Rapport hijack this
Dulo23
Messages postés
4
Statut
Membre
-
Utilisateur anonyme -
Utilisateur anonyme -
Bonjour,
info.txt logfile of random's system information tool 1.08 2011-05-09 18:01:32
======Uninstall list======
Adobe Flash Player 10 ActiveX-->C:\Windows\system32\Macromed\Flash\FlashUtil10p_ActiveX.exe -maintain activex
Apple Application Support-->MsiExec.exe /I{2DC94AFD-A6E2-4AB4-9132-4A3F8E07B386}
Apple Mobile Device Support-->MsiExec.exe /I{CACAEB5F-174D-4C7C-AC56-A33289A807CA}
Apple Software Update-->MsiExec.exe /I{C41300B9-185D-475E-BFEC-39EF732F19B1}
Atheros for Acer Driver v7.2.0.208_Foxconn Installation Program-->C:\Program Files\InstallShield Installation Information\{28006915-2739-4EBE-B5E8-49B25D32EB33}\setup.exe -runfromtemp -l0x0009 -removeonly
Bonjour-->MsiExec.exe /X{2A981294-F14C-4F0F-9627-D793270922F8}
Intel(R) Graphics Media Accelerator Driver-->C:\Windows\system32\igxpun.exe -uninstall
Intel(R) TV Wizard-->C:\Windows\system32\TVWizudlg.exe -uninstall
iTunes-->MsiExec.exe /I{2A697B53-0DE3-42DA-B41D-C3F804B1C538}
Microsoft Antimalware Service FR-FR Language Pack-->MsiExec.exe /X{0450B7B0-AC71-44A4-AB40-4DD678DF3A8C}
Microsoft Antimalware Service FR-FR Language Pack-->MsiExec.exe /X{A4526B5A-89C0-4F4B-9E6E-4F883374D5F9}
Microsoft Antimalware-->MsiExec.exe /X{774088D4-0777-4D78-904D-E435B318F5D2}
Microsoft Office Access MUI (English) 2007-->MsiExec.exe /X{90120000-0015-0409-0000-0000000FF1CE}
Microsoft Office Access Setup Metadata MUI (English) 2007-->MsiExec.exe /X{90120000-0117-0409-0000-0000000FF1CE}
Microsoft Office Enterprise 2007-->"C:\Program Files\Common Files\Microsoft Shared\OFFICE12\Office Setup Controller\setup.exe" /uninstall ENTERPRISE /dll OSETUP.DLL
Microsoft Office Enterprise 2007-->MsiExec.exe /X{90120000-0030-0000-0000-0000000FF1CE}
Microsoft Office Excel MUI (English) 2007-->MsiExec.exe /X{90120000-0016-0409-0000-0000000FF1CE}
Microsoft Office Groove MUI (English) 2007-->MsiExec.exe /X{90120000-00BA-0409-0000-0000000FF1CE}
Microsoft Office Groove Setup Metadata MUI (English) 2007-->MsiExec.exe /X{90120000-0114-0409-0000-0000000FF1CE}
Microsoft Office InfoPath MUI (English) 2007-->MsiExec.exe /X{90120000-0044-0409-0000-0000000FF1CE}
Microsoft Office OneNote MUI (English) 2007-->MsiExec.exe /X{90120000-00A1-0409-0000-0000000FF1CE}
Microsoft Office Outlook MUI (English) 2007-->MsiExec.exe /X{90120000-001A-0409-0000-0000000FF1CE}
Microsoft Office PowerPoint MUI (English) 2007-->MsiExec.exe /X{90120000-0018-0409-0000-0000000FF1CE}
Microsoft Office Proof (English) 2007-->MsiExec.exe /X{90120000-001F-0409-0000-0000000FF1CE}
Microsoft Office Proof (French) 2007-->MsiExec.exe /X{90120000-001F-040C-0000-0000000FF1CE}
Microsoft Office Proof (Spanish) 2007-->MsiExec.exe /X{90120000-001F-0C0A-0000-0000000FF1CE}
Microsoft Office Proofing (English) 2007-->MsiExec.exe /X{90120000-002C-0409-0000-0000000FF1CE}
Microsoft Office Publisher MUI (English) 2007-->MsiExec.exe /X{90120000-0019-0409-0000-0000000FF1CE}
Microsoft Office Shared MUI (English) 2007-->MsiExec.exe /X{90120000-006E-0409-0000-0000000FF1CE}
Microsoft Office Shared Setup Metadata MUI (English) 2007-->MsiExec.exe /X{90120000-0115-0409-0000-0000000FF1CE}
Microsoft Office Word MUI (English) 2007-->MsiExec.exe /X{90120000-001B-0409-0000-0000000FF1CE}
Microsoft Security Client FR-FR Language Pack-->MsiExec.exe /I{859B9BCA-5376-4566-9F88-C6C9DAA7A925}
Microsoft Security Client-->MsiExec.exe /I{77A776C4-D10F-416D-88F0-53F2D9DCD9B3}
Microsoft Security Essentials-->C:\Program Files\Microsoft Security Client\Setup.exe /x
QuickTime-->MsiExec.exe /I{57752979-A1C9-4C02-856B-FBB27AC4E02C}
======Security center information======
AS: Windows Defender
======System event log======
Computer Name: Instructor-PC
Event Code: 4374
Message: Windows Servicing identified that package KB974571(Security Update) is not applicable for this system
Record Number: 2088
Source Name: Microsoft-Windows-Servicing
Time Written: 20110510010041.000000-000
Event Type: Warning
User: NT AUTHORITY\SYSTEM
Computer Name: Instructor-PC
Event Code: 4374
Message: Windows Servicing identified that package KB974571(Security Update) is not applicable for this system
Record Number: 2089
Source Name: Microsoft-Windows-Servicing
Time Written: 20110510010041.000000-000
Event Type: Warning
User: NT AUTHORITY\SYSTEM
Computer Name: Instructor-PC
Event Code: 4374
Message: Windows Servicing identified that package KB974571(Security Update) is not applicable for this system
Record Number: 2090
Source Name: Microsoft-Windows-Servicing
Time Written: 20110510010041.000000-000
Event Type: Warning
User: NT AUTHORITY\SYSTEM
Computer Name: Instructor-PC
Event Code: 4374
Message: Windows Servicing identified that package KB951978(Update) is not applicable for this system
Record Number: 2112
Source Name: Microsoft-Windows-Servicing
Time Written: 20110510010052.000000-000
Event Type: Warning
User: NT AUTHORITY\SYSTEM
Computer Name: Instructor-PC
Event Code: 4374
Message: Windows Servicing identified that package KB951978(Update) is not applicable for this system
Record Number: 2113
Source Name: Microsoft-Windows-Servicing
Time Written: 20110510010052.000000-000
Event Type: Warning
User: NT AUTHORITY\SYSTEM
=====Application event log=====
Computer Name: Instructor-PC
Event Code: 1530
Message: Windows detected your registry file is still in use by other applications or services. The file will be unloaded now. The applications or services that hold your registry file may not function properly afterwards.
DETAIL -
1 user registry handles leaked from \Registry\User\S-1-5-21-4134636282-1512834369-3856581858-1000_Classes:
Process 976 (\Device\HarddiskVolume2\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-4134636282-1512834369-3856581858-1000_CLASSES
Record Number: 365
Source Name: Microsoft-Windows-User Profiles Service
Time Written: 20110510000340.000000-000
Event Type: Warning
User: NT AUTHORITY\SYSTEM
Computer Name: Instructor-PC
Event Code: 10
Message: Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected.
Record Number: 381
Source Name: Microsoft-Windows-WMI
Time Written: 20110510000651.000000-000
Event Type: Error
User:
Computer Name: Instructor-PC
Event Code: 1530
Message: Windows detected your registry file is still in use by other applications or services. The file will be unloaded now. The applications or services that hold your registry file may not function properly afterwards.
DETAIL -
1 user registry handles leaked from \Registry\User\S-1-5-21-4134636282-1512834369-3856581858-1000:
Process 880 (\Device\HarddiskVolume2\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-4134636282-1512834369-3856581858-1000
Record Number: 420
Source Name: Microsoft-Windows-User Profiles Service
Time Written: 20110510003903.000000-000
Event Type: Warning
User: NT AUTHORITY\SYSTEM
Computer Name: Instructor-PC
Event Code: 1530
Message: Windows detected your registry file is still in use by other applications or services. The file will be unloaded now. The applications or services that hold your registry file may not function properly afterwards.
DETAIL -
1 user registry handles leaked from \Registry\User\S-1-5-21-4134636282-1512834369-3856581858-1000_Classes:
Process 880 (\Device\HarddiskVolume2\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-4134636282-1512834369-3856581858-1000_CLASSES
Record Number: 421
Source Name: Microsoft-Windows-User Profiles Service
Time Written: 20110510003904.000000-000
Event Type: Warning
User: NT AUTHORITY\SYSTEM
Computer Name: Instructor-PC
Event Code: 10
Message: Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected.
Record Number: 441
Source Name: Microsoft-Windows-WMI
Time Written: 20110510004153.000000-000
Event Type: Error
User:
=====Security event log=====
Computer Name: Instructor-PC
Event Code: 5038
Message: Code integrity determined that the image hash of a file is not valid. The file could be corrupt due to unauthorized modification or the invalid hash could indicate a potential disk device error.
File Name: \Device\HarddiskVolume2\Windows\System32\drivers\tcpip.sys
Record Number: 539
Source Name: Microsoft-Windows-Security-Auditing
Time Written: 20110510010129.882435-000
Event Type: Audit Failure
User:
Computer Name: Instructor-PC
Event Code: 5038
Message: Code integrity determined that the image hash of a file is not valid. The file could be corrupt due to unauthorized modification or the invalid hash could indicate a potential disk device error.
File Name: \Device\HarddiskVolume2\Windows\System32\drivers\tcpip.sys
Record Number: 540
Source Name: Microsoft-Windows-Security-Auditing
Time Written: 20110510010129.898035-000
Event Type: Audit Failure
User:
Computer Name: Instructor-PC
Event Code: 5038
Message: Code integrity determined that the image hash of a file is not valid. The file could be corrupt due to unauthorized modification or the invalid hash could indicate a potential disk device error.
File Name: \Device\HarddiskVolume2\Windows\System32\drivers\tcpip.sys
Record Number: 541
Source Name: Microsoft-Windows-Security-Auditing
Time Written: 20110510010129.913635-000
Event Type: Audit Failure
User:
Computer Name: Instructor-PC
Event Code: 5038
Message: Code integrity determined that the image hash of a file is not valid. The file could be corrupt due to unauthorized modification or the invalid hash could indicate a potential disk device error.
File Name: \Device\HarddiskVolume2\Windows\System32\drivers\tcpip.sys
Record Number: 542
Source Name: Microsoft-Windows-Security-Auditing
Time Written: 20110510010129.929235-000
Event Type: Audit Failure
User:
Computer Name: Instructor-PC
Event Code: 5038
Message: Code integrity determined that the image hash of a file is not valid. The file could be corrupt due to unauthorized modification or the invalid hash could indicate a potential disk device error.
File Name: \Device\HarddiskVolume2\Windows\System32\drivers\tcpip.sys
Record Number: 543
Source Name: Microsoft-Windows-Security-Auditing
Time Written: 20110510010129.944835-000
Event Type: Audit Failure
User:
======Environment variables======
"ComSpec"=%SystemRoot%\system32\cmd.exe
"FP_NO_HOST_CHECK"=NO
"OS"=Windows_NT
"Path"=%SystemRoot%\system32;%SystemRoot%;%SystemRoot%\System32\Wbem;C:\Program Files\QuickTime\QTSystem\
"PATHEXT"=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH;.MSC
"PROCESSOR_ARCHITECTURE"=x86
"TEMP"=%SystemRoot%\TEMP
"TMP"=%SystemRoot%\TEMP
"USERNAME"=SYSTEM
"windir"=%SystemRoot%
"PROCESSOR_LEVEL"=6
"PROCESSOR_IDENTIFIER"=x86 Family 6 Model 22 Stepping 1, GenuineIntel
"PROCESSOR_REVISION"=1601
"NUMBER_OF_PROCESSORS"=1
"TRACE_FORMAT_SEARCH_PATH"=\\NTREL202.ntdev.corp.microsoft.com\4F18C3A5-CA09-4DBD-B6FC-219FDD4C6BE0\TraceFormat
"DFSTRACINGON"=FALSE
"asl.log"=Destination=file
"CLASSPATH"=.;C:\Program Files\QuickTime\QTSystem\QTJava.zip
"QTJAVA"=C:\Program Files\QuickTime\QTSystem\QTJava.zip
-----------------EOF-----------------
Logfile of random's system information tool 1.08 (written by random/random)
Run by Instructor at 2011-05-09 18:00:12
Microsoft® Windows Vista(TM) Home Basic Service Pack 1
System drive C: has 15 GB (45%) free of 33 GB
Total RAM: 2549 MB (63% free)
Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 6:01:31 PM, on 5/9/2011
Platform: Windows Vista SP1 (WinNT 6.00.1905)
MSIE: Internet Explorer v7.00 (7.00.6001.18000)
Boot mode: Normal
Running processes:
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Windows Defender\MSASCui.exe
C:\Windows\System32\igfxtray.exe
C:\Windows\System32\hkcmd.exe
C:\Windows\System32\igfxpers.exe
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Microsoft Security Client\msseces.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Windows\system32\igfxsrvc.exe
C:\Program Files\Internet Explorer\ieuser.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Windows\system32\Macromed\Flash\FlashUtil10p_ActiveX.exe
C:\Windows\system32\wuauclt.exe
C:\Users\Instructor\Desktop\RSIT.exe
C:\Program Files\trend micro\Instructor.exe
C:\Windows\system32\DllHost.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr/?ocid=iehp
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O1 - Hosts: ::1 localhost
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MICROS~2\Office12\GRA8E1~1.DLL
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [IgfxTray] C:\Windows\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\Windows\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] C:\Windows\system32\igfxpers.exe
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [MSC] "C:\Program Files\Microsoft Security Client\msseces.exe" -hide -runkey
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE')
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~1\MICROS~2\Office12\GR99D3~1.DLL
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\Windows\system32\browseui.dll
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
--
End of file - 4452 bytes
======Registry dump======
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{72853161-30C5-4D22-B7F9-0BBC1D38A37E}]
Groove GFS Browser Helper - C:\PROGRA~1\MICROS~2\Office12\GRA8E1~1.DLL [2006-10-27 2210608]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"Windows Defender"=C:\Program Files\Windows Defender\MSASCui.exe [2008-01-20 1008184]
"IgfxTray"=C:\Windows\system32\igfxtray.exe [2009-10-02 141848]
"HotKeysCmds"=C:\Windows\system32\hkcmd.exe [2009-10-02 173592]
"Persistence"=C:\Windows\system32\igfxpers.exe [2009-10-02 150552]
"GrooveMonitor"=C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe [2006-10-27 31016]
"QuickTime Task"=C:\Program Files\QuickTime\QTTask.exe [2010-11-29 421888]
"iTunesHelper"=C:\Program Files\iTunes\iTunesHelper.exe [2011-03-07 421160]
"MSC"=C:\Program Files\Microsoft Security Client\msseces.exe [2010-11-30 997408]
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"=C:\Program Files\Windows Sidebar\sidebar.exe [2008-01-20 1233920]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\igfxcui]
C:\Windows\system32\igfxdev.dll [2009-09-23 218112]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{B5A7F190-DDA6-4420-B3BA-52453494E6CD}"=C:\PROGRA~1\MICROS~2\Office12\GRA8E1~1.DLL [2006-10-27 2210608]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\MsMpSvc]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1
"EnableUIADesktopToggle"=0
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
======List of files/folders created in the last 1 months======
2011-05-09 18:00:12 ----D---- C:\rsit
2011-05-09 18:00:12 ----D---- C:\Program Files\trend micro
2011-05-09 17:31:28 ----D---- C:\Users\Instructor\AppData\Roaming\Macromedia
2011-05-09 17:31:28 ----D---- C:\Users\Instructor\AppData\Roaming\Adobe
2011-05-09 17:31:25 ----D---- C:\Windows\system32\Macromed
2011-05-09 17:26:18 ----D---- C:\Program Files\Microsoft Security Client
2011-05-09 17:25:51 ----A---- C:\Windows\system32\IKEEXT.DLL
2011-05-09 17:25:51 ----A---- C:\Windows\system32\FWPUCLNT.DLL
2011-05-09 17:25:51 ----A---- C:\Windows\system32\drivers\tcpip.sys
2011-05-09 17:25:51 ----A---- C:\Windows\system32\drivers\netio.sys
2011-05-09 17:25:51 ----A---- C:\Windows\system32\drivers\FWPKCLNT.SYS
2011-05-09 17:25:51 ----A---- C:\Windows\system32\BFE.DLL
2011-05-09 16:43:10 ----A---- C:\Windows\system32\wups2.dll
2011-05-09 16:43:10 ----A---- C:\Windows\system32\wucltux.dll
2011-05-09 16:43:10 ----A---- C:\Windows\system32\wuaueng.dll
2011-05-09 16:43:10 ----A---- C:\Windows\system32\wuauclt.exe
2011-05-09 16:42:55 ----A---- C:\Windows\system32\wups.dll
2011-05-09 16:42:55 ----A---- C:\Windows\system32\wudriver.dll
2011-05-09 16:42:55 ----A---- C:\Windows\system32\wuapi.dll
2011-05-09 16:42:44 ----A---- C:\Windows\system32\wuwebv.dll
2011-05-09 16:42:44 ----A---- C:\Windows\system32\wuapp.exe
2011-05-08 12:08:01 ----D---- C:\Windows\Panther
2011-05-08 12:07:49 ----RAS---- C:\BOOTSECT.BAK
2011-05-08 12:07:47 ----SHD---- C:\Boot
2011-05-08 12:07:25 ----D---- C:\Windows\system32\OEM
2011-05-08 11:51:15 ----D---- C:\Users\Instructor\AppData\Roaming\Apple Computer
2011-05-08 11:51:07 ----DC---- C:\Windows\system32\DRVSTORE
2011-05-08 11:51:07 ----A---- C:\Windows\system32\GEARAspi.dll
2011-05-08 11:51:07 ----A---- C:\Windows\system32\drivers\GEARAspiWDM.sys
2011-05-08 11:50:38 ----D---- C:\Program Files\iPod
2011-05-08 11:50:37 ----D---- C:\ProgramData\{429CAD59-35B1-4DBC-BB6D-1DB246563521}
2011-05-08 11:50:37 ----D---- C:\Program Files\iTunes
2011-05-08 11:49:30 ----D---- C:\Program Files\QuickTime
2011-05-08 11:49:29 ----D---- C:\ProgramData\Apple Computer
2011-05-08 11:49:11 ----D---- C:\Program Files\Apple Software Update
2011-05-08 11:48:16 ----D---- C:\Program Files\Bonjour
2011-05-08 11:48:03 ----D---- C:\ProgramData\Apple
2011-05-08 11:48:03 ----D---- C:\Program Files\Common Files\Apple
2011-05-08 11:47:01 ----A---- C:\Windows\system32\mdimon.dll
2011-05-08 11:46:33 ----A---- C:\Windows\system32\msonpmon.dll
2011-05-08 11:43:55 ----D---- C:\Program Files\Microsoft Works
2011-05-08 11:43:12 ----D---- C:\Program Files\Microsoft Visual Studio
2011-05-08 11:43:12 ----D---- C:\Program Files\Common Files\DESIGNER
2011-05-08 11:42:29 ----D---- C:\Windows\PCHEALTH
2011-05-08 11:42:29 ----D---- C:\Program Files\Microsoft.NET
2011-05-08 11:39:41 ----D---- C:\Program Files\Microsoft Visual Studio 8
2011-05-08 11:39:04 ----D---- C:\Windows\SHELLNEW
2011-05-08 11:38:37 ----D---- C:\ProgramData\Microsoft Help
2011-05-08 11:38:37 ----D---- C:\Program Files\Microsoft Office
2011-05-08 11:38:30 ----SHD---- C:\Windows\Installer
2011-05-08 11:38:12 ----RHD---- C:\MSOCache
2011-05-08 11:32:43 ----A---- C:\Windows\system32\TVWizudlg.exe
2011-05-08 11:32:43 ----A---- C:\Windows\system32\igfxtvcx.dll
2011-05-08 11:31:52 ----ASH---- C:\hiberfil.sys
2011-05-08 11:26:20 ----D---- C:\Program Files\Intel
2011-05-08 11:24:17 ----RASH---- C:\Windows\system32\Desktop_.ini
2011-05-08 11:24:16 ----HD---- C:\Program Files\InstallShield Installation Information
2011-05-08 11:24:16 ----D---- C:\Windows\Options
2011-05-08 11:24:16 ----D---- C:\Program Files\Atheros
2011-05-08 11:24:16 ----A---- C:\Windows\system32\drivers\athr.sys
2011-05-08 11:24:16 ----A---- C:\Windows\system32\athr.sys
2011-05-08 11:24:05 ----A---- C:\Windows\system32\igmedkrn.dll
2011-05-08 11:24:05 ----A---- C:\Windows\system32\igfxzoom.exe
2011-05-08 11:24:05 ----A---- C:\Windows\system32\igfxCoIn_v1280.dll
2011-05-08 11:23:53 ----D---- C:\Windows\system32\Lang
2011-05-08 11:23:52 ----A---- C:\Windows\system32\difxapi.dll
2011-05-08 11:23:46 ----D---- C:\Intel
2011-05-08 11:22:51 ----D---- C:\Users\Instructor\AppData\Roaming\InstallShield
2011-05-08 11:22:51 ----D---- C:\ProgramData\Atheros
2011-05-08 11:19:07 ----D---- C:\Users\Instructor\AppData\Roaming\Identities
2011-05-08 11:19:00 ----SD---- C:\Users\Instructor\AppData\Roaming\Microsoft
2011-05-08 11:16:14 ----D---- C:\Windows\Debug
2011-05-08 11:12:13 ----D---- C:\Windows\SoftwareDistribution
2011-05-08 11:08:57 ----D---- C:\Windows\Prefetch
2011-05-08 11:08:48 ----ASH---- C:\pagefile.sys
2011-05-08 11:08:47 ----SHD---- C:\System Volume Information
2011-05-08 06:42:52 ----A---- C:\Windows\system32\TVWSetup.exe
2011-05-08 06:42:52 ----A---- C:\Windows\system32\oemdspif.dll
2011-05-08 06:42:52 ----A---- C:\Windows\system32\igfxCoIn_v1930.dll
2011-05-08 06:42:50 ----A---- C:\Windows\system32\igfxtray.exe
2011-05-08 06:42:50 ----A---- C:\Windows\system32\igfxTMM.dll
2011-05-08 06:42:49 ----A---- C:\Windows\system32\igfxsrvc.exe
2011-05-08 06:42:49 ----A---- C:\Windows\system32\igfxsrvc.dll
2011-05-08 06:42:45 ----A---- C:\Windows\system32\igfxress.dll
2011-05-08 06:42:44 ----A---- C:\Windows\system32\igfxpph.dll
2011-05-08 06:42:44 ----A---- C:\Windows\system32\igfxpers.exe
2011-05-08 06:42:44 ----A---- C:\Windows\system32\igfxext.exe
2011-05-08 06:42:44 ----A---- C:\Windows\system32\igfxexps.dll
2011-05-08 06:42:44 ----A---- C:\Windows\system32\igfxdo.dll
2011-05-08 06:42:44 ----A---- C:\Windows\system32\igfxdev.dll
2011-05-08 06:42:43 ----A---- C:\Windows\system32\igfxcfg.exe
2011-05-08 06:42:42 ----A---- C:\Windows\system32\igdumdx32.dll
2011-05-08 06:42:41 ----A---- C:\Windows\system32\igdumd32.dll
2011-05-08 06:42:39 ----A---- C:\Windows\system32\drivers\igdkmd32.sys
2011-05-08 06:42:38 ----A---- C:\Windows\system32\igd10umd32.dll
2011-05-08 06:42:36 ----A---- C:\Windows\system32\ig4icd32.dll
2011-05-08 06:42:36 ----A---- C:\Windows\system32\ig4dev32.dll
2011-05-08 06:42:35 ----A---- C:\Windows\system32\hkcmd.exe
2011-05-08 06:42:35 ----A---- C:\Windows\system32\hccutils.dll
======List of files/folders modified in the last 1 months======
2011-05-09 18:01:08 ----D---- C:\Windows\Temp
2011-05-09 18:00:56 ----D---- C:\Windows\system32\catroot
2011-05-09 18:00:54 ----D---- C:\Windows\winsxs
2011-05-09 18:00:43 ----D---- C:\Windows\system32\catroot2
2011-05-09 18:00:12 ----RD---- C:\Program Files
2011-05-09 17:48:09 ----D---- C:\Windows\System32
2011-05-09 17:48:09 ----A---- C:\Windows\system32\PerfStringBackup.INI
2011-05-09 17:48:08 ----D---- C:\Windows\inf
2011-05-09 17:39:12 ----D---- C:\Windows\system32\drivers
2011-05-09 17:31:28 ----SD---- C:\Windows\Downloaded Program Files
2011-05-09 17:27:33 ----D---- C:\Windows
2011-05-09 17:26:14 ----SD---- C:\ProgramData\Microsoft
2011-05-09 17:21:07 ----D---- C:\Windows\rescache
2011-05-09 17:16:48 ----D---- C:\Windows\Logs
2011-05-09 17:05:04 ----D---- C:\Windows\system32\en-US
2011-05-08 11:50:37 ----HD---- C:\ProgramData
2011-05-08 11:49:47 ----D---- C:\Program Files\Internet Explorer
2011-05-08 11:49:15 ----D---- C:\Windows\system32\Tasks
2011-05-08 11:48:03 ----D---- C:\Program Files\Common Files
2011-05-08 11:47:01 ----RSD---- C:\Windows\assembly
2011-05-08 11:43:49 ----D---- C:\Program Files\Common Files\microsoft shared
2011-05-08 11:43:36 ----D---- C:\Program Files\MSBuild
2011-05-08 11:42:42 ----RSD---- C:\Windows\Fonts
2011-05-08 11:39:16 ----A---- C:\Windows\win.ini
2011-05-08 11:39:14 ----D---- C:\Program Files\Common Files\System
2011-05-08 11:37:12 ----SHD---- C:\$Recycle.Bin
2011-05-08 11:36:48 ----RD---- C:\Users
2011-05-08 11:24:04 ----D---- C:\Windows\system32\restore
2011-05-08 11:21:52 ----D---- C:\Windows\system32\drivers\UMDF
2011-05-08 11:16:43 ----D---- C:\Windows\system32\WDI
======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======
R1 MpFilter;Microsoft Malware Protection Driver; C:\Windows\system32\DRIVERS\MpFilter.sys [2010-10-24 165264]
R3 athr;Atheros Extensible Wireless LAN device driver; C:\Windows\system32\DRIVERS\athr.sys [2007-04-23 705024]
R3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0; C:\Windows\system32\DRIVERS\b57nd60x.sys [2008-01-20 179712]
R3 GEARAspiWDM;GEAR ASPI Filter Driver; C:\Windows\system32\DRIVERS\GEARAspiWDM.sys [2009-05-18 26600]
R3 HdAudAddService;Microsoft 1.1 UAA Function Driver for High Definition Audio Service; C:\Windows\system32\drivers\HdAudio.sys [2006-11-02 235520]
R3 HSF_DPV;HSF_DPV; C:\Windows\system32\DRIVERS\VSTDPV3.SYS [2008-01-20 987648]
R3 HSFHWAZL;HSFHWAZL; C:\Windows\system32\DRIVERS\VSTAZL3.SYS [2008-01-20 200704]
R3 igfx;igfx; C:\Windows\system32\DRIVERS\igdkmd32.sys [2009-09-23 4808192]
R3 winachsf;winachsf; C:\Windows\system32\DRIVERS\VSTCNXT3.SYS [2008-01-20 654336]
S3 drmkaud;Microsoft Kernel DRM Audio Descrambler; C:\Windows\system32\drivers\drmkaud.sys [2008-01-20 5632]
S3 MpNWMon;Microsoft Malware Protection Network Driver; C:\Windows\system32\DRIVERS\MpNWMon.sys [2010-10-24 43392]
S3 MSKSSRV;Microsoft Streaming Service Proxy; C:\Windows\system32\drivers\MSKSSRV.sys [2008-01-20 8192]
S3 MSPCLOCK;Microsoft Streaming Clock Proxy; C:\Windows\system32\drivers\MSPCLOCK.sys [2008-01-20 5888]
S3 MSPQM;Microsoft Streaming Quality Manager Proxy; C:\Windows\system32\drivers\MSPQM.sys [2008-01-20 5504]
S3 MSTEE;Microsoft Streaming Tee/Sink-to-Sink Converter; C:\Windows\system32\drivers\MSTEE.sys [2008-01-20 6016]
S3 NisDrv;Microsoft Network Inspection System; C:\Windows\system32\DRIVERS\NisDrvWFP.sys [2010-10-24 54144]
S3 WUDFRd;WUDFRd; C:\Windows\system32\DRIVERS\WUDFRd.sys [2008-01-20 83328]
S4 ErrDev;Microsoft Hardware Error Device Driver; C:\Windows\system32\drivers\errdev.sys [2008-01-20 6656]
S4 MegaSR;MegaSR; C:\Windows\system32\drivers\megasr.sys [2008-01-20 386616]
======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======
R2 Apple Mobile Device;Apple Mobile Device; C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [2011-02-18 37664]
R2 Bonjour Service;Bonjour Service; C:\Program Files\Bonjour\mDNSResponder.exe [2010-10-07 345376]
R2 MDM;Machine Debug Manager; C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe [2006-10-26 335872]
R2 MsMpSvc;Microsoft Antimalware Service; C:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe [2010-11-11 11736]
R3 iPod Service;iPod Service; C:\Program Files\iPod\bin\iPodService.exe [2011-03-07 820520]
S3 Microsoft Office Groove Audit Service;Microsoft Office Groove Audit Service; C:\Program Files\Microsoft Office\Office12\GrooveAuditService.exe [2006-10-27 65824]
S3 NisSrv;@C:\Program Files\Microsoft Security Client\Antimalware\MpAsDesc.dll,-243; C:\Program Files\Microsoft Security Client\Antimalware\NisSrv.exe [2010-11-11 206360]
S3 odserv;Microsoft Office Diagnostics Service; C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE [2006-10-26 441136]
S3 ose;Office Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2006-10-26 145184]
-----------------EOF-----------------
info.txt logfile of random's system information tool 1.08 2011-05-09 18:01:32
======Uninstall list======
Adobe Flash Player 10 ActiveX-->C:\Windows\system32\Macromed\Flash\FlashUtil10p_ActiveX.exe -maintain activex
Apple Application Support-->MsiExec.exe /I{2DC94AFD-A6E2-4AB4-9132-4A3F8E07B386}
Apple Mobile Device Support-->MsiExec.exe /I{CACAEB5F-174D-4C7C-AC56-A33289A807CA}
Apple Software Update-->MsiExec.exe /I{C41300B9-185D-475E-BFEC-39EF732F19B1}
Atheros for Acer Driver v7.2.0.208_Foxconn Installation Program-->C:\Program Files\InstallShield Installation Information\{28006915-2739-4EBE-B5E8-49B25D32EB33}\setup.exe -runfromtemp -l0x0009 -removeonly
Bonjour-->MsiExec.exe /X{2A981294-F14C-4F0F-9627-D793270922F8}
Intel(R) Graphics Media Accelerator Driver-->C:\Windows\system32\igxpun.exe -uninstall
Intel(R) TV Wizard-->C:\Windows\system32\TVWizudlg.exe -uninstall
iTunes-->MsiExec.exe /I{2A697B53-0DE3-42DA-B41D-C3F804B1C538}
Microsoft Antimalware Service FR-FR Language Pack-->MsiExec.exe /X{0450B7B0-AC71-44A4-AB40-4DD678DF3A8C}
Microsoft Antimalware Service FR-FR Language Pack-->MsiExec.exe /X{A4526B5A-89C0-4F4B-9E6E-4F883374D5F9}
Microsoft Antimalware-->MsiExec.exe /X{774088D4-0777-4D78-904D-E435B318F5D2}
Microsoft Office Access MUI (English) 2007-->MsiExec.exe /X{90120000-0015-0409-0000-0000000FF1CE}
Microsoft Office Access Setup Metadata MUI (English) 2007-->MsiExec.exe /X{90120000-0117-0409-0000-0000000FF1CE}
Microsoft Office Enterprise 2007-->"C:\Program Files\Common Files\Microsoft Shared\OFFICE12\Office Setup Controller\setup.exe" /uninstall ENTERPRISE /dll OSETUP.DLL
Microsoft Office Enterprise 2007-->MsiExec.exe /X{90120000-0030-0000-0000-0000000FF1CE}
Microsoft Office Excel MUI (English) 2007-->MsiExec.exe /X{90120000-0016-0409-0000-0000000FF1CE}
Microsoft Office Groove MUI (English) 2007-->MsiExec.exe /X{90120000-00BA-0409-0000-0000000FF1CE}
Microsoft Office Groove Setup Metadata MUI (English) 2007-->MsiExec.exe /X{90120000-0114-0409-0000-0000000FF1CE}
Microsoft Office InfoPath MUI (English) 2007-->MsiExec.exe /X{90120000-0044-0409-0000-0000000FF1CE}
Microsoft Office OneNote MUI (English) 2007-->MsiExec.exe /X{90120000-00A1-0409-0000-0000000FF1CE}
Microsoft Office Outlook MUI (English) 2007-->MsiExec.exe /X{90120000-001A-0409-0000-0000000FF1CE}
Microsoft Office PowerPoint MUI (English) 2007-->MsiExec.exe /X{90120000-0018-0409-0000-0000000FF1CE}
Microsoft Office Proof (English) 2007-->MsiExec.exe /X{90120000-001F-0409-0000-0000000FF1CE}
Microsoft Office Proof (French) 2007-->MsiExec.exe /X{90120000-001F-040C-0000-0000000FF1CE}
Microsoft Office Proof (Spanish) 2007-->MsiExec.exe /X{90120000-001F-0C0A-0000-0000000FF1CE}
Microsoft Office Proofing (English) 2007-->MsiExec.exe /X{90120000-002C-0409-0000-0000000FF1CE}
Microsoft Office Publisher MUI (English) 2007-->MsiExec.exe /X{90120000-0019-0409-0000-0000000FF1CE}
Microsoft Office Shared MUI (English) 2007-->MsiExec.exe /X{90120000-006E-0409-0000-0000000FF1CE}
Microsoft Office Shared Setup Metadata MUI (English) 2007-->MsiExec.exe /X{90120000-0115-0409-0000-0000000FF1CE}
Microsoft Office Word MUI (English) 2007-->MsiExec.exe /X{90120000-001B-0409-0000-0000000FF1CE}
Microsoft Security Client FR-FR Language Pack-->MsiExec.exe /I{859B9BCA-5376-4566-9F88-C6C9DAA7A925}
Microsoft Security Client-->MsiExec.exe /I{77A776C4-D10F-416D-88F0-53F2D9DCD9B3}
Microsoft Security Essentials-->C:\Program Files\Microsoft Security Client\Setup.exe /x
QuickTime-->MsiExec.exe /I{57752979-A1C9-4C02-856B-FBB27AC4E02C}
======Security center information======
AS: Windows Defender
======System event log======
Computer Name: Instructor-PC
Event Code: 4374
Message: Windows Servicing identified that package KB974571(Security Update) is not applicable for this system
Record Number: 2088
Source Name: Microsoft-Windows-Servicing
Time Written: 20110510010041.000000-000
Event Type: Warning
User: NT AUTHORITY\SYSTEM
Computer Name: Instructor-PC
Event Code: 4374
Message: Windows Servicing identified that package KB974571(Security Update) is not applicable for this system
Record Number: 2089
Source Name: Microsoft-Windows-Servicing
Time Written: 20110510010041.000000-000
Event Type: Warning
User: NT AUTHORITY\SYSTEM
Computer Name: Instructor-PC
Event Code: 4374
Message: Windows Servicing identified that package KB974571(Security Update) is not applicable for this system
Record Number: 2090
Source Name: Microsoft-Windows-Servicing
Time Written: 20110510010041.000000-000
Event Type: Warning
User: NT AUTHORITY\SYSTEM
Computer Name: Instructor-PC
Event Code: 4374
Message: Windows Servicing identified that package KB951978(Update) is not applicable for this system
Record Number: 2112
Source Name: Microsoft-Windows-Servicing
Time Written: 20110510010052.000000-000
Event Type: Warning
User: NT AUTHORITY\SYSTEM
Computer Name: Instructor-PC
Event Code: 4374
Message: Windows Servicing identified that package KB951978(Update) is not applicable for this system
Record Number: 2113
Source Name: Microsoft-Windows-Servicing
Time Written: 20110510010052.000000-000
Event Type: Warning
User: NT AUTHORITY\SYSTEM
=====Application event log=====
Computer Name: Instructor-PC
Event Code: 1530
Message: Windows detected your registry file is still in use by other applications or services. The file will be unloaded now. The applications or services that hold your registry file may not function properly afterwards.
DETAIL -
1 user registry handles leaked from \Registry\User\S-1-5-21-4134636282-1512834369-3856581858-1000_Classes:
Process 976 (\Device\HarddiskVolume2\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-4134636282-1512834369-3856581858-1000_CLASSES
Record Number: 365
Source Name: Microsoft-Windows-User Profiles Service
Time Written: 20110510000340.000000-000
Event Type: Warning
User: NT AUTHORITY\SYSTEM
Computer Name: Instructor-PC
Event Code: 10
Message: Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected.
Record Number: 381
Source Name: Microsoft-Windows-WMI
Time Written: 20110510000651.000000-000
Event Type: Error
User:
Computer Name: Instructor-PC
Event Code: 1530
Message: Windows detected your registry file is still in use by other applications or services. The file will be unloaded now. The applications or services that hold your registry file may not function properly afterwards.
DETAIL -
1 user registry handles leaked from \Registry\User\S-1-5-21-4134636282-1512834369-3856581858-1000:
Process 880 (\Device\HarddiskVolume2\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-4134636282-1512834369-3856581858-1000
Record Number: 420
Source Name: Microsoft-Windows-User Profiles Service
Time Written: 20110510003903.000000-000
Event Type: Warning
User: NT AUTHORITY\SYSTEM
Computer Name: Instructor-PC
Event Code: 1530
Message: Windows detected your registry file is still in use by other applications or services. The file will be unloaded now. The applications or services that hold your registry file may not function properly afterwards.
DETAIL -
1 user registry handles leaked from \Registry\User\S-1-5-21-4134636282-1512834369-3856581858-1000_Classes:
Process 880 (\Device\HarddiskVolume2\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-4134636282-1512834369-3856581858-1000_CLASSES
Record Number: 421
Source Name: Microsoft-Windows-User Profiles Service
Time Written: 20110510003904.000000-000
Event Type: Warning
User: NT AUTHORITY\SYSTEM
Computer Name: Instructor-PC
Event Code: 10
Message: Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected.
Record Number: 441
Source Name: Microsoft-Windows-WMI
Time Written: 20110510004153.000000-000
Event Type: Error
User:
=====Security event log=====
Computer Name: Instructor-PC
Event Code: 5038
Message: Code integrity determined that the image hash of a file is not valid. The file could be corrupt due to unauthorized modification or the invalid hash could indicate a potential disk device error.
File Name: \Device\HarddiskVolume2\Windows\System32\drivers\tcpip.sys
Record Number: 539
Source Name: Microsoft-Windows-Security-Auditing
Time Written: 20110510010129.882435-000
Event Type: Audit Failure
User:
Computer Name: Instructor-PC
Event Code: 5038
Message: Code integrity determined that the image hash of a file is not valid. The file could be corrupt due to unauthorized modification or the invalid hash could indicate a potential disk device error.
File Name: \Device\HarddiskVolume2\Windows\System32\drivers\tcpip.sys
Record Number: 540
Source Name: Microsoft-Windows-Security-Auditing
Time Written: 20110510010129.898035-000
Event Type: Audit Failure
User:
Computer Name: Instructor-PC
Event Code: 5038
Message: Code integrity determined that the image hash of a file is not valid. The file could be corrupt due to unauthorized modification or the invalid hash could indicate a potential disk device error.
File Name: \Device\HarddiskVolume2\Windows\System32\drivers\tcpip.sys
Record Number: 541
Source Name: Microsoft-Windows-Security-Auditing
Time Written: 20110510010129.913635-000
Event Type: Audit Failure
User:
Computer Name: Instructor-PC
Event Code: 5038
Message: Code integrity determined that the image hash of a file is not valid. The file could be corrupt due to unauthorized modification or the invalid hash could indicate a potential disk device error.
File Name: \Device\HarddiskVolume2\Windows\System32\drivers\tcpip.sys
Record Number: 542
Source Name: Microsoft-Windows-Security-Auditing
Time Written: 20110510010129.929235-000
Event Type: Audit Failure
User:
Computer Name: Instructor-PC
Event Code: 5038
Message: Code integrity determined that the image hash of a file is not valid. The file could be corrupt due to unauthorized modification or the invalid hash could indicate a potential disk device error.
File Name: \Device\HarddiskVolume2\Windows\System32\drivers\tcpip.sys
Record Number: 543
Source Name: Microsoft-Windows-Security-Auditing
Time Written: 20110510010129.944835-000
Event Type: Audit Failure
User:
======Environment variables======
"ComSpec"=%SystemRoot%\system32\cmd.exe
"FP_NO_HOST_CHECK"=NO
"OS"=Windows_NT
"Path"=%SystemRoot%\system32;%SystemRoot%;%SystemRoot%\System32\Wbem;C:\Program Files\QuickTime\QTSystem\
"PATHEXT"=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH;.MSC
"PROCESSOR_ARCHITECTURE"=x86
"TEMP"=%SystemRoot%\TEMP
"TMP"=%SystemRoot%\TEMP
"USERNAME"=SYSTEM
"windir"=%SystemRoot%
"PROCESSOR_LEVEL"=6
"PROCESSOR_IDENTIFIER"=x86 Family 6 Model 22 Stepping 1, GenuineIntel
"PROCESSOR_REVISION"=1601
"NUMBER_OF_PROCESSORS"=1
"TRACE_FORMAT_SEARCH_PATH"=\\NTREL202.ntdev.corp.microsoft.com\4F18C3A5-CA09-4DBD-B6FC-219FDD4C6BE0\TraceFormat
"DFSTRACINGON"=FALSE
"asl.log"=Destination=file
"CLASSPATH"=.;C:\Program Files\QuickTime\QTSystem\QTJava.zip
"QTJAVA"=C:\Program Files\QuickTime\QTSystem\QTJava.zip
-----------------EOF-----------------
Logfile of random's system information tool 1.08 (written by random/random)
Run by Instructor at 2011-05-09 18:00:12
Microsoft® Windows Vista(TM) Home Basic Service Pack 1
System drive C: has 15 GB (45%) free of 33 GB
Total RAM: 2549 MB (63% free)
Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 6:01:31 PM, on 5/9/2011
Platform: Windows Vista SP1 (WinNT 6.00.1905)
MSIE: Internet Explorer v7.00 (7.00.6001.18000)
Boot mode: Normal
Running processes:
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Windows Defender\MSASCui.exe
C:\Windows\System32\igfxtray.exe
C:\Windows\System32\hkcmd.exe
C:\Windows\System32\igfxpers.exe
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Microsoft Security Client\msseces.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Windows\system32\igfxsrvc.exe
C:\Program Files\Internet Explorer\ieuser.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Windows\system32\Macromed\Flash\FlashUtil10p_ActiveX.exe
C:\Windows\system32\wuauclt.exe
C:\Users\Instructor\Desktop\RSIT.exe
C:\Program Files\trend micro\Instructor.exe
C:\Windows\system32\DllHost.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr/?ocid=iehp
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O1 - Hosts: ::1 localhost
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MICROS~2\Office12\GRA8E1~1.DLL
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [IgfxTray] C:\Windows\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\Windows\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] C:\Windows\system32\igfxpers.exe
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [MSC] "C:\Program Files\Microsoft Security Client\msseces.exe" -hide -runkey
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE')
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~1\MICROS~2\Office12\GR99D3~1.DLL
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\Windows\system32\browseui.dll
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
--
End of file - 4452 bytes
======Registry dump======
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{72853161-30C5-4D22-B7F9-0BBC1D38A37E}]
Groove GFS Browser Helper - C:\PROGRA~1\MICROS~2\Office12\GRA8E1~1.DLL [2006-10-27 2210608]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"Windows Defender"=C:\Program Files\Windows Defender\MSASCui.exe [2008-01-20 1008184]
"IgfxTray"=C:\Windows\system32\igfxtray.exe [2009-10-02 141848]
"HotKeysCmds"=C:\Windows\system32\hkcmd.exe [2009-10-02 173592]
"Persistence"=C:\Windows\system32\igfxpers.exe [2009-10-02 150552]
"GrooveMonitor"=C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe [2006-10-27 31016]
"QuickTime Task"=C:\Program Files\QuickTime\QTTask.exe [2010-11-29 421888]
"iTunesHelper"=C:\Program Files\iTunes\iTunesHelper.exe [2011-03-07 421160]
"MSC"=C:\Program Files\Microsoft Security Client\msseces.exe [2010-11-30 997408]
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"=C:\Program Files\Windows Sidebar\sidebar.exe [2008-01-20 1233920]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\igfxcui]
C:\Windows\system32\igfxdev.dll [2009-09-23 218112]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{B5A7F190-DDA6-4420-B3BA-52453494E6CD}"=C:\PROGRA~1\MICROS~2\Office12\GRA8E1~1.DLL [2006-10-27 2210608]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\MsMpSvc]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1
"EnableUIADesktopToggle"=0
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
======List of files/folders created in the last 1 months======
2011-05-09 18:00:12 ----D---- C:\rsit
2011-05-09 18:00:12 ----D---- C:\Program Files\trend micro
2011-05-09 17:31:28 ----D---- C:\Users\Instructor\AppData\Roaming\Macromedia
2011-05-09 17:31:28 ----D---- C:\Users\Instructor\AppData\Roaming\Adobe
2011-05-09 17:31:25 ----D---- C:\Windows\system32\Macromed
2011-05-09 17:26:18 ----D---- C:\Program Files\Microsoft Security Client
2011-05-09 17:25:51 ----A---- C:\Windows\system32\IKEEXT.DLL
2011-05-09 17:25:51 ----A---- C:\Windows\system32\FWPUCLNT.DLL
2011-05-09 17:25:51 ----A---- C:\Windows\system32\drivers\tcpip.sys
2011-05-09 17:25:51 ----A---- C:\Windows\system32\drivers\netio.sys
2011-05-09 17:25:51 ----A---- C:\Windows\system32\drivers\FWPKCLNT.SYS
2011-05-09 17:25:51 ----A---- C:\Windows\system32\BFE.DLL
2011-05-09 16:43:10 ----A---- C:\Windows\system32\wups2.dll
2011-05-09 16:43:10 ----A---- C:\Windows\system32\wucltux.dll
2011-05-09 16:43:10 ----A---- C:\Windows\system32\wuaueng.dll
2011-05-09 16:43:10 ----A---- C:\Windows\system32\wuauclt.exe
2011-05-09 16:42:55 ----A---- C:\Windows\system32\wups.dll
2011-05-09 16:42:55 ----A---- C:\Windows\system32\wudriver.dll
2011-05-09 16:42:55 ----A---- C:\Windows\system32\wuapi.dll
2011-05-09 16:42:44 ----A---- C:\Windows\system32\wuwebv.dll
2011-05-09 16:42:44 ----A---- C:\Windows\system32\wuapp.exe
2011-05-08 12:08:01 ----D---- C:\Windows\Panther
2011-05-08 12:07:49 ----RAS---- C:\BOOTSECT.BAK
2011-05-08 12:07:47 ----SHD---- C:\Boot
2011-05-08 12:07:25 ----D---- C:\Windows\system32\OEM
2011-05-08 11:51:15 ----D---- C:\Users\Instructor\AppData\Roaming\Apple Computer
2011-05-08 11:51:07 ----DC---- C:\Windows\system32\DRVSTORE
2011-05-08 11:51:07 ----A---- C:\Windows\system32\GEARAspi.dll
2011-05-08 11:51:07 ----A---- C:\Windows\system32\drivers\GEARAspiWDM.sys
2011-05-08 11:50:38 ----D---- C:\Program Files\iPod
2011-05-08 11:50:37 ----D---- C:\ProgramData\{429CAD59-35B1-4DBC-BB6D-1DB246563521}
2011-05-08 11:50:37 ----D---- C:\Program Files\iTunes
2011-05-08 11:49:30 ----D---- C:\Program Files\QuickTime
2011-05-08 11:49:29 ----D---- C:\ProgramData\Apple Computer
2011-05-08 11:49:11 ----D---- C:\Program Files\Apple Software Update
2011-05-08 11:48:16 ----D---- C:\Program Files\Bonjour
2011-05-08 11:48:03 ----D---- C:\ProgramData\Apple
2011-05-08 11:48:03 ----D---- C:\Program Files\Common Files\Apple
2011-05-08 11:47:01 ----A---- C:\Windows\system32\mdimon.dll
2011-05-08 11:46:33 ----A---- C:\Windows\system32\msonpmon.dll
2011-05-08 11:43:55 ----D---- C:\Program Files\Microsoft Works
2011-05-08 11:43:12 ----D---- C:\Program Files\Microsoft Visual Studio
2011-05-08 11:43:12 ----D---- C:\Program Files\Common Files\DESIGNER
2011-05-08 11:42:29 ----D---- C:\Windows\PCHEALTH
2011-05-08 11:42:29 ----D---- C:\Program Files\Microsoft.NET
2011-05-08 11:39:41 ----D---- C:\Program Files\Microsoft Visual Studio 8
2011-05-08 11:39:04 ----D---- C:\Windows\SHELLNEW
2011-05-08 11:38:37 ----D---- C:\ProgramData\Microsoft Help
2011-05-08 11:38:37 ----D---- C:\Program Files\Microsoft Office
2011-05-08 11:38:30 ----SHD---- C:\Windows\Installer
2011-05-08 11:38:12 ----RHD---- C:\MSOCache
2011-05-08 11:32:43 ----A---- C:\Windows\system32\TVWizudlg.exe
2011-05-08 11:32:43 ----A---- C:\Windows\system32\igfxtvcx.dll
2011-05-08 11:31:52 ----ASH---- C:\hiberfil.sys
2011-05-08 11:26:20 ----D---- C:\Program Files\Intel
2011-05-08 11:24:17 ----RASH---- C:\Windows\system32\Desktop_.ini
2011-05-08 11:24:16 ----HD---- C:\Program Files\InstallShield Installation Information
2011-05-08 11:24:16 ----D---- C:\Windows\Options
2011-05-08 11:24:16 ----D---- C:\Program Files\Atheros
2011-05-08 11:24:16 ----A---- C:\Windows\system32\drivers\athr.sys
2011-05-08 11:24:16 ----A---- C:\Windows\system32\athr.sys
2011-05-08 11:24:05 ----A---- C:\Windows\system32\igmedkrn.dll
2011-05-08 11:24:05 ----A---- C:\Windows\system32\igfxzoom.exe
2011-05-08 11:24:05 ----A---- C:\Windows\system32\igfxCoIn_v1280.dll
2011-05-08 11:23:53 ----D---- C:\Windows\system32\Lang
2011-05-08 11:23:52 ----A---- C:\Windows\system32\difxapi.dll
2011-05-08 11:23:46 ----D---- C:\Intel
2011-05-08 11:22:51 ----D---- C:\Users\Instructor\AppData\Roaming\InstallShield
2011-05-08 11:22:51 ----D---- C:\ProgramData\Atheros
2011-05-08 11:19:07 ----D---- C:\Users\Instructor\AppData\Roaming\Identities
2011-05-08 11:19:00 ----SD---- C:\Users\Instructor\AppData\Roaming\Microsoft
2011-05-08 11:16:14 ----D---- C:\Windows\Debug
2011-05-08 11:12:13 ----D---- C:\Windows\SoftwareDistribution
2011-05-08 11:08:57 ----D---- C:\Windows\Prefetch
2011-05-08 11:08:48 ----ASH---- C:\pagefile.sys
2011-05-08 11:08:47 ----SHD---- C:\System Volume Information
2011-05-08 06:42:52 ----A---- C:\Windows\system32\TVWSetup.exe
2011-05-08 06:42:52 ----A---- C:\Windows\system32\oemdspif.dll
2011-05-08 06:42:52 ----A---- C:\Windows\system32\igfxCoIn_v1930.dll
2011-05-08 06:42:50 ----A---- C:\Windows\system32\igfxtray.exe
2011-05-08 06:42:50 ----A---- C:\Windows\system32\igfxTMM.dll
2011-05-08 06:42:49 ----A---- C:\Windows\system32\igfxsrvc.exe
2011-05-08 06:42:49 ----A---- C:\Windows\system32\igfxsrvc.dll
2011-05-08 06:42:45 ----A---- C:\Windows\system32\igfxress.dll
2011-05-08 06:42:44 ----A---- C:\Windows\system32\igfxpph.dll
2011-05-08 06:42:44 ----A---- C:\Windows\system32\igfxpers.exe
2011-05-08 06:42:44 ----A---- C:\Windows\system32\igfxext.exe
2011-05-08 06:42:44 ----A---- C:\Windows\system32\igfxexps.dll
2011-05-08 06:42:44 ----A---- C:\Windows\system32\igfxdo.dll
2011-05-08 06:42:44 ----A---- C:\Windows\system32\igfxdev.dll
2011-05-08 06:42:43 ----A---- C:\Windows\system32\igfxcfg.exe
2011-05-08 06:42:42 ----A---- C:\Windows\system32\igdumdx32.dll
2011-05-08 06:42:41 ----A---- C:\Windows\system32\igdumd32.dll
2011-05-08 06:42:39 ----A---- C:\Windows\system32\drivers\igdkmd32.sys
2011-05-08 06:42:38 ----A---- C:\Windows\system32\igd10umd32.dll
2011-05-08 06:42:36 ----A---- C:\Windows\system32\ig4icd32.dll
2011-05-08 06:42:36 ----A---- C:\Windows\system32\ig4dev32.dll
2011-05-08 06:42:35 ----A---- C:\Windows\system32\hkcmd.exe
2011-05-08 06:42:35 ----A---- C:\Windows\system32\hccutils.dll
======List of files/folders modified in the last 1 months======
2011-05-09 18:01:08 ----D---- C:\Windows\Temp
2011-05-09 18:00:56 ----D---- C:\Windows\system32\catroot
2011-05-09 18:00:54 ----D---- C:\Windows\winsxs
2011-05-09 18:00:43 ----D---- C:\Windows\system32\catroot2
2011-05-09 18:00:12 ----RD---- C:\Program Files
2011-05-09 17:48:09 ----D---- C:\Windows\System32
2011-05-09 17:48:09 ----A---- C:\Windows\system32\PerfStringBackup.INI
2011-05-09 17:48:08 ----D---- C:\Windows\inf
2011-05-09 17:39:12 ----D---- C:\Windows\system32\drivers
2011-05-09 17:31:28 ----SD---- C:\Windows\Downloaded Program Files
2011-05-09 17:27:33 ----D---- C:\Windows
2011-05-09 17:26:14 ----SD---- C:\ProgramData\Microsoft
2011-05-09 17:21:07 ----D---- C:\Windows\rescache
2011-05-09 17:16:48 ----D---- C:\Windows\Logs
2011-05-09 17:05:04 ----D---- C:\Windows\system32\en-US
2011-05-08 11:50:37 ----HD---- C:\ProgramData
2011-05-08 11:49:47 ----D---- C:\Program Files\Internet Explorer
2011-05-08 11:49:15 ----D---- C:\Windows\system32\Tasks
2011-05-08 11:48:03 ----D---- C:\Program Files\Common Files
2011-05-08 11:47:01 ----RSD---- C:\Windows\assembly
2011-05-08 11:43:49 ----D---- C:\Program Files\Common Files\microsoft shared
2011-05-08 11:43:36 ----D---- C:\Program Files\MSBuild
2011-05-08 11:42:42 ----RSD---- C:\Windows\Fonts
2011-05-08 11:39:16 ----A---- C:\Windows\win.ini
2011-05-08 11:39:14 ----D---- C:\Program Files\Common Files\System
2011-05-08 11:37:12 ----SHD---- C:\$Recycle.Bin
2011-05-08 11:36:48 ----RD---- C:\Users
2011-05-08 11:24:04 ----D---- C:\Windows\system32\restore
2011-05-08 11:21:52 ----D---- C:\Windows\system32\drivers\UMDF
2011-05-08 11:16:43 ----D---- C:\Windows\system32\WDI
======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======
R1 MpFilter;Microsoft Malware Protection Driver; C:\Windows\system32\DRIVERS\MpFilter.sys [2010-10-24 165264]
R3 athr;Atheros Extensible Wireless LAN device driver; C:\Windows\system32\DRIVERS\athr.sys [2007-04-23 705024]
R3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0; C:\Windows\system32\DRIVERS\b57nd60x.sys [2008-01-20 179712]
R3 GEARAspiWDM;GEAR ASPI Filter Driver; C:\Windows\system32\DRIVERS\GEARAspiWDM.sys [2009-05-18 26600]
R3 HdAudAddService;Microsoft 1.1 UAA Function Driver for High Definition Audio Service; C:\Windows\system32\drivers\HdAudio.sys [2006-11-02 235520]
R3 HSF_DPV;HSF_DPV; C:\Windows\system32\DRIVERS\VSTDPV3.SYS [2008-01-20 987648]
R3 HSFHWAZL;HSFHWAZL; C:\Windows\system32\DRIVERS\VSTAZL3.SYS [2008-01-20 200704]
R3 igfx;igfx; C:\Windows\system32\DRIVERS\igdkmd32.sys [2009-09-23 4808192]
R3 winachsf;winachsf; C:\Windows\system32\DRIVERS\VSTCNXT3.SYS [2008-01-20 654336]
S3 drmkaud;Microsoft Kernel DRM Audio Descrambler; C:\Windows\system32\drivers\drmkaud.sys [2008-01-20 5632]
S3 MpNWMon;Microsoft Malware Protection Network Driver; C:\Windows\system32\DRIVERS\MpNWMon.sys [2010-10-24 43392]
S3 MSKSSRV;Microsoft Streaming Service Proxy; C:\Windows\system32\drivers\MSKSSRV.sys [2008-01-20 8192]
S3 MSPCLOCK;Microsoft Streaming Clock Proxy; C:\Windows\system32\drivers\MSPCLOCK.sys [2008-01-20 5888]
S3 MSPQM;Microsoft Streaming Quality Manager Proxy; C:\Windows\system32\drivers\MSPQM.sys [2008-01-20 5504]
S3 MSTEE;Microsoft Streaming Tee/Sink-to-Sink Converter; C:\Windows\system32\drivers\MSTEE.sys [2008-01-20 6016]
S3 NisDrv;Microsoft Network Inspection System; C:\Windows\system32\DRIVERS\NisDrvWFP.sys [2010-10-24 54144]
S3 WUDFRd;WUDFRd; C:\Windows\system32\DRIVERS\WUDFRd.sys [2008-01-20 83328]
S4 ErrDev;Microsoft Hardware Error Device Driver; C:\Windows\system32\drivers\errdev.sys [2008-01-20 6656]
S4 MegaSR;MegaSR; C:\Windows\system32\drivers\megasr.sys [2008-01-20 386616]
======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======
R2 Apple Mobile Device;Apple Mobile Device; C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [2011-02-18 37664]
R2 Bonjour Service;Bonjour Service; C:\Program Files\Bonjour\mDNSResponder.exe [2010-10-07 345376]
R2 MDM;Machine Debug Manager; C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe [2006-10-26 335872]
R2 MsMpSvc;Microsoft Antimalware Service; C:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe [2010-11-11 11736]
R3 iPod Service;iPod Service; C:\Program Files\iPod\bin\iPodService.exe [2011-03-07 820520]
S3 Microsoft Office Groove Audit Service;Microsoft Office Groove Audit Service; C:\Program Files\Microsoft Office\Office12\GrooveAuditService.exe [2006-10-27 65824]
S3 NisSrv;@C:\Program Files\Microsoft Security Client\Antimalware\MpAsDesc.dll,-243; C:\Program Files\Microsoft Security Client\Antimalware\NisSrv.exe [2010-11-11 206360]
S3 odserv;Microsoft Office Diagnostics Service; C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE [2006-10-26 441136]
S3 ose;Office Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2006-10-26 145184]
-----------------EOF-----------------
A voir également:
- Rapport hijack this
- Hijack this - Télécharger - Antivirus & Antimalwares
- Rapport de stage - Guide
- Rapport de crash windows - Guide
- Modifier rapport d'échelle pdf xchange viewer ✓ - Forum PDF
- Exemple de thème de rapport de stage en ressources humaines - Forum Réseau
1 réponse
https://forums.commentcamarche.net/forum/affich-22060601-rootkit#1#dernier
ca sert à rien d'ouvrir 50 sujets ca ira pas plus vite
G3?-?@¢??@?......Concepteur de List_Kill'em...Pre_Scan....MBR_Repair....
ca sert à rien d'ouvrir 50 sujets ca ira pas plus vite
G3?-?@¢??@?......Concepteur de List_Kill'em...Pre_Scan....MBR_Repair....
