32\drivers\ScreamingBAudio64.sys --> C:\Windows\system32\drivers\ScreamingBAudio64.sys [?]
S3 sesvc;ShadowExplorer Service;C:\Program Files (x86)\ShadowExplorer\sesvc.exe [2011-3-2 9216]
S3 ssudmdm;SAMSUNG Mobile USB Modem Drivers (DEVGURU Ver.);C:\Windows\system32\DRIVERS\ssudmdm.sys --> C:\Windows\system32\DRIVERS\ssudmdm.sys [?]
S3 ssudserd;SAMSUNG Mobile USB Diagnostic Serial Port(DEVGURU Ver.);C:\Windows\system32\DRIVERS\ssudserd.sys --> C:\Windows\system32\DRIVERS\ssudserd.sys [?]
S3 StorSvc;Service de stockage;C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted [2009-7-14 20992]
S3 teamviewervpn;TeamViewer VPN Adapter;C:\Windows\system32\DRIVERS\teamviewervpn.sys --> C:\Windows\system32\DRIVERS\teamviewervpn.sys [?]
S3 Tomcat6;Apache Tomcat 6.0 Tomcat6;C:\Program Files\Apache Software Foundation\Tomcat 6.0\bin\Tomcat6.exe [2011-11-28 96256]
S3 Tomcat7;Apache Tomcat 7.0 Tomcat7;C:\Program Files\Apache Software Foundation\Tomcat 7.0\bin\Tomcat7.exe [2012-7-3 99840]
S3 TsUsbFlt;TsUsbFlt;C:\Windows\system32\drivers\tsusbflt.sys --> C:\Windows\system32\drivers\tsusbflt.sys [?]
S3 TuneUp.UtilitiesSvc;TuneUp Utilities Service;C:\Program Files (x86)\TuneUp Utilities 2012\TuneUpUtilitiesService64.exe [2012-5-29 2143072]
S3 TuneUpUtilitiesDrv;TuneUpUtilitiesDrv;C:\Program Files (x86)\TuneUp Utilities 2012\TuneUpUtilitiesDriver64.sys [2011-12-6 11856]
S3 VBoxUSB;VirtualBox USB;C:\Windows\system32\Drivers\VBoxUSB.sys --> C:\Windows\system32\Drivers\VBoxUSB.sys [?]
S3 vnet;Shrew Soft Virtual Adapter;C:\Windows\system32\DRIVERS\virtualnet.sys --> C:\Windows\system32\DRIVERS\virtualnet.sys [?]
S3 vpcuxd;Service stub de virtualisation USB;C:\Windows\system32\DRIVERS\vpcuxd.sys --> C:\Windows\system32\DRIVERS\vpcuxd.sys [?]
S3 VSPerfDrv100;Performance Tools Driver 10.0;C:\Program Files (x86)\Microsoft Visual Studio 10.0\Team Tools\Performance Tools\x64\VSPerfDrv100.sys [2011-1-18 68440]
S3 vwifimp;Microsoft Virtual WiFi Miniport Service;C:\Windows\system32\DRIVERS\vwifimp.sys --> C:\Windows\system32\DRIVERS\vwifimp.sys [?]
S3 WatAdminSvc;Service Windows Activation Technologies;C:\Windows\system32\Wat\WatAdminSvc.exe --> C:\Windows\system32\Wat\WatAdminSvc.exe [?]
S3 WsAudio_DeviceS(1);WsAudio_DeviceS(1);C:\Windows\system32\drivers\WsAudio_DeviceS(1).sys --> C:\Windows\system32\drivers\WsAudio_DeviceS(1).sys [?]
S3 WsAudio_DeviceS(2);WsAudio_DeviceS(2);C:\Windows\system32\drivers\WsAudio_DeviceS(2).sys --> C:\Windows\system32\drivers\WsAudio_DeviceS(2).sys [?]
S3 WsAudio_DeviceS(3);WsAudio_DeviceS(3);C:\Windows\system32\drivers\WsAudio_DeviceS(3).sys --> C:\Windows\system32\drivers\WsAudio_DeviceS(3).sys [?]
S3 WsAudio_DeviceS(4);WsAudio_DeviceS(4);C:\Windows\system32\drivers\WsAudio_DeviceS(4).sys --> C:\Windows\system32\drivers\WsAudio_DeviceS(4).sys [?]
S3 WsAudio_DeviceS(5);WsAudio_DeviceS(5);C:\Windows\system32\drivers\WsAudio_DeviceS(5).sys --> C:\Windows\system32\drivers\WsAudio_DeviceS(5).sys [?]
S4 gupdate;Service Google Update (gupdate);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2010-1-3 135664]
S4 gupdatem;Service Google Update (gupdatem);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2010-1-3 135664]
S4 MsDepSvc;Service de l'agent de déploiement Web;C:\Program Files\IIS\Microsoft Web Deploy\MsDepSvc.exe [2011-2-4 63304]
S4 MsDtsServer100;SQL Server Integration Services 10.0;C:\Program Files\Microsoft SQL Server\100\DTS\Binn\MsDtsSrvr.exe [2010-9-17 210776]
S4 MSSQLFDLauncher;SQL Full-text Filter Daemon Launcher (MSSQLSERVER);C:\Program Files\Microsoft SQL Server\MSSQL10.MSSQLSERVER\MSSQL\Binn\fdlauncher.exe [2008-7-10 34840]
S4 MSSQLServerADHelper100;Service SQL Active Directory Helper;C:\Program Files\Microsoft SQL Server\100\Shared\sqladhlp.exe [2008-7-10 61976]
S4 RsFx0103;RsFx0103 Driver;C:\Windows\system32\DRIVERS\RsFx0103.sys --> C:\Windows\system32\DRIVERS\RsFx0103.sys [?]
.
=============== Created Last 30 ================
.
2012-08-30 06:31:45 9310152 ----a-w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{9D6266FA-F21F-4188-A330-B06BA83EB172}\mpengine.dll
2012-08-29 06:16:04 9310152 ------w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2012-08-28 17:08:59 73696 ----a-w- C:\Program Files (x86)\Mozilla Firefox\breakpadinjector.dll
2012-08-28 13:01:51 158944 ----a-w- C:\Windows\System32\drivers\idmwfp.sys
2012-08-26 16:09:21 927800 ------w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{503E16D5-AC9F-4F81-B53B-CF8CE973DB49}\gapaengine.dll
2012-08-26 16:07:03 9309624 ------w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{1AC19410-D1EA-4E82-A53A-45007D38E230}\mpengine.dll
2012-08-26 16:06:37 -------- d-----w- C:\Program Files (x86)\Microsoft Security Client
2012-08-26 16:06:31 -------- d-----w- C:\Program Files\Microsoft Security Client
2012-08-26 15:23:39 -------- d-----w- C:\Program Files (x86)\Square Enix
2012-08-25 21:53:15 303616 ----a-w- C:\SetACL.exe
2012-08-25 21:51:04 290304 ----a-w- C:\subinacl.exe
2012-08-25 21:41:49 -------- d-----w- C:\Tweaking.com_Windows_Repair_Logs
2012-08-25 19:36:24 -------- d-----w- C:\RegBackup
2012-08-23 21:41:53 224088 ----a-w- C:\Windows\System32\drivers\VBoxDrv.sys
2012-08-23 21:41:45 130904 ----a-w- C:\Windows\System32\drivers\VBoxUSBMon.sys
2012-08-23 18:52:09 -------- d-----w- C:\Program Files (x86)\Common Files\Windows Live
2012-08-23 18:20:32 512 ----a-w- C:\PhysicalDisk0_MBR.bin
2012-08-23 17:43:16 -------- d-----w- C:\ZHP
2012-08-23 17:43:16 -------- d-----w- C:\Program Files (x86)\ZHPDiag
2012-08-23 07:19:08 82160 ----a-w- C:\Windows\System32\drivers\PDFsFilter.sys
2012-08-23 07:18:16 74703 ----a-w- C:\Windows\SysWow64\mfc45.dat
2012-08-23 07:13:43 23464 ----a-w- C:\Windows\System32\drivers\ElRawDsk.sys
2012-08-22 20:38:55 -------- d-----w- C:\Windows\SysWow64\URTTEMP
2012-08-22 20:38:40 172032 ----a-w- C:\Windows\SysWow64\muzapp.exe
2012-08-22 20:38:19 74703 ----a-w- C:\Windows\SysWOW64mfc45.dll
2012-08-22 19:59:17 -------- d-----w- C:\Program Files (x86)\Cisco
2012-08-22 19:58:30 694376 ----a-w- C:\Windows\System32\drivers\rtl8192su.sys
2012-08-22 19:58:24 614400 ----a-w- C:\Windows\SysWow64\Rtlihvs.dll
2012-08-22 19:58:24 380928 ----a-w- C:\Windows\RtlUI2.exe
2012-08-22 19:49:09 -------- d-----w- C:\Users\Jean-Christophe\AppData\Local\Shrew Soft VPN
2012-08-22 19:49:09 -------- d-----w- C:\ProgramData\Shrew Soft VPN
2012-08-22 12:55:58 71680 ----a-w- C:\Windows\System32\frapsv64.dll
2012-08-22 12:55:56 65536 ----a-w- C:\Windows\SysWow64\frapsvid.dll
2012-08-21 17:23:43 -------- d-----w- C:\CAPTURES
2012-08-21 16:33:03 -------- d-sh--w- C:\$RECYCLE.BIN
2012-08-20 15:23:52 166232 ----a-w- C:\Windows\System32\drivers\VBoxNetFlt.sys
2012-08-20 15:23:52 147288 ----a-w- C:\Windows\System32\drivers\VBoxNetAdp.sys
2012-08-20 15:23:50 320856 ----a-w- C:\Windows\System32\VBoxNetFltNobj.dll
2012-08-18 21:32:29 -------- d-----w- C:\Program Files (x86)\AMD APP
2012-08-18 21:09:07 108008 ----a-w- C:\Windows\System32\WindowsAccessBridge-64.dll
2012-08-18 21:03:11 95208 ----a-w- C:\Windows\SysWow64\WindowsAccessBridge-32.dll
2012-08-18 19:55:48 -------- d-----w- C:\Program Files\Wireshark
2012-08-18 19:33:42 503808 ----a-w- C:\Windows\System32\srcore.dll
2012-08-18 19:33:42 43008 ----a-w- C:\Windows\SysWow64\srclient.dll
2012-08-18 19:33:36 751104 ----a-w- C:\Windows\System32\win32spl.dll
2012-08-18 19:33:36 67072 ----a-w- C:\Windows\splwow64.exe
2012-08-18 19:33:36 559104 ----a-w- C:\Windows\System32\spoolsv.exe
2012-08-18 19:33:36 492032 ----a-w- C:\Windows\SysWow64\win32spl.dll
2012-08-18 19:33:33 59392 ----a-w- C:\Windows\System32\browcli.dll
2012-08-18 19:33:33 41984 ----a-w- C:\Windows\SysWow64\browcli.dll
2012-08-18 19:33:33 136704 ----a-w- C:\Windows\System32\browser.dll
2012-08-18 19:33:30 3148800 ----a-w- C:\Windows\System32\win32k.sys
2012-08-18 19:33:28 956928 ----a-w- C:\Windows\System32\localspl.dll
2012-08-11 06:33:57 -------- d-----w- C:\Program Files (x86)\LibreOffice 3.6
2012-08-08 23:23:04 -------- d-----w- C:\Program Files (x86)\HexCmp
2012-08-08 18:25:26 -------- d-----w- C:\Windows\fr
2012-08-08 09:38:53 -------- d-----w- C:\Users\Jean-Christophe\AppData\Local\{840E2A8C-E756-43DE-B478-6A700478A173}
2012-08-08 09:38:53 -------- d-----w- C:\Users\Jean-Christophe\AppData\Local\{1A52BE8A-5B5F-4D63-8813-20050EC92DAB}
2012-08-08 06:11:44 -------- d-----w- C:\ProgramData\TmForever
2012-08-08 06:08:46 -------- d-----w- C:\Program Files (x86)\TmNationsForever
2012-08-07 21:38:22 -------- d-----w- C:\Users\Jean-Christophe\AppData\Local\{93F35AE8-912B-4835-8AF2-C2F868441D0E}
2012-08-07 21:38:16 -------- d-----w- C:\Users\Jean-Christophe\AppData\Local\{5A43A7E6-ED57-45A5-BE07-95BEC09FF3E6}
2012-08-07 09:38:10 -------- d-----w- C:\Users\Jean-Christophe\AppData\Local\{B4A7CFD1-0737-4AAA-BEC5-695009D3DDC4}
2012-08-07 09:38:09 -------- d-----w- C:\Users\Jean-Christophe\AppData\Local\{AEB65A14-50AD-408A-8EED-6D4FD2FF9C2D}
2012-08-06 21:37:45 -------- d-----w- C:\Users\Jean-Christophe\AppData\Local\{9285A96A-A965-4603-85B5-1F54F5217407}
2012-08-06 21:37:37 -------- d-----w- C:\Users\Jean-Christophe\AppData\Local\{372CB4BD-E0E7-4CCB-9CC4-294C3E0375C9}
2012-08-06 09:37:25 -------- d-----w- C:\Users\Jean-Christophe\AppData\Local\{6F0B5824-292D-4198-8DC2-561E043A30B6}
2012-08-06 09:37:18 -------- d-----w- C:\Users\Jean-Christophe\AppData\Local\{304DFE00-DB46-4943-98ED-3528856F4B67}
2012-08-05 21:36:59 -------- d-----w- C:\Users\Jean-Christophe\AppData\Local\{F879C759-5112-4DE2-946C-903DDDFD5F64}
2012-08-05 21:36:56 -------- d-----w- C:\Users\Jean-Christophe\AppData\Local\{743DB8E0-7C2B-4457-8411-31357BF6FC2A}
2012-08-05 12:35:32 -------- d-----w- C:\Users\Jean-Christophe\AppData\Roaming\NetBeans
2012-08-05 12:35:32 -------- d-----w- C:\Users\Jean-Christophe\AppData\Local\NetBeans
2012-08-05 12:26:13 -------- d-----w- C:\Program Files (x86)\glassfish-3.1.2.2
2012-08-05 12:19:14 -------- d-----w- C:\Program Files (x86)\NetBeans 7.2
2012-08-05 09:15:42 -------- d-----w- C:\Users\Jean-Christophe\AppData\Local\{805BAE06-67F3-4927-AD90-0D91DB63E58F}
2012-08-05 09:15:40 -------- d-----w- C:\Users\Jean-Christophe\AppData\Local\{39C70EB6-A9B8-467D-B67D-7A15055C1D38}
2012-08-04 21:15:20 -------- d-----w- C:\Users\Jean-Christophe\AppData\Local\{0F662792-855B-4CE0-9200-2960537B2CF3}
2012-08-04 21:15:19 -------- d-----w- C:\Users\Jean-Christophe\AppData\Local\{AAC25CFF-549B-423A-99F9-622CB2249F50}
2012-08-04 09:15:01 -------- d-----w- C:\Users\Jean-Christophe\AppData\Local\{4ED051D8-9B0B-4CAF-93D0-3181696F9707}
2012-08-04 09:15:00 -------- d-----w- C:\Users\Jean-Christophe\AppData\Local\{7C6F62DE-24BD-43C8-AAA4-9CC31B530577}
2012-08-03 18:27:51 -------- d-----w- C:\Users\Jean-Christophe\AppData\Local\{D2FAADC8-F0BA-4DA9-8E6B-D45BF389A43C}
2012-08-03 06:27:42 -------- d-----w- C:\Users\Jean-Christophe\AppData\Local\{DD0BFDE4-0B83-45F0-A7CD-E43C16567CD8}
2012-08-03 06:27:41 -------- d-----w- C:\Users\Jean-Christophe\AppData\Local\{EC8C2033-A50C-4DF7-90D7-36ED1A14023C}
2012-08-02 18:27:19 -------- d-----w- C:\Users\Jean-Christophe\AppData\Local\{9B6663EC-2986-4E68-BFC1-4D76AA2BC52E}
2012-08-02 06:27:09 -------- d-----w- C:\Users\Jean-Christophe\AppData\Local\{543BC7F9-163A-46DB-A847-15C90E762DF2}
2012-08-02 06:27:05 -------- d-----w- C:\Users\Jean-Christophe\AppData\Local\{48652C92-7903-4B7D-ABC2-B1D0F3AA4C07}
2012-08-01 19:12:39 -------- d-----w- C:\Program Files (x86)\The Witcher 2
2012-08-01 18:26:42 -------- d-----w- C:\Users\Jean-Christophe\AppData\Local\{58E0CB1F-FF9A-478F-B521-5E9E04925C55}
2012-08-01 18:26:40 -------- d-----w- C:\Users\Jean-Christophe\AppData\Local\{166169E2-4D23-4A94-934E-86C799FBA020}
2012-08-01 06:25:38 -------- d-----w- C:\Users\Jean-Christophe\AppData\Local\{2E85DBC1-19AF-4424-98F9-E5417D549B3E}
2012-08-01 06:24:55 -------- d-----w- C:\Users\Jean-Christophe\AppData\Local\{983A5226-C8C1-4FF0-9571-8EFE32B214A9}
2012-07-31 17:53:50 -------- d-----w- C:\Users\Jean-Christophe\AppData\Local\{112D7E96-11EA-4517-B7A8-69E674AF16FD}
.
==================== Find3M ====================
.
2012-08-26 16:33:33 692505 ----a-w- C:\Windows\unins000.exe
2012-08-21 18:35:48 73416 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
2012-08-21 18:35:48 696520 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe
2012-08-18 21:08:31 1034216 ----a-w- C:\Windows\System32\npdeployJava1.dll
2012-08-18 21:08:30 916456 ----a-w- C:\Windows\System32\deployJava1.dll
2012-08-18 21:03:04 821736 ----a-w- C:\Windows\SysWow64\npdeployJava1.dll
2012-08-18 21:03:04 746984 ----a-w- C:\Windows\SysWow64\deployJava1.dll
2012-08-02 10:45:44 56472 ----a-w- C:\Windows\System32\iolobtdfg.exe
2012-08-02 10:45:34 25072 ----a-w- C:\Windows\System32\smrgdf.exe
2012-08-02 09:27:36 2154576 ----a-w- C:\Windows\System32\Incinerator64.dll
2012-08-02 09:27:34 2096360 ----a-w- C:\Windows\SysWow64\Incinerator32.dll
2012-07-28 04:09:20 5538984 ----a-w- C:\Windows\SysWow64\atiumdag.dll
2012-07-28 04:07:44 10278912 ----a-w- C:\Windows\System32\drivers\atikmdag.sys
2012-07-28 03:43:12 70144 ----a-w- C:\Windows\System32\coinst_8.982.dll
2012-07-28 03:19:34 24935424 ----a-w- C:\Windows\System32\atio6axx.dll
2012-07-28 02:50:10 20546560 ----a-w- C:\Windows\SysWow64\atioglxx.dll
2012-07-28 02:15:50 163840 ----a-w- C:\Windows\System32\atiapfxx.exe
2012-07-28 02:15:42 931328 ----a-w- C:\Windows\SysWow64\aticfx32.dll
2012-07-28 02:13:56 1100288 ----a-w- C:\Windows\System32\aticfx64.dll
2012-07-28 02:10:40 442368 ----a-w- C:\Windows\System32\ATIDEMGX.dll
2012-07-28 02:10:34 534528 ----a-w- C:\Windows\System32\atieclxx.exe
2012-07-28 02:09:44 239616 ----a-w- C:\Windows\System32\atiesrxx.exe
2012-07-28 02:08:20 120320 ----a-w- C:\Windows\System32\atitmm64.dll
2012-07-28 02:08:04 21504 ----a-w- C:\Windows\System32\atimuixx.dll
2012-07-28 02:07:58 59392 ----a-w- C:\Windows\System32\atiedu64.dll
2012-07-28 02:07:52 43520 ----a-w- C:\Windows\SysWow64\ati2edxx.dll
2012-07-28 02:07:10 6430208 ----a-w- C:\Windows\SysWow64\atidxx32.dll
2012-07-28 01:51:12 7052288 ----a-w- C:\Windows\System32\atidxx64.dll
2012-07-28 01:41:32 4266496 ----a-w- C:\Windows\System32\atiumd6a.dll
2012-07-28 01:35:10 51200 ----a-w- C:\Windows\System32\aticalrt64.dll
2012-07-28 01:35:08 46080 ----a-w- C:\Windows\SysWow64\aticalrt.dll
2012-07-28 01:35:02 44544 ----a-w- C:\Windows\System32\aticalcl64.dll
2012-07-28 01:35:00 44032 ----a-w- C:\Windows\SysWow64\aticalcl.dll
2012-07-28 01:34:48 16034304 ----a-w- C:\Windows\System32\aticaldd64.dll
2012-07-28 01:32:32 4751872 ----a-w- C:\Windows\SysWow64\atiumdva.dll
2012-07-28 01:30:10 13605888 ----a-w- C:\Windows\SysWow64\aticaldd.dll
2012-07-28 01:25:52 6676480 ----a-w- C:\Windows\System32\atiumd64.dll
2012-07-28 01:15:32 540160 ----a-w- C:\Windows\System32\atiadlxx.dll
2012-07-28 01:15:22 368640 ----a-w- C:\Windows\SysWow64\atiadlxy.dll
2012-07-28 01:15:12 17920 ----a-w- C:\Windows\System32\atig6pxx.dll
2012-07-28 01:15:08 14848 ----a-w- C:\Windows\SysWow64\atiglpxx.dll
2012-07-28 01:15:08 14848 ----a-w- C:\Windows\System32\atiglpxx.dll
2012-07-28 01:15:04 41984 ----a-w- C:\Windows\System32\atig6txx.dll
2012-07-28 01:14:56 33280 ----a-w- C:\Windows\SysWow64\atigktxx.dll
2012-07-28 01:14:46 368640 ----a-w- C:\Windows\System32\drivers\atikmpag.sys
2012-07-28 01:13:54 129536 ----a-w- C:\Windows\System32\atiuxp64.dll
2012-07-28 01:13:48 109568 ----a-w- C:\Windows\SysWow64\atiuxpag.dll
2012-07-28 01:13:40 103936 ----a-w- C:\Windows\System32\atiu9p64.dll
2012-07-28 01:13:32 83456 ----a-w- C:\Windows\SysWow64\atiu9pag.dll
2012-07-28 01:12:54 53248 ----a-w- C:\Windows\System32\drivers\ati2erec.dll
2012-07-28 01:09:02 57792 ----a-w- C:\Windows\SysWow64\sirenacm.dll
2012-07-28 01:08:42 56320 ----a-w- C:\Windows\System32\atimpc64.dll
2012-07-28 01:08:42 56320 ----a-w- C:\Windows\System32\amdpcom64.dll
2012-07-28 01:08:36 56832 ----a-w- C:\Windows\SysWow64\atimpc32.dll
2012-07-28 01:08:36 56832 ----a-w- C:\Windows\SysWow64\amdpcom32.dll
2012-07-28 00:54:00 321472 ----a-w- C:\Windows\WLXPGSS.SCR
2012-07-27 20:47:40 187392 ----a-w- C:\Windows\System32\clinfo.exe
2012-07-27 20:47:24 75776 ----a-w- C:\Windows\System32\OpenVideo64.dll
2012-07-27 20:47:16 65024 ----a-w- C:\Windows\SysWow64\OpenVideo.dll
2012-07-27 20:47:10 63488 ----a-w- C:\Windows\System32\OVDecode64.dll
2012-07-27 20:47:06 56320 ----a-w- C:\Windows\SysWow64\OVDecode.dll
2012-07-27 20:46:56 16464896 ----a-w- C:\Windows\System32\amdocl64.dll
2012-07-27 20:46:06 13013504 ----a-w- C:\Windows\SysWow64\amdocl.dll
2012-07-26 17:08:06 862664 ----a-w- C:\Windows\SysWow64\msvcr110.dll
2012-07-26 17:08:06 534480 ----a-w- C:\Windows\SysWow64\msvcp110.dll
2012-07-26 17:08:06 251864 ----a-w- C:\Windows\SysWow64\vccorlib110.dll
2012-07-26 17:08:06 153536 ----a-w- C:\Windows\SysWow64\atl110.dll
2012-07-26 17:08:06 115656 ----a-w- C:\Windows\SysWow64\vcomp110.dll
2012-07-26 13:22:10 828872 ----a-w- C:\Windows\System32\msvcr110.dll
2012-07-26 13:22:10 661448 ----a-w- C:\Windows\System32\msvcp110.dll
2012-07-26 13:22:10 354264 ----a-w- C:\Windows\System32\vccorlib110.dll
2012-07-26 13:22:10 177096 ----a-w- C:\Windows\System32\atl110.dll
2012-07-26 13:22:10 124360 ----a-w- C:\Windows\System32\vcomp110.dll
2012-07-20 18:00:00 127488 ----a-w- C:\Windows\System32\ff_vfw.dll
2012-07-20 18:00:00 112640 ----a-w- C:\Windows\SysWow64\ff_vfw.dll
2012-07-17 13:14:44 253184 ----a-w- C:\Windows\System32\LIVESSP.DLL
2012-07-17 12:49:00 209648 ----a-w- C:\Windows\SysWow64\LIVESSP.DLL
2012-07-07 10:52:26 298016 ----a-w- C:\Windows\SysWow64\PnkBstrB.xtr
2012-07-07 10:52:26 298016 ----a-w- C:\Windows\SysWow64\PnkBstrB.exe
2012-07-05 22:54:01 76888 ----a-w- C:\Windows\SysWow64\PnkBstrA.exe
2012-07-05 22:53:33 298016 ----a-w- C:\Windows\SysWow64\PnkBstrB.ex0
2012-07-05 22:39:17 3130440 ----a-w- C:\Windows\SysWow64\pbsvc_blr.exe
2012-07-05 19:51:34 1 ----a-w- C:\Windows\SysWow64\SI.bin
2012-07-05 11:02:30 95744 ----a-w- C:\Windows\System32\pdfcmon.dll
2012-07-03 11:46:44 24904 ----a-w- C:\Windows\System32\drivers\mbam.sys
2012-07-01 22:15:28 4102656 ----a-w- C:\Windows\SysWow64\x264vfw.dll
2012-06-29 03:56:34 2312704 ----a-w- C:\Windows\System32\jscript9.dll
2012-06-29 03:49:11 1392128 ----a-w- C:\Windows\System32\wininet.dll
2012-06-29 03:48:07 1494528 ----a-w- C:\Windows\System32\inetcpl.cpl
2012-06-29 03:43:49 173056 ----a-w- C:\Windows\System32\ieUnatt.exe
2012-06-29 03:39:48 2382848 ----a-w- C:\Windows\System32\mshtml.tlb
2012-06-29 00:16:58 1800704 ----a-w- C:\Windows\SysWow64\jscript9.dll
2012-06-29 00:09:01 1129472 ----a-w- C:\Windows\SysWow64\wininet.dll
2012-06-29 00:08:59 1427968 ----a-w- C:\Windows\SysWow64\inetcpl.cpl
2012-06-29 00:04:43 142848 ----a-w- C:\Windows\SysWow64\ieUnatt.exe
2012-06-29 00:00:45 2382848 ----a-w- C:\Windows\SysWow64\mshtml.tlb
2012-06-26 07:02:38 45320 ----a-w- C:\Windows\SysWow64\MAMACExtract.dll
2012-06-20 17:32:26 39424 ----a-w- C:\Windows\System32\udefrag.exe
2012-06-20 17:32:22 7168 ----a-w- C:\Windows\System32\hibernate4win.exe
2012-06-20 17:32:20 12800 ----a-w- C:\Windows\System32\bootexctrl.exe
2011-11-07 19:37:56 8192 --sha-w- C:\Windows\SysWOW64\srvany.exe
.
============= FINISH: 19:33:00,10 ===============

3) Yes I have.

4) Good challenge for you ! :)

#4 Farbar

Farbar

    Just Curious


  • Security Developer
  • 21,730 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:The Netherlands
  • Local time:09:41 AM

Posted 30 August 2012 - 02:16 PM

Hi Troudhyl,

Welcome to the forum and apologies for the delay.

For x32 (x86) bit systems download Farbar Recovery Scan Tool 32-Bit and save it to a flash drive.
For x64 bit systems download Farbar Recovery Scan Tool 64-Bit and save it to a flash drive.

Plug the flashdrive into the infected PC.

Enter System Recovery Options.

To enter System Recovery Options from the Advanced Boot Options:
  • Restart the computer.
  • As soon as the BIOS is loaded begin tapping the F8 key until Advanced Boot Options appears.
  • Use the arrow keys to select the Repair your computer menu item.
  • Choose your language settings, and then click Next.
  • Select the operating system you want to repair, and then click Next.
  • Select your user account and click Next.
To enter System Recovery Options by using Windows installation disc:
  • Insert the installation disc.
  • Restart your computer.
  • If prompted, press any key to start Windows from the installation disc. If your computer is not configured to start from a CD or DVD, check your BIOS settings.
  • Click Repair your computer.
  • Choose your language settings, and then click Next.
  • Select the operating system you want to repair, and then click Next.
  • Select your user account an click Next.
On the System Recovery Options menu you will get the following options:
Startup Repair
System Restore
Windows Complete PC Restore
Windows Memory Diagnostic Tool
Command Prompt
[*]Select Command Prompt
[*]In the command window type in notepad and press Enter.
[*]The notepad opens. Under File menu select Open.
[*]Select "Computer" and find your flash drive letter and close the notepad.
[*]In the command window type e:\frst.exe (for x64 bit version type e:\frst64) and press Enter
Note: Replace letter e with the drive letter of your flash drive.
[*]The tool will start to run.
[*]When the tool opens click Yes to disclaimer.
[*]Press Scan button.
[*]It will make a log (FRST.txt) on the flash drive. Please copy and paste it to your reply.[/list]

#5 Troudhyl

Troudhyl
  • Topic Starter

  • Members
  • 15 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:France
  • Local time:10:41 AM

Posted 30 August 2012 - 03:13 PM

Scan result of Farbar Recovery Scan Tool Version: 30-08-2012

Ran by Système at 30-08-2012 21:48:30

Running from F:\

Windows 7 Professional  Service Pack 1 (X64) OS Language: French Standard 

The current controlset is ControlSet001



==================== Registry (Whitelisted) ===================



HKLM\...\Run: [OODefragTray] C:\Program Files\OO Software\Defrag\oodtray.exe [4011336 2010-11-25] (O&O Software GmbH)

HKLM\...\Run: [EvtMgr6] C:\Program Files\Logitech\SetPointP\SetPoint.exe /launchGaming [1744152 2011-10-07] (Logitech, Inc.)

HKLM\...\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe -s [12503184 2012-06-11] (Realtek Semiconductor)

HKLM\...\Run: [MSC] "C:\Program Files\Microsoft Security Client\msseces.exe" -hide -runkey [1271168 2012-03-26] (Microsoft Corporation)

HKLM-x32\...\Run: [StartCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun [642216 2012-08-06] (Advanced Micro Devices, Inc.)

HKU\Jean-Christophe\...\Run: [Spiffy] "C:\Program Files (x86)\Spiffy\spiffy.exe" [699904 2011-09-18] ()

HKU\Jean-Christophe\...\Run: [SuperF4] "C:\Program Files\SuperF4\SuperF4.exe" -hide [47616 2010-10-23] (Stefan Sundin)

HKU\Jean-Christophe\...\Run: [FileHippo.com] "C:\Program Files (x86)\FileHippo.com\UpdateChecker.exe" /background [306688 2012-03-26] (FileHippo.com)

HKU\Jean-Christophe\...\Run: [msnmsgr] "C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe" /background [4272064 2012-07-28] (Microsoft Corporation)

Winlogon\Notify\LBTWlgn: c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll (Logitech, Inc.)

Tcpip\..\Interfaces\{7A65A7D7-929B-4A87-AF78-BDC5C9C46E8B}: [NameServer]195.83.9.11,195.83.9.12

Tcpip\..\Interfaces\{88BC69E1-81E5-4987-ABD8-D0F8076F9FB3}: [NameServer]10.4.0.1

Tcpip\..\Interfaces\{F9E6E265-D7FB-4568-9327-6544BBD1559A}: [NameServer]195.83.9.11,195.83.9.12



==================== Services (Whitelisted) ======



2 dtpd; C:\Program Files\ShrewSoft\VPN Client\dtpd.exe -service [56592 2010-10-08] ()

3 FileZilla Server; "C:\Program Files (x86)\FileZilla Server\FileZilla Server.exe" [632320 2012-02-26] (FileZilla Project)

2 iked; C:\Program Files\ShrewSoft\VPN Client\iked.exe -service [957712 2010-10-08] ()

3 ioloSystemService; "C:\Program Files (x86)\iolo\Common\Lib\ioloServiceManager.exe" [1027792 2012-08-02] (iolo technologies, LLC)

2 ipsecd; C:\Program Files\ShrewSoft\VPN Client\ipsecd.exe -service [697616 2010-10-08] ()

3 maconfservice; "C:\Program Files\ma-config.com\x64\maconfservice.exe" [427672 2012-07-04] (CybelSoft)

4 MsDepSvc; "C:\Program Files\IIS\Microsoft Web Deploy\MsDepSvc.exe" -runService:MsDepSvc [63304 2011-02-04] (Microsoft Corporation)

4 MsDtsServer100; "C:\Program Files\Microsoft SQL Server\100\DTS\Binn\MsDtsSrvr.exe" [210776 2010-09-17] (Microsoft Corporation)

3 MsgPlusService; "C:\Program Files (x86)\Yuna Software\Messenger Plus! for Skype\MsgPlusForSkypeService.exe" [124832 2012-01-22] (Yuna Software)

2 MsMpSvc; "C:\Program Files\Microsoft Security Client\MsMpEng.exe" [12600 2012-03-26] (Microsoft Corporation)

4 MSSQLSERVER; "C:\Program Files\Microsoft SQL Server\MSSQL10.MSSQLSERVER\MSSQL\Binn\sqlservr.exe" -sMSSQLSERVER [57966424 2010-09-17] (Microsoft Corporation)

4 msvsmon90; "C:\Program Files\Microsoft Visual Studio 9.0\Common7\IDE\Remote Debugger\x64\msvsmon.exe" /service msvsmon90 [4466688 2007-11-08] (Microsoft Corporation)

3 NisSrv; "C:\Program Files\Microsoft Security Client\NisSrv.exe" [291696 2012-03-26] (Microsoft Corporation)

2 OODefragAgent; "C:\Program Files\OO Software\Defrag\oodag.exe" [3152200 2010-11-25] (O&O Software GmbH)

2 Realtek11nSU; C:\Program Files (x86)\Realtek\11n USB Wireless LAN Utility\RtlService.exe [36864 2010-04-16] (Realtek)

3 ReportServer; "C:\Program Files\Microsoft SQL Server\MSRS10.MSSQLSERVER\Reporting Services\ReportServer\bin\ReportingServicesService.exe" [2085208 2010-09-17] (Microsoft Corporation)

3 SandraAgentSrv; C:\Program Files\SiSoftware\SiSoftware Sandra Lite 2012.SP2\RpcAgentSrv.exe [68760 2009-08-13] (SiSoftware)

3 sesvc; "C:\Program Files (x86)\ShadowExplorer\sesvc.exe" [9216 2011-01-02] (www.shadowexplorer.com)

4 SQLSERVERAGENT; "C:\Program Files\Microsoft SQL Server\MSSQL10.MSSQLSERVER\MSSQL\Binn\SQLAGENT.EXE" -i MSSQLSERVER [430424 2010-09-17] (Microsoft Corporation)

3 Tomcat6; "C:\Program Files\Apache Software Foundation\Tomcat 6.0\bin\Tomcat6.exe" //RS//Tomcat6 [96256 2011-11-28] (Apache Software Foundation)

3 Tomcat7; "C:\Program Files\Apache Software Foundation\Tomcat 7.0\bin\Tomcat7.exe" //RS//Tomcat7 [99840 2012-07-03] (Apache Software Foundation)

3 TuneUp.UtilitiesSvc; "C:\Program Files (x86)\TuneUp Utilities 2012\TuneUpUtilitiesService64.exe" [2143072 2012-05-29] (TuneUp Software)

4 MSSQLFDLauncher; "C:\Program Files\Microsoft SQL Server\MSSQL10.MSSQLSERVER\MSSQL\Binn\fdlauncher.exe" -s MSSQL10.MSSQLSERVER [x]

4 MSSQLServerOLAPService; "C:\Program Files\Microsoft SQL Server\MSAS10.MSSQLSERVER\OLAP\bin\msmdsrv.exe" -s "C:\Program Files\Microsoft SQL Server\MSAS10.MSSQLSERVER\OLAP\Config" [x]

3 rpcapd; "C:\Program Files (x86)\WinPcap\rpcapd.exe" -d -f "C:\Program Files (x86)\WinPcap\rpcapd.ini" [x]



==================== Drivers (Whitelisted) ===================



2 acedrv11; C:\Windows\System32\Drivers\acedrv11.sys [191616 2010-02-24] (Protect Software GmbH)

2 atksgt; C:\Windows\System32\Drivers\atksgt.sys [314016 2011-02-26] ()

3 driverhardwarev2x64; \??\C:\Program Files\ma-config.com\Drivers\driverhardwarev2x64.sys [16640 2011-07-21] (CybelSoft)

1 dtsoftbus01; C:\Windows\System32\Drivers\dtsoftbus01.sys [283200 2012-04-29] (DT Soft Ltd)

1 ElRawDisk; \??\C:\Windows\system32\drivers\ElRawDsk.sys [23464 2008-12-09] (EldoS Corporation)

3 ENTECH64; C:\Windows\System32\Drivers\ENTECH64.sys [12744 2008-04-22] (EnTech Taiwan)

3 ENTECH64; C:\Windows\SysWow64\Drivers\ENTECH64.sys [12744 2007-09-07] (EnTech Taiwan)

3 Epfwndis; C:\Windows\System32\Drivers\Epfwndis.sys [34144 2010-12-21] (ESET)

3 etdrv; \??\C:\Windows\etdrv.sys [25640 2012-05-29] (Windows (R) Server 2003 DDK provider)

3 gdrv; \??\C:\Windows\gdrv.sys [25640 2012-05-30] (Windows (R) Server 2003 DDK provider)

3 Gun; \??\C:\Windows\system32\Gun64.sys [30840 2011-01-15] ()

3 GVTDrv64; \??\C:\Windows\GVTDrv64.sys [30528 2012-05-30] ()

3 hamachi; C:\Windows\System32\Drivers\hamachi.sys [33344 2009-06-23] (LogMeIn, Inc.)

2 lirsgt; C:\Windows\System32\Drivers\lirsgt.sys [43680 2009-10-02] ()

3 NPF; C:\Windows\System32\Drivers\NPF.sys [35344 2010-06-25] (CACE Technologies, Inc.)

3 rtlss; C:\Windows\System32\Drivers\rtlss.sys [27240 2010-06-21] (Realtek Semiconductor Corporation)

3 SANDRA; \??\C:\Program Files\SiSoftware\SiSoftware Sandra Lite 2012.SP2\WNt500x64\Sandra.sys [23112 2009-08-07] (SiSoftware)

3 ssudserd; C:\Windows\System32\Drivers\ssudserd.sys [203320 2012-05-21] (DEVGURU Co., LTD.(www.devguru.co.kr))

3 TuneUpUtilitiesDrv; \??\C:\Program Files (x86)\TuneUp Utilities 2012\TuneUpUtilitiesDriver64.sys [11856 2011-12-06] (TuneUp Software)

3 usbbus; C:\Windows\System32\DRIVERS\lgx64bus.sys [17920 2008-11-11] (LG Electronics Inc.)

3 UsbDiag; C:\Windows\System32\DRIVERS\lgx64diag.sys [27136 2008-11-11] (LG Electronics Inc.)

3 USBModem; C:\Windows\System32\DRIVERS\lgx64modem.sys [33792 2008-11-11] (LG Electronics Inc.)

3 VBoxUSB; C:\Windows\System32\Drivers\VBoxUSB.sys [117080 2012-05-22] (Oracle Corporation)

3 catchme;  [x]

1 CFRMD; C:\Windows\System32\DRIVERS\CFRMD.sys [x]

1 CFRPD; C:\Windows\System32\DRIVERS\CFRPD.sys [x]

3 cpuz134; \??\C:\Users\JEAN-C~1\AppData\Local\Temp\cpuz134\cpuz134_x64.sys [x]

3 NPPTNT2;  [x]

3 PnkBstrA;  [x]

3 PORTMON; \??\D:\Mes Documents\Téléchargement\Programmes\NirLauncher\SysinternalsSuite\PORTMSYS.SYS [x]

0 sptd; C:\Windows\System32\Drivers\sptd.sys [x]

3 StarOpen;  [x]



==================== NetSvcs (Whitelisted) =================





==================== One Month Created Files and Folders ======================



2012-08-28 14:01 - 2012-08-02 01:23 - 00158944 ____A (Tonec Inc.) C:\Windows\System32\Drivers\idmwfp.sys

2012-08-26 22:09 - 2012-08-26 22:09 - 00007680 ___AH C:\Windows\SysWOW64\svchost.suo

2012-08-26 22:09 - 2012-08-26 22:09 - 00000982 ____A C:\Windows\SysWOW64\svchost.sln

2012-08-26 19:33 - 2012-08-26 19:34 - 00000272 ____A C:\Windows\reimage.ini

2012-08-26 17:06 - 2012-08-26 17:06 - 00000000 ____D C:\Program Files\Microsoft Security Client

2012-08-26 17:06 - 2012-08-26 17:06 - 00000000 ____D C:\Program Files (x86)\Microsoft Security Client

2012-08-26 16:25 - 2012-08-26 16:25 - 00001252 ____A C:\Users\Public\Desktop\FINAL FANTASY VII.lnk

2012-08-26 16:23 - 2012-08-26 16:23 - 00000000 ____D C:\Program Files (x86)\Square Enix

2012-08-25 22:53 - 2008-05-08 06:03 - 00303616 ____A ( ) C:\SetACL.exe

2012-08-25 22:51 - 2004-06-12 00:33 - 00290304 ____A (Microsoft Corporation) C:\subinacl.exe

2012-08-25 22:50 - 2012-08-25 23:04 - 00181064 ____A (Sysinternals) C:\Windows\PSEXESVC.EXE

2012-08-25 20:38 - 2012-08-25 20:38 - 00000207 ____A C:\Windows\tweaking.com-regbackup-PC-DE-JC-Microsoft-Windows-7-Professionnel-(64-bits).dat

2012-08-25 20:36 - 2012-08-25 20:36 - 00000000 ____D C:\RegBackup

2012-08-23 22:41 - 2012-08-20 16:23 - 00224088 ____A (Oracle Corporation) C:\Windows\System32\Drivers\VBoxDrv.sys

2012-08-23 22:41 - 2012-08-20 16:23 - 00130904 ____A (Oracle Corporation) C:\Windows\System32\Drivers\VBoxUSBMon.sys

2012-08-23 19:20 - 2012-08-23 19:20 - 00000512 ____A C:\PhysicalDisk0_MBR.bin

2012-08-23 18:43 - 2012-08-30 07:48 - 00000000 ____D C:\Program Files (x86)\ZHPDiag

2012-08-23 18:43 - 2012-08-24 19:29 - 00000000 ____D C:\ZHP

2012-08-23 08:24 - 2012-08-23 08:24 - 00000406 ____A C:\Windows\System32\ioloBootDefrag.cfg

2012-08-23 08:19 - 2012-08-02 10:21 - 00082160 ____A (Raxco Software, Inc.) C:\Windows\System32\Drivers\PDFsFilter.sys

2012-08-23 08:18 - 2012-08-23 08:18 - 00074703 ____A C:\Windows\SysWOW64\mfc45.dat

2012-08-23 08:13 - 2008-12-09 09:59 - 00023464 ____A (EldoS Corporation) C:\Windows\System32\Drivers\ElRawDsk.sys

2012-08-22 21:38 - 2012-07-28 00:07 - 00000221 ____A C:\Windows\w32dasm8.ini

2012-08-22 21:38 - 2011-12-23 20:58 - 00172032 ____A (Musiccity Co.Ltd.) C:\Windows\SysWOW64\muzapp.exe

2012-08-22 21:38 - 2011-10-16 12:21 - 00074703 ____A C:\Windows\SysWOW64mfc45.dll

2012-08-22 20:59 - 2012-08-22 20:59 - 00000000 ____D C:\Program Files (x86)\Cisco

2012-08-22 20:58 - 2011-08-11 12:46 - 00694376 ____A (Realtek Semiconductor Corporation                           ) C:\Windows\System32\Drivers\rtl8192su.sys

2012-08-22 20:58 - 2009-03-31 13:31 - 00380928 ____A (Realtek) C:\Windows\RtlUI2.exe

2012-08-22 20:58 - 2009-01-05 19:31 - 00000901 ____A C:\Windows\RtlUI2.exe.manifest

2012-08-22 20:58 - 2008-07-01 11:31 - 00614400 ____A (Realtek Semiconductor Corp. ) C:\Windows\SysWOW64\Rtlihvs.dll

2012-08-22 20:49 - 2012-08-22 20:49 - 00000000 ____D C:\Users\Jean-Christophe\AppData\Local\Shrew Soft VPN

2012-08-22 20:49 - 2012-08-22 20:49 - 00000000 ____D C:\Users\All Users\Shrew Soft VPN

2012-08-22 13:55 - 2012-08-22 13:55 - 00071680 ____A (Beepa P/L) C:\Windows\System32\frapsv64.dll

2012-08-22 13:55 - 2012-08-22 13:55 - 00065536 ____A (Beepa P/L) C:\Windows\SysWOW64\frapsvid.dll

2012-08-21 18:23 - 2012-08-21 19:01 - 00000000 ____D C:\CAPTURES

2012-08-21 17:39 - 2012-08-21 17:39 - 00052036 ____A C:\ComboFix.txt

2012-08-20 22:35 - 2012-08-22 21:35 - 00000000 ____D C:\Windows\erdnt

2012-08-20 16:23 - 2012-08-20 16:23 - 00320856 ____A (Oracle Corporation) C:\Windows\System32\VBoxNetFltNobj.dll

2012-08-20 16:23 - 2012-08-20 16:23 - 00166232 ____A (Oracle Corporation) C:\Windows\System32\Drivers\VBoxNetFlt.sys

2012-08-20 16:23 - 2012-08-20 16:23 - 00147288 ____A (Oracle Corporation) C:\Windows\System32\Drivers\VBoxNetAdp.sys

2012-08-18 22:32 - 2012-08-18 22:32 - 00000000 ____D C:\Users\All Users\ATI

2012-08-18 22:32 - 2012-08-18 22:32 - 00000000 ____D C:\Program Files (x86)\AMD APP

2012-08-18 22:10 - 2012-08-18 22:08 - 00289768 ____A (Oracle Corporation) C:\Windows\System32\javaws.exe

2012-08-18 22:09 - 2012-08-18 22:08 - 00189416 ____A (Oracle Corporation) C:\Windows\System32\javaw.exe

2012-08-18 22:09 - 2012-08-18 22:08 - 00188904 ____A (Oracle Corporation) C:\Windows\System32\java.exe

2012-08-18 22:09 - 2012-08-18 22:08 - 00108008 ____A (Oracle Corporation) C:\Windows\System32\WindowsAccessBridge-64.dll

2012-08-18 22:03 - 2012-08-18 22:03 - 00246760 ____A (Oracle Corporation) C:\Windows\SysWOW64\javaws.exe

2012-08-18 22:03 - 2012-08-18 22:03 - 00095208 ____A (Oracle Corporation) C:\Windows\SysWOW64\WindowsAccessBridge-32.dll

2012-08-18 21:57 - 2012-08-18 22:03 - 00174056 ____A (Oracle Corporation) C:\Windows\SysWOW64\javaw.exe

2012-08-18 21:57 - 2012-08-18 22:03 - 00174056 ____A (Oracle Corporation) C:\Windows\SysWOW64\java.exe

2012-08-18 20:55 - 2012-08-18 20:56 - 00000000 ____D C:\Program Files\Wireshark

2012-08-18 20:52 - 2012-06-29 05:55 - 17809920 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.dll

2012-08-18 20:52 - 2012-06-29 05:09 - 10925568 ____A (Microsoft Corporation) C:\Windows\System32\ieframe.dll

2012-08-18 20:52 - 2012-06-29 04:56 - 02312704 ____A (Microsoft Corporation) C:\Windows\System32\jscript9.dll

2012-08-18 20:52 - 2012-06-29 04:49 - 01392128 ____A (Microsoft Corporation) C:\Windows\System32\wininet.dll

2012-08-18 20:52 - 2012-06-29 04:49 - 01346048 ____A (Microsoft Corporation) C:\Windows\System32\urlmon.dll

2012-08-18 20:52 - 2012-06-29 04:48 - 01494528 ____A (Microsoft Corporation) C:\Windows\System32\inetcpl.cpl

2012-08-18 20:52 - 2012-06-29 04:47 - 00237056 ____A (Microsoft Corporation) C:\Windows\System32\url.dll

2012-08-18 20:52 - 2012-06-29 04:45 - 00085504 ____A (Microsoft Corporation) C:\Windows\System32\jsproxy.dll

2012-08-18 20:52 - 2012-06-29 04:44 - 00816640 ____A (Microsoft Corporation) C:\Windows\System32\jscript.dll

2012-08-18 20:52 - 2012-06-29 04:43 - 00173056 ____A (Microsoft Corporation) C:\Windows\System32\ieUnatt.exe

2012-08-18 20:52 - 2012-06-29 04:42 - 02144768 ____A (Microsoft Corporation) C:\Windows\System32\iertutil.dll

2012-08-18 20:52 - 2012-06-29 04:40 - 00096768 ____A (Microsoft Corporation) C:\Windows\System32\mshtmled.dll

2012-08-18 20:52 - 2012-06-29 04:39 - 02382848 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.tlb

2012-08-18 20:52 - 2012-06-29 04:35 - 00248320 ____A (Microsoft Corporation) C:\Windows\System32\ieui.dll

2012-08-18 20:52 - 2012-06-29 01:52 - 12317184 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll

2012-08-18 20:52 - 2012-06-29 01:27 - 09737728 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll

2012-08-18 20:52 - 2012-06-29 01:16 - 01800704 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll

2012-08-18 20:52 - 2012-06-29 01:09 - 01129472 ____A (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll

2012-08-18 20:52 - 2012-06-29 01:09 - 01103872 ____A (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll

2012-08-18 20:52 - 2012-06-29 01:08 - 01427968 ____A (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl

2012-08-18 20:52 - 2012-06-29 01:07 - 00231936 ____A (Microsoft Corporation) C:\Windows\SysWOW64\url.dll

2012-08-18 20:52 - 2012-06-29 01:06 - 00065024 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll

2012-08-18 20:52 - 2012-06-29 01:04 - 00717824 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll

2012-08-18 20:52 - 2012-06-29 01:04 - 00142848 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe

2012-08-18 20:52 - 2012-06-29 01:01 - 01793024 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll

2012-08-18 20:52 - 2012-06-29 01:01 - 00073216 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll

2012-08-18 20:52 - 2012-06-29 01:00 - 02382848 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb

2012-08-18 20:52 - 2012-06-29 00:57 - 00176640 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll

2012-08-18 20:33 - 2012-07-18 19:15 - 03148800 ____A (Microsoft Corporation) C:\Windows\System32\win32k.sys

2012-08-18 20:33 - 2012-07-04 23:16 - 00073216 ____A (Microsoft Corporation) C:\Windows\System32\netapi32.dll

2012-08-18 20:33 - 2012-07-04 23:13 - 00136704 ____A (Microsoft Corporation) C:\Windows\System32\browser.dll

2012-08-18 20:33 - 2012-07-04 23:13 - 00059392 ____A (Microsoft Corporation) C:\Windows\System32\browcli.dll

2012-08-18 20:33 - 2012-07-04 22:16 - 00057344 ____A (Microsoft Corporation) C:\Windows\SysWOW64\netapi32.dll

2012-08-18 20:33 - 2012-07-04 22:14 - 00041984 ____A (Microsoft Corporation) C:\Windows\SysWOW64\browcli.dll

2012-08-18 20:33 - 2012-05-14 06:26 - 00956928 ____A (Microsoft Corporation) C:\Windows\System32\localspl.dll

2012-08-18 20:33 - 2012-05-05 09:36 - 00503808 ____A (Microsoft Corporation) C:\Windows\System32\srcore.dll

2012-08-18 20:33 - 2012-05-05 08:46 - 00043008 ____A (Microsoft Corporation) C:\Windows\SysWOW64\srclient.dll

2012-08-18 20:33 - 2012-02-11 07:43 - 00751104 ____A (Microsoft Corporation) C:\Windows\System32\win32spl.dll

2012-08-18 20:33 - 2012-02-11 07:36 - 00559104 ____A (Microsoft Corporation) C:\Windows\System32\spoolsv.exe

2012-08-18 20:33 - 2012-02-11 07:36 - 00067072 ____A (Microsoft Corporation) C:\Windows\splwow64.exe

2012-08-18 20:33 - 2012-02-11 06:43 - 00492032 ____A (Microsoft Corporation) C:\Windows\SysWOW64\win32spl.dll

2012-08-11 07:33 - 2012-08-30 19:33 - 00000000 ____D C:\Program Files (x86)\LibreOffice 3.6

2012-08-09 00:23 - 2012-08-09 00:23 - 00000052 ____A C:\Windows\SysWOW64\setupmshc.log

2012-08-09 00:23 - 2012-08-09 00:23 - 00000022 ____A C:\Windows\SysWOW64\msxml.hec

2012-08-09 00:23 - 2012-08-09 00:23 - 00000022 ____A C:\Windows\msxml.hec

2012-08-09 00:23 - 2012-08-09 00:23 - 00000002 ____A C:\Program Files (x86)\mshexc.bmp

2012-08-09 00:23 - 2012-08-09 00:23 - 00000000 ____D C:\Program Files (x86)\HexCmp

2012-08-08 19:25 - 2012-08-08 19:25 - 00000000 ____D C:\Windows\fr

2012-08-08 10:38 - 2012-08-08 10:38 - 00000000 ____D C:\Users\Jean-Christophe\AppData\Local\{840E2A8C-E756-43DE-B478-6A700478A173}

2012-08-08 10:38 - 2012-08-08 10:38 - 00000000 ____D C:\Users\Jean-Christophe\AppData\Local\{1A52BE8A-5B5F-4D63-8813-20050EC92DAB}

2012-08-08 07:11 - 2012-08-08 07:16 - 00000000 ____D C:\Users\All Users\TmForever

2012-08-08 07:10 - 2012-08-08 07:10 - 00001118 ____A C:\Users\Public\Desktop\TmNationsForever.lnk

2012-08-08 07:08 - 2012-08-08 07:10 - 00000000 ____D C:\Program Files (x86)\TmNationsForever

2012-08-07 22:38 - 2012-08-07 22:38 - 00000000 ____D C:\Users\Jean-Christophe\AppData\Local\{93F35AE8-912B-4835-8AF2-C2F868441D0E}

2012-08-07 22:38 - 2012-08-07 22:38 - 00000000 ____D C:\Users\Jean-Christophe\AppData\Local\{5A43A7E6-ED57-45A5-BE07-95BEC09FF3E6}

2012-08-07 10:38 - 2012-08-07 10:38 - 00000000 ____D C:\Users\Jean-Christophe\AppData\Local\{B4A7CFD1-0737-4AAA-BEC5-695009D3DDC4}

2012-08-07 10:38 - 2012-08-07 10:38 - 00000000 ____D C:\Users\Jean-Christophe\AppData\Local\{AEB65A14-50AD-408A-8EED-6D4FD2FF9C2D}

2012-08-06 22:37 - 2012-08-06 22:37 - 00000000 ____D C:\Users\Jean-Christophe\AppData\Local\{9285A96A-A965-4603-85B5-1F54F5217407}

2012-08-06 22:37 - 2012-08-06 22:37 - 00000000 ____D C:\Users\Jean-Christophe\AppData\Local\{372CB4BD-E0E7-4CCB-9CC4-294C3E0375C9}

2012-08-06 10:37 - 2012-08-06 10:37 - 00000000 ____D C:\Users\Jean-Christophe\AppData\Local\{6F0B5824-292D-4198-8DC2-561E043A30B6}

2012-08-06 10:37 - 2012-08-06 10:37 - 00000000 ____D C:\Users\Jean-Christophe\AppData\Local\{304DFE00-DB46-4943-98ED-3528856F4B67}

2012-08-05 22:36 - 2012-08-05 22:36 - 00000000 ____D C:\Users\Jean-Christophe\AppData\Local\{F879C759-5112-4DE2-946C-903DDDFD5F64}

2012-08-05 22:36 - 2012-08-05 22:36 - 00000000 ____D C:\Users\Jean-Christophe\AppData\Local\{743DB8E0-7C2B-4457-8411-31357BF6FC2A}

2012-08-05 13:35 - 2012-08-05 13:35 - 00000000 ____D C:\Users\Jean-Christophe\AppData\Roaming\NetBeans

2012-08-05 13:35 - 2012-08-05 13:35 - 00000000 ____D C:\Users\Jean-Christophe\AppData\Local\NetBeans

2012-08-05 13:26 - 2012-08-05 13:27 - 00000000 ____D C:\Program Files (x86)\glassfish-3.1.2.2

2012-08-05 13:22 - 2012-08-05 13:22 - 00002081 ____A C:\Users\Public\Desktop\NetBeans IDE 7.2.lnk

2012-08-05 13:19 - 2012-08-05 13:35 - 00000000 ____D C:\Program Files (x86)\NetBeans 7.2

2012-08-05 10:15 - 2012-08-05 10:15 - 00000000 ____D C:\Users\Jean-Christophe\AppData\Local\{805BAE06-67F3-4927-AD90-0D91DB63E58F}

2012-08-05 10:15 - 2012-08-05 10:15 - 00000000 ____D C:\Users\Jean-Christophe\AppData\Local\{39C70EB6-A9B8-467D-B67D-7A15055C1D38}

2012-08-04 22:15 - 2012-08-04 22:15 - 00000000 ____D C:\Users\Jean-Christophe\AppData\Local\{AAC25CFF-549B-423A-99F9-622CB2249F50}

2012-08-04 22:15 - 2012-08-04 22:15 - 00000000 ____D C:\Users\Jean-Christophe\AppData\Local\{0F662792-855B-4CE0-9200-2960537B2CF3}

2012-08-04 10:15 - 2012-08-04 10:15 - 00000000 ____D C:\Users\Jean-Christophe\AppData\Local\{7C6F62DE-24BD-43C8-AAA4-9CC31B530577}

2012-08-04 10:15 - 2012-08-04 10:15 - 00000000 ____D C:\Users\Jean-Christophe\AppData\Local\{4ED051D8-9B0B-4CAF-93D0-3181696F9707}

2012-08-03 19:27 - 2012-08-03 19:27 - 00000000 ____D C:\Users\Jean-Christophe\AppData\Local\{D2FAADC8-F0BA-4DA9-8E6B-D45BF389A43C}

2012-08-03 07:27 - 2012-08-03 19:27 - 00000000 ____D C:\Users\Jean-Christophe\AppData\Local\{EC8C2033-A50C-4DF7-90D7-36ED1A14023C}

2012-08-03 07:27 - 2012-08-03 07:27 - 00000000 ____D C:\Users\Jean-Christophe\AppData\Local\{DD0BFDE4-0B83-45F0-A7CD-E43C16567CD8}

2012-08-02 19:27 - 2012-08-02 19:27 - 00000000 ____D C:\Users\Jean-Christophe\AppData\Local\{9B6663EC-2986-4E68-BFC1-4D76AA2BC52E}

2012-08-02 07:27 - 2012-08-02 19:27 - 00000000 ____D C:\Users\Jean-Christophe\AppData\Local\{48652C92-7903-4B7D-ABC2-B1D0F3AA4C07}

2012-08-02 07:27 - 2012-08-02 07:27 - 00000000 ____D C:\Users\Jean-Christophe\AppData\Local\{543BC7F9-163A-46DB-A847-15C90E762DF2}

2012-08-01 20:12 - 2012-08-01 23:34 - 00000000 ____D C:\Program Files (x86)\The Witcher 2

2012-08-01 20:12 - 2012-08-01 20:12 - 00000754 ____A C:\Users\Public\Desktop\The Witcher 2 Enhanced Edition.lnk

2012-08-01 19:26 - 2012-08-01 19:26 - 00000000 ____D C:\Users\Jean-Christophe\AppData\Local\{58E0CB1F-FF9A-478F-B521-5E9E04925C55}

2012-08-01 19:26 - 2012-08-01 19:26 - 00000000 ____D C:\Users\Jean-Christophe\AppData\Local\{166169E2-4D23-4A94-934E-86C799FBA020}

2012-08-01 07:25 - 2012-08-01 07:26 - 00000000 ____D C:\Users\Jean-Christophe\AppData\Local\{2E85DBC1-19AF-4424-98F9-E5417D549B3E}

2012-08-01 07:24 - 2012-08-01 07:25 - 00000000 ____D C:\Users\Jean-Christophe\AppData\Local\{983A5226-C8C1-4FF0-9571-8EFE32B214A9}

2012-07-31 18:53 - 2012-07-31 18:53 - 00000000 ____D C:\Users\Jean-Christophe\AppData\Local\{112D7E96-11EA-4517-B7A8-69E674AF16FD}

2012-07-31 06:53 - 2012-07-31 06:53 - 00000000 ____D C:\Users\Jean-Christophe\AppData\Local\{85565794-C711-4380-BDF2-7D830C1BADF4}

2012-07-31 06:53 - 2012-07-31 06:53 - 00000000 ____D C:\Users\Jean-Christophe\AppData\Local\{11EAEC19-FDD8-4B35-803D-32CE8B2F6D22}





==================== 3 Months Modified Files ================================



2012-08-30 20:33 - 2011-03-30 22:11 - 01617415 ____A C:\Windows\WindowsUpdate.log

2012-08-30 20:32 - 2010-01-28 19:44 - 00000489 ____A C:\Windows\System32\Drivers\etc\hosts.ics

2012-08-30 20:24 - 2009-07-14 16:24 - 00977566 ____A C:\Windows\System32\perfh00C.dat

2012-08-30 20:24 - 2009-07-14 16:24 - 00246584 ____A C:\Windows\System32\perfc00C.dat

2012-08-30 20:24 - 2009-07-14 06:13 - 02293988 ____A C:\Windows\System32\PerfStringBackup.INI

2012-08-30 20:21 - 2012-04-29 17:03 - 12158522 ____A C:\Windows\setupact.log

2012-08-30 07:27 - 2009-08-19 11:06 - 00000953 ____A C:\Users\Public\Desktop\µTorrent.lnk

2012-08-30 07:26 - 2009-08-19 12:36 - 00021856 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0

2012-08-30 07:26 - 2009-08-19 12:36 - 00021856 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0

2012-08-30 07:21 - 2011-09-02 20:17 - 00000344 ____A C:\Windows\Tasks\GlaryInitialize.job

2012-08-30 07:18 - 2009-07-14 06:08 - 00000006 ___AH C:\Windows\Tasks\SA.DAT

2012-08-30 07:17 - 2009-02-23 01:34 - 03824431 ____A C:\Windows\System32\oodbs.lor

2012-08-26 22:09 - 2012-08-26 22:09 - 00007680 ___AH C:\Windows\SysWOW64\svchost.suo

2012-08-26 22:09 - 2012-08-26 22:09 - 00000982 ____A C:\Windows\SysWOW64\svchost.sln

2012-08-26 20:10 - 2009-07-14 06:08 - 00032496 ____A C:\Windows\Tasks\SCHEDLGU.TXT

2012-08-26 19:34 - 2012-08-26 19:33 - 00000272 ____A C:\Windows\reimage.ini

2012-08-26 17:33 - 2009-02-23 20:09 - 00692505 ____A () C:\Windows\unins000.exe

2012-08-26 17:33 - 2009-02-23 20:09 - 00001690 ____A C:\Windows\unins000.dat

2012-08-26 17:07 - 2011-08-15 23:00 - 00001912 ____A C:\Windows\epplauncher.mif

2012-08-26 17:06 - 2009-08-19 12:38 - 02319158 ____A C:\Windows\SysWOW64\PerfStringBackup.INI

2012-08-26 16:25 - 2012-08-26 16:25 - 00001252 ____A C:\Users\Public\Desktop\FINAL FANTASY VII.lnk

2012-08-25 23:04 - 2012-08-25 22:50 - 00181064 ____A (Sysinternals) C:\Windows\PSEXESVC.EXE

2012-08-25 20:38 - 2012-08-25 20:38 - 00000207 ____A C:\Windows\tweaking.com-regbackup-PC-DE-JC-Microsoft-Windows-7-Professionnel-(64-bits).dat

2012-08-24 19:32 - 2012-04-29 19:38 - 00027808 ____A C:\Windows\PFRO.log

2012-08-23 19:20 - 2012-08-23 19:20 - 00000512 ____A C:\PhysicalDisk0_MBR.bin

2012-08-23 08:24 - 2012-08-23 08:24 - 00000406 ____A C:\Windows\System32\ioloBootDefrag.cfg

2012-08-23 08:18 - 2012-08-23 08:18 - 00074703 ____A C:\Windows\SysWOW64\mfc45.dat

2012-08-22 13:55 - 2012-08-22 13:55 - 00071680 ____A (Beepa P/L) C:\Windows\System32\frapsv64.dll

2012-08-22 13:55 - 2012-08-22 13:55 - 00065536 ____A (Beepa P/L) C:\Windows\SysWOW64\frapsvid.dll

2012-08-21 19:35 - 2012-03-30 07:07 - 00696520 ____A (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe

2012-08-21 19:35 - 2011-05-13 20:59 - 00073416 ____A (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl

2012-08-21 17:39 - 2012-08-21 17:39 - 00052036 ____A C:\ComboFix.txt

2012-08-21 17:33 - 2009-07-14 03:34 - 00000215 ____A C:\Windows\system.ini

2012-08-20 22:55 - 2009-07-14 03:34 - 29360128 ____A C:\Windows\System32\config\SYSTEM.bak

2012-08-20 22:55 - 2009-07-14 03:34 - 169082880 ____A C:\Windows\System32\config\SOFTWARE.bak

2012-08-20 22:55 - 2009-07-14 03:34 - 09175040 ____A C:\Windows\System32\config\DEFAULT.bak

2012-08-20 22:55 - 2009-07-14 03:34 - 00262144 ____A C:\Windows\System32\config\SECURITY.bak

2012-08-20 22:55 - 2009-07-14 03:34 - 00077824 ____A C:\Windows\System32\config\SAM.bak

2012-08-20 16:23 - 2012-08-23 22:41 - 00224088 ____A (Oracle Corporation) C:\Windows\System32\Drivers\VBoxDrv.sys

2012-08-20 16:23 - 2012-08-23 22:41 - 00130904 ____A (Oracle Corporation) C:\Windows\System32\Drivers\VBoxUSBMon.sys

2012-08-20 16:23 - 2012-08-20 16:23 - 00320856 ____A (Oracle Corporation) C:\Windows\System32\VBoxNetFltNobj.dll

2012-08-20 16:23 - 2012-08-20 16:23 - 00166232 ____A (Oracle Corporation) C:\Windows\System32\Drivers\VBoxNetFlt.sys

2012-08-20 16:23 - 2012-08-20 16:23 - 00147288 ____A (Oracle Corporation) C:\Windows\System32\Drivers\VBoxNetAdp.sys

2012-08-18 22:08 - 2012-08-18 22:10 - 00289768 ____A (Oracle Corporation) C:\Windows\System32\javaws.exe

2012-08-18 22:08 - 2012-08-18 22:09 - 00189416 ____A (Oracle Corporation) C:\Windows\System32\javaw.exe

2012-08-18 22:08 - 2012-08-18 22:09 - 00188904 ____A (Oracle Corporation) C:\Windows\System32\java.exe

2012-08-18 22:08 - 2012-08-18 22:09 - 00108008 ____A (Oracle Corporation) C:\Windows\System32\WindowsAccessBridge-64.dll

2012-08-18 22:08 - 2011-12-14 08:23 - 01034216 ____A (Oracle Corporation) C:\Windows\System32\npdeployJava1.dll

2012-08-18 22:08 - 2010-07-04 01:21 - 00916456 ____A (Oracle Corporation) C:\Windows\System32\deployJava1.dll

2012-08-18 22:03 - 2012-08-18 22:03 - 00246760 ____A (Oracle Corporation) C:\Windows\SysWOW64\javaws.exe

2012-08-18 22:03 - 2012-08-18 22:03 - 00095208 ____A (Oracle Corporation) C:\Windows\SysWOW64\WindowsAccessBridge-32.dll

2012-08-18 22:03 - 2012-08-18 21:57 - 00174056 ____A (Oracle Corporation) C:\Windows\SysWOW64\javaw.exe

2012-08-18 22:03 - 2012-08-18 21:57 - 00174056 ____A (Oracle Corporation) C:\Windows\SysWOW64\java.exe

2012-08-18 22:03 - 2011-12-14 08:17 - 00821736 ____A (Oracle Corporation) C:\Windows\SysWOW64\npdeployJava1.dll

2012-08-18 22:03 - 2010-07-04 01:16 - 00746984 ____A (Oracle Corporation) C:\Windows\SysWOW64\deployJava1.dll

2012-08-18 21:07 - 2009-07-14 05:45 - 05019384 ____A C:\Windows\System32\FNTCACHE.DAT

2012-08-18 20:51 - 2011-01-23 22:51 - 00000039 ____A C:\Windows\vbaddin.ini

2012-08-18 20:40 - 2009-09-09 00:24 - 62134624 ____A (Microsoft Corporation) C:\Windows\System32\MRT.exe

2012-08-09 00:23 - 2012-08-09 00:23 - 00000052 ____A C:\Windows\SysWOW64\setupmshc.log

2012-08-09 00:23 - 2012-08-09 00:23 - 00000022 ____A C:\Windows\SysWOW64\msxml.hec

2012-08-09 00:23 - 2012-08-09 00:23 - 00000022 ____A C:\Windows\msxml.hec

2012-08-09 00:23 - 2012-08-09 00:23 - 00000002 ____A C:\Program Files (x86)\mshexc.bmp

2012-08-08 07:10 - 2012-08-08 07:10 - 00001118 ____A C:\Users\Public\Desktop\TmNationsForever.lnk

2012-08-05 13:22 - 2012-08-05 13:22 - 00002081 ____A C:\Users\Public\Desktop\NetBeans IDE 7.2.lnk

2012-08-02 11:45 - 2011-10-16 12:28 - 00056472 ____A (iolo technologies, LLC) C:\Windows\System32\iolobtdfg.exe

2012-08-02 11:45 - 2011-10-16 12:28 - 00025072 ____A (iolo technologies, LLC) C:\Windows\System32\smrgdf.exe

2012-08-02 10:27 - 2011-12-22 21:50 - 02154576 ____A (iolo technologies, LLC) C:\Windows\System32\Incinerator64.dll

2012-08-02 10:27 - 2011-10-16 12:28 - 02096360 ____A (iolo technologies, LLC) C:\Windows\SysWOW64\Incinerator32.dll

2012-08-02 10:21 - 2012-08-23 08:19 - 00082160 ____A (Raxco Software, Inc.) C:\Windows\System32\Drivers\PDFsFilter.sys

2012-08-02 01:23 - 2012-08-28 14:01 - 00158944 ____A (Tonec Inc.) C:\Windows\System32\Drivers\idmwfp.sys

2012-08-01 20:12 - 2012-08-01 20:12 - 00000754 ____A C:\Users\Public\Desktop\The Witcher 2 Enhanced Edition.lnk

2012-07-28 05:09 - 2012-07-28 05:09 - 05538984 ____A (Advanced Micro Devices, Inc. ) C:\Windows\SysWOW64\atiumdag.dll

2012-07-28 05:07 - 2012-07-28 05:07 - 10278912 ____A (Advanced Micro Devices, Inc.) C:\Windows\System32\Drivers\atikmdag.sys

2012-07-28 04:43 - 2012-07-28 04:43 - 00070144 ____A (AMD) C:\Windows\System32\coinst_8.982.dll

2012-07-28 04:19 - 2012-07-28 04:19 - 24935424 ____A (Advanced Micro Devices, Inc.) C:\Windows\System32\atio6axx.dll

2012-07-28 03:50 - 2012-07-28 03:50 - 20546560 ____A (Advanced Micro Devices, Inc.) C:\Windows\SysWOW64\atioglxx.dll

2012-07-28 03:17 - 2012-07-28 03:17 - 00268728 ____A C:\Windows\SysWOW64\atiapfxx.blb

2012-07-28 03:17 - 2012-07-28 03:17 - 00268728 ____A C:\Windows\System32\atiapfxx.blb

2012-07-28 03:15 - 2012-07-28 03:15 - 00163840 ____A (Advanced Micro Devices, Inc.) C:\Windows\System32\atiapfxx.exe

2012-07-28 03:15 - 2012-03-09 06:16 - 00931328 ____A (Advanced Micro Devices, Inc. ) C:\Windows\SysWOW64\aticfx32.dll

2012-07-28 03:13 - 2012-03-09 06:14 - 01100288 ____A (Advanced Micro Devices, Inc. ) C:\Windows\System32\aticfx64.dll

2012-07-28 03:10 - 2012-07-28 03:10 - 00534528 ____A (AMD) C:\Windows\System32\atieclxx.exe

2012-07-28 03:10 - 2012-03-09 06:11 - 00442368 ____A (Advanced Micro Devices, Inc.) C:\Windows\System32\ATIDEMGX.dll

2012-07-28 03:09 - 2012-07-28 03:09 - 00239616 ____A (AMD) C:\Windows\System32\atiesrxx.exe

2012-07-28 03:08 - 2012-07-28 03:08 - 00120320 ____A (AMD) C:\Windows\System32\atitmm64.dll

2012-07-28 03:08 - 2012-07-28 03:08 - 00021504 ____A (AMD) C:\Windows\System32\atimuixx.dll

2012-07-28 03:07 - 2012-07-28 03:07 - 00059392 ____A (ATI Technologies, Inc.) C:\Windows\System32\atiedu64.dll

2012-07-28 03:07 - 2012-07-28 03:07 - 00043520 ____A (ATI Technologies, Inc.) C:\Windows\SysWOW64\ati2edxx.dll

2012-07-28 03:07 - 2012-03-09 06:04 - 06430208 ____A (Advanced Micro Devices, Inc. ) C:\Windows\SysWOW64\atidxx32.dll

2012-07-28 02:51 - 2012-03-09 05:45 - 07052288 ____A (Advanced Micro Devices, Inc. ) C:\Windows\System32\atidxx64.dll

2012-07-28 02:41 - 2012-03-09 05:35 - 04266496 ____A (Advanced Micro Devices, Inc. ) C:\Windows\System32\atiumd6a.dll

2012-07-28 02:39 - 2012-07-28 02:39 - 03150560 ____A C:\Windows\System32\atiumd6a.cap

2012-07-28 02:35 - 2012-07-28 02:35 - 00051200 ____A (Advanced Micro Devices Inc.) C:\Windows\System32\aticalrt64.dll

2012-07-28 02:35 - 2012-07-28 02:35 - 00046080 ____A (Advanced Micro Devices Inc.) C:\Windows\SysWOW64\aticalrt.dll

2012-07-28 02:35 - 2012-07-28 02:35 - 00044544 ____A (Advanced Micro Devices Inc.) C:\Windows\System32\aticalcl64.dll

2012-07-28 02:35 - 2012-07-28 02:35 - 00044032 ____A (Advanced Micro Devices Inc.) C:\Windows\SysWOW64\aticalcl.dll

2012-07-28 02:34 - 2012-07-28 02:34 - 16034304 ____A (Advanced Micro Devices Inc.) C:\Windows\System32\aticaldd64.dll

2012-07-28 02:32 - 2012-07-28 02:32 - 04751872 ____A (Advanced Micro Devices, Inc. ) C:\Windows\SysWOW64\atiumdva.dll

2012-07-28 02:30 - 2012-07-28 02:30 - 13605888 ____A (Advanced Micro Devices Inc.) C:\Windows\SysWOW64\aticaldd.dll

2012-07-28 02:30 - 2012-07-28 02:30 - 03187136 ____A C:\Windows\SysWOW64\atiumdva.cap

2012-07-28 02:25 - 2012-03-09 05:11 - 06676480 ____A (Advanced Micro Devices, Inc. ) C:\Windows\System32\atiumd64.dll

2012-07-28 02:15 - 2012-07-28 02:15 - 00368640 ____A (Advanced Micro Devices, Inc.) C:\Windows\SysWOW64\atiadlxy.dll

2012-07-28 02:15 - 2012-07-28 02:15 - 00041984 ____A (Advanced Micro Devices, Inc. ) C:\Windows\System32\atig6txx.dll

2012-07-28 02:15 - 2012-07-28 02:15 - 00017920 ____A (Advanced Micro Devices, Inc. ) C:\Windows\System32\atig6pxx.dll

2012-07-28 02:15 - 2012-07-28 02:15 - 00014848 ____A (Advanced Micro Devices, Inc. ) C:\Windows\SysWOW64\atiglpxx.dll

2012-07-28 02:15 - 2012-07-28 02:15 - 00014848 ____A (Advanced Micro Devices, Inc. ) C:\Windows\System32\atiglpxx.dll

2012-07-28 02:15 - 2012-03-09 04:58 - 00540160 ____A (Advanced Micro Devices, Inc.) C:\Windows\System32\atiadlxx.dll

2012-07-28 02:14 - 2012-07-28 02:14 - 00368640 ____A (Advanced Micro Devices, Inc.) C:\Windows\System32\Drivers\atikmpag.sys

2012-07-28 02:14 - 2012-07-28 02:14 - 00033280 ____A (Advanced Micro Devices, Inc. ) C:\Windows\SysWOW64\atigktxx.dll

2012-07-28 02:13 - 2012-07-28 02:13 - 00083456 ____A (Advanced Micro Devices, Inc. ) C:\Windows\SysWOW64\atiu9pag.dll

2012-07-28 02:13 - 2012-03-09 04:57 - 00129536 ____A (Advanced Micro Devices, Inc. ) C:\Windows\System32\atiuxp64.dll

2012-07-28 02:13 - 2012-03-09 04:56 - 00109568 ____A (Advanced Micro Devices, Inc. ) C:\Windows\SysWOW64\atiuxpag.dll

2012-07-28 02:13 - 2012-03-09 04:56 - 00103936 ____A (Advanced Micro Devices, Inc. ) C:\Windows\System32\atiu9p64.dll

2012-07-28 02:12 - 2012-07-28 02:12 - 00053248 ____A (Advanced Micro Devices, Inc.) C:\Windows\System32\Drivers\ati2erec.dll

2012-07-28 02:09 - 2012-07-28 02:09 - 00057792 ____A (Microsoft Corporation) C:\Windows\SysWOW64\sirenacm.dll

2012-07-28 02:08 - 2012-07-28 02:08 - 00056832 ____A (Advanced Micro Devices, Inc. ) C:\Windows\SysWOW64\atimpc32.dll

2012-07-28 02:08 - 2012-07-28 02:08 - 00056832 ____A (Advanced Micro Devices, Inc. ) C:\Windows\SysWOW64\amdpcom32.dll

2012-07-28 02:08 - 2012-07-28 02:08 - 00056320 ____A (Advanced Micro Devices, Inc. ) C:\Windows\System32\atimpc64.dll

2012-07-28 02:08 - 2012-07-28 02:08 - 00056320 ____A (Advanced Micro Devices, Inc. ) C:\Windows\System32\amdpcom64.dll

2012-07-28 01:54 - 2012-07-28 01:54 - 00321472 ____A (Microsoft Corporation) C:\Windows\WLXPGSS.SCR

2012-07-28 00:07 - 2012-08-22 21:38 - 00000221 ____A C:\Windows\w32dasm8.ini

2012-07-27 23:14 - 2011-04-16 12:04 - 00001907 ____A C:\Users\Public\Desktop\Blender.lnk

2012-07-27 21:47 - 2012-07-27 21:47 - 00187392 ____A C:\Windows\System32\clinfo.exe

2012-07-27 21:47 - 2012-07-27 21:47 - 00075776 ____A (Advanced Micro Devices Inc.) C:\Windows\System32\OpenVideo64.dll

2012-07-27 21:47 - 2012-07-27 21:47 - 00065024 ____A (Advanced Micro Devices Inc.) C:\Windows\SysWOW64\OpenVideo.dll

2012-07-27 21:47 - 2012-07-27 21:47 - 00063488 ____A (Advanced Micro Devices Inc.) C:\Windows\System32\OVDecode64.dll

2012-07-27 21:47 - 2012-07-27 21:47 - 00056320 ____A (Advanced Micro Devices Inc.) C:\Windows\SysWOW64\OVDecode.dll

2012-07-27 21:46 - 2012-07-27 21:46 - 16464896 ____A (Advanced Micro Devices Inc.) C:\Windows\System32\amdocl64.dll

2012-07-27 21:46 - 2012-07-27 21:46 - 13013504 ____A (Advanced Micro Devices Inc.) C:\Windows\SysWOW64\amdocl.dll

2012-07-26 18:08 - 2012-07-26 18:08 - 00862664 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msvcr110.dll

2012-07-26 18:08 - 2012-07-26 18:08 - 00534480 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msvcp110.dll

2012-07-26 18:08 - 2012-07-26 18:08 - 00251864 ____A (Microsoft Corporation) C:\Windows\SysWOW64\vccorlib110.dll

2012-07-26 18:08 - 2012-07-26 18:08 - 00153536 ____A (Microsoft Corporation) C:\Windows\SysWOW64\atl110.dll

2012-07-26 18:08 - 2012-07-26 18:08 - 00115656 ____A (Microsoft Corporation) C:\Windows\SysWOW64\vcomp110.dll

2012-07-26 14:22 - 2012-07-26 14:22 - 00828872 ____A (Microsoft Corporation) C:\Windows\System32\msvcr110.dll

2012-07-26 14:22 - 2012-07-26 14:22 - 00661448 ____A (Microsoft Corporation) C:\Windows\System32\msvcp110.dll

2012-07-26 14:22 - 2012-07-26 14:22 - 00354264 ____A (Microsoft Corporation) C:\Windows\System32\vccorlib110.dll

2012-07-26 14:22 - 2012-07-26 14:22 - 00177096 ____A (Microsoft Corporation) C:\Windows\System32\atl110.dll

2012-07-26 14:22 - 2012-07-26 14:22 - 00124360 ____A (Microsoft Corporation) C:\Windows\System32\vcomp110.dll

2012-07-22 09:18 - 2011-02-20 09:52 - 00124032 ____A C:\Windows\System32\GDIPFONTCACHEV1.DAT

2012-07-22 09:17 - 2012-02-15 08:14 - 00124032 ____A C:\Windows\SysWOW64\GDIPFONTCACHEV1.DAT

2012-07-22 09:17 - 2009-08-19 13:15 - 00124032 ____A C:\Users\Jean-Christophe\AppData\Local\GDIPFONTCACHEV1.DAT

2012-07-20 19:00 - 2012-07-17 22:22 - 00127488 ____A C:\Windows\System32\ff_vfw.dll

2012-07-20 19:00 - 2012-07-17 22:18 - 00112640 ____A C:\Windows\SysWOW64\ff_vfw.dll

2012-07-18 19:15 - 2012-08-18 20:33 - 03148800 ____A (Microsoft Corporation) C:\Windows\System32\win32k.sys

2012-07-17 14:14 - 2012-07-17 14:14 - 00253184 ____A (Microsoft Corp.) C:\Windows\System32\LIVESSP.DLL

2012-07-17 13:49 - 2012-07-17 13:49 - 00209648 ____A (Microsoft Corp.) C:\Windows\SysWOW64\LIVESSP.DLL

2012-07-17 11:49 - 2012-07-17 11:49 - 00000218 ____A C:\Users\Jean-Christophe\.recently-used.xbel

2012-07-16 10:33 - 2012-07-16 10:33 - 00038557 ____A C:\Windows\atiogl.xml

2012-07-09 20:46 - 2012-07-09 20:46 - 00004192 ____A C:\Users\Jean-Christophe\AppData\Local\recently-used.xbel

2012-07-07 11:52 - 2009-12-27 23:16 - 00298016 ____A C:\Windows\SysWOW64\PnkBstrB.xtr

2012-07-07 11:52 - 2009-02-22 16:11 - 00298016 ____A C:\Windows\SysWOW64\PnkBstrB.exe

2012-07-05 23:54 - 2009-02-22 16:11 - 00076888 ____A C:\Windows\SysWOW64\PnkBstrA.exe

2012-07-05 23:53 - 2009-02-22 16:11 - 00298016 ____A C:\Windows\SysWOW64\PnkBstrB.ex0

2012-07-05 23:39 - 2012-07-05 23:40 - 03130440 ____A C:\Windows\SysWOW64\pbsvc_blr.exe

2012-07-05 20:51 - 2012-07-05 20:51 - 00000001 ____A C:\Windows\SysWOW64\SI.bin

2012-07-05 12:02 - 2012-07-09 21:09 - 00095744 ____A (pdfforge GbR) C:\Windows\System32\pdfcmon.dll

2012-07-04 23:16 - 2012-08-18 20:33 - 00073216 ____A (Microsoft Corporation) C:\Windows\System32\netapi32.dll

2012-07-04 23:13 - 2012-08-18 20:33 - 00136704 ____A (Microsoft Corporation) C:\Windows\System32\browser.dll

2012-07-04 23:13 - 2012-08-18 20:33 - 00059392 ____A (Microsoft Corporation) C:\Windows\System32\browcli.dll

2012-07-04 22:16 - 2012-08-18 20:33 - 00057344 ____A (Microsoft Corporation) C:\Windows\SysWOW64\netapi32.dll

2012-07-04 22:14 - 2012-08-18 20:33 - 00041984 ____A (Microsoft Corporation) C:\Windows\SysWOW64\browcli.dll

2012-07-03 12:46 - 2009-05-27 16:22 - 00024904 ____A (Malwarebytes Corporation) C:\Windows\System32\Drivers\mbam.sys

2012-07-01 23:15 - 2012-07-17 22:18 - 04102656 ____A (x264vfw project) C:\Windows\SysWOW64\x264vfw.dll

2012-07-01 10:04 - 2010-11-14 16:53 - 00001080 ____A C:\Users\Public\Desktop\GlassFish ESB v2.2.lnk

2012-06-29 05:55 - 2012-08-18 20:52 - 17809920 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.dll

2012-06-29 05:09 - 2012-08-18 20:52 - 10925568 ____A (Microsoft Corporation) C:\Windows\System32\ieframe.dll

2012-06-29 04:56 - 2012-08-18 20:52 - 02312704 ____A (Microsoft Corporation) C:\Windows\System32\jscript9.dll

2012-06-29 04:49 - 2012-08-18 20:52 - 01392128 ____A (Microsoft Corporation) C:\Windows\System32\wininet.dll

2012-06-29 04:49 - 2012-08-18 20:52 - 01346048 ____A (Microsoft Corporation) C:\Windows\System32\urlmon.dll

2012-06-29 04:48 - 2012-08-18 20:52 - 01494528 ____A (Microsoft Corporation) C:\Windows\System32\inetcpl.cpl

2012-06-29 04:47 - 2012-08-18 20:52 - 00237056 ____A (Microsoft Corporation) C:\Windows\System32\url.dll

2012-06-29 04:45 - 2012-08-18 20:52 - 00085504 ____A (Microsoft Corporation) C:\Windows\System32\jsproxy.dll

2012-06-29 04:44 - 2012-08-18 20:52 - 00816640 ____A (Microsoft Corporation) C:\Windows\System32\jscript.dll

2012-06-29 04:43 - 2012-08-18 20:52 - 00173056 ____A (Microsoft Corporation) C:\Windows\System32\ieUnatt.exe

2012-06-29 04:42 - 2012-08-18 20:52 - 02144768 ____A (Microsoft Corporation) C:\Windows\System32\iertutil.dll

2012-06-29 04:40 - 2012-08-18 20:52 - 00096768 ____A (Microsoft Corporation) C:\Windows\System32\mshtmled.dll

2012-06-29 04:39 - 2012-08-18 20:52 - 02382848 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.tlb

2012-06-29 04:35 - 2012-08-18 20:52 - 00248320 ____A (Microsoft Corporation) C:\Windows\System32\ieui.dll

2012-06-29 01:52 - 2012-08-18 20:52 - 12317184 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll

2012-06-29 01:27 - 2012-08-18 20:52 - 09737728 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll

2012-06-29 01:16 - 2012-08-18 20:52 - 01800704 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll

2012-06-29 01:09 - 2012-08-18 20:52 - 01129472 ____A (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll

2012-06-29 01:09 - 2012-08-18 20:52 - 01103872 ____A (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll

2012-06-29 01:08 - 2012-08-18 20:52 - 01427968 ____A (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl

2012-06-29 01:07 - 2012-08-18 20:52 - 00231936 ____A (Microsoft Corporation) C:\Windows\SysWOW64\url.dll

2012-06-29 01:06 - 2012-08-18 20:52 - 00065024 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll

2012-06-29 01:04 - 2012-08-18 20:52 - 00717824 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll

2012-06-29 01:04 - 2012-08-18 20:52 - 00142848 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe

2012-06-29 01:01 - 2012-08-18 20:52 - 01793024 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll

2012-06-29 01:01 - 2012-08-18 20:52 - 00073216 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll

2012-06-29 01:00 - 2012-08-18 20:52 - 02382848 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb

2012-06-29 00:57 - 2012-08-18 20:52 - 00176640 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll

2012-06-26 08:02 - 2011-12-23 20:58 - 00045320 ____A (MARKANY) C:\Windows\SysWOW64\MAMACExtract.dll

2012-06-20 21:28 - 2012-06-20 19:31 - 00002257 ____A C:\Users\Public\Desktop\Jouer en ligne à Battlefield 2142.lnk

2012-06-20 21:28 - 2012-06-20 19:31 - 00002235 ____A C:\Users\Public\Desktop\Battlefield 2142.lnk

2012-06-20 19:31 - 2012-06-20 19:31 - 00000805 ____A C:\Windows\DXError.log

2012-06-20 19:19 - 2012-06-20 19:19 - 00000530 ____A C:\Windows\KB893803v2.log

2012-06-20 18:32 - 2012-06-20 18:32 - 00204288 ____A C:\Windows\System32\lua5.1a.dll

2012-06-20 18:32 - 2012-06-20 18:32 - 00039424 ____A (UltraDefrag Development Team) C:\Windows\System32\udefrag.exe

2012-06-20 18:32 - 2012-06-20 18:32 - 00031232 ____A (UltraDefrag Development Team) C:\Windows\System32\wgx.dll

2012-06-20 18:32 - 2012-06-20 18:32 - 00012800 ____A (UltraDefrag Development Team) C:\Windows\System32\bootexctrl.exe

2012-06-20 18:32 - 2012-06-20 18:32 - 00007168 ____A (UltraDefrag Development Team) C:\Windows\System32\hibernate4win.exe

2012-06-20 18:31 - 2012-06-20 18:31 - 00168448 ____A (UltraDefrag Development Team) C:\Windows\System32\defrag_native.exe

2012-06-20 18:31 - 2012-06-20 18:31 - 00099328 ____A (UltraDefrag Development Team) C:\Windows\System32\zenwinx.dll

2012-06-20 18:31 - 2012-06-20 18:31 - 00062464 ____A (UltraDefrag Development Team) C:\Windows\System32\udefrag.dll

2012-06-19 15:54 - 2012-07-05 18:55 - 04065296 ____A (Realtek Semiconductor Corp.) C:\Windows\System32\Drivers\RTKVHD64.sys

2012-06-19 12:31 - 2012-07-05 18:54 - 00293889 ____A C:\Windows\System32\Drivers\RTAIODAT.DAT

2012-06-14 22:36 - 2010-08-10 21:32 - 00000961 ____A C:\Users\Public\Desktop\mIRC.lnk

2012-06-09 18:21 - 2012-07-17 22:22 - 00206336 ____A C:\Windows\System32\unrar.dll

2012-06-09 18:21 - 2009-08-16 09:08 - 00178688 ____A C:\Windows\SysWOW64\unrar.dll

2012-06-09 06:43 - 2012-07-11 07:00 - 14172672 ____A (Microsoft Corporation) C:\Windows\System32\shell32.dll

2012-06-09 05:41 - 2012-07-11 07:00 - 12873728 ____A (Microsoft Corporation) C:\Windows\SysWOW64\shell32.dll

2012-06-08 15:23 - 2012-07-05 18:54 - 00083072 ____A (Creative Technology Ltd.) C:\Windows\System32\MBWrp64.dll

2012-06-08 15:21 - 2012-07-05 18:54 - 00897152 ____A (Creative Technology Ltd.) C:\Windows\System32\MBAPO64.dll

2012-06-08 15:21 - 2012-07-05 18:54 - 00753280 ____A (Creative Technology Ltd.) C:\Windows\SysWOW64\MBAPO32.dll

2012-06-08 15:18 - 2012-07-05 18:55 - 03615888 ____A (Realtek Semiconductor Corp.) C:\Windows\System32\RtkAPO64.dll

2012-06-06 19:59 - 2012-06-06 19:59 - 01070152 ____A (Microsoft Corporation) C:\Windows\SysWOW64\MSCOMCTL.OCX

2012-06-06 09:44 - 2012-07-05 18:55 - 00869520 ____A (Realtek Semiconductor Corp.) C:\Windows\System32\RtkApi64.dll

2012-06-06 07:06 - 2012-07-11 07:00 - 02004480 ____A (Microsoft Corporation) C:\Windows\System32\msxml6.dll

2012-06-06 07:06 - 2012-07-11 07:00 - 01881600 ____A (Microsoft Corporation) C:\Windows\System32\msxml3.dll

2012-06-06 07:02 - 2012-07-11 07:00 - 01133568 ____A (Microsoft Corporation) C:\Windows\System32\cdosys.dll

2012-06-06 06:05 - 2012-07-11 07:00 - 01390080 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msxml6.dll

2012-06-06 06:05 - 2012-07-11 07:00 - 01236992 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msxml3.dll

2012-06-06 06:03 - 2012-07-11 07:00 - 00805376 ____A (Microsoft Corporation) C:\Windows\SysWOW64\cdosys.dll

2012-06-02 23:19 - 2012-06-22 06:37 - 02428952 ____A (Microsoft Corporation) C:\Windows\System32\wuaueng.dll

2012-06-02 23:19 - 2012-06-22 06:37 - 00701976 ____A (Microsoft Corporation) C:\Windows\System32\wuapi.dll

2012-06-02 23:19 - 2012-06-22 06:37 - 00057880 ____A (Microsoft Corporation) C:\Windows\System32\wuauclt.exe

2012-06-02 23:19 - 2012-06-22 06:37 - 00044056 ____A (Microsoft Corporation) C:\Windows\System32\wups2.dll

2012-06-02 23:19 - 2012-06-22 06:37 - 00038424 ____A (Microsoft Corporation) C:\Windows\System32\wups.dll

2012-06-02 23:15 - 2012-06-22 06:37 - 02622464 ____A (Microsoft Corporation) C:\Windows\System32\wucltux.dll

2012-06-02 23:15 - 2012-06-22 06:37 - 00099840 ____A (Microsoft Corporation) C:\Windows\System32\wudriver.dll

2012-06-02 14:19 - 2012-06-22 06:37 - 00186752 ____A (Microsoft Corporation) C:\Windows\System32\wuwebv.dll

2012-06-02 14:15 - 2012-06-22 06:37 - 00036864 ____A (Microsoft Corporation) C:\Windows\System32\wuapp.exe

2012-06-02 06:50 - 2012-07-11 07:00 - 00458704 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\cng.sys

2012-06-02 06:48 - 2012-07-11 07:00 - 00151920 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\ksecpkg.sys

2012-06-02 06:48 - 2012-07-11 07:00 - 00095600 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\ksecdd.sys

2012-06-02 06:45 - 2012-07-11 07:00 - 00340992 ____A (Microsoft Corporation) C:\Windows\System32\schannel.dll

2012-06-02 06:44 - 2012-07-11 07:00 - 00307200 ____A (Microsoft Corporation) C:\Windows\System32\ncrypt.dll

2012-06-02 05:40 - 2012-07-11 07:00 - 00225280 ____A (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll

2012-06-02 05:40 - 2012-07-11 07:00 - 00022016 ____A (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll

2012-06-02 05:39 - 2012-07-11 07:00 - 00219136 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ncrypt.dll

2012-06-02 05:34 - 2012-07-11 07:00 - 00096768 ____A (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll



==================== Known DLLs (Whitelisted) =================





==================== Bamital & volsnap Check =================



C:\Windows\System32\winlogon.exe => MD5 is legit

C:\Windows\System32\wininit.exe => MD5 is legit

C:\Windows\SysWOW64\wininit.exe => MD5 is legit

C:\Windows\explorer.exe => MD5 is legit

C:\Windows\SysWOW64\explorer.exe => MD5 is legit

C:\Windows\System32\svchost.exe => MD5 is legit

C:\Windows\SysWOW64\svchost.exe => MD5 is legit

C:\Windows\System32\services.exe => MD5 is legit

C:\Windows\System32\User32.dll => MD5 is legit

C:\Windows\SysWOW64\User32.dll => MD5 is legit

C:\Windows\System32\userinit.exe => MD5 is legit

C:\Windows\SysWOW64\userinit.exe => MD5 is legit

C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit



==================== EXE ASSOCIATION =====================



HKLM\...\.exe: exefile => OK

HKLM\...\exefile\DefaultIcon: %1 => OK

HKLM\...\exefile\open\command: "%1" %* => OK



==================== Restore Points  =========================



Restore point made on: 2012-08-28 08:47:55

Restore point made on: 2012-08-30 07:30:35

Restore point made on: 2012-08-30 19:26:01

Restore point made on: 2012-08-30 19:34:23



==================== Memory info =========================== 



Percentage of memory in use: 21%

Total physical RAM: 4094.3 MB

Available physical RAM: 3207.86 MB

Total Pagefile: 4092.5 MB

Available Pagefile: 3278.51 MB

Total Virtual: 8192 MB

Available Virtual: 8191.9 MB



==================== Partitions ============================



2 Drive c: (SYSTEM) (Fixed) (Total:931.51 GB) (Free:22.16 GB) NTFS ==>[Drive with boot components (obtained from BCD)]

3 Drive d: (DATA) (Fixed) (Total:1863.01 GB) (Free:776.97 GB) NTFS

4 Drive e: (GRMCPRXFRER_FR_DVD) (CDROM) (Total:3.03 GB) (Free:0 GB) UDF

5 Drive f: (CLEF USB) (Removable) (Total:0.95 GB) (Free:0.15 GB) FAT

10 Drive x: (Boot) (Fixed) (Total:0.03 GB) (Free:0.03 GB) NTFS



  Nø disque  Statut         Taille   Libre    Dyn  GPT

  ---------  -------------  -------  -------  ---  ---

  Disque 0    En ligne        931 G octets  1024 K octets         

  Disque 1    En ligne       1863 G octets      0 octets         

  Disque 2    En ligne        977 M octets      0 octets         

  Disque 3    Aucun m‚dia        0 octets      0 octets         

  Disque 4    Aucun m‚dia        0 octets      0 octets         

  Disque 5    Aucun m‚dia        0 octets      0 octets         

  Disque 6    Aucun m‚dia        0 octets      0 octets         



Partitions of Disk 0:

===============



  Nø partition   Type              Taille   D‚calage

  -------------  ----------------  -------  --------

  Partition 1    Principale         931 G    1024 K 



==================================================================================



Disk: 0

Partition 1

Type   : 07

Masqu‚ : Non

Active : Oui

D‚calage en octets : 1048576



  Nø volume   Ltr  Nom          Fs     Type        Taille   Statut     Info

  ----------  ---  -----------  -----  ----------  -------  ---------  --------

* Volume 1     C   SYSTEM       NTFS   Partition    931 G   Sain               



==================================================================================



Partitions of Disk 1:

===============



  Nø partition   Type              Taille   D‚calage

  -------------  ----------------  -------  --------

  Partition 1    Principale        1863 G    1024 K 



==================================================================================



Disk: 1

Partition 1

Type   : 07

Masqu‚ : Non

Active : Non

D‚calage en octets : 1048576



  Nø volume   Ltr  Nom          Fs     Type        Taille   Statut     Info

  ----------  ---  -----------  -----  ----------  -------  ---------  --------

* Volume 2     D   DATA         NTFS   Partition   1863 G   Sain               



==================================================================================



Partitions of Disk 2:

===============



  Nø partition   Type              Taille   D‚calage

  -------------  ----------------  -------  --------

  Partition 1    Principale         977 M      16 K 



==================================================================================



Disk: 2

Partition 1

Type   : 06

Masqu‚ : Non

Active : Non

D‚calage en octets : 16384



  Nø volume   Ltr  Nom          Fs     Type        Taille   Statut     Info

  ----------  ---  -----------  -----  ----------  -------  ---------  --------

* Volume 3     F   CLEF USB     FAT    Amovible     977 M   Sain               



==================================================================================



Last Boot: 2012-08-28 08:40



==================== End Of Log =============================


#6 Farbar

Farbar

    Just Curious


  • Security Developer
  • 21,730 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:The Netherlands
  • Local time:09:41 AM

Posted 30 August 2012 - 03:33 PM

Seems the system is gone through many changes after running ComboFix. I was looking for the options available to restore the system back to prior to running ComboFix. It seems the system restore points are all made after running ComboFix. The registry backup made by the system is also a recent one. I don't see the folder ComboFix makes too. I hope you have run ComboFix just once. Please attach the following log: C:\ComboFix.txt

#7 Farbar

Farbar

    Just Curious


  • Security Developer
  • 21,730 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:The Netherlands
  • Local time:09:41 AM

Posted 05 September 2012 - 04:53 PM

This thread will now be closed due to lack of activity.

If you need this topic reopened, please send me a Private Message within two days and I will reopen it for you.

If you should have a new issue, please start a new topic.

Every one else should start a new topic.

#8 Troudhyl

Troudhyl
  • Topic Starter

  • Members
  • 15 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:France
  • Local time:10:41 AM

Posted 06 September 2012 - 01:46 AM

Hello,

Thanks to have reopened the topic, I didn't remember to have had a notification for your previous answer... :(

Yes, Combofix seems to have corrupted or removed my previous system restore points (sure that I had several before).

I read that Combofix disable connection before running. The run crashed after reboot (maybe because of 100% CPU/RAM - in fact this problem came at the beginning of Combofix, probably when it tried to disable my connection). So I thought that it crashed before restoring my connection, and after saving the Qoobox folder (thinking the report was here too), I relaunched Combofix, hoping it will run without crashing and finish to restore the connection, thanks to the old Qoobox folder... That's why I need help, I lost my previous Combofix.txt (one service was disabled or stopped by Combofix, I remember), and I didn't success to restore it with Recuva.

I also tried to register tcpip.reg without success. Can the Qoobox folder help ?

Edited by Troudhyl, 06 September 2012 - 01:46 AM.


#9 Farbar

Farbar

    Just Curious


  • Security Developer
  • 21,730 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:The Netherlands
  • Local time:09:41 AM

Posted 06 September 2012 - 05:05 AM

I see the combofix.txt file on the log you have posted for me before. So please go to start => Computer => open C drive, there is a combofix.txt file there. Please attach it to your reply.

#10 Troudhyl

Troudhyl
  • Topic Starter

  • Members
  • 15 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:France
  • Local time:10:41 AM

Posted 06 September 2012 - 05:53 AM

Yes, it is the 2nd run one which overwrited the 1st run one.

Attached Files



#11 Farbar

Farbar

    Just Curious


  • Security Developer
  • 21,730 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:The Netherlands
  • Local time:09:41 AM

Posted 06 September 2012 - 07:12 AM

ComboFix is run 3 times. Each time the earlier backups are overwritten. Unfortunately there is no way to restore the system to ComboFix made before you run it the first time.

and after saving the Qoobox folder (thinking the report was here too), I relaunched Combofix, hoping it will run without crashing and finish to restore the connection, thanks to the old Qoobox folder... That's why I need help,

Please tell me where the old Qoobox is and if you have removed the new Qoobox.

#12 Troudhyl

Troudhyl
  • Topic Starter

  • Members
  • 15 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:France
  • Local time:10:41 AM

Posted 06 September 2012 - 07:31 AM

The 3rd time I killed it before it begins to analyze... In fact an other expert asked me to drag&drop a CFScript.txt file to restore false positives (you know what I'm talking about) but instead of launching the script, it runs ComboFix so I killed it quickly. What a shame to not be allowed to cancel ComboFix execution after the first warnings (about antivirus or whatever).

I keep the first Qoobox folder in my big "DHCP problem" directory ^^ The second one was deleted with ComboFix uninstallation (I thought it was useless).

I personally think there is no way to see what was my configuration before my first ComboFix run, and without knowing what exactly are the modifications made by ComboFix at the beginning (only developers know that ?), it should be difficult to find my problem...

#13 Farbar

Farbar

    Just Curious


  • Security Developer
  • 21,730 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:The Netherlands
  • Local time:09:41 AM

Posted 06 September 2012 - 07:47 AM

Now I know why the restore points are removed. They removed when you uninsulled ComBoFix. So running it without supervision, running it again and after that uninstalling it all were wrong actions.

However I want to see if there is something we can do. So pleas follow the steps carefully as it is written.

  • First put the Qoobox on the root of C drive where the CombiFix.txt is located. It should not be renamed to anything else than Qoobox. In the following fix I would try to take a look at its content.
  • Please download Attached File  fixlist.txt   81bytes   4 downloads
    Save it to your flash drive where FRST64 is located.
    You don't need to boot to recovery environment for this.
    Run FRST64 in normal mode and press the Fix button just once and wait.
    The tool will make a log on the flashdrive (Fixlog.txt) please attach it to your reply.


#14 Troudhyl

Troudhyl
  • Topic Starter

  • Members
  • 15 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:France
  • Local time:10:41 AM

Posted 06 September 2012 - 01:46 PM

Thank's for your efforts, I appreciate :) I usually can solve all problems myself but this one is quite hard because of my wrong actions as you say.

I didn't notice the RegBackup folder, maybe a new hope !
Floder => Folder in fixlist.txt (right?)

"Le fichier sp‚cifi‚ est introuvable." (FR) = "Unable to find the specified file." (EN)

Attached Files


Edited by Troudhyl, 06 September 2012 - 01:49 PM.


#15 Farbar

Farbar

    Just Curious


  • Security Developer
  • 21,730 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:The Netherlands
  • Local time:09:41 AM

Posted 06 September 2012 - 04:47 PM

Floder => Folder in fixlist.txt (right?)

Yes, good thinking. :thumbup2:

But unfortunately there is no hope. The registry backups are made on 25 when you ran tweaking.com application.

So there is no chance to restore the registry.

I understand you have no internet connection issue but one of your problems is that DHCP takes high CPU?

Please download Farbar Service Scanner and run it on the computer with the issue.
  • Check all the boxes.
  • Press "Scan".
  • It will create a log (FSS.txt) in the same directory the tool is run.
  • Please copy and paste the log to your reply.

Edited by Farbar, 06 September 2012 - 04:47 PM.
Typo





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users