Votre question

Form 1

Tags :
  • Windows
  • Sécurité
Dernière réponse : dans Sécurité et virus
21 Octobre 2009 11:43:06

Bonjour, j'ai une fenètre "form1" qui s'affiche quand j'allume mon ordi, elle disparait ensuite et reste invisible (on ne la voit qu'avec le gestionnaire des taches). J'ai fait un scan avec antivir puis avec malwarebytes's mais rien n'a changé.
J'ai suivi quelques conseil que j'ai observé sur les forum et j'ai Téléchargé random's system information tool et j'ai obtenu les deux rapports log et info. merci d'avance pour votre aide.

info.txt logfile of random's system information tool 1.06 2009-10-20 11:31:17

======Uninstall list======

-->C:\Program Files\InstallShield Installation Information\{22EB2FA7-1BA0-4FFB-972F-353EC6ABA9D5}\setup.exe -runfromtemp -l0x040c -removeonly
-->C:\Program Files\InstallShield Installation Information\{28B97CAB-828F-49D8-A30A-675476F9BA92}\setup.exe -runfromtemp -l0x040c/cont -removeonly
-->C:\Program Files\InstallShield Installation Information\{4E7DC12A-3597-4A94-9429-F6C6987361B1}\setup.exe -runfromtemp -l0x040c -removeonly
-->C:\Program Files\InstallShield Installation Information\{6813C983-427E-4511-8456-E98FCAA1A125}\setup.exe -runfromtemp -l0x040c -removeonly
-->C:\Program Files\InstallShield Installation Information\{7DADB304-AF20-48C3-A780-4B4133A08817}\setup.exe -runfromtemp -l0x040c -removeonly
-->C:\Program Files\InstallShield Installation Information\{9C423CF6-2DAA-4A37-94B8-59D7ECC7DB13}\setup.exe -runfromtemp -l0x040c -removeonly
-->C:\Program Files\InstallShield Installation Information\{ACE66099-E18E-4037-83C8-9D182E5B9FA8}\setup.exe -runfromtemp -l0x040c -removeonly
-->C:\Program Files\InstallShield Installation Information\{E078134D-A344-41B6-A0F8-147AB235396E}\setup.exe -runfromtemp -l0x040c -removeonly
-->C:\Program Files\InstallShield Installation Information\{FA6CC4B4-7741-4F8D-8E81-15C4BAB9869B}\setup.exe -runfromtemp -l0x040c -removeonly
-->C:\Program Files\Nero\Nero 7\nero\uninstall\UNNERO.exe /UNINSTALL
-->C:\Windows\UNNeroMediaHome.exe /UNINSTALL
-->C:\Windows\UNNeroShowTime.exe /UNINSTALL
-->C:\Windows\UNNeroVision.exe /UNINSTALL
-->C:\Windows\UNRecode.exe /UNINSTALL
32 Bit HP CIO Components Installer-->MsiExec.exe /I{F1E63043-54FC-429B-AB2C-31AF9FBA4BC7}
7-Zip 4.60 beta-->"C:\Program Files\7-Zip\Uninstall.exe"
Acrobat.com-->msiexec /qb /x {C86E7C99-E4AD-79C7-375B-1AEF9A91EC2B}
Acrobat.com-->MsiExec.exe /I{C86E7C99-E4AD-79C7-375B-1AEF9A91EC2B}
Adobe Acrobat 9 Pro - English, Français, Deutsch-->msiexec /I {AC76BA86-1033-F400-7760-000000000004}
Adobe AIR-->C:\Program Files\Common Files\Adobe AIR\Versions\1.0\Resources\Adobe AIR Updater.exe -arp:uninstall
Adobe AIR-->MsiExec.exe /I{197A3012-8C85-4FD3-AB66-9EC7E13DB92E}
Adobe Anchor Service CS4-->MsiExec.exe /I{1618734A-3957-4ADD-8199-F973763109A8}
Adobe Bridge CS4-->MsiExec.exe /I{83877DB1-8B77-45BC-AB43-2BAC22E093E0}
Adobe CMaps CS4-->MsiExec.exe /I{94D398EB-D2FD-4FD1-B8C4-592635E8A191}
Adobe Color - Photoshop Specific CS4-->MsiExec.exe /I{3D2C9DE6-9ADE-4252-A241-E43723B0CE02}
Adobe Color EU Extra Settings CS4-->MsiExec.exe /I{5570C7F0-43D0-4916-8A9E-AEDD52FA86F4}
Adobe Color JA Extra Settings CS4-->MsiExec.exe /I{0D6013AB-A0C7-41DC-973C-E93129C9A29F}
Adobe Color NA Recommended Settings CS4-->MsiExec.exe /I{00ADFB20-AE75-46F4-AD2C-F48B15AC3100}
Adobe Color Video Profiles CS CS4-->MsiExec.exe /I{63C24A08-70F3-4C8E-B9FB-9F21A903801D}
Adobe Creative Suite 4 Master Collection-->C:\Program Files\Common Files\Adobe\Installers\b2d6abde968e6f277ddbfd501383e02\Setup.exe --uninstall=1
Adobe Creative Suite 4 Master Collection-->MsiExec.exe /I{61D6891E-E822-4448-9F9A-0AAAAEB6AF6C}
Adobe CSI CS4-->MsiExec.exe /I{0F723FC1-7606-4867-866C-CE80AD292DAF}
Adobe Default Language CS4-->MsiExec.exe /I{C52E3EC1-048C-45E1-8D53-10B0C6509683}
Adobe ExtendScript Toolkit CS4-->MsiExec.exe /I{F8EF2B3F-C345-4F20-8FE4-791A20333CD5}
Adobe Extension Manager CS4-->MsiExec.exe /I{054EFA56-2AC1-48F4-A883-0AB89874B972}
Adobe Flash Player 10 ActiveX-->C:\Windows\system32\Macromed\Flash\uninstall_activeX.exe
Adobe Flash Player 10 ActiveX-->MsiExec.exe /X{3A6829EF-0791-4FDD-9382-C690DD0821B9}
Adobe Flash Player 10 Plugin-->C:\Windows\system32\Macromed\Flash\uninstall_plugin.exe
Adobe Fonts All-->MsiExec.exe /I{FCDD51BB-CAD0-4BB1-B7DF-CE86D1032794}
Adobe Illustrator CS4-->MsiExec.exe /I{87532CAB-7932-4F84-8937-823337622807}
Adobe Linguistics CS4-->MsiExec.exe /I{931AB7EA-3656-4BB7-864D-022B09E3DD67}
Adobe Media Player-->msiexec /qb /x {39F6E2B4-CFE8-C30A-66E8-489651F0F34C}
Adobe Media Player-->MsiExec.exe /I{39F6E2B4-CFE8-C30A-66E8-489651F0F34C}
Adobe Output Module-->MsiExec.exe /I{BB4E33EC-8181-4685-96F7-8554293DEC6A}
Adobe PDF Library Files CS4-->MsiExec.exe /I{F93C84A6-0DC6-42AF-89FA-776F7C377353}
Adobe Photoshop CS4 Support-->MsiExec.exe /I{63E5CDBF-8214-4F03-84F8-CD3CE48639AD}
Adobe Photoshop CS4-->MsiExec.exe /I{B65BA85C-0A27-4BC0-A22D-A66F0E5B9494}
Adobe Reader 9.2 - Français-->MsiExec.exe /I{AC76BA86-7AD7-1036-7B44-A92000000001}
Adobe Search for Help-->MsiExec.exe /I{F0E64E2E-3A60-40D8-A55D-92F6831875DA}
Adobe Service Manager Extension-->MsiExec.exe /I{4943EFF5-229F-435D-BEA9-BE3CAEA783A7}
Adobe Setup-->MsiExec.exe /I{E8EE9410-8AC4-4F43-A626-DDECA75C79F3}
Adobe Shockwave Player 11.5-->"C:\Windows\system32\Adobe\Shockwave 11\uninstaller.exe"
Adobe Type Support CS4-->MsiExec.exe /I{820D3F45-F6EE-4AAF-81EF-CE21FF21D230}
Adobe Update Manager CS4-->MsiExec.exe /I{05308C4E-7285-4066-BAE3-6B50DA6ED755}
Adobe WinSoft Linguistics Plugin-->MsiExec.exe /I{3DA8DF9A-044E-46C4-8531-DEDBB0EE37FF}
Adobe XMP Panels CS4-->MsiExec.exe /I{3A4E8896-C2E7-4084-A4A4-B8FD1894E739}
AdobeColorCommonSetCMYK-->MsiExec.exe /I{68243FF8-83CA-466B-B2B8-9F99DA5479C4}
AdobeColorCommonSetRGB-->MsiExec.exe /I{16E6D2C1-7C90-4309-8EC4-D2212690AAA4}
Archiveur WinRAR-->C:\Program Files\WinRAR\uninstall.exe
ArcSoft PhotoStudio 5.5-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{85309D89-7BE9-4094-BB17-24999C6118FC}\SETUP.EXE" -l0x40c
Assistant de connexion Windows Live ID-->MsiExec.exe /X{10A44844-4465-456E-8C97-80BDD4F68845}
ATI Uninstaller-->C:\Program Files\ATI\CIM\Bin\Atisetup.exe -uninstall all
Avira AntiVir Personal - Free Antivirus-->C:\Program Files\Avira\AntiVir Desktop\setup.exe /REMOVE
BitComet 0.97-->C:\Program Files\BitComet\uninst.exe
Bonjour-->MsiExec.exe /I{07287123-B8AC-41CE-8346-3D777245C35B}
Canon MP240 series MP Drivers-->"C:\Windows\system32\CanonIJ Uninstaller Information\{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_MP240_series\DelDrv.exe" /U:{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_MP240_series /L0x000c
Company of Heroes - FAKEMSI-->MsiExec.exe /I{14574B7F-75D1-4718-B7F2-EBF6E2862A35}
Company of Heroes - FAKEMSI-->MsiExec.exe /I{199E6632-EB28-4F73-AECB-3E192EB92D18}
Company of Heroes - FAKEMSI-->MsiExec.exe /I{25724802-CC14-4B90-9F3B-3D6955EE27B1}
Company of Heroes - FAKEMSI-->MsiExec.exe /I{32C4A4EB-C97D-414E-99C5-38F8DFD31D5D}
Company of Heroes - FAKEMSI-->MsiExec.exe /I{50193078-F553-4EBA-AA77-64C9FAA12F98}
Company of Heroes - FAKEMSI-->MsiExec.exe /I{51D718D1-DA81-4FAD-919F-5C1CE3C33379}
Company of Heroes - FAKEMSI-->MsiExec.exe /I{66F78C51-D108-4F0C-A93C-1CBE74CE338F}
Company of Heroes - FAKEMSI-->MsiExec.exe /I{7F4B1592-222F-4E5F-A100-E5AFD61A0BB3}
Company of Heroes - FAKEMSI-->MsiExec.exe /I{80D03817-7943-4839-8E96-B9F924C5E67D}
Company of Heroes - FAKEMSI-->MsiExec.exe /I{97E5205F-EA4F-438F-B211-F1846419F1C1}
Company of Heroes - FAKEMSI-->MsiExec.exe /I{99A7722D-9ACB-43F3-A222-ABC7133F159E}
Company of Heroes - FAKEMSI-->MsiExec.exe /I{BA801B94-C28D-46EE-B806-E1E021A3D519}
Company of Heroes - FAKEMSI-->MsiExec.exe /I{D4D244D1-05E0-4D24-86A2-B2433C435671}
Company of Heroes - FAKEMSI-->MsiExec.exe /I{EAF636A9-F664-4703-A659-85A894DA264F}
Connect-->MsiExec.exe /I{B29AD377-CC12-490A-A480-1452337C618D}
DAEMON Tools Toolbar-->C:\Program Files\DAEMON Tools Toolbar\uninst.exe
Electronic Arts Game Updater-->C:\Windows\IsUninst.exe -f"c:\Program Files\EACom\Update\Uninst.isu"
FirstSteps Diagnostics-->MsiExec.exe /X{94D66D71-12F0-48A5-B46A-D4B835A0F1B7}
Galerie de photos Windows Live-->MsiExec.exe /X{B131E59D-202C-43C6-84C9-68F0C37541F1}
Géorando - Aveyron / Lozère-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\00\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{501C4513-383A-4EAF-B48F-32E06B315D00}\setup.exe" -l0x40c -removeonly
Global Mapper 9-->MsiExec.exe /X{84CE1208-B85F-4976-8718-52A91990A8A3}
Google Toolbar for Internet Explorer-->"C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarManager_9DE96A29E721D90A.exe" /uninstall
Google Toolbar for Internet Explorer-->MsiExec.exe /I{18455581-E099-4BA8-BC6B-F34B2F06600C}
HijackThis 2.0.2-->"C:\Program Files\trend micro\HijackThis.exe" /uninstall
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)-->C:\Windows\system32\msiexec.exe /package {CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9} /uninstall /qb+ REBOOTPROMPT=""
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)-->C:\Windows\system32\msiexec.exe /package {CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9} /uninstall {A7EEA2F2-BFCD-4A54-A575-7B81A786E658} /qb+ REBOOTPROMPT=""
HP Photosmart All-In-One Software 9.0-->C:\Program Files\HP\Digital Imaging\{B09BCBF6-87EE-4403-A336-3A9510856535}\setup\hpzscr01.exe -datfile hposcr15.dat
HP Photosmart Essential 2.01-->C:\Program Files\HP\Digital Imaging\PhotoSmartEssential\hpzscr01.exe -datfile hpqbud13.dat
HP Smart Web Printing-->MsiExec.exe /X{415CDA53-9100-476F-A7B2-476691E117C7}
HP Update-->MsiExec.exe /X{FE57DE70-95DE-4B64-9266-84DA811053DB}
HPSSupply-->MsiExec.exe /X{487B0B9B-DCD4-440D-89A0-A6EDE1A545A3}
Inkjet Printer/Scanner Extended Survey Program-->C:\Program Files\Canon\IJPLM\SETUP.EXE -R
Installation Windows Live-->C:\Program Files\Windows Live\Installer\wlarp.exe
Installation Windows Live-->MsiExec.exe /I{46ABBC54-1872-4AA3-95E2-F2C063A63F31}
iTunes-->MsiExec.exe /I{C26B06A9-27BB-45B0-9873-9C623EC2BA38}
Java(TM) 6 Update 13-->MsiExec.exe /X{26A24AE4-039D-4CA4-87B4-2F83216012FF}
Junk Mail filter update-->MsiExec.exe /I{E2DFE069-083E-4631-9B6C-43C48E991DE5}
kuler-->MsiExec.exe /I{098727E1-775A-4450-B573-3F441F1CA243}
livebox-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{17342E3B-0818-4A6F-BFF8-99476605ADD6}\Setup.exe" -l0x40c
Malwarebytes' Anti-Malware-->"C:\Program Files\Malwarebytes' Anti-Malware\unins000.exe"
MapInfo Professional 9.5-->MsiExec.exe /I{6653F8EB-AE75-45F0-9DC1-456A3C745F57}
Map'Utils 2.0-->"C:\Program Files\EDRISI Géomatique\Map'Utils\unins000.exe"
Messenger Plus! Live-->"C:\Program Files\Messenger Plus! Live\Uninstall.exe"
Microsoft .NET Framework 3.5 Language Pack SP1 - fra-->MsiExec.exe /I{3E31821C-7917-367E-938E-E65FC413EA31}
Microsoft .NET Framework 3.5 SP1-->c:\Windows\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 SP1\setup.exe
Microsoft .NET Framework 3.5 SP1-->MsiExec.exe /I{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}
Microsoft Choice Guard-->MsiExec.exe /X{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}
Microsoft Office 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-0011-0000-0000-0000000FF1CE} /uninstall {0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}
Microsoft Office 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-0015-040C-0000-0000000FF1CE} /uninstall {AE187E0D-EBA5-4EE1-A397-BF1A577CB24C}
Microsoft Office 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-0016-040C-0000-0000000FF1CE} /uninstall {AE187E0D-EBA5-4EE1-A397-BF1A577CB24C}
Microsoft Office 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-0018-040C-0000-0000000FF1CE} /uninstall {AE187E0D-EBA5-4EE1-A397-BF1A577CB24C}
Microsoft Office 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-0019-040C-0000-0000000FF1CE} /uninstall {AE187E0D-EBA5-4EE1-A397-BF1A577CB24C}
Microsoft Office 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-001A-040C-0000-0000000FF1CE} /uninstall {AE187E0D-EBA5-4EE1-A397-BF1A577CB24C}
Microsoft Office 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-001B-040C-0000-0000000FF1CE} /uninstall {AE187E0D-EBA5-4EE1-A397-BF1A577CB24C}
Microsoft Office 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-0044-040C-0000-0000000FF1CE} /uninstall {AE187E0D-EBA5-4EE1-A397-BF1A577CB24C}
Microsoft Office 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-006E-040C-0000-0000000FF1CE} /uninstall {B165D3C2-40AE-4D39-86F7-E5C87C4264C0}
Microsoft Office Access MUI (French) 2007-->MsiExec.exe /X{90120000-0015-040C-0000-0000000FF1CE}
Microsoft Office Excel MUI (French) 2007-->MsiExec.exe /X{90120000-0016-040C-0000-0000000FF1CE}
Microsoft Office InfoPath MUI (French) 2007-->MsiExec.exe /X{90120000-0044-040C-0000-0000000FF1CE}
Microsoft Office Live Add-in 1.4-->MsiExec.exe /I{AE3CF174-872C-46C6-B9F6-C0593F3BC7B8}
Microsoft Office Outlook Connector-->MsiExec.exe /I{95120000-0122-040C-0000-0000000FF1CE}
Microsoft Office Outlook MUI (French) 2007-->MsiExec.exe /X{90120000-001A-040C-0000-0000000FF1CE}
Microsoft Office PowerPoint MUI (French) 2007-->MsiExec.exe /X{90120000-0018-040C-0000-0000000FF1CE}
Microsoft Office Professional Plus 2007-->"C:\Program Files\Common Files\Microsoft Shared\OFFICE12\Office Setup Controller\setup.exe" /uninstall PROPLUS /dll OSETUP.DLL
Microsoft Office Professional Plus 2007-->MsiExec.exe /X{90120000-0011-0000-0000-0000000FF1CE}
Microsoft Office Proof (Arabic) 2007-->MsiExec.exe /X{90120000-001F-0401-0000-0000000FF1CE}
Microsoft Office Proof (Dutch) 2007-->MsiExec.exe /X{90120000-001F-0413-0000-0000000FF1CE}
Microsoft Office Proof (English) 2007-->MsiExec.exe /X{90120000-001F-0409-0000-0000000FF1CE}
Microsoft Office Proof (French) 2007-->MsiExec.exe /X{90120000-001F-040C-0000-0000000FF1CE}
Microsoft Office Proof (German) 2007-->MsiExec.exe /X{90120000-001F-0407-0000-0000000FF1CE}
Microsoft Office Proof (Spanish) 2007-->MsiExec.exe /X{90120000-001F-0C0A-0000-0000000FF1CE}
Microsoft Office Proofing (French) 2007-->MsiExec.exe /X{90120000-002C-040C-0000-0000000FF1CE}
Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-001F-0401-0000-0000000FF1CE} /uninstall {14809F99-C601-4D4A-9391-F1E8FAA964C5}
Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-001F-0407-0000-0000000FF1CE} /uninstall {A0516415-ED61-419A-981D-93596DA74165}
Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-001F-0409-0000-0000000FF1CE} /uninstall {ABDDE972-355B-4AF1-89A8-DA50B7B5C045}
Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-001F-040C-0000-0000000FF1CE} /uninstall {F580DDD5-8D37-4998-968E-EBB76BB86787}
Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-001F-0413-0000-0000000FF1CE} /uninstall {D66D5A44-E480-4BA4-B4F2-C554F6B30EBB}
Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-001F-0C0A-0000-0000000FF1CE} /uninstall {187308AB-5FA7-4F14-9AB9-D290383A10D9}
Microsoft Office Publisher MUI (French) 2007-->MsiExec.exe /X{90120000-0019-040C-0000-0000000FF1CE}
Microsoft Office Shared MUI (French) 2007-->MsiExec.exe /X{90120000-006E-040C-0000-0000000FF1CE}
Microsoft Office Word MUI (French) 2007-->MsiExec.exe /X{90120000-001B-040C-0000-0000000FF1CE}
Microsoft Search Enhancement Pack-->MsiExec.exe /X{4CBA3D4C-8F51-4D60-B27E-F6B641C571E7}
Microsoft Silverlight-->MsiExec.exe /I{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}
Microsoft SQL Server 2005 Compact Edition [ENU]-->MsiExec.exe /I{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}
Microsoft Sync Framework Runtime Native v1.0 (x86)-->MsiExec.exe /I{8A74E887-8F0F-4017-AF53-CBA42211AAA5}
Microsoft Sync Framework Services Native v1.0 (x86)-->MsiExec.exe /I{BD64AF4A-8C80-4152-AD77-FCDDF05208AB}
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053-->MsiExec.exe /X{770657D0-A123-3C07-8E44-1C83EC895118}
Microsoft Visual C++ 2005 Redistributable-->MsiExec.exe /X{7299052b-02a4-4627-81f2-1818da5d550d}
Microsoft Visual C++ 2005 Redistributable-->MsiExec.exe /X{A49F249F-0C91-497F-86DF-B2585E8E76B7}
Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148-->MsiExec.exe /X{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17-->MsiExec.exe /X{9A25302D-30C0-39D9-BD6F-21E6EC160475}
Mise à jour Microsoft Office Excel 2007 Help (KB963678)-->msiexec /package {90120000-0016-040C-0000-0000000FF1CE} /uninstall {B761869A-B85C-40E2-994C-A1CE78AC8F2C}
Mise à jour Microsoft Office Outlook 2007 Help (KB963677)-->msiexec /package {90120000-001A-040C-0000-0000000FF1CE} /uninstall {51EFB347-1F3D-4BAC-8B79-F056B904FE21}
Mise à jour Microsoft Office Powerpoint 2007 Help (KB963669)-->msiexec /package {90120000-0018-040C-0000-0000000FF1CE} /uninstall {C3DCA38E-005E-41BA-A52A-7C3429F351C3}
Mise à jour Microsoft Office Word 2007 Help (KB963665)-->msiexec /package {90120000-001B-040C-0000-0000000FF1CE} /uninstall {81536A04-DBFB-4DB3-978F-0F284590C223}
Module linguistique Microsoft .NET Framework 3.5 SP1- fra-->c:\Windows\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 Language Pack SP1 - fra\setup.exe
Motorola SM56 Speakerphone Modem-->rundll32.exe sm56co85.dll,SM56UnInstaller
Mozilla Firefox (3.0.14)-->C:\Program Files\Mozilla Firefox\uninstall\helper.exe
MpcStar 2.2-->C:\Program Files\MpcStar\uninst.exe
MSVCRT-->MsiExec.exe /I{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}
MSXML 4.0 SP2 (KB936181)-->MsiExec.exe /I{C04E32E0-0416-434D-AFB9-6969D703A9EF}
MSXML 4.0 SP2 (KB941833)-->MsiExec.exe /I{C523D256-313D-4866-B36A-F3DE528246EF}
MSXML 4.0 SP2 (KB954430)-->MsiExec.exe /I{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}
Nero 7 Essentials-->MsiExec.exe /X{81CD6232-10F5-4832-B3DA-1B88B1571036}
OGA Notifier 2.0.0048.0-->MsiExec.exe /I{B2544A03-10D0-4E5E-BA69-0362FFC20D18}
Outil de mise à jour Google-->"C:\Program Files\Google\Google Updater\GoogleUpdater.exe" -uninstall
Outil de téléchargement Windows Live-->MsiExec.exe /I{205C6BDD-7B73-42DE-8505-9A093F35A238}
PDF Settings CS4-->MsiExec.exe /I{35D94F92-1D3A-43C5-8605-EA268B1A7BD9}
PDFCreator-->C:\Program Files\PDFCreator\unins000.exe
Photoshop Camera Raw-->MsiExec.exe /I{CC75AB5C-2110-4A7F-AF52-708680D22FE8}
PowerDV-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{B804C424-B66D-447A-84BD-C6B88C392C3A}\setup.exe" -uninstall
QuickTime-->MsiExec.exe /I{216AB108-2AE1-4130-B3D5-20B2C4C80F8F}
Realtek High Definition Audio Driver-->RtlUpd.exe -r -m
SA304x Device Manager-->C:\Program Files\InstallShield Installation Information\{0590BB91-B280-4BAB-95D7-D6558117D27C}\setup.exe -runfromtemp -l0x040c -removeonly
SA304x Media Converter-->C:\Program Files\InstallShield Installation Information\{1E06D48E-5448-4BCC-9F87-9FB4EBD59898}\setup.exe -runfromtemp -l0x040c -removeonly
Security Update for 2007 Microsoft Office System (KB969559)-->msiexec /package {90120000-0011-0000-0000-0000000FF1CE} /uninstall {69F52148-9BF6-4CDC-BF76-103DEAF3DD08}
Security Update for 2007 Microsoft Office System (KB969679)-->msiexec /package {90120000-0011-0000-0000-0000000FF1CE} /uninstall {C66E4A6C-6E07-4C63-8CCD-2493B5087C73}
Security Update for Microsoft Office Excel 2007 (KB969682)-->msiexec /package {90120000-0011-0000-0000-0000000FF1CE} /uninstall {C03803BD-745A-46F8-8557-817DED578780}
Security Update for Microsoft Office Outlook 2007 (KB972363)-->msiexec /package {90120000-0011-0000-0000-0000000FF1CE} /uninstall {120BE9A0-9B09-4855-9E0C-7DEE45CB03C0}
Security Update for Microsoft Office PowerPoint 2007 (KB957789)-->msiexec /package {90120000-0011-0000-0000-0000000FF1CE} /uninstall {7559E742-FF9F-4FAE-B279-008ED296CB4D}
Security Update for Microsoft Office Publisher 2007 (KB969693)-->msiexec /package {90120000-0011-0000-0000-0000000FF1CE} /uninstall {7BE67088-1EB3-4569-8E75-DDAFBF61BC4E}
Security Update for Microsoft Office system 2007 (972581)-->msiexec /package {90120000-0011-0000-0000-0000000FF1CE} /uninstall {3D019598-7B59-447A-80AE-815B703B84FF}
Security Update for Microsoft Office system 2007 (KB969613)-->msiexec /package {90120000-0011-0000-0000-0000000FF1CE} /uninstall {5ECEB317-CBE9-4E08-AB10-756CB6F0FB6C}
Security Update for Microsoft Office system 2007 (KB974234)-->msiexec /package {90120000-0011-0000-0000-0000000FF1CE} /uninstall {FCD742B9-7A55-44BC-A776-F795F21FEDDC}
Security Update for Microsoft Office Visio Viewer 2007 (KB973709)-->msiexec /package {90120000-0011-0000-0000-0000000FF1CE} /uninstall {71127777-8B2C-4F97-AF7A-6CF8CAC8224D}
Security Update for Microsoft Office Word 2007 (KB969604)-->msiexec /package {90120000-0011-0000-0000-0000000FF1CE} /uninstall {CF3D6499-709C-43D0-8908-BC5652656050}
Sony Picture Utility-->C:\Program Files\InstallShield Installation Information\{D5068583-D569-468B-9755-5FBF5848F46F}\setup.exe -runfromtemp -l0x040c /removeonly uninstall -removeonly
Suite Shared Configuration CS4-->MsiExec.exe /I{842B4B72-9E8F-4962-B3C1-1C422A5C4434}
TerraExplorer-->C:\Program Files\Skyline\TerraExplorer\Setup.exe [OP]/U
Update for 2007 Microsoft Office System (KB967642)-->msiexec /package {90120000-0011-0000-0000-0000000FF1CE} /uninstall {C444285D-5E4F-48A4-91DD-47AAAA68E92D}
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)-->C:\Windows\system32\msiexec.exe /package {CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9} /uninstall {B2AE9C82-DC7B-3641-BFC8-87275C4F3607} /qb+ REBOOTPROMPT=""
Update for Outlook 2007 Junk Email Filter (KB974810)-->msiexec /package {90120000-0011-0000-0000-0000000FF1CE} /uninstall {C05FBAD5-A211-4E86-BB51-7E07B80C9233}
Watson-->MsiExec.exe /I{9B88DD94-1AAE-41C4-BD95-2D8737D5E9E2}
WebCam-->C:\Program Files\InstallShield Installation Information\{4A57592C-FF92-4083-97A9-92783BD5AFB4}\SETUP.exe -runfromtemp -l0x040c -removeonly
Windows Live Call-->MsiExec.exe /I{82C7B308-0BDD-49D8-8EA5-9CD3A3F9DF41}
Windows Live Communications Platform-->MsiExec.exe /I{3B4E636E-9D65-4D67-BA61-189800823F52}
Windows Live Contrôle parental-->MsiExec.exe /X{D5D81435-B8DE-4CAF-867F-7998F2B92CFC}
Windows Live FolderShare-->MsiExec.exe /X{2075CB0A-D26F-4DAA-B424-5079296B43BA}
Windows Live Mail-->MsiExec.exe /I{5DD76286-9BE7-4894-A990-E905E91AC818}
Windows Live Messenger-->MsiExec.exe /X{770F1BEC-2871-4E70-B837-FB8525FFA3B1}
Windows Live Movie Maker-->MsiExec.exe /X{53B20C18-D8D4-4588-8737-9BBFE303C354}
Windows Live OneCare safety scanner-->"C:\Program Files\Windows Live Safety Center\UnInstall.exe"
Windows Live OneCare safety scanner-->MsiExec.exe /X{FE0646A7-19D0-41B4-A2BB-2C35D644270D}
Windows Live Toolbar-->MsiExec.exe /X{F7D27C70-90F5-49B9-B188-0A133C0CE353}
Windows Live Writer-->MsiExec.exe /X{4634B21A-CC07-4396-890C-2B8168661FEA}
Windows Media Player Firefox Plugin-->MsiExec.exe /I{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}
Youda Sushi Chef-->"C:\Windows\Youda Sushi Chef\uninstall.exe" "/U:C:\Program Files\Youda Sushi Chef\Uninstall\uninstall.xml"
Your Product-->"C:\Windows\Your Product\uninstall.exe" "/U:C:\Program Files\Your Product\Uninstall\uninstall.xml"

======Security center information======

AS: Windows Defender (disabled)

======System event log======

Computer Name: PC-de-paul
Event Code: 4374
Message: Windows Servicing a déterminé que ce package KB973346(Security Update) n’est pas applicable à ce système.
Record Number: 666109
Source Name: Microsoft-Windows-Servicing
Time Written: 20090723145849.000000-000
Event Type: Avertissement
User: AUTORITE NT\SYSTEM

Computer Name: PC-de-paul
Event Code: 4374
Message: Windows Servicing a déterminé que ce package KB973346(Security Update) n’est pas applicable à ce système.
Record Number: 666108
Source Name: Microsoft-Windows-Servicing
Time Written: 20090723145849.000000-000
Event Type: Avertissement
User: AUTORITE NT\SYSTEM

Computer Name: PC-de-paul
Event Code: 20
Message: Échec de l’installation : l’installation de la mise à jour suivante a échoue avec l’erreur 0x8007371b : Internet Explorer 8 pour Windows Vista :.
Record Number: 666102
Source Name: Microsoft-Windows-WindowsUpdateClient
Time Written: 20090723145846.528485-000
Event Type: Erreur
User: AUTORITE NT\SYSTEM

Computer Name: PC-de-paul
Event Code: 4375
Message: Windows Servicing a échoué lors de la définition du package Internet Explorer 8_en-US (Language Pack) à l’état Installation demandée(Install Requested)
Record Number: 666097
Source Name: Microsoft-Windows-Servicing
Time Written: 20090723145845.000000-000
Event Type: Erreur
User: AUTORITE NT\SYSTEM

Computer Name: PC-de-paul
Event Code: 4375
Message: Windows Servicing a échoué lors de la définition du package Internet Explorer 8_en-US (Language Pack) à l’état Installation demandée(Install Requested)
Record Number: 666096
Source Name: Microsoft-Windows-Servicing
Time Written: 20090723145845.000000-000
Event Type: Erreur
User: AUTORITE NT\SYSTEM

=====Application event log=====

Computer Name: PC-de-paul
Event Code: 1530
Message: Windows a détecté que votre fichier de Registre est toujours utilisé par d'autres applications ou services. Le fichier va être déchargé. Les applications ou services qui ont accès à votre Registre risquent de ne pas fonctionner correctement après cela.

DÉTAIL -
1 user registry handles leaked from \Registry\User\S-1-5-21-1998049499-4262404339-274644494-1000_Classes:
Process 996 (\Device\HarddiskVolume2\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-1998049499-4262404339-274644494-1000_CLASSES

Record Number: 37619
Source Name: Microsoft-Windows-User Profiles Service
Time Written: 20080811112705.000000-000
Event Type: Avertissement
User: AUTORITE NT\SYSTEM

Computer Name: PC-de-paul
Event Code: 1530
Message: Windows a détecté que votre fichier de Registre est toujours utilisé par d'autres applications ou services. Le fichier va être déchargé. Les applications ou services qui ont accès à votre Registre risquent de ne pas fonctionner correctement après cela.

DÉTAIL -
6 user registry handles leaked from \Registry\User\S-1-5-21-1998049499-4262404339-274644494-1000:
Process 996 (\Device\HarddiskVolume2\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-1998049499-4262404339-274644494-1000
Process 1388 (\Device\HarddiskVolume2\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe) has opened key \REGISTRY\USER\S-1-5-21-1998049499-4262404339-274644494-1000\Software\ahead\Nero Home\MediaLibrary\Scanner
Process 1388 (\Device\HarddiskVolume2\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe) has opened key \REGISTRY\USER\S-1-5-21-1998049499-4262404339-274644494-1000\Software\ahead\Nero Home\MediaLibrary\Scanner
Process 1388 (\Device\HarddiskVolume2\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe) has opened key \REGISTRY\USER\S-1-5-21-1998049499-4262404339-274644494-1000\Software\ahead\Nero Home\MediaLibrary
Process 1388 (\Device\HarddiskVolume2\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe) has opened key \REGISTRY\USER\S-1-5-21-1998049499-4262404339-274644494-1000\Software\ahead\Nero Home\MediaLibrary
Process 1388 (\Device\HarddiskVolume2\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe) has opened key \REGISTRY\USER\S-1-5-21-1998049499-4262404339-274644494-1000\Software\ahead\Nero Home\MediaLibrary

Record Number: 37618
Source Name: Microsoft-Windows-User Profiles Service
Time Written: 20080811112704.000000-000
Event Type: Avertissement
User: AUTORITE NT\SYSTEM

Computer Name: PC-de-paul
Event Code: 5007
Message: Impossible d’analyser le fichier cible de la plateforme de signalement de problèmes Windows (fichier DLL contenant la liste des problèmes de l’ordinateur et nécessitant la collecte de données supplémentaires à des fins de diagnostic). Le code d’erreur était : 8014FFF9.
Record Number: 37572
Source Name: WerSvc
Time Written: 20080811082528.000000-000
Event Type: Erreur
User:

Computer Name: PC-de-paul
Event Code: 5007
Message: Impossible d’analyser le fichier cible de la plateforme de signalement de problèmes Windows (fichier DLL contenant la liste des problèmes de l’ordinateur et nécessitant la collecte de données supplémentaires à des fins de diagnostic). Le code d’erreur était : 8014FFF9.
Record Number: 37535
Source Name: WerSvc
Time Written: 20080811072415.000000-000
Event Type: Erreur
User:

Computer Name: PC-de-paul
Event Code: 1530
Message: Windows a détecté que votre fichier de Registre est toujours utilisé par d'autres applications ou services. Le fichier va être déchargé. Les applications ou services qui ont accès à votre Registre risquent de ne pas fonctionner correctement après cela.

DÉTAIL -
5 user registry handles leaked from \Registry\User\S-1-5-21-1998049499-4262404339-274644494-1000:
Process 580 (\Device\HarddiskVolume2\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe) has opened key \REGISTRY\USER\S-1-5-21-1998049499-4262404339-274644494-1000\Software\ahead\Nero Home\MediaLibrary\Scanner
Process 580 (\Device\HarddiskVolume2\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe) has opened key \REGISTRY\USER\S-1-5-21-1998049499-4262404339-274644494-1000\Software\ahead\Nero Home\MediaLibrary\Scanner
Process 580 (\Device\HarddiskVolume2\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe) has opened key \REGISTRY\USER\S-1-5-21-1998049499-4262404339-274644494-1000\Software\ahead\Nero Home\MediaLibrary
Process 580 (\Device\HarddiskVolume2\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe) has opened key \REGISTRY\USER\S-1-5-21-1998049499-4262404339-274644494-1000\Software\ahead\Nero Home\MediaLibrary
Process 580 (\Device\HarddiskVolume2\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe) has opened key \REGISTRY\USER\S-1-5-21-1998049499-4262404339-274644494-1000\Software\ahead\Nero Home\MediaLibrary

Record Number: 37507
Source Name: Microsoft-Windows-User Profiles Service
Time Written: 20080811060633.000000-000
Event Type: Avertissement
User: AUTORITE NT\SYSTEM

=====Security event log=====

Computer Name: PC-de-paul
Event Code: 4624
Message: L’ouverture de session d’un compte s’est correctement déroulée.

Sujet :
ID de sécurité : S-1-5-18
Nom du compte : PC-DE-PAUL$
Domaine du compte : WORKGROUP
ID d’ouverture de session : 0x3e7

Type d’ouverture de session : 5

Nouvelle ouverture de session :
ID de sécurité : S-1-5-18
Nom du compte : SYSTEM
Domaine du compte : AUTORITE NT
ID d’ouverture de session : 0x3e7
GUID d’ouverture de session : {00000000-0000-0000-0000-000000000000}

Informations sur le processus :
ID du processus : 0x2a8
Nom du processus : C:\Windows\System32\services.exe

Informations sur le réseau :
Nom de la station de travail :
Adresse du réseau source : -
Port source : -

Informations détaillées sur l’authentification :
Processus d’ouverture de session : Advapi
Package d’authentification : Negotiate
Services en transit : -
Nom du package (NTLM uniquement) : -
Longueur de la clé : 0

Cet événement est généré lors de la création d’une ouverture de session. Il est généré sur l’ordinateur sur lequel l’ouverture de session a été effectuée.

Le champ Objet indique le compte sur le système local qui a demandé l’ouverture de session. Il s’agit le plus souvent d’un service, comme le service Serveur, ou un processus local tel que Winlogon.exe ou Services.exe.

Le champ Type d’ouverture de session indique le type d’ouverture de session qui s’est produit. Les types les plus courants sont 2 (interactif) et 3 (réseau).

Le champ Nouvelle ouverture de session indique le compte pour lequel la nouvelle ouverture de session a été créée, par exemple, le compte qui s’est connecté.

Les champs relatifs au réseau indiquent la provenance d’une demande d’ouverture de session à distance. Le nom de la station de travail n’étant pas toujours disponible, peut être laissé vide dans certains cas.

Les champs relatifs aux informations d’authentification fournissent des détails sur cette demande d’ouverture de session spécifique.
- Le GUID d’ouverture de session est un identificateur unique pouvant servir à associer cet événement à un événement KDC .
- Les services en transit indiquent les services intermédiaires qui ont participé à cette demande d’ouverture de session.
- Nom du package indique quel est le sous-protocole qui a été utilisé parmi les protocoles NTLM.
- La longueur de la clé indique la longueur de la clé de session générée. Elle a la valeur 0 si aucune clé de session n’a été demandée.
Record Number: 69932
Source Name: Microsoft-Windows-Security-Auditing
Time Written: 20090517221026.839682-000
Event Type: Succès de l'audit
User:

Computer Name: PC-de-paul
Event Code: 4648
Message: Tentative d’ouverture de session en utilisant des informations d’identification explicites.

Sujet :
ID de sécurité : S-1-5-18
Nom du compte : PC-DE-PAUL$
Domaine du compte : WORKGROUP
ID d’ouverture de session : 0x3e7
GUID d’ouverture de session : {00000000-0000-0000-0000-000000000000}

Compte dont les informations d’identification ont été utilisées :
Nom du compte : SYSTEM
Domaine du compte : AUTORITE NT
GUID d’ouverture de session : {00000000-0000-0000-0000-000000000000}

Serveur cible :
Nom du serveur cible : localhost
Informations supplémentaires : localhost

Informations sur le processus :
ID du processus : 0x2a8
Nom du processus : C:\Windows\System32\services.exe

Informations sur le réseau :
Adresse du réseau : -
Port : -

Cet événement est généré lorsqu’un processus tente d’ouvrir une session pour un compte en spécifiant explicitement les informations d’identification de ce compte. Ceci se produit le plus souvent dans les configurations par lot comme les tâches planifiées, ou avec l’utilisation de la commande RUNAS.
Record Number: 69931
Source Name: Microsoft-Windows-Security-Auditing
Time Written: 20090517221026.839682-000
Event Type: Succès de l'audit
User:

Computer Name: PC-de-paul
Event Code: 1100
Message: Le service d’enregistrement des événements a été arrêté.
Record Number: 69930
Source Name: Microsoft-Windows-Eventlog
Time Written: 20090517221027.947282-000
Event Type: Succès de l'audit
User:

Computer Name: PC-de-paul
Event Code: 4647
Message: Fermeture de session initiée par l’utilisateur :

Sujet :
ID de sécurité : S-1-5-21-1998049499-4262404339-274644494-1000
Nom du compte : paul
Domaine du compte : PC-de-paul
ID d’ouverture de session : 0x1a57b

Cet événement est généré lorsqu’une fermeture de session est initiée, mais que le nombre de références du jeton n’étant pas zéro, la session ouverte ne peut pas être supprimée. Aucune autre activité initiée par l’utilisateur ne peut se produire. Cet événement peut être interprété comme un événement de fermeture de session.
Record Number: 69929
Source Name: Microsoft-Windows-Security-Auditing
Time Written: 20090517221025.856882-000
Event Type: Succès de l'audit
User:

Computer Name: PC-de-paul
Event Code: 5032
Message: Le Pare-feu Windows n’a pas pu notifier l’utilisateur qu’il a empêché une application d’accepter des connexions entrantes sur le réseau.

Code d’erreur : 2
Record Number: 69928
Source Name: Microsoft-Windows-Security-Auditing
Time Written: 20090517214034.289682-000
Event Type: Échec de l'audit
User:

======Environment variables======

"ComSpec"=%SystemRoot%\system32\cmd.exe
"FP_NO_HOST_CHECK"=NO
"OS"=Windows_NT
"PATHEXT"=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH;.MSC
"PROCESSOR_ARCHITECTURE"=x86
"TEMP"=%SystemRoot%\TEMP
"TMP"=%SystemRoot%\TEMP
"USERNAME"=SYSTEM
"windir"=%SystemRoot%
"PROCESSOR_LEVEL"=6
"PROCESSOR_IDENTIFIER"=x86 Family 6 Model 15 Stepping 13, GenuineIntel
"PROCESSOR_REVISION"=0f0d
"NUMBER_OF_PROCESSORS"=2
"CLASSPATH"=.;C:\Program Files\Java\jre6\lib\ext\QTJava.zip
"Path"=%CommonProgramFiles%\Microsoft Shared\Windows Live;%SystemRoot%\system32;%SystemRoot%;%SystemRoot%\System32\Wbem;c:\Program Files\ATI Technologies\ATI.ACE\Core-Static;C:\Program Files\MpcStar\Codecs\QuickTime\QTSystem\
"QTJAVA"=C:\Program Files\Java\jre6\lib\ext\QTJava.zip

-----------------EOF-----------------



et log



Logfile of random's system information tool 1.06 (written by random/random)
Run by paul at 2009-10-20 11:30:44
Microsoft® Windows Vista™ Édition Familiale Premium Service Pack 2
System drive C: has 25 GB (27%) free of 94 GB
Total RAM: 2046 MB (45% free)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 11:31:11, on 20/10/2009
Platform: Windows Vista SP2 (WinNT 6.00.1906)
MSIE: Internet Explorer v8.00 (8.00.6001.18813)
Boot mode: Normal

Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\Motorola\SMSERIAL\sm56hlpr.exe
C:\Program Files\iTunes\iTunesHelper.exe
c:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.EXE
C:\Windows\RtHDVCpl.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
C:\Windows\system32\taskeng.exe
C:\Program Files\Adobe\Acrobat 9.0\Acrobat\acrotray.exe
C:\Program Files\Common Files\alq.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe
C:\Windows\ehome\ehtray.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\DAEMON Tools Lite\daemon.exe
C:\Windows\ehome\ehmsas.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Users\paul\Downloads\RSIT.exe
C:\Program Files\trend micro\paul.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.daemon-search.com/startpage
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O1 - Hosts: ::1 localhost
O2 - BHO: HP Print Clips - {053F9267-DC04-4294-A72C-58F732D338C0} - C:\Program Files\HP\Smart Web Printing\hpswp_framework.dll
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: BitComet ClickCapture - {39F7E362-828A-4B5A-BCAF-5B79BFDFEA60} - C:\Program Files\BitComet\tools\BitCometBHO_1.1.11.30.dll
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live ID - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll
O2 - BHO: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.3.4501.1418\swg.dll
O2 - BHO: Google Dictionary Compression sdch - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_A8904FB862BD9564.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: Windows Live Toolbar Helper - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Program Files\Windows Live\Toolbar\wltcore.dll
O2 - BHO: SmartSelect - {F4971EE7-DAA0-4053-9964-665D8EE6A077} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
O3 - Toolbar: &Windows Live Toolbar - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files\Windows Live\Toolbar\wltcore.dll
O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll
O3 - Toolbar: DAEMON Tools Toolbar - {32099AAC-C132-4136-9E9A-4E364A424E17} - C:\Program Files\DAEMON Tools Toolbar\DTToolbar.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [SMSERIAL] C:\Program Files\Motorola\SMSERIAL\sm56hlpr.exe
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\MpcStar\Codecs\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [StartCCC] c:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe
O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe
O4 - HKLM\..\Run: [Skytel] Skytel.exe
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir Desktop\avgnt.exe" /min
O4 - HKLM\..\Run: [AdobeCS4ServiceManager] "C:\Program Files\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe" -launchedbylogin
O4 - HKLM\..\Run: [Adobe Acrobat Speed Launcher] "C:\Program Files\Adobe\Acrobat 9.0\Acrobat\Acrobat_sl.exe"
O4 - HKLM\..\Run: [Acrobat Assistant 8.0] "C:\Program Files\Adobe\Acrobat 9.0\Acrobat\Acrotray.exe"
O4 - HKLM\..\Run: [Application Layer Gateway] C:\Program Files\Common Files\alq.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [Malwarebytes Anti-Malware (reboot)] "C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe" /runcleanupscript
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [swg] "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program Files\DAEMON Tools Lite\daemon.exe" -autorun
O4 - HKCU\..\Run: [{ECFF45D9-3FD0-26E2-31D0-1B1BB00476CA}] C:\Users\paul\AppData\Roaming\jackson.exe
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'SERVICE RÉSEAU')
O8 - Extra context menu item: &D&ownload &with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddLink.htm
O8 - Extra context menu item: &D&ownload all video with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddVideo.htm
O8 - Extra context menu item: &D&ownload all with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddAllLink.htm
O8 - Extra context menu item: Ajouter la cible du lien à un fichier PDF existant - res://C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 - Extra context menu item: Ajouter à un fichier PDF existant - res://C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convertir au format Adobe PDF - res://C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convertir la cible du lien au format Adobe PDF - res://C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: Ajout Direct - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &Ajout Direct dans Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Livre de reliures HP - {58ECB495-38F0-49cb-A538-10282ABF65E7} - C:\Program Files\HP\Smart Web Printing\hpswp_extensions.dll
O9 - Extra button: Sélection intelligente HP - {700259D7-1666-479a-93B1-3250410481E8} - C:\Program Files\HP\Smart Web Printing\hpswp_extensions.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: BitComet - {D18A0B52-D63C-4ed0-AFC6-C1E3DC1AF43A} - res://C:\Program Files\BitComet\tools\BitCometBHO_1.1.11.30.dll/206 (file missing)
O13 - Gopher Prefix:
O18 - Protocol: skyline - {3A4F9195-65A8-11D5-85C1-0001023952C1} - C:\Program Files\Skyline\TerraExplorer\TerraExplorerX.dll
O18 - Filter: x-sdch - {B1759355-3EEC-4C1E-B0F1-B719FE26E377} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_A8904FB862BD9564.dll
O23 - Service: Avira AntiVir Planificateur (AntiVirSchedulerService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\sched.exe
O23 - Service: Avira AntiVir Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\avguard.exe
O23 - Service: Ati External Event Utility - ATI Technologies Inc. - C:\Windows\system32\Ati2evxx.exe
O23 - Service: Service Bonjour (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: FLEXnet Licensing Service - Acresso Software Inc. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Inkjet Printer/Scanner Extended Survey Program (IJPLMSVC) - Unknown owner - C:\Program Files\Canon\IJPLM\IJPLMSVC.EXE
O23 - Service: Service de l’iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared Files\RichVideo.exe
O23 - Service: Steam Client Service - Valve Corporation - C:\Program Files\Common Files\Steam\SteamService.exe
O23 - Service: Fujitsu Siemens Computers Diagnostic Testhandler (TestHandler) - Fujitsu Siemens Computers - C:\firststeps\OnlineDiagnostic\TestManager\TestHandler.exe

--
End of file - 11147 bytes

======Scheduled tasks folder======

C:\Windows\tasks\Google Software Updater.job
C:\Windows\tasks\User_Feed_Synchronization-{FBD49A60-6090-483C-A847-02AF0EB2ABE7}.job

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{053F9267-DC04-4294-A72C-58F732D338C0}]
HP Print Clips - C:\Program Files\HP\Smart Web Printing\hpswp_framework.dll [2007-03-02 177768]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{18DF081C-E8AD-4283-A596-FA578C2EBDC3}]
Adobe PDF Link Helper - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2009-02-27 75128]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{39F7E362-828A-4B5A-BCAF-5B79BFDFEA60}]
BitComet Helper - C:\Program Files\BitComet\tools\BitCometBHO_1.1.11.30.dll [2007-12-05 464184]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{5C255C8A-E604-49b4-9D64-90988571CECB}]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{6EBF7485-159F-4bff-A14F-B9E3AAC4465B}]
Search Helper - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll [2009-05-19 137600]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9030D464-4C02-4ABF-8ECC-5164760863C6}]
Programme d'aide de l'Assistant de connexion Windows Live ID - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2009-03-30 403824]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AA58ED58-01DD-4d91-8333-CF10577473F7}]
Google Toolbar Helper - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll [2009-06-11 259696]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AE7CD045-E861-484f-8273-0445EE161910}]
Adobe PDF Conversion Toolbar Helper - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll [2009-02-27 349576]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AF69DE43-7D58-4638-B6FA-CE66B5AD205D}]
Google Toolbar Notifier BHO - C:\Program Files\Google\GoogleToolbarNotifier\5.3.4501.1418\swg.dll [2009-09-18 762864]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{C84D72FE-E17D-4195-BB24-76C02E2E7C4E}]
Google Dictionary Compression sdch - C:\Program Files\Google\Google Toolbar\Component\fastsearch_A8904FB862BD9564.dll [2009-05-08 470512]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java(tm) Plug-In 2 SSV Helper - C:\Program Files\Java\jre6\bin\jp2ssv.dll [2009-03-09 35840]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E15A8DC0-8516-42A1-81EA-DC94EC1ACF10}]
Windows Live Toolbar Helper - C:\Program Files\Windows Live\Toolbar\wltcore.dll [2009-02-06 1068904]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{F4971EE7-DAA0-4053-9964-665D8EE6A077}]
SmartSelect Class - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll [2009-02-27 349576]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{21FA44EF-376D-4D53-9B0F-8A89D3229068} - &Windows Live Toolbar - C:\Program Files\Windows Live\Toolbar\wltcore.dll [2009-02-06 1068904]
{2318C2B1-4965-11d4-9B18-009027A5CD4F} - Google Toolbar - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll [2009-06-11 259696]
{32099AAC-C132-4136-9E9A-4E364A424E17} - DAEMON Tools Toolbar - C:\Program Files\DAEMON Tools Toolbar\DTToolbar.dll [2009-04-23 937416]
{47833539-D0C5-4125-9FA8-0819E2EAAC93} - Adobe PDF - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll [2009-02-27 349576]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"Windows Defender"=C:\Program Files\Windows Defender\MSASCui.exe [2008-01-19 1008184]
"SMSERIAL"=C:\Program Files\Motorola\SMSERIAL\sm56hlpr.exe [2009-05-05 1466368]
"iTunesHelper"=C:\Program Files\iTunes\iTunesHelper.exe [2009-03-12 342312]
"NeroFilterCheck"=C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe [2007-02-26 153136]
"QuickTime Task"=C:\Program Files\MpcStar\Codecs\QuickTime\QTTask.exe [2009-01-05 413696]
"StartCCC"=c:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [2006-11-10 90112]
"RtHDVCpl"=C:\Windows\RtHDVCpl.exe [2007-04-10 4431872]
"Skytel"=C:\Windows\Skytel.exe [2007-04-04 1822720]
"avgnt"=C:\Program Files\Avira\AntiVir Desktop\avgnt.exe [2009-03-02 209153]
"AdobeCS4ServiceManager"=C:\Program Files\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe [2008-08-14 611712]
"Adobe Acrobat Speed Launcher"=C:\Program Files\Adobe\Acrobat 9.0\Acrobat\Acrobat_sl.exe [2009-10-03 38768]
""= []
"Acrobat Assistant 8.0"=C:\Program Files\Adobe\Acrobat 9.0\Acrobat\Acrotray.exe [2009-10-02 640376]
"Application Layer Gateway"=C:\Program Files\Common Files\alq.exe [2009-07-31 31744]
"Adobe Reader Speed Launcher"=C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe [2009-10-03 35696]
"Adobe ARM"=C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2009-09-04 935288]
"Malwarebytes Anti-Malware (reboot)"=C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe [2009-09-10 1312080]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"=C:\Program Files\Windows Sidebar\sidebar.exe [2009-04-11 1233920]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"=C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe [2007-02-26 149040]
"swg"=C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe [2009-02-06 39408]
"DAEMON Tools Lite"=C:\Program Files\DAEMON Tools Lite\daemon.exe [2009-04-23 691656]
"{ECFF45D9-3FD0-26E2-31D0-1B1BB00476CA}"=C:\Users\paul\AppData\Roaming\jackson.exe []

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\WudfPf]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\WudfRd]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\WudfSvc]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\WudfUsbccidDriver]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1
"EnableUIADesktopToggle"=0

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=145

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"BindDirectlyToPropertySetStorage"=

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{2c0b5880-a738-11dc-aa5c-00030d6e8676}]
shell\AutoRun\command - G:\LaunchU3.exe -a

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{2e7eff41-63be-11de-b490-806e6f6e6963}]
shell\AutoRun\command - H:\Toshiba\more4you.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{8d01968d-615f-11de-8c32-00030d6e8676}]
shell\AutoRun\command - F:\CoJBiBLauncher.exe


======File associations======

.js - edit -
.js - open -
.txt - open -

======List of files/folders created in the last 1 months======

2009-10-20 11:30:45 ----D---- C:\Program Files\trend micro
2009-10-20 11:30:44 ----D---- C:\rsit
2009-10-20 10:14:12 ----A---- C:\Windows\ntbtlog.txt
2009-10-19 13:54:06 ----RA---- C:\Windows\system32\AdobePDFUI.dll
2009-10-19 13:47:21 ----SHD---- C:\Config.Msi
2009-10-19 11:31:25 ----D---- C:\Users\paul\AppData\Roaming\Malwarebytes
2009-10-19 11:31:14 ----D---- C:\ProgramData\Malwarebytes
2009-10-19 11:31:14 ----D---- C:\Program Files\Malwarebytes' Anti-Malware
2009-10-16 10:20:20 ----A---- C:\Windows\system32\msv1_0.dll
2009-10-16 10:20:07 ----A---- C:\Windows\system32\ntoskrnl.exe
2009-10-16 10:20:06 ----A---- C:\Windows\system32\ntkrnlpa.exe
2009-10-16 10:19:06 ----A---- C:\Windows\system32\msasn1.dll
2009-10-16 10:19:02 ----A---- C:\Windows\system32\WMSPDMOD.DLL
2009-10-10 10:11:24 ----D---- C:\Extracted
2009-10-05 12:52:32 ----D---- C:\ProgramData\Office Genuine Advantage
2009-10-05 12:25:47 ----D---- C:\Program Files\Microsoft Office Outlook Connector
2009-10-05 11:02:32 ----A---- C:\Windows\system32\wdigest.dll
2009-10-05 11:02:32 ----A---- C:\Windows\system32\kerberos.dll
2009-10-05 11:02:31 ----A---- C:\Windows\system32\schannel.dll
2009-10-05 11:02:29 ----A---- C:\Windows\system32\lsasrv.dll
2009-10-05 11:02:28 ----A---- C:\Windows\system32\secur32.dll
2009-10-05 11:02:28 ----A---- C:\Windows\system32\lsass.exe
2009-10-04 10:14:42 ----N---- C:\Windows\system32\MpSigStub.exe
2009-10-02 14:48:01 ----A---- C:\Windows\system32\wups2.dll
2009-10-02 14:48:01 ----A---- C:\Windows\system32\wuauclt.exe
2009-10-02 14:48:00 ----A---- C:\Windows\system32\wucltux.dll
2009-10-02 14:48:00 ----A---- C:\Windows\system32\wuaueng.dll
2009-10-02 14:47:40 ----A---- C:\Windows\system32\wups.dll
2009-10-02 14:47:40 ----A---- C:\Windows\system32\wudriver.dll
2009-10-02 14:47:40 ----A---- C:\Windows\system32\wuapi.dll
2009-10-02 14:47:28 ----A---- C:\Windows\system32\wuwebv.dll
2009-10-02 14:47:28 ----A---- C:\Windows\system32\wuapp.exe
2009-09-30 00:34:29 ----D---- C:\Windows\system32\eu-ES
2009-09-30 00:34:29 ----D---- C:\Windows\system32\ca-ES
2009-09-30 00:34:27 ----D---- C:\Windows\system32\vi-VN
2009-09-27 19:15:46 ----A---- C:\Windows\system32\NlsLexicons0007.dll
2009-09-27 19:15:41 ----A---- C:\Windows\system32\SLsvc.exe
2009-09-27 19:15:41 ----A---- C:\Windows\system32\SLCExt.dll
2009-09-27 19:15:38 ----A---- C:\Windows\system32\FunctionDiscoveryFolder.dll
2009-09-27 19:15:38 ----A---- C:\Windows\system32\DevicePairingWizard.exe
2009-09-27 19:15:35 ----A---- C:\Windows\system32\NlsLexicons0009.dll
2009-09-27 19:15:33 ----A---- C:\Windows\system32\mssrch.dll
2009-09-27 19:15:30 ----A---- C:\Windows\system32\tquery.dll
2009-09-27 19:15:29 ----A---- C:\Windows\system32\PresentationNative_v0300.dll
2009-09-27 19:15:28 ----A---- C:\Windows\system32\scavenge.dll
2009-09-27 19:15:28 ----A---- C:\Windows\system32\RMActivate_isv.exe
2009-09-27 19:15:27 ----A---- C:\Windows\system32\RMActivate.exe
2009-09-27 19:15:26 ----A---- C:\Windows\system32\msi.dll
2009-09-27 19:15:25 ----A---- C:\Windows\system32\imapi2fs.dll
2009-09-27 19:15:24 ----A---- C:\Windows\system32\WscEapPr.dll
2009-09-27 19:15:24 ----A---- C:\Windows\system32\secproc_isv.dll
2009-09-27 19:15:23 ----A---- C:\Windows\system32\wcnwiz2.dll
2009-09-27 19:15:23 ----A---- C:\Windows\system32\sysmain.dll
2009-09-27 19:15:22 ----A---- C:\Windows\system32\icardagt.exe
2009-09-27 19:15:20 ----A---- C:\Windows\system32\EhStorShell.dll
2009-09-27 19:15:20 ----A---- C:\Windows\system32\AuxiliaryDisplayCpl.dll
2009-09-27 19:15:18 ----A---- C:\Windows\system32\spreview.exe
2009-09-27 19:15:18 ----A---- C:\Windows\system32\spinstall.exe
2009-09-27 19:15:18 ----A---- C:\Windows\system32\drmv2clt.dll
2009-09-27 19:15:17 ----A---- C:\Windows\system32\spwizui.dll
2009-09-27 19:15:16 ----A---- C:\Windows\system32\shell32.dll
2009-09-27 19:15:16 ----A---- C:\Windows\system32\secproc.dll
2009-09-27 19:15:16 ----A---- C:\Windows\system32\mcupdate_GenuineIntel.dll
2009-09-27 19:15:15 ----A---- C:\Windows\system32\p2psvc.dll
2009-09-27 19:15:14 ----A---- C:\Windows\system32\SearchIndexer.exe
2009-09-27 19:15:14 ----A---- C:\Windows\system32\mssvp.dll
2009-09-27 19:15:13 ----A---- C:\Windows\system32\mssphtb.dll
2009-09-27 19:15:13 ----A---- C:\Windows\system32\mssph.dll
2009-09-27 19:15:13 ----A---- C:\Windows\system32\MSMPEG2VDEC.DLL
2009-09-27 19:15:13 ----A---- C:\Windows\system32\mscoree.dll
2009-09-27 19:15:12 ----A---- C:\Windows\system32\sdohlp.dll
2009-09-27 19:15:12 ----A---- C:\Windows\system32\imapi2.dll
2009-09-27 19:15:11 ----A---- C:\Windows\system32\esent.dll
2009-09-27 19:15:10 ----A---- C:\Windows\system32\IMJP10K.DLL
2009-09-27 19:15:10 ----A---- C:\Windows\system32\DevicePairing.dll
2009-09-27 19:15:09 ----A---- C:\Windows\system32\sperror.dll
2009-09-27 19:15:09 ----A---- C:\Windows\system32\RMActivate_ssp.exe
2009-09-27 19:15:09 ----A---- C:\Windows\system32\korwbrkr.dll
2009-09-27 19:15:08 ----A---- C:\Windows\system32\wevtsvc.dll
2009-09-27 19:15:08 ----A---- C:\Windows\system32\PresentationHostProxy.dll
2009-09-27 19:15:07 ----A---- C:\Windows\system32\SLC.dll
2009-09-27 19:15:07 ----A---- C:\Windows\system32\RMActivate_ssp_isv.exe
2009-09-27 19:15:07 ----A---- C:\Windows\system32\msshsq.dll
2009-09-27 19:15:07 ----A---- C:\Windows\system32\IasMigReader.exe
2009-09-27 19:15:05 ----A---- C:\Windows\system32\msjet40.dll
2009-09-27 19:15:05 ----A---- C:\Windows\system32\MPSSVC.dll
2009-09-27 19:15:04 ----A---- C:\Windows\system32\msxml6.dll
2009-09-27 19:15:03 ----A---- C:\Windows\system32\Query.dll
2009-09-27 19:15:03 ----A---- C:\Windows\system32\qmgr.dll
2009-09-27 19:15:02 ----A---- C:\Windows\system32\msexch40.dll
2009-09-27 19:15:02 ----A---- C:\Windows\system32\diagperf.dll
2009-09-27 19:15:01 ----A---- C:\Windows\system32\P2PGraph.dll
2009-09-27 19:15:01 ----A---- C:\Windows\system32\ole32.dll
2009-09-27 19:15:01 ----A---- C:\Windows\system32\ntdll.dll
2009-09-27 19:15:00 ----A---- C:\Windows\system32\srchadmin.dll
2009-09-27 19:15:00 ----A---- C:\Windows\system32\msxml3.dll
2009-09-27 19:14:59 ----A---- C:\Windows\system32\winload.exe
2009-09-27 19:14:59 ----A---- C:\Windows\system32\mblctr.exe
2009-09-27 19:14:59 ----A---- C:\Windows\system32\EncDec.dll
2009-09-27 19:14:58 ----A---- C:\Windows\system32\uDWM.dll
2009-09-27 19:14:58 ----A---- C:\Windows\system32\mmc.exe
2009-09-27 19:14:58 ----A---- C:\Windows\system32\IasMigPlugin.dll
2009-09-27 19:14:58 ----A---- C:\Windows\system32\dfsr.exe
2009-09-27 19:14:57 ----A---- C:\Windows\system32\riched20.dll
2009-09-27 19:14:57 ----A---- C:\Windows\system32\fdBth.dll
2009-09-27 19:14:56 ----A---- C:\Windows\system32\RacEngn.dll
2009-09-27 19:14:55 ----A---- C:\Windows\system32\SearchProtocolHost.exe
2009-09-27 19:14:55 ----A---- C:\Windows\system32\SearchFilterHost.exe
2009-09-27 19:14:55 ----A---- C:\Windows\system32\milcore.dll
2009-09-27 19:14:55 ----A---- C:\Windows\system32\kernel32.dll
2009-09-27 19:14:55 ----A---- C:\Windows\system32\EhStorAPI.dll
2009-09-27 19:14:55 ----A---- C:\Windows\system32\CertEnroll.dll
2009-09-27 19:14:54 ----A---- C:\Windows\system32\spoolss.dll
2009-09-27 19:14:54 ----A---- C:\Windows\system32\schedsvc.dll
2009-09-27 19:14:54 ----A---- C:\Windows\system32\NaturalLanguage6.dll
2009-09-27 19:14:53 ----A---- C:\Windows\system32\msjtes40.dll
2009-09-27 19:14:53 ----A---- C:\Windows\system32\AuxiliaryDisplayDriverLib.dll
2009-09-27 19:14:52 ----A---- C:\Windows\system32\msvcp60.dll
2009-09-27 19:14:52 ----A---- C:\Windows\system32\infocardapi.dll
2009-09-27 19:14:52 ----A---- C:\Windows\system32\gpedit.dll
2009-09-27 19:14:51 ----A---- C:\Windows\system32\WinSAT.exe
2009-09-27 19:14:50 ----A---- C:\Windows\system32\PresentationSettings.exe
2009-09-27 19:14:50 ----A---- C:\Windows\system32\es.dll
2009-09-27 19:14:49 ----A---- C:\Windows\system32\mstext40.dll
2009-09-27 19:14:49 ----A---- C:\Windows\system32\Magnify.exe
2009-09-27 19:14:49 ----A---- C:\Windows\system32\AuxiliaryDisplayServices.dll
2009-09-27 19:14:49 ----A---- C:\Windows\system32\advapi32.dll
2009-09-27 19:14:47 ----A---- C:\Windows\system32\WMPhoto.dll
2009-09-27 19:14:47 ----A---- C:\Windows\system32\WebClnt.dll
2009-09-27 19:14:46 ----A---- C:\Windows\system32\slwmi.dll
2009-09-27 19:14:46 ----A---- C:\Windows\system32\msxbde40.dll
2009-09-27 19:14:46 ----A---- C:\Windows\system32\msexcl40.dll
2009-09-27 19:14:46 ----A---- C:\Windows\system32\comsvcs.dll
2009-09-27 19:14:45 ----A---- C:\Windows\system32\WindowsAnytimeUpgradeCPL.dll
2009-09-27 19:14:45 ----A---- C:\Windows\system32\vssapi.dll
2009-09-27 19:14:44 ----A---- C:\Windows\system32\NetProjW.dll
2009-09-27 19:14:44 ----A---- C:\Windows\system32\authui.dll
2009-09-27 19:14:43 ----A---- C:\Windows\system32\PresentationHost.exe
2009-09-27 19:14:43 ----A---- C:\Windows\system32\msrepl40.dll
2009-09-27 19:14:42 ----A---- C:\Windows\system32\propsys.dll
2009-09-27 19:14:42 ----A---- C:\Windows\system32\PresentationCFFRasterizerNative_v0300.dll
2009-09-27 19:14:42 ----A---- C:\Windows\system32\newdev.dll
2009-09-27 19:14:42 ----A---- C:\Windows\system32\iasrecst.dll
2009-09-27 19:14:42 ----A---- C:\Windows\system32\gpsvc.dll
2009-09-27 19:14:41 ----A---- C:\Window

Autres pages sur : form

a c 333 8 Sécurité
a b 9 Windows
21 Octobre 2009 14:24:31

Bonjour,

  • Télécharge OTM (OldTimer) sur ton Bureau.
  • Clique droit sur OTM.exe et choisis Exécuter en tant qu'administrateur.
  • Copie (Ctrl+C) le texte suivant ci-dessous :

    :processes
    explorer.exe

    :reg
    [-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{5C255C8A-E604-49b4-9D64-90988571CECB}]
    [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
    "Application Layer Gateway"=-
    [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
    "{ECFF45D9-3FD0-26E2-31D0-1B1BB00476CA}"=-

    :files
    C:\Program Files\Common Files\alq.exe

    :commands
    [purity]
    [emptytemp]
    [reboot]

  • Colle (Ctrl+V) le texte précédemment copié dans le cadre Paste Instructions for Items to be Moved.
  • Clique maintenant sur le bouton MoveIt! puis ferme OTM.

    ---> Si un fichier ou dossier ne peut pas être supprimé immédiatement, le logiciel te demandera de redémarrer.
    Accepte en cliquant sur YES.

  • Poste le rapport situé dans ce dossier : C:\_OTM\MovedFiles\
    ---> Le nom du rapport correspond au moment de sa création : date_heure.log
    21 Octobre 2009 15:16:34

    All processes killed
    ========== PROCESSES ==========
    No active process named explorer.exe was found!
    ========== REGISTRY ==========
    Registry delete failed. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{5C255C8A-E604-49b4-9D64-90988571CECB}\ scheduled to be deleted on reboot.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{5C255C8A-E604-49b4-9D64-90988571CECB}\ not found.
    Registry delete failed. HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\Application Layer Gateway scheduled to be deleted on reboot.
    Registry value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\{ECFF45D9-3FD0-26E2-31D0-1B1BB00476CA} deleted successfully.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{ECFF45D9-3FD0-26E2-31D0-1B1BB00476CA}\ not found.
    ========== FILES ==========
    File move failed. C:\Program Files\Common Files\alq.exe scheduled to be moved on reboot.
    ========== COMMANDS ==========

    [EMPTYTEMP]

    User: All Users

    User: Default
    ->Temp folder emptied: 0 bytes
    File delete failed. C:\Users\Default\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\Y79PPPD6\desktop.ini scheduled to be deleted on reboot.
    File delete failed. C:\Users\Default\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\GJA3DRCT\desktop.ini scheduled to be deleted on reboot.
    File delete failed. C:\Users\Default\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\9AJFFDE3\desktop.ini scheduled to be deleted on reboot.
    File delete failed. C:\Users\Default\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\5K6XSAUI\desktop.ini scheduled to be deleted on reboot.
    File delete failed. C:\Users\Default\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\desktop.ini scheduled to be deleted on reboot.
    File delete failed. C:\Users\Default\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat scheduled to be deleted on reboot.
    File delete failed. C:\Users\Default\AppData\Local\Microsoft\Windows\Temporary Internet Files\desktop.ini scheduled to be deleted on reboot.
    ->Temporary Internet Files folder emptied: 33170 bytes

    User: Default User
    ->Temp folder emptied: 0 bytes
    File delete failed. C:\Users\Default User\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\Y79PPPD6\desktop.ini scheduled to be deleted on reboot.
    File delete failed. C:\Users\Default User\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\GJA3DRCT\desktop.ini scheduled to be deleted on reboot.
    File delete failed. C:\Users\Default User\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\9AJFFDE3\desktop.ini scheduled to be deleted on reboot.
    File delete failed. C:\Users\Default User\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\5K6XSAUI\desktop.ini scheduled to be deleted on reboot.
    File delete failed. C:\Users\Default User\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\desktop.ini scheduled to be deleted on reboot.
    File delete failed. C:\Users\Default User\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat scheduled to be deleted on reboot.
    File delete failed. C:\Users\Default User\AppData\Local\Microsoft\Windows\Temporary Internet Files\desktop.ini scheduled to be deleted on reboot.
    ->Temporary Internet Files folder emptied: 33170 bytes

    User: paul
    ->Temp folder emptied: 167750896 bytes
    File delete failed. C:\Users\paul\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat scheduled to be deleted on reboot.
    ->Temporary Internet Files folder emptied: 237492121 bytes
    ->Java cache emptied: 37529223 bytes
    ->FireFox cache emptied: 64111106 bytes
    ->Apple Safari cache emptied: 1227704 bytes

    User: Public

    %systemdrive% .tmp files removed: 0 bytes
    %systemroot% .tmp files removed: 0 bytes
    %systemroot%\System32 .tmp files removed: 675840 bytes
    Windows Temp folder emptied: 0 bytes
    RecycleBin emptied: 7347 bytes

    Total Files Cleaned = 485,29 mb


    OTM by OldTimer - Version 3.0.0.6 log created on 10212009_145135
    Contenus similaires
    a c 333 8 Sécurité
    a b 9 Windows
    21 Octobre 2009 17:44:23

    Ok, refais un scan RSIT et poste le rapport log.
    22 Octobre 2009 10:17:28

    Logfile of random's system information tool 1.06 (written by random/random)
    Run by paul at 2009-10-22 10:14:53
    Microsoft® Windows Vista™ Édition Familiale Premium Service Pack 2
    System drive C: has 27 GB (28%) free of 94 GB
    Total RAM: 2046 MB (46% free)

    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 10:15:35, on 22/10/2009
    Platform: Windows Vista SP2 (WinNT 6.00.1906)
    MSIE: Internet Explorer v8.00 (8.00.6001.18813)
    Boot mode: Normal

    Running processes:
    C:\Windows\system32\taskeng.exe
    C:\Windows\system32\Dwm.exe
    C:\Program Files\Windows Defender\MSASCui.exe
    C:\Program Files\Motorola\SMSERIAL\sm56hlpr.exe
    C:\Program Files\iTunes\iTunesHelper.exe
    c:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.EXE
    C:\Windows\RtHDVCpl.exe
    C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
    C:\Program Files\Adobe\Acrobat 9.0\Acrobat\acrotray.exe
    C:\Program Files\Common Files\alq.exe
    C:\Program Files\Windows Sidebar\sidebar.exe
    C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe
    C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
    C:\Program Files\DAEMON Tools Lite\daemon.exe
    C:\Program Files\Windows Sidebar\sidebar.exe
    C:\Program Files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe
    C:\Windows\system32\wbem\unsecapp.exe
    C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
    C:\Windows\Explorer.EXE
    C:\Program Files\Windows Live\Messenger\msnmsgr.exe
    C:\Program Files\Windows Live\Contacts\wlcomm.exe
    C:\Program Files\Mozilla Firefox\firefox.exe
    C:\Windows\system32\wuauclt.exe
    C:\Users\paul\Downloads\RSIT(2).exe
    C:\Program Files\trend micro\paul.exe

    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.daemon-search.com/startpage
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
    O1 - Hosts: ::1 localhost
    O2 - BHO: HP Print Clips - {053F9267-DC04-4294-A72C-58F732D338C0} - C:\Program Files\HP\Smart Web Printing\hpswp_framework.dll
    O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
    O2 - BHO: BitComet ClickCapture - {39F7E362-828A-4B5A-BCAF-5B79BFDFEA60} - C:\Program Files\BitComet\tools\BitCometBHO_1.1.11.30.dll
    O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
    O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll
    O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live ID - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll
    O2 - BHO: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
    O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.3.4501.1418\swg.dll
    O2 - BHO: Google Dictionary Compression sdch - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_A8904FB862BD9564.dll
    O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
    O2 - BHO: Windows Live Toolbar Helper - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Program Files\Windows Live\Toolbar\wltcore.dll
    O2 - BHO: SmartSelect - {F4971EE7-DAA0-4053-9964-665D8EE6A077} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
    O3 - Toolbar: &Windows Live Toolbar - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files\Windows Live\Toolbar\wltcore.dll
    O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll
    O3 - Toolbar: DAEMON Tools Toolbar - {32099AAC-C132-4136-9E9A-4E364A424E17} - C:\Program Files\DAEMON Tools Toolbar\DTToolbar.dll
    O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
    O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
    O4 - HKLM\..\Run: [SMSERIAL] C:\Program Files\Motorola\SMSERIAL\sm56hlpr.exe
    O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
    O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\MpcStar\Codecs\QuickTime\QTTask.exe" -atboottime
    O4 - HKLM\..\Run: [StartCCC] c:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe
    O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe
    O4 - HKLM\..\Run: [Skytel] Skytel.exe
    O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir Desktop\avgnt.exe" /min
    O4 - HKLM\..\Run: [AdobeCS4ServiceManager] "C:\Program Files\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe" -launchedbylogin
    O4 - HKLM\..\Run: [Adobe Acrobat Speed Launcher] "C:\Program Files\Adobe\Acrobat 9.0\Acrobat\Acrobat_sl.exe"
    O4 - HKLM\..\Run: [Acrobat Assistant 8.0] "C:\Program Files\Adobe\Acrobat 9.0\Acrobat\Acrotray.exe"
    O4 - HKLM\..\Run: [Application Layer Gateway] C:\Program Files\Common Files\alq.exe
    O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
    O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
    O4 - HKLM\..\Run: [Malwarebytes Anti-Malware (reboot)] "C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe" /runcleanupscript
    O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
    O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe"
    O4 - HKCU\..\Run: [swg] "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
    O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program Files\DAEMON Tools Lite\daemon.exe" -autorun
    O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'SERVICE LOCAL')
    O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'SERVICE LOCAL')
    O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'SERVICE RÉSEAU')
    O8 - Extra context menu item: &D&ownload &with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddLink.htm
    O8 - Extra context menu item: &D&ownload all video with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddVideo.htm
    O8 - Extra context menu item: &D&ownload all with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddAllLink.htm
    O8 - Extra context menu item: Ajouter la cible du lien à un fichier PDF existant - res://C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
    O8 - Extra context menu item: Ajouter à un fichier PDF existant - res://C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppend.html
    O8 - Extra context menu item: Convertir au format Adobe PDF - res://C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECapture.html
    O8 - Extra context menu item: Convertir la cible du lien au format Adobe PDF - res://C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
    O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
    O9 - Extra button: Ajout Direct - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
    O9 - Extra 'Tools' menuitem: &Ajout Direct dans Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
    O9 - Extra button: Livre de reliures HP - {58ECB495-38F0-49cb-A538-10282ABF65E7} - C:\Program Files\HP\Smart Web Printing\hpswp_extensions.dll
    O9 - Extra button: Sélection intelligente HP - {700259D7-1666-479a-93B1-3250410481E8} - C:\Program Files\HP\Smart Web Printing\hpswp_extensions.dll
    O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
    O9 - Extra button: BitComet - {D18A0B52-D63C-4ed0-AFC6-C1E3DC1AF43A} - res://C:\Program Files\BitComet\tools\BitCometBHO_1.1.11.30.dll/206 (file missing)
    O13 - Gopher Prefix:
    O18 - Protocol: skyline - {3A4F9195-65A8-11D5-85C1-0001023952C1} - C:\Program Files\Skyline\TerraExplorer\TerraExplorerX.dll
    O18 - Filter: x-sdch - {B1759355-3EEC-4C1E-B0F1-B719FE26E377} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_A8904FB862BD9564.dll
    O23 - Service: a-squared Free Service (a2free) - Emsi Software GmbH - C:\Program Files\a-squared Free\a2service.exe
    O23 - Service: Avira AntiVir Planificateur (AntiVirSchedulerService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\sched.exe
    O23 - Service: Avira AntiVir Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\avguard.exe
    O23 - Service: Ati External Event Utility - ATI Technologies Inc. - C:\Windows\system32\Ati2evxx.exe
    O23 - Service: Service Bonjour (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
    O23 - Service: FLEXnet Licensing Service - Acresso Software Inc. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
    O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
    O23 - Service: Inkjet Printer/Scanner Extended Survey Program (IJPLMSVC) - Unknown owner - C:\Program Files\Canon\IJPLM\IJPLMSVC.EXE
    O23 - Service: Service de l’iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
    O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
    O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared Files\RichVideo.exe
    O23 - Service: Steam Client Service - Valve Corporation - C:\Program Files\Common Files\Steam\SteamService.exe
    O23 - Service: Fujitsu Siemens Computers Diagnostic Testhandler (TestHandler) - Fujitsu Siemens Computers - C:\firststeps\OnlineDiagnostic\TestManager\TestHandler.exe

    --
    End of file - 11148 bytes

    ======Scheduled tasks folder======

    C:\Windows\tasks\Google Software Updater.job
    C:\Windows\tasks\User_Feed_Synchronization-{FBD49A60-6090-483C-A847-02AF0EB2ABE7}.job

    ======Registry dump======

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{053F9267-DC04-4294-A72C-58F732D338C0}]
    HP Print Clips - C:\Program Files\HP\Smart Web Printing\hpswp_framework.dll [2007-03-02 177768]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{18DF081C-E8AD-4283-A596-FA578C2EBDC3}]
    Adobe PDF Link Helper - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2009-02-27 75128]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{39F7E362-828A-4B5A-BCAF-5B79BFDFEA60}]
    BitComet Helper - C:\Program Files\BitComet\tools\BitCometBHO_1.1.11.30.dll [2007-12-05 464184]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{5C255C8A-E604-49b4-9D64-90988571CECB}]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{6EBF7485-159F-4bff-A14F-B9E3AAC4465B}]
    Search Helper - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll [2009-05-19 137600]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9030D464-4C02-4ABF-8ECC-5164760863C6}]
    Programme d'aide de l'Assistant de connexion Windows Live ID - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2009-03-30 403824]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AA58ED58-01DD-4d91-8333-CF10577473F7}]
    Google Toolbar Helper - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll [2009-06-11 259696]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AE7CD045-E861-484f-8273-0445EE161910}]
    Adobe PDF Conversion Toolbar Helper - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll [2009-02-27 349576]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AF69DE43-7D58-4638-B6FA-CE66B5AD205D}]
    Google Toolbar Notifier BHO - C:\Program Files\Google\GoogleToolbarNotifier\5.3.4501.1418\swg.dll [2009-09-18 762864]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{C84D72FE-E17D-4195-BB24-76C02E2E7C4E}]
    Google Dictionary Compression sdch - C:\Program Files\Google\Google Toolbar\Component\fastsearch_A8904FB862BD9564.dll [2009-05-08 470512]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
    Java(tm) Plug-In 2 SSV Helper - C:\Program Files\Java\jre6\bin\jp2ssv.dll [2009-03-09 35840]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E15A8DC0-8516-42A1-81EA-DC94EC1ACF10}]
    Windows Live Toolbar Helper - C:\Program Files\Windows Live\Toolbar\wltcore.dll [2009-02-06 1068904]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{F4971EE7-DAA0-4053-9964-665D8EE6A077}]
    SmartSelect Class - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll [2009-02-27 349576]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
    {21FA44EF-376D-4D53-9B0F-8A89D3229068} - &Windows Live Toolbar - C:\Program Files\Windows Live\Toolbar\wltcore.dll [2009-02-06 1068904]
    {2318C2B1-4965-11d4-9B18-009027A5CD4F} - Google Toolbar - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll [2009-06-11 259696]
    {32099AAC-C132-4136-9E9A-4E364A424E17} - DAEMON Tools Toolbar - C:\Program Files\DAEMON Tools Toolbar\DTToolbar.dll [2009-04-23 937416]
    {47833539-D0C5-4125-9FA8-0819E2EAAC93} - Adobe PDF - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll [2009-02-27 349576]

    [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
    "Windows Defender"=C:\Program Files\Windows Defender\MSASCui.exe [2008-01-19 1008184]
    "SMSERIAL"=C:\Program Files\Motorola\SMSERIAL\sm56hlpr.exe [2009-05-05 1466368]
    "iTunesHelper"=C:\Program Files\iTunes\iTunesHelper.exe [2009-03-12 342312]
    "NeroFilterCheck"=C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe [2007-02-26 153136]
    "QuickTime Task"=C:\Program Files\MpcStar\Codecs\QuickTime\QTTask.exe [2009-01-05 413696]
    "StartCCC"=c:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [2006-11-10 90112]
    "RtHDVCpl"=C:\Windows\RtHDVCpl.exe [2007-04-10 4431872]
    "Skytel"=C:\Windows\Skytel.exe [2007-04-04 1822720]
    "avgnt"=C:\Program Files\Avira\AntiVir Desktop\avgnt.exe [2009-03-02 209153]
    "AdobeCS4ServiceManager"=C:\Program Files\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe [2008-08-14 611712]
    "Adobe Acrobat Speed Launcher"=C:\Program Files\Adobe\Acrobat 9.0\Acrobat\Acrobat_sl.exe [2009-10-03 38768]
    ""= []
    "Acrobat Assistant 8.0"=C:\Program Files\Adobe\Acrobat 9.0\Acrobat\Acrotray.exe [2009-10-02 640376]
    "Application Layer Gateway"=C:\Program Files\Common Files\alq.exe [2009-07-31 31744]
    "Adobe Reader Speed Launcher"=C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe [2009-10-03 35696]
    "Adobe ARM"=C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2009-09-04 935288]
    "Malwarebytes Anti-Malware (reboot)"=C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe [2009-09-10 1312080]

    [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
    "Sidebar"=C:\Program Files\Windows Sidebar\sidebar.exe [2009-04-11 1233920]
    "BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"=C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe [2007-02-26 149040]
    "swg"=C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe [2009-02-06 39408]
    "DAEMON Tools Lite"=C:\Program Files\DAEMON Tools Lite\daemon.exe [2009-04-23 691656]

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\WudfPf]

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\WudfRd]

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\WudfSvc]

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\WudfUsbccidDriver]

    [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
    "dontdisplaylastusername"=0
    "legalnoticecaption"=
    "legalnoticetext"=
    "shutdownwithoutlogon"=1
    "undockwithoutlogon"=1
    "EnableUIADesktopToggle"=0

    [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
    "NoDriveTypeAutoRun"=145

    [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
    "BindDirectlyToPropertySetStorage"=

    [HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]

    [HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]

    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{2c0b5880-a738-11dc-aa5c-00030d6e8676}]
    shell\AutoRun\command - G:\LaunchU3.exe -a

    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{2e7eff41-63be-11de-b490-806e6f6e6963}]
    shell\AutoRun\command - H:\Toshiba\more4you.exe

    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{8d01968d-615f-11de-8c32-00030d6e8676}]
    shell\AutoRun\command - F:\CoJBiBLauncher.exe


    ======File associations======

    .js - edit -
    .js - open -
    .txt - open -

    ======List of files/folders created in the last 1 months======

    2009-10-21 14:51:35 ----D---- C:\_OTM
    2009-10-20 22:26:56 ----D---- C:\Program Files\a-squared Free
    2009-10-20 11:30:45 ----D---- C:\Program Files\trend micro
    2009-10-20 11:30:44 ----D---- C:\rsit
    2009-10-20 10:14:12 ----A---- C:\Windows\ntbtlog.txt
    2009-10-19 13:54:06 ----RA---- C:\Windows\system32\AdobePDFUI.dll
    2009-10-19 13:47:21 ----SHD---- C:\Config.Msi
    2009-10-19 11:31:25 ----D---- C:\Users\paul\AppData\Roaming\Malwarebytes
    2009-10-19 11:31:14 ----D---- C:\ProgramData\Malwarebytes
    2009-10-19 11:31:14 ----D---- C:\Program Files\Malwarebytes' Anti-Malware
    2009-10-16 10:20:20 ----A---- C:\Windows\system32\msv1_0.dll
    2009-10-16 10:20:07 ----A---- C:\Windows\system32\ntoskrnl.exe
    2009-10-16 10:20:06 ----A---- C:\Windows\system32\ntkrnlpa.exe
    2009-10-16 10:19:06 ----A---- C:\Windows\system32\msasn1.dll
    2009-10-16 10:19:02 ----A---- C:\Windows\system32\WMSPDMOD.DLL
    2009-10-10 10:11:24 ----D---- C:\Extracted
    2009-10-05 12:52:32 ----D---- C:\ProgramData\Office Genuine Advantage
    2009-10-05 12:25:47 ----D---- C:\Program Files\Microsoft Office Outlook Connector
    2009-10-05 11:02:32 ----A---- C:\Windows\system32\wdigest.dll
    2009-10-05 11:02:32 ----A---- C:\Windows\system32\kerberos.dll
    2009-10-05 11:02:31 ----A---- C:\Windows\system32\schannel.dll
    2009-10-05 11:02:29 ----A---- C:\Windows\system32\lsasrv.dll
    2009-10-05 11:02:28 ----A---- C:\Windows\system32\secur32.dll
    2009-10-05 11:02:28 ----A---- C:\Windows\system32\lsass.exe
    2009-10-04 10:14:42 ----N---- C:\Windows\system32\MpSigStub.exe
    2009-10-02 14:48:01 ----A---- C:\Windows\system32\wups2.dll
    2009-10-02 14:48:01 ----A---- C:\Windows\system32\wuauclt.exe
    2009-10-02 14:48:00 ----A---- C:\Windows\system32\wucltux.dll
    2009-10-02 14:48:00 ----A---- C:\Windows\system32\wuaueng.dll
    2009-10-02 14:47:40 ----A---- C:\Windows\system32\wups.dll
    2009-10-02 14:47:40 ----A---- C:\Windows\system32\wudriver.dll
    2009-10-02 14:47:40 ----A---- C:\Windows\system32\wuapi.dll
    2009-10-02 14:47:28 ----A---- C:\Windows\system32\wuwebv.dll
    2009-10-02 14:47:28 ----A---- C:\Windows\system32\wuapp.exe
    2009-09-30 00:34:29 ----D---- C:\Windows\system32\eu-ES
    2009-09-30 00:34:29 ----D---- C:\Windows\system32\ca-ES
    2009-09-30 00:34:27 ----D---- C:\Windows\system32\vi-VN
    2009-09-27 19:15:46 ----A---- C:\Windows\system32\NlsLexicons0007.dll
    2009-09-27 19:15:41 ----A---- C:\Windows\system32\SLsvc.exe
    2009-09-27 19:15:41 ----A---- C:\Windows\system32\SLCExt.dll
    2009-09-27 19:15:38 ----A---- C:\Windows\system32\FunctionDiscoveryFolder.dll
    2009-09-27 19:15:38 ----A---- C:\Windows\system32\DevicePairingWizard.exe
    2009-09-27 19:15:35 ----A---- C:\Windows\system32\NlsLexicons0009.dll
    2009-09-27 19:15:33 ----A---- C:\Windows\system32\mssrch.dll
    2009-09-27 19:15:30 ----A---- C:\Windows\system32\tquery.dll
    2009-09-27 19:15:29 ----A---- C:\Windows\system32\PresentationNative_v0300.dll
    2009-09-27 19:15:28 ----A---- C:\Windows\system32\scavenge.dll
    2009-09-27 19:15:28 ----A---- C:\Windows\system32\RMActivate_isv.exe
    2009-09-27 19:15:27 ----A---- C:\Windows\system32\RMActivate.exe
    2009-09-27 19:15:26 ----A---- C:\Windows\system32\msi.dll
    2009-09-27 19:15:25 ----A---- C:\Windows\system32\imapi2fs.dll
    2009-09-27 19:15:24 ----A---- C:\Windows\system32\WscEapPr.dll
    2009-09-27 19:15:24 ----A---- C:\Windows\system32\secproc_isv.dll
    2009-09-27 19:15:23 ----A---- C:\Windows\system32\wcnwiz2.dll
    2009-09-27 19:15:23 ----A---- C:\Windows\system32\sysmain.dll
    2009-09-27 19:15:22 ----A---- C:\Windows\system32\icardagt.exe
    2009-09-27 19:15:20 ----A---- C:\Windows\system32\EhStorShell.dll
    2009-09-27 19:15:20 ----A---- C:\Windows\system32\AuxiliaryDisplayCpl.dll
    2009-09-27 19:15:18 ----A---- C:\Windows\system32\spreview.exe
    2009-09-27 19:15:18 ----A---- C:\Windows\system32\spinstall.exe
    2009-09-27 19:15:18 ----A---- C:\Windows\system32\drmv2clt.dll
    2009-09-27 19:15:17 ----A---- C:\Windows\system32\spwizui.dll
    2009-09-27 19:15:16 ----A---- C:\Windows\system32\shell32.dll
    2009-09-27 19:15:16 ----A---- C:\Windows\system32\secproc.dll
    2009-09-27 19:15:16 ----A---- C:\Windows\system32\mcupdate_GenuineIntel.dll
    2009-09-27 19:15:15 ----A---- C:\Windows\system32\p2psvc.dll
    2009-09-27 19:15:14 ----A---- C:\Windows\system32\SearchIndexer.exe
    2009-09-27 19:15:14 ----A---- C:\Windows\system32\mssvp.dll
    2009-09-27 19:15:13 ----A---- C:\Windows\system32\mssphtb.dll
    2009-09-27 19:15:13 ----A---- C:\Windows\system32\mssph.dll
    2009-09-27 19:15:13 ----A---- C:\Windows\system32\MSMPEG2VDEC.DLL
    2009-09-27 19:15:13 ----A---- C:\Windows\system32\mscoree.dll
    2009-09-27 19:15:12 ----A---- C:\Windows\system32\sdohlp.dll
    2009-09-27 19:15:12 ----A---- C:\Windows\system32\imapi2.dll
    2009-09-27 19:15:11 ----A---- C:\Windows\system32\esent.dll
    2009-09-27 19:15:10 ----A---- C:\Windows\system32\IMJP10K.DLL
    2009-09-27 19:15:10 ----A---- C:\Windows\system32\DevicePairing.dll
    2009-09-27 19:15:09 ----A---- C:\Windows\system32\sperror.dll
    2009-09-27 19:15:09 ----A---- C:\Windows\system32\RMActivate_ssp.exe
    2009-09-27 19:15:09 ----A---- C:\Windows\system32\korwbrkr.dll
    2009-09-27 19:15:08 ----A---- C:\Windows\system32\wevtsvc.dll
    2009-09-27 19:15:08 ----A---- C:\Windows\system32\PresentationHostProxy.dll
    2009-09-27 19:15:07 ----A---- C:\Windows\system32\SLC.dll
    2009-09-27 19:15:07 ----A---- C:\Windows\system32\RMActivate_ssp_isv.exe
    2009-09-27 19:15:07 ----A---- C:\Windows\system32\msshsq.dll
    2009-09-27 19:15:07 ----A---- C:\Windows\system32\IasMigReader.exe
    2009-09-27 19:15:05 ----A---- C:\Windows\system32\msjet40.dll
    2009-09-27 19:15:05 ----A---- C:\Windows\system32\MPSSVC.dll
    2009-09-27 19:15:04 ----A---- C:\Windows\system32\msxml6.dll
    2009-09-27 19:15:03 ----A---- C:\Windows\system32\Query.dll
    2009-09-27 19:15:03 ----A---- C:\Windows\system32\qmgr.dll
    2009-09-27 19:15:02 ----A---- C:\Windows\system32\msexch40.dll
    2009-09-27 19:15:02 ----A---- C:\Windows\system32\diagperf.dll
    2009-09-27 19:15:01 ----A---- C:\Windows\system32\P2PGraph.dll
    2009-09-27 19:15:01 ----A---- C:\Windows\system32\ole32.dll
    2009-09-27 19:15:01 ----A---- C:\Windows\system32\ntdll.dll
    2009-09-27 19:15:00 ----A---- C:\Windows\system32\srchadmin.dll
    2009-09-27 19:15:00 ----A---- C:\Windows\system32\msxml3.dll
    2009-09-27 19:14:59 ----A---- C:\Windows\system32\winload.exe
    2009-09-27 19:14:59 ----A---- C:\Windows\system32\mblctr.exe
    2009-09-27 19:14:59 ----A---- C:\Windows\system32\EncDec.dll
    2009-09-27 19:14:58 ----A---- C:\Windows\system32\uDWM.dll
    2009-09-27 19:14:58 ----A---- C:\Windows\system32\mmc.exe
    2009-09-27 19:14:58 ----A---- C:\Windows\system32\IasMigPlugin.dll
    2009-09-27 19:14:58 ----A---- C:\Windows\system32\dfsr.exe
    2009-09-27 19:14:57 ----A---- C:\Windows\system32\riched20.dll
    2009-09-27 19:14:57 ----A---- C:\Windows\system32\fdBth.dll
    2009-09-27 19:14:56 ----A---- C:\Windows\system32\RacEngn.dll
    2009-09-27 19:14:55 ----A---- C:\Windows\system32\SearchProtocolHost.exe
    2009-09-27 19:14:55 ----A---- C:\Windows\system32\SearchFilterHost.exe
    2009-09-27 19:14:55 ----A---- C:\Windows\system32\milcore.dll
    2009-09-27 19:14:55 ----A---- C:\Windows\system32\kernel32.dll
    2009-09-27 19:14:55 ----A---- C:\Windows\system32\EhStorAPI.dll
    2009-09-27 19:14:55 ----A---- C:\Windows\system32\CertEnroll.dll
    2009-09-27 19:14:54 ----A---- C:\Windows\system32\spoolss.dll
    2009-09-27 19:14:54 ----A---- C:\Windows\system32\schedsvc.dll
    2009-09-27 19:14:54 ----A---- C:\Windows\system32\NaturalLanguage6.dll
    2009-09-27 19:14:53 ----A---- C:\Windows\system32\msjtes40.dll
    2009-09-27 19:14:53 ----A---- C:\Windows\system32\AuxiliaryDisplayDriverLib.dll
    2009-09-27 19:14:52 ----A---- C:\Windows\system32\msvcp60.dll
    2009-09-27 19:14:52 ----A---- C:\Windows\system32\infocardapi.dll
    2009-09-27 19:14:52 ----A---- C:\Windows\system32\gpedit.dll
    2009-09-27 19:14:51 ----A---- C:\Windows\system32\WinSAT.exe
    2009-09-27 19:14:50 ----A---- C:\Windows\system32\PresentationSettings.exe
    2009-09-27 19:14:50 ----A---- C:\Windows\system32\es.dll
    2009-09-27 19:14:49 ----A---- C:\Windows\system32\mstext40.dll
    2009-09-27 19:14:49 ----A---- C:\Windows\system32\Magnify.exe
    2009-09-27 19:14:49 ----A---- C:\Windows\system32\AuxiliaryDisplayServices.dll
    2009-09-27 19:14:49 ----A---- C:\Windows\system32\advapi32.dll
    2009-09-27 19:14:47 ----A---- C:\Windows\system32\WMPhoto.dll
    2009-09-27 19:14:47 ----A---- C:\Windows\system32\WebClnt.dll
    2009-09-27 19:14:46 ----A---- C:\Windows\system32\slwmi.dll
    2009-09-27 19:14:46 ----A---- C:\Windows\system32\msxbde40.dll
    2009-09-27 19:14:46 ----A---- C:\Windows\system32\msexcl40.dll
    2009-09-27 19:14:46 ----A---- C:\Windows\system32\comsvcs.dll
    2009-09-27 19:14:45 ----A---- C:\Windows\system32\WindowsAnytimeUpgradeCPL.dll
    2009-09-27 19:14:45 ----A---- C:\Windows\system32\vssapi.dll
    2009-09-27 19:14:44 ----A---- C:\Windows\system32\NetProjW.dll
    2009-09-27 19:14:44 ----A---- C:\Windows\system32\authui.dll
    2009-09-27 19:14:43 ----A---- C:\Windows\system32\PresentationHost.exe
    2009-09-27 19:14:43 ----A---- C:\Windows\system32\msrepl40.dll
    2009-09-27 19:14:42 ----A---- C:\Windows\system32\propsys.dll
    2009-09-27 19:14:42 ----A---- C:\Windows\system32\PresentationCFFRasterizerNative_v0300.dll
    2009-09-27 19:14:42 ----A---- C:\Windows\system32\newdev.dll
    2009-09-27 19:14:42 ----A---- C:\Windows\system32\iasrecst.dll
    2009-09-27 19:14:42 ----A---- C:\Windows\system32\gpsvc.dll
    2009-09-27 19:14:41 ----A---- C:\Windows\system32\eudcedit.exe
    2009-09-27 19:14:41 ----A---- C:\Windows\system32\crypt32.dll
    2009-09-27 19:14:41 ----A---- C:\Windows\explorer.exe
    2009-09-27 19:14:40 ----A---- C:\Windows\system32\setupapi.dll
    2009-09-27 19:14:40 ----A---- C:\Windows\system32\rpcss.dll
    2009-09-27 19:14:40 ----A---- C:\Windows\system32\mspbde40.dll
    2009-09-27 19:14:40 ----A---- C:\Windows\system32\d3d9.dll
    2009-09-27 19:14:39 ----A---- C:\Windows\system32\msltus40.dll
    2009-09-27 19:14:39 ----A---- C:\Windows\system32\davclnt.dll
    2009-09-27 19:14:38 ----A---- C:\Windows\system32\shlwapi.dll
    2009-09-27 19:14:38 ----A---- C:\Windows\system32\msrd3x40.dll
    2009-09-27 19:14:38 ----A---- C:\Windows\system32\msdtctm.dll
    2009-09-27 19:14:38 ----A---- C:\Windows\system32\mfc42.dll
    2009-09-27 19:14:38 ----A---- C:\Windows\system32\EhStorPwdMgr.dll
    2009-09-27 19:14:38 ----A---- C:\Windows\system32\EhStorAuthn.dll
    2009-09-27 19:14:37 ----A---- C:\Windows\system32\wevtapi.dll
    2009-09-27 19:14:37 ----A---- C:\Windows\system32\photowiz.dll
    2009-09-27 19:14:37 ----A---- C:\Windows\system32\nlhtml.dll
    2009-09-27 19:14:37 ----A---- C:\Windows\system32\browseui.dll
    2009-09-27 19:14:35 ----A---- C:\Windows\system32\user32.dll
    2009-09-27 19:14:35 ----A---- C:\Windows\system32\samsrv.dll
    2009-09-27 19:14:34 ----A---- C:\Windows\system32\win32spl.dll
    2009-09-27 19:14:34 ----A---- C:\Windows\system32\quartz.dll
    2009-09-27 19:14:34 ----A---- C:\Windows\system32\ci.dll
    2009-09-27 19:14:33 ----A---- C:\Windows\system32\WcnNetsh.dll
    2009-09-27 19:14:33 ----A---- C:\Windows\system32\SLCommDlg.dll
    2009-09-27 19:14:33 ----A---- C:\Windows\system32\printfilterpipelinesvc.exe
    2009-09-27 19:14:33 ----A---- C:\Windows\system32\oleaut32.dll
    2009-09-27 19:14:32 ----A---- C:\Windows\system32\netshell.dll
    2009-09-27 19:14:32 ----A---- C:\Windows\system32\IKEEXT.DLL
    2009-09-27 19:14:31 ----A---- C:\Windows\system32\winhttp.dll
    2009-09-27 19:14:31 ----A---- C:\Windows\system32\mswstr10.dll
    2009-09-27 19:14:31 ----A---- C:\Windows\system32\compcln.exe
    2009-09-27 19:14:31 ----A---- C:\Windows\system32\apds.dll
    2009-09-27 19:14:30 ----A---- C:\Windows\system32\xmlfilter.dll
    2009-09-27 19:14:30 ----A---- C:\Windows\system32\msctf.dll
    2009-09-27 19:14:30 ----A---- C:\Windows\system32\emdmgmt.dll
    2009-09-27 19:14:30 ----A---- C:\Windows\system32\audiosrv.dll
    2009-09-27 19:14:29 ----A---- C:\Windows\system32\QAGENTRT.DLL
    2009-09-27 19:14:29 ----A---- C:\Windows\system32\msvcrt.dll
    2009-09-27 19:14:29 ----A---- C:\Windows\system32\gdi32.dll
    2009-09-27 19:14:28 ----A---- C:\Windows\system32\VSSVC.exe
    2009-09-27 19:14:28 ----A---- C:\Windows\system32\SLUI.exe
    2009-09-27 19:14:28 ----A---- C:\Windows\system32\mfc42u.dll
    2009-09-27 19:14:28 ----A---- C:\Windows\system32\iphlpsvc.dll
    2009-09-27 19:14:28 ----A---- C:\Windows\system32\eapphost.dll
    2009-09-27 19:14:27 ----A---- C:\Windows\system32\sqlsrv32.dll
    2009-09-27 19:14:27 ----A---- C:\Windows\system32\msrd2x40.dll
    2009-09-27 19:14:26 ----A---- C:\Windows\system32\winresume.exe
    2009-09-27 19:14:26 ----A---- C:\Windows\system32\propdefs.dll
    2009-09-27 19:14:26 ----A---- C:\Windows\system32\odbc32.dll
    2009-09-27 19:14:25 ----A---- C:\Windows\system32\shdocvw.dll
    2009-09-27 19:14:24 ----A---- C:\Windows\system32\wevtutil.exe
    2009-09-27 19:14:24 ----A---- C:\Windows\system32\dbgeng.dll
    2009-09-27 19:14:23 ----A---- C:\Windows\system32\mssitlb.dll
    2009-09-27 19:14:22 ----A---- C:\Windows\system32\WsmSvc.dll
    2009-09-27 19:14:22 ----A---- C:\Windows\system32\swprv.dll
    2009-09-27 19:14:22 ----A---- C:\Windows\system32\mmcndmgr.dll
    2009-09-27 19:14:21 ----A---- C:\Windows\system32\usp10.dll
    2009-09-27 19:14:20 ----A---- C:\Windows\system32\vds.exe
    2009-09-27 19:14:20 ----A---- C:\Windows\system32\netlogon.dll
    2009-09-27 19:14:20 ----A---- C:\Windows\system32\msctfp.dll
    2009-09-27 19:14:20 ----A---- C:\Windows\system32\fdBthProxy.dll
    2009-09-27 19:14:20 ----A---- C:\Windows\system32\drvinst.exe
    2009-09-27 19:14:20 ----A---- C:\Windows\system32\devmgr.dll
    2009-09-27 19:14:19 ----A---- C:\Windows\system32\msscb.dll
    2009-09-27 19:14:19 ----A---- C:\Windows\system32\DevicePairingProxy.dll
    2009-09-27 19:14:19 ----A---- C:\Windows\system32\BFE.DLL
    2009-09-27 19:14:19 ----A---- C:\Windows\system32\adsldpc.dll
    2009-09-27 19:14:18 ----A---- C:\Windows\system32\WSDApi.dll
    2009-09-27 19:14:18 ----A---- C:\Windows\system32\WMVSDECD.DLL
    2009-09-27 19:14:18 ----A---- C:\Windows\system32\Wldap32.dll
    2009-09-27 19:14:18 ----A---- C:\Windows\system32\wcnwiz.dll
    2009-09-27 19:14:18 ----A---- C:\Windows\system32\PhotoMetadataHandler.dll
    2009-09-27 19:14:18 ----A---- C:\Windows\system32\evr.dll
    2009-09-27 19:14:17 ----A---- C:\Windows\system32\WindowsCodecs.dll
    2009-09-27 19:14:17 ----A---- C:\Windows\system32\services.exe
    2009-09-27 19:14:16 ----A---- C:\Windows\system32\wercon.exe
    2009-09-27 19:14:16 ----A---- C:\Windows\system32\wcncsvc.dll
    2009-09-27 19:14:16 ----A---- C:\Windows\system32\mimefilt.dll
    2009-09-27 19:14:16 ----A---- C:\Windows\system32\comdlg32.dll
    2009-09-27 19:14:16 ----A---- C:\Windows\system32\adtschema.dll
    2009-09-27 19:14:15 ----A---- C:\Windows\system32\PortableDeviceApi.dll
    2009-09-27 19:14:15 ----A---- C:\Windows\system32\msjter40.dll
    2009-09-27 19:14:15 ----A---- C:\Windows\system32\msdtcprx.dll
    2009-09-27 19:14:15 ----A---- C:\Windows\system32\msdrm.dll
    2009-09-27 19:14:15 ----A---- C:\Windows\system32\ipsmsnap.dll
    2009-09-27 19:14:15 ----A---- C:\Windows\system32\certcli.dll
    2009-09-27 19:14:14 ----A---- C:\Windows\system32\umpnpmgr.dll
    2009-09-27 19:14:14 ----A---- C:\Windows\system32\taskeng.exe
    2009-09-27 19:14:14 ----A---- C:\Windows\system32\rtffilt.dll
    2009-09-27 19:14:14 ----A---- C:\Windows\system32\reg.exe
    2009-09-27 19:14:14 ----A---- C:\Windows\system32\mswdat10.dll
    2009-09-27 19:14:14 ----A---- C:\Windows\system32\dnsapi.dll
    2009-09-27 19:14:13 ----A---- C:\Windows\system32\WMNetMgr.dll
    2009-09-27 19:14:13 ----A---- C:\Windows\system32\w32time.dll
    2009-09-27 19:14:13 ----A---- C:\Windows\system32\certutil.exe
    2009-09-27 19:14:12 ----A---- C:\Windows\system32\msshooks.dll
    2009-09-27 19:14:12 ----A---- C:\Windows\system32\IPSECSVC.DLL
    2009-09-27 19:14:12 ----A---- C:\Windows\system32\bcrypt.dll
    2009-09-27 19:14:11 ----A---- C:\Windows\system32\rsaenh.dll
    2009-09-27 19:14:11 ----A---- C:\Windows\system32\msscntrs.dll
    2009-09-27 19:14:11 ----A---- C:\Windows\system32\msihnd.dll
    2009-09-27 19:14:11 ----A---- C:\Windows\system32\bthserv.dll
    2009-09-27 19:14:10 ----A---- C:\Windows\system32\TsWpfWrp.exe
    2009-09-27 19:14:10 ----A---- C:\Windows\system32\msstrc.dll
    2009-09-27 19:14:10 ----A---- C:\Windows\system32\MMDevAPI.dll
    2009-09-27 19:14:10 ----A---- C:\Windows\system32\inetcomm.dll
    2009-09-27 19:14:09 ----A---- C:\Windows\system32\netapi32.dll
    2009-09-27 19:14:09 ----A---- C:\Windows\system32\mtxclu.dll
    2009-09-27 19:14:09 ----A---- C:\Windows\system32\inetpp.dll
    2009-09-27 19:14:09 ----A---- C:\Windows\system32\hidserv.dll
    2009-09-27 19:14:09 ----A---- C:\Windows\system32\fundisc.dll
    2009-09-27 19:14:09 ----A---- C:\Windows\system32\dfshim.dll
    2009-09-27 19:14:09 ----A---- C:\Windows\system32\cryptsvc.dll
    2009-09-27 19:14:08 ----A---- C:\Windows\system32\wmicmiplugin.dll
    2009-09-27 19:14:08 ----A---- C:\Windows\system32\termsrv.dll
    2009-09-27 19:14:08 ----A---- C:\Windows\system32\profsvc.dll
    2009-09-27 19:14:08 ----A---- C:\Windows\system32\mscories.dll
    2009-09-27 19:14:08 ----A---- C:\Windows\system32\dhcpcsvc6.dll
    2009-09-27 19:14:06 ----A---- C:\Windows\system32\wdc.dll
    2009-09-27 19:14:06 ----A---- C:\Windows\system32\shsvcs.dll
    2009-09-27 19:14:06 ----A---- C:\Windows\system32\msiexec.exe
    2009-09-27 19:14:06 ----A---- C:\Windows\system32\imapi.dll
    2009-09-27 19:14:05 ----A---- C:\Windows\system32\rasmans.dll
    2009-09-27 19:14:05 ----A---- C:\Windows\system32\iassdo.dll
    2009-09-27 19:14:05 ----A---- C:\Windows\system32\chsbrkr.dll
    2009-09-27 19:14:04 ----A---- C:\Windows\system32\spoolsv.exe
    2009-09-27 19:14:04 ----A---- C:\Windows\system32\pnidui.dll
    2009-09-27 19:14:04 ----A---- C:\Windows\system32\icardres.dll
    2009-09-27 19:14:04 ----A---- C:\Windows\system32\autofmt.exe
    2009-09-27 19:14:03 ----A---- C:\Windows\system32\wersvc.dll
    2009-09-27 19:14:03 ----A---- C:\Windows\system32\slmgr.vbs
    2009-09-27 19:14:03 ----A---- C:\Windows\system32\scrrun.dll
    2009-09-27 19:14:03 ----A---- C:\Windows\system32\PSHED.DLL
    2009-09-27 19:14:03 ----A---- C:\Windows\system32\pdh.dll
    2009-09-27 19:14:03 ----A---- C:\Windows\system32\dhcpcsvc.dll
    2009-09-27 19:14:02 ----A---- C:\Windows\system32\pidgenx.dll
    2009-09-27 19:14:02 ----A---- C:\Windows\system32\CertEnrollUI.dll
    2009-09-27 19:14:02 ----A---- C:\Windows\system32\azroles.dll
    2009-09-27 19:14:01 ----A---- C:\Windows\system32\wmpmde.dll
    2009-09-27 19:14:01 ----A---- C:\Windows\system32\winlogon.exe
    2009-09-27 19:14:00 ----A---- C:\Windows\system32\SyncCenter.dll
    2009-09-27 19:13:59 ----A---- C:\Windows\system32\SLUINotify.dll
    2009-09-27 19:13:59 ----A---- C:\Windows\system32\msjetoledb40.dll
    2009-09-27 19:13:59 ----A---- C:\Windows\system32\comuid.dll
    2009-09-27 19:13:58 ----A---- C:\Windows\system32\sethc.exe
    2009-09-27 19:13:58 ----A---- C:\Windows\system32\ncrypt.dll
    2009-09-27 19:13:58 ----A---- C:\Windows\system32\kd1394.dll
    2009-09-27 19:13:58 ----A---- C:\Windows\system32\certmgr.dll
    2009-09-27 19:13:57 ----A---- C:\Windows\system32\wisptis.exe
    2009-09-27 19:13:57 ----A---- C:\Windows\system32\WindowsCodecsExt.dll
    2009-09-27 19:13:57 ----A---- C:\Windows\system32\untfs.dll
    2009-09-27 19:13:57 ----A---- C:\Windows\system32\spp.dll
    2009-09-27 19:13:57 ----A---- C:\Windows\system32\scrobj.dll
    2009-09-27 19:13:57 ----A---- C:\Windows\system32\rtutils.dll
    2009-09-27 19:13:57 ----A---- C:\Windows\system32\iassam.dll
    2009-09-27 19:13:57 ----A---- C:\Windows\system32\dwm.exe
    2009-09-27 19:13:56 ----A---- C:\Windows\system32\taskcomp.dll
    2009-09-27 19:13:56 ----A---- C:\Windows\system32\autochk.exe
    2009-09-27 19:13:55 ----A---- C:\Windows\system32\printui.dll
    2009-09-27 19:13:55 ----A---- C:\Windows\system32\iasnap.dll
    2009-09-27 19:13:55 ----A---- C:\Windows\system32\autoconv.exe
    2009-09-27 19:13:54 ----A---- C:\Windows\system32\winsrv.dll
    2009-09-27 19:13:54 ----A---- C:\Windows\system32\onex.dll
    2009-09-27 19:13:54 ----A---- C:\Windows\system32\kdcom.dll
    2009-09-27 19:13:54 ----A---- C:\Windows\system32\cscript.exe
    2009-09-27 19:13:54 ----A---- C:\Windows\system32\basecsp.dll
    2009-09-27 19:13:53 ----A---- C:\Windows\system32\wow32.dll
    2009-09-27 19:13:53 ----A---- C:\Windows\system32\userenv.dll
    2009-09-27 19:13:53 ----A---- C:\Windows\system32\osk.exe
    2009-09-27 19:13:53 ----A---- C:\Windows\system32\audiodg.exe
    2009-09-27 19:13:52 ----A---- C:\Windows\system32\mswsock.dll
    2009-09-27 19:13:51 ----A---- C:\Windows\system32\winmm.dll
    2009-09-27 19:13:51 ----A---- C:\Windows\system32\spcmsg.dll
    2009-09-27 19:13:51 ----A---- C:\Windows\system32\RelMon.dll
    2009-09-27 19:13:51 ----A---- C:\Windows\system32\rdpencom.dll
    2009-09-27 19:13:51 ----A---- C:\Windows\system32\kdusb.dll
    2009-09-27 19:13:50 ----A---- C:\Windows\system32\WinSCard.dll
    2009-09-27 19:13:50 ----A---- C:\Windows\system32\WerFaultSecure.exe
    2009-09-27 19:13:50 ----A---- C:\Windows\system32\offfilt.dll
    2009-09-27 19:13:50 ----A---- C:\Windows\system32\msftedit.dll
    2009-09-27 19:13:50 ----A---- C:\Windows\system32\dnsrslvr.dll
    2009-09-27 19:13:48 ----A---- C:\Windows\system32\wsepno.dll
    2009-09-27 19:13:48 ----A---- C:\Windows\system32\WerFault.exe
    2009-09-27 19:13:48 ----A---- C:\Windows\system32\Utilman.exe
    2009-09-27 19:13:48 ----A---- C:\Windows\system32\secproc_ssp_isv.dll
    2009-09-27 19:13:48 ----A---- C:\Windows\system32\secproc_ssp.dll
    2009-09-27 19:13:47 ----A---- C:\Windows\system32\stobject.dll
    2009-09-27 19:13:47 ----A---- C:\Windows\system32\SndVol.exe
    2009-09-27 19:13:47 ----A---- C:\Windows\system32\mscms.dll
    2009-09-27 19:13:47 ----A---- C:\Windows\system32\mfplat.dll
    2009-09-27 19:13:47 ----A---- C:\Windows\system32\mcmde.dll
    2009-09-27 19:13:47 ----A---- C:\Windows\system32\diskraid.exe
    2009-09-27 19:13:47 ----A---- C:\Windows\system32\apphelp.dll
    2009-09-27 19:13:46 ----A---- C:\Windows\system32\wiaservc.dll
    2009-09-27 19:13:46 ----A---- C:\Windows\system32\sysclass.dll
    2009-09-27 19:13:46 ----A---- C:\Windows\system32\prnntfy.dll
    2009-09-27 19:13:46 ----A---- C:\Windows\system32\odbccp32.dll
    2009-09-27 19:13:46 ----A---- C:\Windows\system32\msnetobj.dll
    2009-09-27 19:13:46 ----A---- C:\Windows\system32\adsmsext.dll
    2009-09-27 19:13:45 ----A---- C:\Windows\system32\wscript.exe
    2009-09-27 19:13:45 ----A---- C:\Windows\system32\ulib.dll
    2009-09-27 19:13:45 ----A---- C:\Windows\system32\iasdatastore.dll
    2009-09-27 19:13:45 ----A---- C:\Windows\system32\dsound.dll
    2009-09-27 19:13:45 ----A---- C:\Windows\system32\cryptui.dll
    2009-09-27 19:13:44 ----A---- C:\Windows\system32\wscntfy.dll
    2009-09-27 19:13:44 ----A---- C:\Windows\system32\rastapi.dll
    2009-09-27 19:13:44 ----A---- C:\Windows\system32\pnpsetup.dll
    2009-09-27 19:13:44 ----A---- C:\Windows\system32\ipsecsnp.dll
    2009-09-27 19:13:44 ----A---- C:\Windows\system32\IPHLPAPI.DLL
    2009-09-27 19:13:44 ----A---- C:\Windows\system32\fdProxy.dll
    2009-09-27 19:13:43 ----A---- C:\Windows\system32\wscsvc.dll
    2009-09-27 19:13:43 ----A---- C:\Windows\system32\wlangpui.dll
    2009-09-27 19:13:43 ----A---- C:\Windows\system32\vdsdyn.dll
    2009-09-27 19:13:43 ----A---- C:\Windows\system32\rastls.dll
    2009-09-27 19:13:43 ----A---- C:\Windows\system32\iashlpr.dll
    2009-09-27 19:13:43 ----A---- C:\Windows\system32\gpapi.dll
    2009-09-27 19:13:43 ----A---- C:\Windows\system32\diskpart.exe
    2009-09-27 19:13:43 ----A---- C:\Windows\system32\brcpl.dll
    2009-09-27 19:13:42 ----A---- C:\Windows\system32\WMVENCOD.DLL
    2009-09-27 19:13:42 ----A---- C:\Windows\system32\regsvc.dll
    2009-09-27 19:13:42 ----A---- C:\Windows\system32\rasapi32.dll
    2009-09-27 19:13:42 ----A---- C:\Windows\system32\ntprint.dll
    2009-09-27 19:13:42 ----A---- C:\Windows\system32\mscorier.dll
    2009-09-27 19:13:42 ----A---- C:\Windows\system32\logman.exe
    2009-09-27 19:13:41 ----A---- C:\Windows\system32\zipfldr.dll
    2009-09-27 19:13:41 ----A---- C:\Windows\system32\wusa.exe
    2009-09-27 19:13:41 ----A---- C:\Windows\system32\wshext.dll
    2009-09-27 19:13:41 ----A---- C:\Windows\system32\iasrad.dll
    2009-09-27 19:13:41 ----A---- C:\Windows\system32\findstr.exe
    2009-09-27 19:13:40 ----A---- C:\Windows\system32\wpccpl.dll
    2009-09-27 19:13:40 ----A---- C:\Windows\system32\netcenter.dll
    2009-09-27 19:13:39 ----A---- C:\Windows\system32\wsnmp32.dll
    2009-09-27 19:13:39 ----A---- C:\Windows\system32\wer.dll
    2009-09-27 19:13:39 ----A---- C:\Windows\system32\rasdlg.dll
    2009-09-27 19:13:39 ----A---- C:\Windows\system32\iassvcs.dll
    2009-09-27 19:13:38 ----A---- C:\Windows\system32\themecpl.dll
    2009-09-27 19:13:37 ----A---- C:\Windows\system32\uxsms.dll
    2009-09-27 19:13:37 ----A---- C:\Windows\system32\tsbyuv.dll
    2009-09-27 19:13:37 ----A---- C:\Windows\system32\srvsvc.dll
    2009-09-27 19:13:37 ----A---- C:\Windows\system32\mssprxy.dll
    2009-09-27 19:13:36 ----A---- C:\Windows\system32\slcc.dll
    2009-09-27 19:13:36 ----A---- C:\Windows\system32\scansetting.dll
    2009-09-27 19:13:36 ----A---- C:\Windows\system32\ntmarta.dll
    2009-09-27 19:13:36 ----A---- C:\Windows\system32\msutb.dll
    2009-09-27 19:13:36 ----A---- C:\Windows\system32\mstlsapi.dll
    2009-09-27 19:13:36 ----A---- C:\Windows\system32\iasads.dll
    2009-09-27 19:13:35 ----A---- C:\Windows\system32\powrprof.dll
    2009-09-27 19:13:35 ----A---- C:\Windows\system32\powercpl.dll
    2009-09-27 19:13:35 ----A---- C:\Windows\system32\networkmap.dll
    2009-09-27 19:13:35 ----A---- C:\Windows\system32\mstsc.exe
    2009-09-27 19:13:35 ----A---- C:\Windows\system32\iasacct.dll
    2009-09-27 19:13:34 ----A---- C:\Windows\system32\PerfCenterCPL.dll
    2009-09-27 19:13:34 ----A---- C:\Windows\system32\authz.dll
    2009-09-27 19:13:33 ----A---- C:\Windows\system32\sud.dll
    2009-09-27 19:13:33 ----A---- C:\Windows\system32\newdev.exe
    2009-09-27 19:13:33 ----A---- C:\Windows\system32\dot3svc.dll
    2009-09-27 19:13:33 ----A---- C:\Windows\system32\connect.dll
    2009-09-27 19:13:32 ----A---- C:\Windows\system32\themeui.dll
    2009-09-27 19:13:32 ----A---- C:\Windows\system32\systemcpl.dll
    2009-09-27 19:13:32 ----A---- C:\Windows\system32\samlib.dll
    2009-09-27 19:13:32 ----A---- C:\Windows\system32\pcaui.dll
    2009-09-27 19:13:32 ----A---- C:\Windows\system32\accessibilitycpl.dll
    2009-09-27 19:13:31 ----A---- C:\Windows\system32\usercpl.dll
    2009-09-27 19:13:31 ----A---- C:\Windows\system32\mmci.dll
    2009-09-27 19:13:31 ----A---- C:\Windows\system32\autoplay.dll
    2009-09-27 19:13:30 ----A---- C:\Windows\system32\wlanpref.dll
    2009-09-27 19:13:30 ----A---- C:\Windows\system32\rpchttp.dll
    2009-09-27 19:13:30 ----A---- C:\Windows\system32\regapi.dll
    2009-09-27 19:13:30 ----A---- C:\Windows\system32\qdvd.dll
    2009-09-27 19:13:29 ----A---- C:\Windows\system32\wpcao.dll
    2009-09-27 19:13:29 ----A---- C:\Windows\system32\vdsutil.dll
    2009-09-27 19:13:29 ----A---- C:\Windows\system32\msinfo32.exe
    2009-09-27 19:13:28 ----A---- C:\Windows\system32\tapisrv.dll
    2009-09-27 19:13:28 ----A---- C:\Windows\system32\scksp.dll
    2009-09-27 19:13:28 ----A---- C:\Windows\system32\scesrv.dll
    2009-09-27 19:13:28 ----A---- C:\Windows\system32\psisdecd.dll
    2009-09-27 19:13:28 ----A---- C:\Windows\system32\oleprn.dll
    2009-09-27 19:13:28 ----A---- C:\Windows\system32\mpr.dll
    2009-09-27 19:13:28 ----A---- C:\Windows\system32\feclient.dll
    2009-09-27 19:13:27 ----A---- C:\Windows\system32\imm32.dll
    2009-09-27 19:13:27 ----A---- C:\Windows\system32\AudioSes.dll
    2009-09-27 19:13:26 ----A---- C:\Windows\system32\wscisvif.dll
    2009-09-27 19:13:26 ----A---- C:\Windows\system32\sdclt.exe
    2009-09-27 19:13:26 ----A---- C:\Windows\system32\rekeywiz.exe
    2009-09-27 19:13:26 ----A---- C:\Windows\system32\iaspolcy.dll
    2009-09-27 19:13:26 ----A---- C:\Windows\system32\Faultrep.dll
    2009-09-27 19:13:26 ----A---- C:\Windows\system32\dot3msm.dll
    2009-09-27 19:13:26 ----A---- C:\Windows\system32\DeviceEject.exe
    2009-09-27 19:13:25 ----A---- C:\Windows\system32\qedit.dll
    2009-09-27 19:13:25 ----A---- C:\Windows\system32\pnpui.dll
    2009-09-27 19:13:25 ----A---- C:\Windows\system32\perfdisk.dll
    2009-09-27 19:13:25 ----A---- C:\Windows\system32\ncryptui.dll
    2009-09-27 19:13:25 ----A---- C:\Windows\system32\dpapimig.exe
    2009-09-27 19:13:25 ----A---- C:\Windows\system32\certreq.exe
    2009-09-27 19:13:24 ----A---- C:\Windows\system32\scecli.dll
    2009-09-27 19:13:24 ----A---- C:\Windows\system32\rasgcw.dll
    2009-09-27 19:13:24 ----A---- C:\Windows\system32\hdwwiz.exe
    2009-09-27 19:13:24 ----A---- C:\Windows\system32\FWPUCLNT.DLL
    2009-09-27 19:13:23 ----A---- C:\Windows\system32\TSTheme.exe
    2009-09-27 19:13:23 ----A---- C:\Windows\system32\spwinsat.dll
    2009-09-27 19:13:23 ----A---- C:\Windows\system32\SmartcardCredentialProvider.dll
    2009-09-27 19:13:23 ----A---- C:\Windows\system32\rasplap.dll
    2009-09-27 19:13:22 ----A---- C:\Windows\system32\whealogr.dll
    2009-09-27 19:13:22 ----A---- C:\Windows\system32\tcpmon.dll
    2009-09-27 19:13:22 ----A---- C:\Windows\system32\tcpipcfg.dll
    2009-09-27 19:13:22 ----A---- C:\Windows\system32\PnPUnattend.exe
    2009-09-27 19:13:22 ----A---- C:\Windows\system32\fdWSD.dll
    2009-09-27 19:13:22 ----A---- C:\Windows\system32\cmmon32.exe
    2009-09-27 19:13:21 ----A---- C:\Windows\system32\srcore.dll
    2009-09-27 19:13:21 ----A---- C:\Windows\system32\SnippingTool.exe
    2009-09-27 19:13:21 ----A---- C:\Windows\system32\SCardSvr.dll
    2009-09-27 19:13:21 ----A---- C:\Windows\system32\raschap.dll
    2009-09-27 19:13:21 ----A---- C:\Windows\system32\conime.exe
    2009-09-27 19:13:21 ----A---- C:\Windows\system32\cmdial32.dll
    2009-09-27 19:13:20 ----A---- C:\Windows\system32\wiaaut.dll
    2009-09-27 19:13:20 ----A---- C:\Windows\system32\MSVidCtl.dll
    2009-09-27 19:13:20 ----A---- C:\Windows\system32\fontext.dll
    2009-09-27 19:13:19 ----A---- C:\Windows\system32\WMVXENCD.DLL
    2009-09-27 19:13:19 ----A---- C:\Windows\system32\wlanui.dll
    2009-09-27 19:13:19 ----A---- C:\Windows\system32\shwebsvc.dll
    2009-09-27 19:13:19 ----A---- C:\Windows\system32\rasppp.dll
    2009-09-27 19:13:19 ----A---- C:\Windows\system32\PnPutil.exe
    2009-09-27 19:13:19 ----A---- C:\Windows\system32\dsprop.dll
    2009-09-27 19:13:18 ----A---- C:\Windows\system32\oobefldr.dll
    2009-09-27 19:13:18 ----A---- C:\Windows\system32\dimsroam.dll
    2009-09-27 19:13:17 ----A---- C:\Windows\system32\shsetup.dll
    2009-09-27 19:13:17 ----A---- C:\Windows\system32\rasmontr.dll
    2009-09-27 19:13:17 ----A---- C:\Windows\system32\modemui.dll
    2009-09-27 19:13:16 ----A---- C:\Windows\system32\wmdrmsdk.dll
    2009-09-27 19:13:16 ----A---- C:\Windows\system32\mscandui.dll
    2009-09-27 19:13:16 ----A---- C:\Windows\system32\dataclen.dll
    2009-09-27 19:13:16 ----A---- C:\Windows\system32\chtbrkr.dll
    2009-09-27 19:13:15 ----A---- C:\Windows\system32\wlgpclnt.dll
    2009-09-27 19:13:15 ----A---- C:\Windows\system32\smss.exe
    2009-09-27 19:13:15 ----A---- C:\Windows\system32\rdpwsx.dll
    2009-09-27 19:13:15 ----A---- C:\Windows\system32\credui.dll
    2009-09-27 19:13:15 ----A---- C:\Windows\system32\blackbox.dll
    2009-09-27 19:13:14 ----A---- C:\Windows\system32\WSDMon.dll
    2009-09-27 19:13:14 ----A---- C:\Windows\system32\wmpeffects.dll
    2009-09-27 19:13:14 ----A---- C:\Windows\system32\netplwiz.dll
    2009-09-27 19:13:14 ----A---- C:\Windows\system32\certprop.dll
    2009-09-27 19:13:13 ----A---- C:\Windows\system32\wpcsvc.dll
    2009-09-27 19:13:13 ----A---- C:\Windows\system32\networkexplorer.dll
    2009-09-27 19:13:13 ----A---- C:\Windows\system32\ifmon.dll
    2009-09-27 19:13:12 ----A---- C:\Windows\system32\wscapi.dll
    2009-09-27 19:13:12 ----A---- C:\Windows\system32\msscp.dll
    2009-09-27 19:13:12 ----A---- C:\Windows\system32\msimtf.dll
    2009-09-27 19:13:12 ----A---- C:\Windows\system32\logagent.exe
    2009-09-27 19:13:12 ----A---- C:\Windows\system32\InkEd.dll
    2009-09-27 19:13:12 ----A---- C:\Windows\system32\gpresult.exe
    2009-09-27 19:13:12 ----A---- C:\Windows\system32\cipher.exe
    2009-09-27 19:13:11 ----A---- C:\Windows\system32\thawbrkr.dll
    2009-09-27 19:13:11 ----A---- C:\Windows\system32\softkbd.dll
    2009-09-27 19:13:11 ----A---- C:\Windows\system32\sendmail.dll
    2009-09-27 19:13:10 ----A---- C:\Windows\system32\olepro32.dll
    2009-09-27 19:13:10 ----A---- C:\Windows\system32\msctfui.dll
    2009-09-27 19:13:10 ----A---- C:\Windows\system32\MediaMetadataHandler.dll
    2009-09-27 19:13:09 ----A---- C:\Windows\system32\drmmgrtn.dll
    2009-09-27 19:13:09 ----A---- C:\Windows\system32\dmsynth.dll
    2009-09-27 19:13:08 ----A---- C:\Windows\system32\puiapi.dll
    2009-09-27 19:13:08 ----A---- C:\Windows\system32\input.dll
    2009-09-27 19:13:08 ----A---- C:\Windows\system32\ExplorerFrame.dll
    2009-09-27 19:13:08 ----A---- C:\Windows\system32\cdd.dll
    2009-09-27 19:13:07 ----A---- C:\Windows\system32\wshbth.dll
    2009-09-27 19:13:07 ----A---- C:\Windows\system32\version.dll
    2009-09-27 19:13:07 ----A---- C:\Windows\system32\SLLUA.exe
    2009-09-27 19:13:07 ----A---- C:\Windows\system32\msisip.dll
    2009-09-27 19:13:07 ----A---- C:\Windows\system32\mprapi.dll
    2009-09-27 19:13:07 ----A---- C:\Windows\system32\fc.exe
    2009-09-27 19:13:06 ----A---- C:\Windows\system32\MsCtfMonitor.dll
    2009-09-27 19:13:06 ----A---- C:\Windows\system32\fdSSDP.dll
    2009-09-27 19:13:06 ----A---- C:\Windows\system32\dmusic.dll
    2009-09-27 19:13:05 ----A---- C:\Windows\system32\printfilterpipelineprxy.dll
    2009-09-27 19:13:05 ----A---- C:\Windows\system32\PortableDeviceClassExtension.dll
    2009-09-27 19:13:05 ----A---- C:\Windows\system32\msjint40.dll
    2009-09-27 19:13:05 ----A---- C:\Windows\system32\l2nacp.dll
    2009-09-27 19:13:05 ----A---- C:\Windows\system32\ftp.exe
    2009-09-27 19:13:05 ----A---- C:\Windows\system32\eapp3hst.dll
    2009-09-27 19:13:05 ----A---- C:\Windows\system32\cscdll.dll
    2009-09-27 19:13:05 ----A---- C:\Windows\system32\cscapi.dll
    2009-09-27 19:13:04 ----A---- C:\Windows\system32\wsdchngr.dll
    2009-09-27 19:13:04 ----A---- C:\Windows\system32\Storprop.dll
    2009-09-27 19:13:04 ----A---- C:\Windows\system32\SMBHelperClass.dll
    2009-09-27 19:13:04 ----A---- C:\Windows\system32\PortableDeviceTypes.dll
    2009-09-27 19:13:04 ----A---- C:\Windows\system32\bthci.dll
    2009-09-27 19:13:03 ----A---- C:\Windows\system32\rasdial.exe
    2009-09-27 19:13:03 ----A---- C:\Windows\system32\rasdiag.dll
    2009-09-27 19:13:03 ----A---- C:\Windows\system32\fdWCN.dll
    2009-09-27 19:13:03 ----A---- C:\Windows\system32\bthudtask.exe
    2009-09-27 19:13:02 ----A---- C:\Windows\system32\ipconfig.exe
    2009-09-27 19:13:02 ----A---- C:\Windows\system32\eappcfg.dll
    2009-09-27 19:13:02 ----A---- C:\Windows\system32\dot3cfg.dll
    2009-09-27 19:13:02 ----A---- C:\Windows\system32\CHxReadingStringIME.dll
    2009-09-27 19:13:01 ----A---- C:\Windows\system32\tscupgrd.exe
    2009-09-27 19:13:01 ----A---- C:\Windows\system32\slcinst.dll
    2009-09-27 19:13:01 ----A---- C:\Windows\system32\nslookup.exe
    2009-09-27 19:13:01 ----A---- C:\Windows\system32\networkitemfactory.dll
    2009-09-27 19:13:00 ----A---- C:\Windows\system32\ocsetup.exe
    2009-09-27 19:13:00 ----A---- C:\Windows\system32\FwRemoteSvr.dll
    2009-09-27 19:13:00 ----A---- C:\Windows\system32\eappgnui.dll
    2009-09-27 19:12:59 ----A---- C:\Windows\system32\mmcico.dll
    2009-09-27 19:12:59 ----A---- C:\Windows\system32\hbaapi.dll
    2009-09-27 19:12:59 ----A---- C:\Windows\system32\fdeploy.dll
    2009-09-27 19:12:58 ----A---- C:\Windows\system32\PNPXAssoc.dll
    2009-09-27 19:12:57 ----A---- C:\Windows\system32\gpupdate.exe
    2009-09-27 19:12:56 ----A---- C:\Windows\system32\csrstub.exe
    2009-09-27 19:12:56 ----A---- C:\Windows\system32\cbsra.exe
    2009-09-27 19:12:56 ----A---- C:\Windows\system32\bitsigd.dll
    2009-09-27 19:12:55 ----A---- C:\Windows\system32\NcdProp.dll
    2009-09-27 19:12:55 ----A---- C:\Windows\system32\iscsilog.dll
    2009-09-27 19:12:54 ----A---- C:\Windows\system32\vdmdbg.dll
    2009-09-27 19:12:54 ----A---- C:\Windows\system32\slwga.dll
    2009-09-27 19:12:54 ----A---- C:\Windows\system32\odbcconf.dll
    2009-09-27 19:12:54 ----A---- C:\Windows\system32\inetppui.dll
    2009-09-27 19:12:53 ----A---- C:\Windows\system32\winrnr.dll
    2009-09-27 19:12:53 ----A---- C:\Windows\system32\midimap.dll
    2009-09-27 19:12:47 ----A---- C:\Windows\system32\msimsg.dll
    2009-09-27 19:12:47 ----A---- C:\Windows\system32\f3ahvoas.dll
    2009-09-27 19:12:15 ----A---- C:\Windows\system32\SmiEngine.dll
    2009-09-27 19:12:09 ----A---- C:\Windows\system32\wdscore.dll
    2009-09-27 19:12:09 ----A---- C:\Windows\system32\PkgMgr.exe
    2009-09-27 19:12:01 ----A---- C:\Windows\system32\drvstore.dll
    2009-09-27 10:37:42 ----A---- C:\Windows\system32\wlansvc.dll
    2009-09-27 10:37:42 ----A---- C:\Windows\system32\wlansec.dll
    2009-09-27 10:37:42 ----A---- C:\Windows\system32\wlanmsm.dll
    2009-09-27 10:37:42 ----A---- C:\Windows\system32\wlanhlp.dll
    2009-09-27 10:37:42 ----A---- C:\Windows\system32\wlanapi.dll
    2009-09-27 10:37:41 ----A---- C:\Windows\system32\L2SecHC.dll
    2009-09-27 10:37:25 ----A---- C:\Windows\system32\jscript.dll
    2009-09-27 10:36:50 ----A---- C:\Windows\system32\t2embed.dll
    2009-09-27 10:36:50 ----A---- C:\Windows\system32\lpk.dll
    2009-09-27 10:36:50 ----A---- C:\Windows\system32\fontsub.dll
    2009-09-27 10:36:50 ----A---- C:\Windows\system32\dciman32.dll
    2009-09-27 10:36:50 ----A---- C:\Windows\system32\atmlib.dll
    2009-09-27 10:36:50 ----A---- C:\Windows\system32\atmfd.dll
    2009-09-27 10:36:44 ----A---- C:\Windows\system32\WMVCORE.DLL
    2009-09-27 10:36:43 ----A---- C:\Windows\system32\mf.dll
    2009-09-27 10:36:42 ----A---- C:\Windows\system32\rrinstaller.exe
    2009-09-27 10:36:42 ----A---- C:\Windows\system32\mfps.dll
    2009-09-27 10:36:42 ----A---- C:\Windows\system32\mfpmp.exe
    2009-09-27 10:36:41 ----A---- C:\Windows\system32\mferror.dll
    2009-09-27 10:35:53 ----A---- C:\Windows\system32\atl.dll
    2009-09-27 10:35:52 ----A---- C:\Windows\system32\wkssvc.dll
    2009-09-27 10:35:50 ----A---- C:\Windows\system32\tsgqec.dll
    2009-09-27 10:35:50 ----A---- C:\Windows\system32\mstscax.dll
    2009-09-27 10:35:50 ----A---- C:\Windows\system32\aaclient.dll
    2009-09-27 10:35:42 ----A---- C:\Windows\system32\avifil32.dll
    2009-09-27 10:35:07 ----A---- C:\Windows\system32\mshtml.dll
    2009-09-27 10:35:05 ----A---- C:\Windows\system32\ieframe.dll
    2009-09-27 10:35:04 ----A---- C:\Windows\system32\wininet.dll
    2009-09-27 10:35:04 ----A---- C:\Windows\system32\urlmon.dll
    2009-09-27 10:35:04 ----A---- C:\Windows\system32\occache.dll
    2009-09-27 10:35:04 ----A---- C:\Windows\system32\msfeeds.dll
    2009-09-27 10:35:04 ----A---- C:\Windows\system32\iertutil.dll
    2009-09-27 10:35:03 ----A---- C:\Windows\system32\msfeedssync.exe
    2009-09-27 10:35:03 ----A---- C:\Windows\system32\msfeedsbs.dll
    2009-09-27 10:35:03 ----A---- C:\Windows\system32\jsproxy.dll
    2009-09-27 10:35:03 ----A---- C:\Windows\system32\ieUnatt.exe
    2009-09-27 10:35:03 ----A---- C:\Windows\system32\ieui.dll
    2009-09-27 10:35:03 ----A---- C:\Windows\system32\iesysprep.dll
    2009-09-27 10:35:03 ----A---- C:\Windows\system32\iesetup.dll
    2009-09-27 10:35:03 ----A---- C:\Windows\system32\iernonce.dll
    2009-09-27 10:35:03 ----A---- C:\Windows\system32\iepeers.dll
    2009-09-27 10:35:03 ----A---- C:\Windows\system32\iedkcs32.dll
    2009-09-27 10:35:03 ----A---- C:\Windows\system32\ie4uinit.exe
    2009-09-27 10:34:19 ----A---- C:\Windows\system32\wmp.dll
    2009-09-27 10:34:15 ----A---- C:\Windows\system32\wmpdxm.dll
    2009-09-27 10:34:14 ----A---- C:\Windows\system32\wmploc.DLL
    2009-09-27 10:34:14 ----A---- C:\Windows\system32\spwmp.dll
    2009-09-27 10:34:14 ----A---- C:\Windows\system32\dxmasf.dll
    2009-09-27 10:34:06 ----A---- C:\Windows\system32\gameux.dll
    2009-09-27 10:34:05 ----A---- C:\Windows\system32\Apphlpdm.dll
    2009-09-27 10:34:04 ----A---- C:\Windows\system32\GameUXLegacyGDFs.dll

    ======List of files/folders modified in the last 1 months======

    2009-10-22 10:14:48 ----D---- C:\Windows\Temp
    2009-10-22 10:11:25 ----D---- C:\Windows\system32\catroot
    2009-10-22 10:11:24 ----D---- C:\Windows\system32\catroot2
    2009-10-22 10:11:20 ----D---- C:\Windows\winsxs
    2009-10-22 10:10:56 ----D---- C:\Windows\System32
    2009-10-22 10:10:56 ----D---- C:\Windows\inf
    2009-10-22 10:10:56 ----A---- C:\Windows\system32\PerfStringBackup.INI
    2009-10-22 10:08:25 ----D---- C:\Windows\Tasks
    2009-10-21 16:42:30 ----D---- C:\Windows\Minidump
    2009-10-21 16:42:30 ----D---- C:\Windows
    2009-10-21 15:04:35 ----D---- C:\Windows\Prefetch
    2009-10-21 10:01:19 ----D---- C:\Program Files\Mozilla Firefox
    2009-10-21 02:06:04 ----SHD---- C:\System Volume Information
    2009-10-20 22:26:56 ----RD---- C:\Program Files
    2009-10-19 14:34:56 ----D---- C:\ProgramData\Adobe
    2009-10-19 14:34:34 ----HD---- C:\ProgramData
    2009-10-19 13:57:17 ----SHD---- C:\Windows\Installer
    2009-10-19 13:48:30 ----D---- C:\Program Files\Common Files\Adobe
    2009-10-19 13:48:08 ----D---- C:\Program Files\Adobe
    2009-10-19 11:31:18 ----D---- C:\Windows\system32\drivers
    2009-10-19 10:20:38 ----SD---- C:\Windows\Downloaded Program Files
    2009-10-17 20:27:31 ----D---- C:\Downloads
    2009-10-16 19:00:30 ----D---- C:\Users\paul\AppData\Roaming\IGN2K5
    2009-10-16 10:44:49 ----D---- C:\Windows\Microsoft.NET
    2009-10-16 10:44:48 ----RSD---- C:\Windows\assembly
    2009-10-16 10:37:44 ----D---- C:\Program Files\Windows Mail
    2009-10-16 10:37:43 ----D---- C:\Windows\ehome
    2009-10-16 10:33:45 ----D---- C:\ProgramData\Microsoft Help
    2009-10-15 15:07:06 ----HD---- C:\Program Files\InstallShield Installation Information
    2009-10-15 15:06:05 ----D---- C:\Program Files\Common Files\InstallShield
    2009-10-15 13:43:28 ----HD---- C:\Windows\system32\GroupPolicy
    2009-10-05 12:25:50 ----D---- C:\Program Files\Common Files\System
    2009-10-05 12:21:07 ----DC---- C:\Windows\system32\DRVSTORE
    2009-10-05 12:20:04 ----D---- C:\Program Files\Windows Live
    2009-10-05 10:12:30 ----D---- C:\Windows\system32\zh-TW
    2009-10-05 10:12:30 ----D---- C:\Windows\system32\zh-HK
    2009-10-05 10:12:30 ----D---- C:\Windows\system32\tr-TR
    2009-10-05 10:12:30 ----D---- C:\Windows\system32\sv-SE
    2009-10-05 10:12:30 ----D---- C:\Windows\system32\pt-BR
    2009-10-05 10:12:30 ----D---- C:\Windows\system32\nl-NL
    2009-10-05 10:12:30 ----D---- C:\Windows\system32\nb-NO
    2009-10-05 10:12:30 ----D---- C:\Windows\system32\ko-KR
    2009-10-05 10:12:30 ----D---- C:\Windows\system32\it-IT
    2009-10-05 10:12:30 ----D---- C:\Windows\system32\he-IL
    2009-10-05 10:12:30 ----D---- C:\Windows\system32\fr-FR
    2009-10-05 10:12:30 ----D---- C:\Windows\system32\fi-FI
    2009-10-05 10:12:30 ----D---- C:\Windows\system32\es-ES
    2009-10-05 10:12:30 ----D---- C:\Windows\system32\en-US
    2009-10-05 10:12:30 ----D---- C:\Windows\system32\el-GR
    2009-10-05 10:12:30 ----D---- C:\Windows\system32\de-DE
    2009-10-05 10:12:30 ----D---- C:\Windows\system32\da-DK
    2009-10-05 10:12:30 ----D---- C:\Windows\system32\ar-SA
    2009-10-04 10:26:30 ----D---- C:\Windows\rescache
    2009-10-02 20:01:57 ----A---- C:\Windows\system32\mrt.exe
    2009-09-30 23:21:10 ----SHD---- C:\Boot
    2009-09-30 00:35:56 ----D---- C:\Program Files\Windows Calendar
    2009-09-30 00:35:56 ----D---- C:\Program Files\Movie Maker
    2009-09-30 00:35:54 ----D---- C:\Program Files\Windows Sidebar
    2009-09-30 00:35:54 ----D---- C:\Program Files\Windows Media Player
    2009-09-30 00:35:54 ----D---- C:\Program Files\Internet Explorer
    2009-09-30 00:35:53 ----D---- C:\Program Files\Windows Journal
    2009-09-30 00:35:53 ----D---- C:\Program Files\Windows Collaboration
    2009-09-30 00:35:52 ----D---- C:\Program Files\Windows Photo Gallery
    2009-09-30 00:35:45 ----D---- C:\Windows\servicing
    2009-09-30 00:35:45 ----D---- C:\Program Files\Windows Defender
    2009-09-30 00:35:26 ----D---- C:\Windows\IME
    2009-09-30 00:35:25 ----D---- C:\Windows\system32\XPSViewer
    2009-09-30 00:35:25 ----D---- C:\Windows\system32\sk-SK
    2009-09-30 00:35:25 ----D---- C:\Windows\system32\oobe
    2009-09-30 00:35:25 ----D---- C:\Windows\system32\lv-LV
    2009-09-30 00:35:25 ----D---- C:\Windows\system32\hr-HR
    2009-09-30 00:35:25 ----D---- C:\Windows\system32\et-EE
    2009-09-30 00:35:24 ----D---- C:\Windows\system32\migration
    2009-09-30 00:35:24 ----D---- C:\Windows\system32\fr
    2009-09-30 00:35:21 ----D---- C:\Windows\system32\ru-RU
    2009-09-30 00:35:21 ----D---- C:\Windows\system32\AdvancedInstallers
    2009-09-30 00:35:15 ----D---- C:\Windows\system32\zh-CN
    2009-09-30 00:35:15 ----D---- C:\Windows\system32\uk-UA
    2009-09-30 00:35:15 ----D---- C:\Windows\system32\sr-Latn-CS
    2009-09-30 00:35:15 ----D---- C:\Windows\system32\SLUI
    2009-09-30 00:35:15 ----D---- C:\Windows\system32\sl-SI
    2009-09-30 00:35:15 ----D---- C:\Windows\system32\setup
    2009-09-30 00:35:15 ----D---- C:\Windows\system32\pt-PT
    2009-09-30 00:35:15 ----D---- C:\Windows\system32\pl-PL
    2009-09-30 00:35:15 ----D---- C:\Windows\system32\manifeststore
    2009-09-30 00:35:15 ----D---- C:\Windows\system32\ja-JP
    2009-09-30 00:35:15 ----D---- C:\Windows\system32\hu-HU
    2009-09-30 00:35:15 ----D---- C:\Windows\system32\cs-CZ
    2009-09-30 00:35:15 ----D---- C:\Windows\system32\bg-BG
    2009-09-30 00:35:14 ----D---- C:\Windows\system32\th-TH
    2009-09-30 00:35:14 ----D---- C:\Windows\system32\ro-RO
    2009-09-30 00:35:12 ----D---- C:\Windows\system32\wbem
    2009-09-30 00:35:11 ----D---- C:\Windows\system32\lt-LT
    2009-09-30 00:35:10 ----D---- C:\Windows\system32\migwiz
    2009-09-30 00:34:34 ----RSD---- C:\Windows\Fonts
    2009-09-30 00:34:34 ----D---- C:\Windows\AppPatch
    2009-09-30 00:34:27 ----D---- C:\Windows\system32\Boot
    2009-09-30 00:32:39 ----D---- C:\Windows\system32\RTCOM
    2009-09-26 14:53:18 ----D---- C:\Windows\system32\Tasks
    2009-09-26 14:49:37 ----D---- C:\Windows\PolicyDefinitions

    ======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

    R1 avgio;avgio; \??\C:\Program Files\Avira\AntiVir Desktop\avgio.sys [2009-02-13 11608]
    R1 avipbb;avipbb; C:\Windows\system32\DRIVERS\avipbb.sys [2009-03-30 96104]
    R1 ssmdrv;ssmdrv; C:\Windows\system32\DRIVERS\ssmdrv.sys [2009-07-15 28520]
    R2 avgntflt;avgntflt; C:\Windows\system32\DRIVERS\avgntflt.sys [2009-08-19 55656]
    R3 atikmdag;atikmdag; C:\Windows\system32\DRIVERS\atikmdag.sys [2007-04-11 2589696]
    R3 CmBatt;Pilote pour Batterie à méthode de contrôle ACPI Microsoft; C:\Windows\system32\DRIVERS\CmBatt.sys [2008-01-18 14208]
    R3 GEARAspiWDM;GEAR ASPI Filter Driver; C:\Windows\System32\Drivers\GEARAspiWDM.sys [2009-01-15 23848]
    R3 IntcAzAudAddService;Service for Realtek HD Audio (WDM); C:\Windows\system32\drivers\RTKVHDA.sys [2007-04-10 1764960]
    R3 itecir;ITECIR Infrared Receiver; C:\Windows\system32\DRIVERS\itecir.sys [2007-04-04 46592]
    R3 MODEMCSA;Périphérique de filtrage de flux Uni
    a c 333 8 Sécurité
    a b 9 Windows
    22 Octobre 2009 15:58:32

  • Refais la manip' avec OTM mais en mode sans échec cette fois-ci.

    Pour redémarrer en mode sans échec :
  • Redémarre ton PC.
  • Au démarrage, tapote sur F8 (F5 sur certains PC) juste après l'affichage du BIOS et juste avant le chargement de Windows.
  • Dans le menu d'options avancées, choisis Mode sans échec.
  • Choisis ta session.
    23 Octobre 2009 14:47:23

    All processes killed
    ========== PROCESSES ==========
    No active process named explorer.exe was found!
    ========== REGISTRY ==========
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{5C255C8A-E604-49b4-9D64-90988571CECB}\ deleted successfully.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{5C255C8A-E604-49b4-9D64-90988571CECB}\ not found.
    Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\Application Layer Gateway deleted successfully.
    Registry value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\{ECFF45D9-3FD0-26E2-31D0-1B1BB00476CA} not found.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{ECFF45D9-3FD0-26E2-31D0-1B1BB00476CA}\ not found.
    ========== FILES ==========
    C:\Program Files\Common Files\alq.exe moved successfully.
    ========== COMMANDS ==========

    [EMPTYTEMP]

    User: All Users

    User: Default
    ->Temp folder emptied: 0 bytes
    ->Temporary Internet Files folder emptied: 33170 bytes

    User: Default User
    ->Temp folder emptied: 0 bytes
    ->Temporary Internet Files folder emptied: 0 bytes

    User: paul
    ->Temp folder emptied: 129534 bytes
    ->Temporary Internet Files folder emptied: 3034034 bytes
    ->Java cache emptied: 0 bytes
    ->FireFox cache emptied: 39177469 bytes
    ->Apple Safari cache emptied: 0 bytes

    User: Public

    %systemdrive% .tmp files removed: 0 bytes
    %systemroot% .tmp files removed: 0 bytes
    %systemroot%\System32 .tmp files removed: 675840 bytes
    Windows Temp folder emptied: 90822325 bytes
    RecycleBin emptied: 0 bytes

    Total Files Cleaned = 127,67 mb


    OTM by OldTimer - Version 3.0.0.6 log created on 10232009_143042

    Files moved on Reboot...

    Registry entries deleted on Reboot...
    a c 333 8 Sécurité
    a b 9 Windows
    23 Octobre 2009 15:05:24

    Normalement, ton problème est réglé.

  • Désinstalle Java 6 Update 13.

  • Mets à jour Java.

  • Double-clique sur l'icône d'AntiVir (Parapluie) dans la barre des tâches.
  • Dans AntiVir, choisis Outils puis Configuration.
  • Coche Mode Expert et coche Rech. Rootkit au dém. de la recherche à droite dans Autres réglages puis valide.
  • Fais un scan complet, clique sur Tout réparer si AntiVir trouve quelque chose et poste le rapport.

    Tutoriel : Scanner le(s) disque(s) dur(s)
    23 Octobre 2009 15:35:22

    merci pour ton aide, je suis entrain de faire un scan complet avec Antivir,

    dernière question, est ce que je désinstalle malwarbyte's, OTM et a-squared free?
    a c 333 8 Sécurité
    a b 9 Windows
    23 Octobre 2009 18:24:24

    Tu peux supprimer OTM.

    MBAM, tu peux le conserver.

    Pour a-squared free, c'est à toi de voir.
    Tom's guide dans le monde
    • Allemagne
    • Italie
    • Irlande
    • Royaume Uni
    • Etats Unis
    Suivre Tom's Guide
    Inscrivez-vous à la Newsletter
    • ajouter à twitter
    • ajouter à facebook
    • ajouter un flux RSS