[Résolu] Infection virale demande d'analyse

Section d'analyse de rapports et de désinfection : malwares en tous genre et autres indésirables. Demandes de nettoyage uniquement. Prise en charge restreinte : équipe spécialisée.

Modérateur: Modérateurs

Règles du forum :arrow: Les désinfections sont prises en charge par un groupe spécifique, tout le monde ne peut pas intervenir pour désinfecter les machines (règles).
:arrow: Les procédures sont sur-mesure, ne faites pas la même chose chez vous (explications).
:arrow: Un topic par machine, chacun crée le sien. ;)

[Résolu] Infection virale demande d'analyse

Messagepar BUS » 10 Jan 2010 14:54

Bonjour,

Mon fournisseur d'accès internet me communique que des programmes malveillants ou virus pourraient endommager mon ordinateur.

Ci-dessous le rapport hijackthis

Merci pour votre collaboration.

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 13:09:54, on 10.01.2010
Platform: Windows Vista SP1 (WinNT 6.00.1905)
MSIE: Internet Explorer v8.00 (8.00.6001.18865)
Boot mode: Normal

Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\taskeng.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\Apoint\Apoint.exe
C:\Program Files\Sony\ISB Utility\ISBMgr.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Windows\WindowsMobile\wmdc.exe
C:\Program Files\TomTom HOME\TomTomHOME.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Samsung\Samsung Media Studio 5\SMSTray.exe
C:\Program Files\MarkAny\ContentSafer\MaAgent.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\Microsoft Security Essentials\msseces.exe
C:\Windows\ehome\ehtray.exe
C:\Program Files\Creative\Sync Manager Unicode\CTSyncU.exe
C:\Program Files\RapidSolution\Tunebite\Tunebite.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
C:\Windows\ehome\ehmsas.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Program Files\Apoint\Apntex.exe
C:\Windows\system32\conime.exe
C:\Windows\system32\wuauclt.exe
C:\Windows\System32\mobsync.exe
C:\Program Files\Windows Media Player\wmplayer.exe
G:\HiJackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.symbaloo.com/ch
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.club-vaio.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O1 - Hosts: ::1 localhost
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: (no name) - {1E8A6170-7264-4D0F-BEAE-D42A53123C75} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\1.5\NppBho.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.4.4525.1752\swg.dll
O2 - BHO: Browser Address Error Redirector - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - C:\PROGRA~1\GOOGLE~1\BAE.dll
O3 - Toolbar: Afficher Norton Toolbar - {90222687-F593-4738-B738-FBEE9C7B26DF} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\1.5\UIBHO.dll
O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint\Apoint.exe
O4 - HKLM\..\Run: [ISBMgr.exe] "C:\Program Files\Sony\ISB Utility\ISBMgr.exe"
O4 - HKLM\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup
O4 - HKLM\..\Run: [Norton Save and Restore 2.0] "C:\Program Files\Norton Save and Restore\Agent\VProTray.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [TP CfgWiz] "C:\Program Files\Common Files\Symantec Shared\OPC\{31011D49-D90C-4da0-878B-78D28AD507AF}\SymCuw.exe" -G:{2D617065-1C52-4240-B5BC-C0AE12157777} -T:Config
O4 - HKLM\..\Run: [YeppStudioAgent] C:\Program Files\Samsung\Samsung Media Studio\SamsungMediaStudioAgent.exe
O4 - HKLM\..\Run: [Windows Mobile Device Center] %windir%\WindowsMobile\wmdc.exe
O4 - HKLM\..\Run: [TomTomHOME.exe] "C:\Program Files\TomTom HOME\TomTomHOME.exe" -s
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [SMSTray] C:\Program Files\Samsung\Samsung Media Studio 5\SMSTray.exe
O4 - HKLM\..\Run: [MAAgent] C:\Program Files\MarkAny\ContentSafer\MAAgent.exe
O4 - HKLM\..\Run: [NvSvc] RUNDLL32.EXE C:\Windows\system32\nvsvc.dll,nvsvcStart
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [MSSE] "c:\Program Files\Microsoft Security Essentials\msseces.exe" -hide
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O4 - HKCU\..\Run: [CTSyncU.exe] "C:\Program Files\Creative\Sync Manager Unicode\CTSyncU.exe"
O4 - HKCU\..\Run: [Tunebite] C:\Program Files\RapidSolution\Tunebite\Tunebite.exe -tray
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - Global Startup: BTTray.lnk = ?
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: Envoyer au périphérique &Bluetooth... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O8 - Extra context menu item: Envoyer l'&image au périphérique Bluetooth... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
O8 - Extra context menu item: Google Sidewiki... - res://C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_60D6097707281E79.dll/cmsidewiki.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: Envoyer à OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: &Envoyer à OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: @C:\Windows\WindowsMobile\INetRepl.dll,-222 - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll
O9 - Extra 'Tools' menuitem: @C:\Windows\WindowsMobile\INetRepl.dll,-223 - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra 'Tools' menuitem: @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O13 - Gopher Prefix:
O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} (DivXBrowserPlugin Object) - http://download.divx.com/player/DivXBrowserPlugin.cab
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLL
O23 - Service: Adobe Active File Monitor V5 (AdobeActiveFileMonitor5.0) - Unknown owner - C:\Program Files\Adobe\Photoshop Elements 5.0\PhotoshopElementsFileAgent.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: ccEvtMgr - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: ccSetMgr - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: COM Host (comHost) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\VAScanner\comHost.exe
O23 - Service: Google Desktop Manager 5.9.909.30391 (GoogleDesktopManager-093009-130223) - Google - C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
O23 - Service: Service Google Update (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: Service de l'iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: IviRegMgr - InterVideo - C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: MSCSPTISRV - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\MSCSPTISRV.exe
O23 - Service: Norton Save and Restore - Symantec Corporation - C:\Program Files\Norton Save and Restore\Agent\VProSvc.exe
O23 - Service: PACSPTISVR - Unknown owner - C:\Program Files\Common Files\Sony Shared\AVLib\PACSPTISVR.exe
O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SPTISRV.exe
O23 - Service: SigmaTel Audio Service (STacSV) - SigmaTel, Inc. - C:\Windows\system32\stacsv.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: VAIO Entertainment TV Device Arbitration Service - Sony Corporation - C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCs\VzHardwareResourceManager\VzHardwareResourceManager.exe
O23 - Service: VAIO Event Service - Sony Corporation - C:\Program Files\Sony\VAIO Event Service\VESMgr.exe
O23 - Service: VAIO Media Integrated Server (VAIOMediaPlatform-IntegratedServer-AppServer) - Sony Corporation - C:\Program Files\Sony\VAIO Media Integrated Server\VMISrv.exe
O23 - Service: VAIO Media Integrated Server (HTTP) (VAIOMediaPlatform-IntegratedServer-HTTP) - Sony Corporation - C:\Program Files\Sony\VAIO Media Integrated Server\Platform\SV_Httpd.exe
O23 - Service: VAIO Media Integrated Server (UPnP) (VAIOMediaPlatform-IntegratedServer-UPnP) - Sony Corporation - C:\Program Files\Sony\VAIO Media Integrated Server\Platform\UPnPFramework.exe
O23 - Service: VAIO Media Gateway Server (VAIOMediaPlatform-Mobile-Gateway) - Sony Corporation - C:\Program Files\Sony\VAIO Media Integrated Server\Platform\VmGateway.exe
O23 - Service: VAIO Media Content Collection (VAIOMediaPlatform-UCLS-AppServer) - Sony Corporation - C:\Program Files\Sony\VAIO Media Integrated Server\UCLS.exe
O23 - Service: VAIO Media Content Collection (HTTP) (VAIOMediaPlatform-UCLS-HTTP) - Sony Corporation - C:\Program Files\Sony\VAIO Media Integrated Server\Platform\SV_Httpd.exe
O23 - Service: VAIO Media Content Collection (UPnP) (VAIOMediaPlatform-UCLS-UPnP) - Sony Corporation - C:\Program Files\Sony\VAIO Media Integrated Server\Platform\UPnPFramework.exe
O23 - Service: VAIO Content Metadata Intelligent Analyzing Manager (VcmIAlzMgr) - Sony Corporation - C:\Program Files\Sony\VCM Intelligent Analyzing Manager\VcmIAlzMgr.exe
O23 - Service: VAIO Content Metadata XML Interface (VcmXmlIfHelper) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\VcmXml\VcmXmlIfHelper.exe
O23 - Service: VAIO Entertainment UPnP Client Adapter (Vcsw) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VCSW\VCSW.exe
O23 - Service: VAIO Entertainment Database Service (VzCdbSvc) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzCdbSvc.exe
O23 - Service: VAIO Entertainment File Import Service (VzFw) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzFw.exe
O23 - Service: XAudioService - Conexant Systems, Inc. - C:\Windows\system32\DRIVERS\xaudio.exe

--
End of file - 12835 bytes
Dernière édition par BUS le 23 Jan 2010 00:09, édité 1 fois.
BUS
 
Messages: 42
Inscription: 28 Juil 2003 20:14
Localisation: CH / NE - 2025

Re: Infection virale demande d'analyse

Messagepar Falkra » 10 Jan 2010 15:02

Bonjour,

c'est un coup à se faire couper la connexion, si ça se maintient.

On ne voit rien de particulier dans ce rapport, par contre si tu cumules Norton Internet Security (qui a un antivirus) et Microsoft Security Essentials (qui est un antivirus), ça fait un antivirus de trop, qui monopolise des ressources pour rien.
S'il y a plusieurs PC raccordés à cette connexion, la bestiole (par exemple un relais de spam qui envoie des e-mails) peut venir d'un autre PC. Est-ce qu'il y en a d'autres ?

Télécharge random's system information tool (RSIT) par random/random et sauvegarde-le sur le Bureau. Cet outil va faire un état des lieux, lire la configuration, comme HijackThis, mais en plus détaillé.
  • Double-clique sur RSIT.exe afin de lancer RSIT.
  • Clique Continue à l'écran Disclaimer.
  • Si l'outil HijackThis (version à jour) n'est pas présent ou non détecté sur l'ordinateur, RSIT le téléchargera (autorise l'accès dans ton pare-feu, si demandé) et tu devras accepter la licence.
  • Lorsque l'analyse sera terminée, deux fichiers texte s'ouvriront. Poste le contenu de log.txt (<<qui sera affiché) ainsi que de info.txt (<<qui sera réduit dans la Barre des Tâches).
  • NB : Les rapports sont sauvegardés dans le dossier C:\rsit
    Ca fait deux rapports donc. Comme ils sont longs, tu peux faire 2 réponses, une par rapport. ;-)
Avatar de l’utilisateur
Falkra
Admin libellules.ch
Admin libellules.ch
 
Messages: 25882
Inscription: 30 Jan 2005 13:44
Localisation: 127.0.0.1

Re: Infection virale demande d'analyse

Messagepar BUS » 10 Jan 2010 16:02

Tu avais vu juste Falkra. Ma connexion a déjà été coupée par mon FAI.
Effectivement, j'ai deux autres postes sur la même connexion.

Voici le premier rapport RSIT log

Logfile of random's system information tool 1.06 (written by random/random)
Run by Stéphane at 2010-01-10 15:39:11
Microsoft® Windows Vista™ Édition Familiale Premium Service Pack 1
System drive C: has 124 GB (69%) free of 180 GB
Total RAM: 2046 MB (54% free)

HijackThis download failed

======Scheduled tasks folder======

C:\Windows\tasks\Google Software Updater.job
C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
C:\Windows\tasks\User_Feed_Synchronization-{4AA6A211-5C1E-48E8-BC75-DAC35A762B74}.job

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{18DF081C-E8AD-4283-A596-FA578C2EBDC3}]
Adobe PDF Link Helper - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2009-02-27 75128]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{1E8A6170-7264-4D0F-BEAE-D42A53123C75}]
C:\Program Files\Common Files\Symantec Shared\coShared\Browser\1.5\NppBho.dll [2007-07-16 97960]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}]
SSVHelper Class - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll [2007-09-25 501136]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AA58ED58-01DD-4d91-8333-CF10577473F7}]
Google Toolbar Helper - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll [2009-12-02 263280]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AF69DE43-7D58-4638-B6FA-CE66B5AD205D}]
Google Toolbar Notifier BHO - C:\Program Files\Google\GoogleToolbarNotifier\5.4.4525.1752\swg.dll [2009-12-02 764912]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{CA6319C0-31B7-401E-A518-A07C3DB8F777}]
CBrowserHelperObject Object - C:\PROGRA~1\GOOGLE~1\BAE.dll [2006-06-23 98304]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{90222687-F593-4738-B738-FBEE9C7B26DF} - Afficher Norton Toolbar - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\1.5\UIBHO.dll [2007-07-16 609424]
{2318C2B1-4965-11d4-9B18-009027A5CD4F} - Google Toolbar - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll [2009-12-02 263280]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"Windows Defender"=C:\Program Files\Windows Defender\MSASCui.exe [2008-01-19 1008184]
"Apoint"=C:\Program Files\Apoint\Apoint.exe [2007-06-10 118784]
"ISBMgr.exe"=C:\Program Files\Sony\ISB Utility\ISBMgr.exe [2007-06-11 317560]
"Google Desktop Search"=C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe [2009-11-01 30192]
"Norton Save and Restore 2.0"=C:\Program Files\Norton Save and Restore\Agent\VProTray.exe [2007-02-13 2020968]
"SunJavaUpdateSched"=C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe [2007-09-25 132496]
"ccApp"=C:\Program Files\Common Files\Symantec Shared\ccApp.exe [2007-07-16 115816]
"TP CfgWiz"=C:\Program Files\Common Files\Symantec Shared\OPC\{31011D49-D90C-4da0-878B-78D28AD507AF}\SymCuw.exe [2007-07-16 820872]
"YeppStudioAgent"=C:\Program Files\Samsung\Samsung Media Studio\SamsungMediaStudioAgent.exe []
"Windows Mobile Device Center"=C:\Windows\WindowsMobile\wmdc.exe [2007-05-31 648072]
"TomTomHOME.exe"=C:\Program Files\TomTom HOME\TomTomHOME.exe [2007-01-29 3718312]
"QuickTime Task"=C:\Program Files\QuickTime\QTTask.exe [2008-01-31 385024]
"iTunesHelper"=C:\Program Files\iTunes\iTunesHelper.exe [2008-02-19 267048]
"SMSTray"=C:\Program Files\Samsung\Samsung Media Studio 5\SMSTray.exe [2007-02-23 126976]
"MAAgent"=C:\Program Files\MarkAny\ContentSafer\MAAgent.exe [2007-01-30 57344]
"NvSvc"=C:\Windows\system32\nvsvc.dll [2007-06-28 86016]
"NvCplDaemon"=C:\Windows\system32\NvCpl.dll [2007-06-28 8429568]
"NvMediaCenter"=C:\Windows\system32\NvMcTray.dll [2007-06-28 81920]
"Adobe Reader Speed Launcher"=C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe [2009-02-27 35696]
"MSSE"=c:\Program Files\Microsoft Security Essentials\msseces.exe [2009-09-13 1048392]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"ehTray.exe"=C:\Windows\ehome\ehTray.exe [2008-01-19 125952]
"CTSyncU.exe"=C:\Program Files\Creative\Sync Manager Unicode\CTSyncU.exe [2007-07-17 868352]
"Tunebite"=C:\Program Files\RapidSolution\Tunebite\Tunebite.exe [2007-11-21 4904240]
"WMPNSCFG"=C:\Program Files\Windows Media Player\WMPNSCFG.exe [2008-01-19 202240]

C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup
BTTray.lnk - C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_DLLS"="C:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLL"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\VESWinlogon]
C:\Windows\system32\VESWinlogon.dll [2007-07-12 98304]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{88485281-8b4b-4f8d-9ede-82e29a064277}"=C:\PROGRA~1\MarkAny\CONTEN~1\MACSMA~1.DLL [2004-11-23 192512]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\MsMpSvc]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1
"EnableUIADesktopToggle"=0

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=255
"WizmaxBackup_NoDriveTypeAutoRun"=145

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"WizmaxBackup_NoDriveTypeAutoRun"=
"NoDriveTypeAutoRun"=

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]

======File associations======

.js - edit - C:\Windows\System32\Notepad.exe %1
.js - open - C:\Windows\System32\WScript.exe "%1" %*

======List of files/folders created in the last 1 months======

2010-01-10 15:39:12 ----D---- C:\Program Files\trend micro
2010-01-10 15:39:11 ----D---- C:\rsit
2010-01-07 20:44:45 ----D---- C:\Program Files\Microsoft Security Essentials
2009-12-31 13:23:21 ----D---- C:\Program Files\Microsoft CAPICOM 2.1.0.2
2009-12-31 13:05:38 ----A---- C:\Windows\system32\jscript.dll
2009-12-31 11:58:15 ----A---- C:\Windows\system32\occache.dll
2009-12-31 11:58:14 ----A---- C:\Windows\system32\jsproxy.dll
2009-12-31 11:58:13 ----A---- C:\Windows\system32\msfeedsbs.dll
2009-12-31 11:58:13 ----A---- C:\Windows\system32\msfeeds.dll
2009-12-31 11:58:13 ----A---- C:\Windows\system32\ieui.dll
2009-12-31 11:58:13 ----A---- C:\Windows\system32\iepeers.dll
2009-12-31 11:58:12 ----A---- C:\Windows\system32\iesetup.dll
2009-12-31 11:58:11 ----A---- C:\Windows\system32\wininet.dll
2009-12-31 11:58:11 ----A---- C:\Windows\system32\msfeedssync.exe
2009-12-31 11:58:11 ----A---- C:\Windows\system32\iernonce.dll
2009-12-31 11:58:10 ----A---- C:\Windows\system32\iertutil.dll
2009-12-31 11:58:10 ----A---- C:\Windows\system32\iedkcs32.dll
2009-12-31 11:58:10 ----A---- C:\Windows\system32\ie4uinit.exe
2009-12-31 11:58:09 ----A---- C:\Windows\system32\urlmon.dll
2009-12-31 11:58:09 ----A---- C:\Windows\system32\ieUnatt.exe
2009-12-31 11:58:09 ----A---- C:\Windows\system32\iesysprep.dll
2009-12-31 11:58:06 ----A---- C:\Windows\system32\ieframe.dll
2009-12-31 11:58:05 ----A---- C:\Windows\system32\mshtml.dll
2009-12-31 11:55:28 ----A---- C:\Windows\system32\mshtmler.dll
2009-12-31 11:55:28 ----A---- C:\Windows\system32\mshtmled.dll
2009-12-31 11:55:28 ----A---- C:\Windows\system32\icardie.dll
2009-12-31 11:55:28 ----A---- C:\Windows\system32\admparse.dll
2009-12-31 11:55:27 ----A---- C:\Windows\system32\msls31.dll
2009-12-31 11:55:27 ----A---- C:\Windows\system32\corpol.dll
2009-12-31 11:55:26 ----A---- C:\Windows\system32\imgutil.dll
2009-12-31 11:55:26 ----A---- C:\Windows\system32\ieakeng.dll
2009-12-31 11:55:26 ----A---- C:\Windows\system32\dxtmsft.dll
2009-12-31 11:55:25 ----A---- C:\Windows\system32\dxtrans.dll
2009-12-31 11:55:24 ----A---- C:\Windows\system32\licmgr10.dll
2009-12-31 11:55:24 ----A---- C:\Windows\system32\inseng.dll
2009-12-31 11:55:24 ----A---- C:\Windows\system32\ieaksie.dll
2009-12-31 11:55:23 ----A---- C:\Windows\system32\wextract.exe
2009-12-31 11:55:23 ----A---- C:\Windows\system32\webcheck.dll
2009-12-31 11:55:23 ----A---- C:\Windows\system32\msrating.dll
2009-12-31 11:55:23 ----A---- C:\Windows\system32\ieakui.dll
2009-12-31 11:55:22 ----A---- C:\Windows\system32\WinFXDocObj.exe
2009-12-31 11:55:22 ----A---- C:\Windows\system32\mstime.dll
2009-12-31 11:55:21 ----A---- C:\Windows\system32\pngfilt.dll
2009-12-31 11:55:21 ----A---- C:\Windows\system32\advpack.dll
2009-12-31 11:55:20 ----A---- C:\Windows\system32\vbscript.dll
2009-12-31 11:55:20 ----A---- C:\Windows\system32\ieapfltr.dll
2009-12-31 11:55:19 ----A---- C:\Windows\system32\url.dll
2009-12-31 11:55:16 ----A---- C:\Windows\system32\RegisterIEPKEYs.exe
2009-12-31 11:55:16 ----A---- C:\Windows\system32\mshta.exe
2009-12-31 11:55:16 ----A---- C:\Windows\system32\iexpress.exe
2009-12-31 11:55:15 ----A---- C:\Windows\system32\SetIEInstalledDate.exe
2009-12-31 11:55:15 ----A---- C:\Windows\system32\SetDepNx.exe
2009-12-31 11:55:15 ----A---- C:\Windows\system32\PDMSetup.exe
2009-12-11 07:22:37 ----A---- C:\Windows\system32\nshhttp.dll
2009-12-11 07:22:31 ----A---- C:\Windows\system32\httpapi.dll

======List of files/folders modified in the last 1 months======

2010-01-10 15:39:12 ----RD---- C:\Program Files
2010-01-10 15:38:56 ----D---- C:\Windows\Temp
2010-01-10 15:34:37 ----D---- C:\Windows\Tasks
2010-01-10 15:34:30 ----D---- C:\ProgramData\Google Updater
2010-01-10 13:08:11 ----D---- C:\Windows\System32
2010-01-10 13:08:11 ----A---- C:\Windows\system32\PerfStringBackup.INI
2010-01-10 13:08:10 ----D---- C:\Windows\inf
2010-01-09 16:42:01 ----SHD---- C:\System Volume Information
2010-01-08 11:39:33 ----D---- C:\Windows
2010-01-08 11:14:56 ----D---- C:\Windows\Prefetch
2010-01-08 11:07:44 ----D---- C:\Windows\system32\drivers
2010-01-07 20:45:22 ----SHD---- C:\Windows\Installer
2010-01-07 20:45:10 ----D---- C:\Windows\system32\catroot
2010-01-07 20:45:06 ----SD---- C:\ProgramData\Microsoft
2010-01-05 11:37:40 ----D---- C:\Windows\system32\catroot2
2010-01-02 03:13:37 ----D---- C:\ProgramData\Microsoft Help
2010-01-02 03:10:19 ----RSD---- C:\Windows\assembly
2010-01-01 13:58:49 ----D---- C:\Program Files\Google
2010-01-01 12:49:29 ----D---- C:\Windows\system32\Tasks
2009-12-31 17:36:49 ----RSD---- C:\Windows\Fonts
2009-12-31 17:36:40 ----D---- C:\Program Files\Common Files\microsoft shared
2009-12-31 17:36:18 ----D---- C:\Program Files\Microsoft Works
2009-12-31 17:33:51 ----A---- C:\Windows\win.ini
2009-12-31 17:33:50 ----D---- C:\Program Files\Common Files\System
2009-12-31 14:29:40 ----D---- C:\Windows\winsxs
2009-12-31 12:34:11 ----D---- C:\Windows\rescache
2009-12-31 12:15:01 ----D---- C:\Windows\system32\migration
2009-12-31 12:15:01 ----D---- C:\Program Files\Internet Explorer
2009-12-31 12:14:58 ----D---- C:\Windows\system32\fr-FR
2009-12-31 12:14:52 ----D---- C:\Windows\system32\en-US
2009-12-31 12:14:52 ----D---- C:\Windows\PolicyDefinitions
2009-12-11 09:50:00 ----D---- C:\Program Files\Windows Mail

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R1 DMICall;Sony DMI Call service; C:\Windows\system32\DRIVERS\DMICall.sys [2007-06-27 10216]
R1 eeCtrl;Symantec Eraser Control driver; \??\C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys [2007-07-11 389432]
R1 MpFilter;Microsoft Malware Protection Driver; C:\Windows\system32\DRIVERS\MpFilter.sys [2009-06-18 142832]
R1 SPBBCDrv;SPBBCDrv; \??\C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCDrv.sys [2007-07-16 417592]
R1 SRTSPX;SRTSPX; C:\Windows\System32\Drivers\SRTSPX.SYS [2007-07-16 25400]
R1 SYMTDI;SYMTDI; C:\Windows\System32\Drivers\SYMTDI.SYS [2007-07-16 191544]
R2 mdmxsdk;mdmxsdk; C:\Windows\system32\DRIVERS\mdmxsdk.sys [2007-06-05 12672]
R2 regi;regi; C:\Windows\system32\drivers\regi.sys [2007-04-17 11032]
R2 v2imount;Symantec V2i Mount Driver; C:\Windows\system32\DRIVERS\v2imount.sys [2007-02-13 37864]
R2 XAudio;XAudio; C:\Windows\system32\DRIVERS\xaudio.sys [2007-06-05 8192]
R3 ApfiltrService;Alps Pointing-device Filter Driver; C:\Windows\system32\DRIVERS\Apfiltr.sys [2007-06-10 140800]
R3 CmBatt;Pilote pour Batterie à méthode de contrôle ACPI Microsoft; C:\Windows\system32\DRIVERS\CmBatt.sys [2008-01-19 14208]
R3 EraserUtilRebootDrv;EraserUtilRebootDrv; \??\C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [2007-07-11 106808]
R3 GEARAspiWDM;GearAspiWDM; C:\Windows\System32\Drivers\GEARAspiWDM.sys [2007-02-13 15664]
R3 HSF_DPV;HSF_DPV; C:\Windows\system32\DRIVERS\HSX_DPV.sys [2007-06-05 985600]
R3 HSXHWAZL;HSXHWAZL; C:\Windows\system32\DRIVERS\HSXHWAZL.sys [2007-06-05 207360]
R3 MpNWMon;Microsoft Malware Protection Network Driver; C:\Windows\system32\DRIVERS\MpNWMon.sys [2009-06-18 42480]
R3 NAVENG;NAVENG; \??\C:\PROGRA~2\Symantec\DEFINI~1\VIRUSD~1\20070711.016\NAVENG.SYS [2007-07-11 77688]
R3 NAVEX15;NAVEX15; \??\C:\PROGRA~2\Symantec\DEFINI~1\VIRUSD~1\20070711.016\NAVEX15.SYS [2007-07-11 852824]
R3 NETw4v32;Pilote de carte Intel(R) Wireless WiFi Link pour Windows Vista 32 bits; C:\Windows\system32\DRIVERS\NETw4v32.sys [2007-06-30 2222080]
R3 nvlddmkm;nvlddmkm; C:\Windows\system32\DRIVERS\nvlddmkm.sys [2007-06-28 7115072]
R3 R5U870FLx86;R5U870 UVC Lower Filter ; C:\Windows\System32\Drivers\R5U870FLx86.sys [2007-06-28 75008]
R3 R5U870FUx86;R5U870 UVC Upper Filter ; C:\Windows\System32\Drivers\R5U870FUx86.sys [2007-06-28 43904]
R3 SNC;Sony Firmware Extension Parser Device; C:\Windows\System32\Drivers\SonyNC.sys [2006-11-06 27520]
R3 SRTSP;SRTSP; C:\Windows\System32\Drivers\SRTSP.SYS [2007-07-16 247608]
R3 STHDA;SigmaTel High Definition Audio CODEC; C:\Windows\system32\drivers\stwrt.sys [2007-06-13 326656]
R3 SymEvent;SymEvent; \??\C:\Windows\system32\Drivers\SYMEVENT.SYS [2007-10-13 115000]
R3 SYMREDRV;SYMREDRV; C:\Windows\System32\Drivers\SYMREDRV.SYS [2007-07-16 27576]
R3 tbhsd;Tunebite High-Speed Dubbing; C:\Windows\system32\drivers\tbhsd.sys [2007-11-16 26912]
R3 ti21sony;ti21sony; C:\Windows\system32\drivers\ti21sony.sys [2007-06-06 812544]
R3 usbvideo;R5U870 (UVC) ; C:\Windows\System32\Drivers\usbvideo.sys [2008-01-19 134016]
R3 winachsf;winachsf; C:\Windows\system32\DRIVERS\HSX_CNXT.sys [2007-06-05 659968]
R3 WUDFRd;WUDFRd; C:\Windows\system32\DRIVERS\WUDFRd.sys [2008-01-19 83328]
R3 yukonwlh;NDIS6.0 Miniport Driver for Marvell Yukon Ethernet Controller; C:\Windows\system32\DRIVERS\yk60x86.sys [2007-05-19 240128]
S3 BthEnum;Service d'énumérateur Bluetooth; C:\Windows\system32\DRIVERS\BthEnum.sys [2008-01-19 19456]
S3 BthPan;Périphérique Bluetooth (réseau personnel); C:\Windows\system32\DRIVERS\bthpan.sys [2008-01-19 92160]
S3 BTHPORT;Pilote de port Bluetooth; C:\Windows\System32\Drivers\BTHport.sys [2008-04-29 220160]
S3 BTHUSB;Pilote USB radio Bluetooth; C:\Windows\System32\Drivers\BTHUSB.sys [2008-04-29 29184]
S3 btwaudio;Périphérique audio Bluetooth; C:\Windows\system32\drivers\btwaudio.sys [2007-07-03 80936]
S3 btwavdt;Bluetooth AVDT; C:\Windows\system32\drivers\btwavdt.sys [2007-07-03 98608]
S3 btwl2cap;Bluetooth L2CAP Service; C:\Windows\system32\DRIVERS\btwl2cap.sys [2007-07-03 28464]
S3 btwrchid;btwrchid; C:\Windows\system32\DRIVERS\btwrchid.sys [2007-07-03 17712]
S3 drmkaud;Filtre de décodeur DRM (Noyau Microsoft); C:\Windows\system32\drivers\drmkaud.sys [2008-01-19 5632]
S3 HdAudAddService;Pilote de fonction UAA 1.1 Microsoft pour le service High Definition Audio; C:\Windows\system32\drivers\HdAudio.sys [2006-11-02 235520]
S3 HSFHWAZL;HSFHWAZL; C:\Windows\system32\DRIVERS\VSTAZL3.SYS [2006-11-02 200704]
S3 IDSvix86;Symantec Intrusion Prevention Driver; \??\C:\PROGRA~2\Symantec\DEFINI~1\SymcData\idsdefs\20070108.003\IDSvix86.sys [2007-07-16 212280]
S3 MSKSSRV;Proxy de service de répartition Microsoft; C:\Windows\system32\drivers\MSKSSRV.sys [2008-01-19 8192]
S3 MSPCLOCK;Proxy d'horloge de répartition Microsoft; C:\Windows\system32\drivers\MSPCLOCK.sys [2008-01-19 5888]
S3 MSPQM;Proxy de gestion de qualité de répartition Microsoft; C:\Windows\system32\drivers\MSPQM.sys [2008-01-19 5504]
S3 MSTEE;Convertisseur en T/site-à-site de répartition Microsoft; C:\Windows\system32\drivers\MSTEE.sys [2008-01-19 6016]
S3 NETw3v32;Pilote de carte Intel(R) PRO/Wireless 3945ABG pour Windows Vista 32 bits; C:\Windows\system32\DRIVERS\NETw3v32.sys [2006-11-02 1781760]
S3 RFCOMM;Périphérique Bluetooth (TDI protocole RFCOMM); C:\Windows\system32\DRIVERS\rfcomm.sys [2008-01-19 49664]
S3 SRTSPL;SRTSPL; C:\Windows\System32\Drivers\SRTSPL.SYS [2007-07-16 276792]
S3 usb_rndisx;Carte RNDIS USB; C:\Windows\system32\DRIVERS\usb8023x.sys [2008-01-19 15872]
S3 VProEventMonitor;Symantec Event Monitor Driver; C:\Windows\system32\DRIVERS\vproeventmonitor.sys [2007-02-13 14072]
S3 WimFltr;WimFltr; C:\Windows\system32\DRIVERS\wimfltr.sys [2007-02-13 128104]
S3 WpdUsb;WpdUsb; C:\Windows\system32\DRIVERS\wpdusb.sys [2008-01-19 39936]
S4 WmiAcpi;Microsoft Windows Management Interface for ACPI; C:\Windows\system32\drivers\wmiacpi.sys [2006-11-02 11264]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 AdobeActiveFileMonitor5.0;Adobe Active File Monitor V5; C:\Program Files\Adobe\Photoshop Elements 5.0\PhotoshopElementsFileAgent.exe [2006-12-22 108712]
R2 Apple Mobile Device;Apple Mobile Device; C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe [2007-09-06 110592]
R2 BthServ;@%SystemRoot%\System32\bthserv.dll,-101; C:\Windows\system32\svchost.exe [2008-01-19 21504]
R2 ccEvtMgr;ccEvtMgr; C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe [2007-07-16 108648]
R2 ccSetMgr;ccSetMgr; C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe [2007-07-16 108648]
R2 CLTNetCnService;Symantec Lic NetConnect service; C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe [2007-07-16 108648]
R2 IviRegMgr;IviRegMgr; C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe [2007-01-04 112152]
R2 MsMpSvc;@c:\Program Files\Microsoft Security Essentials\MpAsDesc.dll,-241; c:\Program Files\Microsoft Security Essentials\MsMpEng.exe [2009-07-02 17904]
R2 RapiMgr;@%windir%\WindowsMobile\rapimgr.dll,-104; C:\Windows\system32\svchost.exe [2008-01-19 21504]
R2 STacSV;SigmaTel Audio Service; C:\Windows\system32\stacsv.exe [2007-06-13 94208]
R2 VAIO Event Service;VAIO Event Service; C:\Program Files\Sony\VAIO Event Service\VESMgr.exe [2007-07-12 182392]
R2 VcmIAlzMgr;VAIO Content Metadata Intelligent Analyzing Manager; C:\Program Files\Sony\VCM Intelligent Analyzing Manager\VcmIAlzMgr.exe [2007-07-05 292152]
R2 VzCdbSvc;VAIO Entertainment Database Service; C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzCdbSvc.exe [2007-06-28 188416]
R2 VzFw;VAIO Entertainment File Import Service; C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzFw.exe [2007-06-28 184320]
R2 WcesComm;@%windir%\WindowsMobile\wcescomm.dll,-40079; C:\Windows\system32\svchost.exe [2008-01-19 21504]
R2 XAudioService;XAudioService; C:\Windows\system32\DRIVERS\xaudio.exe [2007-06-05 386560]
R3 iPod Service;Service de l'iPod; C:\Program Files\iPod\bin\iPodService.exe [2008-02-19 504104]
R3 Norton Save and Restore;Norton Save and Restore; C:\Program Files\Norton Save and Restore\Agent\VProSvc.exe [2007-02-13 2655848]
R3 Vcsw;VAIO Entertainment UPnP Client Adapter; C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VCSW\VCSW.exe [2007-06-28 274432]
S2 gupdate;Service Google Update (gupdate); C:\Program Files\Google\Update\GoogleUpdate.exe [2010-01-01 135664]
S2 gusvc;Google Software Updater; C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe [2009-03-24 183280]
S3 comHost;COM Host; C:\Program Files\Common Files\Symantec Shared\VAScanner\comHost.exe [2007-07-16 49248]
S3 GoogleDesktopManager-093009-130223;Google Desktop Manager 5.9.909.30391; C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe [2009-11-01 30192]
S3 IDriverT;InstallDriver Table Manager; C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe [2005-11-14 69632]
S3 LiveUpdate;LiveUpdate; C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE [2007-07-16 2975352]
S3 MSCSPTISRV;MSCSPTISRV; C:\Program Files\Common Files\Sony Shared\AVLib\MSCSPTISRV.exe [2006-12-14 45056]
S3 odserv;Microsoft Office Diagnostics Service; C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE [2008-11-04 441712]
S3 ose;Office Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2006-10-26 145184]
S3 PACSPTISVR;PACSPTISVR; C:\Program Files\Common Files\Sony Shared\AVLib\PACSPTISVR.exe [2006-12-14 57344]
S3 SPTISRV;Sony SPTI Service; C:\Program Files\Common Files\Sony Shared\AVLib\SPTISRV.exe [2006-12-14 69632]
S3 Symantec Core LC;Symantec Core LC; C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe [2007-10-13 1174664]
S3 VAIO Entertainment TV Device Arbitration Service;VAIO Entertainment TV Device Arbitration Service; C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCs\VzHardwareResourceManager\VzHardwareResourceManager.exe [2007-06-28 73728]
S3 VAIOMediaPlatform-IntegratedServer-AppServer;VAIO Media Integrated Server; C:\Program Files\Sony\VAIO Media Integrated Server\VMISrv.exe [2007-06-20 2523136]
S3 VAIOMediaPlatform-IntegratedServer-HTTP;VAIO Media Integrated Server (HTTP); C:\Program Files\Sony\VAIO Media Integrated Server\Platform\SV_Httpd.exe [2007-06-20 397312]
S3 VAIOMediaPlatform-IntegratedServer-UPnP;VAIO Media Integrated Server (UPnP); C:\Program Files\Sony\VAIO Media Integrated Server\Platform\UPnPFramework.exe [2007-06-20 1089536]
S3 VAIOMediaPlatform-Mobile-Gateway;VAIO Media Gateway Server; C:\Program Files\Sony\VAIO Media Integrated Server\Platform\VmGateway.exe [2007-06-20 499712]
S3 VAIOMediaPlatform-UCLS-AppServer;VAIO Media Content Collection; C:\Program Files\Sony\VAIO Media Integrated Server\UCLS.exe [2007-01-10 745472]
S3 VAIOMediaPlatform-UCLS-HTTP;VAIO Media Content Collection (HTTP); C:\Program Files\Sony\VAIO Media Integrated Server\Platform\SV_Httpd.exe [2007-06-20 397312]
S3 VAIOMediaPlatform-UCLS-UPnP;VAIO Media Content Collection (UPnP); C:\Program Files\Sony\VAIO Media Integrated Server\Platform\UPnPFramework.exe [2007-06-20 1089536]
S3 VcmXmlIfHelper;VAIO Content Metadata XML Interface; C:\Program Files\Common Files\Sony Shared\VcmXml\VcmXmlIfHelper.exe [2007-07-05 79736]

-----------------EOF-----------------
BUS
 
Messages: 42
Inscription: 28 Juil 2003 20:14
Localisation: CH / NE - 2025

Re: Infection virale demande d'analyse

Messagepar BUS » 10 Jan 2010 16:04

Et voici le deuxième rapport RSIT info

info.txt logfile of random's system information tool 1.06 2010-01-10 15:39:18

======Uninstall list======

-->"C:\Program Files\Creative Installation Information\CREATIVE_MEDIASOURCE_U\Setup.exe" /remove /l0x040c
-->"C:\Program Files\Creative Installation Information\CREATIVE_SYNC_MANAGER_U\Setup.exe" /remove /l0x040c
-->"C:\Program Files\Creative Installation Information\CREATIVE_VIDEO_CONVERTER\Setup.exe" /remove /l0x040c
-->"C:\Program Files\Creative Installation Information\CTCMSGO\Setup.exe" /remove /l0x040c
-->"C:\Program Files\Creative Installation Information\E-CENTER_NET_CONTENT_U\Setup.exe" /remove /l0x040c
-->"C:\Program Files\Creative Installation Information\E-CENTER_PLUGIN_CDBURNER_U\Setup.exe" /remove /l0x040c
-->"C:\Program Files\Creative Installation Information\E-CENTER_PLUGIN_MINIDISC_U\Setup.exe" /remove /l0x040c
-->"C:\Program Files\Creative Installation Information\E-CENTER_PLUGIN_MTP_U\Setup.exe" /remove /l0x040c
-->"C:\Program Files\Creative Installation Information\E-CENTER_PLUGIN_NOMADJUKEBOXTYPE2_U\Setup.exe" /remove /l0x040c
-->"C:\Program Files\Creative Installation Information\E-CENTER_PLUGIN_ONLINESTORE_U\Setup.exe" /remove /l0x040c
-->"C:\Program Files\Creative Installation Information\MEDIASOURCE_PLAYER_SKINPACK_U\Setup.exe" /remove /l0x040c
-->C:\Program Files\DivX\DivXConverterUninstall.exe /CONVERTER
-->C:\Program Files\InstallShield Installation Information\{69333A04-5134-40A5-A055-9166A7AA1EC8}\setup.exe -runfromtemp -l0x0009 -removeonly
-->C:\Program Files\InstallShield Installation Information\{AFBA0609-EB70-43CB-B11C-294EDADFA101}\setup.exe -runfromtemp -l0x040c -removeonly
-->MsiExec.exe /I{0394CDC8-FABD-4ed8-B104-03393876DFDF}
-->MsiExec.exe /I{0D397393-9B50-4c52-84D5-77E344289F87}
-->MsiExec.exe /I{11F93B4B-48F0-4A4E-AE77-DFA96A99664B}
-->MsiExec.exe /I{35E1EC43-D4FC-4E4A-AAB3-20DDA27E8BB0}
-->MsiExec.exe /I{619CDD8A-14B6-43a1-AB6C-0F4EE48CE048}
-->MsiExec.exe /I{83FFCFC7-88C6-41c6-8752-958A45325C82}
-->MsiExec.exe /I{C4CBAD7E-DF4A-4FEC-AC17-8BC709AFB844}
-->MsiExec.exe /I{C8B0680B-CDAE-4809-9F91-387B6DE00F7C}
-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{4E120C99-63A0-470C-B44A-02ED9969A49D}\setup.exe" -l0x40c
-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{4E120C99-63A0-470C-B44A-02ED9969A49D}\setup.exe" -l0x40c /remove
-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{57FA4E0F-82C9-417D-87BC-0186D6CB7A44}\setup.exe" -l0x40c
-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{63A317D0-60A6-43FC-848A-9FE4A53B29CE}\setup.exe" -l0x40c
-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{700932B3-A964-4878-82A2-96054622A1F7}\setup.exe" -l0x40c
-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{700932B3-A964-4878-82A2-96054622A1F7}\setup.exe" -l0x40c /remove
-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{9A0B5225-B59B-4D72-B3FE-71AAA693A8E2}\setup.exe" -l0x40c
-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{9A0B5225-B59B-4D72-B3FE-71AAA693A8E2}\setup.exe" -l0x40c /remove
Activation Assistant for the 2007 Microsoft Office suites-->"C:\ProgramData\{174892B1-CBE7-44F5-86FF-AB555EFD73A3}\Microsoft Office Activation Assistant.exe" REMOVE=TRUE MODIFY=FALSE
Adobe Flash Player 10 ActiveX-->C:\Windows\system32\Macromed\Flash\uninstall_activeX.exe
Adobe Flash Player 9 ActiveX-->C:\Windows\system32\Macromed\Flash\FlashUtil9b.exe -uninstallDelete
Adobe Help Center 2.1-->MsiExec.exe /I{25569723-DC5A-4467-A639-79535BF01B71}
Adobe Photoshop Elements 5.0-->msiexec /I {A7B609FB-83D8-4FC3-8477-1BC65ECFE85B}
Adobe Premiere Elements 3.0.2-->msiexec /I {530AFAFF-6F0A-48BB-88D0-04F9658322D3}
Adobe Premiere Elements 3.0.2-->MsiExec.exe /I{530AFAFF-6F0A-48BB-88D0-04F9658322D3}
Adobe Reader 9.1 - Français-->MsiExec.exe /I{AC76BA86-7AD7-1036-7B44-A91000000001}
Alps Pointing-device for VAIO-->C:\Program Files\Apoint\Uninstap.exe ADDREMOVE
AppCore-->MsiExec.exe /I{EFB5B3B5-A280-4E25-BE1C-634EEFE32C1B}
Apple Mobile Device Support-->MsiExec.exe /I{44734179-8A79-4DEE-BB08-73037F065543}
Apple Software Update-->MsiExec.exe /I{B74F042E-E1B9-4A5B-8D46-387BB172F0A4}
ArcSoft Magic-i Visual Effects Installer-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{9AB83A3C-604D-4B4F-AA25-A23A3FC39844}\Setup.exe" -l0x40c
Atlantis - Sky Patrol -->C:\Big Fish Games\Atlantis - Sky Patrol\Uninstall.exe
AudibleManager-->C:\Program Files\Audible\Bin\Upgrade.exe /Uninstall
AV-->MsiExec.exe /I{F4DB525F-A986-4249-B98B-42A8066251CA}
Big Fish Games Sudoku-->C:\Big Fish Games\sudoku\Uninstall.exe
Browser Address Error Redirector-->regsvr32 /u /s "C:\PROGRA~1\GOOGLE~1\BAE.dll"
ccCommon-->MsiExec.exe /I{3CCAD2EF-CFF2-4637-82AA-AABF370282D3}
Centre de Big Fish Games-->C:\Big Fish Games\Uninstall.exe
Click to DVD 2.0.05 Menu Data-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\10\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{9E407618-D9CD-4F39-9490-9ED45294073D}\setup.exe" -l0x40c -removeonly
Click to DVD 2.6.00-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{E809063C-51A3-4269-8984-D1EB742F2151}\setup.exe" -l0x40c -removeonly
Creative MediaSource 5-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{BEEFC4F8-2909-48B3-AFAA-55D3533FDEDD}\SETUP.EXE" -l0x40c /remove
Creative System Information-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{63A317D0-60A6-43FC-848A-9FE4A53B29CE}\setup.exe" -l0x40c /remove
Creative ZEN Vision W-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{569C24E9-1D28-4738-99EF-6BEC75DC5F6A}\SETUP.EXE" -l0x40c /remove
DivX Codec-->C:\Program Files\DivX\DivXCodecUninstall.exe /CODEC
DivX Content Uploader-->C:\Program Files\DivX\DivXContentUploaderUninstall.exe /CUPLOADER
DivX Converter-->C:\Program Files\DivX\DivXConverterUninstall.exe /CONVERTER
DivX Player-->C:\Program Files\DivX\DivXPlayerUninstall.exe /PLAYER
DivX Web Player-->C:\Program Files\DivX\DivXWebPlayerUninstall.exe /PLUGIN
DSD Direct Player-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\00\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{533D0A8A-D7E7-4F15-BC9E-FF2916A6BAA7}\setup.exe" -l0x40c -removeonly
DSD Direct-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\00\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{82D5BACA-3619-4D34-99DB-3A65CFB4DA33}\setup.exe" -l0x40c -removeonly
DSD Playback Plug-in-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\00\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{009E7FB7-1775-4D89-8956-F5C9A1C019FC}\setup.exe" -l0x40c -removeonly
GearDrvs-->MsiExec.exe /I{206FD69B-F9FE-4164-81BD-D52552BC9C23}
Gestionnaire de disques amovible Creative-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{57FA4E0F-82C9-417D-87BC-0186D6CB7A44}\setup.exe" -l0x40c /remove
Gestionnaire pour appareils Windows Mobile-->MsiExec.exe /X{904CCF62-818D-4675-BC76-D37EB399F917}
Google Desktop-->C:\Program Files\Google\Google Desktop Search\GoogleDesktopSetup.exe -uninstall
Google Toolbar for Internet Explorer-->"C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarManager_0E996B068B56FCA2.exe" /uninstall
Google Toolbar for Internet Explorer-->MsiExec.exe /I{18455581-E099-4BA8-BC6B-F34B2F06600C}
Google Update Helper-->MsiExec.exe /I{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}
Google Earth-->MsiExec.exe /X{C084BC61-E537-11DE-8616-005056806466}
HDAUDIO SoftV92 Data Fax Modem with SmartCP-->C:\Program Files\CONEXANT\CNXT_MODEM_HDAUDIO_VEN_14F1&DEV_2BFA&SUBSYS_104D0200\UIU32m.exe -U -ISnSZIRXz.inf
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)-->C:\Windows\system32\msiexec.exe /package {CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9} /uninstall /qb+ REBOOTPROMPT=""
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)-->C:\Windows\system32\msiexec.exe /package {CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9} /uninstall {A7EEA2F2-BFCD-4A54-A575-7B81A786E658} /qb+ REBOOTPROMPT=""
iTunes-->MsiExec.exe /I{80FD852F-5AAC-4129-B931-06AAFFA43138}
Java(TM) 6 Update 3-->MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160030}
Java(TM) SE Runtime Environment 6 Update 1-->MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160010}
Lame ACM MP3 Codec-->"C:\Windows\IFinst26.exe" -UC:\Program Files\Lame MP3 Codec\IFU460D.inf
LiveUpdate 3.2 (Symantec Corporation)-->"C:\Program Files\Symantec\LiveUpdate\LSETUP.EXE" /U
Mahjong Towers Eternity -->C:\Big Fish Games\Mahjong Towers Eternity\Uninstall.exe
Microsoft .NET Framework 3.5 Language Pack SP1 - fra-->MsiExec.exe /I{3E31821C-7917-367E-938E-E65FC413EA31}
Microsoft .NET Framework 3.5 SP1-->c:\Windows\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 SP1\setup.exe
Microsoft .NET Framework 3.5 SP1-->MsiExec.exe /I{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}
Microsoft Antimalware Service FR-FR Language Pack-->MsiExec.exe /X{A4526B5A-89C0-4F4B-9E6E-4F883374D5F9}
Microsoft Antimalware-->MsiExec.exe /X{A0A77CDC-2419-4D5C-AD2C-E09E5926B806}
Microsoft Office 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-0016-040C-0000-0000000FF1CE} /uninstall {AE187E0D-EBA5-4EE1-A397-BF1A577CB24C}
Microsoft Office 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-0018-040C-0000-0000000FF1CE} /uninstall {AE187E0D-EBA5-4EE1-A397-BF1A577CB24C}
Microsoft Office 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-001A-040C-0000-0000000FF1CE} /uninstall {AE187E0D-EBA5-4EE1-A397-BF1A577CB24C}
Microsoft Office 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-001B-040C-0000-0000000FF1CE} /uninstall {AE187E0D-EBA5-4EE1-A397-BF1A577CB24C}
Microsoft Office 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-006E-040C-0000-0000000FF1CE} /uninstall {B165D3C2-40AE-4D39-86F7-E5C87C4264C0}
Microsoft Office 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-006E-040C-0000-0000000FF1CE} /uninstall {B165D3C2-40AE-4D39-86F7-E5C87C4264C0}
Microsoft Office 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-00A1-040C-0000-0000000FF1CE} /uninstall {AE187E0D-EBA5-4EE1-A397-BF1A577CB24C}
Microsoft Office 2007 Service Pack 2 (SP2)-->msiexec /package {91120000-001A-0000-0000-0000000FF1CE} /uninstall {0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}
Microsoft Office 2007 Service Pack 2 (SP2)-->msiexec /package {91120000-002F-0000-0000-0000000FF1CE} /uninstall {0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}
Microsoft Office Excel MUI (French) 2007-->MsiExec.exe /X{90120000-0016-040C-0000-0000000FF1CE}
Microsoft Office Home and Student 2007-->"C:\Program Files\Common Files\Microsoft Shared\OFFICE12\Office Setup Controller\setup.exe" /uninstall HOMESTUDENTR /dll OSETUP.DLL
Microsoft Office Home and Student 2007-->MsiExec.exe /X{91120000-002F-0000-0000-0000000FF1CE}
Microsoft Office OneNote MUI (French) 2007-->MsiExec.exe /X{90120000-00A1-040C-0000-0000000FF1CE}
Microsoft Office Outlook 2007 Trial-->"C:\Program Files\Common Files\Microsoft Shared\OFFICE12\Office Setup Controller\setup.exe" /uninstall OUTLOOKR /dll OSETUP.DLL
Microsoft Office Outlook 2007-->MsiExec.exe /X{91120000-001A-0000-0000-0000000FF1CE}
Microsoft Office Outlook MUI (French) 2007-->MsiExec.exe /X{90120000-001A-040C-0000-0000000FF1CE}
Microsoft Office PowerPoint MUI (French) 2007-->MsiExec.exe /X{90120000-0018-040C-0000-0000000FF1CE}
Microsoft Office Proof (Arabic) 2007-->MsiExec.exe /X{90120000-001F-0401-0000-0000000FF1CE}
Microsoft Office Proof (Dutch) 2007-->MsiExec.exe /X{90120000-001F-0413-0000-0000000FF1CE}
Microsoft Office Proof (English) 2007-->MsiExec.exe /X{90120000-001F-0409-0000-0000000FF1CE}
Microsoft Office Proof (French) 2007-->MsiExec.exe /X{90120000-001F-040C-0000-0000000FF1CE}
Microsoft Office Proof (German) 2007-->MsiExec.exe /X{90120000-001F-0407-0000-0000000FF1CE}
Microsoft Office Proof (Spanish) 2007-->MsiExec.exe /X{90120000-001F-0C0A-0000-0000000FF1CE}
Microsoft Office Proofing (French) 2007-->MsiExec.exe /X{90120000-002C-040C-0000-0000000FF1CE}
Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-001F-0401-0000-0000000FF1CE} /uninstall {14809F99-C601-4D4A-9391-F1E8FAA964C5}
Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-001F-0401-0000-0000000FF1CE} /uninstall {14809F99-C601-4D4A-9391-F1E8FAA964C5}
Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-001F-0407-0000-0000000FF1CE} /uninstall {A0516415-ED61-419A-981D-93596DA74165}
Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-001F-0407-0000-0000000FF1CE} /uninstall {A0516415-ED61-419A-981D-93596DA74165}
Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-001F-0409-0000-0000000FF1CE} /uninstall {ABDDE972-355B-4AF1-89A8-DA50B7B5C045}
Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-001F-0409-0000-0000000FF1CE} /uninstall {ABDDE972-355B-4AF1-89A8-DA50B7B5C045}
Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-001F-040C-0000-0000000FF1CE} /uninstall {F580DDD5-8D37-4998-968E-EBB76BB86787}
Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-001F-040C-0000-0000000FF1CE} /uninstall {F580DDD5-8D37-4998-968E-EBB76BB86787}
Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-001F-0413-0000-0000000FF1CE} /uninstall {D66D5A44-E480-4BA4-B4F2-C554F6B30EBB}
Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-001F-0413-0000-0000000FF1CE} /uninstall {D66D5A44-E480-4BA4-B4F2-C554F6B30EBB}
Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-001F-0C0A-0000-0000000FF1CE} /uninstall {187308AB-5FA7-4F14-9AB9-D290383A10D9}
Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-001F-0C0A-0000-0000000FF1CE} /uninstall {187308AB-5FA7-4F14-9AB9-D290383A10D9}
Microsoft Office Shared MUI (French) 2007-->MsiExec.exe /X{90120000-006E-040C-0000-0000000FF1CE}
Microsoft Office Word MUI (French) 2007-->MsiExec.exe /X{90120000-001B-040C-0000-0000000FF1CE}
Microsoft Security Essentials-->C:\Program Files\Microsoft Security Essentials\setup.exe /x
Microsoft Security Essentials-->MsiExec.exe /I{48B3FB4D-CE22-488C-8E9F-24EBB77EAC0F}
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053-->MsiExec.exe /X{770657D0-A123-3C07-8E44-1C83EC895118}
Microsoft Visual C++ 2005 Redistributable-->MsiExec.exe /X{7299052b-02a4-4627-81f2-1818da5d550d}
Microsoft Works-->MsiExec.exe /I{6B1CB38D-E2E4-4A30-933D-EFDEBA76AD9C}
Mise à jour du pilote du Gestionnaire pour appareils Windows Mobile-->MsiExec.exe /X{E7044E25-3038-4A76-9064-344AC038043E}
Mise à jour Microsoft Office Excel 2007 Help (KB963678)-->msiexec /package {90120000-0016-040C-0000-0000000FF1CE} /uninstall {B761869A-B85C-40E2-994C-A1CE78AC8F2C}
Mise à jour Microsoft Office Outlook 2007 Help (KB963677)-->msiexec /package {90120000-001A-040C-0000-0000000FF1CE} /uninstall {51EFB347-1F3D-4BAC-8B79-F056B904FE21}
Mise à jour Microsoft Office Powerpoint 2007 Help (KB963669)-->msiexec /package {90120000-0018-040C-0000-0000000FF1CE} /uninstall {C3DCA38E-005E-41BA-A52A-7C3429F351C3}
Mise à jour Microsoft Office Word 2007 Help (KB963665)-->msiexec /package {90120000-001B-040C-0000-0000000FF1CE} /uninstall {81536A04-DBFB-4DB3-978F-0F284590C223}
Module linguistique Microsoft .NET Framework 3.5 SP1- fra-->c:\Windows\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 Language Pack SP1 - fra\setup.exe
MSXML 4.0 SP2 (KB927978)-->MsiExec.exe /I{37477865-A3F1-4772-AD43-AAFC6BCFF99F}
MSXML 4.0 SP2 (KB936181)-->MsiExec.exe /I{C04E32E0-0416-434D-AFB9-6969D703A9EF}
MSXML 4.0 SP2 (KB941833)-->MsiExec.exe /I{C523D256-313D-4866-B36A-F3DE528246EF}
MSXML 4.0 SP2 (KB954430)-->MsiExec.exe /I{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}
MSXML 4.0 SP2 (KB973688)-->MsiExec.exe /I{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}
Mystery Case Files - Prime Suspects -->C:\Big Fish Games\Mystery Case Files - Prime Suspects\Uninstall.exe
Norton 360 (Symantec Corporation)-->"C:\Program Files\Common Files\Symantec Shared\SymSetup\{2D617065-1C52-4240-B5BC-C0AE12157777}_1_2_0_10\{2D617065-1C52-4240-B5BC-C0AE12157777}.exe" /X
Norton 360 Help-->MsiExec.exe /I{1CA941F1-5006-487E-9FD4-09F812A7D6B8}
Norton 360-->MsiExec.exe /I{21829177-4DED-4209-AD08-490B3AC9C01A}
Norton 360-->MsiExec.exe /I{2D617065-1C52-4240-B5BC-C0AE12157777}
Norton 360-->MsiExec.exe /I{40DA9A54-48CA-4A2C-AEAF-F67715BB046E}
Norton 360-->MsiExec.exe /I{63A6E9A9-A190-46D4-9430-2DB28654AFD8}
Norton Confidential Browser Component-->MsiExec.exe /I{4843B611-8FCB-4428-8C23-31D0A5EAE164}
Norton Confidential Web Authentification Component-->MsiExec.exe /I{3074EB89-1BCA-4AEF-AFF4-EFB4634C1923}
Norton Confidential Web Protection Component-->MsiExec.exe /I{D353CC51-430D-4C6F-9B7E-52003DA1E05A}
Norton Save and Restore-->MsiExec.exe /X{B0255743-165B-4BD5-8DA8-37DFB993B201}
NVIDIA Drivers-->C:\Windows\system32\NVUNINST.EXE UninstallGUI
OpenMG Limited Patch 4.7-07-15-19-01-->C:\Program Files\Common Files\Sony Shared\OpenMG\HotFixes\HotFix4.7-07-15-19-01\HotFixSetup\setup.exe /u
OpenMG Secure Module 4.7.00-->C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\1150\INTEL3~1\IDriver.exe /M{CCD663AE-610D-4BDF-AAB0-E914B044527D} UNINSTALL
Outil de mise à jour Google-->"C:\Program Files\Google\Google Updater\GoogleUpdater.exe" -uninstall
Outil de restauration de données VAIO-->C:\Program Files\InstallShield Installation Information\{57B955CE-B5D3-495D-AF1B-FAEE0540BFEF}\setup.exe -runfromtemp -l0x040c -removeonly
Outil VAIO Media Registration 6.0-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{AF9A04EB-7D8E-41DE-9EDE-4AB9BB2B71B6}\setup.exe" -l0x40c UNINSTALL -removeonly
Picasa 3-->"C:\Program Files\Picasa2\Uninstall.exe"
PixiePack Codec Pack-->MsiExec.exe /I{621FCD24-4498-4324-A81E-07D331376EDF}
QuickTime-->MsiExec.exe /I{BFD96B89-B769-4CD6-B11E-E79FFD46F067}
Roxio Easy Media Creator Home-->MsiExec.exe /I{B7FB0C86-41A4-4402-9A33-912C462042A0}
Samsung Media Studio-->C:\Program Files\InstallShield Installation Information\{C20CE592-B0F8-4D20-BF31-0151CA6331A6}\setup.exe -runfromtemp -l0x040c -removeonly
Samsung Multimedia Studio-->"C:\Program Files\Samsung\MultimediaStudio\unins000.exe"
Security Update for 2007 Microsoft Office System (KB969559)-->msiexec /package {91120000-001A-0000-0000-0000000FF1CE} /uninstall {69F52148-9BF6-4CDC-BF76-103DEAF3DD08}
Security Update for 2007 Microsoft Office System (KB969559)-->msiexec /package {91120000-002F-0000-0000-0000000FF1CE} /uninstall {69F52148-9BF6-4CDC-BF76-103DEAF3DD08}
Security Update for 2007 Microsoft Office System (KB973704)-->msiexec /package {91120000-002F-0000-0000-0000000FF1CE} /uninstall {E626DC89-A787-4553-9BB3-DC2EC7E1593F}
Security Update for CAPICOM (KB931906)-->MsiExec.exe /I{0EFDF2F9-836D-4EB7-A32D-038BD3F1FB2A}
Security Update for CAPICOM (KB931906)-->MsiExec.exe /X{0EFDF2F9-836D-4EB7-A32D-038BD3F1FB2A}
Security Update for Microsoft Office Excel 2007 (KB973593)-->msiexec /package {91120000-002F-0000-0000-0000000FF1CE} /uninstall {7D6255E3-3423-4D8B-A328-F6F8D28DD5FE}
Security Update for Microsoft Office Outlook 2007 (KB972363)-->msiexec /package {91120000-001A-0000-0000-0000000FF1CE} /uninstall {120BE9A0-9B09-4855-9E0C-7DEE45CB03C0}
Security Update for Microsoft Office PowerPoint 2007 (KB957789)-->msiexec /package {91120000-002F-0000-0000-0000000FF1CE} /uninstall {7559E742-FF9F-4FAE-B279-008ED296CB4D}
Security Update for Microsoft Office system 2007 (972581)-->msiexec /package {91120000-001A-0000-0000-0000000FF1CE} /uninstall {3D019598-7B59-447A-80AE-815B703B84FF}
Security Update for Microsoft Office system 2007 (972581)-->msiexec /package {91120000-002F-0000-0000-0000000FF1CE} /uninstall {3D019598-7B59-447A-80AE-815B703B84FF}
Security Update for Microsoft Office system 2007 (KB969613)-->msiexec /package {91120000-002F-0000-0000-0000000FF1CE} /uninstall {5ECEB317-CBE9-4E08-AB10-756CB6F0FB6C}
Security Update for Microsoft Office system 2007 (KB974234)-->msiexec /package {91120000-001A-0000-0000-0000000FF1CE} /uninstall {FCD742B9-7A55-44BC-A776-F795F21FEDDC}
Security Update for Microsoft Office system 2007 (KB974234)-->msiexec /package {91120000-002F-0000-0000-0000000FF1CE} /uninstall {FCD742B9-7A55-44BC-A776-F795F21FEDDC}
Security Update for Microsoft Office Visio Viewer 2007 (KB973709)-->msiexec /package {91120000-002F-0000-0000-0000000FF1CE} /uninstall {71127777-8B2C-4F97-AF7A-6CF8CAC8224D}
Setting Utility Series-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{A7DA438C-2E43-4C20-BFDA-C1F4A6208558}\setup.exe" -l0x40c -removeonly
SigmaTel Audio-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\10\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{A462213D-EED4-42C2-9A60-7BDD4D4B0B17}\setup.exe" -l0x40c -remove -removeonly
Skype 3.2-->"C:\Program Files\Skype\Phone\unins000.exe"
Skype Plugin Manager-->MsiExec.exe /I{3D5E5C0A-5B36-4F98-99A7-287F7DBDCE03}
SonicStage Mastering Studio Audio Filter Custom Preset-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\00\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{EC37A846-53AC-4DA7-98FA-76A4E74AA900}\setup.exe" -l0x40c -removeonly
SonicStage Mastering Studio Audio Filter-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\00\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{DF7DB916-90E5-40F2-9010-B8125EB5FD6F}\setup.exe" -l0x40c -removeonly
SonicStage Mastering Studio Plugins-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\00\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{9C1C8A04-F8CA-4472-A92D-4288CE32DE86}\setup.exe" -l0x40c -removeonly
SonicStage Mastering Studio-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\00\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{6332AFF1-9D9A-429C-AA03-F82749FA4F49}\setup.exe" -l0x40c -removeonly
Sony Video Shared Library-->C:\Program Files\InstallShield Installation Information\{01FDC9FC-4D4F-4DB0-ACD1-D3E8E1D52902}\setup.exe -runfromtemp -l0x040c -removeonly
SPBBC 32bit-->MsiExec.exe /I{77772678-817F-4401-9301-ED1D01A8DA56}
SuppSoft-->MsiExec.exe /I{022DA2C3-81C7-4003-A6BC-1BB147B20097}
Symantec Real Time Storage Protection Component-->MsiExec.exe /I{D6E6FA4A-5445-4850-8365-CF216C1CBB7A}
Symantec Technical Support Controls-->MsiExec.exe /I{92B1B3CC-EC78-45B8-96D0-8B3F11495864}
SymNet-->MsiExec.exe /I{2DA85B02-13C0-4E6D-9A76-22E6B3DD0CB2}
The KMPlayer (remove only)-->"C:\Program Files\KMPlayer\uninstall.exe"
TomTom HOME-->C:\Program Files\InstallShield Installation Information\{CE325D55-FCAF-4273-BB79-069BB8747270}\setup.exe -runfromtemp -l0x040c -removeonly -removeonly
Tunebite-->MsiExec.exe /I{05EC9A58-F200-49A2-88C2-798904DF524F}
Update for 2007 Microsoft Office System (KB967642)-->msiexec /package {91120000-001A-0000-0000-0000000FF1CE} /uninstall {C444285D-5E4F-48A4-91DD-47AAAA68E92D}
Update for 2007 Microsoft Office System (KB967642)-->msiexec /package {91120000-002F-0000-0000-0000000FF1CE} /uninstall {C444285D-5E4F-48A4-91DD-47AAAA68E92D}
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)-->C:\Windows\system32\msiexec.exe /package {CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9} /uninstall {B2AE9C82-DC7B-3641-BFC8-87275C4F3607} /qb+ REBOOTPROMPT=""
Update for Microsoft Office InfoPath 2007 (KB976416)-->msiexec /package {91120000-002F-0000-0000-0000000FF1CE} /uninstall {432C5EE4-8096-4FF1-95E1-65219365DFF7}
Update for Microsoft Office Word 2007 (KB974561)-->msiexec /package {91120000-001A-0000-0000-0000000FF1CE} /uninstall {0CDDBAA2-2111-4A0E-A1B0-76C40C635331}
Update for Microsoft Office Word 2007 (KB974561)-->msiexec /package {91120000-002F-0000-0000-0000000FF1CE} /uninstall {0CDDBAA2-2111-4A0E-A1B0-76C40C635331}
Update for Outlook 2007 Junk Email Filter (kb976884)-->msiexec /package {91120000-001A-0000-0000-0000000FF1CE} /uninstall {FB60F280-C70F-4174-BADB-471412AA42F0}
VAIO Aqua Breeze Wallpaper-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{97BCD719-6ECB-458F-97D6-F38D2E07375E}\setup.exe" -l0x9 -removeonly
VAIO Camera Capture Utility-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{6D2576EC-A0E9-418A-A09A-409933A3B6F4}\setup.exe" -l0x40c -removeonly
VAIO Content Folder Setting-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{23825B69-36DF-4DAD-9CFD-118D11D80F16}\setup.exe" -l0x40c -removeonly
VAIO Content Importer / VAIO Content Exporter-->C:\Program Files\InstallShield Installation Information\{68A69CFF-130D-4CDE-AB0E-7374ECB144C8}\setup.exe -runfromtemp -l0x040c -removeonly
VAIO Content Metadata Intelligent Analyzing Manager-->C:\Program Files\InstallShield Installation Information\{FAA6B94E-78A7-489C-B2DB-050D9FEBFADA}\setup.exe -runfromtemp -l0x040c -removeonly
VAIO Content Metadata Manager Setting-->C:\Program Files\InstallShield Installation Information\{69351E9E-23ED-41D5-B146-EDBF83C63B66}\setup.exe -runfromtemp -l0x040c -removeonly
VAIO Content Metadata XML Interface Library-->C:\Program Files\InstallShield Installation Information\{5F5DE5D5-D130-4110-A3A4-69FFB0B14BD9}\setup.exe -runfromtemp -l0x040c -removeonly
VAIO Control Center-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{72042FA6-5609-489F-A8EA-3C2DD650F667}\setup.exe" -l0x40c -removeonly
VAIO Cozy Orange Wallpaper-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{2A2FF7F5-6F0E-4A5D-A881-39365E718BD6}\setup.exe" -l0x9 -removeonly
VAIO Entertainment Platform-->C:\Program Files\InstallShield Installation Information\{6B1F20F2-6321-4669-A58C-33DF8E7517FF}\setup.exe -runfromtemp -l0x040c -removeonly
VAIO Event Service-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{F0D85ADD-DD61-4B43-87A0-6DA52A211A8B}\setup.exe" -l0x40c -removeonly
VAIO Launcher-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{15D5C238-4C2E-4AEA-A66D-D6989A4C586B}\setup.exe" -l0x40c -removeonly
VAIO Media 6.0-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{560F6B2E-F0DF-44E5-8190-A4A161F0E205}\setup.exe" -l0x40c UNINSTALL -removeonly
VAIO Media AC3 Decoder 1.0-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{2063C2E8-3812-4BBD-9998-6610F80C1DD4}\Setup.exe" -l0x40c UNINSTALL
VAIO Media Content Collection 6.0-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{500162A0-4DD5-460A-BAFD-895AAE48C532}\setup.exe" -l0x40c UNINSTALL -removeonly
VAIO Media Integrated Server 6.1-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{785EB1D4-ECEC-4195-99B4-73C47E187721}\setup.exe" -l0x40c UNINSTALL -removeonly
VAIO Media Redistribution 6.0-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{5855C127-1F20-404D-B7FB-1FD84D7EAB5E}\setup.exe" -l0x40c UNINSTALL -removeonly
VAIO Movie Story Template Data-->C:\Program Files\InstallShield Installation Information\{6FA8BA2C-052B-4072-B8E2-2302C268BE9E}\setup.exe -runfromtemp -l0x040c -removeonly
VAIO Movie Story-->C:\Program Files\InstallShield Installation Information\{B25563A0-41F4-4A81-A6C1-6DBC0911B1F3}\setup.exe -runfromtemp -l0x040c -removeonly
VAIO MusicBox Sample Music-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{98FC7A64-774B-49B5-B046-4B4EBC053FA9}\setup.exe" -l0x40c -removeonly
VAIO MusicBox-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{4EA55D20-27FB-45D7-8726-147E8A5F6C62}\setup.exe" -l0x40c -removeonly
VAIO Original Function Setting-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{A63E7492-A0BC-4BB9-89A7-352965222380}\setup.exe" -l0x40c -removeonly
VAIO Original Screen Saver-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{1BEF9285-5530-426B-A5F1-5836B95C7EB1}\Setup.exe" -l0x40c
VAIO Power Management-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{802889F8-6AF5-45A5-9764-CA5B999E50FC}\setup.exe" -l0x40c -removeonly
VAIO Tender Green Wallpaper-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{934A3213-1CB6-4264-84A2-EE080C017BCA}\setup.exe" -l0x9 -removeonly
VAIO Update 3-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{48820099-ED7D-424B-890C-9A82EF00656D}\setup.exe" -l0x40c -removeonly
Virtual Villagers -->C:\Big Fish Games\Virtual Villagers\Uninstall.exe
WIDCOMM Bluetooth Software 6.1.0.1203-->MsiExec.exe /X{03D1988F-469F-4843-8E6E-E5FE9D17889D}
WinDVD BD for VAIO-->C:\Program Files\InstallShield Installation Information\{20471B27-D702-4FE8-8DEC-0702CC8C0A85}\setup.exe -runfromtemp -l0x040c
Wireless Switch Setting Utility-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{2A0F3EF9-68EE-49E9-A05B-ED5B82DF63E5}\setup.exe" -l0x40c -removeonly
XviD Video Codec 11.6.2003-14:20 (uManiac's build)-->"C:\Program Files\XviD\UninstXviD.exe"
Zattoo 3.3.4 Beta-->C:\Program Files\Zattoo\uninst.exe
ZENcast Organizer-->"C:\Program Files\Creative Installation Information\ZENCAST_ORGANIZER\Setup.exe" /remove /l0x040c

======Security center information======

AV: Norton 360
FW: Norton 360
AS: Windows Defender
AS: Norton 360

======System event log======

Computer Name: PC_Stéphane
Event Code: 1003
Message: Votre ordinateur n'a pas pu renouveler son adresse à partir du réseau (à partir du serveur DHCP) pour la carte réseau dont l'adresse réseau est 0013E885835D. Il s'est produit l'erreur suivante :
L'opération a été annulée par l'utilisateur.. Votre ordinateur va continuer à essayer d'obtenir sa propre adresse auprès du serveur d'adresse réseau (DHCP).
Record Number: 233587
Source Name: Microsoft-Windows-Dhcp-Client
Time Written: 20091029185523.000000-000
Event Type: Avertissement
User:

Computer Name: PC_Stéphane
Event Code: 4001
Message: Le Service d’autoconfiguration WLAN s’est arrêté correctement.

Record Number: 233603
Source Name: Microsoft-Windows-WLAN-AutoConfig
Time Written: 20091029201342.080200-000
Event Type: Avertissement
User: AUTORITE NT\SYSTEM

Computer Name: PC_Stéphane
Event Code: 15016
Message: Impossible d’initialiser le package de sécurité Kerberos pour l’authentification côté serveur. Le champ de données contient le numéro de l’erreur.
Record Number: 233614
Source Name: Microsoft-Windows-HttpEvent
Time Written: 20091030074302.763858-000
Event Type: Erreur
User:

Computer Name: PC_Stéphane
Event Code: 7000
Message: Le service Parallel port driver n'a pas pu démarrer en raison de l'erreur :
Le service ne peut pas être démarré parce qu'il est désactivé ou qu'aucun périphérique activé ne lui est associé.
Record Number: 233660
Source Name: Service Control Manager
Time Written: 20091030074349.000000-000
Event Type: Erreur
User:

Computer Name: PC_Stéphane
Event Code: 6008
Message: L'arrêt système précédant à 08:44:39 le 30.10.2009 n'était pas prévu.
Record Number: 233718
Source Name: EventLog
Time Written: 20091030100601.000000-000
Event Type: Erreur
User:

=====Application event log=====

Computer Name: PC_Stéphane
Event Code: 8194
Message: Erreur du service de cliché instantané des volumes : erreur lors de l’interrogation de l’interface IVssWriterCallback. hr = 0x80070005. Cette erreur est souvent due à des paramètres de sécurité incorrects dans le processus du rédacteur ou du demandeur.

Opération :
Données du rédacteur en cours de collecte

Contexte :
ID de classe du rédacteur: {e8132975-6f93-4464-a53e-1050253ae220}
Nom du rédacteur: System Writer
ID d’instance du rédacteur: {85dc57c8-fde7-4652-b180-a2c9054318a2}
Record Number: 75512
Source Name: VSS
Time Written: 20100109154109.000000-000
Event Type: Erreur
User:

Computer Name: PC_Stéphane
Event Code: 20
Message:
Record Number: 75515
Source Name: Google Update
Time Written: 20100109155406.000000-000
Event Type: Erreur
User: AUTORITE NT\SYSTEM

Computer Name: PC_Stéphane
Event Code: 20
Message:
Record Number: 75516
Source Name: Google Update
Time Written: 20100109165406.000000-000
Event Type: Erreur
User: AUTORITE NT\SYSTEM

Computer Name: PC_Stéphane
Event Code: 7
Message: Échec de chargement du module d'extension. (GUID = {56F9312C-C989-4E04-8C23-299DEE3A36F5})(Code d'erreur = 0x80042019)
Record Number: 75545
Source Name: VzCdbSvc
Time Written: 20100110120102.000000-000
Event Type: Erreur
User:

Computer Name: PC_Stéphane
Event Code: 7
Message: Échec de chargement du module d'extension. (GUID = {56F9312C-C989-4E04-8C23-299DEE3A36F5})(Code d'erreur = 0x80042019)
Record Number: 75584
Source Name: VzCdbSvc
Time Written: 20100110143155.000000-000
Event Type: Erreur
User:

=====Security event log=====

Computer Name: PC_Stéphane
Event Code: 4648
Message: Tentative d’ouverture de session en utilisant des informations d’identification explicites.

Sujet :
ID de sécurité : S-1-5-18
Nom du compte : PC_STÉPHANE$
Domaine du compte : WORKGROUP
ID d’ouverture de session : 0x3e7
GUID d’ouverture de session : {00000000-0000-0000-0000-000000000000}

Compte dont les informations d’identification ont été utilisées :
Nom du compte : SYSTEM
Domaine du compte : AUTORITE NT
GUID d’ouverture de session : {00000000-0000-0000-0000-000000000000}

Serveur cible :
Nom du serveur cible : localhost
Informations supplémentaires : localhost

Informations sur le processus :
ID du processus : 0x28c
Nom du processus : C:\Windows\System32\services.exe

Informations sur le réseau :
Adresse du réseau : -
Port : -

Cet événement est généré lorsqu’un processus tente d’ouvrir une session pour un compte en spécifiant explicitement les informations d’identification de ce compte. Ceci se produit le plus souvent dans les configurations par lot comme les tâches planifiées, ou avec l’utilisation de la commande RUNAS.
Record Number: 69769
Source Name: Microsoft-Windows-Security-Auditing
Time Written: 20090801134713.418140-000
Event Type: Succès de l'audit
User:

Computer Name: PC_Stéphane
Event Code: 4624
Message: L’ouverture de session d’un compte s’est correctement déroulée.

Sujet :
ID de sécurité : S-1-5-18
Nom du compte : PC_STÉPHANE$
Domaine du compte : WORKGROUP
ID d’ouverture de session : 0x3e7

Type d’ouverture de session : 5

Nouvelle ouverture de session :
ID de sécurité : S-1-5-18
Nom du compte : SYSTEM
Domaine du compte : AUTORITE NT
ID d’ouverture de session : 0x3e7
GUID d’ouverture de session : {00000000-0000-0000-0000-000000000000}

Informations sur le processus :
ID du processus : 0x28c
Nom du processus : C:\Windows\System32\services.exe

Informations sur le réseau :
Nom de la station de travail :
Adresse du réseau source : -
Port source : -

Informations détaillées sur l’authentification :
Processus d’ouverture de session : Advapi
Package d’authentification : Negotiate
Services en transit : -
Nom du package (NTLM uniquement) : -
Longueur de la clé : 0

Cet événement est généré lors de la création d’une ouverture de session. Il est généré sur l’ordinateur sur lequel l’ouverture de session a été effectuée.

Le champ Objet indique le compte sur le système local qui a demandé l’ouverture de session. Il s’agit le plus souvent d’un service, comme le service Serveur, ou un processus local tel que Winlogon.exe ou Services.exe.

Le champ Type d’ouverture de session indique le type d’ouverture de session qui s’est produit. Les types les plus courants sont 2 (interactif) et 3 (réseau).

Le champ Nouvelle ouverture de session indique le compte pour lequel la nouvelle ouverture de session a été créée, par exemple, le compte qui s’est connecté.

Les champs relatifs au réseau indiquent la provenance d’une demande d’ouverture de session à distance. Le nom de la station de travail n’étant pas toujours disponible, peut être laissé vide dans certains cas.

Les champs relatifs aux informations d’authentification fournissent des détails sur cette demande d’ouverture de session spécifique.
- Le GUID d’ouverture de session est un identificateur unique pouvant servir à associer cet événement à un événement KDC .
- Les services en transit indiquent les services intermédiaires qui ont participé à cette demande d’ouverture de session.
- Nom du package indique quel est le sous-protocole qui a été utilisé parmi les protocoles NTLM.
- La longueur de la clé indique la longueur de la clé de session générée. Elle a la valeur 0 si aucune clé de session n’a été demandée.
Record Number: 69770
Source Name: Microsoft-Windows-Security-Auditing
Time Written: 20090801134713.418140-000
Event Type: Succès de l'audit
User:

Computer Name: PC_Stéphane
Event Code: 4672
Message: Privilèges spéciaux attribués à la nouvelle ouverture de session.

Sujet :
ID de sécurité : S-1-5-18
Nom du compte : SYSTEM
Domaine du compte : AUTORITE NT
ID d’ouverture de session : 0x3e7

Privilèges : SeAssignPrimaryTokenPrivilege
SeTcbPrivilege
SeSecurityPrivilege
SeTakeOwnershipPrivilege
SeLoadDriverPrivilege
SeBackupPrivilege
SeRestorePrivilege
SeDebugPrivilege
SeAuditPrivilege
SeSystemEnvironmentPrivilege
SeImpersonatePrivilege
Record Number: 69771
Source Name: Microsoft-Windows-Security-Auditing
Time Written: 20090801134713.418140-000
Event Type: Succès de l'audit
User:

Computer Name: PC_Stéphane
Event Code: 4624
Message: L’ouverture de session d’un compte s’est correctement déroulée.

Sujet :
ID de sécurité : S-1-5-18
Nom du compte : PC_STÉPHANE$
Domaine du compte : WORKGROUP
ID d’ouverture de session : 0x3e7

Type d’ouverture de session : 5

Nouvelle ouverture de session :
ID de sécurité : S-1-5-20
Nom du compte : SERVICE RÉSEAU
Domaine du compte : AUTORITE NT
ID d’ouverture de session : 0x3e4
GUID d’ouverture de session : {00000000-0000-0000-0000-000000000000}

Informations sur le processus :
ID du processus : 0x28c
Nom du processus : C:\Windows\System32\services.exe

Informations sur le réseau :
Nom de la station de travail :
Adresse du réseau source : -
Port source : -

Informations détaillées sur l’authentification :
Processus d’ouverture de session : Advapi
Package d’authentification : Negotiate
Services en transit : -
Nom du package (NTLM uniquement) : -
Longueur de la clé : 0

Cet événement est généré lors de la création d’une ouverture de session. Il est généré sur l’ordinateur sur lequel l’ouverture de session a été effectuée.

Le champ Objet indique le compte sur le système local qui a demandé l’ouverture de session. Il s’agit le plus souvent d’un service, comme le service Serveur, ou un processus local tel que Winlogon.exe ou Services.exe.

Le champ Type d’ouverture de session indique le type d’ouverture de session qui s’est produit. Les types les plus courants sont 2 (interactif) et 3 (réseau).

Le champ Nouvelle ouverture de session indique le compte pour lequel la nouvelle ouverture de session a été créée, par exemple, le compte qui s’est connecté.

Les champs relatifs au réseau indiquent la provenance d’une demande d’ouverture de session à distance. Le nom de la station de travail n’étant pas toujours disponible, peut être laissé vide dans certains cas.

Les champs relatifs aux informations d’authentification fournissent des détails sur cette demande d’ouverture de session spécifique.
- Le GUID d’ouverture de session est un identificateur unique pouvant servir à associer cet événement à un événement KDC .
- Les services en transit indiquent les services intermédiaires qui ont participé à cette demande d’ouverture de session.
- Nom du package indique quel est le sous-protocole qui a été utilisé parmi les protocoles NTLM.
- La longueur de la clé indique la longueur de la clé de session générée. Elle a la valeur 0 si aucune clé de session n’a été demandée.
Record Number: 69772
Source Name: Microsoft-Windows-Security-Auditing
Time Written: 20090801134713.901743-000
Event Type: Succès de l'audit
User:

Computer Name: PC_Stéphane
Event Code: 4672
Message: Privilèges spéciaux attribués à la nouvelle ouverture de session.

Sujet :
ID de sécurité : S-1-5-20
Nom du compte : SERVICE RÉSEAU
Domaine du compte : AUTORITE NT
ID d’ouverture de session : 0x3e4

Privilèges : SeAssignPrimaryTokenPrivilege
SeAuditPrivilege
SeImpersonatePrivilege
Record Number: 69773
Source Name: Microsoft-Windows-Security-Auditing
Time Written: 20090801134713.901743-000
Event Type: Succès de l'audit
User:

======Environment variables======

"ComSpec"=%SystemRoot%\system32\cmd.exe
"FP_NO_HOST_CHECK"=NO
"OS"=Windows_NT
"Path"=%SystemRoot%\system32;%SystemRoot%;%SystemRoot%\System32\Wbem;C:\Program Files\Common Files\Roxio Shared\DLLShared\;C:\Program Files\Common Files\Roxio Shared\9.0\DLLShared\;C:\Program Files\QuickTime\QTSystem\;C:\Windows\Microsoft.NET\Framework\v2.0.50727
"PATHEXT"=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH;.MSC
"PROCESSOR_ARCHITECTURE"=x86
"TEMP"=%SystemRoot%\TEMP
"TMP"=%SystemRoot%\TEMP
"USERNAME"=SYSTEM
"windir"=%SystemRoot%
"PROCESSOR_LEVEL"=6
"PROCESSOR_IDENTIFIER"=x86 Family 6 Model 15 Stepping 13, GenuineIntel
"PROCESSOR_REVISION"=0f0d
"NUMBER_OF_PROCESSORS"=2
"configsetroot"=%SystemRoot%\ConfigSetRoot
"RoxioCentral"=C:\Program Files\Common Files\Roxio Shared\9.0\Roxio Central33\
"CLASSPATH"=.;C:\Program Files\Java\jre1.6.0_03\lib\ext\QTJava.zip
"QTJAVA"=C:\Program Files\Java\jre1.6.0_03\lib\ext\QTJava.zip

-----------------EOF-----------------
BUS
 
Messages: 42
Inscription: 28 Juil 2003 20:14
Localisation: CH / NE - 2025

Re: Infection virale demande d'analyse

Messagepar Falkra » 10 Jan 2010 16:08

Ca ne vient pas de ce poste.

Tu peux passer à Vista SP2.

Je posterai des conseils de prévention valables pour tous les poste en fin de parcours.
Il ne faut qu'un antivirus, en attendant. Si Norton était préinstallé, on peut le virer (il n'est pas génial). Sinon, finis ton abonnement et désinstalle MSE.

Il ne faut qu'un antivirus.

-----------

Poste moi un rapport RSIT (en autorisant le téléchargement quand demandé), pour un des autres postes, qui serait suspect.
Avatar de l’utilisateur
Falkra
Admin libellules.ch
Admin libellules.ch
 
Messages: 25882
Inscription: 30 Jan 2005 13:44
Localisation: 127.0.0.1

Re: Infection virale demande d'analyse

Messagepar BUS » 10 Jan 2010 16:45

Pour ce poste, OK je passe à SP2. Norton préinstallé, donc je le vire.

Dès que possible, je posterai un nouveau rapport RSIT pour les autres postes.

Merci pour ton aide.
BUS
 
Messages: 42
Inscription: 28 Juil 2003 20:14
Localisation: CH / NE - 2025

Re: Infection virale demande d'analyse

Messagepar Falkra » 10 Jan 2010 16:56

Supprime Norton avec cet outil officiel, qui fera le travail. Il supprime tous les produits Norton/Symantec, sinon la désinstallation classique échoue.

Après, il te faudra un firewall en remplacement de celui là. Je te conseille Online Armor free, qui est disponible en français, plutôt facile à prendre en main, et efficace.

Voici un tuto en français : http://infomars.fr/forum/index.php?showtopic=1644

--------

Ok, quand tu peux, pour les autres postes, mais faisons un par un, sinon je vais avoir du mal à suivre. Commence par celui qui te semble le plus probablement infecté.
Avatar de l’utilisateur
Falkra
Admin libellules.ch
Admin libellules.ch
 
Messages: 25882
Inscription: 30 Jan 2005 13:44
Localisation: 127.0.0.1

Re: Infection virale demande d'analyse

Messagepar BUS » 10 Jan 2010 22:22

Pour le deuxième ordio, voici le premier rapport RSIT log

Logfile of random's system information tool 1.06 (written by random/random)
Run by alissia at 2010-01-10 18:28:06
Microsoft® Windows Vista™ Édition Familiale Basique Service Pack 2
System drive C: has 207 GB (70%) free of 294 GB
Total RAM: 2974 MB (63% free)

HijackThis download failed

======Scheduled tasks folder======

C:\Windows\tasks\HPCeeScheduleForalissia.job
C:\Windows\tasks\User_Feed_Synchronization-{D9C7E067-DF1E-4546-BE09-3638E8398A0B}.job

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{18DF081C-E8AD-4283-A596-FA578C2EBDC3}]
Adobe PDF Link Helper - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2008-06-11 75128]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{5C255C8A-E604-49b4-9D64-90988571CECB}]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{6EBF7485-159F-4bff-A14F-B9E3AAC4465B}]
Search Helper - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll [2009-05-19 137600]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}]
Java(tm) Plug-In SSV Helper - C:\Program Files\Java\jre6\bin\ssv.dll [2009-03-16 320920]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{7C554162-8CB7-45A4-B8F4-8EA1C75885F9}]
AOL Toolbar BHO - C:\Program Files\AOL\AOL Toolbar 5.0\aoltb.dll [2008-07-02 1185120]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9030D464-4C02-4ABF-8ECC-5164760863C6}]
Programme d'aide de l'Assistant de connexion Windows Live - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2009-01-22 408448]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{A057A204-BACC-4D26-969A-2AB983EE729B}]
Skyrock Toolbar - C:\PROGRA~1\SKYROC~1\SKYROC~1.DLL [2008-06-03 2012632]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java(tm) Plug-In 2 SSV Helper - C:\Program Files\Java\jre6\bin\jp2ssv.dll [2009-03-16 34816]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E15A8DC0-8516-42A1-81EA-DC94EC1ACF10}]
Windows Live Toolbar Helper - C:\Program Files\Windows Live\Toolbar\wltcore.dll [2009-02-06 1068904]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{DE9C389F-3316-41A7-809B-AA305ED9D922} - AOL Toolbar - C:\Program Files\AOL\AOL Toolbar 5.0\aoltb.dll [2008-07-02 1185120]
{A057A204-BACC-4D26-969A-2AB983EE729B} - Skyrock Toolbar - C:\PROGRA~1\SKYROC~1\SKYROC~1.DLL [2008-06-03 2012632]
{21FA44EF-376D-4D53-9B0F-8A89D3229068} - &Windows Live Toolbar - C:\Program Files\Windows Live\Toolbar\wltcore.dll [2009-02-06 1068904]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"SynTPEnh"=C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2008-12-04 1410344]
"QPService"=C:\Program Files\HP\QuickPlay\QPService.exe [2008-09-23 468264]
"UpdateLBPShortCut"=C:\Program Files\CyberLink\LabelPrint\MUITransfer\MUIStartMenu.exe [2008-06-13 210216]
"UpdatePSTShortCut"=C:\Program Files\CyberLink\DVD Suite\MUITransfer\MUIStartMenu.exe [2008-12-24 210216]
"UCam_Menu"=C:\Program Files\CyberLink\YouCam\MUITransfer\MUIStartMenu.exe [2008-12-03 218408]
"Windows Defender"=C:\Program Files\Windows Defender\MSASCui.exe [2008-01-21 1008184]
"QlbCtrl.exe"=C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe [2008-10-10 206128]
"UpdateP2GoShortCut"=C:\Program Files\CyberLink\Power2Go\MUITransfer\MUIStartMenu.exe [2008-10-30 210216]
"UpdatePDIRShortCut"=C:\Program Files\CyberLink\PowerDirector\MUITransfer\MUIStartMenu.exe [2008-06-13 210216]
"SunJavaUpdateSched"=C:\Program Files\Java\jre6\bin\jusched.exe [2009-03-16 136600]
"HP Health Check Scheduler"=c:\Program Files\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe [2008-10-09 75008]
"HP Software Update"=C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe [2008-12-08 54576]
"WirelessAssistant"=C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe [2008-12-08 432432]
"Adobe Reader Speed Launcher"=C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe [2008-06-12 34672]
"MSSE"=c:\Program Files\Microsoft Security Essentials\msseces.exe [2009-09-13 1048392]
"QuickTime Task"=C:\Program Files\QuickTime\QTTask.exe [2009-09-05 417792]
"iTunesHelper"=C:\Program Files\iTunes\iTunesHelper.exe [2009-09-21 305440]
"IgfxTray"=C:\Windows\system32\igfxtray.exe [2009-10-30 141848]
"HotKeysCmds"=C:\Windows\system32\hkcmd.exe [2009-10-30 175128]
"Persistence"=C:\Windows\system32\igfxpers.exe [2009-10-30 166936]
"SysTrayApp"=C:\Program Files\IDT\WDM\sttray.exe [2009-01-20 483420]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"MsnMsgr"=C:\Program Files\Windows Live\Messenger\msnmsgr.exe [2009-07-26 3883856]
"LightScribe Control Panel"=C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe [2008-06-09 2363392]
"EA Core"=C:\Program Files\Electronic Arts\EADM\Core.exe -silent []

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\igfxcui]
C:\Windows\system32\igfxdev.dll [2009-10-30 226304]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\MsMpSvc]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\Wdf01000.sys]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\WudfPf]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\WudfRd]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\WudfSvc]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\WudfUsbccidDriver]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1
"EnableUIADesktopToggle"=0

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"BindDirectlyToPropertySetStorage"=

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]

======File associations======

.js - edit - C:\Windows\System32\Notepad.exe %1
.js - open - C:\Windows\System32\WScript.exe "%1" %*

======List of files/folders created in the last 1 months======

2010-01-10 18:28:07 ----D---- C:\Program Files\trend micro
2010-01-10 18:28:06 ----D---- C:\rsit
2010-01-08 16:20:21 ----D---- C:\Users\alissia\AppData\Roaming\PlayFirst
2009-12-29 09:41:29 ----D---- C:\Program Files\Windows Portable Devices
2009-12-29 07:35:15 ----A---- C:\Windows\system32\UIAnimation.dll
2009-12-29 07:35:14 ----A---- C:\Windows\system32\UIRibbonRes.dll
2009-12-29 07:35:14 ----A---- C:\Windows\system32\UIRibbon.dll
2009-12-29 07:34:33 ----A---- C:\Windows\system32\WMPhoto.dll
2009-12-29 07:34:32 ----A---- C:\Windows\system32\cdd.dll
2009-12-29 07:34:31 ----A---- C:\Windows\system32\XpsRasterService.dll
2009-12-29 07:34:31 ----A---- C:\Windows\system32\printfilterpipelineprxy.dll
2009-12-29 07:34:31 ----A---- C:\Windows\system32\d3d10warp.dll
2009-12-29 07:34:30 ----A---- C:\Windows\system32\XpsPrint.dll
2009-12-29 07:34:30 ----A---- C:\Windows\system32\XpsGdiConverter.dll
2009-12-29 07:34:30 ----A---- C:\Windows\system32\WindowsCodecsExt.dll
2009-12-29 07:34:30 ----A---- C:\Windows\system32\WindowsCodecs.dll
2009-12-29 07:34:30 ----A---- C:\Windows\system32\printfilterpipelinesvc.exe
2009-12-29 07:34:30 ----A---- C:\Windows\system32\PhotoMetadataHandler.dll
2009-12-29 07:34:30 ----A---- C:\Windows\system32\OpcServices.dll
2009-12-29 07:34:30 ----A---- C:\Windows\system32\dxdiagn.dll
2009-12-29 07:34:30 ----A---- C:\Windows\system32\dxdiag.exe
2009-12-29 07:34:30 ----A---- C:\Windows\system32\d2d1.dll
2009-12-29 07:34:29 ----A---- C:\Windows\system32\xpsservices.dll
2009-12-29 07:34:29 ----A---- C:\Windows\system32\FntCache.dll
2009-12-29 07:34:29 ----A---- C:\Windows\system32\dxgi.dll
2009-12-29 07:34:29 ----A---- C:\Windows\system32\DWrite.dll
2009-12-29 07:34:29 ----A---- C:\Windows\system32\d3d11.dll
2009-12-29 07:34:29 ----A---- C:\Windows\system32\d3d10level9.dll
2009-12-29 07:34:29 ----A---- C:\Windows\system32\d3d10core.dll
2009-12-29 07:34:29 ----A---- C:\Windows\system32\d3d10_1core.dll
2009-12-29 07:34:29 ----A---- C:\Windows\system32\d3d10_1.dll
2009-12-29 07:34:29 ----A---- C:\Windows\system32\d3d10.dll
2009-12-29 07:33:53 ----A---- C:\Windows\system32\WPDShextAutoplay.exe
2009-12-29 07:33:53 ----A---- C:\Windows\system32\wpdbusenum.dll
2009-12-29 07:33:53 ----A---- C:\Windows\system32\BthMtpContextHandler.dll
2009-12-29 07:33:51 ----A---- C:\Windows\system32\PortableDeviceConnectApi.dll
2009-12-29 07:33:48 ----A---- C:\Windows\system32\wpdshext.dll
2009-12-29 07:33:47 ----A---- C:\Windows\system32\WPDSp.dll
2009-12-29 07:33:47 ----A---- C:\Windows\system32\WPDShServiceObj.dll
2009-12-29 07:33:47 ----A---- C:\Windows\system32\wpd_ci.dll
2009-12-29 07:33:47 ----A---- C:\Windows\system32\PortableDeviceWMDRM.dll
2009-12-29 07:33:47 ----A---- C:\Windows\system32\PortableDeviceTypes.dll
2009-12-29 07:33:47 ----A---- C:\Windows\system32\PortableDeviceClassExtension.dll
2009-12-29 07:33:47 ----A---- C:\Windows\system32\PortableDeviceApi.dll
2009-12-29 07:32:39 ----A---- C:\Windows\system32\oleaccrc.dll
2009-12-29 07:32:37 ----A---- C:\Windows\system32\oleacc.dll
2009-12-29 07:32:36 ----A---- C:\Windows\system32\UIAutomationCore.dll
2009-12-27 16:50:37 ----D---- C:\Windows\system32\eu-ES
2009-12-27 16:50:37 ----D---- C:\Windows\system32\ca-ES
2009-12-27 16:50:36 ----D---- C:\Windows\system32\vi-VN
2009-12-27 16:44:51 ----D---- C:\Windows\system32\SPReview
2009-12-27 16:33:36 ----A---- C:\Windows\system32\scavenge.dll
2009-12-27 16:33:17 ----A---- C:\Windows\system32\compcln.exe
2009-12-27 16:32:33 ----A---- C:\Windows\system32\secproc_ssp_isv.dll
2009-12-27 16:32:33 ----A---- C:\Windows\system32\secproc_ssp.dll
2009-12-27 16:32:33 ----A---- C:\Windows\system32\secproc_isv.dll
2009-12-27 16:32:33 ----A---- C:\Windows\system32\secproc.dll
2009-12-27 16:32:32 ----A---- C:\Windows\system32\SearchProtocolHost.exe
2009-12-27 16:32:32 ----A---- C:\Windows\system32\SearchIndexer.exe
2009-12-27 16:32:32 ----A---- C:\Windows\system32\SearchFilterHost.exe
2009-12-27 16:32:32 ----A---- C:\Windows\system32\sdohlp.dll
2009-12-27 16:32:32 ----A---- C:\Windows\system32\sdclt.exe
2009-12-27 16:32:31 ----A---- C:\Windows\system32\samlib.dll
2009-12-27 16:32:31 ----A---- C:\Windows\system32\rtutils.dll
2009-12-27 16:32:31 ----A---- C:\Windows\system32\rtffilt.dll
2009-12-27 16:32:31 ----A---- C:\Windows\system32\rsaenh.dll
2009-12-27 16:32:31 ----A---- C:\Windows\system32\RMActivate_ssp.exe
2009-12-27 16:32:30 ----A---- C:\Windows\system32\scrrun.dll
2009-12-27 16:32:30 ----A---- C:\Windows\system32\rpcss.dll
2009-12-27 16:32:30 ----A---- C:\Windows\system32\rpchttp.dll
2009-12-27 16:32:30 ----A---- C:\Windows\system32\RMActivate_ssp_isv.exe
2009-12-27 16:32:30 ----A---- C:\Windows\system32\RMActivate_isv.exe
2009-12-27 16:32:30 ----A---- C:\Windows\system32\RMActivate.exe
2009-12-27 16:32:30 ----A---- C:\Windows\system32\riched20.dll
2009-12-27 16:32:29 ----A---- C:\Windows\system32\SCardSvr.dll
2009-12-27 16:32:29 ----A---- C:\Windows\system32\scansetting.dll
2009-12-27 16:32:29 ----A---- C:\Windows\system32\samsrv.dll
2009-12-27 16:32:28 ----A---- C:\Windows\system32\scrobj.dll
2009-12-27 16:32:28 ----A---- C:\Windows\system32\scksp.dll
2009-12-27 16:32:28 ----A---- C:\Windows\system32\schedsvc.dll
2009-12-27 16:32:28 ----A---- C:\Windows\system32\scesrv.dll
2009-12-27 16:32:28 ----A---- C:\Windows\system32\scecli.dll
2009-12-27 16:32:27 ----A---- C:\Windows\system32\pdh.dll
2009-12-27 16:32:26 ----A---- C:\Windows\system32\PNPXAssoc.dll
2009-12-27 16:32:26 ----A---- C:\Windows\system32\PnPutil.exe
2009-12-27 16:32:26 ----A---- C:\Windows\system32\PnPUnattend.exe
2009-12-27 16:32:26 ----A---- C:\Windows\system32\pnpui.dll
2009-12-27 16:32:26 ----A---- C:\Windows\system32\pnpsetup.dll
2009-12-27 16:32:26 ----A---- C:\Windows\system32\pnidui.dll
2009-12-27 16:32:26 ----A---- C:\Windows\system32\perfdisk.dll
2009-12-27 16:32:26 ----A---- C:\Windows\system32\PerfCenterCPL.dll
2009-12-27 16:32:26 ----A---- C:\Windows\system32\pcaui.dll
2009-12-27 16:32:26 ----A---- C:\Windows\system32\p2psvc.dll
2009-12-27 16:32:26 ----A---- C:\Windows\system32\P2PGraph.dll
2009-12-27 16:32:25 ----A---- C:\Windows\system32\powercpl.dll
2009-12-27 16:32:25 ----A---- C:\Windows\system32\PkgMgr.exe
2009-12-27 16:32:25 ----A---- C:\Windows\system32\pidgenx.dll
2009-12-27 16:32:25 ----A---- C:\Windows\system32\photowiz.dll
2009-12-27 16:32:24 ----A---- C:\Windows\system32\ntdll.dll
2009-12-27 16:32:24 ----A---- C:\Windows\system32\nslookup.exe
2009-12-27 16:32:23 ----A---- C:\Windows\system32\osk.exe
2009-12-27 16:32:23 ----A---- C:\Windows\system32\oobefldr.dll
2009-12-27 16:32:23 ----A---- C:\Windows\system32\onex.dll
2009-12-27 16:32:23 ----A---- C:\Windows\system32\olepro32.dll
2009-12-27 16:32:23 ----A---- C:\Windows\system32\oleprn.dll
2009-12-27 16:32:23 ----A---- C:\Windows\system32\oleaut32.dll
2009-12-27 16:32:23 ----A---- C:\Windows\system32\ole32.dll
2009-12-27 16:32:23 ----A---- C:\Windows\system32\offfilt.dll
2009-12-27 16:32:23 ----A---- C:\Windows\system32\odbccp32.dll
2009-12-27 16:32:23 ----A---- C:\Windows\system32\odbcconf.dll
2009-12-27 16:32:23 ----A---- C:\Windows\system32\odbc32.dll
2009-12-27 16:32:23 ----A---- C:\Windows\system32\NlsLexicons0009.dll
2009-12-27 16:32:23 ----A---- C:\Windows\system32\NlsLexicons0007.dll
2009-12-27 16:32:23 ----A---- C:\Windows\system32\nlhtml.dll
2009-12-27 16:32:22 ----A---- C:\Windows\system32\rasgcw.dll
2009-12-27 16:32:22 ----A---- C:\Windows\system32\rasdlg.dll
2009-12-27 16:32:22 ----A---- C:\Windows\system32\ocsetup.exe
2009-12-27 16:32:22 ----A---- C:\Windows\system32\ntprint.dll
2009-12-27 16:32:22 ----A---- C:\Windows\system32\ntmarta.dll
2009-12-27 16:32:21 ----A---- C:\Windows\system32\RelMon.dll
2009-12-27 16:32:21 ----A---- C:\Windows\system32\rekeywiz.exe
2009-12-27 16:32:21 ----A---- C:\Windows\system32\regsvc.dll
2009-12-27 16:32:21 ----A---- C:\Windows\system32\rastapi.dll
2009-12-27 16:32:21 ----A---- C:\Windows\system32\rasppp.dll
2009-12-27 16:32:21 ----A---- C:\Windows\system32\rasplap.dll
2009-12-27 16:32:21 ----A---- C:\Windows\system32\rasmontr.dll
2009-12-27 16:32:21 ----A---- C:\Windows\system32\rasmans.dll
2009-12-27 16:32:21 ----A---- C:\Windows\system32\rasdial.exe
2009-12-27 16:32:21 ----A---- C:\Windows\system32\rasdiag.dll
2009-12-27 16:32:21 ----A---- C:\Windows\system32\raschap.dll
2009-12-27 16:32:21 ----A---- C:\Windows\system32\rasapi32.dll
2009-12-27 16:32:21 ----A---- C:\Windows\system32\RacEngn.dll
2009-12-27 16:32:21 ----A---- C:\Windows\system32\Query.dll
2009-12-27 16:32:21 ----A---- C:\Windows\system32\quartz.dll
2009-12-27 16:32:21 ----A---- C:\Windows\system32\qmgr.dll
2009-12-27 16:32:21 ----A---- C:\Windows\system32\qedit.dll
2009-12-27 16:32:20 ----A---- C:\Windows\system32\regapi.dll
2009-12-27 16:32:20 ----A---- C:\Windows\system32\reg.exe
2009-12-27 16:32:20 ----A---- C:\Windows\system32\rdpencom.dll
2009-12-27 16:32:19 ----A---- C:\Windows\system32\rdpwsx.dll
2009-12-27 16:32:19 ----A---- C:\Windows\system32\prnntfy.dll
2009-12-27 16:32:19 ----A---- C:\Windows\system32\printui.dll
2009-12-27 16:32:19 ----A---- C:\Windows\system32\PresentationNative_v0300.dll
2009-12-27 16:32:19 ----A---- C:\Windows\system32\PresentationHostProxy.dll
2009-12-27 16:32:19 ----A---- C:\Windows\system32\PresentationHost.exe
2009-12-27 16:32:18 ----A---- C:\Windows\system32\PresentationCFFRasterizerNative_v0300.dll
2009-12-27 16:32:18 ----A---- C:\Windows\system32\powrprof.dll
2009-12-27 16:32:17 ----A---- C:\Windows\system32\qdvd.dll
2009-12-27 16:32:17 ----A---- C:\Windows\system32\QAGENTRT.DLL
2009-12-27 16:32:17 ----A---- C:\Windows\system32\puiapi.dll
2009-12-27 16:32:17 ----A---- C:\Windows\system32\psisdecd.dll
2009-12-27 16:32:17 ----A---- C:\Windows\system32\PSHED.DLL
2009-12-27 16:32:17 ----A---- C:\Windows\system32\propsys.dll
2009-12-27 16:32:17 ----A---- C:\Windows\system32\propdefs.dll
2009-12-27 16:32:17 ----A---- C:\Windows\system32\profsvc.dll
2009-12-27 16:32:15 ----A---- C:\Windows\system32\shell32.dll
2009-12-27 16:32:15 ----A---- C:\Windows\system32\shdocvw.dll
2009-12-27 16:32:15 ----A---- C:\Windows\system32\sendmail.dll
2009-12-27 16:32:14 ----A---- C:\Windows\system32\shlwapi.dll
2009-12-27 16:32:14 ----A---- C:\Windows\system32\sethc.exe
2009-12-27 16:32:14 ----A---- C:\Windows\system32\services.exe
2009-12-27 16:32:13 ----A---- C:\Windows\system32\setupapi.dll
2009-12-27 16:32:11 ----A---- C:\Windows\system32\EhStorAPI.dll
2009-12-27 16:32:11 ----A---- C:\Windows\system32\eapphost.dll
2009-12-27 16:32:11 ----A---- C:\Windows\system32\eappgnui.dll
2009-12-27 16:32:11 ----A---- C:\Windows\system32\eappcfg.dll
2009-12-27 16:32:11 ----A---- C:\Windows\system32\eapp3hst.dll
2009-12-27 16:32:10 ----A---- C:\Windows\system32\ExplorerFrame.dll
2009-12-27 16:32:10 ----A---- C:\Windows\system32\evr.dll
2009-12-27 16:32:10 ----A---- C:\Windows\system32\eudcedit.exe
2009-12-27 16:32:10 ----A---- C:\Windows\system32\dwm.exe
2009-12-27 16:32:10 ----A---- C:\Windows\system32\dsprop.dll
2009-12-27 16:32:10 ----A---- C:\Windows\system32\dsound.dll
2009-12-27 16:32:10 ----A---- C:\Windows\explorer.exe
2009-12-27 16:32:09 ----A---- C:\Windows\system32\f3ahvoas.dll
2009-12-27 16:32:09 ----A---- C:\Windows\system32\esent.dll
2009-12-27 16:32:09 ----A---- C:\Windows\system32\es.dll
2009-12-27 16:32:09 ----A---- C:\Windows\system32\EncDec.dll
2009-12-27 16:32:09 ----A---- C:\Windows\system32\emdmgmt.dll
2009-12-27 16:32:09 ----A---- C:\Windows\system32\EhStorShell.dll
2009-12-27 16:32:09 ----A---- C:\Windows\system32\EhStorPwdMgr.dll
2009-12-27 16:32:09 ----A---- C:\Windows\system32\EhStorAuthn.dll
2009-12-27 16:32:09 ----A---- C:\Windows\system32\dimsroam.dll
2009-12-27 16:32:09 ----A---- C:\Windows\system32\diagperf.dll
2009-12-27 16:32:08 ----A---- C:\Windows\system32\diskraid.exe
2009-12-27 16:32:08 ----A---- C:\Windows\system32\diskpart.exe
2009-12-27 16:32:08 ----A---- C:\Windows\system32\dhcpcsvc6.dll
2009-12-27 16:32:08 ----A---- C:\Windows\system32\dfshim.dll
2009-12-27 16:32:07 ----A---- C:\Windows\system32\drvstore.dll
2009-12-27 16:32:07 ----A---- C:\Windows\system32\drmmgrtn.dll
2009-12-27 16:32:07 ----A---- C:\Windows\system32\dpapimig.exe
2009-12-27 16:32:07 ----A---- C:\Windows\system32\dot3svc.dll
2009-12-27 16:32:07 ----A---- C:\Windows\system32\dot3msm.dll
2009-12-27 16:32:07 ----A---- C:\Windows\system32\dot3cfg.dll
2009-12-27 16:32:07 ----A---- C:\Windows\system32\dhcpcsvc.dll
2009-12-27 16:32:07 ----A---- C:\Windows\system32\dfsr.exe
2009-12-27 16:32:07 ----A---- C:\Windows\system32\devmgr.dll
2009-12-27 16:32:06 ----A---- C:\Windows\system32\hbaapi.dll
2009-12-27 16:32:06 ----A---- C:\Windows\system32\gpresult.exe
2009-12-27 16:32:06 ----A---- C:\Windows\system32\drvinst.exe
2009-12-27 16:32:06 ----A---- C:\Windows\system32\drmv2clt.dll
2009-12-27 16:32:06 ----A---- C:\Windows\system32\dnsrslvr.dll
2009-12-27 16:32:06 ----A---- C:\Windows\system32\dnsapi.dll
2009-12-27 16:32:06 ----A---- C:\Windows\system32\dmusic.dll
2009-12-27 16:32:06 ----A---- C:\Windows\system32\dmsynth.dll
2009-12-27 16:32:05 ----A---- C:\Windows\system32\gpupdate.exe
2009-12-27 16:32:05 ----A---- C:\Windows\system32\gpsvc.dll
2009-12-27 16:32:04 ----A---- C:\Windows\system32\iasnap.dll
2009-12-27 16:32:04 ----A---- C:\Windows\system32\IasMigReader.exe
2009-12-27 16:32:04 ----A---- C:\Windows\system32\IasMigPlugin.dll
2009-12-27 16:32:04 ----A---- C:\Windows\system32\iashlpr.dll
2009-12-27 16:32:04 ----A---- C:\Windows\system32\iasdatastore.dll
2009-12-27 16:32:04 ----A---- C:\Windows\system32\iasads.dll
2009-12-27 16:32:04 ----A---- C:\Windows\system32\iasacct.dll
2009-12-27 16:32:04 ----A---- C:\Windows\system32\hidserv.dll
2009-12-27 16:32:04 ----A---- C:\Windows\system32\hdwwiz.exe
2009-12-27 16:32:04 ----A---- C:\Windows\system32\fontext.dll
2009-12-27 16:32:04 ----A---- C:\Windows\system32\findstr.exe
2009-12-27 16:32:03 ----A---- C:\Windows\system32\gpedit.dll
2009-12-27 16:32:03 ----A---- C:\Windows\system32\gpapi.dll
2009-12-27 16:32:03 ----A---- C:\Windows\system32\gdi32.dll
2009-12-27 16:32:03 ----A---- C:\Windows\system32\fundisc.dll
2009-12-27 16:32:03 ----A---- C:\Windows\system32\feclient.dll
2009-12-27 16:32:03 ----A---- C:\Windows\system32\fdWSD.dll
2009-12-27 16:32:03 ----A---- C:\Windows\system32\fdWCN.dll
2009-12-27 16:32:03 ----A---- C:\Windows\system32\fdSSDP.dll
2009-12-27 16:32:03 ----A---- C:\Windows\system32\fdProxy.dll
2009-12-27 16:32:03 ----A---- C:\Windows\system32\fdeploy.dll
2009-12-27 16:32:03 ----A---- C:\Windows\system32\fdBthProxy.dll
2009-12-27 16:32:03 ----A---- C:\Windows\system32\fdBth.dll
2009-12-27 16:32:03 ----A---- C:\Windows\system32\fc.exe
2009-12-27 16:32:03 ----A---- C:\Windows\system32\Faultrep.dll
2009-12-27 16:32:02 ----A---- C:\Windows\system32\FwRemoteSvr.dll
2009-12-27 16:32:02 ----A---- C:\Windows\system32\FWPUCLNT.DLL
2009-12-27 16:32:02 ----A---- C:\Windows\system32\FunctionDiscoveryFolder.dll
2009-12-27 16:32:02 ----A---- C:\Windows\system32\ftp.exe
2009-12-27 16:32:02 ----A---- C:\Windows\system32\autoplay.dll
2009-12-27 16:32:02 ----A---- C:\Windows\system32\autofmt.exe
2009-12-27 16:32:02 ----A---- C:\Windows\system32\autoconv.exe
2009-12-27 16:32:02 ----A---- C:\Windows\system32\autochk.exe
2009-12-27 16:32:02 ----A---- C:\Windows\system32\authz.dll
2009-12-27 16:32:02 ----A---- C:\Windows\system32\authui.dll
2009-12-27 16:32:02 ----A---- C:\Windows\system32\audiosrv.dll
2009-12-27 16:32:02 ----A---- C:\Windows\system32\AudioSes.dll
2009-12-27 16:32:02 ----A---- C:\Windows\system32\audiodg.exe
2009-12-27 16:32:00 ----A---- C:\Windows\system32\bthci.dll
2009-12-27 16:32:00 ----A---- C:\Windows\system32\browseui.dll
2009-12-27 16:32:00 ----A---- C:\Windows\system32\brcpl.dll
2009-12-27 16:32:00 ----A---- C:\Windows\system32\blackbox.dll
2009-12-27 16:32:00 ----A---- C:\Windows\system32\bitsigd.dll
2009-12-27 16:32:00 ----A---- C:\Windows\system32\BFE.DLL
2009-12-27 16:32:00 ----A---- C:\Windows\system32\bcrypt.dll
2009-12-27 16:32:00 ----A---- C:\Windows\system32\basecsp.dll
2009-12-27 16:32:00 ----A---- C:\Windows\system32\azroles.dll
2009-12-27 16:31:59 ----A---- C:\Windows\system32\accessibilitycpl.dll
2009-12-27 16:31:58 ----A---- C:\Windows\system32\apphelp.dll
2009-12-27 16:31:58 ----A---- C:\Windows\system32\apds.dll
2009-12-27 16:31:57 ----A---- C:\Windows\system32\adtschema.dll
2009-12-27 16:31:57 ----A---- C:\Windows\system32\adsmsext.dll
2009-12-27 16:31:57 ----A---- C:\Windows\system32\adsldpc.dll
2009-12-27 16:31:56 ----A---- C:\Windows\system32\crypt32.dll
2009-12-27 16:31:56 ----A---- C:\Windows\system32\credui.dll
2009-12-27 16:31:56 ----A---- C:\Windows\system32\connect.dll
2009-12-27 16:31:56 ----A---- C:\Windows\system32\conime.exe
2009-12-27 16:31:56 ----A---- C:\Windows\system32\comuid.dll
2009-12-27 16:31:56 ----A---- C:\Windows\system32\comsvcs.dll
2009-12-27 16:31:56 ----A---- C:\Windows\system32\advapi32.dll
2009-12-27 16:31:55 ----A---- C:\Windows\system32\dbgeng.dll
2009-12-27 16:31:55 ----A---- C:\Windows\system32\comdlg32.dll
2009-12-27 16:31:55 ----A---- C:\Windows\system32\cmmon32.exe
2009-12-27 16:31:55 ----A---- C:\Windows\system32\cmdial32.dll
2009-12-27 16:31:54 ----A---- C:\Windows\system32\DevicePairingWizard.exe
2009-12-27 16:31:54 ----A---- C:\Windows\system32\DevicePairingProxy.dll
2009-12-27 16:31:54 ----A---- C:\Windows\system32\DevicePairing.dll
2009-12-27 16:31:54 ----A---- C:\Windows\system32\DeviceEject.exe
2009-12-27 16:31:54 ----A---- C:\Windows\system32\davclnt.dll
2009-12-27 16:31:54 ----A---- C:\Windows\system32\dataclen.dll
2009-12-27 16:31:54 ----A---- C:\Windows\system32\d3d9.dll
2009-12-27 16:31:54 ----A---- C:\Windows\system32\csrstub.exe
2009-12-27 16:31:54 ----A---- C:\Windows\system32\cscdll.dll
2009-12-27 16:31:54 ----A---- C:\Windows\system32\cscapi.dll
2009-12-27 16:31:54 ----A---- C:\Windows\system32\cryptui.dll
2009-12-27 16:31:54 ----A---- C:\Windows\system32\cryptsvc.dll
2009-12-27 16:31:53 ----A---- C:\Windows\system32\cscript.exe
2009-12-27 16:31:53 ----A---- C:\Windows\system32\certmgr.dll
2009-12-27 16:31:53 ----A---- C:\Windows\system32\CertEnrollUI.dll
2009-12-27 16:31:53 ----A---- C:\Windows\system32\CertEnroll.dll
2009-12-27 16:31:53 ----A---- C:\Windows\system32\certcli.dll
2009-12-27 16:31:53 ----A---- C:\Windows\system32\bthudtask.exe
2009-12-27 16:31:53 ----A---- C:\Windows\system32\bthserv.dll
2009-12-27 16:31:52 ----A---- C:\Windows\system32\cipher.exe
2009-12-27 16:31:52 ----A---- C:\Windows\system32\ci.dll
2009-12-27 16:31:52 ----A---- C:\Windows\system32\CHxReadingStringIME.dll
2009-12-27 16:31:52 ----A---- C:\Windows\system32\chsbrkr.dll
2009-12-27 16:31:52 ----A---- C:\Windows\system32\cbsra.exe
2009-12-27 16:31:51 ----A---- C:\Windows\system32\chtbrkr.dll
2009-12-27 16:31:51 ----A---- C:\Windows\system32\certreq.exe
2009-12-27 16:31:51 ----A---- C:\Windows\system32\certprop.dll
2009-12-27 16:31:50 ----A---- C:\Windows\system32\msihnd.dll
2009-12-27 16:31:50 ----A---- C:\Windows\system32\msiexec.exe
2009-12-27 16:31:50 ----A---- C:\Windows\system32\msftedit.dll
2009-12-27 16:31:50 ----A---- C:\Windows\system32\msexcl40.dll
2009-12-27 16:31:50 ----A---- C:\Windows\system32\msexch40.dll
2009-12-27 16:31:50 ----A---- C:\Windows\system32\msdtctm.dll
2009-12-27 16:31:50 ----A---- C:\Windows\system32\certutil.exe
2009-12-27 16:31:49 ----A---- C:\Windows\system32\msi.dll
2009-12-27 16:31:49 ----A---- C:\Windows\system32\msdtcprx.dll
2009-12-27 16:31:49 ----A---- C:\Windows\system32\msdrm.dll
2009-12-27 16:31:49 ----A---- C:\Windows\system32\msctfui.dll
2009-12-27 16:31:49 ----A---- C:\Windows\system32\msctfp.dll
2009-12-27 16:31:49 ----A---- C:\Windows\system32\MsCtfMonitor.dll
2009-12-27 16:31:49 ----A---- C:\Windows\system32\msctf.dll
2009-12-27 16:31:48 ----A---- C:\Windows\system32\msimsg.dll
2009-12-27 16:31:48 ----A---- C:\Windows\system32\MPSSVC.dll
2009-12-27 16:31:48 ----A---- C:\Windows\system32\mprapi.dll
2009-12-27 16:31:48 ----A---- C:\Windows\system32\mpr.dll
2009-12-27 16:31:47 ----A---- C:\Windows\system32\modemui.dll
2009-12-27 16:31:47 ----A---- C:\Windows\system32\MMDevAPI.dll
2009-12-27 16:31:46 ----A---- C:\Windows\system32\mscories.dll
2009-12-27 16:31:46 ----A---- C:\Windows\system32\mscorier.dll
2009-12-27 16:31:46 ----A---- C:\Windows\system32\mscms.dll
2009-12-27 16:31:46 ----A---- C:\Windows\system32\mscandui.dll
2009-12-27 16:31:45 ----A---- C:\Windows\system32\netcenter.dll
2009-12-27 16:31:45 ----A---- C:\Windows\system32\netapi32.dll
2009-12-27 16:31:45 ----A---- C:\Windows\system32\ncryptui.dll
2009-12-27 16:31:45 ----A---- C:\Windows\system32\ncrypt.dll
2009-12-27 16:31:45 ----A---- C:\Windows\system32\mscoree.dll
2009-12-27 16:31:44 ----A---- C:\Windows\system32\netplwiz.dll
2009-12-27 16:31:44 ----A---- C:\Windows\system32\netlogon.dll
2009-12-27 16:31:44 ----A---- C:\Windows\system32\NcdProp.dll
2009-12-27 16:31:44 ----A---- C:\Windows\system32\mtxclu.dll
2009-12-27 16:31:43 ----A---- C:\Windows\system32\NaturalLanguage6.dll
2009-12-27 16:31:42 ----A---- C:\Windows\system32\newdev.exe
2009-12-27 16:31:42 ----A---- C:\Windows\system32\newdev.dll
2009-12-27 16:31:42 ----A---- C:\Windows\system32\networkmap.dll
2009-12-27 16:31:42 ----A---- C:\Windows\system32\networkitemfactory.dll
2009-12-27 16:31:42 ----A---- C:\Windows\system32\networkexplorer.dll
2009-12-27 16:31:42 ----A---- C:\Windows\system32\netshell.dll
2009-12-27 16:31:41 ----A---- C:\Windows\system32\msscntrs.dll
2009-12-27 16:31:41 ----A---- C:\Windows\system32\msscb.dll
2009-12-27 16:31:41 ----A---- C:\Windows\system32\msrepl40.dll
2009-12-27 16:31:41 ----A---- C:\Windows\system32\msrd3x40.dll
2009-12-27 16:31:41 ----A---- C:\Windows\system32\msrd2x40.dll
2009-12-27 16:31:41 ----A---- C:\Windows\system32\mspbde40.dll
2009-12-27 16:31:41 ----A---- C:\Windows\system32\msnetobj.dll
2009-12-27 16:31:41 ----A---- C:\Windows\system32\msltus40.dll
2009-12-27 16:31:41 ----A---- C:\Windows\system32\msimtf.dll
2009-12-27 16:31:40 ----A---- C:\Windows\system32\msutb.dll
2009-12-27 16:31:40 ----A---- C:\Windows\system32\msjtes40.dll
2009-12-27 16:31:40 ----A---- C:\Windows\system32\msjter40.dll
2009-12-27 16:31:40 ----A---- C:\Windows\system32\msjint40.dll
2009-12-27 16:31:40 ----A---- C:\Windows\system32\msjetoledb40.dll
2009-12-27 16:31:40 ----A---- C:\Windows\system32\msjet40.dll
2009-12-27 16:31:40 ----A---- C:\Windows\system32\msisip.dll
2009-12-27 16:31:40 ----A---- C:\Windows\system32\msinfo32.exe
2009-12-27 16:31:39 ----A---- C:\Windows\system32\msxbde40.dll
2009-12-27 16:31:39 ----A---- C:\Windows\system32\mswstr10.dll
2009-12-27 16:31:39 ----A---- C:\Windows\system32\mswsock.dll
2009-12-27 16:31:39 ----A---- C:\Windows\system32\mswdat10.dll
2009-12-27 16:31:39 ----A---- C:\Windows\system32\msvcrt.dll
2009-12-27 16:31:39 ----A---- C:\Windows\system32\msvcp60.dll
2009-12-27 16:31:38 ----A---- C:\Windows\system32\MSVidCtl.dll
2009-12-27 16:31:37 ----A---- C:\Windows\system32\mstsc.exe
2009-12-27 16:31:37 ----A---- C:\Windows\system32\mstlsapi.dll
2009-12-27 16:31:37 ----A---- C:\Windows\system32\mssvp.dll
2009-12-27 16:31:37 ----A---- C:\Windows\system32\msstrc.dll
2009-12-27 16:31:37 ----A---- C:\Windows\system32\mssrch.dll
2009-12-27 16:31:37 ----A---- C:\Windows\system32\mssprxy.dll
2009-12-27 16:31:37 ----A---- C:\Windows\system32\mssphtb.dll
2009-12-27 16:31:37 ----A---- C:\Windows\system32\mssph.dll
2009-12-27 16:31:37 ----A---- C:\Windows\system32\mssitlb.dll
2009-12-27 16:31:37 ----A---- C:\Windows\system32\msshsq.dll
2009-12-27 16:31:37 ----A---- C:\Windows\system32\msshooks.dll
2009-12-27 16:31:37 ----A---- C:\Windows\system32\msscp.dll
2009-12-27 16:31:36 ----A---- C:\Windows\system32\mstext40.dll
2009-12-27 16:31:36 ----A---- C:\Windows\system32\InkEd.dll
2009-12-27 16:31:36 ----A---- C:\Windows\system32\inetppui.dll
2009-12-27 16:31:36 ----A---- C:\Windows\system32\inetcomm.dll
2009-12-27 16:31:35 ----A---- C:\Windows\system32\infocardapi.dll
2009-12-27 16:31:35 ----A---- C:\Windows\system32\inetpp.dll
2009-12-27 16:31:34 ----A---- C:\Windows\system32\iscsilog.dll
2009-12-27 16:31:34 ----A---- C:\Windows\system32\IPSECSVC.DLL
2009-12-27 16:31:34 ----A---- C:\Windows\system32\imm32.dll
2009-12-27 16:31:33 ----A---- C:\Windows\system32\ipsmsnap.dll
2009-12-27 16:31:32 ----A---- C:\Windows\system32\ipsecsnp.dll
2009-12-27 16:31:32 ----A---- C:\Windows\system32\iphlpsvc.dll
2009-12-27 16:31:32 ----A---- C:\Windows\system32\IPHLPAPI.DLL
2009-12-27 16:31:32 ----A---- C:\Windows\system32\ipconfig.exe
2009-12-27 16:31:32 ----A---- C:\Windows\system32\input.dll
2009-12-27 16:31:30 ----A---- C:\Windows\system32\ifmon.dll
2009-12-27 16:31:29 ----A---- C:\Windows\system32\IMJP10K.DLL
2009-12-27 16:31:29 ----A---- C:\Windows\system32\icardres.dll
2009-12-27 16:31:29 ----A---- C:\Windows\system32\icardagt.exe
2009-12-27 16:31:29 ----A---- C:\Windows\system32\iassvcs.dll
2009-12-27 16:31:29 ----A---- C:\Windows\system32\iassdo.dll
2009-12-27 16:31:29 ----A---- C:\Windows\system32\iassam.dll
2009-12-27 16:31:29 ----A---- C:\Windows\system32\iasrecst.dll
2009-12-27 16:31:29 ----A---- C:\Windows\system32\iasrad.dll
2009-12-27 16:31:29 ----A---- C:\Windows\system32\iaspolcy.dll
2009-12-27 16:31:28 ----A---- C:\Windows\system32\imapi2fs.dll
2009-12-27 16:31:28 ----A---- C:\Windows\system32\imapi2.dll
2009-12-27 16:31:28 ----A---- C:\Windows\system32\imapi.dll
2009-12-27 16:31:28 ----A---- C:\Windows\system32\IKEEXT.DLL
2009-12-27 16:31:27 ----A---- C:\Windows\system32\mfplat.dll
2009-12-27 16:31:27 ----A---- C:\Windows\system32\mfc42u.dll
2009-12-27 16:31:27 ----A---- C:\Windows\system32\mfc42.dll
2009-12-27 16:31:26 ----A---- C:\Windows\system32\mimefilt.dll
2009-12-27 16:31:26 ----A---- C:\Windows\system32\milcore.dll
2009-12-27 16:31:25 ----A---- C:\Windows\system32\mmcndmgr.dll
2009-12-27 16:31:25 ----A---- C:\Windows\system32\mmcico.dll
2009-12-27 16:31:25 ----A---- C:\Windows\system32\mmci.dll
2009-12-27 16:31:25 ----A---- C:\Windows\system32\mmc.exe
2009-12-27 16:31:25 ----A---- C:\Windows\system32\midimap.dll
2009-12-27 16:31:24 ----A---- C:\Windows\system32\mcupdate_GenuineIntel.dll
2009-12-27 16:31:24 ----A---- C:\Windows\system32\mblctr.exe
2009-12-27 16:31:24 ----A---- C:\Windows\system32\l2nacp.dll
2009-12-27 16:31:24 ----A---- C:\Windows\system32\korwbrkr.dll
2009-12-27 16:31:24 ----A---- C:\Windows\system32\kernel32.dll
2009-12-27 16:31:24 ----A---- C:\Windows\system32\kdusb.dll
2009-12-27 16:31:24 ----A---- C:\Windows\system32\kdcom.dll
2009-12-27 16:31:24 ----A---- C:\Windows\system32\kd1394.dll
2009-12-27 16:31:23 ----A---- C:\Windows\system32\MediaMetadataHandler.dll
2009-12-27 16:31:23 ----A---- C:\Windows\system32\logman.exe
2009-12-27 16:31:23 ----A---- C:\Windows\system32\logagent.exe
2009-12-27 16:31:22 ----A---- C:\Windows\system32\wercon.exe
2009-12-27 16:31:22 ----A---- C:\Windows\system32\wer.dll
2009-12-27 16:31:22 ----A---- C:\Windows\system32\WebClnt.dll
2009-12-27 16:31:22 ----A---- C:\Windows\system32\shsetup.dll
2009-12-27 16:31:22 ----A---- C:\Windows\system32\Magnify.exe
2009-12-27 16:31:21 ----A---- C:\Windows\system32\wdscore.dll
2009-12-27 16:31:21 ----A---- C:\Windows\system32\wdc.dll
2009-12-27 16:31:20 ----A---- C:\Windows\system32\WindowsAnytimeUpgradeCPL.dll
2009-12-27 16:31:20 ----A---- C:\Windows\system32\win32spl.dll
2009-12-27 16:31:20 ----A---- C:\Windows\system32\whealogr.dll
2009-12-27 16:31:20 ----A---- C:\Windows\system32\wevtutil.exe
2009-12-27 16:31:20 ----A---- C:\Windows\system32\wevtsvc.dll
2009-12-27 16:31:20 ----A---- C:\Windows\system32\wevtapi.dll
2009-12-27 16:31:20 ----A---- C:\Windows\system32\wersvc.dll
2009-12-27 16:31:20 ----A---- C:\Windows\system32\WerFaultSecure.exe
2009-12-27 16:31:20 ----A---- C:\Windows\system32\WerFault.exe
2009-12-27 16:31:19 ----A---- C:\Windows\system32\wiaservc.dll
2009-12-27 16:31:19 ----A---- C:\Windows\system32\wiaaut.dll
2009-12-27 16:31:19 ----A---- C:\Windows\system32\version.dll
2009-12-27 16:31:19 ----A---- C:\Windows\system32\vdsutil.dll
2009-12-27 16:31:19 ----A---- C:\Windows\system32\vdsdyn.dll
2009-12-27 16:31:19 ----A---- C:\Windows\system32\vds.exe
2009-12-27 16:31:19 ----A---- C:\Windows\system32\vdmdbg.dll
2009-12-27 16:31:18 ----A---- C:\Windows\system32\uxsms.dll
2009-12-27 16:31:18 ----A---- C:\Windows\system32\Utilman.exe
2009-12-27 16:31:18 ----A---- C:\Windows\system32\usp10.dll
2009-12-27 16:31:18 ----A---- C:\Windows\system32\userenv.dll
2009-12-27 16:31:18 ----A---- C:\Windows\system32\usercpl.dll
2009-12-27 16:31:18 ----A---- C:\Windows\system32\user32.dll
2009-12-27 16:31:17 ----A---- C:\Windows\system32\wcnwiz2.dll
2009-12-27 16:31:17 ----A---- C:\Windows\system32\wcnwiz.dll
2009-12-27 16:31:17 ----A---- C:\Windows\system32\WcnNetsh.dll
2009-12-27 16:31:17 ----A---- C:\Windows\system32\wcncsvc.dll
2009-12-27 16:31:16 ----A---- C:\Windows\system32\WSDMon.dll
2009-12-27 16:31:16 ----A---- C:\Windows\system32\wsdchngr.dll
2009-12-27 16:31:16 ----A---- C:\Windows\system32\wscsvc.dll
2009-12-27 16:31:16 ----A---- C:\Windows\system32\wscript.exe
2009-12-27 16:31:16 ----A---- C:\Windows\system32\wscntfy.dll
2009-12-27 16:31:16 ----A---- C:\Windows\system32\wscisvif.dll
2009-12-27 16:31:16 ----A---- C:\Windows\system32\WscEapPr.dll
2009-12-27 16:31:16 ----A---- C:\Windows\system32\wscapi.dll
2009-12-27 16:31:16 ----A---- C:\Windows\system32\wow32.dll
2009-12-27 16:31:16 ----A---- C:\Windows\system32\WMVXENCD.DLL
2009-12-27 16:31:16 ----A---- C:\Windows\system32\WMVSDECD.DLL
2009-12-27 16:31:16 ----A---- C:\Windows\system32\WMVENCOD.DLL
2009-12-27 16:31:16 ----A---- C:\Windows\system32\w32time.dll
2009-12-27 16:31:16 ----A---- C:\Windows\system32\VSSVC.exe
2009-12-27 16:31:16 ----A---- C:\Windows\system32\vssapi.dll
2009-12-27 16:31:15 ----A---- C:\Windows\system32\xmlfilter.dll
2009-12-27 16:31:15 ----A---- C:\Windows\system32\wusa.exe
2009-12-27 16:31:15 ----A---- C:\Windows\system32\wshext.dll
2009-12-27 16:31:15 ----A---- C:\Windows\system32\wsepno.dll
2009-12-27 16:31:15 ----A---- C:\Windows\system32\wpcsvc.dll
2009-12-27 16:31:15 ----A---- C:\Windows\system32\wpccpl.dll
2009-12-27 16:31:15 ----A---- C:\Windows\system32\wpcao.dll
2009-12-27 16:31:14 ----A---- C:\Windows\system32\wsnmp32.dll
2009-12-27 16:31:14 ----A---- C:\Windows\system32\WsmSvc.dll
2009-12-27 16:31:14 ----A---- C:\Windows\system32\wshbth.dll
2009-12-27 16:31:14 ----A---- C:\Windows\system32\wlgpclnt.dll
2009-12-27 16:31:14 ----A---- C:\Windows\system32\Wldap32.dll
2009-12-27 16:31:14 ----A---- C:\Windows\system32\wlanui.dll
2009-12-27 16:31:14 ----A---- C:\Windows\system32\wlanpref.dll
2009-12-27 16:31:14 ----A---- C:\Windows\system32\wlangpui.dll
2009-12-27 16:31:14 ----A---- C:\Windows\system32\wisptis.exe
2009-12-27 16:31:14 ----A---- C:\Windows\system32\winrnr.dll
2009-12-27 16:31:14 ----A---- C:\Windows\system32\winresume.exe
2009-12-27 16:31:13 ----A---- C:\Windows\system32\wmpmde.dll
2009-12-27 16:31:13 ----A---- C:\Windows\system32\wmpeffects.dll
2009-12-27 16:31:13 ----A---- C:\Windows\system32\WMNetMgr.dll
2009-12-27 16:31:13 ----A---- C:\Windows\system32\winsrv.dll
2009-12-27 16:31:13 ----A---- C:\Windows\system32\WinSCard.dll
2009-12-27 16:31:13 ----A---- C:\Windows\system32\WinSAT.exe
2009-12-27 16:31:13 ----A---- C:\Windows\system32\winmm.dll
2009-12-27 16:31:13 ----A---- C:\Windows\system32\winlogon.exe
2009-12-27 16:31:13 ----A---- C:\Windows\system32\winload.exe
2009-12-27 16:31:12 ----A---- C:\Windows\system32\wmdrmsdk.dll
2009-12-27 16:31:09 ----A---- C:\Windows\system32\wmicmiplugin.dll
2009-12-27 16:31:09 ----A---- C:\Windows\system32\sud.dll
2009-12-27 16:31:09 ----A---- C:\Windows\system32\Storprop.dll
2009-12-27 16:31:09 ----A---- C:\Windows\system32\stobject.dll
2009-12-27 16:31:08 ----A---- C:\Windows\system32\srvsvc.dll
2009-12-27 16:31:08 ----A---- C:\Windows\system32\srcore.dll
2009-12-27 16:31:08 ----A---- C:\Windows\system32\srchadmin.dll
2009-12-27 16:31:06 ----A---- C:\Windows\system32\sysmain.dll
2009-12-27 16:31:05 ----A---- C:\Windows\system32\sysclass.dll
2009-12-27 16:31:05 ----A---- C:\Windows\system32\swprv.dll
2009-12-27 16:31:03 ----A---- C:\Windows\system32\SyncCenter.dll
2009-12-27 16:31:01 ----A---- C:\Windows\system32\smss.exe
2009-12-27 16:31:01 ----A---- C:\Windows\system32\SmiEngine.dll
2009-12-27 16:31:01 ----A---- C:\Windows\system32\SMBHelperClass.dll
2009-12-27 16:31:01 ----A---- C:\Windows\system32\SmartcardCredentialProvider.dll
2009-12-27 16:31:01 ----A---- C:\Windows\system32\slwmi.dll
2009-12-27 16:30:58 ----A---- C:\Windows\system32\slcc.dll
2009-12-27 16:30:58 ----A---- C:\Windows\system32\SLC.dll
2009-12-27 16:30:58 ----A---- C:\Windows\system32\shwebsvc.dll
2009-12-27 16:30:58 ----A---- C:\Windows\system32\shsvcs.dll
2009-12-27 16:30:56 ----A---- C:\Windows\system32\spoolss.dll
2009-12-27 16:30:56 ----A---- C:\Windows\system32\spinstall.exe
2009-12-27 16:30:56 ----A---- C:\Windows\system32\slwga.dll
2009-12-27 16:30:56 ----A---- C:\Windows\system32\SLUINotify.dll
2009-12-27 16:30:56 ----A---- C:\Windows\system32\SLUI.exe
2009-12-27 16:30:56 ----A---- C:\Windows\system32\SLsvc.exe
2009-12-27 16:30:56 ----A---- C:\Windows\system32\slmgr.vbs
2009-12-27 16:30:56 ----A---- C:\Windows\system32\SLLUA.exe
2009-12-27 16:30:56 ----A---- C:\Windows\system32\SLCommDlg.dll
2009-12-27 16:30:56 ----A---- C:\Windows\system32\slcinst.dll
2009-12-27 16:30:56 ----A---- C:\Windows\system32\SLCExt.dll
2009-12-27 16:30:55 ----A---- C:\Windows\system32\spp.dll
2009-12-27 16:30:55 ----A---- C:\Windows\system32\spoolsv.exe
2009-12-27 16:30:55 ----A---- C:\Windows\system32\spcmsg.dll
2009-12-27 16:30:51 ----A---- C:\Windows\system32\sperror.dll
2009-12-27 16:30:50 ----A---- C:\Windows\system32\spwizui.dll
2009-12-27 16:30:50 ----A---- C:\Windows\system32\spwinsat.dll
2009-12-27 16:30:49 ----A---- C:\Windows\system32\sqlsrv32.dll
2009-12-27 16:30:44 ----A---- C:\Windows\system32\spreview.exe
2009-12-27 16:30:36 ----A---- C:\Windows\system32\softkbd.dll
2009-12-27 16:30:36 ----A---- C:\Windows\system32\SndVol.exe
2009-12-27 16:30:30 ----A---- C:\Windows\system32\TSTheme.exe
2009-12-27 16:30:27 ----A---- C:\Windows\system32\TsWpfWrp.exe
2009-12-27 16:30:26 ----A---- C:\Windows\system32\zipfldr.dll
2009-12-27 16:30:26 ----A---- C:\Windows\system32\untfs.dll
2009-12-27 16:30:26 ----A---- C:\Windows\system32\tscupgrd.exe
2009-12-27 16:30:23 ----A---- C:\Windows\system32\umpnpmgr.dll
2009-12-27 16:30:23 ----A---- C:\Windows\system32\ulib.dll
2009-12-27 16:30:23 ----A---- C:\Windows\system32\uDWM.dll
2009-12-27 16:30:23 ----A---- C:\Windows\system32\systemcpl.dll
2009-12-27 16:30:15 ----A---- C:\Windows\system32\tsbyuv.dll
2009-12-27 16:30:15 ----A---- C:\Windows\system32\tquery.dll
2009-12-27 16:30:15 ----A---- C:\Windows\system32\tcpmon.dll
2009-12-27 16:30:15 ----A---- C:\Windows\system32\tcpipcfg.dll
2009-12-27 16:30:15 ----A---- C:\Windows\system32\taskeng.exe
2009-12-27 16:30:15 ----A---- C:\Windows\system32\tapisrv.dll
2009-12-27 16:30:14 ----A---- C:\Windows\system32\themeui.dll
2009-12-27 16:30:14 ----A---- C:\Windows\system32\themecpl.dll
2009-12-27 16:30:14 ----A---- C:\Windows\system32\thawbrkr.dll
2009-12-27 16:30:14 ----A---- C:\Windows\system32\termsrv.dll
2009-12-27 16:30:14 ----A---- C:\Windows\system32\taskcomp.dll
2009-12-27 16:27:34 ----D---- C:\Windows\system32\EventProviders
2009-12-27 15:57:41 ----D---- C:\Program Files\SystemRequirementsLab
2009-12-27 13:27:38 ----A---- C:\Windows\system32\TVWizudlg.exe
2009-12-27 13:27:38 ----A---- C:\Windows\system32\igfxtvcx.dll
2009-12-27 13:22:49 ----D---- C:\Windows\system32\x64
2009-12-27 13:21:09 ----D---- C:\Intel
2009-12-27 13:17:24 ----D---- C:\ProgramData\ma-config.com
2009-12-27 13:17:24 ----D---- C:\Program Files\ma-config.com
2009-12-27 13:02:15 ----A---- C:\Windows\ntbtlog.txt
2009-12-26 20:39:22 ----D---- C:\ProgramData\Electronic Arts
2009-12-26 20:35:31 ----D---- C:\Program Files\Microsoft WSE
2009-12-26 20:35:20 ----A---- C:\Windows\system32\d3dx9_31.dll
2009-12-26 20:16:25 ----D---- C:\Program Files\Electronic Arts
2009-12-20 09:39:44 ----A---- C:\Windows\system32\tzres.dll
2009-12-19 16:11:35 ----A---- C:\Windows\system32\msxml6.dll
2009-12-19 16:11:35 ----A---- C:\Windows\system32\msxml3.dll
2009-12-19 16:11:05 ----A---- C:\Windows\system32\winhttp.dll
2009-12-19 16:10:14 ----A---- C:\Windows\system32\mshtml.dll
2009-12-19 16:10:13 ----A---- C:\Windows\system32\ieframe.dll
2009-12-19 16:10:12 ----A---- C:\Windows\system32\wininet.dll
2009-12-19 16:10:12 ----A---- C:\Windows\system32\urlmon.dll
2009-12-19 16:10:12 ----A---- C:\Windows\system32\iertutil.dll
2009-12-19 16:10:11 ----A---- C:\Windows\system32\occache.dll
2009-12-19 16:10:11 ----A---- C:\Windows\system32\msfeeds.dll
2009-12-19 16:10:11 ----A---- C:\Windows\system32\iedkcs32.dll
2009-12-19 16:10:10 ----A---- C:\Windows\system32\msfeedssync.exe
2009-12-19 16:10:10 ----A---- C:\Windows\system32\msfeedsbs.dll
2009-12-19 16:10:10 ----A---- C:\Windows\system32\jsproxy.dll
2009-12-19 16:10:10 ----A---- C:\Windows\system32\ieUnatt.exe
2009-12-19 16:10:10 ----A---- C:\Windows\system32\ieui.dll
2009-12-19 16:10:10 ----A---- C:\Windows\system32\iesysprep.dll
2009-12-19 16:10:10 ----A---- C:\Windows\system32\iesetup.dll
2009-12-19 16:10:10 ----A---- C:\Windows\system32\iernonce.dll
2009-12-19 16:10:10 ----A---- C:\Windows\system32\iepeers.dll
2009-12-19 16:10:10 ----A---- C:\Windows\system32\ie4uinit.exe
2009-12-19 16:09:49 ----A---- C:\Windows\system32\nshhttp.dll
2009-12-19 16:09:49 ----A---- C:\Windows\system32\httpapi.dll
2009-12-19 16:09:00 ----A---- C:\Windows\system32\rastls.dll

======List of files/folders modified in the last 1 months======

2010-01-10 18:28:07 ----RD---- C:\Program Files
2010-01-10 18:28:07 ----D---- C:\Windows\Prefetch
2010-01-10 18:28:04 ----D---- C:\Windows\Temp
2010-01-10 18:24:43 ----A---- C:\ProgramData\HPWALog.txt
2010-01-10 18:22:32 ----HD---- C:\ProgramData
2010-01-10 18:22:22 ----A---- C:\ProgramData\hpqp.ini
2010-01-10 18:21:32 ----D---- C:\Program Files\Blue Coat K9 Web Protection
2010-01-08 16:23:08 ----D---- C:\ProgramData\WildTangent
2010-01-08 16:20:21 ----D---- C:\Users\alissia\AppData\Roaming\Macromedia
2010-01-08 16:16:50 ----SHD---- C:\System Volume Information
2010-01-05 13:13:45 ----D---- C:\Windows\System32
2010-01-05 13:13:45 ----D---- C:\Windows\inf
2010-01-05 13:13:45 ----A---- C:\Windows\system32\PerfStringBackup.INI
2010-01-04 11:30:34 ----D---- C:\Windows\system32\WDI
2009-12-31 11:38:39 ----HD---- C:\Program Files\InstallShield Installation Information
2009-12-31 11:33:35 ----D---- C:\Windows\Minidump
2009-12-31 11:33:29 ----D---- C:\Windows
2009-12-30 14:39:06 ----SD---- C:\Windows\Downloaded Program Files
2009-12-30 10:52:32 ----SHD---- C:\Windows\Installer
2009-12-30 08:56:30 ----D---- C:\Windows\system32\catroot2
2009-12-29 10:31:16 ----D---- C:\Windows\rescache
2009-12-29 10:15:50 ----D---- C:\Windows\Microsoft.NET
2009-12-29 10:15:49 ----RSD---- C:\Windows\assembly
2009-12-29 10:13:26 ----D---- C:\Windows\system32\Tasks
2009-12-29 09:41:29 ----D---- C:\Windows\system32\wbem
2009-12-29 09:41:29 ----D---- C:\Windows\system32\it-IT
2009-12-29 09:41:29 ----D---- C:\Windows\system32\fr-FR
2009-12-29 09:41:29 ----D---- C:\Windows\system32\drivers
2009-12-29 09:41:29 ----D---- C:\Windows\system32\de-DE
2009-12-29 09:41:27 ----D---- C:\Windows\system32\zh-HK
2009-12-29 09:41:27 ----D---- C:\Windows\system32\uk-UA
2009-12-29 09:41:27 ----D---- C:\Windows\system32\sr-Latn-CS
2009-12-29 09:41:27 ----D---- C:\Windows\system32\sl-SI
2009-12-29 09:41:27 ----D---- C:\Windows\system32\pt-PT
2009-12-29 09:41:27 ----D---- C:\Windows\system32\pt-BR
2009-12-29 09:41:27 ----D---- C:\Windows\system32\pl-PL
2009-12-29 09:41:27 ----D---- C:\Windows\system32\nl-NL
2009-12-29 09:41:27 ----D---- C:\Windows\system32\ko-KR
2009-12-29 09:41:27 ----D---- C:\Windows\system32\hu-HU
2009-12-29 09:41:27 ----D---- C:\Windows\system32\hr-HR
2009-12-29 09:41:27 ----D---- C:\Windows\system32\he-IL
2009-12-29 09:41:27 ----D---- C:\Windows\system32\fi-FI
2009-12-29 09:41:27 ----D---- C:\Windows\system32\el-GR
2009-12-29 09:41:27 ----D---- C:\Windows\system32\bg-BG
2009-12-29 09:41:26 ----D---- C:\Windows\system32\zh-TW
2009-12-29 09:41:26 ----D---- C:\Windows\system32\zh-CN
2009-12-29 09:41:26 ----D---- C:\Windows\system32\tr-TR
2009-12-29 09:41:26 ----D---- C:\Windows\system32\th-TH
2009-12-29 09:41:26 ----D---- C:\Windows\system32\sv-SE
2009-12-29 09:41:26 ----D---- C:\Windows\system32\sk-SK
2009-12-29 09:41:26 ----D---- C:\Windows\system32\ru-RU
2009-12-29 09:41:26 ----D---- C:\Windows\system32\ro-RO
2009-12-29 09:41:26 ----D---- C:\Windows\system32\nb-NO
2009-12-29 09:41:26 ----D---- C:\Windows\system32\lv-LV
2009-12-29 09:41:26 ----D---- C:\Windows\system32\lt-LT
2009-12-29 09:41:26 ----D---- C:\Windows\system32\ja-JP
2009-12-29 09:41:26 ----D---- C:\Windows\system32\et-EE
2009-12-29 09:41:26 ----D---- C:\Windows\system32\es-ES
2009-12-29 09:41:26 ----D---- C:\Windows\system32\en-US
2009-12-29 09:41:26 ----D---- C:\Windows\system32\da-DK
2009-12-29 09:41:26 ----D---- C:\Windows\system32\cs-CZ
2009-12-29 09:41:26 ----D---- C:\Windows\system32\ar-SA
2009-12-29 07:35:29 ----D---- C:\Windows\winsxs
2009-12-29 07:35:28 ----D---- C:\Windows\system32\catroot
2009-12-27 16:57:52 ----SHD---- C:\boot
2009-12-27 16:51:24 ----D---- C:\Program Files\Windows Mail
2009-12-27 16:51:24 ----D---- C:\Program Files\Windows Calendar
2009-12-27 16:51:24 ----D---- C:\Program Files\Movie Maker
2009-12-27 16:51:23 ----D---- C:\Program Files\Windows Sidebar
2009-12-27 16:51:23 ----D---- C:\Program Files\Windows Photo Gallery
2009-12-27 16:51:23 ----D---- C:\Program Files\Windows Media Player
2009-12-27 16:51:23 ----D---- C:\Program Files\Windows Collaboration
2009-12-27 16:51:23 ----D---- C:\Program Files\Internet Explorer
2009-12-27 16:51:23 ----D---- C:\Program Files\Common Files\System
2009-12-27 16:51:21 ----D---- C:\Windows\servicing
2009-12-27 16:51:21 ----D---- C:\Program Files\Windows Defender
2009-12-27 16:51:11 ----D---- C:\Windows\system32\XPSViewer
2009-12-27 16:51:11 ----D---- C:\Windows\IME
2009-12-27 16:51:06 ----D---- C:\Windows\system32\oobe
2009-12-27 16:51:06 ----D---- C:\Windows\system32\migration
2009-12-27 16:51:06 ----D---- C:\Windows\system32\fr
2009-12-27 16:51:05 ----D---- C:\Windows\system32\AdvancedInstallers
2009-12-27 16:51:03 ----D---- C:\Windows\system32\SLUI
2009-12-27 16:51:03 ----D---- C:\Windows\system32\setup
2009-12-27 16:51:01 ----D---- C:\Windows\system32\manifeststore
2009-12-27 16:50:59 ----D---- C:\Windows\system32\migwiz
2009-12-27 16:50:44 ----RSD---- C:\Windows\Fonts
2009-12-27 16:50:44 ----D---- C:\Windows\AppPatch
2009-12-27 16:50:36 ----D---- C:\Windows\system32\Boot
2009-12-27 13:27:37 ----D---- C:\Windows\system32\Lang
2009-12-27 13:27:36 ----D---- C:\Program Files\Intel
2009-12-26 20:35:33 ----SD---- C:\Users\alissia\AppData\Roaming\Microsoft
2009-12-26 20:35:17 ----D---- C:\Windows\Logs
2009-12-20 09:38:23 ----D---- C:\ProgramData\Microsoft Help
2009-12-19 15:48:18 ----D---- C:\Windows\system32\config
2009-12-19 15:48:14 ----D---- C:\Windows\Tasks
2009-12-19 15:48:14 ----D---- C:\Windows\system32\spool
2009-12-19 15:48:14 ----D---- C:\Windows\system32\Msdtc
2009-12-19 15:48:10 ----D---- C:\Windows\registration

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R1 bckd;bckd; C:\Windows\system32\drivers\bckd.sys [2009-01-14 72992]
R1 MpFilter;Microsoft Malware Protection Driver; C:\Windows\system32\DRIVERS\MpFilter.sys [2009-06-18 142832]
R3 athr;Atheros Extensible Wireless LAN device driver; C:\Windows\system32\DRIVERS\athr.sys [2008-12-19 1093120]
R3 CmBatt;Treiber für Microsoft-ACPI-Kontrollmethodenkompatible Batterie; C:\Windows\system32\DRIVERS\CmBatt.sys [2008-01-21 14208]
R3 GEARAspiWDM;GEAR ASPI Filter Driver; C:\Windows\system32\DRIVERS\GEARAspiWDM.sys [2009-05-18 26600]
R3 HpqKbFiltr;HpqKbFilter Driver; C:\Windows\system32\DRIVERS\HpqKbFiltr.sys [2007-06-18 16768]
R3 igfx;igfx; C:\Windows\system32\DRIVERS\igdkmd32.sys [2009-10-30 6226432]
R3 IntcHdmiAddService;Intel(R) High Definition Audio HDMI; C:\Windows\system32\drivers\IntcHdmi.sys [2009-07-10 122880]
R3 MpNWMon;Microsoft Malware Protection Network Driver; C:\Windows\system32\DRIVERS\MpNWMon.sys [2009-06-18 42480]
R3 RTL8169;Realtek 8169 NT Driver; C:\Windows\system32\DRIVERS\Rtlh86.sys [2008-12-23 138240]
R3 STHDA;IDT High Definition Audio CODEC; C:\Windows\system32\DRIVERS\stwrt.sys [2009-01-20 394240]
R3 SynTP;Synaptics TouchPad Driver; C:\Windows\system32\DRIVERS\SynTP.sys [2008-12-04 204976]
R3 usbvideo;Périphérique vidéo USB (WDM); C:\Windows\System32\Drivers\usbvideo.sys [2008-01-21 134016]
R3 WmiAcpi;Microsoft Windows Management Interface for ACPI; C:\Windows\system32\DRIVERS\wmiacpi.sys [2008-01-21 11264]
R3 WUDFRd;WUDFRd; C:\Windows\system32\DRIVERS\WUDFRd.sys [2008-01-21 83328]
S3 driverhardwarev2;driverhardwarev2; \??\C:\Program Files\ma-config.com\Drivers\driverhardwarev2.sys [2009-12-18 14336]
S3 drmkaud;Filtre de décodeur DRM (Noyau Microsoft); C:\Windows\system32\drivers\drmkaud.sys [2008-01-21 5632]
S3 ErrDev;Microsoft Hardware Error Device Driver; C:\Windows\system32\drivers\errdev.sys [2008-01-21 6656]
S3 HdAudAddService;Microsoft 1.1 UAA-Funktionstreiber für High Definition Audio-Dienst; C:\Windows\system32\drivers\HdAudio.sys [2006-11-02 235520]
S3 MSKSSRV;Microsoft Streaming Service Proxy; C:\Windows\system32\drivers\MSKSSRV.sys [2008-01-21 8192]
S3 MSPCLOCK;Microsoft Proxy für Streaming Clock; C:\Windows\system32\drivers\MSPCLOCK.sys [2008-01-21 5888]
S3 MSPQM;Microsoft Proxy für Streaming Quality Manager; C:\Windows\system32\drivers\MSPQM.sys [2008-01-21 5504]
S3 MSTEE;Microsoft Streaming Tee/Sink-to-Sink-Konvertierung; C:\Windows\system32\drivers\MSTEE.sys [2008-01-21 6016]
S3 NETw3v32;Intel(R) PRO/Wireless 3945ABG Adapter Driver for Windows Vista 32 Bit; C:\Windows\system32\DRIVERS\NETw3v32.sys [2008-01-21 2225664]
S3 RTSTOR;Realtek USB 2.0 Card Reader; C:\Windows\system32\drivers\RTSTOR.SYS [2008-12-29 60416]
S3 sdbus;sdbus; C:\Windows\system32\DRIVERS\sdbus.sys [2008-01-21 88576]
S3 yukonwlh;NDIS6.0 Miniport Driver for Marvell Yukon Ethernet Controller; C:\Windows\system32\DRIVERS\yk60x86.sys [2006-11-02 194048]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 AESTFilters;Andrea ST Filters Service; C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_fa807195\aestsrv.exe [2009-01-20 81920]
R2 Apple Mobile Device;Apple Mobile Device; C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe [2009-08-28 144672]
R2 bckwfs;Blue Coat K9 Web Protection; C:\Program Files\Blue Coat K9 Web Protection\k9filter.exe [2009-01-14 1078560]
R2 Bonjour Service;Service Bonjour; C:\Program Files\Bonjour\mDNSResponder.exe [2008-12-12 238888]
R2 ezSharedSvc;Easybits Shared Services for Windows; C:\Windows\system32\svchost.exe [2008-01-21 21504]
R2 HP Health Check Service;HP Health Check Service; c:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe [2008-10-09 94208]
R2 LightScribeService;LightScribeService Direct Disc Labeling Service; C:\Program Files\Common Files\LightScribe\LSSrvc.exe [2008-06-09 73728]
R2 MsMpSvc;@c:\Program Files\Microsoft Security Essentials\MpAsDesc.dll,-241; c:\Program Files\Microsoft Security Essentials\MsMpEng.exe [2009-07-02 17904]
R2 Recovery Service for Windows;Recovery Service for Windows; C:\Program Files\SMINST\BLService.exe [2008-12-23 365952]
R2 RichVideo;Cyberlink RichVideo Service(CRVS); C:\Program Files\CyberLink\Shared files\RichVideo.exe [2008-11-26 247152]
R2 SeaPort;SeaPort; C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe [2009-05-19 240512]
R2 STacSV;Audio Service; C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_fa807195\STacSV.exe [2009-01-20 249938]
R3 Com4QLBEx;Com4QLBEx; C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe [2008-12-04 222512]
R3 hpqwmiex;hpqwmiex; C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe [2008-10-23 223232]
R3 iPod Service;Service de l’iPod; C:\Program Files\iPod\bin\iPodService.exe [2009-09-21 545568]
S3 FontCache;@%systemroot%\system32\FntCache.dll,-100; C:\Windows\system32\svchost.exe [2008-01-21 21504]
S3 GameConsoleService;GameConsoleService; C:\Program Files\HP Games\My HP Game Console\GameConsoleService.exe [2008-05-05 165416]
S3 maconfservice;Ma-Config Service; C:\Program Files\ma-config.com\maconfservice.exe [2009-12-17 243056]
S3 odserv;Microsoft Office Diagnostics Service; C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE [2008-11-04 441712]
S3 ose;Office Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2006-10-26 145184]

-----------------EOF-----------------
BUS
 
Messages: 42
Inscription: 28 Juil 2003 20:14
Localisation: CH / NE - 2025

Re: Infection virale demande d'analyse

Messagepar BUS » 10 Jan 2010 22:24

Toujours pour le deuxième ordio, le second rapport RSIT info

info.txt logfile of random's system information tool 1.06 2010-01-10 18:28:09

======Uninstall list======

-->"C:\Program Files\HP Games\Agatha Christie - Death on the Nile\Uninstall.exe"
-->"C:\Program Files\HP Games\Bejeweled 2 Deluxe\Uninstall.exe"
-->"C:\Program Files\HP Games\Blasterball 3\Uninstall.exe"
-->"C:\Program Files\HP Games\Build-a-lot 2\Uninstall.exe"
-->"C:\Program Files\HP Games\Chuzzle Deluxe\Uninstall.exe"
-->"C:\Program Files\HP Games\Crystal Maze\Uninstall.exe"
-->"C:\Program Files\HP Games\Diner Dash 2 Restaurant Rescue\Uninstall.exe"
-->"C:\Program Files\HP Games\Diner Dash\Uninstall.exe"
-->"C:\Program Files\HP Games\Escape the Museum\Uninstall.exe"
-->"C:\Program Files\HP Games\FATE\Uninstall.exe"
-->"C:\Program Files\HP Games\Gem Shop\Uninstall.exe"
-->"C:\Program Files\HP Games\Granny in Paradise\Uninstall.exe"
-->"C:\Program Files\HP Games\Insaniquarium Deluxe\Uninstall.exe"
-->"C:\Program Files\HP Games\Magic Academy\Uninstall.exe"
-->"C:\Program Files\HP Games\Mah Jong Quest\Uninstall.exe"
-->"C:\Program Files\HP Games\Mahjongg Artifacts\Uninstall.exe"
-->"C:\Program Files\HP Games\My HP Game Console\Uninstall.exe"
-->"C:\Program Files\HP Games\Peggle\Uninstall.exe"
-->"C:\Program Files\HP Games\Penguins!\Uninstall.exe"
-->"C:\Program Files\HP Games\Polar Bowler\Uninstall.exe"
-->"C:\Program Files\HP Games\Polar Golfer Pineapple Cup\Uninstall.exe"
-->"C:\Program Files\HP Games\Polar Golfer\Uninstall.exe"
-->"C:\Program Files\HP Games\Polar Pool\Uninstall.exe"
-->"C:\Program Files\HP Games\Slingo Deluxe\Uninstall.exe"
-->"C:\Program Files\HP Games\Snowy - Treasure Hunter 2\Uninstall.exe"
-->"C:\Program Files\HP Games\SPORE Creature Creator Trial Edition\Uninstall.exe"
-->"C:\Program Files\HP Games\Tradewinds Legends\Uninstall.exe"
-->"C:\Program Files\HP Games\Tradewinds\Uninstall.exe"
-->"C:\Program Files\HP Games\Virtual Villagers - A New Home\Uninstall.exe"
-->"C:\Program Files\HP Games\Virtual Villagers - The Secret City\Uninstall.exe"
-->"C:\Program Files\HP Games\Zuma Deluxe\Uninstall.exe"
Activation Assistant for the 2007 Microsoft Office suites-->"C:\ProgramData\{174892B1-CBE7-44F5-86FF-AB555EFD73A3}\Microsoft Office Activation Assistant.exe" REMOVE=TRUE MODIFY=FALSE
ActiveCheck component for HP Active Support Library-->MsiExec.exe /X{254C37AA-6B72-4300-84F6-98A82419187E}
Adobe Flash Player 10 ActiveX-->C:\Windows\system32\Macromed\Flash\uninstall_activeX.exe
Adobe Flash Player 10 Plugin-->C:\Windows\system32\Macromed\Flash\uninstall_plugin.exe
Adobe Reader 9 - Français-->MsiExec.exe /I{AC76BA86-7AD7-1036-7B44-A90000000001}
Adobe Shockwave Player 11.5-->"C:\Windows\system32\Adobe\Shockwave 11\uninstaller.exe"
Adobe Shockwave Player-->MsiExec.exe /X{AD72CFB4-C2BF-424E-9DF0-C7BAD1F30A11}
AOL Toolbar 5.0-->"C:\Program Files\AOL\AOL Toolbar 5.0\uninstall.exe"
Apple Application Support-->MsiExec.exe /I{0C34B801-6AEC-4667-B053-03A67E2D0415}
Apple Mobile Device Support-->MsiExec.exe /I{AADEA55D-C834-4BCB-98A3-4B8D1C18F4EE}
Apple Software Update-->MsiExec.exe /I{6956856F-B6B3-4BE0-BA0B-8F495BE32033}
Assistant de connexion Windows Live-->MsiExec.exe /I{DCE8CD14-FBF5-4464-B9A4-E18E473546C7}
Atheros Driver Installation Program-->C:\Program Files\InstallShield Installation Information\{C3A32068-8AB1-4327-BB16-BED9C6219DC7}\setup.exe -runfromtemp -l0x0007
Blue Coat® K9 Web Protection 4.0.288-->C:\Program Files\Blue Coat K9 Web Protection\uninst.exe
Bonjour-->MsiExec.exe /I{07287123-B8AC-41CE-8346-3D777245C35B}
CyberLink DVD Suite-->"C:\Program Files\InstallShield Installation Information\{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}\Setup.exe" /z-uninstall
CyberLink DVD Suite-->"C:\Program Files\InstallShield Installation Information\{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}\Setup.exe" /z-uninstall
CyberLink YouCam-->"C:\Program Files\InstallShield Installation Information\{01FB4998-33C4-4431-85ED-079E3EEFE75D}\setup.exe" /z-uninstall
CyberLink YouCam-->"C:\Program Files\InstallShield Installation Information\{01FB4998-33C4-4431-85ED-079E3EEFE75D}\setup.exe" /z-uninstall
ESU for Microsoft Vista-->MsiExec.exe /I{3877C901-7B90-4727-A639-B6ED2DD59D43}
Galerie de photos Windows Live-->MsiExec.exe /X{B131E59D-202C-43C6-84C9-68F0C37541F1}
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)-->C:\Windows\system32\msiexec.exe /package {CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9} /uninstall /qb+ REBOOTPROMPT=""
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)-->C:\Windows\system32\msiexec.exe /package {CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9} /uninstall {A7EEA2F2-BFCD-4A54-A575-7B81A786E658} /qb+ REBOOTPROMPT=""
HP Active Support Library-->"C:\Program Files\InstallShield Installation Information\{CE7E3BE0-2DD3-4416-A690-F9E4A99A8CFF}\setup.exe" -runfromtemp -l0x0409 -removeonly
HP Common Access Service Library-->MsiExec.exe /I{732A3F80-008B-4350-BD58-EC5AE98707B8}
HP Customer Experience Enhancements-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\00\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{57A5AEC1-97FC-474D-92C4-908FCC2253D4}\setup.exe" -l0x9 -removeonly
HP DVD Play 3.7-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{45D707E9-F3C4-11D9-A373-0050BAE317E1}\Setup.exe" -uninstall
HP Help and Support-->MsiExec.exe /I{0054A0F6-00C9-4498-B821-B5C9578F433E}
HP Quick Launch Buttons 6.40 M1-->C:\Program Files\InstallShield Installation Information\{34D2AB40-150D-475D-AE32-BD23FB5EE355}\setup.exe -runfromtemp -l0x0007 uninst
HP Total Care Setup-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\00\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{95A747E0-DF19-46CB-A622-20A0107201BD}\setup.exe" -l0x9 -removeonly
HP Update-->MsiExec.exe /X{47F36D92-E58E-456D-B73C-3382737E4C42}
HP User Guides 0138-->MsiExec.exe /X{17050C48-16CB-4500-A102-CEAD750CE11E}
HP Wireless Assistant-->MsiExec.exe /X{E5E29403-3D25-40C6-892B-F9FEE2A95585}
HPAsset component for HP Active Support Library-->MsiExec.exe /X{669D4A35-146B-4314-89F1-1AC3D7B88367}
HPNetworkAssistant-->MsiExec.exe /I{228C6B46-64E2-404E-898A-EF0830603EF4}
IDT Audio-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\10\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{E3A5A8AB-58F6-45FF-AFCB-C9AE18C05001}\setup.exe" -remove -removeonly
Installation Windows Live-->C:\Program Files\Windows Live\Installer\wlarp.exe
Installation Windows Live-->MsiExec.exe /I{46ABBC54-1872-4AA3-95E2-F2C063A63F31}
Intel(R) Graphics Media Accelerator Driver-->C:\Program Files\Intel\Intel(R) Graphics Media Accelerator Driver\Uninstall\setup.exe -uninstall
Intel(R) Graphics Media Accelerator Driver-->C:\Windows\system32\igxpun.exe -uninstall
Intel(R) TV Wizard-->C:\Windows\system32\TVWizudlg.exe -uninstall
iTunes-->MsiExec.exe /I{DA34FE93-5DC5-48E0-ACC8-A5389E05BB51}
Java(TM) 6 Update 11-->MsiExec.exe /X{26A24AE4-039D-4CA4-87B4-2F83216011FF}
Junk Mail filter update-->MsiExec.exe /I{E2DFE069-083E-4631-9B6C-43C48E991DE5}
LabelPrint-->"C:\Program Files\InstallShield Installation Information\{C59C179C-668D-49A9-B6EA-0121CCFC1243}\Setup.exe" /z-uninstall
LabelPrint-->"C:\Program Files\InstallShield Installation Information\{C59C179C-668D-49A9-B6EA-0121CCFC1243}\Setup.exe" /z-uninstall
LightScribe System Software 1.14.17.1-->MsiExec.exe /X{0E7DBD52-B097-4F2B-A7C7-F105B0D20FDB}
Ma-Config.com-->MsiExec.exe /X{18754BA4-4F0C-4E6E-888B-9496AFA05F43}
Microsoft .NET Framework 3.5 Language Pack SP1 - fra-->MsiExec.exe /I{3E31821C-7917-367E-938E-E65FC413EA31}
Microsoft .NET Framework 3.5 SP1-->c:\Windows\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 SP1\setup.exe
Microsoft .NET Framework 3.5 SP1-->MsiExec.exe /I{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}
Microsoft Antimalware Service FR-FR Language Pack-->MsiExec.exe /X{A4526B5A-89C0-4F4B-9E6E-4F883374D5F9}
Microsoft Antimalware-->MsiExec.exe /X{A0A77CDC-2419-4D5C-AD2C-E09E5926B806}
Microsoft Choice Guard-->MsiExec.exe /X{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}
Microsoft Office 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-0016-040C-0000-0000000FF1CE} /uninstall {AE187E0D-EBA5-4EE1-A397-BF1A577CB24C}
Microsoft Office 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-0018-040C-0000-0000000FF1CE} /uninstall {AE187E0D-EBA5-4EE1-A397-BF1A577CB24C}
Microsoft Office 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-001B-040C-0000-0000000FF1CE} /uninstall {AE187E0D-EBA5-4EE1-A397-BF1A577CB24C}
Microsoft Office 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-006E-040C-0000-0000000FF1CE} /uninstall {B165D3C2-40AE-4D39-86F7-E5C87C4264C0}
Microsoft Office 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-00A1-040C-0000-0000000FF1CE} /uninstall {AE187E0D-EBA5-4EE1-A397-BF1A577CB24C}
Microsoft Office 2007 Service Pack 2 (SP2)-->msiexec /package {91120000-002F-0000-0000-0000000FF1CE} /uninstall {0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}
Microsoft Office Excel MUI (French) 2007-->MsiExec.exe /X{90120000-0016-040C-0000-0000000FF1CE}
Microsoft Office Home and Student 2007-->"C:\Program Files\Common Files\Microsoft Shared\OFFICE12\Office Setup Controller\setup.exe" /uninstall HOMESTUDENTR /dll OSETUP.DLL
Microsoft Office Home and Student 2007-->MsiExec.exe /X{91120000-002F-0000-0000-0000000FF1CE}
Microsoft Office Live Add-in 1.3-->MsiExec.exe /I{57F0ED40-8F11-41AA-B926-4A66D0D1A9CC}
Microsoft Office OneNote MUI (French) 2007-->MsiExec.exe /X{90120000-00A1-040C-0000-0000000FF1CE}
Microsoft Office PowerPoint MUI (French) 2007-->MsiExec.exe /X{90120000-0018-040C-0000-0000000FF1CE}
Microsoft Office PowerPoint Viewer 2007 (French)-->MsiExec.exe /X{95120000-00AF-040C-0000-0000000FF1CE}
Microsoft Office Proof (Arabic) 2007-->MsiExec.exe /X{90120000-001F-0401-0000-0000000FF1CE}
Microsoft Office Proof (Dutch) 2007-->MsiExec.exe /X{90120000-001F-0413-0000-0000000FF1CE}
Microsoft Office Proof (English) 2007-->MsiExec.exe /X{90120000-001F-0409-0000-0000000FF1CE}
Microsoft Office Proof (French) 2007-->MsiExec.exe /X{90120000-001F-040C-0000-0000000FF1CE}
Microsoft Office Proof (German) 2007-->MsiExec.exe /X{90120000-001F-0407-0000-0000000FF1CE}
Microsoft Office Proof (Spanish) 2007-->MsiExec.exe /X{90120000-001F-0C0A-0000-0000000FF1CE}
Microsoft Office Proofing (French) 2007-->MsiExec.exe /X{90120000-002C-040C-0000-0000000FF1CE}
Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-001F-0401-0000-0000000FF1CE} /uninstall {14809F99-C601-4D4A-9391-F1E8FAA964C5}
Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-001F-0407-0000-0000000FF1CE} /uninstall {A0516415-ED61-419A-981D-93596DA74165}
Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-001F-0409-0000-0000000FF1CE} /uninstall {ABDDE972-355B-4AF1-89A8-DA50B7B5C045}
Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-001F-040C-0000-0000000FF1CE} /uninstall {F580DDD5-8D37-4998-968E-EBB76BB86787}
Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-001F-0413-0000-0000000FF1CE} /uninstall {D66D5A44-E480-4BA4-B4F2-C554F6B30EBB}
Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-001F-0C0A-0000-0000000FF1CE} /uninstall {187308AB-5FA7-4F14-9AB9-D290383A10D9}
Microsoft Office Shared MUI (French) 2007-->MsiExec.exe /X{90120000-006E-040C-0000-0000000FF1CE}
Microsoft Office Word MUI (French) 2007-->MsiExec.exe /X{90120000-001B-040C-0000-0000000FF1CE}
Microsoft Search Enhancement Pack-->MsiExec.exe /X{4CBA3D4C-8F51-4D60-B27E-F6B641C571E7}
Microsoft Security Essentials-->C:\Program Files\Microsoft Security Essentials\setup.exe /x
Microsoft Security Essentials-->MsiExec.exe /I{48B3FB4D-CE22-488C-8E9F-24EBB77EAC0F}
Microsoft Silverlight-->MsiExec.exe /X{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}
Microsoft SQL Server 2005 Compact Edition [ENU]-->MsiExec.exe /I{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}
Microsoft Sync Framework Runtime Native v1.0 (x86)-->MsiExec.exe /I{8A74E887-8F0F-4017-AF53-CBA42211AAA5}
Microsoft Sync Framework Services Native v1.0 (x86)-->MsiExec.exe /I{BD64AF4A-8C80-4152-AD77-FCDDF05208AB}
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053-->MsiExec.exe /X{770657D0-A123-3C07-8E44-1C83EC895118}
Microsoft Visual C++ 2005 Redistributable-->MsiExec.exe /X{7299052b-02a4-4627-81f2-1818da5d550d}
Microsoft Works-->MsiExec.exe /I{3B160861-7250-451E-B5EE-8B92BF30A710}
Microsoft WSE 3.0 Runtime-->MsiExec.exe /X{E3E71D07-CD27-46CB-8448-16D4FB29AA13}
Mise à jour Microsoft Office Excel 2007 Help (KB963678)-->msiexec /package {90120000-0016-040C-0000-0000000FF1CE} /uninstall {B761869A-B85C-40E2-994C-A1CE78AC8F2C}
Mise à jour Microsoft Office Powerpoint 2007 Help (KB963669)-->msiexec /package {90120000-0018-040C-0000-0000000FF1CE} /uninstall {C3DCA38E-005E-41BA-A52A-7C3429F351C3}
Mise à jour Microsoft Office Word 2007 Help (KB963665)-->msiexec /package {90120000-001B-040C-0000-0000000FF1CE} /uninstall {81536A04-DBFB-4DB3-978F-0F284590C223}
Module de compatibilité pour Microsoft Office System 2007-->MsiExec.exe /X{90120000-0020-040C-0000-0000000FF1CE}
Module linguistique Microsoft .NET Framework 3.5 SP1- fra-->c:\Windows\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 Language Pack SP1 - fra\setup.exe
Mozilla Firefox (3.5.3)-->C:\Program Files\Mozilla Firefox\uninstall\helper.exe
MSVCRT-->MsiExec.exe /I{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}
MSXML 4.0 SP2 (KB954430)-->MsiExec.exe /I{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}
MSXML 4.0 SP2 (KB973688)-->MsiExec.exe /I{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}
My HP Games-->"C:\Program Files\HP Games\Uninstall.exe"
OGA Notifier 2.0.0048.0-->MsiExec.exe /I{B2544A03-10D0-4E5E-BA69-0362FFC20D18}
Outil de téléchargement Windows Live-->MsiExec.exe /I{205C6BDD-7B73-42DE-8505-9A093F35A238}
Power2Go-->"C:\Program Files\InstallShield Installation Information\{40BF1E83-20EB-11D8-97C5-0009C5020658}\Setup.exe" /z-uninstall
Power2Go-->"C:\Program Files\InstallShield Installation Information\{40BF1E83-20EB-11D8-97C5-0009C5020658}\Setup.exe" /z-uninstall
PowerDirector-->"C:\Program Files\InstallShield Installation Information\{CB099890-1D5F-11D5-9EA9-0050BAE317E1}\Setup.exe" /z-uninstall
PowerDirector-->"C:\Program Files\InstallShield Installation Information\{CB099890-1D5F-11D5-9EA9-0050BAE317E1}\Setup.exe" /z-uninstall
QuickTime-->MsiExec.exe /I{A429C2AE-EBF1-4F81-A221-1C115CAADDAD}
Realtek 8169 8168 8101E 8102E Ethernet Driver-->"C:\Program Files\InstallShield Installation Information\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}\setup.exe" -runfromtemp -l0x0007 -removeonly
Realtek USB 2.0 Card Reader-->C:\Program Files\InstallShield Installation Information\{DC24971E-1946-445D-8A82-CE685433FA7D}\setup.exe -runfromtemp -l0x0007 -removeonly
Sandlot Games Client Services 1.2.2-->"C:\Program Files\Common Files\Sandlot Shared\unins000.exe"
Security Update for 2007 Microsoft Office System (KB969559)-->msiexec /package {91120000-002F-0000-0000-0000000FF1CE} /uninstall {69F52148-9BF6-4CDC-BF76-103DEAF3DD08}
Security Update for 2007 Microsoft Office System (KB973704)-->msiexec /package {91120000-002F-0000-0000-0000000FF1CE} /uninstall {E626DC89-A787-4553-9BB3-DC2EC7E1593F}
Security Update for Microsoft Office Excel 2007 (KB973593)-->msiexec /package {91120000-002F-0000-0000-0000000FF1CE} /uninstall {7D6255E3-3423-4D8B-A328-F6F8D28DD5FE}
Security Update for Microsoft Office PowerPoint 2007 (KB957789)-->msiexec /package {91120000-002F-0000-0000-0000000FF1CE} /uninstall {7559E742-FF9F-4FAE-B279-008ED296CB4D}
Security Update for Microsoft Office system 2007 (972581)-->msiexec /package {91120000-002F-0000-0000-0000000FF1CE} /uninstall {3D019598-7B59-447A-80AE-815B703B84FF}
Security Update for Microsoft Office system 2007 (KB969613)-->msiexec /package {91120000-002F-0000-0000-0000000FF1CE} /uninstall {5ECEB317-CBE9-4E08-AB10-756CB6F0FB6C}
Security Update for Microsoft Office system 2007 (KB974234)-->msiexec /package {91120000-002F-0000-0000-0000000FF1CE} /uninstall {FCD742B9-7A55-44BC-A776-F795F21FEDDC}
Security Update for Microsoft Office Visio Viewer 2007 (KB973709)-->msiexec /package {91120000-002F-0000-0000-0000000FF1CE} /uninstall {71127777-8B2C-4F97-AF7A-6CF8CAC8224D}
Skype™ 3.8-->MsiExec.exe /X{5C82DAE5-6EB0-4374-9254-BE3319BA4E82}
Skyrock Toolbar-->C:\Program Files\skyrocktbar\uninstall.exe
SPORE Creature Creator Trial Edition-->"C:\Program Files\HP Games\SPORE Creature Creator Trial Edition\Uninstall.exe"
Synaptics Pointing Device Driver-->rundll32.exe "C:\Program Files\Synaptics\SynTP\SynISDLL.dll",standAloneUninstall
System Requirements Lab-->C:\Program Files\SystemRequirementsLab\Uninstall.exe
Update for 2007 Microsoft Office System (KB967642)-->msiexec /package {91120000-002F-0000-0000-0000000FF1CE} /uninstall {C444285D-5E4F-48A4-91DD-47AAAA68E92D}
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)-->C:\Windows\system32\msiexec.exe /package {CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9} /uninstall {B2AE9C82-DC7B-3641-BFC8-87275C4F3607} /qb+ REBOOTPROMPT=""
Update for Microsoft Office InfoPath 2007 (KB976416)-->msiexec /package {91120000-002F-0000-0000-0000000FF1CE} /uninstall {432C5EE4-8096-4FF1-95E1-65219365DFF7}
Update for Microsoft Office Word 2007 (KB974561)-->msiexec /package {91120000-002F-0000-0000-0000000FF1CE} /uninstall {0CDDBAA2-2111-4A0E-A1B0-76C40C635331}
Windows Live Call-->MsiExec.exe /I{82C7B308-0BDD-49D8-8EA5-9CD3A3F9DF41}
Windows Live Communications Platform-->MsiExec.exe /I{3B4E636E-9D65-4D67-BA61-189800823F52}
Windows Live FolderShare-->MsiExec.exe /X{2075CB0A-D26F-4DAA-B424-5079296B43BA}
Windows Live Mail-->MsiExec.exe /I{5DD76286-9BE7-4894-A990-E905E91AC818}
Windows Live Messenger-->MsiExec.exe /X{770F1BEC-2871-4E70-B837-FB8525FFA3B1}
Windows Live Movie Maker-->MsiExec.exe /X{53B20C18-D8D4-4588-8737-9BBFE303C354}
Windows Live Toolbar-->MsiExec.exe /X{F7D27C70-90F5-49B9-B188-0A133C0CE353}
Windows Live Writer-->MsiExec.exe /X{4634B21A-CC07-4396-890C-2B8168661FEA}
Zylom Games Player Plugin-->"C:\Program Files\Zylom Games\UninstallPlugin.exe" --uninstall

======Security center information======

AS: Windows Defender

======System event log======

Computer Name: PC-de-alissia
Event Code: 4376
Message: Servicing a requis un redémarrage pour terminer la définition du package KB948609(Update) à l’état Installation demandée(Install Requested)
Record Number: 12246
Source Name: Microsoft-Windows-Servicing
Time Written: 20090822062236.000000-000
Event Type: Avertissement
User: AUTORITE NT\SYSTEM

Computer Name: PC-de-alissia
Event Code: 4376
Message: Servicing a requis un redémarrage pour terminer la définition du package KB948609(Update) à l’état Installation demandée(Install Requested)
Record Number: 12146
Source Name: Microsoft-Windows-Servicing
Time Written: 20090822062236.000000-000
Event Type: Avertissement
User: AUTORITE NT\SYSTEM

Computer Name: PC-de-alissia
Event Code: 4376
Message: Servicing a requis un redémarrage pour terminer la définition du package KB948609(Update) à l’état Installation demandée(Install Requested)
Record Number: 12141
Source Name: Microsoft-Windows-Servicing
Time Written: 20090822062236.000000-000
Event Type: Avertissement
User: AUTORITE NT\SYSTEM

Computer Name: PC-de-alissia
Event Code: 4376
Message: Servicing a requis un redémarrage pour terminer la définition du package KB948609(Update) à l’état Installation demandée(Install Requested)
Record Number: 12138
Source Name: Microsoft-Windows-Servicing
Time Written: 20090822062236.000000-000
Event Type: Avertissement
User: AUTORITE NT\SYSTEM

Computer Name: PC-de-alissia
Event Code: 4376
Message: Servicing a requis un redémarrage pour terminer la définition du package KB948609(Update) à l’état Installation demandée(Install Requested)
Record Number: 12134
Source Name: Microsoft-Windows-Servicing
Time Written: 20090822062236.000000-000
Event Type: Avertissement
User: AUTORITE NT\SYSTEM

=====Application event log=====

Computer Name: PC-de-alissia
Event Code: 3013
Message: Impossible de mettre à jour l'entrée <C:\PROGRAMDATA\MICROSOFT\WINDOWS\START MENU\PROGRAMS\SERVICES EN LIGNE\CONNEXION.LNK> dans la configuration de hachage.

Contexte : Application , Catalogue SystemIndex

Détails :
Un périphérique attaché au système ne fonctionne pas correctement. (0x8007001f)

Record Number: 388
Source Name: Microsoft-Windows-Search
Time Written: 20090809173429.000000-000
Event Type: Erreur
User:

Computer Name: PC-de-alissia
Event Code: 3013
Message: Impossible de mettre à jour l'entrée <C:\PROGRAMDATA\MICROSOFT\WINDOWS\START MENU\PROGRAMS\SERVICES EN LIGNE\CONNEXION.LNK> dans la configuration de hachage.

Contexte : Application , Catalogue SystemIndex

Détails :
Un périphérique attaché au système ne fonctionne pas correctement. (0x8007001f)

Record Number: 387
Source Name: Microsoft-Windows-Search
Time Written: 20090809173429.000000-000
Event Type: Erreur
User:

Computer Name: PC-de-alissia
Event Code: 10
Message: Le filtre d’événement avec la requête « SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99 » n’a pas pu être réactivé dans l’espace de noms « //./root/CIMV2 » à cause de l’erreur 0x80041003. Les événements ne peuvent pas être délivrés à travers ce filtre tant que le problème ne sera pas corrigé.
Record Number: 384
Source Name: Microsoft-Windows-WMI
Time Written: 20090809173330.000000-000
Event Type: Erreur
User:

Computer Name: PC-de-alissia
Event Code: 10
Message: Le filtre d’événement avec la requête « SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99 » n’a pas pu être réactivé dans l’espace de noms « //./root/CIMV2 » à cause de l’erreur 0x80041003. Les événements ne peuvent pas être délivrés à travers ce filtre tant que le problème ne sera pas corrigé.
Record Number: 333
Source Name: Microsoft-Windows-WMI
Time Written: 20090809154639.000000-000
Event Type: Erreur
User:

Computer Name: PC-de-alissia
Event Code: 10
Message: Le filtre d’événement avec la requête « SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99 » n’a pas pu être réactivé dans l’espace de noms « //./root/CIMV2 » à cause de l’erreur 0x80041003. Les événements ne peuvent pas être délivrés à travers ce filtre tant que le problème ne sera pas corrigé.
Record Number: 304
Source Name: Microsoft-Windows-WMI
Time Written: 20090809154059.000000-000
Event Type: Erreur
User:

=====Security event log=====

Computer Name: PC-de-alissia
Event Code: 4608
Message: Windows démarre.

Cet événement est journalisé lorsque LSASS.EXE démarre et que le sous-système d’audit est initialisé.
Record Number: 1094
Source Name: Microsoft-Windows-Security-Auditing
Time Written: 20090809153925.158977-000
Event Type: Succès de l'audit
User:

Computer Name: PC-de-alissia
Event Code: 1101
Message: Les événements d’audit ont été ignorés par le transport. Le fichier de sauvegarde en temps réel a été endommagé suite à un arrêt incorrect.
Record Number: 1093
Source Name: Microsoft-Windows-Eventlog
Time Written: 20090809153937.498656-000
Event Type: Succès de l'audit
User:

Computer Name: PC-de-alissia
Event Code: 4905
Message: Une tentative d’annulation d’inscription de la source d’un événement de sécurité a été effectuée.

Sujet :
ID de sécurité : S-1-5-18
Nom du compte : WIN-IYTY7OE2O6X$
Domaine du compte : WORKGROUP
ID d’ouverture de session : 0x3e7

Processus :
ID du processus : 0x830
Nom du processus : C:\Windows\System32\VSSVC.exe

Source de l’événement :
Nom de la source : VSSAudit
ID de la source de l’événement : 0x233244
Record Number: 1092
Source Name: Microsoft-Windows-Security-Auditing
Time Written: 20090809150956.724800-000
Event Type: Succès de l'audit
User:

Computer Name: PC-de-alissia
Event Code: 4904
Message: Une tentative d’inscription de la source d’un événement de sécurité a été effectuée.

Sujet :
ID de sécurité : S-1-5-18
Nom du compte : WIN-IYTY7OE2O6X$
Domaine du compte : WORKGROUP
ID d’ouverture de session : 0x3e7

Processus :
ID du processus : 0x830
Nom du processus : C:\Windows\System32\VSSVC.exe

Source de l’événement :
Nom de la source : VSSAudit
ID de la source de l’événement : 0x233244
Record Number: 1091
Source Name: Microsoft-Windows-Security-Auditing
Time Written: 20090809150956.724800-000
Event Type: Succès de l'audit
User:

Computer Name: PC-de-alissia
Event Code: 1102
Message: Le journal d’audit a été effacé.
Objet :
ID de sécurité : S-1-5-21-893002743-3025900096-4246286890-1000
Nom de compte : alissia
Nom de domaine : PC-de-alissia
ID de connexion : 0x4e3e3
Record Number: 1090
Source Name: Microsoft-Windows-Eventlog
Time Written: 20090809150944.307200-000
Event Type: Succès de l'audit
User:

======Environment variables======

"ComSpec"=%SystemRoot%\system32\cmd.exe
"FP_NO_HOST_CHECK"=NO
"OS"=Windows_NT
"Path"=%SystemRoot%\system32;%SystemRoot%;%SystemRoot%\System32\Wbem;C:\Program Files\CyberLink\Power2Go;C:\Program Files\QuickTime\QTSystem\
"PATHEXT"=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH;.MSC
"PROCESSOR_ARCHITECTURE"=x86
"TEMP"=%SystemRoot%\TEMP
"TMP"=%SystemRoot%\TEMP
"USERNAME"=SYSTEM
"windir"=%SystemRoot%
"PROCESSOR_LEVEL"=6
"PROCESSOR_IDENTIFIER"=x86 Family 6 Model 23 Stepping 10, GenuineIntel
"PROCESSOR_REVISION"=170a
"NUMBER_OF_PROCESSORS"=2
"TRACE_FORMAT_SEARCH_PATH"=\\NTREL202.ntdev.corp.microsoft.com\4F18C3A5-CA09-4DBD-B6FC-219FDD4C6BE0\TraceFormat
"DFSTRACINGON"=FALSE
"OnlineServices"=Online Services
"Platform"=MCD
"PCBRAND"=Presario
"CLASSPATH"=.;C:\Program Files\Java\jre6\lib\ext\QTJava.zip
"QTJAVA"=C:\Program Files\Java\jre6\lib\ext\QTJava.zip

-----------------EOF-----------------
BUS
 
Messages: 42
Inscription: 28 Juil 2003 20:14
Localisation: CH / NE - 2025

Re: Infection virale demande d'analyse

Messagepar Falkra » 10 Jan 2010 22:34

On voit une ou deux choses, ici.

Télécharge Malwarebytes' Anti-Malware (MBAM)
Si ça ne se télécharge pas, que tu es redirigé, ou que MBAM ne démarre pas, signale-le moi : c'est un symptôme.

  • Double clique sur le fichier téléchargé pour lancer le processus d'installation.
  • Dans l'onglet "Mise à jour", clique sur le bouton "Recherche de mise à jour": si le pare-feu demande l'autorisation à MBAM de se connecter, accepte.
  • Une fois la mise à jour terminée, rends-toi dans l'onglet "Recherche".
  • Sélectionne "Exécuter un examen rapide"
  • Clique sur "Rechercher"
  • L'analyse démarre.
  • A la fin de l'analyse (mais ce n'est pas fini), un message s'affiche :
    L'examen s'est terminé normalement. Clique sur 'Afficher les résultats' pour afficher tous les objets trouvés.

    Clique sur "Ok" pour poursuivre. Si MBAM n'a rien trouvé, il te le dira aussi. N'oublie pas la suite. ;-)
  • Ferme tes navigateurs.
  • Si des malwares ont été détectés, clique sur Afficher les résultats.
    Sélectionne tout (ou laisse coché) et clique sur Supprimer la sélection, MBAM va détruire les fichiers et clés de registre et en mettre une copie dans la quarantaine.
  • MBAM va ouvrir le Bloc-notes et y copier le rapport d'analyse. Copie-colle ce rapport et poste-le dans ta prochaine réponse.

NB : Si MBAM te demande à redémarrer, fais-le.
Pour récupérer le rapport de MBAM si tu as redémarré un peu vite, démarre MBAM et va dans l'onglet log/rapports, tu pourras double cliquer dessus (ils sont datés) pour le poster.
Avatar de l’utilisateur
Falkra
Admin libellules.ch
Admin libellules.ch
 
Messages: 25882
Inscription: 30 Jan 2005 13:44
Localisation: 127.0.0.1

Re: Infection virale demande d'analyse

Messagepar BUS » 10 Jan 2010 22:45

Merci pour les instructions, je reviens demain pour la suite ...
BUS
 
Messages: 42
Inscription: 28 Juil 2003 20:14
Localisation: CH / NE - 2025

Re: Infection virale demande d'analyse

Messagepar BUS » 11 Jan 2010 20:03

Pour la suite sur le deuxième ordio, après l'installation de MBAM un message d'erreur est apparu et idem après la mise à jour / Error code: 732 (12007,0)

A la fin de l'analyse, aucun malware détecté, voici le rapport

Malwarebytes' Anti-Malware 1.44
Version de la base de données: 3510
Windows 6.0.6002 Service Pack 2
Internet Explorer 8.0.6001.18865

11.01.2010 11:34:36
mbam-log-2010-01-11 (11-34-36).txt

Type de recherche: Examen rapide
Eléments examinés: 97128
Temps écoulé: 5 minute(s), 47 second(s)

Processus mémoire infecté(s): 0
Module(s) mémoire infecté(s): 0
Clé(s) du Registre infectée(s): 0
Valeur(s) du Registre infectée(s): 0
Elément(s) de données du Registre infecté(s): 0
Dossier(s) infecté(s): 0
Fichier(s) infecté(s): 0

Processus mémoire infecté(s):
(Aucun élément nuisible détecté)

Module(s) mémoire infecté(s):
(Aucun élément nuisible détecté)

Clé(s) du Registre infectée(s):
(Aucun élément nuisible détecté)

Valeur(s) du Registre infectée(s):
(Aucun élément nuisible détecté)

Elément(s) de données du Registre infecté(s):
(Aucun élément nuisible détecté)

Dossier(s) infecté(s):
(Aucun élément nuisible détecté)

Fichier(s) infecté(s):
(Aucun élément nuisible détecté)
BUS
 
Messages: 42
Inscription: 28 Juil 2003 20:14
Localisation: CH / NE - 2025

Re: Infection virale demande d'analyse

Messagepar Falkra » 11 Jan 2010 21:51

MBAM n'est pas à jour, est-ce qu'il se met à jour ?
Avatar de l’utilisateur
Falkra
Admin libellules.ch
Admin libellules.ch
 
Messages: 25882
Inscription: 30 Jan 2005 13:44
Localisation: 127.0.0.1

Re: Infection virale demande d'analyse

Messagepar BUS » 12 Jan 2010 09:24

MBAM n'a pas pu se mettre à jour. Selon MBAM la date de la dernière mise à jour est le 07.01.2010, date de la coupure de connexion de mon FAI.
Depuis cette date, je n'ai pas fait de connexion sur le net avec ce poste de travail.
BUS
 
Messages: 42
Inscription: 28 Juil 2003 20:14
Localisation: CH / NE - 2025

Re: Infection virale demande d'analyse

Messagepar Falkra » 12 Jan 2010 22:16

Télécharge rules.ref depuis ce lien (il faudra un autre PC) :
http://senduit.com/64f221

Place-le dans :
C:\Documents and Settings\< ton compte >\Application Data\Malwarebytes\Malwarebytes' Anti-Malware

< ton compte > c'est le nom de ton compte utilisateur, celui que tu utilises habituellement. Ecrase l'ancien fichier et relance MBAM pour faire un scan rapide, comme avant.
Avatar de l’utilisateur
Falkra
Admin libellules.ch
Admin libellules.ch
 
Messages: 25882
Inscription: 30 Jan 2005 13:44
Localisation: 127.0.0.1

Re: Infection virale demande d'analyse

Messagepar BUS » 14 Jan 2010 21:01

En plaçant rules.ref à l'endroit indiqué, MBAM a pu se mettre à jour correctement.

Voici le rapport:

Malwarebytes' Anti-Malware 1.44
Version de la base de données: 3564
Windows 6.0.6002 Service Pack 2
Internet Explorer 8.0.6001.18865

14.01.2010 20:34:09
mbam-log-2010-01-14 (20-34-09).txt

Type de recherche: Examen rapide
Eléments examinés: 98149
Temps écoulé: 5 minute(s), 15 second(s)

Processus mémoire infecté(s): 0
Module(s) mémoire infecté(s): 0
Clé(s) du Registre infectée(s): 0
Valeur(s) du Registre infectée(s): 0
Elément(s) de données du Registre infecté(s): 0
Dossier(s) infecté(s): 0
Fichier(s) infecté(s): 0

Processus mémoire infecté(s):
(Aucun élément nuisible détecté)

Module(s) mémoire infecté(s):
(Aucun élément nuisible détecté)

Clé(s) du Registre infectée(s):
(Aucun élément nuisible détecté)

Valeur(s) du Registre infectée(s):
(Aucun élément nuisible détecté)

Elément(s) de données du Registre infecté(s):
(Aucun élément nuisible détecté)

Dossier(s) infecté(s):
(Aucun élément nuisible détecté)

Fichier(s) infecté(s):
(Aucun élément nuisible détecté)
BUS
 
Messages: 42
Inscription: 28 Juil 2003 20:14
Localisation: CH / NE - 2025

Re: Infection virale demande d'analyse

Messagepar Falkra » 14 Jan 2010 22:33

Ok, bien. Refais un rapport RSIt stp, il ne fera qu'un rapport cette fois, c'est normal. :-D
Avatar de l’utilisateur
Falkra
Admin libellules.ch
Admin libellules.ch
 
Messages: 25882
Inscription: 30 Jan 2005 13:44
Localisation: 127.0.0.1

Re: Infection virale demande d'analyse

Messagepar BUS » 15 Jan 2010 21:11

Voici le nouveau rapport RSIT

Logfile of random's system information tool 1.06 (written by random/random)
Run by alissia at 2010-01-15 20:37:06
Microsoft® Windows Vista™ Édition Familiale Basique Service Pack 2
System drive C: has 206 GB (70%) free of 294 GB
Total RAM: 2974 MB (58% free)

HijackThis download failed

======Scheduled tasks folder======

C:\Windows\tasks\HPCeeScheduleForalissia.job
C:\Windows\tasks\User_Feed_Synchronization-{D9C7E067-DF1E-4546-BE09-3638E8398A0B}.job

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{18DF081C-E8AD-4283-A596-FA578C2EBDC3}]
Adobe PDF Link Helper - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2008-06-11 75128]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{5C255C8A-E604-49b4-9D64-90988571CECB}]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{6EBF7485-159F-4bff-A14F-B9E3AAC4465B}]
Search Helper - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll [2009-05-19 137600]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}]
Java(tm) Plug-In SSV Helper - C:\Program Files\Java\jre6\bin\ssv.dll [2009-03-16 320920]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{7C554162-8CB7-45A4-B8F4-8EA1C75885F9}]
AOL Toolbar BHO - C:\Program Files\AOL\AOL Toolbar 5.0\aoltb.dll [2008-07-02 1185120]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9030D464-4C02-4ABF-8ECC-5164760863C6}]
Programme d'aide de l'Assistant de connexion Windows Live - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2009-01-22 408448]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{A057A204-BACC-4D26-969A-2AB983EE729B}]
Skyrock Toolbar - C:\PROGRA~1\SKYROC~1\SKYROC~1.DLL [2008-06-03 2012632]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java(tm) Plug-In 2 SSV Helper - C:\Program Files\Java\jre6\bin\jp2ssv.dll [2009-03-16 34816]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E15A8DC0-8516-42A1-81EA-DC94EC1ACF10}]
Windows Live Toolbar Helper - C:\Program Files\Windows Live\Toolbar\wltcore.dll [2009-02-06 1068904]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{DE9C389F-3316-41A7-809B-AA305ED9D922} - AOL Toolbar - C:\Program Files\AOL\AOL Toolbar 5.0\aoltb.dll [2008-07-02 1185120]
{A057A204-BACC-4D26-969A-2AB983EE729B} - Skyrock Toolbar - C:\PROGRA~1\SKYROC~1\SKYROC~1.DLL [2008-06-03 2012632]
{21FA44EF-376D-4D53-9B0F-8A89D3229068} - &Windows Live Toolbar - C:\Program Files\Windows Live\Toolbar\wltcore.dll [2009-02-06 1068904]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"SynTPEnh"=C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2008-12-04 1410344]
"QPService"=C:\Program Files\HP\QuickPlay\QPService.exe [2008-09-23 468264]
"UpdateLBPShortCut"=C:\Program Files\CyberLink\LabelPrint\MUITransfer\MUIStartMenu.exe [2008-06-13 210216]
"UpdatePSTShortCut"=C:\Program Files\CyberLink\DVD Suite\MUITransfer\MUIStartMenu.exe [2008-12-24 210216]
"UCam_Menu"=C:\Program Files\CyberLink\YouCam\MUITransfer\MUIStartMenu.exe [2008-12-03 218408]
"Windows Defender"=C:\Program Files\Windows Defender\MSASCui.exe [2008-01-21 1008184]
"QlbCtrl.exe"=C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe [2008-10-10 206128]
"UpdateP2GoShortCut"=C:\Program Files\CyberLink\Power2Go\MUITransfer\MUIStartMenu.exe [2008-10-30 210216]
"UpdatePDIRShortCut"=C:\Program Files\CyberLink\PowerDirector\MUITransfer\MUIStartMenu.exe [2008-06-13 210216]
"SunJavaUpdateSched"=C:\Program Files\Java\jre6\bin\jusched.exe [2009-03-16 136600]
"HP Health Check Scheduler"=c:\Program Files\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe [2008-10-09 75008]
"HP Software Update"=C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe [2008-12-08 54576]
"WirelessAssistant"=C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe [2008-12-08 432432]
"Adobe Reader Speed Launcher"=C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe [2008-06-12 34672]
"MSSE"=c:\Program Files\Microsoft Security Essentials\msseces.exe [2009-09-13 1048392]
"QuickTime Task"=C:\Program Files\QuickTime\QTTask.exe [2009-09-05 417792]
"iTunesHelper"=C:\Program Files\iTunes\iTunesHelper.exe [2009-09-21 305440]
"IgfxTray"=C:\Windows\system32\igfxtray.exe [2009-10-30 141848]
"HotKeysCmds"=C:\Windows\system32\hkcmd.exe [2009-10-30 175128]
"Persistence"=C:\Windows\system32\igfxpers.exe [2009-10-30 166936]
"SysTrayApp"=C:\Program Files\IDT\WDM\sttray.exe [2009-01-20 483420]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"MsnMsgr"=C:\Program Files\Windows Live\Messenger\msnmsgr.exe [2009-07-26 3883856]
"LightScribe Control Panel"=C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe [2008-06-09 2363392]
"EA Core"=C:\Program Files\Electronic Arts\EADM\Core.exe -silent []

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\igfxcui]
C:\Windows\system32\igfxdev.dll [2009-10-30 226304]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\MsMpSvc]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\Wdf01000.sys]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\WudfPf]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\WudfRd]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\WudfSvc]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\WudfUsbccidDriver]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1
"EnableUIADesktopToggle"=0

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"BindDirectlyToPropertySetStorage"=

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{bff4c39e-013a-11df-832f-00238be1e1f3}]
shell\AutoRun\command - F:\AutoRun.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{bff4c3e5-013a-11df-832f-00238be1e1f3}]
shell\AutoRun\command - F:\AutoRun.exe


======File associations======

.js - edit - C:\Windows\System32\Notepad.exe %1
.js - open - C:\Windows\System32\WScript.exe "%1" %*

======List of files/folders created in the last 1 months======

2010-01-14 20:28:31 ----A---- C:\Windows\system32\t2embed.dll
2010-01-14 20:28:31 ----A---- C:\Windows\system32\fontsub.dll
2010-01-14 19:33:56 ----D---- C:\Program Files\Mobile Partner
2010-01-11 11:15:08 ----D---- C:\Users\alissia\AppData\Roaming\Malwarebytes
2010-01-11 11:14:59 ----D---- C:\ProgramData\Malwarebytes
2010-01-11 11:14:59 ----D---- C:\Program Files\Malwarebytes' Anti-Malware
2010-01-10 18:28:07 ----D---- C:\Program Files\trend micro
2010-01-10 18:28:06 ----D---- C:\rsit
2010-01-08 16:20:21 ----D---- C:\Users\alissia\AppData\Roaming\PlayFirst
2009-12-29 09:41:29 ----D---- C:\Program Files\Windows Portable Devices
2009-12-29 07:35:15 ----A---- C:\Windows\system32\UIAnimation.dll
2009-12-29 07:35:14 ----A---- C:\Windows\system32\UIRibbonRes.dll
2009-12-29 07:35:14 ----A---- C:\Windows\system32\UIRibbon.dll
2009-12-29 07:34:33 ----A---- C:\Windows\system32\WMPhoto.dll
2009-12-29 07:34:32 ----A---- C:\Windows\system32\cdd.dll
2009-12-29 07:34:31 ----A---- C:\Windows\system32\XpsRasterService.dll
2009-12-29 07:34:31 ----A---- C:\Windows\system32\printfilterpipelineprxy.dll
2009-12-29 07:34:31 ----A---- C:\Windows\system32\d3d10warp.dll
2009-12-29 07:34:30 ----A---- C:\Windows\system32\XpsPrint.dll
2009-12-29 07:34:30 ----A---- C:\Windows\system32\XpsGdiConverter.dll
2009-12-29 07:34:30 ----A---- C:\Windows\system32\WindowsCodecsExt.dll
2009-12-29 07:34:30 ----A---- C:\Windows\system32\WindowsCodecs.dll
2009-12-29 07:34:30 ----A---- C:\Windows\system32\printfilterpipelinesvc.exe
2009-12-29 07:34:30 ----A---- C:\Windows\system32\PhotoMetadataHandler.dll
2009-12-29 07:34:30 ----A---- C:\Windows\system32\OpcServices.dll
2009-12-29 07:34:30 ----A---- C:\Windows\system32\dxdiagn.dll
2009-12-29 07:34:30 ----A---- C:\Windows\system32\dxdiag.exe
2009-12-29 07:34:30 ----A---- C:\Windows\system32\d2d1.dll
2009-12-29 07:34:29 ----A---- C:\Windows\system32\xpsservices.dll
2009-12-29 07:34:29 ----A---- C:\Windows\system32\FntCache.dll
2009-12-29 07:34:29 ----A---- C:\Windows\system32\dxgi.dll
2009-12-29 07:34:29 ----A---- C:\Windows\system32\DWrite.dll
2009-12-29 07:34:29 ----A---- C:\Windows\system32\d3d11.dll
2009-12-29 07:34:29 ----A---- C:\Windows\system32\d3d10level9.dll
2009-12-29 07:34:29 ----A---- C:\Windows\system32\d3d10core.dll
2009-12-29 07:34:29 ----A---- C:\Windows\system32\d3d10_1core.dll
2009-12-29 07:34:29 ----A---- C:\Windows\system32\d3d10_1.dll
2009-12-29 07:34:29 ----A---- C:\Windows\system32\d3d10.dll
2009-12-29 07:33:53 ----A---- C:\Windows\system32\WPDShextAutoplay.exe
2009-12-29 07:33:53 ----A---- C:\Windows\system32\wpdbusenum.dll
2009-12-29 07:33:53 ----A---- C:\Windows\system32\BthMtpContextHandler.dll
2009-12-29 07:33:51 ----A---- C:\Windows\system32\PortableDeviceConnectApi.dll
2009-12-29 07:33:48 ----A---- C:\Windows\system32\wpdshext.dll
2009-12-29 07:33:47 ----A---- C:\Windows\system32\WPDSp.dll
2009-12-29 07:33:47 ----A---- C:\Windows\system32\WPDShServiceObj.dll
2009-12-29 07:33:47 ----A---- C:\Windows\system32\wpd_ci.dll
2009-12-29 07:33:47 ----A---- C:\Windows\system32\PortableDeviceWMDRM.dll
2009-12-29 07:33:47 ----A---- C:\Windows\system32\PortableDeviceTypes.dll
2009-12-29 07:33:47 ----A---- C:\Windows\system32\PortableDeviceClassExtension.dll
2009-12-29 07:33:47 ----A---- C:\Windows\system32\PortableDeviceApi.dll
2009-12-29 07:32:39 ----A---- C:\Windows\system32\oleaccrc.dll
2009-12-29 07:32:37 ----A---- C:\Windows\system32\oleacc.dll
2009-12-29 07:32:36 ----A---- C:\Windows\system32\UIAutomationCore.dll
2009-12-27 16:50:37 ----D---- C:\Windows\system32\eu-ES
2009-12-27 16:50:37 ----D---- C:\Windows\system32\ca-ES
2009-12-27 16:50:36 ----D---- C:\Windows\system32\vi-VN
2009-12-27 16:44:51 ----D---- C:\Windows\system32\SPReview
2009-12-27 16:33:36 ----A---- C:\Windows\system32\scavenge.dll
2009-12-27 16:33:17 ----A---- C:\Windows\system32\compcln.exe
2009-12-27 16:32:33 ----A---- C:\Windows\system32\secproc_ssp_isv.dll
2009-12-27 16:32:33 ----A---- C:\Windows\system32\secproc_ssp.dll
2009-12-27 16:32:33 ----A---- C:\Windows\system32\secproc_isv.dll
2009-12-27 16:32:33 ----A---- C:\Windows\system32\secproc.dll
2009-12-27 16:32:32 ----A---- C:\Windows\system32\SearchProtocolHost.exe
2009-12-27 16:32:32 ----A---- C:\Windows\system32\SearchIndexer.exe
2009-12-27 16:32:32 ----A---- C:\Windows\system32\SearchFilterHost.exe
2009-12-27 16:32:32 ----A---- C:\Windows\system32\sdohlp.dll
2009-12-27 16:32:32 ----A---- C:\Windows\system32\sdclt.exe
2009-12-27 16:32:31 ----A---- C:\Windows\system32\samlib.dll
2009-12-27 16:32:31 ----A---- C:\Windows\system32\rtutils.dll
2009-12-27 16:32:31 ----A---- C:\Windows\system32\rtffilt.dll
2009-12-27 16:32:31 ----A---- C:\Windows\system32\rsaenh.dll
2009-12-27 16:32:31 ----A---- C:\Windows\system32\RMActivate_ssp.exe
2009-12-27 16:32:30 ----A---- C:\Windows\system32\scrrun.dll
2009-12-27 16:32:30 ----A---- C:\Windows\system32\rpcss.dll
2009-12-27 16:32:30 ----A---- C:\Windows\system32\rpchttp.dll
2009-12-27 16:32:30 ----A---- C:\Windows\system32\RMActivate_ssp_isv.exe
2009-12-27 16:32:30 ----A---- C:\Windows\system32\RMActivate_isv.exe
2009-12-27 16:32:30 ----A---- C:\Windows\system32\RMActivate.exe
2009-12-27 16:32:30 ----A---- C:\Windows\system32\riched20.dll
2009-12-27 16:32:29 ----A---- C:\Windows\system32\SCardSvr.dll
2009-12-27 16:32:29 ----A---- C:\Windows\system32\scansetting.dll
2009-12-27 16:32:29 ----A---- C:\Windows\system32\samsrv.dll
2009-12-27 16:32:28 ----A---- C:\Windows\system32\scrobj.dll
2009-12-27 16:32:28 ----A---- C:\Windows\system32\scksp.dll
2009-12-27 16:32:28 ----A---- C:\Windows\system32\schedsvc.dll
2009-12-27 16:32:28 ----A---- C:\Windows\system32\scesrv.dll
2009-12-27 16:32:28 ----A---- C:\Windows\system32\scecli.dll
2009-12-27 16:32:27 ----A---- C:\Windows\system32\pdh.dll
2009-12-27 16:32:26 ----A---- C:\Windows\system32\PNPXAssoc.dll
2009-12-27 16:32:26 ----A---- C:\Windows\system32\PnPutil.exe
2009-12-27 16:32:26 ----A---- C:\Windows\system32\PnPUnattend.exe
2009-12-27 16:32:26 ----A---- C:\Windows\system32\pnpui.dll
2009-12-27 16:32:26 ----A---- C:\Windows\system32\pnpsetup.dll
2009-12-27 16:32:26 ----A---- C:\Windows\system32\pnidui.dll
2009-12-27 16:32:26 ----A---- C:\Windows\system32\perfdisk.dll
2009-12-27 16:32:26 ----A---- C:\Windows\system32\PerfCenterCPL.dll
2009-12-27 16:32:26 ----A---- C:\Windows\system32\pcaui.dll
2009-12-27 16:32:26 ----A---- C:\Windows\system32\p2psvc.dll
2009-12-27 16:32:26 ----A---- C:\Windows\system32\P2PGraph.dll
2009-12-27 16:32:25 ----A---- C:\Windows\system32\powercpl.dll
2009-12-27 16:32:25 ----A---- C:\Windows\system32\PkgMgr.exe
2009-12-27 16:32:25 ----A---- C:\Windows\system32\pidgenx.dll
2009-12-27 16:32:25 ----A---- C:\Windows\system32\photowiz.dll
2009-12-27 16:32:24 ----A---- C:\Windows\system32\ntdll.dll
2009-12-27 16:32:24 ----A---- C:\Windows\system32\nslookup.exe
2009-12-27 16:32:23 ----A---- C:\Windows\system32\osk.exe
2009-12-27 16:32:23 ----A---- C:\Windows\system32\oobefldr.dll
2009-12-27 16:32:23 ----A---- C:\Windows\system32\onex.dll
2009-12-27 16:32:23 ----A---- C:\Windows\system32\olepro32.dll
2009-12-27 16:32:23 ----A---- C:\Windows\system32\oleprn.dll
2009-12-27 16:32:23 ----A---- C:\Windows\system32\oleaut32.dll
2009-12-27 16:32:23 ----A---- C:\Windows\system32\ole32.dll
2009-12-27 16:32:23 ----A---- C:\Windows\system32\offfilt.dll
2009-12-27 16:32:23 ----A---- C:\Windows\system32\odbccp32.dll
2009-12-27 16:32:23 ----A---- C:\Windows\system32\odbcconf.dll
2009-12-27 16:32:23 ----A---- C:\Windows\system32\odbc32.dll
2009-12-27 16:32:23 ----A---- C:\Windows\system32\NlsLexicons0009.dll
2009-12-27 16:32:23 ----A---- C:\Windows\system32\NlsLexicons0007.dll
2009-12-27 16:32:23 ----A---- C:\Windows\system32\nlhtml.dll
2009-12-27 16:32:22 ----A---- C:\Windows\system32\rasgcw.dll
2009-12-27 16:32:22 ----A---- C:\Windows\system32\rasdlg.dll
2009-12-27 16:32:22 ----A---- C:\Windows\system32\ocsetup.exe
2009-12-27 16:32:22 ----A---- C:\Windows\system32\ntprint.dll
2009-12-27 16:32:22 ----A---- C:\Windows\system32\ntmarta.dll
2009-12-27 16:32:21 ----A---- C:\Windows\system32\RelMon.dll
2009-12-27 16:32:21 ----A---- C:\Windows\system32\rekeywiz.exe
2009-12-27 16:32:21 ----A---- C:\Windows\system32\regsvc.dll
2009-12-27 16:32:21 ----A---- C:\Windows\system32\rastapi.dll
2009-12-27 16:32:21 ----A---- C:\Windows\system32\rasppp.dll
2009-12-27 16:32:21 ----A---- C:\Windows\system32\rasplap.dll
2009-12-27 16:32:21 ----A---- C:\Windows\system32\rasmontr.dll
2009-12-27 16:32:21 ----A---- C:\Windows\system32\rasmans.dll
2009-12-27 16:32:21 ----A---- C:\Windows\system32\rasdial.exe
2009-12-27 16:32:21 ----A---- C:\Windows\system32\rasdiag.dll
2009-12-27 16:32:21 ----A---- C:\Windows\system32\raschap.dll
2009-12-27 16:32:21 ----A---- C:\Windows\system32\rasapi32.dll
2009-12-27 16:32:21 ----A---- C:\Windows\system32\RacEngn.dll
2009-12-27 16:32:21 ----A---- C:\Windows\system32\Query.dll
2009-12-27 16:32:21 ----A---- C:\Windows\system32\quartz.dll
2009-12-27 16:32:21 ----A---- C:\Windows\system32\qmgr.dll
2009-12-27 16:32:21 ----A---- C:\Windows\system32\qedit.dll
2009-12-27 16:32:20 ----A---- C:\Windows\system32\regapi.dll
2009-12-27 16:32:20 ----A---- C:\Windows\system32\reg.exe
2009-12-27 16:32:20 ----A---- C:\Windows\system32\rdpencom.dll
2009-12-27 16:32:19 ----A---- C:\Windows\system32\rdpwsx.dll
2009-12-27 16:32:19 ----A---- C:\Windows\system32\prnntfy.dll
2009-12-27 16:32:19 ----A---- C:\Windows\system32\printui.dll
2009-12-27 16:32:19 ----A---- C:\Windows\system32\PresentationNative_v0300.dll
2009-12-27 16:32:19 ----A---- C:\Windows\system32\PresentationHostProxy.dll
2009-12-27 16:32:19 ----A---- C:\Windows\system32\PresentationHost.exe
2009-12-27 16:32:18 ----A---- C:\Windows\system32\PresentationCFFRasterizerNative_v0300.dll
2009-12-27 16:32:18 ----A---- C:\Windows\system32\powrprof.dll
2009-12-27 16:32:17 ----A---- C:\Windows\system32\qdvd.dll
2009-12-27 16:32:17 ----A---- C:\Windows\system32\QAGENTRT.DLL
2009-12-27 16:32:17 ----A---- C:\Windows\system32\puiapi.dll
2009-12-27 16:32:17 ----A---- C:\Windows\system32\psisdecd.dll
2009-12-27 16:32:17 ----A---- C:\Windows\system32\PSHED.DLL
2009-12-27 16:32:17 ----A---- C:\Windows\system32\propsys.dll
2009-12-27 16:32:17 ----A---- C:\Windows\system32\propdefs.dll
2009-12-27 16:32:17 ----A---- C:\Windows\system32\profsvc.dll
2009-12-27 16:32:15 ----A---- C:\Windows\system32\shell32.dll
2009-12-27 16:32:15 ----A---- C:\Windows\system32\shdocvw.dll
2009-12-27 16:32:15 ----A---- C:\Windows\system32\sendmail.dll
2009-12-27 16:32:14 ----A---- C:\Windows\system32\shlwapi.dll
2009-12-27 16:32:14 ----A---- C:\Windows\system32\sethc.exe
2009-12-27 16:32:14 ----A---- C:\Windows\system32\services.exe
2009-12-27 16:32:13 ----A---- C:\Windows\system32\setupapi.dll
2009-12-27 16:32:11 ----A---- C:\Windows\system32\EhStorAPI.dll
2009-12-27 16:32:11 ----A---- C:\Windows\system32\eapphost.dll
2009-12-27 16:32:11 ----A---- C:\Windows\system32\eappgnui.dll
2009-12-27 16:32:11 ----A---- C:\Windows\system32\eappcfg.dll
2009-12-27 16:32:11 ----A---- C:\Windows\system32\eapp3hst.dll
2009-12-27 16:32:10 ----A---- C:\Windows\system32\ExplorerFrame.dll
2009-12-27 16:32:10 ----A---- C:\Windows\system32\evr.dll
2009-12-27 16:32:10 ----A---- C:\Windows\system32\eudcedit.exe
2009-12-27 16:32:10 ----A---- C:\Windows\system32\dwm.exe
2009-12-27 16:32:10 ----A---- C:\Windows\system32\dsprop.dll
2009-12-27 16:32:10 ----A---- C:\Windows\system32\dsound.dll
2009-12-27 16:32:10 ----A---- C:\Windows\explorer.exe
2009-12-27 16:32:09 ----A---- C:\Windows\system32\f3ahvoas.dll
2009-12-27 16:32:09 ----A---- C:\Windows\system32\esent.dll
2009-12-27 16:32:09 ----A---- C:\Windows\system32\es.dll
2009-12-27 16:32:09 ----A---- C:\Windows\system32\EncDec.dll
2009-12-27 16:32:09 ----A---- C:\Windows\system32\emdmgmt.dll
2009-12-27 16:32:09 ----A---- C:\Windows\system32\EhStorShell.dll
2009-12-27 16:32:09 ----A---- C:\Windows\system32\EhStorPwdMgr.dll
2009-12-27 16:32:09 ----A---- C:\Windows\system32\EhStorAuthn.dll
2009-12-27 16:32:09 ----A---- C:\Windows\system32\dimsroam.dll
2009-12-27 16:32:09 ----A---- C:\Windows\system32\diagperf.dll
2009-12-27 16:32:08 ----A---- C:\Windows\system32\diskraid.exe
2009-12-27 16:32:08 ----A---- C:\Windows\system32\diskpart.exe
2009-12-27 16:32:08 ----A---- C:\Windows\system32\dhcpcsvc6.dll
2009-12-27 16:32:08 ----A---- C:\Windows\system32\dfshim.dll
2009-12-27 16:32:07 ----A---- C:\Windows\system32\drvstore.dll
2009-12-27 16:32:07 ----A---- C:\Windows\system32\drmmgrtn.dll
2009-12-27 16:32:07 ----A---- C:\Windows\system32\dpapimig.exe
2009-12-27 16:32:07 ----A---- C:\Windows\system32\dot3svc.dll
2009-12-27 16:32:07 ----A---- C:\Windows\system32\dot3msm.dll
2009-12-27 16:32:07 ----A---- C:\Windows\system32\dot3cfg.dll
2009-12-27 16:32:07 ----A---- C:\Windows\system32\dhcpcsvc.dll
2009-12-27 16:32:07 ----A---- C:\Windows\system32\dfsr.exe
2009-12-27 16:32:07 ----A---- C:\Windows\system32\devmgr.dll
2009-12-27 16:32:06 ----A---- C:\Windows\system32\hbaapi.dll
2009-12-27 16:32:06 ----A---- C:\Windows\system32\gpresult.exe
2009-12-27 16:32:06 ----A---- C:\Windows\system32\drvinst.exe
2009-12-27 16:32:06 ----A---- C:\Windows\system32\drmv2clt.dll
2009-12-27 16:32:06 ----A---- C:\Windows\system32\dnsrslvr.dll
2009-12-27 16:32:06 ----A---- C:\Windows\system32\dnsapi.dll
2009-12-27 16:32:06 ----A---- C:\Windows\system32\dmusic.dll
2009-12-27 16:32:06 ----A---- C:\Windows\system32\dmsynth.dll
2009-12-27 16:32:05 ----A---- C:\Windows\system32\gpupdate.exe
2009-12-27 16:32:05 ----A---- C:\Windows\system32\gpsvc.dll
2009-12-27 16:32:04 ----A---- C:\Windows\system32\iasnap.dll
2009-12-27 16:32:04 ----A---- C:\Windows\system32\IasMigReader.exe
2009-12-27 16:32:04 ----A---- C:\Windows\system32\IasMigPlugin.dll
2009-12-27 16:32:04 ----A---- C:\Windows\system32\iashlpr.dll
2009-12-27 16:32:04 ----A---- C:\Windows\system32\iasdatastore.dll
2009-12-27 16:32:04 ----A---- C:\Windows\system32\iasads.dll
2009-12-27 16:32:04 ----A---- C:\Windows\system32\iasacct.dll
2009-12-27 16:32:04 ----A---- C:\Windows\system32\hidserv.dll
2009-12-27 16:32:04 ----A---- C:\Windows\system32\hdwwiz.exe
2009-12-27 16:32:04 ----A---- C:\Windows\system32\fontext.dll
2009-12-27 16:32:04 ----A---- C:\Windows\system32\findstr.exe
2009-12-27 16:32:03 ----A---- C:\Windows\system32\gpedit.dll
2009-12-27 16:32:03 ----A---- C:\Windows\system32\gpapi.dll
2009-12-27 16:32:03 ----A---- C:\Windows\system32\gdi32.dll
2009-12-27 16:32:03 ----A---- C:\Windows\system32\fundisc.dll
2009-12-27 16:32:03 ----A---- C:\Windows\system32\feclient.dll
2009-12-27 16:32:03 ----A---- C:\Windows\system32\fdWSD.dll
2009-12-27 16:32:03 ----A---- C:\Windows\system32\fdWCN.dll
2009-12-27 16:32:03 ----A---- C:\Windows\system32\fdSSDP.dll
2009-12-27 16:32:03 ----A---- C:\Windows\system32\fdProxy.dll
2009-12-27 16:32:03 ----A---- C:\Windows\system32\fdeploy.dll
2009-12-27 16:32:03 ----A---- C:\Windows\system32\fdBthProxy.dll
2009-12-27 16:32:03 ----A---- C:\Windows\system32\fdBth.dll
2009-12-27 16:32:03 ----A---- C:\Windows\system32\fc.exe
2009-12-27 16:32:03 ----A---- C:\Windows\system32\Faultrep.dll
2009-12-27 16:32:02 ----A---- C:\Windows\system32\FwRemoteSvr.dll
2009-12-27 16:32:02 ----A---- C:\Windows\system32\FWPUCLNT.DLL
2009-12-27 16:32:02 ----A---- C:\Windows\system32\FunctionDiscoveryFolder.dll
2009-12-27 16:32:02 ----A---- C:\Windows\system32\ftp.exe
2009-12-27 16:32:02 ----A---- C:\Windows\system32\autoplay.dll
2009-12-27 16:32:02 ----A---- C:\Windows\system32\autofmt.exe
2009-12-27 16:32:02 ----A---- C:\Windows\system32\autoconv.exe
2009-12-27 16:32:02 ----A---- C:\Windows\system32\autochk.exe
2009-12-27 16:32:02 ----A---- C:\Windows\system32\authz.dll
2009-12-27 16:32:02 ----A---- C:\Windows\system32\authui.dll
2009-12-27 16:32:02 ----A---- C:\Windows\system32\audiosrv.dll
2009-12-27 16:32:02 ----A---- C:\Windows\system32\AudioSes.dll
2009-12-27 16:32:02 ----A---- C:\Windows\system32\audiodg.exe
2009-12-27 16:32:00 ----A---- C:\Windows\system32\bthci.dll
2009-12-27 16:32:00 ----A---- C:\Windows\system32\browseui.dll
2009-12-27 16:32:00 ----A---- C:\Windows\system32\brcpl.dll
2009-12-27 16:32:00 ----A---- C:\Windows\system32\blackbox.dll
2009-12-27 16:32:00 ----A---- C:\Windows\system32\bitsigd.dll
2009-12-27 16:32:00 ----A---- C:\Windows\system32\BFE.DLL
2009-12-27 16:32:00 ----A---- C:\Windows\system32\bcrypt.dll
2009-12-27 16:32:00 ----A---- C:\Windows\system32\basecsp.dll
2009-12-27 16:32:00 ----A---- C:\Windows\system32\azroles.dll
2009-12-27 16:31:59 ----A---- C:\Windows\system32\accessibilitycpl.dll
2009-12-27 16:31:58 ----A---- C:\Windows\system32\apphelp.dll
2009-12-27 16:31:58 ----A---- C:\Windows\system32\apds.dll
2009-12-27 16:31:57 ----A---- C:\Windows\system32\adtschema.dll
2009-12-27 16:31:57 ----A---- C:\Windows\system32\adsmsext.dll
2009-12-27 16:31:57 ----A---- C:\Windows\system32\adsldpc.dll
2009-12-27 16:31:56 ----A---- C:\Windows\system32\crypt32.dll
2009-12-27 16:31:56 ----A---- C:\Windows\system32\credui.dll
2009-12-27 16:31:56 ----A---- C:\Windows\system32\connect.dll
2009-12-27 16:31:56 ----A---- C:\Windows\system32\conime.exe
2009-12-27 16:31:56 ----A---- C:\Windows\system32\comuid.dll
2009-12-27 16:31:56 ----A---- C:\Windows\system32\comsvcs.dll
2009-12-27 16:31:56 ----A---- C:\Windows\system32\advapi32.dll
2009-12-27 16:31:55 ----A---- C:\Windows\system32\dbgeng.dll
2009-12-27 16:31:55 ----A---- C:\Windows\system32\comdlg32.dll
2009-12-27 16:31:55 ----A---- C:\Windows\system32\cmmon32.exe
2009-12-27 16:31:55 ----A---- C:\Windows\system32\cmdial32.dll
2009-12-27 16:31:54 ----A---- C:\Windows\system32\DevicePairingWizard.exe
2009-12-27 16:31:54 ----A---- C:\Windows\system32\DevicePairingProxy.dll
2009-12-27 16:31:54 ----A---- C:\Windows\system32\DevicePairing.dll
2009-12-27 16:31:54 ----A---- C:\Windows\system32\DeviceEject.exe
2009-12-27 16:31:54 ----A---- C:\Windows\system32\davclnt.dll
2009-12-27 16:31:54 ----A---- C:\Windows\system32\dataclen.dll
2009-12-27 16:31:54 ----A---- C:\Windows\system32\d3d9.dll
2009-12-27 16:31:54 ----A---- C:\Windows\system32\csrstub.exe
2009-12-27 16:31:54 ----A---- C:\Windows\system32\cscdll.dll
2009-12-27 16:31:54 ----A---- C:\Windows\system32\cscapi.dll
2009-12-27 16:31:54 ----A---- C:\Windows\system32\cryptui.dll
2009-12-27 16:31:54 ----A---- C:\Windows\system32\cryptsvc.dll
2009-12-27 16:31:53 ----A---- C:\Windows\system32\cscript.exe
2009-12-27 16:31:53 ----A---- C:\Windows\system32\certmgr.dll
2009-12-27 16:31:53 ----A---- C:\Windows\system32\CertEnrollUI.dll
2009-12-27 16:31:53 ----A---- C:\Windows\system32\CertEnroll.dll
2009-12-27 16:31:53 ----A---- C:\Windows\system32\certcli.dll
2009-12-27 16:31:53 ----A---- C:\Windows\system32\bthudtask.exe
2009-12-27 16:31:53 ----A---- C:\Windows\system32\bthserv.dll
2009-12-27 16:31:52 ----A---- C:\Windows\system32\cipher.exe
2009-12-27 16:31:52 ----A---- C:\Windows\system32\ci.dll
2009-12-27 16:31:52 ----A---- C:\Windows\system32\CHxReadingStringIME.dll
2009-12-27 16:31:52 ----A---- C:\Windows\system32\chsbrkr.dll
2009-12-27 16:31:52 ----A---- C:\Windows\system32\cbsra.exe
2009-12-27 16:31:51 ----A---- C:\Windows\system32\chtbrkr.dll
2009-12-27 16:31:51 ----A---- C:\Windows\system32\certreq.exe
2009-12-27 16:31:51 ----A---- C:\Windows\system32\certprop.dll
2009-12-27 16:31:50 ----A---- C:\Windows\system32\msihnd.dll
2009-12-27 16:31:50 ----A---- C:\Windows\system32\msiexec.exe
2009-12-27 16:31:50 ----A---- C:\Windows\system32\msftedit.dll
2009-12-27 16:31:50 ----A---- C:\Windows\system32\msexcl40.dll
2009-12-27 16:31:50 ----A---- C:\Windows\system32\msexch40.dll
2009-12-27 16:31:50 ----A---- C:\Windows\system32\msdtctm.dll
2009-12-27 16:31:50 ----A---- C:\Windows\system32\certutil.exe
2009-12-27 16:31:49 ----A---- C:\Windows\system32\msi.dll
2009-12-27 16:31:49 ----A---- C:\Windows\system32\msdtcprx.dll
2009-12-27 16:31:49 ----A---- C:\Windows\system32\msdrm.dll
2009-12-27 16:31:49 ----A---- C:\Windows\system32\msctfui.dll
2009-12-27 16:31:49 ----A---- C:\Windows\system32\msctfp.dll
2009-12-27 16:31:49 ----A---- C:\Windows\system32\MsCtfMonitor.dll
2009-12-27 16:31:49 ----A---- C:\Windows\system32\msctf.dll
2009-12-27 16:31:48 ----A---- C:\Windows\system32\msimsg.dll
2009-12-27 16:31:48 ----A---- C:\Windows\system32\MPSSVC.dll
2009-12-27 16:31:48 ----A---- C:\Windows\system32\mprapi.dll
2009-12-27 16:31:48 ----A---- C:\Windows\system32\mpr.dll
2009-12-27 16:31:47 ----A---- C:\Windows\system32\modemui.dll
2009-12-27 16:31:47 ----A---- C:\Windows\system32\MMDevAPI.dll
2009-12-27 16:31:46 ----A---- C:\Windows\system32\mscories.dll
2009-12-27 16:31:46 ----A---- C:\Windows\system32\mscorier.dll
2009-12-27 16:31:46 ----A---- C:\Windows\system32\mscms.dll
2009-12-27 16:31:46 ----A---- C:\Windows\system32\mscandui.dll
2009-12-27 16:31:45 ----A---- C:\Windows\system32\netcenter.dll
2009-12-27 16:31:45 ----A---- C:\Windows\system32\netapi32.dll
2009-12-27 16:31:45 ----A---- C:\Windows\system32\ncryptui.dll
2009-12-27 16:31:45 ----A---- C:\Windows\system32\ncrypt.dll
2009-12-27 16:31:45 ----A---- C:\Windows\system32\mscoree.dll
2009-12-27 16:31:44 ----A---- C:\Windows\system32\netplwiz.dll
2009-12-27 16:31:44 ----A---- C:\Windows\system32\netlogon.dll
2009-12-27 16:31:44 ----A---- C:\Windows\system32\NcdProp.dll
2009-12-27 16:31:44 ----A---- C:\Windows\system32\mtxclu.dll
2009-12-27 16:31:43 ----A---- C:\Windows\system32\NaturalLanguage6.dll
2009-12-27 16:31:42 ----A---- C:\Windows\system32\newdev.exe
2009-12-27 16:31:42 ----A---- C:\Windows\system32\newdev.dll
2009-12-27 16:31:42 ----A---- C:\Windows\system32\networkmap.dll
2009-12-27 16:31:42 ----A---- C:\Windows\system32\networkitemfactory.dll
2009-12-27 16:31:42 ----A---- C:\Windows\system32\networkexplorer.dll
2009-12-27 16:31:42 ----A---- C:\Windows\system32\netshell.dll
2009-12-27 16:31:41 ----A---- C:\Windows\system32\msscntrs.dll
2009-12-27 16:31:41 ----A---- C:\Windows\system32\msscb.dll
2009-12-27 16:31:41 ----A---- C:\Windows\system32\msrepl40.dll
2009-12-27 16:31:41 ----A---- C:\Windows\system32\msrd3x40.dll
2009-12-27 16:31:41 ----A---- C:\Windows\system32\msrd2x40.dll
2009-12-27 16:31:41 ----A---- C:\Windows\system32\mspbde40.dll
2009-12-27 16:31:41 ----A---- C:\Windows\system32\msnetobj.dll
2009-12-27 16:31:41 ----A---- C:\Windows\system32\msltus40.dll
2009-12-27 16:31:41 ----A---- C:\Windows\system32\msimtf.dll
2009-12-27 16:31:40 ----A---- C:\Windows\system32\msutb.dll
2009-12-27 16:31:40 ----A---- C:\Windows\system32\msjtes40.dll
2009-12-27 16:31:40 ----A---- C:\Windows\system32\msjter40.dll
2009-12-27 16:31:40 ----A---- C:\Windows\system32\msjint40.dll
2009-12-27 16:31:40 ----A---- C:\Windows\system32\msjetoledb40.dll
2009-12-27 16:31:40 ----A---- C:\Windows\system32\msjet40.dll
2009-12-27 16:31:40 ----A---- C:\Windows\system32\msisip.dll
2009-12-27 16:31:40 ----A---- C:\Windows\system32\msinfo32.exe
2009-12-27 16:31:39 ----A---- C:\Windows\system32\msxbde40.dll
2009-12-27 16:31:39 ----A---- C:\Windows\system32\mswstr10.dll
2009-12-27 16:31:39 ----A---- C:\Windows\system32\mswsock.dll
2009-12-27 16:31:39 ----A---- C:\Windows\system32\mswdat10.dll
2009-12-27 16:31:39 ----A---- C:\Windows\system32\msvcrt.dll
2009-12-27 16:31:39 ----A---- C:\Windows\system32\msvcp60.dll
2009-12-27 16:31:38 ----A---- C:\Windows\system32\MSVidCtl.dll
2009-12-27 16:31:37 ----A---- C:\Windows\system32\mstsc.exe
2009-12-27 16:31:37 ----A---- C:\Windows\system32\mstlsapi.dll
2009-12-27 16:31:37 ----A---- C:\Windows\system32\mssvp.dll
2009-12-27 16:31:37 ----A---- C:\Windows\system32\msstrc.dll
2009-12-27 16:31:37 ----A---- C:\Windows\system32\mssrch.dll
2009-12-27 16:31:37 ----A---- C:\Windows\system32\mssprxy.dll
2009-12-27 16:31:37 ----A---- C:\Windows\system32\mssphtb.dll
2009-12-27 16:31:37 ----A---- C:\Windows\system32\mssph.dll
2009-12-27 16:31:37 ----A---- C:\Windows\system32\mssitlb.dll
2009-12-27 16:31:37 ----A---- C:\Windows\system32\msshsq.dll
2009-12-27 16:31:37 ----A---- C:\Windows\system32\msshooks.dll
2009-12-27 16:31:37 ----A---- C:\Windows\system32\msscp.dll
2009-12-27 16:31:36 ----A---- C:\Windows\system32\mstext40.dll
2009-12-27 16:31:36 ----A---- C:\Windows\system32\InkEd.dll
2009-12-27 16:31:36 ----A---- C:\Windows\system32\inetppui.dll
2009-12-27 16:31:36 ----A---- C:\Windows\system32\inetcomm.dll
2009-12-27 16:31:35 ----A---- C:\Windows\system32\infocardapi.dll
2009-12-27 16:31:35 ----A---- C:\Windows\system32\inetpp.dll
2009-12-27 16:31:34 ----A---- C:\Windows\system32\iscsilog.dll
2009-12-27 16:31:34 ----A---- C:\Windows\system32\IPSECSVC.DLL
2009-12-27 16:31:34 ----A---- C:\Windows\system32\imm32.dll
2009-12-27 16:31:33 ----A---- C:\Windows\system32\ipsmsnap.dll
2009-12-27 16:31:32 ----A---- C:\Windows\system32\ipsecsnp.dll
2009-12-27 16:31:32 ----A---- C:\Windows\system32\iphlpsvc.dll
2009-12-27 16:31:32 ----A---- C:\Windows\system32\IPHLPAPI.DLL
2009-12-27 16:31:32 ----A---- C:\Windows\system32\ipconfig.exe
2009-12-27 16:31:32 ----A---- C:\Windows\system32\input.dll
2009-12-27 16:31:30 ----A---- C:\Windows\system32\ifmon.dll
2009-12-27 16:31:29 ----A---- C:\Windows\system32\IMJP10K.DLL
2009-12-27 16:31:29 ----A---- C:\Windows\system32\icardres.dll
2009-12-27 16:31:29 ----A---- C:\Windows\system32\icardagt.exe
2009-12-27 16:31:29 ----A---- C:\Windows\system32\iassvcs.dll
2009-12-27 16:31:29 ----A---- C:\Windows\system32\iassdo.dll
2009-12-27 16:31:29 ----A---- C:\Windows\system32\iassam.dll
2009-12-27 16:31:29 ----A---- C:\Windows\system32\iasrecst.dll
2009-12-27 16:31:29 ----A---- C:\Windows\system32\iasrad.dll
2009-12-27 16:31:29 ----A---- C:\Windows\system32\iaspolcy.dll
2009-12-27 16:31:28 ----A---- C:\Windows\system32\imapi2fs.dll
2009-12-27 16:31:28 ----A---- C:\Windows\system32\imapi2.dll
2009-12-27 16:31:28 ----A---- C:\Windows\system32\imapi.dll
2009-12-27 16:31:28 ----A---- C:\Windows\system32\IKEEXT.DLL
2009-12-27 16:31:27 ----A---- C:\Windows\system32\mfplat.dll
2009-12-27 16:31:27 ----A---- C:\Windows\system32\mfc42u.dll
2009-12-27 16:31:27 ----A---- C:\Windows\system32\mfc42.dll
2009-12-27 16:31:26 ----A---- C:\Windows\system32\mimefilt.dll
2009-12-27 16:31:26 ----A---- C:\Windows\system32\milcore.dll
2009-12-27 16:31:25 ----A---- C:\Windows\system32\mmcndmgr.dll
2009-12-27 16:31:25 ----A---- C:\Windows\system32\mmcico.dll
2009-12-27 16:31:25 ----A---- C:\Windows\system32\mmci.dll
2009-12-27 16:31:25 ----A---- C:\Windows\system32\mmc.exe
2009-12-27 16:31:25 ----A---- C:\Windows\system32\midimap.dll
2009-12-27 16:31:24 ----A---- C:\Windows\system32\mcupdate_GenuineIntel.dll
2009-12-27 16:31:24 ----A---- C:\Windows\system32\mblctr.exe
2009-12-27 16:31:24 ----A---- C:\Windows\system32\l2nacp.dll
2009-12-27 16:31:24 ----A---- C:\Windows\system32\korwbrkr.dll
2009-12-27 16:31:24 ----A---- C:\Windows\system32\kernel32.dll
2009-12-27 16:31:24 ----A---- C:\Windows\system32\kdusb.dll
2009-12-27 16:31:24 ----A---- C:\Windows\system32\kdcom.dll
2009-12-27 16:31:24 ----A---- C:\Windows\system32\kd1394.dll
2009-12-27 16:31:23 ----A---- C:\Windows\system32\MediaMetadataHandler.dll
2009-12-27 16:31:23 ----A---- C:\Windows\system32\logman.exe
2009-12-27 16:31:23 ----A---- C:\Windows\system32\logagent.exe
2009-12-27 16:31:22 ----A---- C:\Windows\system32\wercon.exe
2009-12-27 16:31:22 ----A---- C:\Windows\system32\wer.dll
2009-12-27 16:31:22 ----A---- C:\Windows\system32\WebClnt.dll
2009-12-27 16:31:22 ----A---- C:\Windows\system32\shsetup.dll
2009-12-27 16:31:22 ----A---- C:\Windows\system32\Magnify.exe
2009-12-27 16:31:21 ----A---- C:\Windows\system32\wdscore.dll
2009-12-27 16:31:21 ----A---- C:\Windows\system32\wdc.dll
2009-12-27 16:31:20 ----A---- C:\Windows\system32\WindowsAnytimeUpgradeCPL.dll
2009-12-27 16:31:20 ----A---- C:\Windows\system32\win32spl.dll
2009-12-27 16:31:20 ----A---- C:\Windows\system32\whealogr.dll
2009-12-27 16:31:20 ----A---- C:\Windows\system32\wevtutil.exe
2009-12-27 16:31:20 ----A---- C:\Windows\system32\wevtsvc.dll
2009-12-27 16:31:20 ----A---- C:\Windows\system32\wevtapi.dll
2009-12-27 16:31:20 ----A---- C:\Windows\system32\wersvc.dll
2009-12-27 16:31:20 ----A---- C:\Windows\system32\WerFaultSecure.exe
2009-12-27 16:31:20 ----A---- C:\Windows\system32\WerFault.exe
2009-12-27 16:31:19 ----A---- C:\Windows\system32\wiaservc.dll
2009-12-27 16:31:19 ----A---- C:\Windows\system32\wiaaut.dll
2009-12-27 16:31:19 ----A---- C:\Windows\system32\version.dll
2009-12-27 16:31:19 ----A---- C:\Windows\system32\vdsutil.dll
2009-12-27 16:31:19 ----A---- C:\Windows\system32\vdsdyn.dll
2009-12-27 16:31:19 ----A---- C:\Windows\system32\vds.exe
2009-12-27 16:31:19 ----A---- C:\Windows\system32\vdmdbg.dll
2009-12-27 16:31:18 ----A---- C:\Windows\system32\uxsms.dll
2009-12-27 16:31:18 ----A---- C:\Windows\system32\Utilman.exe
2009-12-27 16:31:18 ----A---- C:\Windows\system32\usp10.dll
2009-12-27 16:31:18 ----A---- C:\Windows\system32\userenv.dll
2009-12-27 16:31:18 ----A---- C:\Windows\system32\usercpl.dll
2009-12-27 16:31:18 ----A---- C:\Windows\system32\user32.dll
2009-12-27 16:31:17 ----A---- C:\Windows\system32\wcnwiz2.dll
2009-12-27 16:31:17 ----A---- C:\Windows\system32\wcnwiz.dll
2009-12-27 16:31:17 ----A---- C:\Windows\system32\WcnNetsh.dll
2009-12-27 16:31:17 ----A---- C:\Windows\system32\wcncsvc.dll
2009-12-27 16:31:16 ----A---- C:\Windows\system32\WSDMon.dll
2009-12-27 16:31:16 ----A---- C:\Windows\system32\wsdchngr.dll
2009-12-27 16:31:16 ----A---- C:\Windows\system32\wscsvc.dll
2009-12-27 16:31:16 ----A---- C:\Windows\system32\wscript.exe
2009-12-27 16:31:16 ----A---- C:\Windows\system32\wscntfy.dll
2009-12-27 16:31:16 ----A---- C:\Windows\system32\wscisvif.dll
2009-12-27 16:31:16 ----A---- C:\Windows\system32\WscEapPr.dll
2009-12-27 16:31:16 ----A---- C:\Windows\system32\wscapi.dll
2009-12-27 16:31:16 ----A---- C:\Windows\system32\wow32.dll
2009-12-27 16:31:16 ----A---- C:\Windows\system32\WMVXENCD.DLL
2009-12-27 16:31:16 ----A---- C:\Windows\system32\WMVSDECD.DLL
2009-12-27 16:31:16 ----A---- C:\Windows\system32\WMVENCOD.DLL
2009-12-27 16:31:16 ----A---- C:\Windows\system32\w32time.dll
2009-12-27 16:31:16 ----A---- C:\Windows\system32\VSSVC.exe
2009-12-27 16:31:16 ----A---- C:\Windows\system32\vssapi.dll
2009-12-27 16:31:15 ----A---- C:\Windows\system32\xmlfilter.dll
2009-12-27 16:31:15 ----A---- C:\Windows\system32\wusa.exe
2009-12-27 16:31:15 ----A---- C:\Windows\system32\wshext.dll
2009-12-27 16:31:15 ----A---- C:\Windows\system32\wsepno.dll
2009-12-27 16:31:15 ----A---- C:\Windows\system32\wpcsvc.dll
2009-12-27 16:31:15 ----A---- C:\Windows\system32\wpccpl.dll
2009-12-27 16:31:15 ----A---- C:\Windows\system32\wpcao.dll
2009-12-27 16:31:14 ----A---- C:\Windows\system32\wsnmp32.dll
2009-12-27 16:31:14 ----A---- C:\Windows\system32\WsmSvc.dll
2009-12-27 16:31:14 ----A---- C:\Windows\system32\wshbth.dll
2009-12-27 16:31:14 ----A---- C:\Windows\system32\wlgpclnt.dll
2009-12-27 16:31:14 ----A---- C:\Windows\system32\Wldap32.dll
2009-12-27 16:31:14 ----A---- C:\Windows\system32\wlanui.dll
2009-12-27 16:31:14 ----A---- C:\Windows\system32\wlanpref.dll
2009-12-27 16:31:14 ----A---- C:\Windows\system32\wlangpui.dll
2009-12-27 16:31:14 ----A---- C:\Windows\system32\wisptis.exe
2009-12-27 16:31:14 ----A---- C:\Windows\system32\winrnr.dll
2009-12-27 16:31:14 ----A---- C:\Windows\system32\winresume.exe
2009-12-27 16:31:13 ----A---- C:\Windows\system32\wmpmde.dll
2009-12-27 16:31:13 ----A---- C:\Windows\system32\wmpeffects.dll
2009-12-27 16:31:13 ----A---- C:\Windows\system32\WMNetMgr.dll
2009-12-27 16:31:13 ----A---- C:\Windows\system32\winsrv.dll
2009-12-27 16:31:13 ----A---- C:\Windows\system32\WinSCard.dll
2009-12-27 16:31:13 ----A---- C:\Windows\system32\WinSAT.exe
2009-12-27 16:31:13 ----A---- C:\Windows\system32\winmm.dll
2009-12-27 16:31:13 ----A---- C:\Windows\system32\winlogon.exe
2009-12-27 16:31:13 ----A---- C:\Windows\system32\winload.exe
2009-12-27 16:31:12 ----A---- C:\Windows\system32\wmdrmsdk.dll
2009-12-27 16:31:09 ----A---- C:\Windows\system32\wmicmiplugin.dll
2009-12-27 16:31:09 ----A---- C:\Windows\system32\sud.dll
2009-12-27 16:31:09 ----A---- C:\Windows\system32\Storprop.dll
2009-12-27 16:31:09 ----A---- C:\Windows\system32\stobject.dll
2009-12-27 16:31:08 ----A---- C:\Windows\system32\srvsvc.dll
2009-12-27 16:31:08 ----A---- C:\Windows\system32\srcore.dll
2009-12-27 16:31:08 ----A---- C:\Windows\system32\srchadmin.dll
2009-12-27 16:31:06 ----A---- C:\Windows\system32\sysmain.dll
2009-12-27 16:31:05 ----A---- C:\Windows\system32\sysclass.dll
2009-12-27 16:31:05 ----A---- C:\Windows\system32\swprv.dll
2009-12-27 16:31:03 ----A---- C:\Windows\system32\SyncCenter.dll
2009-12-27 16:31:01 ----A---- C:\Windows\system32\smss.exe
2009-12-27 16:31:01 ----A---- C:\Windows\system32\SmiEngine.dll
2009-12-27 16:31:01 ----A---- C:\Windows\system32\SMBHelperClass.dll
2009-12-27 16:31:01 ----A---- C:\Windows\system32\SmartcardCredentialProvider.dll
2009-12-27 16:31:01 ----A---- C:\Windows\system32\slwmi.dll
2009-12-27 16:30:58 ----A---- C:\Windows\system32\slcc.dll
2009-12-27 16:30:58 ----A---- C:\Windows\system32\SLC.dll
2009-12-27 16:30:58 ----A---- C:\Windows\system32\shwebsvc.dll
2009-12-27 16:30:58 ----A---- C:\Windows\system32\shsvcs.dll
2009-12-27 16:30:56 ----A---- C:\Windows\system32\spoolss.dll
2009-12-27 16:30:56 ----A---- C:\Windows\system32\spinstall.exe
2009-12-27 16:30:56 ----A---- C:\Windows\system32\slwga.dll
2009-12-27 16:30:56 ----A---- C:\Windows\system32\SLUINotify.dll
2009-12-27 16:30:56 ----A---- C:\Windows\system32\SLUI.exe
2009-12-27 16:30:56 ----A---- C:\Windows\system32\SLsvc.exe
2009-12-27 16:30:56 ----A---- C:\Windows\system32\slmgr.vbs
2009-12-27 16:30:56 ----A---- C:\Windows\system32\SLLUA.exe
2009-12-27 16:30:56 ----A---- C:\Windows\system32\SLCommDlg.dll
2009-12-27 16:30:56 ----A---- C:\Windows\system32\slcinst.dll
2009-12-27 16:30:56 ----A---- C:\Windows\system32\SLCExt.dll
2009-12-27 16:30:55 ----A---- C:\Windows\system32\spp.dll
2009-12-27 16:30:55 ----A---- C:\Windows\system32\spoolsv.exe
2009-12-27 16:30:55 ----A---- C:\Windows\system32\spcmsg.dll
2009-12-27 16:30:51 ----A---- C:\Windows\system32\sperror.dll
2009-12-27 16:30:50 ----A---- C:\Windows\system32\spwizui.dll
2009-12-27 16:30:50 ----A---- C:\Windows\system32\spwinsat.dll
2009-12-27 16:30:49 ----A---- C:\Windows\system32\sqlsrv32.dll
2009-12-27 16:30:44 ----A---- C:\Windows\system32\spreview.exe
2009-12-27 16:30:36 ----A---- C:\Windows\system32\softkbd.dll
2009-12-27 16:30:36 ----A---- C:\Windows\system32\SndVol.exe
2009-12-27 16:30:30 ----A---- C:\Windows\system32\TSTheme.exe
2009-12-27 16:30:27 ----A---- C:\Windows\system32\TsWpfWrp.exe
2009-12-27 16:30:26 ----A---- C:\Windows\system32\zipfldr.dll
2009-12-27 16:30:26 ----A---- C:\Windows\system32\untfs.dll
2009-12-27 16:30:26 ----A---- C:\Windows\system32\tscupgrd.exe
2009-12-27 16:30:23 ----A---- C:\Windows\system32\umpnpmgr.dll
2009-12-27 16:30:23 ----A---- C:\Windows\system32\ulib.dll
2009-12-27 16:30:23 ----A---- C:\Windows\system32\uDWM.dll
2009-12-27 16:30:23 ----A---- C:\Windows\system32\systemcpl.dll
2009-12-27 16:30:15 ----A---- C:\Windows\system32\tsbyuv.dll
2009-12-27 16:30:15 ----A---- C:\Windows\system32\tquery.dll
2009-12-27 16:30:15 ----A---- C:\Windows\system32\tcpmon.dll
2009-12-27 16:30:15 ----A---- C:\Windows\system32\tcpipcfg.dll
2009-12-27 16:30:15 ----A---- C:\Windows\system32\taskeng.exe
2009-12-27 16:30:15 ----A---- C:\Windows\system32\tapisrv.dll
2009-12-27 16:30:14 ----A---- C:\Windows\system32\themeui.dll
2009-12-27 16:30:14 ----A---- C:\Windows\system32\themecpl.dll
2009-12-27 16:30:14 ----A---- C:\Windows\system32\thawbrkr.dll
2009-12-27 16:30:14 ----A---- C:\Windows\system32\termsrv.dll
2009-12-27 16:30:14 ----A---- C:\Windows\system32\taskcomp.dll
2009-12-27 16:27:34 ----D---- C:\Windows\system32\EventProviders
2009-12-27 15:57:41 ----D---- C:\Program Files\SystemRequirementsLab
2009-12-27 13:27:38 ----A---- C:\Windows\system32\TVWizudlg.exe
2009-12-27 13:27:38 ----A---- C:\Windows\system32\igfxtvcx.dll
2009-12-27 13:22:49 ----D---- C:\Windows\system32\x64
2009-12-27 13:21:09 ----D---- C:\Intel
2009-12-27 13:17:24 ----D---- C:\ProgramData\ma-config.com
2009-12-27 13:17:24 ----D---- C:\Program Files\ma-config.com
2009-12-27 13:02:15 ----A---- C:\Windows\ntbtlog.txt
2009-12-26 20:39:22 ----D---- C:\ProgramData\Electronic Arts
2009-12-26 20:35:31 ----D---- C:\Program Files\Microsoft WSE
2009-12-26 20:35:20 ----A---- C:\Windows\system32\d3dx9_31.dll
2009-12-26 20:16:25 ----D---- C:\Program Files\Electronic Arts
2009-12-20 09:39:44 ----A---- C:\Windows\system32\tzres.dll
2009-12-19 16:11:35 ----A---- C:\Windows\system32\msxml6.dll
2009-12-19 16:11:35 ----A---- C:\Windows\system32\msxml3.dll
2009-12-19 16:11:05 ----A---- C:\Windows\system32\winhttp.dll
2009-12-19 16:10:14 ----A---- C:\Windows\system32\mshtml.dll
2009-12-19 16:10:13 ----A---- C:\Windows\system32\ieframe.dll
2009-12-19 16:10:12 ----A---- C:\Windows\system32\wininet.dll
2009-12-19 16:10:12 ----A---- C:\Windows\system32\urlmon.dll
2009-12-19 16:10:12 ----A---- C:\Windows\system32\iertutil.dll
2009-12-19 16:10:11 ----A---- C:\Windows\system32\occache.dll
2009-12-19 16:10:11 ----A---- C:\Windows\system32\msfeeds.dll
2009-12-19 16:10:11 ----A---- C:\Windows\system32\iedkcs32.dll
2009-12-19 16:10:10 ----A---- C:\Windows\system32\msfeedssync.exe
2009-12-19 16:10:10 ----A---- C:\Windows\system32\msfeedsbs.dll
2009-12-19 16:10:10 ----A---- C:\Windows\system32\jsproxy.dll
2009-12-19 16:10:10 ----A---- C:\Windows\system32\ieUnatt.exe
2009-12-19 16:10:10 ----A---- C:\Windows\system32\ieui.dll
2009-12-19 16:10:10 ----A---- C:\Windows\system32\iesysprep.dll
2009-12-19 16:10:10 ----A---- C:\Windows\system32\iesetup.dll
2009-12-19 16:10:10 ----A---- C:\Windows\system32\iernonce.dll
2009-12-19 16:10:10 ----A---- C:\Windows\system32\iepeers.dll
2009-12-19 16:10:10 ----A---- C:\Windows\system32\ie4uinit.exe
2009-12-19 16:09:49 ----A---- C:\Windows\system32\nshhttp.dll
2009-12-19 16:09:49 ----A---- C:\Windows\system32\httpapi.dll
2009-12-19 16:09:00 ----A---- C:\Windows\system32\rastls.dll

======List of files/folders modified in the last 1 months======

2010-01-15 20:37:06 ----D---- C:\Windows\Temp
2010-01-15 20:35:54 ----D---- C:\Windows\winsxs
2010-01-15 20:35:54 ----D---- C:\Windows\System32
2010-01-15 20:35:42 ----D---- C:\Windows\system32\catroot
2010-01-15 20:35:29 ----D---- C:\Program Files\Windows Mail
2010-01-15 20:35:12 ----A---- C:\ProgramData\HPWALog.txt
2010-01-15 20:35:11 ----SHD---- C:\System Volume Information
2010-01-15 20:32:07 ----D---- C:\Program Files\Blue Coat K9 Web Protection
2010-01-15 20:31:54 ----HD---- C:\ProgramData
2010-01-15 20:31:50 ----A---- C:\ProgramData\hpqp.ini
2010-01-14 20:28:18 ----D---- C:\Windows\system32\catroot2
2010-01-14 20:27:24 ----D---- C:\Windows
2010-01-14 20:25:05 ----D---- C:\Windows\ModemLogs
2010-01-14 20:25:04 ----SD---- C:\Users\alissia\AppData\Roaming\Microsoft
2010-01-14 20:21:25 ----D---- C:\Windows\inf
2010-01-14 20:21:25 ----A---- C:\Windows\system32\PerfStringBackup.INI
2010-01-14 19:41:02 ----D---- C:\Windows\system32\drivers
2010-01-14 19:33:56 ----RD---- C:\Program Files
2010-01-14 17:04:05 ----D---- C:\Windows\Prefetch
2010-01-08 16:23:08 ----D---- C:\ProgramData\WildTangent
2010-01-08 16:20:21 ----D---- C:\Users\alissia\AppData\Roaming\Macromedia
2010-01-04 11:30:34 ----D---- C:\Windows\system32\WDI
2009-12-31 11:38:39 ----HD---- C:\Program Files\InstallShield Installation Information
2009-12-31 11:33:35 ----D---- C:\Windows\Minidump
2009-12-30 14:39:06 ----SD---- C:\Windows\Downloaded Program Files
2009-12-30 10:52:32 ----SHD---- C:\Windows\Installer
2009-12-29 10:31:16 ----D---- C:\Windows\rescache
2009-12-29 10:15:50 ----D---- C:\Windows\Microsoft.NET
2009-12-29 10:15:49 ----RSD---- C:\Windows\assembly
2009-12-29 10:13:26 ----D---- C:\Windows\system32\Tasks
2009-12-29 09:41:29 ----D---- C:\Windows\system32\wbem
2009-12-29 09:41:29 ----D---- C:\Windows\system32\it-IT
2009-12-29 09:41:29 ----D---- C:\Windows\system32\fr-FR
2009-12-29 09:41:29 ----D---- C:\Windows\system32\de-DE
2009-12-29 09:41:27 ----D---- C:\Windows\system32\zh-HK
2009-12-29 09:41:27 ----D---- C:\Windows\system32\uk-UA
2009-12-29 09:41:27 ----D---- C:\Windows\system32\sr-Latn-CS
2009-12-29 09:41:27 ----D---- C:\Windows\system32\sl-SI
2009-12-29 09:41:27 ----D---- C:\Windows\system32\pt-PT
2009-12-29 09:41:27 ----D---- C:\Windows\system32\pt-BR
2009-12-29 09:41:27 ----D---- C:\Windows\system32\pl-PL
2009-12-29 09:41:27 ----D---- C:\Windows\system32\nl-NL
2009-12-29 09:41:27 ----D---- C:\Windows\system32\ko-KR
2009-12-29 09:41:27 ----D---- C:\Windows\system32\hu-HU
2009-12-29 09:41:27 ----D---- C:\Windows\system32\hr-HR
2009-12-29 09:41:27 ----D---- C:\Windows\system32\he-IL
2009-12-29 09:41:27 ----D---- C:\Windows\system32\fi-FI
2009-12-29 09:41:27 ----D---- C:\Windows\system32\el-GR
2009-12-29 09:41:27 ----D---- C:\Windows\system32\bg-BG
2009-12-29 09:41:26 ----D---- C:\Windows\system32\zh-TW
2009-12-29 09:41:26 ----D---- C:\Windows\system32\zh-CN
2009-12-29 09:41:26 ----D---- C:\Windows\system32\tr-TR
2009-12-29 09:41:26 ----D---- C:\Windows\system32\th-TH
2009-12-29 09:41:26 ----D---- C:\Windows\system32\sv-SE
2009-12-29 09:41:26 ----D---- C:\Windows\system32\sk-SK
2009-12-29 09:41:26 ----D---- C:\Windows\system32\ru-RU
2009-12-29 09:41:26 ----D---- C:\Windows\system32\ro-RO
2009-12-29 09:41:26 ----D---- C:\Windows\system32\nb-NO
2009-12-29 09:41:26 ----D---- C:\Windows\system32\lv-LV
2009-12-29 09:41:26 ----D---- C:\Windows\system32\lt-LT
2009-12-29 09:41:26 ----D---- C:\Windows\system32\ja-JP
2009-12-29 09:41:26 ----D---- C:\Windows\system32\et-EE
2009-12-29 09:41:26 ----D---- C:\Windows\system32\es-ES
2009-12-29 09:41:26 ----D---- C:\Windows\system32\en-US
2009-12-29 09:41:26 ----D---- C:\Windows\system32\da-DK
2009-12-29 09:41:26 ----D---- C:\Windows\system32\cs-CZ
2009-12-29 09:41:26 ----D---- C:\Windows\system32\ar-SA
2009-12-27 16:57:52 ----SHD---- C:\boot
2009-12-27 16:51:24 ----D---- C:\Program Files\Windows Calendar
2009-12-27 16:51:24 ----D---- C:\Program Files\Movie Maker
2009-12-27 16:51:23 ----D---- C:\Program Files\Windows Sidebar
2009-12-27 16:51:23 ----D---- C:\Program Files\Windows Photo Gallery
2009-12-27 16:51:23 ----D---- C:\Program Files\Windows Media Player
2009-12-27 16:51:23 ----D---- C:\Program Files\Windows Collaboration
2009-12-27 16:51:23 ----D---- C:\Program Files\Internet Explorer
2009-12-27 16:51:23 ----D---- C:\Program Files\Common Files\System
2009-12-27 16:51:21 ----D---- C:\Windows\servicing
2009-12-27 16:51:21 ----D---- C:\Program Files\Windows Defender
2009-12-27 16:51:11 ----D---- C:\Windows\system32\XPSViewer
2009-12-27 16:51:11 ----D---- C:\Windows\IME
2009-12-27 16:51:06 ----D---- C:\Windows\system32\oobe
2009-12-27 16:51:06 ----D---- C:\Windows\system32\migration
2009-12-27 16:51:06 ----D---- C:\Windows\system32\fr
2009-12-27 16:51:05 ----D---- C:\Windows\system32\AdvancedInstallers
2009-12-27 16:51:03 ----D---- C:\Windows\system32\SLUI
2009-12-27 16:51:03 ----D---- C:\Windows\system32\setup
2009-12-27 16:51:01 ----D---- C:\Windows\system32\manifeststore
2009-12-27 16:50:59 ----D---- C:\Windows\system32\migwiz
2009-12-27 16:50:44 ----RSD---- C:\Windows\Fonts
2009-12-27 16:50:44 ----D---- C:\Windows\AppPatch
2009-12-27 16:50:36 ----D---- C:\Windows\system32\Boot
2009-12-27 13:27:37 ----D---- C:\Windows\system32\Lang
2009-12-27 13:27:36 ----D---- C:\Program Files\Intel
2009-12-26 20:35:17 ----D---- C:\Windows\Logs
2009-12-20 09:38:23 ----D---- C:\ProgramData\Microsoft Help
2009-12-19 15:48:18 ----D---- C:\Windows\system32\config
2009-12-19 15:48:14 ----D---- C:\Windows\Tasks
2009-12-19 15:48:14 ----D---- C:\Windows\system32\spool
2009-12-19 15:48:14 ----D---- C:\Windows\system32\Msdtc
2009-12-19 15:48:10 ----D---- C:\Windows\registration

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R1 bckd;bckd; C:\Windows\system32\drivers\bckd.sys [2009-01-14 72992]
R1 MpFilter;Microsoft Malware Protection Driver; C:\Windows\system32\DRIVERS\MpFilter.sys [2009-06-18 142832]
R3 athr;Atheros Extensible Wireless LAN device driver; C:\Windows\system32\DRIVERS\athr.sys [2008-12-19 1093120]
R3 CmBatt;Treiber für Microsoft-ACPI-Kontrollmethodenkompatible Batterie; C:\Windows\system32\DRIVERS\CmBatt.sys [2008-01-21 14208]
R3 GEARAspiWDM;GEAR ASPI Filter Driver; C:\Windows\system32\DRIVERS\GEARAspiWDM.sys [2009-05-18 26600]
R3 HpqKbFiltr;HpqKbFilter Driver; C:\Windows\system32\DRIVERS\HpqKbFiltr.sys [2007-06-18 16768]
R3 igfx;igfx; C:\Windows\system32\DRIVERS\igdkmd32.sys [2009-10-30 6226432]
R3 IntcHdmiAddService;Intel(R) High Definition Audio HDMI; C:\Windows\system32\drivers\IntcHdmi.sys [2009-07-10 122880]
R3 MpNWMon;Microsoft Malware Protection Network Driver; C:\Windows\system32\DRIVERS\MpNWMon.sys [2009-06-18 42480]
R3 RTL8169;Realtek 8169 NT Driver; C:\Windows\system32\DRIVERS\Rtlh86.sys [2008-12-23 138240]
R3 STHDA;IDT High Definition Audio CODEC; C:\Windows\system32\DRIVERS\stwrt.sys [2009-01-20 394240]
R3 SynTP;Synaptics TouchPad Driver; C:\Windows\system32\DRIVERS\SynTP.sys [2008-12-04 204976]
R3 usbvideo;Périphérique vidéo USB (WDM); C:\Windows\System32\Drivers\usbvideo.sys [2008-01-21 134016]
R3 WmiAcpi;Microsoft Windows Management Interface for ACPI; C:\Windows\system32\DRIVERS\wmiacpi.sys [2008-01-21 11264]
R3 WUDFRd;WUDFRd; C:\Windows\system32\DRIVERS\WUDFRd.sys [2008-01-21 83328]
S3 driverhardwarev2;driverhardwarev2; \??\C:\Program Files\ma-config.com\Drivers\driverhardwarev2.sys [2009-12-18 14336]
S3 drmkaud;Filtre de décodeur DRM (Noyau Microsoft); C:\Windows\system32\drivers\drmkaud.sys [2008-01-21 5632]
S3 ErrDev;Microsoft Hardware Error Device Driver; C:\Windows\system32\drivers\errdev.sys [2008-01-21 6656]
S3 HdAudAddService;Microsoft 1.1 UAA-Funktionstreiber für High Definition Audio-Dienst; C:\Windows\system32\drivers\HdAudio.sys [2006-11-02 235520]
S3 hwdatacard;Huawei DataCard USB Modem and USB Serial; C:\Windows\system32\DRIVERS\ewusbmdm.sys [2008-03-17 101632]
S3 MSKSSRV;Microsoft Streaming Service Proxy; C:\Windows\system32\drivers\MSKSSRV.sys [2008-01-21 8192]
S3 MSPCLOCK;Microsoft Proxy für Streaming Clock; C:\Windows\system32\drivers\MSPCLOCK.sys [2008-01-21 5888]
S3 MSPQM;Microsoft Proxy für Streaming Quality Manager; C:\Windows\system32\drivers\MSPQM.sys [2008-01-21 5504]
S3 MSTEE;Microsoft Streaming Tee/Sink-to-Sink-Konvertierung; C:\Windows\system32\drivers\MSTEE.sys [2008-01-21 6016]
S3 NETw3v32;Intel(R) PRO/Wireless 3945ABG Adapter Driver for Windows Vista 32 Bit; C:\Windows\system32\DRIVERS\NETw3v32.sys [2008-01-21 2225664]
S3 RTSTOR;Realtek USB 2.0 Card Reader; C:\Windows\system32\drivers\RTSTOR.SYS [2008-12-29 60416]
S3 sdbus;sdbus; C:\Windows\system32\DRIVERS\sdbus.sys [2008-01-21 88576]
S3 yukonwlh;NDIS6.0 Miniport Driver for Marvell Yukon Ethernet Controller; C:\Windows\system32\DRIVERS\yk60x86.sys [2006-11-02 194048]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 AESTFilters;Andrea ST Filters Service; C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_fa807195\aestsrv.exe [2009-01-20 81920]
R2 Apple Mobile Device;Apple Mobile Device; C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe [2009-08-28 144672]
R2 bckwfs;Blue Coat K9 Web Protection; C:\Program Files\Blue Coat K9 Web Protection\k9filter.exe [2009-01-14 1078560]
R2 Bonjour Service;Service Bonjour; C:\Program Files\Bonjour\mDNSResponder.exe [2008-12-12 238888]
R2 ezSharedSvc;Easybits Shared Services for Windows; C:\Windows\system32\svchost.exe [2008-01-21 21504]
R2 HP Health Check Service;HP Health Check Service; c:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe [2008-10-09 94208]
R2 LightScribeService;LightScribeService Direct Disc Labeling Service; C:\Program Files\Common Files\LightScribe\LSSrvc.exe [2008-06-09 73728]
R2 MsMpSvc;@c:\Program Files\Microsoft Security Essentials\MpAsDesc.dll,-241; c:\Program Files\Microsoft Security Essentials\MsMpEng.exe [2009-07-02 17904]
R2 Recovery Service for Windows;Recovery Service for Windows; C:\Program Files\SMINST\BLService.exe [2008-12-23 365952]
R2 RichVideo;Cyberlink RichVideo Service(CRVS); C:\Program Files\CyberLink\Shared files\RichVideo.exe [2008-11-26 247152]
R2 SeaPort;SeaPort; C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe [2009-05-19 240512]
R2 STacSV;Audio Service; C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_fa807195\STacSV.exe [2009-01-20 249938]
R3 Com4QLBEx;Com4QLBEx; C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe [2008-12-04 222512]
R3 hpqwmiex;hpqwmiex; C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe [2008-10-23 223232]
R3 iPod Service;Service de l’iPod; C:\Program Files\iPod\bin\iPodService.exe [2009-09-21 545568]
S3 FontCache;@%systemroot%\system32\FntCache.dll,-100; C:\Windows\system32\svchost.exe [2008-01-21 21504]
S3 GameConsoleService;GameConsoleService; C:\Program Files\HP Games\My HP Game Console\GameConsoleService.exe [2008-05-05 165416]
S3 maconfservice;Ma-Config Service; C:\Program Files\ma-config.com\maconfservice.exe [2009-12-17 243056]
S3 odserv;Microsoft Office Diagnostics Service; C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE [2008-11-04 441712]
S3 ose;Office Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2006-10-26 145184]

-----------------EOF-----------------
BUS
 
Messages: 42
Inscription: 28 Juil 2003 20:14
Localisation: CH / NE - 2025

Re: Infection virale demande d'analyse

Messagepar Falkra » 16 Jan 2010 14:28

Peux-tu regarder ce qui se trouve dans ce dossier ?
C:\Windows\system32\x64

Tu peux avoir besoin d'afficher les fichiers cachés et masqués du système, temporairement, pour voir le dossier dans l'explorateur.
Avatar de l’utilisateur
Falkra
Admin libellules.ch
Admin libellules.ch
 
Messages: 25882
Inscription: 30 Jan 2005 13:44
Localisation: 127.0.0.1

Re: Infection virale demande d'analyse

Messagepar BUS » 16 Jan 2010 23:02

Le dossier en question est vide !
BUS
 
Messages: 42
Inscription: 28 Juil 2003 20:14
Localisation: CH / NE - 2025

Suivante

Retourner vers Désinfections et demandes d'analyse

Qui est en ligne

Utilisateurs parcourant ce forum: Aucun utilisateur enregistré et 0 invités