bonjour,
je suis sous vista, je viens de faire un scan avec avira et celui ci me trouve un rootkit.je vous remercie de votre aide, étant débutante en informatique et n'ayant jamais eu de soucis
merci
Il y a actuellement 411 visiteurs
Jeudi 25 Avril 2024
       |
virus rootkit gen [Résolu]
Règles du forum
Pour afficher un rapport d'analyse ou un rapport d'infection (HijackThis, OTL, AdwCleaner etc...), veuillez utiliser le système de fichiers joints interne au forum. Seuls les formats les .txt et .log de moins de 1Mo sont acceptés. Pour obtenir de l'aide pour insérer vos fichiers joints, veuillez consulter ce tutoriel
Pour afficher un rapport d'analyse ou un rapport d'infection (HijackThis, OTL, AdwCleaner etc...), veuillez utiliser le système de fichiers joints interne au forum. Seuls les formats les .txt et .log de moins de 1Mo sont acceptés. Pour obtenir de l'aide pour insérer vos fichiers joints, veuillez consulter ce tutoriel
virus rootkit gen [Résolu]
le 25 Avr 2010 16:18
- palmalrouge
- Apprenti(e)
- Messages: 35
- Inscription: 25 Avr 2010 16:08
Re: virus rootkit gen
le 25 Avr 2010 19:15
Bonsoir palmalrouge, etr bienvenue sur PC-Infopratique 
Fais cela stp...
Télécharge Report_Antivir.exe de Laddy sur ton bureau, double clic dessus pour l'exécuter.
Rends toi sur l'onglet Avertissements, choisis le nombre 20 jours dans le menu déroulant .
Clic sur le bouton Exécuter pour lancer le Scan. Patiente le rapport va s'ouvrir...
Copie/colle le rapport dans ta prochaine réponse.
ensuite...
>télécharges >> Malwarebytes <<
>Installes le et mets le à jours avant le scan
> choisis "exécuter un examen rapide" et à la fin du scan , coches tous les éléments trouvés,et cliques sur supprimer la sélection.
> et ensuite postes moi le rapport stp.
@++
Fais cela stp...
Télécharge Report_Antivir.exe de Laddy sur ton bureau, double clic dessus pour l'exécuter.
Rends toi sur l'onglet Avertissements, choisis le nombre 20 jours dans le menu déroulant .
Clic sur le bouton Exécuter pour lancer le Scan. Patiente le rapport va s'ouvrir...
Copie/colle le rapport dans ta prochaine réponse.
ensuite...
>télécharges >> Malwarebytes <<
>Installes le et mets le à jours avant le scan
> choisis "exécuter un examen rapide" et à la fin du scan , coches tous les éléments trouvés,et cliques sur supprimer la sélection.
> et ensuite postes moi le rapport stp.
@++
-
jeanmimigab - PC-Infopraticien
- Messages: 2986
- Inscription: 29 Nov 2009 12:05
Re: virus rootkit gen
le 25 Avr 2010 20:26
bonsoir et merci infiniment de votre réponse. c'est le portable de ma fille et elle travaille actuellement dessus, je téléchargerai et vous enverrai le rapport demain en fin d'après midi.
Pour info, j'ai passé malawerbytes et il ne trouve rien dans son rapport.
Pour info, j'ai passé malawerbytes et il ne trouve rien dans son rapport.
- palmalrouge
- Apprenti(e)
- Messages: 35
- Inscription: 25 Avr 2010 16:08
Re: virus rootkit gen
le 26 Avr 2010 09:33
Bonjour,
Vue que Malwarebyte's ne trouve rien, fais cela à la place...
* Télécharge >> OTL <<sur ton bureau.
* Fait un double-clic sur l'icône d'OTL pour le lancer
* Assure toi d'avoir fermé toutes les applications en court de fonctionnement.
* Quand la fenêtre d'OTL apparaît, assure toi que dans la section "Rapport" (en haut à droite) la case "rapport minimal " soit cochée.
* Coches les case situées devant "Tous les utilisateurs", " Recherche LOP" et "Recherche Purity".
* Copier et colle le contenue de cette citation dans la partie inférieure d'OTL "personnalisation"
* Cliques sur l'icône "Analyse" (en haut à gauche) .
* Laisse le scan aller à son terme sans te servir du PC
* A la fin du scan un ou deux rapports vont s'ouvrir "OTL.Txt" et ( ou ) "Extras.Txt"( dans certains cas).
* Copie et colle le ou les rapports dans ta réponse stp...
* Au cas où, tu peux les retrouver dans le dossier C:\OTL ou sur ton bureau en fonction des cas rencontrés
Vue que Malwarebyte's ne trouve rien, fais cela à la place...
* Télécharge >> OTL <<sur ton bureau.
* Fait un double-clic sur l'icône d'OTL pour le lancer
* Assure toi d'avoir fermé toutes les applications en court de fonctionnement.
* Quand la fenêtre d'OTL apparaît, assure toi que dans la section "Rapport" (en haut à droite) la case "rapport minimal " soit cochée.
* Coches les case situées devant "Tous les utilisateurs", " Recherche LOP" et "Recherche Purity".
* Copier et colle le contenue de cette citation dans la partie inférieure d'OTL "personnalisation"
netsvcs
%SYSTEMDRIVE%\*.exe
/md5start
eventlog.dll
scecli.dll
netlogon.dll
cngaudit.dll
sceclt.dll
ntelogon.dll
logevent.dll
RASACD.SYS
iaStor.sys
nvstor.sys
atapi.sys
IdeChnDr.sys
viasraid.sys
AGP440.sys
vaxscsi.sys
nvatabus.sys
viamraid.sys
nvata.sys
nvgts.sys
iastorv.sys
ViPrt.sys
eNetHook.dll
ahcix86.sys
KR10N.sys
nvstor32.sys
ahcix86s.sys
nvrd32.sys
/md5stop
%systemroot%\*. /mp /s
%systemroot%\system32\*.dll /lockedfiles
%systemroot%\Tasks\*.job /lockedfiles
* Cliques sur l'icône "Analyse" (en haut à gauche) .
* Laisse le scan aller à son terme sans te servir du PC
* A la fin du scan un ou deux rapports vont s'ouvrir "OTL.Txt" et ( ou ) "Extras.Txt"( dans certains cas).
* Copie et colle le ou les rapports dans ta réponse stp...
* Au cas où, tu peux les retrouver dans le dossier C:\OTL ou sur ton bureau en fonction des cas rencontrés
-
jeanmimigab - PC-Infopraticien
- Messages: 2986
- Inscription: 29 Nov 2009 12:05
Re: virus rootkit gen
le 26 Avr 2010 17:42
bonjour voici le rapport
OTL Extras logfile created on: 26/04/2010 18:21:03 - Run 1
OTL by OldTimer - Version 3.2.3.0 Folder = C:\Users\amandine\Downloads
Windows Vista Home Basic Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18904)
Locale: 0000040C | Country: France | Language: FRA | Date Format: dd/MM/yyyy
3,00 Gb Total Physical Memory | 2,00 Gb Available Physical Memory | 67,00% Memory free
6,00 Gb Paging File | 5,00 Gb Available in Paging File | 83,00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 285,09 Gb Total Space | 210,57 Gb Free Space | 73,86% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded
Computer Name: PC-DE-AMANDINE
Current User Name: amandine
Logged in as Administrator.
Current Boot Mode: Normal
Scan Mode: All users
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Minimal
========== Extra Registry (SafeList) ==========
========== File Associations ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
[HKEY_USERS\S-1-5-21-24509639-3969130996-1665101780-1000\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)
========== Shell Spawning ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
htmlfile [edit] -- "C:\Program Files\Microsoft Office\Office12\msohtmed.exe" %1 (Microsoft Corporation)
htmlfile [print] -- "C:\Program Files\Microsoft Office\Office12\msohtmed.exe" /p %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [OneNote.Open] -- C:\PROGRA~1\MICROS~2\Office12\ONENOTE.EXE "%L" File not found
Directory [PlayWithVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
========== Security Center Settings ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 0
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 0
"DisableNotifications" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 0
"DisableNotifications" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 0
"DisableNotifications" = 0
========== Authorized Applications List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Program Files\Orange\IEWInternet\Connectivity\ConnectivityManager.exe" = C:\Program Files\Orange\IEWInternet\Connectivity\ConnectivityManager.exe:*:enabled:CSS -- (France Telecom SA)
========== Vista Active Open Ports Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0B9A4771-952D-47AE-9C19-804C5FDFCA30}" = lport=2869 | protocol=6 | dir=in | app=system |
"{844B30DD-E7EC-4301-8220-8BBACDF42204}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe |
"{FE889500-9588-41EF-8DD1-9DA8D21F0347}" = lport=6004 | protocol=17 | dir=in | app=c:\program files\microsoft office\office12\outlook.exe |
========== Vista Active Application Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{1CAD3EF7-4615-492C-A7A5-EC153005042C}" = dir=in | app=c:\program files\windows live\messenger\wlcsdk.exe |
"{27C19133-AAE3-4339-8158-0F5C9C6B08A1}" = dir=in | app=c:\program files\cyberlink\powercinema\pcmservice.exe |
"{2E694622-1328-4375-9530-D030095BA950}" = dir=in | app=c:\program files\cyberlink\powercinema\kernel\dmp\clbrowserengine.exe |
"{4E4F7B70-2142-4469-A480-4A0D49BF50AE}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe |
"{8F5CA79B-0708-4E43-8C5E-39609878C24C}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe |
"{9D50B478-619C-4AC5-9F75-3FC32B74422D}" = dir=in | app=c:\program files\windows live\messenger\msnmsgr.exe |
"{A563CCD9-7711-43CE-A700-687E6037B90C}" = dir=in | app=c:\program files\cyberlink\powercinema\powercinema.exe |
"{A71E53FE-4E00-4D2E-8E2F-4D3CA53EEB52}" = dir=in | app=c:\program files\cyberlink\powercinema\kernel\dms\clmsservice.exe |
"{CE6A04C8-4B62-4FFD-AB45-695A5817A5C7}" = dir=in | app=c:\program files\cyberlink\playmovie\playmovie.exe |
"{D2654580-7F80-49D0-8182-E7E25EDF3CB1}" = dir=in | app=c:\program files\cyberlink\playmovie\pmvservice.exe |
========== HKEY_LOCAL_MACHINE Uninstall List ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{00549AEA-C848-4F02-F362-A8F1D1788C3A}" = Catalyst Control Center Localization Czech
"{0214A441-A4AB-43A8-8DEF-2F73C5364673}" = Microsoft Works
"{02EA9110-972B-2B48-7382-9B6047077B3C}" = Catalyst Control Center Localization Portuguese
"{05AE422A-502B-8468-43C2-54DD474899B5}" = CCC Help Turkish
"{079A1DB4-209F-879F-374A-84E5A96DF338}" = Catalyst Control Center Localization Italian
"{0C43A18C-0936-672A-C2C0-02F15150F64F}" = CCC Help Hungarian
"{0C8A037B-90F5-6AA7-5EC2-B07CCCDFB141}" = Catalyst Control Center Localization Dutch
"{0C8EA3FD-F006-EAEA-79C4-2D217FD379DB}" = Catalyst Control Center Localization Chinese Standard
"{0ED40D2A-7131-4FE7-941E-5C329336F712}" = HDReg France
"{10C74936-0C0A-06BA-D824-716CE52601B1}" = CCC Help Korean
"{165C3ED5-3876-E7C3-85BC-8467E3CE0F70}" = Catalyst Control Center Localization German
"{1796FCDD-C72C-314A-E8FF-5C66F275BEFF}" = Catalyst Control Center Localization Chinese Traditional
"{18455581-E099-4BA8-BC6B-F34B2F06600C}" = Google Toolbar for Internet Explorer
"{1AFE2819-1217-1CCF-3486-B8D96C743FDA}" = CCC Help Czech
"{1B347F2A-B755-4F30-0062-48CFD72D1176}" = CCC Help Dutch
"{1D4BA533-9783-AF5F-B13C-85F2DDB9D3A8}" = CCC Help English
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Outil de téléchargement Windows Live
"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
"{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer
"{2621588B-04F1-F477-0572-EBB0B48010A4}" = Catalyst Control Center Graphics Light
"{2637C347-9DAD-11D6-9EA2-00055D0CA761}" = CyberLink PowerCinema
"{28518520-F25C-48C3-A224-861F331602F4}" = Setup My PC
"{3048FFC3-44DB-DED5-0AEF-A8F4D6BE7E44}" = CCC Help Chinese Standard
"{3559CDE0-11FC-4D7B-A65C-D646035B1036}" = Nero 8 Essentials
"{36A95FCC-0D0A-B711-BADE-F14733A71CF7}" = Catalyst Control Center Core Implementation
"{3B4E636E-9D65-4D67-BA61-189800823F52}" = Windows Live Communications Platform
"{3E31821C-7917-367E-938E-E65FC413EA31}" = Microsoft .NET Framework 3.5 Language Pack SP1 - fra
"{46ABBC54-1872-4AA3-95E2-F2C063A63F31}" = Installation Windows Live
"{4A74E946-7C5E-6F6F-8104-ACB90D679720}" = CCC Help Spanish
"{4FFDDDF1-9D56-44C0-792D-D5C64DFC529E}" = Catalyst Control Center Localization Spanish
"{50CF5A0E-6FC1-5DF1-FDD6-79D5CFC1151B}" = Catalyst Control Center Localization Finnish
"{521D0313-4184-C6DE-8E4B-CBC40BDE4D55}" = CCC Help German
"{56872F20-55EE-335D-BE86-DFD12B32F36A}" = Catalyst Control Center Localization Japanese
"{56C049BE-79E9-4502-BEA7-9754A3E60F9B}" = neroxml
"{5B496CEF-CCC4-61E3-39F3-3DFEF6B6FB49}" = CCC Help Portuguese
"{5C2578B9-2362-5D8E-997B-2123ED2DF2A2}" = Catalyst Control Center Graphics Full Existing
"{626FEA24-2B91-DA81-3C11-304001F25843}" = CCC Help Norwegian
"{6EBA529D-BF46-ABED-1CCF-70C7C2B70473}" = Catalyst Control Center Localization Danish
"{709817E4-5439-4206-8738-796B34B623BD}" = MetaBoli
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{770F1BEC-2871-4E70-B837-FB8525FFA3B1}" = Windows Live Messenger
"{7EB0E475-2E9F-E094-03DB-4F2CD5B62934}" = Catalyst Control Center Localization Thai
"{7F811A54-5A09-4579-90E1-C93498E230D9}" = Packard Bell Recovery Management
"{813CB27B-AD46-3C9B-A606-FB08C3B2B1A0}" = Catalyst Control Center Localization French
"{81CAA963-C45B-9F3F-41F3-4A96E5CE5998}" = CCC Help Greek
"{82C7B308-0BDD-49D8-8EA5-9CD3A3F9DF41}" = Windows Live Call
"{8833FFB6-5B0C-4764-81AA-06DFEED9A476}" = Realtek 8169 8168 8101E 8102E Ethernet Driver
"{90120000-0011-0000-0000-0000000FF1CE}" = Microsoft Office Professional Plus 2007
"{90120000-0011-0000-0000-0000000FF1CE}_PROPLUS_{0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0011-0000-0000-0000000FF1CE}_PROPLUS_{3D019598-7B59-447A-80AE-815B703B84FF}" = Security Update for Microsoft Office system 2007 (972581)
"{90120000-0015-040C-0000-0000000FF1CE}" = Microsoft Office Access MUI (French) 2007
"{90120000-0015-040C-0000-0000000FF1CE}_PROPLUS_{AE187E0D-EBA5-4EE1-A397-BF1A577CB24C}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0016-040C-0000-0000000FF1CE}" = Microsoft Office Excel MUI (French) 2007
"{90120000-0016-040C-0000-0000000FF1CE}_HOMESTUDENTR_{AE187E0D-EBA5-4EE1-A397-BF1A577CB24C}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0018-040C-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (French) 2007
"{90120000-0018-040C-0000-0000000FF1CE}_HOMESTUDENTR_{AE187E0D-EBA5-4EE1-A397-BF1A577CB24C}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0019-040C-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (French) 2007
"{90120000-0019-040C-0000-0000000FF1CE}_PROPLUS_{AE187E0D-EBA5-4EE1-A397-BF1A577CB24C}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001A-040C-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (French) 2007
"{90120000-001A-040C-0000-0000000FF1CE}_PROPLUS_{AE187E0D-EBA5-4EE1-A397-BF1A577CB24C}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001B-040C-0000-0000000FF1CE}" = Microsoft Office Word MUI (French) 2007
"{90120000-001B-040C-0000-0000000FF1CE}_HOMESTUDENTR_{AE187E0D-EBA5-4EE1-A397-BF1A577CB24C}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001F-0401-0000-0000000FF1CE}" = Microsoft Office Proof (Arabic) 2007
"{90120000-001F-0401-0000-0000000FF1CE}_HOMESTUDENTR_{14809F99-C601-4D4A-9391-F1E8FAA964C5}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2007
"{90120000-001F-0407-0000-0000000FF1CE}_HOMESTUDENTR_{A0516415-ED61-419A-981D-93596DA74165}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_HOMESTUDENTR_{ABDDE972-355B-4AF1-89A8-DA50B7B5C045}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_HOMESTUDENTR_{F580DDD5-8D37-4998-968E-EBB76BB86787}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0413-0000-0000000FF1CE}" = Microsoft Office Proof (Dutch) 2007
"{90120000-001F-0413-0000-0000000FF1CE}_HOMESTUDENTR_{D66D5A44-E480-4BA4-B4F2-C554F6B30EBB}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007
"{90120000-001F-0C0A-0000-0000000FF1CE}_HOMESTUDENTR_{187308AB-5FA7-4F14-9AB9-D290383A10D9}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-0020-040C-0000-0000000FF1CE}" = Module de compatibilité pour Microsoft Office System 2007
"{90120000-002C-040C-0000-0000000FF1CE}" = Microsoft Office Proofing (French) 2007
"{90120000-0044-040C-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (French) 2007
"{90120000-0044-040C-0000-0000000FF1CE}_PROPLUS_{AE187E0D-EBA5-4EE1-A397-BF1A577CB24C}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-006E-040C-0000-0000000FF1CE}" = Microsoft Office Shared MUI (French) 2007
"{90120000-006E-040C-0000-0000000FF1CE}_HOMESTUDENTR_{B165D3C2-40AE-4D39-86F7-E5C87C4264C0}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-00A1-040C-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (French) 2007
"{90120000-00A1-040C-0000-0000000FF1CE}_HOMESTUDENTR_{AE187E0D-EBA5-4EE1-A397-BF1A577CB24C}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{9068B2BE-D93A-4C0A-861C-5E35E2C0E09E}" = Intel(R) Matrix Storage Manager
"{9075350B-5B82-5764-F41D-7D00EE2EF674}" = Catalyst Control Center Localization Russian
"{91120000-002F-0000-0000-0000000FF1CE}" = Microsoft Office Home and Student 2007
"{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{3D019598-7B59-447A-80AE-815B703B84FF}" = Security Update for Microsoft Office system 2007 (972581)
"{926AD087-C20B-96D6-6956-453018AD1875}" = CCC Help Danish
"{940BF44D-005A-41ED-A625-9B767C71A586}" = O2Micro Flash Memory Card Reader Driver (x86)
"{95120000-00AF-040C-0000-0000000FF1CE}" = Microsoft Office PowerPoint Viewer 2007 (French)
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{98191369-6008-58B7-3C14-CDBF12874C43}" = CCC Help Polish
"{993960EE-CA4D-443F-8F88-E24260DD5FD2}" = LG PC Suite
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9C1278D8-046C-909A-60C5-01A7A5090E58}" = CCC Help Italian
"{9C1EF1BD-F063-B546-7BE9-5BC8C9D0F2FF}" = ccc-core-static
"{9EB67045-12A7-40C0-3E45-9C057912692E}" = ccc-utility
"{A2BCA9F1-566C-4805-97D1-7FDC93386723}" = Adobe AIR
"{A31A5DFC-3439-48FC-99BB-5174168AE471}" = COMODO livePCsupport
"{A49F249F-0C91-497F-86DF-B2585E8E76B7}" = Microsoft Visual C++ 2005 Redistributable
"{A4EA72C4-DBBB-B518-F77F-6FA9D4789E4F}" = Catalyst Control Center Graphics Previews Vista
"{A59BB15D-51B7-F12B-4548-8C0368243441}" = EA Download Manager UI
"{A61DF933-0C64-DECD-2CFD-15C69545DAB4}" = Catalyst Control Center Graphics Full New
"{A7E3A91A-45A6-A9B6-5609-B055F2D8B3D3}" = CCC Help French
"{A8523530-9702-C804-5EF7-5C4DB0E08572}" = CCC Help Chinese Traditional
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AC76BA86-7AD7-1036-7B44-A93000000001}" = Adobe Reader 9.3.2 - Français
"{B180AB61-CE1E-92A4-DEB4-CA83F920DBC4}" = Catalyst Control Center Localization Greek
"{B19D375A-E1C8-F9AB-1A33-EBE471FB770B}" = Catalyst Control Center Localization Polish
"{B5761811-28F3-4257-B537-815C5EEF472C}" = Vodafone Mobile Connect Lite
"{BEWINTERNET-FR-DMGP-V2}.UninstallSuite" = Désinstallation de Internet Everywhere
"{C05D8CDB-417D-4335-A38C-A0659EDFD6B8}" = Les Sims™ 3
"{C2E20A5A-CDEE-FEDA-F742-B3C273563AAF}" = CCC Help Finnish
"{C3ABE126-2BB2-4246-BFE1-6797679B3579}" = LG USB Modem driver
"{CA786CFF-1D31-4804-B436-F3405B14357F}" = Packard Bell Updator
"{CADBED42-4242-36E3-1EDD-2A7CC440C873}" = Catalyst Control Center Localization Norwegian
"{CC6B1BB4-4E06-4A5B-A166-B371B551324B}" = COMODO Internet Security
"{CD647571-CAF5-5DC2-D7C7-9DC8CEAC661E}" = CCC Help Thai
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{D2321C46-CC24-D0C4-1363-0AA32D665290}" = CCC Help Swedish
"{DBF4F732-2E2F-66D2-D7C6-CCBED6B34905}" = Catalyst Control Center Localization Swedish
"{DCE8CD14-FBF5-4464-B9A4-E18E473546C7}" = Assistant de connexion Windows Live
"{DD647C03-0DDB-ABB8-9A18-5DA8F6873FBC}" = Skins
"{E3E71D07-CD27-46CB-8448-16D4FB29AA13}" = Microsoft WSE 3.0 Runtime
"{E4304CE6-86D7-440E-FC3D-63CB77862AF7}" = CCC Help Russian
"{E50AE784-FABE-46DA-A1F8-7B6B56DCB22E}" = Microsoft Office Suite Activation Assistant
"{EABCA81A-E96B-6163-CF2B-1A7DF959BEB4}" = Catalyst Control Center InstallProxy
"{EBC73B8D-5DC5-92F0-0F2C-B4476DA45E0F}" = Catalyst Control Center Localization Hungarian
"{EDA5C0FD-656E-7311-9CC7-7B46C3A23FDC}" = Catalyst Control Center Localization Turkish
"{EEF2C08D-C070-D3AD-4A56-B3094A2990DC}" = CCC Help Japanese
"{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F333A33D-125C-32A2-8DCE-5C5D14231E27}" = Visual C++ 2008 x86 Runtime - (v9.0.30729)
"{F333A33D-125C-32A2-8DCE-5C5D14231E27}.vc_x86runtime_30729_01" = Visual C++ 2008 x86 Runtime - v9.0.30729.01
"{F4EA67C9-6748-4C1E-9AFF-04149AC75D95}" = Packard Bell ImageWriter
"{F54AC413-D2C6-4A24-B324-370C223C6250}" = Adobe Photoshop Elements 6.0
"{F8BBD906-76D4-EC1F-7200-C192C5135069}" = ATI Catalyst Install Manager
"{FCA73084-4918-1FAD-8550-A72EC233E4F3}" = Catalyst Control Center Localization Korean
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Photoshop Elements 6" = Adobe Photoshop Elements 6.0
"Avira AntiVir Desktop" = Avira AntiVir Personal - Free Antivirus
"CardDetectorHUAWEI160" = Card Detector for Huawei E160
"CCleaner" = CCleaner
"com.ea.Vault.919CACB699904AC5D41B606703500DD39747C02D.1" = EA Download Manager UI
"EA Download Manager" = EA Download Manager
"EasyBits Magic Desktop" = EasyBits Magic Desktop
"Google Desktop" = Google Desktop
"HOMESTUDENTR" = Microsoft Office Home and Student 2007
"InstallShield_{2637C347-9DAD-11D6-9EA2-00055D0CA761}" = CyberLink PowerCinema
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"Microsoft .NET Framework 3.5 Language Pack SP1 - fra" = Module linguistique Microsoft .NET Framework 3.5 SP1- fra
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Mozilla Firefox (3.6.3)" = Mozilla Firefox (3.6.3)
"PROPLUS" = Microsoft Office Professional Plus 2007
"SpywareGuard_is1" = SpywareGuard v2.2
"SynTPDeinstKey" = Synaptics Pointing Device Driver
"VLC media player" = VLC media player 1.0.2
"WinLiveSuite_Wave3" = Installation Windows Live
"Works9SE" = Microsoft Works 9.0 SE
"ZHPDiag_is1" = ZHPDiag 1.25
========== Last 10 Event Log Errors ==========
[ Application Events ]
Error - 15/04/2010 11:11:06 | Computer Name = PC-de-amandine | Source = Google Update | ID = 20
Description =
Error - 15/04/2010 12:11:06 | Computer Name = PC-de-amandine | Source = Google Update | ID = 20
Description =
Error - 15/04/2010 13:11:06 | Computer Name = PC-de-amandine | Source = Google Update | ID = 20
Description =
Error - 15/04/2010 14:11:06 | Computer Name = PC-de-amandine | Source = Google Update | ID = 20
Description =
Error - 15/04/2010 15:11:06 | Computer Name = PC-de-amandine | Source = Google Update | ID = 20
Description =
Error - 15/04/2010 16:12:04 | Computer Name = PC-de-amandine | Source = Google Update | ID = 20
Description =
Error - 15/04/2010 16:51:58 | Computer Name = PC-de-amandine | Source = Application Error | ID = 1000
Description = Application défaillante connectivitymanager.exe, version 2.0.122.803,
horodatage 0x48dafec3, module défaillant HandlerAuth.dll, version 2.0.122.803,
horodatage 0x48dafefa, code d’exception 0xc0000005, décalage d’erreur 0x00003d03,
ID
du processus 0x127c, heure de début de l’application 0x01cadcdd7bcbe6a0.
Error - 17/04/2010 10:33:54 | Computer Name = PC-de-amandine | Source = WinMgmt | ID = 10
Description =
Error - 17/04/2010 17:26:49 | Computer Name = PC-de-amandine | Source = EventSystem | ID = 4621
Description =
Error - 18/04/2010 03:10:12 | Computer Name = PC-de-amandine | Source = WinMgmt | ID = 10
Description =
[ System Events ]
Error - 02/01/2010 10:55:35 | Computer Name = PC-de-amandine | Source = HTTP | ID = 15016
Description =
Error - 02/01/2010 10:55:50 | Computer Name = PC-de-amandine | Source = Service Control Manager | ID = 7000
Description =
Error - 05/01/2010 15:34:49 | Computer Name = PC-de-amandine | Source = HTTP | ID = 15016
Description =
Error - 05/01/2010 15:34:54 | Computer Name = PC-de-amandine | Source = Service Control Manager | ID = 7000
Description =
Error - 05/01/2010 16:15:51 | Computer Name = PC-de-amandine | Source = DCOM | ID = 10010
Description =
Error - 08/01/2010 08:38:32 | Computer Name = PC-de-amandine | Source = HTTP | ID = 15016
Description =
Error - 08/01/2010 08:38:46 | Computer Name = PC-de-amandine | Source = Service Control Manager | ID = 7000
Description =
Error - 09/01/2010 07:37:22 | Computer Name = PC-de-amandine | Source = HTTP | ID = 15016
Description =
Error - 09/01/2010 07:37:37 | Computer Name = PC-de-amandine | Source = Service Control Manager | ID = 7000
Description =
Error - 09/01/2010 09:27:33 | Computer Name = PC-de-amandine | Source = DCOM | ID = 10010
Description =
< End of report >
OTL Extras logfile created on: 26/04/2010 18:21:03 - Run 1
OTL by OldTimer - Version 3.2.3.0 Folder = C:\Users\amandine\Downloads
Windows Vista Home Basic Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18904)
Locale: 0000040C | Country: France | Language: FRA | Date Format: dd/MM/yyyy
3,00 Gb Total Physical Memory | 2,00 Gb Available Physical Memory | 67,00% Memory free
6,00 Gb Paging File | 5,00 Gb Available in Paging File | 83,00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 285,09 Gb Total Space | 210,57 Gb Free Space | 73,86% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded
Computer Name: PC-DE-AMANDINE
Current User Name: amandine
Logged in as Administrator.
Current Boot Mode: Normal
Scan Mode: All users
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Minimal
========== Extra Registry (SafeList) ==========
========== File Associations ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
[HKEY_USERS\S-1-5-21-24509639-3969130996-1665101780-1000\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)
========== Shell Spawning ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
htmlfile [edit] -- "C:\Program Files\Microsoft Office\Office12\msohtmed.exe" %1 (Microsoft Corporation)
htmlfile [print] -- "C:\Program Files\Microsoft Office\Office12\msohtmed.exe" /p %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [OneNote.Open] -- C:\PROGRA~1\MICROS~2\Office12\ONENOTE.EXE "%L" File not found
Directory [PlayWithVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
========== Security Center Settings ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 0
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 0
"DisableNotifications" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 0
"DisableNotifications" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 0
"DisableNotifications" = 0
========== Authorized Applications List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Program Files\Orange\IEWInternet\Connectivity\ConnectivityManager.exe" = C:\Program Files\Orange\IEWInternet\Connectivity\ConnectivityManager.exe:*:enabled:CSS -- (France Telecom SA)
========== Vista Active Open Ports Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0B9A4771-952D-47AE-9C19-804C5FDFCA30}" = lport=2869 | protocol=6 | dir=in | app=system |
"{844B30DD-E7EC-4301-8220-8BBACDF42204}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe |
"{FE889500-9588-41EF-8DD1-9DA8D21F0347}" = lport=6004 | protocol=17 | dir=in | app=c:\program files\microsoft office\office12\outlook.exe |
========== Vista Active Application Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{1CAD3EF7-4615-492C-A7A5-EC153005042C}" = dir=in | app=c:\program files\windows live\messenger\wlcsdk.exe |
"{27C19133-AAE3-4339-8158-0F5C9C6B08A1}" = dir=in | app=c:\program files\cyberlink\powercinema\pcmservice.exe |
"{2E694622-1328-4375-9530-D030095BA950}" = dir=in | app=c:\program files\cyberlink\powercinema\kernel\dmp\clbrowserengine.exe |
"{4E4F7B70-2142-4469-A480-4A0D49BF50AE}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe |
"{8F5CA79B-0708-4E43-8C5E-39609878C24C}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe |
"{9D50B478-619C-4AC5-9F75-3FC32B74422D}" = dir=in | app=c:\program files\windows live\messenger\msnmsgr.exe |
"{A563CCD9-7711-43CE-A700-687E6037B90C}" = dir=in | app=c:\program files\cyberlink\powercinema\powercinema.exe |
"{A71E53FE-4E00-4D2E-8E2F-4D3CA53EEB52}" = dir=in | app=c:\program files\cyberlink\powercinema\kernel\dms\clmsservice.exe |
"{CE6A04C8-4B62-4FFD-AB45-695A5817A5C7}" = dir=in | app=c:\program files\cyberlink\playmovie\playmovie.exe |
"{D2654580-7F80-49D0-8182-E7E25EDF3CB1}" = dir=in | app=c:\program files\cyberlink\playmovie\pmvservice.exe |
========== HKEY_LOCAL_MACHINE Uninstall List ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{00549AEA-C848-4F02-F362-A8F1D1788C3A}" = Catalyst Control Center Localization Czech
"{0214A441-A4AB-43A8-8DEF-2F73C5364673}" = Microsoft Works
"{02EA9110-972B-2B48-7382-9B6047077B3C}" = Catalyst Control Center Localization Portuguese
"{05AE422A-502B-8468-43C2-54DD474899B5}" = CCC Help Turkish
"{079A1DB4-209F-879F-374A-84E5A96DF338}" = Catalyst Control Center Localization Italian
"{0C43A18C-0936-672A-C2C0-02F15150F64F}" = CCC Help Hungarian
"{0C8A037B-90F5-6AA7-5EC2-B07CCCDFB141}" = Catalyst Control Center Localization Dutch
"{0C8EA3FD-F006-EAEA-79C4-2D217FD379DB}" = Catalyst Control Center Localization Chinese Standard
"{0ED40D2A-7131-4FE7-941E-5C329336F712}" = HDReg France
"{10C74936-0C0A-06BA-D824-716CE52601B1}" = CCC Help Korean
"{165C3ED5-3876-E7C3-85BC-8467E3CE0F70}" = Catalyst Control Center Localization German
"{1796FCDD-C72C-314A-E8FF-5C66F275BEFF}" = Catalyst Control Center Localization Chinese Traditional
"{18455581-E099-4BA8-BC6B-F34B2F06600C}" = Google Toolbar for Internet Explorer
"{1AFE2819-1217-1CCF-3486-B8D96C743FDA}" = CCC Help Czech
"{1B347F2A-B755-4F30-0062-48CFD72D1176}" = CCC Help Dutch
"{1D4BA533-9783-AF5F-B13C-85F2DDB9D3A8}" = CCC Help English
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Outil de téléchargement Windows Live
"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
"{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer
"{2621588B-04F1-F477-0572-EBB0B48010A4}" = Catalyst Control Center Graphics Light
"{2637C347-9DAD-11D6-9EA2-00055D0CA761}" = CyberLink PowerCinema
"{28518520-F25C-48C3-A224-861F331602F4}" = Setup My PC
"{3048FFC3-44DB-DED5-0AEF-A8F4D6BE7E44}" = CCC Help Chinese Standard
"{3559CDE0-11FC-4D7B-A65C-D646035B1036}" = Nero 8 Essentials
"{36A95FCC-0D0A-B711-BADE-F14733A71CF7}" = Catalyst Control Center Core Implementation
"{3B4E636E-9D65-4D67-BA61-189800823F52}" = Windows Live Communications Platform
"{3E31821C-7917-367E-938E-E65FC413EA31}" = Microsoft .NET Framework 3.5 Language Pack SP1 - fra
"{46ABBC54-1872-4AA3-95E2-F2C063A63F31}" = Installation Windows Live
"{4A74E946-7C5E-6F6F-8104-ACB90D679720}" = CCC Help Spanish
"{4FFDDDF1-9D56-44C0-792D-D5C64DFC529E}" = Catalyst Control Center Localization Spanish
"{50CF5A0E-6FC1-5DF1-FDD6-79D5CFC1151B}" = Catalyst Control Center Localization Finnish
"{521D0313-4184-C6DE-8E4B-CBC40BDE4D55}" = CCC Help German
"{56872F20-55EE-335D-BE86-DFD12B32F36A}" = Catalyst Control Center Localization Japanese
"{56C049BE-79E9-4502-BEA7-9754A3E60F9B}" = neroxml
"{5B496CEF-CCC4-61E3-39F3-3DFEF6B6FB49}" = CCC Help Portuguese
"{5C2578B9-2362-5D8E-997B-2123ED2DF2A2}" = Catalyst Control Center Graphics Full Existing
"{626FEA24-2B91-DA81-3C11-304001F25843}" = CCC Help Norwegian
"{6EBA529D-BF46-ABED-1CCF-70C7C2B70473}" = Catalyst Control Center Localization Danish
"{709817E4-5439-4206-8738-796B34B623BD}" = MetaBoli
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{770F1BEC-2871-4E70-B837-FB8525FFA3B1}" = Windows Live Messenger
"{7EB0E475-2E9F-E094-03DB-4F2CD5B62934}" = Catalyst Control Center Localization Thai
"{7F811A54-5A09-4579-90E1-C93498E230D9}" = Packard Bell Recovery Management
"{813CB27B-AD46-3C9B-A606-FB08C3B2B1A0}" = Catalyst Control Center Localization French
"{81CAA963-C45B-9F3F-41F3-4A96E5CE5998}" = CCC Help Greek
"{82C7B308-0BDD-49D8-8EA5-9CD3A3F9DF41}" = Windows Live Call
"{8833FFB6-5B0C-4764-81AA-06DFEED9A476}" = Realtek 8169 8168 8101E 8102E Ethernet Driver
"{90120000-0011-0000-0000-0000000FF1CE}" = Microsoft Office Professional Plus 2007
"{90120000-0011-0000-0000-0000000FF1CE}_PROPLUS_{0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0011-0000-0000-0000000FF1CE}_PROPLUS_{3D019598-7B59-447A-80AE-815B703B84FF}" = Security Update for Microsoft Office system 2007 (972581)
"{90120000-0015-040C-0000-0000000FF1CE}" = Microsoft Office Access MUI (French) 2007
"{90120000-0015-040C-0000-0000000FF1CE}_PROPLUS_{AE187E0D-EBA5-4EE1-A397-BF1A577CB24C}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0016-040C-0000-0000000FF1CE}" = Microsoft Office Excel MUI (French) 2007
"{90120000-0016-040C-0000-0000000FF1CE}_HOMESTUDENTR_{AE187E0D-EBA5-4EE1-A397-BF1A577CB24C}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0018-040C-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (French) 2007
"{90120000-0018-040C-0000-0000000FF1CE}_HOMESTUDENTR_{AE187E0D-EBA5-4EE1-A397-BF1A577CB24C}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0019-040C-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (French) 2007
"{90120000-0019-040C-0000-0000000FF1CE}_PROPLUS_{AE187E0D-EBA5-4EE1-A397-BF1A577CB24C}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001A-040C-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (French) 2007
"{90120000-001A-040C-0000-0000000FF1CE}_PROPLUS_{AE187E0D-EBA5-4EE1-A397-BF1A577CB24C}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001B-040C-0000-0000000FF1CE}" = Microsoft Office Word MUI (French) 2007
"{90120000-001B-040C-0000-0000000FF1CE}_HOMESTUDENTR_{AE187E0D-EBA5-4EE1-A397-BF1A577CB24C}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001F-0401-0000-0000000FF1CE}" = Microsoft Office Proof (Arabic) 2007
"{90120000-001F-0401-0000-0000000FF1CE}_HOMESTUDENTR_{14809F99-C601-4D4A-9391-F1E8FAA964C5}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2007
"{90120000-001F-0407-0000-0000000FF1CE}_HOMESTUDENTR_{A0516415-ED61-419A-981D-93596DA74165}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_HOMESTUDENTR_{ABDDE972-355B-4AF1-89A8-DA50B7B5C045}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_HOMESTUDENTR_{F580DDD5-8D37-4998-968E-EBB76BB86787}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0413-0000-0000000FF1CE}" = Microsoft Office Proof (Dutch) 2007
"{90120000-001F-0413-0000-0000000FF1CE}_HOMESTUDENTR_{D66D5A44-E480-4BA4-B4F2-C554F6B30EBB}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007
"{90120000-001F-0C0A-0000-0000000FF1CE}_HOMESTUDENTR_{187308AB-5FA7-4F14-9AB9-D290383A10D9}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-0020-040C-0000-0000000FF1CE}" = Module de compatibilité pour Microsoft Office System 2007
"{90120000-002C-040C-0000-0000000FF1CE}" = Microsoft Office Proofing (French) 2007
"{90120000-0044-040C-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (French) 2007
"{90120000-0044-040C-0000-0000000FF1CE}_PROPLUS_{AE187E0D-EBA5-4EE1-A397-BF1A577CB24C}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-006E-040C-0000-0000000FF1CE}" = Microsoft Office Shared MUI (French) 2007
"{90120000-006E-040C-0000-0000000FF1CE}_HOMESTUDENTR_{B165D3C2-40AE-4D39-86F7-E5C87C4264C0}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-00A1-040C-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (French) 2007
"{90120000-00A1-040C-0000-0000000FF1CE}_HOMESTUDENTR_{AE187E0D-EBA5-4EE1-A397-BF1A577CB24C}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{9068B2BE-D93A-4C0A-861C-5E35E2C0E09E}" = Intel(R) Matrix Storage Manager
"{9075350B-5B82-5764-F41D-7D00EE2EF674}" = Catalyst Control Center Localization Russian
"{91120000-002F-0000-0000-0000000FF1CE}" = Microsoft Office Home and Student 2007
"{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{3D019598-7B59-447A-80AE-815B703B84FF}" = Security Update for Microsoft Office system 2007 (972581)
"{926AD087-C20B-96D6-6956-453018AD1875}" = CCC Help Danish
"{940BF44D-005A-41ED-A625-9B767C71A586}" = O2Micro Flash Memory Card Reader Driver (x86)
"{95120000-00AF-040C-0000-0000000FF1CE}" = Microsoft Office PowerPoint Viewer 2007 (French)
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{98191369-6008-58B7-3C14-CDBF12874C43}" = CCC Help Polish
"{993960EE-CA4D-443F-8F88-E24260DD5FD2}" = LG PC Suite
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9C1278D8-046C-909A-60C5-01A7A5090E58}" = CCC Help Italian
"{9C1EF1BD-F063-B546-7BE9-5BC8C9D0F2FF}" = ccc-core-static
"{9EB67045-12A7-40C0-3E45-9C057912692E}" = ccc-utility
"{A2BCA9F1-566C-4805-97D1-7FDC93386723}" = Adobe AIR
"{A31A5DFC-3439-48FC-99BB-5174168AE471}" = COMODO livePCsupport
"{A49F249F-0C91-497F-86DF-B2585E8E76B7}" = Microsoft Visual C++ 2005 Redistributable
"{A4EA72C4-DBBB-B518-F77F-6FA9D4789E4F}" = Catalyst Control Center Graphics Previews Vista
"{A59BB15D-51B7-F12B-4548-8C0368243441}" = EA Download Manager UI
"{A61DF933-0C64-DECD-2CFD-15C69545DAB4}" = Catalyst Control Center Graphics Full New
"{A7E3A91A-45A6-A9B6-5609-B055F2D8B3D3}" = CCC Help French
"{A8523530-9702-C804-5EF7-5C4DB0E08572}" = CCC Help Chinese Traditional
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AC76BA86-7AD7-1036-7B44-A93000000001}" = Adobe Reader 9.3.2 - Français
"{B180AB61-CE1E-92A4-DEB4-CA83F920DBC4}" = Catalyst Control Center Localization Greek
"{B19D375A-E1C8-F9AB-1A33-EBE471FB770B}" = Catalyst Control Center Localization Polish
"{B5761811-28F3-4257-B537-815C5EEF472C}" = Vodafone Mobile Connect Lite
"{BEWINTERNET-FR-DMGP-V2}.UninstallSuite" = Désinstallation de Internet Everywhere
"{C05D8CDB-417D-4335-A38C-A0659EDFD6B8}" = Les Sims™ 3
"{C2E20A5A-CDEE-FEDA-F742-B3C273563AAF}" = CCC Help Finnish
"{C3ABE126-2BB2-4246-BFE1-6797679B3579}" = LG USB Modem driver
"{CA786CFF-1D31-4804-B436-F3405B14357F}" = Packard Bell Updator
"{CADBED42-4242-36E3-1EDD-2A7CC440C873}" = Catalyst Control Center Localization Norwegian
"{CC6B1BB4-4E06-4A5B-A166-B371B551324B}" = COMODO Internet Security
"{CD647571-CAF5-5DC2-D7C7-9DC8CEAC661E}" = CCC Help Thai
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{D2321C46-CC24-D0C4-1363-0AA32D665290}" = CCC Help Swedish
"{DBF4F732-2E2F-66D2-D7C6-CCBED6B34905}" = Catalyst Control Center Localization Swedish
"{DCE8CD14-FBF5-4464-B9A4-E18E473546C7}" = Assistant de connexion Windows Live
"{DD647C03-0DDB-ABB8-9A18-5DA8F6873FBC}" = Skins
"{E3E71D07-CD27-46CB-8448-16D4FB29AA13}" = Microsoft WSE 3.0 Runtime
"{E4304CE6-86D7-440E-FC3D-63CB77862AF7}" = CCC Help Russian
"{E50AE784-FABE-46DA-A1F8-7B6B56DCB22E}" = Microsoft Office Suite Activation Assistant
"{EABCA81A-E96B-6163-CF2B-1A7DF959BEB4}" = Catalyst Control Center InstallProxy
"{EBC73B8D-5DC5-92F0-0F2C-B4476DA45E0F}" = Catalyst Control Center Localization Hungarian
"{EDA5C0FD-656E-7311-9CC7-7B46C3A23FDC}" = Catalyst Control Center Localization Turkish
"{EEF2C08D-C070-D3AD-4A56-B3094A2990DC}" = CCC Help Japanese
"{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F333A33D-125C-32A2-8DCE-5C5D14231E27}" = Visual C++ 2008 x86 Runtime - (v9.0.30729)
"{F333A33D-125C-32A2-8DCE-5C5D14231E27}.vc_x86runtime_30729_01" = Visual C++ 2008 x86 Runtime - v9.0.30729.01
"{F4EA67C9-6748-4C1E-9AFF-04149AC75D95}" = Packard Bell ImageWriter
"{F54AC413-D2C6-4A24-B324-370C223C6250}" = Adobe Photoshop Elements 6.0
"{F8BBD906-76D4-EC1F-7200-C192C5135069}" = ATI Catalyst Install Manager
"{FCA73084-4918-1FAD-8550-A72EC233E4F3}" = Catalyst Control Center Localization Korean
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Photoshop Elements 6" = Adobe Photoshop Elements 6.0
"Avira AntiVir Desktop" = Avira AntiVir Personal - Free Antivirus
"CardDetectorHUAWEI160" = Card Detector for Huawei E160
"CCleaner" = CCleaner
"com.ea.Vault.919CACB699904AC5D41B606703500DD39747C02D.1" = EA Download Manager UI
"EA Download Manager" = EA Download Manager
"EasyBits Magic Desktop" = EasyBits Magic Desktop
"Google Desktop" = Google Desktop
"HOMESTUDENTR" = Microsoft Office Home and Student 2007
"InstallShield_{2637C347-9DAD-11D6-9EA2-00055D0CA761}" = CyberLink PowerCinema
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"Microsoft .NET Framework 3.5 Language Pack SP1 - fra" = Module linguistique Microsoft .NET Framework 3.5 SP1- fra
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Mozilla Firefox (3.6.3)" = Mozilla Firefox (3.6.3)
"PROPLUS" = Microsoft Office Professional Plus 2007
"SpywareGuard_is1" = SpywareGuard v2.2
"SynTPDeinstKey" = Synaptics Pointing Device Driver
"VLC media player" = VLC media player 1.0.2
"WinLiveSuite_Wave3" = Installation Windows Live
"Works9SE" = Microsoft Works 9.0 SE
"ZHPDiag_is1" = ZHPDiag 1.25
========== Last 10 Event Log Errors ==========
[ Application Events ]
Error - 15/04/2010 11:11:06 | Computer Name = PC-de-amandine | Source = Google Update | ID = 20
Description =
Error - 15/04/2010 12:11:06 | Computer Name = PC-de-amandine | Source = Google Update | ID = 20
Description =
Error - 15/04/2010 13:11:06 | Computer Name = PC-de-amandine | Source = Google Update | ID = 20
Description =
Error - 15/04/2010 14:11:06 | Computer Name = PC-de-amandine | Source = Google Update | ID = 20
Description =
Error - 15/04/2010 15:11:06 | Computer Name = PC-de-amandine | Source = Google Update | ID = 20
Description =
Error - 15/04/2010 16:12:04 | Computer Name = PC-de-amandine | Source = Google Update | ID = 20
Description =
Error - 15/04/2010 16:51:58 | Computer Name = PC-de-amandine | Source = Application Error | ID = 1000
Description = Application défaillante connectivitymanager.exe, version 2.0.122.803,
horodatage 0x48dafec3, module défaillant HandlerAuth.dll, version 2.0.122.803,
horodatage 0x48dafefa, code d’exception 0xc0000005, décalage d’erreur 0x00003d03,
ID
du processus 0x127c, heure de début de l’application 0x01cadcdd7bcbe6a0.
Error - 17/04/2010 10:33:54 | Computer Name = PC-de-amandine | Source = WinMgmt | ID = 10
Description =
Error - 17/04/2010 17:26:49 | Computer Name = PC-de-amandine | Source = EventSystem | ID = 4621
Description =
Error - 18/04/2010 03:10:12 | Computer Name = PC-de-amandine | Source = WinMgmt | ID = 10
Description =
[ System Events ]
Error - 02/01/2010 10:55:35 | Computer Name = PC-de-amandine | Source = HTTP | ID = 15016
Description =
Error - 02/01/2010 10:55:50 | Computer Name = PC-de-amandine | Source = Service Control Manager | ID = 7000
Description =
Error - 05/01/2010 15:34:49 | Computer Name = PC-de-amandine | Source = HTTP | ID = 15016
Description =
Error - 05/01/2010 15:34:54 | Computer Name = PC-de-amandine | Source = Service Control Manager | ID = 7000
Description =
Error - 05/01/2010 16:15:51 | Computer Name = PC-de-amandine | Source = DCOM | ID = 10010
Description =
Error - 08/01/2010 08:38:32 | Computer Name = PC-de-amandine | Source = HTTP | ID = 15016
Description =
Error - 08/01/2010 08:38:46 | Computer Name = PC-de-amandine | Source = Service Control Manager | ID = 7000
Description =
Error - 09/01/2010 07:37:22 | Computer Name = PC-de-amandine | Source = HTTP | ID = 15016
Description =
Error - 09/01/2010 07:37:37 | Computer Name = PC-de-amandine | Source = Service Control Manager | ID = 7000
Description =
Error - 09/01/2010 09:27:33 | Computer Name = PC-de-amandine | Source = DCOM | ID = 10010
Description =
< End of report >
- palmalrouge
- Apprenti(e)
- Messages: 35
- Inscription: 25 Avr 2010 16:08
Re: virus rootkit gen
le 26 Avr 2010 18:46
Hello,
il me manque le rapport OTL.txt qui se trouve sur ton bureau stp...
il me manque le rapport OTL.txt qui se trouve sur ton bureau stp...
-
jeanmimigab - PC-Infopraticien
- Messages: 2986
- Inscription: 29 Nov 2009 12:05
Re: virus rootkit gen
le 26 Avr 2010 19:02
ok voici je voulais vous préciser également que avira le trouve dans c....drivers
OTL logfile created on: 26/04/2010 18:21:03 - Run 1
OTL by OldTimer - Version 3.2.3.0 Folder = C:\Users\amandine\Downloads
Windows Vista Home Basic Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18904)
Locale: 0000040C | Country: France | Language: FRA | Date Format: dd/MM/yyyy
3,00 Gb Total Physical Memory | 2,00 Gb Available Physical Memory | 67,00% Memory free
6,00 Gb Paging File | 5,00 Gb Available in Paging File | 83,00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 285,09 Gb Total Space | 210,57 Gb Free Space | 73,86% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded
Computer Name: PC-DE-AMANDINE
Current User Name: amandine
Logged in as Administrator.
Current Boot Mode: Normal
Scan Mode: All users
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Minimal
========== Processes (SafeList) ==========
PRC - C:\Users\amandine\Downloads\OTL.exe (OldTimer Tools)
PRC - C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe ()
PRC - C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)
PRC - C:\Program Files\COMODO\COMODO livePCsupport\CLPSLS.exe (COMODO)
PRC - C:\program files\avira\antivir desktop\avcenter.exe (Avira GmbH)
PRC - C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe (Google)
PRC - C:\Program Files\Avira\AntiVir Desktop\avguard.exe (Avira GmbH)
PRC - C:\Program Files\Avira\AntiVir Desktop\sched.exe (Avira GmbH)
PRC - C:\Windows\explorer.exe (Microsoft Corporation)
PRC - C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)
PRC - C:\Program Files\CardDetector\HUAWEI160\CardDetector.exe (France Telecom SA)
PRC - C:\PROGRA~1\COMMON~1\France Telecom\Shared Modules\FTRTSVC\0\FTRTSVC.exe (France Telecom SA)
PRC - C:\Windows\RtHDVCpl.exe (Realtek Semiconductor)
PRC - C:\Windows\System32\drivers\o2flash.exe (O2Micro International)
PRC - C:\Program Files\Packard Bell\Packard Bell Recovery Management\Service\ETService.exe ()
PRC - C:\Program Files\PACKARD BELL\SetUpMyPC\SmpSys.exe (Packard Bell BV)
PRC - C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe (Intel Corporation)
PRC - C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe (Intel Corporation)
PRC - C:\Program Files\CyberLink\PowerCinema\Kernel\CLML\CLMLSvc.exe (CyberLink)
PRC - C:\Program Files\CyberLink\PlayMovie\PMVService.exe (CyberLink Corp.)
PRC - C:\Program Files\CyberLink\PowerCinema\PCMAgent.exe (CyberLink Corp.)
PRC - C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
PRC - C:\Program Files\Adobe\Photoshop Elements 6.0\PhotoshopElementsFileAgent.exe ()
PRC - C:\ProgramData\Macrovision\FLEXnet Connect\6\ISUSPM.exe (Macrovision Corporation)
PRC - C:\Program Files\SpywareGuard\sgbhp.exe ()
========== Modules (SafeList) ==========
MOD - C:\Users\amandine\Downloads\OTL.exe (OldTimer Tools)
MOD - C:\Windows\System32\guard32.dll (COMODO)
MOD - C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18005_none_5cb72f96088b0de0\comctl32.dll (Microsoft Corporation)
========== Win32 Services (SafeList) ==========
SRV - (avast! Web Scanner) -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe (ALWIL Software)
SRV - (avast! Mail Scanner) -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe (ALWIL Software)
SRV - (avast! Antivirus) -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe (ALWIL Software)
SRV - (cmdAgent) -- C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe ()
SRV - (CLPSLS) -- C:\Program Files\COMODO\COMODO livePCsupport\CLPSLS.exe (COMODO)
SRV - (GoogleDesktopManager-110309-193829) -- C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe (Google)
SRV - (FontCache) -- C:\Windows\System32\FntCache.dll (Microsoft Corporation)
SRV - (AntiVirService) -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe (Avira GmbH)
SRV - (AntiVirSchedulerService) -- C:\Program Files\Avira\AntiVir Desktop\sched.exe (Avira GmbH)
SRV - (FLEXnet Licensing Service) -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe (Macrovision Europe Ltd.)
SRV - (FTRTSVC) -- C:\PROGRA~1\COMMON~1\France Telecom\Shared Modules\FTRTSVC\0\FTRTSVC.exe (France Telecom SA)
SRV - (o2flash) -- C:\Windows\System32\drivers\o2flash.exe (O2Micro International)
SRV - (ETService) -- C:\Program Files\Packard Bell\Packard Bell Recovery Management\Service\ETService.exe ()
SRV - (IAANTMON) Intel(R) -- C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe (Intel Corporation)
SRV - (ezSharedSvc) -- C:\Windows\System32\ezsvc7.dll (EasyBits Sofware AS)
SRV - (WinDefend) -- C:\Program Files\Windows Defender\mpsvc.dll (Microsoft Corporation)
SRV - (AdobeActiveFileMonitor6.0) -- C:\Program Files\Adobe\Photoshop Elements 6.0\PhotoshopElementsFileAgent.exe ()
========== Driver Services (SafeList) ==========
DRV - (aswTdi) -- C:\Windows\System32\drivers\aswTdi.sys (ALWIL Software)
DRV - (aswSP) -- C:\Windows\System32\drivers\aswSP.sys (ALWIL Software)
DRV - (aswRdr) -- C:\Windows\System32\drivers\aswRdr.sys (ALWIL Software)
DRV - (aswMonFlt) -- C:\Windows\System32\drivers\aswMonFlt.sys (ALWIL Software)
DRV - (aswFsBlk) -- C:\Windows\System32\drivers\aswFsBlk.sys (ALWIL Software)
DRV - (inspect) -- C:\Windows\System32\drivers\inspect.sys (COMODO)
DRV - (cmdHlp) -- C:\Windows\System32\drivers\cmdhlp.sys (COMODO)
DRV - (cmdGuard) -- C:\Windows\System32\drivers\cmdGuard.sys (COMODO)
DRV - (pctNDIS) -- C:\Windows\System32\drivers\pctNdis.sys (PC Tools)
DRV - (avgntflt) -- C:\Windows\System32\drivers\avgntflt.sys (Avira GmbH)
DRV - (ssmdrv) -- C:\Windows\System32\drivers\ssmdrv.sys (Avira GmbH)
DRV - (avipbb) -- C:\Windows\System32\drivers\avipbb.sys (Avira GmbH)
DRV - (avgio) -- C:\Program Files\Avira\AntiVir Desktop\avgio.sys (Avira GmbH)
DRV - (IntcAzAudAddService) Service for Realtek HD Audio (WDM) -- C:\Windows\System32\drivers\RTKVHDA.sys (Realtek Semiconductor Corp.)
DRV - (O2MDRDR) -- C:\Windows\System32\drivers\o2media.sys (O2Micro )
DRV - (hwusbfake) -- C:\Windows\System32\drivers\ewusbfake.sys (Huawei Technologies Co., Ltd.)
DRV - (RTL8169) -- C:\Windows\System32\drivers\Rtlh86.sys (Realtek Corporation )
DRV - (int15) -- C:\Windows\System32\drivers\int15.sys (Acer, Inc.)
DRV - (atikmdag) -- C:\Windows\System32\drivers\atikmdag.sys (ATI Technologies Inc.)
DRV - (PCAMp50) -- C:\Windows\System32\drivers\PCAMp50.sys (Printing Communications Assoc., Inc. (PCAUSA))
DRV - (PCASp50) -- C:\Windows\System32\drivers\PCASp50.sys (Printing Communications Assoc., Inc. (PCAUSA))
DRV - (RTHDMIAzAudService) -- C:\Windows\System32\drivers\RtHDMIV.sys (Realtek Semiconductor Corp.)
DRV - (O2SDRDR) -- C:\Windows\System32\drivers\o2sd.sys (O2Micro )
DRV - (hwdatacard) -- C:\Windows\System32\drivers\ewusbmdm.sys (Huawei Technologies Co., Ltd.)
DRV - (iaStor) -- C:\Windows\system32\DRIVERS\iaStor.sys (Intel Corporation)
DRV - ({49DE1C67-83F8-4102-99E0-C16DCC7EEC796}) -- C:\Program Files\CyberLink\PlayMovie\000.fcl (Cyberlink Corp.)
DRV - (adpu320) -- C:\Windows\system32\drivers\adpu320.sys (Adaptec, Inc.)
DRV - (megasas) -- C:\Windows\system32\drivers\megasas.sys (LSI Corporation)
DRV - (MegaSR) -- C:\Windows\system32\drivers\megasr.sys (LSI Corporation, Inc.)
DRV - (adpu160m) -- C:\Windows\system32\drivers\adpu160m.sys (Adaptec, Inc.)
DRV - (SiSRaid4) -- C:\Windows\system32\drivers\sisraid4.sys (Silicon Integrated Systems)
DRV - (HpCISSs) -- C:\Windows\system32\drivers\hpcisss.sys (Hewlett-Packard Company)
DRV - (adpahci) -- C:\Windows\system32\drivers\adpahci.sys (Adaptec, Inc.)
DRV - (LSI_SAS) -- C:\Windows\system32\drivers\lsi_sas.sys (LSI Logic)
DRV - (ql2300) -- C:\Windows\system32\drivers\ql2300.sys (QLogic Corporation)
DRV - (E1G60) Intel(R) -- C:\Windows\System32\drivers\E1G60I32.sys (Intel Corporation)
DRV - (arcsas) -- C:\Windows\system32\drivers\arcsas.sys (Adaptec, Inc.)
DRV - (iaStorV) -- C:\Windows\system32\drivers\iastorv.sys (Intel Corporation)
DRV - (vsmraid) -- C:\Windows\system32\drivers\vsmraid.sys (VIA Technologies Inc.,Ltd)
DRV - (ulsata2) -- C:\Windows\system32\drivers\ulsata2.sys (Promise Technology, Inc.)
DRV - (LSI_FC) -- C:\Windows\system32\drivers\lsi_fc.sys (LSI Logic)
DRV - (arc) -- C:\Windows\system32\drivers\arc.sys (Adaptec, Inc.)
DRV - (elxstor) -- C:\Windows\system32\drivers\elxstor.sys (Emulex)
DRV - (LSI_SCSI) -- C:\Windows\system32\drivers\lsi_scsi.sys (LSI Logic)
DRV - (nvraid) -- C:\Windows\system32\drivers\nvraid.sys (NVIDIA Corporation)
DRV - (nvstor) -- C:\Windows\system32\drivers\nvstor.sys (NVIDIA Corporation)
DRV - (adp94xx) -- C:\Windows\system32\drivers\adp94xx.sys (Adaptec, Inc.)
DRV - (uliahci) -- C:\Windows\system32\drivers\uliahci.sys (ULi Electronics Inc.)
DRV - (viaide) -- C:\Windows\system32\drivers\viaide.sys (VIA Technologies, Inc.)
DRV - (cmdide) -- C:\Windows\system32\drivers\cmdide.sys (CMD Technology, Inc.)
DRV - (aliide) -- C:\Windows\system32\drivers\aliide.sys (Acer Laboratories Inc.)
DRV - (RTL8187B) -- C:\Windows\System32\drivers\RTL8187B.sys (Realtek Semiconductor Corporation )
DRV - (UsbDiag) -- C:\Windows\System32\drivers\lgusbdiag.sys (LG Electronics Inc.)
DRV - (USBModem) -- C:\Windows\System32\drivers\lgusbmodem.sys (LG Electronics Inc.)
DRV - (usbbus) -- C:\Windows\System32\drivers\lgusbbus.sys (LG Electronics Inc.)
DRV - (SynTP) -- C:\Windows\System32\drivers\SynTP.sys (Synaptics, Inc.)
DRV - (ql40xx) -- C:\Windows\system32\drivers\ql40xx.sys (QLogic Corporation)
DRV - (UlSata) -- C:\Windows\system32\drivers\ulsata.sys (Promise Technology, Inc.)
DRV - (nfrd960) -- C:\Windows\system32\drivers\nfrd960.sys (IBM Corporation)
DRV - (iirsp) -- C:\Windows\system32\drivers\iirsp.sys (Intel Corp./ICP vortex GmbH)
DRV - (aic78xx) -- C:\Windows\system32\drivers\djsvs.sys (Adaptec, Inc.)
DRV - (iteraid) -- C:\Windows\system32\drivers\iteraid.sys (Integrated Technology Express, Inc.)
DRV - (iteatapi) -- C:\Windows\system32\drivers\iteatapi.sys (Integrated Technology Express, Inc.)
DRV - (Symc8xx) -- C:\Windows\system32\drivers\symc8xx.sys (LSI Logic)
DRV - (Sym_u3) -- C:\Windows\system32\drivers\sym_u3.sys (LSI Logic)
DRV - (Mraid35x) -- C:\Windows\system32\drivers\mraid35x.sys (LSI Logic Corporation)
DRV - (Sym_hi) -- C:\Windows\system32\drivers\sym_hi.sys (LSI Logic)
DRV - (Brserid) Brother MFC Serial Port Interface Driver (WDM) -- C:\Windows\system32\drivers\brserid.sys (Brother Industries Ltd.)
DRV - (BrUsbSer) -- C:\Windows\system32\drivers\brusbser.sys (Brother Industries Ltd.)
DRV - (BrFiltUp) -- C:\Windows\system32\drivers\brfiltup.sys (Brother Industries, Ltd.)
DRV - (BrFiltLo) -- C:\Windows\system32\drivers\brfiltlo.sys (Brother Industries, Ltd.)
DRV - (BrSerWdm) -- C:\Windows\system32\drivers\brserwdm.sys (Brother Industries Ltd.)
DRV - (BrUsbMdm) -- C:\Windows\system32\drivers\brusbmdm.sys (Brother Industries Ltd.)
DRV - (ntrigdigi) -- C:\Windows\system32\drivers\ntrigdigi.sys (N-trig Innovative Technologies)
========== Standard Registry (SafeList) ==========
========== Internet Explorer ==========
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://homepage.packardbell.com/rdr.asp ... ynote_ml65
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://homepage.packardbell.com/rdr.asp ... ynote_ml65
IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://homepage.packardbell.com/rdr.asp ... ynote_ml65
IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1
IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://homepage.packardbell.com/rdr.asp ... ynote_ml65
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://homepage.packardbell.com/rdr.asp ... ynote_ml65
IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1
IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://homepage.packardbell.com/rdr.asp ... ynote_ml65
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-24509639-3969130996-1665101780-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://homepage.packardbell.com/rdr.asp ... ynote_ml65
IE - HKU\S-1-5-21-24509639-3969130996-1665101780-1000\SOFTWARE\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1
IE - HKU\S-1-5-21-24509639-3969130996-1665101780-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.fr/ig?sourceid=navcli ... r&ie=UTF-8
IE - HKU\S-1-5-21-24509639-3969130996-1665101780-1000\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKU\S-1-5-21-24509639-3969130996-1665101780-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
========== FireFox ==========
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.3\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010/04/11 15:22:23 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.3\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010/04/19 12:04:41 | 000,000,000 | ---D | M]
[2010/04/11 15:23:05 | 000,000,000 | ---D | M] -- C:\Users\amandine\AppData\Roaming\mozilla\Extensions
[2010/04/26 18:16:40 | 000,000,000 | ---D | M] -- C:\Users\amandine\AppData\Roaming\mozilla\Firefox\Profiles\7egagw4q.default\extensions
[2010/04/11 15:23:47 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\amandine\AppData\Roaming\mozilla\Firefox\Profiles\7egagw4q.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2010/04/25 09:44:33 | 000,000,000 | ---D | M] (No name found) -- C:\Users\amandine\AppData\Roaming\mozilla\Firefox\Profiles\7egagw4q.default\extensions\{e001c731-5e37-4538-a5cb-8168736a2360}
[2010/04/11 15:22:22 | 000,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions
[2010/04/01 19:07:29 | 000,001,516 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazon-france.xml
[2010/04/01 19:07:29 | 000,001,822 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\cnrtl-tlfi-fr.xml
[2010/04/01 19:07:29 | 000,000,757 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay-france.xml
[2010/04/01 19:07:29 | 000,001,426 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia-fr.xml
[2010/04/01 19:07:29 | 000,000,956 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo-france.xml
O1 HOSTS File: ([2006/09/18 23:41:30 | 000,000,761 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2 - BHO: (SpywareGuardDLBLOCK.CBrowserHelper) - {4A368E80-174F-4872-96B5-0B27DDD11DB2} - C:\Program Files\SpywareGuard\dlprotect.dll ()
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O2 - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.5.4723.1820\swg.dll (Google Inc.)
O3 - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O3 - HKU\S-1-5-21-24509639-3969130996-1665101780-1000\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)
O4 - HKLM..\Run: [BEWINTERNET-FR-DMGP-V2SessionManager] C:\Program Files\Orange\IEWInternet\SessionManager\SessionManager.exe (France Telecom SA)
O4 - HKLM..\Run: [CardDetectorHUAWEI160] C:\Program Files\CardDetector\HUAWEI160\CardDetector.exe (France Telecom SA)
O4 - HKLM..\Run: [CLMLServer] C:\Program Files\CyberLink\PowerCinema\Kernel\CLML\CLMLSvc.exe (CyberLink)
O4 - HKLM..\Run: [COMODO Internet Security] C:\Program Files\COMODO\COMODO Internet Security\cfp.exe (COMODO)
O4 - HKLM..\Run: [eRecoveryService] File not found
O4 - HKLM..\Run: [Google Desktop Search] C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe (Google)
O4 - HKLM..\Run: [IAAnotif] C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe (Intel Corporation)
O4 - HKLM..\Run: [Malwarebytes Anti-Malware (reboot)] C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [Malwarebytes Anti-Malware (rootkit-scan)] C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [PCMAgent] C:\Program Files\CyberLink\PowerCinema\PCMAgent.exe (CyberLink Corp.)
O4 - HKLM..\Run: [PlayMovie] C:\Program Files\CyberLink\PlayMovie\PMVService.exe (CyberLink Corp.)
O4 - HKLM..\Run: [RtHDVCpl] C:\Windows\RtHDVCpl.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [Skytel] C:\Windows\SkyTel.exe (Realtek Semiconductor Corp.)
O4 - HKLM..\Run: [SmpcSys] C:\Program Files\Packard Bell\SetupMyPC\SmpSys.exe (Packard Bell BV)
O4 - HKLM..\Run: [StartCCC] C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
O4 - HKU\S-1-5-19..\Run: [WindowsWelcomeCenter] C:\Windows\System32\oobefldr.dll (Microsoft Corporation)
O4 - HKU\S-1-5-20..\Run: [WindowsWelcomeCenter] C:\Windows\System32\oobefldr.dll (Microsoft Corporation)
O4 - HKU\S-1-5-21-24509639-3969130996-1665101780-1000..\Run: [ISUSPM] C:\ProgramData\Macrovision\FLEXnet Connect\6\ISUSPM.exe (Macrovision Corporation)
O4 - HKU\S-1-5-21-24509639-3969130996-1665101780-1000..\Run: [SmpcSys] C:\Program Files\PACKARD BELL\SetUpMyPC\SmpSys.exe (Packard Bell BV)
O4 - HKU\S-1-5-21-24509639-3969130996-1665101780-1000..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (Google Inc.)
O4 - Startup: C:\Users\amandine\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\SpywareGuard.lnk = C:\Program Files\SpywareGuard\sgmain.exe ()
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O8 - Extra context menu item: Google Sidewiki... - C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_96D6FF0C6D236BF8.dll (Google Inc.)
O9 - Extra Button: Envoyer à OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : &Envoyer à OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL (Microsoft Corporation)
O13 - gopher Prefix: missing
O15 - HKU\S-1-5-21-24509639-3969130996-1665101780-1000\..Trusted Domains: localhost ([]http in Local intranet)
O15 - HKU\S-1-5-21-24509639-3969130996-1665101780-1000\..Trusted Ranges: GD ([http] in Local intranet)
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} http://download.bitdefender.com/resourc ... oscan8.cab (BDSCANONLINE Control)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 212.27.40.240 212.27.40.241
O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\WI1F86~1\MESSEN~1\MSGRAP~1.DLL (Microsoft Corporation)
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll (Microsoft Corporation)
O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\WI1F86~1\MESSEN~1\MSGRAP~1.DLL (Microsoft Corporation)
O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20 - AppInit_DLLs: (c:\progra~1\google\google~1\goec62~1.dll) - c:\progra~1\google\google~1\goec62~1.dll (Google)
O20 - AppInit_DLLs: (C:\Windows\system32\guard32.dll) - C:\Windows\System32\guard32.dll (COMODO)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKU\S-1-5-21-24509639-3969130996-1665101780-1000 Winlogon: Shell - (C:\Users\amandine\csrss.exe) - C:\Users\amandine\csrss.exe File not found
O20 - HKU\S-1-5-21-24509639-3969130996-1665101780-1000 Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKU\S-1-5-21-24509639-3969130996-1665101780-1000 Winlogon: Shell - (C:\Users\amandine\AppData\Roaming\nisgw.exe) - C:\Users\amandine\AppData\Roaming\nisgw.exe File not found
O24 - Desktop WallPaper: C:\Users\amandine\AppData\Roaming\Microsoft\Windows Photo Gallery\Papier peint de la Galerie de photos Windows.jpg
O24 - Desktop BackupWallPaper: C:\Users\amandine\AppData\Roaming\Microsoft\Windows Photo Gallery\Papier peint de la Galerie de photos Windows.jpg
O28 - HKLM ShellExecuteHooks: {81559C35-8464-49F7-BB0E-07A383BEF910} - C:\Program Files\SpywareGuard\spywareguard.dll ()
O28 - HKLM ShellExecuteHooks: {E54729E8-BB3D-4270-9D49-7389EA579090} - C:\Windows\System32\ezUPBHook.dll (EasyBits Software Corp.)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006/09/18 23:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O33 - MountPoints2\{4f143388-aad1-11de-87fc-00238b608da8}\Shell - "" = AutoRun
O33 - MountPoints2\{4f143388-aad1-11de-87fc-00238b608da8}\Shell\AutoRun\command - "" = E:\AutoRunCardDetector.exe -- File not found
O33 - MountPoints2\{4ff79618-aace-11de-9cfc-00238b608da8}\Shell - "" = AutoRun
O33 - MountPoints2\{4ff79618-aace-11de-9cfc-00238b608da8}\Shell\AutoRun\command - "" = E:\AutoRunCardDetector.exe -- File not found
O33 - MountPoints2\{5047d072-ab6a-11de-833f-00238b608da8}\Shell - "" = AutoRun
O33 - MountPoints2\{5047d072-ab6a-11de-833f-00238b608da8}\Shell\AutoRun\command - "" = E:\AutoRunCardDetector.exe -- File not found
O33 - MountPoints2\{60384be9-bb3b-11de-aa6b-00238b608da8}\Shell\AutoRun\command - "" = SEVEBOMBA/gasgas.exe
O33 - MountPoints2\{60384be9-bb3b-11de-aa6b-00238b608da8}\Shell\open\command - "" = SEVEBOMBA/gasgas.exe
O33 - MountPoints2\{6bb5cb72-aad7-11de-be24-00238b608da8}\Shell - "" = AutoRun
O33 - MountPoints2\{6bb5cb72-aad7-11de-be24-00238b608da8}\Shell\AutoRun\command - "" = E:\AutoRunCardDetector.exe -- File not found
O33 - MountPoints2\{6c9492ba-aac6-11de-bad7-00238b608da8}\Shell - "" = AutoRun
O33 - MountPoints2\{6c9492ba-aac6-11de-bad7-00238b608da8}\Shell\AutoRun\command - "" = E:\AutoRunCardDetector.exe -- File not found
O33 - MountPoints2\{854701b7-ab5e-11de-8c73-0017c46ebb86}\Shell - "" = AutoRun
O33 - MountPoints2\{854701b7-ab5e-11de-8c73-0017c46ebb86}\Shell\AutoRun\command - "" = E:\AutoRunCardDetector.exe -- File not found
O33 - MountPoints2\{8af469be-aac8-11de-86d0-00238b608da8}\Shell - "" = AutoRun
O33 - MountPoints2\{8af469be-aac8-11de-86d0-00238b608da8}\Shell\AutoRun\command - "" = E:\AutoRunCardDetector.exe -- File not found
O33 - MountPoints2\{ad184d24-ff65-11de-984b-00238b608da8}\Shell\AutoRun\command - "" = olu392qj.exe
O33 - MountPoints2\{ad184d24-ff65-11de-984b-00238b608da8}\Shell\open\Command - "" = olu392qj.exe
O33 - MountPoints2\{ad184d32-ff65-11de-984b-00238b608da8}\Shell - "" = AutoRun
O33 - MountPoints2\{ad184d32-ff65-11de-984b-00238b608da8}\Shell\AutoRun\command - "" = E:\StartVMCLite.exe -- File not found
O33 - MountPoints2\{b00c9e72-ab9f-11de-8ac5-0017c46ebb86}\Shell - "" = AutoRun
O33 - MountPoints2\{b00c9e72-ab9f-11de-8ac5-0017c46ebb86}\Shell\AutoRun\command - "" = E:\AutoRunCardDetector.exe -- File not found
O33 - MountPoints2\{b9329ad3-aad3-11de-9635-00238b608da8}\Shell - "" = AutoRun
O33 - MountPoints2\{b9329ad3-aad3-11de-9635-00238b608da8}\Shell\AutoRun\command - "" = E:\AutoRunCardDetector.exe -- File not found
O33 - MountPoints2\{ce69d4e8-c2d8-11de-9e71-00238b608da8}\Shell - "" = AutoRun
O33 - MountPoints2\{ce69d4e8-c2d8-11de-9e71-00238b608da8}\Shell\AutoRun\command - "" = E:\StartVMCLite.exe -- File not found
O33 - MountPoints2\{ce69d4f2-c2d8-11de-9e71-00238b608da8}\Shell - "" = AutoRun
O33 - MountPoints2\{ce69d4f2-c2d8-11de-9e71-00238b608da8}\Shell\AutoRun\command - "" = E:\StartVMCLite.exe -- File not found
O33 - MountPoints2\{d32df013-ab91-11de-b50b-0017c46ebb86}\Shell - "" = AutoRun
O33 - MountPoints2\{d32df013-ab91-11de-b50b-0017c46ebb86}\Shell\AutoRun\command - "" = E:\AutoRunCardDetector.exe -- File not found
O33 - MountPoints2\{f5be7331-37fe-11df-bbd5-ac95439dbbeb}\Shell - "" = AutoRun
O33 - MountPoints2\{f5be7331-37fe-11df-bbd5-ac95439dbbeb}\Shell\AutoRun\command - "" = F:\LaunchU3.exe -- File not found
O33 - MountPoints2\E\Shell - "" = AutoRun
O33 - MountPoints2\E\Shell\AutoRun\command - "" = E:\StartVMCLite.exe -- File not found
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
NetSvcs: FastUserSwitchingCompatibility - File not found
NetSvcs: Ias - C:\Windows\System32\ias [2009/10/27 23:18:52 | 000,000,000 | ---D | M]
NetSvcs: Nla - File not found
NetSvcs: Ntmssvc - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: SRService - File not found
NetSvcs: Wmi - C:\Windows\System32\wmi.dll (Microsoft Corporation)
NetSvcs: WmdmPmSp - File not found
NetSvcs: LogonHours - File not found
NetSvcs: PCAudit - File not found
NetSvcs: helpsvc - File not found
NetSvcs: uploadmgr - File not found
NetSvcs: ezSharedSvc - C:\Windows\System32\ezsvc7.dll (EasyBits Sofware AS)
========== Files/Folders - Created Within 30 Days ==========
[2010/04/25 16:47:36 | 000,000,000 | ---D | C] -- C:\Program Files\ZHPDiag
[2010/04/25 15:02:19 | 000,096,104 | ---- | C] (Avira GmbH) -- C:\Windows\System32\drivers\avipbb.sys
[2010/04/25 15:02:19 | 000,056,816 | ---- | C] (Avira GmbH) -- C:\Windows\System32\drivers\avgntflt.sys
[2010/04/25 15:02:18 | 000,028,520 | ---- | C] (Avira GmbH) -- C:\Windows\System32\drivers\ssmdrv.sys
[2010/04/25 15:02:17 | 000,000,000 | ---D | C] -- C:\ProgramData\Avira
[2010/04/25 15:02:17 | 000,000,000 | ---D | C] -- C:\Program Files\Avira
[2010/04/25 14:38:17 | 000,162,768 | ---- | C] (ALWIL Software) -- C:\Windows\System32\drivers\aswSP.sys
[2010/04/25 14:38:17 | 000,023,376 | ---- | C] (ALWIL Software) -- C:\Windows\System32\drivers\aswRdr.sys
[2010/04/25 14:38:17 | 000,019,024 | ---- | C] (ALWIL Software) -- C:\Windows\System32\drivers\aswFsBlk.sys
[2010/04/25 14:38:16 | 000,046,672 | ---- | C] (ALWIL Software) -- C:\Windows\System32\drivers\aswTdi.sys
[2010/04/25 14:38:15 | 000,051,792 | ---- | C] (ALWIL Software) -- C:\Windows\System32\drivers\aswMonFlt.sys
[2010/04/25 14:37:53 | 000,153,184 | ---- | C] (ALWIL Software) -- C:\Windows\System32\aswBoot.exe
[2010/04/25 14:37:53 | 000,038,848 | ---- | C] (ALWIL Software) -- C:\Windows\System32\avastSS.scr
[2010/04/25 14:37:35 | 000,000,000 | ---D | C] -- C:\Program Files\Alwil Software
[2010/04/25 12:05:13 | 000,000,000 | ---D | C] -- C:\ProgramData\Alwil Software
[2010/04/25 09:44:37 | 000,000,000 | ---D | C] -- C:\Users\amandine\AppData\Roaming\QuickScan
[2010/04/22 18:16:33 | 000,000,000 | ---D | C] -- C:\Windows\System32\DRVSTORE
[2010/04/22 18:15:06 | 000,000,000 | ---D | C] -- C:\ProgramData\Lavasoft
[2010/04/22 18:15:06 | 000,000,000 | ---D | C] -- C:\Program Files\Lavasoft
[2010/04/22 18:10:38 | 000,000,000 | ---D | C] -- C:\Program Files\SpywareGuard
[2010/04/22 17:50:48 | 000,000,000 | ---D | C] -- C:\Program Files\CCleaner
[2010/04/22 03:19:09 | 000,000,000 | ---D | C] -- C:\Program Files\Windows Portable Devices
[2010/04/22 03:03:17 | 001,164,800 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\UIRibbonRes.dll
[2010/04/22 03:03:17 | 000,092,672 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\UIAnimation.dll
[2010/04/22 03:03:16 | 003,023,360 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\UIRibbon.dll
[2010/04/22 03:02:55 | 000,369,664 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WMPhoto.dll
[2010/04/22 03:02:54 | 000,829,440 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3d10warp.dll
[2010/04/22 03:02:54 | 000,037,888 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\cdd.dll
[2010/04/22 03:02:54 | 000,026,112 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\printfilterpipelineprxy.dll
[2010/04/22 03:02:53 | 000,974,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WindowsCodecs.dll
[2010/04/22 03:02:53 | 000,828,928 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d2d1.dll
[2010/04/22 03:02:53 | 000,667,648 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\printfilterpipelinesvc.exe
[2010/04/22 03:02:53 | 000,321,024 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\PhotoMetadataHandler.dll
[2010/04/22 03:02:53 | 000,280,064 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\XpsGdiConverter.dll
[2010/04/22 03:02:53 | 000,252,928 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dxdiag.exe
[2010/04/22 03:02:53 | 000,195,584 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dxdiagn.dll
[2010/04/22 03:02:53 | 000,189,440 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WindowsCodecsExt.dll
[2010/04/22 03:02:53 | 000,135,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\XpsRasterService.dll
[2010/04/22 03:02:52 | 001,554,432 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\xpsservices.dll
[2010/04/22 03:02:52 | 001,064,448 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\DWrite.dll
[2010/04/22 03:02:52 | 000,847,360 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\OpcServices.dll
[2010/04/22 03:02:52 | 000,793,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\FntCache.dll
[2010/04/22 03:02:52 | 000,519,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3d11.dll
[2010/04/22 03:02:52 | 000,486,912 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3d10level9.dll
[2010/04/22 03:02:52 | 000,481,792 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dxgi.dll
[2010/04/22 03:02:52 | 000,351,232 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\XpsPrint.dll
[2010/04/22 03:02:52 | 000,218,112 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3d10_1core.dll
[2010/04/22 03:02:52 | 000,190,464 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3d10core.dll
[2010/04/22 03:02:52 | 000,161,280 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3d10_1.dll
[2010/04/22 03:02:51 | 001,030,144 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3d10.dll
[2010/04/22 03:02:25 | 000,031,232 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\BthMtpContextHandler.dll
[2010/04/22 03:02:25 | 000,030,208 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WPDShextAutoplay.exe
[2010/04/22 03:02:20 | 000,060,928 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\PortableDeviceConnectApi.dll
[2010/04/22 03:02:18 | 000,061,952 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WpdMtpUS.dll
[2010/04/22 03:02:18 | 000,033,280 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WpdConns.dll
[2010/04/22 03:02:17 | 000,546,816 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wpd_ci.dll
[2010/04/22 03:02:17 | 000,350,208 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WPDSp.dll
[2010/04/22 03:02:17 | 000,334,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\PortableDeviceApi.dll
[2010/04/22 03:02:17 | 000,226,816 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WpdMtp.dll
[2010/04/22 03:02:17 | 000,196,608 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\PortableDeviceWMDRM.dll
[2010/04/22 03:02:17 | 000,160,256 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\PortableDeviceTypes.dll
[2010/04/22 03:02:17 | 000,100,864 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\PortableDeviceClassExtension.dll
[2010/04/22 03:01:28 | 000,004,096 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\oleaccrc.dll
[2010/04/22 03:01:27 | 000,555,520 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\UIAutomationCore.dll
[2010/04/22 00:18:57 | 001,696,256 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\gameux.dll
[2010/04/22 00:18:55 | 000,028,672 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\Apphlpdm.dll
[2010/04/22 00:18:54 | 004,240,384 | ---- | C] (Microsoft) -- C:\Windows\System32\GameUXLegacyGDFs.dll
[2010/04/21 08:01:00 | 000,000,000 | ---D | C] -- C:\Windows\System32\vi-VN
[2010/04/21 08:01:00 | 000,000,000 | ---D | C] -- C:\Windows\System32\eu-ES
[2010/04/21 08:01:00 | 000,000,000 | ---D | C] -- C:\Windows\System32\ca-ES
[2010/04/20 22:03:23 | 000,000,000 | ---D | C] -- C:\Windows\BDOSCAN8
[2010/04/20 21:57:30 | 000,000,000 | ---D | C] -- C:\ProgramData\COMODO
[2010/04/20 21:12:49 | 000,000,000 | ---D | C] -- C:\Program Files\COMODO
[2010/04/20 21:10:26 | 000,000,000 | ---D | C] -- C:\ProgramData\Comodo Downloader
[2010/04/20 20:17:53 | 000,000,000 | ---D | C] -- C:\Users\amandine\AppData\Roaming\Nero
[2010/04/17 16:44:19 | 000,420,352 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\vbscript.dll
[2010/04/17 16:44:08 | 003,548,040 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ntoskrnl.exe
[2010/04/17 16:44:07 | 003,600,776 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ntkrnlpa.exe
[2010/04/17 16:43:58 | 000,220,672 | ---- | C] (Fraunhofer Institut Integrierte Schaltungen IIS) -- C:\Windows\System32\l3codecp.acm
[2010/04/17 16:43:58 | 000,062,464 | ---- | C] (Fraunhofer Institut Integrierte Schaltungen IIS) -- C:\Windows\System32\l3codeca.acm
[2010/04/17 16:37:55 | 000,293,376 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\browserchoice.exe
[2010/04/11 15:22:33 | 000,000,000 | ---D | C] -- C:\Users\amandine\AppData\Roaming\Mozilla
[2010/04/11 15:22:33 | 000,000,000 | ---D | C] -- C:\Users\amandine\AppData\Local\Mozilla
[2010/04/11 15:22:20 | 000,000,000 | ---D | C] -- C:\Program Files\Mozilla Firefox
[2010/04/11 14:22:54 | 000,000,000 | ---D | C] -- C:\Windows\System32\EventProviders
[2010/04/11 12:56:04 | 000,000,000 | ---D | C] -- C:\ProgramData\Sunbelt
[2010/04/11 12:52:35 | 015,165,792 | ---- | C] (Sunbelt Software ) -- C:\Users\amandine\Desktop\counterspy.exe
[2010/04/11 12:47:10 | 012,240,896 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\NlsLexicons0007.dll
[2010/04/11 12:47:07 | 001,081,344 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\SLCExt.dll
[2010/04/11 12:47:04 | 002,134,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\FunctionDiscoveryFolder.dll
[2010/04/11 12:47:04 | 000,065,536 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\DevicePairingWizard.exe
[2010/04/11 12:47:02 | 002,644,480 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\NlsLexicons0009.dll
[2010/04/11 12:47:00 | 001,480,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mssrch.dll
[2010/04/11 12:46:58 | 001,576,960 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\tquery.dll
[2010/04/11 12:46:58 | 000,684,032 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\spsys.sys
[2010/04/11 12:46:57 | 000,779,136 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\PresentationNative_v0300.dll
[2010/04/11 12:46:56 | 000,928,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\scavenge.dll
[2010/04/11 12:46:54 | 002,241,536 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msi.dll
[2010/04/11 12:46:53 | 000,677,376 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\imapi2fs.dll
[2010/04/11 12:46:52 | 000,968,192 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wcnwiz2.dll
[2010/04/11 12:46:52 | 000,291,328 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WscEapPr.dll
[2010/04/11 12:46:51 | 000,619,864 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\icardagt.exe
[2010/04/11 12:46:50 | 000,114,176 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\EhStorShell.dll
[2010/04/11 12:46:49 | 000,112,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\spreview.exe
[2010/04/11 12:46:48 | 000,978,432 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drmv2clt.dll
[2010/04/11 12:46:48 | 000,289,792 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\spinstall.exe
[2010/04/11 12:46:47 | 000,438,744 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mcupdate_GenuineIntel.dll
[2010/04/11 12:46:47 | 000,164,352 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\spwizui.dll
[2010/04/11 12:46:45 | 000,670,720 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mssvp.dll
[2010/04/11 12:46:45 | 000,378,368 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\imapi2.dll
[2010/04/11 12:46:45 | 000,351,744 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mssph.dll
[2010/04/11 12:46:45 | 000,203,264 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mssphtb.dll
[2010/04/11 12:46:44 | 000,324,608 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\sdohlp.dll
[2010/04/11 12:46:43 | 001,459,200 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\esent.dll
[2010/04/11 12:46:43 | 000,729,600 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\IMJP10K.DLL
[2010/04/11 12:46:43 | 000,478,208 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\DevicePairing.dll
[2010/04/11 12:46:42 | 000,190,464 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\sperror.dll
[2010/04/11 12:46:42 | 000,143,872 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\korwbrkr.dll
[2010/04/11 12:46:41 | 000,463,872 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\IasMigReader.exe
[2010/04/11 12:46:41 | 000,228,352 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\SLC.dll
[2010/04/11 12:46:41 | 000,041,344 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\PresentationHostProxy.dll
[2010/04/11 12:46:40 | 000,231,424 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msshsq.dll
[2010/04/11 12:46:38 | 001,589,248 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msjet40.dll
[2010/04/11 12:46:37 | 001,381,376 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\Query.dll
[2010/04/11 12:46:37 | 000,883,712 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\IMJP10.IME
[2010/04/11 12:46:36 | 001,078,784 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\diagperf.dll
[2010/04/11 12:46:36 | 000,409,600 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msexch40.dll
[2010/04/11 12:46:36 | 000,327,168 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\P2PGraph.dll
[2010/04/11 12:46:35 | 000,986,600 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\winload.exe
[2010/04/11 12:46:35 | 000,301,568 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\srchadmin.dll
[2010/04/11 12:46:34 | 001,792,512 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mmc.exe
[2010/04/11 12:46:34 | 000,950,272 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mblctr.exe
[2010/04/11 12:46:34 | 000,454,144 | ---- | C] (Microsoft) -- C:\Windows\System32\IasMigPlugin.dll
[2010/04/11 12:46:34 | 000,428,544 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\EncDec.dll
[2010/04/11 12:46:34 | 000,203,264 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\uDWM.dll
[2010/04/11 12:46:33 | 000,880,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\RacEngn.dll
[2010/04/11 12:46:33 | 000,466,944 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\riched20.dll
[2010/04/11 12:46:33 | 000,088,064 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\fdBth.dll
[2010/04/11 12:46:31 | 002,012,160 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\milcore.dll
[2010/04/11 12:46:31 | 001,112,064 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\CertEnroll.dll
[2010/04/11 12:46:31 | 000,160,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\spoolss.dll
[2010/04/11 12:46:31 | 000,120,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\EhStorAPI.dll
[2010/04/11 12:46:30 | 000,805,376 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\NaturalLanguage6.dll
[2010/04/11 12:46:29 | 003,217,408 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WinSAT.exe
[2010/04/11 12:46:29 | 000,950,784 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\gpedit.dll
[2010/04/11 12:46:29 | 000,406,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msvcp60.dll
[2010/04/11 12:46:29 | 000,290,816 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msjtes40.dll
[2010/04/11 12:46:29 | 000,099,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\infocardapi.dll
[2010/04/11 12:46:28 | 000,710,144 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\Magnify.exe
[2010/04/11 12:46:28 | 000,282,624 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mstext40.dll
[2010/04/11 12:46:27 | 000,339,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msexcl40.dll
[2010/04/11 12:46:27 | 000,217,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\psisrndr.ax
[2010/04/11 12:46:27 | 000,067,584 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\slwmi.dll
[2010/04/11 12:46:26 | 001,555,456 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WindowsAnytimeUpgradeCPL.dll
[2010/04/11 12:46:26 | 001,209,856 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\comsvcs.dll
[2010/04/11 12:46:26 | 000,454,656 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msxbde40.dll
[2010/04/11 12:46:25 | 001,985,024 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\authui.dll
[2010/04/11 12:46:24 | 000,643,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msrepl40.dll
[2010/04/11 12:46:24 | 000,640,512 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\bthprops.cpl
[2010/04/11 12:46:24 | 000,469,504 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\newdev.dll
[2010/04/11 12:46:24 | 000,323,952 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\PresentationHost.exe
[2010/04/11 12:46:23 | 002,926,592 | ---- | C] (Microsoft Corporation) -- C:\Windows\explorer.exe
[2010/04/11 12:46:23 | 000,205,824 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\eudcedit.exe
[2010/04/11 12:46:23 | 000,119,296 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iasrecst.dll
[2010/04/11 12:46:23 | 000,102,816 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\PresentationCFFRasterizerNative_v0300.dll
[2010/04/11 12:46:22 | 000,368,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mspbde40.dll
[2010/04/11 12:46:21 | 001,788,416 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3d9.dll
[2010/04/11 12:46:21 | 000,061,440 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\davclnt.dll
[2010/04/11 12:46:20 | 001,135,104 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mfc42.dll
[2010/04/11 12:46:20 | 000,344,064 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msrd3x40.dll
[2010/04/11 12:46:20 | 000,241,664 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msltus40.dll
[2010/04/11 12:46:20 | 000,037,376 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\EhStorPwdMgr.dll
[2010/04/11 12:46:19 | 001,053,696 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msdtctm.dll
[2010/04/11 12:46:19 | 000,250,368 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wevtapi.dll
[2010/04/11 12:46:19 | 000,136,192 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\nlhtml.dll
[2010/04/11 12:46:16 | 000,614,376 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ci.dll
[2010/04/11 12:46:16 | 000,483,328 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\samsrv.dll
[2010/04/11 12:46:16 | 000,443,392 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\win32spl.dll
[2010/04/11 12:46:15 | 000,582,144 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\SLCommDlg.dll
[2010/04/11 12:46:15 | 000,165,376 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WcnNetsh.dll
[2010/04/11 12:46:14 | 001,730,560 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\apds.dll
[2010/04/11 12:46:14 | 000,057,856 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\compcln.exe
[2010/04/11 12:46:13 | 000,618,496 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mswstr10.dll
[2010/04/11 12:46:12 | 000,223,208 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\netio.sys
[2010/04/11 12:46:12 | 000,056,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\xmlfilter.dll
[2010/04/11 12:46:10 | 001,160,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mfc42u.dll
[2010/04/11 12:46:10 | 000,524,288 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\sqlsrv32.dll
[2010/04/11 12:46:10 | 000,361,984 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\SLUI.exe
[2010/04/11 12:46:10 | 000,319,488 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msrd2x40.dll
[2010/04/11 12:46:10 | 000,183,808 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\eapphost.dll
[2010/04/11 12:46:09 | 000,926,184 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\winresume.exe
[2010/04/11 12:46:09 | 000,409,600 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\odbc32.dll
[2010/04/11 12:46:09 | 000,071,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\propdefs.dll
[2010/04/11 12:46:07 | 001,856,512 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dbgeng.dll
[2010/04/11 12:46:07 | 000,163,840 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wevtutil.exe
[2010/04/11 12:46:07 | 000,087,040 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mssitlb.dll
[2010/04/11 12:46:05 | 002,167,808 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mmcndmgr.dll
[2010/04/11 12:46:04 | 000,592,896 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\netlogon.dll
[2010/04/11 12:46:04 | 000,378,368 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\devmgr.dll
[2010/04/11 12:46:04 | 000,194,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drvinst.exe
[2010/04/11 12:46:04 | 000,084,992 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msctfp.dll
[2010/04/11 12:46:04 | 000,035,328 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msscb.dll
[2010/04/11 12:46:04 | 000,009,728 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\fdBthProxy.dll
[2010/04/11 12:46:03 | 001,533,440 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wcnwiz.dll
[2010/04/11 12:46:03 | 000,485,888 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\evr.dll
[2010/04/11 12:46:03 | 000,199,168 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\adsldpc.dll
[2010/04/11 12:46:03 | 000,054,784 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\DevicePairingProxy.dll
[2010/04/11 12:46:02 | 001,382,912 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WMVSDECD.DLL
[2010/04/11 12:46:02 | 000,124,928 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\quick.ime
[2010/04/11 12:46:02 | 000,124,928 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\qintlgnt.ime
[2010/04/11 12:46:02 | 000,124,928 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\phon.ime
[2010/04/11 12:46:02 | 000,124,928 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\cintlgnt.ime
[2010/04/11 12:46:02 | 000,124,928 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\chajei.ime
[2010/04/11 12:46:01 | 001,143,296 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wercon.exe
[2010/04/11 12:46:01 | 000,617,984 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\adtschema.dll
[2010/04/11 12:46:01 | 000,041,984 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mimefilt.dll
[2010/04/11 12:46:00 | 000,856,064 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mswdat10.dll
[2010/04/11 12:46:00 | 000,560,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msdtcprx.dll
[2010/04/11 12:46:00 | 000,396,288 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ipsmsnap.dll
[2010/04/11 12:46:00 | 000,323,584 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\certcli.dll
[2010/04/11 12:46:00 | 000,061,952 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\reg.exe
[2010/04/11 12:46:00 | 000,061,440 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msjter40.dll
[2010/04/11 12:46:00 | 000,038,400 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\rtffilt.dll
[2010/04/11 12:45:59 | 000,996,352 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WMNetMgr.dll
[2010/04/11 12:45:59 | 000,799,744 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\certutil.exe
[2010/04/11 12:45:59 | 000,035,168 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\infocardcpl.cpl
[2010/04/11 12:45:58 | 000,704,512 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\PhotoScreensaver.scr
[2010/04/11 12:45:58 | 000,274,432 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\bcrypt.dll
[2010/04/11 12:45:58 | 000,226,304 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\usbport.sys
[2010/04/11 12:45:58 | 000,060,416 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msscntrs.dll
[2010/04/11 12:45:58 | 000,011,776 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msshooks.dll
[2010/04/11 12:45:57 | 000,332,800 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msihnd.dll
[2010/04/11 12:45:57 | 000,241,128 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\rsaenh.dll
[2010/04/11 12:45:57 | 000,150,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\MMDevAPI.dll
[2010/04/11 12:45:57 | 000,043,008 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msstrc.dll
[2010/04/11 12:45:57 | 000,035,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\TsWpfWrp.exe
[2010/04/11 12:45:56 | 000,310,272 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mtxclu.dll
[2010/04/11 12:45:56 | 000,153,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\fundisc.dll
[2010/04/11 12:45:56 | 000,130,560 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dhcpcsvc6.dll
[2010/04/11 12:45:56 | 000,122,368 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\inetpp.dll
[2010/04/11 12:45:56 | 000,080,720 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mscories.dll
[2010/04/11 12:45:55 | 000,343,040 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wmicmiplugin.dll
[2010/04/11 12:45:54 | 001,020,928 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wdc.dll
[2010/04/11 12:45:54 | 000,125,928 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\Classpnp.sys
[2010/04/11 12:45:54 | 000,107,520 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\imapi.dll
[2010/04/11 12:45:53 | 001,823,744 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\pnidui.dll
[2010/04/11 12:45:53 | 001,671,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\chsbrkr.dll
[2010/04/11 12:45:53 | 000,252,928 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iassdo.dll
[2010/04/11 12:45:53 | 000,093,696 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\Kswdmcap.ax
[2010/04/11 12:45:53 | 000,009,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\icardres.dll
[2010/04/11 12:45:52 | 000,636,416 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\autofmt.exe
[2010/04/11 12:45:52 | 000,050,664 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\PSHED.DLL
[2010/04/11 12:45:52 | 000,035,304 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\crashdmp.sys
[2010/04/11 12:45:51 | 000,757,248 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\azroles.dll
[2010/04/11 12:45:51 | 000,633,856 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\CertEnrollUI.dll
[2010/04/11 12:45:51 | 000,242,176 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\pdh.dll
[2010/04/11 12:45:51 | 000,122,344 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\Storport.sys
[2010/04/11 12:45:50 | 002,205,184 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\SyncCenter.dll
[2010/04/11 12:45:50 | 001,107,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\pidgenx.dll
[2010/04/11 12:45:50 | 000,867,328 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wmpmde.dll
[2010/04/11 12:45:50 | 000,389,632 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\sysmon.ocx
[2010/04/11 12:45:49 | 000,593,408 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\comuid.dll
[2010/04/11 12:45:48 | 001,502,720 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\certmgr.dll
[2010/04/11 12:45:48 | 000,627,200 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\sethc.exe
[2010/04/11 12:45:48 | 000,324,096 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\untfs.dll
[2010/04/11 12:45:48 | 000,204,288 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ncrypt.dll
[2010/04/11 12:45:48 | 000,182,272 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iassam.dll
[2010/04/11 12:45:48 | 000,180,224 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\scrobj.dll
[2010/04/11 12:45:48 | 000,017,896 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\kd1394.dll
[2010/04/11 12:45:47 | 000,413,696 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\imkr80.ime
[2010/04/11 12:45:47 | 000,270,336 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\taskcomp.dll
[2010/04/11 12:45:47 | 000,244,224 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wisptis.exe
[2010/04/11 12:45:47 | 000,099,816 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\FWPKCLNT.SYS
[2010/04/11 12:45:47 | 000,036,352 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\rtutils.dll
[2010/04/11 12:45:46 | 000,656,896 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\autoconv.exe
[2010/04/11 12:45:46 | 000,375,808 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\winsrv.dll
[2010/04/11 12:45:46 | 000,150,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iasnap.dll
[2010/04/11 12:45:45 | 001,541,120 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\onex.dll
[2010/04/11 12:45:45 | 000,273,920 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wow32.dll
[2010/04/11 12:45:45 | 000,135,168 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\cscript.exe
[2010/04/11 12:45:45 | 000,130,024 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\basecsp.dll
[2010/04/11 12:45:45 | 000,088,576 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\audiodg.exe
[2010/04/11 12:45:45 | 000,027,624 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\Dumpata.sys
[2010/04/11 12:45:45 | 000,017,384 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\kdcom.dll
[2010/04/11 12:45:44 | 000,340,992 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\RelMon.dll
[2010/04/11 12:45:44 | 000,182,272 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\osk.exe
[2010/04/11 12:45:44 | 000,019,944 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\kdusb.dll
[2010/04/11 12:45:44 | 000,013,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\spcmsg.dll
[2010/04/11 12:45:43 | 000,860,160 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WerFaultSecure.exe
[2010/04/11 12:45:43 | 000,612,864 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\rdpencom.dll
[2010/04/11 12:45:43 | 000,564,224 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msftedit.dll
[2010/04/11 12:45:43 | 000,194,560 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\offfilt.dll
[2010/04/11 12:45:43 | 000,115,712 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WinSCard.dll
[2010/04/11 12:45:41 | 000,638,976 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\Utilman.exe
[2010/04/11 12:45:41 | 000,230,912 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\diskraid.exe
[2010/04/11 12:45:41 | 000,217,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WerFault.exe
[2010/04/11 12:45:41 | 000,208,896 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mfplat.dll
[2010/04/11 12:45:41 | 000,029,184 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wsepno.dll
[2010/04/11 12:45:40 | 000,551,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\prnntfy.dll
[2010/04/11 12:45:40 | 000,391,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mscms.dll
[2010/04/11 12:45:40 | 000,197,632 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\SndVol.exe
[2010/04/11 12:45:40 | 000,179,712 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msnetobj.dll
[2010/04/11 12:45:40 | 000,114,688 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\odbccp32.dll
[2010/04/11 12:45:40 | 000,103,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\sysclass.dll
[2010/04/11 12:45:40 | 000,075,264 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\adsmsext.dll
[2010/04/11 12:45:40 | 000,047,104 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iasdatastore.dll
[2010/04/11 12:45:39 | 000,444,416 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dsound.dll
[2010/04/11 12:45:39 | 000,223,744 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wscntfy.dll
[2010/04/11 12:45:39 | 000,181,760 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\pnpsetup.dll
[2010/04/11 12:45:39 | 000,099,840 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ulib.dll
[2010/04/11 12:45:39 | 000,091,648 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\IPHLPAPI.DLL
[2010/04/11 12:45:39 | 000,069,632 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\rastapi.dll
[2010/04/11 12:45:39 | 000,024,064 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\fdProxy.dll
[2010/04/11 12:45:38 | 001,342,464 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\brcpl.dll
[2010/04/11 12:45:38 | 000,759,296 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ipsecsnp.dll
[2010/04/11 12:45:38 | 000,507,904 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\vdsdyn.dll
[2010/04/11 12:45:38 | 000,399,360 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wlangpui.dll
[2010/04/11 12:45:38 | 000,119,808 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\diskpart.exe
[2010/04/11 12:45:38 | 000,075,264 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\gpapi.dll
[2010/04/11 12:45:38 | 000,070,656 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iashlpr.dll
[2010/04/11 12:45:38 | 000,057,344 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\logman.exe
[2010/04/11 12:45:37 | 001,575,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WMVENCOD.DLL
[2010/04/11 12:45:37 | 000,286,720 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\rasapi32.dll
[2010/04/11 12:45:37 | 000,216,064 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ntprint.dll
[2010/04/11 12:45:37 | 000,155,456 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mscorier.dll
[2010/04/11 12:45:36 | 002,225,664 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\netcenter.dll
[2010/04/11 12:45:36 | 001,580,544 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wpccpl.dll
[2010/04/11 12:45:36 | 000,158,208 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iasrad.dll
[2010/04/11 12:45:36 | 000,140,800 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wusa.exe
[2010/04/11 12:45:36 | 000,060,928 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\findstr.exe
[2010/04/11 12:45:35 | 001,152,000 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\themecpl.dll
[2010/04/11 12:45:35 | 000,876,032 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wer.dll
[2010/04/11 12:45:35 | 000,825,856 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\rasdlg.dll
[2010/04/11 12:45:35 | 000,076,288 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iassvcs.dll
[2010/04/11 12:45:35 | 000,050,688 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wsnmp32.dll
[2010/04/11 12:45:34 | 000,777,216 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\slcc.dll
[2010/04/11 12:45:34 | 000,245,760 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\scansetting.dll
[2010/04/11 12:45:34 | 000,163,328 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msutb.dll
[2010/04/11 12:45:34 | 000,135,168 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wshom.ocx
[2010/04/11 12:45:34 | 000,098,816 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\powrprof.dll
[2010/04/11 12:45:34 | 000,084,992 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mstlsapi.dll
[2010/04/11 12:45:34 | 000,057,344 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iasads.dll
[2010/04/11 12:45:34 | 000,033,280 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mssprxy.dll
[2010/04/11 12:45:33 | 003,072,000 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\networkmap.dll
[2010/04/11 12:45:33 | 001,248,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\PerfCenterCPL.dll
[2010/04/11 12:45:33 | 000,723,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\powercpl.dll
[2010/04/11 12:45:33 | 000,149,504 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\ks.sys
[2010/04/11 12:45:33 | 000,058,880 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iasacct.dll
[2010/04/11 12:45:32 | 002,515,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\accessibilitycpl.dll
[2010/04/11 12:45:32 | 001,645,568 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\connect.dll
[2010/04/11 12:45:32 | 001,224,192 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\sud.dll
[2010/04/11 12:45:32 | 000,842,240 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\systemcpl.dll
[2010/04/11 12:45:32 | 000,464,384 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\pcaui.dll
[2010/04/11 12:45:32 | 000,074,752 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\newdev.exe
[2010/04/11 12:45:31 | 001,671,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wlanpref.dll
[2010/04/11 12:45:31 | 001,123,840 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\usercpl.dll
[2010/04/11 12:45:31 | 000,516,608 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\autoplay.dll
[2010/04/11 12:45:31 | 000,497,152 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\qdvd.dll
[2010/04/11 12:45:31 | 000,127,488 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\rpchttp.dll
[2010/04/11 12:45:31 | 000,089,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\pintlgnt.ime
[2010/04/11 12:45:31 | 000,067,584 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\regapi.dll
[2010/04/11 12:45:31 | 000,052,224 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mmci.dll
[2010/04/11 12:45:30 | 000,532,992 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wpcao.dll
[2010/04/11 12:45:30 | 000,408,064 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msinfo32.exe
[2010/04/11 12:45:30 | 000,306,176 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\scesrv.dll
[2010/04/11 12:45:30 | 000,293,376 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\psisdecd.dll
[2010/04/11 12:45:30 | 000,140,288 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\scksp.dll
[2010/04/11 12:45:30 | 000,128,000 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\vdsutil.dll
[2010/04/11 12:45:30 | 000,115,712 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\AudioSes.dll
[2010/04/11 12:45:30 | 000,097,792 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\oleprn.dll
[2010/04/11 12:45:30 | 000,054,272 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\feclient.dll
[2010/04/11 12:45:29 | 001,689,600 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wscui.cpl
[2010/04/11 12:45:29 | 001,169,408 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\sdclt.exe
[2010/04/11 12:45:29 | 000,542,208 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\pnpui.dll
[2010/04/11 12:45:29 | 000,505,344 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\qedit.dll
[2010/04/11 12:45:29 | 000,445,952 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ncryptui.dll
[2010/04/11 12:45:29 | 000,407,040 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dpapimig.exe
[2010/04/11 12:45:29 | 000,147,456 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\Faultrep.dll
[2010/04/11 12:45:29 | 000,075,264 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dot3msm.dll
[2010/04/11 12:45:29 | 000,043,520 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\rekeywiz.exe
[2010/04/11 12:45:29 | 000,033,792 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iaspolcy.dll
[2010/04/11 12:45:29 | 000,031,744 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\perfdisk.dll
[2010/04/11 12:45:29 | 000,026,112 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\DeviceEject.exe
[2010/04/11 12:45:29 | 000,017,920 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wscisvif.dll
[2010/04/11 12:45:28 | 000,642,560 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\rasgcw.dll
[2010/04/11 12:45:28 | 000,595,456 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\FWPUCLNT.DLL
[2010/04/11 12:45:28 | 000,376,832 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\rasplap.dll
[2010/04/11 12:45:28 | 000,215,552 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\certreq.exe
[2010/04/11 12:45:28 | 000,177,152 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\scecli.dll
[2010/04/11 12:45:28 | 000,134,656 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\SmartcardCredentialProvider.dll
[2010/04/11 12:45:28 | 000,080,384 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\hdwwiz.exe
[2010/04/11 12:45:28 | 000,038,400 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\TSTheme.exe
[2010/04/11 12:45:28 | 000,011,776 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\spwinsat.dll
[2010/04/11 12:45:27 | 000,170,496 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\tcpipcfg.dll
[2010/04/11 12:45:27 | 000,167,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\portcls.sys
[2010/04/11 12:45:27 | 000,135,168 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\tcpmon.dll
[2010/04/11 12:45:27 | 000,067,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\fdWSD.dll
[2010/04/11 12:45:27 | 000,058,368 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\PnPUnattend.exe
[2010/04/11 12:45:27 | 000,049,152 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\cmmon32.exe
[2010/04/11 12:45:27 | 000,031,232 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\whealogr.dll
[2010/04/11 12:45:27 | 000,025,856 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\USBCAMD2.sys
[2010/04/11 12:45:27 | 000,025,856 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\USBCAMD.sys
[2010/04/11 12:45:26 | 000,547,840 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wiaaut.dll
[2010/04/11 12:45:26 | 000,481,792 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\cmdial32.dll
[2010/04/11 12:45:26 | 000,378,368 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\srcore.dll
[2010/04/11 12:45:26 | 000,281,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\raschap.dll
[2010/04/11 12:45:26 | 000,280,064 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\unimdm.tsp
[2010/04/11 12:45:26 | 000,069,120 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\conime.exe
[2010/04/11 12:45:25 | 002,153,472 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\oobefldr.dll
[2010/04/11 12:45:25 | 000,657,408 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WMVXENCD.DLL
[2010/04/11 12:45:25 | 000,425,472 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\shwebsvc.dll
[2010/04/11 12:45:25 | 000,259,584 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\rasppp.dll
[2010/04/11 12:45:25 | 000,202,752 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wlanui.dll
[2010/04/11 12:45:25 | 000,137,728 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dsprop.dll
[2010/04/11 12:45:25 | 000,054,784 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dimsroam.dll
[2010/04/11 12:45:25 | 000,033,280 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\PnPutil.exe
[2010/04/11 12:45:24 | 006,103,040 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\chtbrkr.dll
[2010/04/11 12:45:24 | 000,533,504 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wmdrmsdk.dll
[2010/04/11 12:45:24 | 000,288,256 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\modemui.dll
[2010/04/11 12:45:24 | 000,218,624 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mscandui.dll
[2010/04/11 12:45:24 | 000,155,136 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\rasmontr.dll
[2010/04/11 12:45:24 | 000,101,376 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\shsetup.dll
[2010/04/11 12:45:24 | 000,045,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dataclen.dll
[2010/04/11 12:45:23 | 000,542,720 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\blackbox.dll
[2010/04/11 12:45:23 | 000,303,616 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wmpeffects.dll
[2010/04/11 12:45:23 | 000,178,176 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\credui.dll
[2010/04/11 12:45:23 | 000,177,664 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WSDMon.dll
[2010/04/11 12:45:23 | 000,107,008 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\rdpwsx.dll
[2010/04/11 12:45:23 | 000,083,456 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wlgpclnt.dll
[2010/04/11 12:45:22 | 002,226,688 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\networkexplorer.dll
[2010/04/11 12:45:22 | 000,414,208 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msscp.dll
[2010/04/11 12:45:22 | 000,217,600 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\InkEd.dll
[2010/04/11 12:45:22 | 000,128,000 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\gpresult.exe
[2010/04/11 12:45:22 | 000,113,664 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\rmcast.sys
[2010/04/11 12:45:22 | 000,094,720 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\logagent.exe
[2010/04/11 12:45:22 | 000,058,368 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\cipher.exe
[2010/04/11 12:45:22 | 000,033,280 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wscapi.dll
[2010/04/11 12:45:22 | 000,031,232 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msimtf.dll
[2010/04/11 12:45:22 | 000,029,696 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ifmon.dll
[2010/04/11 12:45:21 | 000,356,864 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\MediaMetadataHandler.dll
[2010/04/11 12:45:21 | 000,313,344 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\thawbrkr.dll
[2010/04/11 12:45:21 | 000,284,672 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drmmgrtn.dll
[2010/04/11 12:45:21 | 000,177,664 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mpg2splt.ax
[2010/04/11 12:45:21 | 000,125,952 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\softkbd.dll
[2010/04/11 12:45:21 | 000,105,472 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dmsynth.dll
[2010/04/11 12:45:21 | 000,085,504 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msctfui.dll
[2010/04/11 12:45:21 | 000,033,280 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\watchdog.sys
[2010/04/11 12:45:20 | 000,200,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\input.dll
[2010/04/11 12:45:20 | 000,185,856 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\SLLUA.exe
[2010/04/11 12:45:20 | 000,166,400 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\puiapi.dll
[2010/04/11 12:45:20 | 000,097,792 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mprapi.dll
[2010/04/11 12:45:20 | 000,080,896 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\MSNP.ax
[2010/04/11 12:45:20 | 000,020,992 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ExplorerFrame.dll
[2010/04/11 12:45:20 | 000,019,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\fc.exe
[2010/04/11 12:45:20 | 000,016,384 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msisip.dll
[2010/04/11 12:45:19 | 000,187,904 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\eapp3hst.dll
[2010/04/11 12:45:19 | 000,125,952 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\tintlgnt.ime
[2010/04/11 12:45:19 | 000,101,888 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dmusic.dll
[2010/04/11 12:45:19 | 000,083,456 | ---- | C] (Microsoft) -- C:\Windows\System32\SMBHelperClass.dll
[2010/04/11 12:45:19 | 000,068,096 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\fdSSDP.dll
[2010/04/11 12:45:19 | 000,048,128 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\l2nacp.dll
[2010/04/11 12:45:19 | 000,041,984 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ftp.exe
[2010/04/11 12:45:19 | 000,031,744 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\cscapi.dll
[2010/04/11 12:45:19 | 000,024,576 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msjint40.dll
[2010/04/11 12:45:19 | 000,020,992 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wsdchngr.dll
[2010/04/11 12:45:19 | 000,019,456 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\MsCtfMonitor.dll
[2010/04/11 12:45:18 | 000,135,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\eappcfg.dll
[2010/04/11 12:45:18 | 000,093,696 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\eappgnui.dll
[2010/04/11 12:45:18 | 000,082,944 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\nslookup.exe
[2010/04/11 12:45:18 | 000,069,120 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\fdWCN.dll
[2010/04/11 12:45:18 | 000,063,488 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\tscupgrd.exe
[2010/04/11 12:45:18 | 000,055,808 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\Storprop.dll
[2010/04/11 12:45:18 | 000,052,736 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\rasdiag.dll
[2010/04/11 12:45:18 | 000,049,664 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dot3cfg.dll
[2010/04/11 12:45:18 | 000,045,568 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\bthci.dll
[2010/04/11 12:45:18 | 000,042,496 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\slcinst.dll
[2010/04/11 12:45:18 | 000,039,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\networkitemfactory.dll
[2010/04/11 12:45:18 | 000,034,304 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\bthudtask.exe
[2010/04/11 12:45:18 | 000,026,624 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ipconfig.exe
[2010/04/11 12:45:18 | 000,016,896 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\rasdial.exe
[2010/04/11 12:45:18 | 000,010,752 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\CHxReadingStringIME.dll
[2010/04/11 12:45:17 | 000,069,632 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\PNPXAssoc.dll
[2010/04/11 12:45:17 | 000,053,760 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\fdeploy.dll
[2010/04/11 12:45:17 | 000,041,472 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\hbaapi.dll
[2010/04/11 12:45:17 | 000,039,424 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\hidclass.sys
[2010/04/11 12:45:17 | 000,035,840 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ocsetup.exe
[2010/04/11 12:45:17 | 000,028,672 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\FwRemoteSvr.dll
[2010/04/11 12:45:17 | 000,012,800 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mmcico.dll
[2010/04/11 12:45:16 | 000,046,080 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\csrstub.exe
[2010/04/11 12:45:16 | 000,044,032 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\cbsra.exe
[2010/04/11 12:45:16 | 000,031,744 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\bitsigd.dll
[2010/04/11 12:45:16 | 000,016,896 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\gpupdate.exe
[2010/04/11 12:45:15 | 000,019,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\NcdProp.dll
[2010/04/11 12:45:15 | 000,016,384 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iscsilog.dll
[2010/04/11 12:45:14 | 000,076,288 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\dxg.sys
[2010/04/11 12:45:14 | 000,040,960 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\odbcconf.dll
[2010/04/11 12:45:14 | 000,019,456 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\Diskdump.sys
[2010/04/11 12:45:14 | 000,017,408 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\vdmdbg.dll
[2010/04/11 12:45:14 | 000,015,360 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\inetppui.dll
[2010/04/11 12:45:14 | 000,012,288 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\slwga.dll
[2010/04/11 12:45:13 | 000,052,992 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\stream.sys
[2010/04/11 12:45:13 | 000,033,280 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\RNDISMP.sys
[2010/04/11 12:45:12 | 000,015,872 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\usb8023.sys
[2010/04/11 12:45:11 | 000,007,168 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\f3ahvoas.dll
[2010/04/11 12:45:11 | 000,002,560 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msimsg.dll
[2010/04/11 12:44:49 | 000,705,536 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\SmiEngine.dll
[2010/04/11 12:44:45 | 000,218,624 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wdscore.dll
[2010/04/11 12:44:45 | 000,130,560 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\PkgMgr.exe
[2010/04/11 12:44:34 | 000,247,808 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drvstore.dll
[2010/04/09 01:26:12 | 000,277,240 | ---- | C] (COMODO) -- C:\Windows\System32\guard32.dll
[2010/04/09 01:25:30 | 000,074,408 | ---- | C] (COMODO) -- C:\Windows\System32\drivers\inspect.sys
[2010/04/09 01:25:30 | 000,030,112 | ---- | C] (COMODO) -- C:\Windows\System32\drivers\cmdhlp.sys
[2010/04/09 01:25:28 | 000,218,560 | ---- | C] (COMODO) -- C:\Windows\System32\drivers\cmdGuard.sys
[2010/04/09 01:25:28 | 000,016,744 | ---- | C] (COMODO) -- C:\Windows\System32\drivers\cmderd.sys
[2010/04/04 13:05:27 | 000,594,432 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeeds.dll
[2010/04/04 13:05:26 | 001,469,440 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\inetcpl.cpl
[2010/04/04 13:05:26 | 000,611,840 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mstime.dll
[2010/04/04 13:05:26 | 000,387,584 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iedkcs32.dll
[2010/04/04 13:05:26 | 000,184,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iepeers.dll
[2010/04/04 13:05:26 | 000,164,352 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieui.dll
[2010/04/04 13:05:26 | 000,133,632 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieUnatt.exe
[2010/04/04 13:05:25 | 000,173,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ie4uinit.exe
[2010/04/04 13:05:25 | 000,109,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iesysprep.dll
[2010/04/04 13:05:25 | 000,071,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iesetup.dll
[2010/04/04 13:05:25 | 000,055,296 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeedsbs.dll
[2010/04/04 13:05:25 | 000,025,600 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jsproxy.dll
[2010/04/04 13:05:25 | 000,013,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeedssync.exe
[2010/04/04 13:05:22 | 001,638,912 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mshtml.tlb
[2010/04/04 13:05:22 | 000,055,808 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iernonce.dll
[2010/03/27 21:18:11 | 000,726,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jscript.dll
[2010/03/27 21:18:02 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\tzres.dll
[2010/03/27 21:17:44 | 000,526,336 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\RMActivate_isv.exe
[2010/03/27 21:17:44 | 000,518,144 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\RMActivate.exe
[2010/03/27 21:17:43 | 000,471,552 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\secproc_isv.dll
[2010/03/27 21:17:43 | 000,471,552 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\secproc.dll
[2010/03/27 21:17:42 | 000,347,136 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\RMActivate_ssp.exe
[2010/03/27 21:17:42 | 000,346,624 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\RMActivate_ssp_isv.exe
[2010/03/27 21:17:41 | 000,332,288 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msdrm.dll
[2010/03/27 21:17:41 | 000,152,576 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\secproc_ssp_isv.dll
[2010/03/27 21:17:41 | 000,152,064 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\secproc_ssp.dll
========== Files - Modified Within 30 Days ==========
[2010/04/26 18:23:40 | 003,407,872 | -HS- | M] () -- C:\Users\amandine\ntuser.dat
[2010/04/26 18:23:14 | 000,823,808 | ---- | M] () -- C:\Windows\System32\drivers\sbqlnku.sys
[2010/04/26 18:19:00 | 000,000,438 | -H-- | M] () -- C:\Windows\tasks\User_Feed_Synchronization-{56CA4230-6402-45A7-8621-4A439EC0607B}.job
[2010/04/26 18:11:00 | 000,001,054 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2010/04/26 18:08:20 | 001,478,524 | ---- | M] () -- C:\Windows\System32\PerfStringBackup.INI
[2010/04/26 18:08:20 | 000,672,322 | ---- | M] () -- C:\Windows\System32\perfh00C.dat
[2010/04/26 18:08:20 | 000,590,082 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2010/04/26 18:08:20 | 000,124,434 | ---- | M] () -- C:\Windows\System32\perfc00C.dat
[2010/04/26 18:08:20 | 000,102,094 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2010/04/26 18:03:44 | 000,001,050 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2010/04/26 18:03:35 | 000,000,000 | ---- | M] () -- C:\Windows\System32\LogConfigTemp.xml
[2010/04/26 18:03:32 | 000,003,216 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2010/04/26 18:03:32 | 000,003,216 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2010/04/26 18:03:32 | 000,000,006 | -H-- | M] () -- C:\Windows\tasks\SA.DAT
[2010/04/26 18:03:25 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2010/04/26 18:03:21 | 3215,560,704 | -HS- | M] () -- C:\hiberfil.sys
[2010/04/25 21:47:27 | 000,524,288 | -HS- | M] () -- C:\Users\amandine\NTUSER.DAT{d8932e6d-6a6f-11db-b6ab-a038f15a5785}.TMContainer00000000000000000001.regtrans-ms
[2010/04/25 21:47:27 | 000,065,536 | -HS- | M] () -- C:\Users\amandine\NTUSER.DAT{d8932e6d-6a6f-11db-b6ab-a038f15a5785}.TM.blf
[2010/04/25 21:47:18 | 002,369,877 | -H-- | M] () -- C:\Users\amandine\AppData\Local\IconCache.db
[2010/04/25 20:27:53 | 000,000,069 | ---- | M] () -- C:\Windows\NeroDigital.ini
[2010/04/25 15:02:27 | 000,001,849 | ---- | M] () -- C:\Users\Public\Desktop\Avira AntiVir Control Center.lnk
[2010/04/25 14:42:20 | 241,658,792 | ---- | M] () -- C:\Windows\MEMORY.DMP
[2010/04/25 14:38:17 | 000,001,842 | ---- | M] () -- C:\Users\Public\Desktop\avast! Free Antivirus.lnk
[2010/04/25 14:38:15 | 000,002,577 | ---- | M] () -- C:\Windows\System32\config.nt
[2010/04/24 08:39:59 | 000,038,270 | ---- | M] () -- C:\Users\amandine\Documents\cc_20100424_083946.reg
[2010/04/23 18:04:02 | 000,001,356 | ---- | M] () -- C:\Users\amandine\AppData\Local\d3d9caps.dat
[2010/04/22 18:13:08 | 000,035,840 | ---- | M] () -- C:\Users\amandine\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010/04/22 18:10:38 | 000,000,798 | ---- | M] () -- C:\Users\amandine\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\SpywareGuard.lnk
[2010/04/22 18:10:38 | 000,000,794 | ---- | M] () -- C:\Users\amandine\Desktop\SpywareGuard LiveUpdate.lnk
[2010/04/22 18:10:38 | 000,000,762 | ---- | M] () -- C:\Users\amandine\Desktop\SpywareGuard.lnk
[2010/04/22 17:50:50 | 000,001,672 | ---- | M] () -- C:\Users\amandine\Desktop\CCleaner.lnk
[2010/04/22 03:19:02 | 000,000,000 | -H-- | M] () -- C:\Windows\System32\drivers\Msft_User_WpdMtpDr_01_07_00.Wdf
[2010/04/22 03:18:44 | 000,000,000 | -H-- | M] () -- C:\Windows\System32\drivers\Msft_User_WpdFs_01_07_00.Wdf
[2010/04/21 08:04:49 | 000,384,608 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2010/04/20 21:15:28 | 000,001,753 | ---- | M] () -- C:\Users\Public\Desktop\COMODO Firewall.lnk
[2010/04/19 12:04:42 | 000,001,889 | ---- | M] () -- C:\Users\Public\Desktop\Adobe Reader 9.lnk
[2010/04/14 18:47:23 | 000,038,848 | ---- | M] (ALWIL Software) -- C:\Windows\System32\avastSS.scr
[2010/04/14 18:47:03 | 000,153,184 | ---- | M] (ALWIL Software) -- C:\Windows\System32\aswBoot.exe
[2010/04/14 18:35:47 | 000,046,672 | ---- | M] (ALWIL Software) -- C:\Windows\System32\drivers\aswTdi.sys
[2010/04/14 18:35:25 | 000,162,768 | ---- | M] (ALWIL Software) -- C:\Windows\System32\drivers\aswSP.sys
[2010/04/14 18:31:39 | 000,023,376 | ---- | M] (ALWIL Software) -- C:\Windows\System32\drivers\aswRdr.sys
[2010/04/14 18:31:23 | 000,051,792 | ---- | M] (ALWIL Software) -- C:\Windows\System32\drivers\aswMonFlt.sys
[2010/04/14 18:31:01 | 000,019,024 | ---- | M] (ALWIL Software) -- C:\Windows\System32\drivers\aswFsBlk.sys
[2010/04/11 15:22:59 | 000,000,000 | ---- | M] () -- C:\Windows\nsreg.dat
[2010/04/11 15:22:24 | 000,001,726 | ---- | M] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk
[2010/04/11 12:52:37 | 015,165,792 | ---- | M] (Sunbelt Software ) -- C:\Users\amandine\Desktop\counterspy.exe
[2010/04/11 11:16:12 | 000,000,036 | ---- | M] () -- C:\Users\amandine\AppData\Local\housecall.guid.cache
[2010/04/09 01:26:12 | 000,277,240 | ---- | M] (COMODO) -- C:\Windows\System32\guard32.dll
[2010/04/09 01:25:30 | 000,074,408 | ---- | M] (COMODO) -- C:\Windows\System32\drivers\inspect.sys
[2010/04/09 01:25:30 | 000,030,112 | ---- | M] (COMODO) -- C:\Windows\System32\drivers\cmdhlp.sys
[2010/04/09 01:25:28 | 000,218,560 | ---- | M] (COMODO) -- C:\Windows\System32\drivers\cmdGuard.sys
[2010/04/09 01:25:28 | 000,016,744 | ---- | M] (COMODO) -- C:\Windows\System32\drivers\cmderd.sys
[2010/03/30 00:46:30 | 000,038,224 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys
[2010/03/30 00:45:52 | 000,020,824 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2010/03/28 11:54:03 | 000,103,504 | ---- | M] () -- C:\Users\amandine\AppData\Local\GDIPFONTCACHEV1.DAT
========== Files Created - No Company Name ==========
[2010/04/25 15:02:27 | 000,001,849 | ---- | C] () -- C:\Users\Public\Desktop\Avira AntiVir Control Center.lnk
[2010/04/25 14:42:20 | 241,658,792 | ---- | C] () -- C:\Windows\MEMORY.DMP
[2010/04/25 14:38:17 | 000,001,842 | ---- | C] () -- C:\Users\Public\Desktop\avast! Free Antivirus.lnk
[2010/04/25 14:33:43 | 3215,560,704 | -HS- | C] () -- C:\hiberfil.sys
[2010/04/24 08:39:52 | 000,038,270 | ---- | C] () -- C:\Users\amandine\Documents\cc_20100424_083946.reg
[2010/04/22 18:10:38 | 000,000,798 | ---- | C] () -- C:\Users\amandine\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\SpywareGuard.lnk
[2010/04/22 18:10:38 | 000,000,794 | ---- | C] () -- C:\Users\amandine\Desktop\SpywareGuard LiveUpdate.lnk
[2010/04/22 18:10:38 | 000,000,762 | ---- | C] () -- C:\Users\amandine\Desktop\SpywareGuard.lnk
[2010/04/22 17:50:50 | 000,001,672 | ---- | C] () -- C:\Users\amandine\Desktop\CCleaner.lnk
[2010/04/22 03:19:02 | 000,000,000 | -H-- | C] () -- C:\Windows\System32\drivers\Msft_User_WpdMtpDr_01_07_00.Wdf
[2010/04/22 03:18:44 | 000,000,000 | -H-- | C] () -- C:\Windows\System32\drivers\Msft_User_WpdFs_01_07_00.Wdf
[2010/04/20 21:15:28 | 000,001,753 | ---- | C] () -- C:\Users\Public\Desktop\COMODO Firewall.lnk
[2010/04/11 15:22:59 | 000,000,000 | ---- | C] () -- C:\Windows\nsreg.dat
[2010/04/11 15:22:24 | 000,001,726 | ---- | C] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk
[2010/04/11 12:46:33 | 000,130,008 | ---- | C] () -- C:\Windows\System32\systemsf.ebd
[2010/04/11 12:46:30 | 000,009,239 | ---- | C] () -- C:\Windows\System32\spcinstrumentation.man
[2010/04/11 12:46:23 | 000,442,788 | ---- | C] () -- C:\Windows\System32\dot3.tmf
[2010/04/11 12:46:20 | 000,117,248 | ---- | C] () -- C:\Windows\System32\EhStorAuthn.dll
[2010/04/11 12:46:20 | 000,107,612 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchema.bin
[2010/04/11 12:46:16 | 003,662,128 | ---- | C] () -- C:\Windows\System32\locale.nls
[2010/04/11 12:46:16 | 000,392,170 | ---- | C] () -- C:\Windows\System32\onex.tmf
[2010/04/11 12:46:10 | 000,344,698 | ---- | C] () -- C:\Windows\System32\eaphost.tmf
[2010/04/11 12:45:54 | 000,208,966 | ---- | C] () -- C:\Windows\System32\WFP.TMF
[2010/04/11 12:45:52 | 000,092,918 | ---- | C] () -- C:\Windows\System32\slmgr.vbs
[2010/04/11 12:45:14 | 000,009,212 | ---- | C] () -- C:\Windows\System32\RacUR.xml
[2010/04/11 11:16:12 | 000,000,036 | ---- | C] () -- C:\Users\amandine\AppData\Local\housecall.guid.cache
[2010/04/11 11:04:54 | 000,823,808 | ---- | C] () -- C:\Windows\System32\drivers\sbqlnku.sys
[2009/10/28 14:29:40 | 000,000,940 | ---- | C] () -- C:\Windows\bdoscandellang.ini
[2009/09/20 13:26:47 | 000,000,069 | ---- | C] () -- C:\Windows\NeroDigital.ini
[2009/03/03 05:56:17 | 000,487,424 | ---- | C] () -- C:\Windows\System32\INT15.dll
[2008/12/23 14:07:24 | 001,060,424 | ---- | C] () -- C:\Windows\System32\WdfCoInstaller01000.dll
[2008/12/23 14:06:36 | 000,159,744 | ---- | C] () -- C:\Windows\System32\atitmmxx.dll
[2008/12/23 06:13:31 | 000,000,144 | ---- | C] () -- C:\Windows\RtDefLvl.ini
[2006/11/02 09:40:29 | 000,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini
========== LOP Check ==========
[2009/12/05 13:04:59 | 000,000,000 | ---D | M] -- C:\Users\amandine\AppData\Roaming\LG Electronics
[2009/10/30 20:57:56 | 000,000,000 | ---D | M] -- C:\Users\amandine\AppData\Roaming\PeerNetworking
[2010/04/25 17:16:43 | 000,000,000 | ---D | M] -- C:\Users\amandine\AppData\Roaming\QuickScan
[2010/04/25 21:47:29 | 000,032,614 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT
[2010/04/26 18:19:00 | 000,000,438 | -H-- | M] () -- C:\Windows\Tasks\User_Feed_Synchronization-{56CA4230-6402-45A7-8621-4A439EC0607B}.job
========== Purity Check ==========
========== Custom Scans ==========
< %SYSTEMDRIVE%\*.exe >
< MD5 for: AGP440.SYS >
[2008/01/21 04:32:22 | 000,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Windows\System32\drivers\agp440.sys
[2008/01/21 04:32:22 | 000,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Windows\System32\DriverStore\FileRepository\machine.inf_51b95d75\AGP440.sys
[2008/01/21 04:32:22 | 000,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Windows\System32\DriverStore\FileRepository\machine.inf_f750e484\AGP440.sys
[2008/01/21 04:32:22 | 000,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Windows\winsxs\x86_machine.inf_31bf3856ad364e35_6.0.6001.18000_none_ba12ed3bbeb0d97a\AGP440.sys
[2008/01/21 04:32:22 | 000,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Windows\winsxs\x86_machine.inf_31bf3856ad364e35_6.0.6002.18005_none_bbfe6647bbd2a4c6\AGP440.sys
[2006/11/02 11:49:52 | 000,053,864 | ---- | M] (Microsoft Corporation) MD5=EF23439CDD587F64C2C1B8825CEAD7D8 -- C:\Windows\System32\DriverStore\FileRepository\machine.inf_920a2c1f\AGP440.sys
< MD5 for: AHCIX86S.SYS >
[2008/05/28 20:47:08 | 000,171,016 | R--- | M] (AMD Technologies Inc.) MD5=9879FF9F6A04D660BC245788E1881B00 -- C:\ACER\Preload\Autorun\DRV\ATI VGA M82.MPE.M86.ME\Packages\Drivers\SBDrv\SB7xx\RAID\LH\ahcix86s.sys
< MD5 for: ATAPI.SYS >
[2009/04/11 08:32:26 | 000,019,944 | ---- | M] (Microsoft Corporation) MD5=1F05B78AB91C9075565A9D8A4B880BC4 -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_b12d8e84\atapi.sys
[2009/04/11 08:32:26 | 000,019,944 | ---- | M] (Microsoft Corporation) MD5=1F05B78AB91C9075565A9D8A4B880BC4 -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.0.6002.18005_none_df23a1261eab99e8\atapi.sys
[2008/01/21 04:32:21 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=2D9C903DC76A66813D350A562DE40ED9 -- C:\Windows\System32\drivers\atapi.sys
[2008/01/21 04:32:21 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=2D9C903DC76A66813D350A562DE40ED9 -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_cc18792d\atapi.sys
[2008/01/21 04:32:21 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=2D9C903DC76A66813D350A562DE40ED9 -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.0.6001.18000_none_dd38281a2189ce9c\atapi.sys
[2006/11/02 11:49:36 | 000,019,048 | ---- | M] (Microsoft Corporation) MD5=4F4FCB8B6EA06784FB6D475B7EC7300F -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_c6c2e699\atapi.sys
< MD5 for: CNGAUDIT.DLL >
[2006/11/02 11:46:03 | 000,011,776 | ---- | M] (Microsoft Corporation) MD5=7F15B4953378C8B5161D65C26D5FED4D -- C:\Windows\System32\cngaudit.dll
[2006/11/02 11:46:03 | 000,011,776 | ---- | M] (Microsoft Corporation) MD5=7F15B4953378C8B5161D65C26D5FED4D -- C:\Windows\winsxs\x86_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.0.6000.16386_none_e62d292932a96ce6\cngaudit.dll
< MD5 for: IASTOR.SYS >
[2008/04/15 18:54:16 | 000,388,120 | ---- | M] (Intel Corporation) MD5=8D58627FEF3F8767665D9F4DC91CBD97 -- C:\Program Files\Intel\Intel Matrix Storage Manager\driver64\IaStor.sys
[2008/04/15 18:53:44 | 000,312,344 | ---- | M] (Intel Corporation) MD5=DB0CC620B27A928D968C1A1E9CD9CB87 -- C:\Program Files\Intel\Intel Matrix Storage Manager\driver\IaStor.sys
[2008/04/15 18:53:44 | 000,312,344 | ---- | M] (Intel Corporation) MD5=DB0CC620B27A928D968C1A1E9CD9CB87 -- C:\Windows\System32\drivers\iaStor.sys
[2008/04/15 18:53:44 | 000,312,344 | ---- | M] (Intel Corporation) MD5=DB0CC620B27A928D968C1A1E9CD9CB87 -- C:\Windows\System32\DriverStore\FileRepository\iaahci.inf_77c04a30\iaStor.sys
< MD5 for: IASTORV.SYS >
[2008/01/21 04:32:49 | 000,235,064 | ---- | M] (Intel Corporation) MD5=54155EA1B0DF185878E0FC9EC3AC3A14 -- C:\Windows\System32\drivers\iaStorV.sys
[2008/01/21 04:32:49 | 000,235,064 | ---- | M] (Intel Corporation) MD5=54155EA1B0DF185878E0FC9EC3AC3A14 -- C:\Windows\System32\DriverStore\FileRepository\iastorv.inf_c9df7691\iaStorV.sys
[2008/01/21 04:32:49 | 000,235,064 | ---- | M] (Intel Corporation) MD5=54155EA1B0DF185878E0FC9EC3AC3A14 -- C:\Windows\winsxs\x86_iastorv.inf_31bf3856ad364e35_6.0.6001.18000_none_af11527887c7fa8f\iaStorV.sys
[2006/11/02 11:51:25 | 000,232,040 | ---- | M] (Intel Corporation) MD5=C957BF4B5D80B46C5017BF0101E6C906 -- C:\Windows\System32\DriverStore\FileRepository\iastorv.inf_37cdafa4\iaStorV.sys
< MD5 for: NETLOGON.DLL >
[2009/04/11 08:28:23 | 000,592,896 | ---- | M] (Microsoft Corporation) MD5=95DAECF0FB120A7B5DA679CC54E37DDE -- C:\Windows\System32\netlogon.dll
[2009/04/11 08:28:23 | 000,592,896 | ---- | M] (Microsoft Corporation) MD5=95DAECF0FB120A7B5DA679CC54E37DDE -- C:\Windows\winsxs\x86_microsoft-windows-security-netlogon_31bf3856ad364e35_6.0.6002.18005_none_ffa3304f351bb3a3\netlogon.dll
[2008/01/21 04:33:41 | 000,592,384 | ---- | M] (Microsoft Corporation) MD5=A8EFC0B6E75B789F7FD3BA5025D4E37F -- C:\Windows\winsxs\x86_microsoft-windows-security-netlogon_31bf3856ad364e35_6.0.6001.18000_none_fdb7b74337f9e857\netlogon.dll
< MD5 for: NVSTOR.SYS >
[2006/11/02 11:50:13 | 000,040,040 | ---- | M] (NVIDIA Corporation) MD5=9E0BA19A28C498A6D323D065DB76DFFC -- C:\Windows\System32\DriverStore\FileRepository\nvraid.inf_733654ff\nvstor.sys
[2008/01/21 04:32:47 | 000,045,112 | ---- | M] (NVIDIA Corporation) MD5=ABED0C09758D1D97DB0042DBB2688177 -- C:\Windows\System32\drivers\nvstor.sys
[2008/01/21 04:32:47 | 000,045,112 | ---- | M] (NVIDIA Corporation) MD5=ABED0C09758D1D97DB0042DBB2688177 -- C:\Windows\System32\DriverStore\FileRepository\nvraid.inf_31c3d71d\nvstor.sys
[2008/01/21 04:32:47 | 000,045,112 | ---- | M] (NVIDIA Corporation) MD5=ABED0C09758D1D97DB0042DBB2688177 -- C:\Windows\winsxs\x86_nvraid.inf_31bf3856ad364e35_6.0.6001.18000_none_39dac327befea467\nvstor.sys
< MD5 for: RASACD.SYS >
[2008/01/21 04:34:00 | 000,011,776 | ---- | M] (Microsoft Corporation) MD5=147D7F9C556D259924351FEB0DE606C3 -- C:\Windows\System32\drivers\rasacd.sys
[2008/01/21 04:34:00 | 000,011,776 | ---- | M] (Microsoft Corporation) MD5=147D7F9C556D259924351FEB0DE606C3 -- C:\Windows\winsxs\x86_microsoft-windows-rasautodial_31bf3856ad364e35_6.0.6001.18000_none_0fd9feb665531f63\rasacd.sys
< MD5 for: SCECLI.DLL >
[2008/01/21 04:34:39 | 000,177,152 | ---- | M] (Microsoft Corporation) MD5=28B84EB538F7E8A0FE8B9299D591E0B9 -- C:\Windows\winsxs\x86_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.0.6001.18000_none_380de25bd91b6f12\scecli.dll
[2009/04/11 08:28:24 | 000,177,152 | ---- | M] (Microsoft Corporation) MD5=8FC182167381E9915651267044105EE1 -- C:\Windows\System32\scecli.dll
[2009/04/11 08:28:24 | 000,177,152 | ---- | M] (Microsoft Corporation) MD5=8FC182167381E9915651267044105EE1 -- C:\Windows\winsxs\x86_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.0.6002.18005_none_39f95b67d63d3a5e\scecli.dll
< %systemroot%\*. /mp /s >
< %systemroot%\system32\*.dll /lockedfiles >
[2008/07/04 05:37:48 | 000,421,888 | ---- | M] (Advanced Micro Devices, Inc.) Unable to obtain MD5 -- C:\Windows\System32\ATIDEMGX.dll
[2009/04/11 08:27:47 | 000,241,128 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\System32\rsaenh.dll
[2009/04/11 08:28:23 | 000,228,352 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\System32\SLC.dll
< %systemroot%\Tasks\*.job /lockedfiles >
========== Alternate Data Streams ==========
@Alternate Data Stream - 100 bytes -> C:\ProgramData\TEMP:C31F31E6
OTL logfile created on: 26/04/2010 18:21:03 - Run 1
OTL by OldTimer - Version 3.2.3.0 Folder = C:\Users\amandine\Downloads
Windows Vista Home Basic Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18904)
Locale: 0000040C | Country: France | Language: FRA | Date Format: dd/MM/yyyy
3,00 Gb Total Physical Memory | 2,00 Gb Available Physical Memory | 67,00% Memory free
6,00 Gb Paging File | 5,00 Gb Available in Paging File | 83,00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 285,09 Gb Total Space | 210,57 Gb Free Space | 73,86% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded
Computer Name: PC-DE-AMANDINE
Current User Name: amandine
Logged in as Administrator.
Current Boot Mode: Normal
Scan Mode: All users
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Minimal
========== Processes (SafeList) ==========
PRC - C:\Users\amandine\Downloads\OTL.exe (OldTimer Tools)
PRC - C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe ()
PRC - C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)
PRC - C:\Program Files\COMODO\COMODO livePCsupport\CLPSLS.exe (COMODO)
PRC - C:\program files\avira\antivir desktop\avcenter.exe (Avira GmbH)
PRC - C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe (Google)
PRC - C:\Program Files\Avira\AntiVir Desktop\avguard.exe (Avira GmbH)
PRC - C:\Program Files\Avira\AntiVir Desktop\sched.exe (Avira GmbH)
PRC - C:\Windows\explorer.exe (Microsoft Corporation)
PRC - C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)
PRC - C:\Program Files\CardDetector\HUAWEI160\CardDetector.exe (France Telecom SA)
PRC - C:\PROGRA~1\COMMON~1\France Telecom\Shared Modules\FTRTSVC\0\FTRTSVC.exe (France Telecom SA)
PRC - C:\Windows\RtHDVCpl.exe (Realtek Semiconductor)
PRC - C:\Windows\System32\drivers\o2flash.exe (O2Micro International)
PRC - C:\Program Files\Packard Bell\Packard Bell Recovery Management\Service\ETService.exe ()
PRC - C:\Program Files\PACKARD BELL\SetUpMyPC\SmpSys.exe (Packard Bell BV)
PRC - C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe (Intel Corporation)
PRC - C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe (Intel Corporation)
PRC - C:\Program Files\CyberLink\PowerCinema\Kernel\CLML\CLMLSvc.exe (CyberLink)
PRC - C:\Program Files\CyberLink\PlayMovie\PMVService.exe (CyberLink Corp.)
PRC - C:\Program Files\CyberLink\PowerCinema\PCMAgent.exe (CyberLink Corp.)
PRC - C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
PRC - C:\Program Files\Adobe\Photoshop Elements 6.0\PhotoshopElementsFileAgent.exe ()
PRC - C:\ProgramData\Macrovision\FLEXnet Connect\6\ISUSPM.exe (Macrovision Corporation)
PRC - C:\Program Files\SpywareGuard\sgbhp.exe ()
========== Modules (SafeList) ==========
MOD - C:\Users\amandine\Downloads\OTL.exe (OldTimer Tools)
MOD - C:\Windows\System32\guard32.dll (COMODO)
MOD - C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18005_none_5cb72f96088b0de0\comctl32.dll (Microsoft Corporation)
========== Win32 Services (SafeList) ==========
SRV - (avast! Web Scanner) -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe (ALWIL Software)
SRV - (avast! Mail Scanner) -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe (ALWIL Software)
SRV - (avast! Antivirus) -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe (ALWIL Software)
SRV - (cmdAgent) -- C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe ()
SRV - (CLPSLS) -- C:\Program Files\COMODO\COMODO livePCsupport\CLPSLS.exe (COMODO)
SRV - (GoogleDesktopManager-110309-193829) -- C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe (Google)
SRV - (FontCache) -- C:\Windows\System32\FntCache.dll (Microsoft Corporation)
SRV - (AntiVirService) -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe (Avira GmbH)
SRV - (AntiVirSchedulerService) -- C:\Program Files\Avira\AntiVir Desktop\sched.exe (Avira GmbH)
SRV - (FLEXnet Licensing Service) -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe (Macrovision Europe Ltd.)
SRV - (FTRTSVC) -- C:\PROGRA~1\COMMON~1\France Telecom\Shared Modules\FTRTSVC\0\FTRTSVC.exe (France Telecom SA)
SRV - (o2flash) -- C:\Windows\System32\drivers\o2flash.exe (O2Micro International)
SRV - (ETService) -- C:\Program Files\Packard Bell\Packard Bell Recovery Management\Service\ETService.exe ()
SRV - (IAANTMON) Intel(R) -- C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe (Intel Corporation)
SRV - (ezSharedSvc) -- C:\Windows\System32\ezsvc7.dll (EasyBits Sofware AS)
SRV - (WinDefend) -- C:\Program Files\Windows Defender\mpsvc.dll (Microsoft Corporation)
SRV - (AdobeActiveFileMonitor6.0) -- C:\Program Files\Adobe\Photoshop Elements 6.0\PhotoshopElementsFileAgent.exe ()
========== Driver Services (SafeList) ==========
DRV - (aswTdi) -- C:\Windows\System32\drivers\aswTdi.sys (ALWIL Software)
DRV - (aswSP) -- C:\Windows\System32\drivers\aswSP.sys (ALWIL Software)
DRV - (aswRdr) -- C:\Windows\System32\drivers\aswRdr.sys (ALWIL Software)
DRV - (aswMonFlt) -- C:\Windows\System32\drivers\aswMonFlt.sys (ALWIL Software)
DRV - (aswFsBlk) -- C:\Windows\System32\drivers\aswFsBlk.sys (ALWIL Software)
DRV - (inspect) -- C:\Windows\System32\drivers\inspect.sys (COMODO)
DRV - (cmdHlp) -- C:\Windows\System32\drivers\cmdhlp.sys (COMODO)
DRV - (cmdGuard) -- C:\Windows\System32\drivers\cmdGuard.sys (COMODO)
DRV - (pctNDIS) -- C:\Windows\System32\drivers\pctNdis.sys (PC Tools)
DRV - (avgntflt) -- C:\Windows\System32\drivers\avgntflt.sys (Avira GmbH)
DRV - (ssmdrv) -- C:\Windows\System32\drivers\ssmdrv.sys (Avira GmbH)
DRV - (avipbb) -- C:\Windows\System32\drivers\avipbb.sys (Avira GmbH)
DRV - (avgio) -- C:\Program Files\Avira\AntiVir Desktop\avgio.sys (Avira GmbH)
DRV - (IntcAzAudAddService) Service for Realtek HD Audio (WDM) -- C:\Windows\System32\drivers\RTKVHDA.sys (Realtek Semiconductor Corp.)
DRV - (O2MDRDR) -- C:\Windows\System32\drivers\o2media.sys (O2Micro )
DRV - (hwusbfake) -- C:\Windows\System32\drivers\ewusbfake.sys (Huawei Technologies Co., Ltd.)
DRV - (RTL8169) -- C:\Windows\System32\drivers\Rtlh86.sys (Realtek Corporation )
DRV - (int15) -- C:\Windows\System32\drivers\int15.sys (Acer, Inc.)
DRV - (atikmdag) -- C:\Windows\System32\drivers\atikmdag.sys (ATI Technologies Inc.)
DRV - (PCAMp50) -- C:\Windows\System32\drivers\PCAMp50.sys (Printing Communications Assoc., Inc. (PCAUSA))
DRV - (PCASp50) -- C:\Windows\System32\drivers\PCASp50.sys (Printing Communications Assoc., Inc. (PCAUSA))
DRV - (RTHDMIAzAudService) -- C:\Windows\System32\drivers\RtHDMIV.sys (Realtek Semiconductor Corp.)
DRV - (O2SDRDR) -- C:\Windows\System32\drivers\o2sd.sys (O2Micro )
DRV - (hwdatacard) -- C:\Windows\System32\drivers\ewusbmdm.sys (Huawei Technologies Co., Ltd.)
DRV - (iaStor) -- C:\Windows\system32\DRIVERS\iaStor.sys (Intel Corporation)
DRV - ({49DE1C67-83F8-4102-99E0-C16DCC7EEC796}) -- C:\Program Files\CyberLink\PlayMovie\000.fcl (Cyberlink Corp.)
DRV - (adpu320) -- C:\Windows\system32\drivers\adpu320.sys (Adaptec, Inc.)
DRV - (megasas) -- C:\Windows\system32\drivers\megasas.sys (LSI Corporation)
DRV - (MegaSR) -- C:\Windows\system32\drivers\megasr.sys (LSI Corporation, Inc.)
DRV - (adpu160m) -- C:\Windows\system32\drivers\adpu160m.sys (Adaptec, Inc.)
DRV - (SiSRaid4) -- C:\Windows\system32\drivers\sisraid4.sys (Silicon Integrated Systems)
DRV - (HpCISSs) -- C:\Windows\system32\drivers\hpcisss.sys (Hewlett-Packard Company)
DRV - (adpahci) -- C:\Windows\system32\drivers\adpahci.sys (Adaptec, Inc.)
DRV - (LSI_SAS) -- C:\Windows\system32\drivers\lsi_sas.sys (LSI Logic)
DRV - (ql2300) -- C:\Windows\system32\drivers\ql2300.sys (QLogic Corporation)
DRV - (E1G60) Intel(R) -- C:\Windows\System32\drivers\E1G60I32.sys (Intel Corporation)
DRV - (arcsas) -- C:\Windows\system32\drivers\arcsas.sys (Adaptec, Inc.)
DRV - (iaStorV) -- C:\Windows\system32\drivers\iastorv.sys (Intel Corporation)
DRV - (vsmraid) -- C:\Windows\system32\drivers\vsmraid.sys (VIA Technologies Inc.,Ltd)
DRV - (ulsata2) -- C:\Windows\system32\drivers\ulsata2.sys (Promise Technology, Inc.)
DRV - (LSI_FC) -- C:\Windows\system32\drivers\lsi_fc.sys (LSI Logic)
DRV - (arc) -- C:\Windows\system32\drivers\arc.sys (Adaptec, Inc.)
DRV - (elxstor) -- C:\Windows\system32\drivers\elxstor.sys (Emulex)
DRV - (LSI_SCSI) -- C:\Windows\system32\drivers\lsi_scsi.sys (LSI Logic)
DRV - (nvraid) -- C:\Windows\system32\drivers\nvraid.sys (NVIDIA Corporation)
DRV - (nvstor) -- C:\Windows\system32\drivers\nvstor.sys (NVIDIA Corporation)
DRV - (adp94xx) -- C:\Windows\system32\drivers\adp94xx.sys (Adaptec, Inc.)
DRV - (uliahci) -- C:\Windows\system32\drivers\uliahci.sys (ULi Electronics Inc.)
DRV - (viaide) -- C:\Windows\system32\drivers\viaide.sys (VIA Technologies, Inc.)
DRV - (cmdide) -- C:\Windows\system32\drivers\cmdide.sys (CMD Technology, Inc.)
DRV - (aliide) -- C:\Windows\system32\drivers\aliide.sys (Acer Laboratories Inc.)
DRV - (RTL8187B) -- C:\Windows\System32\drivers\RTL8187B.sys (Realtek Semiconductor Corporation )
DRV - (UsbDiag) -- C:\Windows\System32\drivers\lgusbdiag.sys (LG Electronics Inc.)
DRV - (USBModem) -- C:\Windows\System32\drivers\lgusbmodem.sys (LG Electronics Inc.)
DRV - (usbbus) -- C:\Windows\System32\drivers\lgusbbus.sys (LG Electronics Inc.)
DRV - (SynTP) -- C:\Windows\System32\drivers\SynTP.sys (Synaptics, Inc.)
DRV - (ql40xx) -- C:\Windows\system32\drivers\ql40xx.sys (QLogic Corporation)
DRV - (UlSata) -- C:\Windows\system32\drivers\ulsata.sys (Promise Technology, Inc.)
DRV - (nfrd960) -- C:\Windows\system32\drivers\nfrd960.sys (IBM Corporation)
DRV - (iirsp) -- C:\Windows\system32\drivers\iirsp.sys (Intel Corp./ICP vortex GmbH)
DRV - (aic78xx) -- C:\Windows\system32\drivers\djsvs.sys (Adaptec, Inc.)
DRV - (iteraid) -- C:\Windows\system32\drivers\iteraid.sys (Integrated Technology Express, Inc.)
DRV - (iteatapi) -- C:\Windows\system32\drivers\iteatapi.sys (Integrated Technology Express, Inc.)
DRV - (Symc8xx) -- C:\Windows\system32\drivers\symc8xx.sys (LSI Logic)
DRV - (Sym_u3) -- C:\Windows\system32\drivers\sym_u3.sys (LSI Logic)
DRV - (Mraid35x) -- C:\Windows\system32\drivers\mraid35x.sys (LSI Logic Corporation)
DRV - (Sym_hi) -- C:\Windows\system32\drivers\sym_hi.sys (LSI Logic)
DRV - (Brserid) Brother MFC Serial Port Interface Driver (WDM) -- C:\Windows\system32\drivers\brserid.sys (Brother Industries Ltd.)
DRV - (BrUsbSer) -- C:\Windows\system32\drivers\brusbser.sys (Brother Industries Ltd.)
DRV - (BrFiltUp) -- C:\Windows\system32\drivers\brfiltup.sys (Brother Industries, Ltd.)
DRV - (BrFiltLo) -- C:\Windows\system32\drivers\brfiltlo.sys (Brother Industries, Ltd.)
DRV - (BrSerWdm) -- C:\Windows\system32\drivers\brserwdm.sys (Brother Industries Ltd.)
DRV - (BrUsbMdm) -- C:\Windows\system32\drivers\brusbmdm.sys (Brother Industries Ltd.)
DRV - (ntrigdigi) -- C:\Windows\system32\drivers\ntrigdigi.sys (N-trig Innovative Technologies)
========== Standard Registry (SafeList) ==========
========== Internet Explorer ==========
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://homepage.packardbell.com/rdr.asp ... ynote_ml65
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://homepage.packardbell.com/rdr.asp ... ynote_ml65
IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://homepage.packardbell.com/rdr.asp ... ynote_ml65
IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1
IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://homepage.packardbell.com/rdr.asp ... ynote_ml65
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://homepage.packardbell.com/rdr.asp ... ynote_ml65
IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1
IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://homepage.packardbell.com/rdr.asp ... ynote_ml65
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-24509639-3969130996-1665101780-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://homepage.packardbell.com/rdr.asp ... ynote_ml65
IE - HKU\S-1-5-21-24509639-3969130996-1665101780-1000\SOFTWARE\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1
IE - HKU\S-1-5-21-24509639-3969130996-1665101780-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.fr/ig?sourceid=navcli ... r&ie=UTF-8
IE - HKU\S-1-5-21-24509639-3969130996-1665101780-1000\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKU\S-1-5-21-24509639-3969130996-1665101780-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
========== FireFox ==========
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.3\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010/04/11 15:22:23 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.3\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010/04/19 12:04:41 | 000,000,000 | ---D | M]
[2010/04/11 15:23:05 | 000,000,000 | ---D | M] -- C:\Users\amandine\AppData\Roaming\mozilla\Extensions
[2010/04/26 18:16:40 | 000,000,000 | ---D | M] -- C:\Users\amandine\AppData\Roaming\mozilla\Firefox\Profiles\7egagw4q.default\extensions
[2010/04/11 15:23:47 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\amandine\AppData\Roaming\mozilla\Firefox\Profiles\7egagw4q.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2010/04/25 09:44:33 | 000,000,000 | ---D | M] (No name found) -- C:\Users\amandine\AppData\Roaming\mozilla\Firefox\Profiles\7egagw4q.default\extensions\{e001c731-5e37-4538-a5cb-8168736a2360}
[2010/04/11 15:22:22 | 000,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions
[2010/04/01 19:07:29 | 000,001,516 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazon-france.xml
[2010/04/01 19:07:29 | 000,001,822 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\cnrtl-tlfi-fr.xml
[2010/04/01 19:07:29 | 000,000,757 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay-france.xml
[2010/04/01 19:07:29 | 000,001,426 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia-fr.xml
[2010/04/01 19:07:29 | 000,000,956 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo-france.xml
O1 HOSTS File: ([2006/09/18 23:41:30 | 000,000,761 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2 - BHO: (SpywareGuardDLBLOCK.CBrowserHelper) - {4A368E80-174F-4872-96B5-0B27DDD11DB2} - C:\Program Files\SpywareGuard\dlprotect.dll ()
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O2 - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.5.4723.1820\swg.dll (Google Inc.)
O3 - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O3 - HKU\S-1-5-21-24509639-3969130996-1665101780-1000\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)
O4 - HKLM..\Run: [BEWINTERNET-FR-DMGP-V2SessionManager] C:\Program Files\Orange\IEWInternet\SessionManager\SessionManager.exe (France Telecom SA)
O4 - HKLM..\Run: [CardDetectorHUAWEI160] C:\Program Files\CardDetector\HUAWEI160\CardDetector.exe (France Telecom SA)
O4 - HKLM..\Run: [CLMLServer] C:\Program Files\CyberLink\PowerCinema\Kernel\CLML\CLMLSvc.exe (CyberLink)
O4 - HKLM..\Run: [COMODO Internet Security] C:\Program Files\COMODO\COMODO Internet Security\cfp.exe (COMODO)
O4 - HKLM..\Run: [eRecoveryService] File not found
O4 - HKLM..\Run: [Google Desktop Search] C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe (Google)
O4 - HKLM..\Run: [IAAnotif] C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe (Intel Corporation)
O4 - HKLM..\Run: [Malwarebytes Anti-Malware (reboot)] C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [Malwarebytes Anti-Malware (rootkit-scan)] C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [PCMAgent] C:\Program Files\CyberLink\PowerCinema\PCMAgent.exe (CyberLink Corp.)
O4 - HKLM..\Run: [PlayMovie] C:\Program Files\CyberLink\PlayMovie\PMVService.exe (CyberLink Corp.)
O4 - HKLM..\Run: [RtHDVCpl] C:\Windows\RtHDVCpl.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [Skytel] C:\Windows\SkyTel.exe (Realtek Semiconductor Corp.)
O4 - HKLM..\Run: [SmpcSys] C:\Program Files\Packard Bell\SetupMyPC\SmpSys.exe (Packard Bell BV)
O4 - HKLM..\Run: [StartCCC] C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
O4 - HKU\S-1-5-19..\Run: [WindowsWelcomeCenter] C:\Windows\System32\oobefldr.dll (Microsoft Corporation)
O4 - HKU\S-1-5-20..\Run: [WindowsWelcomeCenter] C:\Windows\System32\oobefldr.dll (Microsoft Corporation)
O4 - HKU\S-1-5-21-24509639-3969130996-1665101780-1000..\Run: [ISUSPM] C:\ProgramData\Macrovision\FLEXnet Connect\6\ISUSPM.exe (Macrovision Corporation)
O4 - HKU\S-1-5-21-24509639-3969130996-1665101780-1000..\Run: [SmpcSys] C:\Program Files\PACKARD BELL\SetUpMyPC\SmpSys.exe (Packard Bell BV)
O4 - HKU\S-1-5-21-24509639-3969130996-1665101780-1000..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (Google Inc.)
O4 - Startup: C:\Users\amandine\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\SpywareGuard.lnk = C:\Program Files\SpywareGuard\sgmain.exe ()
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O8 - Extra context menu item: Google Sidewiki... - C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_96D6FF0C6D236BF8.dll (Google Inc.)
O9 - Extra Button: Envoyer à OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : &Envoyer à OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL (Microsoft Corporation)
O13 - gopher Prefix: missing
O15 - HKU\S-1-5-21-24509639-3969130996-1665101780-1000\..Trusted Domains: localhost ([]http in Local intranet)
O15 - HKU\S-1-5-21-24509639-3969130996-1665101780-1000\..Trusted Ranges: GD ([http] in Local intranet)
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} http://download.bitdefender.com/resourc ... oscan8.cab (BDSCANONLINE Control)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 212.27.40.240 212.27.40.241
O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\WI1F86~1\MESSEN~1\MSGRAP~1.DLL (Microsoft Corporation)
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll (Microsoft Corporation)
O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\WI1F86~1\MESSEN~1\MSGRAP~1.DLL (Microsoft Corporation)
O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20 - AppInit_DLLs: (c:\progra~1\google\google~1\goec62~1.dll) - c:\progra~1\google\google~1\goec62~1.dll (Google)
O20 - AppInit_DLLs: (C:\Windows\system32\guard32.dll) - C:\Windows\System32\guard32.dll (COMODO)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKU\S-1-5-21-24509639-3969130996-1665101780-1000 Winlogon: Shell - (C:\Users\amandine\csrss.exe) - C:\Users\amandine\csrss.exe File not found
O20 - HKU\S-1-5-21-24509639-3969130996-1665101780-1000 Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKU\S-1-5-21-24509639-3969130996-1665101780-1000 Winlogon: Shell - (C:\Users\amandine\AppData\Roaming\nisgw.exe) - C:\Users\amandine\AppData\Roaming\nisgw.exe File not found
O24 - Desktop WallPaper: C:\Users\amandine\AppData\Roaming\Microsoft\Windows Photo Gallery\Papier peint de la Galerie de photos Windows.jpg
O24 - Desktop BackupWallPaper: C:\Users\amandine\AppData\Roaming\Microsoft\Windows Photo Gallery\Papier peint de la Galerie de photos Windows.jpg
O28 - HKLM ShellExecuteHooks: {81559C35-8464-49F7-BB0E-07A383BEF910} - C:\Program Files\SpywareGuard\spywareguard.dll ()
O28 - HKLM ShellExecuteHooks: {E54729E8-BB3D-4270-9D49-7389EA579090} - C:\Windows\System32\ezUPBHook.dll (EasyBits Software Corp.)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006/09/18 23:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O33 - MountPoints2\{4f143388-aad1-11de-87fc-00238b608da8}\Shell - "" = AutoRun
O33 - MountPoints2\{4f143388-aad1-11de-87fc-00238b608da8}\Shell\AutoRun\command - "" = E:\AutoRunCardDetector.exe -- File not found
O33 - MountPoints2\{4ff79618-aace-11de-9cfc-00238b608da8}\Shell - "" = AutoRun
O33 - MountPoints2\{4ff79618-aace-11de-9cfc-00238b608da8}\Shell\AutoRun\command - "" = E:\AutoRunCardDetector.exe -- File not found
O33 - MountPoints2\{5047d072-ab6a-11de-833f-00238b608da8}\Shell - "" = AutoRun
O33 - MountPoints2\{5047d072-ab6a-11de-833f-00238b608da8}\Shell\AutoRun\command - "" = E:\AutoRunCardDetector.exe -- File not found
O33 - MountPoints2\{60384be9-bb3b-11de-aa6b-00238b608da8}\Shell\AutoRun\command - "" = SEVEBOMBA/gasgas.exe
O33 - MountPoints2\{60384be9-bb3b-11de-aa6b-00238b608da8}\Shell\open\command - "" = SEVEBOMBA/gasgas.exe
O33 - MountPoints2\{6bb5cb72-aad7-11de-be24-00238b608da8}\Shell - "" = AutoRun
O33 - MountPoints2\{6bb5cb72-aad7-11de-be24-00238b608da8}\Shell\AutoRun\command - "" = E:\AutoRunCardDetector.exe -- File not found
O33 - MountPoints2\{6c9492ba-aac6-11de-bad7-00238b608da8}\Shell - "" = AutoRun
O33 - MountPoints2\{6c9492ba-aac6-11de-bad7-00238b608da8}\Shell\AutoRun\command - "" = E:\AutoRunCardDetector.exe -- File not found
O33 - MountPoints2\{854701b7-ab5e-11de-8c73-0017c46ebb86}\Shell - "" = AutoRun
O33 - MountPoints2\{854701b7-ab5e-11de-8c73-0017c46ebb86}\Shell\AutoRun\command - "" = E:\AutoRunCardDetector.exe -- File not found
O33 - MountPoints2\{8af469be-aac8-11de-86d0-00238b608da8}\Shell - "" = AutoRun
O33 - MountPoints2\{8af469be-aac8-11de-86d0-00238b608da8}\Shell\AutoRun\command - "" = E:\AutoRunCardDetector.exe -- File not found
O33 - MountPoints2\{ad184d24-ff65-11de-984b-00238b608da8}\Shell\AutoRun\command - "" = olu392qj.exe
O33 - MountPoints2\{ad184d24-ff65-11de-984b-00238b608da8}\Shell\open\Command - "" = olu392qj.exe
O33 - MountPoints2\{ad184d32-ff65-11de-984b-00238b608da8}\Shell - "" = AutoRun
O33 - MountPoints2\{ad184d32-ff65-11de-984b-00238b608da8}\Shell\AutoRun\command - "" = E:\StartVMCLite.exe -- File not found
O33 - MountPoints2\{b00c9e72-ab9f-11de-8ac5-0017c46ebb86}\Shell - "" = AutoRun
O33 - MountPoints2\{b00c9e72-ab9f-11de-8ac5-0017c46ebb86}\Shell\AutoRun\command - "" = E:\AutoRunCardDetector.exe -- File not found
O33 - MountPoints2\{b9329ad3-aad3-11de-9635-00238b608da8}\Shell - "" = AutoRun
O33 - MountPoints2\{b9329ad3-aad3-11de-9635-00238b608da8}\Shell\AutoRun\command - "" = E:\AutoRunCardDetector.exe -- File not found
O33 - MountPoints2\{ce69d4e8-c2d8-11de-9e71-00238b608da8}\Shell - "" = AutoRun
O33 - MountPoints2\{ce69d4e8-c2d8-11de-9e71-00238b608da8}\Shell\AutoRun\command - "" = E:\StartVMCLite.exe -- File not found
O33 - MountPoints2\{ce69d4f2-c2d8-11de-9e71-00238b608da8}\Shell - "" = AutoRun
O33 - MountPoints2\{ce69d4f2-c2d8-11de-9e71-00238b608da8}\Shell\AutoRun\command - "" = E:\StartVMCLite.exe -- File not found
O33 - MountPoints2\{d32df013-ab91-11de-b50b-0017c46ebb86}\Shell - "" = AutoRun
O33 - MountPoints2\{d32df013-ab91-11de-b50b-0017c46ebb86}\Shell\AutoRun\command - "" = E:\AutoRunCardDetector.exe -- File not found
O33 - MountPoints2\{f5be7331-37fe-11df-bbd5-ac95439dbbeb}\Shell - "" = AutoRun
O33 - MountPoints2\{f5be7331-37fe-11df-bbd5-ac95439dbbeb}\Shell\AutoRun\command - "" = F:\LaunchU3.exe -- File not found
O33 - MountPoints2\E\Shell - "" = AutoRun
O33 - MountPoints2\E\Shell\AutoRun\command - "" = E:\StartVMCLite.exe -- File not found
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
NetSvcs: FastUserSwitchingCompatibility - File not found
NetSvcs: Ias - C:\Windows\System32\ias [2009/10/27 23:18:52 | 000,000,000 | ---D | M]
NetSvcs: Nla - File not found
NetSvcs: Ntmssvc - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: SRService - File not found
NetSvcs: Wmi - C:\Windows\System32\wmi.dll (Microsoft Corporation)
NetSvcs: WmdmPmSp - File not found
NetSvcs: LogonHours - File not found
NetSvcs: PCAudit - File not found
NetSvcs: helpsvc - File not found
NetSvcs: uploadmgr - File not found
NetSvcs: ezSharedSvc - C:\Windows\System32\ezsvc7.dll (EasyBits Sofware AS)
========== Files/Folders - Created Within 30 Days ==========
[2010/04/25 16:47:36 | 000,000,000 | ---D | C] -- C:\Program Files\ZHPDiag
[2010/04/25 15:02:19 | 000,096,104 | ---- | C] (Avira GmbH) -- C:\Windows\System32\drivers\avipbb.sys
[2010/04/25 15:02:19 | 000,056,816 | ---- | C] (Avira GmbH) -- C:\Windows\System32\drivers\avgntflt.sys
[2010/04/25 15:02:18 | 000,028,520 | ---- | C] (Avira GmbH) -- C:\Windows\System32\drivers\ssmdrv.sys
[2010/04/25 15:02:17 | 000,000,000 | ---D | C] -- C:\ProgramData\Avira
[2010/04/25 15:02:17 | 000,000,000 | ---D | C] -- C:\Program Files\Avira
[2010/04/25 14:38:17 | 000,162,768 | ---- | C] (ALWIL Software) -- C:\Windows\System32\drivers\aswSP.sys
[2010/04/25 14:38:17 | 000,023,376 | ---- | C] (ALWIL Software) -- C:\Windows\System32\drivers\aswRdr.sys
[2010/04/25 14:38:17 | 000,019,024 | ---- | C] (ALWIL Software) -- C:\Windows\System32\drivers\aswFsBlk.sys
[2010/04/25 14:38:16 | 000,046,672 | ---- | C] (ALWIL Software) -- C:\Windows\System32\drivers\aswTdi.sys
[2010/04/25 14:38:15 | 000,051,792 | ---- | C] (ALWIL Software) -- C:\Windows\System32\drivers\aswMonFlt.sys
[2010/04/25 14:37:53 | 000,153,184 | ---- | C] (ALWIL Software) -- C:\Windows\System32\aswBoot.exe
[2010/04/25 14:37:53 | 000,038,848 | ---- | C] (ALWIL Software) -- C:\Windows\System32\avastSS.scr
[2010/04/25 14:37:35 | 000,000,000 | ---D | C] -- C:\Program Files\Alwil Software
[2010/04/25 12:05:13 | 000,000,000 | ---D | C] -- C:\ProgramData\Alwil Software
[2010/04/25 09:44:37 | 000,000,000 | ---D | C] -- C:\Users\amandine\AppData\Roaming\QuickScan
[2010/04/22 18:16:33 | 000,000,000 | ---D | C] -- C:\Windows\System32\DRVSTORE
[2010/04/22 18:15:06 | 000,000,000 | ---D | C] -- C:\ProgramData\Lavasoft
[2010/04/22 18:15:06 | 000,000,000 | ---D | C] -- C:\Program Files\Lavasoft
[2010/04/22 18:10:38 | 000,000,000 | ---D | C] -- C:\Program Files\SpywareGuard
[2010/04/22 17:50:48 | 000,000,000 | ---D | C] -- C:\Program Files\CCleaner
[2010/04/22 03:19:09 | 000,000,000 | ---D | C] -- C:\Program Files\Windows Portable Devices
[2010/04/22 03:03:17 | 001,164,800 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\UIRibbonRes.dll
[2010/04/22 03:03:17 | 000,092,672 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\UIAnimation.dll
[2010/04/22 03:03:16 | 003,023,360 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\UIRibbon.dll
[2010/04/22 03:02:55 | 000,369,664 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WMPhoto.dll
[2010/04/22 03:02:54 | 000,829,440 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3d10warp.dll
[2010/04/22 03:02:54 | 000,037,888 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\cdd.dll
[2010/04/22 03:02:54 | 000,026,112 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\printfilterpipelineprxy.dll
[2010/04/22 03:02:53 | 000,974,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WindowsCodecs.dll
[2010/04/22 03:02:53 | 000,828,928 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d2d1.dll
[2010/04/22 03:02:53 | 000,667,648 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\printfilterpipelinesvc.exe
[2010/04/22 03:02:53 | 000,321,024 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\PhotoMetadataHandler.dll
[2010/04/22 03:02:53 | 000,280,064 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\XpsGdiConverter.dll
[2010/04/22 03:02:53 | 000,252,928 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dxdiag.exe
[2010/04/22 03:02:53 | 000,195,584 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dxdiagn.dll
[2010/04/22 03:02:53 | 000,189,440 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WindowsCodecsExt.dll
[2010/04/22 03:02:53 | 000,135,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\XpsRasterService.dll
[2010/04/22 03:02:52 | 001,554,432 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\xpsservices.dll
[2010/04/22 03:02:52 | 001,064,448 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\DWrite.dll
[2010/04/22 03:02:52 | 000,847,360 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\OpcServices.dll
[2010/04/22 03:02:52 | 000,793,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\FntCache.dll
[2010/04/22 03:02:52 | 000,519,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3d11.dll
[2010/04/22 03:02:52 | 000,486,912 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3d10level9.dll
[2010/04/22 03:02:52 | 000,481,792 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dxgi.dll
[2010/04/22 03:02:52 | 000,351,232 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\XpsPrint.dll
[2010/04/22 03:02:52 | 000,218,112 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3d10_1core.dll
[2010/04/22 03:02:52 | 000,190,464 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3d10core.dll
[2010/04/22 03:02:52 | 000,161,280 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3d10_1.dll
[2010/04/22 03:02:51 | 001,030,144 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3d10.dll
[2010/04/22 03:02:25 | 000,031,232 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\BthMtpContextHandler.dll
[2010/04/22 03:02:25 | 000,030,208 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WPDShextAutoplay.exe
[2010/04/22 03:02:20 | 000,060,928 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\PortableDeviceConnectApi.dll
[2010/04/22 03:02:18 | 000,061,952 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WpdMtpUS.dll
[2010/04/22 03:02:18 | 000,033,280 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WpdConns.dll
[2010/04/22 03:02:17 | 000,546,816 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wpd_ci.dll
[2010/04/22 03:02:17 | 000,350,208 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WPDSp.dll
[2010/04/22 03:02:17 | 000,334,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\PortableDeviceApi.dll
[2010/04/22 03:02:17 | 000,226,816 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WpdMtp.dll
[2010/04/22 03:02:17 | 000,196,608 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\PortableDeviceWMDRM.dll
[2010/04/22 03:02:17 | 000,160,256 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\PortableDeviceTypes.dll
[2010/04/22 03:02:17 | 000,100,864 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\PortableDeviceClassExtension.dll
[2010/04/22 03:01:28 | 000,004,096 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\oleaccrc.dll
[2010/04/22 03:01:27 | 000,555,520 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\UIAutomationCore.dll
[2010/04/22 00:18:57 | 001,696,256 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\gameux.dll
[2010/04/22 00:18:55 | 000,028,672 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\Apphlpdm.dll
[2010/04/22 00:18:54 | 004,240,384 | ---- | C] (Microsoft) -- C:\Windows\System32\GameUXLegacyGDFs.dll
[2010/04/21 08:01:00 | 000,000,000 | ---D | C] -- C:\Windows\System32\vi-VN
[2010/04/21 08:01:00 | 000,000,000 | ---D | C] -- C:\Windows\System32\eu-ES
[2010/04/21 08:01:00 | 000,000,000 | ---D | C] -- C:\Windows\System32\ca-ES
[2010/04/20 22:03:23 | 000,000,000 | ---D | C] -- C:\Windows\BDOSCAN8
[2010/04/20 21:57:30 | 000,000,000 | ---D | C] -- C:\ProgramData\COMODO
[2010/04/20 21:12:49 | 000,000,000 | ---D | C] -- C:\Program Files\COMODO
[2010/04/20 21:10:26 | 000,000,000 | ---D | C] -- C:\ProgramData\Comodo Downloader
[2010/04/20 20:17:53 | 000,000,000 | ---D | C] -- C:\Users\amandine\AppData\Roaming\Nero
[2010/04/17 16:44:19 | 000,420,352 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\vbscript.dll
[2010/04/17 16:44:08 | 003,548,040 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ntoskrnl.exe
[2010/04/17 16:44:07 | 003,600,776 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ntkrnlpa.exe
[2010/04/17 16:43:58 | 000,220,672 | ---- | C] (Fraunhofer Institut Integrierte Schaltungen IIS) -- C:\Windows\System32\l3codecp.acm
[2010/04/17 16:43:58 | 000,062,464 | ---- | C] (Fraunhofer Institut Integrierte Schaltungen IIS) -- C:\Windows\System32\l3codeca.acm
[2010/04/17 16:37:55 | 000,293,376 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\browserchoice.exe
[2010/04/11 15:22:33 | 000,000,000 | ---D | C] -- C:\Users\amandine\AppData\Roaming\Mozilla
[2010/04/11 15:22:33 | 000,000,000 | ---D | C] -- C:\Users\amandine\AppData\Local\Mozilla
[2010/04/11 15:22:20 | 000,000,000 | ---D | C] -- C:\Program Files\Mozilla Firefox
[2010/04/11 14:22:54 | 000,000,000 | ---D | C] -- C:\Windows\System32\EventProviders
[2010/04/11 12:56:04 | 000,000,000 | ---D | C] -- C:\ProgramData\Sunbelt
[2010/04/11 12:52:35 | 015,165,792 | ---- | C] (Sunbelt Software ) -- C:\Users\amandine\Desktop\counterspy.exe
[2010/04/11 12:47:10 | 012,240,896 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\NlsLexicons0007.dll
[2010/04/11 12:47:07 | 001,081,344 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\SLCExt.dll
[2010/04/11 12:47:04 | 002,134,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\FunctionDiscoveryFolder.dll
[2010/04/11 12:47:04 | 000,065,536 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\DevicePairingWizard.exe
[2010/04/11 12:47:02 | 002,644,480 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\NlsLexicons0009.dll
[2010/04/11 12:47:00 | 001,480,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mssrch.dll
[2010/04/11 12:46:58 | 001,576,960 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\tquery.dll
[2010/04/11 12:46:58 | 000,684,032 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\spsys.sys
[2010/04/11 12:46:57 | 000,779,136 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\PresentationNative_v0300.dll
[2010/04/11 12:46:56 | 000,928,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\scavenge.dll
[2010/04/11 12:46:54 | 002,241,536 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msi.dll
[2010/04/11 12:46:53 | 000,677,376 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\imapi2fs.dll
[2010/04/11 12:46:52 | 000,968,192 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wcnwiz2.dll
[2010/04/11 12:46:52 | 000,291,328 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WscEapPr.dll
[2010/04/11 12:46:51 | 000,619,864 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\icardagt.exe
[2010/04/11 12:46:50 | 000,114,176 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\EhStorShell.dll
[2010/04/11 12:46:49 | 000,112,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\spreview.exe
[2010/04/11 12:46:48 | 000,978,432 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drmv2clt.dll
[2010/04/11 12:46:48 | 000,289,792 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\spinstall.exe
[2010/04/11 12:46:47 | 000,438,744 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mcupdate_GenuineIntel.dll
[2010/04/11 12:46:47 | 000,164,352 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\spwizui.dll
[2010/04/11 12:46:45 | 000,670,720 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mssvp.dll
[2010/04/11 12:46:45 | 000,378,368 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\imapi2.dll
[2010/04/11 12:46:45 | 000,351,744 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mssph.dll
[2010/04/11 12:46:45 | 000,203,264 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mssphtb.dll
[2010/04/11 12:46:44 | 000,324,608 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\sdohlp.dll
[2010/04/11 12:46:43 | 001,459,200 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\esent.dll
[2010/04/11 12:46:43 | 000,729,600 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\IMJP10K.DLL
[2010/04/11 12:46:43 | 000,478,208 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\DevicePairing.dll
[2010/04/11 12:46:42 | 000,190,464 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\sperror.dll
[2010/04/11 12:46:42 | 000,143,872 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\korwbrkr.dll
[2010/04/11 12:46:41 | 000,463,872 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\IasMigReader.exe
[2010/04/11 12:46:41 | 000,228,352 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\SLC.dll
[2010/04/11 12:46:41 | 000,041,344 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\PresentationHostProxy.dll
[2010/04/11 12:46:40 | 000,231,424 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msshsq.dll
[2010/04/11 12:46:38 | 001,589,248 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msjet40.dll
[2010/04/11 12:46:37 | 001,381,376 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\Query.dll
[2010/04/11 12:46:37 | 000,883,712 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\IMJP10.IME
[2010/04/11 12:46:36 | 001,078,784 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\diagperf.dll
[2010/04/11 12:46:36 | 000,409,600 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msexch40.dll
[2010/04/11 12:46:36 | 000,327,168 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\P2PGraph.dll
[2010/04/11 12:46:35 | 000,986,600 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\winload.exe
[2010/04/11 12:46:35 | 000,301,568 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\srchadmin.dll
[2010/04/11 12:46:34 | 001,792,512 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mmc.exe
[2010/04/11 12:46:34 | 000,950,272 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mblctr.exe
[2010/04/11 12:46:34 | 000,454,144 | ---- | C] (Microsoft) -- C:\Windows\System32\IasMigPlugin.dll
[2010/04/11 12:46:34 | 000,428,544 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\EncDec.dll
[2010/04/11 12:46:34 | 000,203,264 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\uDWM.dll
[2010/04/11 12:46:33 | 000,880,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\RacEngn.dll
[2010/04/11 12:46:33 | 000,466,944 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\riched20.dll
[2010/04/11 12:46:33 | 000,088,064 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\fdBth.dll
[2010/04/11 12:46:31 | 002,012,160 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\milcore.dll
[2010/04/11 12:46:31 | 001,112,064 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\CertEnroll.dll
[2010/04/11 12:46:31 | 000,160,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\spoolss.dll
[2010/04/11 12:46:31 | 000,120,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\EhStorAPI.dll
[2010/04/11 12:46:30 | 000,805,376 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\NaturalLanguage6.dll
[2010/04/11 12:46:29 | 003,217,408 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WinSAT.exe
[2010/04/11 12:46:29 | 000,950,784 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\gpedit.dll
[2010/04/11 12:46:29 | 000,406,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msvcp60.dll
[2010/04/11 12:46:29 | 000,290,816 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msjtes40.dll
[2010/04/11 12:46:29 | 000,099,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\infocardapi.dll
[2010/04/11 12:46:28 | 000,710,144 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\Magnify.exe
[2010/04/11 12:46:28 | 000,282,624 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mstext40.dll
[2010/04/11 12:46:27 | 000,339,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msexcl40.dll
[2010/04/11 12:46:27 | 000,217,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\psisrndr.ax
[2010/04/11 12:46:27 | 000,067,584 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\slwmi.dll
[2010/04/11 12:46:26 | 001,555,456 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WindowsAnytimeUpgradeCPL.dll
[2010/04/11 12:46:26 | 001,209,856 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\comsvcs.dll
[2010/04/11 12:46:26 | 000,454,656 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msxbde40.dll
[2010/04/11 12:46:25 | 001,985,024 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\authui.dll
[2010/04/11 12:46:24 | 000,643,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msrepl40.dll
[2010/04/11 12:46:24 | 000,640,512 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\bthprops.cpl
[2010/04/11 12:46:24 | 000,469,504 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\newdev.dll
[2010/04/11 12:46:24 | 000,323,952 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\PresentationHost.exe
[2010/04/11 12:46:23 | 002,926,592 | ---- | C] (Microsoft Corporation) -- C:\Windows\explorer.exe
[2010/04/11 12:46:23 | 000,205,824 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\eudcedit.exe
[2010/04/11 12:46:23 | 000,119,296 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iasrecst.dll
[2010/04/11 12:46:23 | 000,102,816 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\PresentationCFFRasterizerNative_v0300.dll
[2010/04/11 12:46:22 | 000,368,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mspbde40.dll
[2010/04/11 12:46:21 | 001,788,416 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3d9.dll
[2010/04/11 12:46:21 | 000,061,440 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\davclnt.dll
[2010/04/11 12:46:20 | 001,135,104 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mfc42.dll
[2010/04/11 12:46:20 | 000,344,064 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msrd3x40.dll
[2010/04/11 12:46:20 | 000,241,664 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msltus40.dll
[2010/04/11 12:46:20 | 000,037,376 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\EhStorPwdMgr.dll
[2010/04/11 12:46:19 | 001,053,696 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msdtctm.dll
[2010/04/11 12:46:19 | 000,250,368 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wevtapi.dll
[2010/04/11 12:46:19 | 000,136,192 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\nlhtml.dll
[2010/04/11 12:46:16 | 000,614,376 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ci.dll
[2010/04/11 12:46:16 | 000,483,328 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\samsrv.dll
[2010/04/11 12:46:16 | 000,443,392 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\win32spl.dll
[2010/04/11 12:46:15 | 000,582,144 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\SLCommDlg.dll
[2010/04/11 12:46:15 | 000,165,376 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WcnNetsh.dll
[2010/04/11 12:46:14 | 001,730,560 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\apds.dll
[2010/04/11 12:46:14 | 000,057,856 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\compcln.exe
[2010/04/11 12:46:13 | 000,618,496 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mswstr10.dll
[2010/04/11 12:46:12 | 000,223,208 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\netio.sys
[2010/04/11 12:46:12 | 000,056,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\xmlfilter.dll
[2010/04/11 12:46:10 | 001,160,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mfc42u.dll
[2010/04/11 12:46:10 | 000,524,288 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\sqlsrv32.dll
[2010/04/11 12:46:10 | 000,361,984 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\SLUI.exe
[2010/04/11 12:46:10 | 000,319,488 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msrd2x40.dll
[2010/04/11 12:46:10 | 000,183,808 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\eapphost.dll
[2010/04/11 12:46:09 | 000,926,184 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\winresume.exe
[2010/04/11 12:46:09 | 000,409,600 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\odbc32.dll
[2010/04/11 12:46:09 | 000,071,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\propdefs.dll
[2010/04/11 12:46:07 | 001,856,512 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dbgeng.dll
[2010/04/11 12:46:07 | 000,163,840 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wevtutil.exe
[2010/04/11 12:46:07 | 000,087,040 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mssitlb.dll
[2010/04/11 12:46:05 | 002,167,808 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mmcndmgr.dll
[2010/04/11 12:46:04 | 000,592,896 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\netlogon.dll
[2010/04/11 12:46:04 | 000,378,368 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\devmgr.dll
[2010/04/11 12:46:04 | 000,194,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drvinst.exe
[2010/04/11 12:46:04 | 000,084,992 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msctfp.dll
[2010/04/11 12:46:04 | 000,035,328 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msscb.dll
[2010/04/11 12:46:04 | 000,009,728 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\fdBthProxy.dll
[2010/04/11 12:46:03 | 001,533,440 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wcnwiz.dll
[2010/04/11 12:46:03 | 000,485,888 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\evr.dll
[2010/04/11 12:46:03 | 000,199,168 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\adsldpc.dll
[2010/04/11 12:46:03 | 000,054,784 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\DevicePairingProxy.dll
[2010/04/11 12:46:02 | 001,382,912 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WMVSDECD.DLL
[2010/04/11 12:46:02 | 000,124,928 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\quick.ime
[2010/04/11 12:46:02 | 000,124,928 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\qintlgnt.ime
[2010/04/11 12:46:02 | 000,124,928 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\phon.ime
[2010/04/11 12:46:02 | 000,124,928 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\cintlgnt.ime
[2010/04/11 12:46:02 | 000,124,928 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\chajei.ime
[2010/04/11 12:46:01 | 001,143,296 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wercon.exe
[2010/04/11 12:46:01 | 000,617,984 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\adtschema.dll
[2010/04/11 12:46:01 | 000,041,984 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mimefilt.dll
[2010/04/11 12:46:00 | 000,856,064 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mswdat10.dll
[2010/04/11 12:46:00 | 000,560,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msdtcprx.dll
[2010/04/11 12:46:00 | 000,396,288 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ipsmsnap.dll
[2010/04/11 12:46:00 | 000,323,584 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\certcli.dll
[2010/04/11 12:46:00 | 000,061,952 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\reg.exe
[2010/04/11 12:46:00 | 000,061,440 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msjter40.dll
[2010/04/11 12:46:00 | 000,038,400 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\rtffilt.dll
[2010/04/11 12:45:59 | 000,996,352 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WMNetMgr.dll
[2010/04/11 12:45:59 | 000,799,744 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\certutil.exe
[2010/04/11 12:45:59 | 000,035,168 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\infocardcpl.cpl
[2010/04/11 12:45:58 | 000,704,512 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\PhotoScreensaver.scr
[2010/04/11 12:45:58 | 000,274,432 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\bcrypt.dll
[2010/04/11 12:45:58 | 000,226,304 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\usbport.sys
[2010/04/11 12:45:58 | 000,060,416 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msscntrs.dll
[2010/04/11 12:45:58 | 000,011,776 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msshooks.dll
[2010/04/11 12:45:57 | 000,332,800 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msihnd.dll
[2010/04/11 12:45:57 | 000,241,128 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\rsaenh.dll
[2010/04/11 12:45:57 | 000,150,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\MMDevAPI.dll
[2010/04/11 12:45:57 | 000,043,008 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msstrc.dll
[2010/04/11 12:45:57 | 000,035,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\TsWpfWrp.exe
[2010/04/11 12:45:56 | 000,310,272 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mtxclu.dll
[2010/04/11 12:45:56 | 000,153,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\fundisc.dll
[2010/04/11 12:45:56 | 000,130,560 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dhcpcsvc6.dll
[2010/04/11 12:45:56 | 000,122,368 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\inetpp.dll
[2010/04/11 12:45:56 | 000,080,720 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mscories.dll
[2010/04/11 12:45:55 | 000,343,040 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wmicmiplugin.dll
[2010/04/11 12:45:54 | 001,020,928 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wdc.dll
[2010/04/11 12:45:54 | 000,125,928 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\Classpnp.sys
[2010/04/11 12:45:54 | 000,107,520 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\imapi.dll
[2010/04/11 12:45:53 | 001,823,744 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\pnidui.dll
[2010/04/11 12:45:53 | 001,671,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\chsbrkr.dll
[2010/04/11 12:45:53 | 000,252,928 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iassdo.dll
[2010/04/11 12:45:53 | 000,093,696 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\Kswdmcap.ax
[2010/04/11 12:45:53 | 000,009,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\icardres.dll
[2010/04/11 12:45:52 | 000,636,416 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\autofmt.exe
[2010/04/11 12:45:52 | 000,050,664 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\PSHED.DLL
[2010/04/11 12:45:52 | 000,035,304 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\crashdmp.sys
[2010/04/11 12:45:51 | 000,757,248 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\azroles.dll
[2010/04/11 12:45:51 | 000,633,856 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\CertEnrollUI.dll
[2010/04/11 12:45:51 | 000,242,176 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\pdh.dll
[2010/04/11 12:45:51 | 000,122,344 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\Storport.sys
[2010/04/11 12:45:50 | 002,205,184 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\SyncCenter.dll
[2010/04/11 12:45:50 | 001,107,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\pidgenx.dll
[2010/04/11 12:45:50 | 000,867,328 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wmpmde.dll
[2010/04/11 12:45:50 | 000,389,632 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\sysmon.ocx
[2010/04/11 12:45:49 | 000,593,408 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\comuid.dll
[2010/04/11 12:45:48 | 001,502,720 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\certmgr.dll
[2010/04/11 12:45:48 | 000,627,200 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\sethc.exe
[2010/04/11 12:45:48 | 000,324,096 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\untfs.dll
[2010/04/11 12:45:48 | 000,204,288 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ncrypt.dll
[2010/04/11 12:45:48 | 000,182,272 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iassam.dll
[2010/04/11 12:45:48 | 000,180,224 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\scrobj.dll
[2010/04/11 12:45:48 | 000,017,896 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\kd1394.dll
[2010/04/11 12:45:47 | 000,413,696 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\imkr80.ime
[2010/04/11 12:45:47 | 000,270,336 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\taskcomp.dll
[2010/04/11 12:45:47 | 000,244,224 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wisptis.exe
[2010/04/11 12:45:47 | 000,099,816 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\FWPKCLNT.SYS
[2010/04/11 12:45:47 | 000,036,352 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\rtutils.dll
[2010/04/11 12:45:46 | 000,656,896 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\autoconv.exe
[2010/04/11 12:45:46 | 000,375,808 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\winsrv.dll
[2010/04/11 12:45:46 | 000,150,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iasnap.dll
[2010/04/11 12:45:45 | 001,541,120 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\onex.dll
[2010/04/11 12:45:45 | 000,273,920 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wow32.dll
[2010/04/11 12:45:45 | 000,135,168 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\cscript.exe
[2010/04/11 12:45:45 | 000,130,024 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\basecsp.dll
[2010/04/11 12:45:45 | 000,088,576 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\audiodg.exe
[2010/04/11 12:45:45 | 000,027,624 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\Dumpata.sys
[2010/04/11 12:45:45 | 000,017,384 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\kdcom.dll
[2010/04/11 12:45:44 | 000,340,992 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\RelMon.dll
[2010/04/11 12:45:44 | 000,182,272 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\osk.exe
[2010/04/11 12:45:44 | 000,019,944 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\kdusb.dll
[2010/04/11 12:45:44 | 000,013,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\spcmsg.dll
[2010/04/11 12:45:43 | 000,860,160 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WerFaultSecure.exe
[2010/04/11 12:45:43 | 000,612,864 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\rdpencom.dll
[2010/04/11 12:45:43 | 000,564,224 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msftedit.dll
[2010/04/11 12:45:43 | 000,194,560 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\offfilt.dll
[2010/04/11 12:45:43 | 000,115,712 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WinSCard.dll
[2010/04/11 12:45:41 | 000,638,976 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\Utilman.exe
[2010/04/11 12:45:41 | 000,230,912 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\diskraid.exe
[2010/04/11 12:45:41 | 000,217,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WerFault.exe
[2010/04/11 12:45:41 | 000,208,896 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mfplat.dll
[2010/04/11 12:45:41 | 000,029,184 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wsepno.dll
[2010/04/11 12:45:40 | 000,551,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\prnntfy.dll
[2010/04/11 12:45:40 | 000,391,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mscms.dll
[2010/04/11 12:45:40 | 000,197,632 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\SndVol.exe
[2010/04/11 12:45:40 | 000,179,712 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msnetobj.dll
[2010/04/11 12:45:40 | 000,114,688 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\odbccp32.dll
[2010/04/11 12:45:40 | 000,103,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\sysclass.dll
[2010/04/11 12:45:40 | 000,075,264 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\adsmsext.dll
[2010/04/11 12:45:40 | 000,047,104 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iasdatastore.dll
[2010/04/11 12:45:39 | 000,444,416 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dsound.dll
[2010/04/11 12:45:39 | 000,223,744 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wscntfy.dll
[2010/04/11 12:45:39 | 000,181,760 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\pnpsetup.dll
[2010/04/11 12:45:39 | 000,099,840 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ulib.dll
[2010/04/11 12:45:39 | 000,091,648 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\IPHLPAPI.DLL
[2010/04/11 12:45:39 | 000,069,632 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\rastapi.dll
[2010/04/11 12:45:39 | 000,024,064 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\fdProxy.dll
[2010/04/11 12:45:38 | 001,342,464 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\brcpl.dll
[2010/04/11 12:45:38 | 000,759,296 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ipsecsnp.dll
[2010/04/11 12:45:38 | 000,507,904 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\vdsdyn.dll
[2010/04/11 12:45:38 | 000,399,360 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wlangpui.dll
[2010/04/11 12:45:38 | 000,119,808 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\diskpart.exe
[2010/04/11 12:45:38 | 000,075,264 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\gpapi.dll
[2010/04/11 12:45:38 | 000,070,656 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iashlpr.dll
[2010/04/11 12:45:38 | 000,057,344 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\logman.exe
[2010/04/11 12:45:37 | 001,575,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WMVENCOD.DLL
[2010/04/11 12:45:37 | 000,286,720 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\rasapi32.dll
[2010/04/11 12:45:37 | 000,216,064 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ntprint.dll
[2010/04/11 12:45:37 | 000,155,456 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mscorier.dll
[2010/04/11 12:45:36 | 002,225,664 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\netcenter.dll
[2010/04/11 12:45:36 | 001,580,544 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wpccpl.dll
[2010/04/11 12:45:36 | 000,158,208 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iasrad.dll
[2010/04/11 12:45:36 | 000,140,800 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wusa.exe
[2010/04/11 12:45:36 | 000,060,928 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\findstr.exe
[2010/04/11 12:45:35 | 001,152,000 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\themecpl.dll
[2010/04/11 12:45:35 | 000,876,032 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wer.dll
[2010/04/11 12:45:35 | 000,825,856 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\rasdlg.dll
[2010/04/11 12:45:35 | 000,076,288 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iassvcs.dll
[2010/04/11 12:45:35 | 000,050,688 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wsnmp32.dll
[2010/04/11 12:45:34 | 000,777,216 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\slcc.dll
[2010/04/11 12:45:34 | 000,245,760 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\scansetting.dll
[2010/04/11 12:45:34 | 000,163,328 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msutb.dll
[2010/04/11 12:45:34 | 000,135,168 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wshom.ocx
[2010/04/11 12:45:34 | 000,098,816 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\powrprof.dll
[2010/04/11 12:45:34 | 000,084,992 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mstlsapi.dll
[2010/04/11 12:45:34 | 000,057,344 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iasads.dll
[2010/04/11 12:45:34 | 000,033,280 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mssprxy.dll
[2010/04/11 12:45:33 | 003,072,000 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\networkmap.dll
[2010/04/11 12:45:33 | 001,248,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\PerfCenterCPL.dll
[2010/04/11 12:45:33 | 000,723,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\powercpl.dll
[2010/04/11 12:45:33 | 000,149,504 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\ks.sys
[2010/04/11 12:45:33 | 000,058,880 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iasacct.dll
[2010/04/11 12:45:32 | 002,515,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\accessibilitycpl.dll
[2010/04/11 12:45:32 | 001,645,568 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\connect.dll
[2010/04/11 12:45:32 | 001,224,192 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\sud.dll
[2010/04/11 12:45:32 | 000,842,240 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\systemcpl.dll
[2010/04/11 12:45:32 | 000,464,384 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\pcaui.dll
[2010/04/11 12:45:32 | 000,074,752 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\newdev.exe
[2010/04/11 12:45:31 | 001,671,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wlanpref.dll
[2010/04/11 12:45:31 | 001,123,840 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\usercpl.dll
[2010/04/11 12:45:31 | 000,516,608 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\autoplay.dll
[2010/04/11 12:45:31 | 000,497,152 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\qdvd.dll
[2010/04/11 12:45:31 | 000,127,488 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\rpchttp.dll
[2010/04/11 12:45:31 | 000,089,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\pintlgnt.ime
[2010/04/11 12:45:31 | 000,067,584 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\regapi.dll
[2010/04/11 12:45:31 | 000,052,224 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mmci.dll
[2010/04/11 12:45:30 | 000,532,992 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wpcao.dll
[2010/04/11 12:45:30 | 000,408,064 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msinfo32.exe
[2010/04/11 12:45:30 | 000,306,176 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\scesrv.dll
[2010/04/11 12:45:30 | 000,293,376 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\psisdecd.dll
[2010/04/11 12:45:30 | 000,140,288 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\scksp.dll
[2010/04/11 12:45:30 | 000,128,000 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\vdsutil.dll
[2010/04/11 12:45:30 | 000,115,712 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\AudioSes.dll
[2010/04/11 12:45:30 | 000,097,792 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\oleprn.dll
[2010/04/11 12:45:30 | 000,054,272 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\feclient.dll
[2010/04/11 12:45:29 | 001,689,600 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wscui.cpl
[2010/04/11 12:45:29 | 001,169,408 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\sdclt.exe
[2010/04/11 12:45:29 | 000,542,208 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\pnpui.dll
[2010/04/11 12:45:29 | 000,505,344 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\qedit.dll
[2010/04/11 12:45:29 | 000,445,952 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ncryptui.dll
[2010/04/11 12:45:29 | 000,407,040 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dpapimig.exe
[2010/04/11 12:45:29 | 000,147,456 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\Faultrep.dll
[2010/04/11 12:45:29 | 000,075,264 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dot3msm.dll
[2010/04/11 12:45:29 | 000,043,520 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\rekeywiz.exe
[2010/04/11 12:45:29 | 000,033,792 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iaspolcy.dll
[2010/04/11 12:45:29 | 000,031,744 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\perfdisk.dll
[2010/04/11 12:45:29 | 000,026,112 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\DeviceEject.exe
[2010/04/11 12:45:29 | 000,017,920 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wscisvif.dll
[2010/04/11 12:45:28 | 000,642,560 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\rasgcw.dll
[2010/04/11 12:45:28 | 000,595,456 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\FWPUCLNT.DLL
[2010/04/11 12:45:28 | 000,376,832 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\rasplap.dll
[2010/04/11 12:45:28 | 000,215,552 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\certreq.exe
[2010/04/11 12:45:28 | 000,177,152 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\scecli.dll
[2010/04/11 12:45:28 | 000,134,656 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\SmartcardCredentialProvider.dll
[2010/04/11 12:45:28 | 000,080,384 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\hdwwiz.exe
[2010/04/11 12:45:28 | 000,038,400 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\TSTheme.exe
[2010/04/11 12:45:28 | 000,011,776 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\spwinsat.dll
[2010/04/11 12:45:27 | 000,170,496 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\tcpipcfg.dll
[2010/04/11 12:45:27 | 000,167,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\portcls.sys
[2010/04/11 12:45:27 | 000,135,168 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\tcpmon.dll
[2010/04/11 12:45:27 | 000,067,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\fdWSD.dll
[2010/04/11 12:45:27 | 000,058,368 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\PnPUnattend.exe
[2010/04/11 12:45:27 | 000,049,152 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\cmmon32.exe
[2010/04/11 12:45:27 | 000,031,232 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\whealogr.dll
[2010/04/11 12:45:27 | 000,025,856 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\USBCAMD2.sys
[2010/04/11 12:45:27 | 000,025,856 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\USBCAMD.sys
[2010/04/11 12:45:26 | 000,547,840 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wiaaut.dll
[2010/04/11 12:45:26 | 000,481,792 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\cmdial32.dll
[2010/04/11 12:45:26 | 000,378,368 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\srcore.dll
[2010/04/11 12:45:26 | 000,281,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\raschap.dll
[2010/04/11 12:45:26 | 000,280,064 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\unimdm.tsp
[2010/04/11 12:45:26 | 000,069,120 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\conime.exe
[2010/04/11 12:45:25 | 002,153,472 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\oobefldr.dll
[2010/04/11 12:45:25 | 000,657,408 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WMVXENCD.DLL
[2010/04/11 12:45:25 | 000,425,472 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\shwebsvc.dll
[2010/04/11 12:45:25 | 000,259,584 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\rasppp.dll
[2010/04/11 12:45:25 | 000,202,752 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wlanui.dll
[2010/04/11 12:45:25 | 000,137,728 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dsprop.dll
[2010/04/11 12:45:25 | 000,054,784 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dimsroam.dll
[2010/04/11 12:45:25 | 000,033,280 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\PnPutil.exe
[2010/04/11 12:45:24 | 006,103,040 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\chtbrkr.dll
[2010/04/11 12:45:24 | 000,533,504 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wmdrmsdk.dll
[2010/04/11 12:45:24 | 000,288,256 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\modemui.dll
[2010/04/11 12:45:24 | 000,218,624 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mscandui.dll
[2010/04/11 12:45:24 | 000,155,136 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\rasmontr.dll
[2010/04/11 12:45:24 | 000,101,376 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\shsetup.dll
[2010/04/11 12:45:24 | 000,045,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dataclen.dll
[2010/04/11 12:45:23 | 000,542,720 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\blackbox.dll
[2010/04/11 12:45:23 | 000,303,616 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wmpeffects.dll
[2010/04/11 12:45:23 | 000,178,176 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\credui.dll
[2010/04/11 12:45:23 | 000,177,664 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WSDMon.dll
[2010/04/11 12:45:23 | 000,107,008 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\rdpwsx.dll
[2010/04/11 12:45:23 | 000,083,456 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wlgpclnt.dll
[2010/04/11 12:45:22 | 002,226,688 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\networkexplorer.dll
[2010/04/11 12:45:22 | 000,414,208 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msscp.dll
[2010/04/11 12:45:22 | 000,217,600 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\InkEd.dll
[2010/04/11 12:45:22 | 000,128,000 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\gpresult.exe
[2010/04/11 12:45:22 | 000,113,664 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\rmcast.sys
[2010/04/11 12:45:22 | 000,094,720 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\logagent.exe
[2010/04/11 12:45:22 | 000,058,368 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\cipher.exe
[2010/04/11 12:45:22 | 000,033,280 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wscapi.dll
[2010/04/11 12:45:22 | 000,031,232 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msimtf.dll
[2010/04/11 12:45:22 | 000,029,696 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ifmon.dll
[2010/04/11 12:45:21 | 000,356,864 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\MediaMetadataHandler.dll
[2010/04/11 12:45:21 | 000,313,344 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\thawbrkr.dll
[2010/04/11 12:45:21 | 000,284,672 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drmmgrtn.dll
[2010/04/11 12:45:21 | 000,177,664 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mpg2splt.ax
[2010/04/11 12:45:21 | 000,125,952 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\softkbd.dll
[2010/04/11 12:45:21 | 000,105,472 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dmsynth.dll
[2010/04/11 12:45:21 | 000,085,504 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msctfui.dll
[2010/04/11 12:45:21 | 000,033,280 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\watchdog.sys
[2010/04/11 12:45:20 | 000,200,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\input.dll
[2010/04/11 12:45:20 | 000,185,856 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\SLLUA.exe
[2010/04/11 12:45:20 | 000,166,400 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\puiapi.dll
[2010/04/11 12:45:20 | 000,097,792 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mprapi.dll
[2010/04/11 12:45:20 | 000,080,896 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\MSNP.ax
[2010/04/11 12:45:20 | 000,020,992 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ExplorerFrame.dll
[2010/04/11 12:45:20 | 000,019,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\fc.exe
[2010/04/11 12:45:20 | 000,016,384 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msisip.dll
[2010/04/11 12:45:19 | 000,187,904 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\eapp3hst.dll
[2010/04/11 12:45:19 | 000,125,952 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\tintlgnt.ime
[2010/04/11 12:45:19 | 000,101,888 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dmusic.dll
[2010/04/11 12:45:19 | 000,083,456 | ---- | C] (Microsoft) -- C:\Windows\System32\SMBHelperClass.dll
[2010/04/11 12:45:19 | 000,068,096 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\fdSSDP.dll
[2010/04/11 12:45:19 | 000,048,128 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\l2nacp.dll
[2010/04/11 12:45:19 | 000,041,984 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ftp.exe
[2010/04/11 12:45:19 | 000,031,744 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\cscapi.dll
[2010/04/11 12:45:19 | 000,024,576 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msjint40.dll
[2010/04/11 12:45:19 | 000,020,992 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wsdchngr.dll
[2010/04/11 12:45:19 | 000,019,456 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\MsCtfMonitor.dll
[2010/04/11 12:45:18 | 000,135,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\eappcfg.dll
[2010/04/11 12:45:18 | 000,093,696 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\eappgnui.dll
[2010/04/11 12:45:18 | 000,082,944 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\nslookup.exe
[2010/04/11 12:45:18 | 000,069,120 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\fdWCN.dll
[2010/04/11 12:45:18 | 000,063,488 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\tscupgrd.exe
[2010/04/11 12:45:18 | 000,055,808 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\Storprop.dll
[2010/04/11 12:45:18 | 000,052,736 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\rasdiag.dll
[2010/04/11 12:45:18 | 000,049,664 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dot3cfg.dll
[2010/04/11 12:45:18 | 000,045,568 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\bthci.dll
[2010/04/11 12:45:18 | 000,042,496 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\slcinst.dll
[2010/04/11 12:45:18 | 000,039,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\networkitemfactory.dll
[2010/04/11 12:45:18 | 000,034,304 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\bthudtask.exe
[2010/04/11 12:45:18 | 000,026,624 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ipconfig.exe
[2010/04/11 12:45:18 | 000,016,896 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\rasdial.exe
[2010/04/11 12:45:18 | 000,010,752 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\CHxReadingStringIME.dll
[2010/04/11 12:45:17 | 000,069,632 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\PNPXAssoc.dll
[2010/04/11 12:45:17 | 000,053,760 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\fdeploy.dll
[2010/04/11 12:45:17 | 000,041,472 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\hbaapi.dll
[2010/04/11 12:45:17 | 000,039,424 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\hidclass.sys
[2010/04/11 12:45:17 | 000,035,840 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ocsetup.exe
[2010/04/11 12:45:17 | 000,028,672 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\FwRemoteSvr.dll
[2010/04/11 12:45:17 | 000,012,800 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mmcico.dll
[2010/04/11 12:45:16 | 000,046,080 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\csrstub.exe
[2010/04/11 12:45:16 | 000,044,032 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\cbsra.exe
[2010/04/11 12:45:16 | 000,031,744 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\bitsigd.dll
[2010/04/11 12:45:16 | 000,016,896 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\gpupdate.exe
[2010/04/11 12:45:15 | 000,019,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\NcdProp.dll
[2010/04/11 12:45:15 | 000,016,384 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iscsilog.dll
[2010/04/11 12:45:14 | 000,076,288 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\dxg.sys
[2010/04/11 12:45:14 | 000,040,960 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\odbcconf.dll
[2010/04/11 12:45:14 | 000,019,456 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\Diskdump.sys
[2010/04/11 12:45:14 | 000,017,408 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\vdmdbg.dll
[2010/04/11 12:45:14 | 000,015,360 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\inetppui.dll
[2010/04/11 12:45:14 | 000,012,288 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\slwga.dll
[2010/04/11 12:45:13 | 000,052,992 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\stream.sys
[2010/04/11 12:45:13 | 000,033,280 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\RNDISMP.sys
[2010/04/11 12:45:12 | 000,015,872 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\usb8023.sys
[2010/04/11 12:45:11 | 000,007,168 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\f3ahvoas.dll
[2010/04/11 12:45:11 | 000,002,560 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msimsg.dll
[2010/04/11 12:44:49 | 000,705,536 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\SmiEngine.dll
[2010/04/11 12:44:45 | 000,218,624 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wdscore.dll
[2010/04/11 12:44:45 | 000,130,560 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\PkgMgr.exe
[2010/04/11 12:44:34 | 000,247,808 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drvstore.dll
[2010/04/09 01:26:12 | 000,277,240 | ---- | C] (COMODO) -- C:\Windows\System32\guard32.dll
[2010/04/09 01:25:30 | 000,074,408 | ---- | C] (COMODO) -- C:\Windows\System32\drivers\inspect.sys
[2010/04/09 01:25:30 | 000,030,112 | ---- | C] (COMODO) -- C:\Windows\System32\drivers\cmdhlp.sys
[2010/04/09 01:25:28 | 000,218,560 | ---- | C] (COMODO) -- C:\Windows\System32\drivers\cmdGuard.sys
[2010/04/09 01:25:28 | 000,016,744 | ---- | C] (COMODO) -- C:\Windows\System32\drivers\cmderd.sys
[2010/04/04 13:05:27 | 000,594,432 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeeds.dll
[2010/04/04 13:05:26 | 001,469,440 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\inetcpl.cpl
[2010/04/04 13:05:26 | 000,611,840 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mstime.dll
[2010/04/04 13:05:26 | 000,387,584 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iedkcs32.dll
[2010/04/04 13:05:26 | 000,184,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iepeers.dll
[2010/04/04 13:05:26 | 000,164,352 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieui.dll
[2010/04/04 13:05:26 | 000,133,632 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieUnatt.exe
[2010/04/04 13:05:25 | 000,173,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ie4uinit.exe
[2010/04/04 13:05:25 | 000,109,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iesysprep.dll
[2010/04/04 13:05:25 | 000,071,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iesetup.dll
[2010/04/04 13:05:25 | 000,055,296 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeedsbs.dll
[2010/04/04 13:05:25 | 000,025,600 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jsproxy.dll
[2010/04/04 13:05:25 | 000,013,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeedssync.exe
[2010/04/04 13:05:22 | 001,638,912 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mshtml.tlb
[2010/04/04 13:05:22 | 000,055,808 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iernonce.dll
[2010/03/27 21:18:11 | 000,726,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jscript.dll
[2010/03/27 21:18:02 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\tzres.dll
[2010/03/27 21:17:44 | 000,526,336 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\RMActivate_isv.exe
[2010/03/27 21:17:44 | 000,518,144 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\RMActivate.exe
[2010/03/27 21:17:43 | 000,471,552 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\secproc_isv.dll
[2010/03/27 21:17:43 | 000,471,552 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\secproc.dll
[2010/03/27 21:17:42 | 000,347,136 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\RMActivate_ssp.exe
[2010/03/27 21:17:42 | 000,346,624 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\RMActivate_ssp_isv.exe
[2010/03/27 21:17:41 | 000,332,288 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msdrm.dll
[2010/03/27 21:17:41 | 000,152,576 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\secproc_ssp_isv.dll
[2010/03/27 21:17:41 | 000,152,064 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\secproc_ssp.dll
========== Files - Modified Within 30 Days ==========
[2010/04/26 18:23:40 | 003,407,872 | -HS- | M] () -- C:\Users\amandine\ntuser.dat
[2010/04/26 18:23:14 | 000,823,808 | ---- | M] () -- C:\Windows\System32\drivers\sbqlnku.sys
[2010/04/26 18:19:00 | 000,000,438 | -H-- | M] () -- C:\Windows\tasks\User_Feed_Synchronization-{56CA4230-6402-45A7-8621-4A439EC0607B}.job
[2010/04/26 18:11:00 | 000,001,054 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2010/04/26 18:08:20 | 001,478,524 | ---- | M] () -- C:\Windows\System32\PerfStringBackup.INI
[2010/04/26 18:08:20 | 000,672,322 | ---- | M] () -- C:\Windows\System32\perfh00C.dat
[2010/04/26 18:08:20 | 000,590,082 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2010/04/26 18:08:20 | 000,124,434 | ---- | M] () -- C:\Windows\System32\perfc00C.dat
[2010/04/26 18:08:20 | 000,102,094 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2010/04/26 18:03:44 | 000,001,050 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2010/04/26 18:03:35 | 000,000,000 | ---- | M] () -- C:\Windows\System32\LogConfigTemp.xml
[2010/04/26 18:03:32 | 000,003,216 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2010/04/26 18:03:32 | 000,003,216 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2010/04/26 18:03:32 | 000,000,006 | -H-- | M] () -- C:\Windows\tasks\SA.DAT
[2010/04/26 18:03:25 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2010/04/26 18:03:21 | 3215,560,704 | -HS- | M] () -- C:\hiberfil.sys
[2010/04/25 21:47:27 | 000,524,288 | -HS- | M] () -- C:\Users\amandine\NTUSER.DAT{d8932e6d-6a6f-11db-b6ab-a038f15a5785}.TMContainer00000000000000000001.regtrans-ms
[2010/04/25 21:47:27 | 000,065,536 | -HS- | M] () -- C:\Users\amandine\NTUSER.DAT{d8932e6d-6a6f-11db-b6ab-a038f15a5785}.TM.blf
[2010/04/25 21:47:18 | 002,369,877 | -H-- | M] () -- C:\Users\amandine\AppData\Local\IconCache.db
[2010/04/25 20:27:53 | 000,000,069 | ---- | M] () -- C:\Windows\NeroDigital.ini
[2010/04/25 15:02:27 | 000,001,849 | ---- | M] () -- C:\Users\Public\Desktop\Avira AntiVir Control Center.lnk
[2010/04/25 14:42:20 | 241,658,792 | ---- | M] () -- C:\Windows\MEMORY.DMP
[2010/04/25 14:38:17 | 000,001,842 | ---- | M] () -- C:\Users\Public\Desktop\avast! Free Antivirus.lnk
[2010/04/25 14:38:15 | 000,002,577 | ---- | M] () -- C:\Windows\System32\config.nt
[2010/04/24 08:39:59 | 000,038,270 | ---- | M] () -- C:\Users\amandine\Documents\cc_20100424_083946.reg
[2010/04/23 18:04:02 | 000,001,356 | ---- | M] () -- C:\Users\amandine\AppData\Local\d3d9caps.dat
[2010/04/22 18:13:08 | 000,035,840 | ---- | M] () -- C:\Users\amandine\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010/04/22 18:10:38 | 000,000,798 | ---- | M] () -- C:\Users\amandine\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\SpywareGuard.lnk
[2010/04/22 18:10:38 | 000,000,794 | ---- | M] () -- C:\Users\amandine\Desktop\SpywareGuard LiveUpdate.lnk
[2010/04/22 18:10:38 | 000,000,762 | ---- | M] () -- C:\Users\amandine\Desktop\SpywareGuard.lnk
[2010/04/22 17:50:50 | 000,001,672 | ---- | M] () -- C:\Users\amandine\Desktop\CCleaner.lnk
[2010/04/22 03:19:02 | 000,000,000 | -H-- | M] () -- C:\Windows\System32\drivers\Msft_User_WpdMtpDr_01_07_00.Wdf
[2010/04/22 03:18:44 | 000,000,000 | -H-- | M] () -- C:\Windows\System32\drivers\Msft_User_WpdFs_01_07_00.Wdf
[2010/04/21 08:04:49 | 000,384,608 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2010/04/20 21:15:28 | 000,001,753 | ---- | M] () -- C:\Users\Public\Desktop\COMODO Firewall.lnk
[2010/04/19 12:04:42 | 000,001,889 | ---- | M] () -- C:\Users\Public\Desktop\Adobe Reader 9.lnk
[2010/04/14 18:47:23 | 000,038,848 | ---- | M] (ALWIL Software) -- C:\Windows\System32\avastSS.scr
[2010/04/14 18:47:03 | 000,153,184 | ---- | M] (ALWIL Software) -- C:\Windows\System32\aswBoot.exe
[2010/04/14 18:35:47 | 000,046,672 | ---- | M] (ALWIL Software) -- C:\Windows\System32\drivers\aswTdi.sys
[2010/04/14 18:35:25 | 000,162,768 | ---- | M] (ALWIL Software) -- C:\Windows\System32\drivers\aswSP.sys
[2010/04/14 18:31:39 | 000,023,376 | ---- | M] (ALWIL Software) -- C:\Windows\System32\drivers\aswRdr.sys
[2010/04/14 18:31:23 | 000,051,792 | ---- | M] (ALWIL Software) -- C:\Windows\System32\drivers\aswMonFlt.sys
[2010/04/14 18:31:01 | 000,019,024 | ---- | M] (ALWIL Software) -- C:\Windows\System32\drivers\aswFsBlk.sys
[2010/04/11 15:22:59 | 000,000,000 | ---- | M] () -- C:\Windows\nsreg.dat
[2010/04/11 15:22:24 | 000,001,726 | ---- | M] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk
[2010/04/11 12:52:37 | 015,165,792 | ---- | M] (Sunbelt Software ) -- C:\Users\amandine\Desktop\counterspy.exe
[2010/04/11 11:16:12 | 000,000,036 | ---- | M] () -- C:\Users\amandine\AppData\Local\housecall.guid.cache
[2010/04/09 01:26:12 | 000,277,240 | ---- | M] (COMODO) -- C:\Windows\System32\guard32.dll
[2010/04/09 01:25:30 | 000,074,408 | ---- | M] (COMODO) -- C:\Windows\System32\drivers\inspect.sys
[2010/04/09 01:25:30 | 000,030,112 | ---- | M] (COMODO) -- C:\Windows\System32\drivers\cmdhlp.sys
[2010/04/09 01:25:28 | 000,218,560 | ---- | M] (COMODO) -- C:\Windows\System32\drivers\cmdGuard.sys
[2010/04/09 01:25:28 | 000,016,744 | ---- | M] (COMODO) -- C:\Windows\System32\drivers\cmderd.sys
[2010/03/30 00:46:30 | 000,038,224 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys
[2010/03/30 00:45:52 | 000,020,824 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2010/03/28 11:54:03 | 000,103,504 | ---- | M] () -- C:\Users\amandine\AppData\Local\GDIPFONTCACHEV1.DAT
========== Files Created - No Company Name ==========
[2010/04/25 15:02:27 | 000,001,849 | ---- | C] () -- C:\Users\Public\Desktop\Avira AntiVir Control Center.lnk
[2010/04/25 14:42:20 | 241,658,792 | ---- | C] () -- C:\Windows\MEMORY.DMP
[2010/04/25 14:38:17 | 000,001,842 | ---- | C] () -- C:\Users\Public\Desktop\avast! Free Antivirus.lnk
[2010/04/25 14:33:43 | 3215,560,704 | -HS- | C] () -- C:\hiberfil.sys
[2010/04/24 08:39:52 | 000,038,270 | ---- | C] () -- C:\Users\amandine\Documents\cc_20100424_083946.reg
[2010/04/22 18:10:38 | 000,000,798 | ---- | C] () -- C:\Users\amandine\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\SpywareGuard.lnk
[2010/04/22 18:10:38 | 000,000,794 | ---- | C] () -- C:\Users\amandine\Desktop\SpywareGuard LiveUpdate.lnk
[2010/04/22 18:10:38 | 000,000,762 | ---- | C] () -- C:\Users\amandine\Desktop\SpywareGuard.lnk
[2010/04/22 17:50:50 | 000,001,672 | ---- | C] () -- C:\Users\amandine\Desktop\CCleaner.lnk
[2010/04/22 03:19:02 | 000,000,000 | -H-- | C] () -- C:\Windows\System32\drivers\Msft_User_WpdMtpDr_01_07_00.Wdf
[2010/04/22 03:18:44 | 000,000,000 | -H-- | C] () -- C:\Windows\System32\drivers\Msft_User_WpdFs_01_07_00.Wdf
[2010/04/20 21:15:28 | 000,001,753 | ---- | C] () -- C:\Users\Public\Desktop\COMODO Firewall.lnk
[2010/04/11 15:22:59 | 000,000,000 | ---- | C] () -- C:\Windows\nsreg.dat
[2010/04/11 15:22:24 | 000,001,726 | ---- | C] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk
[2010/04/11 12:46:33 | 000,130,008 | ---- | C] () -- C:\Windows\System32\systemsf.ebd
[2010/04/11 12:46:30 | 000,009,239 | ---- | C] () -- C:\Windows\System32\spcinstrumentation.man
[2010/04/11 12:46:23 | 000,442,788 | ---- | C] () -- C:\Windows\System32\dot3.tmf
[2010/04/11 12:46:20 | 000,117,248 | ---- | C] () -- C:\Windows\System32\EhStorAuthn.dll
[2010/04/11 12:46:20 | 000,107,612 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchema.bin
[2010/04/11 12:46:16 | 003,662,128 | ---- | C] () -- C:\Windows\System32\locale.nls
[2010/04/11 12:46:16 | 000,392,170 | ---- | C] () -- C:\Windows\System32\onex.tmf
[2010/04/11 12:46:10 | 000,344,698 | ---- | C] () -- C:\Windows\System32\eaphost.tmf
[2010/04/11 12:45:54 | 000,208,966 | ---- | C] () -- C:\Windows\System32\WFP.TMF
[2010/04/11 12:45:52 | 000,092,918 | ---- | C] () -- C:\Windows\System32\slmgr.vbs
[2010/04/11 12:45:14 | 000,009,212 | ---- | C] () -- C:\Windows\System32\RacUR.xml
[2010/04/11 11:16:12 | 000,000,036 | ---- | C] () -- C:\Users\amandine\AppData\Local\housecall.guid.cache
[2010/04/11 11:04:54 | 000,823,808 | ---- | C] () -- C:\Windows\System32\drivers\sbqlnku.sys
[2009/10/28 14:29:40 | 000,000,940 | ---- | C] () -- C:\Windows\bdoscandellang.ini
[2009/09/20 13:26:47 | 000,000,069 | ---- | C] () -- C:\Windows\NeroDigital.ini
[2009/03/03 05:56:17 | 000,487,424 | ---- | C] () -- C:\Windows\System32\INT15.dll
[2008/12/23 14:07:24 | 001,060,424 | ---- | C] () -- C:\Windows\System32\WdfCoInstaller01000.dll
[2008/12/23 14:06:36 | 000,159,744 | ---- | C] () -- C:\Windows\System32\atitmmxx.dll
[2008/12/23 06:13:31 | 000,000,144 | ---- | C] () -- C:\Windows\RtDefLvl.ini
[2006/11/02 09:40:29 | 000,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini
========== LOP Check ==========
[2009/12/05 13:04:59 | 000,000,000 | ---D | M] -- C:\Users\amandine\AppData\Roaming\LG Electronics
[2009/10/30 20:57:56 | 000,000,000 | ---D | M] -- C:\Users\amandine\AppData\Roaming\PeerNetworking
[2010/04/25 17:16:43 | 000,000,000 | ---D | M] -- C:\Users\amandine\AppData\Roaming\QuickScan
[2010/04/25 21:47:29 | 000,032,614 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT
[2010/04/26 18:19:00 | 000,000,438 | -H-- | M] () -- C:\Windows\Tasks\User_Feed_Synchronization-{56CA4230-6402-45A7-8621-4A439EC0607B}.job
========== Purity Check ==========
========== Custom Scans ==========
< %SYSTEMDRIVE%\*.exe >
< MD5 for: AGP440.SYS >
[2008/01/21 04:32:22 | 000,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Windows\System32\drivers\agp440.sys
[2008/01/21 04:32:22 | 000,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Windows\System32\DriverStore\FileRepository\machine.inf_51b95d75\AGP440.sys
[2008/01/21 04:32:22 | 000,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Windows\System32\DriverStore\FileRepository\machine.inf_f750e484\AGP440.sys
[2008/01/21 04:32:22 | 000,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Windows\winsxs\x86_machine.inf_31bf3856ad364e35_6.0.6001.18000_none_ba12ed3bbeb0d97a\AGP440.sys
[2008/01/21 04:32:22 | 000,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Windows\winsxs\x86_machine.inf_31bf3856ad364e35_6.0.6002.18005_none_bbfe6647bbd2a4c6\AGP440.sys
[2006/11/02 11:49:52 | 000,053,864 | ---- | M] (Microsoft Corporation) MD5=EF23439CDD587F64C2C1B8825CEAD7D8 -- C:\Windows\System32\DriverStore\FileRepository\machine.inf_920a2c1f\AGP440.sys
< MD5 for: AHCIX86S.SYS >
[2008/05/28 20:47:08 | 000,171,016 | R--- | M] (AMD Technologies Inc.) MD5=9879FF9F6A04D660BC245788E1881B00 -- C:\ACER\Preload\Autorun\DRV\ATI VGA M82.MPE.M86.ME\Packages\Drivers\SBDrv\SB7xx\RAID\LH\ahcix86s.sys
< MD5 for: ATAPI.SYS >
[2009/04/11 08:32:26 | 000,019,944 | ---- | M] (Microsoft Corporation) MD5=1F05B78AB91C9075565A9D8A4B880BC4 -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_b12d8e84\atapi.sys
[2009/04/11 08:32:26 | 000,019,944 | ---- | M] (Microsoft Corporation) MD5=1F05B78AB91C9075565A9D8A4B880BC4 -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.0.6002.18005_none_df23a1261eab99e8\atapi.sys
[2008/01/21 04:32:21 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=2D9C903DC76A66813D350A562DE40ED9 -- C:\Windows\System32\drivers\atapi.sys
[2008/01/21 04:32:21 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=2D9C903DC76A66813D350A562DE40ED9 -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_cc18792d\atapi.sys
[2008/01/21 04:32:21 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=2D9C903DC76A66813D350A562DE40ED9 -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.0.6001.18000_none_dd38281a2189ce9c\atapi.sys
[2006/11/02 11:49:36 | 000,019,048 | ---- | M] (Microsoft Corporation) MD5=4F4FCB8B6EA06784FB6D475B7EC7300F -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_c6c2e699\atapi.sys
< MD5 for: CNGAUDIT.DLL >
[2006/11/02 11:46:03 | 000,011,776 | ---- | M] (Microsoft Corporation) MD5=7F15B4953378C8B5161D65C26D5FED4D -- C:\Windows\System32\cngaudit.dll
[2006/11/02 11:46:03 | 000,011,776 | ---- | M] (Microsoft Corporation) MD5=7F15B4953378C8B5161D65C26D5FED4D -- C:\Windows\winsxs\x86_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.0.6000.16386_none_e62d292932a96ce6\cngaudit.dll
< MD5 for: IASTOR.SYS >
[2008/04/15 18:54:16 | 000,388,120 | ---- | M] (Intel Corporation) MD5=8D58627FEF3F8767665D9F4DC91CBD97 -- C:\Program Files\Intel\Intel Matrix Storage Manager\driver64\IaStor.sys
[2008/04/15 18:53:44 | 000,312,344 | ---- | M] (Intel Corporation) MD5=DB0CC620B27A928D968C1A1E9CD9CB87 -- C:\Program Files\Intel\Intel Matrix Storage Manager\driver\IaStor.sys
[2008/04/15 18:53:44 | 000,312,344 | ---- | M] (Intel Corporation) MD5=DB0CC620B27A928D968C1A1E9CD9CB87 -- C:\Windows\System32\drivers\iaStor.sys
[2008/04/15 18:53:44 | 000,312,344 | ---- | M] (Intel Corporation) MD5=DB0CC620B27A928D968C1A1E9CD9CB87 -- C:\Windows\System32\DriverStore\FileRepository\iaahci.inf_77c04a30\iaStor.sys
< MD5 for: IASTORV.SYS >
[2008/01/21 04:32:49 | 000,235,064 | ---- | M] (Intel Corporation) MD5=54155EA1B0DF185878E0FC9EC3AC3A14 -- C:\Windows\System32\drivers\iaStorV.sys
[2008/01/21 04:32:49 | 000,235,064 | ---- | M] (Intel Corporation) MD5=54155EA1B0DF185878E0FC9EC3AC3A14 -- C:\Windows\System32\DriverStore\FileRepository\iastorv.inf_c9df7691\iaStorV.sys
[2008/01/21 04:32:49 | 000,235,064 | ---- | M] (Intel Corporation) MD5=54155EA1B0DF185878E0FC9EC3AC3A14 -- C:\Windows\winsxs\x86_iastorv.inf_31bf3856ad364e35_6.0.6001.18000_none_af11527887c7fa8f\iaStorV.sys
[2006/11/02 11:51:25 | 000,232,040 | ---- | M] (Intel Corporation) MD5=C957BF4B5D80B46C5017BF0101E6C906 -- C:\Windows\System32\DriverStore\FileRepository\iastorv.inf_37cdafa4\iaStorV.sys
< MD5 for: NETLOGON.DLL >
[2009/04/11 08:28:23 | 000,592,896 | ---- | M] (Microsoft Corporation) MD5=95DAECF0FB120A7B5DA679CC54E37DDE -- C:\Windows\System32\netlogon.dll
[2009/04/11 08:28:23 | 000,592,896 | ---- | M] (Microsoft Corporation) MD5=95DAECF0FB120A7B5DA679CC54E37DDE -- C:\Windows\winsxs\x86_microsoft-windows-security-netlogon_31bf3856ad364e35_6.0.6002.18005_none_ffa3304f351bb3a3\netlogon.dll
[2008/01/21 04:33:41 | 000,592,384 | ---- | M] (Microsoft Corporation) MD5=A8EFC0B6E75B789F7FD3BA5025D4E37F -- C:\Windows\winsxs\x86_microsoft-windows-security-netlogon_31bf3856ad364e35_6.0.6001.18000_none_fdb7b74337f9e857\netlogon.dll
< MD5 for: NVSTOR.SYS >
[2006/11/02 11:50:13 | 000,040,040 | ---- | M] (NVIDIA Corporation) MD5=9E0BA19A28C498A6D323D065DB76DFFC -- C:\Windows\System32\DriverStore\FileRepository\nvraid.inf_733654ff\nvstor.sys
[2008/01/21 04:32:47 | 000,045,112 | ---- | M] (NVIDIA Corporation) MD5=ABED0C09758D1D97DB0042DBB2688177 -- C:\Windows\System32\drivers\nvstor.sys
[2008/01/21 04:32:47 | 000,045,112 | ---- | M] (NVIDIA Corporation) MD5=ABED0C09758D1D97DB0042DBB2688177 -- C:\Windows\System32\DriverStore\FileRepository\nvraid.inf_31c3d71d\nvstor.sys
[2008/01/21 04:32:47 | 000,045,112 | ---- | M] (NVIDIA Corporation) MD5=ABED0C09758D1D97DB0042DBB2688177 -- C:\Windows\winsxs\x86_nvraid.inf_31bf3856ad364e35_6.0.6001.18000_none_39dac327befea467\nvstor.sys
< MD5 for: RASACD.SYS >
[2008/01/21 04:34:00 | 000,011,776 | ---- | M] (Microsoft Corporation) MD5=147D7F9C556D259924351FEB0DE606C3 -- C:\Windows\System32\drivers\rasacd.sys
[2008/01/21 04:34:00 | 000,011,776 | ---- | M] (Microsoft Corporation) MD5=147D7F9C556D259924351FEB0DE606C3 -- C:\Windows\winsxs\x86_microsoft-windows-rasautodial_31bf3856ad364e35_6.0.6001.18000_none_0fd9feb665531f63\rasacd.sys
< MD5 for: SCECLI.DLL >
[2008/01/21 04:34:39 | 000,177,152 | ---- | M] (Microsoft Corporation) MD5=28B84EB538F7E8A0FE8B9299D591E0B9 -- C:\Windows\winsxs\x86_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.0.6001.18000_none_380de25bd91b6f12\scecli.dll
[2009/04/11 08:28:24 | 000,177,152 | ---- | M] (Microsoft Corporation) MD5=8FC182167381E9915651267044105EE1 -- C:\Windows\System32\scecli.dll
[2009/04/11 08:28:24 | 000,177,152 | ---- | M] (Microsoft Corporation) MD5=8FC182167381E9915651267044105EE1 -- C:\Windows\winsxs\x86_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.0.6002.18005_none_39f95b67d63d3a5e\scecli.dll
< %systemroot%\*. /mp /s >
< %systemroot%\system32\*.dll /lockedfiles >
[2008/07/04 05:37:48 | 000,421,888 | ---- | M] (Advanced Micro Devices, Inc.) Unable to obtain MD5 -- C:\Windows\System32\ATIDEMGX.dll
[2009/04/11 08:27:47 | 000,241,128 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\System32\rsaenh.dll
[2009/04/11 08:28:23 | 000,228,352 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\System32\SLC.dll
< %systemroot%\Tasks\*.job /lockedfiles >
========== Alternate Data Streams ==========
@Alternate Data Stream - 100 bytes -> C:\ProgramData\TEMP:C31F31E6
- palmalrouge
- Apprenti(e)
- Messages: 35
- Inscription: 25 Avr 2010 16:08
Re: virus rootkit gen
le 26 Avr 2010 20:15
hello,
J'ai trouvé le rootkit
j'analyse tout cela...pour m'aider et confirmer mon diagnostique poste le rapport générer par Report_Antivir.exe stp...
J'ai trouvé le rootkit
j'analyse tout cela...pour m'aider et confirmer mon diagnostique poste le rapport générer par Report_Antivir.exe stp...
-
jeanmimigab - PC-Infopraticien
- Messages: 2986
- Inscription: 29 Nov 2009 12:05
Re: virus rootkit gen
le 26 Avr 2010 20:33
voila merci
Avira AntiVir Personal
Date de création du fichier de rapport : dimanche 25 avril 2010 15:07
La recherche porte sur 2037171 souches de virus.
Détenteur de la licence : Avira AntiVir Personal - FREE Antivirus
Numéro de série : 0000149996-ADJIE-0000001
Plateforme : Windows Vista
Version de Windows : (Service Pack 2) [6.0.6002]
Mode Boot : Démarré normalement
Identifiant : SYSTEM
Nom de l'ordinateur : PC-DE-AMANDINE
Informations de version :
BUILD.DAT : 9.0.0.74 21698 Bytes 04/12/2009 13:56:00
AVSCAN.EXE : 9.0.3.10 466689 Bytes 13/10/2009 09:25:46
AVSCAN.DLL : 9.0.3.0 49409 Bytes 03/03/2009 08:21:02
LUKE.DLL : 9.0.3.2 209665 Bytes 20/02/2009 09:35:11
LUKERES.DLL : 9.0.2.0 13569 Bytes 03/03/2009 08:21:31
VBASE000.VDF : 7.10.0.0 19875328 Bytes 06/11/2009 05:35:52
VBASE001.VDF : 7.10.1.0 1372672 Bytes 19/11/2009 13:04:53
VBASE002.VDF : 7.10.3.1 3143680 Bytes 20/01/2010 13:05:03
VBASE003.VDF : 7.10.3.75 996864 Bytes 26/01/2010 13:05:06
VBASE004.VDF : 7.10.4.203 1579008 Bytes 05/03/2010 13:05:12
VBASE005.VDF : 7.10.6.82 2494464 Bytes 15/04/2010 13:05:20
VBASE006.VDF : 7.10.6.83 2048 Bytes 15/04/2010 13:05:20
VBASE007.VDF : 7.10.6.84 2048 Bytes 15/04/2010 13:05:20
VBASE008.VDF : 7.10.6.85 2048 Bytes 15/04/2010 13:05:20
VBASE009.VDF : 7.10.6.86 2048 Bytes 15/04/2010 13:05:20
VBASE010.VDF : 7.10.6.87 2048 Bytes 15/04/2010 13:05:20
VBASE011.VDF : 7.10.6.88 2048 Bytes 15/04/2010 13:05:20
VBASE012.VDF : 7.10.6.89 2048 Bytes 15/04/2010 13:05:20
VBASE013.VDF : 7.10.6.90 2048 Bytes 15/04/2010 13:05:21
VBASE014.VDF : 7.10.6.123 126464 Bytes 19/04/2010 13:05:22
VBASE015.VDF : 7.10.6.152 123392 Bytes 21/04/2010 13:05:22
VBASE016.VDF : 7.10.6.178 122880 Bytes 22/04/2010 13:05:23
VBASE017.VDF : 7.10.6.179 2048 Bytes 22/04/2010 13:05:23
VBASE018.VDF : 7.10.6.180 2048 Bytes 22/04/2010 13:05:23
VBASE019.VDF : 7.10.6.181 2048 Bytes 22/04/2010 13:05:23
VBASE020.VDF : 7.10.6.182 2048 Bytes 22/04/2010 13:05:23
VBASE021.VDF : 7.10.6.183 2048 Bytes 22/04/2010 13:05:23
VBASE022.VDF : 7.10.6.184 2048 Bytes 22/04/2010 13:05:24
VBASE023.VDF : 7.10.6.185 2048 Bytes 22/04/2010 13:05:24
VBASE024.VDF : 7.10.6.186 2048 Bytes 22/04/2010 13:05:24
VBASE025.VDF : 7.10.6.187 2048 Bytes 22/04/2010 13:05:24
VBASE026.VDF : 7.10.6.188 2048 Bytes 22/04/2010 13:05:24
VBASE027.VDF : 7.10.6.189 2048 Bytes 22/04/2010 13:05:24
VBASE028.VDF : 7.10.6.190 2048 Bytes 22/04/2010 13:05:24
VBASE029.VDF : 7.10.6.191 2048 Bytes 22/04/2010 13:05:24
VBASE030.VDF : 7.10.6.192 2048 Bytes 22/04/2010 13:05:24
VBASE031.VDF : 7.10.6.197 65536 Bytes 23/04/2010 13:05:25
Version du moteur : 8.2.1.224
AEVDF.DLL : 8.1.2.0 106868 Bytes 25/04/2010 13:05:38
AESCRIPT.DLL : 8.1.3.27 1294714 Bytes 25/04/2010 13:05:38
AESCN.DLL : 8.1.5.0 127347 Bytes 25/04/2010 13:05:36
AESBX.DLL : 8.1.3.1 254324 Bytes 25/04/2010 13:05:38
AERDL.DLL : 8.1.4.6 541043 Bytes 25/04/2010 13:05:36
AEPACK.DLL : 8.2.1.1 426358 Bytes 25/04/2010 13:05:34
AEOFFICE.DLL : 8.1.0.41 201083 Bytes 25/04/2010 13:05:32
AEHEUR.DLL : 8.1.1.24 2613623 Bytes 25/04/2010 13:05:31
AEHELP.DLL : 8.1.11.3 242039 Bytes 25/04/2010 13:05:27
AEGEN.DLL : 8.1.3.7 373106 Bytes 25/04/2010 13:05:27
AEEMU.DLL : 8.1.2.0 393588 Bytes 25/04/2010 13:05:26
AECORE.DLL : 8.1.13.1 188790 Bytes 25/04/2010 13:05:25
AEBB.DLL : 8.1.1.0 53618 Bytes 25/04/2010 13:05:25
AVWINLL.DLL : 9.0.0.3 18177 Bytes 12/12/2008 06:47:30
AVPREF.DLL : 9.0.3.0 44289 Bytes 26/08/2009 13:13:31
AVREP.DLL : 8.0.0.7 159784 Bytes 25/04/2010 13:05:39
AVREG.DLL : 9.0.0.0 36609 Bytes 07/11/2008 13:24:42
AVARKT.DLL : 9.0.0.3 292609 Bytes 24/03/2009 13:05:22
AVEVTLOG.DLL : 9.0.0.7 167169 Bytes 30/01/2009 08:36:37
SQLITE3.DLL : 3.6.1.0 326401 Bytes 28/01/2009 13:03:49
SMTPLIB.DLL : 9.2.0.25 28417 Bytes 02/02/2009 06:20:57
NETNT.DLL : 9.0.0.0 11521 Bytes 07/11/2008 13:40:59
RCIMAGE.DLL : 9.0.0.25 2438913 Bytes 17/06/2009 11:44:26
RCTEXT.DLL : 9.0.73.0 88321 Bytes 02/11/2009 14:58:32
Configuration pour la recherche actuelle :
Nom de la tâche...............................: Contrôle intégral du système
Fichier de configuration......................: c:\program files\avira\antivir desktop\sysscan.avp
Documentation.................................: bas
Action principale.............................: interactif
Action secondaire.............................: ignorer
Recherche sur les secteurs d'amorçage maître..: marche
Recherche sur les secteurs d'amorçage.........: marche
Secteurs d'amorçage...........................: C:,
Recherche dans les programmes actifs..........: marche
Recherche en cours sur l'enregistrement.......: marche
Recherche de Rootkits.........................: marche
Contrôle d'intégrité de fichiers système......: arrêt
Fichier mode de recherche.....................: Tous les fichiers
Recherche sur les archives....................: marche
Limiter la profondeur de récursivité..........: 20
Archive Smart Extensions......................: marche
Heuristique de macrovirus.....................: marche
Heuristique fichier...........................: moyen
Début de la recherche : dimanche 25 avril 2010 15:07
La recherche d'objets cachés commence.
HKEY_LOCAL_MACHINE\System\ControlSet001\Services\sbqlnku\type
[INFO] L'entrée d'enregistrement n'est pas visible.
HKEY_LOCAL_MACHINE\System\ControlSet001\Services\sbqlnku\start
[INFO] L'entrée d'enregistrement n'est pas visible.
HKEY_LOCAL_MACHINE\System\ControlSet001\Services\sbqlnku\errorcontrol
[INFO] L'entrée d'enregistrement n'est pas visible.
HKEY_LOCAL_MACHINE\System\ControlSet001\Services\sbqlnku\group
[INFO] L'entrée d'enregistrement n'est pas visible.
HKEY_LOCAL_MACHINE\System\ControlSet001\Services\sbqlnku\hc5y2p7v5
[INFO] L'entrée d'enregistrement n'est pas visible.
HKEY_LOCAL_MACHINE\System\ControlSet001\Services\sbqlnku\eauv3gi0
[INFO] L'entrée d'enregistrement n'est pas visible.
HKEY_LOCAL_MACHINE\System\ControlSet001\Services\sbqlnku\adf5d2i
[INFO] L'entrée d'enregistrement n'est pas visible.
'99533' objets ont été contrôlés, '7' objets cachés ont été trouvés.
La recherche sur les processus démarrés commence :
Processus de recherche 'avscan.exe' - '1' module(s) sont contrôlés
Processus de recherche 'avscan.exe' - '1' module(s) sont contrôlés
Processus de recherche 'avcenter.exe' - '1' module(s) sont contrôlés
Processus de recherche 'avgnt.exe' - '1' module(s) sont contrôlés
Processus de recherche 'sched.exe' - '1' module(s) sont contrôlés
Processus de recherche 'avguard.exe' - '1' module(s) sont contrôlés
Processus de recherche 'svchost.exe' - '1' module(s) sont contrôlés
Processus de recherche 'VSSVC.exe' - '1' module(s) sont contrôlés
Processus de recherche 'WUDFHost.exe' - '1' module(s) sont contrôlés
Processus de recherche 'svchost.exe' - '1' module(s) sont contrôlés
Processus de recherche 'sgbhp.exe' - '1' module(s) sont contrôlés
Processus de recherche 'wmpnetwk.exe' - '1' module(s) sont contrôlés
Processus de recherche 'wmpnscfg.exe' - '1' module(s) sont contrôlés
Processus de recherche 'ISUSPM.exe' - '1' module(s) sont contrôlés
Processus de recherche 'sidebar.exe' - '1' module(s) sont contrôlés
Processus de recherche 'msnmsgr.exe' - '1' module(s) sont contrôlés
Processus de recherche 'cfp.exe' - '1' module(s) sont contrôlés
Processus de recherche 'CardDetector.exe' - '1' module(s) sont contrôlés
Processus de recherche 'PMVService.exe' - '1' module(s) sont contrôlés
Processus de recherche 'CLMLSvc.exe' - '1' module(s) sont contrôlés
Processus de recherche 'PCMAgent.exe' - '1' module(s) sont contrôlés
Processus de recherche 'CCC.exe' - '1' module(s) sont contrôlés
Processus de recherche 'SynTPEnh.exe' - '1' module(s) sont contrôlés
Processus de recherche 'MOM.exe' - '1' module(s) sont contrôlés
Processus de recherche 'RtHDVCpl.exe' - '1' module(s) sont contrôlés
Processus de recherche 'SmpSys.exe' - '1' module(s) sont contrôlés
Processus de recherche 'GoogleDesktop.exe' - '1' module(s) sont contrôlés
Processus de recherche 'IAAnotif.exe' - '1' module(s) sont contrôlés
Processus de recherche 'MSASCui.exe' - '1' module(s) sont contrôlés
Processus de recherche 'taskeng.exe' - '1' module(s) sont contrôlés
Processus de recherche 'taskeng.exe' - '1' module(s) sont contrôlés
Processus de recherche 'explorer.exe' - '1' module(s) sont contrôlés
Processus de recherche 'dwm.exe' - '1' module(s) sont contrôlés
Processus de recherche 'SearchIndexer.exe' - '1' module(s) sont contrôlés
Processus de recherche 'svchost.exe' - '1' module(s) sont contrôlés
Processus de recherche 'svchost.exe' - '1' module(s) sont contrôlés
Processus de recherche 'svchost.exe' - '1' module(s) sont contrôlés
Processus de recherche 'IoctlSvc.exe' - '1' module(s) sont contrôlés
Processus de recherche 'o2flash.exe' - '1' module(s) sont contrôlés
Processus de recherche 'NBService.exe' - '1' module(s) sont contrôlés
Processus de recherche 'IAANTmon.exe' - '1' module(s) sont contrôlés
Processus de recherche 'FTRTSVC.exe' - '1' module(s) sont contrôlés
Processus de recherche 'ETService.exe' - '1' module(s) sont contrôlés
Processus de recherche 'PhotoshopElementsFileAgent.exe' - '1' module(s) sont contrôlés
Processus de recherche 'svchost.exe' - '1' module(s) sont contrôlés
Processus de recherche 'spoolsv.exe' - '1' module(s) sont contrôlés
Processus de recherche 'Ati2evxx.exe' - '1' module(s) sont contrôlés
Processus de recherche 'svchost.exe' - '1' module(s) sont contrôlés
Processus de recherche 'SLsvc.exe' - '1' module(s) sont contrôlés
Processus de recherche 'svchost.exe' - '1' module(s) sont contrôlés
Processus de recherche 'audiodg.exe' - '0' module(s) sont contrôlés
Processus de recherche 'svchost.exe' - '1' module(s) sont contrôlés
Processus de recherche 'svchost.exe' - '1' module(s) sont contrôlés
Processus de recherche 'svchost.exe' - '1' module(s) sont contrôlés
Processus de recherche 'Ati2evxx.exe' - '1' module(s) sont contrôlés
Processus de recherche 'svchost.exe' - '1' module(s) sont contrôlés
Processus de recherche 'svchost.exe' - '1' module(s) sont contrôlés
Processus de recherche 'cmdagent.exe' - '1' module(s) sont contrôlés
Processus de recherche 'svchost.exe' - '1' module(s) sont contrôlés
Processus de recherche 'CLPSLS.exe' - '1' module(s) sont contrôlés
Processus de recherche 'svchost.exe' - '1' module(s) sont contrôlés
Processus de recherche 'winlogon.exe' - '1' module(s) sont contrôlés
Processus de recherche 'lsm.exe' - '1' module(s) sont contrôlés
Processus de recherche 'lsass.exe' - '1' module(s) sont contrôlés
Processus de recherche 'services.exe' - '1' module(s) sont contrôlés
Processus de recherche 'csrss.exe' - '1' module(s) sont contrôlés
Processus de recherche 'wininit.exe' - '1' module(s) sont contrôlés
Processus de recherche 'csrss.exe' - '1' module(s) sont contrôlés
Processus de recherche 'smss.exe' - '1' module(s) sont contrôlés
'68' processus ont été contrôlés avec '68' modules
La recherche sur les secteurs d'amorçage maître commence :
Secteur d'amorçage maître HD0
[INFO] Aucun virus trouvé !
Secteur d'amorçage maître HD1
[INFO] Aucun virus trouvé !
La recherche sur les secteurs d'amorçage commence :
Secteur d'amorçage 'C:\'
[INFO] Aucun virus trouvé !
La recherche sur les renvois aux fichiers exécutables (registre) commence :
Le registre a été contrôlé ( '48' fichiers).
La recherche sur les fichiers sélectionnés commence :
Recherche débutant dans 'C:\' <OS>
C:\hiberfil.sys
[AVERTISSEMENT] Impossible d'ouvrir le fichier !
[REMARQUE] Ce fichier est un fichier système Windows.
[REMARQUE] Il est correct que ce fichier ne puisse pas être ouvert pour la recherche.
C:\pagefile.sys
[AVERTISSEMENT] Impossible d'ouvrir le fichier !
[REMARQUE] Ce fichier est un fichier système Windows.
[REMARQUE] Il est correct que ce fichier ne puisse pas être ouvert pour la recherche.
C:\Windows\System32\drivers\sbqlnku.sys
[RESULTAT] Contient le cheval de Troie TR/Rootkit.Gen
[AVERTISSEMENT] Impossible d'ouvrir le fichier !
Début de la désinfection :
C:\Windows\System32\drivers\sbqlnku.sys
[RESULTAT] Contient le cheval de Troie TR/Rootkit.Gen
[AVERTISSEMENT] Erreur lors de la création d'une copie de sécurité du fichier. Le fichier n'a pas été supprimé. Code d'erreur : 26004
[AVERTISSEMENT] Impossible de trouver le fichier source.
[REMARQUE] Tentative en cours d'exécuter l'action à l'aide de la bibliothèque ARK.
[AVERTISSEMENT] Erreur dans la bibliothèque ARK
Fin de la recherche : dimanche 25 avril 2010 16:26
Temps nécessaire: 1:06:18 Heure(s)
La recherche a été effectuée intégralement
22235 Les répertoires ont été contrôlés
294701 Des fichiers ont été contrôlés
1 Des virus ou programmes indésirables ont été trouvés
0 Des fichiers ont été classés comme suspects
0 Des fichiers ont été supprimés
0 Des virus ou programmes indésirables ont été réparés
0 Les fichiers ont été déplacés dans la quarantaine
0 Les fichiers ont été renommés
3 Impossible de contrôler des fichiers
294697 Fichiers non infectés
3314 Les archives ont été contrôlées
3 Avertissements
3 Consignes
99533 Des objets ont été contrôlés lors du Rootkitscan
7 Des objets cachés ont été trouvés
Avira AntiVir Personal
Date de création du fichier de rapport : dimanche 25 avril 2010 15:07
La recherche porte sur 2037171 souches de virus.
Détenteur de la licence : Avira AntiVir Personal - FREE Antivirus
Numéro de série : 0000149996-ADJIE-0000001
Plateforme : Windows Vista
Version de Windows : (Service Pack 2) [6.0.6002]
Mode Boot : Démarré normalement
Identifiant : SYSTEM
Nom de l'ordinateur : PC-DE-AMANDINE
Informations de version :
BUILD.DAT : 9.0.0.74 21698 Bytes 04/12/2009 13:56:00
AVSCAN.EXE : 9.0.3.10 466689 Bytes 13/10/2009 09:25:46
AVSCAN.DLL : 9.0.3.0 49409 Bytes 03/03/2009 08:21:02
LUKE.DLL : 9.0.3.2 209665 Bytes 20/02/2009 09:35:11
LUKERES.DLL : 9.0.2.0 13569 Bytes 03/03/2009 08:21:31
VBASE000.VDF : 7.10.0.0 19875328 Bytes 06/11/2009 05:35:52
VBASE001.VDF : 7.10.1.0 1372672 Bytes 19/11/2009 13:04:53
VBASE002.VDF : 7.10.3.1 3143680 Bytes 20/01/2010 13:05:03
VBASE003.VDF : 7.10.3.75 996864 Bytes 26/01/2010 13:05:06
VBASE004.VDF : 7.10.4.203 1579008 Bytes 05/03/2010 13:05:12
VBASE005.VDF : 7.10.6.82 2494464 Bytes 15/04/2010 13:05:20
VBASE006.VDF : 7.10.6.83 2048 Bytes 15/04/2010 13:05:20
VBASE007.VDF : 7.10.6.84 2048 Bytes 15/04/2010 13:05:20
VBASE008.VDF : 7.10.6.85 2048 Bytes 15/04/2010 13:05:20
VBASE009.VDF : 7.10.6.86 2048 Bytes 15/04/2010 13:05:20
VBASE010.VDF : 7.10.6.87 2048 Bytes 15/04/2010 13:05:20
VBASE011.VDF : 7.10.6.88 2048 Bytes 15/04/2010 13:05:20
VBASE012.VDF : 7.10.6.89 2048 Bytes 15/04/2010 13:05:20
VBASE013.VDF : 7.10.6.90 2048 Bytes 15/04/2010 13:05:21
VBASE014.VDF : 7.10.6.123 126464 Bytes 19/04/2010 13:05:22
VBASE015.VDF : 7.10.6.152 123392 Bytes 21/04/2010 13:05:22
VBASE016.VDF : 7.10.6.178 122880 Bytes 22/04/2010 13:05:23
VBASE017.VDF : 7.10.6.179 2048 Bytes 22/04/2010 13:05:23
VBASE018.VDF : 7.10.6.180 2048 Bytes 22/04/2010 13:05:23
VBASE019.VDF : 7.10.6.181 2048 Bytes 22/04/2010 13:05:23
VBASE020.VDF : 7.10.6.182 2048 Bytes 22/04/2010 13:05:23
VBASE021.VDF : 7.10.6.183 2048 Bytes 22/04/2010 13:05:23
VBASE022.VDF : 7.10.6.184 2048 Bytes 22/04/2010 13:05:24
VBASE023.VDF : 7.10.6.185 2048 Bytes 22/04/2010 13:05:24
VBASE024.VDF : 7.10.6.186 2048 Bytes 22/04/2010 13:05:24
VBASE025.VDF : 7.10.6.187 2048 Bytes 22/04/2010 13:05:24
VBASE026.VDF : 7.10.6.188 2048 Bytes 22/04/2010 13:05:24
VBASE027.VDF : 7.10.6.189 2048 Bytes 22/04/2010 13:05:24
VBASE028.VDF : 7.10.6.190 2048 Bytes 22/04/2010 13:05:24
VBASE029.VDF : 7.10.6.191 2048 Bytes 22/04/2010 13:05:24
VBASE030.VDF : 7.10.6.192 2048 Bytes 22/04/2010 13:05:24
VBASE031.VDF : 7.10.6.197 65536 Bytes 23/04/2010 13:05:25
Version du moteur : 8.2.1.224
AEVDF.DLL : 8.1.2.0 106868 Bytes 25/04/2010 13:05:38
AESCRIPT.DLL : 8.1.3.27 1294714 Bytes 25/04/2010 13:05:38
AESCN.DLL : 8.1.5.0 127347 Bytes 25/04/2010 13:05:36
AESBX.DLL : 8.1.3.1 254324 Bytes 25/04/2010 13:05:38
AERDL.DLL : 8.1.4.6 541043 Bytes 25/04/2010 13:05:36
AEPACK.DLL : 8.2.1.1 426358 Bytes 25/04/2010 13:05:34
AEOFFICE.DLL : 8.1.0.41 201083 Bytes 25/04/2010 13:05:32
AEHEUR.DLL : 8.1.1.24 2613623 Bytes 25/04/2010 13:05:31
AEHELP.DLL : 8.1.11.3 242039 Bytes 25/04/2010 13:05:27
AEGEN.DLL : 8.1.3.7 373106 Bytes 25/04/2010 13:05:27
AEEMU.DLL : 8.1.2.0 393588 Bytes 25/04/2010 13:05:26
AECORE.DLL : 8.1.13.1 188790 Bytes 25/04/2010 13:05:25
AEBB.DLL : 8.1.1.0 53618 Bytes 25/04/2010 13:05:25
AVWINLL.DLL : 9.0.0.3 18177 Bytes 12/12/2008 06:47:30
AVPREF.DLL : 9.0.3.0 44289 Bytes 26/08/2009 13:13:31
AVREP.DLL : 8.0.0.7 159784 Bytes 25/04/2010 13:05:39
AVREG.DLL : 9.0.0.0 36609 Bytes 07/11/2008 13:24:42
AVARKT.DLL : 9.0.0.3 292609 Bytes 24/03/2009 13:05:22
AVEVTLOG.DLL : 9.0.0.7 167169 Bytes 30/01/2009 08:36:37
SQLITE3.DLL : 3.6.1.0 326401 Bytes 28/01/2009 13:03:49
SMTPLIB.DLL : 9.2.0.25 28417 Bytes 02/02/2009 06:20:57
NETNT.DLL : 9.0.0.0 11521 Bytes 07/11/2008 13:40:59
RCIMAGE.DLL : 9.0.0.25 2438913 Bytes 17/06/2009 11:44:26
RCTEXT.DLL : 9.0.73.0 88321 Bytes 02/11/2009 14:58:32
Configuration pour la recherche actuelle :
Nom de la tâche...............................: Contrôle intégral du système
Fichier de configuration......................: c:\program files\avira\antivir desktop\sysscan.avp
Documentation.................................: bas
Action principale.............................: interactif
Action secondaire.............................: ignorer
Recherche sur les secteurs d'amorçage maître..: marche
Recherche sur les secteurs d'amorçage.........: marche
Secteurs d'amorçage...........................: C:,
Recherche dans les programmes actifs..........: marche
Recherche en cours sur l'enregistrement.......: marche
Recherche de Rootkits.........................: marche
Contrôle d'intégrité de fichiers système......: arrêt
Fichier mode de recherche.....................: Tous les fichiers
Recherche sur les archives....................: marche
Limiter la profondeur de récursivité..........: 20
Archive Smart Extensions......................: marche
Heuristique de macrovirus.....................: marche
Heuristique fichier...........................: moyen
Début de la recherche : dimanche 25 avril 2010 15:07
La recherche d'objets cachés commence.
HKEY_LOCAL_MACHINE\System\ControlSet001\Services\sbqlnku\type
[INFO] L'entrée d'enregistrement n'est pas visible.
HKEY_LOCAL_MACHINE\System\ControlSet001\Services\sbqlnku\start
[INFO] L'entrée d'enregistrement n'est pas visible.
HKEY_LOCAL_MACHINE\System\ControlSet001\Services\sbqlnku\errorcontrol
[INFO] L'entrée d'enregistrement n'est pas visible.
HKEY_LOCAL_MACHINE\System\ControlSet001\Services\sbqlnku\group
[INFO] L'entrée d'enregistrement n'est pas visible.
HKEY_LOCAL_MACHINE\System\ControlSet001\Services\sbqlnku\hc5y2p7v5
[INFO] L'entrée d'enregistrement n'est pas visible.
HKEY_LOCAL_MACHINE\System\ControlSet001\Services\sbqlnku\eauv3gi0
[INFO] L'entrée d'enregistrement n'est pas visible.
HKEY_LOCAL_MACHINE\System\ControlSet001\Services\sbqlnku\adf5d2i
[INFO] L'entrée d'enregistrement n'est pas visible.
'99533' objets ont été contrôlés, '7' objets cachés ont été trouvés.
La recherche sur les processus démarrés commence :
Processus de recherche 'avscan.exe' - '1' module(s) sont contrôlés
Processus de recherche 'avscan.exe' - '1' module(s) sont contrôlés
Processus de recherche 'avcenter.exe' - '1' module(s) sont contrôlés
Processus de recherche 'avgnt.exe' - '1' module(s) sont contrôlés
Processus de recherche 'sched.exe' - '1' module(s) sont contrôlés
Processus de recherche 'avguard.exe' - '1' module(s) sont contrôlés
Processus de recherche 'svchost.exe' - '1' module(s) sont contrôlés
Processus de recherche 'VSSVC.exe' - '1' module(s) sont contrôlés
Processus de recherche 'WUDFHost.exe' - '1' module(s) sont contrôlés
Processus de recherche 'svchost.exe' - '1' module(s) sont contrôlés
Processus de recherche 'sgbhp.exe' - '1' module(s) sont contrôlés
Processus de recherche 'wmpnetwk.exe' - '1' module(s) sont contrôlés
Processus de recherche 'wmpnscfg.exe' - '1' module(s) sont contrôlés
Processus de recherche 'ISUSPM.exe' - '1' module(s) sont contrôlés
Processus de recherche 'sidebar.exe' - '1' module(s) sont contrôlés
Processus de recherche 'msnmsgr.exe' - '1' module(s) sont contrôlés
Processus de recherche 'cfp.exe' - '1' module(s) sont contrôlés
Processus de recherche 'CardDetector.exe' - '1' module(s) sont contrôlés
Processus de recherche 'PMVService.exe' - '1' module(s) sont contrôlés
Processus de recherche 'CLMLSvc.exe' - '1' module(s) sont contrôlés
Processus de recherche 'PCMAgent.exe' - '1' module(s) sont contrôlés
Processus de recherche 'CCC.exe' - '1' module(s) sont contrôlés
Processus de recherche 'SynTPEnh.exe' - '1' module(s) sont contrôlés
Processus de recherche 'MOM.exe' - '1' module(s) sont contrôlés
Processus de recherche 'RtHDVCpl.exe' - '1' module(s) sont contrôlés
Processus de recherche 'SmpSys.exe' - '1' module(s) sont contrôlés
Processus de recherche 'GoogleDesktop.exe' - '1' module(s) sont contrôlés
Processus de recherche 'IAAnotif.exe' - '1' module(s) sont contrôlés
Processus de recherche 'MSASCui.exe' - '1' module(s) sont contrôlés
Processus de recherche 'taskeng.exe' - '1' module(s) sont contrôlés
Processus de recherche 'taskeng.exe' - '1' module(s) sont contrôlés
Processus de recherche 'explorer.exe' - '1' module(s) sont contrôlés
Processus de recherche 'dwm.exe' - '1' module(s) sont contrôlés
Processus de recherche 'SearchIndexer.exe' - '1' module(s) sont contrôlés
Processus de recherche 'svchost.exe' - '1' module(s) sont contrôlés
Processus de recherche 'svchost.exe' - '1' module(s) sont contrôlés
Processus de recherche 'svchost.exe' - '1' module(s) sont contrôlés
Processus de recherche 'IoctlSvc.exe' - '1' module(s) sont contrôlés
Processus de recherche 'o2flash.exe' - '1' module(s) sont contrôlés
Processus de recherche 'NBService.exe' - '1' module(s) sont contrôlés
Processus de recherche 'IAANTmon.exe' - '1' module(s) sont contrôlés
Processus de recherche 'FTRTSVC.exe' - '1' module(s) sont contrôlés
Processus de recherche 'ETService.exe' - '1' module(s) sont contrôlés
Processus de recherche 'PhotoshopElementsFileAgent.exe' - '1' module(s) sont contrôlés
Processus de recherche 'svchost.exe' - '1' module(s) sont contrôlés
Processus de recherche 'spoolsv.exe' - '1' module(s) sont contrôlés
Processus de recherche 'Ati2evxx.exe' - '1' module(s) sont contrôlés
Processus de recherche 'svchost.exe' - '1' module(s) sont contrôlés
Processus de recherche 'SLsvc.exe' - '1' module(s) sont contrôlés
Processus de recherche 'svchost.exe' - '1' module(s) sont contrôlés
Processus de recherche 'audiodg.exe' - '0' module(s) sont contrôlés
Processus de recherche 'svchost.exe' - '1' module(s) sont contrôlés
Processus de recherche 'svchost.exe' - '1' module(s) sont contrôlés
Processus de recherche 'svchost.exe' - '1' module(s) sont contrôlés
Processus de recherche 'Ati2evxx.exe' - '1' module(s) sont contrôlés
Processus de recherche 'svchost.exe' - '1' module(s) sont contrôlés
Processus de recherche 'svchost.exe' - '1' module(s) sont contrôlés
Processus de recherche 'cmdagent.exe' - '1' module(s) sont contrôlés
Processus de recherche 'svchost.exe' - '1' module(s) sont contrôlés
Processus de recherche 'CLPSLS.exe' - '1' module(s) sont contrôlés
Processus de recherche 'svchost.exe' - '1' module(s) sont contrôlés
Processus de recherche 'winlogon.exe' - '1' module(s) sont contrôlés
Processus de recherche 'lsm.exe' - '1' module(s) sont contrôlés
Processus de recherche 'lsass.exe' - '1' module(s) sont contrôlés
Processus de recherche 'services.exe' - '1' module(s) sont contrôlés
Processus de recherche 'csrss.exe' - '1' module(s) sont contrôlés
Processus de recherche 'wininit.exe' - '1' module(s) sont contrôlés
Processus de recherche 'csrss.exe' - '1' module(s) sont contrôlés
Processus de recherche 'smss.exe' - '1' module(s) sont contrôlés
'68' processus ont été contrôlés avec '68' modules
La recherche sur les secteurs d'amorçage maître commence :
Secteur d'amorçage maître HD0
[INFO] Aucun virus trouvé !
Secteur d'amorçage maître HD1
[INFO] Aucun virus trouvé !
La recherche sur les secteurs d'amorçage commence :
Secteur d'amorçage 'C:\'
[INFO] Aucun virus trouvé !
La recherche sur les renvois aux fichiers exécutables (registre) commence :
Le registre a été contrôlé ( '48' fichiers).
La recherche sur les fichiers sélectionnés commence :
Recherche débutant dans 'C:\' <OS>
C:\hiberfil.sys
[AVERTISSEMENT] Impossible d'ouvrir le fichier !
[REMARQUE] Ce fichier est un fichier système Windows.
[REMARQUE] Il est correct que ce fichier ne puisse pas être ouvert pour la recherche.
C:\pagefile.sys
[AVERTISSEMENT] Impossible d'ouvrir le fichier !
[REMARQUE] Ce fichier est un fichier système Windows.
[REMARQUE] Il est correct que ce fichier ne puisse pas être ouvert pour la recherche.
C:\Windows\System32\drivers\sbqlnku.sys
[RESULTAT] Contient le cheval de Troie TR/Rootkit.Gen
[AVERTISSEMENT] Impossible d'ouvrir le fichier !
Début de la désinfection :
C:\Windows\System32\drivers\sbqlnku.sys
[RESULTAT] Contient le cheval de Troie TR/Rootkit.Gen
[AVERTISSEMENT] Erreur lors de la création d'une copie de sécurité du fichier. Le fichier n'a pas été supprimé. Code d'erreur : 26004
[AVERTISSEMENT] Impossible de trouver le fichier source.
[REMARQUE] Tentative en cours d'exécuter l'action à l'aide de la bibliothèque ARK.
[AVERTISSEMENT] Erreur dans la bibliothèque ARK
Fin de la recherche : dimanche 25 avril 2010 16:26
Temps nécessaire: 1:06:18 Heure(s)
La recherche a été effectuée intégralement
22235 Les répertoires ont été contrôlés
294701 Des fichiers ont été contrôlés
1 Des virus ou programmes indésirables ont été trouvés
0 Des fichiers ont été classés comme suspects
0 Des fichiers ont été supprimés
0 Des virus ou programmes indésirables ont été réparés
0 Les fichiers ont été déplacés dans la quarantaine
0 Les fichiers ont été renommés
3 Impossible de contrôler des fichiers
294697 Fichiers non infectés
3314 Les archives ont été contrôlées
3 Avertissements
3 Consignes
99533 Des objets ont été contrôlés lors du Rootkitscan
7 Des objets cachés ont été trouvés
- palmalrouge
- Apprenti(e)
- Messages: 35
- Inscription: 25 Avr 2010 16:08
Re: virus rootkit gen
le 26 Avr 2010 20:40
re,
très bien, cela confirme ce que j'ai trouvé...
par contre, ce n'est pas le rapport Antivir que je voulais (même si il m'est utilile)
mais je voulais celui générer par cette procédure
C'est une amie qui développe Report_Antivir.exe et il est très utile dans ce genre de désinfection, en plus cela l'aidera à voir si le code de son outil fonctionne bien, donc il me faudrait ce rapport stp...
je te prépare un script de désinfection avec OTL, si celui ci échoue, on sortira la grosse artillerie
très bien, cela confirme ce que j'ai trouvé...
par contre, ce n'est pas le rapport Antivir que je voulais (même si il m'est utilile)
mais je voulais celui générer par cette procédure
Télécharge Report_Antivir.exe de Laddy sur ton bureau, double clic dessus pour l'exécuter.
Rends toi sur l'onglet Avertissements, choisis le nombre 20 jours dans le menu déroulant .
Clic sur le bouton Exécuter pour lancer le Scan. Patiente le rapport va s'ouvrir...
Copie/colle le rapport dans ta prochaine réponse.
C'est une amie qui développe Report_Antivir.exe et il est très utile dans ce genre de désinfection, en plus cela l'aidera à voir si le code de son outil fonctionne bien, donc il me faudrait ce rapport stp...
je te prépare un script de désinfection avec OTL, si celui ci échoue, on sortira la grosse artillerie
-
jeanmimigab - PC-Infopraticien
- Messages: 2986
- Inscription: 29 Nov 2009 12:05
Re: virus rootkit gen
le 26 Avr 2010 20:56
j'arrive pas à le lancer, lorsque je mets 20 jours et que je clique sur executer rien ne se passe
- palmalrouge
- Apprenti(e)
- Messages: 35
- Inscription: 25 Avr 2010 16:08
Re: virus rootkit gen
le 26 Avr 2010 21:00
voila ce que j'obtiens :
Report_Antivir v1.0 BY Laddy - [1]
Début le 26/04/2010 à 21:57.
OS : Windows Vista (TM) Home Basic Service Pack 2 - 32bits
Utilisateur amandine : Utilisateur compte limité
Lancement : C:\Users\amandine\Downloads\Report_Antivir(3).exe
Antivirus : Avira AntiVir Personal - Free Antivirus v. 9.00.00.75 Derniere maj : (26/04/2010 19:06:05) [A jour]
Mode : 20 jours
################ Début du rapport
Report_Antivir v1.0 BY Laddy - [1]
Début le 26/04/2010 à 21:57.
OS : Windows Vista (TM) Home Basic Service Pack 2 - 32bits
Utilisateur amandine : Utilisateur compte limité
Lancement : C:\Users\amandine\Downloads\Report_Antivir(3).exe
Antivirus : Avira AntiVir Personal - Free Antivirus v. 9.00.00.75 Derniere maj : (26/04/2010 19:06:05) [A jour]
Mode : 20 jours
################ Début du rapport
- palmalrouge
- Apprenti(e)
- Messages: 35
- Inscription: 25 Avr 2010 16:08
Re: virus rootkit gen
le 26 Avr 2010 21:28
Ok, merci pour l'info...
Relance OTL.exe et fais un copier/coller de cette citation dans le cadre "Personnalisation" et clique sur "correction",
cela va générer un rapport, poste le pour voir si la suppression du rootkit à réussi
Relance OTL.exe et fais un copier/coller de cette citation dans le cadre "Personnalisation" et clique sur "correction",
:OTL
[2010/04/11 11:04:54 | 000,823,808 | ---- | C] () -- C:\Windows\System32\drivers\sbqlnku.sys
:REG
[-HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sbqlnku]
[-HKEY_LOCAL_MACHINE\System\ControlSet001\Services\sbqlnku]
:commands
[Emptytemp]
cela va générer un rapport, poste le pour voir si la suppression du rootkit à réussi
-
jeanmimigab - PC-Infopraticien
- Messages: 2986
- Inscription: 29 Nov 2009 12:05
Re: virus rootkit gen
le 26 Avr 2010 22:12
voici :
ll processes killed
========== OTL ==========
File move failed. C:\Windows\System32\drivers\sbqlnku.sys scheduled to be moved on reboot.
========== REGISTRY ==========
Registry key HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sbqlnku\ not found.
Registry key HKEY_LOCAL_MACHINE\System\ControlSet001\Services\sbqlnku\ not found.
========== COMMANDS ==========
[EMPTYTEMP]
User: All Users
User: amandine
->Temp folder emptied: 74258417 bytes
->Temporary Internet Files folder emptied: 22478540 bytes
->FireFox cache emptied: 42512728 bytes
->Flash cache emptied: 2007895 bytes
User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes
->Flash cache emptied: 41620 bytes
User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes
User: Public
%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 5388870 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 0 bytes
RecycleBin emptied: 0 bytes
Total Files Cleaned = 140,00 mb
OTL by OldTimer - Version 3.2.3.0 log created on 04262010_230202
Files\Folders moved on Reboot...
File move failed. C:\Windows\System32\drivers\sbqlnku.sys scheduled to be moved on reboot.
C:\Users\amandine\AppData\Local\Temp\Google Toolbar\GoogleToolbarWelcome.log moved successfully.
File\Folder C:\Users\amandine\AppData\Local\Temp\~DF6B5C.tmp not found!
File\Folder C:\Users\amandine\AppData\Local\Temp\~DF6D24.tmp not found!
File\Folder C:\Users\amandine\AppData\Local\Temp\~DF6E3E.tmp not found!
File\Folder C:\Users\amandine\AppData\Local\Temp\~DF6EB4.tmp not found!
File\Folder C:\Users\amandine\AppData\Local\Temp\~DF706C.tmp not found!
File\Folder C:\Users\amandine\AppData\Local\Temp\~DF70BC.tmp not found!
C:\Users\amandine\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\SuggestedSites.dat moved successfully.
C:\Users\amandine\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\XOJ0AG61\virus-rootkit-gen-vt-50830[1].html moved successfully.
C:\Users\amandine\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\G6IQV5ID\ads[3].htm moved successfully.
C:\Users\amandine\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\G09TFYEB\ads[3].htm moved successfully.
C:\Users\amandine\AppData\Local\Microsoft\Windows\Temporary Internet Files\AntiPhishing\2CEDBFBC-DBA8-43AA-B1FD-CC8E6316E3E2.dat moved successfully.
Registry entries deleted on Reboot...
ll processes killed
========== OTL ==========
File move failed. C:\Windows\System32\drivers\sbqlnku.sys scheduled to be moved on reboot.
========== REGISTRY ==========
Registry key HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sbqlnku\ not found.
Registry key HKEY_LOCAL_MACHINE\System\ControlSet001\Services\sbqlnku\ not found.
========== COMMANDS ==========
[EMPTYTEMP]
User: All Users
User: amandine
->Temp folder emptied: 74258417 bytes
->Temporary Internet Files folder emptied: 22478540 bytes
->FireFox cache emptied: 42512728 bytes
->Flash cache emptied: 2007895 bytes
User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes
->Flash cache emptied: 41620 bytes
User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes
User: Public
%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 5388870 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 0 bytes
RecycleBin emptied: 0 bytes
Total Files Cleaned = 140,00 mb
OTL by OldTimer - Version 3.2.3.0 log created on 04262010_230202
Files\Folders moved on Reboot...
File move failed. C:\Windows\System32\drivers\sbqlnku.sys scheduled to be moved on reboot.
C:\Users\amandine\AppData\Local\Temp\Google Toolbar\GoogleToolbarWelcome.log moved successfully.
File\Folder C:\Users\amandine\AppData\Local\Temp\~DF6B5C.tmp not found!
File\Folder C:\Users\amandine\AppData\Local\Temp\~DF6D24.tmp not found!
File\Folder C:\Users\amandine\AppData\Local\Temp\~DF6E3E.tmp not found!
File\Folder C:\Users\amandine\AppData\Local\Temp\~DF6EB4.tmp not found!
File\Folder C:\Users\amandine\AppData\Local\Temp\~DF706C.tmp not found!
File\Folder C:\Users\amandine\AppData\Local\Temp\~DF70BC.tmp not found!
C:\Users\amandine\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\SuggestedSites.dat moved successfully.
C:\Users\amandine\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\XOJ0AG61\virus-rootkit-gen-vt-50830[1].html moved successfully.
C:\Users\amandine\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\G6IQV5ID\ads[3].htm moved successfully.
C:\Users\amandine\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\G09TFYEB\ads[3].htm moved successfully.
C:\Users\amandine\AppData\Local\Microsoft\Windows\Temporary Internet Files\AntiPhishing\2CEDBFBC-DBA8-43AA-B1FD-CC8E6316E3E2.dat moved successfully.
Registry entries deleted on Reboot...
- palmalrouge
- Apprenti(e)
- Messages: 35
- Inscription: 25 Avr 2010 16:08
Re: virus rootkit gen
le 26 Avr 2010 22:18
re,
peux tu aller jusqu'au dossier c:\windows\system32\driver >> ensuite tu fais un clic-droit sur le dossier "driver" et tu choisis "contrôler les fichiers sélectionnés avec Antivir" pour voir si le rootkit est toujours détecté, dit moi ce que donne le scan
peux tu aller jusqu'au dossier c:\windows\system32\driver >> ensuite tu fais un clic-droit sur le dossier "driver" et tu choisis "contrôler les fichiers sélectionnés avec Antivir" pour voir si le rootkit est toujours détecté, dit moi ce que donne le scan
-
jeanmimigab - PC-Infopraticien
- Messages: 2986
- Inscription: 29 Nov 2009 12:05
Sujets similaires
[Résolu] comment utiliser operaBonjour J'ai installé opera, je n'arrive pas à le mettre en français ? Il y a aussi la page d'accueil qui me gêne, pleine de petites fenêtres qui ne m'intéressèrent pas. Merci
Réponses: 17
Aide suite à une analyse FRST contre un virus vbc.exeBonjour tout le monde, J'ai récemment constaté que j'étais infecté par un virus lié à vbc.exe, ce qui entraîne une utilisation du CPU allant jusqu'à 30% voire 40%. J'ai donc effectué mes analyses FRST et voici les rapports obtenus : - FRST.txt: https://pjjoint.malekal.com/files.php?id=FRST_20240315_ ...
Réponses: 3
[Résolu] Impossible lancer Windows défender hors ligne WIN10Salut à vous j'ai voulu lancer Windows Defender hors ligne et malgré plusieurs tentatives et démarrages, il ne se passe rien je suis allé sur mon disque dur C où est installé Windows Defender et puis sur offline j'ai cliqué sur en administrateur : OfflineScannerShellet voici le message Je précis ...
Réponses: 64
[Réglé] Petite vérification virusSalut Heravles ,Merci et bonne année a toi également et aussi a toute ta famille.Oui désolé j'ai pas fais attention quand j'ai téléchargé le logiciel alors que je sais très bien qu'il fallait le faire sur le bureau. Je ferais plus attention la prochaine fois.Nickel si mon Pc et pas infecté.Je t'envo ...
Réponses: 5
mot de pass [Résolu]bonjour quand j'allume le pc il demande un mot de passe et option de connexion ..comment je peu supprimé ça pour que l'ordi s'allume sans cet option ...si y a moyen ça sera bien ps: installation Windows car j'ai remplacé mon DD par un SSD ce week-endmerci
Réponses: 23
[Résolu]Paramètrage de mon profilBonjour, Lorsque je veux ajouter une signature dans mon profil ==> Modifier la signature, la visualisation de celle-ci se fait bien mais lorsque je valide, rien apparait sous mes messages. Il y a t-il un temps de délai pour voir apparaitre ma signature en bas de mes messages (normalement cela do ...
Réponses: 4
Qui est en ligne
Utilisateurs parcourant ce forum: Aucun utilisateur enregistré et 9 invités
|
.: Nous contacter :: Flux RSS :: Données personnelles :. |