Plusieurs virus et logiciel ne se lançant pas
profit81
Messages postés
15
Statut
Membre
-
jlpjlp Messages postés 52399 Statut Contributeur sécurité -
jlpjlp Messages postés 52399 Statut Contributeur sécurité -
Bonjour,
Voilà depuis le téléchargement un zip qui était plus un virus qu'autre chose, je n'ai que des problèmes.
Pour rien de grave à première vue hormis que avast me trouve à chaque démarrage différent virus tel que BN5.tmp; BN7.tmp; VRT9.tmp etc.
en plus de cela avast me dit au démarrage qu'il a bloqué un site dns:irc.zief.pl et j'ai l'impression que s'est la cause de tous mes soucis car après que ce message apparait les virus arrivent
Car après avoir utilisé Malwarebytes' Anti-Malware; SmitfraudFix; spybot; ad-aware; clean up; ccleaner, je me retrouve au démarrage avec d'autre virus.
Le pire c'est qu'en utilisant certains de ces programmes ils m'ont supprimer sans doute des fichiers importants puisque emule ne veut plus se lancer, ni tweak xp pro.
ogfile of Trend Micro HijackThis v2.0.2
Scan saved at 19:22:55, on 14/02/2009
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.5730.0011)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\Neuf\Kit\WiFi\9wifi.exe
C:\Program Files\Canon\MyPrinter\BJMyPrt.exe
C:\Program Files\ScanSoft\OmniPageSE4\OpwareSE4.exe
C:\Program Files\Fichiers communs\AOL\1224958869\ee\AOLSoftware.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\Mindjet\MindManager 7\MMReminderService.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe
C:\Program Files\NetRatingsNetSight\NetSight\NielsenOnline.exe
C:\WINDOWS\lclock.exe
C:\Program Files\NetRatingsNetSight\NetSight\NielsenOnline.exe
C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe
C:\Program Files\SFR\Media Center\MediaCenter.exe
C:\Program Files\Mindjet\MindManager 7\PDF-XChange\pdfSaver\pdfSaver3.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Fichiers communs\AOL\ACS\AOLacsd.exe
C:\WINDOWS\system32\spoolsv.exe
E:\xampplite\xampplite\apache\bin\apache.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Fichiers communs\Nero\Nero BackItUp 4\NBService.exe
C:\Program Files\Olympus\DeviceDetector\DevDtct2.exe
C:\Program Files\Logitech\SetPoint\SetPoint.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Sony\Sony Picture Utility\PMBCore\SPUVolumeWatcher.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\wanmpsvc.exe
E:\xampplite\xampplite\apache\bin\apache.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\system32\wbem\wmiapsrv.exe
C:\Program Files\Fichiers communs\Logishrd\KHAL2\KHALMNPR.EXE
C:\Program Files\Fichiers communs\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Windows Live\Messenger\usnsvc.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Documents and Settings\Profit\Bureau\Anti virus\SmitfraudFix\SmiUpdate.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\HijackThis\HiJackThis.exe
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O3 - Toolbar: Contribute Toolbar - {517BDDE4-E3A7-4570-B21E-2B52B6139FC7} - C:\Program Files\Adobe\/Adobe Contribute CS3/contributeieplugin.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [Autoconfigurateur WiFi Neuf] "C:\Program Files\Neuf\Kit\WiFi\9wifi.exe"
O4 - HKLM\..\Run: [AOLDialer] C:\Program Files\Fichiers communs\AOL\ACS\AOLDial.exe
O4 - HKLM\..\Run: [CanonSolutionMenu] C:\Program Files\Canon\SolutionMenu\CNSLMAIN.exe /logon
O4 - HKLM\..\Run: [CanonMyPrinter] C:\Program Files\Canon\MyPrinter\BJMyPrt.exe /logon
O4 - HKLM\..\Run: [SSBkgdUpdate] "C:\Program Files\Fichiers communs\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" -Embedding -boot
O4 - HKLM\..\Run: [OpwareSE4] "C:\Program Files\ScanSoft\OmniPageSE4\OpwareSE4.exe"
O4 - HKLM\..\Run: [Adobe_ID0EYTHM] C:\PROGRA~1\FICHIE~1\Adobe\ADOBEV~1\Server\bin\VERSIO~2.EXE
O4 - HKLM\..\Run: [HostManager] C:\Program Files\Fichiers communs\AOL\1224958869\ee\AOLSoftware.exe
O4 - HKLM\..\Run: [DNS7reminder] "C:\Program Files\Nuance\NaturallySpeaking9\Ereg\Ereg.exe" -r "C:\Documents and Settings\All Users\Application Data\Nuance\NaturallySpeaking9\Ereg.ini
O4 - HKLM\..\Run: [DAEMON Tools] "C:\Program Files\DAEMON Tools\daemon.exe" -lang 1033
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [MMReminderService] C:\Program Files\Mindjet\MindManager 7\MMReminderService.exe
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [Acrobat Assistant 8.0] "C:\Program Files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe"
O4 - HKLM\..\Run: [NielsenOnline] C:\Program Files\NetRatingsNetSight\NetSight\NielsenOnline.exe
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKCU\..\Run: [LClock] lclock.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [Neuf Media Center] "C:\Program Files\SFR\Media Center\MediaCenter.exe"
O4 - HKCU\..\Run: [pdfSaver3] "C:\Program Files\Mindjet\MindManager 7\PDF-XChange\pdfSaver\pdfSaver3.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [ccleaner] "C:\Program Files\CCleaner\CCleaner.exe" /AUTO
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\Run: [rveskesj.exe] C:\WINDOWS\rveskesj.exe (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\Run: [hdirurzh.exe] C:\WINDOWS\hdirurzh.exe (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\RunOnce: [LSD_III] %systemroot%\LSD\end.cmd (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - HKUS\.DEFAULT\..\RunOnce: [LSD_III] %systemroot%\LSD\end.cmd (User 'Default user')
O4 - S-1-5-18 Startup: Dragon NaturallySpeaking.lnk.disabled (User 'SYSTEM')
O4 - S-1-5-18 Startup: Outil de détection de support Picture Motion Browser.lnk = C:\Program Files\Sony\Sony Picture Utility\PMBCore\SPUVolumeWatcher.exe (User 'SYSTEM')
O4 - .DEFAULT Startup: Dragon NaturallySpeaking.lnk.disabled (User 'Default user')
O4 - .DEFAULT Startup: Outil de détection de support Picture Motion Browser.lnk = C:\Program Files\Sony\Sony Picture Utility\PMBCore\SPUVolumeWatcher.exe (User 'Default user')
O4 - Startup: Dragon NaturallySpeaking.lnk.disabled
O4 - Startup: Outil de détection de support Picture Motion Browser.lnk = C:\Program Files\Sony\Sony Picture Utility\PMBCore\SPUVolumeWatcher.exe
O4 - Global Startup: Adobe Reader Synchronizer.lnk = C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AdobeCollabSync.exe
O4 - Global Startup: AOL 9.0 Icône AOL.lnk.disabled
O4 - Global Startup: Device Detector 3.lnk = C:\Program Files\Olympus\DeviceDetector\DevDtct2.exe
O4 - Global Startup: GN-WB01GS Utility.lnk.disabled
O4 - Global Startup: Lancement rapide d'Adobe Acrobat.lnk.disabled
O4 - Global Startup: Logitech SetPoint.lnk = C:\Program Files\Logitech\SetPoint\SetPoint.exe
O8 - Extra context menu item: &D&ownload &with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddLink.htm
O8 - Extra context menu item: &D&ownload all video with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddVideo.htm
O8 - Extra context menu item: &D&ownload all with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddAllLink.htm
O8 - Extra context menu item: &Recherche AOL Toolbar - res://C:\Program Files\AOL Toolbar\toolbar.dll/SEARCH.HTML
O8 - Extra context menu item: &Télécharger le FLV avec WinAVI... - C:\Program Files\WinAVI FLV Converter\flv_link.htm
O8 - Extra context menu item: Ajouter au fichier PDF existant - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convertir en Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convertir la cible du lien en Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convertir la cible du lien en un fichier PDF existant - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convertir la sélection en Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convertir la sélection en un fichier PDF existant - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convertir les liens sélectionnés en Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 - Extra context menu item: Convertir les liens sélectionnés en fichier Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 - Extra context menu item: Convertir les liens sélectionnés en un fichier PDF existant - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~1\Office12\EXCEL.EXE/3000
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~1\Office12\REFIEBAR.DLL
O9 - Extra button: Envoyer à Mindjet MindManager - {941E1A34-C6AF-4baa-A973-224F9C3E04BF} - C:\Program Files\Mindjet\MindManager 7\Mm7InternetExplorer.dll
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: BitComet - {D18A0B52-D63C-4ed0-AFC6-C1E3DC1AF43A} - res://C:\Program Files\BitComet\tools\BitCometBHO_1.2.8.7.dll/206 (file missing)
O9 - Extra button: WinAVI FLV Manager - {DE365254-2F9B-4908-9E3A-7AAA6EC90BCC} - C:\Program Files\WinAVI FLV Converter\FLVTune.dll
O9 - Extra 'Tools' menuitem: WinAVI FLV Manager - {DE365254-2F9B-4908-9E3A-7AAA6EC90BCC} - C:\Program Files\WinAVI FLV Converter\FLVTune.dll
O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
O23 - Service: Adobe Version Cue CS3 {fr_FR} (Adobe Version Cue CS3) - Adobe Systems Incorporated - C:\Program Files\Fichiers communs\Adobe\Adobe Version Cue CS3\Server\bin\VersionCueCS3.exe
O23 - Service: AOL Connectivity Service (AOL ACS) - AOL LLC - C:\PROGRA~1\FICHIE~1\AOL\ACS\AOLacsd.exe
O23 - Service: Apache2.2 - Apache Software Foundation - E:\xampplite\xampplite\apache\bin\apache.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Fichiers communs\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: Logitech Bluetooth Service (LBTServ) - Logitech, Inc. - C:\Program Files\Fichiers communs\Logitech\Bluetooth\LBTServ.exe
O23 - Service: mysql - Unknown owner - E:\xampplite\xampplite\mysql\bin\mysqld-nt.exe
O23 - Service: Nero BackItUp Scheduler 4.0 - Nero AG - C:\Program Files\Fichiers communs\Nero\Nero BackItUp 4\NBService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Spyware Terminator Realtime Shield Service (sp_rssrv) - Unknown owner - C:\Program Files\Spyware Terminator\sp_rsser.exe (file missing)
O23 - Service: WAN Miniport (ATW) Service (WANMiniportService) - America Online, Inc. - C:\WINDOWS\wanmpsvc.exe
Voilà depuis le téléchargement un zip qui était plus un virus qu'autre chose, je n'ai que des problèmes.
Pour rien de grave à première vue hormis que avast me trouve à chaque démarrage différent virus tel que BN5.tmp; BN7.tmp; VRT9.tmp etc.
en plus de cela avast me dit au démarrage qu'il a bloqué un site dns:irc.zief.pl et j'ai l'impression que s'est la cause de tous mes soucis car après que ce message apparait les virus arrivent
Car après avoir utilisé Malwarebytes' Anti-Malware; SmitfraudFix; spybot; ad-aware; clean up; ccleaner, je me retrouve au démarrage avec d'autre virus.
Le pire c'est qu'en utilisant certains de ces programmes ils m'ont supprimer sans doute des fichiers importants puisque emule ne veut plus se lancer, ni tweak xp pro.
ogfile of Trend Micro HijackThis v2.0.2
Scan saved at 19:22:55, on 14/02/2009
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.5730.0011)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\Neuf\Kit\WiFi\9wifi.exe
C:\Program Files\Canon\MyPrinter\BJMyPrt.exe
C:\Program Files\ScanSoft\OmniPageSE4\OpwareSE4.exe
C:\Program Files\Fichiers communs\AOL\1224958869\ee\AOLSoftware.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\Mindjet\MindManager 7\MMReminderService.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe
C:\Program Files\NetRatingsNetSight\NetSight\NielsenOnline.exe
C:\WINDOWS\lclock.exe
C:\Program Files\NetRatingsNetSight\NetSight\NielsenOnline.exe
C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe
C:\Program Files\SFR\Media Center\MediaCenter.exe
C:\Program Files\Mindjet\MindManager 7\PDF-XChange\pdfSaver\pdfSaver3.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Fichiers communs\AOL\ACS\AOLacsd.exe
C:\WINDOWS\system32\spoolsv.exe
E:\xampplite\xampplite\apache\bin\apache.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Fichiers communs\Nero\Nero BackItUp 4\NBService.exe
C:\Program Files\Olympus\DeviceDetector\DevDtct2.exe
C:\Program Files\Logitech\SetPoint\SetPoint.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Sony\Sony Picture Utility\PMBCore\SPUVolumeWatcher.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\wanmpsvc.exe
E:\xampplite\xampplite\apache\bin\apache.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\system32\wbem\wmiapsrv.exe
C:\Program Files\Fichiers communs\Logishrd\KHAL2\KHALMNPR.EXE
C:\Program Files\Fichiers communs\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Windows Live\Messenger\usnsvc.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Documents and Settings\Profit\Bureau\Anti virus\SmitfraudFix\SmiUpdate.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\HijackThis\HiJackThis.exe
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O3 - Toolbar: Contribute Toolbar - {517BDDE4-E3A7-4570-B21E-2B52B6139FC7} - C:\Program Files\Adobe\/Adobe Contribute CS3/contributeieplugin.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [Autoconfigurateur WiFi Neuf] "C:\Program Files\Neuf\Kit\WiFi\9wifi.exe"
O4 - HKLM\..\Run: [AOLDialer] C:\Program Files\Fichiers communs\AOL\ACS\AOLDial.exe
O4 - HKLM\..\Run: [CanonSolutionMenu] C:\Program Files\Canon\SolutionMenu\CNSLMAIN.exe /logon
O4 - HKLM\..\Run: [CanonMyPrinter] C:\Program Files\Canon\MyPrinter\BJMyPrt.exe /logon
O4 - HKLM\..\Run: [SSBkgdUpdate] "C:\Program Files\Fichiers communs\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" -Embedding -boot
O4 - HKLM\..\Run: [OpwareSE4] "C:\Program Files\ScanSoft\OmniPageSE4\OpwareSE4.exe"
O4 - HKLM\..\Run: [Adobe_ID0EYTHM] C:\PROGRA~1\FICHIE~1\Adobe\ADOBEV~1\Server\bin\VERSIO~2.EXE
O4 - HKLM\..\Run: [HostManager] C:\Program Files\Fichiers communs\AOL\1224958869\ee\AOLSoftware.exe
O4 - HKLM\..\Run: [DNS7reminder] "C:\Program Files\Nuance\NaturallySpeaking9\Ereg\Ereg.exe" -r "C:\Documents and Settings\All Users\Application Data\Nuance\NaturallySpeaking9\Ereg.ini
O4 - HKLM\..\Run: [DAEMON Tools] "C:\Program Files\DAEMON Tools\daemon.exe" -lang 1033
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [MMReminderService] C:\Program Files\Mindjet\MindManager 7\MMReminderService.exe
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [Acrobat Assistant 8.0] "C:\Program Files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe"
O4 - HKLM\..\Run: [NielsenOnline] C:\Program Files\NetRatingsNetSight\NetSight\NielsenOnline.exe
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKCU\..\Run: [LClock] lclock.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [Neuf Media Center] "C:\Program Files\SFR\Media Center\MediaCenter.exe"
O4 - HKCU\..\Run: [pdfSaver3] "C:\Program Files\Mindjet\MindManager 7\PDF-XChange\pdfSaver\pdfSaver3.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [ccleaner] "C:\Program Files\CCleaner\CCleaner.exe" /AUTO
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\Run: [rveskesj.exe] C:\WINDOWS\rveskesj.exe (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\Run: [hdirurzh.exe] C:\WINDOWS\hdirurzh.exe (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\RunOnce: [LSD_III] %systemroot%\LSD\end.cmd (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - HKUS\.DEFAULT\..\RunOnce: [LSD_III] %systemroot%\LSD\end.cmd (User 'Default user')
O4 - S-1-5-18 Startup: Dragon NaturallySpeaking.lnk.disabled (User 'SYSTEM')
O4 - S-1-5-18 Startup: Outil de détection de support Picture Motion Browser.lnk = C:\Program Files\Sony\Sony Picture Utility\PMBCore\SPUVolumeWatcher.exe (User 'SYSTEM')
O4 - .DEFAULT Startup: Dragon NaturallySpeaking.lnk.disabled (User 'Default user')
O4 - .DEFAULT Startup: Outil de détection de support Picture Motion Browser.lnk = C:\Program Files\Sony\Sony Picture Utility\PMBCore\SPUVolumeWatcher.exe (User 'Default user')
O4 - Startup: Dragon NaturallySpeaking.lnk.disabled
O4 - Startup: Outil de détection de support Picture Motion Browser.lnk = C:\Program Files\Sony\Sony Picture Utility\PMBCore\SPUVolumeWatcher.exe
O4 - Global Startup: Adobe Reader Synchronizer.lnk = C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AdobeCollabSync.exe
O4 - Global Startup: AOL 9.0 Icône AOL.lnk.disabled
O4 - Global Startup: Device Detector 3.lnk = C:\Program Files\Olympus\DeviceDetector\DevDtct2.exe
O4 - Global Startup: GN-WB01GS Utility.lnk.disabled
O4 - Global Startup: Lancement rapide d'Adobe Acrobat.lnk.disabled
O4 - Global Startup: Logitech SetPoint.lnk = C:\Program Files\Logitech\SetPoint\SetPoint.exe
O8 - Extra context menu item: &D&ownload &with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddLink.htm
O8 - Extra context menu item: &D&ownload all video with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddVideo.htm
O8 - Extra context menu item: &D&ownload all with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddAllLink.htm
O8 - Extra context menu item: &Recherche AOL Toolbar - res://C:\Program Files\AOL Toolbar\toolbar.dll/SEARCH.HTML
O8 - Extra context menu item: &Télécharger le FLV avec WinAVI... - C:\Program Files\WinAVI FLV Converter\flv_link.htm
O8 - Extra context menu item: Ajouter au fichier PDF existant - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convertir en Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convertir la cible du lien en Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convertir la cible du lien en un fichier PDF existant - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convertir la sélection en Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convertir la sélection en un fichier PDF existant - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convertir les liens sélectionnés en Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 - Extra context menu item: Convertir les liens sélectionnés en fichier Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 - Extra context menu item: Convertir les liens sélectionnés en un fichier PDF existant - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~1\Office12\EXCEL.EXE/3000
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~1\Office12\REFIEBAR.DLL
O9 - Extra button: Envoyer à Mindjet MindManager - {941E1A34-C6AF-4baa-A973-224F9C3E04BF} - C:\Program Files\Mindjet\MindManager 7\Mm7InternetExplorer.dll
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: BitComet - {D18A0B52-D63C-4ed0-AFC6-C1E3DC1AF43A} - res://C:\Program Files\BitComet\tools\BitCometBHO_1.2.8.7.dll/206 (file missing)
O9 - Extra button: WinAVI FLV Manager - {DE365254-2F9B-4908-9E3A-7AAA6EC90BCC} - C:\Program Files\WinAVI FLV Converter\FLVTune.dll
O9 - Extra 'Tools' menuitem: WinAVI FLV Manager - {DE365254-2F9B-4908-9E3A-7AAA6EC90BCC} - C:\Program Files\WinAVI FLV Converter\FLVTune.dll
O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
O23 - Service: Adobe Version Cue CS3 {fr_FR} (Adobe Version Cue CS3) - Adobe Systems Incorporated - C:\Program Files\Fichiers communs\Adobe\Adobe Version Cue CS3\Server\bin\VersionCueCS3.exe
O23 - Service: AOL Connectivity Service (AOL ACS) - AOL LLC - C:\PROGRA~1\FICHIE~1\AOL\ACS\AOLacsd.exe
O23 - Service: Apache2.2 - Apache Software Foundation - E:\xampplite\xampplite\apache\bin\apache.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Fichiers communs\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: Logitech Bluetooth Service (LBTServ) - Logitech, Inc. - C:\Program Files\Fichiers communs\Logitech\Bluetooth\LBTServ.exe
O23 - Service: mysql - Unknown owner - E:\xampplite\xampplite\mysql\bin\mysqld-nt.exe
O23 - Service: Nero BackItUp Scheduler 4.0 - Nero AG - C:\Program Files\Fichiers communs\Nero\Nero BackItUp 4\NBService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Spyware Terminator Realtime Shield Service (sp_rssrv) - Unknown owner - C:\Program Files\Spyware Terminator\sp_rsser.exe (file missing)
O23 - Service: WAN Miniport (ATW) Service (WANMiniportService) - America Online, Inc. - C:\WINDOWS\wanmpsvc.exe
A voir également:
- Plusieurs virus et logiciel ne se lançant pas
- Logiciel - Guide
- Ce logiciel gratuit répare automatiquement votre PC quand Windows a des problèmes - Guide
- Money logiciel - Télécharger - Comptabilité & Facturation
- Ce petit logiciel gratuit répare automatiquement votre PC sans aucune connaissance technique - Guide
- Logiciel montage vidéo gratuit windows 10 - Guide
19 réponses
slt
télécharge malwarebyte, mets le a jour et scan avec et colle nous le rapport et vire ce qui est trouvé
https://www.malekal.com/tutoriel-malwarebyte-anti-malware/
_______________________
colle un scan en ligne avec bitdefender et colle le rapport
http://www.bitdefender.fr/scan_fr/scan8/ie.html
télécharge malwarebyte, mets le a jour et scan avec et colle nous le rapport et vire ce qui est trouvé
https://www.malekal.com/tutoriel-malwarebyte-anti-malware/
_______________________
colle un scan en ligne avec bitdefender et colle le rapport
http://www.bitdefender.fr/scan_fr/scan8/ie.html
bon pour malware il n'y avait rien par contre voici ce que m'a trouvé avaast les 5 dernières minutes.
14/02/2009 19:49:18 SYSTEM 1976 Sign of "Win32:Rootkit-gen [Rtk]" has been found in "C:\WINDOWS\system32\Drivers\jpymxmbs.sys" file.
14/02/2009 19:49:28 SYSTEM 1976 Sign of "Win32:Rootkit-gen [Rtk]" has been found in "C:\WINDOWS\system32\Drivers\restore.sys" file.
14/02/2009 19:49:40 SYSTEM 1976 Sign of "Win32:Trojan-gen {Other}" has been found in "C:\WINDOWS\system32\Drivers\ndisio.sys" file.
En fait pour malware il m'avait enlevé le plus gros hier. Voici ce qu'il m'avait mit
Malwarebytes' Anti-Malware 1.34
Version de la base de données: 1758
Windows 5.1.2600 Service Pack 2
13/02/2009 18:18:50
mbam-log-2009-02-13 (18-18-50).txt
Type de recherche: Examen rapide
Eléments examinés: 64040
Temps écoulé: 8 minute(s), 1 second(s)
Processus mémoire infecté(s): 0
Module(s) mémoire infecté(s): 0
Clé(s) du Registre infectée(s): 2
Valeur(s) du Registre infectée(s): 3
Elément(s) de données du Registre infecté(s): 0
Dossier(s) infecté(s): 0
Fichier(s) infecté(s): 9
Processus mémoire infecté(s):
(Aucun élément nuisible détecté)
Module(s) mémoire infecté(s):
(Aucun élément nuisible détecté)
Clé(s) du Registre infectée(s):
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{c5bf49a2-94f3-42bd-f434-3604812c8955} (Trojan.BHO) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\restore (Rootkit.Agent) -> Quarantined and deleted successfully.
Valeur(s) du Registre infectée(s):
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\reader_s (Trojan.FakeAlert.H) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\reader_s (Trojan.FakeAlert.H) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler\{c5bf49a2-94f3-42bd-f434-3604812c8955} (Trojan.BHO) -> Quarantined and deleted successfully.
Elément(s) de données du Registre infecté(s):
(Aucun élément nuisible détecté)
Dossier(s) infecté(s):
(Aucun élément nuisible détecté)
Fichier(s) infecté(s):
C:\Documents and Settings\Profit\reader_s.exe (Trojan.FakeAlert.H) -> Delete on reboot.
C:\WINDOWS\system32\reader_s.exe (Trojan.FakeAlert.H) -> Delete on reboot.
C:\WINDOWS\system32\8.tmp (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\9.tmp (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\B.tmp (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\C.tmp (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\D.tmp (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\E.tmp (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\F.tmp (Trojan.Agent) -> Quarantined and deleted successfully.
14/02/2009 19:49:18 SYSTEM 1976 Sign of "Win32:Rootkit-gen [Rtk]" has been found in "C:\WINDOWS\system32\Drivers\jpymxmbs.sys" file.
14/02/2009 19:49:28 SYSTEM 1976 Sign of "Win32:Rootkit-gen [Rtk]" has been found in "C:\WINDOWS\system32\Drivers\restore.sys" file.
14/02/2009 19:49:40 SYSTEM 1976 Sign of "Win32:Trojan-gen {Other}" has been found in "C:\WINDOWS\system32\Drivers\ndisio.sys" file.
En fait pour malware il m'avait enlevé le plus gros hier. Voici ce qu'il m'avait mit
Malwarebytes' Anti-Malware 1.34
Version de la base de données: 1758
Windows 5.1.2600 Service Pack 2
13/02/2009 18:18:50
mbam-log-2009-02-13 (18-18-50).txt
Type de recherche: Examen rapide
Eléments examinés: 64040
Temps écoulé: 8 minute(s), 1 second(s)
Processus mémoire infecté(s): 0
Module(s) mémoire infecté(s): 0
Clé(s) du Registre infectée(s): 2
Valeur(s) du Registre infectée(s): 3
Elément(s) de données du Registre infecté(s): 0
Dossier(s) infecté(s): 0
Fichier(s) infecté(s): 9
Processus mémoire infecté(s):
(Aucun élément nuisible détecté)
Module(s) mémoire infecté(s):
(Aucun élément nuisible détecté)
Clé(s) du Registre infectée(s):
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{c5bf49a2-94f3-42bd-f434-3604812c8955} (Trojan.BHO) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\restore (Rootkit.Agent) -> Quarantined and deleted successfully.
Valeur(s) du Registre infectée(s):
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\reader_s (Trojan.FakeAlert.H) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\reader_s (Trojan.FakeAlert.H) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler\{c5bf49a2-94f3-42bd-f434-3604812c8955} (Trojan.BHO) -> Quarantined and deleted successfully.
Elément(s) de données du Registre infecté(s):
(Aucun élément nuisible détecté)
Dossier(s) infecté(s):
(Aucun élément nuisible détecté)
Fichier(s) infecté(s):
C:\Documents and Settings\Profit\reader_s.exe (Trojan.FakeAlert.H) -> Delete on reboot.
C:\WINDOWS\system32\reader_s.exe (Trojan.FakeAlert.H) -> Delete on reboot.
C:\WINDOWS\system32\8.tmp (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\9.tmp (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\B.tmp (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\C.tmp (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\D.tmp (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\E.tmp (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\F.tmp (Trojan.Agent) -> Quarantined and deleted successfully.
ok alors:
Télécharge SDFix (créé par AndyManchesta) et sauvegarde le sur ton Bureau.
http://downloads.andymanchesta.com/RemovalTools/SDFix.exe
Double clique sur SDFix.exe et choisis Install pour l'extraire dans un dossier dédié sur le Bureau. Redémarre ton ordinateur en mode sans échec en suivant la procédure que voici :
• Redémarre ton ordinateur
• Après avoir entendu l'ordinateur biper lors du démarrage, mais avant que l'icône Windows apparaisse, tapote la touche F8 (une pression par seconde).
• A la place du chargement normal de Windows, un menu avec différentes options devrait apparaître.
• Choisis la première option, pour exécuter Windows en mode sans échec, puis appuie sur "Entrée".
• Choisis ton compte.
Déroule la liste des instructions ci-dessous :
• Ouvre le dossier SDFix qui vient d'être créé dans le répertoire C:\ et double clique sur RunThis.bat pour lancer le script.
• Appuie sur Y pour commencer le processus de nettoyage.
• Il va supprimer les services et les entrées du Registre de certains trojans trouvés puis te demandera d'appuyer sur une touche pour redémarrer.
• Appuie sur une touche pour redémarrer le PC.
• Ton système sera plus long pour redémarrer qu'à l'accoutumée car l'outil va continuer à s'exécuter et supprimer des fichiers.
• Après le chargement du Bureau, l'outil terminera son travail et affichera Finished.
• Appuie sur une touche pour finir l'exécution du script et charger les icônes de ton Bureau.
• Les icônes du Bureau affichées, le rapport SDFix s'ouvrira à l'écran et s'enregistrera aussi dans le dossier SDFix sous le nom Report.txt.
• Enfin, copie/colle le contenu du fichier Report.txt dans ta prochaine réponse sur le forum
____________________
et colle le scan en ligne bitdefender
Télécharge SDFix (créé par AndyManchesta) et sauvegarde le sur ton Bureau.
http://downloads.andymanchesta.com/RemovalTools/SDFix.exe
Double clique sur SDFix.exe et choisis Install pour l'extraire dans un dossier dédié sur le Bureau. Redémarre ton ordinateur en mode sans échec en suivant la procédure que voici :
• Redémarre ton ordinateur
• Après avoir entendu l'ordinateur biper lors du démarrage, mais avant que l'icône Windows apparaisse, tapote la touche F8 (une pression par seconde).
• A la place du chargement normal de Windows, un menu avec différentes options devrait apparaître.
• Choisis la première option, pour exécuter Windows en mode sans échec, puis appuie sur "Entrée".
• Choisis ton compte.
Déroule la liste des instructions ci-dessous :
• Ouvre le dossier SDFix qui vient d'être créé dans le répertoire C:\ et double clique sur RunThis.bat pour lancer le script.
• Appuie sur Y pour commencer le processus de nettoyage.
• Il va supprimer les services et les entrées du Registre de certains trojans trouvés puis te demandera d'appuyer sur une touche pour redémarrer.
• Appuie sur une touche pour redémarrer le PC.
• Ton système sera plus long pour redémarrer qu'à l'accoutumée car l'outil va continuer à s'exécuter et supprimer des fichiers.
• Après le chargement du Bureau, l'outil terminera son travail et affichera Finished.
• Appuie sur une touche pour finir l'exécution du script et charger les icônes de ton Bureau.
• Les icônes du Bureau affichées, le rapport SDFix s'ouvrira à l'écran et s'enregistrera aussi dans le dossier SDFix sous le nom Report.txt.
• Enfin, copie/colle le contenu du fichier Report.txt dans ta prochaine réponse sur le forum
____________________
et colle le scan en ligne bitdefender
Voilà j'ai essayé de lancer SDfix et ça me fait bugger windows en me mettant une page bleu:
"PAGE_FAULT_IN_NONPAGED_AREA
information technique:
stop: 0x00000050 (0xfffffffe, 0x00000000, 0x89b72ECA, 0x00000000)"
Je me demande pas si à force d'utiliser des logiciel genre clean up et ccleaner ça ne m'a pas enlever des fichiers systèmes importants voir même quand avast me supprime des fichiers infectés. Car pour emule tout marchait bien avant l'apparition des fichiers infectés. Je l'ai désinstallé et re installé et toujours pareil je n'arrive pas à le lancer.
Sinon depuis hier je fait des recherches avec malware byte, spybot, et adware ainsi que avast et il ne me trouve rien.
Pareil en revenant en mode normal de windows, si je débranche mon cable internet il n'y a pas de problème (à part emule et tweak xp pro qui ne se lancent pas). Mais dès que je rebranche le cable, avast m'indique qu'il a bloqué un site infecté "dns://irc.zief.pl" et à partir de là tous s'enchène, avast me trouve plein de virus dans le fichier system 32 je vous envois ce qu'il me trouve.
15/02/2009 17:22:22 Profit 6132 Sign of "Win32:JunkPoly [Cryp]" has been found in "C:\Documents and Settings\Profit\Bureau\Anti virus\SmitfraudFix\VACFix.exe" file.
15/02/2009 17:22:17 Profit 6132 Sign of "Win32:JunkPoly [Cryp]" has been found in "C:\Documents and Settings\Profit\Bureau\Anti virus\SDFix\apps\Process.exe" file.
15/02/2009 17:22:15 Profit 6132 Sign of "Win32:JunkPoly [Cryp]" has been found in "C:\Documents and Settings\Profit\Bureau\Anti virus\SDFix\apps\Cghtme.exe" file.
15/02/2009 17:20:57 Profit 6132 Sign of "Win32:JunkPoly [Cryp]" has been found in "C:\Documents and Settings\Profit\Application Data\Microsoft\Installer\{237CD223-1B9D-47E8-A76C-E478B83CCEA2}\ARPPRODUCTICON.exe" file.
15/02/2009 17:20:07 SYSTEM 1664 Sign of "Win32:JunkPoly [Cryp]" has been found in "C:\WINDOWS\SoftwareDistribution\Download\405ae8e48aa46e265982686e1678047b\update\nv4prep.exe" file.
15/02/2009 17:11:08 SYSTEM 1664 Sign of "Win32:Spyware-gen [Trj]" has been found in "C:\WINDOWS\xccdf16_090131a.dll" file.
15/02/2009 17:11:02 SYSTEM 1664 Sign of "Win32:Spyware-gen [Trj]" has been found in "C:\WINDOWS\system32\inf\xccdfb16_090131.dll" file.
15/02/2009 17:10:53 SYSTEM 1664 Sign of "Win32:Pophot-AM [Trj]" has been found in "C:\WINDOWS\xccdf32_090131a.dll" file.
15/02/2009 17:10:36 SYSTEM 1664 Sign of "Win32:Trojan-gen {Other}" has been found in "C:\WINDOWS\TEMP\BNA.tmp" file.
"PAGE_FAULT_IN_NONPAGED_AREA
information technique:
stop: 0x00000050 (0xfffffffe, 0x00000000, 0x89b72ECA, 0x00000000)"
Je me demande pas si à force d'utiliser des logiciel genre clean up et ccleaner ça ne m'a pas enlever des fichiers systèmes importants voir même quand avast me supprime des fichiers infectés. Car pour emule tout marchait bien avant l'apparition des fichiers infectés. Je l'ai désinstallé et re installé et toujours pareil je n'arrive pas à le lancer.
Sinon depuis hier je fait des recherches avec malware byte, spybot, et adware ainsi que avast et il ne me trouve rien.
Pareil en revenant en mode normal de windows, si je débranche mon cable internet il n'y a pas de problème (à part emule et tweak xp pro qui ne se lancent pas). Mais dès que je rebranche le cable, avast m'indique qu'il a bloqué un site infecté "dns://irc.zief.pl" et à partir de là tous s'enchène, avast me trouve plein de virus dans le fichier system 32 je vous envois ce qu'il me trouve.
15/02/2009 17:22:22 Profit 6132 Sign of "Win32:JunkPoly [Cryp]" has been found in "C:\Documents and Settings\Profit\Bureau\Anti virus\SmitfraudFix\VACFix.exe" file.
15/02/2009 17:22:17 Profit 6132 Sign of "Win32:JunkPoly [Cryp]" has been found in "C:\Documents and Settings\Profit\Bureau\Anti virus\SDFix\apps\Process.exe" file.
15/02/2009 17:22:15 Profit 6132 Sign of "Win32:JunkPoly [Cryp]" has been found in "C:\Documents and Settings\Profit\Bureau\Anti virus\SDFix\apps\Cghtme.exe" file.
15/02/2009 17:20:57 Profit 6132 Sign of "Win32:JunkPoly [Cryp]" has been found in "C:\Documents and Settings\Profit\Application Data\Microsoft\Installer\{237CD223-1B9D-47E8-A76C-E478B83CCEA2}\ARPPRODUCTICON.exe" file.
15/02/2009 17:20:07 SYSTEM 1664 Sign of "Win32:JunkPoly [Cryp]" has been found in "C:\WINDOWS\SoftwareDistribution\Download\405ae8e48aa46e265982686e1678047b\update\nv4prep.exe" file.
15/02/2009 17:11:08 SYSTEM 1664 Sign of "Win32:Spyware-gen [Trj]" has been found in "C:\WINDOWS\xccdf16_090131a.dll" file.
15/02/2009 17:11:02 SYSTEM 1664 Sign of "Win32:Spyware-gen [Trj]" has been found in "C:\WINDOWS\system32\inf\xccdfb16_090131.dll" file.
15/02/2009 17:10:53 SYSTEM 1664 Sign of "Win32:Pophot-AM [Trj]" has been found in "C:\WINDOWS\xccdf32_090131a.dll" file.
15/02/2009 17:10:36 SYSTEM 1664 Sign of "Win32:Trojan-gen {Other}" has been found in "C:\WINDOWS\TEMP\BNA.tmp" file.
Vous n’avez pas trouvé la réponse que vous recherchez ?
Posez votre question
Voilà mon dernier Hijack
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 17:47:07, on 15/02/2009
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.5730.0011)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\FICHIE~1\AOL\ACS\AOLacsd.exe
E:\xampplite\xampplite\apache\bin\apache.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Fichiers communs\Nero\Nero BackItUp 4\NBService.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\Neuf\Kit\WiFi\9wifi.exe
C:\Program Files\Canon\MyPrinter\BJMyPrt.exe
C:\Program Files\ScanSoft\OmniPageSE4\OpwareSE4.exe
C:\Program Files\Fichiers communs\AOL\1224958869\ee\AOLSoftware.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\RTHDCPL.EXE
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Mindjet\MindManager 7\MMReminderService.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\QuickTime\qttask.exe
C:\WINDOWS\wanmpsvc.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe
C:\Program Files\NetRatingsNetSight\NetSight\NielsenOnline.exe
C:\Program Files\NetRatingsNetSight\NetSight\NielsenOnline.exe
C:\WINDOWS\lclock.exe
C:\Program Files\SFR\Media Center\MediaCenter.exe
C:\Program Files\Mindjet\MindManager 7\PDF-XChange\pdfSaver\pdfSaver3.exe
C:\WINDOWS\system32\ctfmon.exe
E:\xampplite\xampplite\apache\bin\apache.exe
C:\Program Files\Olympus\DeviceDetector\DevDtct2.exe
C:\Program Files\Logitech\SetPoint\SetPoint.exe
C:\Program Files\Sony\Sony Picture Utility\PMBCore\SPUVolumeWatcher.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\system32\wbem\wmiapsrv.exe
C:\Program Files\Fichiers communs\Logishrd\KHAL2\KHALMNPR.EXE
C:\Program Files\Fichiers communs\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Alwil Software\Avast4\ashSimpl.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\inf\rundll33.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\HijackThis\HiJackThis.exe
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O3 - Toolbar: Contribute Toolbar - {517BDDE4-E3A7-4570-B21E-2B52B6139FC7} - C:\Program Files\Adobe\/Adobe Contribute CS3/contributeieplugin.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [Autoconfigurateur WiFi Neuf] "C:\Program Files\Neuf\Kit\WiFi\9wifi.exe"
O4 - HKLM\..\Run: [AOLDialer] C:\Program Files\Fichiers communs\AOL\ACS\AOLDial.exe
O4 - HKLM\..\Run: [CanonSolutionMenu] C:\Program Files\Canon\SolutionMenu\CNSLMAIN.exe /logon
O4 - HKLM\..\Run: [CanonMyPrinter] C:\Program Files\Canon\MyPrinter\BJMyPrt.exe /logon
O4 - HKLM\..\Run: [SSBkgdUpdate] "C:\Program Files\Fichiers communs\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" -Embedding -boot
O4 - HKLM\..\Run: [OpwareSE4] "C:\Program Files\ScanSoft\OmniPageSE4\OpwareSE4.exe"
O4 - HKLM\..\Run: [Adobe_ID0EYTHM] C:\PROGRA~1\FICHIE~1\Adobe\ADOBEV~1\Server\bin\VERSIO~2.EXE
O4 - HKLM\..\Run: [HostManager] C:\Program Files\Fichiers communs\AOL\1224958869\ee\AOLSoftware.exe
O4 - HKLM\..\Run: [DNS7reminder] "C:\Program Files\Nuance\NaturallySpeaking9\Ereg\Ereg.exe" -r "C:\Documents and Settings\All Users\Application Data\Nuance\NaturallySpeaking9\Ereg.ini
O4 - HKLM\..\Run: [DAEMON Tools] "C:\Program Files\DAEMON Tools\daemon.exe" -lang 1033
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [MMReminderService] C:\Program Files\Mindjet\MindManager 7\MMReminderService.exe
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [Acrobat Assistant 8.0] "C:\Program Files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe"
O4 - HKLM\..\Run: [NielsenOnline] C:\Program Files\NetRatingsNetSight\NetSight\NielsenOnline.exe
O4 - HKCU\..\Run: [LClock] lclock.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [Neuf Media Center] "C:\Program Files\SFR\Media Center\MediaCenter.exe"
O4 - HKCU\..\Run: [pdfSaver3] "C:\Program Files\Mindjet\MindManager 7\PDF-XChange\pdfSaver\pdfSaver3.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [ccleaner] "C:\Program Files\CCleaner\CCleaner.exe" /AUTO
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\Run: [rveskesj.exe] C:\WINDOWS\rveskesj.exe (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\Run: [hdirurzh.exe] C:\WINDOWS\hdirurzh.exe (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\RunOnce: [LSD_III] %systemroot%\LSD\end.cmd (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - HKUS\.DEFAULT\..\RunOnce: [LSD_III] %systemroot%\LSD\end.cmd (User 'Default user')
O4 - S-1-5-18 Startup: Dragon NaturallySpeaking.lnk.disabled (User 'SYSTEM')
O4 - S-1-5-18 Startup: Outil de détection de support Picture Motion Browser.lnk = C:\Program Files\Sony\Sony Picture Utility\PMBCore\SPUVolumeWatcher.exe (User 'SYSTEM')
O4 - .DEFAULT Startup: Dragon NaturallySpeaking.lnk.disabled (User 'Default user')
O4 - .DEFAULT Startup: Outil de détection de support Picture Motion Browser.lnk = C:\Program Files\Sony\Sony Picture Utility\PMBCore\SPUVolumeWatcher.exe (User 'Default user')
O4 - Startup: Dragon NaturallySpeaking.lnk.disabled
O4 - Startup: Outil de détection de support Picture Motion Browser.lnk = C:\Program Files\Sony\Sony Picture Utility\PMBCore\SPUVolumeWatcher.exe
O4 - Global Startup: Adobe Reader Synchronizer.lnk = C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AdobeCollabSync.exe
O4 - Global Startup: AOL 9.0 Icône AOL.lnk.disabled
O4 - Global Startup: Device Detector 3.lnk = C:\Program Files\Olympus\DeviceDetector\DevDtct2.exe
O4 - Global Startup: GN-WB01GS Utility.lnk.disabled
O4 - Global Startup: Lancement rapide d'Adobe Acrobat.lnk.disabled
O4 - Global Startup: Logitech SetPoint.lnk = C:\Program Files\Logitech\SetPoint\SetPoint.exe
O8 - Extra context menu item: &D&ownload &with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddLink.htm
O8 - Extra context menu item: &D&ownload all video with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddVideo.htm
O8 - Extra context menu item: &D&ownload all with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddAllLink.htm
O8 - Extra context menu item: &Recherche AOL Toolbar - res://C:\Program Files\AOL Toolbar\toolbar.dll/SEARCH.HTML
O8 - Extra context menu item: &Télécharger le FLV avec WinAVI... - C:\Program Files\WinAVI FLV Converter\flv_link.htm
O8 - Extra context menu item: Ajouter au fichier PDF existant - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convertir en Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convertir la cible du lien en Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convertir la cible du lien en un fichier PDF existant - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convertir la sélection en Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convertir la sélection en un fichier PDF existant - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convertir les liens sélectionnés en Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 - Extra context menu item: Convertir les liens sélectionnés en fichier Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 - Extra context menu item: Convertir les liens sélectionnés en un fichier PDF existant - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~1\Office12\EXCEL.EXE/3000
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~1\Office12\REFIEBAR.DLL
O9 - Extra button: Envoyer à Mindjet MindManager - {941E1A34-C6AF-4baa-A973-224F9C3E04BF} - C:\Program Files\Mindjet\MindManager 7\Mm7InternetExplorer.dll
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: BitComet - {D18A0B52-D63C-4ed0-AFC6-C1E3DC1AF43A} - res://C:\Program Files\BitComet\tools\BitCometBHO_1.2.8.7.dll/206 (file missing)
O9 - Extra button: WinAVI FLV Manager - {DE365254-2F9B-4908-9E3A-7AAA6EC90BCC} - C:\Program Files\WinAVI FLV Converter\FLVTune.dll
O9 - Extra 'Tools' menuitem: WinAVI FLV Manager - {DE365254-2F9B-4908-9E3A-7AAA6EC90BCC} - C:\Program Files\WinAVI FLV Converter\FLVTune.dll
O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
O23 - Service: Adobe Version Cue CS3 {fr_FR} (Adobe Version Cue CS3) - Adobe Systems Incorporated - C:\Program Files\Fichiers communs\Adobe\Adobe Version Cue CS3\Server\bin\VersionCueCS3.exe
O23 - Service: AOL Connectivity Service (AOL ACS) - AOL LLC - C:\PROGRA~1\FICHIE~1\AOL\ACS\AOLacsd.exe
O23 - Service: Apache2.2 - Apache Software Foundation - E:\xampplite\xampplite\apache\bin\apache.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Fichiers communs\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: Logitech Bluetooth Service (LBTServ) - Logitech, Inc. - C:\Program Files\Fichiers communs\Logitech\Bluetooth\LBTServ.exe
O23 - Service: mysql - Unknown owner - E:\xampplite\xampplite\mysql\bin\mysqld-nt.exe
O23 - Service: Nero BackItUp Scheduler 4.0 - Nero AG - C:\Program Files\Fichiers communs\Nero\Nero BackItUp 4\NBService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Spyware Terminator Realtime Shield Service (sp_rssrv) - Unknown owner - C:\Program Files\Spyware Terminator\sp_rsser.exe (file missing)
O23 - Service: WAN Miniport (ATW) Service (WANMiniportService) - America Online, Inc. - C:\WINDOWS\wanmpsvc.exe
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 17:47:07, on 15/02/2009
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.5730.0011)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\FICHIE~1\AOL\ACS\AOLacsd.exe
E:\xampplite\xampplite\apache\bin\apache.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Fichiers communs\Nero\Nero BackItUp 4\NBService.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\Neuf\Kit\WiFi\9wifi.exe
C:\Program Files\Canon\MyPrinter\BJMyPrt.exe
C:\Program Files\ScanSoft\OmniPageSE4\OpwareSE4.exe
C:\Program Files\Fichiers communs\AOL\1224958869\ee\AOLSoftware.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\RTHDCPL.EXE
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Mindjet\MindManager 7\MMReminderService.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\QuickTime\qttask.exe
C:\WINDOWS\wanmpsvc.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe
C:\Program Files\NetRatingsNetSight\NetSight\NielsenOnline.exe
C:\Program Files\NetRatingsNetSight\NetSight\NielsenOnline.exe
C:\WINDOWS\lclock.exe
C:\Program Files\SFR\Media Center\MediaCenter.exe
C:\Program Files\Mindjet\MindManager 7\PDF-XChange\pdfSaver\pdfSaver3.exe
C:\WINDOWS\system32\ctfmon.exe
E:\xampplite\xampplite\apache\bin\apache.exe
C:\Program Files\Olympus\DeviceDetector\DevDtct2.exe
C:\Program Files\Logitech\SetPoint\SetPoint.exe
C:\Program Files\Sony\Sony Picture Utility\PMBCore\SPUVolumeWatcher.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\system32\wbem\wmiapsrv.exe
C:\Program Files\Fichiers communs\Logishrd\KHAL2\KHALMNPR.EXE
C:\Program Files\Fichiers communs\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Alwil Software\Avast4\ashSimpl.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\inf\rundll33.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\HijackThis\HiJackThis.exe
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O3 - Toolbar: Contribute Toolbar - {517BDDE4-E3A7-4570-B21E-2B52B6139FC7} - C:\Program Files\Adobe\/Adobe Contribute CS3/contributeieplugin.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [Autoconfigurateur WiFi Neuf] "C:\Program Files\Neuf\Kit\WiFi\9wifi.exe"
O4 - HKLM\..\Run: [AOLDialer] C:\Program Files\Fichiers communs\AOL\ACS\AOLDial.exe
O4 - HKLM\..\Run: [CanonSolutionMenu] C:\Program Files\Canon\SolutionMenu\CNSLMAIN.exe /logon
O4 - HKLM\..\Run: [CanonMyPrinter] C:\Program Files\Canon\MyPrinter\BJMyPrt.exe /logon
O4 - HKLM\..\Run: [SSBkgdUpdate] "C:\Program Files\Fichiers communs\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" -Embedding -boot
O4 - HKLM\..\Run: [OpwareSE4] "C:\Program Files\ScanSoft\OmniPageSE4\OpwareSE4.exe"
O4 - HKLM\..\Run: [Adobe_ID0EYTHM] C:\PROGRA~1\FICHIE~1\Adobe\ADOBEV~1\Server\bin\VERSIO~2.EXE
O4 - HKLM\..\Run: [HostManager] C:\Program Files\Fichiers communs\AOL\1224958869\ee\AOLSoftware.exe
O4 - HKLM\..\Run: [DNS7reminder] "C:\Program Files\Nuance\NaturallySpeaking9\Ereg\Ereg.exe" -r "C:\Documents and Settings\All Users\Application Data\Nuance\NaturallySpeaking9\Ereg.ini
O4 - HKLM\..\Run: [DAEMON Tools] "C:\Program Files\DAEMON Tools\daemon.exe" -lang 1033
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [MMReminderService] C:\Program Files\Mindjet\MindManager 7\MMReminderService.exe
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [Acrobat Assistant 8.0] "C:\Program Files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe"
O4 - HKLM\..\Run: [NielsenOnline] C:\Program Files\NetRatingsNetSight\NetSight\NielsenOnline.exe
O4 - HKCU\..\Run: [LClock] lclock.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [Neuf Media Center] "C:\Program Files\SFR\Media Center\MediaCenter.exe"
O4 - HKCU\..\Run: [pdfSaver3] "C:\Program Files\Mindjet\MindManager 7\PDF-XChange\pdfSaver\pdfSaver3.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [ccleaner] "C:\Program Files\CCleaner\CCleaner.exe" /AUTO
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\Run: [rveskesj.exe] C:\WINDOWS\rveskesj.exe (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\Run: [hdirurzh.exe] C:\WINDOWS\hdirurzh.exe (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\RunOnce: [LSD_III] %systemroot%\LSD\end.cmd (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - HKUS\.DEFAULT\..\RunOnce: [LSD_III] %systemroot%\LSD\end.cmd (User 'Default user')
O4 - S-1-5-18 Startup: Dragon NaturallySpeaking.lnk.disabled (User 'SYSTEM')
O4 - S-1-5-18 Startup: Outil de détection de support Picture Motion Browser.lnk = C:\Program Files\Sony\Sony Picture Utility\PMBCore\SPUVolumeWatcher.exe (User 'SYSTEM')
O4 - .DEFAULT Startup: Dragon NaturallySpeaking.lnk.disabled (User 'Default user')
O4 - .DEFAULT Startup: Outil de détection de support Picture Motion Browser.lnk = C:\Program Files\Sony\Sony Picture Utility\PMBCore\SPUVolumeWatcher.exe (User 'Default user')
O4 - Startup: Dragon NaturallySpeaking.lnk.disabled
O4 - Startup: Outil de détection de support Picture Motion Browser.lnk = C:\Program Files\Sony\Sony Picture Utility\PMBCore\SPUVolumeWatcher.exe
O4 - Global Startup: Adobe Reader Synchronizer.lnk = C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AdobeCollabSync.exe
O4 - Global Startup: AOL 9.0 Icône AOL.lnk.disabled
O4 - Global Startup: Device Detector 3.lnk = C:\Program Files\Olympus\DeviceDetector\DevDtct2.exe
O4 - Global Startup: GN-WB01GS Utility.lnk.disabled
O4 - Global Startup: Lancement rapide d'Adobe Acrobat.lnk.disabled
O4 - Global Startup: Logitech SetPoint.lnk = C:\Program Files\Logitech\SetPoint\SetPoint.exe
O8 - Extra context menu item: &D&ownload &with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddLink.htm
O8 - Extra context menu item: &D&ownload all video with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddVideo.htm
O8 - Extra context menu item: &D&ownload all with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddAllLink.htm
O8 - Extra context menu item: &Recherche AOL Toolbar - res://C:\Program Files\AOL Toolbar\toolbar.dll/SEARCH.HTML
O8 - Extra context menu item: &Télécharger le FLV avec WinAVI... - C:\Program Files\WinAVI FLV Converter\flv_link.htm
O8 - Extra context menu item: Ajouter au fichier PDF existant - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convertir en Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convertir la cible du lien en Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convertir la cible du lien en un fichier PDF existant - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convertir la sélection en Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convertir la sélection en un fichier PDF existant - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convertir les liens sélectionnés en Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 - Extra context menu item: Convertir les liens sélectionnés en fichier Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 - Extra context menu item: Convertir les liens sélectionnés en un fichier PDF existant - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~1\Office12\EXCEL.EXE/3000
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~1\Office12\REFIEBAR.DLL
O9 - Extra button: Envoyer à Mindjet MindManager - {941E1A34-C6AF-4baa-A973-224F9C3E04BF} - C:\Program Files\Mindjet\MindManager 7\Mm7InternetExplorer.dll
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: BitComet - {D18A0B52-D63C-4ed0-AFC6-C1E3DC1AF43A} - res://C:\Program Files\BitComet\tools\BitCometBHO_1.2.8.7.dll/206 (file missing)
O9 - Extra button: WinAVI FLV Manager - {DE365254-2F9B-4908-9E3A-7AAA6EC90BCC} - C:\Program Files\WinAVI FLV Converter\FLVTune.dll
O9 - Extra 'Tools' menuitem: WinAVI FLV Manager - {DE365254-2F9B-4908-9E3A-7AAA6EC90BCC} - C:\Program Files\WinAVI FLV Converter\FLVTune.dll
O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
O23 - Service: Adobe Version Cue CS3 {fr_FR} (Adobe Version Cue CS3) - Adobe Systems Incorporated - C:\Program Files\Fichiers communs\Adobe\Adobe Version Cue CS3\Server\bin\VersionCueCS3.exe
O23 - Service: AOL Connectivity Service (AOL ACS) - AOL LLC - C:\PROGRA~1\FICHIE~1\AOL\ACS\AOLacsd.exe
O23 - Service: Apache2.2 - Apache Software Foundation - E:\xampplite\xampplite\apache\bin\apache.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Fichiers communs\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: Logitech Bluetooth Service (LBTServ) - Logitech, Inc. - C:\Program Files\Fichiers communs\Logitech\Bluetooth\LBTServ.exe
O23 - Service: mysql - Unknown owner - E:\xampplite\xampplite\mysql\bin\mysqld-nt.exe
O23 - Service: Nero BackItUp Scheduler 4.0 - Nero AG - C:\Program Files\Fichiers communs\Nero\Nero BackItUp 4\NBService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Spyware Terminator Realtime Shield Service (sp_rssrv) - Unknown owner - C:\Program Files\Spyware Terminator\sp_rsser.exe (file missing)
O23 - Service: WAN Miniport (ATW) Service (WANMiniportService) - America Online, Inc. - C:\WINDOWS\wanmpsvc.exe
vire smitfraudfix et sdfix de ton ordi
______________
télécharge combofix:
http://download.bleepingcomputer.com/sUBs/ComboFix.exe
Sauvegarde le sur ton bureau et pas ailleurs !
____________
Ferme tous tes navigateurs (donc copie ou imprime les instructions avant)
Crée un nouveau document texte : clic droit de souris sur le bureau > Nouveau > Document Texte, et copie dedans les lignes suivantes :
File::
C:\Documents and Settings\Profit\Application Data\Microsoft\Installer\{237CD223-1B9D-47E8-A76C-E478B83CCEA2}\ARPPRODUCTICON.exe
C:\WINDOWS\SoftwareDistribution\Download\405ae8e48aa46e265982686e1678047b\update\nv4prep.exe
C:\WINDOWS\xccdf16_090131a.dll
C:\WINDOWS\rveskesj.exe
C:\WINDOWS\hdirurzh.exe
C:\WINDOWS\system32\inf\xccdfb16_090131.dll
C:\WINDOWS\xccdf32_090131a.dll
C:\WINDOWS\TEMP\BNA.tmp
C:\WINDOWS\system32\Drivers\ndisio.sys
C:\WINDOWS\system32\Drivers\jpymxmbs.sys
Drivers::
ndisio
jpymxmbs
Enregistre ce fichier sous le nom CFscript
Fait un glisser/déposer de ce fichier CFscrïpt sur le fichier ComboFix.exe
Clique sur le fichier CFScript, maintient le doigt enfoncé et glisse la souris pour que l'icône du CFScript vienne recouvrir l'icône de Combofix. Relache la souris. Combofix va démarrer.
Une fenêtre bleue va apparaître: au message qui apparaît ( Type 1 to continue, or 2 to abort) , tape 1 puis valide.
Patiente le temps du scan.Le bureau va disparaître à plusieurs reprises: c'est normal!
Ne touche à rien tant que le scan n'est pas terminé.
Une fois le scan achevé, un rapport va s'afficher: poste son contenu.
Si le fichier ne s'ouvre pas, il se trouve ici > C:\ComboFix.txt
______________
télécharge combofix:
http://download.bleepingcomputer.com/sUBs/ComboFix.exe
Sauvegarde le sur ton bureau et pas ailleurs !
____________
Ferme tous tes navigateurs (donc copie ou imprime les instructions avant)
Crée un nouveau document texte : clic droit de souris sur le bureau > Nouveau > Document Texte, et copie dedans les lignes suivantes :
File::
C:\Documents and Settings\Profit\Application Data\Microsoft\Installer\{237CD223-1B9D-47E8-A76C-E478B83CCEA2}\ARPPRODUCTICON.exe
C:\WINDOWS\SoftwareDistribution\Download\405ae8e48aa46e265982686e1678047b\update\nv4prep.exe
C:\WINDOWS\xccdf16_090131a.dll
C:\WINDOWS\rveskesj.exe
C:\WINDOWS\hdirurzh.exe
C:\WINDOWS\system32\inf\xccdfb16_090131.dll
C:\WINDOWS\xccdf32_090131a.dll
C:\WINDOWS\TEMP\BNA.tmp
C:\WINDOWS\system32\Drivers\ndisio.sys
C:\WINDOWS\system32\Drivers\jpymxmbs.sys
Drivers::
ndisio
jpymxmbs
Enregistre ce fichier sous le nom CFscript
Fait un glisser/déposer de ce fichier CFscrïpt sur le fichier ComboFix.exe
Clique sur le fichier CFScript, maintient le doigt enfoncé et glisse la souris pour que l'icône du CFScript vienne recouvrir l'icône de Combofix. Relache la souris. Combofix va démarrer.
Une fenêtre bleue va apparaître: au message qui apparaît ( Type 1 to continue, or 2 to abort) , tape 1 puis valide.
Patiente le temps du scan.Le bureau va disparaître à plusieurs reprises: c'est normal!
Ne touche à rien tant que le scan n'est pas terminé.
Une fois le scan achevé, un rapport va s'afficher: poste son contenu.
Si le fichier ne s'ouvre pas, il se trouve ici > C:\ComboFix.txt
ComboFix 09-02-15.01 - Profit 2009-02-15 23:25:23.6 - NTFSx86
Microsoft Windows XP Professionnel 5.1.2600.2.1252.1.1036.18.2046.1494 [GMT 1:00]
Lancé depuis: c:\documents and settings\Profit\Bureau\ComboFix.exe
Commutateurs utilisés :: c:\documents and settings\Profit\Bureau\CFscript.txt
AV: avast! antivirus 4.8.1296 [VPS 090215-0] *On-access scanning disabled* (Updated)
* Un nouveau point de restauration a été créé
FILE ::
c:\documents and settings\Profit\Application Data\Microsoft\Installer\{237CD223-1B9D-47E8-A76C-E478B83CCEA2}\ARPPRODUCTICON.exe
c:\windows\hdirurzh.exe
c:\windows\rveskesj.exe
c:\windows\SoftwareDistribution\Download\405ae8e48aa46e265982686e1678047b\update\nv4prep.exe
c:\windows\system32\Drivers\jpymxmbs.sys
c:\windows\system32\Drivers\ndisio.sys
c:\windows\system32\inf\xccdfb16_090131.dll
c:\windows\TEMP\BNA.tmp
c:\windows\xccdf16_090131a.dll
c:\windows\xccdf32_090131a.dll
.
(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
.
c:\documents and settings\Profit\Application Data\Microsoft\Installer\{237CD223-1B9D-47E8-A76C-E478B83CCEA2}\ARPPRODUCTICON.exe
c:\windows\patch.exe
c:\windows\system32\_000006_.tmp.dll
c:\windows\system32\drivers\ntndis.sys
c:\windows\system32\dumphive.exe
c:\windows\system32\IEDFix.exe
c:\windows\system32\inf\rundll33.exe
c:\windows\system32\inf\xccefb090131.scr
c:\windows\system32\Process.exe
c:\windows\system32\SrchSTS.exe
c:\windows\system32\tmp.reg
c:\windows\system32\VCCLSID.exe
c:\windows\system32\WS2Fix.exe
c:\windows\xccwinsys.ini
[COLOR=RED] c:\windows\system32\userinit.exe . . . est infecté!![/COLOR]
[COLOR=RED] c:\windows\system32\svchost.exe . . . est infecté!![/COLOR]
[COLOR=RED] c:\windows\system32\spoolsv.exe . . . est infecté!![/COLOR]
[COLOR=RED] c:\windows\explorer.exe . . . est infecté!![/COLOR]
.
((((((((((((((((((((((((((((( Fichiers créés du 2009-01-15 au 2009-02-15 ))))))))))))))))))))))))))))))))))))
.
2009-02-15 23:40 . 2009-02-15 23:40 28,573 --a------ c:\windows\system32\A.tmp
2009-02-15 23:40 . 2009-02-15 23:40 132 --a------ c:\windows\system32\9.tmp
2009-02-15 19:04 . 2009-02-15 19:04 <REP> d-------- c:\program files\Viewpoint
2009-02-15 18:13 . 2009-02-15 18:13 <REP> d-------- c:\program files\Microsoft CAPICOM 2.1.0.2
2009-02-15 17:21 . 2009-02-15 17:21 <REP> d-------- c:\windows\system32\CatRoot_bak
2009-02-15 17:10 . 2009-02-15 23:26 <REP> d-------- c:\windows\system32\inf
2009-02-15 17:10 . 2009-02-15 17:10 155,216 --a------ c:\windows\system\xccef090131.exe
2009-02-15 08:58 . 2009-02-15 08:58 <REP> d-------- c:\windows\ERUNT
2009-02-14 22:45 . 2008-10-23 13:51 284,160 --------- c:\windows\system32\DllCache\gdi32.dll
2009-02-14 22:45 . 2008-06-24 17:30 74,240 --------- c:\windows\system32\DllCache\mscms.dll
2009-02-14 22:42 . 2008-09-04 17:34 1,106,944 --------- c:\windows\system32\DllCache\msxml3.dll
2009-02-14 22:42 . 2008-10-24 12:25 455,936 --------- c:\windows\system32\DllCache\mrxsmb.sys
2009-02-14 22:42 . 2008-10-15 17:55 339,456 --------- c:\windows\system32\DllCache\netapi32.dll
2009-02-14 22:42 . 2008-12-11 11:24 333,184 --------- c:\windows\system32\DllCache\srv.sys
2009-02-14 22:42 . 2008-05-01 15:31 331,776 --------- c:\windows\system32\DllCache\msadce.dll
2009-02-14 22:42 . 2008-10-03 11:17 247,326 --------- c:\windows\system32\DllCache\strmdll.dll
2009-02-14 18:58 . 2007-07-05 08:51 2,325,632 --a------ c:\windows\system32\oemkrnl.exe
2009-02-14 18:47 . 2009-02-14 18:47 54,156 --ah----- c:\windows\QTFont.qfn
2009-02-14 18:47 . 2009-02-14 18:47 1,409 --a------ c:\windows\QTFont.for
2009-02-14 18:46 . 2009-02-14 18:49 106,496 --a------ c:\windows\unvise32qt.exe
2009-02-14 17:34 . 2008-10-16 14:06 268,648 --a------ c:\windows\system32\mucltui.dll
2009-02-14 17:34 . 2008-10-16 14:06 208,744 --a------ c:\windows\system32\muweb.dll
2009-02-14 17:34 . 2008-10-16 14:06 27,496 --a------ c:\windows\system32\mucltui.dll.mui
2009-02-14 17:32 . 2009-02-14 17:32 <REP> dr------- c:\documents and settings\NetworkService\Favoris
2009-02-14 13:07 . 2009-02-14 13:07 <REP> d-------- c:\program files\Lavasoft
2009-02-14 13:07 . 2009-02-14 13:08 <REP> d-------- c:\documents and settings\All Users\Application Data\Lavasoft
2009-02-14 12:47 . 2009-02-14 12:47 <REP> d-------- c:\program files\Fichiers communs\Wise Installation Wizard
2009-02-14 12:44 . 2009-02-14 12:44 <REP> d-------- c:\program files\CleanUp!
2009-02-13 18:09 . 2009-02-13 18:10 <REP> d-------- c:\program files\Malwarebytes' Anti-Malware
2009-02-13 18:09 . 2009-02-13 18:09 <REP> d-------- c:\documents and settings\Profit\Application Data\Malwarebytes
2009-02-13 18:09 . 2009-02-13 18:09 <REP> d-------- c:\documents and settings\All Users\Application Data\Malwarebytes
2009-02-13 18:09 . 2009-02-11 10:19 38,496 --a------ c:\windows\system32\drivers\mbamswissarmy.sys
2009-02-13 18:09 . 2009-02-11 10:19 15,504 --a------ c:\windows\system32\drivers\mbam.sys
2009-02-13 17:41 . 2009-02-14 19:13 494,958 --a------ c:\windows\system32\perfh040.dat
2009-02-13 17:41 . 2009-02-14 19:13 78,450 --a------ c:\windows\system32\perfc040.dat
2009-02-13 08:08 . 2008-05-07 05:55 1,294,336 --------- c:\windows\system32\DllCache\quartz.dll
2009-02-13 08:08 . 2008-06-20 11:44 360,960 --------- c:\windows\system32\DllCache\tcpip.sys
2009-02-13 08:08 . 2008-07-07 21:18 253,952 --------- c:\windows\system32\DllCache\es.dll
2009-02-13 08:08 . 2008-06-20 18:37 247,808 --------- c:\windows\system32\DllCache\mswsock.dll
2009-02-13 08:08 . 2008-06-20 10:32 225,920 --------- c:\windows\system32\DllCache\tcpip6.sys
2009-02-13 08:08 . 2008-06-20 18:37 147,968 --------- c:\windows\system32\DllCache\dnsapi.dll
2009-02-13 08:08 . 2008-08-14 10:48 138,368 --------- c:\windows\system32\DllCache\afd.sys
2009-02-13 08:08 . 2006-08-16 13:13 100,352 --------- c:\windows\system32\DllCache\6to4svc.dll
2009-02-13 08:07 . 2008-06-14 18:59 272,768 --------- c:\windows\system32\drivers\bthport.sys
2009-02-13 08:07 . 2008-06-14 18:59 272,768 --------- c:\windows\system32\DllCache\bthport.sys
2009-02-13 08:06 . 2008-08-14 14:39 2,188,032 --------- c:\windows\system32\DllCache\ntoskrnl.exe
2009-02-13 08:06 . 2008-08-14 14:39 2,144,768 --------- c:\windows\system32\DllCache\ntkrnlmp.exe
2009-02-13 08:06 . 2008-08-14 14:39 2,065,024 --------- c:\windows\system32\DllCache\ntkrnlpa.exe
2009-02-13 08:06 . 2008-08-14 14:39 2,022,912 --------- c:\windows\system32\DllCache\ntkrpamp.exe
2009-02-13 08:06 . 2008-09-15 16:14 1,847,040 --------- c:\windows\system32\DllCache\win32k.sys
2009-02-13 08:05 . 2008-05-08 13:14 203,008 --------- c:\windows\system32\DllCache\rmcast.sys
2009-02-13 08:04 . 2008-04-11 19:40 683,520 --------- c:\windows\system32\DllCache\inetcomm.dll
2009-02-13 07:59 . 2009-02-13 07:59 0 --a------ c:\windows\system32\11.tmp
2009-02-12 19:18 . 2009-02-12 19:18 182,912 --a------ c:\windows\system32\DllCache\ndis.sys
2009-02-12 08:23 . 2009-02-13 07:54 137,920 --a------ c:\windows\system32\drivers\ethoqjlm.sys
2009-02-11 19:02 . 2009-02-11 19:02 <REP> d-------- c:\documents and settings\All Users\Application Data\Messenger Plus!
2009-02-10 19:18 . 2009-02-10 19:18 <REP> d-------- c:\program files\Messenger Plus! Live
2009-02-10 19:08 . 2009-02-10 19:08 66,560 ---h----- c:\windows\system32\secupdat.dat
2009-02-10 19:06 . 2009-02-10 19:06 <REP> d-------- c:\documents and settings\Profit\Application Data\Babylon
2009-02-10 19:06 . 2009-02-10 19:06 <REP> d-------- c:\documents and settings\All Users\Application Data\Babylon
2009-02-10 18:47 . 2009-02-10 18:47 <REP> d-------- c:\program files\WinAVI FLV Converter
2009-02-10 18:47 . 2009-02-10 18:47 <REP> d-------- c:\documents and settings\Profit\Application Data\WinAVI
2009-02-01 19:44 . 2009-02-01 20:12 <REP> d-------- c:\documents and settings\Emilie\2009_02_01
2009-02-01 19:44 . 2009-02-01 19:44 <REP> d-------- c:\documents and settings\Emilie
2009-01-25 16:37 . 2008-06-27 14:58 14,336 --a------ c:\windows\system32\drivers\nnrnstdi.sys
2009-01-25 16:37 . 2008-06-27 14:59 8,832 --a------ c:\windows\system32\drivers\km_filter.sys
2009-01-25 16:33 . 2009-01-25 16:33 <REP> d-------- c:\program files\NetRatingsNetSight
2009-01-25 16:33 . 2007-11-30 12:40 69,632 --a------ c:\windows\nswatchdog.exe
2009-01-24 21:39 . 2009-01-24 21:41 <REP> d-------- c:\program files\Free FLV Converter
2009-01-24 21:39 . 2008-06-04 17:42 364,544 --a------ c:\windows\system32\PropertyGrid.ocx
2009-01-24 21:39 . 2009-01-15 17:36 294,912 --a------ c:\windows\system32\TubeFinder.exe
2009-01-24 21:39 . 2008-06-04 17:42 208,500 --a------ c:\windows\system32\ReyXpBasics.tlb
2009-01-24 21:39 . 2008-06-04 17:42 141,312 --a------ c:\windows\system32\MSCMCFR.DLL
2009-01-24 21:39 . 2008-06-04 17:42 101,888 --a------ c:\windows\system32\VB6STKIT.DLL
2009-01-24 21:39 . 2008-06-04 17:42 84,512 --a------ c:\windows\system32\PICCLP32.OCX
2009-01-24 21:39 . 2008-06-04 17:42 32,768 --a------ c:\windows\system32\CMDLGFR.DLL
2009-01-24 21:39 . 2008-06-04 17:42 24,576 --a------ c:\windows\system32\ControlSubX.ocx
2009-01-24 21:39 . 2008-06-04 17:42 9,728 --a------ c:\windows\system32\PCCLPFR.DLL
2009-01-20 11:35 . 2009-02-01 08:34 <REP> d-a------ c:\documents and settings\All Users\Application Data\TEMP
2009-01-19 14:10 . 2009-02-14 19:17 <REP> d-------- c:\program files\Tweak-XP Pro 4
2009-01-19 14:10 . 2009-01-19 14:37 757,760 --a------ c:\windows\iun6002.exe
2009-01-19 12:24 . 2009-01-19 12:26 <REP> d-------- c:\documents and settings\Profit\Application Data\Download Manager
2009-01-19 11:29 . 2009-01-19 11:30 <REP> d-------- c:\documents and settings\Profit\Application Data\Nikon
2009-01-19 11:27 . 2009-01-19 11:27 <REP> d-------- c:\documents and settings\All Users\Application Data\Ultima_T15
2009-01-19 11:27 . 2009-01-19 11:27 <REP> d-------- c:\documents and settings\All Users\Application Data\EnterNHelp
2009-01-19 11:27 . 2009-01-19 11:29 20 ---h----- c:\documents and settings\All Users\Application Data\PKP_DLdx.DAT
2009-01-19 11:04 . 2000-05-02 03:17 212,480 --a------ c:\windows\system32\PCDLIB32.DLL
2009-01-19 11:04 . 2002-09-11 10:50 19,968 --a------ c:\windows\system32\LFPCD12N.DLL
2009-01-17 19:17 . 2009-01-17 19:17 <REP> d-------- c:\program files\Investintech.com Inc
2009-01-17 19:15 . 2009-01-17 19:15 <REP> d-------- c:\program files\BlueSquad
.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-02-15 17:24 2,153 ----a-w c:\documents and settings\Profit\Application Data\SAS7_000.DAT
2009-02-15 17:21 --------- d-----w c:\documents and settings\All Users\Application Data\Microsoft Help
2009-02-14 17:58 --------- d-----w c:\program files\Winamp
2009-02-14 17:19 --------- d-----w c:\program files\eMule
2009-02-14 16:21 --------- d-----w c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy
2009-02-13 17:11 --------- d-----w c:\program files\CCleaner
2009-02-12 18:18 182,912 ----a-w c:\windows\system32\drivers\ndis.sys
2009-01-26 18:12 --------- d-----w c:\program files\BitComet
2009-01-20 10:05 --------- d-----w c:\program files\Fichiers communs\Adobe
2009-01-19 10:30 --------- d-----w c:\program files\Fichiers communs\Nikon
2009-01-19 10:27 --------- d-----w c:\program files\Nikon
2009-01-12 15:50 --------- d-----w c:\documents and settings\Profit\Application Data\DivX
2009-01-12 15:38 --------- d-----w c:\documents and settings\All Users\Application Data\Pinnacle Studio Ultimate
2009-01-12 15:34 --------- d-----w c:\program files\Pinnacle
2009-01-12 15:34 --------- d-----w c:\program files\Fichiers communs\Yahoo!
2009-01-12 15:34 --------- d-----w c:\documents and settings\All Users\Application Data\Studio 12
2009-01-12 15:34 --------- d-----w c:\documents and settings\All Users\Application Data\Pinnacle Studio Plus
2009-01-12 15:34 --------- d-----w c:\documents and settings\All Users\Application Data\Pinnacle
2009-01-12 07:56 --------- d-----w c:\program files\FileZilla Server
2008-12-22 13:40 --------- d-----w c:\program files\Java
2008-12-20 22:26 --------- d-----w c:\documents and settings\Profit\Application Data\Canon
2008-11-28 23:21 91,744 ----a-w c:\windows\BPMNT.dll
2008-11-28 23:21 71,749 ----a-w c:\windows\hcextoutput.dll
2008-11-28 23:21 69,689 ----a-w c:\windows\UNZIP.DLL
2008-11-28 23:21 507,904 ----a-w c:\windows\TMUPDATE.DLL
2008-11-28 23:21 363,077 ----a-w c:\windows\tsc.exe
2008-11-28 23:21 1,213,784 ----a-w c:\windows\vsapi32.dll
2004-09-28 02:00 26,240 ----a-w c:\windows\inf\RAMDSK.SYS
2008-08-22 13:37 163,840 ----a-w c:\program files\mozilla firefox\components\nsgkff30_meter2.dll
.
------- Sigcheck -------
2004-08-19 21:10 31232 eeb9712f9f2ec7400ea25887ad1c5a60 c:\windows\system32\svchost.exe
2007-07-18 20:14 506368 fa7c7c2b461130a792adf6a28f1d652b c:\windows\system32\winlogon.exe
2009-02-12 19:18 213376 558635d3af1c7546d26067d5d9b6959e c:\windows\system32\DllCache\ndis.sys
2009-02-12 19:18 213376 558635d3af1c7546d26067d5d9b6959e c:\windows\system32\drivers\ndis.sys
2007-08-06 10:51 3273728 04b4fd8759b4869accd0571aaa7410e7 c:\windows\explorer.exe
2004-08-19 21:09 32256 f6300e970075a8cc2dfd43ebe4822c7d c:\windows\system32\ctfmon.exe
2007-07-16 15:27 74752 3e5ded08d0e216affbf12789429e4d2e c:\windows\system32\spoolsv.exe
2004-08-19 21:10 41984 e2b261582c57257339ab54a0c2b9d584 c:\windows\system32\userinit.exe
.
((((((((((((((((((((((((((((( snapshot_2009-01-12_17.48.39,89 )))))))))))))))))))))))))))))))))))))))))
.
- 2007-01-29 09:25:04 60,416 ----a-w c:\windows\$hf_mig$\KB931836\SP2QFE\tzchange.exe
+ 2007-01-29 09:25:04 77,312 ----a-w c:\windows\$hf_mig$\KB931836\SP2QFE\tzchange.exe
- 2004-08-07 04:30:24 172,032 -c----w c:\windows\$NtUninstallKB885295$\spuninst\spuninst.exe
+ 2004-08-07 04:30:24 189,440 -c----w c:\windows\$NtUninstallKB885295$\spuninst\spuninst.exe
- 2008-06-19 15:20:52 57,344 ----a-w c:\windows\Alcmtr.exe
+ 2008-06-19 15:20:52 77,824 ----a-w c:\windows\Alcmtr.exe
- 2008-06-19 15:42:44 2,808,832 ----a-w c:\windows\alcwzrd.exe
+ 2008-06-19 15:42:44 2,828,288 ----a-w c:\windows\alcwzrd.exe
- 2008-11-25 19:01:36 345,157 ----a-w c:\windows\AU_Temp\1\27\tsc.exe
+ 2008-11-25 19:01:36 363,077 ----a-w c:\windows\AU_Temp\1\27\tsc.exe
- 2002-07-25 15:13:12 196,608 ----a-w c:\windows\Downloaded Program Files\dwusplay.exe
+ 2002-07-25 15:13:12 217,088 ----a-w c:\windows\Downloaded Program Files\dwusplay.exe
+ 2008-06-14 17:59:52 272,768 ------w c:\windows\Driver Cache\i386\bthport.sys
+ 2008-10-24 11:25:29 455,936 ------w c:\windows\Driver Cache\i386\mrxsmb.sys
+ 2008-08-14 13:39:07 2,144,768 ------w c:\windows\Driver Cache\i386\ntkrnlmp.exe
+ 2008-08-14 13:39:12 2,065,024 ------w c:\windows\Driver Cache\i386\ntkrnlpa.exe
+ 2008-08-14 13:39:03 2,022,912 ------w c:\windows\Driver Cache\i386\ntkrpamp.exe
+ 2008-08-14 13:39:11 2,188,032 ------w c:\windows\Driver Cache\i386\ntoskrnl.exe
- 2005-10-20 19:02:28 163,328 ----a-w c:\windows\ERDNT\Hiv-backup\ERDNT.EXE
+ 2005-10-20 19:02:28 183,808 ----a-w c:\windows\ERDNT\Hiv-backup\ERDNT.EXE
+ 2008-08-07 14:27:04 184,320 ----a-w c:\windows\ERUNT\SDFIX\ERDNT.EXE
+ 2009-02-15 08:06:54 7,053,312 ----a-w c:\windows\ERUNT\SDFIX\Users\[u]0[/u]0000001\NTUSER.DAT
+ 2009-02-15 08:06:54 172,032 ----a-w c:\windows\ERUNT\SDFIX\Users\[u]0[/u]0000002\UsrClass.dat
+ 2008-08-07 14:27:04 183,808 ----a-w c:\windows\ERUNT\SDFIX_First_Run\ERDNT.EXE
+ 2009-02-15 07:58:52 7,053,312 ----a-w c:\windows\ERUNT\SDFIX_First_Run\Users\[u]0[/u]0000001\NTUSER.DAT
+ 2009-02-15 07:58:53 172,032 ----a-w c:\windows\ERUNT\SDFIX_First_Run\Users\[u]0[/u]0000002\UsrClass.dat
- 2000-08-31 07:00:00 89,504 ----a-w c:\windows\fdsv.exe
+ 2000-08-31 07:00:00 109,984 ----a-w c:\windows\fdsv.exe
- 2000-08-31 07:00:00 80,412 ----a-w c:\windows\grep.exe
+ 2000-08-31 07:00:00 97,820 ----a-w c:\windows\grep.exe
- 2007-07-16 14:25:34 10,752 ----a-w c:\windows\hh.exe
+ 2007-07-16 14:25:34 27,648 ----a-w c:\windows\hh.exe
- 2008-10-27 10:20:35 319,488 ----a-w c:\windows\HideWin.exe
+ 2008-10-27 10:20:35 339,968 ----a-w c:\windows\HideWin.exe
- 2004-08-19 20:09:56 34,304 -c----w c:\windows\ie7\ie4uinit.exe
+ 2004-08-19 20:09:56 51,200 -c----w c:\windows\ie7\ie4uinit.exe
- 2007-04-18 12:22:13 18,432 -c----w c:\windows\ie7\iedw.exe
+ 2007-04-18 12:22:13 35,328 -c----w c:\windows\ie7\iedw.exe
- 2004-08-19 20:09:56 93,184 -c----w c:\windows\ie7\iexplore.exe
+ 2004-08-19 20:09:56 110,080 -c----w c:\windows\ie7\iexplore.exe
- 2004-08-19 20:10:00 29,184 -c----w c:\windows\ie7\mshta.exe
+ 2004-08-19 20:10:00 46,080 -c----w c:\windows\ie7\mshta.exe
- 2006-10-27 17:18:30 66,048 -c--a-w c:\windows\ie7\spuninst\ieResetIcons.exe
+ 2006-10-27 17:18:30 82,944 -c--a-w c:\windows\ie7\spuninst\ieResetIcons.exe
+ 2005-10-12 23:15:24 216,800 -c----w c:\windows\ie7updates\KB938127-IE7\spuninst\spuninst.exe
+ 2005-10-12 23:15:43 394,976 -c----w c:\windows\ie7updates\KB938127-IE7\spuninst\updspapi.dll
+ 2006-10-27 13:09:58 765,952 -c----w c:\windows\ie7updates\KB938127-IE7\vgx.dll
+ 2007-03-06 01:34:38 216,800 -c----w c:\windows\ie7updates\KB938127-v2-IE7\spuninst\spuninst.exe
+ 2007-03-06 01:35:47 394,976 -c----w c:\windows\ie7updates\KB938127-v2-IE7\spuninst\updspapi.dll
+ 2007-07-12 23:30:52 765,952 -c----w c:\windows\ie7updates\KB938127-v2-IE7\vgx.dll
- 2004-08-04 02:31:40 57,399 ----a-w c:\windows\ime\IMJP8_1\cplexe.exe
+ 2004-08-04 02:31:40 77,879 ----a-w c:\windows\ime\IMJP8_1\cplexe.exe
- 2001-08-28 18:00:00 57,398 ----a-w c:\windows\ime\IMJP8_1\imjpdadm.exe
+ 2001-08-28 18:00:00 77,878 ----a-w c:\windows\ime\IMJP8_1\imjpdadm.exe
- 2004-08-04 02:31:54 307,257 ----a-w c:\windows\ime\IMJP8_1\imjpdct.exe
+ 2004-08-04 02:31:54 327,737 ----a-w c:\windows\ime\IMJP8_1\imjpdct.exe
- 2004-08-04 02:31:56 155,705 ----a-w c:\windows\ime\IMJP8_1\imjpdsvr.exe
+ 2004-08-04 02:31:56 176,185 ----a-w c:\windows\ime\IMJP8_1\imjpdsvr.exe
- 2004-08-04 02:31:58 196,665 ----a-w c:\windows\ime\IMJP8_1\imjpinst.exe
+ 2004-08-04 02:31:58 225,669 ----a-w c:\windows\ime\IMJP8_1\imjpinst.exe
- 2004-08-04 02:32:00 208,952 ----a-w c:\windows\ime\IMJP8_1\imjpmig.exe
+ 2004-08-04 02:32:00 229,432 ----a-w c:\windows\ime\IMJP8_1\imjpmig.exe
- 2004-08-04 02:32:12 233,527 ----a-w c:\windows\ime\IMJP8_1\imjprw.exe
+ 2004-08-04 02:32:12 254,007 ----a-w c:\windows\ime\IMJP8_1\imjprw.exe
- 2001-08-28 18:00:00 45,109 ----a-w c:\windows\ime\IMJP8_1\imjpuex.exe
+ 2001-08-28 18:00:00 65,589 ----a-w c:\windows\ime\IMJP8_1\imjpuex.exe
- 2004-08-04 02:32:16 262,200 ----a-w c:\windows\ime\IMJP8_1\imjputy.exe
+ 2004-08-04 02:32:16 282,680 ----a-w c:\windows\ime\IMJP8_1\imjputy.exe
- 2001-08-28 18:00:00 44,032 ----a-w c:\windows\ime\IMKR6_1\imekrmig.exe
+ 2001-08-28 18:00:00 61,440 ----a-w c:\windows\ime\IMKR6_1\imekrmig.exe
- 2001-08-28 18:00:00 59,904 ----a-w c:\windows\ime\IMKR6_1\imkrinst.exe
+ 2001-08-28 18:00:00 76,800 ----a-w c:\windows\ime\IMKR6_1\imkrinst.exe
- 2001-08-28 18:00:00 311,359 ----a-w c:\windows\ime\SHARED\imepadsv.exe
+ 2001-08-28 18:00:00 331,839 ----a-w c:\windows\ime\SHARED\imepadsv.exe
- 2004-08-19 20:10:04 208,896 ----a-w c:\windows\inf\unregmp2.exe
+ 2004-08-19 20:10:04 229,376 ----a-w c:\windows\inf\unregmp2.exe
+ 2006-10-26 17:49:48 1,011,488 ----a-r c:\windows\Installer\$PatchCache$\Managed\[u]0[/u]00021090100C0400000000000F01FEC\12.0.4518\MSDAIPP.DLL
+ 2006-10-26 17:49:46 970,528 ----a-r c:\windows\Installer\$PatchCache$\Managed\[u]0[/u]00021090100C0400000000000F01FEC\12.0.4518\MSONSEXT.DLL
+ 2006-10-27 13:00:10 576,376 ----a-r c:\windows\Installer\$PatchCache$\Managed\[u]0[/u]0002109110000000000000000F01FEC\12.0.4518\ACACEDAO.DLL
+ 2006-10-26 19:18:12 162,616 ----a-r c:\windows\Installer\$PatchCache$\Managed\[u]0[/u]0002109110000000000000000F01FEC\12.0.4518\ACCWIZ.DLL
+ 2006-10-27 13:00:12 1,751,904 ----a-r c:\windows\Installer\$PatchCache$\Managed\[u]0[/u]0002109110000000000000000F01FEC\12.0.4518\ACECORE.DLL
+ 2006-10-27 13:00:10 576,376 ----a-r c:\windows\Installer\$PatchCache$\Managed\[u]0[/u]0002109110000000000000000F01FEC\12.0.4518\ACEDAO.DLL
+ 2006-10-27 13:00:06 47,976 ----a-r c:\windows\Installer\$PatchCache$\Managed\[u]0[/u]0002109110000000000000000F01FEC\12.0.4518\ACEERR.DLL
+ 2006-10-27 13:00:08 191,360 ----a-r c:\windows\Installer\$PatchCache$\Managed\[u]0[/u]0002109110000000000000000F01FEC\12.0.4518\ACEES.DLL
+ 2006-10-26 18:13:34 338,800 ----a-r c:\windows\Installer\$PatchCache$\Managed\[u]0[/u]0002109110000000000000000F01FEC\12.0.4518\ACEEXCH.DLL
+ 2006-10-26 18:13:44 629,616 ----a-r c:\windows\Installer\$PatchCache$\Managed\[u]0[/u]0002109110000000000000000F01FEC\12.0.4518\ACEEXCL.DLL
+ 2006-10-26 18:13:28 207,736 ----a-r c:\windows\Installer\$PatchCache$\Managed\[u]0[/u]0002109110000000000000000F01FEC\12.0.4518\ACELTS.DLL
+ 2006-10-26 18:13:32 279,352 ----a-r c:\windows\Installer\$PatchCache$\Managed\[u]0[/u]0002109110000000000000000F01FEC\12.0.4518\ACEODBC.DLL
+ 2006-10-26 18:13:08 15,160 ----a-r c:\windows\Installer\$PatchCache$\Managed\[u]0[/u]0002109110000000000000000F01FEC\12.0.4518\ACEODDBS.DLL
+ 2006-10-26 18:13:08 15,160 ----a-r c:\windows\Installer\$PatchCache$\Managed\[u]0[/u]0002109110000000000000000F01FEC\12.0.4518\ACEODEXL.DLL
+ 2006-10-26 18:13:08 15,160 ----a-r c:\windows\Installer\$PatchCache$\Managed\[u]0[/u]0002109110000000000000000F01FEC\12.0.4518\ACEODPDX.DLL
+ 2006-10-26 18:13:12 15,160 ----a-r c:\windows\Installer\$PatchCache$\Managed\[u]0[/u]0002109110000000000000000F01FEC\12.0.4518\ACEODTXT.DLL
+ 2006-10-27 13:00:06 387,960 ----a-r c:\windows\Installer\$PatchCache$\Managed\[u]0[/u]0002109110000000000000000F01FEC\12.0.4518\ACEOLEDB.DLL
+ 2006-10-26 18:13:38 392,048 ----a-r c:\windows\Installer\$PatchCache$\Managed\[u]0[/u]0002109110000000000000000F01FEC\12.0.4518\ACEPDE.DLL
+ 2006-10-26 18:13:30 260,976 ----a-r c:\windows\Installer\$PatchCache$\Managed\[u]0[/u]0002109110000000000000000F01FEC\12.0.4518\ACER2X.DLL
+ 2006-10-26 18:13:32 289,648 ----a-r c:\windows\Installer\$PatchCache$\Managed\[u]0[/u]0002109110000000000000000F01FEC\12.0.4518\ACER3X.DLL
+ 2006-10-26 18:13:20 56,120 ----a-r c:\windows\Installer\$PatchCache$\Managed\[u]0[/u]0002109110000000000000000F01FEC\12.0.4518\ACERCLR.DLL
+ 2006-10-26 18:13:38 551,800 ----a-r c:\windows\Installer\$PatchCache$\Managed\[u]0[/u]0002109110000000000000000F01FEC\12.0.4518\ACEREP.DLL
+ 2006-10-26 18:13:30 224,104 ----a-r c:\windows\Installer\$PatchCache$\Managed\[u]0[/u]0002109110000000000000000F01FEC\12.0.4518\ACETXT.DLL
+ 2006-10-27 13:40:34 208,760 ----a-r c:\windows\Installer\$PatchCache$\Managed\[u]0[/u]0002109110000000000000000F01FEC\12.0.4518\ACEWSS.DLL
+ 2006-10-26 18:13:34 371,568 ----a-r c:\windows\Installer\$PatchCache$\Managed\[u]0[/u]0002109110000000000000000F01FEC\12.0.4518\ACEXBE.DLL
+ 2006-10-27 13:41:04 399,640 ----a-r c:\windows\Installer\$PatchCache$\Managed\[u]0[/u]0002109110000000000000000F01FEC\12.0.4518\CDLMSO.DLL
+ 2006-10-26 17:59:24 205,616 ----a-r c:\windows\Installer\$PatchCache$\Managed\[u]0[/u]0002109110000000000000000F01FEC\12.0.4518\CLVIEW.EXE
+ 2006-10-26 19:30:42 65,312 ----a-r c:\windows\Installer\$PatchCache$\Managed\[u]0[/u]0002109110000000000000000F01FEC\12.0.4518\COLLIMP.DLL
+ 2006-10-27 13:16:36 133,936 ----a-r c:\windows\Installer\$PatchCache$\Managed\[u]0[/u]0002109110000000000000000F01FEC\12.0.4518\CONTAB32.DLL
+ 2006-10-26 18:12:52 189,760 ----a-r c:\windows\Installer\$PatchCache$\Managed\[u]0[/u]0002109110000000000000000F01FEC\12.0.4518\CONTACTPICKER.DLL
+ 2006-10-26 18:55:32 87,344 ----a-r c:\windows\Installer\$PatchCache$\Managed\[u]0[/u]0002109110000000000000000F01FEC\12.0.4518\DLGSETP.DLL
+ 2006-10-26 17:48:14 439,568 ----a-r c:\windows\Installer\$PatchCache$\Managed\[u]0[/u]0002109110000000000000000F01FEC\12.0.4518\DWDCW20.DLL
+ 2006-10-26 17:48:14 434,528 ----a-r c:\windows\Installer\$PatchCache$\Managed\[u]0[/u]0002109110000000000000000F01FEC\12.0.4518\DWTRIG20.EXE
+ 2006-10-27 13:07:36 17,891,112 ----a-r c:\windows\Installer\$PatchCache$\Managed\[u]0[/u]0002109110000000000000000F01FEC\12.0.4518\EXCEL.EXE
+ 2006-10-26 12:10:08 1,190,688 ----a-r c:\windows\Installer\$PatchCache$\Managed\[u]0[/u]0002109110000000000000000F01FEC\12.0.4518\FM20.DLL
+ 2006-10-26 17:21:24 1,682,232 ----a-r c:\windows\Installer\$PatchCache$\Managed\[u]0[/u]0002109110000000000000000F01FEC\12.0.4518\FPSRVUTL.DLL
+ 2006-10-27 13:09:36 983,376 ----a-r c:\windows\Installer\$PatchCache$\Managed\[u]0[/u]0002109110000000000000000F01FEC\12.0.4518\FPWEC.DLL
+ 2006-10-26 18:02:12 2,526,520 ----a-r c:\windows\Installer\$PatchCache$\Managed\[u]0[/u]0002109110000000000000000F01FEC\12.0.4518\GRAPH.EXE
+ 2006-10-26 18:12:52 173,328 ----a-r c:\windows\Installer\$PatchCache$\Managed\[u]0[/u]0002109110000000000000000F01FEC\12.0.4518\IEAWSDC.DLL
+ 2006-10-26 18:55:38 138,024 ----a-r c:\windows\Installer\$PatchCache$\Managed\[u]0[/u]0002109110000000000000000F01FEC\12.0.4518\IMPMAIL.DLL
+ 2006-10-27 13:10:08 1,439,032 ----a-r c:\windows\Installer\$PatchCache$\Managed\[u]0[/u]0002109110000000000000000F01FEC\12.0.4518\INFOPATH.EXE
+ 2006-10-27 13:10:10 5,456,704 ----a-r c:\windows\Installer\$PatchCache$\Managed\[u]0[/u]0002109110000000000000000F01FEC\12.0.4518\IPDESIGN.DLL
+ 2006-10-27 13:10:10 5,281,592 ----a-r c:\windows\Installer\$PatchCache$\Managed\[u]0[/u]0002109110000000000000000F01FEC\12.0.4518\IPEDITOR.DLL
+ 2006-10-26 19:42:00 176,976 ----a-r c:\windows\Installer\$PatchCache$\Managed\[u]0[/u]0002109110000000000000000F01FEC\12.0.4518\IPOLK.DLL
+ 2006-10-26 17:55:10 828,704 ----a-r c:\windows\Installer\$PatchCache$\Managed\[u]0[/u]0002109110000000000000000F01FEC\12.0.4518\MEDCAT.DLL
+ 2006-10-26 18:55:48 340,248 ----a-r c:\windows\Installer\$PatchCache$\Managed\[u]0[/u]0002109110000000000000000F01FEC\12.0.4518\MIMEDIR.DLL
+ 2006-10-27 13:04:08 497,504 ----a-r c:\windows\Installer\$PatchCache$\Managed\[u]0[/u]0002109110000000000000000F01FEC\12.0.4518\MORPH9.DLL
+ 2006-10-27 13:01:34 10,371,880 ----a-r c:\windows\Installer\$PatchCache$\Managed\[u]0[/u]0002109110000000000000000F01FEC\12.0.4518\MSACCESS.EXE
+ 2006-10-26 19:18:06 66,880 ----a-r c:\windows\Installer\$PatchCache$\Managed\[u]0[/u]0002109110000000000000000F01FEC\12.0.4518\MSAEXP30.DLL
+ 2006-10-26 11:58:14 117,552 ----a-r c:\windows\Installer\$PatchCache$\Managed\[u]0[/u]0002109110000000000000000F01FEC\12.0.4518\MSCONV97.DLL
+ 2006-10-27 13:26:40 16,870,712 ----a-r c:\windows\Installer\$PatchCache$\Managed\[u]0[/u]0002109110000000000000000F01FEC\12.0.4518\MSO.DLL
+ 2006-10-27 12:59:06 161,080 ----a-r c:\windows\Installer\$PatchCache$\Managed\[u]0[/u]0002109110000000000000000F01FEC\12.0.4518\MSOCF.DLL
+ 2006-10-26 17:48:12 14,664 ----a-r c:\windows\Installer\$PatchCache$\Managed\[u]0[/u]0002109110000000000000000F01FEC\12.0.4518\MSOCFU.DLL
+ 2006-10-26 18:12:58 428,816 ----a-r c:\windows\Installer\$PatchCache$\Managed\[u]0[/u]0002109110000000000000000F01FEC\12.0.4518\MSODCW.DLL
+ 2006-10-26 19:13:36 26,936 ----a-r c:\windows\Installer\$PatchCache$\Managed\[u]0[/u]0002109110000000000000000F01FEC\12.0.4518\MSOEURO.DLL
+ 2006-10-26 18:00:08 6,635,320 ----a-r c:\windows\Installer\$PatchCache$\Managed\[u]0[/u]0002109110000000000000000F01FEC\12.0.4518\MSORES.DLL
+ 2006-10-26 11:56:36 436,520 ----a-r c:\windows\Installer\$PatchCache$\Managed\[u]0[/u]0002109110000000000000000F01FEC\12.0.4518\MSORUN.DLL
+ 2006-10-27 13:04:10 9,581,360 ----a-r c:\windows\Installer\$PatchCache$\Managed\[u]0[/u]0002109110000000000000000F01FEC\12.0.4518\MSPUB.EXE
+ 2006-10-26 17:50:04 672,024 ----a-r c:\windows\Installer\$PatchCache$\Managed\[u]0[/u]0002109110000000000000000F01FEC\12.0.4518\MSQRY32.EXE
+ 2006-10-26 11:56:40 505,136 ----a-r c:\windows\Installer\$PatchCache$\Managed\[u]0[/u]0002109110000000000000000F01FEC\12.0.4518\MSSOAP30.DLL
+ 2006-10-26 17:55:12 832,800 ----a-r c:\windows\Installer\$PatchCache$\Managed\[u]0[/u]0002109110000000000000000F01FEC\12.0.4518\MSTORDB.EXE
+ 2006-10-26 17:55:06 538,904 ----a-r c:\windows\Installer\$PatchCache$\Managed\[u]0[/u]0002109110000000000000000F01FEC\12.0.4518\MSTORES.DLL
+ 2006-10-26 18:12:30 65,824 ----a-r c:\windows\Installer\$PatchCache$\Managed\[u]0[/u]0002109110000000000000000F01FEC\12.0.4518\NAME.DLL
+ 2006-10-27 13:14:34 14,151,456 ----a-r c:\windows\Installer\$PatchCache$\Managed\[u]0[/u]0002109110000000000000000F01FEC\12.0.4518\OART.DLL
+ 2006-10-26 18:42:36 8,423,224 ----a-r c:\windows\Installer\$PatchCache$\Managed\[u]0[/u]0002109110000000000000000F01FEC\12.0.4518\OARTCONV.DLL
+ 2006-10-26 18:06:54 232,816 ----a-r c:\windows\Installer\$PatchCache$\Managed\[u]0[/u]0002109110000000000000000F01FEC\12.0.4518\ODEPLOY.EXE
+ 2006-10-26 18:14:06 7,033,152 ----a-r c:\windows\Installer\$PatchCache$\Managed\[u]0[/u]0002109110000000000000000F01FEC\12.0.4518\OFFOWC.DLL
+ 2006-10-27 13:18:36 1,658,152 ----a-r c:\windows\Installer\$PatchCache$\Managed\[u]0[/u]0002109110000000000000000F01FEC\12.0.4518\OGL.DLL
+ 2006-10-26 18:00:08 274,744 ----a-r c:\windows\Installer\$PatchCache$\Managed\[u]0[/u]0002109110000000000000000F01FEC\12.0.4518\OIS.EXE
+ 2006-10-26 18:00:12 998,208 ----a-r c:\windows\Installer\$PatchCache$\Managed\[u]0[/u]0002109110000000000000000F01FEC\12.0.4518\OISAPP.DLL
+ 2006-10-26 18:00:10 285,008 ----a-r c:\windows\Installer\$PatchCache$\Managed\[u]0[/u]0002109110000000000000000F01FEC\12.0.4518\OISGRAPH.DLL
+ 2006-10-27 13:16:46 2,939,704 ----a-r c:\windows\Installer\$PatchCache$\Managed\[u]0[/u]0002109110000000000000000F01FEC\12.0.4518\OLMAPI32.DLL
+ 2006-10-26 18:34:12 660,792 ----a-r c:\windows\Installer\$PatchCache$\Managed\[u]0[/u]0002109110000000000000000F01FEC\12.0.4518\OMSMAIN.DLL
+ 2006-10-26 18:34:10 192,848 ----a-r c:\windows\Installer\$PatchCache$\Managed\[u]0[/u]0002109110000000000000000F01FEC\12.0.4518\OMSXP32.DLL
+ 2006-10-26 18:07:04 6,536,992 ----a-r c:\windows\Installer\$PatchCache$\Managed\[u]0[/u]0002109110000000000000000F01FEC\12.0.4518\OSETUP.DLL
+ 2006-09-15 14:25:18 3,611,416 ----a-r c:\windows\Installer\$PatchCache$\Managed\[u]0[/u]0002109110000000000000000F01FEC\12.0.4518\OUTLFLTR.DAT
+ 2006-07-26 16:53:56 459,080 ----a-r c:\windows\Installer\$PatchCache$\Managed\[u]0[/u]0002109110000000000000000F01FEC\12.0.4518\OUTLFLTR.DLL
+ 2006-10-27 13:16:44 594,256 ----a-r c:\windows\Installer\$PatchCache$\Managed\[u]0[/u]0002109110000000000000000F01FEC\12.0.4518\OUTLMIME.DLL
+ 2006-10-27 13:16:48 12,813,096 ----a-r c:\windows\Installer\$PatchCache$\Managed\[u]0[/u]0002109110000000000000000F01FEC\12.0.4518\OUTLOOK.EXE
+ 2006-10-27 13:16:40 176,976 ----a-r c:\windows\Installer\$PatchCache$\Managed\[u]0[/u]0002109110000000000000000F01FEC\12.0.4518\OUTLPH.DLL
+ 2006-10-27 13:16:36 46,864 ----a-r c:\windows\Installer\$PatchCache$\Managed\[u]0[/u]0002109110000000000000000F01FEC\12.0.4518\OUTLRPC.DLL
+ 2006-10-26 19:30:44 482,088 ----a-r c:\windows\Installer\$PatchCache$\Managed\[u]0[/u]0002109110000000000000000F01FEC\12.0.4518\PORTCONN.DLL
+ 2006-10-27 13:04:06 465,200 ----a-r c:\windows\Installer\$PatchCache$\Managed\[u]0[/u]0002109110000000000000000F01FEC\12.0.4518\POWERPNT.EXE
+ 2006-10-27 13:04:06 7,980,848 ----a-r c:\windows\Installer\$PatchCache$\Managed\[u]0[/u]0002109110000000000000000F01FEC\12.0.4518\PPCORE.DLL
+ 2006-10-26 17:52:10 2,012,480 ----a-r c:\windows\Installer\$PatchCache$\Managed\[u]0[/u]0002109110000000000000000F01FEC\12.0.4518\PPTVIEW.EXE
+ 2006-10-26 18:09:36 136,008 ----a-r c:\windows\Installer\$PatchCache$\Managed\[u]0[/u]0002109110000000000000000F01FEC\12.0.4518\PRTF9.DLL
+ 2006-10-26 18:55:54 413,472 ----a-r c:\windows\Installer\$PatchCache$\Managed\[u]0[/u]0002109110000000000000000F01FEC\12.0.4518\PSTPRX32.DLL
+ 2006-10-27 13:04:06 624,456 ----a-r c:\windows\Installer\$PatchCache$\Managed\[u]0[/u]0002109110000000000000000F01FEC\12.0.4518\PTXT9.DLL
+ 2006-10-26 18:09:44 590,144 ----a-r c:\windows\Installer\$PatchCache$\Managed\[u]0[/u]0002109110000000000000000F01FEC\12.0.4518\PUBCONV.DLL
+ 2006-10-26 19:13:38 38,168 ----a-r c:\windows\Installer\$PatchCache$\Managed\[u]0[/u]0002109110000000000000000F01FEC\12.0.4518\REFEDIT.DLL
+ 2006-10-26 19:42:12 744,808 ----a-r c:\windows\Installer\$PatchCache$\Managed\[u]0[/u]0002109110000000000000000F01FEC\12.0.4518\REGFORM.EXE
+ 2006-10-26 18:55:44 263,520 ----a-r c:\windows\Installer\$PatchCache$\Managed\[u]0[/u]0002109110000000000000000F01FEC\12.0.4518\SCNPST32.DLL
+ 2006-10-26 18:55:44 272,744 ----a-r c:\windows\Installer\$PatchCache$\Managed\[u]0[/u]0002109110000000000000000F01FEC\12.0.4518\SCNPST64.DLL
+ 2006-10-26 18:13:00 503,624 ----a-r c:\windows\Installer\$PatchCache$\Managed\[u]0[/u]0002109110000000000000000F01FEC\12.0.4518\SELFCERT.EXE
+ 2006-10-26 18:06:58 439,600 ----a-r c:\windows\Installer\$PatchCache$\Managed\[u]0[/u]0002109110000000000000000F01FEC\12.0.4518\SETUP.EXE
+ 2006-10-26 19:18:16 502,608 ----a-r c:\windows\Installer\$PatchCache$\Managed\[u]0[/u]0002109110000000000000000F01FEC\12.0.4518\SOA.DLL
+ 2006-07-28 13:21:58 277,320 ----a-r c:\windows\Installer\$PatchCache$\Managed\[u]0[/u]0002109110000000000000000F01FEC\12.0.4518\SSGEN.DLL
+ 2006-10-27 12:57:08 2,330,968 ----a-r c:\windows\Installer\$PatchCache$\Managed\[u]0[/u]0002109110000000000000000F01FEC\12.0.4518\STSLIST.DLL
+ 2006-09-29 22:42:56 2,583,344 ----a-r c:\windows\Installer\$PatchCache$\Managed\[u]0[/u]0002109110000000000000000F01FEC\12.0.4518\VBE6.DLL
+ 2006-10-26 21:00:12 1,841,984 ----a-r c:\windows\Installer\$PatchCache$\Managed\[u]0[/u]0002109110000000000000000F01FEC\12.0.4518\VVIEWDWG.DLL
+ 2006-10-26 20:58:38 3,732,792 ----a-r c:\windows\Installer\$PatchCache$\Managed\[u]0[/u]0002109110000000000000000F01FEC\12.0.4518\VVIEWER.DLL
+ 2006-10-27 13:23:04 347,432 ----a-r c:\windows\Installer\$PatchCache$\Managed\[u]0[/u]0002109110000000000000000F01FEC\12.0.4518\WINWORD.EXE
+ 2006-10-27 13:11:38 4,235,560 ----a-r c:\windows\Installer\$PatchCache$\Managed\[u]0[/u]0002109110000000000000000F01FEC\12.0.4518\WRD12CNV.DLL
+ 2006-10-27 13:11:36 21,264 ----a-r c:\windows\Installer\$PatchCache$\Managed\[u]0[/u]0002109110000000000000000F01FEC\12.0.4518\WRD12EXE.EXE
+ 2006-10-27 13:23:08 17,483,560 ----a-r c:\windows\Installer\$PatchCache$\Managed\[u]0[/u]0002109110000000000000000F01FEC\12.0.4518\WWLIB.DLL
+ 2006-10-26 19:13:08 14,674,216 ----a-r c:\windows\Installer\$PatchCache$\Managed\[u]0[/u]0002109110000000000000000F01FEC\12.0.4518\XL12CNV.EXE
+ 2006-10-26 19:17:08 11,072 ----a-r c:\windows\Installer\$PatchCache$\Managed\[u]0[/u]0002109110000000000000000F01FEC\12.0.4518\XLCALL32.DLL
+ 2007-10-05 19:37:38 17,927,192 ----a-r c:\windows\Installer\$PatchCache$\Managed\[u]0[/u]0002109110000000000000000F01FEC\12.0.6215\EXCEL.EXE
+ 2007-08-28 22:38:10 500,648 ----a-r c:\windows\Installer\$PatchCache$\Managed\[u]0[/u]0002109110000000000000000F01FEC\12.0.6215\MORPH9.DLL
+ 2007-09-14 20:45:58 16,901,168 ----a-r c:\windows\Installer\$PatchCache$\Managed\[u]0[/u]0002109110000000000000000F01FEC\12.0.6215\MSO.DLL
+ 2007-08-28 22:38:46 9,584,512 ----a-r c:\windows\Installer\$PatchCache$\Managed\[u]0[/u]0002109110000000000000000F01FEC\12.0.6215\MSPUB.EXE
+ 2007-08-28 23:19:24 1,654,648 ----a-r c:\windows\Installer\$PatchCache$\Managed\[u]0[/u]0002109110000000000000000F01FEC\12.0.6215\OGL.DLL
+ 2007-08-28 22:06:16 467,840 ----a-r c:\windows\Installer\$PatchCache$\Managed\[u]0[/u]0002109110000000000000000F01FEC\12.0.6215\POWERPNT.EXE
+ 2007-08-28 22:06:44 7,990,144 ----a-r c:\windows\Installer\$PatchCache$\Managed\[u]0[/u]0002109110000000000000000F01FEC\12.0.6215\PPCORE.DLL
+ 2007-08-24 02:43:28 138,648 ----a-r c:\windows\Installer\$PatchCache$\Managed\[u]0[/u]0002109110000000000000000F01FEC\12.0.6215\PRTF9.DLL
+ 2007-08-28 22:39:14 625,560 ----a-r c:\windows\Installer\$PatchCache$\Managed\[u]0[/u]0002109110000000000000000F01FEC\12.0.6215\PTXT9.DLL
+ 2007-08-24 02:43:36 593,296 ----a-r c:\windows\Installer\$PatchCache$\Managed\[u]0[/u]0002109110000000000000000F01FEC\12.0.6215\PUBCONV.DLL
+ 2007-08-28 22:16:00 350,064 ----a-r c:\windows\Installer\$PatchCache$\Managed\[u]0[/u]0002109110000000000000000F01FEC\12.0.6215\WINWORD.EXE
+ 2007-09-06 16:56:32 17,490,800 ----a-r c:\windows\Installer\$PatchCache$\Managed\[u]0[/u]0002109110000000000000000F01FEC\12.0.6215\WWLIB.DLL
+ 2007-10-02 19:00:06 14,708,760 ----a-r c:\windows\Installer\$PatchCache$\Managed\[u]0[/u]0002109110000000000000000F01FEC\12.0.6215\XL12CNV.EXE
+ 2007-08-24 04:14:14 13,712 ----a-r c:\windows\Installer\$PatchCache$\Managed\[u]0[/u]0002109110000000000000000F01FEC\12.0.6215\XLCALL32.DLL
- 2008-10-27 13:59:33 49,152 ----a-r c:\windows\Installer\{2ADCF2B3-9140-432D-86F5-8C5D101ABEE1}\ARPPRODUCTICON.exe
+ 2008-10-27 13:59:33 69,632 ----a-r c:\windows\Installer\{2ADCF2B3-9140-432D-86F5-8C5D101ABEE1}\ARPPRODUCTICON.exe
- 2008-10-27 13:59:33 49,152 ----a-r c:\windows\Installer\{2ADCF2B3-9140-432D-86F5-8C5D101ABEE1}\Desktop_MindManager6_C4D150117314479F90CAEF8478756B79.exe
+ 2008-10-27 13:59:33 69,632 ----a-r c:\windows\Installer\{2ADCF2B3-9140-432D-86F5-8C5D101ABEE1}\Desktop_MindManager6_C4D150117314479F90CAEF8478756B79.exe
- 2008-10-27 13:59:33 49,152 ----a-r c:\windows\Installer\{2ADCF2B3-9140-432D-86F5-8C5D101ABEE1}\ProgramGroup_MindMan_C4D150117314479F90CAEF8478756B79.exe
+ 2008-10-27 13:59:33 69,632 ----a-r c:\windows\Installer\{2ADCF2B3-9140-432D-86F5-8C5D101ABEE1}\ProgramGroup_MindMan_C4D150117314479F90CAEF8478756B79.exe
- 2008-10-27 13:59:33 49,152 ----a-r c:\windows\Installer\{2ADCF2B3-9140-432D-86F5-8C5D101ABEE1}\QuickLaunch_MindMana_C4D150117314479F90CAEF8478756B79.exe
+ 2008-10-27 13:59:33 69,632 ----a-r c:\windows\Installer\{2ADCF2B3-9140-432D-86F5-8C5D101ABEE1}\QuickLaunch_MindMana_C4D150117314479F90CAEF8478756B79.exe
- 2008-10-27 13:59:33 49,152 ----a-r c:\windows\Installer\{2ADCF2B3-9140-432D-86F5-8C5D101ABEE1}\StartMenu_MindManage_C4D150117314479F90CAEF8478756B79.exe
+ 2008-10-27 13:59:33 69,632 ----a-r c:\windows\Installer\{2ADCF2B3-9140-432D-86F5-8C5D101ABEE1}\StartMenu_MindManage_C4D150117314479F90CAEF8478756B79.exe
- 2008-10-19 17:40:56 32,768 ----a-r c:\windows\Installer\{37477865-A3F1-4772-AD43-AAFC6BCFF99F}\icon.exe
+ 2008-10-19 17:40:56 53,248 ----a-r c:\windows\Installer\{37477865-A3F1-4772-AD43-AAFC6BCFF99F}\icon.exe
+ 2009-02-15 16:55:09 32,768 ----a-r c:\windows\Installer\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}\icon.exe
- 2008-10-23 19:51:44 65,536 ----a-r c:\windows\Installer\{88D422DB-E9C7-4E16-9D80-2999F4FD6AD9}\ARPPRODUCTICON.exe
+ 2008-10-23 19:51:44 86,016 ----a-r c:\windows\Installer\{88D422DB-E9C7-4E16-9D80-2999F4FD6AD9}\ARPPRODUCTICON.exe
- 2008-10-23 17:51:13 1,165,584 ----a-r c:\windows\Installer\{90120000-0011-0000-0000-0000000FF1CE}\accicons.exe
+ 2009-02-15 17:21:47 1,165,584 ----a-r c:\windows\Installer\{90120000-0011-0000-0000-0000000FF1CE}\accicons.exe
- 2008-10-23 17:51:13 20,240 ----a-r c:\windows\Installer\{90120000-0011-0000-0000-0000000FF1CE}\cagicon.exe
+ 2009-02-15 17:21:47 20,240 ----a-r c:\windows\Installer\{90120000-0011-0000-0000-0000000FF1CE}\cagicon.exe
- 2008-10-23 17:51:13 159,504 ----a-r c:\windows\Installer\{90120000-0011-0000-0000-0000000FF1CE}\inficon.exe
+ 2009-02-15 17:21:47 159,504 ----a-r c:\windows\Installer\{90120000-0011-0000-0000-0000000FF1CE}\inficon.exe
- 2008-10-23 17:51:13 217,864 ----a-r c:\windows\Installer\{90120000-0011-0000-0000-0000000FF1CE}\misc.exe
+ 2009-02-15 17:21:47 217,864 ----a-r c:\windows\Installer\{90120000-0011-0000-0000-0000000FF1CE}\misc.exe
- 2008-10-23 17:51:13 18,704 ----a-r c:\windows\Installer\{90120000-0011-0000-0000-0000000FF1CE}\mspicons.exe
+ 2009-02-15 17:21:47 18,704 ----a-r c:\windows\Installer\{90120000-0011-0000-0000-0000000FF1CE}\mspicons.exe
- 2008-10-23 17:51:13 35,088 ----a-r c:\windows\Installer\{90120000-0011-0000-0000-0000000FF1CE}\oisicon.exe
+ 2009-02-15 17:21:48 35,088 ----a-r c:\windows\Installer\{90120000-0011-0000-0000-0000000FF1CE}\oisicon.exe
- 2008-10-23 17:51:13 845,584 ----a-r c:\windows\Installer\{90120000-0011-0000-0000-0000000FF1CE}\outicon.exe
+ 2009-02-15 17:21:47 845,584 ----a-r c:\windows\Installer\{90120000-0011-0000-0000-0000000FF1CE}\outicon.exe
- 2008-10-23 17:51:13 922,384 ----a-r c:\windows\Installer\{90120000-0011-0000-0000-0000000FF1CE}\pptico.exe
+ 2009-02-15 17:21:47 922,384 ----a-r c:\windows\Installer\{90120000-0011-0000-0000-0000000FF1CE}\pptico.exe
- 2008-10-23 17:51:13 272,648 ----a-r c:\windows\Installer\{90120000-0011-0000-0000-0000000FF1CE}\pubs.exe
+ 2009-02-15 17:21:47 272,648 ----a-r c:\windows\Installer\{90120000-0011-0000-0000-0000000FF1CE}\pubs.exe
- 2008-10-23 17:51:13 888,080 ----a-r c:\windows\Installer\{90120000-0011-0000-0000-0000000FF1CE}\wordicon.exe
+ 2009-02-15 17:21:47 888,080 ----a-r c:\windows\Installer\{90120000-0011-0000-0000-0000000FF1CE}\wordicon.exe
- 2008-10-23 17:51:13 1,172,240 ----a-r c:\windows\Installer\{90120000-0011-0000-0000-0000000FF1CE}\xlicons.exe
+ 2009-02-15 17:21:47 1,172,240 ----a-r c:\windows\Installer\{90120000-0011-0000-0000-0000000FF1CE}\xlicons.exe
- 2008-10-23 17:48:56 217,864 ----a-r c:\windows\Installer\{90120000-006E-040C-0000-0000000FF1CE}\misc.exe
+ 2009-02-15 17:09:41 217,864 ----a-r c:\windows\Installer\{90120000-006E-040C-0000-0000000FF1CE}\misc.exe
+ 2009-01-20 10:20:03 295,606 ----a-r c:\windows\Installer\{AC76BA86-1033-F400-7760-000000000003}\_SC_Acrobat.exe
+ 2009-01-20 10:20:04 295,606 ----a-r c:\windows\Installer\{AC76BA86-1033-F400-7760-000000000003}\_SC_Acrobat_3D.exe
+ 2009-01-20 10:20:04 295,606 ----a-r c:\windows\Installer\{AC76BA86-1033-F400-7760-000000000003}\_SC_Acrobat_Standard.exe
+ 2009-01-20 10:20:04 25,214 ----a-r c:\windows\Installer\{AC76BA86-1033-F400-7760-000000000003}\_SC_Distiller.exe
+ 2009-01-20 10:20:04 7,278 ----a-r c:\windows\Installer\{AC76BA86-1033-F400-7760-000000000003}\_SC_ELEMENTS_DT.exe
+ 2009-01-20 10:20:03 23,558 ----a-r c:\windows\Installer\{AC76BA86-1033-F400-7760-000000000003}\SC_Designer_PFM.70DBED24_B579_40CB_AB0B_F1221A3E9EC5.exe
- 2008-10-24 17:09:33 81,920 ----a-r c:\windows\Installer\{B2D41883-3BFC-4BA0-A2F6-5A2C9836C238}\ACDSeeDesktopShortcu_AE80641A0C8D4670A518B4EC154B1027.exe
+ 2008-10-24 17:09:33 102,400 ----a-r c:\windows\Installer\{B2D41883-3BFC-4BA0-A2F6-5A2C9836C238}\ACDSeeDesktopShortcu_AE80641A0C8D4670A518B4EC154B1027.exe
- 2008-10-24 17:09:33 81,920 ----a-r c:\windows\Installer\{B2D41883-3BFC-4BA0-A2F6-5A2C9836C238}\ACDSeePMShortcut_AE80641A0C8D4670A518B4EC154B1027.exe
+ 2008-10-24 17:09:33 102,400 ----a-r c:\windows\Installer\{B2D41883-3BFC-4BA0-A2F6-5A2C9836C238}\ACDSeePMShortcut_AE80641A0C8D4670A518B4EC154B1027.exe
- 2008-10-24 17:09:33 81,920 ----a-r c:\windows\Installer\{B2D41883-3BFC-4BA0-A2F6-5A2C9836C238}\ACDSeeShowroomShortc_B2D418833BFC4BA0A2F65A2C9836C238.exe
+ 2008-10-24 17:09:33 102,400 ----a-r c:\windows\Installer\{B2D41883-3BFC-4BA0-A2F6-5A2C9836C238}\ACDSeeShowroomShortc_B2D418833BFC4BA0A2F65A2C9836C238.exe
- 2008-10-24 17:09:33 81,920 ----a-r c:\windows\Installer\{B2D41883-3BFC-4BA0-A2F6-5A2C9836C238}\ARPPRODUCTICON.exe
+ 2008-10-24 17:09:33 102,400 ----a-r c:\windows\Installer\{B2D41883-3BFC-4BA0-A2F6-5A2C9836C238}\ARPPRODUCTICON.exe
- 2008-10-24 17:09:33 45,056 ----a-r c:\windows\Installer\{B2D41883-3BFC-4BA0-A2F6-5A2C9836C238}\DevDetectPMShortcut_ECE0113B23D04DD889E6D2F026CABF03.exe
+ 2008-10-24 17:09:33 65,536 ----a-r c:\windows\Installer\{B2D41883-3BFC-4BA0-A2F6-5A2C9836C238}\DevDetectPMShortcut_ECE0113B23D04DD889E6D2F026CABF03.exe
- 2008-10-23 19:51:38 65,536 ----a-r c:\windows\Installer\{BC4F8E84-5E29-49EC-B4E7-E6F9CB50986C}\ARPPRODUCTICON.exe
+ 2008-10-23 19:51:38 86,016 ----a-r c:\windows\Installer\{BC4F8E84-5E29-49EC-B4E7-E6F9CB50986C}\ARPPRODUCTICON.exe
- 2008-11-29 12:37:45 632,320 ----a-r c:\windows\Installer\{CD95F661-A5C4-44F5-A6AA-ECDD91C240B5}\IconCD95F66110.exe
+ 2008-11-29 12:37:45 649,216 ----a-r c:\windows\Installer\{CD95F661-A5C4-44F5-A6AA-ECDD91C240B5}\IconCD95F66110.exe
- 2008-11-29 12:37:45 29,184 ----a-r c:\windows\Installer\{CD95F661-A5C4-44F5-A6AA-ECDD91C240B5}\IconCD95F6617.exe
+ 2008-11-29 12:37:45 46,080 ----a-r c:\windows\Installer\{CD95F661-A5C4-44F5-A6AA-ECDD91C240B5}\IconCD95F6617.exe
- 2008-10-19 17:44:09 166,912 ----a-r c:\windows\Installer\{CD97C166-020E-415A-98D2-2D89DD9D68F0}\places.exe
+ 2008-10-19 17:44:09 183,808 ----a-r c:\windows\Installer\{CD97C166-020E-415A-98D2-2D89DD9D68F0}\places.exe
- 2009-01-12 15:37:17 40,960 ----a-r c:\windows\Installer\{D041EB9E-890A-4098-8F94-51DA194AC72A}\SC_AMCap.exe
+ 2009-01-12 15:37:17 61,440 ----a-r c:\windows\Installer\{D041EB9E-890A-4098-8F94-51DA194AC72A}\SC_AMCap.exe
- 2009-01-12 15:37:17 49,152 ----a-r c:\windows\Installer\{D041EB9E-890A-4098-8F94-51DA194AC72A}\SC_Check3D.exe
+ 2009-01-12 15:37:17 69,632 ----a-r c:\windows\Installer\{D041EB9E-890A-4098-8F94-51DA194AC72A}\SC_Check3D.exe
- 2009-01-12 15:37:17 69,632 ----a-r c:\windows\Installer\{D041EB9E-890A-4098-8F94-51DA194AC72A}\SC_ContentTransfer.exe
+ 2009-01-12 15:37:17 90,112 ----a-r c:\windows\Installer\{D041EB9E-890A-4098-8F94-51DA194AC72A}\SC_ContentTransfer.exe
- 2009-01-12 15:37:17 434,176 ----a-r c:\windows\Installer\{D041EB9E-890A-4098-8F94-51DA194AC72A}\SC_GuidedTour.exe
+ 2009-01-12 15:37:17 454,656 ----a-r c:\windows\Installer\{D041EB9E-890A-4098-8F94-51DA194AC72A}\SC_GuidedTour.exe
- 2009-01-12 15:37:17 45,056 ----a-r c:\windows\Installer\{D041EB9E-890A-4098-8F94-51DA194AC72A}\SC_Help_HH.exe
+ 2009-01-12 15:37:17 65,536 ----a-r c:\windows\Installer\{D041EB9E-890A-4098-8F94-51DA194AC72A}\SC_Help_HH.exe
- 2009-01-12 15:37:17 65,536 ----a-r c:\windows\Installer\{D041EB9E-890A-4098-8F94-51DA194AC72A}\SC_ReadMe.exe
+ 2009-01-12 15:37:17 86,016 ----a-r c:\windows\Installer\{D041EB9E-890A-4098-8F94-51DA194AC72A}\SC_ReadMe.exe
- 2009-01-12 15:37:17 69,632 ----a-r c:\windows\Installer\{D041EB9E-890A-4098-8F94-51DA194AC72A}\Studio.exe
+ 2009-01-12 15:37:17 90,112 ----a-r c:\windows\Installer\{D041EB9E-890A-4098-8F94-51DA194AC72A}\Studio.exe
+ 2009-01-19 10:28:00 471,040 ----a-r c:\windows\Installer\{DD6967E0-904C-4394-A4AE-C2335E495933}\ARPPRODUCTICON.exe
+ 2009-01-19 10:28:00 8,854 ----a-r c:\windows\Installer\{DD6967E0-904C-4394-A4AE-C2335E495933}\New_Shortcut_F007CBCED7144C0B8CE99B0D78116468.exe
+ 2009-01-19 10:28:00 471,040 ----a-r c:\windows\Installer\{DD6967E0-904C-4394-A4AE-C2335E495933}\NewShortcut2_DD6967E0904C4394A4AEC2335E495933.exe
+ 2009-01-19 10:28:00 471,040 ----a-r c:\windows\Installer\{DD6967E0-904C-4394-A4AE-C2335E495933}\NewShortcut3_DD6967E0904C4394A4AEC2335E495933_1.exe
- 2008-10-26 07:08:01 49,152 ----a-r c:\windows\Installer\{DDDD90B2-80F2-413A-8A8E-38C5076A7DBA}\ARPPRODUCTICON.exe
+ 2008-10-26 07:08:01 69,632 ----a-r c:\windows\Installer\{DDDD90B2-80F2-413A-8A8E-38C5076A7DBA}\ARPPRODUCTICON.exe
- 2008-10-26 07:08:01 49,152 ----a-r c:\windows\Installer\{DDDD90B2-80F2-413A-8A8E-38C5076A7DBA}\ConvertXML_Shortcut_DDDD90B280F2413A8A8E38C5076A7DBA.exe
+ 2008-10-26 07:08:01 69,632 ----a-r c:\windows\Installer\{DDDD90B2-80F2-413A-8A8E-38C5076A7DBA}\ConvertXML_Shortcut_DDDD90B280F2413A8A8E38C5076A7DBA.exe
- 2008-10-26 07:08:01 49,152 ----a-r c:\windows\Installer\{DDDD90B2-80F2-413A-8A8E-38C5076A7DBA}\Dragonlog_Shortcut_DDDD90B280F2413A8A8E38C5076A7DBA.exe
+ 2008-10-26 07:08:01 69,632 ----a-r c:\windows\Installer\{DDDD90B2-80F2-413A-8A8E-38C5076A7DBA}\Dragonlog_Shortcut_DDDD90B280F2413A8A8E38C5076A7DBA.exe
- 2008-10-26 07:08:01 49,152 ----a-r c:\windows\Installer\{DDDD90B2-80F2-413A-8A8E-38C5076A7DBA}\NatSpeak_Shortcut_DDDD90B280F2413A8A8E38C5076A7DBA.exe
+ 2008-10-26 07:08:01 69,632 ----a-r c:\windows\Installer\{DDDD90B2-80F2-413A-8A8E-38C5076A7DBA}\NatSpeak_Shortcut_DDDD90B280F2413A8A8E38C5076A7DBA.exe
- 2008-10-26 07:08:01 49,152 ----a-r c:\windows\Installer\{DDDD90B2-80F2-413A-8A8E-38C5076A7DBA}\NatSpeakD_Shortcut_DDDD90B280F2413A8A8E38C5076A7DBA.exe
+ 2008-10-26 07:08:01 69,632 ----a-r c:\windows\Installer\{DDDD90B2-80F2-413A-8A8E-38C5076A7DBA}\NatSpeakD_Shortcut_DDDD90B280F2413A8A8E38C5076A7DBA.exe
- 2008-10-26 07:08:01 49,152 ----a-r c:\windows\Installer\{DDDD90B2-80F2-413A-8A8E-38C5076A7DBA}\NSAdmin_Shortcut_DDDD90B280F2413A8A8E38C5076A7DBA.exe
+ 2008-10-26 07:08:01 69,632 ----a-r c:\windows\Installer\{DDDD90B2-80F2-413A-8A8E-38C5076A7DBA}\NSAdmin_Shortcut_DDDD90B280F2413A8A8E38C5076A7DBA.exe
- 2008-10-26 07:08:01 45,056 ----a-r c:\windows\Installer\{DDDD90B2-80F2-413A-8A8E-38C5076A7DBA}\NSAdminHelp_Shortcut_DDDD90B280F2413A8A8E38C5076A7DBA.exe
+ 2008-10-26 07:08:01 65,536 ----a-r c:\windows\Installer\{DDDD90B2-80F2-413A-8A8E-38C5076A7DBA}\NSAdminHelp_Shortcut_DDDD90B280F2413A8A8E38C5076A7DBA.exe
- 2008-10-26 07:08:01 49,152 ----a-r c:\windows\Installer\{DDDD90B2-80F2-413A-8A8E-38C5076A7DBA}\NSAdminW_Shortcut_DDDD90B280F2413A8A8E38C5076A7DBA.exe
+ 2008-10-26 07:08:01 69,632 ----a-r c:\windows\Installer\{DDDD90B2-80F2-413A-8A8E-38C5076A7DBA}\NSAdminW_Shortcut_DDDD90B280F2413A8A8E38C5076A7DBA.exe
- 2008-10-26 07:08:01 49,152 ----a-r c:\windows\Installer\{DDDD90B2-80F2-413A-8A8E-38C5076A7DBA}\SchedMgr_Shortcut_DDDD90B280F2413A8A8E38C5076A7DBA.exe
+ 2008-10-26 07:08:01 69,632 ----a-r c:\windows\Installer\{DDDD90B2-80F2-413A-8A8E-38C5076A7DBA}\SchedMgr_Shortcut_DDDD90B280F2413A8A8E38C5076A7DBA.exe
- 2008-10-26 07:08:01 49,152 ----a-r c:\windows\Installer\{DDDD90B2-80F2-413A-8A8E-38C5076A7DBA}\Setuplog_Shortcut_DDDD90B280F2413A8A8E38C5076A7DBA.exe
+ 2008-10-26 07:08:01 69,632 ----a-r c:\windows\Installer\{DDDD90B2-80F2-413A-8A8E-38C5076A7DBA}\Setuplog_Shortcut_DDDD90B280F2413A8A8E38C5076A7DBA.exe
- 2008-10-26 07:08:01 65,536 ----a-r c:\windows\Installer\{DDDD90B2-80F2-413A-8A8E-38C5076A7DBA}\Shortcut0.C3A146F5_4B48_11D5_A819_00B0D0428C0C.exe
+ 2008-10-26 07:08:01 86,016 ----a-r c:\windows\Installer\{DDDD90B2-80F2-413A-8A8E-38C5076A7DBA}\Shortcut0.C3A146F5_4B48_11D5_A819_00B0D0428C0C.exe
- 2008-10-26 07:08:01 40,960 ----a-r c:\windows\Installer\{DDDD90B2-80F2-413A-8A8E-38C5076A7DBA}\TAgent_Shortcut_DDDD90B280F2413A8A8E38C5076A7DBA.exe
+ 2008-10-26 07:08:01 61,440 ----a-r c:\windows\Installer\{DDDD90B2-80F2-413A-8A8E-38C5076A7DBA}\TAgent_Shortcut_DDDD90B280F2413A8A8E38C5076A7DBA.exe
- 2008-10-26 07:08:01 49,152 ----a-r c:\windows\Installer\{DDDD90B2-80F2-413A-8A8E-38C5076A7DBA}\Upgrade_Shortcut_DDDD90B280F2413A8A8E38C5076A7DBA.exe
+ 2008-10-26 07:08:01 69,632 ----a-r c:\windows\Installer\{DDDD90B2-80F2-413A-8A8E-38C5076A7DBA}\Upgrade_Shortcut_DDDD90B280F2413A8A8E38C5076A7DBA.exe
- 2008-10-26 07:08:01 45,056 ----a-r c:\windows\Installer\{DDDD90B2-80F2-413A-8A8E-38C5076A7DBA}\Voctool_Shortcut_DDDD90B280F2413A8A8E38C5076A7DBA.exe
+ 2008-10-26 07:08:01 65,536 ----a-r c:\windows\Installer\{DDDD90B2-80F2-413A-8A8E-38C5076A7DBA}\Voctool_Shortcut_DDDD90B280F2413A8A8E38C5076A7DBA.exe
- 2008-10-23 17:04:54 49,152 ----a-r c:\windows\Installer\{DEE88727-779B-47A9-ACEF-F87CA5F92A65}\NewShortcut14_27BC537B086D42E19CB39D115FA043BF.exe
+ 2008-10-23 17:04:54 69,632 ----a-r c:\windows\Installer\{DEE88727-779B-47A9-ACEF-F87CA5F92A65}\NewShortcut14_27BC537B086D42E19CB39D115FA043BF.exe
- 2008-10-23 17:04:54 450,560 ----a-r c:\windows\Installer\{DEE88727-779B-47A9-ACEF-F87CA5F92A65}\NewShortcut15_27BC537B086D42E19CB39D115FA043BF.exe
+ 2008-10-23 17:04:54 471,040 ----a-r c:\windows\Installer\{DEE88727-779B-47A9-ACEF-F87CA5F92A65}\NewShortcut15_27BC537B086D42E19CB39D115FA043BF.exe
- 2008-10-23 17:04:54 65,536 ----a-r c:\windows\Installer\{DEE88727-779B-47A9-ACEF-F87CA5F92A65}\Shortcut0.C3A146F5_4B48_11D5_A819_00B0D0428C0C.exe
+ 2008-10-23 17:04:54 86,016 ----a-r c:\windows\Installer\{DEE88727-779B-47A9-ACEF-F87CA5F92A65}\Shortcut0.C3A146F5_4B48_11D5_A819_00B0D0428C0C.exe
- 2004-12-08 16:06:39 65,536 ----a-w c:\windows\LClock.exe
+ 2004-12-08 16:06:39 86,016 ------w c:\windows\LClock.exe
- 2007-07-24 17:47:00 59,911 ----a-w c:\windows\LSD\all_users.exe
+ 2007-07-24 18:47:00 59,911 ----a-w c:\windows\LSD\all_users.exe
+ 2007-07-24 10:07:37 70,207,413 ----a-w c:\windows\LSD\bonus.exe
- 2007-08-07 13:46:13 2,336 ----a-w c:\windows\LSD\end.cmd
+ 2007-08-07 14:46:13 2,336 ----a-w c:\windows\LSD\end.cmd
- 2004-09-12 12:06:50 57,344 ----a-w c:\windows\LSD\say.exe
+ 2004-09-12 13:06:50 77,824 ----a-w c:\windows\LSD\say.exe
- 1999-12-23 14:47:59 59,199 ----a-w c:\windows\LSD\sendto.exe
+ 1999-12-23 15:47:59 59,199 ----a-w c:\windows\LSD\sendto.exe
- 2007-07-10 00:02:59 4,105,911 ----a-w c:\windows\LSD\shell32.exe
+ 2007-07-10 01:02:59 4,105,911 ----a-w c:\windows\LSD\shell32.exe
- 2005-06-28 16:59:26 275,749 ----a-w c:\windows\LSD\TCPIP.exe
+ 2005-06-28 17:59:26 275,749 ----a-w c:\windows\LSD\TCPIP.exe
- 2004-12-21 20:38:41 2,113,536 ----a-w c:\windows\LSD\u2.exe
+ 2004-12-21 21:38:41 2,134,016 ----a-w c:\windows\LSD\u2.exe
- 2002-03-02 23:30:06 32,768 ----a-w c:\windows\LSD\w.exe
+ 2002-03-03 00:30:06 53,248 ----a-w c:\windows\LSD\w.exe
- 2005-07-10 20:04:14 70,656 ----a-w c:\windows\LSD\xuser.exe
+ 2005-07-10 21:04:14 91,136 ----a-w c:\windows\LSD\xuser.exe
- 2008-09-30 15:38:10 2,168,320 ----a-w c:\windows\MicCal.exe
+ 2008-09-30 15:38:10 2,185,728 ----a-w c:\windows\MicCal.exe
- 2005-09-23 06:28:52 72,704 ----a-w c:\windows\Microsoft.NET\Framework\NETFXSBS10.exe
+ 2005-09-23 06:28:52 89,600 ----a-w c:\windows\Microsoft.NET\Framework\NETFXSBS10.exe
- 2005-09-23 06:28:32 36,864 ----a-w c:\windows\Microsoft.NET\Framework\v2.0.50727\aspnet_compiler.exe
+ 2005-09-23 06:28:32 57,344 ----a-w c:\windows\Microsoft.NET\Framework\v2.0.50727\aspnet_compiler.exe
- 2005-09-23 06:28:32 13,824 ----a-w c:\windows\Microsoft.NET\Framework\v2.0.50727\aspnet_regbrowsers.exe
+ 2005-09-23 06:28:32 30,720 ----a-w c:\windows\Microsoft.NET\Framework\v2.0.50727\aspnet_regbrowsers.exe
- 2005-09-23 06:28:32 106,496 ----a-w c:\windows\Microsoft.NET\Framework\v2.0.50727\aspnet_regsql.exe
+ 2005-09-23 06:28:32 126,976 ----a-w c:\windows\Microsoft.NET\Framework\v2.0.50727\aspnet_regsql.exe
- 2005-09-23 06:28:56 106,496 ----a-w c:\windows\Microsoft.NET\Framework\v2.0.50727\CasPol.exe
+ 2005-09-23 06:28:56 126,976 ----a-w c:\windows\Microsoft.NET\Framework\v2.0.50727\CasPol.exe
- 2005-09-23 06:28:38 4,608 ----a-w c:\windows\Microsoft.NET\Framework\v2.0.50727\dfsvc.exe
+ 2005-09-23 06:28:38 21,504 ----a-w c:\windows\Microsoft.NET\Framework\v2.0.50727\dfsvc.exe
- 2005-09-23 06:28:56 9,728 ----a-w c:\windows\Microsoft.NET\Framework\v2.0.50727\IEExec.exe
+ 2005-09-23 06:28:56 26,624 ----a-w c:\windows\Microsoft.NET\Framework\v2.0.50727\IEExec.exe
- 2005-09-23 06:28:56 28,672 ----a-w c:\windows\Microsoft.NET\Framework\v2.0.50727\InstallUtil.exe
+ 2005-09-23 06:28:56 49,152 ----a-w c:\windows\Microsoft.NET\Framework\v2.0.50727\InstallUtil.exe
- 2005-09-23 06:28:48 40,960 ----a-w c:\windows\Microsoft.NET\Framework\v2.0.50727\jsc.exe
+ 2005-09-23 06:28:48 61,440 ----a-w c:\windows\Microsoft.NET\Framework\v2.0.50727\jsc.exe
- 2005-09-23 06:28:48 69,632 ----a-w c:\windows\Microsoft.NET\Framework\v2.0.50727\MSBuild.exe
+ 2005-09-23 06:28:48 90,112 ----a-w c:\windows\Microsoft.NET\Framework\v2.0.50727\MSBuild.exe
- 2005-09-23 06:28:56 53,248 ----a-w c:\windows\Microsoft.NET\Framework\v2.0.50727\RegAsm.exe
+ 2005-09-23 06:28:56 73,728 ----a-w c:\windows\Microsoft.NET\Framework\v2.0.50727\RegAsm.exe
- 2005-09-23 06:28:56 32,768 ----a-w c:\windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exe
+ 2005-09-23 06:28:56 53,248 ----a-w c:\windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exe
- 2006-10-30 02:34:02 159,744 ----a-w c:\windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\ComSvcConfig.exe
+ 2006-10-30 02:34:02 180,224 ----a-w c:\windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\ComSvcConfig.exe
- 2006-10-30 02:33:58 741,376 ----a-w c:\windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
+ 2006-10-30 02:33:58 761,856 ----a-w c:\windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
- 2006-10-30 02:34:02 61,440 ----a-w c:\windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\ServiceModelReg.exe
+ 2006-10-30 02:34:02 81,920 ----a-w c:\windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\ServiceModelReg.exe
- 2006-10-30 02:34:02 122,880 ----a-w c:\windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe
+ 2006-10-30 02:34:02 143,360 ----a-w c:\windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe
- 2006-10-30 02:34:02 143,360 ----a-w c:\windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\WsatConfig.exe
+ 2006-10-30 02:34:02 163,840 ----a-w c:\windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\WsatConfig.exe
- 2006-10-20 20:21:24 36,864 ----a-w c:\windows\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe
+ 2006-10-20 20:21:24 57,344 ----a-w c:\windows\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe
- 2006-10-20 20:21:26 14,848 ----a-w c:\windows\Microsoft.NET\Framework\v3.0\WPF\XamlViewer\XamlViewer_v0300.exe
+ 2006-10-20 20:21:26 31,744 ----a-w c:\windows\Microsoft.NET\Framework\v3.0\WPF\XamlViewer\XamlViewer_v0300.exe
- 2007-07-16 14:27:46 557,568 ----a-w c:\windows\Network Diagnostic\xpnetdiag.exe
+ 2007-07-16 14:27:46 574,464 ----a-w c:\windows\Network Diagnostic\xpnetdiag.exe
- 2000-08-31 07:00:00 28,672 ----a-w c:\windows\NIRCMD.exe
+ 2000-08-31 07:00:00 48,640 ----a-w c:\windows\NIRCMD.exe
- 2007-07-15 21:27:58 749,568 ----a-w c:\windows\NOTEPAD.EXE
+ 2007-07-15 21:27:58 770,048 ----a-w c:\windows\NOTEPAD.EXE
- 2007-08-14 09:09:02 84,480 ----a-w c:\windows\OPTIONS\CABS\lanset64.exe
+ 2007-08-14 09:09:02 101,376 ----a-w c:\windows\OPTIONS\CABS\lanset64.exe
- 2007-08-14 09:08:44 55,808 ----a-w c:\windows\OPTIONS\CABS\lansetm.exe
+ 2007-08-14 09:08:44 80,472 ----a-w c:\windows\OPTIONS\CABS\lansetm.exe
- 2007-08-14 09:08:52 59,392 ----a-w c:\windows\OPTIONS\CABS\lansetup.exe
+ 2007-08-14 09:08:52 84,056 ----a-w c:\windows\OPTIONS\CABS\lansetup.exe
- 2007-08-14 09:08:56 57,344 ----a-w c:\windows\OPTIONS\CABS\lansetx.exe
+ 2007-08-14 09:08:56 82,008 ----a-w c:\windows\OPTIONS\CABS\lansetx.exe
- 2004-08-19 20:09:56 768,512 ----a-w c:\windows\pchealth\helpctr\binaries\HelpCtr.exe
+ 2004-08-19 20:09:56 785,408 ----a-w c:\windows\pchealth\helpctr\binaries\HelpCtr.exe
- 2001-08-28 18:00:00 99,840 ----a-w c:\windows\pchealth\helpctr\binaries\HelpHost.exe
+ 2001-08-28 18:00:00 116,736 ----a-w c:\windows\pchealth\helpctr\binaries\HelpHost.exe
- 2004-08-19 20:09:56 743,936 ----a-w c:\windows\pchealth\helpctr\binaries\HelpSvc.exe
+ 2004-08-19 20:09:56 760,832 ----a-w c:\windows\pchealth\helpctr\binaries\HelpSvc.exe
- 2004-08-19 20:09:56 18,944 ----a-w c:\windows\pchealth\helpctr\binaries\HscUpd.exe
+ 2004-08-19 20:09:56 35,840 ----a-w c:\windows\pchealth\helpctr\binaries\HscUpd.exe
- 2007-07-16 14:26:01 172,544 ----a-w c:\windows\pchealth\helpctr\binaries\msconfig.exe
+ 2007-07-16 14:26:01 189,952 ----a-w c:\windows\pchealth\helpctr\binaries\msconfig.exe
- 2001-08-28 18:00:00 35,328 ----a-w c:\windows\pchealth\helpctr\binaries\notiflag.exe
+ 2001-08-28 18:00:00 52,224 ----a-w c:\windows\pchealth\helpctr\binaries\notiflag.exe
- 2004-08-19 20:10:04 151,040 ----a-w c:\windows\pchealth\UploadLB\Binaries\UploadM.exe
+ 2004-08-19 20:10:04 167,936 ----a-w c:\windows\pchealth\UploadLB\Binaries\UploadM.exe
- 2005-04-05 07:26:20 456,208 ----a-w c:\windows\process.exe
+ 2005-04-05 08:26:20 456,208 ----a-w c:\windows\process.exe
- 2007-03-20 06:41:06 32,768 ------r c:\windows\RaidTool\IDEDrvSetup.exe
+ 2007-03-20 06:41:06 57,020 ------r c:\win
Microsoft Windows XP Professionnel 5.1.2600.2.1252.1.1036.18.2046.1494 [GMT 1:00]
Lancé depuis: c:\documents and settings\Profit\Bureau\ComboFix.exe
Commutateurs utilisés :: c:\documents and settings\Profit\Bureau\CFscript.txt
AV: avast! antivirus 4.8.1296 [VPS 090215-0] *On-access scanning disabled* (Updated)
* Un nouveau point de restauration a été créé
FILE ::
c:\documents and settings\Profit\Application Data\Microsoft\Installer\{237CD223-1B9D-47E8-A76C-E478B83CCEA2}\ARPPRODUCTICON.exe
c:\windows\hdirurzh.exe
c:\windows\rveskesj.exe
c:\windows\SoftwareDistribution\Download\405ae8e48aa46e265982686e1678047b\update\nv4prep.exe
c:\windows\system32\Drivers\jpymxmbs.sys
c:\windows\system32\Drivers\ndisio.sys
c:\windows\system32\inf\xccdfb16_090131.dll
c:\windows\TEMP\BNA.tmp
c:\windows\xccdf16_090131a.dll
c:\windows\xccdf32_090131a.dll
.
(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
.
c:\documents and settings\Profit\Application Data\Microsoft\Installer\{237CD223-1B9D-47E8-A76C-E478B83CCEA2}\ARPPRODUCTICON.exe
c:\windows\patch.exe
c:\windows\system32\_000006_.tmp.dll
c:\windows\system32\drivers\ntndis.sys
c:\windows\system32\dumphive.exe
c:\windows\system32\IEDFix.exe
c:\windows\system32\inf\rundll33.exe
c:\windows\system32\inf\xccefb090131.scr
c:\windows\system32\Process.exe
c:\windows\system32\SrchSTS.exe
c:\windows\system32\tmp.reg
c:\windows\system32\VCCLSID.exe
c:\windows\system32\WS2Fix.exe
c:\windows\xccwinsys.ini
[COLOR=RED] c:\windows\system32\userinit.exe . . . est infecté!![/COLOR]
[COLOR=RED] c:\windows\system32\svchost.exe . . . est infecté!![/COLOR]
[COLOR=RED] c:\windows\system32\spoolsv.exe . . . est infecté!![/COLOR]
[COLOR=RED] c:\windows\explorer.exe . . . est infecté!![/COLOR]
.
((((((((((((((((((((((((((((( Fichiers créés du 2009-01-15 au 2009-02-15 ))))))))))))))))))))))))))))))))))))
.
2009-02-15 23:40 . 2009-02-15 23:40 28,573 --a------ c:\windows\system32\A.tmp
2009-02-15 23:40 . 2009-02-15 23:40 132 --a------ c:\windows\system32\9.tmp
2009-02-15 19:04 . 2009-02-15 19:04 <REP> d-------- c:\program files\Viewpoint
2009-02-15 18:13 . 2009-02-15 18:13 <REP> d-------- c:\program files\Microsoft CAPICOM 2.1.0.2
2009-02-15 17:21 . 2009-02-15 17:21 <REP> d-------- c:\windows\system32\CatRoot_bak
2009-02-15 17:10 . 2009-02-15 23:26 <REP> d-------- c:\windows\system32\inf
2009-02-15 17:10 . 2009-02-15 17:10 155,216 --a------ c:\windows\system\xccef090131.exe
2009-02-15 08:58 . 2009-02-15 08:58 <REP> d-------- c:\windows\ERUNT
2009-02-14 22:45 . 2008-10-23 13:51 284,160 --------- c:\windows\system32\DllCache\gdi32.dll
2009-02-14 22:45 . 2008-06-24 17:30 74,240 --------- c:\windows\system32\DllCache\mscms.dll
2009-02-14 22:42 . 2008-09-04 17:34 1,106,944 --------- c:\windows\system32\DllCache\msxml3.dll
2009-02-14 22:42 . 2008-10-24 12:25 455,936 --------- c:\windows\system32\DllCache\mrxsmb.sys
2009-02-14 22:42 . 2008-10-15 17:55 339,456 --------- c:\windows\system32\DllCache\netapi32.dll
2009-02-14 22:42 . 2008-12-11 11:24 333,184 --------- c:\windows\system32\DllCache\srv.sys
2009-02-14 22:42 . 2008-05-01 15:31 331,776 --------- c:\windows\system32\DllCache\msadce.dll
2009-02-14 22:42 . 2008-10-03 11:17 247,326 --------- c:\windows\system32\DllCache\strmdll.dll
2009-02-14 18:58 . 2007-07-05 08:51 2,325,632 --a------ c:\windows\system32\oemkrnl.exe
2009-02-14 18:47 . 2009-02-14 18:47 54,156 --ah----- c:\windows\QTFont.qfn
2009-02-14 18:47 . 2009-02-14 18:47 1,409 --a------ c:\windows\QTFont.for
2009-02-14 18:46 . 2009-02-14 18:49 106,496 --a------ c:\windows\unvise32qt.exe
2009-02-14 17:34 . 2008-10-16 14:06 268,648 --a------ c:\windows\system32\mucltui.dll
2009-02-14 17:34 . 2008-10-16 14:06 208,744 --a------ c:\windows\system32\muweb.dll
2009-02-14 17:34 . 2008-10-16 14:06 27,496 --a------ c:\windows\system32\mucltui.dll.mui
2009-02-14 17:32 . 2009-02-14 17:32 <REP> dr------- c:\documents and settings\NetworkService\Favoris
2009-02-14 13:07 . 2009-02-14 13:07 <REP> d-------- c:\program files\Lavasoft
2009-02-14 13:07 . 2009-02-14 13:08 <REP> d-------- c:\documents and settings\All Users\Application Data\Lavasoft
2009-02-14 12:47 . 2009-02-14 12:47 <REP> d-------- c:\program files\Fichiers communs\Wise Installation Wizard
2009-02-14 12:44 . 2009-02-14 12:44 <REP> d-------- c:\program files\CleanUp!
2009-02-13 18:09 . 2009-02-13 18:10 <REP> d-------- c:\program files\Malwarebytes' Anti-Malware
2009-02-13 18:09 . 2009-02-13 18:09 <REP> d-------- c:\documents and settings\Profit\Application Data\Malwarebytes
2009-02-13 18:09 . 2009-02-13 18:09 <REP> d-------- c:\documents and settings\All Users\Application Data\Malwarebytes
2009-02-13 18:09 . 2009-02-11 10:19 38,496 --a------ c:\windows\system32\drivers\mbamswissarmy.sys
2009-02-13 18:09 . 2009-02-11 10:19 15,504 --a------ c:\windows\system32\drivers\mbam.sys
2009-02-13 17:41 . 2009-02-14 19:13 494,958 --a------ c:\windows\system32\perfh040.dat
2009-02-13 17:41 . 2009-02-14 19:13 78,450 --a------ c:\windows\system32\perfc040.dat
2009-02-13 08:08 . 2008-05-07 05:55 1,294,336 --------- c:\windows\system32\DllCache\quartz.dll
2009-02-13 08:08 . 2008-06-20 11:44 360,960 --------- c:\windows\system32\DllCache\tcpip.sys
2009-02-13 08:08 . 2008-07-07 21:18 253,952 --------- c:\windows\system32\DllCache\es.dll
2009-02-13 08:08 . 2008-06-20 18:37 247,808 --------- c:\windows\system32\DllCache\mswsock.dll
2009-02-13 08:08 . 2008-06-20 10:32 225,920 --------- c:\windows\system32\DllCache\tcpip6.sys
2009-02-13 08:08 . 2008-06-20 18:37 147,968 --------- c:\windows\system32\DllCache\dnsapi.dll
2009-02-13 08:08 . 2008-08-14 10:48 138,368 --------- c:\windows\system32\DllCache\afd.sys
2009-02-13 08:08 . 2006-08-16 13:13 100,352 --------- c:\windows\system32\DllCache\6to4svc.dll
2009-02-13 08:07 . 2008-06-14 18:59 272,768 --------- c:\windows\system32\drivers\bthport.sys
2009-02-13 08:07 . 2008-06-14 18:59 272,768 --------- c:\windows\system32\DllCache\bthport.sys
2009-02-13 08:06 . 2008-08-14 14:39 2,188,032 --------- c:\windows\system32\DllCache\ntoskrnl.exe
2009-02-13 08:06 . 2008-08-14 14:39 2,144,768 --------- c:\windows\system32\DllCache\ntkrnlmp.exe
2009-02-13 08:06 . 2008-08-14 14:39 2,065,024 --------- c:\windows\system32\DllCache\ntkrnlpa.exe
2009-02-13 08:06 . 2008-08-14 14:39 2,022,912 --------- c:\windows\system32\DllCache\ntkrpamp.exe
2009-02-13 08:06 . 2008-09-15 16:14 1,847,040 --------- c:\windows\system32\DllCache\win32k.sys
2009-02-13 08:05 . 2008-05-08 13:14 203,008 --------- c:\windows\system32\DllCache\rmcast.sys
2009-02-13 08:04 . 2008-04-11 19:40 683,520 --------- c:\windows\system32\DllCache\inetcomm.dll
2009-02-13 07:59 . 2009-02-13 07:59 0 --a------ c:\windows\system32\11.tmp
2009-02-12 19:18 . 2009-02-12 19:18 182,912 --a------ c:\windows\system32\DllCache\ndis.sys
2009-02-12 08:23 . 2009-02-13 07:54 137,920 --a------ c:\windows\system32\drivers\ethoqjlm.sys
2009-02-11 19:02 . 2009-02-11 19:02 <REP> d-------- c:\documents and settings\All Users\Application Data\Messenger Plus!
2009-02-10 19:18 . 2009-02-10 19:18 <REP> d-------- c:\program files\Messenger Plus! Live
2009-02-10 19:08 . 2009-02-10 19:08 66,560 ---h----- c:\windows\system32\secupdat.dat
2009-02-10 19:06 . 2009-02-10 19:06 <REP> d-------- c:\documents and settings\Profit\Application Data\Babylon
2009-02-10 19:06 . 2009-02-10 19:06 <REP> d-------- c:\documents and settings\All Users\Application Data\Babylon
2009-02-10 18:47 . 2009-02-10 18:47 <REP> d-------- c:\program files\WinAVI FLV Converter
2009-02-10 18:47 . 2009-02-10 18:47 <REP> d-------- c:\documents and settings\Profit\Application Data\WinAVI
2009-02-01 19:44 . 2009-02-01 20:12 <REP> d-------- c:\documents and settings\Emilie\2009_02_01
2009-02-01 19:44 . 2009-02-01 19:44 <REP> d-------- c:\documents and settings\Emilie
2009-01-25 16:37 . 2008-06-27 14:58 14,336 --a------ c:\windows\system32\drivers\nnrnstdi.sys
2009-01-25 16:37 . 2008-06-27 14:59 8,832 --a------ c:\windows\system32\drivers\km_filter.sys
2009-01-25 16:33 . 2009-01-25 16:33 <REP> d-------- c:\program files\NetRatingsNetSight
2009-01-25 16:33 . 2007-11-30 12:40 69,632 --a------ c:\windows\nswatchdog.exe
2009-01-24 21:39 . 2009-01-24 21:41 <REP> d-------- c:\program files\Free FLV Converter
2009-01-24 21:39 . 2008-06-04 17:42 364,544 --a------ c:\windows\system32\PropertyGrid.ocx
2009-01-24 21:39 . 2009-01-15 17:36 294,912 --a------ c:\windows\system32\TubeFinder.exe
2009-01-24 21:39 . 2008-06-04 17:42 208,500 --a------ c:\windows\system32\ReyXpBasics.tlb
2009-01-24 21:39 . 2008-06-04 17:42 141,312 --a------ c:\windows\system32\MSCMCFR.DLL
2009-01-24 21:39 . 2008-06-04 17:42 101,888 --a------ c:\windows\system32\VB6STKIT.DLL
2009-01-24 21:39 . 2008-06-04 17:42 84,512 --a------ c:\windows\system32\PICCLP32.OCX
2009-01-24 21:39 . 2008-06-04 17:42 32,768 --a------ c:\windows\system32\CMDLGFR.DLL
2009-01-24 21:39 . 2008-06-04 17:42 24,576 --a------ c:\windows\system32\ControlSubX.ocx
2009-01-24 21:39 . 2008-06-04 17:42 9,728 --a------ c:\windows\system32\PCCLPFR.DLL
2009-01-20 11:35 . 2009-02-01 08:34 <REP> d-a------ c:\documents and settings\All Users\Application Data\TEMP
2009-01-19 14:10 . 2009-02-14 19:17 <REP> d-------- c:\program files\Tweak-XP Pro 4
2009-01-19 14:10 . 2009-01-19 14:37 757,760 --a------ c:\windows\iun6002.exe
2009-01-19 12:24 . 2009-01-19 12:26 <REP> d-------- c:\documents and settings\Profit\Application Data\Download Manager
2009-01-19 11:29 . 2009-01-19 11:30 <REP> d-------- c:\documents and settings\Profit\Application Data\Nikon
2009-01-19 11:27 . 2009-01-19 11:27 <REP> d-------- c:\documents and settings\All Users\Application Data\Ultima_T15
2009-01-19 11:27 . 2009-01-19 11:27 <REP> d-------- c:\documents and settings\All Users\Application Data\EnterNHelp
2009-01-19 11:27 . 2009-01-19 11:29 20 ---h----- c:\documents and settings\All Users\Application Data\PKP_DLdx.DAT
2009-01-19 11:04 . 2000-05-02 03:17 212,480 --a------ c:\windows\system32\PCDLIB32.DLL
2009-01-19 11:04 . 2002-09-11 10:50 19,968 --a------ c:\windows\system32\LFPCD12N.DLL
2009-01-17 19:17 . 2009-01-17 19:17 <REP> d-------- c:\program files\Investintech.com Inc
2009-01-17 19:15 . 2009-01-17 19:15 <REP> d-------- c:\program files\BlueSquad
.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-02-15 17:24 2,153 ----a-w c:\documents and settings\Profit\Application Data\SAS7_000.DAT
2009-02-15 17:21 --------- d-----w c:\documents and settings\All Users\Application Data\Microsoft Help
2009-02-14 17:58 --------- d-----w c:\program files\Winamp
2009-02-14 17:19 --------- d-----w c:\program files\eMule
2009-02-14 16:21 --------- d-----w c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy
2009-02-13 17:11 --------- d-----w c:\program files\CCleaner
2009-02-12 18:18 182,912 ----a-w c:\windows\system32\drivers\ndis.sys
2009-01-26 18:12 --------- d-----w c:\program files\BitComet
2009-01-20 10:05 --------- d-----w c:\program files\Fichiers communs\Adobe
2009-01-19 10:30 --------- d-----w c:\program files\Fichiers communs\Nikon
2009-01-19 10:27 --------- d-----w c:\program files\Nikon
2009-01-12 15:50 --------- d-----w c:\documents and settings\Profit\Application Data\DivX
2009-01-12 15:38 --------- d-----w c:\documents and settings\All Users\Application Data\Pinnacle Studio Ultimate
2009-01-12 15:34 --------- d-----w c:\program files\Pinnacle
2009-01-12 15:34 --------- d-----w c:\program files\Fichiers communs\Yahoo!
2009-01-12 15:34 --------- d-----w c:\documents and settings\All Users\Application Data\Studio 12
2009-01-12 15:34 --------- d-----w c:\documents and settings\All Users\Application Data\Pinnacle Studio Plus
2009-01-12 15:34 --------- d-----w c:\documents and settings\All Users\Application Data\Pinnacle
2009-01-12 07:56 --------- d-----w c:\program files\FileZilla Server
2008-12-22 13:40 --------- d-----w c:\program files\Java
2008-12-20 22:26 --------- d-----w c:\documents and settings\Profit\Application Data\Canon
2008-11-28 23:21 91,744 ----a-w c:\windows\BPMNT.dll
2008-11-28 23:21 71,749 ----a-w c:\windows\hcextoutput.dll
2008-11-28 23:21 69,689 ----a-w c:\windows\UNZIP.DLL
2008-11-28 23:21 507,904 ----a-w c:\windows\TMUPDATE.DLL
2008-11-28 23:21 363,077 ----a-w c:\windows\tsc.exe
2008-11-28 23:21 1,213,784 ----a-w c:\windows\vsapi32.dll
2004-09-28 02:00 26,240 ----a-w c:\windows\inf\RAMDSK.SYS
2008-08-22 13:37 163,840 ----a-w c:\program files\mozilla firefox\components\nsgkff30_meter2.dll
.
------- Sigcheck -------
2004-08-19 21:10 31232 eeb9712f9f2ec7400ea25887ad1c5a60 c:\windows\system32\svchost.exe
2007-07-18 20:14 506368 fa7c7c2b461130a792adf6a28f1d652b c:\windows\system32\winlogon.exe
2009-02-12 19:18 213376 558635d3af1c7546d26067d5d9b6959e c:\windows\system32\DllCache\ndis.sys
2009-02-12 19:18 213376 558635d3af1c7546d26067d5d9b6959e c:\windows\system32\drivers\ndis.sys
2007-08-06 10:51 3273728 04b4fd8759b4869accd0571aaa7410e7 c:\windows\explorer.exe
2004-08-19 21:09 32256 f6300e970075a8cc2dfd43ebe4822c7d c:\windows\system32\ctfmon.exe
2007-07-16 15:27 74752 3e5ded08d0e216affbf12789429e4d2e c:\windows\system32\spoolsv.exe
2004-08-19 21:10 41984 e2b261582c57257339ab54a0c2b9d584 c:\windows\system32\userinit.exe
.
((((((((((((((((((((((((((((( snapshot_2009-01-12_17.48.39,89 )))))))))))))))))))))))))))))))))))))))))
.
- 2007-01-29 09:25:04 60,416 ----a-w c:\windows\$hf_mig$\KB931836\SP2QFE\tzchange.exe
+ 2007-01-29 09:25:04 77,312 ----a-w c:\windows\$hf_mig$\KB931836\SP2QFE\tzchange.exe
- 2004-08-07 04:30:24 172,032 -c----w c:\windows\$NtUninstallKB885295$\spuninst\spuninst.exe
+ 2004-08-07 04:30:24 189,440 -c----w c:\windows\$NtUninstallKB885295$\spuninst\spuninst.exe
- 2008-06-19 15:20:52 57,344 ----a-w c:\windows\Alcmtr.exe
+ 2008-06-19 15:20:52 77,824 ----a-w c:\windows\Alcmtr.exe
- 2008-06-19 15:42:44 2,808,832 ----a-w c:\windows\alcwzrd.exe
+ 2008-06-19 15:42:44 2,828,288 ----a-w c:\windows\alcwzrd.exe
- 2008-11-25 19:01:36 345,157 ----a-w c:\windows\AU_Temp\1\27\tsc.exe
+ 2008-11-25 19:01:36 363,077 ----a-w c:\windows\AU_Temp\1\27\tsc.exe
- 2002-07-25 15:13:12 196,608 ----a-w c:\windows\Downloaded Program Files\dwusplay.exe
+ 2002-07-25 15:13:12 217,088 ----a-w c:\windows\Downloaded Program Files\dwusplay.exe
+ 2008-06-14 17:59:52 272,768 ------w c:\windows\Driver Cache\i386\bthport.sys
+ 2008-10-24 11:25:29 455,936 ------w c:\windows\Driver Cache\i386\mrxsmb.sys
+ 2008-08-14 13:39:07 2,144,768 ------w c:\windows\Driver Cache\i386\ntkrnlmp.exe
+ 2008-08-14 13:39:12 2,065,024 ------w c:\windows\Driver Cache\i386\ntkrnlpa.exe
+ 2008-08-14 13:39:03 2,022,912 ------w c:\windows\Driver Cache\i386\ntkrpamp.exe
+ 2008-08-14 13:39:11 2,188,032 ------w c:\windows\Driver Cache\i386\ntoskrnl.exe
- 2005-10-20 19:02:28 163,328 ----a-w c:\windows\ERDNT\Hiv-backup\ERDNT.EXE
+ 2005-10-20 19:02:28 183,808 ----a-w c:\windows\ERDNT\Hiv-backup\ERDNT.EXE
+ 2008-08-07 14:27:04 184,320 ----a-w c:\windows\ERUNT\SDFIX\ERDNT.EXE
+ 2009-02-15 08:06:54 7,053,312 ----a-w c:\windows\ERUNT\SDFIX\Users\[u]0[/u]0000001\NTUSER.DAT
+ 2009-02-15 08:06:54 172,032 ----a-w c:\windows\ERUNT\SDFIX\Users\[u]0[/u]0000002\UsrClass.dat
+ 2008-08-07 14:27:04 183,808 ----a-w c:\windows\ERUNT\SDFIX_First_Run\ERDNT.EXE
+ 2009-02-15 07:58:52 7,053,312 ----a-w c:\windows\ERUNT\SDFIX_First_Run\Users\[u]0[/u]0000001\NTUSER.DAT
+ 2009-02-15 07:58:53 172,032 ----a-w c:\windows\ERUNT\SDFIX_First_Run\Users\[u]0[/u]0000002\UsrClass.dat
- 2000-08-31 07:00:00 89,504 ----a-w c:\windows\fdsv.exe
+ 2000-08-31 07:00:00 109,984 ----a-w c:\windows\fdsv.exe
- 2000-08-31 07:00:00 80,412 ----a-w c:\windows\grep.exe
+ 2000-08-31 07:00:00 97,820 ----a-w c:\windows\grep.exe
- 2007-07-16 14:25:34 10,752 ----a-w c:\windows\hh.exe
+ 2007-07-16 14:25:34 27,648 ----a-w c:\windows\hh.exe
- 2008-10-27 10:20:35 319,488 ----a-w c:\windows\HideWin.exe
+ 2008-10-27 10:20:35 339,968 ----a-w c:\windows\HideWin.exe
- 2004-08-19 20:09:56 34,304 -c----w c:\windows\ie7\ie4uinit.exe
+ 2004-08-19 20:09:56 51,200 -c----w c:\windows\ie7\ie4uinit.exe
- 2007-04-18 12:22:13 18,432 -c----w c:\windows\ie7\iedw.exe
+ 2007-04-18 12:22:13 35,328 -c----w c:\windows\ie7\iedw.exe
- 2004-08-19 20:09:56 93,184 -c----w c:\windows\ie7\iexplore.exe
+ 2004-08-19 20:09:56 110,080 -c----w c:\windows\ie7\iexplore.exe
- 2004-08-19 20:10:00 29,184 -c----w c:\windows\ie7\mshta.exe
+ 2004-08-19 20:10:00 46,080 -c----w c:\windows\ie7\mshta.exe
- 2006-10-27 17:18:30 66,048 -c--a-w c:\windows\ie7\spuninst\ieResetIcons.exe
+ 2006-10-27 17:18:30 82,944 -c--a-w c:\windows\ie7\spuninst\ieResetIcons.exe
+ 2005-10-12 23:15:24 216,800 -c----w c:\windows\ie7updates\KB938127-IE7\spuninst\spuninst.exe
+ 2005-10-12 23:15:43 394,976 -c----w c:\windows\ie7updates\KB938127-IE7\spuninst\updspapi.dll
+ 2006-10-27 13:09:58 765,952 -c----w c:\windows\ie7updates\KB938127-IE7\vgx.dll
+ 2007-03-06 01:34:38 216,800 -c----w c:\windows\ie7updates\KB938127-v2-IE7\spuninst\spuninst.exe
+ 2007-03-06 01:35:47 394,976 -c----w c:\windows\ie7updates\KB938127-v2-IE7\spuninst\updspapi.dll
+ 2007-07-12 23:30:52 765,952 -c----w c:\windows\ie7updates\KB938127-v2-IE7\vgx.dll
- 2004-08-04 02:31:40 57,399 ----a-w c:\windows\ime\IMJP8_1\cplexe.exe
+ 2004-08-04 02:31:40 77,879 ----a-w c:\windows\ime\IMJP8_1\cplexe.exe
- 2001-08-28 18:00:00 57,398 ----a-w c:\windows\ime\IMJP8_1\imjpdadm.exe
+ 2001-08-28 18:00:00 77,878 ----a-w c:\windows\ime\IMJP8_1\imjpdadm.exe
- 2004-08-04 02:31:54 307,257 ----a-w c:\windows\ime\IMJP8_1\imjpdct.exe
+ 2004-08-04 02:31:54 327,737 ----a-w c:\windows\ime\IMJP8_1\imjpdct.exe
- 2004-08-04 02:31:56 155,705 ----a-w c:\windows\ime\IMJP8_1\imjpdsvr.exe
+ 2004-08-04 02:31:56 176,185 ----a-w c:\windows\ime\IMJP8_1\imjpdsvr.exe
- 2004-08-04 02:31:58 196,665 ----a-w c:\windows\ime\IMJP8_1\imjpinst.exe
+ 2004-08-04 02:31:58 225,669 ----a-w c:\windows\ime\IMJP8_1\imjpinst.exe
- 2004-08-04 02:32:00 208,952 ----a-w c:\windows\ime\IMJP8_1\imjpmig.exe
+ 2004-08-04 02:32:00 229,432 ----a-w c:\windows\ime\IMJP8_1\imjpmig.exe
- 2004-08-04 02:32:12 233,527 ----a-w c:\windows\ime\IMJP8_1\imjprw.exe
+ 2004-08-04 02:32:12 254,007 ----a-w c:\windows\ime\IMJP8_1\imjprw.exe
- 2001-08-28 18:00:00 45,109 ----a-w c:\windows\ime\IMJP8_1\imjpuex.exe
+ 2001-08-28 18:00:00 65,589 ----a-w c:\windows\ime\IMJP8_1\imjpuex.exe
- 2004-08-04 02:32:16 262,200 ----a-w c:\windows\ime\IMJP8_1\imjputy.exe
+ 2004-08-04 02:32:16 282,680 ----a-w c:\windows\ime\IMJP8_1\imjputy.exe
- 2001-08-28 18:00:00 44,032 ----a-w c:\windows\ime\IMKR6_1\imekrmig.exe
+ 2001-08-28 18:00:00 61,440 ----a-w c:\windows\ime\IMKR6_1\imekrmig.exe
- 2001-08-28 18:00:00 59,904 ----a-w c:\windows\ime\IMKR6_1\imkrinst.exe
+ 2001-08-28 18:00:00 76,800 ----a-w c:\windows\ime\IMKR6_1\imkrinst.exe
- 2001-08-28 18:00:00 311,359 ----a-w c:\windows\ime\SHARED\imepadsv.exe
+ 2001-08-28 18:00:00 331,839 ----a-w c:\windows\ime\SHARED\imepadsv.exe
- 2004-08-19 20:10:04 208,896 ----a-w c:\windows\inf\unregmp2.exe
+ 2004-08-19 20:10:04 229,376 ----a-w c:\windows\inf\unregmp2.exe
+ 2006-10-26 17:49:48 1,011,488 ----a-r c:\windows\Installer\$PatchCache$\Managed\[u]0[/u]00021090100C0400000000000F01FEC\12.0.4518\MSDAIPP.DLL
+ 2006-10-26 17:49:46 970,528 ----a-r c:\windows\Installer\$PatchCache$\Managed\[u]0[/u]00021090100C0400000000000F01FEC\12.0.4518\MSONSEXT.DLL
+ 2006-10-27 13:00:10 576,376 ----a-r c:\windows\Installer\$PatchCache$\Managed\[u]0[/u]0002109110000000000000000F01FEC\12.0.4518\ACACEDAO.DLL
+ 2006-10-26 19:18:12 162,616 ----a-r c:\windows\Installer\$PatchCache$\Managed\[u]0[/u]0002109110000000000000000F01FEC\12.0.4518\ACCWIZ.DLL
+ 2006-10-27 13:00:12 1,751,904 ----a-r c:\windows\Installer\$PatchCache$\Managed\[u]0[/u]0002109110000000000000000F01FEC\12.0.4518\ACECORE.DLL
+ 2006-10-27 13:00:10 576,376 ----a-r c:\windows\Installer\$PatchCache$\Managed\[u]0[/u]0002109110000000000000000F01FEC\12.0.4518\ACEDAO.DLL
+ 2006-10-27 13:00:06 47,976 ----a-r c:\windows\Installer\$PatchCache$\Managed\[u]0[/u]0002109110000000000000000F01FEC\12.0.4518\ACEERR.DLL
+ 2006-10-27 13:00:08 191,360 ----a-r c:\windows\Installer\$PatchCache$\Managed\[u]0[/u]0002109110000000000000000F01FEC\12.0.4518\ACEES.DLL
+ 2006-10-26 18:13:34 338,800 ----a-r c:\windows\Installer\$PatchCache$\Managed\[u]0[/u]0002109110000000000000000F01FEC\12.0.4518\ACEEXCH.DLL
+ 2006-10-26 18:13:44 629,616 ----a-r c:\windows\Installer\$PatchCache$\Managed\[u]0[/u]0002109110000000000000000F01FEC\12.0.4518\ACEEXCL.DLL
+ 2006-10-26 18:13:28 207,736 ----a-r c:\windows\Installer\$PatchCache$\Managed\[u]0[/u]0002109110000000000000000F01FEC\12.0.4518\ACELTS.DLL
+ 2006-10-26 18:13:32 279,352 ----a-r c:\windows\Installer\$PatchCache$\Managed\[u]0[/u]0002109110000000000000000F01FEC\12.0.4518\ACEODBC.DLL
+ 2006-10-26 18:13:08 15,160 ----a-r c:\windows\Installer\$PatchCache$\Managed\[u]0[/u]0002109110000000000000000F01FEC\12.0.4518\ACEODDBS.DLL
+ 2006-10-26 18:13:08 15,160 ----a-r c:\windows\Installer\$PatchCache$\Managed\[u]0[/u]0002109110000000000000000F01FEC\12.0.4518\ACEODEXL.DLL
+ 2006-10-26 18:13:08 15,160 ----a-r c:\windows\Installer\$PatchCache$\Managed\[u]0[/u]0002109110000000000000000F01FEC\12.0.4518\ACEODPDX.DLL
+ 2006-10-26 18:13:12 15,160 ----a-r c:\windows\Installer\$PatchCache$\Managed\[u]0[/u]0002109110000000000000000F01FEC\12.0.4518\ACEODTXT.DLL
+ 2006-10-27 13:00:06 387,960 ----a-r c:\windows\Installer\$PatchCache$\Managed\[u]0[/u]0002109110000000000000000F01FEC\12.0.4518\ACEOLEDB.DLL
+ 2006-10-26 18:13:38 392,048 ----a-r c:\windows\Installer\$PatchCache$\Managed\[u]0[/u]0002109110000000000000000F01FEC\12.0.4518\ACEPDE.DLL
+ 2006-10-26 18:13:30 260,976 ----a-r c:\windows\Installer\$PatchCache$\Managed\[u]0[/u]0002109110000000000000000F01FEC\12.0.4518\ACER2X.DLL
+ 2006-10-26 18:13:32 289,648 ----a-r c:\windows\Installer\$PatchCache$\Managed\[u]0[/u]0002109110000000000000000F01FEC\12.0.4518\ACER3X.DLL
+ 2006-10-26 18:13:20 56,120 ----a-r c:\windows\Installer\$PatchCache$\Managed\[u]0[/u]0002109110000000000000000F01FEC\12.0.4518\ACERCLR.DLL
+ 2006-10-26 18:13:38 551,800 ----a-r c:\windows\Installer\$PatchCache$\Managed\[u]0[/u]0002109110000000000000000F01FEC\12.0.4518\ACEREP.DLL
+ 2006-10-26 18:13:30 224,104 ----a-r c:\windows\Installer\$PatchCache$\Managed\[u]0[/u]0002109110000000000000000F01FEC\12.0.4518\ACETXT.DLL
+ 2006-10-27 13:40:34 208,760 ----a-r c:\windows\Installer\$PatchCache$\Managed\[u]0[/u]0002109110000000000000000F01FEC\12.0.4518\ACEWSS.DLL
+ 2006-10-26 18:13:34 371,568 ----a-r c:\windows\Installer\$PatchCache$\Managed\[u]0[/u]0002109110000000000000000F01FEC\12.0.4518\ACEXBE.DLL
+ 2006-10-27 13:41:04 399,640 ----a-r c:\windows\Installer\$PatchCache$\Managed\[u]0[/u]0002109110000000000000000F01FEC\12.0.4518\CDLMSO.DLL
+ 2006-10-26 17:59:24 205,616 ----a-r c:\windows\Installer\$PatchCache$\Managed\[u]0[/u]0002109110000000000000000F01FEC\12.0.4518\CLVIEW.EXE
+ 2006-10-26 19:30:42 65,312 ----a-r c:\windows\Installer\$PatchCache$\Managed\[u]0[/u]0002109110000000000000000F01FEC\12.0.4518\COLLIMP.DLL
+ 2006-10-27 13:16:36 133,936 ----a-r c:\windows\Installer\$PatchCache$\Managed\[u]0[/u]0002109110000000000000000F01FEC\12.0.4518\CONTAB32.DLL
+ 2006-10-26 18:12:52 189,760 ----a-r c:\windows\Installer\$PatchCache$\Managed\[u]0[/u]0002109110000000000000000F01FEC\12.0.4518\CONTACTPICKER.DLL
+ 2006-10-26 18:55:32 87,344 ----a-r c:\windows\Installer\$PatchCache$\Managed\[u]0[/u]0002109110000000000000000F01FEC\12.0.4518\DLGSETP.DLL
+ 2006-10-26 17:48:14 439,568 ----a-r c:\windows\Installer\$PatchCache$\Managed\[u]0[/u]0002109110000000000000000F01FEC\12.0.4518\DWDCW20.DLL
+ 2006-10-26 17:48:14 434,528 ----a-r c:\windows\Installer\$PatchCache$\Managed\[u]0[/u]0002109110000000000000000F01FEC\12.0.4518\DWTRIG20.EXE
+ 2006-10-27 13:07:36 17,891,112 ----a-r c:\windows\Installer\$PatchCache$\Managed\[u]0[/u]0002109110000000000000000F01FEC\12.0.4518\EXCEL.EXE
+ 2006-10-26 12:10:08 1,190,688 ----a-r c:\windows\Installer\$PatchCache$\Managed\[u]0[/u]0002109110000000000000000F01FEC\12.0.4518\FM20.DLL
+ 2006-10-26 17:21:24 1,682,232 ----a-r c:\windows\Installer\$PatchCache$\Managed\[u]0[/u]0002109110000000000000000F01FEC\12.0.4518\FPSRVUTL.DLL
+ 2006-10-27 13:09:36 983,376 ----a-r c:\windows\Installer\$PatchCache$\Managed\[u]0[/u]0002109110000000000000000F01FEC\12.0.4518\FPWEC.DLL
+ 2006-10-26 18:02:12 2,526,520 ----a-r c:\windows\Installer\$PatchCache$\Managed\[u]0[/u]0002109110000000000000000F01FEC\12.0.4518\GRAPH.EXE
+ 2006-10-26 18:12:52 173,328 ----a-r c:\windows\Installer\$PatchCache$\Managed\[u]0[/u]0002109110000000000000000F01FEC\12.0.4518\IEAWSDC.DLL
+ 2006-10-26 18:55:38 138,024 ----a-r c:\windows\Installer\$PatchCache$\Managed\[u]0[/u]0002109110000000000000000F01FEC\12.0.4518\IMPMAIL.DLL
+ 2006-10-27 13:10:08 1,439,032 ----a-r c:\windows\Installer\$PatchCache$\Managed\[u]0[/u]0002109110000000000000000F01FEC\12.0.4518\INFOPATH.EXE
+ 2006-10-27 13:10:10 5,456,704 ----a-r c:\windows\Installer\$PatchCache$\Managed\[u]0[/u]0002109110000000000000000F01FEC\12.0.4518\IPDESIGN.DLL
+ 2006-10-27 13:10:10 5,281,592 ----a-r c:\windows\Installer\$PatchCache$\Managed\[u]0[/u]0002109110000000000000000F01FEC\12.0.4518\IPEDITOR.DLL
+ 2006-10-26 19:42:00 176,976 ----a-r c:\windows\Installer\$PatchCache$\Managed\[u]0[/u]0002109110000000000000000F01FEC\12.0.4518\IPOLK.DLL
+ 2006-10-26 17:55:10 828,704 ----a-r c:\windows\Installer\$PatchCache$\Managed\[u]0[/u]0002109110000000000000000F01FEC\12.0.4518\MEDCAT.DLL
+ 2006-10-26 18:55:48 340,248 ----a-r c:\windows\Installer\$PatchCache$\Managed\[u]0[/u]0002109110000000000000000F01FEC\12.0.4518\MIMEDIR.DLL
+ 2006-10-27 13:04:08 497,504 ----a-r c:\windows\Installer\$PatchCache$\Managed\[u]0[/u]0002109110000000000000000F01FEC\12.0.4518\MORPH9.DLL
+ 2006-10-27 13:01:34 10,371,880 ----a-r c:\windows\Installer\$PatchCache$\Managed\[u]0[/u]0002109110000000000000000F01FEC\12.0.4518\MSACCESS.EXE
+ 2006-10-26 19:18:06 66,880 ----a-r c:\windows\Installer\$PatchCache$\Managed\[u]0[/u]0002109110000000000000000F01FEC\12.0.4518\MSAEXP30.DLL
+ 2006-10-26 11:58:14 117,552 ----a-r c:\windows\Installer\$PatchCache$\Managed\[u]0[/u]0002109110000000000000000F01FEC\12.0.4518\MSCONV97.DLL
+ 2006-10-27 13:26:40 16,870,712 ----a-r c:\windows\Installer\$PatchCache$\Managed\[u]0[/u]0002109110000000000000000F01FEC\12.0.4518\MSO.DLL
+ 2006-10-27 12:59:06 161,080 ----a-r c:\windows\Installer\$PatchCache$\Managed\[u]0[/u]0002109110000000000000000F01FEC\12.0.4518\MSOCF.DLL
+ 2006-10-26 17:48:12 14,664 ----a-r c:\windows\Installer\$PatchCache$\Managed\[u]0[/u]0002109110000000000000000F01FEC\12.0.4518\MSOCFU.DLL
+ 2006-10-26 18:12:58 428,816 ----a-r c:\windows\Installer\$PatchCache$\Managed\[u]0[/u]0002109110000000000000000F01FEC\12.0.4518\MSODCW.DLL
+ 2006-10-26 19:13:36 26,936 ----a-r c:\windows\Installer\$PatchCache$\Managed\[u]0[/u]0002109110000000000000000F01FEC\12.0.4518\MSOEURO.DLL
+ 2006-10-26 18:00:08 6,635,320 ----a-r c:\windows\Installer\$PatchCache$\Managed\[u]0[/u]0002109110000000000000000F01FEC\12.0.4518\MSORES.DLL
+ 2006-10-26 11:56:36 436,520 ----a-r c:\windows\Installer\$PatchCache$\Managed\[u]0[/u]0002109110000000000000000F01FEC\12.0.4518\MSORUN.DLL
+ 2006-10-27 13:04:10 9,581,360 ----a-r c:\windows\Installer\$PatchCache$\Managed\[u]0[/u]0002109110000000000000000F01FEC\12.0.4518\MSPUB.EXE
+ 2006-10-26 17:50:04 672,024 ----a-r c:\windows\Installer\$PatchCache$\Managed\[u]0[/u]0002109110000000000000000F01FEC\12.0.4518\MSQRY32.EXE
+ 2006-10-26 11:56:40 505,136 ----a-r c:\windows\Installer\$PatchCache$\Managed\[u]0[/u]0002109110000000000000000F01FEC\12.0.4518\MSSOAP30.DLL
+ 2006-10-26 17:55:12 832,800 ----a-r c:\windows\Installer\$PatchCache$\Managed\[u]0[/u]0002109110000000000000000F01FEC\12.0.4518\MSTORDB.EXE
+ 2006-10-26 17:55:06 538,904 ----a-r c:\windows\Installer\$PatchCache$\Managed\[u]0[/u]0002109110000000000000000F01FEC\12.0.4518\MSTORES.DLL
+ 2006-10-26 18:12:30 65,824 ----a-r c:\windows\Installer\$PatchCache$\Managed\[u]0[/u]0002109110000000000000000F01FEC\12.0.4518\NAME.DLL
+ 2006-10-27 13:14:34 14,151,456 ----a-r c:\windows\Installer\$PatchCache$\Managed\[u]0[/u]0002109110000000000000000F01FEC\12.0.4518\OART.DLL
+ 2006-10-26 18:42:36 8,423,224 ----a-r c:\windows\Installer\$PatchCache$\Managed\[u]0[/u]0002109110000000000000000F01FEC\12.0.4518\OARTCONV.DLL
+ 2006-10-26 18:06:54 232,816 ----a-r c:\windows\Installer\$PatchCache$\Managed\[u]0[/u]0002109110000000000000000F01FEC\12.0.4518\ODEPLOY.EXE
+ 2006-10-26 18:14:06 7,033,152 ----a-r c:\windows\Installer\$PatchCache$\Managed\[u]0[/u]0002109110000000000000000F01FEC\12.0.4518\OFFOWC.DLL
+ 2006-10-27 13:18:36 1,658,152 ----a-r c:\windows\Installer\$PatchCache$\Managed\[u]0[/u]0002109110000000000000000F01FEC\12.0.4518\OGL.DLL
+ 2006-10-26 18:00:08 274,744 ----a-r c:\windows\Installer\$PatchCache$\Managed\[u]0[/u]0002109110000000000000000F01FEC\12.0.4518\OIS.EXE
+ 2006-10-26 18:00:12 998,208 ----a-r c:\windows\Installer\$PatchCache$\Managed\[u]0[/u]0002109110000000000000000F01FEC\12.0.4518\OISAPP.DLL
+ 2006-10-26 18:00:10 285,008 ----a-r c:\windows\Installer\$PatchCache$\Managed\[u]0[/u]0002109110000000000000000F01FEC\12.0.4518\OISGRAPH.DLL
+ 2006-10-27 13:16:46 2,939,704 ----a-r c:\windows\Installer\$PatchCache$\Managed\[u]0[/u]0002109110000000000000000F01FEC\12.0.4518\OLMAPI32.DLL
+ 2006-10-26 18:34:12 660,792 ----a-r c:\windows\Installer\$PatchCache$\Managed\[u]0[/u]0002109110000000000000000F01FEC\12.0.4518\OMSMAIN.DLL
+ 2006-10-26 18:34:10 192,848 ----a-r c:\windows\Installer\$PatchCache$\Managed\[u]0[/u]0002109110000000000000000F01FEC\12.0.4518\OMSXP32.DLL
+ 2006-10-26 18:07:04 6,536,992 ----a-r c:\windows\Installer\$PatchCache$\Managed\[u]0[/u]0002109110000000000000000F01FEC\12.0.4518\OSETUP.DLL
+ 2006-09-15 14:25:18 3,611,416 ----a-r c:\windows\Installer\$PatchCache$\Managed\[u]0[/u]0002109110000000000000000F01FEC\12.0.4518\OUTLFLTR.DAT
+ 2006-07-26 16:53:56 459,080 ----a-r c:\windows\Installer\$PatchCache$\Managed\[u]0[/u]0002109110000000000000000F01FEC\12.0.4518\OUTLFLTR.DLL
+ 2006-10-27 13:16:44 594,256 ----a-r c:\windows\Installer\$PatchCache$\Managed\[u]0[/u]0002109110000000000000000F01FEC\12.0.4518\OUTLMIME.DLL
+ 2006-10-27 13:16:48 12,813,096 ----a-r c:\windows\Installer\$PatchCache$\Managed\[u]0[/u]0002109110000000000000000F01FEC\12.0.4518\OUTLOOK.EXE
+ 2006-10-27 13:16:40 176,976 ----a-r c:\windows\Installer\$PatchCache$\Managed\[u]0[/u]0002109110000000000000000F01FEC\12.0.4518\OUTLPH.DLL
+ 2006-10-27 13:16:36 46,864 ----a-r c:\windows\Installer\$PatchCache$\Managed\[u]0[/u]0002109110000000000000000F01FEC\12.0.4518\OUTLRPC.DLL
+ 2006-10-26 19:30:44 482,088 ----a-r c:\windows\Installer\$PatchCache$\Managed\[u]0[/u]0002109110000000000000000F01FEC\12.0.4518\PORTCONN.DLL
+ 2006-10-27 13:04:06 465,200 ----a-r c:\windows\Installer\$PatchCache$\Managed\[u]0[/u]0002109110000000000000000F01FEC\12.0.4518\POWERPNT.EXE
+ 2006-10-27 13:04:06 7,980,848 ----a-r c:\windows\Installer\$PatchCache$\Managed\[u]0[/u]0002109110000000000000000F01FEC\12.0.4518\PPCORE.DLL
+ 2006-10-26 17:52:10 2,012,480 ----a-r c:\windows\Installer\$PatchCache$\Managed\[u]0[/u]0002109110000000000000000F01FEC\12.0.4518\PPTVIEW.EXE
+ 2006-10-26 18:09:36 136,008 ----a-r c:\windows\Installer\$PatchCache$\Managed\[u]0[/u]0002109110000000000000000F01FEC\12.0.4518\PRTF9.DLL
+ 2006-10-26 18:55:54 413,472 ----a-r c:\windows\Installer\$PatchCache$\Managed\[u]0[/u]0002109110000000000000000F01FEC\12.0.4518\PSTPRX32.DLL
+ 2006-10-27 13:04:06 624,456 ----a-r c:\windows\Installer\$PatchCache$\Managed\[u]0[/u]0002109110000000000000000F01FEC\12.0.4518\PTXT9.DLL
+ 2006-10-26 18:09:44 590,144 ----a-r c:\windows\Installer\$PatchCache$\Managed\[u]0[/u]0002109110000000000000000F01FEC\12.0.4518\PUBCONV.DLL
+ 2006-10-26 19:13:38 38,168 ----a-r c:\windows\Installer\$PatchCache$\Managed\[u]0[/u]0002109110000000000000000F01FEC\12.0.4518\REFEDIT.DLL
+ 2006-10-26 19:42:12 744,808 ----a-r c:\windows\Installer\$PatchCache$\Managed\[u]0[/u]0002109110000000000000000F01FEC\12.0.4518\REGFORM.EXE
+ 2006-10-26 18:55:44 263,520 ----a-r c:\windows\Installer\$PatchCache$\Managed\[u]0[/u]0002109110000000000000000F01FEC\12.0.4518\SCNPST32.DLL
+ 2006-10-26 18:55:44 272,744 ----a-r c:\windows\Installer\$PatchCache$\Managed\[u]0[/u]0002109110000000000000000F01FEC\12.0.4518\SCNPST64.DLL
+ 2006-10-26 18:13:00 503,624 ----a-r c:\windows\Installer\$PatchCache$\Managed\[u]0[/u]0002109110000000000000000F01FEC\12.0.4518\SELFCERT.EXE
+ 2006-10-26 18:06:58 439,600 ----a-r c:\windows\Installer\$PatchCache$\Managed\[u]0[/u]0002109110000000000000000F01FEC\12.0.4518\SETUP.EXE
+ 2006-10-26 19:18:16 502,608 ----a-r c:\windows\Installer\$PatchCache$\Managed\[u]0[/u]0002109110000000000000000F01FEC\12.0.4518\SOA.DLL
+ 2006-07-28 13:21:58 277,320 ----a-r c:\windows\Installer\$PatchCache$\Managed\[u]0[/u]0002109110000000000000000F01FEC\12.0.4518\SSGEN.DLL
+ 2006-10-27 12:57:08 2,330,968 ----a-r c:\windows\Installer\$PatchCache$\Managed\[u]0[/u]0002109110000000000000000F01FEC\12.0.4518\STSLIST.DLL
+ 2006-09-29 22:42:56 2,583,344 ----a-r c:\windows\Installer\$PatchCache$\Managed\[u]0[/u]0002109110000000000000000F01FEC\12.0.4518\VBE6.DLL
+ 2006-10-26 21:00:12 1,841,984 ----a-r c:\windows\Installer\$PatchCache$\Managed\[u]0[/u]0002109110000000000000000F01FEC\12.0.4518\VVIEWDWG.DLL
+ 2006-10-26 20:58:38 3,732,792 ----a-r c:\windows\Installer\$PatchCache$\Managed\[u]0[/u]0002109110000000000000000F01FEC\12.0.4518\VVIEWER.DLL
+ 2006-10-27 13:23:04 347,432 ----a-r c:\windows\Installer\$PatchCache$\Managed\[u]0[/u]0002109110000000000000000F01FEC\12.0.4518\WINWORD.EXE
+ 2006-10-27 13:11:38 4,235,560 ----a-r c:\windows\Installer\$PatchCache$\Managed\[u]0[/u]0002109110000000000000000F01FEC\12.0.4518\WRD12CNV.DLL
+ 2006-10-27 13:11:36 21,264 ----a-r c:\windows\Installer\$PatchCache$\Managed\[u]0[/u]0002109110000000000000000F01FEC\12.0.4518\WRD12EXE.EXE
+ 2006-10-27 13:23:08 17,483,560 ----a-r c:\windows\Installer\$PatchCache$\Managed\[u]0[/u]0002109110000000000000000F01FEC\12.0.4518\WWLIB.DLL
+ 2006-10-26 19:13:08 14,674,216 ----a-r c:\windows\Installer\$PatchCache$\Managed\[u]0[/u]0002109110000000000000000F01FEC\12.0.4518\XL12CNV.EXE
+ 2006-10-26 19:17:08 11,072 ----a-r c:\windows\Installer\$PatchCache$\Managed\[u]0[/u]0002109110000000000000000F01FEC\12.0.4518\XLCALL32.DLL
+ 2007-10-05 19:37:38 17,927,192 ----a-r c:\windows\Installer\$PatchCache$\Managed\[u]0[/u]0002109110000000000000000F01FEC\12.0.6215\EXCEL.EXE
+ 2007-08-28 22:38:10 500,648 ----a-r c:\windows\Installer\$PatchCache$\Managed\[u]0[/u]0002109110000000000000000F01FEC\12.0.6215\MORPH9.DLL
+ 2007-09-14 20:45:58 16,901,168 ----a-r c:\windows\Installer\$PatchCache$\Managed\[u]0[/u]0002109110000000000000000F01FEC\12.0.6215\MSO.DLL
+ 2007-08-28 22:38:46 9,584,512 ----a-r c:\windows\Installer\$PatchCache$\Managed\[u]0[/u]0002109110000000000000000F01FEC\12.0.6215\MSPUB.EXE
+ 2007-08-28 23:19:24 1,654,648 ----a-r c:\windows\Installer\$PatchCache$\Managed\[u]0[/u]0002109110000000000000000F01FEC\12.0.6215\OGL.DLL
+ 2007-08-28 22:06:16 467,840 ----a-r c:\windows\Installer\$PatchCache$\Managed\[u]0[/u]0002109110000000000000000F01FEC\12.0.6215\POWERPNT.EXE
+ 2007-08-28 22:06:44 7,990,144 ----a-r c:\windows\Installer\$PatchCache$\Managed\[u]0[/u]0002109110000000000000000F01FEC\12.0.6215\PPCORE.DLL
+ 2007-08-24 02:43:28 138,648 ----a-r c:\windows\Installer\$PatchCache$\Managed\[u]0[/u]0002109110000000000000000F01FEC\12.0.6215\PRTF9.DLL
+ 2007-08-28 22:39:14 625,560 ----a-r c:\windows\Installer\$PatchCache$\Managed\[u]0[/u]0002109110000000000000000F01FEC\12.0.6215\PTXT9.DLL
+ 2007-08-24 02:43:36 593,296 ----a-r c:\windows\Installer\$PatchCache$\Managed\[u]0[/u]0002109110000000000000000F01FEC\12.0.6215\PUBCONV.DLL
+ 2007-08-28 22:16:00 350,064 ----a-r c:\windows\Installer\$PatchCache$\Managed\[u]0[/u]0002109110000000000000000F01FEC\12.0.6215\WINWORD.EXE
+ 2007-09-06 16:56:32 17,490,800 ----a-r c:\windows\Installer\$PatchCache$\Managed\[u]0[/u]0002109110000000000000000F01FEC\12.0.6215\WWLIB.DLL
+ 2007-10-02 19:00:06 14,708,760 ----a-r c:\windows\Installer\$PatchCache$\Managed\[u]0[/u]0002109110000000000000000F01FEC\12.0.6215\XL12CNV.EXE
+ 2007-08-24 04:14:14 13,712 ----a-r c:\windows\Installer\$PatchCache$\Managed\[u]0[/u]0002109110000000000000000F01FEC\12.0.6215\XLCALL32.DLL
- 2008-10-27 13:59:33 49,152 ----a-r c:\windows\Installer\{2ADCF2B3-9140-432D-86F5-8C5D101ABEE1}\ARPPRODUCTICON.exe
+ 2008-10-27 13:59:33 69,632 ----a-r c:\windows\Installer\{2ADCF2B3-9140-432D-86F5-8C5D101ABEE1}\ARPPRODUCTICON.exe
- 2008-10-27 13:59:33 49,152 ----a-r c:\windows\Installer\{2ADCF2B3-9140-432D-86F5-8C5D101ABEE1}\Desktop_MindManager6_C4D150117314479F90CAEF8478756B79.exe
+ 2008-10-27 13:59:33 69,632 ----a-r c:\windows\Installer\{2ADCF2B3-9140-432D-86F5-8C5D101ABEE1}\Desktop_MindManager6_C4D150117314479F90CAEF8478756B79.exe
- 2008-10-27 13:59:33 49,152 ----a-r c:\windows\Installer\{2ADCF2B3-9140-432D-86F5-8C5D101ABEE1}\ProgramGroup_MindMan_C4D150117314479F90CAEF8478756B79.exe
+ 2008-10-27 13:59:33 69,632 ----a-r c:\windows\Installer\{2ADCF2B3-9140-432D-86F5-8C5D101ABEE1}\ProgramGroup_MindMan_C4D150117314479F90CAEF8478756B79.exe
- 2008-10-27 13:59:33 49,152 ----a-r c:\windows\Installer\{2ADCF2B3-9140-432D-86F5-8C5D101ABEE1}\QuickLaunch_MindMana_C4D150117314479F90CAEF8478756B79.exe
+ 2008-10-27 13:59:33 69,632 ----a-r c:\windows\Installer\{2ADCF2B3-9140-432D-86F5-8C5D101ABEE1}\QuickLaunch_MindMana_C4D150117314479F90CAEF8478756B79.exe
- 2008-10-27 13:59:33 49,152 ----a-r c:\windows\Installer\{2ADCF2B3-9140-432D-86F5-8C5D101ABEE1}\StartMenu_MindManage_C4D150117314479F90CAEF8478756B79.exe
+ 2008-10-27 13:59:33 69,632 ----a-r c:\windows\Installer\{2ADCF2B3-9140-432D-86F5-8C5D101ABEE1}\StartMenu_MindManage_C4D150117314479F90CAEF8478756B79.exe
- 2008-10-19 17:40:56 32,768 ----a-r c:\windows\Installer\{37477865-A3F1-4772-AD43-AAFC6BCFF99F}\icon.exe
+ 2008-10-19 17:40:56 53,248 ----a-r c:\windows\Installer\{37477865-A3F1-4772-AD43-AAFC6BCFF99F}\icon.exe
+ 2009-02-15 16:55:09 32,768 ----a-r c:\windows\Installer\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}\icon.exe
- 2008-10-23 19:51:44 65,536 ----a-r c:\windows\Installer\{88D422DB-E9C7-4E16-9D80-2999F4FD6AD9}\ARPPRODUCTICON.exe
+ 2008-10-23 19:51:44 86,016 ----a-r c:\windows\Installer\{88D422DB-E9C7-4E16-9D80-2999F4FD6AD9}\ARPPRODUCTICON.exe
- 2008-10-23 17:51:13 1,165,584 ----a-r c:\windows\Installer\{90120000-0011-0000-0000-0000000FF1CE}\accicons.exe
+ 2009-02-15 17:21:47 1,165,584 ----a-r c:\windows\Installer\{90120000-0011-0000-0000-0000000FF1CE}\accicons.exe
- 2008-10-23 17:51:13 20,240 ----a-r c:\windows\Installer\{90120000-0011-0000-0000-0000000FF1CE}\cagicon.exe
+ 2009-02-15 17:21:47 20,240 ----a-r c:\windows\Installer\{90120000-0011-0000-0000-0000000FF1CE}\cagicon.exe
- 2008-10-23 17:51:13 159,504 ----a-r c:\windows\Installer\{90120000-0011-0000-0000-0000000FF1CE}\inficon.exe
+ 2009-02-15 17:21:47 159,504 ----a-r c:\windows\Installer\{90120000-0011-0000-0000-0000000FF1CE}\inficon.exe
- 2008-10-23 17:51:13 217,864 ----a-r c:\windows\Installer\{90120000-0011-0000-0000-0000000FF1CE}\misc.exe
+ 2009-02-15 17:21:47 217,864 ----a-r c:\windows\Installer\{90120000-0011-0000-0000-0000000FF1CE}\misc.exe
- 2008-10-23 17:51:13 18,704 ----a-r c:\windows\Installer\{90120000-0011-0000-0000-0000000FF1CE}\mspicons.exe
+ 2009-02-15 17:21:47 18,704 ----a-r c:\windows\Installer\{90120000-0011-0000-0000-0000000FF1CE}\mspicons.exe
- 2008-10-23 17:51:13 35,088 ----a-r c:\windows\Installer\{90120000-0011-0000-0000-0000000FF1CE}\oisicon.exe
+ 2009-02-15 17:21:48 35,088 ----a-r c:\windows\Installer\{90120000-0011-0000-0000-0000000FF1CE}\oisicon.exe
- 2008-10-23 17:51:13 845,584 ----a-r c:\windows\Installer\{90120000-0011-0000-0000-0000000FF1CE}\outicon.exe
+ 2009-02-15 17:21:47 845,584 ----a-r c:\windows\Installer\{90120000-0011-0000-0000-0000000FF1CE}\outicon.exe
- 2008-10-23 17:51:13 922,384 ----a-r c:\windows\Installer\{90120000-0011-0000-0000-0000000FF1CE}\pptico.exe
+ 2009-02-15 17:21:47 922,384 ----a-r c:\windows\Installer\{90120000-0011-0000-0000-0000000FF1CE}\pptico.exe
- 2008-10-23 17:51:13 272,648 ----a-r c:\windows\Installer\{90120000-0011-0000-0000-0000000FF1CE}\pubs.exe
+ 2009-02-15 17:21:47 272,648 ----a-r c:\windows\Installer\{90120000-0011-0000-0000-0000000FF1CE}\pubs.exe
- 2008-10-23 17:51:13 888,080 ----a-r c:\windows\Installer\{90120000-0011-0000-0000-0000000FF1CE}\wordicon.exe
+ 2009-02-15 17:21:47 888,080 ----a-r c:\windows\Installer\{90120000-0011-0000-0000-0000000FF1CE}\wordicon.exe
- 2008-10-23 17:51:13 1,172,240 ----a-r c:\windows\Installer\{90120000-0011-0000-0000-0000000FF1CE}\xlicons.exe
+ 2009-02-15 17:21:47 1,172,240 ----a-r c:\windows\Installer\{90120000-0011-0000-0000-0000000FF1CE}\xlicons.exe
- 2008-10-23 17:48:56 217,864 ----a-r c:\windows\Installer\{90120000-006E-040C-0000-0000000FF1CE}\misc.exe
+ 2009-02-15 17:09:41 217,864 ----a-r c:\windows\Installer\{90120000-006E-040C-0000-0000000FF1CE}\misc.exe
+ 2009-01-20 10:20:03 295,606 ----a-r c:\windows\Installer\{AC76BA86-1033-F400-7760-000000000003}\_SC_Acrobat.exe
+ 2009-01-20 10:20:04 295,606 ----a-r c:\windows\Installer\{AC76BA86-1033-F400-7760-000000000003}\_SC_Acrobat_3D.exe
+ 2009-01-20 10:20:04 295,606 ----a-r c:\windows\Installer\{AC76BA86-1033-F400-7760-000000000003}\_SC_Acrobat_Standard.exe
+ 2009-01-20 10:20:04 25,214 ----a-r c:\windows\Installer\{AC76BA86-1033-F400-7760-000000000003}\_SC_Distiller.exe
+ 2009-01-20 10:20:04 7,278 ----a-r c:\windows\Installer\{AC76BA86-1033-F400-7760-000000000003}\_SC_ELEMENTS_DT.exe
+ 2009-01-20 10:20:03 23,558 ----a-r c:\windows\Installer\{AC76BA86-1033-F400-7760-000000000003}\SC_Designer_PFM.70DBED24_B579_40CB_AB0B_F1221A3E9EC5.exe
- 2008-10-24 17:09:33 81,920 ----a-r c:\windows\Installer\{B2D41883-3BFC-4BA0-A2F6-5A2C9836C238}\ACDSeeDesktopShortcu_AE80641A0C8D4670A518B4EC154B1027.exe
+ 2008-10-24 17:09:33 102,400 ----a-r c:\windows\Installer\{B2D41883-3BFC-4BA0-A2F6-5A2C9836C238}\ACDSeeDesktopShortcu_AE80641A0C8D4670A518B4EC154B1027.exe
- 2008-10-24 17:09:33 81,920 ----a-r c:\windows\Installer\{B2D41883-3BFC-4BA0-A2F6-5A2C9836C238}\ACDSeePMShortcut_AE80641A0C8D4670A518B4EC154B1027.exe
+ 2008-10-24 17:09:33 102,400 ----a-r c:\windows\Installer\{B2D41883-3BFC-4BA0-A2F6-5A2C9836C238}\ACDSeePMShortcut_AE80641A0C8D4670A518B4EC154B1027.exe
- 2008-10-24 17:09:33 81,920 ----a-r c:\windows\Installer\{B2D41883-3BFC-4BA0-A2F6-5A2C9836C238}\ACDSeeShowroomShortc_B2D418833BFC4BA0A2F65A2C9836C238.exe
+ 2008-10-24 17:09:33 102,400 ----a-r c:\windows\Installer\{B2D41883-3BFC-4BA0-A2F6-5A2C9836C238}\ACDSeeShowroomShortc_B2D418833BFC4BA0A2F65A2C9836C238.exe
- 2008-10-24 17:09:33 81,920 ----a-r c:\windows\Installer\{B2D41883-3BFC-4BA0-A2F6-5A2C9836C238}\ARPPRODUCTICON.exe
+ 2008-10-24 17:09:33 102,400 ----a-r c:\windows\Installer\{B2D41883-3BFC-4BA0-A2F6-5A2C9836C238}\ARPPRODUCTICON.exe
- 2008-10-24 17:09:33 45,056 ----a-r c:\windows\Installer\{B2D41883-3BFC-4BA0-A2F6-5A2C9836C238}\DevDetectPMShortcut_ECE0113B23D04DD889E6D2F026CABF03.exe
+ 2008-10-24 17:09:33 65,536 ----a-r c:\windows\Installer\{B2D41883-3BFC-4BA0-A2F6-5A2C9836C238}\DevDetectPMShortcut_ECE0113B23D04DD889E6D2F026CABF03.exe
- 2008-10-23 19:51:38 65,536 ----a-r c:\windows\Installer\{BC4F8E84-5E29-49EC-B4E7-E6F9CB50986C}\ARPPRODUCTICON.exe
+ 2008-10-23 19:51:38 86,016 ----a-r c:\windows\Installer\{BC4F8E84-5E29-49EC-B4E7-E6F9CB50986C}\ARPPRODUCTICON.exe
- 2008-11-29 12:37:45 632,320 ----a-r c:\windows\Installer\{CD95F661-A5C4-44F5-A6AA-ECDD91C240B5}\IconCD95F66110.exe
+ 2008-11-29 12:37:45 649,216 ----a-r c:\windows\Installer\{CD95F661-A5C4-44F5-A6AA-ECDD91C240B5}\IconCD95F66110.exe
- 2008-11-29 12:37:45 29,184 ----a-r c:\windows\Installer\{CD95F661-A5C4-44F5-A6AA-ECDD91C240B5}\IconCD95F6617.exe
+ 2008-11-29 12:37:45 46,080 ----a-r c:\windows\Installer\{CD95F661-A5C4-44F5-A6AA-ECDD91C240B5}\IconCD95F6617.exe
- 2008-10-19 17:44:09 166,912 ----a-r c:\windows\Installer\{CD97C166-020E-415A-98D2-2D89DD9D68F0}\places.exe
+ 2008-10-19 17:44:09 183,808 ----a-r c:\windows\Installer\{CD97C166-020E-415A-98D2-2D89DD9D68F0}\places.exe
- 2009-01-12 15:37:17 40,960 ----a-r c:\windows\Installer\{D041EB9E-890A-4098-8F94-51DA194AC72A}\SC_AMCap.exe
+ 2009-01-12 15:37:17 61,440 ----a-r c:\windows\Installer\{D041EB9E-890A-4098-8F94-51DA194AC72A}\SC_AMCap.exe
- 2009-01-12 15:37:17 49,152 ----a-r c:\windows\Installer\{D041EB9E-890A-4098-8F94-51DA194AC72A}\SC_Check3D.exe
+ 2009-01-12 15:37:17 69,632 ----a-r c:\windows\Installer\{D041EB9E-890A-4098-8F94-51DA194AC72A}\SC_Check3D.exe
- 2009-01-12 15:37:17 69,632 ----a-r c:\windows\Installer\{D041EB9E-890A-4098-8F94-51DA194AC72A}\SC_ContentTransfer.exe
+ 2009-01-12 15:37:17 90,112 ----a-r c:\windows\Installer\{D041EB9E-890A-4098-8F94-51DA194AC72A}\SC_ContentTransfer.exe
- 2009-01-12 15:37:17 434,176 ----a-r c:\windows\Installer\{D041EB9E-890A-4098-8F94-51DA194AC72A}\SC_GuidedTour.exe
+ 2009-01-12 15:37:17 454,656 ----a-r c:\windows\Installer\{D041EB9E-890A-4098-8F94-51DA194AC72A}\SC_GuidedTour.exe
- 2009-01-12 15:37:17 45,056 ----a-r c:\windows\Installer\{D041EB9E-890A-4098-8F94-51DA194AC72A}\SC_Help_HH.exe
+ 2009-01-12 15:37:17 65,536 ----a-r c:\windows\Installer\{D041EB9E-890A-4098-8F94-51DA194AC72A}\SC_Help_HH.exe
- 2009-01-12 15:37:17 65,536 ----a-r c:\windows\Installer\{D041EB9E-890A-4098-8F94-51DA194AC72A}\SC_ReadMe.exe
+ 2009-01-12 15:37:17 86,016 ----a-r c:\windows\Installer\{D041EB9E-890A-4098-8F94-51DA194AC72A}\SC_ReadMe.exe
- 2009-01-12 15:37:17 69,632 ----a-r c:\windows\Installer\{D041EB9E-890A-4098-8F94-51DA194AC72A}\Studio.exe
+ 2009-01-12 15:37:17 90,112 ----a-r c:\windows\Installer\{D041EB9E-890A-4098-8F94-51DA194AC72A}\Studio.exe
+ 2009-01-19 10:28:00 471,040 ----a-r c:\windows\Installer\{DD6967E0-904C-4394-A4AE-C2335E495933}\ARPPRODUCTICON.exe
+ 2009-01-19 10:28:00 8,854 ----a-r c:\windows\Installer\{DD6967E0-904C-4394-A4AE-C2335E495933}\New_Shortcut_F007CBCED7144C0B8CE99B0D78116468.exe
+ 2009-01-19 10:28:00 471,040 ----a-r c:\windows\Installer\{DD6967E0-904C-4394-A4AE-C2335E495933}\NewShortcut2_DD6967E0904C4394A4AEC2335E495933.exe
+ 2009-01-19 10:28:00 471,040 ----a-r c:\windows\Installer\{DD6967E0-904C-4394-A4AE-C2335E495933}\NewShortcut3_DD6967E0904C4394A4AEC2335E495933_1.exe
- 2008-10-26 07:08:01 49,152 ----a-r c:\windows\Installer\{DDDD90B2-80F2-413A-8A8E-38C5076A7DBA}\ARPPRODUCTICON.exe
+ 2008-10-26 07:08:01 69,632 ----a-r c:\windows\Installer\{DDDD90B2-80F2-413A-8A8E-38C5076A7DBA}\ARPPRODUCTICON.exe
- 2008-10-26 07:08:01 49,152 ----a-r c:\windows\Installer\{DDDD90B2-80F2-413A-8A8E-38C5076A7DBA}\ConvertXML_Shortcut_DDDD90B280F2413A8A8E38C5076A7DBA.exe
+ 2008-10-26 07:08:01 69,632 ----a-r c:\windows\Installer\{DDDD90B2-80F2-413A-8A8E-38C5076A7DBA}\ConvertXML_Shortcut_DDDD90B280F2413A8A8E38C5076A7DBA.exe
- 2008-10-26 07:08:01 49,152 ----a-r c:\windows\Installer\{DDDD90B2-80F2-413A-8A8E-38C5076A7DBA}\Dragonlog_Shortcut_DDDD90B280F2413A8A8E38C5076A7DBA.exe
+ 2008-10-26 07:08:01 69,632 ----a-r c:\windows\Installer\{DDDD90B2-80F2-413A-8A8E-38C5076A7DBA}\Dragonlog_Shortcut_DDDD90B280F2413A8A8E38C5076A7DBA.exe
- 2008-10-26 07:08:01 49,152 ----a-r c:\windows\Installer\{DDDD90B2-80F2-413A-8A8E-38C5076A7DBA}\NatSpeak_Shortcut_DDDD90B280F2413A8A8E38C5076A7DBA.exe
+ 2008-10-26 07:08:01 69,632 ----a-r c:\windows\Installer\{DDDD90B2-80F2-413A-8A8E-38C5076A7DBA}\NatSpeak_Shortcut_DDDD90B280F2413A8A8E38C5076A7DBA.exe
- 2008-10-26 07:08:01 49,152 ----a-r c:\windows\Installer\{DDDD90B2-80F2-413A-8A8E-38C5076A7DBA}\NatSpeakD_Shortcut_DDDD90B280F2413A8A8E38C5076A7DBA.exe
+ 2008-10-26 07:08:01 69,632 ----a-r c:\windows\Installer\{DDDD90B2-80F2-413A-8A8E-38C5076A7DBA}\NatSpeakD_Shortcut_DDDD90B280F2413A8A8E38C5076A7DBA.exe
- 2008-10-26 07:08:01 49,152 ----a-r c:\windows\Installer\{DDDD90B2-80F2-413A-8A8E-38C5076A7DBA}\NSAdmin_Shortcut_DDDD90B280F2413A8A8E38C5076A7DBA.exe
+ 2008-10-26 07:08:01 69,632 ----a-r c:\windows\Installer\{DDDD90B2-80F2-413A-8A8E-38C5076A7DBA}\NSAdmin_Shortcut_DDDD90B280F2413A8A8E38C5076A7DBA.exe
- 2008-10-26 07:08:01 45,056 ----a-r c:\windows\Installer\{DDDD90B2-80F2-413A-8A8E-38C5076A7DBA}\NSAdminHelp_Shortcut_DDDD90B280F2413A8A8E38C5076A7DBA.exe
+ 2008-10-26 07:08:01 65,536 ----a-r c:\windows\Installer\{DDDD90B2-80F2-413A-8A8E-38C5076A7DBA}\NSAdminHelp_Shortcut_DDDD90B280F2413A8A8E38C5076A7DBA.exe
- 2008-10-26 07:08:01 49,152 ----a-r c:\windows\Installer\{DDDD90B2-80F2-413A-8A8E-38C5076A7DBA}\NSAdminW_Shortcut_DDDD90B280F2413A8A8E38C5076A7DBA.exe
+ 2008-10-26 07:08:01 69,632 ----a-r c:\windows\Installer\{DDDD90B2-80F2-413A-8A8E-38C5076A7DBA}\NSAdminW_Shortcut_DDDD90B280F2413A8A8E38C5076A7DBA.exe
- 2008-10-26 07:08:01 49,152 ----a-r c:\windows\Installer\{DDDD90B2-80F2-413A-8A8E-38C5076A7DBA}\SchedMgr_Shortcut_DDDD90B280F2413A8A8E38C5076A7DBA.exe
+ 2008-10-26 07:08:01 69,632 ----a-r c:\windows\Installer\{DDDD90B2-80F2-413A-8A8E-38C5076A7DBA}\SchedMgr_Shortcut_DDDD90B280F2413A8A8E38C5076A7DBA.exe
- 2008-10-26 07:08:01 49,152 ----a-r c:\windows\Installer\{DDDD90B2-80F2-413A-8A8E-38C5076A7DBA}\Setuplog_Shortcut_DDDD90B280F2413A8A8E38C5076A7DBA.exe
+ 2008-10-26 07:08:01 69,632 ----a-r c:\windows\Installer\{DDDD90B2-80F2-413A-8A8E-38C5076A7DBA}\Setuplog_Shortcut_DDDD90B280F2413A8A8E38C5076A7DBA.exe
- 2008-10-26 07:08:01 65,536 ----a-r c:\windows\Installer\{DDDD90B2-80F2-413A-8A8E-38C5076A7DBA}\Shortcut0.C3A146F5_4B48_11D5_A819_00B0D0428C0C.exe
+ 2008-10-26 07:08:01 86,016 ----a-r c:\windows\Installer\{DDDD90B2-80F2-413A-8A8E-38C5076A7DBA}\Shortcut0.C3A146F5_4B48_11D5_A819_00B0D0428C0C.exe
- 2008-10-26 07:08:01 40,960 ----a-r c:\windows\Installer\{DDDD90B2-80F2-413A-8A8E-38C5076A7DBA}\TAgent_Shortcut_DDDD90B280F2413A8A8E38C5076A7DBA.exe
+ 2008-10-26 07:08:01 61,440 ----a-r c:\windows\Installer\{DDDD90B2-80F2-413A-8A8E-38C5076A7DBA}\TAgent_Shortcut_DDDD90B280F2413A8A8E38C5076A7DBA.exe
- 2008-10-26 07:08:01 49,152 ----a-r c:\windows\Installer\{DDDD90B2-80F2-413A-8A8E-38C5076A7DBA}\Upgrade_Shortcut_DDDD90B280F2413A8A8E38C5076A7DBA.exe
+ 2008-10-26 07:08:01 69,632 ----a-r c:\windows\Installer\{DDDD90B2-80F2-413A-8A8E-38C5076A7DBA}\Upgrade_Shortcut_DDDD90B280F2413A8A8E38C5076A7DBA.exe
- 2008-10-26 07:08:01 45,056 ----a-r c:\windows\Installer\{DDDD90B2-80F2-413A-8A8E-38C5076A7DBA}\Voctool_Shortcut_DDDD90B280F2413A8A8E38C5076A7DBA.exe
+ 2008-10-26 07:08:01 65,536 ----a-r c:\windows\Installer\{DDDD90B2-80F2-413A-8A8E-38C5076A7DBA}\Voctool_Shortcut_DDDD90B280F2413A8A8E38C5076A7DBA.exe
- 2008-10-23 17:04:54 49,152 ----a-r c:\windows\Installer\{DEE88727-779B-47A9-ACEF-F87CA5F92A65}\NewShortcut14_27BC537B086D42E19CB39D115FA043BF.exe
+ 2008-10-23 17:04:54 69,632 ----a-r c:\windows\Installer\{DEE88727-779B-47A9-ACEF-F87CA5F92A65}\NewShortcut14_27BC537B086D42E19CB39D115FA043BF.exe
- 2008-10-23 17:04:54 450,560 ----a-r c:\windows\Installer\{DEE88727-779B-47A9-ACEF-F87CA5F92A65}\NewShortcut15_27BC537B086D42E19CB39D115FA043BF.exe
+ 2008-10-23 17:04:54 471,040 ----a-r c:\windows\Installer\{DEE88727-779B-47A9-ACEF-F87CA5F92A65}\NewShortcut15_27BC537B086D42E19CB39D115FA043BF.exe
- 2008-10-23 17:04:54 65,536 ----a-r c:\windows\Installer\{DEE88727-779B-47A9-ACEF-F87CA5F92A65}\Shortcut0.C3A146F5_4B48_11D5_A819_00B0D0428C0C.exe
+ 2008-10-23 17:04:54 86,016 ----a-r c:\windows\Installer\{DEE88727-779B-47A9-ACEF-F87CA5F92A65}\Shortcut0.C3A146F5_4B48_11D5_A819_00B0D0428C0C.exe
- 2004-12-08 16:06:39 65,536 ----a-w c:\windows\LClock.exe
+ 2004-12-08 16:06:39 86,016 ------w c:\windows\LClock.exe
- 2007-07-24 17:47:00 59,911 ----a-w c:\windows\LSD\all_users.exe
+ 2007-07-24 18:47:00 59,911 ----a-w c:\windows\LSD\all_users.exe
+ 2007-07-24 10:07:37 70,207,413 ----a-w c:\windows\LSD\bonus.exe
- 2007-08-07 13:46:13 2,336 ----a-w c:\windows\LSD\end.cmd
+ 2007-08-07 14:46:13 2,336 ----a-w c:\windows\LSD\end.cmd
- 2004-09-12 12:06:50 57,344 ----a-w c:\windows\LSD\say.exe
+ 2004-09-12 13:06:50 77,824 ----a-w c:\windows\LSD\say.exe
- 1999-12-23 14:47:59 59,199 ----a-w c:\windows\LSD\sendto.exe
+ 1999-12-23 15:47:59 59,199 ----a-w c:\windows\LSD\sendto.exe
- 2007-07-10 00:02:59 4,105,911 ----a-w c:\windows\LSD\shell32.exe
+ 2007-07-10 01:02:59 4,105,911 ----a-w c:\windows\LSD\shell32.exe
- 2005-06-28 16:59:26 275,749 ----a-w c:\windows\LSD\TCPIP.exe
+ 2005-06-28 17:59:26 275,749 ----a-w c:\windows\LSD\TCPIP.exe
- 2004-12-21 20:38:41 2,113,536 ----a-w c:\windows\LSD\u2.exe
+ 2004-12-21 21:38:41 2,134,016 ----a-w c:\windows\LSD\u2.exe
- 2002-03-02 23:30:06 32,768 ----a-w c:\windows\LSD\w.exe
+ 2002-03-03 00:30:06 53,248 ----a-w c:\windows\LSD\w.exe
- 2005-07-10 20:04:14 70,656 ----a-w c:\windows\LSD\xuser.exe
+ 2005-07-10 21:04:14 91,136 ----a-w c:\windows\LSD\xuser.exe
- 2008-09-30 15:38:10 2,168,320 ----a-w c:\windows\MicCal.exe
+ 2008-09-30 15:38:10 2,185,728 ----a-w c:\windows\MicCal.exe
- 2005-09-23 06:28:52 72,704 ----a-w c:\windows\Microsoft.NET\Framework\NETFXSBS10.exe
+ 2005-09-23 06:28:52 89,600 ----a-w c:\windows\Microsoft.NET\Framework\NETFXSBS10.exe
- 2005-09-23 06:28:32 36,864 ----a-w c:\windows\Microsoft.NET\Framework\v2.0.50727\aspnet_compiler.exe
+ 2005-09-23 06:28:32 57,344 ----a-w c:\windows\Microsoft.NET\Framework\v2.0.50727\aspnet_compiler.exe
- 2005-09-23 06:28:32 13,824 ----a-w c:\windows\Microsoft.NET\Framework\v2.0.50727\aspnet_regbrowsers.exe
+ 2005-09-23 06:28:32 30,720 ----a-w c:\windows\Microsoft.NET\Framework\v2.0.50727\aspnet_regbrowsers.exe
- 2005-09-23 06:28:32 106,496 ----a-w c:\windows\Microsoft.NET\Framework\v2.0.50727\aspnet_regsql.exe
+ 2005-09-23 06:28:32 126,976 ----a-w c:\windows\Microsoft.NET\Framework\v2.0.50727\aspnet_regsql.exe
- 2005-09-23 06:28:56 106,496 ----a-w c:\windows\Microsoft.NET\Framework\v2.0.50727\CasPol.exe
+ 2005-09-23 06:28:56 126,976 ----a-w c:\windows\Microsoft.NET\Framework\v2.0.50727\CasPol.exe
- 2005-09-23 06:28:38 4,608 ----a-w c:\windows\Microsoft.NET\Framework\v2.0.50727\dfsvc.exe
+ 2005-09-23 06:28:38 21,504 ----a-w c:\windows\Microsoft.NET\Framework\v2.0.50727\dfsvc.exe
- 2005-09-23 06:28:56 9,728 ----a-w c:\windows\Microsoft.NET\Framework\v2.0.50727\IEExec.exe
+ 2005-09-23 06:28:56 26,624 ----a-w c:\windows\Microsoft.NET\Framework\v2.0.50727\IEExec.exe
- 2005-09-23 06:28:56 28,672 ----a-w c:\windows\Microsoft.NET\Framework\v2.0.50727\InstallUtil.exe
+ 2005-09-23 06:28:56 49,152 ----a-w c:\windows\Microsoft.NET\Framework\v2.0.50727\InstallUtil.exe
- 2005-09-23 06:28:48 40,960 ----a-w c:\windows\Microsoft.NET\Framework\v2.0.50727\jsc.exe
+ 2005-09-23 06:28:48 61,440 ----a-w c:\windows\Microsoft.NET\Framework\v2.0.50727\jsc.exe
- 2005-09-23 06:28:48 69,632 ----a-w c:\windows\Microsoft.NET\Framework\v2.0.50727\MSBuild.exe
+ 2005-09-23 06:28:48 90,112 ----a-w c:\windows\Microsoft.NET\Framework\v2.0.50727\MSBuild.exe
- 2005-09-23 06:28:56 53,248 ----a-w c:\windows\Microsoft.NET\Framework\v2.0.50727\RegAsm.exe
+ 2005-09-23 06:28:56 73,728 ----a-w c:\windows\Microsoft.NET\Framework\v2.0.50727\RegAsm.exe
- 2005-09-23 06:28:56 32,768 ----a-w c:\windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exe
+ 2005-09-23 06:28:56 53,248 ----a-w c:\windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exe
- 2006-10-30 02:34:02 159,744 ----a-w c:\windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\ComSvcConfig.exe
+ 2006-10-30 02:34:02 180,224 ----a-w c:\windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\ComSvcConfig.exe
- 2006-10-30 02:33:58 741,376 ----a-w c:\windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
+ 2006-10-30 02:33:58 761,856 ----a-w c:\windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
- 2006-10-30 02:34:02 61,440 ----a-w c:\windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\ServiceModelReg.exe
+ 2006-10-30 02:34:02 81,920 ----a-w c:\windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\ServiceModelReg.exe
- 2006-10-30 02:34:02 122,880 ----a-w c:\windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe
+ 2006-10-30 02:34:02 143,360 ----a-w c:\windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe
- 2006-10-30 02:34:02 143,360 ----a-w c:\windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\WsatConfig.exe
+ 2006-10-30 02:34:02 163,840 ----a-w c:\windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\WsatConfig.exe
- 2006-10-20 20:21:24 36,864 ----a-w c:\windows\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe
+ 2006-10-20 20:21:24 57,344 ----a-w c:\windows\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe
- 2006-10-20 20:21:26 14,848 ----a-w c:\windows\Microsoft.NET\Framework\v3.0\WPF\XamlViewer\XamlViewer_v0300.exe
+ 2006-10-20 20:21:26 31,744 ----a-w c:\windows\Microsoft.NET\Framework\v3.0\WPF\XamlViewer\XamlViewer_v0300.exe
- 2007-07-16 14:27:46 557,568 ----a-w c:\windows\Network Diagnostic\xpnetdiag.exe
+ 2007-07-16 14:27:46 574,464 ----a-w c:\windows\Network Diagnostic\xpnetdiag.exe
- 2000-08-31 07:00:00 28,672 ----a-w c:\windows\NIRCMD.exe
+ 2000-08-31 07:00:00 48,640 ----a-w c:\windows\NIRCMD.exe
- 2007-07-15 21:27:58 749,568 ----a-w c:\windows\NOTEPAD.EXE
+ 2007-07-15 21:27:58 770,048 ----a-w c:\windows\NOTEPAD.EXE
- 2007-08-14 09:09:02 84,480 ----a-w c:\windows\OPTIONS\CABS\lanset64.exe
+ 2007-08-14 09:09:02 101,376 ----a-w c:\windows\OPTIONS\CABS\lanset64.exe
- 2007-08-14 09:08:44 55,808 ----a-w c:\windows\OPTIONS\CABS\lansetm.exe
+ 2007-08-14 09:08:44 80,472 ----a-w c:\windows\OPTIONS\CABS\lansetm.exe
- 2007-08-14 09:08:52 59,392 ----a-w c:\windows\OPTIONS\CABS\lansetup.exe
+ 2007-08-14 09:08:52 84,056 ----a-w c:\windows\OPTIONS\CABS\lansetup.exe
- 2007-08-14 09:08:56 57,344 ----a-w c:\windows\OPTIONS\CABS\lansetx.exe
+ 2007-08-14 09:08:56 82,008 ----a-w c:\windows\OPTIONS\CABS\lansetx.exe
- 2004-08-19 20:09:56 768,512 ----a-w c:\windows\pchealth\helpctr\binaries\HelpCtr.exe
+ 2004-08-19 20:09:56 785,408 ----a-w c:\windows\pchealth\helpctr\binaries\HelpCtr.exe
- 2001-08-28 18:00:00 99,840 ----a-w c:\windows\pchealth\helpctr\binaries\HelpHost.exe
+ 2001-08-28 18:00:00 116,736 ----a-w c:\windows\pchealth\helpctr\binaries\HelpHost.exe
- 2004-08-19 20:09:56 743,936 ----a-w c:\windows\pchealth\helpctr\binaries\HelpSvc.exe
+ 2004-08-19 20:09:56 760,832 ----a-w c:\windows\pchealth\helpctr\binaries\HelpSvc.exe
- 2004-08-19 20:09:56 18,944 ----a-w c:\windows\pchealth\helpctr\binaries\HscUpd.exe
+ 2004-08-19 20:09:56 35,840 ----a-w c:\windows\pchealth\helpctr\binaries\HscUpd.exe
- 2007-07-16 14:26:01 172,544 ----a-w c:\windows\pchealth\helpctr\binaries\msconfig.exe
+ 2007-07-16 14:26:01 189,952 ----a-w c:\windows\pchealth\helpctr\binaries\msconfig.exe
- 2001-08-28 18:00:00 35,328 ----a-w c:\windows\pchealth\helpctr\binaries\notiflag.exe
+ 2001-08-28 18:00:00 52,224 ----a-w c:\windows\pchealth\helpctr\binaries\notiflag.exe
- 2004-08-19 20:10:04 151,040 ----a-w c:\windows\pchealth\UploadLB\Binaries\UploadM.exe
+ 2004-08-19 20:10:04 167,936 ----a-w c:\windows\pchealth\UploadLB\Binaries\UploadM.exe
- 2005-04-05 07:26:20 456,208 ----a-w c:\windows\process.exe
+ 2005-04-05 08:26:20 456,208 ----a-w c:\windows\process.exe
- 2007-03-20 06:41:06 32,768 ------r c:\windows\RaidTool\IDEDrvSetup.exe
+ 2007-03-20 06:41:06 57,020 ------r c:\win
irc.zief.pl : que veux tu dire par ce souci? explique et donne le nom du fichier exact
______________
pour le rapport combofix il manque la fin: colle la
______________
Télécharge ici :
http://images.malwareremoval.com/random/RSIT.exe
random's system information tool (RSIT) par andom/random et sauvegarde-le sur le Bureau.
Double-clique sur RSIT.exe afin de lancer RSIT.
Clique Continue à l'écran Disclaimer.
Si l'outil HijackThis (version à jour) n'est pas présent ou non détecté sur l'ordinateur, RSIT le téléchargera (autorise l'accès dans ton pare-feu, si demandé) et tu devras accepter la licence.
Lorsque l'analyse sera terminée, deux fichiers texte s'ouvriront.
Poste le contenu de log.txt (<<qui sera affiché)
ainsi que de info.txt (<<qui sera réduit dans la Barre des Tâches).
NB : Les rapports sont sauvegardés dans le dossier C:\rsit
______________
pour le rapport combofix il manque la fin: colle la
______________
Télécharge ici :
http://images.malwareremoval.com/random/RSIT.exe
random's system information tool (RSIT) par andom/random et sauvegarde-le sur le Bureau.
Double-clique sur RSIT.exe afin de lancer RSIT.
Clique Continue à l'écran Disclaimer.
Si l'outil HijackThis (version à jour) n'est pas présent ou non détecté sur l'ordinateur, RSIT le téléchargera (autorise l'accès dans ton pare-feu, si demandé) et tu devras accepter la licence.
Lorsque l'analyse sera terminée, deux fichiers texte s'ouvriront.
Poste le contenu de log.txt (<<qui sera affiché)
ainsi que de info.txt (<<qui sera réduit dans la Barre des Tâches).
NB : Les rapports sont sauvegardés dans le dossier C:\rsit
2007-03-20 06:41:06 32,768 ------r c:\windows\RaidTool\IDEDrvSetup.exe
+ 2007-03-20 06:41:06 57,020 ------r c:\windows\RaidTool\IDEDrvSetup.exe
- 2007-03-20 13:01:14 2,560 ------r c:\windows\RaidTool\xIDESetup.exe
+ 2007-03-20 13:01:14 19,456 ------r c:\windows\RaidTool\xIDESetup.exe
- 2004-10-11 16:51:58 57,344 ----a-w c:\windows\reboot.exe
+ 2004-10-11 17:51:58 77,824 ----a-w c:\windows\reboot.exe
- 2004-08-19 20:10:04 153,088 ----a-w c:\windows\regedit.exe
+ 2004-08-19 20:10:04 170,496 ----a-w c:\windows\regedit.exe
- 2007-04-20 17:16:00 1,117,184 ----a-w c:\windows\Resources\Themes\LSD_Inspirat\Shell\AeroBlue\Shellstyle.dll
+ 2007-04-20 18:16:00 1,117,184 ----a-w c:\windows\Resources\Themes\LSD_Inspirat\Shell\AeroBlue\Shellstyle.dll
- 2007-04-21 09:07:00 894,464 ----a-w c:\windows\Resources\Themes\LSD_Inspirat\Shell\ClassicXP\Shellstyle.dll
+ 2007-04-21 10:07:00 894,464 ----a-w c:\windows\Resources\Themes\LSD_Inspirat\Shell\ClassicXP\Shellstyle.dll
- 2007-04-20 17:16:00 1,117,184 ----a-w c:\windows\Resources\Themes\LSD_Inspirat\Shell\NormalColor\Shellstyle.dll
+ 2007-04-20 18:16:00 1,117,184 ----a-w c:\windows\Resources\Themes\LSD_Inspirat\Shell\NormalColor\Shellstyle.dll
- 2004-12-03 15:34:08 372,736 ----a-w c:\windows\Resources\Themes\Shell\BB2\Shellstyle.dll
+ 2004-12-03 16:34:08 372,736 ----a-w c:\windows\Resources\Themes\Shell\BB2\Shellstyle.dll
- 2004-12-03 15:34:08 372,736 ----a-w c:\windows\Resources\Themes\Shell\BlackBlue\Shellstyle.dll
+ 2004-12-03 16:34:08 372,736 ----a-w c:\windows\Resources\Themes\Shell\BlackBlue\Shellstyle.dll
- 2004-12-03 15:34:08 372,736 ----a-w c:\windows\Resources\Themes\Shell\BlackGraf\Shellstyle.dll
+ 2004-12-03 16:34:08 372,736 ----a-w c:\windows\Resources\Themes\Shell\BlackGraf\Shellstyle.dll
- 2004-12-03 15:34:08 372,736 ----a-w c:\windows\Resources\Themes\Shell\BlakGraf2\Shellstyle.dll
+ 2004-12-03 16:34:08 372,736 ----a-w c:\windows\Resources\Themes\Shell\BlakGraf2\Shellstyle.dll
- 2004-12-03 15:34:09 372,736 ----a-w c:\windows\Resources\Themes\Shell\Orange\Shellstyle.dll
+ 2004-12-03 16:34:09 372,736 ----a-w c:\windows\Resources\Themes\Shell\Orange\Shellstyle.dll
- 2004-12-03 15:34:09 372,736 ----a-w c:\windows\Resources\Themes\Shell\Orange2\Shellstyle.dll
+ 2004-12-03 16:34:09 372,736 ----a-w c:\windows\Resources\Themes\Shell\Orange2\Shellstyle.dll
- 2004-12-03 15:34:09 372,736 ----a-w c:\windows\Resources\Themes\Shell\RD2\Shellstyle.dll
+ 2004-12-03 16:34:09 372,736 ----a-w c:\windows\Resources\Themes\Shell\RD2\Shellstyle.dll
- 2004-12-03 15:34:09 372,736 ----a-w c:\windows\Resources\Themes\Shell\RoyalBlu2\Shellstyle.dll
+ 2004-12-03 16:34:09 372,736 ----a-w c:\windows\Resources\Themes\Shell\RoyalBlu2\Shellstyle.dll
- 2004-12-03 15:34:09 372,736 ----a-w c:\windows\Resources\Themes\Shell\RoyalDark\Shellstyle.dll
+ 2004-12-03 16:34:09 372,736 ----a-w c:\windows\Resources\Themes\Shell\RoyalDark\Shellstyle.dll
- 2008-10-09 13:54:26 17,021,440 ----a-w c:\windows\RTHDCPL.EXE
+ 2008-10-09 13:54:26 17,040,896 ----a-w c:\windows\RTHDCPL.EXE
- 2008-06-19 15:27:46 9,715,200 ----a-w c:\windows\RTLCPL.exe
+ 2008-06-19 15:27:46 9,733,632 ----a-w c:\windows\RTLCPL.exe
- 2008-09-19 16:48:24 1,200,128 ----a-w c:\windows\RtlUpd.exe
+ 2008-09-19 16:48:24 1,220,608 ----a-w c:\windows\RtlUpd.exe
- 2000-08-31 07:00:00 98,816 ----a-w c:\windows\sed.exe
+ 2000-08-31 07:00:00 115,712 ----a-w c:\windows\sed.exe
- 2007-11-20 17:15:58 1,826,816 ----a-w c:\windows\SkyTel.exe
+ 2007-11-20 17:15:58 1,847,296 ----a-w c:\windows\SkyTel.exe
- 2008-08-19 12:26:44 77,824 ----a-w c:\windows\SOUNDMAN.EXE
+ 2008-08-19 12:26:44 98,304 ----a-w c:\windows\SOUNDMAN.EXE
- 2000-08-31 07:00:00 161,792 ----a-w c:\windows\SWREG.exe
+ 2000-08-31 07:00:00 179,200 ----a-w c:\windows\SWREG.exe
- 2000-08-31 07:00:00 136,704 ----a-w c:\windows\SWSC.exe
+ 2000-08-31 07:00:00 154,624 ----a-w c:\windows\SWSC.exe
- 2000-08-31 07:00:00 212,480 ----a-w c:\windows\SWXCACLS.exe
+ 2000-08-31 07:00:00 229,376 ----a-w c:\windows\SWXCACLS.exe
- 2004-08-19 20:09:52 189,952 ----a-w c:\windows\system32\accwiz.exe
+ 2004-08-19 20:09:52 206,848 ----a-w c:\windows\system32\accwiz.exe
- 2006-08-28 16:34:30 557,056 ----a-w c:\windows\system32\ACDSee.scr
+ 2006-08-28 16:34:30 577,536 ----a-w c:\windows\system32\ACDSee.scr
- 2004-08-19 20:09:52 4,096 ----a-w c:\windows\system32\actmovie.exe
+ 2004-08-19 20:09:52 20,992 ----a-w c:\windows\system32\actmovie.exe
+ 2006-09-29 05:56:38 28,248 ----a-r c:\windows\system32\AdobePDF.dll
- 2005-05-17 14:24:00 311,296 ----a-w c:\windows\system32\AegisI5.exe
+ 2005-05-17 14:24:00 331,776 ----a-w c:\windows\system32\AegisI5.exe
- 2007-07-15 21:27:45 92,160 ----a-w c:\windows\system32\ahui.exe
+ 2007-07-15 21:27:45 109,568 ----a-w c:\windows\system32\ahui.exe
- 2004-08-19 20:09:52 44,544 ----a-w c:\windows\system32\alg.exe
+ 2004-08-19 20:09:52 61,440 ----a-w c:\windows\system32\alg.exe
- 2001-08-28 18:00:00 19,968 ----a-w c:\windows\system32\arp.exe
+ 2001-08-28 18:00:00 36,864 ----a-w c:\windows\system32\arp.exe
- 2001-08-28 18:00:00 37,888 ----a-w c:\windows\system32\asr_ldm.exe
+ 2001-08-28 18:00:00 54,784 ----a-w c:\windows\system32\asr_ldm.exe
- 2004-08-19 20:09:52 32,768 ----a-w c:\windows\system32\asr_pfu.exe
+ 2004-08-19 20:09:52 49,664 ----a-w c:\windows\system32\asr_pfu.exe
- 2004-08-19 20:09:52 25,088 ----a-w c:\windows\system32\at.exe
+ 2004-08-19 20:09:52 41,984 ----a-w c:\windows\system32\at.exe
- 2004-08-19 20:09:52 11,264 ----a-w c:\windows\system32\atmadm.exe
+ 2004-08-19 20:09:52 28,672 ----a-w c:\windows\system32\atmadm.exe
- 2001-08-28 18:00:00 11,264 ----a-w c:\windows\system32\attrib.exe
+ 2001-08-28 18:00:00 28,160 ----a-w c:\windows\system32\attrib.exe
- 2004-08-19 20:09:52 14,336 ----a-w c:\windows\system32\auditusr.exe
+ 2004-08-19 20:09:52 31,232 ----a-w c:\windows\system32\auditusr.exe
- 2001-08-28 18:00:00 152,064 ----a-w c:\windows\system32\bootcfg.exe
+ 2001-08-28 18:00:00 168,960 ----a-w c:\windows\system32\bootcfg.exe
- 2001-08-28 18:00:00 4,608 ----a-w c:\windows\system32\bootok.exe
+ 2001-08-28 18:00:00 21,504 ----a-w c:\windows\system32\bootok.exe
- 2001-08-28 18:00:00 5,120 ----a-w c:\windows\system32\bootvrfy.exe
+ 2001-08-28 18:00:00 22,528 ----a-w c:\windows\system32\bootvrfy.exe
- 2001-08-28 18:00:00 19,456 ----a-w c:\windows\system32\cacls.exe
+ 2001-08-28 18:00:00 36,864 ----a-w c:\windows\system32\cacls.exe
- 2007-07-15 21:27:46 253,440 ----a-w c:\windows\system32\calc.exe
+ 2007-07-15 21:27:46 270,336 ----a-w c:\windows\system32\calc.exe
- 2007-07-16 14:25:18 92,504 ----a-w c:\windows\system32\cdm.dll
+ 2008-10-16 13:09:44 92,696 ----a-w c:\windows\system32\cdm.dll
- 2001-08-28 18:00:00 80,896 ----a-w c:\windows\system32\charmap.exe
+ 2001-08-28 18:00:00 97,792 ----a-w c:\windows\system32\charmap.exe
- 2006-08-01 14:02:32 49,152 ----a-w c:\windows\system32\ChCfg.exe
+ 2006-08-01 14:02:32 69,632 ----a-w c:\windows\system32\ChCfg.exe
- 2001-08-28 18:00:00 11,776 ----a-w c:\windows\system32\chkdsk.exe
+ 2001-08-28 18:00:00 28,672 ----a-w c:\windows\system32\chkdsk.exe
- 2001-08-28 18:00:00 11,264 ----a-w c:\windows\system32\chkntfs.exe
+ 2001-08-28 18:00:00 28,160 ----a-w c:\windows\system32\chkntfs.exe
+ 2003-12-14 14:47:20 692,224 ----a-w c:\windows\system32\ciaResSvr20.dll
+ 2003-02-23 22:45:14 40,960 ----a-w c:\windows\system32\ciaSubClsSvr.dll
+ 2003-12-12 15:41:30 53,248 ----a-w c:\windows\system32\ciaXPRegSvr20.dll
- 2001-08-28 18:00:00 8,192 ----a-w c:\windows\system32\cidaemon.exe
+ 2001-08-28 18:00:00 25,088 ----a-w c:\windows\system32\cidaemon.exe
- 2004-08-19 20:09:52 56,832 ----a-w c:\windows\system32\cipher.exe
+ 2004-08-19 20:09:52 73,728 ----a-w c:\windows\system32\cipher.exe
- 2004-08-19 20:09:52 5,632 ----a-w c:\windows\system32\cisvc.exe
+ 2004-08-19 20:09:52 22,528 ----a-w c:\windows\system32\cisvc.exe
- 2001-08-28 18:00:00 7,680 ----a-w c:\windows\system32\ckcnv.exe
+ 2001-08-28 18:00:00 24,576 ----a-w c:\windows\system32\ckcnv.exe
- 2007-07-15 21:27:46 522,752 ----a-w c:\windows\system32\cleanmgr.exe
+ 2007-07-15 21:27:46 539,648 ----a-w c:\windows\system32\cleanmgr.exe
- 2004-08-19 20:09:52 20,480 ----a-w c:\windows\system32\cliconfg.exe
+ 2004-08-19 20:09:52 40,960 ----a-w c:\windows\system32\cliconfg.exe
- 2004-08-19 20:09:52 104,448 ----a-w c:\windows\system32\clipbrd.exe
+ 2004-08-19 20:09:52 121,344 ----a-w c:\windows\system32\clipbrd.exe
- 2004-08-19 20:09:52 33,280 ----a-w c:\windows\system32\clipsrv.exe
+ 2004-08-19 20:09:52 50,176 ----a-w c:\windows\system32\clipsrv.exe
- 2007-07-15 21:27:47 539,136 ----a-w c:\windows\system32\cmd.exe
+ 2007-07-15 21:27:47 556,032 ----a-w c:\windows\system32\cmd.exe
- 2004-08-19 20:09:52 47,104 ----a-w c:\windows\system32\cmdl32.exe
+ 2004-08-19 20:09:52 64,000 ----a-w c:\windows\system32\cmdl32.exe
- 2004-08-19 20:09:52 40,448 ----a-w c:\windows\system32\cmmon32.exe
+ 2004-08-19 20:09:52 57,344 ----a-w c:\windows\system32\cmmon32.exe
- 2004-08-19 20:09:52 65,536 ----a-w c:\windows\system32\cmstp.exe
+ 2004-08-19 20:09:52 82,432 ----a-w c:\windows\system32\cmstp.exe
- 2004-08-19 20:09:52 9,728 ----a-w c:\windows\system32\Com\comrepl.exe
+ 2004-08-19 20:09:52 26,624 ----a-w c:\windows\system32\Com\comrepl.exe
- 2001-08-28 18:00:00 5,120 ----a-w c:\windows\system32\Com\comrereg.exe
+ 2001-08-28 18:00:00 22,016 ----a-w c:\windows\system32\Com\comrereg.exe
- 2001-08-28 18:00:00 18,432 ----a-w c:\windows\system32\compact.exe
+ 2001-08-28 18:00:00 35,328 ----a-w c:\windows\system32\compact.exe
- 2008-10-19 17:39:52 16,384 ----a-w c:\windows\system32\config\systemprofile\Cookies\index.dat
+ 2009-02-15 22:37:09 16,384 ----a-w c:\windows\system32\config\systemprofile\Cookies\index.dat
+ 2009-02-11 22:04:44 262,144 ---ha-w c:\windows\system32\config\systemprofile\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat
- 2008-10-19 17:39:52 16,384 ----a-w c:\windows\system32\config\systemprofile\Local Settings\Historique\History.IE5\index.dat
+ 2009-02-15 22:37:09 16,384 ----a-w c:\windows\system32\config\systemprofile\Local Settings\Historique\History.IE5\index.dat
- 2008-10-19 17:39:52 32,768 ----a-w c:\windows\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\index.dat
+ 2009-02-15 22:37:09 32,768 ----a-w c:\windows\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\index.dat
- 2004-08-19 20:09:52 27,648 ----a-w c:\windows\system32\conime.exe
+ 2004-08-19 20:09:52 44,544 ----a-w c:\windows\system32\conime.exe
- 2001-08-28 18:00:00 8,192 ----a-w c:\windows\system32\control.exe
+ 2001-08-28 18:00:00 25,600 ----a-w c:\windows\system32\control.exe
- 2001-08-28 18:00:00 13,824 ----a-w c:\windows\system32\convert.exe
+ 2001-08-28 18:00:00 31,232 ----a-w c:\windows\system32\convert.exe
+ 2000-11-24 16:05:06 20,480 ----a-w c:\windows\system32\CPUINFO2.DLL
- 2007-07-16 14:25:25 98,304 ----a-w c:\windows\system32\cscript.exe
+ 2007-07-16 14:25:25 118,784 ----a-w c:\windows\system32\cscript.exe
- 2001-08-28 18:00:00 5,120 ----a-w c:\windows\system32\dcomcnfg.exe
+ 2001-08-28 18:00:00 22,016 ----a-w c:\windows\system32\dcomcnfg.exe
- 2004-08-19 20:09:52 31,744 ----a-w c:\windows\system32\ddeshare.exe
+ 2004-08-19 20:09:52 48,640 ----a-w c:\windows\system32\ddeshare.exe
- 2004-08-19 20:09:52 85,504 ----a-w c:\windows\system32\diantz.exe
+ 2004-08-19 20:09:52 102,400 ----a-w c:\windows\system32\diantz.exe
- 2004-08-19 20:09:52 167,936 ----a-w c:\windows\system32\diskpart.exe
+ 2004-08-19 20:09:52 184,832 ----a-w c:\windows\system32\diskpart.exe
- 2001-08-28 18:00:00 19,456 ----a-w c:\windows\system32\diskperf.exe
+ 2001-08-28 18:00:00 36,352 ----a-w c:\windows\system32\diskperf.exe
- 2006-10-27 00:44:04 54,784 ------w c:\windows\system32\DllCache\ie4uinit.exe
+ 2006-10-27 00:44:04 71,680 ------w c:\windows\system32\DllCache\ie4uinit.exe
- 2006-10-17 11:04:50 69,120 ------w c:\windows\system32\DllCache\iedw.exe
+ 2006-10-17 11:04:50 86,016 ------w c:\windows\system32\DllCache\iedw.exe
- 2006-10-17 11:04:40 622,080 ------w c:\windows\system32\DllCache\iexplore.exe
+ 2006-10-17 11:04:40 638,976 ------w c:\windows\system32\DllCache\iexplore.exe
+ 2008-06-10 00:31:06 120,832 ------w c:\windows\system32\DllCache\logagent.exe
- 2006-10-17 10:56:10 45,568 ------w c:\windows\system32\DllCache\mshta.exe
+ 2006-10-17 10:56:10 62,464 ------w c:\windows\system32\DllCache\mshta.exe
- 2006-10-14 15:44:44 671,744 ------w c:\windows\system32\DllCache\PrintFilterPipelineSvc.exe
+ 2006-10-14 15:44:44 689,152 ------w c:\windows\system32\DllCache\PrintFilterPipelineSvc.exe
- 2006-10-27 13:09:58 765,952 ------w c:\windows\system32\DllCache\VGX.dll
+ 2008-05-27 17:25:06 765,952 ------w c:\windows\system32\DllCache\vgx.dll
+ 2008-06-10 17:18:18 1,053,696 ------w c:\windows\system32\DllCache\WMNetmgr.dll
+ 2008-11-07 17:32:20 2,109,440 ------w c:\windows\system32\DllCache\WMVCore.dll
- 2004-08-19 20:09:52 5,120 ----a-w c:\windows\system32\dllhost.exe
+ 2004-08-19 20:09:52 22,016 ----a-w c:\windows\system32\dllhost.exe
- 2001-08-28 18:00:00 4,608 ----a-w c:\windows\system32\dllhst3g.exe
+ 2001-08-28 18:00:00 21,504 ----a-w c:\windows\system32\dllhst3g.exe
- 2004-08-19 20:09:52 225,280 ----a-w c:\windows\system32\dmadmin.exe
+ 2004-08-19 20:09:52 242,176 ----a-w c:\windows\system32\dmadmin.exe
- 2004-08-19 20:09:52 15,872 ----a-w c:\windows\system32\dmremote.exe
+ 2004-08-19 20:09:52 32,768 ----a-w c:\windows\system32\dmremote.exe
- 2006-02-28 10:41:34 61,440 ----a-w c:\windows\system32\dns-sd.exe
+ 2006-02-28 10:41:34 81,920 ----a-w c:\windows\system32\dns-sd.exe
- 2007-07-16 14:25:27 147,456 ----a-w c:\windows\system32\dnsapi.dll
+ 2008-06-20 17:37:01 147,968 ----a-w c:\windows\system32\dnsapi.dll
- 2001-08-28 18:00:00 10,752 ----a-w c:\windows\system32\doskey.exe
+ 2001-08-28 18:00:00 27,648 ----a-w c:\windows\system32\doskey.exe
- 2004-08-19 20:09:52 30,208 ----a-w c:\windows\system32\dplaysvr.exe
+ 2004-08-19 20:09:52 47,104 ----a-w c:\windows\system32\dplaysvr.exe
- 2004-08-19 20:09:52 18,432 ----a-w c:\windows\system32\dpnsvr.exe
+ 2004-08-19 20:09:52 35,328 ----a-w c:\windows\system32\dpnsvr.exe
- 2004-08-19 20:09:52 83,456 ----a-w c:\windows\system32\dpvsetup.exe
+ 2004-08-19 20:09:52 100,352 ----a-w c:\windows\system32\dpvsetup.exe
- 2001-08-28 18:00:00 60,928 ----a-w c:\windows\system32\driverquery.exe
+ 2001-08-28 18:00:00 77,824 ----a-w c:\windows\system32\driverquery.exe
- 2004-08-04 03:14:16 138,496 ----a-w c:\windows\system32\drivers\afd.sys
+ 2008-08-14 09:48:52 138,368 ----a-w c:\windows\system32\drivers\afd.sys
+ 2008-04-29 10:19:50 12,960 ----a-w c:\windows\system32\drivers\Awrtpd.sys
+ 2008-04-29 10:19:54 15,648 ----a-w c:\windows\system32\drivers\Awrtrd.sys
- 2007-07-16 14:25:59 454,656 ----a-w c:\windows\system32\drivers\mrxsmb.sys
+ 2008-10-24 11:25:29 455,936 ----a-w c:\windows\system32\drivers\mrxsmb.sys
+ 2008-04-29 10:20:00 15,648 ----a-w c:\windows\system32\drivers\NSDriver.sys
- 2007-07-16 14:26:43 202,496 ----a-w c:\windows\system32\drivers\RMCast.sys
+ 2008-05-08 12:14:51 203,008 ----a-w c:\windows\system32\drivers\rmcast.sys
- 2007-07-16 14:27:05 332,928 ----a-w c:\windows\system32\drivers\srv.sys
+ 2008-12-11 10:24:44 333,184 ----a-w c:\windows\system32\drivers\srv.sys
- 2005-06-28 16:56:53 359,808 ----a-w c:\windows\system32\drivers\tcpip.sys
+ 2008-06-20 10:44:42 360,960 ----a-w c:\windows\system32\drivers\tcpip.sys
- 2007-07-16 14:27:16 225,664 ----a-w c:\windows\system32\drivers\tcpip6.sys
+ 2008-06-20 09:32:39 225,920 ----a-w c:\windows\system32\drivers\tcpip6.sys
- 2001-08-28 18:00:00 47,104 ----a-w c:\windows\system32\drwtsn32.exe
+ 2001-08-28 18:00:00 64,000 ----a-w c:\windows\system32\drwtsn32.exe
- 2004-08-19 20:09:52 10,752 ----a-w c:\windows\system32\dumprep.exe
+ 2004-08-19 20:09:52 27,648 ----a-w c:\windows\system32\dumprep.exe
- 2007-07-21 14:34:24 59,392 ----a-w c:\windows\system32\dvdplay.exe
+ 2007-07-21 14:34:24 76,288 ----a-w c:\windows\system32\dvdplay.exe
- 2004-08-19 20:09:52 17,920 ----a-w c:\windows\system32\dvdupgrd.exe
+ 2004-08-19 20:09:52 34,816 ----a-w c:\windows\system32\dvdupgrd.exe
- 2004-08-19 20:09:52 180,224 ----a-w c:\windows\system32\dwwin.exe
+ 2004-08-19 20:09:52 200,704 ----a-w c:\windows\system32\dwwin.exe
- 2007-07-16 14:25:28 243,200 ----a-w c:\windows\system32\es.dll
+ 2008-07-07 20:18:27 253,952 ----a-w c:\windows\system32\es.dll
- 2001-08-28 18:00:00 39,424 ----a-w c:\windows\system32\esentutl.exe
+ 2001-08-28 18:00:00 56,320 ----a-w c:\windows\system32\esentutl.exe
- 2004-08-19 20:09:52 195,072 ----a-w c:\windows\system32\eudcedit.exe
+ 2004-08-19 20:09:52 211,968 ----a-w c:\windows\system32\eudcedit.exe
- 2004-08-19 20:09:52 52,736 ----a-w c:\windows\system32\eventcreate.exe
+ 2004-08-19 20:09:52 69,632 ----a-w c:\windows\system32\eventcreate.exe
- 2001-08-28 18:00:00 81,408 ----a-w c:\windows\system32\eventtriggers.exe
+ 2001-08-28 18:00:00 98,304 ----a-w c:\windows\system32\eventtriggers.exe
- 2001-08-28 18:00:00 9,216 ----a-w c:\windows\system32\eventvwr.exe
+ 2001-08-28 18:00:00 26,112 ----a-w c:\windows\system32\eventvwr.exe
- 2001-08-28 18:00:00 16,896 ----a-w c:\windows\system32\expand.exe
+ 2001-08-28 18:00:00 33,792 ----a-w c:\windows\system32\expand.exe
- 2004-08-19 20:09:54 45,568 ----a-w c:\windows\system32\extrac32.exe
+ 2004-08-19 20:09:54 62,464 ----a-w c:\windows\system32\extrac32.exe
- 2001-08-28 18:00:00 14,848 ----a-w c:\windows\system32\fc.exe
+ 2001-08-28 18:00:00 31,744 ----a-w c:\windows\system32\fc.exe
- 2001-08-28 18:00:00 9,216 ----a-w c:\windows\system32\find.exe
+ 2001-08-28 18:00:00 26,112 ----a-w c:\windows\system32\find.exe
- 2004-08-19 20:09:56 29,184 ----a-w c:\windows\system32\findstr.exe
+ 2004-08-19 20:09:56 46,592 ----a-w c:\windows\system32\findstr.exe
- 2001-08-28 18:00:00 10,240 ----a-w c:\windows\system32\finger.exe
+ 2001-08-28 18:00:00 27,136 ----a-w c:\windows\system32\finger.exe
- 2007-07-16 14:25:31 23,040 ----a-w c:\windows\system32\fltMc.exe
+ 2007-07-16 14:25:31 39,936 ----a-w c:\windows\system32\fltMc.exe
- 2006-10-26 12:10:08 1,190,688 ----a-w c:\windows\system32\FM20.DLL
+ 2007-08-23 00:03:38 1,195,888 ----a-w c:\windows\system32\FM20.DLL
- 2009-01-12 15:47:54 1,710,656 ----a-w c:\windows\system32\FNTCACHE.DAT
+ 2009-02-15 22:38:45 1,710,712 ----a-w c:\windows\system32\FNTCACHE.DAT
- 2004-08-19 20:09:56 21,504 ----a-w c:\windows\system32\fontview.exe
+ 2004-08-19 20:09:56 38,400 ----a-w c:\windows\system32\fontview.exe
- 2001-08-28 18:00:00 7,168 ----a-w c:\windows\system32\forcedos.exe
+ 2001-08-28 18:00:00 24,064 ----a-w c:\windows\system32\forcedos.exe
- 2004-08-19 20:09:56 193,024 ----a-w c:\windows\system32\fsquirt.exe
+ 2004-08-19 20:09:56 209,920 ----a-w c:\windows\system32\fsquirt.exe
- 2001-08-28 18:00:00 61,952 ----a-w c:\windows\system32\fsutil.exe
+ 2001-08-28 18:00:00 78,848 ----a-w c:\windows\system32\fsutil.exe
- 2004-08-19 20:09:56 46,080 ----a-w c:\windows\system32\ftp.exe
+ 2004-08-19 20:09:56 62,976 ----a-w c:\windows\system32\ftp.exe
- 2007-07-16 14:25:32 282,112 ----a-w c:\windows\system32\gdi32.dll
+ 2008-10-23 12:51:46 284,160 ----a-w c:\windows\system32\gdi32.dll
- 2001-08-28 18:00:00 57,344 ----a-w c:\windows\system32\getmac.exe
+ 2001-08-28 18:00:00 74,240 ----a-w c:\windows\system32\getmac.exe
- 2004-08-19 20:09:56 123,392 ----a-w c:\windows\system32\gpresult.exe
+ 2004-08-19 20:09:56 140,800 ----a-w c:\windows\system32\gpresult.exe
- 2001-08-28 18:00:00 59,392 ----a-w c:\windows\system32\gpupdate.exe
+ 2001-08-28 18:00:00 76,288 ----a-w c:\windows\system32\gpupdate.exe
- 2004-08-19 20:09:56 39,424 ----a-w c:\windows\system32\grpconv.exe
+ 2004-08-19 20:09:56 56,320 ----a-w c:\windows\system32\grpconv.exe
- 2005-01-07 15:07:16 61,952 ------w c:\windows\system32\HdAShCut.exe
+ 2005-01-07 15:07:16 78,848 ------w c:\windows\system32\HdAShCut.exe
- 2001-08-28 18:00:00 16,384 ----a-w c:\windows\system32\help.exe
+ 2001-08-28 18:00:00 33,280 ----a-w c:\windows\system32\help.exe
- 2001-08-28 18:00:00 8,704 ----a-w c:\windows\system32\hostname.exe
+ 2001-08-28 18:00:00 25,600 ----a-w c:\windows\system32\hostname.exe
- 2006-10-27 00:44:04 54,784 ----a-w c:\windows\system32\ie4uinit.exe
+ 2006-10-27 00:44:04 71,680 ----a-w c:\windows\system32\ie4uinit.exe
- 2006-10-27 00:44:12 13,312 ----a-w c:\windows\system32\ieudinit.exe
+ 2006-10-27 00:44:12 30,208 ----a-w c:\windows\system32\ieudinit.exe
- 2004-08-19 20:09:56 114,688 ----a-w c:\windows\system32\iexpress.exe
+ 2004-08-19 20:09:56 131,584 ----a-w c:\windows\system32\iexpress.exe
- 2004-08-19 20:09:56 150,016 ----a-w c:\windows\system32\imapi.exe
+ 2004-08-19 20:09:56 166,912 ----a-w c:\windows\system32\imapi.exe
- 2004-08-04 02:31:56 480,256 ----a-w c:\windows\system32\IME\CINTLGNT\CINTSETP.EXE
+ 2004-08-04 02:31:56 497,152 ----a-w c:\windows\system32\IME\CINTLGNT\CINTSETP.EXE
- 2004-08-04 02:31:50 70,144 ----a-w c:\windows\system32\IME\PINTLGNT\PINTLPHR.EXE
+ 2004-08-04 02:31:50 87,552 ----a-w c:\windows\system32\IME\PINTLGNT\PINTLPHR.EXE
- 2004-08-04 02:32:16 44,032 ----a-w c:\windows\system32\IME\TINTLGNT\TINTLPHR.EXE
+ 2004-08-04 02:32:16 60,928 ----a-w c:\windows\system32\IME\TINTLGNT\TINTLPHR.EXE
- 2004-08-04 02:32:16 455,168 ----a-w c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE
+ 2004-08-04 02:32:16 472,064 ----a-w c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE
- 2007-07-16 14:25:38 683,520 ----a-w c:\windows\system32\inetcomm.dll
+ 2008-04-11 18:40:33 683,520 ----a-w c:\windows\system32\inetcomm.dll
- 2004-08-19 20:09:56 58,368 ----a-w c:\windows\system32\ipconfig.exe
+ 2004-08-19 20:09:56 75,264 ----a-w c:\windows\system32\ipconfig.exe
- 2001-08-28 18:00:00 46,080 ----a-w c:\windows\system32\ipsec6.exe
+ 2001-08-28 18:00:00 62,976 ----a-w c:\windows\system32\ipsec6.exe
- 2004-08-19 20:09:56 53,760 ----a-w c:\windows\system32\ipv6.exe
+ 2004-08-19 20:09:56 70,656 ----a-w c:\windows\system32\ipv6.exe
- 2004-08-19 20:09:56 24,576 ----a-w c:\windows\system32\ipxroute.exe
+ 2004-08-19 20:09:56 41,472 ----a-w c:\windows\system32\ipxroute.exe
- 2008-08-13 14:03:26 65,536 ----a-w c:\windows\system32\Kaspersky Lab\Kaspersky Online Scanner\kavuninstall.exe
+ 2008-08-13 14:03:26 86,016 ----a-w c:\windows\system32\Kaspersky Lab\Kaspersky Online Scanner\kavuninstall.exe
- 2008-02-19 08:35:00 425,984 ----a-w c:\windows\system32\keystone.exe
+ 2008-02-19 08:35:00 446,464 ----a-w c:\windows\system32\keystone.exe
- 2001-08-28 18:00:00 9,728 ----a-w c:\windows\system32\label.exe
+ 2001-08-28 18:00:00 26,624 ----a-w c:\windows\system32\label.exe
- 2001-08-28 18:00:00 30,208 ----a-w c:\windows\system32\lights.exe
+ 2001-08-28 18:00:00 47,104 ----a-w c:\windows\system32\lights.exe
- 2004-08-19 20:09:56 75,264 ----a-w c:\windows\system32\locator.exe
+ 2004-08-19 20:09:56 92,160 ----a-w c:\windows\system32\locator.exe
- 2001-08-28 18:00:00 5,120 ----a-w c:\windows\system32\lodctr.exe
+ 2001-08-28 18:00:00 22,016 ----a-w c:\windows\system32\lodctr.exe
- 2004-08-19 20:09:56 103,936 ----a-w c:\windows\system32\logagent.exe
+ 2008-06-10 00:31:06 120,832 ----a-w c:\windows\system32\logagent.exe
- 2001-08-28 18:00:00 15,872 ----a-w c:\windows\system32\logoff.exe
+ 2001-08-28 18:00:00 32,768 ----a-w c:\windows\system32\logoff.exe
- 2004-09-11 21:05:50 363,520 ----a-w c:\windows\system32\logon.scr
+ 2004-09-11 22:05:50 380,416 ----a-w c:\windows\system32\logon.scr
- 2007-07-15 19:27:56 6,928,384 ----a-w c:\windows\system32\logonui.exe
+ 2007-07-15 19:27:56 6,945,280 ----a-w c:\windows\system32\logonui.exe
- 2001-08-28 18:00:00 6,144 ----a-w c:\windows\system32\lpq.exe
+ 2001-08-28 18:00:00 23,040 ----a-w c:\windows\system32\lpq.exe
- 2001-08-28 18:00:00 9,216 ----a-w c:\windows\system32\lpr.exe
+ 2001-08-28 18:00:00 26,112 ----a-w c:\windows\system32\lpr.exe
+ 2008-05-16 10:58:04 12,632 ----a-w c:\windows\system32\lsdelete.exe
- 2006-06-22 10:44:14 20,480 ----a-w c:\windows\system32\Macromed\Flash\UninstFl.exe
+ 2006-06-22 10:44:14 40,960 ----a-w c:\windows\system32\Macromed\Flash\UninstFl.exe
- 2007-07-16 14:25:44 73,216 ----a-w c:\windows\system32\magnify.exe
+ 2007-07-16 14:25:44 90,624 ----a-w c:\windows\system32\magnify.exe
- 2004-08-19 20:09:56 85,504 ----a-w c:\windows\system32\makecab.exe
+ 2004-08-19 20:09:56 102,400 ----a-w c:\windows\system32\makecab.exe
- 2007-07-16 14:25:54 1,354,752 ----a-w c:\windows\system32\mmc.exe
+ 2007-07-16 14:25:54 1,372,160 ----a-w c:\windows\system32\mmc.exe
- 2007-07-16 14:25:58 33,792 ----a-w c:\windows\system32\mmcperf.exe
+ 2007-07-16 14:25:58 50,688 ----a-w c:\windows\system32\mmcperf.exe
- 2004-08-19 20:09:58 32,768 ----a-w c:\windows\system32\mnmsrvc.exe
+ 2004-08-19 20:09:58 53,248 ----a-w c:\windows\system32\mnmsrvc.exe
- 2004-08-19 20:09:58 144,384 ----a-w c:\windows\system32\mobsync.exe
+ 2004-08-19 20:09:58 161,280 ----a-w c:\windows\system32\mobsync.exe
- 2001-08-28 18:00:00 8,192 ----a-w c:\windows\system32\mountvol.exe
+ 2001-08-28 18:00:00 25,088 ----a-w c:\windows\system32\mountvol.exe
- 2001-08-28 18:00:00 22,016 ----a-w c:\windows\system32\mpnotify.exe
+ 2001-08-28 18:00:00 38,912 ----a-w c:\windows\system32\mpnotify.exe
- 2004-08-19 20:10:00 19,968 ----a-w c:\windows\system32\mqbkup.exe
+ 2004-08-19 20:10:00 37,376 ----a-w c:\windows\system32\mqbkup.exe
- 2004-08-19 20:10:00 4,608 ----a-w c:\windows\system32\mqsvc.exe
+ 2004-08-19 20:10:00 21,504 ----a-w c:\windows\system32\mqsvc.exe
- 2004-08-19 20:10:00 117,248 ----a-w c:\windows\system32\mqtgsvc.exe
+ 2004-08-19 20:10:00 134,144 ----a-w c:\windows\system32\mqtgsvc.exe
- 2001-08-28 18:00:00 14,336 ----a-w c:\windows\system32\mrinfo.exe
+ 2001-08-28 18:00:00 31,232 ----a-w c:\windows\system32\mrinfo.exe
+ 2009-02-11 19:56:18 21,244,872 ----a-w c:\windows\system32\MRT.exe
- 2007-07-16 14:26:01 73,728 ----a-w c:\windows\system32\mscms.dll
+ 2008-06-24 16:30:27 74,240 ----a-w c:\windows\system32\mscms.dll
- 2004-08-19 20:10:00 6,144 ----a-w c:\windows\system32\msdtc.exe
+ 2004-08-19 20:10:00 23,040 ----a-w c:\windows\system32\msdtc.exe
- 2006-10-17 10:58:32 12,288 ------w c:\windows\system32\msfeedssync.exe
+ 2006-10-17 10:58:32 29,184 ------w c:\windows\system32\msfeedssync.exe
- 2001-08-28 18:00:00 22,528 ----a-w c:\windows\system32\msg.exe
+ 2001-08-28 18:00:00 39,424 ----a-w c:\windows\system32\msg.exe
- 2006-10-17 10:56:10 45,568 ----a-w c:\windows\system32\mshta.exe
+ 2006-10-17 10:56:10 62,464 ----a-w c:\windows\system32\mshta.exe
- 2007-07-16 14:26:08 78,848 ----a-w c:\windows\system32\msiexec.exe
+ 2007-07-16 14:26:08 95,744 ----a-w c:\windows\system32\msiexec.exe
- 2007-07-15 21:27:56 594,944 ----a-w c:\windows\system32\mspaint.exe
+ 2007-07-15 21:27:56 611,840 ----a-w c:\windows\system32\mspaint.exe
- 2006-07-24 08:50:38 125,744 ----a-w c:\windows\system32\MSSTDFMT.DLL
+ 2000-04-03 18:05:58 118,784 ----a-w c:\windows\system32\msstdfmt.dll
- 2001-08-28 18:00:00 6,656 ----a-w c:\windows\system32\msswchx.exe
+ 2001-08-28 18:00:00 24,064 ----a-w c:\windows\system32\msswchx.exe
- 2004-08-19 20:10:00 12,288 ----a-w c:\windows\system32\mstinit.exe
+ 2004-08-19 20:10:00 29,184 ----a-w c:\windows\system32\mstinit.exe
- 2004-08-19 19:52:00 411,648 ----a-w c:\windows\system32\mstsc.exe
+ 2004-08-19 19:52:00 428,544 ----a-w c:\windows\system32\mstsc.exe
- 2004-08-19 20:09:36 247,808 ----a-w c:\windows\system32\mswsock.dll
+ 2008-06-20 17:37:01 247,808 ----a-w c:\windows\system32\mswsock.dll
- 2007-07-16 14:26:17 1,084,416 ----a-w c:\windows\system32\msxml3.dll
+ 2008-09-04 16:34:21 1,106,944 ----a-w c:\windows\system32\msxml3.dll
- 2007-07-16 14:26:18 1,245,696 ----a-w c:\windows\system32\msxml4.dll
+ 2008-09-30 15:43:34 1,286,152 ----a-w c:\windows\system32\msxml4.dll
- 2006-12-04 12:49:36 1,313,040 ----a-w c:\windows\system32\msxml6.dll
+ 2008-08-29 19:06:44 1,350,664 ----a-w c:\windows\system32\msxml6.dll
- 2007-07-15 21:27:56 49,664 ----a-w c:\windows\system32\narrator.exe
+ 2007-07-15 21:27:56 66,560 ----a-w c:\windows\system32\narrator.exe
- 2001-08-28 18:00:00 21,504 ----a-w c:\windows\system32\nbtstat.exe
+ 2001-08-28 18:00:00 38,400 ----a-w c:\windows\system32\nbtstat.exe
- 2004-08-19 20:10:00 4,096 ----a-w c:\windows\system32\nddeapir.exe
+ 2004-08-19 20:10:00 20,992 ----a-w c:\windows\system32\nddeapir.exe
- 2004-08-19 20:10:00 42,496 ----a-w c:\windows\system32\net.exe
+ 2004-08-19 20:10:00 59,392 ----a-w c:\windows\system32\net.exe
- 2004-08-19 20:10:00 124,928 ----a-w c:\windows\system32\net1.exe
+ 2004-08-19 20:10:00 141,824 ----a-w c:\windows\system32\net1.exe
- 2007-07-16 14:26:20 337,408 ----a-w c:\windows\system32\netapi32.dll
+ 2008-10-15 16:55:13 339,456 ----a-w c:\windows\system32\netapi32.dll
- 2004-08-19 20:10:00 114,176 ----a-w c:\windows\system32\netdde.exe
+ 2004-08-19 20:10:00 131,072 ----a-w c:\windows\system32\netdde.exe
- 2007-07-15 21:27:57 626,688 ----a-w c:\windows\system32\netsetup.exe
+ 2007-07-15 21:27:57 643,584 ----a-w c:\windows\system32\netsetup.exe
- 2004-08-19 20:10:00 88,576 ----a-w c:\windows\system32\netsh.exe
+ 2004-08-19 20:10:00 105,472 ----a-w c:\windows\system32\netsh.exe
- 2004-08-19 20:10:00 37,888 ----a-w c:\windows\system32\netstat.exe
+ 2004-08-19 20:10:00 54,784 ----a-w c:\windows\system32\netstat.exe
- 2007-07-15 21:27:58 749,568 ----a-w c:\windows\system32\notepad.exe
+ 2007-07-15 21:27:58 770,048 ----a-w c:\windows\system32\notepad.exe
- 2004-08-19 20:10:00 15,360 ----a-w c:\windows\system32\npp\nppagent.exe
+ 2004-08-19 20:10:00 32,768 ----a-w c:\windows\system32\npp\nppagent.exe
- 2004-08-19 20:10:00 79,360 ----a-w c:\windows\system32\nslookup.exe
+ 2004-08-19 20:10:00 96,256 ----a-w c:\windows\system32\nslookup.exe
- 2007-07-05 16:34:59 2,293,248 ----a-w c:\windows\system32\ntkrnlmp.exe
+ 2007-07-05 17:34:59 2,293,248 ----a-w c:\windows\system32\ntkrnlmp.exe
- 2007-07-21 14:34:24 2,019,328 ----a-w c:\windows\system32\ntkrnlpa.exe
+ 2008-08-14 13:39:03 2,022,912 ----a-w c:\windows\system32\ntkrnlpa.exe
- 2007-07-16 14:26:26 2,139,648 ----a-w c:\windows\system32\ntoskrnl.exe
+ 2008-08-14 13:39:07 2,144,768 ----a-w c:\windows\system32\ntoskrnl.exe
- 2001-08-28 18:00:00 31,744 ----a-w c:\windows\system32\ntsd.exe
+ 2001-08-28 18:00:00 48,640 ----a-w c:\windows\system32\ntsd.exe
- 2004-08-19 20:10:00 420,864 ----a-w c:\windows\system32\ntvdm.exe
+ 2004-08-19 20:10:00 437,760 ----a-w c:\windows\system32\ntvdm.exe
- 2008-02-19 08:35:00 147,456 ----a-w c:\windows\system32\nvcolor.exe
+ 2008-02-19 08:35:00 167,936 ----a-w c:\windows\system32\nvcolor.exe
- 2008-02-19 08:35:00 1,339,392 ----a-w c:\windows\system32\nvdspsch.exe
+ 2008-02-19 08:35:00 1,359,872 ----a-w c:\windows\system32\nvdspsch.exe
- 2008-02-19 08:35:00 155,716 ----a-w c:\windows\system32\nvsvc32.exe
+ 2008-02-19 08:35:00 176,196 ----a-w c:\windows\system32\nvsvc32.exe
- 2008-02-19 08:35:00 360,448 ----a-w c:\windows\system32\nvudisp.exe
+ 2008-02-19 08:35:00 380,928 ----a-w c:\windows\system32\nvudisp.exe
- 2008-02-19 08:35:00 1,626,112 ----a-w c:\windows\system32\nwiz.exe
+ 2008-02-19 08:35:00 1,646,592 ----a-w c:\windows\system32\nwiz.exe
- 2001-08-28 18:00:00 129,024 ----a-w c:\windows\system32\nwscript.exe
+ 2001-08-28 18:00:00 145,920 ----a-w c:\windows\system32\nwscript.exe
- 2004-08-19 20:10:00 32,768 ----a-w c:\windows\system32\odbcad32.exe
+ 2004-08-19 20:10:00 53,248 ----a-w c:\windows\system32\odbcad32.exe
- 2004-08-19 20:10:00 69,632 ----a-w c:\windows\system32\odbcconf.exe
+ 2004-08-19 20:10:00 90,112 ----a-w c:\windows\system32\odbcconf.exe
- 2001-08-28 18:00:00 28,160 ----a-w c:\windows\system32\oobe\msoobe.exe
+ 2001-08-28 18:00:00 45,056 ----a-w c:\windows\system32\oobe\msoobe.exe
- 2004-08-19 20:10:00 71,680 ----a-w c:\windows\system32\openfiles.exe
+ 2004-08-19 20:10:00 88,576 ----a-w c:\windows\system32\openfiles.exe
- 2007-07-16 14:26:33 216,576 ----a-w c:\windows\system32\osk.exe
+ 2007-07-16 14:26:33 233,472 ----a-w c:\windows\system32\osk.exe
- 2001-08-28 18:00:00 41,984 ----a-w c:\windows\system32\osuninst.exe
+ 2001-08-28 18:00:00 58,880 ----a-w c:\windows\system32\osuninst.exe
- 2004-08-19 20:10:02 59,904 ----a-w c:\windows\system32\packager.exe
+ 2004-08-19 20:10:02 76,800 ----a-w c:\windows\system32\packager.exe
- 2001-08-28 18:00:00 22,528 ----a-w c:\windows\system32\pathping.exe
+ 2001-08-28 18:00:00 39,424 ----a-w c:\windows\system32\pathping.exe
- 2008-11-28 22:59:25 67,356 ----a-w c:\windows\system32\perfc009.dat
+ 2009-02-14 18:13:56 67,356 ----a-w c:\windows\system32\perfc009.dat
- 2008-11-28 22:59:25 80,146 ----a-w c:\windows\system32\perfc00C.dat
+ 2009-02-14 18:13:56 80,146 ----a-w c:\windows\system32\perfc00C.dat
- 2008-11-28 22:59:25 430,632 ----a-w c:\windows\system32\perfh009.dat
+ 2009-02-14 18:13:56 430,632 ----a-w c:\windows\system32\perfh009.dat
- 2008-11-28 22:59:25 497,824 ----a-w c:\windows\system32\perfh00C.dat
+ 2009-02-14 18:13:56 497,824 ----a-w c:\windows\system32\perfh00C.dat
- 2004-08-19 20:10:02 15,872 ----a-w c:\windows\system32\perfmon.exe
+ 2004-08-19 20:10:02 32,768 ----a-w c:\windows\system32\perfmon.exe
- 2004-08-19 20:10:02 19,456 ----a-w c:\windows\system32\ping.exe
+ 2004-08-19 20:10:02 36,352 ----a-w c:\windows\system32\ping.exe
- 2001-08-28 18:00:00 34,304 ----a-w c:\windows\system32\ping6.exe
+ 2001-08-28 18:00:00 51,200 ----a-w c:\windows\system32\ping6.exe
- 2007-07-16 14:26:36 86,016 ----a-w c:\windows\system32\pintool.exe
+ 2007-07-16 14:26:36 103,936 ----a-w c:\windows\system32\pintool.exe
- 2004-08-19 20:10:02 49,152 ----a-w c:\windows\system32\powercfg.exe
+ 2004-08-19 20:10:02 66,560 ----a-w c:\windows\system32\powercfg.exe
- 2001-08-28 18:00:00 9,216 ----a-w c:\windows\system32\print.exe
+ 2001-08-28 18:00:00 26,112 ----a-w c:\windows\system32\print.exe
- 2004-08-19 20:10:02 109,568 ----a-w c:\windows\system32\progman.exe
+ 2004-08-19 20:10:02 126,976 ----a-w c:\windows\system32\progman.exe
- 2004-08-19 20:10:04 50,688 ----a-w c:\windows\system32\proquota.exe
+ 2004-08-19 20:10:04 67,584 ----a-w c:\windows\system32\proquota.exe
- 2004-08-19 20:10:04 9,728 ----a-w c:\windows\system32\proxycfg.exe
+ 2004-08-19 20:10:04 26,624 ----a-w c:\windows\system32\proxycfg.exe
- 2007-07-16 14:26:37 35,840 ----a-w c:\windows\system32\qfecheck.exe
+ 2007-07-16 14:26:37 52,736 ----a-w c:\windows\system32\qfecheck.exe
- 2004-08-19 20:10:04 20,992 ----a-w c:\windows\system32\qprocess.exe
+ 2004-08-19 20:10:04 37,888 ----a-w c:\windows\system32\qprocess.exe
- 2007-07-16 14:26:39 1,293,824 ----a-w c:\windows\system32\quartz.dll
+ 2008-05-07 04:55:47 1,294,336 ----a-w c:\windows\system32\quartz.dll
- 2003-12-13 21:17:18 421,888 ----a-w c:\windows\system32\QuickTime\QTPluginInstaller.exe
+ 2003-12-13 21:17:18 442,368 ----a-w c:\windows\system32\QuickTime\QTPluginInstaller.exe
- 2004-01-30 10:06:24 70,144 ----a-w c:\windows\system32\QuickTime\QuickTimeUpdateHelper.exe
+ 2004-01-30 10:06:24 90,624 ----a-w c:\windows\system32\QuickTime\QuickTimeUpdateHelper.exe
- 2001-08-28 18:00:00 11,776 ----a-w c:\windows\system32\rasautou.exe
+ 2001-08-28 18:00:00 28,672 ----a-w c:\windows\system32\rasautou.exe
- 2001-08-28 18:00:00 11,776 ----a-w c:\windows\system32\rasdial.exe
+ 2001-08-28 18:00:00 28,672 ----a-w c:\windows\system32\rasdial.exe
- 2004-08-19 20:10:04 35,840 ----a-w c:\windows\system32\rcimlby.exe
+ 2004-08-19 20:10:04 52,736 ----a-w c:\windows\system32\rcimlby.exe
- 2004-08-19 20:10:04 23,040 ----a-w c:\windows\system32\rcp.exe
+ 2004-08-19 20:10:04 39,936 ----a-w c:\windows\system32\rcp.exe
- 2004-08-19 20:10:04 62,464 ----a-w c:\windows\system32\rdpclip.exe
+ 2004-08-19 20:10:04 79,360 ----a-w c:\windows\system32\rdpclip.exe
- 2004-08-19 20:10:04 13,824 ----a-w c:\windows\system32\rdsaddin.exe
+ 2004-08-19 20:10:04 30,720 ----a-w c:\windows\system32\rdsaddin.exe
- 2004-08-19 20:10:04 67,072 ----a-w c:\windows\system32\rdshost.exe
+ 2004-08-19 20:10:04 83,968 ----a-w c:\windows\system32\rdshost.exe
- 2001-08-28 18:00:00 7,168 ----a-w c:\windows\system32\recover.exe
+ 2001-08-28 18:00:00 24,064 ----a-w c:\windows\system32\recover.exe
- 2004-08-19 20:10:04 53,248 ----a-w c:\windows\system32\reg.exe
+ 2004-08-19 20:10:04 70,144 ----a-w c:\windows\system32\reg.exe
- 2001-08-28 18:00:00 3,584 ----a-w c:\windows\system32\regedt32.exe
+ 2001-08-28 18:00:00 20,992 ----a-w c:\windows\system32\regedt32.exe
- 2001-08-28 18:00:00 33,792 ----a-w c:\windows\system32\regini.exe
+ 2001-08-28 18:00:00 50,688 ----a-w c:\windows\system32\regini.exe
- 2004-08-19 20:10:04 12,288 ----a-w c:\windows\system32\regsvr32.exe
+ 2004-08-19 20:10:04 29,184 ----a-w c:\windows\system32\regsvr32.exe
- 2001-08-28 18:00:00 4,608 ----a-w c:\windows\system32\regwiz.exe
+ 2001-08-28 18:00:00 21,504 ----a-w c:\windows\system32\regwiz.exe
- 2006-05-04 14:26:36 2,808,832 ----a-w c:\windows\system32\ReinstallBackups\[u]0/u003\DriverFiles\ALCWZRD.EXE
+ 2006-05-04 14:26:36 2,827,776 ----a-w c:\windows\system32\ReinstallBackups\[u]0/u003\DriverFiles\ALCWZRD.EXE
- 2007-06-28 14:44:14 2,165,760 ----a-w c:\windows\system32\ReinstallBackups\[u]0/u003\DriverFiles\MicCal.exe
+ 2007-06-28 14:44:14 2,183,680 ----a-w c:\windows\system32\ReinstallBackups\[u]0/u003\DriverFiles\MicCal.exe
- 2008-04-10 14:52:10 16,861,184 ----a-w c:\windows\system32\ReinstallBackups\[u]0/u003\DriverFiles\RTHDCPL.EXE
+ 2008-04-10 14:52:10 16,879,104 ----a-w c:\windows\system32\ReinstallBackups\[u]0/u003\DriverFiles\RTHDCPL.EXE
- 2007-03-23 17:19:10 9,715,200 ----a-w c:\windows\system32\ReinstallBackups\[u]0/u003\DriverFiles\RTLCPL.EXE
+ 2007-03-23 17:19:10 9,733,632 ----a-w c:\windows\system32\ReinstallBackups\[u]0/u003\DriverFiles\RTLCPL.EXE
- 2008-04-02 07:27:26 1,196,032 ----a-w c:\windows\system32\ReinstallBackups\[u]0/u003\DriverFiles\RtlUpd.exe
+ 2008-04-02 07:27:26 1,216,512 ----a-w c:\windows\system32\ReinstallBackups\[u]0/u003\DriverFiles\RtlUpd.exe
- 2007-11-20 16:15:58 1,826,816 ----a-w c:\windows\system32\ReinstallBackups\[u]0/u003\DriverFiles\SkyTel.exe
+ 2007-11-20 16:15:58 1,847,296 ----a-w c:\windows\system32\ReinstallBackups\[u]0/u003\DriverFiles\SkyTel.exe
- 2006-07-21 14:14:36 86,016 ----a-w c:\windows\system32\ReinstallBackups\[u]0/u003\DriverFiles\SOUNDMAN.EXE
+ 2006-07-21 14:14:36 106,496 ----a-w c:\windows\system32\ReinstallBackups\[u]0/u003\DriverFiles\SOUNDMAN.EXE
- 2001-08-28 18:00:00 33,792 ----a-w c:\windows\system32\relog.exe
+ 2001-08-28 18:00:00 50,688 ----a-w c:\windows\system32\relog.exe
- 2001-08-28 18:00:00 12,800 ----a-w c:\windows\system32\replace.exe
+ 2001-08-28 18:00:00 30,208 ----a-w c:\windows\system32\replace.exe
- 2001-08-28 18:00:00 10,240 ----a-w c:\windows\system32\reset.exe
+ 2001-08-28 18:00:00 27,136 ----a-w c:\windows\system32\reset.exe
- 2004-08-19 20:10:04 384,512 ----a-w c:\windows\system32\Restore\rstrui.exe
+ 2004-08-19 20:10:04 401,408 ----a-w c:\windows\system32\Restore\rstrui.exe
- 2001-08-28 18:00:00 47,104 ----a-w c:\windows\system32\Restore\srdiag.exe
+ 2001-08-28 18:00:00 64,000 ----a-w c:\windows\system32\Restore\srdiag.exe
- 2004-08-19 20:10:04 14,848 ----a-w c:\windows\system32\rexec.exe
+ 2004-08-19 20:10:04 31,744 ----a-w c:\windows\system32\rexec.exe
- 2001-08-28 18:00:00 21,504 ----a-w c:\windows\system32\route.exe
+ 2001-08-28 18:00:00 38,912 ----a-w c:\windows\system32\route.exe
- 2004-08-19 20:10:04 15,872 ----a-w c:\windows\system32\rsh.exe
+ 2004-08-19 20:10:04 32,768 ----a-w c:\windows\system32\rsh.exe
- 2001-08-28 18:00:00 53,248 ----a-w c:\windows\system32\rsm.exe
+ 2001-08-28 18:00:00 70,144 ----a-w c:\windows\system32\rsm.exe
- 2001-08-28 18:00:00 49,664 ----a-w c:\windows\system32\rsmui.exe
+ 2001-08-28 18:00:00 66,560 ----a-w c:\windows\system32\rsmui.exe
- 2004-08-19 20:10:04 107,520 ----a-w c:\windows\system32\rsnotify.exe
+ 2004-08-19 20:10:04 124,416 ----a-w c:\windows\system32\rsnotify.exe
- 2001-08-28 18:00:00 62,976 ----a-w c:\windows\system32\rsopprov.exe
+ 2001-08-28 18:00:00 79,872 ----a-w c:\windows\system32\rsopprov.exe
- 2001-08-28 18:00:00 132,608 ----a-w c:\windows\system32\rsvp.exe
+ 2001-08-28 18:00:00 149,504 ----a-w c:\windows\system32\rsvp.exe
- 2004-08-19 20:10:04 78,336 ----a-w c:\windows\system32\rtcshare.exe
+ 2004-08-19 20:10:04 95,744 ----a-w c:\windows\system32\rtcshare.exe
- 2001-08-28 18:00:00 17,408 ----a-w c:\windows\system32\runas.exe
+ 2001-08-28 18:00:00 34,816 ----a-w c:\windows\system32\runas.exe
- 2004-08-19 20:10:04 33,792 ----a-w c:\windows\system32\rundll32.exe
+ 2004-08-19 20:10:04 50,688 ----a-w c:\windows\system32\rundll32.exe
- 2004-08-19 20:10:04 14,336 ----a-w c:\windows\system32\runonce.exe
+ 2004-08-19 20:10:04 31,232 ----a-w c:\windows\system32\runonce.exe
- 2001-08-28 18:00:00 16,384 ----a-w c:\windows\system32\rwinsta.exe
+ 2001-08-28 18:00:00 33,280 ----a-w c:\windows\system32\rwinsta.exe
- 2004-08-19 20:10:04 13,824 ----a-w c:\windows\system32\savedump.exe
+ 2004-08-19 20:10:04 30,720 ----a-w c:\windows\system32\savedump.exe
- 2001-08-28 18:00:00 31,232 ----a-w c:\windows\system32\sc.exe
+ 2001-08-28 18:00:00 48,128 ----a-w c:\windows\system32\sc.exe
- 2004-08-19 20:10:04 100,352 ----a-w c:\windows\system32\scardsvr.exe
+ 2004-08-19 20:10:04 117,248 ----a-w c:\windows\system32\scardsvr.exe
- 2004-08-19 20:10:04 78,848 ----a-w c:\windows\system32\sdbinst.exe
+ 2004-08-19 20:10:04 95,744 ----a-w c:\windows\system32\sdbinst.exe
- 2004-08-19 20:10:04 19,456 ----a-w c:\windows\system32\secedit.exe
+ 2004-08-19 20:10:04 36,352 ----a-w c:\windows\system32\secedit.exe
- 2004-08-19 20:10:04 142,336 ----a-w c:\windows\system32\sessmgr.exe
+ 2004-08-19 20:10:04 159,232 ----a-w c:\windows\system32\sessmgr.exe
- 2004-08-19 20:10:04 32,768 ----a-w c:\windows\system32\sethc.exe
+ 2004-08-19 20:10:04 49,664 ----a-w c:\windows\system32\sethc.exe
- 2004-08-19 20:10:04 23,040 ----a-w c:\windows\system32\setup.exe
+ 2004-08-19 20:10:04 39,936 ----a-w c:\windows\system32\setup.exe
- 2001-08-28 18:00:00 10,240 ----a-w c:\windows\system32\sfc.exe
+ 2001-08-28 18:00:00 27,136 ----a-w c:\windows\system32\sfc.exe
- 2001-08-28 18:00:00 15,360 ----a-w c:\windows\system32\shadow.exe
+ 2001-08-28 18:00:00 32,256 ----a-w c:\windows\system32\shadow.exe
- 2004-08-19 20:10:04 42,496 ----a-w c:\windows\system32\shmgrate.exe
+ 2004-08-19 20:10:04 59,392 ----a-w c:\windows\system32\shmgrate.exe
- 2004-08-19 20:10:04 78,848 ----a-w c:\windows\system32\shrpubw.exe
+ 2004-08-19 20:10:04 95,744 ----a-w c:\windows\system32\shrpubw.exe
- 2004-08-19 20:10:04 20,480 ----a-w c:\windows\system32\shutdown.exe
+ 2004-08-19 20:10:04 37,376 ----a-w c:\windows\system32\shutdown.exe
- 2004-08-19 20:10:04 71,168 ----a-w c:\windows\system32\sigverif.exe
+ 2004-08-19 20:10:04 88,064 ----a-w c:\windows\system32\sigverif.exe
- 2004-08-19 20:10:04 26,112 ----a-w c:\windows\system32\skeys.exe
+ 2004-08-19 20:10:04 43,008 ----a-w c:\windows\system32\skeys.exe
- 2004-08-19 20:10:04 8,192 ----a-w c:\windows\system32\smbinst.exe
+ 2004-08-19 20:10:04 25,088 ----a-w c:\windows\system32\smbinst.exe
- 2004-08-19 20:10:04 93,184 ----a-w c:\windows\system32\smlogsvc.exe
+ 2004-08-19 20:10:04 110,080 ----a-w c:\windows\system32\smlogsvc.exe
- 2007-07-15 21:27:58 418,304 ----a-w c:\windows\system32\sndvol32.exe
+ 2007-07-15 21:27:58 435,200 ----a-w c:\windows\system32\sndvol32.exe
+ 2008-10-16 13:08:58 34,328 ----a-w c:\windows\system32\SoftwareDistribution\Setup\ServiceStartup\wups.dll\7.2.6001.788\wups.dll
+ 2008-10-16 13:09:44 43,544 ----a-w c:\windows\system32\SoftwareDistribution\Setup\ServiceStartup\wups2.dll\7.2.6001.788\wups2.dll
- 2001-08-28 18:00:00 25,088 ----a-w c:\windows\system32\sort.exe
+ 2001-08-28 18:00:00 41,984 ----a-w c:\windows\system32\sort.exe
- 2004-08-04 02:59:36 12,800 ----a-w c:\windows\system32\spiisupd.exe
+ 2004-08-04 02:59:36 29,696 ----a-w c:\windows\system32\spiisupd.exe
- 2006-10-16 15:10:58 14,640 ------w c:\windows\system32\spmsg.dll
+ 2007-11-30 11:19:06 18,296 ------w c:\windows\system32\spmsg.dll
- 2004-08-19 20:10:04 11,776 ----a-w c:\windows\system32\spnpinst.exe
+ 2004-08-19 20:10:04 28,672 ----a-w c:\windows\system32\spnpinst.exe
+ 2006-10-22 22:37:38 24,456 ----a-w c:\windows\system32\spool\drivers\w32x86\3\ADREGP.DLL
+ 2006-10-22 22:37:52 190,072 ----a-w c:\windows\system32\spool\drivers\w32x86\3\ADUIGP.DLL
+ 2003-05-05 15:47:20 131,072 ----a-w c:\windows\system32\spool\drivers\w32x86\3\Ps5ui.dll
+ 2003-05-05 15:47:20 455,168 ----a-w c:\windows\system32\spool\drivers\w32x86\3\PSCRIPT5.DLL
+ 2006-10-22 22:37:38 24,456 ----a-w c:\windows\system32\spool\drivers\w32x86\ADReGP.dll
+ 2006-10-22 22:37:52 190,072 ----a-w c:\windows\system32\spool\drivers\w32x86\ADUIGP.DLL
+ 2003-05-05 15:47:20 131,072 ----a-w c:\windows\system32\spool\drivers\w32x86\ps5ui.dll
+ 2003-05-05 15:47:20 455,168 ----a-w c:\windows\system32\spool\drivers\w32x86\PSCRIPT5.DLL
- 2006-10-14 15:44:44 671,744 ------w c:\windows\system32\spool\prtprocs\w32x86\PrintFilterPipelineSvc.exe
+ 2006-10-14 15:44:44 688,640 ------w c:\windows\system32\spool\prtprocs\w32x86\PrintFilterPipelineSvc.exe
- 2004-08-19 20:10:08 47,104 ----a-w c:\windows\system32\ssmypics.scr
+ 2004-08-19 20:10:08 64,000 ----a-w c:\windows\system32\ssmypics.scr
+ 2004-04-25 18:39:52 53,248 ----a-w c:\windows\system32\SSubTmr6.dll
- 2004-08-19 20:10:04 14,848 ----a-w c:\windows\system32\stimon.exe
+ 2004-08-19 20:10:04 31,744 ----a-w c:\windows\system32\stimon.exe
- 2007-07-16 14:27:06 246,814 ----a-w c:\windows\system32\strmdll.dll
+ 2008-10-03 10:17:02 247,326 ----a-w c:\windows\system32\strmdll.dll
- 2001-08-28 18:00:00 9,216 ----a-w c:\windows\system32\subst.exe
+ 2001-08-28 18:00:00 26,112 ----a-w c:\windows\system32\subst.exe
- 2001-08-28 18:00:00 51,200 ----a-w c:\windows\system32\syncapp.exe
+ 2001-08-28 18:00:00 68,096 ----a-w c:\windows\system32\syncapp.exe
- 2001-08-28 18:00:00 37,888 ----a-w c:\windows\system32\syskey.exe
+ 2001-08-28 18:00:00 54,784 ----a-w c:\windows\system32\syskey.exe
- 2007-07-15 21:27:59 408,064 ----a-w c:\windows\system32\sysocmgr.exe
+ 2007-07-15 21:27:59 425,472 ----a-w c:\windows\system32\sysocmgr.exe
- 2001-08-28 18:00:00 70,656 ----a-w c:\windows\system32\systeminfo.exe
+ 2001-08-28 18:00:00 87,552 ----a-w c:\windows\system32\systeminfo.exe
- 2001-08-28 18:00:00 3,072 ----a-w c:\windows\system32\systray.exe
+ 2001-08-28 18:00:00 19,968 ----a-w c:\windows\system32\systray.exe
- 2001-08-28 18:00:00 74,240 ----a-w c:\windows\system32\taskkill.exe
+ 2001-08-28 18:00:00 91,136 ----a-w c:\windows\system32\taskkill.exe
- 2001-08-28 18:00:00 74,240 ----a-w c:\windows\system32\tasklist.exe
+ 2001-08-28 18:00:00 91,136 ----a-w c:\windows\system32\tasklist.exe
- 2001-08-28 18:00:00 15,872 ----a-w c:\windows\system32\taskman.exe
+ 2001-08-28 18:00:00 32,768 ----a-w c:\windows\system32\taskman.exe
- 2007-07-15 21:27:59 604,672 ----a-w c:\windows\system32\taskmgr.exe
+ 2007-07-15 21:27:59 621,568 ----a-w c:\windows\system32\taskmgr.exe
- 2001-08-28 18:00:00 13,312 ----a-w c:\windows\system32\tcmsetup.exe
+ 2001-08-28 18:00:00 30,208 ----a-w c:\windows\system32\tcmsetup.exe
- 2001-08-28 18:00:00 19,456 ----a-w c:\windows\system32\tcpsvcs.exe
+ 2001-08-28 18:00:00 36,352 ----a-w c:\windows\system32\tcpsvcs.exe
- 2005-05-11 04:33:20 78,336 ----a-w c:\windows\system32\telnet.exe
+ 2005-05-11 04:33:20 95,232 ----a-w c:\windows\system32\telnet.exe
- 2001-08-28 18:00:00 17,920 ----a-w c:\windows\system32\tftp.exe
+ 2001-08-28 18:00:00 34,816 ----a-w c:\windows\system32\tftp.exe
- 2004-08-19 20:10:04 63,488 ----a-w c:\windows\system32\tlntadmn.exe
+ 2004-08-19 20:10:04 80,384 ----a-w c:\windows\system32\tlntadmn.exe
- 2004-08-19 20:10:04 80,384 ----a-w c:\windows\system32\tlntsess.exe
+ 2004-08-19 20:10:04 97,280 ----a-w c:\windows\system32\tlntsess.exe
- 2004-08-19 20:10:04 75,264 ----a-w c:\windows\system32\tlntsvr.exe
+ 2004-08-19 20:10:04 92,160 ----a-w c:\windows\system32\tlntsvr.exe
- 2004-08-19 20:10:04 260,096 ----a-w c:\windows\system32\tracerpt.exe
+ 2004-08-19 20:10:04 277,504 ----a-w c:\windows\system32\tracerpt.exe
- 2004-08-19 20:10:04 13,312 ----a-w c:\windows\system32\tracert.exe
+ 2004-08-19 20:10:04 30,208 ----a-w c:\windows\system32\tracert.exe
- 2001-08-28 18:00:00 32,256 ----a-w c:\windows\system32\tracert6.exe
+ 2001-08-28 18:00:00 49,152 ----a-w c:\windows\system32\tracert6.exe
- 2001-08-28 18:00:00 15,360 ----a-w c:\windows\system32\tscon.exe
+ 2001-08-28 18:00:00 32,256 ----a-w c:\windows\system32\tscon.exe
- 2004-08-19 19:52:06 44,544 ----a-w c:\windows\system32\tscupgrd.exe
+ 2004-08-19 19:52:06 61,440 ----a-w c:\windows\system32\tscupgrd.exe
- 2001-08-28 18:00:00 14,848 ----a-w c:\windows\system32\tsdiscon.exe
+ 2001-08-28 18:00:00 31,744 ----a-w c:\windows\system32\tsdiscon.exe
- 2001-08-28 18:00:00 16,896 ----a-w c:\windows\system32\tskill.exe
+ 2001-08-28 18:00:00 33,792 ----a-w c:\windows\system32\tskill.exe
- 2001-08-28 18:00:00 17,408 ----a-w c:\windows\system32\tsshutdn.exe
+ 2001-08-28 18:00:00 34,816 ----a-w c:\windows\system32\tsshutdn.exe
- 2007-04-03 03:31:38 77,312 ----a-w c:\windows\system32\TWAIN_32.DLL
+ 2007-04-03 04:31:38 77,312 ----a-w c:\windows\system32\TWAIN_32.DLL
- 2007-04-03 03:31:38 48,560 ----a-w c:\windows\system32\TWUNK_16.EXE
+ 2007-04-03 04:31:38 48,560 ----a-w c:\windows\system32\TWUNK_16.EXE
- 2007-04-03 03:31:38 69,632 ----a-w c:\windows\system32\TWUNK_32.EXE
+ 2007-04-03 04:31:38 86,528 ----a-w c:\windows\system32\TWUNK_32.EXE
+ 2004-04-08 10:50:06 360,960 ----a-w c:\windows\system32\txp4lib.dll
+ 2004-09-28 02:00:00 45,056 ----a-w c:\windows\system32\TXPstart.exe
- 2001-08-28 18:00:00 37,376 ----a-w c:\windows\system32\typeperf.exe
+ 2001-08-28 18:00:00 54,272 ----a-w c:\windows\system32\typeperf.exe
- 2007-01-29 08:58:06 60,416 ------w c:\windows\system32\tzchange.exe
+ 2007-01-29 08:58:06 77,824 ------w c:\windows\system32\tzchange.exe
- 2001-08-28 18:00:00 4,096 ----a-w c:\windows\system32\unlodctr.exe
+ 2001-08-28 18:00:00 20,992 ----a-w c:\windows\system32\unlodctr.exe
- 2004-08-19 20:10:04 16,896 ----a-w c:\windows\system32\upnpcont.exe
+ 2004-08-19 20:10:04 33,792 ----a-w c:\windows\system32\upnpcont.exe
- 2004-08-19 20:10:04 18,432 ----a-w c:\windows\system32\ups.exe
+ 2004-08-19 20:10:04 35,328 ----a-w c:\windows\system32\ups.exe
- 2007-07-16 14:25:50 103,936 ----a-w c:\windows\system32\usmt\migload.exe
+ 2007-07-16 14:25:50 121,344 ----a-w c:\windows\system32\usmt\migload.exe
- 2007-07-16 14:25:50 251,904 ----a-w c:\windows\system32\usmt\migwiz.exe
+ 2007-07-16 14:25:50 268,800 ----a-w c:\windows\system32\usmt\migwiz.exe
- 2004-08-19 20:09:56 242,688 ----a-w c:\windows\system32\usmt\migwiz_a.exe
+ 2004-08-19 20:09:56 259,584 ----a-w c:\windows\system32\usmt\migwiz_a.exe
- 2007-07-16 14:25:51 247,808 ----a-w c:\windows\system32\usmt\migwiza.exe
+ 2007-07-16 14:25:51 264,704 ----a-w c:\windows\system32\usmt\migwiza.exe
- 2007-07-21 14:34:24 77,891 ----a-w c:\windows\system32\usrmlnka.exe
+ 2007-07-21 14:34:24 98,371 ----a-w c:\windows\system32\usrmlnka.exe
- 2007-07-21 14:34:24 61,508 ----a-w c:\windows\system32\usrprbda.exe
+ 2007-07-21 14:34:24 81,988 ----a-w c:\windows\system32\usrprbda.exe
- 2007-07-21 14:34:24 69,700 ----a-w c:\windows\system32\usrshuta.exe
+ 2007-07-21 14:34:24 90,180 ----a-w c:\windows\system32\usrshuta.exe
- 2007-07-16 14:27:25 50,176 ----a-w c:\windows\system32\utilman.exe
+ 2007-07-16 14:27:25 67,072 ----a-w c:\windows\system32\utilman.exe
- 2002-10-06 17:37:26 119,568 ----a-w c:\windows\system32\VB6FR.DLL
+ 2008-06-04 16:42:54 119,568 ------w c:\windows\system32\VB6FR.DLL
- 2007-07-16 14:27:27 28,672 ----a-w c:\windows\system32\verclsid.exe
+ 2007-07-16 14:27:27 45,568 ----a-w c:\windows\system32\verclsid.exe
- 2001-08-28 18:00:00 102,912 ----a-w c:\windows\system32\verifier.exe
+ 2001-08-28 18:00:00 119,808 ----a-w c:\windows\system32\verifier.exe
- 2001-08-28 18:00:00 34,304 ----a-w c:\windows\system32\vssadmin.exe
+ 2001-08-28 18:00:00 51,200 ----a-w c:\windows\system32\vssadmin.exe
- 2004-08-19 20:10:04 295,424 ----a-w c:\windows\system32\vssvc.exe
+ 2004-08-19 20:10:04 312,832 ----a-w c:\windows\system32\vssvc.exe
- 2001-08-28 18:00:00 51,712 ----a-w c:\windows\system32\w32tm.exe
+ 2001-08-28 18:00:00 68,608 ----a-w c:\windows\system32\w32tm.exe
- 2004-08-19 20:09:58 16,896 ----a-w c:\windows\system32\wbem\mofcomp.exe
+ 2004-08-19 20:09:58 33,792 ----a-w c:\windows\system32\wbem\mofcomp.exe
- 2004-08-19 20:10:04 36,864 ----a-w c:\windows\system32\wbem\scrcons.exe
+ 2004-08-19 20:10:04 53,760 ----a-w c:\windows\system32\wbem\scrcons.exe
- 2001-08-28 18:00:00 16,896 ----a-w c:\windows\system32\wbem\unsecapp.exe
+ 2001-08-28 18:00:00 33,792 ----a-w c:\windows\system32\wbem\unsecapp.exe
- 2001-08-28 18:00:00 14,336 ----a-w c:\windows\system32\wbem\winmgmt.exe
+ 2001-08-28 18:00:00 31,232 ----a-w c:\windows\system32\wbem\winmgmt.exe
- 2004-08-19 20:10:06 126,464 ----a-w c:\windows\system32\wbem\wmiapsrv.exe
+ 2004-08-19 20:10:06 143,360 ----a-w c:\windows\system32\wbem\wmiapsrv.exe
- 2004-08-19 20:10:06 369,664 ----a-w c:\windows\system32\wbem\wmic.exe
+ 2004-08-19 20:10:06 387,072 ----a-w c:\windows\system32\wbem\wmic.exe
- 2004-08-19 20:10:06 218,112 ----a-w c:\windows\system32\wbem\wmiprvse.exe
+ 2004-08-19 20:10:06 235,520 ----a-w c:\windows\system32\wbem\wmiprvse.exe
- 2004-08-19 20:10:06 66,560 ----a-w c:\windows\system32\wextract.exe
+ 2004-08-19 20:10:06 83,456 ----a-w c:\windows\system32\wextract.exe
- 2007-07-15 21:28:01 1,918,464 ----a-w c:\windows\system32\wiaacmgr.exe
+ 2007-07-15 21:28:01 1,935,872 ----a-w c:\windows\system32\wiaacmgr.exe
- 2007-07-16 14:27:35 1,844,096 ----a-w c:\windows\system32\win32k.sys
+ 2008-09-15 15:14:42 1,847,040 ----a-w c:\windows\system32\win32k.sys
- 2006-10-17 11:05:58 206,336 ------w c:\windows\system32\WinFXDocObj.exe
+ 2006-10-17 11:05:58 223,744 ------w c:\windows\system32\WinFXDocObj.exe
- 2001-08-28 18:00:00 8,192 ----a-w c:\windows\system32\winhlp32.exe
+ 2001-08-28 18:00:00 25,088 ----a-w c:\windows\system32\winhlp32.exe
- 2001-08-28 18:00:00 11,776 ----a-w c:\windows\system32\winmsd.exe
+ 2001-08-28 18:00:00 28,672 ----a-w c:\windows\system32\winmsd.exe
- 2004-08-19 20:10:06 5,632 ----a-w c:\windows\system32\winver.exe
+ 2004-08-19 20:10:06 22,528 ----a-w c:\windows\system32\winver.exe
- 2006-10-26 11:45:04 293,376 ----a-w c:\windows\system32\WISPTIS.EXE
+ 2006-10-26 11:45:04 310,272 ----a-w c:\windows\system32\WISPTIS.EXE
- 2002-12-11 15:23:58 981,504 ----a-w c:\windows\system32\wmnetmgr.dll
+ 2008-06-10 17:18:18 1,053,696 ----a-w c:\windows\system32\WMNetmgr.dll
- 2002-12-11 17:02:38 2,058,888 ----a-w c:\windows\system32\wmvcore.dll
+ 2008-11-07 17:32:20 2,109,440 ----a-w c:\windows\system32\WMVCore.dll
- 2004-08-19 20:10:06 32,256 ----a-w c:\windows\system32\wpabaln.exe
+ 2004-08-19 20:10:06 49,152 ----a-w c:\windows\system32\wpabaln.exe
- 2004-08-19 20:10:06 32,768 ----a-w c:\windows\system32\wpnpinst.exe
+ 2004-08-19 20:10:06 49,664 ----a-w c:\windows\system32\wpnpinst.exe
- 2001-08-28 18:00:00 5,632 ----a-w c:\windows\system32\write.exe
+ 2001-08-28 18:00:00 22,528 ----a-w c:\windows\system32\write.exe
- 2004-08-19 20:10:06 13,824 ----a-w c:\windows\system32\wscntfy.exe
+ 2004-08-19 20:10:06 30,720 ----a-w c:\windows\system32\wscntfy.exe
- 2007-07-16 14:27:38 114,688 ----a-w c:\windows\system32\wscript.exe
+ 2007-07-16 14:27:38 135,168 ----a-w c:\windows\system32\wscript.exe
- 2007-07-16 14:27:40 549,720 ----a-w c:\windows\system32\wuapi.dll
+ 2008-10-16 13:12:20 561,688 ----a-w c:\windows\system32\wuapi.dll
- 2007-07-16 14:27:40 53,080 ----a-w c:\windows\system32\wuauclt.exe
+ 2008-10-16 13:09:44 51,224 ----a-w c:\windows\system32\wuauclt.exe
- 2007-07-15 21:28:01 189,440 ----a-w c:\windows\system32\wuauclt1.exe
+ 2007-07-15 21:28:01 206,336 ----a-w c:\windows\system32\wuauclt1.exe
- 2007-07-16 14:27:43 1,710,936 ----a-w c:\windows\system32\wuaueng.dll
+ 2008-10-16 13:13:40 1,809,944 ----a-w c:\windows\system32\wuaueng.dll
- 2007-07-16 14:27:44 325,976 ----a-w c:\windows\system32\wucltui.dll
+ 2008-10-16 13:12:22 323,608 ----a-w c:\windows\system32\wucltui.dll
- 2001-08-28 18:00:00 32,256 ----a-w c:\windows\system32\wupdmgr.exe
+ 2001-08-28 18:00:00 49,152 ----a-w c:\windows\system32\wupdmgr.exe
- 2007-07-16 14:27:44 33,624 ----a-w c:\windows\system32\wups.dll
+ 2008-10-16 13:08:58 34,328 ----a-w c:\windows\system32\wups.dll
- 2007-07-16 14:27:44 43,352 ----a-w c:\windows\system32\wups2.dll
+ 2008-10-16 13:09:44 43,544 ----a-w c:\windows\system32\wups2.dll
- 2007-07-16 14:27:45 203,096 ----a-w c:\windows\system32\wuweb.dll
+ 2008-10-16 13:13:40 202,776 ----a-w c:\windows\system32\wuweb.dll
- 2004-08-19 20:10:06 30,720 ----a-w c:\windows\system32\xcopy.exe
+ 2004-08-19 20:10:06 47,616 ----a-w c:\windows\system32\xcopy.exe
- 2001-07-16 12:08:50 45,056 ----a-w c:\windows\system32\xvga.exe
+ 2001-07-16 13:08:50 65,536 ----a-w c:\windows\system32\xvga.exe
- 2001-08-28 18:00:00 15,872 ----a-w c:\windows\TASKMAN.EXE
+ 2001-08-28 18:00:00 33,280 ----a-w c:\windows\TASKMAN.EXE
- 2004-03-31 08:42:08 98,304 ----a-w c:\windows\tcpview.exe
+ 2004-03-31 09:42:08 118,784 ----a-w c:\windows\tcpview.exe
+ 2009-02-15 22:37:14 16,384 ------w c:\windows\temp\Perflib_Perfdata_6bc.dat
+ 2009-02-15 22:37:26 16,384 ------w c:\windows\temp\Perflib_Perfdata_b0.dat
- 2001-08-28 18:00:00 25,600 ----a-w c:\windows\twunk_32.exe
+ 2001-08-28 18:00:00 42,496 ----a-w c:\windows\twunk_32.exe
- 2000-08-31 07:00:00 49,152 ----a-w c:\windows\VFIND.exe
+ 2000-08-31 07:00:00 72,548 ----a-w c:\windows\VFIND.exe
- 2003-08-27 08:29:46 65,536 ----a-w c:\windows\wanmpsvc.exe
+ 2003-08-27 08:29:46 86,016 ----a-w c:\windows\wanmpsvc.exe
- 2004-08-19 20:10:06 288,256 ----a-w c:\windows\winhlp32.exe
+ 2004-08-19 20:10:06 305,152 ----a-w c:\windows\winhlp32.exe
+ 2008-09-30 15:42:08 1,286,152 ----a-w c:\windows\WinSxS\x86_Microsoft.MSXML2_6bd6b9abf345378f_4.20.9870.0_x-ww_a32d74cf\msxml4.dll
+ 2008-09-30 15:45:12 91,656 ----a-w c:\windows\WinSxS\x86_Microsoft.MSXML2R_6bd6b9abf345378f_4.1.1.0_x-ww_2a41bceb\msxml4r.dll
+ 2008-04-15 17:56:59 1,724,416 ----a-w c:\windows\WinSxS\x86_Microsoft.Windows.GdiPlus_6595b64144ccf1df_1.0.2600.3352_x-ww_81af8e88\GdiPlus.dll
- 2000-08-31 07:00:00 68,096 ----a-w c:\windows\zip.exe
+ 2000-08-31 07:00:00 84,992 ----a-w c:\windows\zip.exe
.
-- Instantané actualisé --
.
((((((((((((((((((((((((((((((((( Points de chargement Reg ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MsnMsgr"="c:\program files\Windows Live\Messenger\MsnMsgr.Exe" [2007-10-18 5724184]
"Neuf Media Center"="c:\program files\SFR\Media Center\MediaCenter.exe" [2008-10-10 726336]
"pdfSaver3"="c:\program files\Mindjet\MindManager 7\PDF-XChange\pdfSaver\pdfSaver3.exe" [2004-09-05 401408]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2004-08-19 32256]
"ccleaner"="c:\program files\CCleaner\CCleaner.exe" [2008-10-23 1336560]
"LClock"="lclock.exe" [2004-12-08 c:\windows\LClock.exe]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2008-02-19 13500416]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2008-02-19 86016]
"Autoconfigurateur WiFi Neuf"="c:\program files\Neuf\Kit\WiFi\9wifi.exe" [2007-04-23 181752]
"AOLDialer"="c:\program files\Fichiers communs\AOL\ACS\AOLDial.exe" [2007-06-21 70952]
"CanonSolutionMenu"="c:\program files\Canon\Solution
+ 2007-03-20 06:41:06 57,020 ------r c:\windows\RaidTool\IDEDrvSetup.exe
- 2007-03-20 13:01:14 2,560 ------r c:\windows\RaidTool\xIDESetup.exe
+ 2007-03-20 13:01:14 19,456 ------r c:\windows\RaidTool\xIDESetup.exe
- 2004-10-11 16:51:58 57,344 ----a-w c:\windows\reboot.exe
+ 2004-10-11 17:51:58 77,824 ----a-w c:\windows\reboot.exe
- 2004-08-19 20:10:04 153,088 ----a-w c:\windows\regedit.exe
+ 2004-08-19 20:10:04 170,496 ----a-w c:\windows\regedit.exe
- 2007-04-20 17:16:00 1,117,184 ----a-w c:\windows\Resources\Themes\LSD_Inspirat\Shell\AeroBlue\Shellstyle.dll
+ 2007-04-20 18:16:00 1,117,184 ----a-w c:\windows\Resources\Themes\LSD_Inspirat\Shell\AeroBlue\Shellstyle.dll
- 2007-04-21 09:07:00 894,464 ----a-w c:\windows\Resources\Themes\LSD_Inspirat\Shell\ClassicXP\Shellstyle.dll
+ 2007-04-21 10:07:00 894,464 ----a-w c:\windows\Resources\Themes\LSD_Inspirat\Shell\ClassicXP\Shellstyle.dll
- 2007-04-20 17:16:00 1,117,184 ----a-w c:\windows\Resources\Themes\LSD_Inspirat\Shell\NormalColor\Shellstyle.dll
+ 2007-04-20 18:16:00 1,117,184 ----a-w c:\windows\Resources\Themes\LSD_Inspirat\Shell\NormalColor\Shellstyle.dll
- 2004-12-03 15:34:08 372,736 ----a-w c:\windows\Resources\Themes\Shell\BB2\Shellstyle.dll
+ 2004-12-03 16:34:08 372,736 ----a-w c:\windows\Resources\Themes\Shell\BB2\Shellstyle.dll
- 2004-12-03 15:34:08 372,736 ----a-w c:\windows\Resources\Themes\Shell\BlackBlue\Shellstyle.dll
+ 2004-12-03 16:34:08 372,736 ----a-w c:\windows\Resources\Themes\Shell\BlackBlue\Shellstyle.dll
- 2004-12-03 15:34:08 372,736 ----a-w c:\windows\Resources\Themes\Shell\BlackGraf\Shellstyle.dll
+ 2004-12-03 16:34:08 372,736 ----a-w c:\windows\Resources\Themes\Shell\BlackGraf\Shellstyle.dll
- 2004-12-03 15:34:08 372,736 ----a-w c:\windows\Resources\Themes\Shell\BlakGraf2\Shellstyle.dll
+ 2004-12-03 16:34:08 372,736 ----a-w c:\windows\Resources\Themes\Shell\BlakGraf2\Shellstyle.dll
- 2004-12-03 15:34:09 372,736 ----a-w c:\windows\Resources\Themes\Shell\Orange\Shellstyle.dll
+ 2004-12-03 16:34:09 372,736 ----a-w c:\windows\Resources\Themes\Shell\Orange\Shellstyle.dll
- 2004-12-03 15:34:09 372,736 ----a-w c:\windows\Resources\Themes\Shell\Orange2\Shellstyle.dll
+ 2004-12-03 16:34:09 372,736 ----a-w c:\windows\Resources\Themes\Shell\Orange2\Shellstyle.dll
- 2004-12-03 15:34:09 372,736 ----a-w c:\windows\Resources\Themes\Shell\RD2\Shellstyle.dll
+ 2004-12-03 16:34:09 372,736 ----a-w c:\windows\Resources\Themes\Shell\RD2\Shellstyle.dll
- 2004-12-03 15:34:09 372,736 ----a-w c:\windows\Resources\Themes\Shell\RoyalBlu2\Shellstyle.dll
+ 2004-12-03 16:34:09 372,736 ----a-w c:\windows\Resources\Themes\Shell\RoyalBlu2\Shellstyle.dll
- 2004-12-03 15:34:09 372,736 ----a-w c:\windows\Resources\Themes\Shell\RoyalDark\Shellstyle.dll
+ 2004-12-03 16:34:09 372,736 ----a-w c:\windows\Resources\Themes\Shell\RoyalDark\Shellstyle.dll
- 2008-10-09 13:54:26 17,021,440 ----a-w c:\windows\RTHDCPL.EXE
+ 2008-10-09 13:54:26 17,040,896 ----a-w c:\windows\RTHDCPL.EXE
- 2008-06-19 15:27:46 9,715,200 ----a-w c:\windows\RTLCPL.exe
+ 2008-06-19 15:27:46 9,733,632 ----a-w c:\windows\RTLCPL.exe
- 2008-09-19 16:48:24 1,200,128 ----a-w c:\windows\RtlUpd.exe
+ 2008-09-19 16:48:24 1,220,608 ----a-w c:\windows\RtlUpd.exe
- 2000-08-31 07:00:00 98,816 ----a-w c:\windows\sed.exe
+ 2000-08-31 07:00:00 115,712 ----a-w c:\windows\sed.exe
- 2007-11-20 17:15:58 1,826,816 ----a-w c:\windows\SkyTel.exe
+ 2007-11-20 17:15:58 1,847,296 ----a-w c:\windows\SkyTel.exe
- 2008-08-19 12:26:44 77,824 ----a-w c:\windows\SOUNDMAN.EXE
+ 2008-08-19 12:26:44 98,304 ----a-w c:\windows\SOUNDMAN.EXE
- 2000-08-31 07:00:00 161,792 ----a-w c:\windows\SWREG.exe
+ 2000-08-31 07:00:00 179,200 ----a-w c:\windows\SWREG.exe
- 2000-08-31 07:00:00 136,704 ----a-w c:\windows\SWSC.exe
+ 2000-08-31 07:00:00 154,624 ----a-w c:\windows\SWSC.exe
- 2000-08-31 07:00:00 212,480 ----a-w c:\windows\SWXCACLS.exe
+ 2000-08-31 07:00:00 229,376 ----a-w c:\windows\SWXCACLS.exe
- 2004-08-19 20:09:52 189,952 ----a-w c:\windows\system32\accwiz.exe
+ 2004-08-19 20:09:52 206,848 ----a-w c:\windows\system32\accwiz.exe
- 2006-08-28 16:34:30 557,056 ----a-w c:\windows\system32\ACDSee.scr
+ 2006-08-28 16:34:30 577,536 ----a-w c:\windows\system32\ACDSee.scr
- 2004-08-19 20:09:52 4,096 ----a-w c:\windows\system32\actmovie.exe
+ 2004-08-19 20:09:52 20,992 ----a-w c:\windows\system32\actmovie.exe
+ 2006-09-29 05:56:38 28,248 ----a-r c:\windows\system32\AdobePDF.dll
- 2005-05-17 14:24:00 311,296 ----a-w c:\windows\system32\AegisI5.exe
+ 2005-05-17 14:24:00 331,776 ----a-w c:\windows\system32\AegisI5.exe
- 2007-07-15 21:27:45 92,160 ----a-w c:\windows\system32\ahui.exe
+ 2007-07-15 21:27:45 109,568 ----a-w c:\windows\system32\ahui.exe
- 2004-08-19 20:09:52 44,544 ----a-w c:\windows\system32\alg.exe
+ 2004-08-19 20:09:52 61,440 ----a-w c:\windows\system32\alg.exe
- 2001-08-28 18:00:00 19,968 ----a-w c:\windows\system32\arp.exe
+ 2001-08-28 18:00:00 36,864 ----a-w c:\windows\system32\arp.exe
- 2001-08-28 18:00:00 37,888 ----a-w c:\windows\system32\asr_ldm.exe
+ 2001-08-28 18:00:00 54,784 ----a-w c:\windows\system32\asr_ldm.exe
- 2004-08-19 20:09:52 32,768 ----a-w c:\windows\system32\asr_pfu.exe
+ 2004-08-19 20:09:52 49,664 ----a-w c:\windows\system32\asr_pfu.exe
- 2004-08-19 20:09:52 25,088 ----a-w c:\windows\system32\at.exe
+ 2004-08-19 20:09:52 41,984 ----a-w c:\windows\system32\at.exe
- 2004-08-19 20:09:52 11,264 ----a-w c:\windows\system32\atmadm.exe
+ 2004-08-19 20:09:52 28,672 ----a-w c:\windows\system32\atmadm.exe
- 2001-08-28 18:00:00 11,264 ----a-w c:\windows\system32\attrib.exe
+ 2001-08-28 18:00:00 28,160 ----a-w c:\windows\system32\attrib.exe
- 2004-08-19 20:09:52 14,336 ----a-w c:\windows\system32\auditusr.exe
+ 2004-08-19 20:09:52 31,232 ----a-w c:\windows\system32\auditusr.exe
- 2001-08-28 18:00:00 152,064 ----a-w c:\windows\system32\bootcfg.exe
+ 2001-08-28 18:00:00 168,960 ----a-w c:\windows\system32\bootcfg.exe
- 2001-08-28 18:00:00 4,608 ----a-w c:\windows\system32\bootok.exe
+ 2001-08-28 18:00:00 21,504 ----a-w c:\windows\system32\bootok.exe
- 2001-08-28 18:00:00 5,120 ----a-w c:\windows\system32\bootvrfy.exe
+ 2001-08-28 18:00:00 22,528 ----a-w c:\windows\system32\bootvrfy.exe
- 2001-08-28 18:00:00 19,456 ----a-w c:\windows\system32\cacls.exe
+ 2001-08-28 18:00:00 36,864 ----a-w c:\windows\system32\cacls.exe
- 2007-07-15 21:27:46 253,440 ----a-w c:\windows\system32\calc.exe
+ 2007-07-15 21:27:46 270,336 ----a-w c:\windows\system32\calc.exe
- 2007-07-16 14:25:18 92,504 ----a-w c:\windows\system32\cdm.dll
+ 2008-10-16 13:09:44 92,696 ----a-w c:\windows\system32\cdm.dll
- 2001-08-28 18:00:00 80,896 ----a-w c:\windows\system32\charmap.exe
+ 2001-08-28 18:00:00 97,792 ----a-w c:\windows\system32\charmap.exe
- 2006-08-01 14:02:32 49,152 ----a-w c:\windows\system32\ChCfg.exe
+ 2006-08-01 14:02:32 69,632 ----a-w c:\windows\system32\ChCfg.exe
- 2001-08-28 18:00:00 11,776 ----a-w c:\windows\system32\chkdsk.exe
+ 2001-08-28 18:00:00 28,672 ----a-w c:\windows\system32\chkdsk.exe
- 2001-08-28 18:00:00 11,264 ----a-w c:\windows\system32\chkntfs.exe
+ 2001-08-28 18:00:00 28,160 ----a-w c:\windows\system32\chkntfs.exe
+ 2003-12-14 14:47:20 692,224 ----a-w c:\windows\system32\ciaResSvr20.dll
+ 2003-02-23 22:45:14 40,960 ----a-w c:\windows\system32\ciaSubClsSvr.dll
+ 2003-12-12 15:41:30 53,248 ----a-w c:\windows\system32\ciaXPRegSvr20.dll
- 2001-08-28 18:00:00 8,192 ----a-w c:\windows\system32\cidaemon.exe
+ 2001-08-28 18:00:00 25,088 ----a-w c:\windows\system32\cidaemon.exe
- 2004-08-19 20:09:52 56,832 ----a-w c:\windows\system32\cipher.exe
+ 2004-08-19 20:09:52 73,728 ----a-w c:\windows\system32\cipher.exe
- 2004-08-19 20:09:52 5,632 ----a-w c:\windows\system32\cisvc.exe
+ 2004-08-19 20:09:52 22,528 ----a-w c:\windows\system32\cisvc.exe
- 2001-08-28 18:00:00 7,680 ----a-w c:\windows\system32\ckcnv.exe
+ 2001-08-28 18:00:00 24,576 ----a-w c:\windows\system32\ckcnv.exe
- 2007-07-15 21:27:46 522,752 ----a-w c:\windows\system32\cleanmgr.exe
+ 2007-07-15 21:27:46 539,648 ----a-w c:\windows\system32\cleanmgr.exe
- 2004-08-19 20:09:52 20,480 ----a-w c:\windows\system32\cliconfg.exe
+ 2004-08-19 20:09:52 40,960 ----a-w c:\windows\system32\cliconfg.exe
- 2004-08-19 20:09:52 104,448 ----a-w c:\windows\system32\clipbrd.exe
+ 2004-08-19 20:09:52 121,344 ----a-w c:\windows\system32\clipbrd.exe
- 2004-08-19 20:09:52 33,280 ----a-w c:\windows\system32\clipsrv.exe
+ 2004-08-19 20:09:52 50,176 ----a-w c:\windows\system32\clipsrv.exe
- 2007-07-15 21:27:47 539,136 ----a-w c:\windows\system32\cmd.exe
+ 2007-07-15 21:27:47 556,032 ----a-w c:\windows\system32\cmd.exe
- 2004-08-19 20:09:52 47,104 ----a-w c:\windows\system32\cmdl32.exe
+ 2004-08-19 20:09:52 64,000 ----a-w c:\windows\system32\cmdl32.exe
- 2004-08-19 20:09:52 40,448 ----a-w c:\windows\system32\cmmon32.exe
+ 2004-08-19 20:09:52 57,344 ----a-w c:\windows\system32\cmmon32.exe
- 2004-08-19 20:09:52 65,536 ----a-w c:\windows\system32\cmstp.exe
+ 2004-08-19 20:09:52 82,432 ----a-w c:\windows\system32\cmstp.exe
- 2004-08-19 20:09:52 9,728 ----a-w c:\windows\system32\Com\comrepl.exe
+ 2004-08-19 20:09:52 26,624 ----a-w c:\windows\system32\Com\comrepl.exe
- 2001-08-28 18:00:00 5,120 ----a-w c:\windows\system32\Com\comrereg.exe
+ 2001-08-28 18:00:00 22,016 ----a-w c:\windows\system32\Com\comrereg.exe
- 2001-08-28 18:00:00 18,432 ----a-w c:\windows\system32\compact.exe
+ 2001-08-28 18:00:00 35,328 ----a-w c:\windows\system32\compact.exe
- 2008-10-19 17:39:52 16,384 ----a-w c:\windows\system32\config\systemprofile\Cookies\index.dat
+ 2009-02-15 22:37:09 16,384 ----a-w c:\windows\system32\config\systemprofile\Cookies\index.dat
+ 2009-02-11 22:04:44 262,144 ---ha-w c:\windows\system32\config\systemprofile\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat
- 2008-10-19 17:39:52 16,384 ----a-w c:\windows\system32\config\systemprofile\Local Settings\Historique\History.IE5\index.dat
+ 2009-02-15 22:37:09 16,384 ----a-w c:\windows\system32\config\systemprofile\Local Settings\Historique\History.IE5\index.dat
- 2008-10-19 17:39:52 32,768 ----a-w c:\windows\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\index.dat
+ 2009-02-15 22:37:09 32,768 ----a-w c:\windows\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\index.dat
- 2004-08-19 20:09:52 27,648 ----a-w c:\windows\system32\conime.exe
+ 2004-08-19 20:09:52 44,544 ----a-w c:\windows\system32\conime.exe
- 2001-08-28 18:00:00 8,192 ----a-w c:\windows\system32\control.exe
+ 2001-08-28 18:00:00 25,600 ----a-w c:\windows\system32\control.exe
- 2001-08-28 18:00:00 13,824 ----a-w c:\windows\system32\convert.exe
+ 2001-08-28 18:00:00 31,232 ----a-w c:\windows\system32\convert.exe
+ 2000-11-24 16:05:06 20,480 ----a-w c:\windows\system32\CPUINFO2.DLL
- 2007-07-16 14:25:25 98,304 ----a-w c:\windows\system32\cscript.exe
+ 2007-07-16 14:25:25 118,784 ----a-w c:\windows\system32\cscript.exe
- 2001-08-28 18:00:00 5,120 ----a-w c:\windows\system32\dcomcnfg.exe
+ 2001-08-28 18:00:00 22,016 ----a-w c:\windows\system32\dcomcnfg.exe
- 2004-08-19 20:09:52 31,744 ----a-w c:\windows\system32\ddeshare.exe
+ 2004-08-19 20:09:52 48,640 ----a-w c:\windows\system32\ddeshare.exe
- 2004-08-19 20:09:52 85,504 ----a-w c:\windows\system32\diantz.exe
+ 2004-08-19 20:09:52 102,400 ----a-w c:\windows\system32\diantz.exe
- 2004-08-19 20:09:52 167,936 ----a-w c:\windows\system32\diskpart.exe
+ 2004-08-19 20:09:52 184,832 ----a-w c:\windows\system32\diskpart.exe
- 2001-08-28 18:00:00 19,456 ----a-w c:\windows\system32\diskperf.exe
+ 2001-08-28 18:00:00 36,352 ----a-w c:\windows\system32\diskperf.exe
- 2006-10-27 00:44:04 54,784 ------w c:\windows\system32\DllCache\ie4uinit.exe
+ 2006-10-27 00:44:04 71,680 ------w c:\windows\system32\DllCache\ie4uinit.exe
- 2006-10-17 11:04:50 69,120 ------w c:\windows\system32\DllCache\iedw.exe
+ 2006-10-17 11:04:50 86,016 ------w c:\windows\system32\DllCache\iedw.exe
- 2006-10-17 11:04:40 622,080 ------w c:\windows\system32\DllCache\iexplore.exe
+ 2006-10-17 11:04:40 638,976 ------w c:\windows\system32\DllCache\iexplore.exe
+ 2008-06-10 00:31:06 120,832 ------w c:\windows\system32\DllCache\logagent.exe
- 2006-10-17 10:56:10 45,568 ------w c:\windows\system32\DllCache\mshta.exe
+ 2006-10-17 10:56:10 62,464 ------w c:\windows\system32\DllCache\mshta.exe
- 2006-10-14 15:44:44 671,744 ------w c:\windows\system32\DllCache\PrintFilterPipelineSvc.exe
+ 2006-10-14 15:44:44 689,152 ------w c:\windows\system32\DllCache\PrintFilterPipelineSvc.exe
- 2006-10-27 13:09:58 765,952 ------w c:\windows\system32\DllCache\VGX.dll
+ 2008-05-27 17:25:06 765,952 ------w c:\windows\system32\DllCache\vgx.dll
+ 2008-06-10 17:18:18 1,053,696 ------w c:\windows\system32\DllCache\WMNetmgr.dll
+ 2008-11-07 17:32:20 2,109,440 ------w c:\windows\system32\DllCache\WMVCore.dll
- 2004-08-19 20:09:52 5,120 ----a-w c:\windows\system32\dllhost.exe
+ 2004-08-19 20:09:52 22,016 ----a-w c:\windows\system32\dllhost.exe
- 2001-08-28 18:00:00 4,608 ----a-w c:\windows\system32\dllhst3g.exe
+ 2001-08-28 18:00:00 21,504 ----a-w c:\windows\system32\dllhst3g.exe
- 2004-08-19 20:09:52 225,280 ----a-w c:\windows\system32\dmadmin.exe
+ 2004-08-19 20:09:52 242,176 ----a-w c:\windows\system32\dmadmin.exe
- 2004-08-19 20:09:52 15,872 ----a-w c:\windows\system32\dmremote.exe
+ 2004-08-19 20:09:52 32,768 ----a-w c:\windows\system32\dmremote.exe
- 2006-02-28 10:41:34 61,440 ----a-w c:\windows\system32\dns-sd.exe
+ 2006-02-28 10:41:34 81,920 ----a-w c:\windows\system32\dns-sd.exe
- 2007-07-16 14:25:27 147,456 ----a-w c:\windows\system32\dnsapi.dll
+ 2008-06-20 17:37:01 147,968 ----a-w c:\windows\system32\dnsapi.dll
- 2001-08-28 18:00:00 10,752 ----a-w c:\windows\system32\doskey.exe
+ 2001-08-28 18:00:00 27,648 ----a-w c:\windows\system32\doskey.exe
- 2004-08-19 20:09:52 30,208 ----a-w c:\windows\system32\dplaysvr.exe
+ 2004-08-19 20:09:52 47,104 ----a-w c:\windows\system32\dplaysvr.exe
- 2004-08-19 20:09:52 18,432 ----a-w c:\windows\system32\dpnsvr.exe
+ 2004-08-19 20:09:52 35,328 ----a-w c:\windows\system32\dpnsvr.exe
- 2004-08-19 20:09:52 83,456 ----a-w c:\windows\system32\dpvsetup.exe
+ 2004-08-19 20:09:52 100,352 ----a-w c:\windows\system32\dpvsetup.exe
- 2001-08-28 18:00:00 60,928 ----a-w c:\windows\system32\driverquery.exe
+ 2001-08-28 18:00:00 77,824 ----a-w c:\windows\system32\driverquery.exe
- 2004-08-04 03:14:16 138,496 ----a-w c:\windows\system32\drivers\afd.sys
+ 2008-08-14 09:48:52 138,368 ----a-w c:\windows\system32\drivers\afd.sys
+ 2008-04-29 10:19:50 12,960 ----a-w c:\windows\system32\drivers\Awrtpd.sys
+ 2008-04-29 10:19:54 15,648 ----a-w c:\windows\system32\drivers\Awrtrd.sys
- 2007-07-16 14:25:59 454,656 ----a-w c:\windows\system32\drivers\mrxsmb.sys
+ 2008-10-24 11:25:29 455,936 ----a-w c:\windows\system32\drivers\mrxsmb.sys
+ 2008-04-29 10:20:00 15,648 ----a-w c:\windows\system32\drivers\NSDriver.sys
- 2007-07-16 14:26:43 202,496 ----a-w c:\windows\system32\drivers\RMCast.sys
+ 2008-05-08 12:14:51 203,008 ----a-w c:\windows\system32\drivers\rmcast.sys
- 2007-07-16 14:27:05 332,928 ----a-w c:\windows\system32\drivers\srv.sys
+ 2008-12-11 10:24:44 333,184 ----a-w c:\windows\system32\drivers\srv.sys
- 2005-06-28 16:56:53 359,808 ----a-w c:\windows\system32\drivers\tcpip.sys
+ 2008-06-20 10:44:42 360,960 ----a-w c:\windows\system32\drivers\tcpip.sys
- 2007-07-16 14:27:16 225,664 ----a-w c:\windows\system32\drivers\tcpip6.sys
+ 2008-06-20 09:32:39 225,920 ----a-w c:\windows\system32\drivers\tcpip6.sys
- 2001-08-28 18:00:00 47,104 ----a-w c:\windows\system32\drwtsn32.exe
+ 2001-08-28 18:00:00 64,000 ----a-w c:\windows\system32\drwtsn32.exe
- 2004-08-19 20:09:52 10,752 ----a-w c:\windows\system32\dumprep.exe
+ 2004-08-19 20:09:52 27,648 ----a-w c:\windows\system32\dumprep.exe
- 2007-07-21 14:34:24 59,392 ----a-w c:\windows\system32\dvdplay.exe
+ 2007-07-21 14:34:24 76,288 ----a-w c:\windows\system32\dvdplay.exe
- 2004-08-19 20:09:52 17,920 ----a-w c:\windows\system32\dvdupgrd.exe
+ 2004-08-19 20:09:52 34,816 ----a-w c:\windows\system32\dvdupgrd.exe
- 2004-08-19 20:09:52 180,224 ----a-w c:\windows\system32\dwwin.exe
+ 2004-08-19 20:09:52 200,704 ----a-w c:\windows\system32\dwwin.exe
- 2007-07-16 14:25:28 243,200 ----a-w c:\windows\system32\es.dll
+ 2008-07-07 20:18:27 253,952 ----a-w c:\windows\system32\es.dll
- 2001-08-28 18:00:00 39,424 ----a-w c:\windows\system32\esentutl.exe
+ 2001-08-28 18:00:00 56,320 ----a-w c:\windows\system32\esentutl.exe
- 2004-08-19 20:09:52 195,072 ----a-w c:\windows\system32\eudcedit.exe
+ 2004-08-19 20:09:52 211,968 ----a-w c:\windows\system32\eudcedit.exe
- 2004-08-19 20:09:52 52,736 ----a-w c:\windows\system32\eventcreate.exe
+ 2004-08-19 20:09:52 69,632 ----a-w c:\windows\system32\eventcreate.exe
- 2001-08-28 18:00:00 81,408 ----a-w c:\windows\system32\eventtriggers.exe
+ 2001-08-28 18:00:00 98,304 ----a-w c:\windows\system32\eventtriggers.exe
- 2001-08-28 18:00:00 9,216 ----a-w c:\windows\system32\eventvwr.exe
+ 2001-08-28 18:00:00 26,112 ----a-w c:\windows\system32\eventvwr.exe
- 2001-08-28 18:00:00 16,896 ----a-w c:\windows\system32\expand.exe
+ 2001-08-28 18:00:00 33,792 ----a-w c:\windows\system32\expand.exe
- 2004-08-19 20:09:54 45,568 ----a-w c:\windows\system32\extrac32.exe
+ 2004-08-19 20:09:54 62,464 ----a-w c:\windows\system32\extrac32.exe
- 2001-08-28 18:00:00 14,848 ----a-w c:\windows\system32\fc.exe
+ 2001-08-28 18:00:00 31,744 ----a-w c:\windows\system32\fc.exe
- 2001-08-28 18:00:00 9,216 ----a-w c:\windows\system32\find.exe
+ 2001-08-28 18:00:00 26,112 ----a-w c:\windows\system32\find.exe
- 2004-08-19 20:09:56 29,184 ----a-w c:\windows\system32\findstr.exe
+ 2004-08-19 20:09:56 46,592 ----a-w c:\windows\system32\findstr.exe
- 2001-08-28 18:00:00 10,240 ----a-w c:\windows\system32\finger.exe
+ 2001-08-28 18:00:00 27,136 ----a-w c:\windows\system32\finger.exe
- 2007-07-16 14:25:31 23,040 ----a-w c:\windows\system32\fltMc.exe
+ 2007-07-16 14:25:31 39,936 ----a-w c:\windows\system32\fltMc.exe
- 2006-10-26 12:10:08 1,190,688 ----a-w c:\windows\system32\FM20.DLL
+ 2007-08-23 00:03:38 1,195,888 ----a-w c:\windows\system32\FM20.DLL
- 2009-01-12 15:47:54 1,710,656 ----a-w c:\windows\system32\FNTCACHE.DAT
+ 2009-02-15 22:38:45 1,710,712 ----a-w c:\windows\system32\FNTCACHE.DAT
- 2004-08-19 20:09:56 21,504 ----a-w c:\windows\system32\fontview.exe
+ 2004-08-19 20:09:56 38,400 ----a-w c:\windows\system32\fontview.exe
- 2001-08-28 18:00:00 7,168 ----a-w c:\windows\system32\forcedos.exe
+ 2001-08-28 18:00:00 24,064 ----a-w c:\windows\system32\forcedos.exe
- 2004-08-19 20:09:56 193,024 ----a-w c:\windows\system32\fsquirt.exe
+ 2004-08-19 20:09:56 209,920 ----a-w c:\windows\system32\fsquirt.exe
- 2001-08-28 18:00:00 61,952 ----a-w c:\windows\system32\fsutil.exe
+ 2001-08-28 18:00:00 78,848 ----a-w c:\windows\system32\fsutil.exe
- 2004-08-19 20:09:56 46,080 ----a-w c:\windows\system32\ftp.exe
+ 2004-08-19 20:09:56 62,976 ----a-w c:\windows\system32\ftp.exe
- 2007-07-16 14:25:32 282,112 ----a-w c:\windows\system32\gdi32.dll
+ 2008-10-23 12:51:46 284,160 ----a-w c:\windows\system32\gdi32.dll
- 2001-08-28 18:00:00 57,344 ----a-w c:\windows\system32\getmac.exe
+ 2001-08-28 18:00:00 74,240 ----a-w c:\windows\system32\getmac.exe
- 2004-08-19 20:09:56 123,392 ----a-w c:\windows\system32\gpresult.exe
+ 2004-08-19 20:09:56 140,800 ----a-w c:\windows\system32\gpresult.exe
- 2001-08-28 18:00:00 59,392 ----a-w c:\windows\system32\gpupdate.exe
+ 2001-08-28 18:00:00 76,288 ----a-w c:\windows\system32\gpupdate.exe
- 2004-08-19 20:09:56 39,424 ----a-w c:\windows\system32\grpconv.exe
+ 2004-08-19 20:09:56 56,320 ----a-w c:\windows\system32\grpconv.exe
- 2005-01-07 15:07:16 61,952 ------w c:\windows\system32\HdAShCut.exe
+ 2005-01-07 15:07:16 78,848 ------w c:\windows\system32\HdAShCut.exe
- 2001-08-28 18:00:00 16,384 ----a-w c:\windows\system32\help.exe
+ 2001-08-28 18:00:00 33,280 ----a-w c:\windows\system32\help.exe
- 2001-08-28 18:00:00 8,704 ----a-w c:\windows\system32\hostname.exe
+ 2001-08-28 18:00:00 25,600 ----a-w c:\windows\system32\hostname.exe
- 2006-10-27 00:44:04 54,784 ----a-w c:\windows\system32\ie4uinit.exe
+ 2006-10-27 00:44:04 71,680 ----a-w c:\windows\system32\ie4uinit.exe
- 2006-10-27 00:44:12 13,312 ----a-w c:\windows\system32\ieudinit.exe
+ 2006-10-27 00:44:12 30,208 ----a-w c:\windows\system32\ieudinit.exe
- 2004-08-19 20:09:56 114,688 ----a-w c:\windows\system32\iexpress.exe
+ 2004-08-19 20:09:56 131,584 ----a-w c:\windows\system32\iexpress.exe
- 2004-08-19 20:09:56 150,016 ----a-w c:\windows\system32\imapi.exe
+ 2004-08-19 20:09:56 166,912 ----a-w c:\windows\system32\imapi.exe
- 2004-08-04 02:31:56 480,256 ----a-w c:\windows\system32\IME\CINTLGNT\CINTSETP.EXE
+ 2004-08-04 02:31:56 497,152 ----a-w c:\windows\system32\IME\CINTLGNT\CINTSETP.EXE
- 2004-08-04 02:31:50 70,144 ----a-w c:\windows\system32\IME\PINTLGNT\PINTLPHR.EXE
+ 2004-08-04 02:31:50 87,552 ----a-w c:\windows\system32\IME\PINTLGNT\PINTLPHR.EXE
- 2004-08-04 02:32:16 44,032 ----a-w c:\windows\system32\IME\TINTLGNT\TINTLPHR.EXE
+ 2004-08-04 02:32:16 60,928 ----a-w c:\windows\system32\IME\TINTLGNT\TINTLPHR.EXE
- 2004-08-04 02:32:16 455,168 ----a-w c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE
+ 2004-08-04 02:32:16 472,064 ----a-w c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE
- 2007-07-16 14:25:38 683,520 ----a-w c:\windows\system32\inetcomm.dll
+ 2008-04-11 18:40:33 683,520 ----a-w c:\windows\system32\inetcomm.dll
- 2004-08-19 20:09:56 58,368 ----a-w c:\windows\system32\ipconfig.exe
+ 2004-08-19 20:09:56 75,264 ----a-w c:\windows\system32\ipconfig.exe
- 2001-08-28 18:00:00 46,080 ----a-w c:\windows\system32\ipsec6.exe
+ 2001-08-28 18:00:00 62,976 ----a-w c:\windows\system32\ipsec6.exe
- 2004-08-19 20:09:56 53,760 ----a-w c:\windows\system32\ipv6.exe
+ 2004-08-19 20:09:56 70,656 ----a-w c:\windows\system32\ipv6.exe
- 2004-08-19 20:09:56 24,576 ----a-w c:\windows\system32\ipxroute.exe
+ 2004-08-19 20:09:56 41,472 ----a-w c:\windows\system32\ipxroute.exe
- 2008-08-13 14:03:26 65,536 ----a-w c:\windows\system32\Kaspersky Lab\Kaspersky Online Scanner\kavuninstall.exe
+ 2008-08-13 14:03:26 86,016 ----a-w c:\windows\system32\Kaspersky Lab\Kaspersky Online Scanner\kavuninstall.exe
- 2008-02-19 08:35:00 425,984 ----a-w c:\windows\system32\keystone.exe
+ 2008-02-19 08:35:00 446,464 ----a-w c:\windows\system32\keystone.exe
- 2001-08-28 18:00:00 9,728 ----a-w c:\windows\system32\label.exe
+ 2001-08-28 18:00:00 26,624 ----a-w c:\windows\system32\label.exe
- 2001-08-28 18:00:00 30,208 ----a-w c:\windows\system32\lights.exe
+ 2001-08-28 18:00:00 47,104 ----a-w c:\windows\system32\lights.exe
- 2004-08-19 20:09:56 75,264 ----a-w c:\windows\system32\locator.exe
+ 2004-08-19 20:09:56 92,160 ----a-w c:\windows\system32\locator.exe
- 2001-08-28 18:00:00 5,120 ----a-w c:\windows\system32\lodctr.exe
+ 2001-08-28 18:00:00 22,016 ----a-w c:\windows\system32\lodctr.exe
- 2004-08-19 20:09:56 103,936 ----a-w c:\windows\system32\logagent.exe
+ 2008-06-10 00:31:06 120,832 ----a-w c:\windows\system32\logagent.exe
- 2001-08-28 18:00:00 15,872 ----a-w c:\windows\system32\logoff.exe
+ 2001-08-28 18:00:00 32,768 ----a-w c:\windows\system32\logoff.exe
- 2004-09-11 21:05:50 363,520 ----a-w c:\windows\system32\logon.scr
+ 2004-09-11 22:05:50 380,416 ----a-w c:\windows\system32\logon.scr
- 2007-07-15 19:27:56 6,928,384 ----a-w c:\windows\system32\logonui.exe
+ 2007-07-15 19:27:56 6,945,280 ----a-w c:\windows\system32\logonui.exe
- 2001-08-28 18:00:00 6,144 ----a-w c:\windows\system32\lpq.exe
+ 2001-08-28 18:00:00 23,040 ----a-w c:\windows\system32\lpq.exe
- 2001-08-28 18:00:00 9,216 ----a-w c:\windows\system32\lpr.exe
+ 2001-08-28 18:00:00 26,112 ----a-w c:\windows\system32\lpr.exe
+ 2008-05-16 10:58:04 12,632 ----a-w c:\windows\system32\lsdelete.exe
- 2006-06-22 10:44:14 20,480 ----a-w c:\windows\system32\Macromed\Flash\UninstFl.exe
+ 2006-06-22 10:44:14 40,960 ----a-w c:\windows\system32\Macromed\Flash\UninstFl.exe
- 2007-07-16 14:25:44 73,216 ----a-w c:\windows\system32\magnify.exe
+ 2007-07-16 14:25:44 90,624 ----a-w c:\windows\system32\magnify.exe
- 2004-08-19 20:09:56 85,504 ----a-w c:\windows\system32\makecab.exe
+ 2004-08-19 20:09:56 102,400 ----a-w c:\windows\system32\makecab.exe
- 2007-07-16 14:25:54 1,354,752 ----a-w c:\windows\system32\mmc.exe
+ 2007-07-16 14:25:54 1,372,160 ----a-w c:\windows\system32\mmc.exe
- 2007-07-16 14:25:58 33,792 ----a-w c:\windows\system32\mmcperf.exe
+ 2007-07-16 14:25:58 50,688 ----a-w c:\windows\system32\mmcperf.exe
- 2004-08-19 20:09:58 32,768 ----a-w c:\windows\system32\mnmsrvc.exe
+ 2004-08-19 20:09:58 53,248 ----a-w c:\windows\system32\mnmsrvc.exe
- 2004-08-19 20:09:58 144,384 ----a-w c:\windows\system32\mobsync.exe
+ 2004-08-19 20:09:58 161,280 ----a-w c:\windows\system32\mobsync.exe
- 2001-08-28 18:00:00 8,192 ----a-w c:\windows\system32\mountvol.exe
+ 2001-08-28 18:00:00 25,088 ----a-w c:\windows\system32\mountvol.exe
- 2001-08-28 18:00:00 22,016 ----a-w c:\windows\system32\mpnotify.exe
+ 2001-08-28 18:00:00 38,912 ----a-w c:\windows\system32\mpnotify.exe
- 2004-08-19 20:10:00 19,968 ----a-w c:\windows\system32\mqbkup.exe
+ 2004-08-19 20:10:00 37,376 ----a-w c:\windows\system32\mqbkup.exe
- 2004-08-19 20:10:00 4,608 ----a-w c:\windows\system32\mqsvc.exe
+ 2004-08-19 20:10:00 21,504 ----a-w c:\windows\system32\mqsvc.exe
- 2004-08-19 20:10:00 117,248 ----a-w c:\windows\system32\mqtgsvc.exe
+ 2004-08-19 20:10:00 134,144 ----a-w c:\windows\system32\mqtgsvc.exe
- 2001-08-28 18:00:00 14,336 ----a-w c:\windows\system32\mrinfo.exe
+ 2001-08-28 18:00:00 31,232 ----a-w c:\windows\system32\mrinfo.exe
+ 2009-02-11 19:56:18 21,244,872 ----a-w c:\windows\system32\MRT.exe
- 2007-07-16 14:26:01 73,728 ----a-w c:\windows\system32\mscms.dll
+ 2008-06-24 16:30:27 74,240 ----a-w c:\windows\system32\mscms.dll
- 2004-08-19 20:10:00 6,144 ----a-w c:\windows\system32\msdtc.exe
+ 2004-08-19 20:10:00 23,040 ----a-w c:\windows\system32\msdtc.exe
- 2006-10-17 10:58:32 12,288 ------w c:\windows\system32\msfeedssync.exe
+ 2006-10-17 10:58:32 29,184 ------w c:\windows\system32\msfeedssync.exe
- 2001-08-28 18:00:00 22,528 ----a-w c:\windows\system32\msg.exe
+ 2001-08-28 18:00:00 39,424 ----a-w c:\windows\system32\msg.exe
- 2006-10-17 10:56:10 45,568 ----a-w c:\windows\system32\mshta.exe
+ 2006-10-17 10:56:10 62,464 ----a-w c:\windows\system32\mshta.exe
- 2007-07-16 14:26:08 78,848 ----a-w c:\windows\system32\msiexec.exe
+ 2007-07-16 14:26:08 95,744 ----a-w c:\windows\system32\msiexec.exe
- 2007-07-15 21:27:56 594,944 ----a-w c:\windows\system32\mspaint.exe
+ 2007-07-15 21:27:56 611,840 ----a-w c:\windows\system32\mspaint.exe
- 2006-07-24 08:50:38 125,744 ----a-w c:\windows\system32\MSSTDFMT.DLL
+ 2000-04-03 18:05:58 118,784 ----a-w c:\windows\system32\msstdfmt.dll
- 2001-08-28 18:00:00 6,656 ----a-w c:\windows\system32\msswchx.exe
+ 2001-08-28 18:00:00 24,064 ----a-w c:\windows\system32\msswchx.exe
- 2004-08-19 20:10:00 12,288 ----a-w c:\windows\system32\mstinit.exe
+ 2004-08-19 20:10:00 29,184 ----a-w c:\windows\system32\mstinit.exe
- 2004-08-19 19:52:00 411,648 ----a-w c:\windows\system32\mstsc.exe
+ 2004-08-19 19:52:00 428,544 ----a-w c:\windows\system32\mstsc.exe
- 2004-08-19 20:09:36 247,808 ----a-w c:\windows\system32\mswsock.dll
+ 2008-06-20 17:37:01 247,808 ----a-w c:\windows\system32\mswsock.dll
- 2007-07-16 14:26:17 1,084,416 ----a-w c:\windows\system32\msxml3.dll
+ 2008-09-04 16:34:21 1,106,944 ----a-w c:\windows\system32\msxml3.dll
- 2007-07-16 14:26:18 1,245,696 ----a-w c:\windows\system32\msxml4.dll
+ 2008-09-30 15:43:34 1,286,152 ----a-w c:\windows\system32\msxml4.dll
- 2006-12-04 12:49:36 1,313,040 ----a-w c:\windows\system32\msxml6.dll
+ 2008-08-29 19:06:44 1,350,664 ----a-w c:\windows\system32\msxml6.dll
- 2007-07-15 21:27:56 49,664 ----a-w c:\windows\system32\narrator.exe
+ 2007-07-15 21:27:56 66,560 ----a-w c:\windows\system32\narrator.exe
- 2001-08-28 18:00:00 21,504 ----a-w c:\windows\system32\nbtstat.exe
+ 2001-08-28 18:00:00 38,400 ----a-w c:\windows\system32\nbtstat.exe
- 2004-08-19 20:10:00 4,096 ----a-w c:\windows\system32\nddeapir.exe
+ 2004-08-19 20:10:00 20,992 ----a-w c:\windows\system32\nddeapir.exe
- 2004-08-19 20:10:00 42,496 ----a-w c:\windows\system32\net.exe
+ 2004-08-19 20:10:00 59,392 ----a-w c:\windows\system32\net.exe
- 2004-08-19 20:10:00 124,928 ----a-w c:\windows\system32\net1.exe
+ 2004-08-19 20:10:00 141,824 ----a-w c:\windows\system32\net1.exe
- 2007-07-16 14:26:20 337,408 ----a-w c:\windows\system32\netapi32.dll
+ 2008-10-15 16:55:13 339,456 ----a-w c:\windows\system32\netapi32.dll
- 2004-08-19 20:10:00 114,176 ----a-w c:\windows\system32\netdde.exe
+ 2004-08-19 20:10:00 131,072 ----a-w c:\windows\system32\netdde.exe
- 2007-07-15 21:27:57 626,688 ----a-w c:\windows\system32\netsetup.exe
+ 2007-07-15 21:27:57 643,584 ----a-w c:\windows\system32\netsetup.exe
- 2004-08-19 20:10:00 88,576 ----a-w c:\windows\system32\netsh.exe
+ 2004-08-19 20:10:00 105,472 ----a-w c:\windows\system32\netsh.exe
- 2004-08-19 20:10:00 37,888 ----a-w c:\windows\system32\netstat.exe
+ 2004-08-19 20:10:00 54,784 ----a-w c:\windows\system32\netstat.exe
- 2007-07-15 21:27:58 749,568 ----a-w c:\windows\system32\notepad.exe
+ 2007-07-15 21:27:58 770,048 ----a-w c:\windows\system32\notepad.exe
- 2004-08-19 20:10:00 15,360 ----a-w c:\windows\system32\npp\nppagent.exe
+ 2004-08-19 20:10:00 32,768 ----a-w c:\windows\system32\npp\nppagent.exe
- 2004-08-19 20:10:00 79,360 ----a-w c:\windows\system32\nslookup.exe
+ 2004-08-19 20:10:00 96,256 ----a-w c:\windows\system32\nslookup.exe
- 2007-07-05 16:34:59 2,293,248 ----a-w c:\windows\system32\ntkrnlmp.exe
+ 2007-07-05 17:34:59 2,293,248 ----a-w c:\windows\system32\ntkrnlmp.exe
- 2007-07-21 14:34:24 2,019,328 ----a-w c:\windows\system32\ntkrnlpa.exe
+ 2008-08-14 13:39:03 2,022,912 ----a-w c:\windows\system32\ntkrnlpa.exe
- 2007-07-16 14:26:26 2,139,648 ----a-w c:\windows\system32\ntoskrnl.exe
+ 2008-08-14 13:39:07 2,144,768 ----a-w c:\windows\system32\ntoskrnl.exe
- 2001-08-28 18:00:00 31,744 ----a-w c:\windows\system32\ntsd.exe
+ 2001-08-28 18:00:00 48,640 ----a-w c:\windows\system32\ntsd.exe
- 2004-08-19 20:10:00 420,864 ----a-w c:\windows\system32\ntvdm.exe
+ 2004-08-19 20:10:00 437,760 ----a-w c:\windows\system32\ntvdm.exe
- 2008-02-19 08:35:00 147,456 ----a-w c:\windows\system32\nvcolor.exe
+ 2008-02-19 08:35:00 167,936 ----a-w c:\windows\system32\nvcolor.exe
- 2008-02-19 08:35:00 1,339,392 ----a-w c:\windows\system32\nvdspsch.exe
+ 2008-02-19 08:35:00 1,359,872 ----a-w c:\windows\system32\nvdspsch.exe
- 2008-02-19 08:35:00 155,716 ----a-w c:\windows\system32\nvsvc32.exe
+ 2008-02-19 08:35:00 176,196 ----a-w c:\windows\system32\nvsvc32.exe
- 2008-02-19 08:35:00 360,448 ----a-w c:\windows\system32\nvudisp.exe
+ 2008-02-19 08:35:00 380,928 ----a-w c:\windows\system32\nvudisp.exe
- 2008-02-19 08:35:00 1,626,112 ----a-w c:\windows\system32\nwiz.exe
+ 2008-02-19 08:35:00 1,646,592 ----a-w c:\windows\system32\nwiz.exe
- 2001-08-28 18:00:00 129,024 ----a-w c:\windows\system32\nwscript.exe
+ 2001-08-28 18:00:00 145,920 ----a-w c:\windows\system32\nwscript.exe
- 2004-08-19 20:10:00 32,768 ----a-w c:\windows\system32\odbcad32.exe
+ 2004-08-19 20:10:00 53,248 ----a-w c:\windows\system32\odbcad32.exe
- 2004-08-19 20:10:00 69,632 ----a-w c:\windows\system32\odbcconf.exe
+ 2004-08-19 20:10:00 90,112 ----a-w c:\windows\system32\odbcconf.exe
- 2001-08-28 18:00:00 28,160 ----a-w c:\windows\system32\oobe\msoobe.exe
+ 2001-08-28 18:00:00 45,056 ----a-w c:\windows\system32\oobe\msoobe.exe
- 2004-08-19 20:10:00 71,680 ----a-w c:\windows\system32\openfiles.exe
+ 2004-08-19 20:10:00 88,576 ----a-w c:\windows\system32\openfiles.exe
- 2007-07-16 14:26:33 216,576 ----a-w c:\windows\system32\osk.exe
+ 2007-07-16 14:26:33 233,472 ----a-w c:\windows\system32\osk.exe
- 2001-08-28 18:00:00 41,984 ----a-w c:\windows\system32\osuninst.exe
+ 2001-08-28 18:00:00 58,880 ----a-w c:\windows\system32\osuninst.exe
- 2004-08-19 20:10:02 59,904 ----a-w c:\windows\system32\packager.exe
+ 2004-08-19 20:10:02 76,800 ----a-w c:\windows\system32\packager.exe
- 2001-08-28 18:00:00 22,528 ----a-w c:\windows\system32\pathping.exe
+ 2001-08-28 18:00:00 39,424 ----a-w c:\windows\system32\pathping.exe
- 2008-11-28 22:59:25 67,356 ----a-w c:\windows\system32\perfc009.dat
+ 2009-02-14 18:13:56 67,356 ----a-w c:\windows\system32\perfc009.dat
- 2008-11-28 22:59:25 80,146 ----a-w c:\windows\system32\perfc00C.dat
+ 2009-02-14 18:13:56 80,146 ----a-w c:\windows\system32\perfc00C.dat
- 2008-11-28 22:59:25 430,632 ----a-w c:\windows\system32\perfh009.dat
+ 2009-02-14 18:13:56 430,632 ----a-w c:\windows\system32\perfh009.dat
- 2008-11-28 22:59:25 497,824 ----a-w c:\windows\system32\perfh00C.dat
+ 2009-02-14 18:13:56 497,824 ----a-w c:\windows\system32\perfh00C.dat
- 2004-08-19 20:10:02 15,872 ----a-w c:\windows\system32\perfmon.exe
+ 2004-08-19 20:10:02 32,768 ----a-w c:\windows\system32\perfmon.exe
- 2004-08-19 20:10:02 19,456 ----a-w c:\windows\system32\ping.exe
+ 2004-08-19 20:10:02 36,352 ----a-w c:\windows\system32\ping.exe
- 2001-08-28 18:00:00 34,304 ----a-w c:\windows\system32\ping6.exe
+ 2001-08-28 18:00:00 51,200 ----a-w c:\windows\system32\ping6.exe
- 2007-07-16 14:26:36 86,016 ----a-w c:\windows\system32\pintool.exe
+ 2007-07-16 14:26:36 103,936 ----a-w c:\windows\system32\pintool.exe
- 2004-08-19 20:10:02 49,152 ----a-w c:\windows\system32\powercfg.exe
+ 2004-08-19 20:10:02 66,560 ----a-w c:\windows\system32\powercfg.exe
- 2001-08-28 18:00:00 9,216 ----a-w c:\windows\system32\print.exe
+ 2001-08-28 18:00:00 26,112 ----a-w c:\windows\system32\print.exe
- 2004-08-19 20:10:02 109,568 ----a-w c:\windows\system32\progman.exe
+ 2004-08-19 20:10:02 126,976 ----a-w c:\windows\system32\progman.exe
- 2004-08-19 20:10:04 50,688 ----a-w c:\windows\system32\proquota.exe
+ 2004-08-19 20:10:04 67,584 ----a-w c:\windows\system32\proquota.exe
- 2004-08-19 20:10:04 9,728 ----a-w c:\windows\system32\proxycfg.exe
+ 2004-08-19 20:10:04 26,624 ----a-w c:\windows\system32\proxycfg.exe
- 2007-07-16 14:26:37 35,840 ----a-w c:\windows\system32\qfecheck.exe
+ 2007-07-16 14:26:37 52,736 ----a-w c:\windows\system32\qfecheck.exe
- 2004-08-19 20:10:04 20,992 ----a-w c:\windows\system32\qprocess.exe
+ 2004-08-19 20:10:04 37,888 ----a-w c:\windows\system32\qprocess.exe
- 2007-07-16 14:26:39 1,293,824 ----a-w c:\windows\system32\quartz.dll
+ 2008-05-07 04:55:47 1,294,336 ----a-w c:\windows\system32\quartz.dll
- 2003-12-13 21:17:18 421,888 ----a-w c:\windows\system32\QuickTime\QTPluginInstaller.exe
+ 2003-12-13 21:17:18 442,368 ----a-w c:\windows\system32\QuickTime\QTPluginInstaller.exe
- 2004-01-30 10:06:24 70,144 ----a-w c:\windows\system32\QuickTime\QuickTimeUpdateHelper.exe
+ 2004-01-30 10:06:24 90,624 ----a-w c:\windows\system32\QuickTime\QuickTimeUpdateHelper.exe
- 2001-08-28 18:00:00 11,776 ----a-w c:\windows\system32\rasautou.exe
+ 2001-08-28 18:00:00 28,672 ----a-w c:\windows\system32\rasautou.exe
- 2001-08-28 18:00:00 11,776 ----a-w c:\windows\system32\rasdial.exe
+ 2001-08-28 18:00:00 28,672 ----a-w c:\windows\system32\rasdial.exe
- 2004-08-19 20:10:04 35,840 ----a-w c:\windows\system32\rcimlby.exe
+ 2004-08-19 20:10:04 52,736 ----a-w c:\windows\system32\rcimlby.exe
- 2004-08-19 20:10:04 23,040 ----a-w c:\windows\system32\rcp.exe
+ 2004-08-19 20:10:04 39,936 ----a-w c:\windows\system32\rcp.exe
- 2004-08-19 20:10:04 62,464 ----a-w c:\windows\system32\rdpclip.exe
+ 2004-08-19 20:10:04 79,360 ----a-w c:\windows\system32\rdpclip.exe
- 2004-08-19 20:10:04 13,824 ----a-w c:\windows\system32\rdsaddin.exe
+ 2004-08-19 20:10:04 30,720 ----a-w c:\windows\system32\rdsaddin.exe
- 2004-08-19 20:10:04 67,072 ----a-w c:\windows\system32\rdshost.exe
+ 2004-08-19 20:10:04 83,968 ----a-w c:\windows\system32\rdshost.exe
- 2001-08-28 18:00:00 7,168 ----a-w c:\windows\system32\recover.exe
+ 2001-08-28 18:00:00 24,064 ----a-w c:\windows\system32\recover.exe
- 2004-08-19 20:10:04 53,248 ----a-w c:\windows\system32\reg.exe
+ 2004-08-19 20:10:04 70,144 ----a-w c:\windows\system32\reg.exe
- 2001-08-28 18:00:00 3,584 ----a-w c:\windows\system32\regedt32.exe
+ 2001-08-28 18:00:00 20,992 ----a-w c:\windows\system32\regedt32.exe
- 2001-08-28 18:00:00 33,792 ----a-w c:\windows\system32\regini.exe
+ 2001-08-28 18:00:00 50,688 ----a-w c:\windows\system32\regini.exe
- 2004-08-19 20:10:04 12,288 ----a-w c:\windows\system32\regsvr32.exe
+ 2004-08-19 20:10:04 29,184 ----a-w c:\windows\system32\regsvr32.exe
- 2001-08-28 18:00:00 4,608 ----a-w c:\windows\system32\regwiz.exe
+ 2001-08-28 18:00:00 21,504 ----a-w c:\windows\system32\regwiz.exe
- 2006-05-04 14:26:36 2,808,832 ----a-w c:\windows\system32\ReinstallBackups\[u]0/u003\DriverFiles\ALCWZRD.EXE
+ 2006-05-04 14:26:36 2,827,776 ----a-w c:\windows\system32\ReinstallBackups\[u]0/u003\DriverFiles\ALCWZRD.EXE
- 2007-06-28 14:44:14 2,165,760 ----a-w c:\windows\system32\ReinstallBackups\[u]0/u003\DriverFiles\MicCal.exe
+ 2007-06-28 14:44:14 2,183,680 ----a-w c:\windows\system32\ReinstallBackups\[u]0/u003\DriverFiles\MicCal.exe
- 2008-04-10 14:52:10 16,861,184 ----a-w c:\windows\system32\ReinstallBackups\[u]0/u003\DriverFiles\RTHDCPL.EXE
+ 2008-04-10 14:52:10 16,879,104 ----a-w c:\windows\system32\ReinstallBackups\[u]0/u003\DriverFiles\RTHDCPL.EXE
- 2007-03-23 17:19:10 9,715,200 ----a-w c:\windows\system32\ReinstallBackups\[u]0/u003\DriverFiles\RTLCPL.EXE
+ 2007-03-23 17:19:10 9,733,632 ----a-w c:\windows\system32\ReinstallBackups\[u]0/u003\DriverFiles\RTLCPL.EXE
- 2008-04-02 07:27:26 1,196,032 ----a-w c:\windows\system32\ReinstallBackups\[u]0/u003\DriverFiles\RtlUpd.exe
+ 2008-04-02 07:27:26 1,216,512 ----a-w c:\windows\system32\ReinstallBackups\[u]0/u003\DriverFiles\RtlUpd.exe
- 2007-11-20 16:15:58 1,826,816 ----a-w c:\windows\system32\ReinstallBackups\[u]0/u003\DriverFiles\SkyTel.exe
+ 2007-11-20 16:15:58 1,847,296 ----a-w c:\windows\system32\ReinstallBackups\[u]0/u003\DriverFiles\SkyTel.exe
- 2006-07-21 14:14:36 86,016 ----a-w c:\windows\system32\ReinstallBackups\[u]0/u003\DriverFiles\SOUNDMAN.EXE
+ 2006-07-21 14:14:36 106,496 ----a-w c:\windows\system32\ReinstallBackups\[u]0/u003\DriverFiles\SOUNDMAN.EXE
- 2001-08-28 18:00:00 33,792 ----a-w c:\windows\system32\relog.exe
+ 2001-08-28 18:00:00 50,688 ----a-w c:\windows\system32\relog.exe
- 2001-08-28 18:00:00 12,800 ----a-w c:\windows\system32\replace.exe
+ 2001-08-28 18:00:00 30,208 ----a-w c:\windows\system32\replace.exe
- 2001-08-28 18:00:00 10,240 ----a-w c:\windows\system32\reset.exe
+ 2001-08-28 18:00:00 27,136 ----a-w c:\windows\system32\reset.exe
- 2004-08-19 20:10:04 384,512 ----a-w c:\windows\system32\Restore\rstrui.exe
+ 2004-08-19 20:10:04 401,408 ----a-w c:\windows\system32\Restore\rstrui.exe
- 2001-08-28 18:00:00 47,104 ----a-w c:\windows\system32\Restore\srdiag.exe
+ 2001-08-28 18:00:00 64,000 ----a-w c:\windows\system32\Restore\srdiag.exe
- 2004-08-19 20:10:04 14,848 ----a-w c:\windows\system32\rexec.exe
+ 2004-08-19 20:10:04 31,744 ----a-w c:\windows\system32\rexec.exe
- 2001-08-28 18:00:00 21,504 ----a-w c:\windows\system32\route.exe
+ 2001-08-28 18:00:00 38,912 ----a-w c:\windows\system32\route.exe
- 2004-08-19 20:10:04 15,872 ----a-w c:\windows\system32\rsh.exe
+ 2004-08-19 20:10:04 32,768 ----a-w c:\windows\system32\rsh.exe
- 2001-08-28 18:00:00 53,248 ----a-w c:\windows\system32\rsm.exe
+ 2001-08-28 18:00:00 70,144 ----a-w c:\windows\system32\rsm.exe
- 2001-08-28 18:00:00 49,664 ----a-w c:\windows\system32\rsmui.exe
+ 2001-08-28 18:00:00 66,560 ----a-w c:\windows\system32\rsmui.exe
- 2004-08-19 20:10:04 107,520 ----a-w c:\windows\system32\rsnotify.exe
+ 2004-08-19 20:10:04 124,416 ----a-w c:\windows\system32\rsnotify.exe
- 2001-08-28 18:00:00 62,976 ----a-w c:\windows\system32\rsopprov.exe
+ 2001-08-28 18:00:00 79,872 ----a-w c:\windows\system32\rsopprov.exe
- 2001-08-28 18:00:00 132,608 ----a-w c:\windows\system32\rsvp.exe
+ 2001-08-28 18:00:00 149,504 ----a-w c:\windows\system32\rsvp.exe
- 2004-08-19 20:10:04 78,336 ----a-w c:\windows\system32\rtcshare.exe
+ 2004-08-19 20:10:04 95,744 ----a-w c:\windows\system32\rtcshare.exe
- 2001-08-28 18:00:00 17,408 ----a-w c:\windows\system32\runas.exe
+ 2001-08-28 18:00:00 34,816 ----a-w c:\windows\system32\runas.exe
- 2004-08-19 20:10:04 33,792 ----a-w c:\windows\system32\rundll32.exe
+ 2004-08-19 20:10:04 50,688 ----a-w c:\windows\system32\rundll32.exe
- 2004-08-19 20:10:04 14,336 ----a-w c:\windows\system32\runonce.exe
+ 2004-08-19 20:10:04 31,232 ----a-w c:\windows\system32\runonce.exe
- 2001-08-28 18:00:00 16,384 ----a-w c:\windows\system32\rwinsta.exe
+ 2001-08-28 18:00:00 33,280 ----a-w c:\windows\system32\rwinsta.exe
- 2004-08-19 20:10:04 13,824 ----a-w c:\windows\system32\savedump.exe
+ 2004-08-19 20:10:04 30,720 ----a-w c:\windows\system32\savedump.exe
- 2001-08-28 18:00:00 31,232 ----a-w c:\windows\system32\sc.exe
+ 2001-08-28 18:00:00 48,128 ----a-w c:\windows\system32\sc.exe
- 2004-08-19 20:10:04 100,352 ----a-w c:\windows\system32\scardsvr.exe
+ 2004-08-19 20:10:04 117,248 ----a-w c:\windows\system32\scardsvr.exe
- 2004-08-19 20:10:04 78,848 ----a-w c:\windows\system32\sdbinst.exe
+ 2004-08-19 20:10:04 95,744 ----a-w c:\windows\system32\sdbinst.exe
- 2004-08-19 20:10:04 19,456 ----a-w c:\windows\system32\secedit.exe
+ 2004-08-19 20:10:04 36,352 ----a-w c:\windows\system32\secedit.exe
- 2004-08-19 20:10:04 142,336 ----a-w c:\windows\system32\sessmgr.exe
+ 2004-08-19 20:10:04 159,232 ----a-w c:\windows\system32\sessmgr.exe
- 2004-08-19 20:10:04 32,768 ----a-w c:\windows\system32\sethc.exe
+ 2004-08-19 20:10:04 49,664 ----a-w c:\windows\system32\sethc.exe
- 2004-08-19 20:10:04 23,040 ----a-w c:\windows\system32\setup.exe
+ 2004-08-19 20:10:04 39,936 ----a-w c:\windows\system32\setup.exe
- 2001-08-28 18:00:00 10,240 ----a-w c:\windows\system32\sfc.exe
+ 2001-08-28 18:00:00 27,136 ----a-w c:\windows\system32\sfc.exe
- 2001-08-28 18:00:00 15,360 ----a-w c:\windows\system32\shadow.exe
+ 2001-08-28 18:00:00 32,256 ----a-w c:\windows\system32\shadow.exe
- 2004-08-19 20:10:04 42,496 ----a-w c:\windows\system32\shmgrate.exe
+ 2004-08-19 20:10:04 59,392 ----a-w c:\windows\system32\shmgrate.exe
- 2004-08-19 20:10:04 78,848 ----a-w c:\windows\system32\shrpubw.exe
+ 2004-08-19 20:10:04 95,744 ----a-w c:\windows\system32\shrpubw.exe
- 2004-08-19 20:10:04 20,480 ----a-w c:\windows\system32\shutdown.exe
+ 2004-08-19 20:10:04 37,376 ----a-w c:\windows\system32\shutdown.exe
- 2004-08-19 20:10:04 71,168 ----a-w c:\windows\system32\sigverif.exe
+ 2004-08-19 20:10:04 88,064 ----a-w c:\windows\system32\sigverif.exe
- 2004-08-19 20:10:04 26,112 ----a-w c:\windows\system32\skeys.exe
+ 2004-08-19 20:10:04 43,008 ----a-w c:\windows\system32\skeys.exe
- 2004-08-19 20:10:04 8,192 ----a-w c:\windows\system32\smbinst.exe
+ 2004-08-19 20:10:04 25,088 ----a-w c:\windows\system32\smbinst.exe
- 2004-08-19 20:10:04 93,184 ----a-w c:\windows\system32\smlogsvc.exe
+ 2004-08-19 20:10:04 110,080 ----a-w c:\windows\system32\smlogsvc.exe
- 2007-07-15 21:27:58 418,304 ----a-w c:\windows\system32\sndvol32.exe
+ 2007-07-15 21:27:58 435,200 ----a-w c:\windows\system32\sndvol32.exe
+ 2008-10-16 13:08:58 34,328 ----a-w c:\windows\system32\SoftwareDistribution\Setup\ServiceStartup\wups.dll\7.2.6001.788\wups.dll
+ 2008-10-16 13:09:44 43,544 ----a-w c:\windows\system32\SoftwareDistribution\Setup\ServiceStartup\wups2.dll\7.2.6001.788\wups2.dll
- 2001-08-28 18:00:00 25,088 ----a-w c:\windows\system32\sort.exe
+ 2001-08-28 18:00:00 41,984 ----a-w c:\windows\system32\sort.exe
- 2004-08-04 02:59:36 12,800 ----a-w c:\windows\system32\spiisupd.exe
+ 2004-08-04 02:59:36 29,696 ----a-w c:\windows\system32\spiisupd.exe
- 2006-10-16 15:10:58 14,640 ------w c:\windows\system32\spmsg.dll
+ 2007-11-30 11:19:06 18,296 ------w c:\windows\system32\spmsg.dll
- 2004-08-19 20:10:04 11,776 ----a-w c:\windows\system32\spnpinst.exe
+ 2004-08-19 20:10:04 28,672 ----a-w c:\windows\system32\spnpinst.exe
+ 2006-10-22 22:37:38 24,456 ----a-w c:\windows\system32\spool\drivers\w32x86\3\ADREGP.DLL
+ 2006-10-22 22:37:52 190,072 ----a-w c:\windows\system32\spool\drivers\w32x86\3\ADUIGP.DLL
+ 2003-05-05 15:47:20 131,072 ----a-w c:\windows\system32\spool\drivers\w32x86\3\Ps5ui.dll
+ 2003-05-05 15:47:20 455,168 ----a-w c:\windows\system32\spool\drivers\w32x86\3\PSCRIPT5.DLL
+ 2006-10-22 22:37:38 24,456 ----a-w c:\windows\system32\spool\drivers\w32x86\ADReGP.dll
+ 2006-10-22 22:37:52 190,072 ----a-w c:\windows\system32\spool\drivers\w32x86\ADUIGP.DLL
+ 2003-05-05 15:47:20 131,072 ----a-w c:\windows\system32\spool\drivers\w32x86\ps5ui.dll
+ 2003-05-05 15:47:20 455,168 ----a-w c:\windows\system32\spool\drivers\w32x86\PSCRIPT5.DLL
- 2006-10-14 15:44:44 671,744 ------w c:\windows\system32\spool\prtprocs\w32x86\PrintFilterPipelineSvc.exe
+ 2006-10-14 15:44:44 688,640 ------w c:\windows\system32\spool\prtprocs\w32x86\PrintFilterPipelineSvc.exe
- 2004-08-19 20:10:08 47,104 ----a-w c:\windows\system32\ssmypics.scr
+ 2004-08-19 20:10:08 64,000 ----a-w c:\windows\system32\ssmypics.scr
+ 2004-04-25 18:39:52 53,248 ----a-w c:\windows\system32\SSubTmr6.dll
- 2004-08-19 20:10:04 14,848 ----a-w c:\windows\system32\stimon.exe
+ 2004-08-19 20:10:04 31,744 ----a-w c:\windows\system32\stimon.exe
- 2007-07-16 14:27:06 246,814 ----a-w c:\windows\system32\strmdll.dll
+ 2008-10-03 10:17:02 247,326 ----a-w c:\windows\system32\strmdll.dll
- 2001-08-28 18:00:00 9,216 ----a-w c:\windows\system32\subst.exe
+ 2001-08-28 18:00:00 26,112 ----a-w c:\windows\system32\subst.exe
- 2001-08-28 18:00:00 51,200 ----a-w c:\windows\system32\syncapp.exe
+ 2001-08-28 18:00:00 68,096 ----a-w c:\windows\system32\syncapp.exe
- 2001-08-28 18:00:00 37,888 ----a-w c:\windows\system32\syskey.exe
+ 2001-08-28 18:00:00 54,784 ----a-w c:\windows\system32\syskey.exe
- 2007-07-15 21:27:59 408,064 ----a-w c:\windows\system32\sysocmgr.exe
+ 2007-07-15 21:27:59 425,472 ----a-w c:\windows\system32\sysocmgr.exe
- 2001-08-28 18:00:00 70,656 ----a-w c:\windows\system32\systeminfo.exe
+ 2001-08-28 18:00:00 87,552 ----a-w c:\windows\system32\systeminfo.exe
- 2001-08-28 18:00:00 3,072 ----a-w c:\windows\system32\systray.exe
+ 2001-08-28 18:00:00 19,968 ----a-w c:\windows\system32\systray.exe
- 2001-08-28 18:00:00 74,240 ----a-w c:\windows\system32\taskkill.exe
+ 2001-08-28 18:00:00 91,136 ----a-w c:\windows\system32\taskkill.exe
- 2001-08-28 18:00:00 74,240 ----a-w c:\windows\system32\tasklist.exe
+ 2001-08-28 18:00:00 91,136 ----a-w c:\windows\system32\tasklist.exe
- 2001-08-28 18:00:00 15,872 ----a-w c:\windows\system32\taskman.exe
+ 2001-08-28 18:00:00 32,768 ----a-w c:\windows\system32\taskman.exe
- 2007-07-15 21:27:59 604,672 ----a-w c:\windows\system32\taskmgr.exe
+ 2007-07-15 21:27:59 621,568 ----a-w c:\windows\system32\taskmgr.exe
- 2001-08-28 18:00:00 13,312 ----a-w c:\windows\system32\tcmsetup.exe
+ 2001-08-28 18:00:00 30,208 ----a-w c:\windows\system32\tcmsetup.exe
- 2001-08-28 18:00:00 19,456 ----a-w c:\windows\system32\tcpsvcs.exe
+ 2001-08-28 18:00:00 36,352 ----a-w c:\windows\system32\tcpsvcs.exe
- 2005-05-11 04:33:20 78,336 ----a-w c:\windows\system32\telnet.exe
+ 2005-05-11 04:33:20 95,232 ----a-w c:\windows\system32\telnet.exe
- 2001-08-28 18:00:00 17,920 ----a-w c:\windows\system32\tftp.exe
+ 2001-08-28 18:00:00 34,816 ----a-w c:\windows\system32\tftp.exe
- 2004-08-19 20:10:04 63,488 ----a-w c:\windows\system32\tlntadmn.exe
+ 2004-08-19 20:10:04 80,384 ----a-w c:\windows\system32\tlntadmn.exe
- 2004-08-19 20:10:04 80,384 ----a-w c:\windows\system32\tlntsess.exe
+ 2004-08-19 20:10:04 97,280 ----a-w c:\windows\system32\tlntsess.exe
- 2004-08-19 20:10:04 75,264 ----a-w c:\windows\system32\tlntsvr.exe
+ 2004-08-19 20:10:04 92,160 ----a-w c:\windows\system32\tlntsvr.exe
- 2004-08-19 20:10:04 260,096 ----a-w c:\windows\system32\tracerpt.exe
+ 2004-08-19 20:10:04 277,504 ----a-w c:\windows\system32\tracerpt.exe
- 2004-08-19 20:10:04 13,312 ----a-w c:\windows\system32\tracert.exe
+ 2004-08-19 20:10:04 30,208 ----a-w c:\windows\system32\tracert.exe
- 2001-08-28 18:00:00 32,256 ----a-w c:\windows\system32\tracert6.exe
+ 2001-08-28 18:00:00 49,152 ----a-w c:\windows\system32\tracert6.exe
- 2001-08-28 18:00:00 15,360 ----a-w c:\windows\system32\tscon.exe
+ 2001-08-28 18:00:00 32,256 ----a-w c:\windows\system32\tscon.exe
- 2004-08-19 19:52:06 44,544 ----a-w c:\windows\system32\tscupgrd.exe
+ 2004-08-19 19:52:06 61,440 ----a-w c:\windows\system32\tscupgrd.exe
- 2001-08-28 18:00:00 14,848 ----a-w c:\windows\system32\tsdiscon.exe
+ 2001-08-28 18:00:00 31,744 ----a-w c:\windows\system32\tsdiscon.exe
- 2001-08-28 18:00:00 16,896 ----a-w c:\windows\system32\tskill.exe
+ 2001-08-28 18:00:00 33,792 ----a-w c:\windows\system32\tskill.exe
- 2001-08-28 18:00:00 17,408 ----a-w c:\windows\system32\tsshutdn.exe
+ 2001-08-28 18:00:00 34,816 ----a-w c:\windows\system32\tsshutdn.exe
- 2007-04-03 03:31:38 77,312 ----a-w c:\windows\system32\TWAIN_32.DLL
+ 2007-04-03 04:31:38 77,312 ----a-w c:\windows\system32\TWAIN_32.DLL
- 2007-04-03 03:31:38 48,560 ----a-w c:\windows\system32\TWUNK_16.EXE
+ 2007-04-03 04:31:38 48,560 ----a-w c:\windows\system32\TWUNK_16.EXE
- 2007-04-03 03:31:38 69,632 ----a-w c:\windows\system32\TWUNK_32.EXE
+ 2007-04-03 04:31:38 86,528 ----a-w c:\windows\system32\TWUNK_32.EXE
+ 2004-04-08 10:50:06 360,960 ----a-w c:\windows\system32\txp4lib.dll
+ 2004-09-28 02:00:00 45,056 ----a-w c:\windows\system32\TXPstart.exe
- 2001-08-28 18:00:00 37,376 ----a-w c:\windows\system32\typeperf.exe
+ 2001-08-28 18:00:00 54,272 ----a-w c:\windows\system32\typeperf.exe
- 2007-01-29 08:58:06 60,416 ------w c:\windows\system32\tzchange.exe
+ 2007-01-29 08:58:06 77,824 ------w c:\windows\system32\tzchange.exe
- 2001-08-28 18:00:00 4,096 ----a-w c:\windows\system32\unlodctr.exe
+ 2001-08-28 18:00:00 20,992 ----a-w c:\windows\system32\unlodctr.exe
- 2004-08-19 20:10:04 16,896 ----a-w c:\windows\system32\upnpcont.exe
+ 2004-08-19 20:10:04 33,792 ----a-w c:\windows\system32\upnpcont.exe
- 2004-08-19 20:10:04 18,432 ----a-w c:\windows\system32\ups.exe
+ 2004-08-19 20:10:04 35,328 ----a-w c:\windows\system32\ups.exe
- 2007-07-16 14:25:50 103,936 ----a-w c:\windows\system32\usmt\migload.exe
+ 2007-07-16 14:25:50 121,344 ----a-w c:\windows\system32\usmt\migload.exe
- 2007-07-16 14:25:50 251,904 ----a-w c:\windows\system32\usmt\migwiz.exe
+ 2007-07-16 14:25:50 268,800 ----a-w c:\windows\system32\usmt\migwiz.exe
- 2004-08-19 20:09:56 242,688 ----a-w c:\windows\system32\usmt\migwiz_a.exe
+ 2004-08-19 20:09:56 259,584 ----a-w c:\windows\system32\usmt\migwiz_a.exe
- 2007-07-16 14:25:51 247,808 ----a-w c:\windows\system32\usmt\migwiza.exe
+ 2007-07-16 14:25:51 264,704 ----a-w c:\windows\system32\usmt\migwiza.exe
- 2007-07-21 14:34:24 77,891 ----a-w c:\windows\system32\usrmlnka.exe
+ 2007-07-21 14:34:24 98,371 ----a-w c:\windows\system32\usrmlnka.exe
- 2007-07-21 14:34:24 61,508 ----a-w c:\windows\system32\usrprbda.exe
+ 2007-07-21 14:34:24 81,988 ----a-w c:\windows\system32\usrprbda.exe
- 2007-07-21 14:34:24 69,700 ----a-w c:\windows\system32\usrshuta.exe
+ 2007-07-21 14:34:24 90,180 ----a-w c:\windows\system32\usrshuta.exe
- 2007-07-16 14:27:25 50,176 ----a-w c:\windows\system32\utilman.exe
+ 2007-07-16 14:27:25 67,072 ----a-w c:\windows\system32\utilman.exe
- 2002-10-06 17:37:26 119,568 ----a-w c:\windows\system32\VB6FR.DLL
+ 2008-06-04 16:42:54 119,568 ------w c:\windows\system32\VB6FR.DLL
- 2007-07-16 14:27:27 28,672 ----a-w c:\windows\system32\verclsid.exe
+ 2007-07-16 14:27:27 45,568 ----a-w c:\windows\system32\verclsid.exe
- 2001-08-28 18:00:00 102,912 ----a-w c:\windows\system32\verifier.exe
+ 2001-08-28 18:00:00 119,808 ----a-w c:\windows\system32\verifier.exe
- 2001-08-28 18:00:00 34,304 ----a-w c:\windows\system32\vssadmin.exe
+ 2001-08-28 18:00:00 51,200 ----a-w c:\windows\system32\vssadmin.exe
- 2004-08-19 20:10:04 295,424 ----a-w c:\windows\system32\vssvc.exe
+ 2004-08-19 20:10:04 312,832 ----a-w c:\windows\system32\vssvc.exe
- 2001-08-28 18:00:00 51,712 ----a-w c:\windows\system32\w32tm.exe
+ 2001-08-28 18:00:00 68,608 ----a-w c:\windows\system32\w32tm.exe
- 2004-08-19 20:09:58 16,896 ----a-w c:\windows\system32\wbem\mofcomp.exe
+ 2004-08-19 20:09:58 33,792 ----a-w c:\windows\system32\wbem\mofcomp.exe
- 2004-08-19 20:10:04 36,864 ----a-w c:\windows\system32\wbem\scrcons.exe
+ 2004-08-19 20:10:04 53,760 ----a-w c:\windows\system32\wbem\scrcons.exe
- 2001-08-28 18:00:00 16,896 ----a-w c:\windows\system32\wbem\unsecapp.exe
+ 2001-08-28 18:00:00 33,792 ----a-w c:\windows\system32\wbem\unsecapp.exe
- 2001-08-28 18:00:00 14,336 ----a-w c:\windows\system32\wbem\winmgmt.exe
+ 2001-08-28 18:00:00 31,232 ----a-w c:\windows\system32\wbem\winmgmt.exe
- 2004-08-19 20:10:06 126,464 ----a-w c:\windows\system32\wbem\wmiapsrv.exe
+ 2004-08-19 20:10:06 143,360 ----a-w c:\windows\system32\wbem\wmiapsrv.exe
- 2004-08-19 20:10:06 369,664 ----a-w c:\windows\system32\wbem\wmic.exe
+ 2004-08-19 20:10:06 387,072 ----a-w c:\windows\system32\wbem\wmic.exe
- 2004-08-19 20:10:06 218,112 ----a-w c:\windows\system32\wbem\wmiprvse.exe
+ 2004-08-19 20:10:06 235,520 ----a-w c:\windows\system32\wbem\wmiprvse.exe
- 2004-08-19 20:10:06 66,560 ----a-w c:\windows\system32\wextract.exe
+ 2004-08-19 20:10:06 83,456 ----a-w c:\windows\system32\wextract.exe
- 2007-07-15 21:28:01 1,918,464 ----a-w c:\windows\system32\wiaacmgr.exe
+ 2007-07-15 21:28:01 1,935,872 ----a-w c:\windows\system32\wiaacmgr.exe
- 2007-07-16 14:27:35 1,844,096 ----a-w c:\windows\system32\win32k.sys
+ 2008-09-15 15:14:42 1,847,040 ----a-w c:\windows\system32\win32k.sys
- 2006-10-17 11:05:58 206,336 ------w c:\windows\system32\WinFXDocObj.exe
+ 2006-10-17 11:05:58 223,744 ------w c:\windows\system32\WinFXDocObj.exe
- 2001-08-28 18:00:00 8,192 ----a-w c:\windows\system32\winhlp32.exe
+ 2001-08-28 18:00:00 25,088 ----a-w c:\windows\system32\winhlp32.exe
- 2001-08-28 18:00:00 11,776 ----a-w c:\windows\system32\winmsd.exe
+ 2001-08-28 18:00:00 28,672 ----a-w c:\windows\system32\winmsd.exe
- 2004-08-19 20:10:06 5,632 ----a-w c:\windows\system32\winver.exe
+ 2004-08-19 20:10:06 22,528 ----a-w c:\windows\system32\winver.exe
- 2006-10-26 11:45:04 293,376 ----a-w c:\windows\system32\WISPTIS.EXE
+ 2006-10-26 11:45:04 310,272 ----a-w c:\windows\system32\WISPTIS.EXE
- 2002-12-11 15:23:58 981,504 ----a-w c:\windows\system32\wmnetmgr.dll
+ 2008-06-10 17:18:18 1,053,696 ----a-w c:\windows\system32\WMNetmgr.dll
- 2002-12-11 17:02:38 2,058,888 ----a-w c:\windows\system32\wmvcore.dll
+ 2008-11-07 17:32:20 2,109,440 ----a-w c:\windows\system32\WMVCore.dll
- 2004-08-19 20:10:06 32,256 ----a-w c:\windows\system32\wpabaln.exe
+ 2004-08-19 20:10:06 49,152 ----a-w c:\windows\system32\wpabaln.exe
- 2004-08-19 20:10:06 32,768 ----a-w c:\windows\system32\wpnpinst.exe
+ 2004-08-19 20:10:06 49,664 ----a-w c:\windows\system32\wpnpinst.exe
- 2001-08-28 18:00:00 5,632 ----a-w c:\windows\system32\write.exe
+ 2001-08-28 18:00:00 22,528 ----a-w c:\windows\system32\write.exe
- 2004-08-19 20:10:06 13,824 ----a-w c:\windows\system32\wscntfy.exe
+ 2004-08-19 20:10:06 30,720 ----a-w c:\windows\system32\wscntfy.exe
- 2007-07-16 14:27:38 114,688 ----a-w c:\windows\system32\wscript.exe
+ 2007-07-16 14:27:38 135,168 ----a-w c:\windows\system32\wscript.exe
- 2007-07-16 14:27:40 549,720 ----a-w c:\windows\system32\wuapi.dll
+ 2008-10-16 13:12:20 561,688 ----a-w c:\windows\system32\wuapi.dll
- 2007-07-16 14:27:40 53,080 ----a-w c:\windows\system32\wuauclt.exe
+ 2008-10-16 13:09:44 51,224 ----a-w c:\windows\system32\wuauclt.exe
- 2007-07-15 21:28:01 189,440 ----a-w c:\windows\system32\wuauclt1.exe
+ 2007-07-15 21:28:01 206,336 ----a-w c:\windows\system32\wuauclt1.exe
- 2007-07-16 14:27:43 1,710,936 ----a-w c:\windows\system32\wuaueng.dll
+ 2008-10-16 13:13:40 1,809,944 ----a-w c:\windows\system32\wuaueng.dll
- 2007-07-16 14:27:44 325,976 ----a-w c:\windows\system32\wucltui.dll
+ 2008-10-16 13:12:22 323,608 ----a-w c:\windows\system32\wucltui.dll
- 2001-08-28 18:00:00 32,256 ----a-w c:\windows\system32\wupdmgr.exe
+ 2001-08-28 18:00:00 49,152 ----a-w c:\windows\system32\wupdmgr.exe
- 2007-07-16 14:27:44 33,624 ----a-w c:\windows\system32\wups.dll
+ 2008-10-16 13:08:58 34,328 ----a-w c:\windows\system32\wups.dll
- 2007-07-16 14:27:44 43,352 ----a-w c:\windows\system32\wups2.dll
+ 2008-10-16 13:09:44 43,544 ----a-w c:\windows\system32\wups2.dll
- 2007-07-16 14:27:45 203,096 ----a-w c:\windows\system32\wuweb.dll
+ 2008-10-16 13:13:40 202,776 ----a-w c:\windows\system32\wuweb.dll
- 2004-08-19 20:10:06 30,720 ----a-w c:\windows\system32\xcopy.exe
+ 2004-08-19 20:10:06 47,616 ----a-w c:\windows\system32\xcopy.exe
- 2001-07-16 12:08:50 45,056 ----a-w c:\windows\system32\xvga.exe
+ 2001-07-16 13:08:50 65,536 ----a-w c:\windows\system32\xvga.exe
- 2001-08-28 18:00:00 15,872 ----a-w c:\windows\TASKMAN.EXE
+ 2001-08-28 18:00:00 33,280 ----a-w c:\windows\TASKMAN.EXE
- 2004-03-31 08:42:08 98,304 ----a-w c:\windows\tcpview.exe
+ 2004-03-31 09:42:08 118,784 ----a-w c:\windows\tcpview.exe
+ 2009-02-15 22:37:14 16,384 ------w c:\windows\temp\Perflib_Perfdata_6bc.dat
+ 2009-02-15 22:37:26 16,384 ------w c:\windows\temp\Perflib_Perfdata_b0.dat
- 2001-08-28 18:00:00 25,600 ----a-w c:\windows\twunk_32.exe
+ 2001-08-28 18:00:00 42,496 ----a-w c:\windows\twunk_32.exe
- 2000-08-31 07:00:00 49,152 ----a-w c:\windows\VFIND.exe
+ 2000-08-31 07:00:00 72,548 ----a-w c:\windows\VFIND.exe
- 2003-08-27 08:29:46 65,536 ----a-w c:\windows\wanmpsvc.exe
+ 2003-08-27 08:29:46 86,016 ----a-w c:\windows\wanmpsvc.exe
- 2004-08-19 20:10:06 288,256 ----a-w c:\windows\winhlp32.exe
+ 2004-08-19 20:10:06 305,152 ----a-w c:\windows\winhlp32.exe
+ 2008-09-30 15:42:08 1,286,152 ----a-w c:\windows\WinSxS\x86_Microsoft.MSXML2_6bd6b9abf345378f_4.20.9870.0_x-ww_a32d74cf\msxml4.dll
+ 2008-09-30 15:45:12 91,656 ----a-w c:\windows\WinSxS\x86_Microsoft.MSXML2R_6bd6b9abf345378f_4.1.1.0_x-ww_2a41bceb\msxml4r.dll
+ 2008-04-15 17:56:59 1,724,416 ----a-w c:\windows\WinSxS\x86_Microsoft.Windows.GdiPlus_6595b64144ccf1df_1.0.2600.3352_x-ww_81af8e88\GdiPlus.dll
- 2000-08-31 07:00:00 68,096 ----a-w c:\windows\zip.exe
+ 2000-08-31 07:00:00 84,992 ----a-w c:\windows\zip.exe
.
-- Instantané actualisé --
.
((((((((((((((((((((((((((((((((( Points de chargement Reg ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MsnMsgr"="c:\program files\Windows Live\Messenger\MsnMsgr.Exe" [2007-10-18 5724184]
"Neuf Media Center"="c:\program files\SFR\Media Center\MediaCenter.exe" [2008-10-10 726336]
"pdfSaver3"="c:\program files\Mindjet\MindManager 7\PDF-XChange\pdfSaver\pdfSaver3.exe" [2004-09-05 401408]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2004-08-19 32256]
"ccleaner"="c:\program files\CCleaner\CCleaner.exe" [2008-10-23 1336560]
"LClock"="lclock.exe" [2004-12-08 c:\windows\LClock.exe]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2008-02-19 13500416]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2008-02-19 86016]
"Autoconfigurateur WiFi Neuf"="c:\program files\Neuf\Kit\WiFi\9wifi.exe" [2007-04-23 181752]
"AOLDialer"="c:\program files\Fichiers communs\AOL\ACS\AOLDial.exe" [2007-06-21 70952]
"CanonSolutionMenu"="c:\program files\Canon\Solution
CanonSolutionMenu"="c:\program files\Canon\SolutionMenu\CNSLMAIN.exe" [2007-05-14 644696]
"CanonMyPrinter"="c:\program files\Canon\MyPrinter\BJMyPrt.exe" [2007-04-03 1603152]
"SSBkgdUpdate"="c:\program files\Fichiers communs\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" [2006-10-25 210472]
"OpwareSE4"="c:\program files\ScanSoft\OmniPageSE4\OpwareSE4.exe" [2007-02-04 79400]
"Adobe_ID0EYTHM"="c:\progra~1\FICHIE~1\Adobe\ADOBEV~1\Server\bin\VERSIO~2.EXE" [2007-03-20 1904640]
"HostManager"="c:\program files\Fichiers communs\AOL\1224958869\ee\AOLSoftware.exe" [2006-09-26 50736]
"DNS7reminder"="c:\program files\Nuance\NaturallySpeaking9\Ereg\Ereg.exe" [2007-03-19 259624]
"DAEMON Tools"="c:\program files\DAEMON Tools\daemon.exe" [2005-11-08 128920]
"MMReminderService"="c:\program files\Mindjet\MindManager 7\MMReminderService.exe" [2007-07-24 37136]
"avast!"="c:\progra~1\ALWILS~1\Avast4\ashDisp.exe" [2008-11-26 81000]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2008-10-22 118784]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2008-11-10 136600]
"IMJPMIG8.1"="c:\windows\IME\imjp8_1\IMJPMIG.EXE" [2004-08-04 229432]
"PHIME2002ASync"="c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE" [2004-08-04 472064]
"PHIME2002A"="c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE" [2004-08-04 472064]
"Acrobat Assistant 8.0"="c:\program files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe" [2006-10-22 620152]
"NielsenOnline"="c:\program files\NetRatingsNetSight\NetSight\NielsenOnline.exe" [2007-11-30 65536]
"nwiz"="nwiz.exe" [2008-02-19 c:\windows\system32\nwiz.exe]
"RTHDCPL"="RTHDCPL.EXE" [2008-10-09 c:\windows\RTHDCPL.EXE]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2004-08-19 32256]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"LSD_III"="c:\windows\LSD\end.cmd" [2007-08-07 2336]
"tscuninstall"="c:\windows\system32\tscupgrd.exe" [2004-08-19 61440]
"nltide_3"="advpack.dll" [2006-10-27 c:\windows\system32\advpack.dll]
c:\documents and settings\Profit\Menu D‚marrer\Programmes\D‚marrage\
Dragon NaturallySpeaking.lnk.disabled [2008-10-26 963]
Outil de d‚tection de support Picture Motion Browser.lnk - c:\program files\Sony\Sony Picture Utility\PMBCore\SPUVolumeWatcher.exe [2008-11-15 405504]
c:\documents and settings\Profit\Menu D‚marrer\Programmes\D‚marrage\
Dragon NaturallySpeaking.lnk.disabled [2008-10-26 963]
Outil de d‚tection de support Picture Motion Browser.lnk - c:\program files\Sony\Sony Picture Utility\PMBCore\SPUVolumeWatcher.exe [2008-11-15 405504]
c:\documents and settings\Profit\Menu D‚marrer\Programmes\D‚marrage\
Dragon NaturallySpeaking.lnk.disabled [2008-10-26 963]
Outil de d‚tection de support Picture Motion Browser.lnk - c:\program files\Sony\Sony Picture Utility\PMBCore\SPUVolumeWatcher.exe [2008-11-15 405504]
c:\documents and settings\All Users\Menu D‚marrer\Programmes\D‚marrage\
Adobe Reader Synchronizer.lnk - c:\program files\Adobe\Acrobat 8.0\Acrobat\AdobeCollabSync.exe [2006-10-23 734872]
AOL 9.0 Ic“ne AOL.lnk.disabled [2008-10-22 730]
Device Detector 3.lnk - c:\program files\Olympus\DeviceDetector\DevDtct2.exe [2008-10-25 139264]
GN-WB01GS Utility.lnk.disabled [2008-10-21 2177]
Lancement rapide d'Adobe Acrobat.lnk.disabled [2009-02-14 2337]
Logitech SetPoint.lnk - c:\program files\Logitech\SetPoint\SetPoint.exe [2008-10-23 805392]
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"NoSMBalloonTip"= 0 (0x0)
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon]
"Userinit"="c:\windows\explorer.exe,"
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\LBTWlgn]
2008-05-02 01:42 72208 c:\program files\Fichiers communs\Logitech\Bluetooth\LBTWLgn.dll
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"VIDC.ACDV"= ACDV.dll
"vidc.mjpg"= pvmjpg30.dll
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WdfLoadGroup]
@=""
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"DisableUnicastResponsesToMulticastBroadcast"= 0 (0x0)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\livecall.exe"=
"c:\\Program Files\\Fichiers communs\\AOL\\ACS\\AOLacsd.exe"=
"c:\\Program Files\\Fichiers communs\\AOL\\ACS\\AOLDial.exe"=
"c:\\Program Files\\AOL 9.0\\waol.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\Fichiers communs\\Adobe\\Adobe Version Cue CS3\\Server\\bin\\VersionCueCS3.exe"=
"c:\\Program Files\\eMule\\emule.exe"=
"c:\\Program Files\\Fichiers communs\\AOL\\1224958869\\ee\\aolsoftware.exe"=
"c:\\Program Files\\Pinnacle\\Studio 12\\Programs\\RM.exe"=
"c:\\Program Files\\Pinnacle\\Studio 12\\Programs\\Studio.exe"=
"c:\\Program Files\\Pinnacle\\Studio 12\\Programs\\umi.exe"=
"c:\program files\SFR\Media Center\httpd\httpd.exe"= c:\program files\SFR\Media Center\httpd\httpd.exe:172.16.255.0/255.255.255.0,192.168.1.0/255.255.255.0:Enabled:Serveur de partage Media Center (Player SFR)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"3703:TCP"= 3703:TCP:Adobe Version Cue CS3 Server
"3704:TCP"= 3704:TCP:Adobe Version Cue CS3 Server
"50900:TCP"= 50900:TCP:Adobe Version Cue CS3 Server
"50901:TCP"= 50901:TCP:Adobe Version Cue CS3 Server
"86:TCP"= 86:TCP:BroadCam Web Server
"23810:TCP"= 23810:TCP:BitComet 23810 TCP
"23810:UDP"= 23810:UDP:BitComet 23810 UDP
R1 aswSP;avast! Self Protection;c:\windows\system32\drivers\aswSP.sys [2008-10-28 111184]
R1 nnrnstdi;nnrnstdi;c:\windows\system32\drivers\nnrnstdi.sys [2009-01-25 14336]
R2 Apache2.2;Apache2.2;e:\xampplite\xampplite\apache\bin\apache.exe [2008-11-15 34304]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [2008-10-28 20560]
R3 km_filter;km_filter;c:\windows\system32\drivers\km_filter.sys [2009-01-25 8832]
S1 ethoqjlm;ethoqjlm;c:\windows\system32\drivers\ethoqjlm.sys [2009-02-12 137920]
S3 MBAMSwissArmy;MBAMSwissArmy;c:\windows\system32\drivers\mbamswissarmy.sys [2009-02-13 38496]
S3 restore;restore;\??\c:\windows\system32\drivers\restore.sys --> c:\windows\system32\drivers\restore.sys [?]
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\G]
\Shell\AutoRun\command - G:\LaunchU3.exe -a
.
- - - - ORPHELINS SUPPRIMES - - - -
HKU-Default-Run-rveskesj.exe - c:\windows\rveskesj.exe
HKU-Default-Run-hdirurzh.exe - c:\windows\hdirurzh.exe
SafeBoot-jpymxmbs.sys
.
------- Examen supplémentaire -------
.
uInternet Settings,ProxyOverride = *.local
IE: &D&ownload &with BitComet - c:\program files\BitComet\BitComet.exe/AddLink.htm
IE: &D&ownload all video with BitComet - c:\program files\BitComet\BitComet.exe/AddVideo.htm
IE: &D&ownload all with BitComet - c:\program files\BitComet\BitComet.exe/AddAllLink.htm
IE: &Recherche AOL Toolbar - c:\program files\AOL Toolbar\toolbar.dll/SEARCH.HTML
IE: &Télécharger le FLV avec WinAVI... - c:\program files\WinAVI FLV Converter\flv_link.htm
IE: Ajouter au fichier PDF existant - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convertir en Adobe PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convertir la cible du lien en Adobe PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convertir la cible du lien en un fichier PDF existant - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convertir la sélection en Adobe PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convertir la sélection en un fichier PDF existant - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convertir les liens sélectionnés en Adobe PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Convertir les liens sélectionnés en fichier Adobe PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Convertir les liens sélectionnés en un fichier PDF existant - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: E&xporter vers Microsoft Excel - c:\progra~1\MICROS~1\Office12\EXCEL.EXE/3000
IE: {{DE365254-2F9B-4908-9E3A-7AAA6EC90BCC} - {EC83A912-7EF4-410D-9CC7-3BDAA709CA71} - c:\program files\WinAVI FLV Converter\FLVTune.dll
FF - ProfilePath - c:\documents and settings\Profit\Application Data\Mozilla\Firefox\Profiles\6bdcgd9t.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.google.fr/
FF - component: c:\documents and settings\Profit\Application Data\Mozilla\Firefox\Profiles\6bdcgd9t.default\extensions\{B042753D-F57E-4e8e-A01B-7379A6D4CEFB}\components\IBitCometExtension.dll
FF - component: c:\program files\Mozilla Firefox\components\nsgkff30_meter2.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\np-mswmp.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npOGAPlugin.dll
FF - plugin: c:\program files\Viewpoint\Viewpoint Experience Technology\npViewpoint.dll
.
**************************************************************************
catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-02-15 23:40:28
Windows 5.1.2600 Service Pack 2 NTFS
detected NTDLL code modification:
ZwOpenFile
Recherche de processus cachés ...
Recherche d'éléments en démarrage automatique cachés ...
Recherche de fichiers cachés ...
c:\windows\system32\D.tmp 0 bytes
c:\windows\system32\E.tmp 0 bytes
Scan terminé avec succès
Fichiers cachés: 2
**************************************************************************
.
--------------------- CLES DE REGISTRE BLOQUEES ---------------------
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{47629D4B-2AD3-4e50-B716-A66C15C63153}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\WINDOWS\\system32\\OLE32.DLL"
"cd042efbbd7f7af1647644e76e06692b"=hex:c8,28,51,af,b0,29,a3,98,dd,aa,b3,44,cf,
32,d7,47,e2,63,26,f1,3f,c8,ff,68,45,90,ae,33,c4,18,47,f2,e2,63,26,f1,3f,c8,\
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{604BB98A-A94F-4a5c-A67C-D8D3582C741C}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\WINDOWS\\system32\\OLE32.DLL"
"bca643cdc5c2726b20d2ecedcc62c59b"=hex:71,3b,04,66,8b,46,0d,96,e3,93,3b,e0,23,
4a,35,7c,6a,9c,d6,61,af,45,84,18,96,13,34,26,b2,ed,66,e8,6a,9c,d6,61,af,45,\
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{684373FB-9CD8-4e47-B990-5A4466C16034}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\WINDOWS\\system32\\OLE32.DLL"
"2c81e34222e8052573023a60d06dd016"=hex:ff,7c,85,e0,43,d4,0e,fe,16,a5,12,77,8f,
3b,9a,38,ff,7c,85,e0,43,d4,0e,fe,68,32,7e,b4,b1,31,5b,fb,ff,7c,85,e0,43,d4,\
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{74554CCD-F60F-4708-AD98-D0152D08C8B9}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\WINDOWS\\system32\\OLE32.DLL"
"2582ae41fb52324423be06337561aa48"=hex:3e,1e,9e,e0,57,5a,93,61,43,69,e5,8d,e1,
af,04,6d,86,8c,21,01,be,91,eb,e7,97,15,31,12,05,e3,b9,a5,86,8c,21,01,be,91,\
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{7EB537F9-A916-4339-B91B-DED8E83632C0}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\WINDOWS\\system32\\OLE32.DLL"
"caaeda5fd7a9ed7697d9686d4b818472"=hex:cd,44,cd,b9,a6,33,6c,cd,b4,08,9d,b5,11,
e2,93,33,f5,1d,4d,73,a8,13,5c,05,48,f4,c7,dc,2a,4d,84,4c,f5,1d,4d,73,a8,13,\
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{948395E8-7A56-4fb1-843B-3E52D94DB145}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\WINDOWS\\system32\\OLE32.DLL"
"a4a1bcf2cc2b8bc3716b74b2b4522f5d"=hex:df,20,58,62,78,6b,cf,c8,6e,dd,70,0b,01,
cb,14,ba,df,20,58,62,78,6b,cf,c8,fa,89,89,21,a7,f1,3f,2d,df,20,58,62,78,6b,\
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{AC3ED30B-6F1A-4bfc-A4F6-2EBDCCD34C19}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\WINDOWS\\system32\\OLE32.DLL"
"4d370831d2c43cd13623e232fed27b7b"=hex:fb,a7,78,e6,12,2f,9a,ea,5a,83,ed,24,6c,
d5,6a,5d,fb,a7,78,e6,12,2f,9a,ea,fc,05,30,c9,e5,2e,a3,b6,fb,a7,78,e6,12,2f,\
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{DE5654CA-EB84-4df9-915B-37E957082D6D}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\WINDOWS\\system32\\OLE32.DLL"
"1d68fe701cdea33e477eb204b76f993d"=hex:83,6c,56,8b,a0,85,96,ab,4a,9b,79,ef,ca,
30,47,dc,01,3a,48,fc,e8,04,4a,f1,f2,ac,60,d8,bc,d2,31,f3,01,3a,48,fc,e8,04,\
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{E39C35E8-7488-4926-92B2-2F94619AC1A5}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\WINDOWS\\system32\\OLE32.DLL"
"1fac81b91d8e3c5aa4b0a51804d844a3"=hex:b2,46,9a,e2,1b,fe,1b,94,94,4b,23,98,98,
ba,4c,bd,f6,0f,4e,58,98,5b,89,c9,b0,a5,b9,2a,f1,a5,5a,82,f6,0f,4e,58,98,5b,\
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{EACAFCE5-B0E2-4288-8073-C02FF9619B6F}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\WINDOWS\\system32\\OLE32.DLL"
"f5f62a6129303efb32fbe080bb27835b"=hex:3d,ce,ea,26,2d,45,aa,78,dd,af,7f,ca,f7,
a2,55,62,3d,ce,ea,26,2d,45,aa,78,a4,c2,65,ac,09,75,f2,14,3d,ce,ea,26,2d,45,\
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{F8F02ADD-7366-4186-9488-C21CB8B3DCEC}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\WINDOWS\\system32\\OLE32.DLL"
"fd4e2e1a3940b94dceb5a6a021f2e3c6"=hex:f8,31,0f,a9,5f,a0,ec,fb,b5,22,26,00,c1,
dd,c2,cf,2a,b7,cc,b5,b9,7f,41,e7,32,bc,91,fc,52,7f,28,6d,2a,b7,cc,b5,b9,7f,\
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{FEE45DE2-A467-4bf9-BF2D-1411304BCD84}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\WINDOWS\\system32\\OLE32.DLL"
"8a8aec57dd6508a385616fbc86791ec2"=hex:6c,43,2d,1e,aa,22,2f,9c,e9,18,b9,77,09,
24,df,4c,6c,43,2d,1e,aa,22,2f,9c,f6,21,e0,ef,f0,56,e5,a7,6c,43,2d,1e,aa,22,\
.
--------------------- DLLs chargées dans les processus actifs ---------------------
- - - - - - - > 'winlogon.exe'(1128)
c:\windows\system32\WININET.DLL
c:\program files\fichiers communs\logitech\bluetooth\LBTWlgn.dll
c:\program files\fichiers communs\logitech\bluetooth\LBTServ.dll
c:\program files\Bonjour\mdnsNSP.dll
.
------------------------ Autres processus actifs ------------------------
.
c:\program files\Lavasoft\Ad-Aware\aawservice.exe
c:\program files\Alwil Software\Avast4\aswUpdSv.exe
c:\program files\Alwil Software\Avast4\ashServ.exe
c:\progra~1\FICHIE~1\AOL\ACS\AOLacsd.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\program files\Fichiers communs\Nero\Nero BackItUp 4\NBService.exe
c:\windows\system32\nvsvc32.exe
c:\windows\wanmpsvc.exe
c:\windows\system32\wbem\wmiapsrv.exe
c:\windows\system32\rundll32.exe
c:\windows\system32\wscntfy.exe
c:\program files\SFR\Media Center\httpd\httpd.exe
c:\program files\SFR\Media Center\httpd\httpd.exe
c:\program files\Fichiers communs\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
c:\program files\Fichiers communs\Logishrd\KHAL2\KHALMNPR.exe
c:\program files\Windows Live\Messenger\usnsvc.exe
.
**************************************************************************
.
Heure de fin: 2009-02-15 23:46:20 - La machine a redémarré [Profit]
ComboFix-quarantined-files.txt 2009-02-15 22:46:18
ComboFix2.txt 2009-01-12 16:50:40
ComboFix3.txt 2008-11-30 00:03:23
ComboFix4.txt 2008-11-29 00:25:40
Avant-CF: 155 489 406 976 octets libres
Après-CF: 155,495,469,056 octets libres
1635 --- E O F --- 2009-02-15 17:21:52
"CanonMyPrinter"="c:\program files\Canon\MyPrinter\BJMyPrt.exe" [2007-04-03 1603152]
"SSBkgdUpdate"="c:\program files\Fichiers communs\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" [2006-10-25 210472]
"OpwareSE4"="c:\program files\ScanSoft\OmniPageSE4\OpwareSE4.exe" [2007-02-04 79400]
"Adobe_ID0EYTHM"="c:\progra~1\FICHIE~1\Adobe\ADOBEV~1\Server\bin\VERSIO~2.EXE" [2007-03-20 1904640]
"HostManager"="c:\program files\Fichiers communs\AOL\1224958869\ee\AOLSoftware.exe" [2006-09-26 50736]
"DNS7reminder"="c:\program files\Nuance\NaturallySpeaking9\Ereg\Ereg.exe" [2007-03-19 259624]
"DAEMON Tools"="c:\program files\DAEMON Tools\daemon.exe" [2005-11-08 128920]
"MMReminderService"="c:\program files\Mindjet\MindManager 7\MMReminderService.exe" [2007-07-24 37136]
"avast!"="c:\progra~1\ALWILS~1\Avast4\ashDisp.exe" [2008-11-26 81000]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2008-10-22 118784]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2008-11-10 136600]
"IMJPMIG8.1"="c:\windows\IME\imjp8_1\IMJPMIG.EXE" [2004-08-04 229432]
"PHIME2002ASync"="c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE" [2004-08-04 472064]
"PHIME2002A"="c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE" [2004-08-04 472064]
"Acrobat Assistant 8.0"="c:\program files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe" [2006-10-22 620152]
"NielsenOnline"="c:\program files\NetRatingsNetSight\NetSight\NielsenOnline.exe" [2007-11-30 65536]
"nwiz"="nwiz.exe" [2008-02-19 c:\windows\system32\nwiz.exe]
"RTHDCPL"="RTHDCPL.EXE" [2008-10-09 c:\windows\RTHDCPL.EXE]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2004-08-19 32256]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"LSD_III"="c:\windows\LSD\end.cmd" [2007-08-07 2336]
"tscuninstall"="c:\windows\system32\tscupgrd.exe" [2004-08-19 61440]
"nltide_3"="advpack.dll" [2006-10-27 c:\windows\system32\advpack.dll]
c:\documents and settings\Profit\Menu D‚marrer\Programmes\D‚marrage\
Dragon NaturallySpeaking.lnk.disabled [2008-10-26 963]
Outil de d‚tection de support Picture Motion Browser.lnk - c:\program files\Sony\Sony Picture Utility\PMBCore\SPUVolumeWatcher.exe [2008-11-15 405504]
c:\documents and settings\Profit\Menu D‚marrer\Programmes\D‚marrage\
Dragon NaturallySpeaking.lnk.disabled [2008-10-26 963]
Outil de d‚tection de support Picture Motion Browser.lnk - c:\program files\Sony\Sony Picture Utility\PMBCore\SPUVolumeWatcher.exe [2008-11-15 405504]
c:\documents and settings\Profit\Menu D‚marrer\Programmes\D‚marrage\
Dragon NaturallySpeaking.lnk.disabled [2008-10-26 963]
Outil de d‚tection de support Picture Motion Browser.lnk - c:\program files\Sony\Sony Picture Utility\PMBCore\SPUVolumeWatcher.exe [2008-11-15 405504]
c:\documents and settings\All Users\Menu D‚marrer\Programmes\D‚marrage\
Adobe Reader Synchronizer.lnk - c:\program files\Adobe\Acrobat 8.0\Acrobat\AdobeCollabSync.exe [2006-10-23 734872]
AOL 9.0 Ic“ne AOL.lnk.disabled [2008-10-22 730]
Device Detector 3.lnk - c:\program files\Olympus\DeviceDetector\DevDtct2.exe [2008-10-25 139264]
GN-WB01GS Utility.lnk.disabled [2008-10-21 2177]
Lancement rapide d'Adobe Acrobat.lnk.disabled [2009-02-14 2337]
Logitech SetPoint.lnk - c:\program files\Logitech\SetPoint\SetPoint.exe [2008-10-23 805392]
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"NoSMBalloonTip"= 0 (0x0)
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon]
"Userinit"="c:\windows\explorer.exe,"
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\LBTWlgn]
2008-05-02 01:42 72208 c:\program files\Fichiers communs\Logitech\Bluetooth\LBTWLgn.dll
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"VIDC.ACDV"= ACDV.dll
"vidc.mjpg"= pvmjpg30.dll
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WdfLoadGroup]
@=""
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"DisableUnicastResponsesToMulticastBroadcast"= 0 (0x0)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\livecall.exe"=
"c:\\Program Files\\Fichiers communs\\AOL\\ACS\\AOLacsd.exe"=
"c:\\Program Files\\Fichiers communs\\AOL\\ACS\\AOLDial.exe"=
"c:\\Program Files\\AOL 9.0\\waol.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\Fichiers communs\\Adobe\\Adobe Version Cue CS3\\Server\\bin\\VersionCueCS3.exe"=
"c:\\Program Files\\eMule\\emule.exe"=
"c:\\Program Files\\Fichiers communs\\AOL\\1224958869\\ee\\aolsoftware.exe"=
"c:\\Program Files\\Pinnacle\\Studio 12\\Programs\\RM.exe"=
"c:\\Program Files\\Pinnacle\\Studio 12\\Programs\\Studio.exe"=
"c:\\Program Files\\Pinnacle\\Studio 12\\Programs\\umi.exe"=
"c:\program files\SFR\Media Center\httpd\httpd.exe"= c:\program files\SFR\Media Center\httpd\httpd.exe:172.16.255.0/255.255.255.0,192.168.1.0/255.255.255.0:Enabled:Serveur de partage Media Center (Player SFR)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"3703:TCP"= 3703:TCP:Adobe Version Cue CS3 Server
"3704:TCP"= 3704:TCP:Adobe Version Cue CS3 Server
"50900:TCP"= 50900:TCP:Adobe Version Cue CS3 Server
"50901:TCP"= 50901:TCP:Adobe Version Cue CS3 Server
"86:TCP"= 86:TCP:BroadCam Web Server
"23810:TCP"= 23810:TCP:BitComet 23810 TCP
"23810:UDP"= 23810:UDP:BitComet 23810 UDP
R1 aswSP;avast! Self Protection;c:\windows\system32\drivers\aswSP.sys [2008-10-28 111184]
R1 nnrnstdi;nnrnstdi;c:\windows\system32\drivers\nnrnstdi.sys [2009-01-25 14336]
R2 Apache2.2;Apache2.2;e:\xampplite\xampplite\apache\bin\apache.exe [2008-11-15 34304]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [2008-10-28 20560]
R3 km_filter;km_filter;c:\windows\system32\drivers\km_filter.sys [2009-01-25 8832]
S1 ethoqjlm;ethoqjlm;c:\windows\system32\drivers\ethoqjlm.sys [2009-02-12 137920]
S3 MBAMSwissArmy;MBAMSwissArmy;c:\windows\system32\drivers\mbamswissarmy.sys [2009-02-13 38496]
S3 restore;restore;\??\c:\windows\system32\drivers\restore.sys --> c:\windows\system32\drivers\restore.sys [?]
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\G]
\Shell\AutoRun\command - G:\LaunchU3.exe -a
.
- - - - ORPHELINS SUPPRIMES - - - -
HKU-Default-Run-rveskesj.exe - c:\windows\rveskesj.exe
HKU-Default-Run-hdirurzh.exe - c:\windows\hdirurzh.exe
SafeBoot-jpymxmbs.sys
.
------- Examen supplémentaire -------
.
uInternet Settings,ProxyOverride = *.local
IE: &D&ownload &with BitComet - c:\program files\BitComet\BitComet.exe/AddLink.htm
IE: &D&ownload all video with BitComet - c:\program files\BitComet\BitComet.exe/AddVideo.htm
IE: &D&ownload all with BitComet - c:\program files\BitComet\BitComet.exe/AddAllLink.htm
IE: &Recherche AOL Toolbar - c:\program files\AOL Toolbar\toolbar.dll/SEARCH.HTML
IE: &Télécharger le FLV avec WinAVI... - c:\program files\WinAVI FLV Converter\flv_link.htm
IE: Ajouter au fichier PDF existant - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convertir en Adobe PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convertir la cible du lien en Adobe PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convertir la cible du lien en un fichier PDF existant - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convertir la sélection en Adobe PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convertir la sélection en un fichier PDF existant - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convertir les liens sélectionnés en Adobe PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Convertir les liens sélectionnés en fichier Adobe PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Convertir les liens sélectionnés en un fichier PDF existant - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: E&xporter vers Microsoft Excel - c:\progra~1\MICROS~1\Office12\EXCEL.EXE/3000
IE: {{DE365254-2F9B-4908-9E3A-7AAA6EC90BCC} - {EC83A912-7EF4-410D-9CC7-3BDAA709CA71} - c:\program files\WinAVI FLV Converter\FLVTune.dll
FF - ProfilePath - c:\documents and settings\Profit\Application Data\Mozilla\Firefox\Profiles\6bdcgd9t.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.google.fr/
FF - component: c:\documents and settings\Profit\Application Data\Mozilla\Firefox\Profiles\6bdcgd9t.default\extensions\{B042753D-F57E-4e8e-A01B-7379A6D4CEFB}\components\IBitCometExtension.dll
FF - component: c:\program files\Mozilla Firefox\components\nsgkff30_meter2.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\np-mswmp.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npOGAPlugin.dll
FF - plugin: c:\program files\Viewpoint\Viewpoint Experience Technology\npViewpoint.dll
.
**************************************************************************
catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-02-15 23:40:28
Windows 5.1.2600 Service Pack 2 NTFS
detected NTDLL code modification:
ZwOpenFile
Recherche de processus cachés ...
Recherche d'éléments en démarrage automatique cachés ...
Recherche de fichiers cachés ...
c:\windows\system32\D.tmp 0 bytes
c:\windows\system32\E.tmp 0 bytes
Scan terminé avec succès
Fichiers cachés: 2
**************************************************************************
.
--------------------- CLES DE REGISTRE BLOQUEES ---------------------
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{47629D4B-2AD3-4e50-B716-A66C15C63153}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\WINDOWS\\system32\\OLE32.DLL"
"cd042efbbd7f7af1647644e76e06692b"=hex:c8,28,51,af,b0,29,a3,98,dd,aa,b3,44,cf,
32,d7,47,e2,63,26,f1,3f,c8,ff,68,45,90,ae,33,c4,18,47,f2,e2,63,26,f1,3f,c8,\
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{604BB98A-A94F-4a5c-A67C-D8D3582C741C}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\WINDOWS\\system32\\OLE32.DLL"
"bca643cdc5c2726b20d2ecedcc62c59b"=hex:71,3b,04,66,8b,46,0d,96,e3,93,3b,e0,23,
4a,35,7c,6a,9c,d6,61,af,45,84,18,96,13,34,26,b2,ed,66,e8,6a,9c,d6,61,af,45,\
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{684373FB-9CD8-4e47-B990-5A4466C16034}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\WINDOWS\\system32\\OLE32.DLL"
"2c81e34222e8052573023a60d06dd016"=hex:ff,7c,85,e0,43,d4,0e,fe,16,a5,12,77,8f,
3b,9a,38,ff,7c,85,e0,43,d4,0e,fe,68,32,7e,b4,b1,31,5b,fb,ff,7c,85,e0,43,d4,\
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{74554CCD-F60F-4708-AD98-D0152D08C8B9}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\WINDOWS\\system32\\OLE32.DLL"
"2582ae41fb52324423be06337561aa48"=hex:3e,1e,9e,e0,57,5a,93,61,43,69,e5,8d,e1,
af,04,6d,86,8c,21,01,be,91,eb,e7,97,15,31,12,05,e3,b9,a5,86,8c,21,01,be,91,\
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{7EB537F9-A916-4339-B91B-DED8E83632C0}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\WINDOWS\\system32\\OLE32.DLL"
"caaeda5fd7a9ed7697d9686d4b818472"=hex:cd,44,cd,b9,a6,33,6c,cd,b4,08,9d,b5,11,
e2,93,33,f5,1d,4d,73,a8,13,5c,05,48,f4,c7,dc,2a,4d,84,4c,f5,1d,4d,73,a8,13,\
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{948395E8-7A56-4fb1-843B-3E52D94DB145}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\WINDOWS\\system32\\OLE32.DLL"
"a4a1bcf2cc2b8bc3716b74b2b4522f5d"=hex:df,20,58,62,78,6b,cf,c8,6e,dd,70,0b,01,
cb,14,ba,df,20,58,62,78,6b,cf,c8,fa,89,89,21,a7,f1,3f,2d,df,20,58,62,78,6b,\
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{AC3ED30B-6F1A-4bfc-A4F6-2EBDCCD34C19}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\WINDOWS\\system32\\OLE32.DLL"
"4d370831d2c43cd13623e232fed27b7b"=hex:fb,a7,78,e6,12,2f,9a,ea,5a,83,ed,24,6c,
d5,6a,5d,fb,a7,78,e6,12,2f,9a,ea,fc,05,30,c9,e5,2e,a3,b6,fb,a7,78,e6,12,2f,\
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{DE5654CA-EB84-4df9-915B-37E957082D6D}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\WINDOWS\\system32\\OLE32.DLL"
"1d68fe701cdea33e477eb204b76f993d"=hex:83,6c,56,8b,a0,85,96,ab,4a,9b,79,ef,ca,
30,47,dc,01,3a,48,fc,e8,04,4a,f1,f2,ac,60,d8,bc,d2,31,f3,01,3a,48,fc,e8,04,\
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{E39C35E8-7488-4926-92B2-2F94619AC1A5}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\WINDOWS\\system32\\OLE32.DLL"
"1fac81b91d8e3c5aa4b0a51804d844a3"=hex:b2,46,9a,e2,1b,fe,1b,94,94,4b,23,98,98,
ba,4c,bd,f6,0f,4e,58,98,5b,89,c9,b0,a5,b9,2a,f1,a5,5a,82,f6,0f,4e,58,98,5b,\
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{EACAFCE5-B0E2-4288-8073-C02FF9619B6F}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\WINDOWS\\system32\\OLE32.DLL"
"f5f62a6129303efb32fbe080bb27835b"=hex:3d,ce,ea,26,2d,45,aa,78,dd,af,7f,ca,f7,
a2,55,62,3d,ce,ea,26,2d,45,aa,78,a4,c2,65,ac,09,75,f2,14,3d,ce,ea,26,2d,45,\
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{F8F02ADD-7366-4186-9488-C21CB8B3DCEC}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\WINDOWS\\system32\\OLE32.DLL"
"fd4e2e1a3940b94dceb5a6a021f2e3c6"=hex:f8,31,0f,a9,5f,a0,ec,fb,b5,22,26,00,c1,
dd,c2,cf,2a,b7,cc,b5,b9,7f,41,e7,32,bc,91,fc,52,7f,28,6d,2a,b7,cc,b5,b9,7f,\
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{FEE45DE2-A467-4bf9-BF2D-1411304BCD84}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\WINDOWS\\system32\\OLE32.DLL"
"8a8aec57dd6508a385616fbc86791ec2"=hex:6c,43,2d,1e,aa,22,2f,9c,e9,18,b9,77,09,
24,df,4c,6c,43,2d,1e,aa,22,2f,9c,f6,21,e0,ef,f0,56,e5,a7,6c,43,2d,1e,aa,22,\
.
--------------------- DLLs chargées dans les processus actifs ---------------------
- - - - - - - > 'winlogon.exe'(1128)
c:\windows\system32\WININET.DLL
c:\program files\fichiers communs\logitech\bluetooth\LBTWlgn.dll
c:\program files\fichiers communs\logitech\bluetooth\LBTServ.dll
c:\program files\Bonjour\mdnsNSP.dll
.
------------------------ Autres processus actifs ------------------------
.
c:\program files\Lavasoft\Ad-Aware\aawservice.exe
c:\program files\Alwil Software\Avast4\aswUpdSv.exe
c:\program files\Alwil Software\Avast4\ashServ.exe
c:\progra~1\FICHIE~1\AOL\ACS\AOLacsd.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\program files\Fichiers communs\Nero\Nero BackItUp 4\NBService.exe
c:\windows\system32\nvsvc32.exe
c:\windows\wanmpsvc.exe
c:\windows\system32\wbem\wmiapsrv.exe
c:\windows\system32\rundll32.exe
c:\windows\system32\wscntfy.exe
c:\program files\SFR\Media Center\httpd\httpd.exe
c:\program files\SFR\Media Center\httpd\httpd.exe
c:\program files\Fichiers communs\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
c:\program files\Fichiers communs\Logishrd\KHAL2\KHALMNPR.exe
c:\program files\Windows Live\Messenger\usnsvc.exe
.
**************************************************************************
.
Heure de fin: 2009-02-15 23:46:20 - La machine a redémarré [Profit]
ComboFix-quarantined-files.txt 2009-02-15 22:46:18
ComboFix2.txt 2009-01-12 16:50:40
ComboFix3.txt 2008-11-30 00:03:23
ComboFix4.txt 2008-11-29 00:25:40
Avant-CF: 155 489 406 976 octets libres
Après-CF: 155,495,469,056 octets libres
1635 --- E O F --- 2009-02-15 17:21:52
Voila pour le combofix désolé je n'avais pas vu que tout n'avait pas été affiché.
En fait ce que je veux expliquer avec "irc.zief.pl". C'est que après avoir effacé avec avast les virus du genre bn5.tmp; vrt9.tmp; bn8.tmp... quand je redémare mais que j'enlève pas clef wifi pour que mon ordi ne se connecte pas à internet, avast ne me trouve aucun virus. Par contre dès que je reconnecte ma clef wifi pour me reconnecter, la première chose qui se passe c'est l'avertissement de avast à bloqué un site malveillant nommé dns:irc.zief.pl et juste après avast me retrouve plein de virus du genre de ce que j'ai parlé juste au dessus.
On continu avec le reste.
En fait ce que je veux expliquer avec "irc.zief.pl". C'est que après avoir effacé avec avast les virus du genre bn5.tmp; vrt9.tmp; bn8.tmp... quand je redémare mais que j'enlève pas clef wifi pour que mon ordi ne se connecte pas à internet, avast ne me trouve aucun virus. Par contre dès que je reconnecte ma clef wifi pour me reconnecter, la première chose qui se passe c'est l'avertissement de avast à bloqué un site malveillant nommé dns:irc.zief.pl et juste après avast me retrouve plein de virus du genre de ce que j'ai parlé juste au dessus.
On continu avec le reste.
Logfile of random's system information tool 1.05 (written by random/random)
Run by Profit at 2009-02-16 13:17:29
Microsoft Windows XP Professionnel Service Pack 2
System drive C: has 148 GB (62%) free of 238 GB
Total RAM: 2046 MB (51% free)
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 13:17:50, on 16/02/2009
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.5730.0011)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\explorer.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\Neuf\Kit\WiFi\9wifi.exe
C:\Program Files\Canon\MyPrinter\BJMyPrt.exe
C:\Program Files\ScanSoft\OmniPageSE4\OpwareSE4.exe
C:\Program Files\Fichiers communs\AOL\1224958869\ee\AOLSoftware.exe
C:\WINDOWS\RTHDCPL.EXE
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe
C:\Program Files\NetRatingsNetSight\NetSight\NielsenOnline.exe
C:\WINDOWS\lclock.exe
C:\Program Files\NetRatingsNetSight\NetSight\NielsenOnline.exe
C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe
C:\Program Files\SFR\Media Center\MediaCenter.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\FICHIE~1\AOL\ACS\AOLacsd.exe
E:\xampplite\xampplite\apache\bin\apache.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Fichiers communs\Nero\Nero BackItUp 4\NBService.exe
C:\Program Files\Olympus\DeviceDetector\DevDtct2.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Logitech\SetPoint\SetPoint.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Sony\Sony Picture Utility\PMBCore\SPUVolumeWatcher.exe
C:\WINDOWS\wanmpsvc.exe
E:\xampplite\xampplite\apache\bin\apache.exe
C:\Program Files\Fichiers communs\Logishrd\KHAL2\KHALMNPR.EXE
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\Program Files\Fichiers communs\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
C:\WINDOWS\system32\wbem\wmiapsrv.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Microsoft Office\Office12\WINWORD.EXE
C:\Documents and Settings\Profit\Bureau\SDFix\SDFix\Norman_Malware_Cleaner.exe
C:\Program Files\Nuance\NaturallySpeaking9\Program\natspeak.exe
C:\Program Files\Winamp\winamp.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\Documents and Settings\Profit\Bureau\RSIT.exe
C:\HijackThis\Profit.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.google.fr/ie
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.google.fr
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.fr
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.fr/ie
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://www.google.fr/keyword/%s
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O3 - Toolbar: Contribute Toolbar - {517BDDE4-E3A7-4570-B21E-2B52B6139FC7} - C:\Program Files\Adobe\/Adobe Contribute CS3/contributeieplugin.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [Autoconfigurateur WiFi Neuf] "C:\Program Files\Neuf\Kit\WiFi\9wifi.exe"
O4 - HKLM\..\Run: [CanonSolutionMenu] C:\Program Files\Canon\SolutionMenu\CNSLMAIN.exe /logon
O4 - HKLM\..\Run: [CanonMyPrinter] C:\Program Files\Canon\MyPrinter\BJMyPrt.exe /logon
O4 - HKLM\..\Run: [SSBkgdUpdate] "C:\Program Files\Fichiers communs\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" -Embedding -boot
O4 - HKLM\..\Run: [OpwareSE4] "C:\Program Files\ScanSoft\OmniPageSE4\OpwareSE4.exe"
O4 - HKLM\..\Run: [Adobe_ID0EYTHM] C:\PROGRA~1\FICHIE~1\Adobe\ADOBEV~1\Server\bin\VERSIO~2.EXE
O4 - HKLM\..\Run: [DNS7reminder] "C:\Program Files\Nuance\NaturallySpeaking9\Ereg\Ereg.exe" -r "C:\Documents and Settings\All Users\Application Data\Nuance\NaturallySpeaking9\Ereg.ini
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [MMReminderService] C:\Program Files\Mindjet\MindManager 7\MMReminderService.exe
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [Acrobat Assistant 8.0] "C:\Program Files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe"
O4 - HKLM\..\Run: [NielsenOnline] C:\Program Files\NetRatingsNetSight\NetSight\NielsenOnline.exe
O4 - HKCU\..\Run: [LClock] lclock.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [ccleaner] "C:\Program Files\CCleaner\CCleaner.exe" /AUTO
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\RunOnce: [LSD_III] %systemroot%\LSD\end.cmd (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\RunOnce: [nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - HKUS\.DEFAULT\..\RunOnce: [LSD_III] %systemroot%\LSD\end.cmd (User 'Default user')
O4 - S-1-5-18 Startup: Dragon NaturallySpeaking.lnk.disabled (User 'SYSTEM')
O4 - S-1-5-18 Startup: Outil de détection de support Picture Motion Browser.lnk = C:\Program Files\Sony\Sony Picture Utility\PMBCore\SPUVolumeWatcher.exe (User 'SYSTEM')
O4 - .DEFAULT Startup: Dragon NaturallySpeaking.lnk.disabled (User 'Default user')
O4 - .DEFAULT Startup: Outil de détection de support Picture Motion Browser.lnk = C:\Program Files\Sony\Sony Picture Utility\PMBCore\SPUVolumeWatcher.exe (User 'Default user')
O4 - Startup: Dragon NaturallySpeaking.lnk.disabled
O4 - Startup: Outil de détection de support Picture Motion Browser.lnk = C:\Program Files\Sony\Sony Picture Utility\PMBCore\SPUVolumeWatcher.exe
O4 - Global Startup: Adobe Reader Synchronizer.lnk = C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AdobeCollabSync.exe
O4 - Global Startup: AOL 9.0 Icône AOL.lnk.disabled
O4 - Global Startup: Device Detector 3.lnk = C:\Program Files\Olympus\DeviceDetector\DevDtct2.exe
O4 - Global Startup: GN-WB01GS Utility.lnk.disabled
O4 - Global Startup: Lancement rapide d'Adobe Acrobat.lnk.disabled
O4 - Global Startup: Logitech SetPoint.lnk = C:\Program Files\Logitech\SetPoint\SetPoint.exe
O8 - Extra context menu item: &D&ownload &with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddLink.htm
O8 - Extra context menu item: &D&ownload all video with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddVideo.htm
O8 - Extra context menu item: &D&ownload all with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddAllLink.htm
O8 - Extra context menu item: &Recherche AOL Toolbar - res://C:\Program Files\AOL Toolbar\toolbar.dll/SEARCH.HTML
O8 - Extra context menu item: Ajouter au fichier PDF existant - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convertir en Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convertir la cible du lien en Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convertir la cible du lien en un fichier PDF existant - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convertir la sélection en Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convertir la sélection en un fichier PDF existant - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convertir les liens sélectionnés en Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 - Extra context menu item: Convertir les liens sélectionnés en fichier Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 - Extra context menu item: Convertir les liens sélectionnés en un fichier PDF existant - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~1\Office12\EXCEL.EXE/3000
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~1\Office12\REFIEBAR.DLL
O9 - Extra button: Envoyer à Mindjet MindManager - {941E1A34-C6AF-4baa-A973-224F9C3E04BF} - C:\Program Files\Mindjet\MindManager 7\Mm7InternetExplorer.dll
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: BitComet - {D18A0B52-D63C-4ed0-AFC6-C1E3DC1AF43A} - res://C:\Program Files\BitComet\tools\BitCometBHO_1.2.8.7.dll/206 (file missing)
O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
O23 - Service: Adobe Version Cue CS3 {fr_FR} (Adobe Version Cue CS3) - Adobe Systems Incorporated - C:\Program Files\Fichiers communs\Adobe\Adobe Version Cue CS3\Server\bin\VersionCueCS3.exe
O23 - Service: AOL Connectivity Service (AOL ACS) - AOL LLC - C:\PROGRA~1\FICHIE~1\AOL\ACS\AOLacsd.exe
O23 - Service: Apache2.2 - Apache Software Foundation - E:\xampplite\xampplite\apache\bin\apache.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Fichiers communs\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: Logitech Bluetooth Service (LBTServ) - Logitech, Inc. - C:\Program Files\Fichiers communs\Logitech\Bluetooth\LBTServ.exe
O23 - Service: mysql - Unknown owner - E:\xampplite\xampplite\mysql\bin\mysqld-nt.exe
O23 - Service: Nero BackItUp Scheduler 4.0 - Nero AG - C:\Program Files\Fichiers communs\Nero\Nero BackItUp 4\NBService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Spyware Terminator Realtime Shield Service (sp_rssrv) - Unknown owner - C:\Program Files\Spyware Terminator\sp_rsser.exe (file missing)
O23 - Service: WAN Miniport (ATW) Service (WANMiniportService) - America Online, Inc. - C:\WINDOWS\wanmpsvc.exe
Run by Profit at 2009-02-16 13:17:29
Microsoft Windows XP Professionnel Service Pack 2
System drive C: has 148 GB (62%) free of 238 GB
Total RAM: 2046 MB (51% free)
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 13:17:50, on 16/02/2009
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.5730.0011)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\explorer.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\Neuf\Kit\WiFi\9wifi.exe
C:\Program Files\Canon\MyPrinter\BJMyPrt.exe
C:\Program Files\ScanSoft\OmniPageSE4\OpwareSE4.exe
C:\Program Files\Fichiers communs\AOL\1224958869\ee\AOLSoftware.exe
C:\WINDOWS\RTHDCPL.EXE
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe
C:\Program Files\NetRatingsNetSight\NetSight\NielsenOnline.exe
C:\WINDOWS\lclock.exe
C:\Program Files\NetRatingsNetSight\NetSight\NielsenOnline.exe
C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe
C:\Program Files\SFR\Media Center\MediaCenter.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\FICHIE~1\AOL\ACS\AOLacsd.exe
E:\xampplite\xampplite\apache\bin\apache.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Fichiers communs\Nero\Nero BackItUp 4\NBService.exe
C:\Program Files\Olympus\DeviceDetector\DevDtct2.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Logitech\SetPoint\SetPoint.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Sony\Sony Picture Utility\PMBCore\SPUVolumeWatcher.exe
C:\WINDOWS\wanmpsvc.exe
E:\xampplite\xampplite\apache\bin\apache.exe
C:\Program Files\Fichiers communs\Logishrd\KHAL2\KHALMNPR.EXE
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\Program Files\Fichiers communs\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
C:\WINDOWS\system32\wbem\wmiapsrv.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Microsoft Office\Office12\WINWORD.EXE
C:\Documents and Settings\Profit\Bureau\SDFix\SDFix\Norman_Malware_Cleaner.exe
C:\Program Files\Nuance\NaturallySpeaking9\Program\natspeak.exe
C:\Program Files\Winamp\winamp.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\Documents and Settings\Profit\Bureau\RSIT.exe
C:\HijackThis\Profit.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.google.fr/ie
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.google.fr
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.fr
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.fr/ie
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://www.google.fr/keyword/%s
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O3 - Toolbar: Contribute Toolbar - {517BDDE4-E3A7-4570-B21E-2B52B6139FC7} - C:\Program Files\Adobe\/Adobe Contribute CS3/contributeieplugin.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [Autoconfigurateur WiFi Neuf] "C:\Program Files\Neuf\Kit\WiFi\9wifi.exe"
O4 - HKLM\..\Run: [CanonSolutionMenu] C:\Program Files\Canon\SolutionMenu\CNSLMAIN.exe /logon
O4 - HKLM\..\Run: [CanonMyPrinter] C:\Program Files\Canon\MyPrinter\BJMyPrt.exe /logon
O4 - HKLM\..\Run: [SSBkgdUpdate] "C:\Program Files\Fichiers communs\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" -Embedding -boot
O4 - HKLM\..\Run: [OpwareSE4] "C:\Program Files\ScanSoft\OmniPageSE4\OpwareSE4.exe"
O4 - HKLM\..\Run: [Adobe_ID0EYTHM] C:\PROGRA~1\FICHIE~1\Adobe\ADOBEV~1\Server\bin\VERSIO~2.EXE
O4 - HKLM\..\Run: [DNS7reminder] "C:\Program Files\Nuance\NaturallySpeaking9\Ereg\Ereg.exe" -r "C:\Documents and Settings\All Users\Application Data\Nuance\NaturallySpeaking9\Ereg.ini
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [MMReminderService] C:\Program Files\Mindjet\MindManager 7\MMReminderService.exe
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [Acrobat Assistant 8.0] "C:\Program Files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe"
O4 - HKLM\..\Run: [NielsenOnline] C:\Program Files\NetRatingsNetSight\NetSight\NielsenOnline.exe
O4 - HKCU\..\Run: [LClock] lclock.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [ccleaner] "C:\Program Files\CCleaner\CCleaner.exe" /AUTO
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\RunOnce: [LSD_III] %systemroot%\LSD\end.cmd (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\RunOnce: [nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - HKUS\.DEFAULT\..\RunOnce: [LSD_III] %systemroot%\LSD\end.cmd (User 'Default user')
O4 - S-1-5-18 Startup: Dragon NaturallySpeaking.lnk.disabled (User 'SYSTEM')
O4 - S-1-5-18 Startup: Outil de détection de support Picture Motion Browser.lnk = C:\Program Files\Sony\Sony Picture Utility\PMBCore\SPUVolumeWatcher.exe (User 'SYSTEM')
O4 - .DEFAULT Startup: Dragon NaturallySpeaking.lnk.disabled (User 'Default user')
O4 - .DEFAULT Startup: Outil de détection de support Picture Motion Browser.lnk = C:\Program Files\Sony\Sony Picture Utility\PMBCore\SPUVolumeWatcher.exe (User 'Default user')
O4 - Startup: Dragon NaturallySpeaking.lnk.disabled
O4 - Startup: Outil de détection de support Picture Motion Browser.lnk = C:\Program Files\Sony\Sony Picture Utility\PMBCore\SPUVolumeWatcher.exe
O4 - Global Startup: Adobe Reader Synchronizer.lnk = C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AdobeCollabSync.exe
O4 - Global Startup: AOL 9.0 Icône AOL.lnk.disabled
O4 - Global Startup: Device Detector 3.lnk = C:\Program Files\Olympus\DeviceDetector\DevDtct2.exe
O4 - Global Startup: GN-WB01GS Utility.lnk.disabled
O4 - Global Startup: Lancement rapide d'Adobe Acrobat.lnk.disabled
O4 - Global Startup: Logitech SetPoint.lnk = C:\Program Files\Logitech\SetPoint\SetPoint.exe
O8 - Extra context menu item: &D&ownload &with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddLink.htm
O8 - Extra context menu item: &D&ownload all video with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddVideo.htm
O8 - Extra context menu item: &D&ownload all with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddAllLink.htm
O8 - Extra context menu item: &Recherche AOL Toolbar - res://C:\Program Files\AOL Toolbar\toolbar.dll/SEARCH.HTML
O8 - Extra context menu item: Ajouter au fichier PDF existant - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convertir en Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convertir la cible du lien en Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convertir la cible du lien en un fichier PDF existant - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convertir la sélection en Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convertir la sélection en un fichier PDF existant - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convertir les liens sélectionnés en Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 - Extra context menu item: Convertir les liens sélectionnés en fichier Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 - Extra context menu item: Convertir les liens sélectionnés en un fichier PDF existant - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~1\Office12\EXCEL.EXE/3000
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~1\Office12\REFIEBAR.DLL
O9 - Extra button: Envoyer à Mindjet MindManager - {941E1A34-C6AF-4baa-A973-224F9C3E04BF} - C:\Program Files\Mindjet\MindManager 7\Mm7InternetExplorer.dll
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: BitComet - {D18A0B52-D63C-4ed0-AFC6-C1E3DC1AF43A} - res://C:\Program Files\BitComet\tools\BitCometBHO_1.2.8.7.dll/206 (file missing)
O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
O23 - Service: Adobe Version Cue CS3 {fr_FR} (Adobe Version Cue CS3) - Adobe Systems Incorporated - C:\Program Files\Fichiers communs\Adobe\Adobe Version Cue CS3\Server\bin\VersionCueCS3.exe
O23 - Service: AOL Connectivity Service (AOL ACS) - AOL LLC - C:\PROGRA~1\FICHIE~1\AOL\ACS\AOLacsd.exe
O23 - Service: Apache2.2 - Apache Software Foundation - E:\xampplite\xampplite\apache\bin\apache.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Fichiers communs\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: Logitech Bluetooth Service (LBTServ) - Logitech, Inc. - C:\Program Files\Fichiers communs\Logitech\Bluetooth\LBTServ.exe
O23 - Service: mysql - Unknown owner - E:\xampplite\xampplite\mysql\bin\mysqld-nt.exe
O23 - Service: Nero BackItUp Scheduler 4.0 - Nero AG - C:\Program Files\Fichiers communs\Nero\Nero BackItUp 4\NBService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Spyware Terminator Realtime Shield Service (sp_rssrv) - Unknown owner - C:\Program Files\Spyware Terminator\sp_rsser.exe (file missing)
O23 - Service: WAN Miniport (ATW) Service (WANMiniportService) - America Online, Inc. - C:\WINDOWS\wanmpsvc.exe
info.txt logfile of random's system information tool 1.05 2009-02-16 13:17:53
======Uninstall list======
-->C:\Program Files\InstallShield Installation Information\{36C41D70-56F5-4E2B-81DA-6BEB7502D7A1}\setup.exe -runfromtemp -l0x040c /removeonly /uninstall -removeonly
-->C:\Program Files\InstallShield Installation Information\{B2C4A8C4-AA20-425D-9FEE-C78039238C81}\setup.exe -runfromtemp -l0x040c /removeonly /uninstall -removeonly
-->rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\PCHealth.inf
2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-0011-0000-0000-0000000FF1CE} /uninstall {BEE75E01-DD3F-4D5F-B96C-609E6538D419}
2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-0015-040C-0000-0000000FF1CE} /uninstall {A0353900-21A2-42CF-B973-883500A027F7}
2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-0016-040C-0000-0000000FF1CE} /uninstall {A0353900-21A2-42CF-B973-883500A027F7}
2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-0018-040C-0000-0000000FF1CE} /uninstall {A0353900-21A2-42CF-B973-883500A027F7}
2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-0019-040C-0000-0000000FF1CE} /uninstall {A0353900-21A2-42CF-B973-883500A027F7}
2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-001A-040C-0000-0000000FF1CE} /uninstall {A0353900-21A2-42CF-B973-883500A027F7}
2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-001B-040C-0000-0000000FF1CE} /uninstall {A0353900-21A2-42CF-B973-883500A027F7}
2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-001F-0401-0000-0000000FF1CE} /uninstall {5A2F65A4-808F-4A1E-973E-92E17824982D}
2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-001F-0407-0000-0000000FF1CE} /uninstall {2AB528A5-BB1B-4EBE-8E51-AD0C4CD33CA9}
2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-001F-0409-0000-0000000FF1CE} /uninstall {3EC77D26-799B-4CD8-914F-C1565E796173}
2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-001F-040C-0000-0000000FF1CE} /uninstall {430971B1-C31E-45DA-81E0-72C095BAB72C}
2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-001F-0413-0000-0000000FF1CE} /uninstall {B3F4DC34-7F60-4B7C-A79F-1C13012D99D4}
2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-001F-0C0A-0000-0000000FF1CE} /uninstall {F7A31780-33C4-4E39-951A-5EC9B91D7BF1}
2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-0044-040C-0000-0000000FF1CE} /uninstall {A0353900-21A2-42CF-B973-883500A027F7}
Able2Extract v6.0-->C:\Program Files\Investintech.com Inc\Able2Extract 6.0\Uninstal.exe
ACDSee 9 Photo Manager-->MsiExec.exe /I{B2D41883-3BFC-4BA0-A2F6-5A2C9836C238}
Ad-Aware-->MsiExec.exe /I{DED53B0B-B67C-4244-AE6A-D6FD3C28D1EF}
Adobe Anchor Service CS3-->MsiExec.exe /I{90176341-0A8B-4CCC-A78D-F862228A6B95}
Adobe Asset Services CS3-->MsiExec.exe /I{6FF5DD7A-FE28-4439-B8CF-1E9AF4EA0A61}
Adobe Bridge CS3-->MsiExec.exe /I{9C9824D9-9000-4373-A6A5-D0E5D4831394}
Adobe Bridge Start Meeting-->MsiExec.exe /I{08B32819-6EEF-4057-AEDA-5AB681A36A23}
Adobe BridgeTalk Plugin CS3-->MsiExec.exe /I{B73CFB12-C814-4638-AFFD-7E3AAFAF0B4E}
Adobe Camera Raw 4.0-->MsiExec.exe /I{B3BF6689-A81D-40D8-9A86-4AC4ACD9FC1C}
Adobe CMaps-->MsiExec.exe /I{A2B242BD-FF8D-4840-9DAA-9170EABEC59C}
Adobe Color - Photoshop Specific-->MsiExec.exe /I{A2D81E70-2A98-4A08-A628-94388B063C5E}
Adobe Color Common Settings-->C:\Program Files\Fichiers communs\Adobe\Installers\6c8e2cb4fd241c55406016127a6ab2e\Setup.exe
Adobe Color Common Settings-->MsiExec.exe /I{6D4AC5A4-4CF9-4F90-8111-B9B53CE257BF}
Adobe Color EU Recommended Settings-->MsiExec.exe /I{73B5D990-04EA-4751-B10F-5534770B91F2}
Adobe Color JA Extra Settings-->MsiExec.exe /I{DD7DB3C5-6FA3-4FA3-8A71-C2F2940EB029}
Adobe Color NA Extra Settings-->MsiExec.exe /I{FF29A7E2-FF40-4D07-B7E4-2093DE59E10A}
Adobe Contribute CS3-->MsiExec.exe /I{F84ADE4E-9220-4324-994D-801EDD9DD251}
Adobe Creative Suite 3 Web Premium-->MsiExec.exe /I{69B6B4A5-1C4D-4F16-BB11-A4EB9A439116}
Adobe Default Language CS3-->MsiExec.exe /I{B9B35331-B7E4-4E5C-BF4C-7BC87856124D}
Adobe Device Central CS3-->MsiExec.exe /I{8D2BA474-F406-4710-9AE4-D4F22D21F0DD}
Adobe Dreamweaver CS3-->MsiExec.exe /I{4BDB76C6-902E-41D5-9064-68768E02886B}
Adobe ExtendScript Toolkit 2-->C:\Program Files\Fichiers communs\Adobe\Installers\3e054d2218e7aa282c2369d939e58ff\Setup.exe
Adobe ExtendScript Toolkit 2-->MsiExec.exe /I{24D7346D-D4B4-45E8-98EA-75EC14B42DD8}
Adobe Extension Manager CS3-->MsiExec.exe /I{BE5F3842-8309-4754-92D5-83E02E6077A3}
Adobe Fireworks CS3-->MsiExec.exe /I{21C4D775-368A-46C4-8DC3-4207165B7115}
Adobe Flash CS3-->MsiExec.exe /I{80FD3971-8482-49C8-BA8C-B6464A15882F}
Adobe Flash Player 9 ActiveX-->C:\WINDOWS\system32\Macromed\Flash\UninstFl.exe -q
Adobe Flash Player 9 ActiveX-->MsiExec.exe /X{BC4F8E84-5E29-49EC-B4E7-E6F9CB50986C}
Adobe Flash Player 9 Plugin-->MsiExec.exe /X{88D422DB-E9C7-4E16-9D80-2999F4FD6AD9}
Adobe Flash Player ActiveX-->C:\WINDOWS\system32\Macromed\Flash\uninstall_activeX.exe
Adobe Flash Video Encoder-->MsiExec.exe /I{1B0BCA28-1F11-4D60-8A2F-DEBE04B5341E}
Adobe Fonts All-->MsiExec.exe /I{6ABE0BEE-D572-4FE8-B434-9E72A289431B}
Adobe Help Viewer CS3-->MsiExec.exe /I{04AF207D-9A77-465A-8B76-991F6AB66245}
Adobe Illustrator CS3-->MsiExec.exe /I{6E08CE13-C2AB-4749-9335-5900B958929E}
Adobe Linguistics CS3-->MsiExec.exe /I{54793AA1-5001-42F4-ABB6-C364617C6078}
Adobe MotionPicture Color Files-->MsiExec.exe /I{6B708481-748A-4EB4-97C1-CD386244FF77}
Adobe PDF Library Files-->MsiExec.exe /I{D2559B88-CC9D-4B48-81BB-F492BAA9C48C}
Adobe Photoshop CS3-->MsiExec.exe /I{C1FA4B3B-1625-4922-9C9D-780E8FCE161A}
Adobe Reader 8 - Français-->MsiExec.exe /I{AC76BA86-7AD7-1036-7B44-A80000000002}
Adobe Setup-->MsiExec.exe /I{64C1FA9A-FA94-4B6E-B3E4-8573738E4AD1}
Adobe Setup-->MsiExec.exe /I{B3C02EC1-A7B0-4987-9A43-8789426AAA7D}
Adobe Setup-->MsiExec.exe /I{BE136F60-5D0F-4663-8B32-938A3EFD3FCB}
Adobe Stock Photos CS3-->MsiExec.exe /I{29E5EA97-5F74-4A57-B8B2-D4F169117183}
Adobe Type Support-->MsiExec.exe /I{8E6808E2-613D-4FCD-81A2-6C8FA8E03312}
Adobe Update Manager CS3-->MsiExec.exe /I{E69AE897-9E0B-485C-8552-7841F48D42D8}
Adobe Version Cue CS3 Client-->MsiExec.exe /I{D0DFF92A-492E-4C40-B862-A74A173C25C5}
Adobe Version Cue CS3 Server {ko_KR} -->MsiExec.exe /I{1D58229F-C505-45CA-8223-F35F3A34B963}
Adobe WAS CS3-->MsiExec.exe /I{C5BD220A-EFE8-48A5-B70E-9503D535FACE}
Adobe WinSoft Linguistics Plugin-->MsiExec.exe /I{184CE391-7E0E-4C63-9935-D7A10EDFD3C6}
Adobe XMP Panels CS3-->MsiExec.exe /I{802771A9-A856-4A41-ACF7-1450E523C923}
AHV content for Acrobat and Flash-->MsiExec.exe /I{6BBAA81D-6A7E-43AD-8889-2F002DCAAFDD}
AIDA32 v3.93-->"C:\Program Files\AIDA32 - Personal System Information\unins000.exe"
Ajouter ou supprimer Adobe Creative Suite 3 Web Premium-->C:\Program Files\Fichiers communs\Adobe\Installers\e7f691c6f2bf7b70c25ea19f3d73b6e\Setup.exe
AOL - Assistant de désinstallation-->C:\Program Files\Fichiers communs\AOL\uninstaller.exe
AOL Coach Version 1.0(Build:20040229.1 fr)-->"C:\Program Files\Fichiers communs\aolshare\Coach\AolCInUn.exe" -lang="fr-fr"
Archiveur WinRAR-->C:\Program Files\WinRAR\uninstall.exe
Assistant de connexion Windows Live-->MsiExec.exe /I{AFA4E5FD-ED70-4D92-99D0-162FD56DC986}
avast! Antivirus-->C:\Program Files\Alwil Software\Avast4\aswRunDll.exe "C:\Program Files\Alwil Software\Avast4\Setup\setiface.dll",RunSetup
BitComet 1.07-->C:\Program Files\BitComet\uninst.exe
Canon MP Navigator EX 1.0-->"C:\Program Files\Canon\MP Navigator EX 1.0\Maint.exe" /UninstallRemove C:\Program Files\Canon\MP Navigator EX 1.0\uninst.ini
Canon MP610 series-->"C:\WINDOWS\system32\CanonIJ Uninstaller Information\{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_MP610_series\DelDrv.exe" /U:{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_MP610_series /L0x000c
Canon My Printer-->C:\Program Files\Canon\MyPrinter\uninst.exe uninst.ini
Canon Utilities Easy-PhotoPrint EX-->C:\Program Files\Canon\Easy-PhotoPrint EX\uninst.exe uninst.ini
Canon Utilities Solution Menu-->C:\Program Files\Canon\SolutionMenu\uninst.exe uninst.ini
CCleaner (remove only)-->"C:\Program Files\CCleaner\uninst.exe"
CDDRV_Installer-->MsiExec.exe /I{0C826C5B-B131-423A-A229-C71B3CACCD6A}
CD-LabelPrint-->"C:\Program Files\Canon\CD-LabelPrint\Uninstal.exe" Canon.CDLabelPrint.Application
CleanUp!-->C:\Program Files\CleanUp!\uninstall.exe
ConTEXT-->"C:\Program Files\ConTEXT\unins000.exe"
Correctif pour Windows XP (KB952287)-->"C:\WINDOWS\$NtUninstallKB952287$\spuninst\spuninst.exe"
Correctif Windows XP - KB885295-->C:\WINDOWS\$NtUninstallKB885295$\spuninst\spuninst.exe
Dragon NaturallySpeaking 9-->MsiExec.exe /I{DDDD90B2-80F2-413A-8A8E-38C5076A7DBA}
DS-Monkey Audio Source 1.00-->"C:\Program Files\DS-Monkey Audio Source\Uninstall.exe"
Ecran de veille AOL Photos-->C:\Program Files\Fichiers communs\AOL\Screensaver\uninst_ygpss.exe
eMule-->"C:\Program Files\eMule\Uninstall.exe"
Enregistrement utilisateur de Canon MP610 series-->C:\Program Files\Canon\IJEREG\MP610 series\UNINST.EXE
File Uploader-->MsiExec.exe /X{237CD223-1B9D-47E8-A76C-E478B83CCEA2}
FileZilla (remove only)-->"C:\Program Files\FileZilla\uninstall.exe"
Gigabyte GN-WB01GS-->RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\PROFES~1\RunTime\10\00\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{81B02BCA-B12C-466A-9FD0-34D043A2873C}\Setup.exe" -l0x9 -removeonly
Gigabyte Raid Configurer-->RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\PROFES~1\RunTime\11\00\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{3A1B5D40-41E9-43FA-8C7B-A8667F5586EF}\setup.exe" -l0x40c -removeonly
High Definition Audio Driver Package - KB888111-->"C:\WINDOWS\$NtUninstallKB888111WXPSP2$\spuninst\spuninst.exe"
HijackThis 2.0.2-->"E:\Mes documents téléchargés\programme\HijackThis.exe" /uninstall
Hotfix for Windows XP (KB915865)-->"C:\WINDOWS\$NtUninstallKB915865$\spuninst\spuninst.exe"
Java(TM) 6 Update 11-->MsiExec.exe /X{26A24AE4-039D-4CA4-87B4-2F83216010FF}
Kaspersky Online Scanner-->C:\WINDOWS\system32\KASPER~1\KASPER~1\kavuninstall.exe
Kaspersky On-line Scanner-->C:\WINDOWS\system32\KASPER~1\KASPER~1\kavuninstall.exe
KhalInstallWrapper-->MsiExec.exe /I{3101CB58-3482-4D21-AF1A-7057FC935355}
K-Lite Codec Pack 4.2.5 (Full)-->"C:\Program Files\K-Lite Codec Pack\unins000.exe"
Language pack for Ad-Aware SE-->C:\PROGRA~1\Lavasoft\Ad-Aware\Plugins\Langs\UNWISE.EXE C:\PROGRA~1\Lavasoft\Ad-Aware\Plugins\Langs\INSTALL.LOG
Learn2 Player (Uninstall Only)-->C:\Program Files\Learn2.com\StRunner\stuninst.exe
Logitech Registration-->MsiExec.exe /I{3EE9BCAE-E9A9-45E5-9B1C-83A4D357E05C}
Logitech SetPoint-->C:\Program Files\InstallShield Installation Information\{F29B21BD-CAA6-445F-8EF7-A7E2B9D8B14E}\setup.exe -runfromtemp -l0x040c -removeonly
Malwarebytes' Anti-Malware-->"C:\Program Files\Malwarebytes' Anti-Malware\unins000.exe"
Messenger Plus! Live-->"C:\Program Files\Messenger Plus! Live\Uninstall.exe"
Microsoft .NET Framework 2.0-->C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\Microsoft .NET Framework 2.0\install.exe
Microsoft .NET Framework 3.0-->c:\WINDOWS\Microsoft.NET\Framework\v3.0\Microsoft .NET Framework 3.0\setup.exe
Microsoft .NET Framework 3.0-->MsiExec.exe /X{15095BF3-A3D7-4DDF-B193-3A496881E003}
Microsoft Internationalized Domain Names Mitigation APIs-->"C:\WINDOWS\$NtServicePackUninstallIDNMitigationAPIs$\spuninst\spuninst.exe"
Microsoft Kernel-Mode Driver Framework Feature Pack 1.5-->"C:\WINDOWS\$NtUninstallWdf01005$\spuninst\spuninst.exe"
Microsoft National Language Support Downlevel APIs-->"C:\WINDOWS\$NtServicePackUninstallNLSDownlevelMapping$\spuninst\spuninst.exe"
Microsoft Office Access MUI (French) 2007-->MsiExec.exe /X{90120000-0015-040C-0000-0000000FF1CE}
Microsoft Office Excel MUI (French) 2007-->MsiExec.exe /X{90120000-0016-040C-0000-0000000FF1CE}
Microsoft Office InfoPath MUI (French) 2007-->MsiExec.exe /X{90120000-0044-040C-0000-0000000FF1CE}
Microsoft Office Language Pack 2007 Service Pack 1 (SP1)-->msiexec /package {90120000-006E-040C-0000-0000000FF1CE} /uninstall {EC50B538-CBE1-42E6-B7FE-87AA540AADFB}
Microsoft Office Outlook MUI (French) 2007-->MsiExec.exe /X{90120000-001A-040C-0000-0000000FF1CE}
Microsoft Office PowerPoint MUI (French) 2007-->MsiExec.exe /X{90120000-0018-040C-0000-0000000FF1CE}
Microsoft Office Professional Plus 2007-->"C:\Program Files\Fichiers communs\Microsoft Shared\OFFICE12\Office Setup Controller\setup.exe" /uninstall PROPLUS /dll OSETUP.DLL
Microsoft Office Professional Plus 2007-->MsiExec.exe /X{90120000-0011-0000-0000-0000000FF1CE}
Microsoft Office Proof (Arabic) 2007-->MsiExec.exe /X{90120000-001F-0401-0000-0000000FF1CE}
Microsoft Office Proof (Dutch) 2007-->MsiExec.exe /X{90120000-001F-0413-0000-0000000FF1CE}
Microsoft Office Proof (English) 2007-->MsiExec.exe /X{90120000-001F-0409-0000-0000000FF1CE}
Microsoft Office Proof (French) 2007-->MsiExec.exe /X{90120000-001F-040C-0000-0000000FF1CE}
Microsoft Office Proof (German) 2007-->MsiExec.exe /X{90120000-001F-0407-0000-0000000FF1CE}
Microsoft Office Proof (Spanish) 2007-->MsiExec.exe /X{90120000-001F-0C0A-0000-0000000FF1CE}
Microsoft Office Proofing (French) 2007-->MsiExec.exe /X{90120000-002C-040C-0000-0000000FF1CE}
Microsoft Office Publisher MUI (French) 2007-->MsiExec.exe /X{90120000-0019-040C-0000-0000000FF1CE}
Microsoft Office Shared MUI (French) 2007-->MsiExec.exe /X{90120000-006E-040C-0000-0000000FF1CE}
Microsoft Office Word MUI (French) 2007-->MsiExec.exe /X{90120000-001B-040C-0000-0000000FF1CE}
Microsoft Visual C++ 2005 Redistributable-->MsiExec.exe /X{7299052b-02a4-4627-81f2-1818da5d550d}
Mindjet MindManager Pro 7-->MsiExec.exe /I{2ADCF2B3-9140-432D-86F5-8C5D101ABEE1}
Mindjet MindManager Viewer 7-->MsiExec.exe /X{701C0004-A082-429B-8B92-776AA7A929B6}
Mise à jour de sécurité pour Lecteur Windows Media (KB952069)-->"C:\WINDOWS\$NtUninstallKB952069_WM9$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows Internet Explorer 7 (KB938127)-->"C:\WINDOWS\ie7updates\KB938127-IE7\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows Internet Explorer 7 (KB938127-v2)-->"C:\WINDOWS\ie7updates\KB938127-v2-IE7\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB938464)-->"C:\WINDOWS\$NtUninstallKB938464$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB950760)-->"C:\WINDOWS\$NtUninstallKB950760$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB950762)-->"C:\WINDOWS\$NtUninstallKB950762$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB950974)-->"C:\WINDOWS\$NtUninstallKB950974$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB951066)-->"C:\WINDOWS\$NtUninstallKB951066$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB951376-v2)-->"C:\WINDOWS\$NtUninstallKB951376-v2$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB951698)-->"C:\WINDOWS\$NtUninstallKB951698$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB951748)-->"C:\WINDOWS\$NtUninstallKB951748$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB952954)-->"C:\WINDOWS\$NtUninstallKB952954$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB954211)-->"C:\WINDOWS\$NtUninstallKB954211$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB954600)-->"C:\WINDOWS\$NtUninstallKB954600$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB955069)-->"C:\WINDOWS\$NtUninstallKB955069$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB956802)-->"C:\WINDOWS\$NtUninstallKB956802$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB956803)-->"C:\WINDOWS\$NtUninstallKB956803$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB956841)-->"C:\WINDOWS\$NtUninstallKB956841$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB957097)-->"C:\WINDOWS\$NtUninstallKB957097$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB958644)-->"C:\WINDOWS\$NtUninstallKB958644$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB958687)-->"C:\WINDOWS\$NtUninstallKB958687$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB960715)-->"C:\WINDOWS\$NtUninstallKB960715$\spuninst\spuninst.exe"
Module de prise en charge linguistique de Microsoft .NET Framework 2.0 - FRA-->C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\Microsoft .NET Framework 2.0 Language Pack - FRA\install.exe
Mozilla Firefox (3.0.5)-->C:\Program Files\Mozilla Firefox\uninstall\helper.exe
Mozilla Firefox (3.0.6)-->C:\Program Files\Mozilla Firefox\uninstall\helper.exe
MS XML parser 4.0 sp2-->C:\WINDOWS\system32\unins000.exe
MSXML 4.0 SP2 (KB927978)-->MsiExec.exe /I{37477865-A3F1-4772-AD43-AAFC6BCFF99F}
MSXML 4.0 SP2 (KB954430)-->MsiExec.exe /I{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}
MSXML 6 Service Pack 2 (KB954459)-->MsiExec.exe /I{97AA1F3C-DD64-4AA6-AEC5-F8F9F4CC21C5}
MyProduct-->C:\Program Files\MyProduct\Uninstal.exe
Nero 9-->C:\Program Files\Fichiers communs\Nero\Nero ProductInstaller 4\SetupX.exe REMOVESERIALNUMBER="9M03-01A1-PCX7-K31A-8A94-98PT-KT2E-522A"
neroxml-->MsiExec.exe /I{56C049BE-79E9-4502-BEA7-9754A3E60F9B}
Neuf - Kit de connexion-->C:\Program Files\Neuf\Kit\uninstall.exe
Nielsen Online-->C:\PROGRA~1\NETRAT~1\NetSight\NSSetup.exe /uninstall
Nikon FotoShare-->C:\Program Files\Nikon\FotoShare\Uninstal.exe C:\PROGRA~1\Nikon\FOTOSH~1\INSTALL.LOG
Nikon Message Center-->MsiExec.exe /X{D2FCC1AE-6311-47C5-8130-C6C66D77DD71}
Olympus Digital Wave Player-->RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{FB91E774-867B-4567-ACE7-8144EF036068}\Setup.exe" -l0x40c
PDF Settings-->MsiExec.exe /I{AC5B0C19-D851-42F4-BDA0-410ECF7F70A5}
PDF-to-Word 2.5 Demo-->C:\PROGRA~1\BLUESQ~1\demos\UNWISE.EXE /U C:\PROGRA~1\BLUESQ~1\demos\pdf2word.log
PDF-XChange 3.0-->"C:\Program Files\Mindjet\MindManager 7\PDF-XChange\unins000.exe"
Pinnacle Studio 12-->MsiExec.exe /I{D041EB9E-890A-4098-8F94-51DA194AC72A}
RealPlayer Basic-->C:\Program Files\Fichiers communs\Real\Update\\rnuninst.exe RealNetworks|RealPlayer|6.0
REALTEK GbE & FE Ethernet PCI-E NIC Driver-->C:\Program Files\InstallShield Installation Information\{C9BED750-1211-4480-B1A5-718A3BE15525}\setup.exe -runfromtemp -l0x040c -removeonly
Realtek High Definition Audio Driver-->RtlUpd.exe -r -m -nrg2709
ScanSoft OmniPage SE 4-->MsiExec.exe /I{DEE88727-779B-47A9-ACEF-F87CA5F92A65}
Security Update for 2007 Microsoft Office System (KB951550)-->msiexec /package {90120000-0011-0000-0000-0000000FF1CE} /uninstall {B243E9A5-ED77-4F1B-B338-2486FD82DC85}
Security Update for 2007 Microsoft Office System (KB951944)-->msiexec /package {90120000-0011-0000-0000-0000000FF1CE} /uninstall {797AE457-BA17-4BBC-B501-25FB3A0103C7}
Security Update for 2007 Microsoft Office System (KB958439)-->msiexec /package {90120000-0011-0000-0000-0000000FF1CE} /uninstall {6491B8AA-D11C-4648-A461-6234B31EB7E2}
Security Update for CAPICOM (KB931906)-->MsiExec.exe /I{0EFDF2F9-836D-4EB7-A32D-038BD3F1FB2A}
Security Update for CAPICOM (KB931906)-->MsiExec.exe /X{0EFDF2F9-836D-4EB7-A32D-038BD3F1FB2A}
Security Update for Microsoft Office Excel 2007 (KB958437)-->msiexec /package {90120000-0011-0000-0000-0000000FF1CE} /uninstall {648FC016-2D6B-4A16-8D87-404533642F4B}
Security Update for Microsoft Office PowerPoint 2007 (KB951338)-->msiexec /package {90120000-0011-0000-0000-0000000FF1CE} /uninstall {558B709B-821B-4FC5-90FC-9A8890641E77}
Security Update for Microsoft Office Publisher 2007 (KB950114)-->msiexec /package {90120000-0011-0000-0000-0000000FF1CE} /uninstall {F9C3CDBA-1F00-4D4D-959D-75C9D3ACDD85}
Security Update for Microsoft Office system 2007 (KB954326)-->msiexec /package {90120000-0011-0000-0000-0000000FF1CE} /uninstall {5F7F6FFF-395D-480E-8450-64F385D82C5F}
Security Update for Microsoft Office system 2007 (KB956828)-->msiexec /package {90120000-0011-0000-0000-0000000FF1CE} /uninstall {885E081B-72BD-4E76-8E98-30B4BE468FAC}
Security Update for Microsoft Office Word 2007 (KB956358)-->msiexec /package {90120000-0011-0000-0000-0000000FF1CE} /uninstall {4551666D-0FD6-4C69-8A81-1C6F2E64517C}
SFR - Media Center-->C:\Program Files\SFR\Media Center\uninstall.exe
Sony Picture Utility-->C:\Program Files\InstallShield Installation Information\{D5068583-D569-468B-9755-5FBF5848F46F}\setup.exe -runfromtemp -l0x040c uninstall -removeonly
Spybot - Search & Destroy 1.4-->"C:\Program Files\Spybot - Search & Destroy\unins000.exe"
Thumbnail Selector-->MsiExec.exe /X{DD6967E0-904C-4394-A4AE-C2335E495933}
Tweak-XP Pro 4-->C:\WINDOWS\iun6002.exe "C:\Program Files\Tweak-XP Pro 4\irunin.ini"
Unlocker 1.8.6-->C:\Program Files\Unlocker\uninst.exe
Update for Microsoft Office Outlook 2007 (KB952142)-->msiexec /package {90120000-0011-0000-0000-0000000FF1CE} /uninstall {4AD3A076-427C-491F-A5B7-7D1DE788A756}
Update for Office 2007 (KB946691)-->msiexec /package {90120000-0011-0000-0000-0000000FF1CE} /uninstall {A420F522-7395-4872-9882-C591B4B92278}
Update for Outlook 2007 Junk Email Filter (kb959634)-->msiexec /package {90120000-0011-0000-0000-0000000FF1CE} /uninstall {50C77E2F-5C1C-467D-9BC8-3CA07D28C9F2}
VideoLAN VLC media player 0.8.6b-->C:\Program Files\VideoLAN\VLC\uninstall.exe
Viewpoint Media Player-->C:\Program Files\Viewpoint\Viewpoint Experience Technology\mtsAxInstaller.exe /u
VSO Media Player-->"C:\Program Files\vso\CopyToDVD\unins000.exe"
Winamp (remove only)-->"C:\Program Files\Winamp\UninstWA.exe"
Windows Communication Foundation-->MsiExec.exe /X{491DD792-AD81-429C-9EB4-86DD3D22E333}
Windows Imaging Component-->"C:\WINDOWS\$NtUninstallWIC$\spuninst\spuninst.exe"
Windows Internet Explorer 7-->"C:\WINDOWS\ie7\spuninst\spuninst.exe"
Windows Live installer-->MsiExec.exe /X{FD44E544-E7D0-4DBA-9FA0-8AE1A1300390}
Windows Live Messenger-->MsiExec.exe /X{BADF6744-3787-48F6-B8C9-4C4995401D65}
Windows Media Player Firefox Plugin-->MsiExec.exe /I{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}
Windows Presentation Foundation-->MsiExec.exe /X{BAF78226-3200-4DB4-BE33-4D922A799840}
Windows Workflow Foundation-->MsiExec.exe /I{7D1B85BD-AA07-48B8-808D-67A4067FC6BD}
WinZip 11.1-->MsiExec.exe /X{CD95F661-A5C4-44F5-A6AA-ECDD91C240B5}
=====HijackThis Backups=====
O4 - Global Startup: Lancement rapide d'Adobe Reader.lnk = C:\Program Files\Adobe\Reader 8.0\Reader\reader_sl.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O4 - HKUS\S-1-5-18\..\Run: [reader_s] C:\Documents and Settings\Profit\reader_s.exe (User 'SYSTEM')
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Fichiers communs\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [ISUSPM Startup] C:\PROGRA~1\FICHIE~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup
======Security center information======
AV: avast! antivirus 4.8.1296 [VPS 090215-0]
System event log
Computer Name: PROFITCORPO
Event Code: 7036
Message: Le service avast! Mail Scanner est entré dans l'état : en cours d'exécution.
Record Number: 10920
Source Name: Service Control Manager
Time Written: 20090204180618.000000+060
Event Type: Informations
User:
Computer Name: PROFITCORPO
Event Code: 7035
Message: Un contrôle Démarrer a correctement été envoyé au service avast! Mail Scanner.
Record Number: 10919
Source Name: Service Control Manager
Time Written: 20090204180618.000000+060
Event Type: Informations
User: AUTORITE NT\SYSTEM
Computer Name: PROFITCORPO
Event Code: 7036
Message: Le service Compatibilité avec le Changement rapide d'utilisateur est entré dans l'état : en cours d'exécution.
Record Number: 10918
Source Name: Service Control Manager
Time Written: 20090204180618.000000+060
Event Type: Informations
User:
Computer Name: PROFITCORPO
Event Code: 7035
Message: Un contrôle Démarrer a correctement été envoyé au service Compatibilité avec le Changement rapide d'utilisateur.
Record Number: 10917
Source Name: Service Control Manager
Time Written: 20090204180617.000000+060
Event Type: Informations
User: AUTORITE NT\SYSTEM
Computer Name: PROFITCORPO
Event Code: 7036
Message: Le service Services Terminal Server est entré dans l'état : en cours d'exécution.
Record Number: 10916
Source Name: Service Control Manager
Time Written: 20090204180617.000000+060
Event Type: Informations
User:
Application event log
Computer Name: PROFITCORPO
Event Code: 300
Message: MsnMsgr (1516) \\.\C:\Documents and Settings\Profit\Local Settings\Application Data\Microsoft\Messenger\houles81@aol.com\SharingMetadata\Working\database_6A14_EE5A_14EE_2931\dfsr.db: Le moteur de base de données initialise la procédure de récupération.
Record Number: 1045
Source Name: ESENT
Time Written: 20081203080449.000000+060
Event Type: Informations
User:
Computer Name: PROFITCORPO
Event Code: 102
Message: MsnMsgr (1516) \\.\C:\Documents and Settings\Profit\Local Settings\Application Data\Microsoft\Messenger\houles81@aol.com\SharingMetadata\Working\database_6A14_EE5A_14EE_2931\dfsr.db: Le moteur de base de données a démarré une nouvelle instance (0).
Record Number: 1044
Source Name: ESENT
Time Written: 20081203080448.000000+060
Event Type: Informations
User:
Computer Name: PROFITCORPO
Event Code: 100
Message: MsnMsgr (1516) Le moteur de base de données 5.01.2600.2780 est démarré.
Record Number: 1043
Source Name: ESENT
Time Written: 20081203080448.000000+060
Event Type: Informations
User:
Computer Name: PROFITCORPO
Event Code: 12001
Message: The Messenger Sharing USN Journal Reader service started successfully.
Record Number: 1042
Source Name: usnjsvc
Time Written: 20081203080445.000000+060
Event Type:
User:
Computer Name: PROFITCORPO
Event Code: 1800
Message: Le service Centre de sécurité Windows a démarré.
Record Number: 1041
Source Name: SecurityCenter
Time Written: 20081203080404.000000+060
Event Type: Informations
User:
======Environment variables======
"ComSpec"=%SystemRoot%\system32\cmd.exe
"Path"=%systemroot%\system32;%systemroot%;%systemroot%\system32\wbem;C:\Program Files\Pinnacle\Shared Files
"windir"=%SystemRoot%
"FP_NO_HOST_CHECK"=NO
"OS"=Windows_NT
"PROCESSOR_ARCHITECTURE"=x86
"PROCESSOR_LEVEL"=6
"PROCESSOR_IDENTIFIER"=x86 Family 6 Model 23 Stepping 6, GenuineIntel
"PROCESSOR_REVISION"=1706
"NUMBER_OF_PROCESSORS"=2
"PATHEXT"=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH
"TEMP"=%SystemRoot%\TEMP
"TMP"=%SystemRoot%\TEMP
"DEVMGR_SHOW_DETAILS"=1
-----------------EOF-----------------
======Uninstall list======
-->C:\Program Files\InstallShield Installation Information\{36C41D70-56F5-4E2B-81DA-6BEB7502D7A1}\setup.exe -runfromtemp -l0x040c /removeonly /uninstall -removeonly
-->C:\Program Files\InstallShield Installation Information\{B2C4A8C4-AA20-425D-9FEE-C78039238C81}\setup.exe -runfromtemp -l0x040c /removeonly /uninstall -removeonly
-->rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\PCHealth.inf
2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-0011-0000-0000-0000000FF1CE} /uninstall {BEE75E01-DD3F-4D5F-B96C-609E6538D419}
2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-0015-040C-0000-0000000FF1CE} /uninstall {A0353900-21A2-42CF-B973-883500A027F7}
2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-0016-040C-0000-0000000FF1CE} /uninstall {A0353900-21A2-42CF-B973-883500A027F7}
2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-0018-040C-0000-0000000FF1CE} /uninstall {A0353900-21A2-42CF-B973-883500A027F7}
2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-0019-040C-0000-0000000FF1CE} /uninstall {A0353900-21A2-42CF-B973-883500A027F7}
2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-001A-040C-0000-0000000FF1CE} /uninstall {A0353900-21A2-42CF-B973-883500A027F7}
2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-001B-040C-0000-0000000FF1CE} /uninstall {A0353900-21A2-42CF-B973-883500A027F7}
2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-001F-0401-0000-0000000FF1CE} /uninstall {5A2F65A4-808F-4A1E-973E-92E17824982D}
2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-001F-0407-0000-0000000FF1CE} /uninstall {2AB528A5-BB1B-4EBE-8E51-AD0C4CD33CA9}
2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-001F-0409-0000-0000000FF1CE} /uninstall {3EC77D26-799B-4CD8-914F-C1565E796173}
2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-001F-040C-0000-0000000FF1CE} /uninstall {430971B1-C31E-45DA-81E0-72C095BAB72C}
2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-001F-0413-0000-0000000FF1CE} /uninstall {B3F4DC34-7F60-4B7C-A79F-1C13012D99D4}
2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-001F-0C0A-0000-0000000FF1CE} /uninstall {F7A31780-33C4-4E39-951A-5EC9B91D7BF1}
2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-0044-040C-0000-0000000FF1CE} /uninstall {A0353900-21A2-42CF-B973-883500A027F7}
Able2Extract v6.0-->C:\Program Files\Investintech.com Inc\Able2Extract 6.0\Uninstal.exe
ACDSee 9 Photo Manager-->MsiExec.exe /I{B2D41883-3BFC-4BA0-A2F6-5A2C9836C238}
Ad-Aware-->MsiExec.exe /I{DED53B0B-B67C-4244-AE6A-D6FD3C28D1EF}
Adobe Anchor Service CS3-->MsiExec.exe /I{90176341-0A8B-4CCC-A78D-F862228A6B95}
Adobe Asset Services CS3-->MsiExec.exe /I{6FF5DD7A-FE28-4439-B8CF-1E9AF4EA0A61}
Adobe Bridge CS3-->MsiExec.exe /I{9C9824D9-9000-4373-A6A5-D0E5D4831394}
Adobe Bridge Start Meeting-->MsiExec.exe /I{08B32819-6EEF-4057-AEDA-5AB681A36A23}
Adobe BridgeTalk Plugin CS3-->MsiExec.exe /I{B73CFB12-C814-4638-AFFD-7E3AAFAF0B4E}
Adobe Camera Raw 4.0-->MsiExec.exe /I{B3BF6689-A81D-40D8-9A86-4AC4ACD9FC1C}
Adobe CMaps-->MsiExec.exe /I{A2B242BD-FF8D-4840-9DAA-9170EABEC59C}
Adobe Color - Photoshop Specific-->MsiExec.exe /I{A2D81E70-2A98-4A08-A628-94388B063C5E}
Adobe Color Common Settings-->C:\Program Files\Fichiers communs\Adobe\Installers\6c8e2cb4fd241c55406016127a6ab2e\Setup.exe
Adobe Color Common Settings-->MsiExec.exe /I{6D4AC5A4-4CF9-4F90-8111-B9B53CE257BF}
Adobe Color EU Recommended Settings-->MsiExec.exe /I{73B5D990-04EA-4751-B10F-5534770B91F2}
Adobe Color JA Extra Settings-->MsiExec.exe /I{DD7DB3C5-6FA3-4FA3-8A71-C2F2940EB029}
Adobe Color NA Extra Settings-->MsiExec.exe /I{FF29A7E2-FF40-4D07-B7E4-2093DE59E10A}
Adobe Contribute CS3-->MsiExec.exe /I{F84ADE4E-9220-4324-994D-801EDD9DD251}
Adobe Creative Suite 3 Web Premium-->MsiExec.exe /I{69B6B4A5-1C4D-4F16-BB11-A4EB9A439116}
Adobe Default Language CS3-->MsiExec.exe /I{B9B35331-B7E4-4E5C-BF4C-7BC87856124D}
Adobe Device Central CS3-->MsiExec.exe /I{8D2BA474-F406-4710-9AE4-D4F22D21F0DD}
Adobe Dreamweaver CS3-->MsiExec.exe /I{4BDB76C6-902E-41D5-9064-68768E02886B}
Adobe ExtendScript Toolkit 2-->C:\Program Files\Fichiers communs\Adobe\Installers\3e054d2218e7aa282c2369d939e58ff\Setup.exe
Adobe ExtendScript Toolkit 2-->MsiExec.exe /I{24D7346D-D4B4-45E8-98EA-75EC14B42DD8}
Adobe Extension Manager CS3-->MsiExec.exe /I{BE5F3842-8309-4754-92D5-83E02E6077A3}
Adobe Fireworks CS3-->MsiExec.exe /I{21C4D775-368A-46C4-8DC3-4207165B7115}
Adobe Flash CS3-->MsiExec.exe /I{80FD3971-8482-49C8-BA8C-B6464A15882F}
Adobe Flash Player 9 ActiveX-->C:\WINDOWS\system32\Macromed\Flash\UninstFl.exe -q
Adobe Flash Player 9 ActiveX-->MsiExec.exe /X{BC4F8E84-5E29-49EC-B4E7-E6F9CB50986C}
Adobe Flash Player 9 Plugin-->MsiExec.exe /X{88D422DB-E9C7-4E16-9D80-2999F4FD6AD9}
Adobe Flash Player ActiveX-->C:\WINDOWS\system32\Macromed\Flash\uninstall_activeX.exe
Adobe Flash Video Encoder-->MsiExec.exe /I{1B0BCA28-1F11-4D60-8A2F-DEBE04B5341E}
Adobe Fonts All-->MsiExec.exe /I{6ABE0BEE-D572-4FE8-B434-9E72A289431B}
Adobe Help Viewer CS3-->MsiExec.exe /I{04AF207D-9A77-465A-8B76-991F6AB66245}
Adobe Illustrator CS3-->MsiExec.exe /I{6E08CE13-C2AB-4749-9335-5900B958929E}
Adobe Linguistics CS3-->MsiExec.exe /I{54793AA1-5001-42F4-ABB6-C364617C6078}
Adobe MotionPicture Color Files-->MsiExec.exe /I{6B708481-748A-4EB4-97C1-CD386244FF77}
Adobe PDF Library Files-->MsiExec.exe /I{D2559B88-CC9D-4B48-81BB-F492BAA9C48C}
Adobe Photoshop CS3-->MsiExec.exe /I{C1FA4B3B-1625-4922-9C9D-780E8FCE161A}
Adobe Reader 8 - Français-->MsiExec.exe /I{AC76BA86-7AD7-1036-7B44-A80000000002}
Adobe Setup-->MsiExec.exe /I{64C1FA9A-FA94-4B6E-B3E4-8573738E4AD1}
Adobe Setup-->MsiExec.exe /I{B3C02EC1-A7B0-4987-9A43-8789426AAA7D}
Adobe Setup-->MsiExec.exe /I{BE136F60-5D0F-4663-8B32-938A3EFD3FCB}
Adobe Stock Photos CS3-->MsiExec.exe /I{29E5EA97-5F74-4A57-B8B2-D4F169117183}
Adobe Type Support-->MsiExec.exe /I{8E6808E2-613D-4FCD-81A2-6C8FA8E03312}
Adobe Update Manager CS3-->MsiExec.exe /I{E69AE897-9E0B-485C-8552-7841F48D42D8}
Adobe Version Cue CS3 Client-->MsiExec.exe /I{D0DFF92A-492E-4C40-B862-A74A173C25C5}
Adobe Version Cue CS3 Server {ko_KR} -->MsiExec.exe /I{1D58229F-C505-45CA-8223-F35F3A34B963}
Adobe WAS CS3-->MsiExec.exe /I{C5BD220A-EFE8-48A5-B70E-9503D535FACE}
Adobe WinSoft Linguistics Plugin-->MsiExec.exe /I{184CE391-7E0E-4C63-9935-D7A10EDFD3C6}
Adobe XMP Panels CS3-->MsiExec.exe /I{802771A9-A856-4A41-ACF7-1450E523C923}
AHV content for Acrobat and Flash-->MsiExec.exe /I{6BBAA81D-6A7E-43AD-8889-2F002DCAAFDD}
AIDA32 v3.93-->"C:\Program Files\AIDA32 - Personal System Information\unins000.exe"
Ajouter ou supprimer Adobe Creative Suite 3 Web Premium-->C:\Program Files\Fichiers communs\Adobe\Installers\e7f691c6f2bf7b70c25ea19f3d73b6e\Setup.exe
AOL - Assistant de désinstallation-->C:\Program Files\Fichiers communs\AOL\uninstaller.exe
AOL Coach Version 1.0(Build:20040229.1 fr)-->"C:\Program Files\Fichiers communs\aolshare\Coach\AolCInUn.exe" -lang="fr-fr"
Archiveur WinRAR-->C:\Program Files\WinRAR\uninstall.exe
Assistant de connexion Windows Live-->MsiExec.exe /I{AFA4E5FD-ED70-4D92-99D0-162FD56DC986}
avast! Antivirus-->C:\Program Files\Alwil Software\Avast4\aswRunDll.exe "C:\Program Files\Alwil Software\Avast4\Setup\setiface.dll",RunSetup
BitComet 1.07-->C:\Program Files\BitComet\uninst.exe
Canon MP Navigator EX 1.0-->"C:\Program Files\Canon\MP Navigator EX 1.0\Maint.exe" /UninstallRemove C:\Program Files\Canon\MP Navigator EX 1.0\uninst.ini
Canon MP610 series-->"C:\WINDOWS\system32\CanonIJ Uninstaller Information\{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_MP610_series\DelDrv.exe" /U:{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_MP610_series /L0x000c
Canon My Printer-->C:\Program Files\Canon\MyPrinter\uninst.exe uninst.ini
Canon Utilities Easy-PhotoPrint EX-->C:\Program Files\Canon\Easy-PhotoPrint EX\uninst.exe uninst.ini
Canon Utilities Solution Menu-->C:\Program Files\Canon\SolutionMenu\uninst.exe uninst.ini
CCleaner (remove only)-->"C:\Program Files\CCleaner\uninst.exe"
CDDRV_Installer-->MsiExec.exe /I{0C826C5B-B131-423A-A229-C71B3CACCD6A}
CD-LabelPrint-->"C:\Program Files\Canon\CD-LabelPrint\Uninstal.exe" Canon.CDLabelPrint.Application
CleanUp!-->C:\Program Files\CleanUp!\uninstall.exe
ConTEXT-->"C:\Program Files\ConTEXT\unins000.exe"
Correctif pour Windows XP (KB952287)-->"C:\WINDOWS\$NtUninstallKB952287$\spuninst\spuninst.exe"
Correctif Windows XP - KB885295-->C:\WINDOWS\$NtUninstallKB885295$\spuninst\spuninst.exe
Dragon NaturallySpeaking 9-->MsiExec.exe /I{DDDD90B2-80F2-413A-8A8E-38C5076A7DBA}
DS-Monkey Audio Source 1.00-->"C:\Program Files\DS-Monkey Audio Source\Uninstall.exe"
Ecran de veille AOL Photos-->C:\Program Files\Fichiers communs\AOL\Screensaver\uninst_ygpss.exe
eMule-->"C:\Program Files\eMule\Uninstall.exe"
Enregistrement utilisateur de Canon MP610 series-->C:\Program Files\Canon\IJEREG\MP610 series\UNINST.EXE
File Uploader-->MsiExec.exe /X{237CD223-1B9D-47E8-A76C-E478B83CCEA2}
FileZilla (remove only)-->"C:\Program Files\FileZilla\uninstall.exe"
Gigabyte GN-WB01GS-->RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\PROFES~1\RunTime\10\00\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{81B02BCA-B12C-466A-9FD0-34D043A2873C}\Setup.exe" -l0x9 -removeonly
Gigabyte Raid Configurer-->RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\PROFES~1\RunTime\11\00\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{3A1B5D40-41E9-43FA-8C7B-A8667F5586EF}\setup.exe" -l0x40c -removeonly
High Definition Audio Driver Package - KB888111-->"C:\WINDOWS\$NtUninstallKB888111WXPSP2$\spuninst\spuninst.exe"
HijackThis 2.0.2-->"E:\Mes documents téléchargés\programme\HijackThis.exe" /uninstall
Hotfix for Windows XP (KB915865)-->"C:\WINDOWS\$NtUninstallKB915865$\spuninst\spuninst.exe"
Java(TM) 6 Update 11-->MsiExec.exe /X{26A24AE4-039D-4CA4-87B4-2F83216010FF}
Kaspersky Online Scanner-->C:\WINDOWS\system32\KASPER~1\KASPER~1\kavuninstall.exe
Kaspersky On-line Scanner-->C:\WINDOWS\system32\KASPER~1\KASPER~1\kavuninstall.exe
KhalInstallWrapper-->MsiExec.exe /I{3101CB58-3482-4D21-AF1A-7057FC935355}
K-Lite Codec Pack 4.2.5 (Full)-->"C:\Program Files\K-Lite Codec Pack\unins000.exe"
Language pack for Ad-Aware SE-->C:\PROGRA~1\Lavasoft\Ad-Aware\Plugins\Langs\UNWISE.EXE C:\PROGRA~1\Lavasoft\Ad-Aware\Plugins\Langs\INSTALL.LOG
Learn2 Player (Uninstall Only)-->C:\Program Files\Learn2.com\StRunner\stuninst.exe
Logitech Registration-->MsiExec.exe /I{3EE9BCAE-E9A9-45E5-9B1C-83A4D357E05C}
Logitech SetPoint-->C:\Program Files\InstallShield Installation Information\{F29B21BD-CAA6-445F-8EF7-A7E2B9D8B14E}\setup.exe -runfromtemp -l0x040c -removeonly
Malwarebytes' Anti-Malware-->"C:\Program Files\Malwarebytes' Anti-Malware\unins000.exe"
Messenger Plus! Live-->"C:\Program Files\Messenger Plus! Live\Uninstall.exe"
Microsoft .NET Framework 2.0-->C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\Microsoft .NET Framework 2.0\install.exe
Microsoft .NET Framework 3.0-->c:\WINDOWS\Microsoft.NET\Framework\v3.0\Microsoft .NET Framework 3.0\setup.exe
Microsoft .NET Framework 3.0-->MsiExec.exe /X{15095BF3-A3D7-4DDF-B193-3A496881E003}
Microsoft Internationalized Domain Names Mitigation APIs-->"C:\WINDOWS\$NtServicePackUninstallIDNMitigationAPIs$\spuninst\spuninst.exe"
Microsoft Kernel-Mode Driver Framework Feature Pack 1.5-->"C:\WINDOWS\$NtUninstallWdf01005$\spuninst\spuninst.exe"
Microsoft National Language Support Downlevel APIs-->"C:\WINDOWS\$NtServicePackUninstallNLSDownlevelMapping$\spuninst\spuninst.exe"
Microsoft Office Access MUI (French) 2007-->MsiExec.exe /X{90120000-0015-040C-0000-0000000FF1CE}
Microsoft Office Excel MUI (French) 2007-->MsiExec.exe /X{90120000-0016-040C-0000-0000000FF1CE}
Microsoft Office InfoPath MUI (French) 2007-->MsiExec.exe /X{90120000-0044-040C-0000-0000000FF1CE}
Microsoft Office Language Pack 2007 Service Pack 1 (SP1)-->msiexec /package {90120000-006E-040C-0000-0000000FF1CE} /uninstall {EC50B538-CBE1-42E6-B7FE-87AA540AADFB}
Microsoft Office Outlook MUI (French) 2007-->MsiExec.exe /X{90120000-001A-040C-0000-0000000FF1CE}
Microsoft Office PowerPoint MUI (French) 2007-->MsiExec.exe /X{90120000-0018-040C-0000-0000000FF1CE}
Microsoft Office Professional Plus 2007-->"C:\Program Files\Fichiers communs\Microsoft Shared\OFFICE12\Office Setup Controller\setup.exe" /uninstall PROPLUS /dll OSETUP.DLL
Microsoft Office Professional Plus 2007-->MsiExec.exe /X{90120000-0011-0000-0000-0000000FF1CE}
Microsoft Office Proof (Arabic) 2007-->MsiExec.exe /X{90120000-001F-0401-0000-0000000FF1CE}
Microsoft Office Proof (Dutch) 2007-->MsiExec.exe /X{90120000-001F-0413-0000-0000000FF1CE}
Microsoft Office Proof (English) 2007-->MsiExec.exe /X{90120000-001F-0409-0000-0000000FF1CE}
Microsoft Office Proof (French) 2007-->MsiExec.exe /X{90120000-001F-040C-0000-0000000FF1CE}
Microsoft Office Proof (German) 2007-->MsiExec.exe /X{90120000-001F-0407-0000-0000000FF1CE}
Microsoft Office Proof (Spanish) 2007-->MsiExec.exe /X{90120000-001F-0C0A-0000-0000000FF1CE}
Microsoft Office Proofing (French) 2007-->MsiExec.exe /X{90120000-002C-040C-0000-0000000FF1CE}
Microsoft Office Publisher MUI (French) 2007-->MsiExec.exe /X{90120000-0019-040C-0000-0000000FF1CE}
Microsoft Office Shared MUI (French) 2007-->MsiExec.exe /X{90120000-006E-040C-0000-0000000FF1CE}
Microsoft Office Word MUI (French) 2007-->MsiExec.exe /X{90120000-001B-040C-0000-0000000FF1CE}
Microsoft Visual C++ 2005 Redistributable-->MsiExec.exe /X{7299052b-02a4-4627-81f2-1818da5d550d}
Mindjet MindManager Pro 7-->MsiExec.exe /I{2ADCF2B3-9140-432D-86F5-8C5D101ABEE1}
Mindjet MindManager Viewer 7-->MsiExec.exe /X{701C0004-A082-429B-8B92-776AA7A929B6}
Mise à jour de sécurité pour Lecteur Windows Media (KB952069)-->"C:\WINDOWS\$NtUninstallKB952069_WM9$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows Internet Explorer 7 (KB938127)-->"C:\WINDOWS\ie7updates\KB938127-IE7\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows Internet Explorer 7 (KB938127-v2)-->"C:\WINDOWS\ie7updates\KB938127-v2-IE7\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB938464)-->"C:\WINDOWS\$NtUninstallKB938464$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB950760)-->"C:\WINDOWS\$NtUninstallKB950760$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB950762)-->"C:\WINDOWS\$NtUninstallKB950762$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB950974)-->"C:\WINDOWS\$NtUninstallKB950974$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB951066)-->"C:\WINDOWS\$NtUninstallKB951066$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB951376-v2)-->"C:\WINDOWS\$NtUninstallKB951376-v2$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB951698)-->"C:\WINDOWS\$NtUninstallKB951698$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB951748)-->"C:\WINDOWS\$NtUninstallKB951748$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB952954)-->"C:\WINDOWS\$NtUninstallKB952954$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB954211)-->"C:\WINDOWS\$NtUninstallKB954211$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB954600)-->"C:\WINDOWS\$NtUninstallKB954600$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB955069)-->"C:\WINDOWS\$NtUninstallKB955069$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB956802)-->"C:\WINDOWS\$NtUninstallKB956802$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB956803)-->"C:\WINDOWS\$NtUninstallKB956803$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB956841)-->"C:\WINDOWS\$NtUninstallKB956841$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB957097)-->"C:\WINDOWS\$NtUninstallKB957097$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB958644)-->"C:\WINDOWS\$NtUninstallKB958644$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB958687)-->"C:\WINDOWS\$NtUninstallKB958687$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB960715)-->"C:\WINDOWS\$NtUninstallKB960715$\spuninst\spuninst.exe"
Module de prise en charge linguistique de Microsoft .NET Framework 2.0 - FRA-->C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\Microsoft .NET Framework 2.0 Language Pack - FRA\install.exe
Mozilla Firefox (3.0.5)-->C:\Program Files\Mozilla Firefox\uninstall\helper.exe
Mozilla Firefox (3.0.6)-->C:\Program Files\Mozilla Firefox\uninstall\helper.exe
MS XML parser 4.0 sp2-->C:\WINDOWS\system32\unins000.exe
MSXML 4.0 SP2 (KB927978)-->MsiExec.exe /I{37477865-A3F1-4772-AD43-AAFC6BCFF99F}
MSXML 4.0 SP2 (KB954430)-->MsiExec.exe /I{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}
MSXML 6 Service Pack 2 (KB954459)-->MsiExec.exe /I{97AA1F3C-DD64-4AA6-AEC5-F8F9F4CC21C5}
MyProduct-->C:\Program Files\MyProduct\Uninstal.exe
Nero 9-->C:\Program Files\Fichiers communs\Nero\Nero ProductInstaller 4\SetupX.exe REMOVESERIALNUMBER="9M03-01A1-PCX7-K31A-8A94-98PT-KT2E-522A"
neroxml-->MsiExec.exe /I{56C049BE-79E9-4502-BEA7-9754A3E60F9B}
Neuf - Kit de connexion-->C:\Program Files\Neuf\Kit\uninstall.exe
Nielsen Online-->C:\PROGRA~1\NETRAT~1\NetSight\NSSetup.exe /uninstall
Nikon FotoShare-->C:\Program Files\Nikon\FotoShare\Uninstal.exe C:\PROGRA~1\Nikon\FOTOSH~1\INSTALL.LOG
Nikon Message Center-->MsiExec.exe /X{D2FCC1AE-6311-47C5-8130-C6C66D77DD71}
Olympus Digital Wave Player-->RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{FB91E774-867B-4567-ACE7-8144EF036068}\Setup.exe" -l0x40c
PDF Settings-->MsiExec.exe /I{AC5B0C19-D851-42F4-BDA0-410ECF7F70A5}
PDF-to-Word 2.5 Demo-->C:\PROGRA~1\BLUESQ~1\demos\UNWISE.EXE /U C:\PROGRA~1\BLUESQ~1\demos\pdf2word.log
PDF-XChange 3.0-->"C:\Program Files\Mindjet\MindManager 7\PDF-XChange\unins000.exe"
Pinnacle Studio 12-->MsiExec.exe /I{D041EB9E-890A-4098-8F94-51DA194AC72A}
RealPlayer Basic-->C:\Program Files\Fichiers communs\Real\Update\\rnuninst.exe RealNetworks|RealPlayer|6.0
REALTEK GbE & FE Ethernet PCI-E NIC Driver-->C:\Program Files\InstallShield Installation Information\{C9BED750-1211-4480-B1A5-718A3BE15525}\setup.exe -runfromtemp -l0x040c -removeonly
Realtek High Definition Audio Driver-->RtlUpd.exe -r -m -nrg2709
ScanSoft OmniPage SE 4-->MsiExec.exe /I{DEE88727-779B-47A9-ACEF-F87CA5F92A65}
Security Update for 2007 Microsoft Office System (KB951550)-->msiexec /package {90120000-0011-0000-0000-0000000FF1CE} /uninstall {B243E9A5-ED77-4F1B-B338-2486FD82DC85}
Security Update for 2007 Microsoft Office System (KB951944)-->msiexec /package {90120000-0011-0000-0000-0000000FF1CE} /uninstall {797AE457-BA17-4BBC-B501-25FB3A0103C7}
Security Update for 2007 Microsoft Office System (KB958439)-->msiexec /package {90120000-0011-0000-0000-0000000FF1CE} /uninstall {6491B8AA-D11C-4648-A461-6234B31EB7E2}
Security Update for CAPICOM (KB931906)-->MsiExec.exe /I{0EFDF2F9-836D-4EB7-A32D-038BD3F1FB2A}
Security Update for CAPICOM (KB931906)-->MsiExec.exe /X{0EFDF2F9-836D-4EB7-A32D-038BD3F1FB2A}
Security Update for Microsoft Office Excel 2007 (KB958437)-->msiexec /package {90120000-0011-0000-0000-0000000FF1CE} /uninstall {648FC016-2D6B-4A16-8D87-404533642F4B}
Security Update for Microsoft Office PowerPoint 2007 (KB951338)-->msiexec /package {90120000-0011-0000-0000-0000000FF1CE} /uninstall {558B709B-821B-4FC5-90FC-9A8890641E77}
Security Update for Microsoft Office Publisher 2007 (KB950114)-->msiexec /package {90120000-0011-0000-0000-0000000FF1CE} /uninstall {F9C3CDBA-1F00-4D4D-959D-75C9D3ACDD85}
Security Update for Microsoft Office system 2007 (KB954326)-->msiexec /package {90120000-0011-0000-0000-0000000FF1CE} /uninstall {5F7F6FFF-395D-480E-8450-64F385D82C5F}
Security Update for Microsoft Office system 2007 (KB956828)-->msiexec /package {90120000-0011-0000-0000-0000000FF1CE} /uninstall {885E081B-72BD-4E76-8E98-30B4BE468FAC}
Security Update for Microsoft Office Word 2007 (KB956358)-->msiexec /package {90120000-0011-0000-0000-0000000FF1CE} /uninstall {4551666D-0FD6-4C69-8A81-1C6F2E64517C}
SFR - Media Center-->C:\Program Files\SFR\Media Center\uninstall.exe
Sony Picture Utility-->C:\Program Files\InstallShield Installation Information\{D5068583-D569-468B-9755-5FBF5848F46F}\setup.exe -runfromtemp -l0x040c uninstall -removeonly
Spybot - Search & Destroy 1.4-->"C:\Program Files\Spybot - Search & Destroy\unins000.exe"
Thumbnail Selector-->MsiExec.exe /X{DD6967E0-904C-4394-A4AE-C2335E495933}
Tweak-XP Pro 4-->C:\WINDOWS\iun6002.exe "C:\Program Files\Tweak-XP Pro 4\irunin.ini"
Unlocker 1.8.6-->C:\Program Files\Unlocker\uninst.exe
Update for Microsoft Office Outlook 2007 (KB952142)-->msiexec /package {90120000-0011-0000-0000-0000000FF1CE} /uninstall {4AD3A076-427C-491F-A5B7-7D1DE788A756}
Update for Office 2007 (KB946691)-->msiexec /package {90120000-0011-0000-0000-0000000FF1CE} /uninstall {A420F522-7395-4872-9882-C591B4B92278}
Update for Outlook 2007 Junk Email Filter (kb959634)-->msiexec /package {90120000-0011-0000-0000-0000000FF1CE} /uninstall {50C77E2F-5C1C-467D-9BC8-3CA07D28C9F2}
VideoLAN VLC media player 0.8.6b-->C:\Program Files\VideoLAN\VLC\uninstall.exe
Viewpoint Media Player-->C:\Program Files\Viewpoint\Viewpoint Experience Technology\mtsAxInstaller.exe /u
VSO Media Player-->"C:\Program Files\vso\CopyToDVD\unins000.exe"
Winamp (remove only)-->"C:\Program Files\Winamp\UninstWA.exe"
Windows Communication Foundation-->MsiExec.exe /X{491DD792-AD81-429C-9EB4-86DD3D22E333}
Windows Imaging Component-->"C:\WINDOWS\$NtUninstallWIC$\spuninst\spuninst.exe"
Windows Internet Explorer 7-->"C:\WINDOWS\ie7\spuninst\spuninst.exe"
Windows Live installer-->MsiExec.exe /X{FD44E544-E7D0-4DBA-9FA0-8AE1A1300390}
Windows Live Messenger-->MsiExec.exe /X{BADF6744-3787-48F6-B8C9-4C4995401D65}
Windows Media Player Firefox Plugin-->MsiExec.exe /I{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}
Windows Presentation Foundation-->MsiExec.exe /X{BAF78226-3200-4DB4-BE33-4D922A799840}
Windows Workflow Foundation-->MsiExec.exe /I{7D1B85BD-AA07-48B8-808D-67A4067FC6BD}
WinZip 11.1-->MsiExec.exe /X{CD95F661-A5C4-44F5-A6AA-ECDD91C240B5}
=====HijackThis Backups=====
O4 - Global Startup: Lancement rapide d'Adobe Reader.lnk = C:\Program Files\Adobe\Reader 8.0\Reader\reader_sl.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O4 - HKUS\S-1-5-18\..\Run: [reader_s] C:\Documents and Settings\Profit\reader_s.exe (User 'SYSTEM')
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Fichiers communs\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [ISUSPM Startup] C:\PROGRA~1\FICHIE~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup
======Security center information======
AV: avast! antivirus 4.8.1296 [VPS 090215-0]
System event log
Computer Name: PROFITCORPO
Event Code: 7036
Message: Le service avast! Mail Scanner est entré dans l'état : en cours d'exécution.
Record Number: 10920
Source Name: Service Control Manager
Time Written: 20090204180618.000000+060
Event Type: Informations
User:
Computer Name: PROFITCORPO
Event Code: 7035
Message: Un contrôle Démarrer a correctement été envoyé au service avast! Mail Scanner.
Record Number: 10919
Source Name: Service Control Manager
Time Written: 20090204180618.000000+060
Event Type: Informations
User: AUTORITE NT\SYSTEM
Computer Name: PROFITCORPO
Event Code: 7036
Message: Le service Compatibilité avec le Changement rapide d'utilisateur est entré dans l'état : en cours d'exécution.
Record Number: 10918
Source Name: Service Control Manager
Time Written: 20090204180618.000000+060
Event Type: Informations
User:
Computer Name: PROFITCORPO
Event Code: 7035
Message: Un contrôle Démarrer a correctement été envoyé au service Compatibilité avec le Changement rapide d'utilisateur.
Record Number: 10917
Source Name: Service Control Manager
Time Written: 20090204180617.000000+060
Event Type: Informations
User: AUTORITE NT\SYSTEM
Computer Name: PROFITCORPO
Event Code: 7036
Message: Le service Services Terminal Server est entré dans l'état : en cours d'exécution.
Record Number: 10916
Source Name: Service Control Manager
Time Written: 20090204180617.000000+060
Event Type: Informations
User:
Application event log
Computer Name: PROFITCORPO
Event Code: 300
Message: MsnMsgr (1516) \\.\C:\Documents and Settings\Profit\Local Settings\Application Data\Microsoft\Messenger\houles81@aol.com\SharingMetadata\Working\database_6A14_EE5A_14EE_2931\dfsr.db: Le moteur de base de données initialise la procédure de récupération.
Record Number: 1045
Source Name: ESENT
Time Written: 20081203080449.000000+060
Event Type: Informations
User:
Computer Name: PROFITCORPO
Event Code: 102
Message: MsnMsgr (1516) \\.\C:\Documents and Settings\Profit\Local Settings\Application Data\Microsoft\Messenger\houles81@aol.com\SharingMetadata\Working\database_6A14_EE5A_14EE_2931\dfsr.db: Le moteur de base de données a démarré une nouvelle instance (0).
Record Number: 1044
Source Name: ESENT
Time Written: 20081203080448.000000+060
Event Type: Informations
User:
Computer Name: PROFITCORPO
Event Code: 100
Message: MsnMsgr (1516) Le moteur de base de données 5.01.2600.2780 est démarré.
Record Number: 1043
Source Name: ESENT
Time Written: 20081203080448.000000+060
Event Type: Informations
User:
Computer Name: PROFITCORPO
Event Code: 12001
Message: The Messenger Sharing USN Journal Reader service started successfully.
Record Number: 1042
Source Name: usnjsvc
Time Written: 20081203080445.000000+060
Event Type:
User:
Computer Name: PROFITCORPO
Event Code: 1800
Message: Le service Centre de sécurité Windows a démarré.
Record Number: 1041
Source Name: SecurityCenter
Time Written: 20081203080404.000000+060
Event Type: Informations
User:
======Environment variables======
"ComSpec"=%SystemRoot%\system32\cmd.exe
"Path"=%systemroot%\system32;%systemroot%;%systemroot%\system32\wbem;C:\Program Files\Pinnacle\Shared Files
"windir"=%SystemRoot%
"FP_NO_HOST_CHECK"=NO
"OS"=Windows_NT
"PROCESSOR_ARCHITECTURE"=x86
"PROCESSOR_LEVEL"=6
"PROCESSOR_IDENTIFIER"=x86 Family 6 Model 23 Stepping 6, GenuineIntel
"PROCESSOR_REVISION"=1706
"NUMBER_OF_PROCESSORS"=2
"PATHEXT"=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH
"TEMP"=%SystemRoot%\TEMP
"TMP"=%SystemRoot%\TEMP
"DEVMGR_SHOW_DETAILS"=1
-----------------EOF-----------------
Vloilà quez SFR m'appelle pour m'informer que j'envois des spams à des milliers de personnes.et me font installer F secure
tu as mis F SECURE???
_________________
analyse ces deux fichiers sur virus total et si infectés tu les rajoutes dans la partie files:: de la procedure
https://www.virustotal.com/gui/
C:\WINDOWS\nswatchdog.exe
C:\Program Files\NetRatingsNetSight
________________
Ferme tous tes navigateurs (donc copie ou imprime les instructions avant)
Crée un nouveau document texte : clic droit de souris sur le bureau > Nouveau > Document Texte, et copie dedans les lignes suivantes :
File::
C:\WINDOWS\system32\drivers\ethoqjlm.sys
C:\WINDOWS\System32\Drivers\dtscsi.sys
C:\WINDOWS\gdrv.sys
C:\WINDOWS\system32\drivers\restore.sys
c:\windows\system32\A.tmp
c:\windows\system32\9.tmp
c:\windows\system\xccef090131.exe
c:\windows\system32\11.tmp
c:\windows\system32\drivers\nnrnstdi.sys
c:\windows\system32\D.tmp
c:\windows\system32\E.tmp
Drivers::
ethoqjlm
gdrv
dtscsi
restore
nnrnstdi
Enregistre ce fichier sous le nom CFscript
Fait un glisser/déposer de ce fichier CFscrïpt sur le fichier ComboFix.exe
Clique sur le fichier CFScript, maintient le doigt enfoncé et glisse la souris pour que l'icône du CFScript vienne recouvrir l'icône de Combofix. Relache la souris. Combofix va démarrer.
Une fenêtre bleue va apparaître: au message qui apparaît ( Type 1 to continue, or 2 to abort) , tape 1 puis valide.
Patiente le temps du scan.Le bureau va disparaître à plusieurs reprises: c'est normal!
Ne touche à rien tant que le scan n'est pas terminé.
Une fois le scan achevé, un rapport va s'afficher: poste son contenu.
Si le fichier ne s'ouvre pas, il se trouve ici > C:\ComboFix.txt
___________________________
repare windows:
https://www.pcastuces.com/pratique/windows/xp/default.htm
___________________________
colle le rapport d'un scan en ligne
avec un des suivants:
bitdefender en ligne :
http://www.bitdefender.fr/scan_fr/scan8/ie.html
Panda en ligne :
http://pandasoftware.fr
Kaspersky en ligne
https://www.kaspersky.fr/?domain=webscanner.kaspersky.fr
_________________
analyse ces deux fichiers sur virus total et si infectés tu les rajoutes dans la partie files:: de la procedure
https://www.virustotal.com/gui/
C:\WINDOWS\nswatchdog.exe
C:\Program Files\NetRatingsNetSight
________________
Ferme tous tes navigateurs (donc copie ou imprime les instructions avant)
Crée un nouveau document texte : clic droit de souris sur le bureau > Nouveau > Document Texte, et copie dedans les lignes suivantes :
File::
C:\WINDOWS\system32\drivers\ethoqjlm.sys
C:\WINDOWS\System32\Drivers\dtscsi.sys
C:\WINDOWS\gdrv.sys
C:\WINDOWS\system32\drivers\restore.sys
c:\windows\system32\A.tmp
c:\windows\system32\9.tmp
c:\windows\system\xccef090131.exe
c:\windows\system32\11.tmp
c:\windows\system32\drivers\nnrnstdi.sys
c:\windows\system32\D.tmp
c:\windows\system32\E.tmp
Drivers::
ethoqjlm
gdrv
dtscsi
restore
nnrnstdi
Enregistre ce fichier sous le nom CFscript
Fait un glisser/déposer de ce fichier CFscrïpt sur le fichier ComboFix.exe
Clique sur le fichier CFScript, maintient le doigt enfoncé et glisse la souris pour que l'icône du CFScript vienne recouvrir l'icône de Combofix. Relache la souris. Combofix va démarrer.
Une fenêtre bleue va apparaître: au message qui apparaît ( Type 1 to continue, or 2 to abort) , tape 1 puis valide.
Patiente le temps du scan.Le bureau va disparaître à plusieurs reprises: c'est normal!
Ne touche à rien tant que le scan n'est pas terminé.
Une fois le scan achevé, un rapport va s'afficher: poste son contenu.
Si le fichier ne s'ouvre pas, il se trouve ici > C:\ComboFix.txt
___________________________
repare windows:
https://www.pcastuces.com/pratique/windows/xp/default.htm
___________________________
colle le rapport d'un scan en ligne
avec un des suivants:
bitdefender en ligne :
http://www.bitdefender.fr/scan_fr/scan8/ie.html
Panda en ligne :
http://pandasoftware.fr
Kaspersky en ligne
https://www.kaspersky.fr/?domain=webscanner.kaspersky.fr
