Pop-up IE CID : virus ? [Résolu]

Keitaro974

25 Mars 2009 15:06:57

Salut tout le monde !
Alors voila je vous expose mon problème, j'ai réinstaller Vista il y'a 3 jours et j'ai déjà un problème de pop-up IE, alors que j'utilise Firefox, j'ai fait un scan Avira et un scan Spybot, mais ils ne trouvent rien.

Je fais un C/C du scan Hijackthis :

Citation :

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 11:04:55, on 2009-03-25
Platform: Windows Vista (WinNT 6.00.1904)
MSIE: Internet Explorer v7.00 (7.00.6000.16809)
Boot mode: Normal

Running processes:
C:\Program Files (x86)\ASUS\SmartLogon\sensorsrv.exe
C:\Program Files (x86)\ASUS\Direct Console\DCHelper.exe
C:\Program Files (x86)\ASUS\ASUS Live Update\ALU.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\ATKOSD2\ATKOSD2.exe
C:\Program Files (x86)\ASUS\ATK Media\DMedia.exe
C:\Program Files (x86)\ASUS\Direct Console\Direct Console.exe
C:\Program Files (x86)\Unlocker\UnlockerAssistant.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Program Files\WIDCOMM\Bluetooth Software\BluetoothHeadsetProxy.exe
C:\Users\Mario\AppData\Local\Google\Update\GoogleUpdate.exe
C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe
C:\Program Files (x86)\Windows Live\Contacts\wlcomm.exe
C:\Program Files (x86)\Avira\AntiVir PersonalEdition Classic\avgnt.exe
C:\Program Files (x86)\Mozilla Firefox\firefox.exe
C:\Program Files (x86)\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
F2 - REG:system.ini: UserInit=userinit.exe
O1 - Hosts: ::1 localhost
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files (x86)\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O4 - HKLM\..\Run: [ATKOSD2] "C:\Program Files\ATKOSD2\ATKOSD2.exe"
O4 - HKLM\..\Run: [ATKMEDIA] "C:\Program Files (x86)\ASUS\ATK Media\DMEDIA.EXE"
O4 - HKLM\..\Run: [DirectConsole2] C:\Program Files (x86)\ASUS\Direct Console\Direct Console.exe
O4 - HKLM\..\Run: [UnlockerAssistant] "C:\Program Files (x86)\Unlocker\UnlockerAssistant.exe"
O4 - HKLM\..\Run: [avgnt] "C:\Program Files (x86)\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [BuildCorn] "C:\ProgramData\Heck Gram Gram.mui999"
O4 - HKCU\..\Run: [MODE FREE BIRD SURF] "C:\ProgramData\dog chic settings.sxt8ilh"
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE')
O4 - Global Startup: Bluetooth.lnk = ?
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files (x86)\Spybot - Search & Destroy\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files (x86)\Spybot - Search & Destroy\SDHelper.dll
O13 - Gopher Prefix:
O23 - Service: ADSM Service (ADSMService) - Unknown owner - C:\Program Files\ASUS\ASUS Data Security Manager\ADSMSrv.exe
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
O23 - Service: Planificateur Avira AntiVir Personal - Free Antivirus (AntiVirScheduler) - Avira GmbH - C:\Program Files (x86)\Avira\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: Avira AntiVir Personal - Free Antivirus Guard (AntiVirService) - Avira GmbH - C:\Program Files (x86)\Avira\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: ASLDR Service (ASLDRService) - Unknown owner - C:\Program Files (x86)\ATK Hotkey\ASLDRSrv.exe
O23 - Service: ATKGFNEX Service (ATKGFNEXSrv) - Unknown owner - C:\Program Files\ATKGFNEX\GFNEXSrv.exe
O23 - Service: Service Bonjour (Bonjour Service) - Apple Inc. - C:\Program Files (x86)\Bonjour\mDNSResponder.exe
O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
O23 - Service: @dfsrres.dll,-101 (DFSR) - Unknown owner - C:\Windows\system32\DFSR.exe (file missing)
O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing)
O23 - Service: Service de l’iPod (iPod Service) - Apple Inc. - C:\Program Files (x86)\iPod\bin\iPodService.exe
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: NVIDIA Display Driver Service (nvsvc) - Unknown owner - C:\Windows\system32\nvvsvc.exe (file missing)
O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: SBSD Security Center Service (SBSDWSCService) - Safer Networking Ltd. - C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe
O23 - Service: @%SystemRoot%\system32\SLsvc.exe,-101 (slsvc) - Unknown owner - C:\Windows\system32\SLsvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)
O23 - Service: spmgr - Unknown owner - C:\Program Files\ASUS\NB Probe\SPM\spmgr.exe
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
O23 - Service: @%SystemRoot%\System32\TuneUpDefragService.exe,-1 (TuneUp.Defrag) - Unknown owner - C:\Windows\System32\TuneUpDefragService.exe (file missing)
O23 - Service: @%SystemRoot%\System32\TUProgSt.exe,-1 (TuneUp.ProgramStatisticsSvc) - Unknown owner - C:\Windows\System32\TUProgSt.exe (file missing)
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%ProgramFiles%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)

--
End of file - 8356 bytes

Voila, merci d'avance à tous ceux qui s'intéresseront a mon problème !

Autres pages sur : pop cid virus resolu

| Etre averti des réponses
| Alerter

Répondre à Keitaro974

Destrio5

25 Mars 2009 15:09:57

Salut,

Infection Lop, tu n'aurais pas installé le sponsor de Messenger Plus par hasard ?

| Alerter

Répondre à Destrio5

Keitaro974

25 Mars 2009 15:11:51

Je crois pas mais comme j'ai tout réinstaller à la va-vite c'est possible ! Je le supprime comment ?

EDIT : J'ai désinstaller le sponsor MSN Plus, je sais pas si ça suffit pour en être débarrassé, pour le moment ça à l'air bon.

| Alerter

Répondre à Keitaro974

Destrio5

25 Mars 2009 15:29:01

Fais ceci :

Télécharge Random's System Information Tool (RSIT) (par random/random) sur ton Bureau.

Double-clique sur RSIT.exe afin de lancer le programme.
(Sous Vista, il faut cliquer droit sur RSIT.exe et choisir Exécuter en tant qu'administrateur)

Clique sur Continue à l'écran Disclaimer.

Si l'outil HijackThis (version à jour) n'est pas présent ou non détecté sur l'ordinateur, RSIT le téléchargera (autorise l'accès dans ton pare-feu, si demandé) et tu devras accepter la licence.

Lorsque l'analyse sera terminée, deux fichiers texte s'ouvriront. Poste le contenu de log.txt (c'est celui qui apparaît à l'écran) ainsi que de info.txt (que tu verras dans la barre des tâches).

Note : les rapports sont sauvegardés dans le dossier C:\rsit.

| Alerter

Répondre à Destrio5

Keitaro974

25 Mars 2009 15:57:33

Voila :

Log

Citation :

Logfile of random's system information tool 1.06 (written by random/random)
Run by Mario at 2009-03-25 11:55:21
Microsoft® Windows Vista™ Ultimate
System drive C: has 58 GB (55%) free of 105 GB
Total RAM: 4094 MB (47% free)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 11:55:28, on 2009-03-25
Platform: Windows Vista (WinNT 6.00.1904)
MSIE: Internet Explorer v7.00 (7.00.6000.16809)
Boot mode: Normal

Running processes:
C:\Program Files (x86)\ASUS\SmartLogon\sensorsrv.exe
C:\Program Files (x86)\ASUS\Direct Console\DCHelper.exe
C:\Program Files (x86)\ASUS\ASUS Live Update\ALU.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\ATKOSD2\ATKOSD2.exe
C:\Program Files (x86)\ASUS\ATK Media\DMedia.exe
C:\Program Files (x86)\ASUS\Direct Console\Direct Console.exe
C:\Program Files (x86)\Unlocker\UnlockerAssistant.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Program Files\WIDCOMM\Bluetooth Software\BluetoothHeadsetProxy.exe
C:\Users\Mario\AppData\Local\Google\Update\GoogleUpdate.exe
C:\Program Files (x86)\Avira\AntiVir PersonalEdition Classic\avgnt.exe
C:\Program Files (x86)\Mozilla Firefox\firefox.exe
C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe
C:\Program Files (x86)\Windows Live\Contacts\wlcomm.exe
C:\Users\Mario\Desktop\Ad-AwareAE.exe
C:\Users\Mario\AppData\Local\Temp\miaB0A2.tmp\Ad-AwareAE.exe
C:\Users\Mario\Desktop\RSIT.exe
C:\Program Files (x86)\Trend Micro\HijackThis\Mario.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
F2 - REG:system.ini: UserInit=userinit.exe
O1 - Hosts: ::1 localhost
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files (x86)\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O4 - HKLM\..\Run: [ATKOSD2] "C:\Program Files\ATKOSD2\ATKOSD2.exe"
O4 - HKLM\..\Run: [ATKMEDIA] "C:\Program Files (x86)\ASUS\ATK Media\DMEDIA.EXE"
O4 - HKLM\..\Run: [DirectConsole2] C:\Program Files (x86)\ASUS\Direct Console\Direct Console.exe
O4 - HKLM\..\Run: [UnlockerAssistant] "C:\Program Files (x86)\Unlocker\UnlockerAssistant.exe"
O4 - HKLM\..\Run: [avgnt] "C:\Program Files (x86)\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [BuildCorn] "C:\ProgramData\Heck Gram Gram.7cyil"
O4 - HKCU\..\Run: [MODE FREE BIRD SURF] "C:\ProgramData\dog chic settings.sxt8ilh"
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE')
O4 - Global Startup: Bluetooth.lnk = ?
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files (x86)\Spybot - Search & Destroy\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files (x86)\Spybot - Search & Destroy\SDHelper.dll
O13 - Gopher Prefix:
O23 - Service: ADSM Service (ADSMService) - Unknown owner - C:\Program Files\ASUS\ASUS Data Security Manager\ADSMSrv.exe
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
O23 - Service: Planificateur Avira AntiVir Personal - Free Antivirus (AntiVirScheduler) - Avira GmbH - C:\Program Files (x86)\Avira\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: Avira AntiVir Personal - Free Antivirus Guard (AntiVirService) - Avira GmbH - C:\Program Files (x86)\Avira\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: ASLDR Service (ASLDRService) - Unknown owner - C:\Program Files (x86)\ATK Hotkey\ASLDRSrv.exe
O23 - Service: ATKGFNEX Service (ATKGFNEXSrv) - Unknown owner - C:\Program Files\ATKGFNEX\GFNEXSrv.exe
O23 - Service: Service Bonjour (Bonjour Service) - Apple Inc. - C:\Program Files (x86)\Bonjour\mDNSResponder.exe
O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
O23 - Service: @dfsrres.dll,-101 (DFSR) - Unknown owner - C:\Windows\system32\DFSR.exe (file missing)
O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing)
O23 - Service: Service de l’iPod (iPod Service) - Apple Inc. - C:\Program Files (x86)\iPod\bin\iPodService.exe
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: NVIDIA Display Driver Service (nvsvc) - Unknown owner - C:\Windows\system32\nvvsvc.exe (file missing)
O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: SBSD Security Center Service (SBSDWSCService) - Safer Networking Ltd. - C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe
O23 - Service: @%SystemRoot%\system32\SLsvc.exe,-101 (slsvc) - Unknown owner - C:\Windows\system32\SLsvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)
O23 - Service: spmgr - Unknown owner - C:\Program Files\ASUS\NB Probe\SPM\spmgr.exe
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
O23 - Service: @%SystemRoot%\System32\TuneUpDefragService.exe,-1 (TuneUp.Defrag) - Unknown owner - C:\Windows\System32\TuneUpDefragService.exe (file missing)
O23 - Service: @%SystemRoot%\System32\TUProgSt.exe,-1 (TuneUp.ProgramStatisticsSvc) - Unknown owner - C:\Windows\System32\TUProgSt.exe (file missing)
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%ProgramFiles%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)

--
End of file - 8484 bytes

======Scheduled tasks folder======

C:\Windows\tasks\1-Click Maintenance.job
C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-2152431541-39022245-1922293204-1000.job

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}]
Adobe PDF Reader Link Helper - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll [2006-10-22 62080]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{53707962-6F74-2D53-2644-206D7942484F}]
Spybot-S&D IE Protection - C:\Program Files (x86)\Spybot - Search & Destroy\SDHelper.dll [2009-01-26 1879896]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9030D464-4C02-4ABF-8ECC-5164760863C6}]
Programme d'aide de l'Assistant de connexion Windows Live - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2009-01-22 408448]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"ATKOSD2"=C:\Program Files\ATKOSD2\ATKOSD2.exe [2008-01-23 7766016]
"ATKMEDIA"=C:\Program Files (x86)\ASUS\ATK Media\DMEDIA.EXE [2006-11-02 61440]
"DirectConsole2"=C:\Program Files (x86)\ASUS\Direct Console\Direct Console.exe [2008-06-06 2701880]
"UnlockerAssistant"=C:\Program Files (x86)\Unlocker\UnlockerAssistant.exe [2008-05-02 15872]
"avgnt"=C:\Program Files (x86)\Avira\AntiVir PersonalEdition Classic\avgnt.exe [2008-06-12 266497]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"=C:\Program Files\Windows Sidebar\sidebar.exe [2009-03-23 1554432]
"BuildCorn"=C:\ProgramData\Heck Gram Gram.7cyil [2009-03-25 102416]
"MODE FREE BIRD SURF"=C:\ProgramData\dog chic settings.sxt8ilh [2009-03-23 135184]
"SpybotSD TeaTimer"=C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe [2009-01-26 2144088]

C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup
Bluetooth.lnk - C:\Program Files (x86)\WIDCOMM\Bluetooth Software\BTTray.exe

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoActiveDesktop"=
"NoActiveDesktopChanges"=
"ForceActiveDesktopOn"=

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{747f474e-17f8-11de-ac1d-806e6f6e6963}]
shell\AutoRun\command - G:\setup.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{cb938c1f-17ea-11de-9b5b-806e6f6e6963}]
shell\AutoRun\command - G:\setup.exe

======List of files/folders created in the last 1 months======

2009-03-25 11:55:21 ----D---- C:\rsit
2009-03-25 11:53:59 ----D---- C:\ProgramData\Lavasoft
2009-03-25 11:53:59 ----D---- C:\Program Files (x86)\Lavasoft
2009-03-25 11:53:15 ----DC---- C:\ProgramData\{7972B2E5-3E09-4E5E-81B7-FE5819D6772F}
2009-03-25 11:29:54 ----D---- C:\perflogs
2009-03-25 11:04:46 ----D---- C:\Program Files (x86)\Trend Micro
2009-03-25 10:57:09 ----D---- C:\ProgramData\Avira
2009-03-25 10:57:09 ----D---- C:\Program Files (x86)\Avira
2009-03-25 03:02:54 ----A---- C:\Windows\system32\setupapi.dll
2009-03-25 03:02:23 ----A---- C:\Windows\system32\srclient.dll
2009-03-25 03:02:18 ----A---- C:\Windows\system32\drvinst.exe
2009-03-25 03:02:18 ----A---- C:\Windows\system32\cfgmgr32.dll
2009-03-25 03:02:17 ----A---- C:\Windows\system32\unlodctr.exe
2009-03-25 03:02:17 ----A---- C:\Windows\system32\prflbmsg.dll
2009-03-25 03:02:17 ----A---- C:\Windows\system32\oleaut32.dll
2009-03-25 03:02:17 ----A---- C:\Windows\system32\lodctr.exe
2009-03-25 03:02:17 ----A---- C:\Windows\system32\loadperf.dll
2009-03-25 03:02:17 ----A---- C:\Windows\system32\kbd106n.dll
2009-03-25 03:02:14 ----A---- C:\Windows\system32\nshhttp.dll
2009-03-25 03:02:14 ----A---- C:\Windows\system32\f3ahvoas.dll
2009-03-25 03:02:14 ----A---- C:\Windows\system32\dpx.dll
2009-03-25 03:00:41 ----A---- C:\Windows\system32\es.dll
2009-03-24 03:15:53 ----A---- C:\Windows\system32\win32spl.dll
2009-03-24 03:15:53 ----A---- C:\Windows\system32\printcom.dll
2009-03-24 03:15:17 ----A---- C:\Windows\system32\Apphlpdm.dll
2009-03-24 03:15:15 ----A---- C:\Windows\system32\GameUXLegacyGDFs.dll
2009-03-24 03:15:15 ----A---- C:\Windows\system32\gameux.dll
2009-03-24 03:13:40 ----A---- C:\Windows\system32\ieUnatt.exe
2009-03-24 03:13:40 ----A---- C:\Windows\system32\advpack.dll
2009-03-24 03:13:39 ----A---- C:\Windows\system32\ieapfltr.dll
2009-03-24 03:13:38 ----A---- C:\Windows\system32\wininet.dll
2009-03-24 03:13:38 ----A---- C:\Windows\system32\jsproxy.dll
2009-03-24 03:13:37 ----A---- C:\Windows\system32\dxtrans.dll
2009-03-24 03:13:37 ----A---- C:\Windows\system32\dxtmsft.dll
2009-03-24 03:13:35 ----A---- C:\Windows\system32\msfeeds.dll
2009-03-24 03:13:34 ----A---- C:\Windows\system32\ieui.dll
2009-03-24 03:13:33 ----A---- C:\Windows\system32\ieframe.dll
2009-03-24 03:13:29 ----A---- C:\Windows\system32\mshtmled.dll
2009-03-24 03:13:28 ----A---- C:\Windows\system32\mshtml.dll
2009-03-24 03:13:25 ----A---- C:\Windows\system32\mstime.dll
2009-03-24 03:13:24 ----A---- C:\Windows\system32\icardie.dll
2009-03-24 03:13:21 ----A---- C:\Windows\system32\urlmon.dll
2009-03-24 03:13:20 ----A---- C:\Windows\system32\pngfilt.dll
2009-03-24 03:13:20 ----A---- C:\Windows\system32\iertutil.dll
2009-03-24 03:13:19 ----A---- C:\Windows\system32\iesetup.dll
2009-03-24 03:13:19 ----A---- C:\Windows\system32\iernonce.dll
2009-03-24 03:13:19 ----A---- C:\Windows\system32\ie4uinit.exe
2009-03-24 03:11:29 ----A---- C:\Windows\system32\schannel.dll
2009-03-24 03:11:19 ----A---- C:\Windows\system32\gdi32.dll
2009-03-24 03:09:47 ----A---- C:\Windows\system32\NlsLexicons0046.dll
2009-03-24 03:09:47 ----A---- C:\Windows\system32\NlsLexicons0045.dll
2009-03-24 03:09:46 ----A---- C:\Windows\system32\NlsLexicons0049.dll
2009-03-24 03:09:46 ----A---- C:\Windows\system32\NlsLexicons0047.dll
2009-03-24 03:09:45 ----A---- C:\Windows\system32\NlsLexicons0039.dll
2009-03-24 03:09:45 ----A---- C:\Windows\system32\NlsLexicons0020.dll
2009-03-24 03:09:44 ----A---- C:\Windows\system32\NlsLexicons0021.dll
2009-03-24 03:09:43 ----A---- C:\Windows\system32\NlsLexicons0022.dll
2009-03-24 03:09:40 ----A---- C:\Windows\system32\NlsLexicons0024.dll
2009-03-24 03:09:38 ----A---- C:\Windows\system32\NlsLexicons0026.dll
2009-03-24 03:09:36 ----A---- C:\Windows\system32\NlsLexicons0027.dll
2009-03-24 03:09:35 ----A---- C:\Windows\system32\NlsLexicons0011.dll
2009-03-24 03:09:35 ----A---- C:\Windows\system32\NlsLexicons0010.dll
2009-03-24 03:09:33 ----A---- C:\Windows\system32\NlsLexicons0013.dll
2009-03-24 03:09:32 ----A---- C:\Windows\system32\NlsLexicons0019.dll
2009-03-24 03:09:32 ----A---- C:\Windows\system32\NlsLexicons0018.dll
2009-03-24 03:09:29 ----A---- C:\Windows\system32\NlsLexicons0001.dll
2009-03-24 03:09:28 ----A---- C:\Windows\system32\NlsLexicons0003.dll
2009-03-24 03:09:28 ----A---- C:\Windows\system32\NlsLexicons0002.dll
2009-03-24 03:09:24 ----A---- C:\Windows\system32\NlsLexicons0009.dll
2009-03-24 03:09:24 ----A---- C:\Windows\system32\NlsLexicons0007.dll
2009-03-24 03:09:23 ----A---- C:\Windows\system32\NlsLexicons004b.dll
2009-03-24 03:09:23 ----A---- C:\Windows\system32\NlsLexicons004a.dll
2009-03-24 03:09:22 ----A---- C:\Windows\system32\NlsLexicons004e.dll
2009-03-24 03:09:22 ----A---- C:\Windows\system32\NlsLexicons004c.dll
2009-03-24 03:09:21 ----A---- C:\Windows\system32\NlsLexicons003e.dll
2009-03-24 03:09:21 ----A---- C:\Windows\system32\NlsLexicons002a.dll
2009-03-24 03:09:20 ----A---- C:\Windows\system32\NlsLexicons001a.dll
2009-03-24 03:09:19 ----A---- C:\Windows\system32\NlsLexicons001b.dll
2009-03-24 03:09:18 ----A---- C:\Windows\system32\NlsLexicons001d.dll
2009-03-24 03:09:16 ----A---- C:\Windows\system32\NlsLexicons000a.dll
2009-03-24 03:09:15 ----A---- C:\Windows\system32\NlsLexicons000d.dll
2009-03-24 03:09:15 ----A---- C:\Windows\system32\NlsLexicons000c.dll
2009-03-24 03:09:13 ----A---- C:\Windows\system32\NlsLexicons000f.dll
2009-03-24 03:09:12 ----A---- C:\Windows\system32\NlsLexicons0414.dll
2009-03-24 03:09:11 ----A---- C:\Windows\system32\NlsLexicons0416.dll
2009-03-24 03:09:10 ----A---- C:\Windows\system32\NlsLexicons0816.dll
2009-03-24 03:09:08 ----A---- C:\Windows\system32\NlsLexicons081a.dll
2009-03-24 03:09:07 ----A---- C:\Windows\system32\NlsModels0011.dll
2009-03-24 03:09:06 ----A---- C:\Windows\system32\NlsData0046.dll
2009-03-24 03:09:06 ----A---- C:\Windows\system32\NlsData0045.dll
2009-03-24 03:09:05 ----A---- C:\Windows\system32\NlsData0049.dll
2009-03-24 03:09:05 ----A---- C:\Windows\system32\NlsData0047.dll
2009-03-24 03:09:04 ----A---- C:\Windows\system32\NlsData0039.dll
2009-03-24 03:09:04 ----A---- C:\Windows\system32\NlsData0020.dll
2009-03-24 03:09:03 ----A---- C:\Windows\system32\NlsData0022.dll
2009-03-24 03:09:03 ----A---- C:\Windows\system32\NlsData0021.dll
2009-03-24 03:09:02 ----A---- C:\Windows\system32\NlsData0026.dll
2009-03-24 03:09:02 ----A---- C:\Windows\system32\NlsData0024.dll
2009-03-24 03:09:01 ----A---- C:\Windows\system32\NlsData0027.dll
2009-03-24 03:09:00 ----A---- C:\Windows\system32\NlsData0010.dll
2009-03-24 03:08:59 ----A---- C:\Windows\system32\NlsData0013.dll
2009-03-24 03:08:59 ----A---- C:\Windows\system32\NlsData0011.dll
2009-03-24 03:08:58 ----A---- C:\Windows\system32\NlsData0018.dll
2009-03-24 03:08:57 ----A---- C:\Windows\system32\NlsData0000.dll
2009-03-24 03:08:56 ----A---- C:\Windows\system32\NlsData0019.dll
2009-03-24 03:08:56 ----A---- C:\Windows\system32\NlsData0001.dll
2009-03-24 03:08:55 ----A---- C:\Windows\system32\NlsData0002.dll
2009-03-24 03:08:54 ----A---- C:\Windows\system32\NlsData0007.dll
2009-03-24 03:08:54 ----A---- C:\Windows\system32\NlsData0003.dll
2009-03-24 03:08:52 ----A---- C:\Windows\system32\NlsData004a.dll
2009-03-24 03:08:52 ----A---- C:\Windows\system32\NlsData0009.dll
2009-03-24 03:08:51 ----A---- C:\Windows\system32\NlsData004c.dll
2009-03-24 03:08:51 ----A---- C:\Windows\system32\NlsData004b.dll
2009-03-24 03:08:50 ----A---- C:\Windows\system32\NlsData004e.dll
2009-03-24 03:08:49 ----A---- C:\Windows\system32\NlsData003e.dll
2009-03-24 03:08:49 ----A---- C:\Windows\system32\NlsData002a.dll
2009-03-24 03:08:48 ----A---- C:\Windows\system32\NlsData001b.dll
2009-03-24 03:08:48 ----A---- C:\Windows\system32\NlsData001a.dll
2009-03-24 03:08:46 ----A---- C:\Windows\system32\NlsData001d.dll
2009-03-24 03:08:45 ----A---- C:\Windows\system32\NlsData000c.dll
2009-03-24 03:08:45 ----A---- C:\Windows\system32\NlsData000a.dll
2009-03-24 03:08:44 ----A---- C:\Windows\system32\NlsData000f.dll
2009-03-24 03:08:44 ----A---- C:\Windows\system32\NlsData000d.dll
2009-03-24 03:08:43 ----A---- C:\Windows\system32\NlsData0414.dll
2009-03-24 03:08:42 ----A---- C:\Windows\system32\NlsData0416.dll
2009-03-24 03:08:42 ----A---- C:\Windows\system32\NaturalLanguage6.dll
2009-03-24 03:08:40 ----A---- C:\Windows\system32\NlsData081a.dll
2009-03-24 03:08:40 ----A---- C:\Windows\system32\NlsData0816.dll
2009-03-24 03:08:39 ----A---- C:\Windows\system32\NlsLexicons0c1a.dll
2009-03-24 03:08:38 ----A---- C:\Windows\system32\NlsData0c1a.dll
2009-03-24 03:01:58 ----A---- C:\Windows\system32\msxml6r.dll
2009-03-24 03:01:58 ----A---- C:\Windows\system32\msxml6.dll
2009-03-24 00:32:59 ----D---- C:\Program Files (x86)\AVG
2009-03-24 00:02:22 ----D---- C:\ProgramData\Spybot - Search & Destroy
2009-03-24 00:02:22 ----D---- C:\Program Files (x86)\Spybot - Search & Destroy
2009-03-23 22:43:34 ----A---- C:\Windows\system32\dnscacheugc.exe
2009-03-23 22:43:34 ----A---- C:\Windows\system32\dnsapi.dll
2009-03-23 22:40:32 ----A---- C:\Windows\system32\msxml3r.dll
2009-03-23 22:40:32 ----A---- C:\Windows\system32\msxml3.dll
2009-03-23 22:31:55 ----D---- C:\Program Files (x86)\Unlocker
2009-03-23 22:26:03 ----A---- C:\Windows\system32\WMASF.DLL
2009-03-23 22:26:03 ----A---- C:\Windows\system32\LAPRXY.DLL
2009-03-23 22:26:03 ----A---- C:\Windows\system32\asferror.dll
2009-03-23 22:24:33 ----D---- C:\Users\Mario\AppData\Roaming\GRETECH
2009-03-23 22:24:16 ----D---- C:\Program Files (x86)\Microsoft CAPICOM 2.1.0.2
2009-03-23 22:23:46 ----A---- C:\Windows\system32\INETRES.dll
2009-03-23 22:23:46 ----A---- C:\Windows\system32\inetcomm.dll
2009-03-23 22:15:42 ----A---- C:\Windows\system32\netfxperf.dll
2009-03-23 22:15:42 ----A---- C:\Windows\system32\dfshim.dll
2009-03-23 22:15:39 ----A---- C:\Windows\system32\mscories.dll
2009-03-23 22:15:39 ----A---- C:\Windows\system32\mscorier.dll
2009-03-23 22:15:39 ----A---- C:\Windows\system32\mscoree.dll
2009-03-23 21:54:49 ----A---- C:\Windows\system32\winipsec.dll
2009-03-23 21:54:49 ----A---- C:\Windows\system32\polstore.dll
2009-03-23 21:54:49 ----A---- C:\Windows\system32\FwRemoteSvr.dll
2009-03-23 21:54:29 ----A---- C:\Windows\system32\sbunattend.exe
2009-03-23 21:54:08 ----A---- C:\Windows\system32\explorer.exe
2009-03-23 21:54:08 ----A---- C:\Windows\explorer.exe
2009-03-23 21:53:06 ----A---- C:\Windows\system32\tzres.dll
2009-03-23 21:52:30 ----A---- C:\Windows\system32\wmpeffects.dll
2009-03-23 21:51:46 ----A---- C:\Windows\system32\rrinstaller.exe
2009-03-23 21:51:46 ----A---- C:\Windows\system32\mfps.dll
2009-03-23 21:51:46 ----A---- C:\Windows\system32\mfpmp.exe
2009-03-23 21:51:46 ----A---- C:\Windows\system32\mferror.dll
2009-03-23 21:51:46 ----A---- C:\Windows\system32\mf.dll
2009-03-23 21:51:45 ----A---- C:\Windows\system32\WMNetMgr.dll
2009-03-23 21:51:45 ----A---- C:\Windows\system32\logagent.exe
2009-03-23 21:51:44 ----A---- C:\Windows\system32\WMVCORE.DLL
2009-03-23 21:51:28 ----D---- C:\Program Files (x86)\Music AlarmClock v2
2009-03-23 21:51:11 ----A---- C:\Windows\system32\wshrm.dll
2009-03-23 21:50:44 ----A---- C:\Windows\system32\quartz.dll
2009-03-23 21:50:16 ----A---- C:\Windows\system32\tcpipcfg.dll
2009-03-23 21:50:16 ----A---- C:\Windows\system32\netiougc.exe
2009-03-23 21:48:35 ----A---- C:\Windows\system32\shell32.dll
2009-03-23 21:48:03 ----A---- C:\Windows\system32\WebClnt.dll
2009-03-23 21:47:55 ----A---- C:\Windows\system32\netapi32.dll
2009-03-23 21:28:55 ----A---- C:\Windows\system32\uxtuneup.dll
2009-03-23 21:28:55 ----A---- C:\Windows\system32\authuitu.dll
2009-03-23 21:28:35 ----D---- C:\Users\Mario\AppData\Roaming\TuneUp Software
2009-03-23 21:28:15 ----D---- C:\ProgramData\TuneUp Software
2009-03-23 21:28:15 ----D---- C:\Program Files (x86)\TuneUp Utilities 2009
2009-03-23 21:27:47 ----SHD---- C:\ProgramData\{55A29068-F2CE-456C-9148-C869879E2357}
2009-03-23 21:09:11 ----D---- C:\Program Files (x86)\CCleaner
2009-03-23 21:08:03 ----D---- C:\Program Files (x86)\GRETECH
2009-03-23 21:00:01 ----D---- C:\Users\Mario\AppData\Roaming\WinRAR
2009-03-23 20:53:10 ----D---- C:\Users\Mario\AppData\Roaming\Skype
2009-03-23 20:53:00 ----RD---- C:\Program Files (x86)\Skype
2009-03-23 20:52:56 ----D---- C:\ProgramData\Skype
2009-03-23 20:51:15 ----D---- C:\Program Files (x86)\WinRAR
2009-03-23 20:46:37 ----D---- C:\Users\Mario\AppData\Roaming\Apple Computer
2009-03-23 20:46:26 ----A---- C:\Windows\system32\GEARAspi.dll
2009-03-23 20:46:16 ----D---- C:\Program Files (x86)\iPod
2009-03-23 20:46:15 ----D---- C:\ProgramData\{CD649BED-8A0E-48BE-B3B6-0F5055BED534}
2009-03-23 20:46:15 ----D---- C:\Program Files (x86)\iTunes
2009-03-23 20:45:48 ----D---- C:\Program Files (x86)\Bonjour
2009-03-23 20:45:31 ----D---- C:\Program Files (x86)\QuickTime
2009-03-23 20:45:30 ----D---- C:\ProgramData\Apple Computer
2009-03-23 20:45:15 ----D---- C:\Program Files (x86)\Apple Software Update
2009-03-23 20:44:52 ----D---- C:\ProgramData\Apple
2009-03-23 20:44:52 ----D---- C:\Program Files (x86)\Common Files\Apple
2009-03-23 20:38:42 ----D---- C:\Program Files (x86)\Common Files\PX Storage Engine
2009-03-23 20:38:41 ----D---- C:\Users\Mario\AppData\Roaming\Winamp
2009-03-23 20:38:41 ----D---- C:\Program Files (x86)\Winamp
2009-03-23 20:34:52 ----D---- C:\ProgramData\beep axis mode free
2009-03-23 20:34:37 ----D---- C:\ProgramData\creativebalm
2009-03-23 20:34:27 ----D---- C:\Program Files (x86)\Messenger Plus! Live
2009-03-23 20:26:19 ----D---- C:\Program Files (x86)\Microsoft
2009-03-23 20:26:05 ----D---- C:\Program Files (x86)\Windows Live SkyDrive
2009-03-23 20:25:49 ----D---- C:\Program Files (x86)\Windows Live
2009-03-23 20:25:38 ----D---- C:\Windows\PCHEALTH
2009-03-23 20:23:35 ----D---- C:\Program Files (x86)\Common Files\Windows Live
2009-03-23 20:22:59 ----D---- C:\Users\Mario\AppData\Roaming\Macromedia
2009-03-23 20:22:59 ----D---- C:\Users\Mario\AppData\Roaming\Adobe
2009-03-23 20:21:07 ----D---- C:\Windows\system32\Macromed
2009-03-23 19:46:45 ----D---- C:\ProgramData\Kaspersky Lab
2009-03-23 19:42:02 ----D---- C:\ProgramData\Kaspersky Lab Setup Files
2009-03-23 19:40:26 ----D---- C:\Users\Mario\AppData\Roaming\Mozilla
2009-03-23 19:40:17 ----D---- C:\Program Files (x86)\Mozilla Firefox
2009-03-23 19:39:32 ----D---- C:\Windows\Panther
2009-03-23 19:39:19 ----RAS---- C:\BOOTSECT.BAK
2009-03-23 19:39:18 ----SHD---- C:\Boot
2009-03-23 19:27:18 ----D---- C:\ProgramData\Adobe
2009-03-23 19:27:15 ----D---- C:\Program Files (x86)\Common Files\Adobe
2009-03-23 19:27:15 ----D---- C:\Program Files (x86)\Adobe
2009-03-23 19:19:40 ----A---- C:\Windows\system32\capicom.dll
2009-03-23 19:19:28 ----D---- C:\ProgramData\Symantec
2009-03-23 19:19:09 ----D---- C:\Program Files (x86)\Common Files\Symantec Shared
2009-03-23 19:18:38 ----HD---- C:\ASUS.000
2009-03-23 19:18:31 ----HD---- C:\ASUS.SYS
2009-03-23 19:16:45 ----A---- C:\Windows\system32\ACEngSvr.exe
2009-03-23 19:15:46 ----D---- C:\ProgramData\P4G
2009-03-23 19:14:43 ----D---- C:\ProgramData\ASUS
2009-03-23 18:57:53 ----D---- C:\Windows\ITECIR
2009-03-23 18:56:54 ----A---- C:\Windows\system32\SynTPCOM.dll
2009-03-23 18:56:52 ----A---- C:\Windows\system32\SynCtrl.dll
2009-03-23 18:56:51 ----A---- C:\Windows\system32\SynCOM.dll
2009-03-23 18:53:50 ----D---- C:\ProgramData\NVIDIA
2009-03-23 18:35:48 ----D---- C:\Windows\system32\es-MX
2009-03-23 18:35:48 ----D---- C:\Windows\system32\es-AR
2009-03-23 18:34:52 ----SHD---- C:\Windows\Installer
2009-03-23 18:34:30 ----A---- C:\Windows\snuninst.exe
2009-03-23 18:34:30 ----A---- C:\Windows\snp2uvc.ini
2009-03-23 18:32:50 ----A---- C:\Windows\system32\wups.dll
2009-03-23 18:32:50 ----A---- C:\Windows\system32\wudriver.dll
2009-03-23 18:32:50 ----A---- C:\Windows\system32\wuapi.dll
2009-03-23 18:32:42 ----D---- C:\Program Files (x86)\Wireless Console 2
2009-03-23 18:32:39 ----A---- C:\Windows\system32\wuwebv.dll
2009-03-23 18:32:39 ----A---- C:\Windows\system32\wuapp.exe
2009-03-23 18:31:50 ----D---- C:\Windows\system32\RTCOM
2009-03-23 18:31:38 ----A---- C:\Windows\DIFxAPI.dll
2009-03-23 18:31:29 ----A---- C:\Windows\SkyTel.exe
2009-03-23 18:31:29 ----A---- C:\Windows\RtlUpd64.exe
2009-03-23 18:31:26 ----A---- C:\Windows\RAVCpl64.exe
2009-03-23 18:31:23 ----RA---- C:\Windows\RtlExUpd.dll
2009-03-23 18:31:23 ----A---- C:\Windows\HideWin.exe
2009-03-23 18:30:18 ----D---- C:\Program Files (x86)\Realtek
2009-03-23 18:25:11 ----D---- C:\Program Files (x86)\Common Files\InstallShield
2009-03-23 18:23:48 ----D---- C:\Program Files (x86)\ATK Hotkey
2009-03-23 18:22:59 ----HD---- C:\Program Files (x86)\InstallShield Installation Information
2009-03-23 18:13:40 ----D---- C:\Program Files (x86)\ASUS
2009-03-23 18:13:39 ----D---- C:\Users\Mario\AppData\Roaming\InstallShield
2009-03-23 18:10:59 ----RA---- C:\Windows\system32\CSVer.dll
2009-03-23 18:10:58 ----D---- C:\Program Files (x86)\Intel
2009-03-23 18:10:39 ----D---- C:\Intel
2009-03-23 16:43:28 ----D---- C:\Windows\SoftwareDistribution
2009-03-23 16:42:07 ----D---- C:\Windows\Debug
2009-03-23 16:42:07 ----D---- C:\Windows\CSC
2009-03-23 16:40:23 ----D---- C:\Windows\Prefetch
2009-03-23 16:40:16 ----SHD---- C:\System Volume Information
2009-03-23 15:54:59 ----D---- C:\Users\Mario\AppData\Roaming\Identities
2009-03-23 15:54:21 ----SD---- C:\Users\Mario\AppData\Roaming\Microsoft
2009-03-23 15:54:21 ----D---- C:\Users\Mario\AppData\Roaming\Media Center Programs

======List of files/folders modified in the last 1 months======

2009-03-25 11:55:05 ----D---- C:\Windows\Temp
2009-03-25 11:53:59 ----RD---- C:\Program Files (x86)
2009-03-25 11:53:59 ----HD---- C:\ProgramData
2009-03-25 11:53:53 ----D---- C:\Windows\winsxs
2009-03-25 10:57:14 ----D---- C:\Windows\system32\drivers
2009-03-25 10:56:31 ----D---- C:\Windows\SysWOW64
2009-03-25 10:56:31 ----D---- C:\Windows\System32
2009-03-25 10:56:31 ----D---- C:\Windows
2009-03-25 10:24:44 ----SD---- C:\ProgramData\Microsoft
2009-03-25 03:18:12 ----D---- C:\Windows\inf
2009-03-25 03:12:19 ----D---- C:\Windows\rescache
2009-03-25 03:09:43 ----D---- C:\Windows\system32\wbem
2009-03-25 03:09:43 ----D---- C:\Windows\system32\migration
2009-03-25 03:09:43 ----D---- C:\Windows\system32\en-US
2009-03-25 03:09:43 ----D---- C:\Windows\servicing
2009-03-24 03:23:14 ----D---- C:\Program Files (x86)\Windows Mail
2009-03-24 03:23:13 ----D---- C:\Program Files (x86)\Common Files\System
2009-03-24 03:23:12 ----D---- C:\Windows\AppPatch
2009-03-24 03:23:11 ----D---- C:\Program Files (x86)\Internet Explorer
2009-03-24 00:57:47 ----D---- C:\Windows\Microsoft.NET
2009-03-24 00:57:43 ----RSD---- C:\Windows\assembly
2009-03-24 00:32:44 ----D---- C:\Program Files (x86)\Common Files\microsoft shared
2009-03-23 22:49:40 ----ASH---- C:\Program Files (x86)\desktop.ini
2009-03-23 22:44:38 ----D---- C:\Program Files (x86)\Windows Sidebar
2009-03-23 21:51:28 ----RSD---- C:\Windows\Fonts
2009-03-23 21:28:36 ----D---- C:\Windows\Tasks
2009-03-23 20:46:15 ----RD---- C:\Program Files
2009-03-23 20:44:52 ----D---- C:\Program Files (x86)\Common Files
2009-03-23 18:35:48 ----D---- C:\Windows\system32\zh-TW
2009-03-23 18:35:48 ----D---- C:\Windows\system32\zh-CN
2009-03-23 18:35:48 ----D---- C:\Windows\system32\sv-SE
2009-03-23 18:35:48 ----D---- C:\Windows\system32\ru-RU
2009-03-23 18:35:48 ----D---- C:\Windows\system32\pt-BR
2009-03-23 18:35:48 ----D---- C:\Windows\system32\pl-PL
2009-03-23 18:35:48 ----D---- C:\Windows\system32\nl-NL
2009-03-23 18:35:48 ----D---- C:\Windows\system32\nb-NO
2009-03-23 18:35:48 ----D---- C:\Windows\system32\ko-KR
2009-03-23 18:35:48 ----D---- C:\Windows\system32\ja-JP
2009-03-23 18:35:48 ----D---- C:\Windows\system32\it-IT
2009-03-23 18:35:48 ----D---- C:\Windows\system32\fr-FR
2009-03-23 18:35:48 ----D---- C:\Windows\system32\fi-FI
2009-03-23 18:35:48 ----D---- C:\Windows\system32\es-ES
2009-03-23 18:35:48 ----D---- C:\Windows\system32\de-DE
2009-03-23 18:35:48 ----D---- C:\Windows\system32\da-DK
2009-03-23 18:34:38 ----D---- C:\Windows\twain_32
2009-03-23 18:33:51 ----D---- C:\Windows\PolicyDefinitions
2009-03-23 18:26:33 ----D---- C:\Windows\Help
2009-03-23 18:13:42 ----D---- C:\Windows\Logs
2009-03-23 15:55:12 ----SHD---- C:\$Recycle.Bin
2009-03-23 15:54:21 ----RD---- C:\Users

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R1 CSC;Offline Files Driver; C:\Windows\system32\drivers\csc.sys []
R2 ASMMAP64;ASMMAP64; \??\C:\Program Files\ATKGFNEX\ASMMAP64.sys [2007-07-24 14904]
R2 avgntflt;avgntflt; C:\Windows\system32\DRIVERS\avgntflt.sys []
R2 ghaio;ghaio; \??\C:\Program Files\ASUS\NB Probe\SPM\ghaio.sys [2007-08-03 17464]
R2 rimmptsk;rimmptsk; C:\Windows\system32\DRIVERS\rimmpx64.sys []
R2 rimsptsk;rimsptsk; C:\Windows\system32\DRIVERS\rimspx64.sys []
R2 rismxdp;Ricoh xD-Picture Card Driver; C:\Windows\system32\DRIVERS\rixdpx64.sys []
R3 BthEnum;Bluetooth Enumerator Service; C:\Windows\system32\DRIVERS\BthEnum.sys []
R3 BthPan;Bluetooth Device (Personal Area Network); C:\Windows\system32\DRIVERS\bthpan.sys []
R3 BTHUSB;Bluetooth Radio USB Driver; C:\Windows\System32\Drivers\BTHUSB.sys []
R3 btwaudio;Bluetooth Audio Device Service; C:\Windows\system32\drivers\btwaudio.sys []
R3 btwavdt;Bluetooth AVDT; C:\Windows\system32\drivers\btwavdt.sys []
R3 btwl2cap;Bluetooth L2CAP Service; C:\Windows\system32\DRIVERS\btwl2cap.sys []
R3 btwrchid;btwrchid; C:\Windows\system32\DRIVERS\btwrchid.sys []
R3 CmBatt;Microsoft ACPI Control Method Battery Driver; C:\Windows\system32\DRIVERS\CmBatt.sys []
R3 GEARAspiWDM;GEAR ASPI Filter Driver; C:\Windows\system32\DRIVERS\GEARAspiWDM.sys []
R3 IntcAzAudAddService;Service for Realtek HD Audio (WDM); C:\Windows\system32\drivers\RTKVHD64.sys []
R3 itecir;ITECIR Infrared Receiver; C:\Windows\system32\DRIVERS\itecir.sys []
R3 kbfiltr;Keyboard Filter; C:\Windows\system32\DRIVERS\kbfiltr.sys []
R3 ksthunk;Kernel Streaming Thunks; C:\Windows\system32\drivers\ksthunk.sys []
R3 MTsensor;ATK0100 ACPI UTILITY; C:\Windows\system32\DRIVERS\ATK64AMD.sys []
R3 NETw5v64;Intel(R) Wireless WiFi Link Adapter Driver for Windows Vista 64 Bit ; C:\Windows\system32\DRIVERS\NETw5v64.sys []
R3 NVHDA;Service for NVIDIA High Definition Audio Driver; C:\Windows\system32\drivers\nvhda64v.sys []
R3 nvlddmkm;nvlddmkm; C:\Windows\system32\DRIVERS\nvlddmkm.sys []
R3 RFCOMM;Bluetooth Device (RFCOMM Protocol TDI); C:\Windows\system32\DRIVERS\rfcomm.sys []
R3 sdbus;sdbus; C:\Windows\system32\DRIVERS\sdbus.sys []
R3 SNP2UVC;USB2.0 PC Camera (SNP2UVC); C:\Windows\system32\DRIVERS\snp2uvc.sys []
R3 SynTP;Synaptics TouchPad Driver; C:\Windows\system32\DRIVERS\SynTP.sys []
R4 AvgTdiA;AVG Free8 Network Redirector x64; C:\Windows\System32\Drivers\avgtdia.sys []
S3 ASUSProcObsrv;ASUS Process Creation/Termination Observer; \??\G:\I386\AsPrOb64.sys []
S3 BTHPORT;Bluetooth Port Driver; C:\Windows\System32\Drivers\BTHport.sys []
S3 drmkaud;Microsoft Kernel DRM Audio Descrambler; C:\Windows\system32\drivers\drmkaud.sys []
S3 HdAudAddService;Microsoft 1.1 UAA Function Driver for High Definition Audio Service; C:\Windows\system32\drivers\HdAudio.sys []
S3 MSKSSRV;Microsoft Streaming Service Proxy; C:\Windows\system32\drivers\MSKSSRV.sys []
S3 MSPCLOCK;Microsoft Streaming Clock Proxy; C:\Windows\system32\drivers\MSPCLOCK.sys []
S3 MSPQM;Microsoft Streaming Quality Manager Proxy; C:\Windows\system32\drivers\MSPQM.sys []
S3 MSTEE;Microsoft Streaming Tee/Sink-to-Sink Converter; C:\Windows\system32\drivers\MSTEE.sys []
S3 RTL8169;Realtek 8169 NT Driver; C:\Windows\system32\DRIVERS\Rtlh64.sys []
S3 USBAAPL64;Apple Mobile USB Driver; C:\Windows\System32\Drivers\usbaapl64.sys []
S3 usbvideo;USB Video Device (WDM); C:\Windows\System32\Drivers\usbvideo.sys []
S3 WpdUsb;WpdUsb; C:\Windows\system32\DRIVERS\wpdusb.sys []
S3 WUDFRd;WUDFRd; C:\Windows\system32\DRIVERS\WUDFRd.sys []
S4 WmiAcpi;Microsoft Windows Management Interface for ACPI; C:\Windows\system32\drivers\wmiacpi.sys []

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 ADSMService;ADSM Service; C:\Program Files\ASUS\ASUS Data Security Manager\ADSMSrv.exe [2007-05-18 73728]
R2 AntiVirScheduler;Planificateur Avira AntiVir Personal - Free Antivirus; C:\Program Files (x86)\Avira\AntiVir PersonalEdition Classic\sched.exe [2008-10-15 68865]
R2 AntiVirService;Avira AntiVir Personal - Free Antivirus Guard; C:\Program Files (x86)\Avira\AntiVir PersonalEdition Classic\avguard.exe [2008-10-15 151297]
R2 Apple Mobile Device;Apple Mobile Device; C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe [2009-03-06 132424]
R2 ASLDRService;ASLDR Service; C:\Program Files (x86)\ATK Hotkey\ASLDRSrv.exe [2007-10-02 94208]
R2 ATKGFNEXSrv;ATKGFNEX Service; C:\Program Files\ATKGFNEX\GFNEXSrv.exe [2007-08-08 94208]
R2 Bonjour Service;Service Bonjour; C:\Program Files (x86)\Bonjour\mDNSResponder.exe [2008-12-12 238888]
R2 BthServ;@%SystemRoot%\System32\bthserv.dll,-101; C:\Windows\system32\svchost.exe [2006-11-02 22016]
R2 btwdins;Bluetooth Service; C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe [2008-04-10 794664]
R2 CscService;@%systemroot%\system32\cscsvc.dll,-200; C:\Windows\System32\svchost.exe [2006-11-02 22016]
R2 nvsvc;NVIDIA Display Driver Service; C:\Windows\system32\nvvsvc.exe []
R2 SBSDWSCService;SBSD Security Center Service; C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe [2009-01-26 1153368]
R2 spmgr;spmgr; C:\Program Files\ASUS\NB Probe\SPM\spmgr.exe [2007-08-03 125496]
R2 TuneUp.ProgramStatisticsSvc;@%SystemRoot%\System32\TUProgSt.exe,-1; C:\Windows\System32\TUProgSt.exe []
R2 UxTuneUp;@%SystemRoot%\System32\uxtuneup.dll,-4096; C:\Windows\System32\svchost.exe [2006-11-02 22016]
S3 AppMgmt;@appmgmts.dll,-3250; C:\Windows\system32\svchost.exe [2006-11-02 22016]
S3 clr_optimization_v2.0.50727_64;Microsoft .NET Framework NGEN v2.0.50727_X64; C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe [2009-03-23 93184]
S3 Fax;@%systemroot%\system32\fxsresm.dll,-118; C:\Windows\system32\fxssvc.exe []
S3 iPod Service;Service de l’iPod; C:\Program Files (x86)\iPod\bin\iPodService.exe [2009-03-12 656168]
S3 TuneUp.Defrag;@%SystemRoot%\System32\TuneUpDefragService.exe,-1; C:\Windows\System32\TuneUpDefragService.exe []
S3 UmRdpService;@%SystemRoot%\system32\umrdp.dll,-1000; C:\Windows\System32\svchost.exe [2006-11-02 22016]
S3 wbengine;@%systemroot%\system32\wbengine.exe,-104; C:\Windows\system32\wbengine.exe []

-----------------EOF-----------------

Info

Citation :

info.txt logfile of random's system information tool 1.06 2009-03-25 11:55:35

======Uninstall list======

Ad-Aware-->"C:\ProgramData\{7972B2E5-3E09-4E5E-81B7-FE5819D6772F}\Ad-AwareAE.exe" REMOVE=TRUE MODIFY=FALSE
Ad-Aware-->C:\ProgramData\{7972B2E5-3E09-4E5E-81B7-FE5819D6772F}\Ad-AwareAE.exe
Adobe Flash Player 10 Plugin-->C:\Windows\SysWOW64\Macromed\Flash\uninstall_plugin.exe
Adobe Reader 8.1.2-->MsiExec.exe /I{AC76BA86-7AD7-1033-7B44-A81200000003}
Apple Software Update-->MsiExec.exe /I{6956856F-B6B3-4BE0-BA0B-8F495BE32033}
Archiveur WinRAR-->C:\Program Files (x86)\WinRAR\uninstall.exe
Assistant de connexion Windows Live-->MsiExec.exe /I{DCE8CD14-FBF5-4464-B9A4-E18E473546C7}
ASUS CopyProtect-->C:\Program Files (x86)\InstallShield Installation Information\{2396F815-84E0-4353-83D7-8B190556DA42}\setup.EXE -runfromtemp -l0x0c0c -removeonly
ASUS Data Security Manager-->C:\Program Files (x86)\InstallShield Installation Information\{1C8521E5-5A7B-4A4E-A9CD-AD53116EAEE0}\Setup.exe -runfromtemp -l0x040c -removeonly
ASUS LifeFrame3-->MsiExec.exe /I{1DBD1F12-ED93-49C0-A7CC-56CBDE488158}
ASUS Live Update-->RunDll32 C:\PROGRA~2\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files (x86)\InstallShield Installation Information\{E657B243-9AD4-4ECC-BE81-4CCF8D667FD0}\Setup.exe" -l0x9
ASUS MultiFrame-->RunDll32 C:\PROGRA~2\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files (x86)\InstallShield Installation Information\{9D48531D-2135-49FC-BC29-ACCDA5396A76}\Setup.exe" -l0x9
ASUS SmartLogon-->MsiExec.exe /I{64452561-169F-4A36-A2FF-B5E118EC65F5}
ASUS Splendid Video Enhancement Technology-->C:\Program Files (x86)\InstallShield Installation Information\{C0FC1C14-4824-4A73-87A6-9E888C9C3102}\setup.EXE -runfromtemp -l0x0009 -removeonly
ASUS Virtual Camera-->MsiExec.exe /I{EC8BD21F-0CA0-4BBF-97D9-4A52B30041A1}
ATK Generic Function Service-->C:\Program Files (x86)\InstallShield Installation Information\{D3D54F3E-C5C3-443D-978F-87A72E5616E8}\Setup.exe -runfromtemp -l0x040c -removeonly
ATK Hotkey-->C:\Program Files (x86)\InstallShield Installation Information\{3912D529-02BC-4CA8-B5ED-0D0C20EB6003}\setup.exe -runfromtemp -l0x0c0c -removeonly
ATK Media-->RunDll32 C:\PROGRA~2\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files (x86)\InstallShield Installation Information\{139B0FFA-187E-4BA1-BCA6-6B56B2B6AB8C}\Setup.exe" -l0x9
ATKOSD2-->C:\Program Files (x86)\InstallShield Installation Information\{5C1DB4ED-E9B4-402D-BB14-D75D97D6C1A6}\Setup.exe -runfromtemp -l0x0009 -removeonly
Avira AntiVir Personal - Free Antivirus-->C:\Program Files (x86)\Avira\AntiVir PersonalEdition Classic\SETUP.EXE /REMOVE
CCleaner (remove only)-->"C:\Program Files (x86)\CCleaner\uninst.exe"
Choice Guard-->MsiExec.exe /I{8FFC5648-FAF8-43A3-BC8F-42BA1E275C4E}
Direct Console 2.0-->MsiExec.exe /I{BB4984EC-3640-43D7-A131-B6789F004DDB}
Express Gate-->MsiExec.exe /I{8448D435-7543-411F-A0CC-7AA40D815E8F}
GOM Player-->"C:\Program Files (x86)\GRETECH\GomPlayer\Uninstall.exe"
HijackThis 2.0.2-->"C:\Program Files (x86)\Trend Micro\HijackThis\HijackThis.exe" /uninstall
Installation Windows Live-->C:\Program Files (x86)\Windows Live\Installer\wlarp.exe
Installation Windows Live-->MsiExec.exe /I{7370DF47-B4F9-4279-BFC3-3F09919F720D}
ITECIR-->C:\Program Files (x86)\InstallShield Installation Information\{40580068-9B10-40B5-9548-536CE88AB23C}\setup.EXE -runfromtemp -l0x0c0c -removeonly
Messenger Plus! Live-->"C:\Program Files (x86)\Messenger Plus! Live\Uninstall.exe"
Microsoft Visual C++ 2005 Redistributable-->MsiExec.exe /X{7299052b-02a4-4627-81f2-1818da5d550d}
Mozilla Firefox (3.0.7)-->C:\Program Files (x86)\Mozilla Firefox\uninstall\helper.exe
MSVCRT-->MsiExec.exe /I{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}
Music AlarmClock v2.1.0-->RunDll32 C:\PROGRA~2\COMMON~1\INSTAL~1\PROFES~1\RunTime\10\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files (x86)\InstallShield Installation Information\{BEEB434F-CAFE-4708-BE3A-7C61587FA8C8}\setup.exe" -l0x9 -removeonly
NB Probe-->RunDll32 C:\PROGRA~2\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files (x86)\InstallShield Installation Information\{6324A1EF-CEF4-43E3-8BCD-9EF3F67317FD}\Setup.exe" -l0x9
Outil de téléchargement Windows Live-->MsiExec.exe /I{205C6BDD-7B73-42DE-8505-9A093F35A238}
Power4Gear eXtreme-->C:\Program Files (x86)\InstallShield Installation Information\{8CFEBE9C-F29F-4C49-80E0-7106970F8734}\Setup.exe -runfromtemp -l0x0c0c -removeonly
QuickTime-->MsiExec.exe /I{216AB108-2AE1-4130-B3D5-20B2C4C80F8F}
Realtek 8169 8168 8101E 8102E Ethernet Driver-->C:\Program Files (x86)\InstallShield Installation Information\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}\setup.exe -runfromtemp -l0x0c0c -removeonly
Realtek High Definition Audio Driver-->RunDll32 C:\PROGRA~2\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files (x86)\InstallShield Installation Information\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}\Setup.exe" -removeonly
RICOH R5C83x/84x Flash Media Controller Driver Ver.3.55.01-->RunDll32 C:\PROGRA~2\COMMON~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Program Files (x86)\InstallShield Installation Information\{59F6A514-9813-47A3-948C-8A155460CC2A}\setup.exe" -l0x40c anything
Security Update for CAPICOM (KB931906)-->MsiExec.exe /I{0EFDF2F9-836D-4EB7-A32D-038BD3F1FB2A}
Security Update for CAPICOM (KB931906)-->MsiExec.exe /X{0EFDF2F9-836D-4EB7-A32D-038BD3F1FB2A}
Skype™ 4.0-->MsiExec.exe /X{24D753CA-6AE9-4E30-8F5F-EFC93E08BF3D}
Spybot - Search & Destroy-->"C:\Program Files (x86)\Spybot - Search & Destroy\unins000.exe"
TuneUp Utilities 2009-->MsiExec.exe /I{55A29068-F2CE-456C-9148-C869879E2357}
Unlocker 1.8.7-->C:\Program Files (x86)\Unlocker\uninst.exe
Visual C++ 2008 x86 Runtime - (v9.0.30729)-->MsiExec.exe /X{F333A33D-125C-32A2-8DCE-5C5D14231E27}
Visual C++ 2008 x86 Runtime - v9.0.30729.01-->C:\Windows\SysWOW64\msiexec.exe /x {F333A33D-125C-32A2-8DCE-5C5D14231E27} /qb+ REBOOTPROMPT=""
Visual C++ 8.0 Runtime Setup Package (x64)-->MsiExec.exe /I{021C4C4F-C93C-4425-BFFD-C2D16776BFAE}
Winamp-->"C:\Program Files (x86)\Winamp\UninstWA.exe"
Windows Live Call-->MsiExec.exe /I{82C7B308-0BDD-49D8-8EA5-9CD3A3F9DF41}
Windows Live Communications Platform-->MsiExec.exe /I{3B4E636E-9D65-4D67-BA61-189800823F52}
Windows Live Messenger-->MsiExec.exe /X{059C042E-796A-4ACC-A81A-ECC2010BB78C}
WinFlash-->RunDll32 C:\PROGRA~2\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files (x86)\InstallShield Installation Information\{DE10AB76-4756-4913-BE25-55D1C1051F9A}\Setup.exe" -l0x9
Wireless Console 2-->C:\Program Files (x86)\InstallShield Installation Information\{83F73CB1-7705-49D1-9852-84D839CA2A45}\Setup.exe -runfromtemp -l0x040c -removeonly

======Security center information======

AV: Avira AntiVir PersonalEdition Classic
AS: Spybot - Search and Destroy
AS: Windows Defender

======System event log======

Computer Name: Mario-PC
Event Code: 3004
Message: Windows Defender Real-Time Protection agent has detected changes. Microsoft recommends you analyze the software that made these changes for potential risks. You can use information about how these programs operate to choose whether to allow them to run or remove them from your computer. Allow changes only if you trust the program or the software publisher. Windows Defender can't undo changes that you allow.
For more information please see the following:
Not Applicable
Scan ID: {DC4D3859-FC15-4B37-9F2B-1724EF957868}
User: Mario-PC\Mario
Name: Unknown
ID:
Severity ID:
Category ID:
Path Found: regkey:HKCU@S-1-5-21-2152431541-39022245-1922293204-1000\Software\Microsoft\Windows\CurrentVersion\Run\\BuildCorn;runkey:HKCU@S-1-5-21-2152431541-39022245-1922293204-1000\Software\Microsoft\Windows\CurrentVersion\Run\\BuildCorn;file:C:\ProgramData\Heck Gram Gram.mui999
Alert Type: Unclassified software
Detection Type:
Record Number: 22291
Source Name: Microsoft-Windows-Windows Defender
Time Written: 20090325145953.000000-000
Event Type: Warning
User:

Computer Name: Mario-PC
Event Code: 3004
Message: Windows Defender Real-Time Protection agent has detected changes. Microsoft recommends you analyze the software that made these changes for potential risks. You can use information about how these programs operate to choose whether to allow them to run or remove them from your computer. Allow changes only if you trust the program or the software publisher. Windows Defender can't undo changes that you allow.
For more information please see the following:
Not Applicable
Scan ID: {9301542F-781D-44A3-AC3F-2DF67B7439A1}
User: Mario-PC\Mario
Name: Unknown
ID:
Severity ID:
Category ID:
Path Found: regkey:HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\RunOnce\\MessengerPlusLiveUninstall;runonce:HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\RunOnce\\MessengerPlusLiveUninstall;file:C:\Users\Mario\AppData\Local\Temp\MsgPlusUninstall.exe
Alert Type: Unclassified software
Detection Type:
Record Number: 22307
Source Name: Microsoft-Windows-Windows Defender
Time Written: 20090325151955.000000-000
Event Type: Warning
User:

Computer Name: Mario-PC
Event Code: 3004
Message: Windows Defender Real-Time Protection agent has detected changes. Microsoft recommends you analyze the software that made these changes for potential risks. You can use information about how these programs operate to choose whether to allow them to run or remove them from your computer. Allow changes only if you trust the program or the software publisher. Windows Defender can't undo changes that you allow.
For more information please see the following:
Not Applicable
Scan ID: {101B6398-7C62-421D-8DC5-8E13558DCBC3}
User: Mario-PC\Mario
Name: Unknown
ID:
Severity ID:
Category ID:
Path Found: regkey:HKCU@S-1-5-21-2152431541-39022245-1922293204-1000\Software\Microsoft\Windows\CurrentVersion\Run\\BuildCorn;runkey:HKCU@S-1-5-21-2152431541-39022245-1922293204-1000\Software\Microsoft\Windows\CurrentVersion\Run\\BuildCorn;file:C:\ProgramData\Heck Gram Gram.b8fqblz
Alert Type: Unclassified software
Detection Type:
Record Number: 22311
Source Name: Microsoft-Windows-Windows Defender
Time Written: 20090325152148.000000-000
Event Type: Warning
User:

Computer Name: Mario-PC
Event Code: 3004
Message: Windows Defender Real-Time Protection agent has detected changes. Microsoft recommends you analyze the software that made these changes for potential risks. You can use information about how these programs operate to choose whether to allow them to run or remove them from your computer. Allow changes only if you trust the program or the software publisher. Windows Defender can't undo changes that you allow.
For more information please see the following:
Not Applicable
Scan ID: {B392261B-4890-4C52-945F-338D5B1A80C1}
User: Mario-PC\Mario
Name: Unknown
ID:
Severity ID:
Category ID:
Path Found: regkey:HKCU@S-1-5-21-2152431541-39022245-1922293204-1000\Software\Microsoft\Windows\CurrentVersion\Run\\BuildCorn;runkey:HKCU@S-1-5-21-2152431541-39022245-1922293204-1000\Software\Microsoft\Windows\CurrentVersion\Run\\BuildCorn;file:C:\ProgramData\Heck Gram Gram.mui999
Alert Type: Unclassified software
Detection Type:
Record Number: 22317
Source Name: Microsoft-Windows-Windows Defender
Time Written: 20090325152816.000000-000
Event Type: Warning
User:

Computer Name: Mario-PC
Event Code: 3004
Message: Windows Defender Real-Time Protection agent has detected changes. Microsoft recommends you analyze the software that made these changes for potential risks. You can use information about how these programs operate to choose whether to allow them to run or remove them from your computer. Allow changes only if you trust the program or the software publisher. Windows Defender can't undo changes that you allow.
For more information please see the following:
Not Applicable
Scan ID: {5251334B-3B82-40C8-9E70-8AE3DE4F5A10}
User: Mario-PC\Mario
Name: Unknown
ID:
Severity ID:
Category ID:
Path Found: regkey:HKCU@S-1-5-21-2152431541-39022245-1922293204-1000\Software\Microsoft\Windows\CurrentVersion\Run\\BuildCorn;runkey:HKCU@S-1-5-21-2152431541-39022245-1922293204-1000\Software\Microsoft\Windows\CurrentVersion\Run\\BuildCorn;file:C:\ProgramData\Heck Gram Gram.7cyil
Alert Type: Unclassified software
Detection Type:
Record Number: 22324
Source Name: Microsoft-Windows-Windows Defender
Time Written: 20090325154352.000000-000
Event Type: Warning
User:

=====Application event log=====

Computer Name: Mario-PC
Event Code: 2004
Message: Usbperf data collection failed. Collect function called with usupported Query Type.
Record Number: 1275
Source Name: usbperf
Time Written: 20090325152453.000000-000
Event Type: Error
User:

Computer Name: Mario-PC
Event Code: 2004
Message: Usbperf data collection failed. Collect function called with usupported Query Type.
Record Number: 1276
Source Name: usbperf
Time Written: 20090325153254.000000-000
Event Type: Error
User:

Computer Name: Mario-PC
Event Code: 2004
Message: Usbperf data collection failed. Collect function called with usupported Query Type.
Record Number: 1277
Source Name: usbperf
Time Written: 20090325154054.000000-000
Event Type: Error
User:

Computer Name: Mario-PC
Event Code: 2004
Message: Usbperf data collection failed. Collect function called with usupported Query Type.
Record Number: 1278
Source Name: usbperf
Time Written: 20090325154854.000000-000
Event Type: Error
User:

Computer Name: Mario-PC
Event Code: 0
Message:
Record Number: 1291
Source Name: Lavasoft Ad-Aware Service
Time Written: 20090325155441.000000-000
Event Type: Error
User:

=====Security event log=====

Computer Name: Mario-PC
Event Code: 4624
Message: An account was successfully logged on.

Subject:
Security ID: S-1-5-18
Account Name: MARIO-PC$
Account Domain: WORKGROUP
Logon ID: 0x3e7

Logon Type: 5

New Logon:
Security ID: S-1-5-18
Account Name: SYSTEM
Account Domain: NT AUTHORITY
Logon ID: 0x3e7
Logon GUID: {00000000-0000-0000-0000-000000000000}

Process Information:
Process ID: 0x2fc
Process Name: C:\Windows\System32\services.exe

Network Information:
Workstation Name:
Source Network Address: -
Source Port: -

Detailed Authentication Information:
Logon Process: Advapi
Authentication Package: Negotiate
Transited Services: -
Package Name (NTLM only): -
Key Length: 0

This event is generated when a logon session is created. It is generated on the computer that was accessed.

The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe.

The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network).

The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on.

The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases.

The authentication information fields provide detailed information about this specific logon request.
- Logon GUID is a unique identifier that can be used to correlate this event with a KDC event.
- Transited services indicate which intermediate services have participated in this logon request.
- Package name indicates which sub-protocol was used among the NTLM protocols.
- Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
Record Number: 2738
Source Name: Microsoft-Windows-Security-Auditing
Time Written: 20090325155256.636667-000
Event Type: Audit Success
User:

Computer Name: Mario-PC
Event Code: 4672
Message: Special privileges assigned to new logon.

Subject:
Security ID: S-1-5-18
Account Name: SYSTEM
Account Domain: NT AUTHORITY
Logon ID: 0x3e7

Privileges: SeAssignPrimaryTokenPrivilege
SeTcbPrivilege
SeSecurityPrivilege
SeTakeOwnershipPrivilege
SeLoadDriverPrivilege
SeBackupPrivilege
SeRestorePrivilege
SeDebugPrivilege
SeAuditPrivilege
SeSystemEnvironmentPrivilege
SeImpersonatePrivilege
Record Number: 2739
Source Name: Microsoft-Windows-Security-Auditing
Time Written: 20090325155256.636667-000
Event Type: Audit Success
User:

Computer Name: Mario-PC
Event Code: 4648
Message: A logon was attempted using explicit credentials.

Subject:
Security ID: S-1-5-18
Account Name: MARIO-PC$
Account Domain: WORKGROUP
Logon ID: 0x3e7
Logon GUID: {00000000-0000-0000-0000-000000000000}

Account Whose Credentials Were Used:
Account Name: SYSTEM
Account Domain: NT AUTHORITY
Logon GUID: {00000000-0000-0000-0000-000000000000}

Target Server:
Target Server Name: localhost
Additional Information: localhost

Process Information:
Process ID: 0x2fc
Process Name: C:\Windows\System32\services.exe

Network Information:
Network Address: -
Port: -

This event is generated when a process attempts to log on an account by explicitly specifying that account’s credentials. This most commonly occurs in batch-type configurations such as scheduled tasks, or when using the RUNAS command.
Record Number: 2740
Source Name: Microsoft-Windows-Security-Auditing
Time Written: 20090325155312.252267-000
Event Type: Audit Success
User:

Computer Name: Mario-PC
Event Code: 4624
Message: An account was successfully logged on.

Subject:
Security ID: S-1-5-18
Account Name: MARIO-PC$
Account Domain: WORKGROUP
Logon ID: 0x3e7

Logon Type: 5

New Logon:
Security ID: S-1-5-18
Account Name: SYSTEM
Account Domain: NT AUTHORITY
Logon ID: 0x3e7
Logon GUID: {00000000-0000-0000-0000-000000000000}

Process Information:
Process ID: 0x2fc
Process Name: C:\Windows\System32\services.exe

Network Information:
Workstation Name:
Source Network Address: -
Source Port: -

Detailed Authentication Information:
Logon Process: Advapi
Authentication Package: Negotiate
Transited Services: -
Package Name (NTLM only): -
Key Length: 0

This event is generated when a logon session is created. It is generated on the computer that was accessed.

The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe.

The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network).

The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on.

The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases.

The authentication information fields provide detailed information about this specific logon request.
- Logon GUID is a unique identifier that can be used to correlate this event with a KDC event.
- Transited services indicate which intermediate services have participated in this logon request.
- Package name indicates which sub-protocol was used among the NTLM protocols.
- Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
Record Number: 2741
Source Name: Microsoft-Windows-Security-Auditing
Time Written: 20090325155312.252267-000
Event Type: Audit Success
User:

Computer Name: Mario-PC
Event Code: 4672
Message: Special privileges assigned to new logon.

Subject:
Security ID: S-1-5-18
Account Name: SYSTEM
Account Domain: NT AUTHORITY
Logon ID: 0x3e7

Privileges: SeAssignPrimaryTokenPrivilege
SeTcbPrivilege
SeSecurityPrivilege
SeTakeOwnershipPrivilege
SeLoadDriverPrivilege
SeBackupPrivilege
SeRestorePrivilege
SeDebugPrivilege
SeAuditPrivilege
SeSystemEnvironmentPrivilege
SeImpersonatePrivilege
Record Number: 2742
Source Name: Microsoft-Windows-Security-Auditing
Time Written: 20090325155312.252267-000
Event Type: Audit Success
User:

======Environment variables======

"ComSpec"=%SystemRoot%\system32\cmd.exe
"FP_NO_HOST_CHECK"=NO
"OS"=Windows_NT
"Path"=%SystemRoot%\system32;%SystemRoot%;%SystemRoot%\System32\Wbem;C:\Program Files (x86)\QuickTime\QTSystem\
"PATHEXT"=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH;.MSC
"PROCESSOR_ARCHITECTURE"=AMD64
"TEMP"=%SystemRoot%\TEMP
"TMP"=%SystemRoot%\TEMP
"USERNAME"=SYSTEM
"windir"=%SystemRoot%
"PROCESSOR_LEVEL"=6
"PROCESSOR_IDENTIFIER"=EM64T Family 6 Model 23 Stepping 6, GenuineIntel
"PROCESSOR_REVISION"=1706
"NUMBER_OF_PROCESSORS"=2
"CLASSPATH"=.;C:\Program Files (x86)\QuickTime\QTSystem\QTJava.zip
"QTJAVA"=C:\Program Files (x86)\QuickTime\QTSystem\QTJava.zip

-----------------EOF-----------------

| Alerter

Répondre à Keitaro974

Destrio5

25 Mars 2009 16:01:27

Désactive l'UAC le temps de la désinfection.

Télécharge Lop S&D sur ton Bureau.

Double-clique dessus pour lancer l'installation.

Clique droit sur le raccourci Lop S&D présent sur ton Bureau et choisis Exécuter en tant qu'administrateur.

Sélectionne la langue souhaitée, puis choisis l'option 1 (Recherche) .

Patiente jusqu'à la fin du scan.

Poste le rapport généré (C:\lopR.txt).

| Alerter

Répondre à Destrio5

Keitaro974

25 Mars 2009 18:22:18

Lop S&D plante à chaque fois que je tente de faire la recherche !

| Alerter

Répondre à Keitaro974

Destrio5

25 Mars 2009 19:26:20

UAC est bien désactivé et Lop S&D est bien exécuté en tant qu'administrateur ?

| Alerter

Répondre à Destrio5

Keitaro974

25 Mars 2009 20:06:19

Oui oui j'ai tous suivit à la lettre !

| Alerter

Répondre à Keitaro974

Destrio5

25 Mars 2009 20:09:20

Télécharge OTMoveIt3 (OldTimer) sur ton Bureau.

Clique droit sur OTMoveIt3.exe et choisis Exécuter en tant qu'administrateur.

Copie (Ctrl+C) le texte suivant ci-dessous :

:processes
explorer.exe

:files
C:\ProgramData\Heck Gram Gram.7cyil
C:\ProgramData\dog chic settings.sxt8ilh
C:\ProgramData\creativebalm
C:\ProgramData\beep axis mode free

:reg
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"BuildCorn"=-
"MODE FREE BIRD SURF"=-

:commands
[purity]
[emptytemp]
[reboot]

Colle (Ctrl+V) le texte précédemment copié dans le cadre Paste Instructions for Items to be Moved.

Clique maintenant sur le bouton MoveIt! puis ferme OTMoveIt3.

---> Si un fichier ou dossier ne peut pas être supprimé immédiatement, le logiciel te demandera de redémarrer.
Accepte en cliquant sur YES.

Poste le rapport situé dans ce dossier : C:\_OTMoveIt\MovedFiles\
---> Le nom du rapport correspond au moment de sa création : date_heure.log

| Alerter

Répondre à Destrio5

Keitaro974

25 Mars 2009 20:59:43

========== PROCESSES ==========
Unable to kill process: explorer.exe
========== FILES ==========
C:\ProgramData\Heck Gram Gram.7cyil moved successfully.
C:\ProgramData\dog chic settings.sxt8ilh moved successfully.
C:\ProgramData\creativebalm moved successfully.
C:\ProgramData\beep axis mode free moved successfully.
========== REGISTRY ==========
Registry value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\BuildCorn deleted successfully.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\MODE FREE BIRD SURF deleted successfully.
========== COMMANDS ==========
File delete failed. C:\Users\Mario\AppData\Local\Temp\FXSAPIDebugLogFile.txt scheduled to be deleted on reboot.
File delete failed. C:\Users\Mario\AppData\Local\Temp\ppcrlui_3304_2 scheduled to be deleted on reboot.
User's Temp folder emptied.
User's Temporary Internet Files folder emptied.
User's Internet Explorer cache folder emptied.
Local Service Temp folder emptied.
Local Service Temporary Internet Files folder emptied.
Windows Temp folder emptied.
FireFox cache emptied.
Temp folders emptied.

Voila :

OTMoveIt3 by OldTimer - Version 1.0.9.0 log created on 03252009_162312

Files moved on Reboot...
C:\Users\Mario\AppData\Local\Temp\FXSAPIDebugLogFile.txt moved successfully.
C:\Users\Mario\AppData\Local\Temp\ppcrlui_3304_2 moved successfully.

| Alerter

Répondre à Keitaro974

Destrio5

25 Mars 2009 21:07:08

Mets à jour Adobe Reader.

Installe le SP1.

Refais un scan RSIT et poste le rapport log.

| Alerter

Répondre à Destrio5

Keitaro974

26 Mars 2009 14:46:21

C'est fait :

Citation :

Logfile of random's system information tool 1.06 (written by random/random)
Run by Mario at 2009-03-26 10:43:19
Microsoft® Windows Vista™ Édition Intégrale Service Pack 1
System drive C: has 66 GB (62%) free of 105 GB
Total RAM: 4094 MB (59% free)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 10:43:20, on 2009-03-26
Platform: Windows Vista SP1 (WinNT 6.00.1905)
MSIE: Internet Explorer v7.00 (7.00.6001.18000)
Boot mode: Normal

Running processes:
C:\Program Files (x86)\ASUS\SmartLogon\sensorsrv.exe
C:\Program Files (x86)\ASUS\Direct Console\DCHelper.exe
C:\Program Files (x86)\ASUS\ASUS Live Update\ALU.exe
C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files (x86)\Switcher\Switcher.exe
C:\Program Files\ATKOSD2\ATKOSD2.exe
C:\Program Files (x86)\ASUS\ATK Media\DMedia.exe
C:\Program Files (x86)\ASUS\Direct Console\Direct Console.exe
C:\Program Files (x86)\Avira\AntiVir PersonalEdition Classic\avgnt.exe
C:\Program Files (x86)\Lavasoft\Ad-Aware\AAWTray.exe
C:\Program Files (x86)\Adobe\Reader 9.0\Reader\reader_sl.exe
C:\Users\Mario\Desktop\RSIT.exe
C:\Program Files (x86)\Trend Micro\HijackThis\Mario.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
F2 - REG:system.ini: UserInit=userinit.exe
O1 - Hosts: ::1 localhost
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files (x86)\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O4 - HKLM\..\Run: [ATKOSD2] "C:\Program Files\ATKOSD2\ATKOSD2.exe"
O4 - HKLM\..\Run: [ATKMEDIA] "C:\Program Files (x86)\ASUS\ATK Media\DMEDIA.EXE"
O4 - HKLM\..\Run: [DirectConsole2] C:\Program Files (x86)\ASUS\Direct Console\Direct Console.exe
O4 - HKLM\..\Run: [avgnt] "C:\Program Files (x86)\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min
O4 - HKLM\..\Run: [Ad-Watch] "C:\Program Files (x86)\Lavasoft\Ad-Aware\AAWTray.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [Switcher] "C:\Program Files (x86)\Switcher\Switcher.exe" /quiet
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE')
O4 - Global Startup: Bluetooth.lnk = ?
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files (x86)\Spybot - Search & Destroy\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files (x86)\Spybot - Search & Destroy\SDHelper.dll
O13 - Gopher Prefix:
O23 - Service: ADSM Service (ADSMService) - Unknown owner - C:\Program Files\ASUS\ASUS Data Security Manager\ADSMSrv.exe
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
O23 - Service: Planificateur Avira AntiVir Personal - Free Antivirus (AntiVirScheduler) - Avira GmbH - C:\Program Files (x86)\Avira\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: Avira AntiVir Personal - Free Antivirus Guard (AntiVirService) - Avira GmbH - C:\Program Files (x86)\Avira\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: ASLDR Service (ASLDRService) - Unknown owner - C:\Program Files (x86)\ATK Hotkey\ASLDRSrv.exe
O23 - Service: ATKGFNEX Service (ATKGFNEXSrv) - Unknown owner - C:\Program Files\ATKGFNEX\GFNEXSrv.exe
O23 - Service: Service Bonjour (Bonjour Service) - Apple Inc. - C:\Program Files (x86)\Bonjour\mDNSResponder.exe
O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
O23 - Service: @dfsrres.dll,-101 (DFSR) - Unknown owner - C:\Windows\system32\DFSR.exe (file missing)
O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing)
O23 - Service: Service de l’iPod (iPod Service) - Apple Inc. - C:\Program Files (x86)\iPod\bin\iPodService.exe
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: Lavasoft Ad-Aware Service - Lavasoft - C:\Program Files (x86)\Lavasoft\Ad-Aware\AAWService.exe
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: NVIDIA Display Driver Service (nvsvc) - Unknown owner - C:\Windows\system32\nvvsvc.exe (file missing)
O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: SBSD Security Center Service (SBSDWSCService) - Safer Networking Ltd. - C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe
O23 - Service: @%SystemRoot%\system32\SLsvc.exe,-101 (slsvc) - Unknown owner - C:\Windows\system32\SLsvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)
O23 - Service: spmgr - Unknown owner - C:\Program Files\ASUS\NB Probe\SPM\spmgr.exe
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
O23 - Service: @%SystemRoot%\System32\TuneUpDefragService.exe,-1 (TuneUp.Defrag) - Unknown owner - C:\Windows\System32\TuneUpDefragService.exe (file missing)
O23 - Service: @%SystemRoot%\System32\TUProgSt.exe,-1 (TuneUp.ProgramStatisticsSvc) - Unknown owner - C:\Windows\System32\TUProgSt.exe (file missing)
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%ProgramFiles%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)

--
End of file - 8219 bytes

======Scheduled tasks folder======

C:\Windows\tasks\Ad-Aware Update (Weekly).job
C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-2152431541-39022245-1922293204-1000.job
C:\Windows\tasks\Maintenance en 1 clic.job

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{18DF081C-E8AD-4283-A596-FA578C2EBDC3}]
Adobe PDF Link Helper - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2009-02-27 75128]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{53707962-6F74-2D53-2644-206D7942484F}]
Spybot-S&D IE Protection - C:\Program Files (x86)\Spybot - Search & Destroy\SDHelper.dll [2009-01-26 1879896]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9030D464-4C02-4ABF-8ECC-5164760863C6}]
Programme d'aide de l'Assistant de connexion Windows Live - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2009-01-22 408448]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"ATKOSD2"=C:\Program Files\ATKOSD2\ATKOSD2.exe [2008-01-23 7766016]
"ATKMEDIA"=C:\Program Files (x86)\ASUS\ATK Media\DMEDIA.EXE [2006-11-02 61440]
"DirectConsole2"=C:\Program Files (x86)\ASUS\Direct Console\Direct Console.exe [2008-06-06 2701880]
"avgnt"=C:\Program Files (x86)\Avira\AntiVir PersonalEdition Classic\avgnt.exe [2008-06-12 266497]
"Ad-Watch"=C:\Program Files (x86)\Lavasoft\Ad-Aware\AAWTray.exe [2009-03-09 515416]
"Adobe Reader Speed Launcher"=C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe [2009-02-27 35696]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"=C:\Program Files\Windows Sidebar\sidebar.exe [2008-01-19 1555968]
"SpybotSD TeaTimer"=C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe [2009-01-26 2144088]
"Switcher"=C:\Program Files (x86)\Switcher\Switcher.exe [2007-10-28 425984]

C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup
Bluetooth.lnk - C:\Program Files (x86)\WIDCOMM\Bluetooth Software\BTTray.exe

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lavasoft Ad-Aware Service]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\Lavasoft Ad-Aware Service]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"EnableLUA"=0
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1
"EnableUIADesktopToggle"=0

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoActiveDesktop"=
"NoActiveDesktopChanges"=
"ForceActiveDesktopOn"=

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{747f474e-17f8-11de-ac1d-806e6f6e6963}]
shell\AutoRun\command - G:\setup.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{cb938c1f-17ea-11de-9b5b-806e6f6e6963}]
shell\AutoRun\command - G:\setup.exe

======List of files/folders created in the last 1 months======

2009-03-25 22:38:03 ----D---- C:\CS3
2009-03-25 20:35:10 ----D---- C:\Users\Mario\AppData\Roaming\Bao_Nguyen
2009-03-25 20:34:18 ----A---- C:\Windows\system32\MediaMetadataHandler.dll
2009-03-25 20:34:18 ----A---- C:\Windows\system32\mdminst.dll
2009-03-25 20:34:18 ----A---- C:\Windows\system32\mcbuilder.exe
2009-03-25 20:34:18 ----A---- C:\Windows\system32\makecab.exe
2009-03-25 20:34:18 ----A---- C:\Windows\system32\luainstall.dll
2009-03-25 20:34:18 ----A---- C:\Windows\system32\lsmproxy.dll
2009-03-25 20:34:18 ----A---- C:\Windows\system32\lsm.exe
2009-03-25 20:34:17 ----A---- C:\Windows\system32\MFWMAAEC.DLL
2009-03-25 20:34:17 ----A---- C:\Windows\system32\mfvdsp.dll
2009-03-25 20:34:17 ----A---- C:\Windows\system32\mfplat.dll
2009-03-25 20:34:17 ----A---- C:\Windows\system32\mfcsubs.dll
2009-03-25 20:34:17 ----A---- C:\Windows\system32\mfc42u.dll
2009-03-25 20:34:16 ----A---- C:\Windows\system32\mfc42.dll
2009-03-25 20:34:16 ----A---- C:\Windows\system32\L2SecHC.dll
2009-03-25 20:34:16 ----A---- C:\Windows\system32\l2nacp.dll
2009-03-25 20:34:16 ----A---- C:\Windows\system32\l2gpstore.dll
2009-03-25 20:34:16 ----A---- C:\Windows\system32\ktmw32.dll
2009-03-25 20:34:16 ----A---- C:\Windows\system32\ktmutil.exe
2009-03-25 20:34:16 ----A---- C:\Windows\system32\korwbrkr.dll
2009-03-25 20:34:16 ----A---- C:\Windows\system32\keymgr.dll
2009-03-25 20:34:16 ----A---- C:\Windows\system32\kernel32.dll
2009-03-25 20:34:16 ----A---- C:\Windows\system32\kerberos.dll
2009-03-25 20:34:16 ----A---- C:\Windows\system32\KBDKOR.DLL
2009-03-25 20:34:16 ----A---- C:\Windows\system32\KBDJPN.DLL
2009-03-25 20:34:16 ----A---- C:\Windows\system32\jscript.dll
2009-03-25 20:34:15 ----A---- C:\Windows\system32\MP3DMOD.DLL
2009-03-25 20:34:15 ----A---- C:\Windows\system32\mountvol.exe
2009-03-25 20:34:15 ----A---- C:\Windows\system32\lpk.dll
2009-03-25 20:34:15 ----A---- C:\Windows\system32\LogonUI.exe
2009-03-25 20:34:15 ----A---- C:\Windows\system32\logman.exe
2009-03-25 20:34:15 ----A---- C:\Windows\system32\loghours.dll
2009-03-25 20:34:15 ----A---- C:\Windows\system32\lodctr.exe
2009-03-25 20:34:15 ----A---- C:\Windows\system32\localui.dll
2009-03-25 20:34:15 ----A---- C:\Windows\system32\localspl.dll
2009-03-25 20:34:15 ----A---- C:\Windows\system32\localsec.dll
2009-03-25 20:34:15 ----A---- C:\Windows\system32\loadperf.dll
2009-03-25 20:34:15 ----A---- C:\Windows\system32\lnkstub.exe
2009-03-25 20:34:15 ----A---- C:\Windows\system32\licmgr10.dll
2009-03-25 20:34:14 ----A---- C:\Windows\system32\MPG4DECD.DLL
2009-03-25 20:34:14 ----A---- C:\Windows\system32\MP4SDECD.DLL
2009-03-25 20:34:14 ----A---- C:\Windows\system32\MP43DECD.DLL
2009-03-25 20:34:14 ----A---- C:\Windows\system32\modemui.dll
2009-03-25 20:34:14 ----A---- C:\Windows\system32\mobsync.exe
2009-03-25 20:34:14 ----A---- C:\Windows\system32\MMDevAPI.dll
2009-03-25 20:34:14 ----A---- C:\Windows\system32\mmcshext.dll
2009-03-25 20:34:14 ----A---- C:\Windows\system32\mmcndmgr.dll
2009-03-25 20:34:13 ----A---- C:\Windows\system32\msacm32.dll
2009-03-25 20:34:13 ----A---- C:\Windows\system32\MSAC3ENC.DLL
2009-03-25 20:34:13 ----A---- C:\Windows\system32\msaatext.dll
2009-03-25 20:34:13 ----A---- C:\Windows\system32\mprmsg.dll
2009-03-25 20:34:13 ----A---- C:\Windows\system32\mprdim.dll
2009-03-25 20:34:13 ----A---- C:\Windows\system32\mprddm.dll
2009-03-25 20:34:13 ----A---- C:\Windows\system32\mprapi.dll
2009-03-25 20:34:13 ----A---- C:\Windows\system32\mpr.dll
2009-03-25 20:34:11 ----A---- C:\Windows\system32\mmcbase.dll
2009-03-25 20:34:11 ----A---- C:\Windows\system32\mmc.exe
2009-03-25 20:34:11 ----A---- C:\Windows\system32\mlang.dll
2009-03-25 20:34:11 ----A---- C:\Windows\system32\mimefilt.dll
2009-03-25 20:34:11 ----A---- C:\Windows\system32\milcore.dll
2009-03-25 20:34:10 ----A---- C:\Windows\system32\migisol.dll
2009-03-25 20:34:09 ----A---- C:\Windows\system32\MigAutoPlay.exe
2009-03-25 20:34:09 ----A---- C:\Windows\system32\midimap.dll
2009-03-25 20:34:09 ----A---- C:\Windows\system32\iernonce.dll
2009-03-25 20:34:09 ----A---- C:\Windows\system32\iepeers.dll
2009-03-25 20:34:09 ----A---- C:\Windows\system32\ieencode.dll
2009-03-25 20:34:08 ----A---- C:\Windows\system32\iexpress.exe
2009-03-25 20:34:08 ----A---- C:\Windows\system32\iesetup.dll
2009-03-25 20:34:08 ----A---- C:\Windows\system32\iedkcs32.dll
2009-03-25 20:34:08 ----A---- C:\Windows\system32\ieapfltr.dll
2009-03-25 20:34:08 ----A---- C:\Windows\system32\ieaksie.dll
2009-03-25 20:34:08 ----A---- C:\Windows\system32\ieakeng.dll
2009-03-25 20:34:08 ----A---- C:\Windows\system32\ie4uinit.exe
2009-03-25 20:34:08 ----A---- C:\Windows\system32\idndl.dll
2009-03-25 20:34:08 ----A---- C:\Windows\system32\icsunattend.exe
2009-03-25 20:34:08 ----A---- C:\Windows\system32\icsfiltr.dll
2009-03-25 20:34:08 ----A---- C:\Windows\system32\icm32.dll
2009-03-25 20:34:08 ----A---- C:\Windows\system32\icardres.dll
2009-03-25 20:34:07 ----A---- C:\Windows\system32\ifsutil.dll
2009-03-25 20:34:07 ----A---- C:\Windows\system32\ifmon.dll
2009-03-25 20:34:06 ----A---- C:\Windows\system32\icardie.dll
2009-03-25 20:34:06 ----A---- C:\Windows\system32\icardagt.exe
2009-03-25 20:34:06 ----A---- C:\Windows\system32\icacls.exe
2009-03-25 20:34:06 ----A---- C:\Windows\system32\iasrad.dll
2009-03-25 20:34:06 ----A---- C:\Windows\system32\iaspolcy.dll
2009-03-25 20:34:06 ----A---- C:\Windows\system32\iasnap.dll
2009-03-25 20:34:06 ----A---- C:\Windows\system32\IasMigPlugin.dll
2009-03-25 20:34:05 ----A---- C:\Windows\system32\inseng.dll
2009-03-25 20:34:05 ----A---- C:\Windows\system32\input.dll
2009-03-25 20:34:05 ----A---- C:\Windows\system32\InkEd.dll
2009-03-25 20:34:05 ----A---- C:\Windows\system32\iassvcs.dll
2009-03-25 20:34:05 ----A---- C:\Windows\system32\iassdo.dll
2009-03-25 20:34:05 ----A---- C:\Windows\system32\iassam.dll
2009-03-25 20:34:05 ----A---- C:\Windows\system32\iasrecst.dll
2009-03-25 20:34:05 ----A---- C:\Windows\system32\iashost.exe
2009-03-25 20:34:05 ----A---- C:\Windows\system32\iashlpr.dll
2009-03-25 20:34:05 ----A---- C:\Windows\system32\iasdatastore.dll
2009-03-25 20:34:05 ----A---- C:\Windows\system32\iasads.dll
2009-03-25 20:34:05 ----A---- C:\Windows\system32\iasacct.dll
2009-03-25 20:34:05 ----A---- C:\Windows\system32\ias.dll
2009-03-25 20:34:05 ----A---- C:\Windows\system32\httpapi.dll
2009-03-25 20:34:04 ----A---- C:\Windows\system32\infocardapi.dll
2009-03-25 20:34:03 ----A---- C:\Windows\system32\itss.dll
2009-03-25 20:34:03 ----A---- C:\Windows\system32\iscsiwmi.dll
2009-03-25 20:34:03 ----A---- C:\Windows\system32\iscsium.dll
2009-03-25 20:34:03 ----A---- C:\Windows\system32\iscsied.dll
2009-03-25 20:34:03 ----A---- C:\Windows\system32\InfDefaultInstall.exe
2009-03-25 20:34:03 ----A---- C:\Windows\system32\inetmib1.dll
2009-03-25 20:34:02 ----A---- C:\Windows\system32\ipsmsnap.dll
2009-03-25 20:34:02 ----A---- C:\Windows\system32\ipsecsnp.dll
2009-03-25 20:34:02 ----A---- C:\Windows\system32\iprtrmgr.dll
2009-03-25 20:34:02 ----A---- C:\Windows\system32\iprtprio.dll
2009-03-25 20:34:02 ----A---- C:\Windows\system32\IPHLPAPI.DLL
2009-03-25 20:34:02 ----A---- C:\Windows\system32\ipconfig.exe
2009-03-25 20:34:01 ----A---- C:\Windows\system32\IMJP10K.DLL
2009-03-25 20:34:01 ----A---- C:\Windows\system32\imgutil.dll
2009-03-25 20:34:01 ----A---- C:\Windows\system32\imapi2.dll
2009-03-25 20:34:01 ----A---- C:\Windows\system32\imapi.dll
2009-03-25 20:34:01 ----A---- C:\Windows\system32\imagesp1.dll
2009-03-25 20:34:00 ----A---- C:\Windows\system32\imm32.dll
2009-03-25 20:34:00 ----A---- C:\Windows\system32\imapi2fs.dll
2009-03-25 20:34:00 ----A---- C:\Windows\system32\imagehlp.dll
2009-03-25 20:33:57 ----A---- C:\Windows\system32\Nlsdl.dll
2009-03-25 20:33:52 ----A---- C:\Windows\system32\objsel.dll
2009-03-25 20:33:52 ----A---- C:\Windows\system32\ntshrui.dll
2009-03-25 20:33:51 ----A---- C:\Windows\system32\odbccr32.dll
2009-03-25 20:33:51 ----A---- C:\Windows\system32\odbcconf.dll
2009-03-25 20:33:51 ----A---- C:\Windows\system32\odbcbcp.dll
2009-03-25 20:33:51 ----A---- C:\Windows\system32\ntprint.dll
2009-03-25 20:33:50 ----A---- C:\Windows\system32\odbccp32.dll
2009-03-25 20:33:50 ----A---- C:\Windows\system32\odbc32.dll
2009-03-25 20:33:50 ----A---- C:\Windows\system32\ocsetup.exe
2009-03-25 20:33:50 ----A---- C:\Windows\system32\occache.dll
2009-03-25 20:33:50 ----A---- C:\Windows\system32\nslookup.exe
2009-03-25 20:33:50 ----A---- C:\Windows\system32\nsi.dll
2009-03-25 20:33:50 ----A---- C:\Windows\system32\nshipsec.dll
2009-03-25 20:33:50 ----A---- C:\Windows\system32\notepad.exe
2009-03-25 20:33:49 ----A---- C:\Windows\system32\nshhttp.dll
2009-03-25 20:33:49 ----A---- C:\Windows\notepad.exe
2009-03-25 20:33:48 ----A---- C:\Windows\system32\ntmarta.dll
2009-03-25 20:33:48 ----A---- C:\Windows\system32\ntlanman.dll
2009-03-25 20:33:48 ----A---- C:\Windows\system32\ntdsapi.dll
2009-03-25 20:33:48 ----A---- C:\Windows\system32\ntdll.dll
2009-03-25 20:33:48 ----A---- C:\Windows\system32\networkitemfactory.dll
2009-03-25 20:33:48 ----A---- C:\Windows\system32\netshell.dll
2009-03-25 20:33:48 ----A---- C:\Windows\system32\netprofm.dll
2009-03-25 20:33:48 ----A---- C:\Windows\system32\netprof.dll
2009-03-25 20:33:47 ----A---- C:\Windows\system32\networkmap.dll
2009-03-25 20:33:47 ----A---- C:\Windows\system32\networkexplorer.dll
2009-03-25 20:33:46 ----A---- C:\Windows\system32\netiougc.exe
2009-03-25 20:33:46 ----A---- C:\Windows\system32\netiohlp.dll
2009-03-25 20:33:46 ----A---- C:\Windows\system32\netid.dll
2009-03-25 20:33:46 ----A---- C:\Windows\system32\netevent.dll
2009-03-25 20:33:45 ----A---- C:\Windows\system32\Netplwiz.exe
2009-03-25 20:33:45 ----A---- C:\Windows\system32\netplwiz.dll
2009-03-25 20:33:45 ----A---- C:\Windows\system32\netlogon.dll
2009-03-25 20:33:36 ----A---- C:\Windows\system32\nlsbres.dll
2009-03-25 20:33:36 ----A---- C:\Windows\system32\nlmgp.dll
2009-03-25 20:33:36 ----A---- C:\Windows\system32\nlhtml.dll
2009-03-25 20:33:36 ----A---- C:\Windows\system32\newdev.dll
2009-03-25 20:33:35 ----A---- C:\Windows\system32\PING.EXE
2009-03-25 20:33:35 ----A---- C:\Windows\system32\nlaapi.dll
2009-03-25 20:33:34 ----A---- C:\Windows\system32\pidgenx.dll
2009-03-25 20:33:33 ----A---- C:\Windows\system32\PlaySndSrv.dll
2009-03-25 20:33:33 ----A---- C:\Windows\system32\pla.dll
2009-03-25 20:33:33 ----A---- C:\Windows\system32\photowiz.dll
2009-03-25 20:33:33 ----A---- C:\Windows\system32\PhotoMetadataHandler.dll
2009-03-25 20:33:33 ----A---- C:\Windows\system32\perfts.dll
2009-03-25 20:33:33 ----A---- C:\Windows\system32\perfnet.dll
2009-03-25 20:33:33 ----A---- C:\Windows\system32\perfmon.msc
2009-03-25 20:33:32 ----A---- C:\Windows\system32\PresentationCFFRasterizerNative_v0300.dll
2009-03-25 20:33:32 ----A---- C:\Windows\system32\powrprof.dll
2009-03-25 20:33:32 ----A---- C:\Windows\system32\powercpl.dll
2009-03-25 20:33:32 ----A---- C:\Windows\system32\pots.dll
2009-03-25 20:33:32 ----A---- C:\Windows\system32\PortableDeviceWMDRM.dll
2009-03-25 20:33:31 ----A---- C:\Windows\system32\PortableDeviceWiaCompat.dll
2009-03-25 20:33:31 ----A---- C:\Windows\system32\PortableDeviceTypes.dll
2009-03-25 20:33:31 ----A---- C:\Windows\system32\PortableDeviceClassExtension.dll
2009-03-25 20:33:31 ----A---- C:\Windows\system32\PortableDeviceApi.dll
2009-03-25 20:33:31 ----A---- C:\Windows\system32\pnrpnsp.dll
2009-03-25 20:33:31 ----A---- C:\Windows\system32\pnpsetup.dll
2009-03-25 20:33:31 ----A---- C:\Windows\system32\pnidui.dll
2009-03-25 20:33:31 ----A---- C:\Windows\system32\pngfilt.dll
2009-03-25 20:33:31 ----A---- C:\Windows\system32\onex.dll
2009-03-25 20:33:30 ----A---- C:\Windows\system32\P2P.dll
2009-03-25 20:33:30 ----A---- C:\Windows\system32\osblprov.dll
2009-03-25 20:33:30 ----A---- C:\Windows\system32\osbaseln.dll
2009-03-25 20:33:30 ----A---- C:\Windows\system32\OptionalFeatures.exe
2009-03-25 20:33:30 ----A---- C:\Windows\system32\oobefldr.dll
2009-03-25 20:33:30 ----A---- C:\Windows\system32\olethk32.dll
2009-03-25 20:33:30 ----A---- C:\Windows\system32\olesvr32.dll
2009-03-25 20:33:30 ----A---- C:\Windows\system32\olepro32.dll
2009-03-25 20:33:30 ----A---- C:\Windows\system32\oleprn.dll
2009-03-25 20:33:30 ----A---- C:\Windows\system32\oledlg.dll
2009-03-25 20:33:30 ----A---- C:\Windows\system32\oleacc.dll
2009-03-25 20:33:30 ----A---- C:\Windows\system32\offfilt.dll
2009-03-25 20:33:30 ----A---- C:\Windows\system32\odbctrac.dll
2009-03-25 20:33:30 ----A---- C:\Windows\system32\odbcjt32.dll
2009-03-25 20:33:30 ----A---- C:\Windows\system32\odbccu32.dll
2009-03-25 20:33:29 ----A---- C:\Windows\system32\pdh.dll
2009-03-25 20:33:29 ----A---- C:\Windows\system32\pcaui.dll
2009-03-25 20:33:29 ----A---- C:\Windows\system32\olecli32.dll
2009-03-25 20:33:29 ----A---- C:\Windows\system32\oleaut32.dll
2009-03-25 20:33:29 ----A---- C:\Windows\system32\ole32.dll
2009-03-25 20:33:29 ----A---- C:\Windows\system32\ogldrv.dll
2009-03-25 20:33:28 ----A---- C:\Windows\system32\perfmon.exe
2009-03-25 20:33:28 ----A---- C:\Windows\system32\perfhost.exe
2009-03-25 20:33:28 ----A---- C:\Windows\system32\PerfCenterCPL.dll
2009-03-25 20:33:28 ----A---- C:\Windows\system32\pdhui.dll
2009-03-25 20:33:28 ----A---- C:\Windows\system32\pcadm.dll
2009-03-25 20:33:28 ----A---- C:\Windows\system32\p2psvc.dll
2009-03-25 20:33:28 ----A---- C:\Windows\system32\p2pnetsh.dll
2009-03-25 20:33:28 ----A---- C:\Windows\system32\P2PGraph.dll
2009-03-25 20:33:28 ----A---- C:\Windows\system32\p2pcollab.dll
2009-03-25 20:33:22 ----A---- C:\Windows\system32\msieftp.dll
2009-03-25 20:33:22 ----A---- C:\Windows\system32\msidle.dll
2009-03-25 20:33:22 ----A---- C:\Windows\system32\msident.dll
2009-03-25 20:33:22 ----A---- C:\Windows\system32\msidcrl30.dll
2009-03-25 20:33:20 ----A---- C:\Windows\system32\msi.dll
2009-03-25 20:33:20 ----A---- C:\Windows\system32\mshtmled.dll
2009-03-25 20:33:20 ----A---- C:\Windows\system32\msfeedssync.exe
2009-03-25 20:33:20 ----A---- C:\Windows\system32\msfeedsbs.dll
2009-03-25 20:33:20 ----A---- C:\Windows\system32\msexcl40.dll
2009-03-25 20:33:20 ----A---- C:\Windows\system32\msdtcVSp1res.dll
2009-03-25 20:33:20 ----A---- C:\Windows\system32\msdtcuiu.dll
2009-03-25 20:33:19 ----A---- C:\Windows\system32\msnetobj.dll
2009-03-25 20:33:19 ----A---- C:\Windows\system32\MSMPEG2VDEC.DLL
2009-03-25 20:33:19 ----A---- C:\Windows\system32\MSMPEG2ENC.DLL
2009-03-25 20:33:19 ----A---- C:\Windows\system32\MSMPEG2ADEC.DLL
2009-03-25 20:33:19 ----A---- C:\Windows\system32\mshta.exe
2009-03-25 20:33:19 ----A---- C:\Windows\system32\msftedit.dll
2009-03-25 20:33:18 ----A---- C:\Windows\system32\mspaint.exe
2009-03-25 20:33:18 ----A---- C:\Windows\system32\msorcl32.dll
2009-03-25 20:33:18 ----A---- C:\Windows\system32\msoert2.dll
2009-03-25 20:33:18 ----A---- C:\Windows\system32\msoeacct.dll
2009-03-25 20:33:18 ----A---- C:\Windows\system32\msobjs.dll
2009-03-25 20:33:18 ----A---- C:\Windows\system32\msltus40.dll
2009-03-25 20:33:18 ----A---- C:\Windows\system32\msls31.dll
2009-03-25 20:33:18 ----A---- C:\Windows\system32\msinfo32.exe
2009-03-25 20:33:18 ----A---- C:\Windows\system32\msimtf.dll
2009-03-25 20:33:18 ----A---- C:\Windows\system32\msihnd.dll
2009-03-25 20:33:18 ----A---- C:\Windows\system32\msiexec.exe
2009-03-25 20:33:17 ----A---- C:\Windows\system32\msjtes40.dll
2009-03-25 20:33:17 ----A---- C:\Windows\system32\msjetoledb40.dll
2009-03-25 20:33:17 ----A---- C:\Windows\system32\msjet40.dll
2009-03-25 20:33:17 ----A---- C:\Windows\system32\msisip.dll
2009-03-25 20:33:16 ----A---- C:\Windows\system32\msdtcprx.dll
2009-03-25 20:33:16 ----A---- C:\Windows\system32\msdt.exe
2009-03-25 20:33:16 ----A---- C:\Windows\system32\msdrm.dll
2009-03-25 20:33:16 ----A---- C:\Windows\system32\msdmo.dll
2009-03-25 20:33:16 ----A---- C:\Windows\system32\msdelta.dll
2009-03-25 20:33:16 ----A---- C:\Windows\system32\msctf.dll
2009-03-25 20:33:16 ----A---- C:\Windows\system32\mscms.dll
2009-03-25 20:33:16 ----A---- C:\Windows\system32\mscandui.dll
2009-03-25 20:33:15 ----A---- C:\Windows\system32\MsCtfMonitor.dll
2009-03-25 20:33:14 ----A---- C:\Windows\system32\NAPSTAT.EXE
2009-03-25 20:33:14 ----A---- C:\Windows\system32\NAPMONTR.DLL
2009-03-25 20:33:14 ----A---- C:\Windows\system32\napipsec.dll
2009-03-25 20:33:14 ----A---- C:\Windows\system32\NapiNSP.dll
2009-03-25 20:33:14 ----A---- C:\Windows\system32\NAPHLPR.DLL
2009-03-25 20:33:14 ----A---- C:\Windows\system32\napdsnap.dll
2009-03-25 20:33:14 ----A---- C:\Windows\system32\NAPCRYPT.DLL
2009-03-25 20:33:14 ----A---- C:\Windows\system32\mydocs.dll
2009-03-25 20:33:14 ----A---- C:\Windows\system32\mycomput.dll
2009-03-25 20:33:14 ----A---- C:\Windows\system32\msdart.dll
2009-03-25 20:33:14 ----A---- C:\Windows\system32\msdadiag.dll
2009-03-25 20:33:14 ----A---- C:\Windows\system32\msctfui.dll
2009-03-25 20:33:13 ----A---- C:\Windows\system32\netdiagfx.dll
2009-03-25 20:33:13 ----A---- C:\Windows\system32\netcorehc.dll
2009-03-25 20:33:13 ----A---- C:\Windows\system32\net1.exe
2009-03-25 20:33:13 ----A---- C:\Windows\system32\net.exe
2009-03-25 20:33:13 ----A---- C:\Windows\system32\MuiUnattend.exe
2009-03-25 20:33:13 ----A---- C:\Windows\system32\mtxoci.dll
2009-03-25 20:33:13 ----A---- C:\Windows\system32\mtxlegih.dll
2009-03-25 20:33:13 ----A---- C:\Windows\system32\mtxdm.dll
2009-03-25 20:33:13 ----A---- C:\Windows\system32\mtxclu.dll
2009-03-25 20:33:13 ----A---- C:\Windows\system32\mtstocom.exe
2009-03-25 20:33:13 ----A---- C:\Windows\system32\msxbde40.dll
2009-03-25 20:33:13 ----A---- C:\Windows\system32\mswsock.dll
2009-03-25 20:33:13 ----A---- C:\Windows\system32\mswmdm.dll
2009-03-25 20:33:13 ----A---- C:\Windows\system32\MSVidCtl.dll
2009-03-25 20:33:13 ----A---- C:\Windows\system32\msvidc32.dll
2009-03-25 20:33:12 ----A---- C:\Windows\system32\netcfgx.dll
2009-03-25 20:33:12 ----A---- C:\Windows\system32\netcenter.dll
2009-03-25 20:33:12 ----A---- C:\Windows\system32\netbtugc.exe
2009-03-25 20:33:12 ----A---- C:\Windows\system32\ndfetw.dll
2009-03-25 20:33:12 ----A---- C:\Windows\system32\ndfapi.dll
2009-03-25 20:33:12 ----A---- C:\Windows\system32\ncsi.dll
2009-03-25 20:33:12 ----A---- C:\Windows\system32\ncryptui.dll
2009-03-25 20:33:12 ----A---- C:\Windows\system32\ncrypt.dll
2009-03-25 20:33:12 ----A---- C:\Windows\system32\ncobjapi.dll
2009-03-25 20:33:12 ----A---- C:\Windows\system32\nci.dll
2009-03-25 20:33:12 ----A---- C:\Windows\system32\NcdProp.dll
2009-03-25 20:33:12 ----A---- C:\Windows\system32\nbtstat.exe
2009-03-25 20:33:11 ----A---- C:\Windows\system32\msutb.dll
2009-03-25 20:33:11 ----A---- C:\Windows\system32\mstscax.dll
2009-03-25 20:33:11 ----A---- C:\Windows\system32\mstsc.exe
2009-03-25 20:33:11 ----A---- C:\Windows\system32\mstlsapi.dll
2009-03-25 20:33:11 ----A---- C:\Windows\system32\msrepl40.dll
2009-03-25 20:33:11 ----A---- C:\Windows\system32\msrdc.dll
2009-03-25 20:33:11 ----A---- C:\Windows\system32\msrd3x40.dll
2009-03-25 20:33:11 ----A---- C:\Windows\system32\msrating.dll
2009-03-25 20:33:11 ----A---- C:\Windows\system32\msra.exe
2009-03-25 20:33:11 ----A---- C:\Windows\system32\mspbde40.dll
2009-03-25 20:33:11 ----A---- C:\Windows\system32\mspatcha.dll
2009-03-25 20:33:10 ----A---- C:\Windows\system32\msvfw32.dll
2009-03-25 20:33:10 ----A---- C:\Windows\system32\msvcrt.dll
2009-03-25 20:33:10 ----A---- C:\Windows\system32\msvbvm60.dll
2009-03-25 20:33:10 ----A---- C:\Windows\system32\msv1_0.dll
2009-03-25 20:33:10 ----A---- C:\Windows\system32\msshsq.dll
2009-03-25 20:33:10 ----A---- C:\Windows\system32\mssha.dll
2009-03-25 20:33:09 ----A---- C:\Windows\system32\mstext40.dll
2009-03-25 20:33:09 ----A---- C:\Windows\system32\mstask.dll
2009-03-25 20:33:09 ----A---- C:\Windows\system32\mssvp.dll
2009-03-25 20:33:09 ----A---- C:\Windows\system32\msstrc.dll
2009-03-25 20:33:09 ----A---- C:\Windows\system32\mssrch.dll
2009-03-25 20:33:09 ----A---- C:\Windows\system32\mssprxy.dll
2009-03-25 20:33:09 ----A---- C:\Windows\system32\mssphtb.dll
2009-03-25 20:33:09 ----A---- C:\Windows\system32\mssph.dll
2009-03-25 20:33:09 ----A---- C:\Windows\system32\mssitlb.dll
2009-03-25 20:33:09 ----A---- C:\Windows\system32\msscp.dll
2009-03-25 20:33:09 ----A---- C:\Windows\system32\msscntrs.dll
2009-03-25 20:33:09 ----A---- C:\Windows\system32\msscb.dll
2009-03-25 20:33:09 ----A---- C:\Windows\system32\cfgmgr32.dll
2009-03-25 20:33:08 ----A---- C:\Windows\system32\cfgbkend.dll
2009-03-25 20:33:08 ----A---- C:\Windows\system32\cewmdm.dll
2009-03-25 20:33:08 ----A---- C:\Windows\system32\certutil.exe
2009-03-25 20:33:08 ----A---- C:\Windows\system32\certreq.exe
2009-03-25 20:33:03 ----A---- C:\Windows\system32\chtbrkr.dll
2009-03-25 20:33:02 ----A---- C:\Windows\system32\cic.dll
2009-03-25 20:33:02 ----A---- C:\Windows\system32\chsbrkr.dll
2009-03-25 20:33:01 ----A---- C:\Windows\system32\clusapi.dll
2009-03-25 20:33:01 ----A---- C:\Windows\system32\certmgr.dll
2009-03-25 20:33:01 ----A---- C:\Windows\system32\CertEnrollUI.dll
2009-03-25 20:33:01 ----A---- C:\Windows\system32\CertEnrollCtrl.exe
2009-03-25 20:33:01 ----A---- C:\Windows\system32\CertEnroll.dll
2009-03-25 20:33:01 ----A---- C:\Windows\system32\certcli.dll
2009-03-25 20:33:00 ----A---- C:\Windows\system32\cmicryptinstall.dll
2009-03-25 20:33:00 ----A---- C:\Windows\system32\cmdl32.exe
2009-03-25 20:33:00 ----A---- C:\Windows\system32\cmdial32.dll
2009-03-25 20:33:00 ----A---- C:\Windows\system32\cmd.exe
2009-03-25 20:33:00 ----A---- C:\Windows\system32\cmcfg32.dll
2009-03-25 20:33:00 ----A---- C:\Windows\system32\clfsw32.dll
2009-03-25 20:33:00 ----A---- C:\Windows\system32\clbcatq.dll
2009-03-25 20:33:00 ----A---- C:\Windows\system32\cipher.exe
2009-03-25 20:32:59 ----A---- C:\Windows\system32\browseui.dll
2009-03-25 20:32:58 ----A---- C:\Windows\system32\cabview.dll
2009-03-25 20:32:58 ----A---- C:\Windows\system32\cabinet.dll
2009-03-25 20:32:58 ----A---- C:\Windows\system32\btpanui.dll
2009-03-25 20:32:57 ----A---- C:\Windows\system32\capisp.dll
2009-03-25 20:32:57 ----A---- C:\Windows\system32\cacls.exe
2009-03-25 20:32:56 ----A---- C:\Windows\system32\d3d10core.dll
2009-03-25 20:32:56 ----A---- C:\Windows\system32\d3d10_1.dll
2009-03-25 20:32:56 ----A---- C:\Windows\system32\d3d10.dll
2009-03-25 20:32:56 ----A---- C:\Windows\system32\cdosys.dll
2009-03-25 20:32:56 ----A---- C:\Windows\system32\catsrvut.dll
2009-03-25 20:32:56 ----A---- C:\Windows\system32\catsrv.dll
2009-03-25 20:32:55 ----A---- C:\Windows\system32\dbnetlib.dll
2009-03-25 20:32:55 ----A---- C:\Windows\system32\dbghelp.dll
2009-03-25 20:32:55 ----A---- C:\Windows\system32\dbgeng.dll
2009-03-25 20:32:55 ----A---- C:\Windows\system32\d3dim.dll
2009-03-25 20:32:55 ----A---- C:\Windows\system32\d3d9.dll
2009-03-25 20:32:55 ----A---- C:\Windows\system32\d3d8.dll
2009-03-25 20:32:55 ----A---- C:\Windows\system32\d3d10_1core.dll
2009-03-25 20:32:54 ----A---- C:\Windows\system32\d3dxof.dll
2009-03-25 20:32:54 ----A---- C:\Windows\system32\d3dim700.dll
2009-03-25 20:32:54 ----A---- C:\Windows\system32\cscript.exe
2009-03-25 20:32:54 ----A---- C:\Windows\system32\cscdll.dll
2009-03-25 20:32:54 ----A---- C:\Windows\system32\cscapi.dll
2009-03-25 20:32:54 ----A---- C:\Windows\system32\cryptui.dll
2009-03-25 20:32:54 ----A---- C:\Windows\system32\cryptsvc.dll
2009-03-25 20:32:53 ----A---- C:\Windows\system32\dhcpcsvc6.dll
2009-03-25 20:32:53 ----A---- C:\Windows\system32\dhcpcsvc.dll
2009-03-25 20:32:53 ----A---- C:\Windows\system32\DfsShlEx.dll
2009-03-25 20:32:53 ----A---- C:\Windows\system32\cscobj.dll
2009-03-25 20:32:52 ----A---- C:\Windows\system32\diantz.exe
2009-03-25 20:32:52 ----A---- C:\Windows\system32\dhcpsapi.dll
2009-03-25 20:32:52 ----A---- C:\Windows\system32\DHCPQEC.DLL
2009-03-25 20:32:52 ----A---- C:\Windows\system32\devmgr.dll
2009-03-25 20:32:52 ----A---- C:\Windows\system32\devenum.dll
2009-03-25 20:32:52 ----A---- C:\Windows\system32\ddraw.dll
2009-03-25 20:32:51 ----A---- C:\Windows\system32\dfrgui.exe
2009-03-25 20:32:51 ----A---- C:\Windows\system32\DfrgNtfs.exe
2009-03-25 20:32:51 ----A---- C:\Windows\system32\dfrgifc.exe
2009-03-25 20:32:51 ----A---- C:\Windows\system32\dfrgfat.exe
2009-03-25 20:32:51 ----A---- C:\Windows\system32\comctl32.dll
2009-03-25 20:32:51 ----A---- C:\Windows\system32\colbact.dll
2009-03-25 20:32:50 ----A---- C:\Windows\system32\comdlg32.dll
2009-03-25 20:32:50 ----A---- C:\Windows\system32\colorui.dll
2009-03-25 20:32:50 ----A---- C:\Windows\system32\COLORCNV.DLL
2009-03-25 20:32:50 ----A---- C:\Windows\system32\cmmon32.exe
2009-03-25 20:32:50 ----A---- C:\Windows\system32\cmlua.dll
2009-03-25 20:32:50 ----A---- C:\Windows\system32\cmipnpinstall.dll
2009-03-25 20:32:49 ----A---- C:\Windows\system32\cmutil.dll
2009-03-25 20:32:49 ----A---- C:\Windows\system32\cmstplua.dll
2009-03-25 20:32:49 ----A---- C:\Windows\system32\cmpbk32.dll
2009-03-25 20:32:49 ----A---- C:\Windows\system32\cmifw.dll
2009-03-25 20:32:48 ----A---- C:\Windows\system32\cryptnet.dll
2009-03-25 20:32:48 ----A---- C:\Windows\system32\cryptdll.dll
2009-03-25 20:32:48 ----A---- C:\Windows\system32\crypt32.dll
2009-03-25 20:32:48 ----A---- C:\Windows\system32\credui.dll
2009-03-25 20:32:48 ----A---- C:\Windows\system32\credssp.dll
2009-03-25 20:32:48 ----A---- C:\Windows\system32\corpol.dll
2009-03-25 20:32:48 ----A---- C:\Windows\system32\convert.exe
2009-03-25 20:32:48 ----A---- C:\Windows\system32\connect.dll
2009-03-25 20:32:48 ----A---- C:\Windows\system32\conime.exe
2009-03-25 20:32:48 ----A---- C:\Windows\system32\comuid.dll
2009-03-25 20:32:48 ----A---- C:\Windows\system32\cmstp.exe
2009-03-25 20:32:47 ----A---- C:\Windows\system32\comsvcs.dll
2009-03-25 20:32:47 ----A---- C:\Windows\system32\comsnap.dll
2009-03-25 20:32:47 ----A---- C:\Windows\system32\comres.dll
2009-03-25 20:32:47 ----A---- C:\Windows\system32\comrepl.dll
2009-03-25 20:32:47 ----A---- C:\Windows\system32\ComputerDefaults.exe
2009-03-25 20:32:47 ----A---- C:\Windows\system32\compstui.dll
2009-03-25 20:32:47 ----A---- C:\Windows\system32\CompatUI.dll
2009-03-25 20:32:46 ----A---- C:\Windows\system32\apss.dll
2009-03-25 20:32:46 ----A---- C:\Windows\system32\apds.dll
2009-03-25 20:32:45 ----A---- C:\Windows\system32\AUDIOKSE.dll
2009-03-25 20:32:45 ----A---- C:\Windows\system32\audiodg.exe
2009-03-25 20:32:45 ----A---- C:\Windows\system32\audiodev.dll
2009-03-25 20:32:45 ----A---- C:\Windows\system32\appmgr.dll
2009-03-25 20:32:45 ----A---- C:\Windows\system32\appmgmts.dll
2009-03-25 20:32:45 ----A---- C:\Windows\system32\apphelp.dll
2009-03-25 20:32:45 ----A---- C:\Windows\system32\apircl.dll
2009-03-25 20:32:45 ----A---- C:\Windows\system32\apilogen.dll
2009-03-25 20:32:45 ----A---- C:\Windows\system32\amxread.dll
2009-03-25 20:32:45 ----A---- C:\Windows\system32\amstream.dll
2009-03-25 20:32:44 ----A---- C:\Windows\system32\authfwcfg.dll
2009-03-25 20:32:44 ----A---- C:\Windows\system32\auditpol.exe
2009-03-25 20:32:44 ----A---- C:\Windows\system32\AudioSes.dll
2009-03-25 20:32:44 ----A---- C:\Windows\system32\AudioEng.dll
2009-03-25 20:32:44 ----A---- C:\Windows\system32\atmfd.dll
2009-03-25 20:32:44 ----A---- C:\Windows\system32\atl.dll
2009-03-25 20:32:44 ----A---- C:\Windows\system32\AtBroker.exe
2009-03-25 20:32:44 ----A---- C:\Windows\system32\at.exe
2009-03-25 20:32:43 ----A---- C:\Windows\system32\ACW.exe
2009-03-25 20:32:43 ----A---- C:\Windows\system32\actxprxy.dll
2009-03-25 20:32:43 ----A---- C:\Windows\system32\activeds.dll
2009-03-25 20:32:43 ----A---- C:\Windows\system32\ActiveContentWizard.dll
2009-03-25 20:32:43 ----A---- C:\Windows\system32\ActionQueue.dll
2009-03-25 20:32:42 ----A---- C:\Windows\system32\aclui.dll
2009-03-25 20:32:42 ----A---- C:\Windows\system32\aaclient.dll
2009-03-25 20:32:41 ----A---- C:\Windows\system32\advpack.dll
2009-03-25 20:32:41 ----A---- C:\Windows\system32\advapi32.dll
2009-03-25 20:32:41 ----A---- C:\Windows\system32\adtschema.dll
2009-03-25 20:32:41 ----A---- C:\Windows\system32\accessibilitycpl.dll
2009-03-25 20:32:40 ----A---- C:\Windows\system32\adsnt.dll
2009-03-25 20:32:40 ----A---- C:\Windows\system32\adsmsext.dll
2009-03-25 20:32:40 ----A---- C:\Windows\system32\adsldpc.dll
2009-03-25 20:32:40 ----A---- C:\Windows\system32\adsldp.dll
2009-03-25 20:32:40 ----A---- C:\Windows\system32\admparse.dll
2009-03-25 20:32:34 ----A---- C:\Windows\system32\azroleui.dll
2009-03-25 20:32:34 ----A---- C:\Windows\system32\azroles.dll
2009-03-25 20:32:34 ----A---- C:\Windows\system32\avrt.dll
2009-03-25 20:32:28 ----A---- C:\Windows\system32\basecsp.dll
2009-03-25 20:32:28 ----A---- C:\Windows\system32\AzSqlExt.dll
2009-03-25 20:32:28 ----A---- C:\Windows\system32\avifil32.dll
2009-03-25 20:32:27 ----A---- C:\Windows\system32\authz.dll
2009-03-25 20:32:27 ----A---- C:\Windows\system32\authui.dll
2009-03-25 20:32:27 ----A---- C:\Windows\system32\AuthFWSnapin.dll
2009-03-25 20:32:26 ----A---- C:\Windows\system32\AuxiliaryDisplayCpl.dll
2009-03-25 20:32:26 ----A---- C:\Windows\system32\AuxiliaryDisplayApi.dll
2009-03-25 20:32:26 ----A---- C:\Windows\system32\autoconv.exe
2009-03-25 20:32:26 ----A---- C:\Windows\system32\autochk.exe
2009-03-25 20:32:26 ----A---- C:\Windows\system32\AuthFWGP.dll
2009-03-25 20:32:25 ----A---- C:\Windows\system32\bootcfg.exe
2009-03-25 20:32:25 ----A---- C:\Windows\system32\autoplay.dll
2009-03-25 20:32:25 ----A---- C:\Windows\system32\autofmt.exe
2009-03-25 20:32:24 ----A---- C:\Windows\system32\blackbox.dll
2009-03-25 20:32:24 ----A---- C:\Windows\system32\bitsadmin.exe
2009-03-25 20:32:24 ----A---- C:\Windows\system32\bcrypt.dll
2009-03-25 20:32:24 ----A---- C:\Windows\bfsvc.exe
2009-03-25 20:32:19 ----A---- C:\Windows\system32\hnetmon.dll
2009-03-25 20:32:19 ----A---- C:\Windows\system32\hlink.dll
2009-03-25 20:32:17 ----A---- C:\Windows\system32\hnetcfg.dll
2009-03-25 20:32:12 ----A---- C:\Windows\system32\dxdiagn.dll
2009-03-25 20:32:12 ----A---- C:\Windows\system32\dxdiag.exe
2009-03-25 20:32:12 ----A---- C:\Windows\system32\DWWIN.EXE
2009-03-25 20:32:11 ----A---- C:\Windows\system32\dxva2.dll
2009-03-25 20:32:11 ----A---- C:\Windows\system32\dxtrans.dll
2009-03-25 20:32:11 ----A---- C:\Windows\system32\dwmapi.dll
2009-03-25 20:32:10 ----A---- C:\Windows\system32\dxtmsft.dll
2009-03-25 20:32:10 ----A---- C:\Windows\system32\dxmasf.dll
2009-03-25 20:32:10 ----A---- C:\Windows\system32\dxgi.dll
2009-03-25 20:32:10 ----A---- C:\Windows\system32\dsound.dll
2009-03-25 20:32:10 ----A---- C:\Windows\system32\dskquoui.dll
2009-03-25 20:32:10 ----A---- C:\Windows\system32\dskquota.dll
2009-03-25 20:32:10 ----A---- C:\Windows\system32\dsdmo.dll
2009-03-25 20:32:10 ----A---- C:\Windows\system32\dsauth.dll
2009-03-25 20:32:09 ----A---- C:\Windows\system32\duser.dll
2009-03-25 20:32:09 ----A---- C:\Windows\system32\dsuiext.dll
2009-03-25 20:32:09 ----A---- C:\Windows\system32\dssenh.dll
2009-03-25 20:32:09 ----A---- C:\Windows\system32\dssec.dll
2009-03-25 20:32:09 ----A---- C:\Windows\system32\dsquery.dll
2009-03-25 20:32:09 ----A---- C:\Windows\system32\dsprop.dll
2009-03-25 20:32:05 ----A---- C:\Windows\system32\EAPQEC.DLL
2009-03-25 20:32:05 ----A---- C:\Windows\system32\eappprxy.dll
2009-03-25 20:32:05 ----A---- C:\Windows\system32\eapphost.dll
2009-03-25 20:32:05 ----A---- C:\Windows\system32\eappgnui.dll
2009-03-25 20:32:05 ----A---- C:\Windows\system32\eappcfg.dll
2009-03-25 20:32:05 ----A---- C:\Windows\system32\eapp3hst.dll
2009-03-25 20:32:04 ----A---- C:\Windows\system32\efsadu.dll
2009-03-25 20:32:04 ----A---- C:\Windows\system32\dmvdsitf.dll
2009-03-25 20:32:04 ----A---- C:\Windows\system32\dmutil.dll
2009-03-25 20:32:04 ----A---- C:\Windows\system32\dmusic.dll
2009-03-25 20:32:04 ----A---- C:\Windows\system32\dmsynth.dll
2009-03-25 20:32:04 ----A---- C:\Windows\system32\dmscript.dll
2009-03-25 20:32:04 ----A---- C:\Windows\system32\dmocx.dll
2009-03-25 20:32:04 ----A---- C:\Windows\system32\dmloader.dll
2009-03-25 20:32:04 ----A---- C:\Windows\system32\dmime.dll
2009-03-25 20:32:04 ----A---- C:\Windows\system32\dmdskres2.dll
2009-03-25 20:32:04 ----A---- C:\Windows\system32\dmdskmgr.dll
2009-03-25 20:32:04 ----A---- C:\Windows\system32\dmdlgs.dll
2009-03-25 20:32:04 ----A---- C:\Windows\system32\dispex.dll
2009-03-25 20:32:04 ----A---- C:\Windows\system32\dinput8.dll
2009-03-25 20:32:04 ----A---- C:\Windows\system32\dimsroam.dll
2009-03-25 20:32:04 ----A---- C:\Windows\system32\dimsjob.dll
2009-03-25 20:32:03 ----A---- C:\Windows\system32\dpx.dll
2009-03-25 20:32:03 ----A---- C:\Windows\system32\diskraid.exe
2009-03-25 20:32:03 ----A---- C:\Windows\system32\diskpart.exe
2009-03-25 20:32:02 ----A---- C:\Windows\system32\drvstore.dll
2009-03-25 20:32:02 ----A---- C:\Windows\system32\drvinst.exe
2009-03-25 20:32:02 ----A---- C:\Windows\system32\drmv2clt.dll
2009-03-25 20:32:02 ----A---- C:\Windows\system32\drmmgrtn.dll
2009-03-25 20:32:02 ----A---- C:\Windows\system32\driverquery.exe
2009-03-25 20:32:02 ----A---- C:\Windows\system32\dpnet.dll
2009-03-25 20:32:02 ----A---- C:\Windows\system32\DpiScaling.exe
2009-03-25 20:32:02 ----A---- C:\Windows\system32\dpapimig.exe
2009-03-25 20:32:02 ----A---- C:\Windows\system32\dot3cfg.dll
2009-03-25 20:32:01 ----A---- C:\Windows\system32\FXSEXT32.dll
2009-03-25 20:32:01 ----A---- C:\Windows\system32\dot3ui.dll
2009-03-25 20:32:01 ----A---- C:\Windows\system32\dot3msm.dll
2009-03-25 20:32:01 ----A---- C:\Windows\system32\dot3gpui.dll
2009-03-25 20:32:01 ----A---- C:\Windows\system32\dot3gpclnt.dll
2009-03-25 20:32:01 ----A---- C:\Windows\system32\dot3dlg.dll
2009-03-25 20:32:01 ----A---- C:\Windows\system32\dot3api.dll
2009-03-25 20:32:01 ----A---- C:\Windows\system32\dnshc.dll
2009-03-25 20:32:01 ----A---- C:\Windows\system32\dnscacheugc.exe
2009-03-25 20:32:01 ----A---- C:\Windows\system32\dnsapi.dll
2009-03-25 20:32:00 ----A---- C:\Windows\system32\FXSXP32.dll
2009-03-25 20:32:00 ----A---- C:\Windows\system32\FXSCOMEX.dll
2009-03-25 20:32:00 ----A---- C:\Windows\system32\FXSCOM.dll
2009-03-25 20:32:00 ----A---- C:\Windows\system32\FXSAPI.dll
2009-03-25 20:31:59 ----A---- C:\Windows\system32\FXSRESM.dll
2009-03-25 20:31:59 ----A---- C:\Windows\system32\fwcfg.dll
2009-03-25 20:31:59 ----A---- C:\Windows\system32\fundisc.dll
2009-03-25 20:31:59 ----A---- C:\Windows\system32\ftp.exe
2009-03-25 20:31:59 ----A---- C:\Windows\system32\fsutil.exe
2009-03-25 20:31:59 ----A---- C:\Windows\system32\fsmgmt.msc
2009-03-25 20:31:58 ----A---- C:\Windows\system32\HelpPaneProxy.dll
2009-03-25 20:31:58 ----A---- C:\Windows\system32\hbaapi.dll
2009-03-25 20:31:58 ----A---- C:\Windows\system32\GuidedHelp.dll
2009-03-25 20:31:58 ----A---- C:\Windows\system32\gpupdate.exe
2009-03-25 20:31:58 ----A---- C:\Windows\system32\gpscript.exe
2009-03-25 20:31:58 ----A---- C:\Windows\system32\gpscript.dll
2009-03-25 20:31:58 ----A---- C:\Windows\system32\FWPUCLNT.DLL
2009-03-25 20:31:58 ----A---- C:\Windows\HelpPane.exe
2009-03-25 20:31:58 ----A---- C:\Windows\fveupdate.exe
2009-03-25 20:31:56 ----A---- C:\Windows\system32\gpresult.exe
2009-03-25 20:31:56 ----A---- C:\Windows\system32\gpedit.msc
2009-03-25 20:31:56 ----A---- C:\Windows\system32\gpedit.dll
2009-03-25 20:31:56 ----A---- C:\Windows\system32\gpapi.dll
2009-03-25 20:31:56 ----A---- C:\Windows\system32\getmac.exe
2009-03-25 20:31:56 ----A---- C:\Windows\system32\expand.exe
2009-03-25 20:31:56 ----A---- C:\Windows\system32\evr.dll
2009-03-25 20:31:55 ----A---- C:\Windows\system32\f3ahvoas.dll
2009-03-25 20:31:55 ----A---- C:\Windows\system32\extrac32.exe
2009-03-25 20:31:55 ----A---- C:\Windows\system32\extmgr.dll
2009-03-25 20:31:55 ----A---- C:\Windows\system32\ExplorerFrame.dll
2009-03-25 20:31:55 ----A---- C:\Windows\system32\eventcls.dll
2009-03-25 20:31:54 ----A---- C:\Windows\system32\esentutl.exe
2009-03-25 20:31:54 ----A---- C:\Windows\system32\EncDec.dll
2009-03-25 20:31:54 ----A---- C:\Windows\system32\els.dll
2009-03-25 20:31:53 ----A---- C:\Windows\system32\fontext.dll
2009-03-25 20:31:53 ----A---- C:\Windows\system32\fmifs.dll
2009-03-25 20:31:53 ----A---- C:\Windows\system32\FirewallControlPanel.exe
2009-03-25 20:31:53 ----A---- C:\Windows\system32\esentprf.dll
2009-03-25 20:31:53 ----A---- C:\Windows\system32\esent.dll
2009-03-25 20:31:52 ----A---- C:\Windows\system32\framedynos.dll
2009-03-25 20:31:52 ----A---- C:\Windows\system32\framedyn.dll
2009-03-25 20:31:52 ----A---- C:\Windows\system32\FirewallAPI.dll
2009-03-25 20:31:52 ----A---- C:\Windows\system32\findstr.exe
2009-03-25 20:31:51 ----A---- C:\Windows\system32\txfw32.dll
2009-03-25 20:31:51 ----A---- C:\Windows\system32\txflog.dll
2009-03-25 20:31:51 ----A---- C:\Windows\system32\twext.dll
2009-03-25 20:31:51 ----A---- C:\Windows\system32\fphc.dll
2009-03-25 20:31:51 ----A---- C:\Windows\system32\fontsub.dll
2009-03-25 20:31:51 ----A---- C:\Windows\system32\findnetprinters.dll
2009-03-25 20:31:51 ----A---- C:\Windows\system32\filemgmt.dll
2009-03-25 20:31:51 ----A---- C:\Windows\system32\feclient.dll
2009-03-25 20:31:51 ----A---- C:\Windows\system32\fdWSD.dll
2009-03-25 20:31:51 ----A---- C:\Windows\system32\fdWCN.dll
2009-03-25 20:31:51 ----A---- C:\Windows\system32\fdSSDP.dll
2009-03-25 20:31:51 ----A---- C:\Windows\system32\fdeploy.dll
2009-03-25 20:31:51 ----A---- C:\Windows\system32\fde.dll
2009-03-25 20:31:51 ----A---- C:\Windows\system32\Faultrep.dll
2009-03-25 20:31:50 ----A---- C:\Windows\system32\ulib.dll
2009-03-25 20:31:50 ----A---- C:\Windows\system32\ufat.dll
2009-03-25 20:31:50 ----A---- C:\Windows\system32\uexfat.dll
2009-03-25 20:31:50 ----A---- C:\Windows\system32\TsWpfWrp.exe
2009-03-25 20:31:50 ----A---- C:\Windows\system32\TSTheme.exe
2009-03-25 20:31:50 ----A---- C:\Windows\system32\TSpkg.dll
2009-03-25 20:31:50 ----A---- C:\Windows\system32\tsgqec.dll
2009-03-25 20:31:49 ----A---- C:\Windows\system32\unbcl.dll
2009-03-25 20:31:49 ----A---- C:\Windows\system32\unattendedjoin.exe
2009-03-25 20:31:49 ----A---- C:\Windows\system32\unattend.dll
2009-03-25 20:31:49 ----A---- C:\Windows\system32\UIAutomationCore.dll
2009-03-25 20:31:49 ----A---- C:\Windows\system32\termmgr.dll
2009-03-25 20:31:48 ----A---- C:\Windows\system32\thumbcache.dll
2009-03-25 20:31:48 ----A---- C:\Windows\system32\themeui.dll
2009-03-25 20:31:44 ----A---- C:\Windows\system32\themecpl.dll
2009-03-25 20:31:43 ----A---- C:\Windows\system32\tracerpt.exe
2009-03-25 20:31:42 ----A---- C:\Windows\system32\tsddd.dll
2009-03-25 20:31:42 ----A---- C:\Windows\system32\tscupgrd.exe
2009-03-25 20:31:42 ----A---- C:\Windows\system32\tquery.dll
2009-03-25 20:31:42 ----A---- C:\Windows\system32\TpmInit.exe
2009-03-25 20:31:41 ----A---- C:\Windows\system32\TimeDateMUICallback.dll
2009-03-25 20:31:40 ----A---- C:\Windows\system32\verifier.exe
2009-03-25 20:31:40 ----A---- C:\Windows\system32\verifier.dll
2009-03-25 20:31:40 ----A---- C:\Windows\system32\vdsutil.dll
2009-03-25 20:31:40 ----A---- C:\Windows\system32\vdsldr.exe
2009-03-25 20:31:40 ----A---- C:\Windows\system32\vdsdyn.dll
2009-03-25 20:31:40 ----A---- C:\Windows\system32\vdsbas.dll
2009-03-25 20:31:40 ----A---- C:\Windows\system32\vds_ps.dll
2009-03-25 20:31:40 ----A---- C:\Windows\system32\vdmdbg.dll
2009-03-25 20:31:40 ----A---- C:\Windows\system32\vbscript.dll
2009-03-25 20:31:40 ----A---- C:\Windows\system32\uxtheme.dll
2009-03-25 20:31:40 ----A---- C:\Windows\system32\TMM.dll
2009-03-25 20:31:39 ----A---- C:\Windows\system32\vssadmin.exe
2009-03-25 20:31:39 ----A---- C:\Windows\system32\vss_ps.dll
2009-03-25 20:31:39 ----A---- C:\Windows\system32\VAN.dll
2009-03-25 20:31:39 ----A---- C:\Windows\system32\uudf.dll
2009-03-25 20:31:39 ----A---- C:\Windows\system32\Utilman.exe
2009-03-25 20:31:39 ----A---- C:\Windows\system32\utildll.dll
2009-03-25 20:31:38 ----A---- C:\Windows\system32\vssapi.dll
2009-03-25 20:31:38 ----A---- C:\Windows\system32\VIDRESZR.DLL
2009-03-25 20:31:38 ----A---- C:\Windows\system32\vfwwdm32.dll
2009-03-25 20:31:38 ----A---- C:\Windows\system32\version.dll
2009-03-25 20:31:38 ----A---- C:\Windows\system32\user32.dll
2009-03-25 20:31:38 ----A---- C:\Windows\system32\url.dll
2009-03-25 20:31:38 ----A---- C:\Windows\system32\upnphost.dll
2009-03-25 20:31:38 ----A---- C:\Windows\system32\upnpcont.exe
2009-03-25 20:31:38 ----A---- C:\Windows\system32\upnp.dll
2009-03-25 20:31:38 ----A---- C:\Windows\system32\untfs.dll
2009-03-25 20:31:38 ----A---- C:\Windows\system32\unregmp2.exe
2009-03-25 20:31:38 ----A---- C:\Windows\system32\unlodctr.exe
2009-03-25 20:31:37 ----A---- C:\Windows\system32\usp10.dll
2009-03-25 20:31:37 ----A---- C:\Windows\system32\userinit.exe
2009-03-25 20:31:37 ----A---- C:\Windows\system32\userenv.dll
2009-03-25 20:31:37 ----A---- C:\Windows\system32\usercpl.dll
2009-03-25 20:31:37 ----A---- C:\Windows\system32\usbui.dll
2009-03-25 20:31:37 ----A---- C:\Windows\system32\usbperf.dll
2009-03-25 20:31:37 ----A---- C:\Windows\system32\usbmon.dll
2009-03-25 20:31:37 ----A---- C:\Windows\system32\sxproxy.dll
2009-03-25 20:31:37 ----A---- C:\Windows\system32\svchost.exe
2009-03-25 20:31:37 ----A---- C:\Windows\system32\sud.dll
2009-03-25 20:31:36 ----A---- C:\Windows\system32\syssetup.dll
2009-03-25 20:31:36 ----A---- C:\Windows\system32\sxs.dll
2009-03-25 20:31:36 ----A---- C:\Windows\system32\stobject.dll
2009-03-25 20:31:36 ----A---- C:\Windows\system32\sti_ci.dll
2009-03-25 20:31:35 ----A---- C:\Windows\system32\syncui.dll
2009-03-25 20:31:35 ----A---- C:\Windows\system32\synceng.dll
2009-03-25 20:31:35 ----A---- C:\Windows\system32\sxstrace.exe
2009-03-25 20:31:35 ----A---- C:\Windows\system32\sxsstore.dll
2009-03-25 20:31:34 ----A---- C:\Windows\system32\syskey.exe
2009-03-25 20:31:34 ----A---- C:\Windows\system32\SyncCenter.dll
2009-03-25 20:31:33 ----A---- C:\Windows\system32\spwizimg.dll
2009-03-25 20:31:31 ----A---- C:\Windows\system32\sqlsrv32.dll
2009-03-25 20:31:31 ----A---- C:\Windows\system32\sqlcese30.dll
2009-03-25 20:31:31 ----A---- C:\Windows\system32\sqlceqp30.dll
2009-03-25 20:31:31 ----A---- C:\Windows\system32\spwmp.dll
2009-03-25 20:31:31 ----A---- C:\Windows\system32\spwizres.dll
2009-03-25 20:31:31 ----A---- C:\Windows\system32\spwizeng.dll
2009-03-25 20:31:31 ----A---- C:\Windows\system32\spopk.dll
2009-03-25 20:31:31 ----A---- C:\Windows\system32\spoolss.dll
2009-03-25 20:31:30 ----A---- C:\Windows\system32\spp.dll
2009-03-25 20:31:30 ----A---- C:\Windows\splwow64.exe
2009-03-25 20:31:28 ----A---- C:\Windows\system32\srchadmin.dll
2009-03-25 20:31:28 ----A---- C:\Windows\system32\sqmapi.dll
2009-03-25 20:31:27 ----A---- C:\Windows\system32\takeown.exe
2009-03-25 20:31:27 ----A---- C:\Windows\system32\systeminfo.exe
2009-03-25 20:31:27 ----A---- C:\Windows\system32\systemcpl.dll
2009-03-25 20:31:26 ----A---- C:\Windows\system32\tdh.dll
2009-03-25 20:31:26 ----A---- C:\Windows\system32\tcpmon.ini
2009-03-25 20:31:26 ----A---- C:\Windows\system32\tcpmon.dll
2009-03-25 20:31:26 ----A---- C:\Windows\system32\tcpipcfg.dll
2009-03-25 20:31:26 ----A---- C:\Windows\system32\tbs.dll
2009-03-25 20:31:26 ----A---- C:\Windows\system32\taskschd.dll
2009-03-25 20:31:26 ----A---- C:\Windows\system32\taskmgr.exe
2009-03-25 20:31:26 ----A---- C:\Windows\system32\tasklist.exe
2009-03-25 20:31:26 ----A---- C:\Windows\system32\taskkill.exe
2009-03-25 20:31:26 ----A---- C:\Windows\system32\taskeng.exe
2009-03-25 20:31:26 ----A---- C:\Windows\system32\taskcomp.dll
2009-03-25 20:31:26 ----A---- C:\Windows\system32\tapisrv.dll
2009-03-25 20:31:26 ----A---- C:\Windows\system32\TapiMigPlugin.dll
2009-03-25 20:31:26 ----A---- C:\Windows\system32\t2embed.dll
2009-03-25 20:31:13 ----A---- C:\Windows\system32\wmp.dll
2009-03-25 20:31:12 ----A---- C:\Windows\system32\wmpdxm.dll
2009-03-25 20:31:12 ----A---- C:\Windows\system32\wmpcm.dll
2009-03-25 20:31:12 ----A---- C:\Windows\system32\wmiprop.dll
2009-03-25 20:31:11 ----A---- C:\Windows\system32\wmvdspa.dll
2009-03-25 20:31:11 ----A---- C:\Windows\system32\WMVDECOD.DLL
2009-03-25 20:31:11 ----A---- C:\Windows\system32\WMSPDMOE.DLL
2009-03-25 20:31:11 ----A---- C:\Windows\system32\WMSPDMOD.DLL
2009-03-25 20:31:11 ----A---- C:\Windows\system32\wmpsrcwp.dll
2009-03-25 20:31:11 ----A---- C:\Windows\system32\wmpshell.dll
2009-03-25 20:31:11 ----A---- C:\Windows\system32\wmpmde.dll
2009-03-25 20:31:11 ----A---- C:\Windows\system32\wmploc.DLL
2009-03-25 20:31:11 ----A---- C:\Windows\system32\WMPhoto.dll
2009-03-25 20:31:11 ----A---- C:\Windows\system32\WMPEncEn.dll
2009-03-25 20:31:11 ----A---- C:\Windows\system32\wmdrmnet.dll
2009-03-25 20:31:11 ----A---- C:\Windows\system32\wmdrmdev.dll
2009-03-25 20:31:11 ----A---- C:\Windows\system32\WMASF.DLL
2009-03-25 20:31:11 ----A---- C:\Windows\system32\WMADMOE.DLL
2009-03-25 20:31:11 ----A---- C:\Windows\system32\WMADMOD.DLL
2009-03-25 20:31:11 ----A---- C:\Windows\system32\wlgpclnt.dll
2009-03-25 20:31:11 ----A---- C:\Windows\system32\Wldap32.dll
2009-03-25 20:31:10 ----A---- C:\Windows\system32\wzcdlg.dll
2009-03-25 20:31:10 ----A---- C:\Windows\system32\wvc.dll
2009-03-25 20:31:10 ----A---- C:\Windows\system32\wusa.exe
2009-03-25 20:31:10 ----A---- C:\Windows\system32\wtsapi32.dll
2009-03-25 20:31:10 ----A---- C:\Windows\system32\wsock32.dll
2009-03-25 20:31:10 ----A---- C:\Windows\system32\wsnmp32.dll
2009-03-25 20:31:10 ----A---- C:\Windows\system32\WsmWmiPl.dll
2009-03-25 20:31:10 ----A---- C:\Windows\system32\WsmSvc.dll
2009-03-25 20:31:10 ----A---- C:\Windows\system32\WsmRes.dll
2009-03-25 20:31:10 ----A---- C:\Windows\system32\WsmProv.dll
2009-03-25 20:31:10 ----A---- C:\Windows\system32\WsmCl.dll
2009-03-25 20:31:10 ----A---- C:\Windows\system32\WsmAuto.dll
2009-03-25 20:31:10 ----A---- C:\Windows\system32\WSManMigrationPlugin.dll
2009-03-25 20:31:10 ----A---- C:\Windows\system32\WSManHTTPConfig.exe
2009-03-25 20:31:10 ----A---- C:\Windows\system32\WSHTCPIP.DLL
2009-03-25 20:31:10 ----A---- C:\Windows\system32\wship6.dll
2009-03-25 20:31:10 ----A---- C:\Windows\system32\wshext.dll
2009-03-25 20:31:10 ----A---- C:\Windows\system32\wshcon.dll
2009-03-25 20:31:10 ----A---- C:\Windows\system32\wsepno.dll
2009-03-25 20:31:10 ----A---- C:\Windows\system32\wsecedit.dll
2009-03-25 20:31:10 ----A---- C:\Windows\system32\wmidx.dll
2009-03-25 20:31:10 ----A---- C:\Windows\system32\wmdrmsdk.dll
2009-03-25 20:31:10 ----A---- C:\Windows\system32\wlanui.dll
2009-03-25 20:31:10 ----A---- C:\Windows\system32\wlansec.dll
2009-03-25 20:31:10 ----A---- C:\Windows\system32\wlanpref.dll
2009-03-25 20:31:10 ----A---- C:\Windows\system32\wlanmsm.dll
2009-03-25 20:31:10 ----A---- C:\Windows\system32\WlanMmHC.dll
2009-03-25 20:31:10 ----A---- C:\Windows\system32\WlanMM.dll
2009-03-25 20:31:10 ----A---- C:\Windows\system32\wlanhlp.dll
2009-03-25 20:31:10 ----A---- C:\Windows\system32\WLanHC.dll
2009-03-25 20:31:10 ----A---- C:\Windows\system32\wlangpui.dll
2009-03-25 20:31:10 ----A---- C:\Windows\system32\wlanext.exe
2009-03-25 20:31:09 ----A---- C:\Windows\system32\wscproxystub.dll
2009-03-25 20:31:09 ----A---- C:\Windows\system32\WPDShextAutoplay.exe
2009-03-25 20:31:09 ----A---- C:\Windows\system32\wpdshext.dll
2009-03-25 20:31:09 ----A---- C:\Windows\system32\wpcsvc.dll
2009-03-25 20:31:09 ----A---- C:\Windows\system32\wpclsp.dll
2009-03-25 20:31:09 ----A---- C:\Windows\system32\wpcao.dll
2009-03-25 20:31:09 ----A---- C:\Windows\system32\Wpc.dll
2009-03-25 20:31:09 ----A---- C:\Windows\system32\WMVXENCD.DLL
2009-03-25 20:31:09 ----A---- C:\Windows\system32\WMVSENCD.DLL
2009-03-25 20:31:09 ----A---- C:\Windows\system32\WMVSDECD.DLL
2009-03-25 20:31:09 ----A---- C:\Windows\system32\WMVENCOD.DLL
2009-03-25 20:31:08 ----A---- C:\Windows\system32\WSDMon.dll
2009-03-25 20:31:08 ----A---- C:\Windows\system32\WSDApi.dll
2009-03-25 20:31:08 ----A---- C:\Windows\system32\wscript.exe
2009-03-25 20:31:08 ----A---- C:\Windows\system32\wscntfy.dll
2009-03-25 20:31:08 ----A---- C:\Windows\system32\wscmisetup.dll
2009-03-25 20:31:08 ----A---- C:\Windows\system32\wscisvif.dll
2009-03-25 20:31:08 ----A---- C:\Windows\system32\wscapi.dll
2009-03-25 20:31:08 ----A---- C:\Windows\system32\ws2_32.dll
2009-03-25 20:31:08 ----A---- C:\Windows\system32\wpdwcn.dll
2009-03-25 20:31:08 ----A---- C:\Windows\system32\WPDSp.dll
2009-03-25 20:31:08 ----A---- C:\Windows\system32\WPDShServiceObj.dll
2009-03-25 20:31:08 ----A---- C:\Windows\system32\wdscore.dll
2009-03-25 20:31:07 ----A---- C:\Windows\system32\wevtfwd.dll
2009-03-25 20:31:07 ----A---- C:\Windows\system32\wevtapi.dll
2009-03-25 20:31:07 ----A---- C:\Windows\system32\wermgr.exe
2009-03-25 20:31:07 ----A---- C:\Windows\system32\WebClnt.dll
2009-03-25 20:31:07 ----A---- C:\Windows\system32\webcheck.dll
2009-03-25 20:31:07 ----A---- C:\Windows\system32\wdigest.dll
2009-03-25 20:31:07 ----A---- C:\Windows\system32\wdi.dll
2009-03-25 20:31:07 ----A---- C:\Windows\system32\wdc.dll
2009-03-25 20:31:07 ----A---- C:\Windows\system32\wcnwiz.dll
2009-03-25 20:31:07 ----A---- C:\Windows\system32\wcncsvc.dll
2009-03-25 20:31:06 ----A---- C:\Windows\system32\wfapigp.dll
2009-03-25 20:31:06 ----A---- C:\Windows\system32\wextract.exe
2009-03-25 20:31:06 ----A---- C:\Windows\system32\wevtutil.exe
2009-03-25 20:31:06 ----A---- C:\Windows\system32\WerFaultSecure.exe
2009-03-25 20:31:06 ----A---- C:\Windows\system32\WerFault.exe
2009-03-25 20:31:06 ----A---- C:\Windows\system32\werdiagcontroller.dll
2009-03-25 20:31:06 ----A---- C:\Windows\system32\wer.dll
2009-03-25 20:31:06 ----A---- C:\Windows\system32\wecutil.exe
2009-03-25 20:31:06 ----A---- C:\Windows\system32\wecapi.dll
2009-03-25 20:31:06 ----A---- C:\Windows\system32\w32tm.exe
2009-03-25 20:31:05 ----A---- C:\Windows\system32\WinSATAPI.dll
2009-03-25 20:31:05 ----A---- C:\Windows\system32\winrsmgr.dll
2009-03-25 20:31:05 ----A---- C:\Windows\system32\winrshost.exe
2009-03-25 20:31:05 ----A---- C:\Windows\system32\winrscmd.dll
2009-03-25 20:31:05 ----A---- C:\Windows\system32\winrs.exe
2009-03-25 20:31:05 ----A---- C:\Windows\system32\winrm.vbs
2009-03-25 20:31:05 ----A---- C:\Windows\system32\winnsi.dll
2009-03-25 20:31:05 ----A---- C:\Windows\system32\winmm.dll
2009-03-25 20:31:05 ----A---- C:\Windows\system32\winlogon.exe
2009-03-25 20:31:05 ----A---- C:\Windows\system32\wininit.exe
2009-03-25 20:31:05 ----A---- C:\Windows\system32\wbemcomn.dll
2009-03-25 20:31:05 ----A---- C:\Windows\system32\wavemsp.dll
2009-03-25 20:31:05 ----A---- C:\Windows\system32\waitfor.exe
2009-03-25 20:31:05 ----A---- C:\Windows\system32\vsstrace.dll
2009-03-25 20:31:04 ----A---- C:\Windows\system32\wlandlg.dll
2009-03-25 20:31:04 ----A---- C:\Windows\system32\WLanConn.dll
2009-03-25 20:31:04 ----A---- C:\Windows\system32\wlancfg.dll
2009-03-25 20:31:04 ----A---- C:\Windows\system32\wlanapi.dll
2009-03-25 20:31:04 ----A---- C:\Windows\system32\winusb.dll
2009-03-25 20:31:04 ----A---- C:\Windows\system32\wintrust.dll
2009-03-25 20:31:04 ----A---- C:\Windows\system32\winsta.dll
2009-03-25 20:31:04 ----A---- C:\Windows\system32\WINSRPC.DLL
2009-03-25 20:31:04 ----A---- C:\Windows\system32\WinSCard.dll
2009-03-25 20:31:04 ----A---- C:\Windows\system32\WinFax.dll
2009-03-25 20:31:04 ----A---- C:\Windows\system32\winethc.dll
2009-03-25 20:31:04 ----A---- C:\Windows\system32\wiashext.dll
2009-03-25 20:31:04 ----A---- C:\Windows\system32\wiascanprofiles.dll
2009-03-25 20:31:04 ----A---- C:\Windows\system32\wiadss.dll
2009-03-25 20:31:04 ----A---- C:\Windows\system32\wiadefui.dll
2009-03-25 20:31:04 ----A---- C:\Windows\system32\wiaaut.dll
2009-03-25 20:31:04 ----A---- C:\Windows\system32\wiaacmgr.exe
2009-03-25 20:31:04 ----A---- C:\Windows\system32\whealogr.dll
2009-03-25 20:31:03 ----A---- C:\Windows\system32\winhttp.dll
2009-03-25 20:31:03 ----A---- C:\Windows\system32\WinFXDocObj.exe
2009-03-25 20:31:03 ----A---- C:\Windows\system32\WindowsCodecsExt.dll
2009-03-25 20:31:03 ----A---- C:\Windows\system32\WindowsCodecs.dll
2009-03-25 20:31:03 ----A---- C:\Windows\system32\sbeio.dll
2009-03-25 20:31:03 ----A---- C:\Windows\system32\samlib.dll
2009-03-25 20:31:03 ----A---- C:\Windows\system32\runonce.exe
2009-03-25 20:31:03 ----A---- C:\Windows\system32\rtm.dll
2009-03-25 20:31:03 ----A---- C:\Windows\system32\rtffilt.dll
2009-03-25 20:31:03 ----A---- C:\Windows\system32\RstrtMgr.dll
2009-03-25 20:31:03 ----A---- C:\Windows\system32\rshx32.dll
2009-03-25 20:31:03 ----A---- C:\Windows\system32\rsaenh.dll
2009-03-25 20:31:03 ----A---- C:\Windows\system32\rpcrt4.dll
2009-03-25 20:31:02 ----A---- C:\Windows\system32\sbe.dll
2009-03-25 20:31:02 ----A---- C:\Windows\system32\RpcPing.exe
2009-03-25 20:31:02 ----A---- C:\Windows\system32\rpchttp.dll
2009-03-25 20:31:02 ----A---- C:\Windows\system32\ROUTE.EXE
2009-03-25 20:31:02 ----A---- C:\Windows\system32\Robocopy.exe
2009-03-25 20:31:02 ----A---- C:\Windows\system32\RMActivate_ssp_isv.exe
2009-03-25 20:31:02 ----A---- C:\Windows\system32\RMActivate_ssp.exe
2009-03-25 20:31:02 ----A---- C:\Windows\system32\RMActivate_isv.exe
2