Infection MSN "foto haha"

[Total Rigole]

Bonjour

windows live mail est infecté par un virus "fota haha" et des messages sont envoyés à chaque connexion.

Je suis sous vista 64 bits et MSNFix ne fonctionne pas. J'ai essayé differentes solutions sans succès.

Je joins le dernier rapport hijackThis en esperant une solution.

Pour l'instant j'ai oté mon mot de passe pour eviter les connexions et propagation.

 

 

 

 

 

 

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 14:45:01, on 27/03/2009

Platform: Windows Vista SP2, v.286 (WinNT 6.00.1906)

MSIE: Internet Explorer v7.00 (7.00.6002.16670)

Boot mode: Normal

 

Running processes:

C:\Windows\vVX1000.exe

C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedhlp.exe

C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe

C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe

C:\Program Files (x86)\MSI\Live Update 3\LMonitor.exe

C:\Program Files (x86)\Lavasoft\Ad-Aware\AAWTray.exe

C:\Program Files (x86)\Acronis\TrueImageHome\TrueImageMonitor.exe

C:\Program Files (x86)\Acronis\TrueImageHome\TimounterMonitor.exe

C:\Users\TOTALR~1\LOCALS~1\APPLIC~1\ieudinit.exe

C:\Program Files (x86)\MSI\DualCoreCenter\DualCoreCenter.exe

C:\Program Files\Logitech\SetPoint\x86\SetPoint32.exe

C:\Program Files (x86)\HP\Digital Imaging\bin\hpqSTE08.exe

C:\Program Files (x86)\HP\Digital Imaging\bin\hpqbam08.exe

C:\Program Files (x86)\Windows Live\Contacts\wlcomm.exe

C:\Program Files (x86)\HP\Digital Imaging\bin\hpqgpc01.exe

E:\Outil Jack\jackoutil\Jackoutil 2.02.exe

 

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =

R3 - URLSearchHook: (no name) - {fed66dc5-1b74-4a04-8f5c-15c5ace2b9a5} - (no file)

F3 - REG:win.ini: load=C:\Users\TOTALR~1\LOCALS~1\APPLIC~1\ieudinit.exe

O1 - Hosts: ::1 localhost

O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~2\MICROS~1\Office12\GRA8E1~1.DLL

O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar.dll

O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files (x86)\Google\GoogleToolbarNotifier\5.0.926.3450\swg.dll

O2 - BHO: Google Dictionary Compression sdch - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Program Files (x86)\Google\Google Toolbar\Component\fastsearch_219B3E1547538286.dll

O2 - BHO: HP Smart BHO Class - {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll

O3 - Toolbar: &Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar.dll

O4 - HKLM\..\Run: [JMB36X IDE Setup] C:\Windows\RaidTool\xInsIDE.exe

O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe"

O4 - HKLM\..\Run: [hpqSRMon] C:\Program Files (x86)\HP\Digital Imaging\bin\hpqSRMon.exe

O4 - HKLM\..\Run: [LiveMonitor] "C:\Program Files (x86)\MSI\Live Update 3\LMonitor.exe"

O4 - HKLM\..\Run: [DelReg] "C:\Program Files (x86)\MSI\DualCoreCenter\DelReg.exe"

O4 - HKLM\..\Run: [LifeCam] "C:\Program Files (x86)\Microsoft LifeCam\LifeExp.exe"

O4 - HKLM\..\Run: [Ad-Watch] "C:\Program Files (x86)\Lavasoft\Ad-Aware\AAWTray.exe"

O4 - HKLM\..\Run: [TrueImageMonitor.exe] C:\Program Files (x86)\Acronis\TrueImageHome\TrueImageMonitor.exe

O4 - HKLM\..\Run: [AcronisTimounterMonitor] C:\Program Files (x86)\Acronis\TrueImageHome\TimounterMonitor.exe

O4 - HKLM\..\Run: [Malwarebytes' Anti-Malware] "C:\Program Files (x86)\add-u\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray

O4 - HKCU\..\Run: [sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun

O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe" /background

O4 - HKCU\..\Run: [swg] C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

O4 - HKCU\..\Run: [AlcoholAutomount] "C:\Program Files (x86)\Add\Alcohol Soft\Alcohol 120\axcmd.exe" /automount

O4 - HKCU\..\Run: [nodenable] C:\Program Files\eset\nodenable.exe

O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe

O4 - HKLM\..\Policies\Explorer\Run: [MqtgSVC] C:\Windows\System\mqtgsvc.exe /waitservice

O4 - HKLM\..\Policies\Explorer\Run: [sessMgr] C:\Windows\System\sessmgr.exe /waitservice

O4 - HKLM\..\Policies\Explorer\Run: [Esent Utl] C:\Windows\System\esentutl.exe /waitservice

O4 - HKCU\..\Policies\Explorer\Run: [DllHst] C:\Users\TOTALR~1\AppData\Roaming\MICROS~1\dllhst3g.exe /waitservice

O4 - HKUS\S-1-5-19\..\Run: [sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'SERVICE LOCAL')

O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'SERVICE LOCAL')

O4 - HKUS\S-1-5-20\..\Run: [sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'SERVICE RÉSEAU')

O4 - HKUS\S-1-5-18\..\Policies\Explorer\Run: [ClipSrv] C:\Windows\System32\drivers\clipsrv.exe /waitservice (User 'SYSTEM')

O4 - HKUS\.DEFAULT\..\Policies\Explorer\Run: [ClipSrv] C:\Windows\System32\drivers\clipsrv.exe /waitservice (User 'Default user')

O4 - Global Startup: DualCoreCenter.lnk = C:\Program Files (x86)\MSI\DualCoreCenter\StartUpDualCoreCenter.exe

O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe

O4 - Global Startup: Logitech SetPoint.lnk = ?

O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~2\MICROS~1\Office12\EXCEL.EXE/3000

O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~2\MICROS~1\Office12\REFIEBAR.DLL

O9 - Extra button: Sélection intelligente HP - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll

O13 - Gopher Prefix:

O16 - DPF: {56762DEC-6B0D-4AB4-A8AD-989993B5D08B} (OnlineScanner Control) - http://www.eset.eu/buxus/docs/OnlineScanner.cab

O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shoc...ash/swflash.cab

O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~2\MICROS~1\Office12\GR99D3~1.DLL

O23 - Service: Acronis Scheduler2 Service (AcrSch2Svc) - Acronis - C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedul2.exe

O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)

O23 - Service: Service d'état ASP.NET (aspnet_state) - Unknown owner - C:\Windows\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe (file missing)

O23 - Service: @dfsrres.dll,-101 (DFSR) - Unknown owner - C:\Windows\system32\DFSR.exe (file missing)

O23 - Service: ESET HTTP Server (EhttpSrv) - ESET - C:\Program Files\ESET\ESET NOD32 Antivirus\EHttpSrv.exe

O23 - Service: ESET Service (ekrn) - ESET - C:\Program Files\ESET\ESET NOD32 Antivirus\x86\ekrn.exe

O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing)

O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files (x86)\Google\Common\Google Updater\GoogleUpdaterService.exe

O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)

O23 - Service: Lavasoft Ad-Aware Service - Lavasoft - C:\Program Files (x86)\Lavasoft\Ad-Aware\AAWService.exe

O23 - Service: Logitech Bluetooth Service (LBTServ) - Logitech, Inc. - C:\Program Files\Common Files\Logishrd\Bluetooth\LBTServ.exe

O23 - Service: MBAMService - Malwarebytes Corporation - C:\Program Files (x86)\add-u\Malwarebytes' Anti-Malware\mbamservice.exe

O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)

O23 - Service: Nero BackItUp Scheduler 4.0 - Nero AG - C:\Program Files (x86)\Common Files\Nero\Nero BackItUp 4\NBService.exe

O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)

O23 - Service: NVIDIA Display Driver Service (nvsvc) - Unknown owner - C:\Windows\system32\nvvsvc.exe (file missing)

O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)

O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)

O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)

O23 - Service: @%SystemRoot%\system32\SLsvc.exe,-101 (slsvc) - Unknown owner - C:\Windows\system32\SLsvc.exe (file missing)

O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)

O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)

O23 - Service: StarWind AE Service (StarWindServiceAE) - Rocket Division Software - C:\Program Files (x86)\Add\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe

O23 - Service: @%SystemRoot%\System32\TuneUpDefragService.exe,-1 (TuneUp.Defrag) - Unknown owner - C:\Windows\System32\TuneUpDefragService.exe (file missing)

O23 - Service: @%SystemRoot%\System32\TUProgSt.exe,-1 (TuneUp.ProgramStatisticsSvc) - Unknown owner - C:\Windows\System32\TUProgSt.exe (file missing)

O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)

O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)

O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)

O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)

O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)

O23 - Service: @%ProgramFiles%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)

 

--

End of file - 10653 bytes

[pear]

Bonjour,

 

Je suis très surpris par la quantité de O23(les services) notés file missing.

 

Vista 64 !

 

Tentez ceci qui parait fonctionner:

Téléchargez Malwarebytes' Anti-Malware (MBAM)

[branchez tous les supports amovibles avant de faire ce scan (clé usb/disque dur externe etc)

Si vous utilisez Spybot

Pour désactiver TeaTimer qui ne set à rien et peut faire échouer une désinfection:!

Afficher d'abord le Mode Avancé dans SpyBot

->Options Avancées :

- >menu Mode, Mode Avancé.

Une colonne de menus apparaît dans la partie gauche :

- >cliquer sur Outils,

- >cliquer sur Résident,

Dans Résident :

- >décocher Résident "TeaTimer" pour le désactiver.

* Double cliquez sur l'icône Download_mbam-setup.exe pour lancer le processus d'installation.

Enregistrez le sur le bureau .

Fermer toutes les fenêtres et programmes

Suivez les indications (en particulier le choix de la langue et l'autorisation d'accession à Internet)

N'apportez aucune modification aux réglages par défaut et, en fin d'installation,

Vérifiez que les options Update Malwarebytes' Anti-Malware et Launch Malwarebytes' Anti-Malware sont cochées

MBAM démarrera automatiquement et enverra un message demandant à mettre à jour le programme avant de lancer une analyse.

cliquer sur OK pour fermer la boîte de dialogue..

Si la mise à jour automatique échouait pour une raison quelconque,par exemple une installation de Mbam sur clé usb,

Téléchargez la mise à jour ici

double-cliquer sur le fichier mbam-rules.exe pour installer la mise à jour

 

* Dans l'onglet "mise à jour", cliquez sur le bouton Recherche de mise à jour:

Si le pare-feu demande l'autorisation à MBAM de se connecter, acceptez.

* Une fois la mise à jour terminée, allez dans l'onglet Recherche.

* Sélectionnez "Exécuter un examen complet"

* Cliquez sur "Rechercher"

* .L' analyse prendra un certain temps, soyez patient !

* A la fin , un message affichera :

L'examen s'est terminé normalement.

 

*Si MBAM n'a rien trouvé, il le dira aussi.

Cliquez sur "Ok" pour poursuivre.

*Fermez les navigateurs.

Cliquez sur Afficher les résultats .

 

*Sélectionnez tout et cliquez sur Supprimer la sélection ,

MBAM va détruire les fichiers et clés de registre et en mettre une copie dans la quarantaine.

puis ouvrir le Bloc-notes et y copier le rapport d'analyse qui peut être retrouvé sous l'onglet Rapports/logs.

* Copiez-collez ce rapport dans la prochaine réponse.

Modifié le 27 mars 2009 par pear

[steffen38]

bonjour

coche c ligne sur hijack et fix checked

 

C:\Users\TOTALR~1\LOCALS~1\APPLIC~1\ieudinit.exe

F3 - REG:win.ini: load=C:\Users\TOTALR~1\LOCALS~1\APPLIC~1\ieudinit.exe

O4 - HKLM\..\Policies\Explorer\Run: [MqtgSVC] C:\Windows\System\mqtgsvc.exe /waitservice

O4 - HKLM\..\Policies\Explorer\Run: [sessMgr] C:\Windows\System\sessmgr.exe /waitservice

O4 - HKLM\..\Policies\Explorer\Run: [Esent Utl] C:\Windows\System\esentutl.exe /waitservice

 

excuse moi pear je n avais pas vu que tu avais repondu

[Total Rigole]

Bonjour,

 

Je suis très surpris par la quantité de O23(les services) notés file missing.

 

Vista 64 !

 

Tentez ceci qui parait fonctionner:

Téléchargez Malwarebytes' Anti-Malware (MBAM)

[branchez tous les supports amovibles avant de faire ce scan (clé usb/disque dur externe etc)

Si vous utilisez Spybot

Pour désactiver TeaTimer qui ne set à rien et peut faire échouer une désinfection:!

Afficher d'abord le Mode Avancé dans SpyBot

->Options Avancées :

- >menu Mode, Mode Avancé.

Une colonne de menus apparaît dans la partie gauche :

- >cliquer sur Outils,

- >cliquer sur Résident,

Dans Résident :

- >décocher Résident "TeaTimer" pour le désactiver.

* Double cliquez sur l'icône Download_mbam-setup.exe pour lancer le processus d'installation.

Enregistrez le sur le bureau .

Fermer toutes les fenêtres et programmes

Suivez les indications (en particulier le choix de la langue et l'autorisation d'accession à Internet)

N'apportez aucune modification aux réglages par défaut et, en fin d'installation,

Vérifiez que les options Update Malwarebytes' Anti-Malware et Launch Malwarebytes' Anti-Malware sont cochées

MBAM démarrera automatiquement et enverra un message demandant à mettre à jour le programme avant de lancer une analyse.

cliquer sur OK pour fermer la boîte de dialogue..

Si la mise à jour automatique échouait pour une raison quelconque,par exemple une installation de Mbam sur clé usb,

Téléchargez la mise à jour ici

double-cliquer sur le fichier mbam-rules.exe pour installer la mise à jour

 

* Dans l'onglet "mise à jour", cliquez sur le bouton Recherche de mise à jour:

Si le pare-feu demande l'autorisation à MBAM de se connecter, acceptez.

* Une fois la mise à jour terminée, allez dans l'onglet Recherche.

* Sélectionnez "Exécuter un examen complet"

* Cliquez sur "Rechercher"

* .L' analyse prendra un certain temps, soyez patient !

* A la fin , un message affichera :

L'examen s'est terminé normalement.

 

*Si MBAM n'a rien trouvé, il le dira aussi.

Cliquez sur "Ok" pour poursuivre.

*Fermez les navigateurs.

Cliquez sur Afficher les résultats .

 

*Sélectionnez tout et cliquez sur Supprimer la sélection ,

MBAM va détruire les fichiers et clés de registre et en mettre une copie dans la quarantaine.

puis ouvrir le Bloc-notes et y copier le rapport d'analyse qui peut être retrouvé sous l'onglet Rapports/logs.

* Copiez-collez ce rapport dans la prochaine réponse.

 

 

Merci pour la reponse rapide

 

J'ai desactive Ad-Aware "ad watch live"

J'ai desactivé Nod32

j'ai lancé MalwareBytes voici le log

 

 

Malwarebytes' Anti-Malware 1.35

Version de la base de données: 1905

Windows 6.0.6002 Service Pack 2, v.286

 

27/03/2009 17:00:53

mbam-log-2009-03-27 (17-00-53).txt

 

Type de recherche: Examen complet (C:\|)

Eléments examinés: 188075

Temps écoulé: 18 minute(s), 27 second(s)

 

Processus mémoire infecté(s): 0

Module(s) mémoire infecté(s): 0

Clé(s) du Registre infectée(s): 0

Valeur(s) du Registre infectée(s): 0

Elément(s) de données du Registre infecté(s): 0

Dossier(s) infecté(s): 0

Fichier(s) infecté(s): 0

 

Processus mémoire infecté(s):

(Aucun élément nuisible détecté)

 

Module(s) mémoire infecté(s):

(Aucun élément nuisible détecté)

 

Clé(s) du Registre infectée(s):

(Aucun élément nuisible détecté)

 

Valeur(s) du Registre infectée(s):

(Aucun élément nuisible détecté)

 

Elément(s) de données du Registre infecté(s):

(Aucun élément nuisible détecté)

 

Dossier(s) infecté(s):

(Aucun élément nuisible détecté)

 

Fichier(s) infecté(s):

(Aucun élément nuisible détecté)

[Total Rigole]

bonjour

coche c ligne sur hijack et fix checked

 

C:\Users\TOTALR~1\LOCALS~1\APPLIC~1\ieudinit.exe

F3 - REG:win.ini: load=C:\Users\TOTALR~1\LOCALS~1\APPLIC~1\ieudinit.exe

O4 - HKLM\..\Policies\Explorer\Run: [MqtgSVC] C:\Windows\System\mqtgsvc.exe /waitservice

O4 - HKLM\..\Policies\Explorer\Run: [sessMgr] C:\Windows\System\sessmgr.exe /waitservice

O4 - HKLM\..\Policies\Explorer\Run: [Esent Utl] C:\Windows\System\esentutl.exe /waitservice

 

excuse moi pear je n avais pas vu que tu avais repondu

 

 

J'ai fait et apres un nouveau Hijackthis

 

 

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 17:08:01, on 27/03/2009

Platform: Windows Vista SP2, v.286 (WinNT 6.00.1906)

MSIE: Internet Explorer v7.00 (7.00.6002.16670)

Boot mode: Normal

 

Running processes:

C:\Windows\vVX1000.exe

C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedhlp.exe

C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe

C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe

C:\Program Files (x86)\MSI\Live Update 3\LMonitor.exe

C:\Program Files (x86)\Lavasoft\Ad-Aware\AAWTray.exe

C:\Program Files (x86)\Acronis\TrueImageHome\TrueImageMonitor.exe

C:\Program Files (x86)\Acronis\TrueImageHome\TimounterMonitor.exe

C:\Users\TOTALR~1\LOCALS~1\APPLIC~1\ieudinit.exe

C:\Program Files (x86)\MSI\DualCoreCenter\DualCoreCenter.exe

C:\Program Files\Logitech\SetPoint\x86\SetPoint32.exe

C:\Program Files (x86)\HP\Digital Imaging\bin\hpqSTE08.exe

C:\Program Files (x86)\HP\Digital Imaging\bin\hpqbam08.exe

C:\Program Files (x86)\Windows Live\Contacts\wlcomm.exe

C:\Program Files (x86)\HP\Digital Imaging\bin\hpqgpc01.exe

C:\Program Files (x86)\Internet Explorer\iexplore.exe

C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_clipbook.exe

C:\Program Files (x86)\add-u\Malwarebytes' Anti-Malware\mbam.exe

C:\Users\TOTALR~1\AppData\Local\Temp\~temp\hmunmlcn88\svchost.exe

E:\Outil Jack\jackoutil\Jackoutil 2.02.exe

 

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =

R3 - URLSearchHook: (no name) - {fed66dc5-1b74-4a04-8f5c-15c5ace2b9a5} - (no file)

O1 - Hosts: ::1 localhost

O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~2\MICROS~1\Office12\GRA8E1~1.DLL

O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar.dll

O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files (x86)\Google\GoogleToolbarNotifier\5.0.926.3450\swg.dll

O2 - BHO: Google Dictionary Compression sdch - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Program Files (x86)\Google\Google Toolbar\Component\fastsearch_219B3E1547538286.dll

O2 - BHO: HP Smart BHO Class - {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll

O3 - Toolbar: &Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar.dll

O4 - HKLM\..\Run: [JMB36X IDE Setup] C:\Windows\RaidTool\xInsIDE.exe

O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe"

O4 - HKLM\..\Run: [hpqSRMon] C:\Program Files (x86)\HP\Digital Imaging\bin\hpqSRMon.exe

O4 - HKLM\..\Run: [LiveMonitor] "C:\Program Files (x86)\MSI\Live Update 3\LMonitor.exe"

O4 - HKLM\..\Run: [DelReg] "C:\Program Files (x86)\MSI\DualCoreCenter\DelReg.exe"

O4 - HKLM\..\Run: [LifeCam] "C:\Program Files (x86)\Microsoft LifeCam\LifeExp.exe"

O4 - HKLM\..\Run: [Ad-Watch] "C:\Program Files (x86)\Lavasoft\Ad-Aware\AAWTray.exe"

O4 - HKLM\..\Run: [TrueImageMonitor.exe] C:\Program Files (x86)\Acronis\TrueImageHome\TrueImageMonitor.exe

O4 - HKLM\..\Run: [AcronisTimounterMonitor] C:\Program Files (x86)\Acronis\TrueImageHome\TimounterMonitor.exe

O4 - HKLM\..\Run: [Malwarebytes' Anti-Malware] "C:\Program Files (x86)\add-u\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray

O4 - HKLM\..\RunOnce: [Malwarebytes Anti-Malware (reboot)] "C:\Program Files (x86)\Add-U\Malwarebytes' Anti-Malware\mbam.exe" /runcleanupscript

O4 - HKCU\..\Run: [sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun

O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe" /background

O4 - HKCU\..\Run: [swg] C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

O4 - HKCU\..\Run: [AlcoholAutomount] "C:\Program Files (x86)\Add\Alcohol Soft\Alcohol 120\axcmd.exe" /automount

O4 - HKCU\..\Run: [nodenable] C:\Program Files\eset\nodenable.exe

O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe

O4 - HKCU\..\Policies\Explorer\Run: [DllHst] C:\Users\TOTALR~1\AppData\Roaming\MICROS~1\dllhst3g.exe /waitservice

O4 - HKUS\S-1-5-19\..\Run: [sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'SERVICE LOCAL')

O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'SERVICE LOCAL')

O4 - HKUS\S-1-5-20\..\Run: [sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'SERVICE RÉSEAU')

O4 - HKUS\S-1-5-18\..\Policies\Explorer\Run: [ClipSrv] C:\Windows\System32\drivers\clipsrv.exe /waitservice (User 'SYSTEM')

O4 - HKUS\.DEFAULT\..\Policies\Explorer\Run: [ClipSrv] C:\Windows\System32\drivers\clipsrv.exe /waitservice (User 'Default user')

O4 - Global Startup: DualCoreCenter.lnk = C:\Program Files (x86)\MSI\DualCoreCenter\StartUpDualCoreCenter.exe

O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe

O4 - Global Startup: Logitech SetPoint.lnk = ?

O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~2\MICROS~1\Office12\EXCEL.EXE/3000

O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~2\MICROS~1\Office12\REFIEBAR.DLL

O9 - Extra button: Sélection intelligente HP - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll

O13 - Gopher Prefix:

O16 - DPF: {56762DEC-6B0D-4AB4-A8AD-989993B5D08B} (OnlineScanner Control) - http://www.eset.eu/buxus/docs/OnlineScanner.cab

O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shoc...ash/swflash.cab

O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~2\MICROS~1\Office12\GR99D3~1.DLL

O23 - Service: Acronis Scheduler2 Service (AcrSch2Svc) - Acronis - C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedul2.exe

O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)

O23 - Service: Service d'état ASP.NET (aspnet_state) - Unknown owner - C:\Windows\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe (file missing)

O23 - Service: @dfsrres.dll,-101 (DFSR) - Unknown owner - C:\Windows\system32\DFSR.exe (file missing)

O23 - Service: ESET HTTP Server (EhttpSrv) - ESET - C:\Program Files\ESET\ESET NOD32 Antivirus\EHttpSrv.exe

O23 - Service: ESET Service (ekrn) - ESET - C:\Program Files\ESET\ESET NOD32 Antivirus\x86\ekrn.exe

O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing)

O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files (x86)\Google\Common\Google Updater\GoogleUpdaterService.exe

O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)

O23 - Service: Lavasoft Ad-Aware Service - Lavasoft - C:\Program Files (x86)\Lavasoft\Ad-Aware\AAWService.exe

O23 - Service: Logitech Bluetooth Service (LBTServ) - Logitech, Inc. - C:\Program Files\Common Files\Logishrd\Bluetooth\LBTServ.exe

O23 - Service: MBAMService - Malwarebytes Corporation - C:\Program Files (x86)\add-u\Malwarebytes' Anti-Malware\mbamservice.exe

O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)

O23 - Service: Nero BackItUp Scheduler 4.0 - Nero AG - C:\Program Files (x86)\Common Files\Nero\Nero BackItUp 4\NBService.exe

O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)

O23 - Service: NVIDIA Display Driver Service (nvsvc) - Unknown owner - C:\Windows\system32\nvvsvc.exe (file missing)

O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)

O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)

O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)

O23 - Service: @%SystemRoot%\system32\SLsvc.exe,-101 (slsvc) - Unknown owner - C:\Windows\system32\SLsvc.exe (file missing)

O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)

O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)

O23 - Service: StarWind AE Service (StarWindServiceAE) - Rocket Division Software - C:\Program Files (x86)\Add\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe

O23 - Service: @%SystemRoot%\System32\TuneUpDefragService.exe,-1 (TuneUp.Defrag) - Unknown owner - C:\Windows\System32\TuneUpDefragService.exe (file missing)

O23 - Service: @%SystemRoot%\System32\TUProgSt.exe,-1 (TuneUp.ProgramStatisticsSvc) - Unknown owner - C:\Windows\System32\TUProgSt.exe (file missing)

O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)

O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)

O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)

O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)

O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)

O23 - Service: @%ProgramFiles%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)

 

--

End of file - 10721 bytes

Modifié le 27 mars 2009 par Total Rigole

[Total Rigole]

J'ai supprimé

 

C:\Users\TOTALR~1\LOCALS~1\APPLIC~1\ieudinit.exe

F3 - REG:win.ini: load=C:\Users\TOTALR~1\LOCALS~1\APPLIC~1\ieudinit.exe

O4 - HKLM\..\Policies\Explorer\Run: [MqtgSVC] C:\Windows\System\mqtgsvc.exe /waitservice

O4 - HKLM\..\Policies\Explorer\Run: [sessMgr] C:\Windows\System\sessmgr.exe /waitservice

O4 - HKLM\..\Policies\Explorer\Run: [Esent Utl] C:\Windows\System\esentutl.exe /waitservice

Modifié le 27 mars 2009 par Total Rigole

[steffen38]

je suis desole mais je nai pas le droit de continuer (je ne fais pas parti de la secu ils vont t ecrire t inquiete pas)

mais telecharge ccleaner

et change ton code sur window live mail

[Gof]

Bonsoir tout le monde,

 

Désolé Total Rigole, je ne fais que passer.

 

steffen38, je t'ai dit que tu n'avais pas le droit d'intervenir, et tu interviens pour dire que tu n'en as pas le droit et intervenir malgré tout... Sans doute le MP n'était-il pas assez clair je suppose.

[Gof]

Rebonsoir Total Rigole

 

Nous allons continuer ensemble si tu le veux bien. Vista 64b est un système un peu particulier, sur lequel ne tourne pas tous nos outils habituels. On va donc employer un outil qui normalement fonctionne bien sous ce système.

 

Télécharge OTListIt2 (de Old Timer) sur ton Bureau :

http://oldtimer.geekstogo.com/OTListIt2.exe

 

- Fais un clic droit sur le fichier et choisis "Exécuter en tant qu'administrateur"

- L'outil se lancera ;

- Dans la fenêtre qui apparaît, ne modifie aucun réglage sauf "Extra Registry" que tu dois modifier en activant "Use SafeList"

- Coche également "Scan All Users" (au haut à gauche)

- Clique maintenant sur le bouton "Run Scan"

- L'analyse ne durera que quelques minutes tout au plus. Laisse l'outil tourner sans interruption.

- Un rapport apparaîtra à l'écran : copie/colle son contenu ici, dans ta réponse.

 

A bientôt.

[Total Rigole]

Ok j'ai chargé et lancé comme decrit ce logicel dont voici le compte rendu.

Ad-Awre Watct list et Nod32 V4 étant en fonction

 

OTListIt logfile created on: 27/03/2009 18:54:45 - Run 1

OTListIt2 by OldTimer - Version 2.0.7.2 Folder = C:\Infection msn

Windows Vista Ultimate Edition Service Pack 2, v.286 (Version = 6.0.6002) - Type = NTWorkstation

Internet Explorer (Version = 7.0.6002.16670)

Locale: 0000040c | Country: France | Language: FRA | Date Format: dd/MM/yyyy

 

4,00 Gb Total Physical Memory | 2,05 Gb Available Physical Memory | 51,19% Memory free

4,00 Gb Paging File | 4,00 Gb Available in Paging File | 100,00% Paging File free

Paging file location(s): c:\pagefile.sys 4500 4500;

 

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)

Drive C: | 80,01 Gb Total Space | 36,88 Gb Free Space | 46,09% Space Free | Partition Type: NTFS

Drive D: | 106,30 Gb Total Space | 75,73 Gb Free Space | 71,24% Space Free | Partition Type: NTFS

Drive E: | 43,96 Gb Total Space | 29,47 Gb Free Space | 67,04% Space Free | Partition Type: NTFS

Drive F: | 77,35 Gb Total Space | 49,33 Gb Free Space | 63,78% Space Free | Partition Type: NTFS

Drive G: | 47,09 Mb Total Space | 0,00 Mb Free Space | 0,00% Space Free | Partition Type: CDFS

Drive H: | 516,00 Mb Total Space | 484,11 Mb Free Space | 93,82% Space Free | Partition Type: UDF

I: Drive not present or media not loaded

Drive Z: | 85,00 Gb Total Space | 42,99 Gb Free Space | 50,58% Space Free | Partition Type: NTFS

 

Computer Name: PC-DE-TOTALRIGO

Current User Name: Total Rigole

Logged in as Administrator.

 

Current Boot Mode: Normal

Scan Mode: All users

Output = Standard

File Age = 30 Days

Company Name Whitelist: On

 

========== Processes (SafeList) ==========

 

PRC - [2009/03/25 14:55:24 | 00,951,632 | ---- | M] (Lavasoft) -- C:\Program Files (x86)\Lavasoft\Ad-Aware\AAWService.exe

PRC - [2009/02/06 14:23:36 | 00,727,720 | ---- | M] (ESET) -- C:\Program Files\ESET\ESET NOD32 Antivirus\x86\ekrn.exe

PRC - [2008/01/21 03:47:13 | 00,021,504 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\svchost.exe

PRC - [2006/10/26 13:40:34 | 00,335,872 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe

PRC - [2008/09/30 12:48:28 | 00,935,208 | ---- | M] (Nero AG) -- C:\Program Files (x86)\Common Files\Nero\Nero BackItUp 4\NBService.exe

PRC - [2007/05/28 17:57:54 | 00,275,968 | ---- | M] (Rocket Division Software) -- C:\Program Files (x86)\Add\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe

PRC - [2009/03/24 09:42:31 | 00,086,016 | ---- | M] () -- C:\Windows\rsvp.exe

PRC - [2008/08/04 16:21:08 | 00,721,936 | ---- | M] (Microsoft Corporation) -- C:\Windows\vVX1000.exe

PRC - [2006/10/17 11:47:22 | 00,087,584 | ---- | M] (Acronis) -- C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedhlp.exe

PRC - [2009/02/06 18:51:28 | 03,885,408 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe

PRC - [2009/03/22 18:21:09 | 00,068,856 | ---- | M] (Google Inc.) -- C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

PRC - [2007/10/14 20:38:52 | 00,214,360 | ---- | M] (Hewlett-Packard Co.) -- C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe

PRC - [2008/04/30 18:30:06 | 00,498,176 | ---- | M] () -- C:\Program Files (x86)\MSI\Live Update 3\LMonitor.exe

PRC - [2009/03/23 14:45:28 | 00,515,416 | ---- | M] (Lavasoft) -- C:\Program Files (x86)\Lavasoft\Ad-Aware\AAWTray.exe

PRC - [2008/11/07 04:00:00 | 00,077,824 | ---- | M] () -- C:\Program Files\Logitech\SetPoint\x86\SetPoint32.exe

PRC - [2006/10/18 17:58:48 | 01,185,264 | ---- | M] (Acronis) -- C:\Program Files (x86)\Acronis\TrueImageHome\TrueImageMonitor.exe

PRC - [2006/10/18 18:02:40 | 01,961,576 | ---- | M] (Acronis) -- C:\Program Files (x86)\Acronis\TrueImageHome\TimounterMonitor.exe

PRC - [2009/02/06 17:07:48 | 00,027,512 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Windows Live\Contacts\wlcomm.exe

PRC - [2009/02/24 13:42:08 | 32,010,240 | ---- | M] () -- C:\Program Files (x86)\MSI\DualCoreCenter\DualCoreCenter.exe

PRC - [2009/01/30 22:28:40 | 00,247,808 | ---- | M] (Microsoft Corporation) -- C:\Windows\sysWOW64\wbem\wmiprvse.exe

PRC - [2007/10/19 20:46:08 | 00,184,320 | ---- | M] (Hewlett-Packard Co.) -- C:\Program Files (x86)\HP\Digital Imaging\bin\hpqSTE08.exe

PRC - [2007/11/02 18:44:16 | 00,610,304 | ---- | M] (Hewlett-Packard Co.) -- C:\Program Files (x86)\HP\Digital Imaging\bin\hpqbam08.exe

PRC - [2009/01/30 22:28:40 | 00,247,808 | ---- | M] (Microsoft Corporation) -- C:\Windows\sysWOW64\wbem\wmiprvse.exe

PRC - [2007/11/02 20:12:50 | 00,262,144 | ---- | M] (Hewlett-Packard) -- C:\Program Files (x86)\HP\Digital Imaging\bin\hpqgpc01.exe

PRC - [2009/03/25 18:04:08 | 00,249,344 | ---- | M] (TODO: <Company name>) -- C:\Users\TOTALR~1\AppData\Local\Temp\~temp\hmunmlcn88\svchost.exe

PRC - [2009/01/30 22:29:04 | 00,634,032 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Internet Explorer\iexplore.exe

PRC - [2007/11/06 01:50:44 | 00,116,032 | ---- | M] (Hewlett-Packard Co.) -- C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_clipbook.exe

PRC - [2009/03/27 18:52:47 | 00,498,688 | ---- | M] (OldTimer Tools) -- C:\Infection msn\OTListIt2.exe

 

========== Win32 Services (SafeList) ==========

 

SRV - [2006/10/18 15:26:16 | 00,285,216 | ---- | M] (Acronis) -- C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedul2.exe -- (AcrSch2Svc [Auto | Running])

SRV - File not found -- -- (aspnet_state [On_Demand | Stopped])

SRV - [2008/12/14 17:02:50 | 00,067,400 | ---- | M] (Microsoft Corporation) -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32 [On_Demand | Stopped])

SRV - [2008/12/14 17:17:44 | 00,090,952 | ---- | M] (Microsoft Corporation) -- C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_64 [On_Demand | Stopped])

SRV - [2009/01/30 22:50:30 | 00,604,672 | ---- | M] (Microsoft Corporation) -- C:\Windows\sysnative\cscsvc.dll -- (CscService [Auto | Running])

SRV - [2008/01/21 03:50:39 | 00,344,064 | ---- | M] (Microsoft Corporation) -- C:\Windows\ehome\ehRecvr.exe -- (ehRecvr [On_Demand | Stopped])

SRV - [2008/01/21 03:50:39 | 00,153,600 | ---- | M] (Microsoft Corporation) -- C:\Windows\ehome\ehsched.exe -- (ehSched [On_Demand | Stopped])

SRV - [2006/11/02 16:03:44 | 00,015,360 | ---- | M] (Microsoft Corporation) -- C:\Windows\ehome\ehstart.dll -- (ehstart [Auto | Stopped])

SRV - [2009/02/06 14:27:10 | 00,023,296 | ---- | M] (ESET) -- C:\Program Files\ESET\ESET NOD32 Antivirus\EHttpSrv.exe -- (EhttpSrv [On_Demand | Stopped])

SRV - [2009/02/06 14:23:36 | 00,727,720 | ---- | M] (ESET) -- C:\Program Files\ESET\ESET NOD32 Antivirus\x86\ekrn.exe -- (ekrn [Auto | Running])

SRV - [2008/01/21 03:47:07 | 00,689,152 | ---- | M] (Microsoft Corporation) -- C:\Windows\sysnative\fxssvc.exe -- (Fax [On_Demand | Stopped])

SRV - [2008/12/16 16:47:38 | 00,043,872 | ---- | M] (Microsoft Corporation) -- C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe -- (FontCache3.0.0.0 [On_Demand | Stopped])

SRV - [2009/03/27 09:15:30 | 00,137,200 | ---- | M] (Google) -- C:\Program Files (x86)\Google\Common\Google Updater\GoogleUpdaterService.exe -- (gusvc [On_Demand | Stopped])

SRV - [2007/11/06 21:16:54 | 00,217,088 | ---- | M] (Hewlett-Packard Co.) -- C:\Program Files (x86)\HP\Digital Imaging\bin\hpqcxs08.dll -- (hpqcxs08 [On_Demand | Running])

SRV - [2007/11/06 21:16:54 | 00,139,264 | ---- | M] (Hewlett-Packard Co.) -- C:\Program Files (x86)\HP\Digital Imaging\bin\hpqddsvc.dll -- (hpqddsvc [Auto | Running])

SRV - [2008/12/16 16:47:30 | 00,857,416 | ---- | M] (Microsoft Corporation) -- C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe -- (idsvc [unknown | Running])

SRV - [2009/03/25 14:55:24 | 00,951,632 | ---- | M] (Lavasoft) -- C:\Program Files (x86)\Lavasoft\Ad-Aware\AAWService.exe -- (Lavasoft Ad-Aware Service [Auto | Running])

SRV - [2008/11/07 16:49:10 | 00,160,784 | ---- | M] (Logitech, Inc.) -- C:\Program Files\Common Files\Logishrd\Bluetooth\LBTServ.exe -- (LBTServ [On_Demand | Stopped])

SRV - [2009/03/26 16:49:52 | 00,179,856 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\add-u\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService [Auto | Stopped])

SRV - [2006/10/26 13:40:34 | 00,335,872 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe -- (MDM [Auto | Running])

SRV - [2006/10/27 00:47:54 | 00,065,824 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Microsoft Office\Office12\GrooveAuditService.exe -- (Microsoft Office Groove Audit Service [On_Demand | Stopped])

SRV - [2008/08/04 16:21:08 | 00,261,664 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft LifeCam\MSCamS64.exe -- (MSCamSvc [Auto | Running])

SRV - [2008/09/30 12:48:28 | 00,935,208 | ---- | M] (Nero AG) -- C:\Program Files (x86)\Common Files\Nero\Nero BackItUp 4\NBService.exe -- (Nero BackItUp Scheduler 4.0 [Auto | Running])

SRV - [2008/12/16 16:47:30 | 00,117,576 | ---- | M] (Microsoft Corporation) -- C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\SMSvcHost.exe -- (NetTcpPortSharing [Disabled | Stopped])

SRV - [2006/10/26 19:49:34 | 00,441,136 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE -- (odserv [On_Demand | Stopped])

SRV - [2006/10/26 14:03:08 | 00,145,184 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE -- (ose [On_Demand | Stopped])

SRV - [2008/01/21 03:47:01 | 00,079,360 | ---- | M] (Microsoft Corporation) -- C:\Windows\sysnative\pcasvc.dll -- (PcaSvc [Auto | Running])

SRV - [2008/01/21 03:50:03 | 00,019,968 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\perfhost.exe -- (PerfHost [On_Demand | Stopped])

SRV - [2007/05/28 17:57:54 | 00,275,968 | ---- | M] (Rocket Division Software) -- C:\Program Files (x86)\Add\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe -- (StarWindServiceAE [Auto | Running])

SRV - [2009/03/23 14:55:04 | 00,505,600 | ---- | M] (TuneUp Software) -- C:\Windows\sysnative\TuneUpDefragService.exe -- (TuneUp.Defrag [On_Demand | Running])

SRV - [2009/03/23 14:55:09 | 00,841,472 | ---- | M] (TuneUp Software) -- C:\Windows\sysnative\TUProgSt.exe -- (TuneUp.ProgramStatisticsSvc [Auto | Running])

SRV - [2009/01/30 22:50:46 | 00,252,928 | ---- | M] (Microsoft Corporation) -- C:\Windows\sysnative\umrdp.dll -- (UmRdpService [On_Demand | Stopped])

SRV - [2008/12/11 13:31:36 | 00,027,904 | ---- | M] (TuneUp Software) -- C:\Windows\System32\uxtuneup.dll -- (UxTuneUp [Auto | Running])

SRV - [2009/01/30 22:50:18 | 01,149,440 | ---- | M] (Microsoft Corporation) -- C:\Windows\sysnative\wbengine.exe -- (wbengine [On_Demand | Stopped])

SRV - [2008/01/21 03:51:24 | 01,216,000 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Media Player\wmpnetwk.exe -- (WMPNetworkSvc [On_Demand | Stopped])

 

========== Driver Services (SafeList) ==========

 

DRV - [2009/01/30 20:22:44 | 00,461,312 | ---- | M] (Microsoft Corporation) -- C:\Windows\sysnative\drivers\csc.sys -- (CSC [system | Running])

DRV - [2008/12/08 11:32:44 | 00,044,344 | ---- | M] (MICRO-STAR INT'L CO., LTD.) -- C:\Program Files (x86)\MSI\DualCoreCenter\NTGLM7X64.sys -- (DualCoreCenter [On_Demand | Running])

DRV - [2009/02/06 14:19:56 | 00,141,728 | ---- | M] (ESET) -- C:\Windows\sysnative\DRIVERS\eamon.sys -- (eamon [Auto | Running])

DRV - [2009/02/06 14:23:20 | 00,132,464 | ---- | M] (ESET) -- C:\Windows\sysnative\DRIVERS\ehdrv.sys -- (ehdrv [system | Running])

DRV - [2009/02/06 14:24:50 | 00,120,128 | ---- | M] (ESET) -- C:\Windows\sysnative\DRIVERS\epfwwfpr.sys -- (epfwwfpr [Auto | Running])

DRV - [2008/01/21 03:51:10 | 00,161,848 | ---- | M] (Microsoft Corporation) -- C:\Windows\sysnative\DRIVERS\fvevol.sys -- (fvevol [boot | Running])

DRV - [2006/11/02 06:28:10 | 00,273,920 | ---- | M] (Microsoft Corporation) -- C:\Windows\sysnative\drivers\HdAudio.sys -- (HdAudAddService [On_Demand | Stopped])

DRV - [2007/11/26 04:16:32 | 00,086,016 | ---- | M] (JMicron Technology Corp.) -- C:\Windows\sysnative\DRIVERS\jraid.sys -- (JRAID [boot | Running])

DRV - [2008/09/26 09:55:00 | 00,035,344 | ---- | M] (Logitech, Inc.) -- C:\Windows\sysnative\DRIVERS\L8042Kbd.sys -- (L8042Kbd [On_Demand | Running])

DRV - [2008/09/26 09:56:00 | 00,113,680 | ---- | M] (Logitech, Inc.) -- C:\Windows\sysnative\DRIVERS\L8042mou.Sys -- (L8042mou [On_Demand | Running])

DRV - [2009/03/25 14:55:27 | 00,069,664 | ---- | M] (Lavasoft AB) -- C:\Windows\sysnative\DRIVERS\Lbd.sys -- (Lbd [boot | Running])

DRV - [2008/09/26 09:56:00 | 00,112,144 | ---- | M] (Logitech, Inc.) -- C:\Windows\sysnative\DRIVERS\LMouKE.Sys -- (LMouKE [On_Demand | Running])

DRV - [2009/03/26 16:49:50 | 00,015,504 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\system32\drivers\mbam.sys -- (MBAMProtector [On_Demand | Stopped])

DRV - [2008/02/14 07:56:14 | 00,160,768 | ---- | M] (Realtek Corporation ) -- C:\Windows\sysnative\DRIVERS\Rtlh64.sys -- (RTL8169 [On_Demand | Running])

DRV - [2008/12/16 11:27:32 | 00,076,088 | ---- | M] (Your Corporation) -- C:\Program Files (x86)\MSI\DualCoreCenter\RushTop64.sys -- (RushTopDevice2 [On_Demand | Running])

DRV - [2009/03/25 18:08:05 | 00,198,944 | ---- | M] (Acronis) -- C:\Windows\sysnative\DRIVERS\snapman.sys -- (snapman [boot | Running])

DRV - [2009/03/22 18:41:13 | 00,860,656 | ---- | M] () -- C:\Windows\sysnative\Drivers\sptd.sys -- (sptd [boot | Running])

DRV - [2009/03/25 18:08:12 | 00,065,312 | ---- | M] (Acronis) -- C:\Windows\sysnative\DRIVERS\tifsfilt.sys -- (tifsfilter [Auto | Running])

DRV - [2009/03/25 18:08:12 | 00,629,536 | ---- | M] (Acronis) -- C:\Windows\sysnative\DRIVERS\timntr.sys -- (timounter [boot | Running])

DRV - [2009/01/30 21:07:08 | 00,098,944 | ---- | M] (Microsoft Corporation) -- C:\Windows\sysnative\drivers\usbaudio.sys -- (usbaudio [On_Demand | Running])

DRV - [2008/08/04 16:21:10 | 02,064,912 | ---- | M] (Microsoft Corporation) -- C:\Windows\sysnative\DRIVERS\VX1000.sys -- (VX1000 [On_Demand | Running])

 

========== Standard Registry (SafeList) ==========

 

 

========== Internet Explorer ==========

 

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL =

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Extensions Off Page = about:NoAdd-ons

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Security Risk Page = about:SecurityRisk

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com

 

 

IE - HKU\.DEFAULT\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

 

IE - HKU\S-1-5-18\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

 

 

 

IE - HKU\S-1-5-21-1211498328-2187118138-2454678604-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\system32\blank.htm

IE - HKU\S-1-5-21-1211498328-2187118138-2454678604-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?p...amp;ar=iesearch

IE - HKU\S-1-5-21-1211498328-2187118138-2454678604-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com

IE - URLSearchHook: {fed66dc5-1b74-4a04-8f5c-15c5ace2b9a5} - Reg Error: Key error. File not found

IE - HKU\S-1-5-21-1211498328-2187118138-2454678604-1000\S-1-5-21-1211498328-2187118138-2454678604-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

 

FF - HKLM\software\mozilla\Thunderbird\Extensions\\eplgTb@eset.com: C:\PROGRAM FILES\ESET\ESET NOD32 ANTIVIRUS\MOZILLA THUNDERBIRD

 

 

O1 HOSTS File: (761 bytes) - C:\Windows\System32\drivers\etc\Hosts

O1 - Hosts: 127.0.0.1 localhost

O1 - Hosts: ::1 localhost

O2 - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)

O2 - BHO: (Programme d'aide de l'Assistant de connexion Windows Live) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)

O2 - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar.dll ()

O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files (x86)\Google\GoogleToolbarNotifier\5.0.926.3450\swg.dll (Google Inc.)

O2 - BHO: (Google Dictionary Compression sdch) - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Program Files (x86)\Google\Google Toolbar\Component\fastsearch_219B3E1547538286.dll (Google Inc.)

O2 - BHO: (HP Smart BHO Class) - {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll (Hewlett-Packard Co.)

O3 - HKLM\..\Toolbar: (&Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar.dll ()

O3 - HKU\S-1-5-21-1211498328-2187118138-2454678604-1000\..\Toolbar\WebBrowser: (no name) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar.dll ()

O4 - HKLM..\Run: [AcronisTimounterMonitor] C:\Program Files (x86)\Acronis\TrueImageHome\TimounterMonitor.exe (Acronis)

O4 - HKLM..\Run: [Ad-Watch] "C:\Program Files (x86)\Lavasoft\Ad-Aware\AAWTray.exe" (Lavasoft)

O4 - HKLM..\Run: [DelReg] "C:\Program Files (x86)\MSI\DualCoreCenter\DelReg.exe" ()

O4 - HKLM..\Run: [GrooveMonitor] "C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe" (Microsoft Corporation)

O4 - HKLM..\Run: [hpqSRMon] C:\Program Files (x86)\HP\Digital Imaging\bin\hpqSRMon.exe (Hewlett-Packard)

O4 - HKLM..\Run: [JMB36X IDE Setup] C:\Windows\RaidTool\xInsIDE.exe ()

O4 - HKLM..\Run: [LifeCam] "C:\Program Files (x86)\Microsoft LifeCam\LifeExp.exe" (Microsoft Corporation)

O4 - HKLM..\Run: [LiveMonitor] "C:\Program Files (x86)\MSI\Live Update 3\LMonitor.exe" ()

O4 - HKLM..\Run: [Malwarebytes' Anti-Malware] "C:\Program Files (x86)\add-u\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray (Malwarebytes Corporation)

O4 - HKLM..\Run: [TrueImageMonitor.exe] C:\Program Files (x86)\Acronis\TrueImageHome\TrueImageMonitor.exe (Acronis)

O4 - HKU\S-1-5-19..\Run: [sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (Microsoft Corporation)

O4 - HKU\S-1-5-19..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (Microsoft Corporation)

O4 - HKU\S-1-5-20..\Run: [sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (Microsoft Corporation)

O4 - HKU\S-1-5-20..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (Microsoft Corporation)

O4 - HKU\S-1-5-21-1211498328-2187118138-2454678604-1000..\Run: [AlcoholAutomount] "C:\Program Files (x86)\Add\Alcohol Soft\Alcohol 120\axcmd.exe" /automount ()

O4 - HKU\S-1-5-21-1211498328-2187118138-2454678604-1000..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe (Microsoft Corporation)

O4 - HKU\S-1-5-21-1211498328-2187118138-2454678604-1000..\Run: [msnmsgr] "C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe" /background (Microsoft Corporation)

O4 - HKU\S-1-5-21-1211498328-2187118138-2454678604-1000..\Run: [nodenable] C:\Program Files\eset\nodenable.exe ()

O4 - HKU\S-1-5-21-1211498328-2187118138-2454678604-1000..\Run: [sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun (Microsoft Corporation)

O4 - HKU\S-1-5-21-1211498328-2187118138-2454678604-1000..\Run: [swg] C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (Google Inc.)

F3 - HKU\S-1-5-21-1211498328-2187118138-2454678604-1000 WinNT: Load - (C:\Users\TOTALR~1\LOCALS~1\APPLIC~1\dllhst3g.exe) - C:\Users\TOTALR~1\LOCALS~1\APPLIC~1\dllhst3g.exe File not found

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: BindDirectlyToPropertySetStorage = 0

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 0

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableInstallerDetection = 1

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableSecureUIAPaths = 1

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableVirtualization = 1

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 1

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ValidateAdminCodeSignatures = 0

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: dontdisplaylastusername = 0

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticecaption =

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticetext =

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: scforceoption = 0

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: shutdownwithoutlogon = 1

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: undockwithoutlogon = 1

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: FilterAdministratorToken = 0

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableUIADesktopToggle = 0

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_TEXT = 1

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_BITMAP = 2

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_OEMTEXT = 7

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_DIB = 8

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_PALETTE = 9

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_UNICODETEXT = 13

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_DIBV5 = 17

O7 - HKU\S-1-5-21-1211498328-2187118138-2454678604-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSaveSettings = 0

O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~2\MICROS~1\Office12\EXCEL.EXE/3000

O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Program Files (x86)\Microsoft Office\Office12\REFIEBAR.DLL (Microsoft Corporation)

O9 - Extra Button: Sélection intelligente HP - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll (Hewlett-Packard Co.)

O10 - NameSpace_Catalog5\Catalog_Entries\000000000001 [@%SystemRoot%\system32\nlasvc.dll,-1000] - C:\Windows\system32\NLAapi.dll (Microsoft Corporation)

O10 - NameSpace_Catalog5\Catalog_Entries\000000000002 [@%SystemRoot%\system32\napinsp.dll,-1000] - C:\Windows\system32\napinsp.dll (Microsoft Corporation)

O10 - NameSpace_Catalog5\Catalog_Entries\000000000003 [@%SystemRoot%\system32\pnrpnsp.dll,-1000] - C:\Windows\system32\pnrpnsp.dll (Microsoft Corporation)

O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [@%SystemRoot%\system32\pnrpnsp.dll,-1001] - C:\Windows\system32\pnrpnsp.dll (Microsoft Corporation)

O13 - gopher Prefix: missing

O16 - DPF: {56762DEC-6B0D-4AB4-A8AD-989993B5D08B} http://www.eset.eu/buxus/docs/OnlineScanner.cab (OnlineScanner Control)

O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/get/shoc...ash/swflash.cab (Shockwave Flash Object)

O18 - Protocol\Handler\about {3050F406-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\SysWOW64\mshtml.dll (Microsoft Corporation)

O18 - Protocol\Handler\cdl {3dd53d40-7b8b-11D0-b013-00aa0059ce02} - C:\Windows\SysWOW64\urlmon.dll (Microsoft Corporation)

O18 - Protocol\Handler\dvd {12D51199-0DB5-46FE-A120-47A3D7D937CC} - C:\Windows\SysWOW64\msvidctl.dll (Microsoft Corporation)

O18 - Protocol\Handler\file {79eac9e7-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\SysWOW64\urlmon.dll (Microsoft Corporation)

O18 - Protocol\Handler\ftp {79eac9e3-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\SysWOW64\urlmon.dll (Microsoft Corporation)

O18 - Protocol\Handler\grooveLocalGWS {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveSystemServices.dll (Microsoft Corporation)

O18 - Protocol\Handler\http {79eac9e2-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\SysWOW64\urlmon.dll (Microsoft Corporation)

O18 - Protocol\Handler\https {79eac9e5-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\SysWOW64\urlmon.dll (Microsoft Corporation)

O18 - Protocol\Handler\javascript {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\SysWOW64\mshtml.dll (Microsoft Corporation)

O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files (x86)\Windows Live\Messenger\msgrapp.14.0.8064.0206.dll (Microsoft Corporation)

O18 - Protocol\Handler\local {79eac9e7-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\SysWOW64\urlmon.dll (Microsoft Corporation)

O18 - Protocol\Handler\mailto {3050f3DA-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\SysWOW64\mshtml.dll (Microsoft Corporation)

O18 - Protocol\Handler\mk {79eac9e6-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\SysWOW64\urlmon.dll (Microsoft Corporation)

O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Program Files (x86)\Common Files\Microsoft Shared\Help\hxds.dll (Microsoft Corporation)

O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files (x86)\Windows Live\Messenger\msgrapp.14.0.8064.0206.dll (Microsoft Corporation)

O18 - Protocol\Handler\res {3050F3BC-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\SysWOW64\mshtml.dll (Microsoft Corporation)

O18 - Protocol\Handler\tv {CBD30858-AF45-11D2-B6D6-00C04FBBDE6E} - C:\Windows\SysWOW64\msvidctl.dll (Microsoft Corporation)

O18 - Protocol\Handler\vbscript {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\SysWOW64\mshtml.dll (Microsoft Corporation)

O18 - Protocol\Handler\wlmailhtml {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - C:\Program Files (x86)\Windows Live\Mail\mailcomm.dll (Microsoft Corporation)

O18 - Protocol\Filter: - deflate - C:\Windows\SysWOW64\urlmon.dll (Microsoft Corporation)

O18 - Protocol\Filter: - gzip - C:\Windows\SysWOW64\urlmon.dll (Microsoft Corporation)

O18 - Protocol\Filter: - text/xml - C:\Program Files (x86)\Common Files\microsoft shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)

O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\system32\Explorer.exe (Microsoft Corporation)

O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - C:\Windows\SysWOW64\webcheck.dll (Microsoft Corporation)

O28 - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)

O31 - SafeBoot: AlternateShell - cmd.exe

O32 - HKLM CDRom: AutoRun - 1

O34 - HKLM BootExecute: (autocheck autochk *) - File not found

 

========== Files/Folders - Created Within 30 Days ==========

 

[1 C:\Windows\System32\*.tmp files]

[2009/03/27 17:08:05 | 00,086,016 | ---- | C] () -- C:\Windows\rsvp.exe

[2009/03/27 17:08:05 | 00,086,016 | ---- | C] () -- C:\Users\Total Rigole\AppData\Local\dllhst3g.exe

[2009/03/27 10:10:27 | 00,000,000 | ---D | C] -- C:\Program Files (x86)\EsetOnlineScanner

[2009/03/27 10:00:54 | 00,000,000 | ---D | C] -- C:\Users\Total Rigole\AppData\Roaming\Malwarebytes

[2009/03/27 10:00:52 | 00,015,504 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys

[2009/03/27 10:00:52 | 00,000,947 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk

[2009/03/27 10:00:50 | 00,038,496 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys

[2009/03/27 10:00:49 | 00,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes

[2009/03/27 09:59:35 | 00,001,847 | ---- | C] () -- C:\Users\Total Rigole\Desktop\CCleaner.lnk

[2009/03/27 09:48:56 | 00,000,000 | ---D | C] -- C:\Infection msn

[2009/03/25 18:07:49 | 00,000,000 | ---D | C] -- C:\Program Files (x86)\Acronis

[2009/03/25 17:42:26 | 00,000,000 | ---D | C] -- C:\Users\Total Rigole\Documents\Mes Sauvegardes

[2009/03/25 17:40:58 | 00,000,000 | ---D | C] -- C:\Users\Total Rigole\AppData\Roaming\Acronis

[2009/03/25 17:31:44 | 00,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Acronis

[2009/03/25 16:56:42 | 03,034,953 | -H-- | C] () -- C:\Users\Total Rigole\AppData\Local\IconCache.db

[2009/03/25 16:20:40 | 42,940,86656 | -HS- | C] () -- C:\hiberfil.sys

[2009/03/25 15:02:44 | 00,000,000 | ---D | C] -- C:\Users\Total Rigole\AppData\Roaming\Nero

[2009/03/25 14:56:09 | 00,000,536 | ---- | C] () -- C:\Windows\tasks\Ad-Aware Update (Weekly).job

[2009/03/25 14:44:30 | 00,002,630 | ---- | C] () -- C:\Users\Public\Desktop\Nero StartSmart.lnk

[2009/03/25 14:38:24 | 00,000,000 | ---D | C] -- C:\Program Files (x86)\Nero

[2009/03/25 14:38:01 | 00,000,000 | ---D | C] -- C:\ProgramData\Nero

[2009/03/25 14:38:00 | 00,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Nero

[2009/03/25 14:37:43 | 02,388,176 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3dx9_30.dll

[2009/03/25 13:47:48 | 00,000,000 | ---D | C] -- C:\Users\Total Rigole\AppData\Local\QuickPar

[2009/03/25 13:16:14 | 00,000,000 | ---D | C] -- C:\Users\Total Rigole\AppData\Roaming\Adobe

[2009/03/25 11:09:44 | 00,000,000 | ---D | C] -- C:\Users\Total Rigole\AppData\Roaming\InfraRecorder

[2009/03/24 18:04:08 | 00,086,016 | ---- | C] () -- C:\Windows\System\sessmgr.exe

[2009/03/24 18:04:08 | 00,086,016 | ---- | C] () -- C:\Windows\ieudinit.exe

[2009/03/24 16:39:22 | 00,000,000 | ---D | C] -- C:\Users\Total Rigole\AppData\Roaming\vlc

[2009/03/24 09:57:48 | 00,000,000 | ---D | C] -- C:\Windows\Downloaded Installations

[2009/03/24 09:52:06 | 00,086,016 | ---- | C] () -- C:\Windows\sessmgr.exe

[2009/03/24 09:51:06 | 00,086,016 | ---- | C] () -- C:\Windows\System32\drivers\clipsrv.exe

[2009/03/24 09:43:51 | 00,000,000 | ---D | C] -- C:\Users\Total Rigole\AppData\Local\ESET

[2009/03/24 09:43:31 | 00,086,016 | ---- | C] () -- C:\Windows\System\mqtgsvc.exe

[2009/03/24 09:08:59 | 00,000,010 | -H-- | C] () -- C:\xrjmns.tce

[2009/03/23 19:49:16 | 00,765,952 | ---- | C] () -- C:\Windows\System32\xvidcore.dll

[2009/03/23 19:49:16 | 00,180,224 | ---- | C] () -- C:\Windows\System32\xvidvfw.dll

[2009/03/23 19:49:16 | 00,077,824 | ---- | C] () -- C:\Windows\System32\xvid.ax

[2009/03/23 19:49:16 | 00,000,000 | ---D | C] -- C:\Program Files (x86)\Xvid

[2009/03/23 18:43:00 | 00,000,000 | ---D | C] -- C:\Windows\Minidump

[2009/03/23 18:33:30 | 00,000,000 | ---D | C] -- C:\Users\Total Rigole\AppData\Roaming\AVS4YOU

[2009/03/23 18:33:29 | 00,000,000 | ---D | C] -- C:\ProgramData\AVS4YOU

[2009/03/23 18:32:40 | 00,000,000 | ---D | C] -- C:\Program Files (x86)\AVS4YOU

[2009/03/23 18:30:42 | 00,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\AVSMedia

[2009/03/23 18:30:40 | 00,974,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mfc70.dll

[2009/03/23 18:30:40 | 00,487,424 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msvcp70.dll

[2009/03/23 18:30:40 | 00,344,064 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msvcr70.dll

[2009/03/23 18:30:40 | 00,024,576 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msxml3a.dll

[2009/03/23 18:23:06 | 00,000,000 | -HSD | C] -- C:\Users\Public\Documents\Journaux MCE

[2009/03/23 18:21:09 | 00,000,038 | ---- | C] () -- C:\Windows\AviSplitter.INI

[2009/03/23 18:21:09 | 00,000,000 | ---D | C] -- C:\Program Files (x86)\VistaCodecPack

[2009/03/23 17:51:23 | 00,000,000 | ---D | C] -- C:\Users\Total Rigole\AppData\Roaming\aignes

[2009/03/23 17:43:47 | 00,012,499 | ---- | C] () -- C:\Windows\System32\Seagate.bin

[2009/03/23 17:38:54 | 00,015,840 | ---- | C] () -- C:\Windows\System32\Machnm1.exe

[2009/03/23 15:22:56 | 00,296,960 | ---- | C] (Microsoft Corporation) -- C:\Windows\winhlp32.exe

[2009/03/23 15:22:56 | 00,194,560 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ftsrch.dll

[2009/03/23 15:22:56 | 00,009,728 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ftlx041e.dll

[2009/03/23 15:22:56 | 00,009,216 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ftlx0411.dll

[2009/03/23 15:20:55 | 00,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\EZB Systems

[2009/03/23 15:10:56 | 00,003,120 | ---- | C] () -- C:\Windows\System32\ALLFSAF6a.ocx

[2009/03/23 15:09:09 | 00,644,400 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\MSCOMCT2.OCX

[2009/03/23 15:06:30 | 01,526,844 | ---- | C] () -- C:\Windows\System32\PerfStringBackup.INI

[2009/03/23 15:05:24 | 00,000,000 | ---D | C] -- C:\Windows\System32\URTTEMP

[2009/03/23 14:55:06 | 00,027,904 | ---- | C] (TuneUp Software) -- C:\Windows\System32\uxtuneup.dll

[2009/03/23 14:55:06 | 00,017,152 | ---- | C] (TuneUp Software) -- C:\Windows\System32\authuitu.dll

[2009/03/23 14:54:54 | 00,000,546 | ---- | C] () -- C:\Windows\tasks\Maintenance en 1 clic.job

[2009/03/23 14:54:54 | 00,000,000 | ---D | C] -- C:\Users\Total Rigole\AppData\Roaming\TuneUp Software

[2009/03/23 14:54:43 | 00,000,000 | ---D | C] -- C:\ProgramData\TuneUp Software

[2009/03/23 14:53:49 | 00,000,000 | -HSD | C] -- C:\ProgramData\{55A29068-F2CE-456C-9148-C869879E2357}

[2009/03/23 14:51:45 | 00,000,000 | ---D | C] -- C:\Users\Total Rigole\AppData\Local\Frameworkx.com

[2009/03/23 14:43:40 | 00,000,000 | -H-D | C] -- C:\ProgramData\{83C91755-2546-441D-AC40-9A6B4B860800}

[2009/03/23 14:43:36 | 00,000,000 | ---D | C] -- C:\Program Files (x86)\Lavasoft

[2009/03/23 14:43:35 | 00,000,000 | ---D | C] -- C:\ProgramData\Lavasoft

[2009/03/23 13:28:53 | 00,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft Games

[2009/03/23 13:23:59 | 00,000,000 | ---D | C] -- C:\Program Files (x86)\MSXML 4.0

[2009/03/23 11:48:57 | 00,000,000 | ---D | C] -- C:\Windows\System32\vi-VN

[2009/03/23 11:48:57 | 00,000,000 | ---D | C] -- C:\Windows\System32\eu-ES

[2009/03/23 11:48:57 | 00,000,000 | ---D | C] -- C:\Windows\System32\ca-ES

[2009/03/23 11:33:37 | 01,544,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\MSVidCtl.dll

[2009/03/23 11:33:37 | 01,335,808 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msxml6.dll

[2009/03/23 11:33:37 | 01,183,744 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msxml3.dll

[2009/03/23 11:33:37 | 00,856,064 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mswdat10.dll

[2009/03/23 11:33:37 | 00,805,376 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\NaturalLanguage6.dll

[2009/03/23 11:33:37 | 00,680,448 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msvcrt.dll

[2009/03/23 11:33:37 | 00,618,496 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mswstr10.dll

[2009/03/23 11:33:37 | 00,454,656 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msxbde40.dll

[2009/03/23 11:33:37 | 00,310,272 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mtxclu.dll

[2009/03/23 11:33:37 | 00,223,232 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mswsock.dll

[2009/03/23 11:33:37 | 00,203,776 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ncrypt.dll

[2009/03/23 11:33:37 | 00,019,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\NcdProp.dll

[2009/03/23 11:33:36 | 03,173,376 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\netshell.dll

[2009/03/23 11:33:36 | 02,226,688 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\networkexplorer.dll

[2009/03/23 11:33:36 | 02,225,664 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\netcenter.dll

[2009/03/23 11:33:36 | 00,592,384 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\netlogon.dll

[2009/03/23 11:33:36 | 00,467,456 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\netapi32.dll

[2009/03/23 11:33:36 | 00,445,952 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ncryptui.dll

[2009/03/23 11:33:36 | 00,414,208 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msscp.dll

[2009/03/23 11:33:36 | 00,351,744 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mssph.dll

[2009/03/23 11:33:36 | 00,230,912 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msshsq.dll

[2009/03/23 11:33:36 | 00,203,264 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mssphtb.dll

[2009/03/23 11:33:36 | 00,180,736 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\netplwiz.dll

[2009/03/23 11:33:36 | 00,104,448 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\netiohlp.dll

[2009/03/23 11:33:36 | 00,060,416 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msscntrs.dll

[2009/03/23 11:33:36 | 00,035,328 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msscb.dll

[2009/03/23 11:33:36 | 00,011,776 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msshooks.dll

[2009/03/23 11:33:35 | 02,066,432 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mstscax.dll

[2009/03/23 11:33:35 | 00,643,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msrepl40.dll

[2009/03/23 11:33:35 | 00,609,792 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\MSMPEG2VDEC.DLL

[2009/03/23 11:33:35 | 00,368,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mspbde40.dll

[2009/03/23 11:33:35 | 00,344,064 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msrd3x40.dll

[2009/03/23 11:33:35 | 00,319,488 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msrd2x40.dll

[2009/03/23 11:33:35 | 00,193,024 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msrating.dll

[2009/03/23 11:33:35 | 00,179,712 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msnetobj.dll

[2009/03/23 11:33:35 | 00,087,040 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mssitlb.dll

[2009/03/23 11:33:35 | 00,080,896 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\MSNP.ax

[2009/03/23 11:33:34 | 02,153,472 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\oobefldr.dll

[2009/03/23 11:33:34 | 01,541,120 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\onex.dll

[2009/03/23 11:33:34 | 01,480,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mssrch.dll

[2009/03/23 11:33:34 | 01,316,352 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ole32.dll

[2009/03/23 11:33:34 | 00,678,400 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mstsc.exe

[2009/03/23 11:33:34 | 00,671,232 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mstime.dll

[2009/03/23 11:33:34 | 00,670,720 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mssvp.dll

[2009/03/23 11:33:34 | 00,406,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msvcp60.dll

[2009/03/23 11:33:34 | 00,282,624 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mstext40.dll

[2009/03/23 11:33:34 | 00,215,040 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msv1_0.dll

[2009/03/23 11:33:34 | 00,194,560 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\offfilt.dll

[2009/03/23 11:33:34 | 00,163,328 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msutb.dll

[2009/03/23 11:33:34 | 00,114,688 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\odbccp32.dll

[2009/03/23 11:33:34 | 00,097,792 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\oleprn.dll

[2009/03/23 11:33:34 | 00,088,576 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\olepro32.dll

[2009/03/23 11:33:34 | 00,084,992 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mstlsapi.dll

[2009/03/23 11:33:34 | 00,043,008 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msstrc.dll

[2009/03/23 11:33:34 | 00,033,280 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mssprxy.dll

[2009/03/23 11:33:33 | 00,644,608 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\p2psvc.dll

[2009/03/23 11:33:33 | 00,464,384 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\pcaui.dll

[2009/03/23 11:33:33 | 00,409,600 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\odbc32.dll

[2009/03/23 11:33:33 | 00,327,168 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\P2PGraph.dll

[2009/03/23 11:33:33 | 00,182,272 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\osk.exe

[2009/03/23 11:33:33 | 00,102,912 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\occache.dll

[2009/03/23 11:33:33 | 00,040,960 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\odbcconf.dll

[2009/03/23 11:33:33 | 00,035,840 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ocsetup.exe

[2009/03/23 11:33:32 | 12,240,896 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\NlsLexicons0007.dll

[2009/03/23 11:33:32 | 02,644,480 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\NlsLexicons0009.dll

[2009/03/23 11:33:32 | 00,136,192 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\nlhtml.dll

[2009/03/23 11:33:31 | 03,072,000 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\networkmap.dll

[2009/03/23 11:33:31 | 01,165,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ntdll.dll

[2009/03/23 11:33:31 | 00,469,504 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\newdev.dll

[2009/03/23 11:33:31 | 00,218,624 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mscandui.dll

[2009/03/23 11:33:31 | 00,216,064 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ntprint.dll

[2009/03/23 11:33:31 | 00,160,256 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\MSAC3ENC.DLL

[2009/03/23 11:33:31 | 00,121,344 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ntmarta.dll

[2009/03/23 11:33:31 | 00,082,944 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\nslookup.exe

[2009/03/23 11:33:31 | 00,074,752 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\newdev.exe

[2009/03/23 11:33:31 | 00,039,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\networkitemfactory.dll

[2009/03/23 11:33:30 | 00,391,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mscms.dll

[2009/03/23 11:33:30 | 00,279,880 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mscoree.dll

[2009/03/23 11:33:30 | 00,156,488 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mscorier.dll

[2009/03/23 11:33:30 | 00,081,736 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mscories.dll

[2009/03/23 11:33:30 | 00,041,472 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mimefilt.dll

[2009/03/23 11:33:29 | 02,167,808 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mmcndmgr.dll

[2009/03/23 11:33:29 | 01,792,512 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mmc.exe

[2009/03/23 11:33:29 | 01,102,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mmsys.cpl

[2009/03/23 11:33:29 | 00,288,256 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\modemui.dll

[2009/03/23 11:33:29 | 00,150,016 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\MMDevAPI.dll

[2009/03/23 11:33:28 | 01,589,248 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msjet40.dll

[2009/03/23 11:33:28 | 00,506,880 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\MSMPEG2ENC.DLL

[2009/03/23 11:33:28 | 00,408,064 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msinfo32.exe

[2009/03/23 11:33:28 | 00,368,640 | ---- | C] () -- C:\Windows\System32\msjetoledb40.dll

[2009/03/23 11:33:28 | 00,290,816 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msjtes40.dll

[2009/03/23 11:33:28 | 00,241,664 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msltus40.dll

[2009/03/23 11:33:28 | 00,177,664 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mpg2splt.ax

[2009/03/23 11:33:28 | 00,097,792 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mprapi.dll

[2009/03/23 11:33:28 | 00,068,608 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mpr.dll

[2009/03/23 11:33:28 | 00,061,440 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msjter40.dll

[2009/03/23 11:33:28 | 00,052,224 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeedsbs.dll

[2009/03/23 11:33:28 | 00,031,232 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msimtf.dll

[2009/03/23 11:33:28 | 00,024,576 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msjint40.dll

[2009/03/23 11:33:28 | 00,016,384 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msisip.dll

[2009/03/23 11:33:27 | 03,595,776 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mshtml.dll

[2009/03/23 11:33:27 | 02,243,584 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msi.dll

[2009/03/23 11:33:27 | 01,383,424 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mshtml.tlb

[2009/03/23 11:33:27 | 00,807,424 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msctf.dll

[2009/03/23 11:33:27 | 00,564,224 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msftedit.dll

[2009/03/23 11:33:27 | 00,560,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msdtcprx.dll

[2009/03/23 11:33:27 | 00,477,184 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mshtmled.dll

[2009/03/23 11:33:27 | 00,461,824 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeeds.dll

[2009/03/23 11:33:27 | 00,409,600 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msexch40.dll

[2009/03/23 11:33:27 | 00,339,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msexcl40.dll

[2009/03/23 11:33:27 | 00,332,800 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msihnd.dll

[2009/03/23 11:33:27 | 00,332,288 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msdrm.dll

[2009/03/23 11:33:27 | 00,085,504 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msctfui.dll

[2009/03/23 11:33:27 | 00,084,992 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msctfp.dll

[2009/03/23 11:33:27 | 00,073,216 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msiexec.exe

[2009/03/23 11:33:27 | 00,019,456 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\MsCtfMonitor.dll

[2009/03/23 11:33:27 | 00,004,096 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msdxm.ocx

[2009/03/23 11:33:27 | 00,002,560 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msimsg.dll

[2009/03/23 11:33:26 | 00,476,672 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\secproc_isv.dll

[2009/03/23 11:33:26 | 00,472,064 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\secproc.dll

[2009/03/23 11:33:26 | 00,440,832 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\SearchIndexer.exe

[2009/03/23 11:33:26 | 00,324,608 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\sdohlp.dll

[2009/03/23 11:33:26 | 00,184,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\SearchProtocolHost.exe

[2009/03/23 11:33:26 | 00,152,576 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\secproc_ssp_isv.dll

[2009/03/23 11:33:26 | 00,152,064 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\secproc_ssp.dll

[2009/03/23 11:33:26 | 00,087,552 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\SearchFilterHost.exe

[2009/03/23 11:33:26 | 00,077,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\secur32.dll

[2009/03/23 11:33:26 | 00,057,344 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\samlib.dll

[2009/03/23 11:33:26 | 00,038,400 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\rtffilt.dll

[2009/03/23 11:33:26 | 00,036,352 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\rtutils.dll

[2009/03/23 11:33:25 | 00,677,376 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\rpcrt4.dll

[2009/03/23 11:33:25 | 00,413,184 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\scrptadm.dll

[2009/03/23 11:33:25 | 00,306,176 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\scesrv.dll

[2009/03/23 11:33:25 | 00,268,288 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\schannel.dll

[2009/03/23 11:33:25 | 00,245,760 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\scansetting.dll

[2009/03/23 11:33:25 | 00,242,152 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\rsaenh.dll

[2009/03/23 11:33:25 | 00,180,224 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\scrobj.dll

[2009/03/23 11:33:25 | 00,177,152 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\scecli.dll

[2009/03/23 11:33:25 | 00,172,032 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\scrrun.dll

[2009/03/23 11:33:25 | 00,140,800 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\scksp.dll

[2009/03/23 11:33:25 | 00,127,488 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\rpchttp.dll

[2009/03/23 11:33:25 | 00,095,232 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\SCardSvr.dll

[2009/03/23 11:33:25 | 00,053,248 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\rrinstaller.exe

[2009/03/23 11:33:23 | 00,779,112 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\PresentationNative_v0300.dll

[2009/03/23 11:33:23 | 00,323,928 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\PresentationHost.exe

[2009/03/23 11:33:23 | 00,041,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\PresentationHostProxy.dll

[2009/03/23 11:33:22 | 01,107,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\pidgenx.dll

[2009/03/23 11:33:22 | 00,869,888 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\printui.dll

[2009/03/23 11:33:22 | 00,754,688 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\propsys.dll

[2009/03/23 11:33:22 | 00,704,512 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\PhotoScreensaver.scr

[2009/03/23 11:33:22 | 00,551,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\prnntfy.dll

[2009/03/23 11:33:22 | 00,425,472 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\PhotoMetadataHandler.dll

[2009/03/23 11:33:22 | 00,293,376 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\psisdecd.dll

[2009/03/23 11:33:22 | 00,293,376 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\photowiz.dll

[2009/03/23 11:33:22 | 00,217,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\psisrndr.ax

[2009/03/23 11:33:22 | 00,102,784 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\PresentationCFFRasterizerNative_v0300.dll

[2009/03/23 11:33:22 | 00,098,816 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\powrprof.dll

[2009/03/23 11:33:22 | 00,089,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\pintlgnt.ime

[2009/03/23 11:33:22 | 00,071,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\propdefs.dll

[2009/03/23 11:33:21 | 01,823,232 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\pnidui.dll

[2009/03/23 11:33:21 | 01,248,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\PerfCenterCPL.dll

[2009/03/23 11:33:21 | 00,723,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\powercpl.dll

[2009/03/23 11:33:21 | 00,612,864 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\rdpencom.dll

[2009/03/23 11:33:21 | 00,466,944 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\riched20.dll

[2009/03/23 11:33:21 | 00,244,224 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\rastls.dll

[2009/03/23 11:33:21 | 00,242,176 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\pdh.dll

[2009/03/23 11:33:21 | 00,241,152 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\PortableDeviceApi.dll

[2009/03/23 11:33:21 | 00,181,760 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\pnpsetup.dll

[2009/03/23 11:33:21 | 00,160,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\PortableDeviceTypes.dll

[2009/03/23 11:33:21 | 00,124,928 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\phon.ime

[2009/03/23 11:33:21 | 00,094,720 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\PortableDeviceClassExtension.dll

[2009/03/23 11:33:21 | 00,068,608 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\rastapi.dll

[2009/03/23 11:33:21 | 00,067,584 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\regapi.dll

[2009/03/23 11:33:21 | 00,061,952 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\reg.exe

[2009/03/23 11:33:21 | 00,031,744 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\perfdisk.dll

[2009/03/23 11:33:20 | 01,381,376 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\Query.dll

[2009/03/23 11:33:20 | 01,314,816 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\quartz.dll

[2009/03/23 11:33:20 | 00,825,856 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\rasdlg.dll

[2009/03/23 11:33:20 | 00,526,336 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\RMActivate_isv.exe

[2009/03/23 11:33:20 | 00,518,144 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\RMActivate.exe

[2009/03/23 11:33:20 | 00,505,344 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\qedit.dll

[2009/03/23 11:33:20 | 00,497,152 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\qdvd.dll

[2009/03/23 11:33:20 | 00,347,136 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\RMActivate_ssp.exe

[2009/03/23 11:33:20 | 00,346,624 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\RMActivate_ssp_isv.exe

[2009/03/23 11:33:20 | 00,340,992 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\RelMon.dll

[2009/03/23 11:33:20 | 00,166,400 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\puiapi.dll

[2009/03/23 11:33:20 | 00,124,928 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\quick.ime

[2009/03/23 11:33:20 | 00,124,928 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\qintlgnt.ime

[2009/03/23 11:33:20 | 00,043,520 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\rekeywiz.exe

[2009/03/23 11:33:19 | 00,884,224 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\RacEngn.dll

[2009/03/23 11:33:19 | 00,642,560 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\rasgcw.dll

[2009/03/23 11:33:19 | 00,376,832 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\rasplap.dll

[2009/03/23 11:33:19 | 00,286,720 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\rasapi32.dll

[2009/03/23 11:33:19 | 00,281,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\raschap.dll

[2009/03/23 11:33:19 | 00,259,584 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\rasppp.dll

[2009/03/23 11:33:19 | 00,155,136 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\rasmontr.dll

[2009/03/23 11:33:19 | 00,052,736 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\rasdiag.dll

[2009/03/23 11:33:19 | 00,016,896 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\rasdial.exe

[2009/03/23 11:33:19 | 00,001,520 | ---- | C] () -- C:\Windows\System32\RacUR.xml

[2009/03/23 11:33:19 | 00,000,153 | ---- | C] () -- C:\Windows\System32\RacUREx.xml

[2009/03/23 11:33:17 | 01,856,512 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dbgeng.dll

[2009/03/23 11:33:17 | 00,478,208 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\DevicePairing.dll

[2009/03/23 11:33:17 | 00,135,168 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\cscript.exe

[2009/03/23 11:33:17 | 00,065,536 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\DevicePairingWizard.exe

[2009/03/23 11:33:17 | 00,061,440 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\davclnt.dll

[2009/03/23 11:33:17 | 00,054,784 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\DevicePairingProxy.dll

[2009/03/23 11:33:17 | 00,045,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dataclen.dll

[2009/03/23 11:33:16 | 00,377,856 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\devmgr.dll

[2009/03/23 11:33:16 | 00,204,288 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dhcpcsvc.dll

[2009/03/23 11:33:16 | 00,129,536 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dhcpcsvc6.dll

[2009/03/23 11:33:16 | 00,094,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dfshim.dll

[2009/03/23 11:33:15 | 00,481,792 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\cmdial32.dll

[2009/03/23 11:33:15 | 00,450,560 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\comdlg32.dll

[2009/03/23 11:33:14 | 01,645,568 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\connect.dll

[2009/03/23 11:33:14 | 01,209,856 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\comsvcs.dll

[2009/03/23 11:33:14 | 00,977,920 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\crypt32.dll

[2009/03/23 11:33:14 | 00,971,264 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\cryptui.dll

[2009/03/23 11:33:14 | 00,593,408 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\comuid.dll

[2009/03/23 11:33:14 | 00,182,272 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\eapphost.dll

[2009/03/23 11:33:14 | 00,135,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\eappcfg.dll

[2009/03/23 11:33:14 | 00,131,584 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\cscobj.dll

[2009/03/23 11:33:14 | 00,129,024 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\cryptsvc.dll

[2009/03/23 11:33:14 | 00,120,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\EhStorAPI.dll

[2009/03/23 11:33:14 | 00,117,248 | ---- | C] () -- C:\Windows\System32\EhStorAuthn.dll

[2009/03/23 11:33:14 | 00,069,120 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\conime.exe

[2009/03/23 11:33:14 | 00,037,376 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\EhStorPwdMgr.dll

[2009/03/23 11:33:14 | 00,031,744 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\cscapi.dll

[2009/03/23 11:33:14 | 00,022,016 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\cscdll.dll

[2009/03/23 11:33:14 | 00,004,096 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dxmasf.dll

[2009/03/23 11:33:13 | 03,081,216 | ---- | C] (Microsoft Corporation) -- C:\Windows\explorer.exe

[2009/03/23 11:33:13 | 02,927,616 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\explorer.exe

[2009/03/23 11:33:13 | 01,459,200 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\esent.dll

[2009/03/23 11:33:13 | 00,485,888 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\evr.dll

[2009/03/23 11:33:13 | 00,428,544 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\EncDec.dll

[2009/03/23 11:33:13 | 00,268,288 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\es.dll

[2009/03/23 11:33:13 | 00,205,824 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\eudcedit.exe

[2009/03/23 11:33:13 | 00,187,904 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\eapp3hst.dll

[2009/03/23 11:33:13 | 00,133,120 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\extmgr.dll

[2009/03/23 11:33:13 | 00,114,176 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\EhStorShell.dll

[2009/03/23 11:33:13 | 00,105,472 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dmsynth.dll

[2009/03/23 11:33:13 | 00,093,696 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\eappgnui.dll

[2009/03/23 11:33:13 | 00,075,264 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dot3msm.dll

[2009/03/23 11:33:13 | 00,049,664 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dot3cfg.dll

[2009/03/23 11:33:13 | 00,020,992 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ExplorerFrame.dll

[2009/03/23 11:33:13 | 00,007,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\f3ahvoas.dll

[2009/03/23 11:33:12 | 01,122,304 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\appwiz.cpl

[2009/03/23 11:33:12 | 00,978,432 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drmv2clt.dll

[2009/03/23 11:33:12 | 00,444,416 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dsound.dll

[2009/03/23 11:33:12 | 00,407,040 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dpapimig.exe

[2009/03/23 11:33:12 | 00,284,672 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drmmgrtn.dll

[2009/03/23 11:33:12 | 00,247,296 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drvstore.dll

[2009/03/23 11:33:12 | 00,230,912 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\diskraid.exe

[2009/03/23 11:33:12 | 00,193,536 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drvinst.exe

[2009/03/23 11:33:12 | 00,168,448 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dnsapi.dll

[2009/03/23 11:33:12 | 00,137,728 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dsprop.dll

[2009/03/23 11:33:12 | 00,119,808 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\diskpart.exe

[2009/03/23 11:33:12 | 00,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\asferror.dll

[2009/03/23 11:33:11 | 02,515,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\accessibilitycpl.dll

[2009/03/23 11:33:11 | 01,985,024 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\authui.dll

[2009/03/23 11:33:11 | 01,730,560 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\apds.dll

[2009/03/23 11:33:11 | 00,643,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\autochk.exe

[2009/03/23 11:33:11 | 00,397,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\AudioEng.dll

[2009/03/23 11:33:11 | 00,274,944 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\AUDIOKSE.dll

[2009/03/23 11:33:11 | 00,171,008 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\apphelp.dll

[2009/03/23 11:33:11 | 00,148,992 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\appmgmts.dll

[2009/03/23 11:33:11 | 00,115,712 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\AudioSes.dll

[2009/03/23 11:33:11 | 00,088,576 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\audiodg.exe

[2009/03/23 11:33:11 | 00,034,304 | ---- | C] (Adobe Systems) -- C:\Windows\System32\atmlib.dll

[2009/03/23 11:33:11 | 00,028,672 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\Apphlpdm.dll

[2009/03/23 11:33:10 | 01,502,720 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\certmgr.dll

[2009/03/23 11:33:10 | 01,112,064 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\CertEnroll.dll

[2009/03/23 11:33:10 | 00,800,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\advapi32.dll

[2009/03/23 11:33:10 | 00,617,984 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\adtschema.dll

[2009/03/23 11:33:10 | 00,199,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\adsldpc.dll

[2009/03/23 11:33:10 | 00,136,192 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\aaclient.dll

[2009/03/23 11:33:10 | 00,076,288 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\adsmsext.dll

[2009/03/23 11:33:09 | 06,103,040 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\chtbrkr.dll

[2009/03/23 11:33:09 | 01,671,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\chsbrkr.dll

[2009/03/23 11:33:09 | 00,799,744 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\certutil.exe

[2009/03/23 11:33:09 | 00,633,856 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\CertEnrollUI.dll

[2009/03/23 11:33:09 | 00,323,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\certcli.dll

[2009/03/23 11:33:09 | 00,275,456 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\bcrypt.dll

[2009/03/23 11:33:09 | 00,215,552 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\certreq.exe

[2009/03/23 11:33:09 | 00,130,024 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\basecsp.dll

[2009/03/23 11:33:09 | 00,124,928 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\cintlgnt.ime

[2009/03/23 11:33:09 | 00,124,928 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\chajei.ime

[2009/03/23 11:33:09 | 00,058,368 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\cipher.exe

[2009/03/23 11:33:09 | 00,010,752 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\CHxReadingStringIME.dll

[2009/03/23 11:33:08 | 01,324,032 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\browseui.dll

[2009/03/23 11:33:08 | 01,216,000 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\AuxiliaryDisplayCpl.dll

[2009/03/23 11:33:08 | 00,757,248 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\azroles.dll

[2009/03/23 11:33:08 | 00,656,896 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\autoconv.exe

[2009/03/23 11:33:08 | 00,640,512 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\bthprops.cpl

[2009/03/23 11:33:08 | 00,636,416 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\autofmt.exe

[2009/03/23 11:33:08 | 00,542,720 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\blackbox.dll

[2009/03/23 11:33:08 | 00,516,608 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\autoplay.dll

[2009/03/23 11:33:08 | 00,034,304 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\bthudtask.exe

[2009/03/23 11:33:07 | 01,827,840 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\inetcpl.cpl

[2009/03/23 11:33:07 | 00,738,816 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\inetcomm.dll

[2009/03/23 11:33:07 | 00,217,600 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\InkEd.dll

[2009/03/23 11:33:07 | 00,200,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\input.dll

[2009/03/23 11:33:07 | 00,095,568 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\infocardapi.dll

[2009/03/23 11:33:07 | 00,035,152 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\infocardcpl.cpl

[2009/03/23 11:33:06 | 00,759,296 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ipsecsnp.dll

[2009/03/23 11:33:06 | 00,512,000 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jscript.dll

[2009/03/23 11:33:06 | 00,413,696 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\imkr80.ime

[2009/03/23 11:33:06 | 00,396,288 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ipsmsnap.dll

[2009/03/23 11:33:06 | 00,091,648 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\IPHLPAPI.DLL

[2009/03/23 11:33:06 | 00,028,160 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jsproxy.dll

[2009/03/23 11:33:06 | 00,026,624 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ipconfig.exe

[2009/03/23 11:33:05 | 00,729,600 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\IMJP10K.DLL

[2009/03/23 11:33:05 | 00,208,896 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mfplat.dll

[2009/03/23 11:33:05 | 00,116,224 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\imm32.dll

[2009/03/23 11:33:05 | 00,098,816 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mfps.dll

[2009/03/23 11:33:05 | 00,024,576 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mfpmp.exe

[2009/03/23 11:33:05 | 00,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mferror.dll

[2009/03/23 11:33:04 | 02,868,224 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mf.dll

[2009/03/23 11:33:04 | 01,160,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mfc42u.dll

[2009/03/23 11:33:04 | 01,135,104 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mfc42.dll

[2009/03/23 11:33:04 | 00,356,864 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\MediaMetadataHandler.dll

[2009/03/23 11:33:03 | 00,143,872 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\korwbrkr.dll

[2009/03/23 11:33:02 | 11,967,524 | ---- | C] () -- C:\Windows\System32\korwbrkr.lex

[2009/03/23 11:33:02 | 00,857,600 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\kernel32.dll

[2009/03/23 11:33:02 | 00,710,144 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\Magnify.exe

[2009/03/23 11:33:02 | 00,497,664 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\kerberos.dll

[2009/03/23 11:33:02 | 00,023,552 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\lpk.dll

[2009/03/23 11:33:02 | 00,009,728 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\LAPRXY.DLL

[2009/03/23 11:33:01 | 03,662,128 | ---- | C] () -- C:\Windows\System32\locale.nls

[2009/03/23 11:33:01 | 00,950,784 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\gpedit.dll

[2009/03/23 11:33:01 | 00,621,568 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\localspl.dll

[2009/03/23 11:33:01 | 00,094,720 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\logagent.exe

[2009/03/23 11:33:01 | 00,075,264 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\gpapi.dll

[2009/03/23 11:33:01 | 00,057,344 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\logman.exe

[2009/03/23 11:33:00 | 01,696,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\gameux.dll

[2009/03/23 11:33:00 | 00,303,616 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\gdi32.dll

[2009/03/23 11:33:00 | 00,128,000 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\gpresult.exe

[2009/03/23 11:33:00 | 00,088,064 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\fdBth.dll

[2009/03/23 11:33:00 | 00,069,120 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\fdWCN.dll

[2009/03/23 11:33:00 | 00,068,096 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\fdSSDP.dll

[2009/03/23 11:33:00 | 00,067,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\fdWSD.dll

[2009/03/23 11:33:00 | 00,054,272 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\feclient.dll

[2009/03/23 11:33:00 | 00,053,760 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\fdeploy.dll

[2009/03/23 11:33:00 | 00,041,472 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\hbaapi.dll

[2009/03/23 11:33:00 | 00,028,672 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\FwRemoteSvr.dll

[2009/03/23 11:33:00 | 00,028,160 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\gpscript.dll

[2009/03/23 11:33:00 | 00,024,064 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\gpscript.exe

[2009/03/23 11:33:00 | 00,024,064 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\fdProxy.dll

[2009/03/23 11:33:00 | 00,016,896 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\gpupdate.exe

[2009/03/23 11:33:00 | 00,009,728 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\fdBthProxy.dll

[2009/03/23 11:32:59 | 02,134,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\FunctionDiscoveryFolder.dll

[2009/03/23 11:32:59 | 00,595,456 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\FWPUCLNT.DLL

[2009/03/23 11:32:59 | 00,398,336 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iedkcs32.dll

[2009/03/23 11:32:59 | 00,153,600 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\fundisc.dll

[2009/03/23 11:32:59 | 00,147,456 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\Faultrep.dll

[2009/03/23 11:32:59 | 00,060,928 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\findstr.exe

[2009/03/23 11:32:59 | 00,041,984 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ftp.exe

[2009/03/23 11:32:59 | 00,029,696 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ifmon.dll

[2009/03/23 11:32:59 | 00,019,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\fc.exe

[2009/03/23 11:32:58 | 06,081,024 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieframe.dll

[2009/03/23 11:32:58 | 00,883,712 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\IMJP10.IME

[2009/03/23 11:32:58 | 00,380,928 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieapfltr.dll

[2009/03/23 11:32:58 | 00,270,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iertutil.dll

[2009/03/23 11:32:58 | 00,193,024 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iepeers.dll

[2009/03/23 11:32:55 | 00,677,376 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\imapi2fs.dll

[2009/03/23 11:32:55 | 00,377,856 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\imapi2.dll

[2009/03/23 11:32:54 | 00,619,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\icardagt.exe

[2009/03/23 11:32:54 | 00,463,872 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\IasMigReader.exe

[2009/03/23 11:32:54 | 00,454,144 | ---- | C] (Microsoft) -- C:\Windows\System32\IasMigPlugin.dll

[2009/03/23 11:32:54 | 00,252,928 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iassdo.dll

[2009/03/23 11:32:54 | 00,182,272 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iassam.dll

[2009/03/23 11:32:54 | 00,158,208 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iasrad.dll

[2009/03/23 11:32:54 | 00,150,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iasnap.dll

[2009/03/23 11:32:54 | 00,118,784 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iasrecst.dll

[2009/03/23 11:32:54 | 00,107,520 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\imapi.dll

[2009/03/23 11:32:54 | 00,080,384 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\hdwwiz.exe

[2009/03/23 11:32:54 | 00,076,288 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iassvcs.dll

[2009/03/23 11:32:54 | 00,070,656 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iashlpr.dll

[2009/03/23 11:32:54 | 00,058,880 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iasacct.dll

[2009/03/23 11:32:54 | 00,057,344 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iasads.dll

[2009/03/23 11:32:54 | 00,047,104 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iasdatastore.dll

[2009/03/23 11:32:54 | 00,033,792 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iaspolcy.dll

[2009/03/23 11:32:54 | 00,026,112 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\hidserv.dll

[2009/03/23 11:32:54 | 00,009,032 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\icardres.dll

[2009/03/23 11:32:53 | 00,714,240 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\timedate.cpl

[2009/03/23 11:32:53 | 00,125,952 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\tintlgnt.ime

[2009/03/23 11:32:53 | 00,038,400 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\TSTheme.exe

[2009/03/23 11:32:53 | 00,035,656 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\TsWpfWrp.exe

[2009/03/23 11:32:52 | 00,615,424 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\themeui.dll

[2009/03/23 11:32:51 | 01,152,000 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\themecpl.dll

[2009/03/23 11:32:51 | 00,313,344 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\thawbrkr.dll

[2009/03/23 11:32:51 | 00,135,168 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\tcpmon.dll

[2009/03/23 11:32:50 | 00,063,488 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\tscupgrd.exe

[2009/03/23 11:32:50 | 00,053,248 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\tsgqec.dll

[2009/03/23 11:32:48 | 01,576,960 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\tquery.dll

[2009/03/23 11:32:47 | 00,128,000 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\vdsutil.dll

[2009/03/23 11:32:47 | 00,020,480 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\version.dll

[2009/03/23 11:32:47 | 00,012,288 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\tsbyuv.dll

[2009/03/23 11:32:45 | 00,638,976 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\Utilman.exe

[2009/03/23 11:32:45 | 00,507,904 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\vdsdyn.dll

[2009/03/23 11:32:45 | 00,434,176 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\vbscript.dll

[2009/03/23 11:32:44 | 00,017,408 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\vdmdbg.dll

[2009/03/23 11:32:38 | 00,324,096 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\untfs.dll

[2009/03/23 11:32:37 | 01,167,872 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\urlmon.dll

[2009/03/23 11:32:37 | 00,280,064 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\unimdm.tsp

[2009/03/23 11:32:36 | 00,100,352 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ulib.dll

[2009/03/23 11:32:35 | 01,123,840 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\usercpl.dll

[2009/03/23 11:32:34 | 00,648,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\user32.dll

[2009/03/23 11:32:34 | 00,502,272 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\usp10.dll

[2009/03/23 11:32:27 | 02,205,184 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\SyncCenter.dll

[2009/03/23 11:32:27 | 00,389,632 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\sysmon.ocx

[2009/03/23 11:32:26 | 01,224,192 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\sud.dll

[2009/03/23 11:32:26 | 00,842,240 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\systemcpl.dll

[2009/03/23 11:32:26 | 00,586,752 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\stobject.dll

[2009/03/23 11:32:26 | 00,301,568 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\srchadmin.dll

[2009/03/23 11:32:26 | 00,129,024 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\sqmapi.dll

[2009/03/23 11:32:26 | 00,107,612 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchema.bin

[2009/03/23 11:32:26 | 00,055,808 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\Storprop.dll

[2009/03/23 11:32:26 | 00,018,904 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchemaTrivial.bin

[2009/03/23 11:32:24 | 00,270,336 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\taskcomp.dll

[2009/03/23 11:32:24 | 00,239,616 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\tapisrv.dll

[2009/03/23 11:32:24 | 00,170,496 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\tcpipcfg.dll

[2009/03/23 11:32:24 | 00,169,984 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\taskeng.exe

[2009/03/23 11:32:22 | 00,321,536 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WMPhoto.dll

[2009/03/23 11:32:21 | 10,625,536 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wmp.dll

[2009/03/23 11:32:21 | 08,147,456 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wmploc.DLL

[2009/03/23 11:32:21 | 01,671,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wlanpref.dll

[2009/03/23 11:32:21 | 01,642,496 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WMPEncEn.dll

[2009/03/23 11:32:21 | 00,996,352 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WMNetMgr.dll

[2009/03/23 11:32:21 | 00,867,328 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wmpmde.dll

[2009/03/23 11:32:21 | 00,758,784 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WMADMOD.DLL

[2009/03/23 11:32:21 | 00,399,360 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wlangpui.dll

[2009/03/23 11:32:21 | 00,303,616 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wmpeffects.dll

[2009/03/23 11:32:21 | 00,293,376 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wlanmsm.dll

[2009/03/23 11:32:21 | 00,289,280 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\Wldap32.dll

[2009/03/23 11:32:21 | 00,202,752 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wlanui.dll

[2009/03/23 11:32:21 | 00,131,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wmpps.dll

[2009/03/23 11:32:21 | 00,083,456 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wlgpclnt.dll

[2009/03/23 11:32:21 | 00,068,096 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wlanhlp.dll

[2009/03/23 11:32:20 | 00,747,008 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WsmSvc.dll

[2009/03/23 11:32:20 | 00,533,504 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wmdrmsdk.dll

[2009/03/23 11:32:20 | 00,418,304 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wmdrmdev.dll

[2009/03/23 11:32:20 | 00,355,328 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WSDApi.dll

[2009/03/23 11:32:20 | 00,347,648 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wmdrmnet.dll

[2009/03/23 11:32:20 | 00,223,232 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WMASF.DLL

[2009/03/23 11:32:20 | 00,177,664 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WSDMon.dll

[2009/03/23 11:32:20 | 00,140,800 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wusa.exe

[2009/03/23 11:32:20 | 00,135,168 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wshom.ocx

[2009/03/23 11:32:20 | 00,090,112 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wshext.dll

[2009/03/23 11:32:20 | 00,034,304 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wshbth.dll

[2009/03/23 11:32:20 | 00,020,992 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wsdchngr.dll

[2009/03/23 11:32:19 | 02,386,944 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WMVCORE.DLL

[2009/03/23 11:32:19 | 01,575,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WMVENCOD.DLL

[2009/03/23 11:32:19 | 01,548,288 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WMVDECOD.DLL

[2009/03/23 11:32:19 | 01,382,912 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WMVSDECD.DLL

[2009/03/23 11:32:19 | 00,657,408 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WMVXENCD.DLL

[2009/03/23 11:32:19 | 00,535,552 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wuapi.dll

[2009/03/23 11:32:19 | 00,532,992 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wpcao.dll

[2009/03/23 11:32:19 | 00,291,328 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WscEapPr.dll

[2009/03/23 11:32:19 | 00,218,624 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wdscore.dll

[2009/03/23 11:32:19 | 00,203,776 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wpdwcn.dll

[2009/03/23 11:32:19 | 00,155,648 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wscript.exe

[2009/03/23 11:32:19 | 00,140,288 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wpcsvc.dll

[2009/03/23 11:32:19 | 00,050,688 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wsnmp32.dll

[2009/03/23 11:32:19 | 00,017,920 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wscisvif.dll

[2009/03/23 11:32:18 | 01,533,440 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wcnwiz.dll

[2009/03/23 11:32:18 | 01,020,928 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wdc.dll

[2009/03/23 11:32:18 | 00,968,192 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wcnwiz2.dll

[2009/03/23 11:32:18 | 00,876,032 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wer.dll

[2009/03/23 11:32:18 | 00,860,160 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WerFaultSecure.exe

[2009/03/23 11:32:18 | 00,547,840 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wiaaut.dll

[2009/03/23 11:32:18 | 00,250,368 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wevtapi.dll

[2009/03/23 11:32:18 | 00,233,984 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\webcheck.dll

[2009/03/23 11:32:18 | 00,217,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WerFault.exe

[2009/03/23 11:32:18 | 00,199,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WebClnt.dll

[2009/03/23 11:32:18 | 00,166,912 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wdmaud.drv

[2009/03/23 11:32:18 | 00,163,840 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wevtutil.exe

[2009/03/23 11:32:17 | 01,076,736 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\vssapi.dll

[2009/03/23 11:32:17 | 00,828,416 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wininet.dll

[2009/03/23 11:32:17 | 00,413,696 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wcncsvc.dll

[2009/03/23 11:32:17 | 00,375,808 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\winhttp.dll

[2009/03/23 11:32:17 | 00,314,368 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\winlogon.exe

[2009/03/23 11:32:17 | 00,258,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\winspool.drv

[2009/03/23 11:32:17 | 00,189,952 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\winmm.dll

[2009/03/23 11:32:17 | 00,165,376 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WcnNetsh.dll

[2009/03/23 11:32:17 | 00,115,712 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WinSCard.dll

[2009/03/23 11:32:16 | 00,712,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WindowsCodecs.dll

[2009/03/23 11:32:16 | 00,443,392 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\win32spl.dll

[2009/03/23 11:32:16 | 00,347,648 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WindowsCodecsExt.dll

[2009/03/23 11:32:16 | 00,019,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\winrnr.dll

[2009/03/23 11:32:14 | 00,134,656 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\SmartcardCredentialProvider.dll

[2009/03/23 11:32:14 | 00,083,456 | ---- | C] (Microsoft) -- C:\Windows\System32\SMBHelperClass.dll

[2009/03/23 11:32:14 | 00,067,584 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\slwmi.dll

[2009/03/23 11:32:14 | 00,012,288 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\slwga.dll

[2009/03/23 11:32:13 | 01,081,344 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\SLCExt.dll

[2009/03/23 11:32:13 | 00,777,216 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\slcc.dll

[2009/03/23 11:32:13 | 00,582,144 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\SLCommDlg.dll

[2009/03/23 11:32:13 | 00,279,040 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\spinstall.exe

[2009/03/23 11:32:13 | 00,228,352 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\SLC.dll

[2009/03/23 11:32:13 | 00,190,464 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\sperror.dll

[2009/03/23 11:32:13 | 00,160,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\spoolss.dll

[2009/03/23 11:32:13 | 00,092,918 | ---- | C] () -- C:\Windows\System32\slmgr.vbs

[2009/03/23 11:32:13 | 00,042,496 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\slcinst.dll

[2009/03/23 11:32:13 | 00,011,776 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\spcmsg.dll

[2009/03/23 11:32:13 | 00,008,280 | ---- | C] () -- C:\Windows\System32\spcinstrumentation.man

[2009/03/23 11:32:12 | 11,584,000 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\shell32.dll

[2009/03/23 11:32:12 | 01,591,296 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\setupapi.dll

[2009/03/23 11:32:12 | 00,627,200 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\sethc.exe

[2009/03/23 11:32:12 | 00,425,472 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\shwebsvc.dll

[2009/03/23 11:32:12 | 00,352,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\shlwapi.dll

[2009/03/23 11:32:12 | 00,342,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\zipfldr.dll

[2009/03/23 11:32:12 | 00,279,552 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\services.exe

[2009/03/23 11:32:12 | 00,247,296 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\shsvcs.dll

[2009/03/23 11:32:12 | 00,197,632 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\SndVol.exe

[2009/03/23 11:32:12 | 00,125,952 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\softkbd.dll

[2009/03/23 11:32:12 | 00,101,376 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\shsetup.dll

[2009/03/23 11:32:12 | 00,069,632 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\sendmail.dll

[2009/03/23 11:32:11 | 01,068,032 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\shdocvw.dll

[2009/03/23 11:32:09 | 00,524,288 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\sqlsrv32.dll

[2009/03/23 11:32:09 | 00,164,352 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\spwizui.dll

[2009/03/23 11:32:09 | 00,142,336 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\spp.dll

[2009/03/23 11:32:09 | 00,114,688 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\spreview.exe

[2009/03/23 11:32:09 | 00,056,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\xmlfilter.dll

[2009/03/23 11:32:09 | 00,011,776 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\spwinsat.dll

[2009/03/23 11:32:09 | 00,007,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\spwmp.dll

[2009/03/23 10:49:17 | 00,162,064 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wuwebv.dll

[2009/03/23 10:49:17 | 00,031,232 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wuapp.exe

[2009/03/22 19:12:37 | 00,000,000 | ---D | C] -- C:\ProgramData\ESET

[2009/03/22 19:05:22 | 00,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft LifeCam

[2009/03/22 19:04:00 | 03,727,720 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3dx9_35.dll

[2009/03/22 19:00:04 | 00,000,000 | ---D | C] -- C:\Users\Total Rigole\AppData\Roaming\Google

[2009/03/22 19:00:04 | 00,000,000 | ---D | C] -- C:\Users\Total Rigole\AppData\Local\Google

[2009/03/22 19:00:02 | 00,000,000 | ---D | C] -- C:\ProgramData\Google

[2009/03/22 18:53:58 | 00,000,000 | ---D | C] -- C:\Program Files (x86)\add-u

[2009/03/22 18:52:24 | 00,000,000 | ---D | C] -- C:\Users\Total Rigole\AppData\Roaming\Media Player Classic

[2009/03/22 18:47:21 | 00,334,792 | ---- | C] (Alcohol Soft Development Team) -- C:\Windows\System32\_AxShlEx.dll

[2009/03/22 18:34:09 | 00,000,000 | ---D | C] -- C:\Users\Total Rigole\AppData\Roaming\uTorrent

[2009/03/22 18:21:07 | 00,000,000 | ---D | C] -- C:\Program Files (x86)\Google

[2009/03/22 17:34:33 | 00,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft

[2009/03/22 17:34:18 | 00,000,000 | ---D | C] -- C:\Program Files (x86)\Windows Live SkyDrive

[2009/03/22 17:34:01 | 00,000,000 | ---D | C] -- C:\Program Files (x86)\Windows Live

[2009/03/22 17:28:35 | 00,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Windows Live

[2009/03/22 17:11:28 | 00,718,912 | ---- | C] (Resplendence Software Projects Sp. ) -- C:\Users\Public\Documents\whocrashedSetup.exe

[2009/03/22 17:11:28 | 00,673,026 | ---- | C] () -- C:\Users\Public\Documents\Smartkey_Win.zip

[2009/03/22 17:11:28 | 00,402,656 | ---- | C] () -- C:\Users\Public\Documents\NeroDiscSpeed_Fra.exe

[2009/03/22 17:11:28 | 00,000,000 | ---D | C] -- C:\Users\Public\Documents\Smartkey_Win

[2009/03/22 17:11:28 | 00,000,000 | ---D | C] -- C:\Users\Public\Documents\NeroDiscSpeed_Fra

[2009/03/22 17:11:28 | 00,000,000 | ---D | C] -- C:\Users\Public\Documents\microsoft

[2009/03/22 17:11:28 | 00,000,000 | ---D | C] -- C:\Users\Public\Documents\MANiveau PC

[2009/03/22 17:11:28 | 00,000,000 | ---D | C] -- C:\Users\Public\Documents\BVRP Software

[2009/03/22 17:11:27 | 06,718,399 | ---- | C] (Aimersoft Software ) -- C:\Users\Public\Documents\mkv-converter_full409_322667.exe

[2009/03/22 17:11:27 | 03,545,088 | ---- | C] () -- C:\Users\Public\Documents\ir0462_x64.msi

[2009/03/22 17:11:27 | 00,058,360 | ---- | C] () -- C:\Users\Public\Documents\ImportExportTools-1.6.xpi

[2009/03/22 17:11:27 | 00,010,110 | ---- | C] () -- C:\Users\Public\Documents\free eve.docx

[2009/03/22 17:11:27 | 00,001,406 | ---- | C] () -- C:\Users\Public\Documents\icon-3.ico

[2009/03/22 17:11:27 | 00,001,406 | ---- | C] () -- C:\Users\Public\Documents\icon-2.ico

[2009/03/22 17:11:27 | 00,001,078 | ---- | C] () -- C:\Users\Public\Documents\icon-1.ico

[2009/03/22 17:11:27 | 00,001,078 | ---- | C] () -- C:\Users\Public\Documents\icon-0.ico

[2009/03/22 17:11:26 | 17,360,896 | ---- | C] () -- C:\Users\Public\Documents\eav_nod64-v3_enu.msi

[2009/03/22 17:11:26 | 00,833,539 | ---- | C] (Resplendence Software Projects Sp. ) -- C:\Users\Public\Documents\antiFreezeSetup.exe

[2009/03/22 17:11:26 | 00,130,536 | ---- | C] () -- C:\Users\Public\Documents\attachment_extractor-0.9.1.1-tb.xpi

[2009/03/22 17:04:50 | 00,000,000 | ---D | C] -- C:\Users\Total Rigole\Documents\Mes pockets

[2009/03/22 17:04:50 | 00,000,000 | ---D | C] -- C:\Users\Total Rigole\Documents\Mes numérisations

[2009/03/22 17:04:50 | 00,000,000 | ---D | C] -- C:\Users\Total Rigole\Documents\Mes fichiers reçus

[2009/03/22 17:04:36 | 00,000,000 | ---D | C] -- C:\Users\Total Rigole\Documents\Mes docs

[2009/03/22 17:03:11 | 00,013,824 | ---- | C] () -- C:\Users\Total Rigole\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini

[2009/03/22 17:03:03 | 00,000,000 | ---D | C] -- C:\Users\Total Rigole\Documents\Ma carte avec tomtom 7 ok

[2009/03/22 17:02:58 | 00,000,000 | ---D | C] -- C:\Users\Total Rigole\Documents\Ma carte avec navigon

[2009/03/22 17:02:22 | 00,000,000 | ---D | C] -- C:\Users\Total Rigole\Documents\Ma carte avec igo8 et les radars europe tout ok 2°

[2009/03/22 17:01:43 | 00,000,000 | ---D | C] -- C:\Users\Total Rigole\Documents\Ma carte avec igo8 et les radars europe tout OK

[2009/03/22 17:01:43 | 00,000,000 | ---D | C] -- C:\Users\Total Rigole\Documents\Keytchup dossier

[2009/03/22 17:01:42 | 00,000,000 | R--D | C] -- C:\Users\Total Rigole\Documents\Fichiers LifeCam

[2009/03/22 17:01:42 | 00,000,000 | ---D | C] -- C:\Users\Total Rigole\Documents\Free Eve_fichiers

[2009/03/22 17:01:42 | 00,000,000 | ---D | C] -- C:\Users\Total Rigole\Documents\Fax

[2009/03/22 17:01:42 | 00,000,000 | ---D | C] -- C:\Users\Total Rigole\Documents\Dossier Bluetooth Exchange

[2009/03/22 17:01:42 | 00,000,000 | ---D | C] -- C:\Users\Total Rigole\Documents\Documents sur Smartphone de Total Rigole

[2009/03/22 17:01:34 | 00,000,000 | ---D | C] -- C:\Users\Total Rigole\Documents\Documents sur HTC_X7510 de Total Rigole

[2009/03/22 17:01:34 | 00,000,000 | ---D | C] -- C:\Users\Total Rigole\Documents\Documents sur Assistant personnel de Total Rigole

[2009/03/22 17:01:30 | 00,000,000 | R--D | C] -- C:\Users\Total Rigole\Documents\Scanned Documents

[2009/03/22 17:01:30 | 00,000,000 | ---D | C] -- C:\Users\Total Rigole\Documents\Documents sur Assistant personnel de Total Recall 1

[2009/03/22 17:01:30 | 00,000,000 | ---D | C] -- C:\Users\Total Rigole\Documents\Desistement vehicule succession

[2009/03/22 17:01:30 | 00,000,000 | ---D | C] -- C:\Users\Total Rigole\Documents\Config

[2009/03/22 17:01:29 | 00,590,336 | ---- | C] () -- C:\Users\Total Rigole\Documents\Synthese vocale.pub

[2009/03/22 17:01:29 | 00,205,967 | ---- | C] () -- C:\Users\Total Rigole\Documents\Poser une toiture plastique.pdf

[2009/03/22 17:01:29 | 00,118,784 | ---- | C] () -- C:\Users\Total Rigole\Documents\homme.pub

[2009/03/22 17:01:29 | 00,095,232 | ---- | C] () -- C:\Users\Total Rigole\Documents\Dessin Douchette grohe.pub

[2009/03/22 17:01:29 | 00,092,096 | ---- | C] () -- C:\Users\Total Rigole\Documents\bookmark.htm

[2009/03/22 17:01:29 | 00,024,423 | ---- | C] () -- C:\Users\Total Rigole\Documents\Objet Transformation des comptes.htm

[2009/03/22 17:01:29 | 00,013,193 | ---- | C] () -- C:\Users\Total Rigole\Documents\Liste CC.xlsx

[2009/03/22 17:01:29 | 00,001,790 | ---- | C] () -- C:\Users\Total Rigole\Documents\justif.html

[2009/03/22 17:01:29 | 00,000,775 | ---- | C] () -- C:\Users\Total Rigole\Documents\Mes dossiers de partage.lnk

[2009/03/22 17:01:29 | 00,000,000 | ---D | C] -- C:\Users\Total Rigole\Documents\Objet Transformation des_fichiers

[2009/03/22 17:01:29 | 00,000,000 | ---D | C] -- C:\Users\Total Rigole\Documents\Annie

[2009/03/22 17:01:28 | 00,000,000 | R--D | C] -- C:\Users\Total Rigole\Documents\Notes

[2009/03/22 17:01:28 | 00,000,000 | R--D | C] -- C:\Users\Total Rigole\Documents\My Stationery

[2009/03/22 17:01:27 | 00,000,000 | ---D | C] -- C:\Users\Total Rigole\Documents\My Mobile Device Backups

[2009/03/22 17:01:25 | 00,000,000 | ---D | C] -- C:\Users\Total Rigole\Documents\My Mobile Backups

[2009/03/22 17:00:33 | 00,000,000 | ---D | C] -- C:\Users\Total Rigole\Documents\My ISO Files

[2009/03/22 17:00:33 | 00,000,000 | ---D | C] -- C:\Users\Total Rigole\Documents\My DVDs

[2009/03/22 16:59:13 | 01,510,560 | ---- | C] () -- C:\Users\Total Rigole\Desktop\POIUpdates.upd

[2009/03/22 16:59:13 | 00,244,907 | ---- | C] () -- C:\Users\Total Rigole\Desktop\SpeedcamUpdates.spud

[2009/03/22 16:59:13 | 00,000,861 | ---- | C] () -- C:\Users\Total Rigole\Desktop\Documents sur Assistant personnel de Total Recall 1.LNK

[2009/03/22 16:59:13 | 00,000,777 | ---- | C] () -- C:\Users\Total Rigole\Desktop\Documents sur HTC_X7510 de Total Rigole.LNK

[2009/03/22 16:57:21 | 00,000,000 | ---D | C] -- C:\ProgramData\Acronis

[2009/03/22 15:20:43 | 00,001,066 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\DualCoreCenter.lnk

[2009/03/22 15:20:42 | 01,622,016 | ---- | C] (NVIDIA) -- C:\Windows\NVBenchMarks.dll

[2009/03/22 15:20:42 | 01,060,864 | ---- | C] (Microsoft Corporation) -- C:\Windows\MFC71.dll

[2009/03/22 15:20:42 | 00,499,712 | ---- | C] (Microsoft Corporation) -- C:\Windows\msvcp71.dll

[2009/03/22 15:20:42 | 00,421,888 | ---- | C] (NVIDIA) -- C:\Windows\nvsulib.dll

[2009/03/22 15:20:42 | 00,380,928 | ---- | C] (NVIDIA) -- C:\Windows\ntuneoem.dll

[2009/03/22 15:20:42 | 00,348,160 | ---- | C] (Microsoft Corporation) -- C:\Windows\msvcr71.dll

[2009/03/22 15:20:42 | 00,217,088 | ---- | C] () -- C:\Windows\NVGfxOgl.dll

[2009/03/22 15:20:42 | 00,045,056 | ---- | C] (NVIDIA) -- C:\Windows\NTuneGpu.dll

[2009/03/22 15:20:42 | 00,028,672 | ---- | C] (NVIDIA) -- C:\Windows\AutoTuneScript.dll

[2009/03/22 15:20:42 | 00,018,216 | ---- | C] (NVidia Corp.) -- C:\Windows\nvoclk64.sys

[2009/03/22 15:20:42 | 00,006,912 | ---- | C] (NVidia Corp.) -- C:\Windows\nvoclock.sys

[2009/03/22 15:17:11 | 00,000,000 | ---D | C] -- C:\Users\Total Rigole\AppData\Roaming\Macromedia

[2009/03/22 14:40:46 | 00,000,000 | ---D | C] -- C:\ProgramData\WEBREG

[2009/03/22 14:40:26 | 00,000,000 | ---D | C] -- C:\Users\Total Rigole\AppData\Roaming\HP

[2009/03/22 14:40:26 | 00,000,000 | ---D | C] -- C:\Users\Total Rigole\AppData\Local\HP

[2009/03/22 14:39:44 | 00,000,000 | ---D | C] -- C:\ProgramData\Hewlett-Packard

[2009/03/22 14:37:51 | 00,002,011 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk

[2009/03/22 14:37:33 | 00,000,000 | ---D | C] -- C:\Windows\System32\Macromed

[2009/03/22 14:37:29 | 00,000,000 | ---D | C] -- C:\ProgramData\HP Product Assistant

[2009/03/22 14:37:15 | 00,000,000 | ---D | C] -- C:\Windows\System32\spool

[2009/03/22 14:37:02 | 00,000,000 | ---D | C] -- C:\Program Files (x86)\Hewlett-Packard

[2009/03/22 14:37:02 | 00,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Hewlett-Packard

[2009/03/22 14:36:36 | 00,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\HP

[2009/03/22 14:36:12 | 00,233,472 | ---- | C] (Hewlett Packard Corporation) -- C:\Windows\System32\hpzc35ha.dll

[2009/03/22 14:35:59 | 00,000,000 | ---D | C] -- C:\Program Files (x86)\HP

[2009/03/22 14:35:29 | 00,185,347 | ---- | C] () -- C:\Windows\hpoins21.dat

[2009/03/22 14:35:29 | 00,007,262 | ---- | C] () -- C:\Windows\hpomdl21.dat

[2009/03/22 14:34:44 | 00,000,000 | ---D | C] -- C:\ProgramData\HP

[2009/03/22 14:31:55 | 00,000,432 | -H-- | C] () -- C:\Windows\tasks\User_Feed_Synchronization-{5B5CE806-D1B4-42D4-9B1C-180E06F5A6FC}.job

[2009/03/22 14:22:59 | 00,000,000 | ---D | C] -- C:\Users\Total Rigole\AppData\Roaming\Logitech

[2009/03/22 14:18:38 | 00,000,000 | ---D | C] -- C:\ProgramData\LogiShrd

[2009/03/22 14:17:24 | 00,001,695 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Logitech SetPoint.lnk

[2009/03/22 14:17:12 | 00,000,000 | ---D | C] -- C:\ProgramData\Logitech

[2009/03/22 14:12:59 | 00,000,000 | ---D | C] -- C:\Program Files (x86)\MSI

[2009/03/22 14:11:15 | 00,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft Works

[2009/03/22 14:11:04 | 00,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft Visual Studio

[2009/03/22 14:11:04 | 00,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\DESIGNER

[2009/03/22 14:10:55 | 00,000,000 | ---D | C] -- C:\Windows\PCHEALTH

[2009/03/22 14:10:55 | 00,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft.NET

[2009/03/22 14:07:01 | 00,000,000 | ---D | C] -- C:\Users\Total Rigole\AppData\Local\Microsoft Help

[2009/03/22 14:06:59 | 00,000,000 | ---D | C] -- C:\ProgramData\Microsoft Help

[2009/03/22 14:06:59 | 00,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft Office

[2009/03/22 14:06:39 | 00,000,000 | RH-D | C] -- C:\MSOCache

[2009/03/22 13:58:48 | 00,000,000 | ---D | C] -- C:\ProgramData\NVIDIA

[2009/03/22 13:57:13 | 00,000,000 | ---D | C] -- C:\Windows\System32\AGEIA

[2009/03/22 13:57:13 | 00,000,000 | ---D | C] -- C:\Program Files (x86)\AGEIA Technologies

[2009/03/22 13:56:48 | 00,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Wise Installation Wizard

[2009/03/22 13:50:55 | 00,000,000 | -HSD | C] -- C:\Windows\Installer

[2009/03/22 13:50:30 | 00,000,000 | ---D | C] -- C:\Users\Total Rigole\AppData\Roaming\WinRAR

[2009/03/22 11:03:53 | 00,000,000 | ---D | C] -- C:\Users\Total Rigole\AppData\Roaming\InstallShield

[2009/03/22 11:03:45 | 00,000,553 | R--- | C] () -- C:\Windows\USetup.iss

[2009/03/22 11:03:34 | 00,128,512 | ---- | C] (Realtek Semiconductor) -- C:\Windows\RTKAUDIOSERVICE.EXE

[2009/03/22 11:03:31 | 00,000,000 | ---D | C] -- C:\Windows\System32\RTCOM

[2009/03/22 11:03:14 | 00,525,792 | ---- | C] (Microsoft Corporation) -- C:\Windows\DIFxAPI.dll

[2009/03/22 11:03:07 | 05,684,736 | ---- | C] (Realtek Semiconductor) -- C:\Windows\RAVCpl64.exe

[2009/03/22 11:03:07 | 00,000,000 | ---D | C] -- C:\Program Files (x86)\Realtek

[2009/03/22 10:59:16 | 00,000,000 | -H-D | C] -- C:\Program Files (x86)\InstallShield Installation Information

[2009/03/22 10:59:12 | 00,000,000 | ---D | C] -- C:\RaidTool

[2009/03/22 10:58:57 | 00,000,000 | ---D | C] -- C:\Windows\RaidTool

[2009/03/22 10:58:19 | 00,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\InstallShield

[2009/03/22 10:53:26 | 00,000,000 | ---D | C] -- C:\Program Files (x86)\Add

[2009/03/22 10:33:09 | 00,053,248 | ---- | C] (Windows XP Bundled build C-Centric Single User) -- C:\Windows\System32\CSVer.dll

[2009/03/22 10:33:09 | 00,000,000 | ---D | C] -- C:\Program Files (x86)\Intel

[2009/03/22 10:33:01 | 00,000,000 | ---D | C] -- C:\Intel

[2009/03/22 10:28:15 | 00,171,136 | RHS- | C] () -- C:\grldr

[2009/03/22 10:17:14 | 00,099,880 | ---- | C] () -- C:\Users\Total Rigole\AppData\Local\GDIPFONTCACHEV1.DAT

[2009/03/22 10:17:07 | 00,000,402 | -HS- | C] () -- C:\Users\Total Rigole\Documents\desktop.ini

[2009/03/22 10:17:07 | 00,000,282 | -HS- | C] () -- C:\Users\Total Rigole\Desktop\desktop.ini

[2009/03/22 10:17:07 | 00,000,174 | -HS- | C] () -- C:\Users\Total Rigole\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\desktop.ini

[2009/03/22 10:16:58 | 00,000,000 | ---D | C] -- C:\Users\Total Rigole\AppData\Roaming\Identities

[2009/03/22 10:16:56 | 00,000,000 | ---D | C] -- C:\Users\Total Rigole\AppData\Local\VirtualStore

[2009/03/22 10:16:52 | 00,000,732 | ---- | C] () -- C:\Users\Total Rigole\AppData\Local\d3d9caps64.dat

[2009/03/22 10:16:51 | 00,000,000 | -HSD | C] -- C:\Users\Total Rigole\Documents\Mes vidéos

[2009/03/22 10:16:51 | 00,000,000 | -HSD | C] -- C:\Users\Total Rigole\Documents\Mes images

[2009/03/22 10:16:51 | 00,000,000 | -HSD | C] -- C:\Users\Total Rigole\Documents\Ma musique

[2009/03/22 10:16:51 | 00,000,000 | -HSD | C] -- C:\Users\Total Rigole\AppData\Local\Temporary Internet Files

[2009/03/22 10:16:51 | 00,000,000 | -HSD | C] -- C:\Users\Total Rigole\AppData\Local\Historique

[2009/03/22 10:16:51 | 00,000,000 | -HSD | C] -- C:\Users\Total Rigole\AppData\Local\Application Data

[2009/03/22 10:16:50 | 00,000,000 | --SD | C] -- C:\Users\Total Rigole\AppData\Roaming\Microsoft

[2009/03/22 10:16:50 | 00,000,000 | ---D | C] -- C:\Users\Total Rigole\AppData\Roaming\Media Center Programs

[2009/03/22 10:16:50 | 00,000,000 | ---D | C] -- C:\Users\Total Rigole\AppData\Local\Temp

[2009/03/22 10:16:50 | 00,000,000 | ---D | C] -- C:\Users\Total Rigole\AppData\Local\Microsoft

[2009/03/22 10:13:58 | 00,000,000 | -HSD | C] -- C:\Users\Public\Documents\Mes vidéos

[2009/03/22 10:13:58 | 00,000,000 | -HSD | C] -- C:\Users\Public\Documents\Mes images

[2009/03/22 10:13:58 | 00,000,000 | -HSD | C] -- C:\Users\Public\Documents\Ma musique

[2009/03/22 10:13:58 | 00,000,000 | -HSD | C] -- C:\ProgramData\Modèles

[2009/03/22 10:13:58 | 00,000,000 | -HSD | C] -- C:\ProgramData\Menu Démarrer

[2009/03/22 10:13:58 | 00,000,000 | -HSD | C] -- C:\ProgramData\Favoris

[2009/03/22 10:13:58 | 00,000,000 | -HSD | C] -- C:\ProgramData\Bureau

[2009/03/22 10:13:32 | 00,000,000 | ---D | C] -- C:\Windows\Debug

[2009/03/22 09:39:26 | 00,000,000 | ---D | C] -- C:\Windows\SoftwareDistribution

[2009/03/22 09:37:18 | 00,000,000 | ---D | C] -- C:\Windows\CSC

[2009/03/22 09:35:36 | 00,000,000 | ---D | C] -- C:\Windows\Prefetch

[2009/03/22 09:35:10 | 00,000,000 | -HSD | C] -- C:\System Volume Information

[2009/03/22 09:34:21 | 00,000,000 | ---D | C] -- C:\Windows\Panther

[2009/03/22 09:34:07 | 00,008,192 | R-S- | C] () -- C:\BOOTSECT.BAK

[2009/03/22 09:34:05 | 00,333,077 | RHS- | C] () -- C:\bootmgr

[2009/03/22 09:34:05 | 00,000,000 | -HSD | C] -- C:\Boot

 

========== Files - Modified Within 30 Days ==========

 

[1 C:\Windows\System32\*.tmp files]

[2009/03/27 18:00:00 | 00,000,546 | ---- | M] () -- C:\Windows\tasks\Maintenance en 1 clic.job

[2009/03/27 17:14:23 | 00,000,006 | -H-- | M] () -- C:\Windows\tasks\SA.DAT

[2009/03/27 17:14:21 | 00,067,584 | --S- | M] () -- C:\Windows\bootstat.dat

[2009/03/27 17:14:19 | 42,940,86656 | -HS- | M] () -- C:\hiberfil.sys

[2009/03/27 17:12:58 | 03,034,953 | -H-- | M] () -- C:\Users\Total Rigole\AppData\Local\IconCache.db

[2009/03/27 10:00:52 | 00,000,947 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk

[2009/03/27 09:59:35 | 00,001,847 | ---- | M] () -- C:\Users\Total Rigole\Desktop\CCleaner.lnk

[2009/03/27 08:55:03 | 00,000,432 | -H-- | M] () -- C:\Windows\tasks\User_Feed_Synchronization-{5B5CE806-D1B4-42D4-9B1C-180E06F5A6FC}.job

[2009/03/26 16:49:56 | 00,038,496 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys

[2009/03/26 16:49:50 | 00,015,504 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys

[2009/03/25 15:05:01 | 00,000,536 | ---- | M] () -- C:\Windows\tasks\Ad-Aware Update (Weekly).job

[2009/03/25 14:44:30 | 00,002,630 | ---- | M] () -- C:\Users\Public\Desktop\Nero StartSmart.lnk

[2009/03/25 11:48:09 | 00,013,824 | ---- | M] () -- C:\Users\Total Rigole\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini

[2009/03/24 09:42:31 | 00,086,016 | ---- | M] () -- C:\Windows\System32\drivers\clipsrv.exe

[2009/03/24 09:42:31 | 00,086,016 | ---- | M] () -- C:\Windows\System\sessmgr.exe

[2009/03/24 09:42:31 | 00,086,016 | ---- | M] () -- C:\Windows\System\mqtgsvc.exe

[2009/03/24 09:42:31 | 00,086,016 | ---- | M] () -- C:\Windows\sessmgr.exe

[2009/03/24 09:42:31 | 00,086,016 | ---- | M] () -- C:\Windows\rsvp.exe

[2009/03/24 09:42:31 | 00,086,016 | ---- | M] () -- C:\Windows\ieudinit.exe

[2009/03/24 09:42:31 | 00,086,016 | ---- | M] () -- C:\Users\Total Rigole\AppData\Local\dllhst3g.exe

[2009/03/24 09:18:27 | 00,000,010 | -H-- | M] () -- C:\xrjmns.tce

[2009/03/23 18:33:27 | 00,099,880 | ---- | M] () -- C:\Users\Total Rigole\AppData\Local\GDIPFONTCACHEV1.DAT

[2009/03/23 17:43:47 | 00,012,499 | ---- | M] () -- C:\Windows\System32\Seagate.bin

[2009/03/23 15:10:56 | 00,003,120 | ---- | M] () -- C:\Windows\System32\ALLFSAF6a.ocx

[2009/03/23 15:07:02 | 01,526,844 | ---- | M] () -- C:\Windows\System32\PerfStringBackup.INI

[2009/03/22 15:20:43 | 00,001,066 | ---- | M] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\DualCoreCenter.lnk

[2009/03/22 14:40:55 | 00,185,347 | ---- | M] () -- C:\Windows\hpoins21.dat

[2009/03/22 14:40:18 | 00,000,179 | ---- | M] () -- C:\Windows\win.ini

[2009/03/22 14:37:51 | 00,002,011 | ---- | M] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk

[2009/03/22 14:17:24 | 00,001,695 | ---- | M] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Logitech SetPoint.lnk

[2009/03/22 13:53:55 | 00,000,732 | ---- | M] () -- C:\Users\Total Rigole\AppData\Local\d3d9caps64.dat

[2009/03/22 11:03:15 | 00,525,792 | ---- | M] (Microsoft Corporation) -- C:\Windows\DIFxAPI.dll

[2009/03/22 10:42:53 | 00,171,136 | RHS- | M] () -- C:\grldr

[2009/03/22 10:17:09 | 00,000,402 | -HS- | M] () -- C:\Users\Total Rigole\Documents\desktop.ini

[2009/03/22 10:17:09 | 00,000,282 | -HS- | M] () -- C:\Users\Total Rigole\Desktop\desktop.ini

[2009/03/22 10:17:09 | 00,000,174 | -HS- | M] () -- C:\Users\Total Rigole\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\desktop.ini

[2009/03/22 09:34:07 | 00,008,192 | R-S- | M] () -- C:\BOOTSECT.BAK

[2009/03/13 09:26:22 | 00,095,232 | ---- | M] () -- C:\Users\Total Rigole\Documents\Dessin Douchette grohe.pub

< End of report >